Skip to content

Bulk install the extension using Active Directory GPO

You can use Active Directory GPO to install the Protected Browser extension to Google Chrome on multiple Windows devices at the same time.

Requirements

You must have the following accounts and permissions:

  • An Active Directory admin account with permission to use the group policy editor
  • A Sophos Central admin account
  • Admin account for all the devices where you want to install the extension

You must meet the following requirements in Google Chrome:

You must have completed the following configurations in the Microsoft Group Policy Management Console:

  1. A group policy object (GPO) for the extension on a domain controller or management server.
  2. Linked the GPO to the appropriate Organizational Unit (OU).

    See Group Policy Management Console.

Download the installer from Sophos Central

To download the extension installer, do as follows:

  1. In Sophos Central, go to My Environment > Installers.
  2. Under Browser extension, next to Active Directory (GPO), click Windows.

    This downloads a .zip file. It includes the installation files. Extract the file to your device.

  3. Copy the extension URL.

Configure the group policy object to install the extension

In the Microsoft Group Policy Management Console, do as follows:

  1. Open the group policy object (GPO) you created for the extension.
  2. In the GPO, go to Computer Configuration > Policies > Administrative Templates.
  3. In Administrative Templates, go to Google > Google Chrome > Extensions.
  4. Click Configure the list of force-installed apps and extensions, then select Enabled.

    Turn on force install.

  5. Under Options, click Show.

  6. In Show contents, paste the extension URL you copied from Sophos Central.

    Paste the extension URL.

  7. Click OK, then click Save.

  8. Copy the contents of the ChromeExtensionSettings.xml file you downloaded from Sophos Central.
  9. In the same GPO, go to Computer Configuration > Preferences > Windows Settings > Registry.
  10. Right-click Registry and paste the contents of the file.
  11. Enter a name for the registry and save it.
  12. Verify the installation as follows:

    1. On a Windows device, open the Chrome browser.
    2. In the address bar, type chrome://policy and click Reload policies.

      In the Chrome Policies table, check if you can see the ExtensionInstallForcelist policy and its status is OK.

    3. In the address bar, type chrome://extensions and check if you can see the Protected Browser extension. You may see the following message:

      Sophos extension is installed and managed by the organization.

Uninstall the extension

To uninstall the extension, do as follows:

  1. Open the group policy object (GPO) you created for the extension.
  2. In the GPO, go to Computer Configuration > Policies > Administrative Templates > Google > Google Chrome, and click Extensions.
  3. Click Configure the list of force-installed apps and extensions and select Not configured.
  4. To remove the XML custom settings, do as follows:

    1. Go to Computer Configuration > Preferences > Windows Settings, and click Registry.
    2. Find registry items you uploaded from the XML file and delete them.
  5. To delete the extension utility, run the following PowerShell command:

    powershell.exe -Command "& { msiexec /q /x $((New-Object -ComObject 'WindowsInstaller.Installer').RelatedProducts('{B0D532EB-39A8-497B-8DD8-6A3ACCE97532}')); }"