Installing google chrome extensions via BIGFIX

raumohit_10 · September 13, 2016, 7:14am

Hi,

Just wanted to know if it is possible to install google chrome extensions via bigfix.

We are actually looking to install the extension called IE tab but we are not able to figure out a way to do it.

Here is a link that was suppose to help us.

jgstew · September 13, 2016, 11:59pm

I have never done this myself, but am also interested in doing so.

I think doing this requires the use of GPO.

You can deploy Local GPO with BigFix which should work for this.

Local GPO Examples:

prabhu490730 · May 30, 2017, 11:47am

@jgstew,@raumohit_10,

Have a look on the below action script which will be able to set the registry under Google Chrome Extention:

Action Script
// Set Registry Key under Google Chrome Extention
//OneLogin SSO Implementation: ‘Enable’
regset “[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ioalpmibngobedobkmbhgmadaphocjdn]” “update_url”=“https://clients2.google.com/service/update2/crx”

_Where: _
OneLogin for Google Chrome 3.3.6
ID: ioalpmibngobedobkmbhgmadaphocjdn

Relevance:
(not exist keys "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ioalpmibngobedobkmbhgmadaphocjdn" of x32 registry)

Once it gets deployed, You’ll get prompt in Chrome Browser to enable the plugin.
Hope this helps…!!

AlexaVonTess · July 12, 2019, 10:15am

To expand on this… If wanting to implement this via BigFix with regset Action script, but as a policy, if possible, how would we account for “next regkey in the sequence”. For example, if regkey “1” exists, create “2”.

This is automated when implementing via GPO, but wanted to ask if this is even feasible via action script.

dakota · July 12, 2019, 12:37pm

You can try something like this to auto increment the number:

parameter "APPID"="nlbejmccbhkncgokjcmghpfloaajcffj"

regset "[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome\ExtensionInstallBlacklist]" "{(maximum of (names of values of it as string as integer) of key "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome\ExtensionInstallBlacklist" of (registry)) + 1}"="{parameter "APPID"}"

AlexaVonTess · July 12, 2019, 1:14pm

Wow! That is so awesome! I was sure that wasn’t possible.

dakota · July 12, 2019, 1:31pm

Glad it works for you. The only issue that I can see, is if there is no values in the key yet. I’ve updated the action script to do that check and set the first value to the name of “1” if no values exist already.

// If exists values
if {exists values of key "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome\ExtensionInstallBlacklist" of (registry)}
regset "[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome\ExtensionInstallBlacklist]" "{(maximum of (names of values of it as string as integer) of key "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome\ExtensionInstallBlacklist" of (registry)) + 1}"="{parameter "APPID"}"
else
// If no values exists add the first one as '1'
regset "[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome\ExtensionInstallBlacklist]" "1"="{parameter "APPID"}"
endif

AlexaVonTess · July 12, 2019, 1:33pm

Some error checking just in case there is no value…a good practice. Again, thank you.

JamesKrolak · August 11, 2023, 6:42pm

This is a bit of a thread necro, but more than 1 of us at my company came across this thread when trying to figure out how to push out a Chrome extension with BigFix. The original suggestion from prabhu490730 above works rather inconsistently for some reason. I found a more reliable registry key to modify to accomplish this.

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome\ExtensionInstallForcelist

If you create a value in there with the same sort of data mentioned above (extension ID;update address) then it will force that install on target systems the next time they start Chrome. This has the added effect of preventing them from disabling or removing that extension. (unless they first delete that registry value) This is the same location that you can use via GPO to force install extensions. The tricky thing is that each value in there has to be named a number and you (probably) cannot have 2 identical ones in there. So, if you’re pushing out multiple extensions or some are being done via GPO and some via BigFix, you need a way to ensure you’re not overwriting the other.

Borrowing from dakota’s posts above, I’m using this to push out the Google Endpoint Verification extension (which is used by Google Cloud to view elements of the client OS–including only allowing access based on things like cert presence, etc)

Action Script

parameter "APPID"="callobklhcbilhphinckomhgkigmfocg;https://clients2.google.com/service/update2/crx"

// If exists values
if {exists values of key "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome\ExtensionInstallForcelist" of (registry)}
regset "[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome\ExtensionInstallForcelist]" "{(maximum of (names of values of it as string as integer) of key "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome\ExtensionInstallForcelist" of (registry)) + 1}"="{parameter "APPID"}"
else
// If no values exists add the first one as '1'
regset "[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome\ExtensionInstallForcelist]" "1"="{parameter "APPID"}"
endif

Relevance
NOT exists value whose (it is "callobklhcbilhphinckomhgkigmfocg;https://clients2.google.com/service/update2/crx" as string) of key "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome\ExtensionInstallForcelist" of native registry