Install Chrome via GPO and save yourself some time.Most system administrators deploy Group Policy Objects (GPO) as a way to control and limit user activity on Windows based PCs.This is a very useful management tool as it provides granular control into the operations on the workstations.As any system admin will tell you, GPO ends up being a valuable tool because of the ease and time saving features. Zend Studio 9 0 3 Setup Key For Hp on this page. We have a Win2k8 as a Domain Controller in a domain with workstations that run Windows XP. I would like to be able to install via GPO a new trusted root certificate. 4 Ways to Automatically Disable Wireless Network Connection when Local Area Connection is Enabled. Google offers a Chrome MSI installer and a GPO template to help admins automate widespread installation and control of Chrome. A MSI installer is one that can be pushed down to Windows clients and run silently without the user's knowledge, or interaction. GPO templates define settings that affect how a Windows or a specific program, in this case Chrome, functions. BARRY'S GOODS FOR SALE Bridgeport-style Millhead for Sale. Version history and archived downloads page for ImgBurn. DVD burning software that supports many image file formats and dual layer burning. To get started, downloadthe. MSI and downloadthepolicytemplates (Zip file). There are two different types of templates ADM and ADMX. ADM is for Windows Server 2. ADMX is for Windows Server 2. For this article, we will be creating a GPO in a Server 2. This GPO will require the MSI installer to be located in a network share. To do so, create a folder called MSI, assign share permissions for the Domain Computers group of 'Read' and assign security permissions of 'Read/Execute' for the Domain Computers group. Place the MSI within this folder. GPOs can be applied to machines or to users. For Chrome, it is best to create the GPO for the machines rather than the users. This way Chrome is available to any user that logs onto any machine. On your domain controller, open Group Policy Management and right- click on the OU that contains the PCs in your domain, typically "Domain Computers". Select "Create and Link a GPO Here" and enter a name for the GPO, such as "Chrome Installer". The new GPO will appear in the list. Double- click the GPO to edit the settings. Under the 'Security Filtering', we want to add the machines this GPO will apply to. The most efficient way is to use a group, rather than individual machines. By default Active Directory places all domain computers (except domain controllers) into the Domain Computers group. Click 'Add' and then type in "domain computers" and click 'OK'. Remove anything else that is listed there, such as user accounts or groups. Figure A)Figure A. Click on the 'Settings' tab, which displays all the actions the GPO will take. Since this is a new GPO, nothing is listed. To edit these settings, right- click anywhere in the section and choose "Edit". The Group Policy Object Editor opens with two sections: Computer Configuration and User Configuration. Since we want this GPO to perform actions on the machines, we are going to edit the Computer Configuration. Expand 'Software Settings' and select 'Software Installation'. In the empty pane, right- click and select 'New' | 'Package'. ![]() ![]() Navigate to the network share. It is very important to use the UNC path, for example "\\server. Once you select the MSI, it will appear in the pane. Figure B)Figure B. To add the templates, select 'Administrative Templates' and click the file menu 'Action' | 'Add/Remove Templates'. Click 'Add' and browse to the template's location and navigate the folder structure "windows\adm\en- US" and select "chrome. Then the template will appear under Administrative Templates as "Google". Expand the hierarchy of folders to see all the policies in the templates. There are a varietyofpolicies, everything from controlling the startup page, to more advanced policies (Figure C). Notable policies are. Set Chrome as Default Browser. Specify a list of plugins that a user can enable or disable. Import bookmarks from default browser on first run.Block access to a list of URLs.Allow access to a list of URLs. . Set user data directory.Configure the home page URLEnable the password manager (which should always be disabled)Action on Startup.Figure C. Make changes to the policies as you see fit. When finished, close the Group Policy Object Editor window. Review the settings by clicking on 'Show All". Figure D). Then, right- click the GPO in the list on the left and select 'GPO Status' to ensure 'Enabled' is checked. Figure E). Figure EFinally, reboot the machines in order to apply the GPO, which will install Chrome and the templates. Q& A: Large Scale Deployment of Active X controls, How can users install Active X controls? Active X controls cause us loads of pain in large scale deployment scenarios. The primary reason is that it we cannot lock down the enterprise PC's and still have users activate the Active X controls in their browsers, even if the Active X component is signed. We can easily make a site a "trusted site" (group policy), but this does not ensure that users have the access they need to make the registry entries in HKLM or put files in C: \WINDOWS\DOWNLOADED PROGRAM FILES. We could try to hack this by opening write access to HKLM/Classes and to the downloaded program files folder, but this is not good. Is there a reliable way of doing this? A way where I can perhaps sign the controls I approve and have active directory install it in system context on all domain computers? This must be a problem that several corporations are dealing with.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |