Environment:
-Windows Server 2019
-Windows 10 Client Machine
Note: Implementation for Chrome Extension blocking has already been done. For this example, we will be using Firefox.
Additionally: The goal for this is to block extensions for the following browsers-
- Google Chrome
- Microsoft Edge
- Mozilla Firefox
Procedure:
A sort-of prerequisite for this is downloading multiple ADMX Templates. Each browser has their own set of features.
Chrome for example requires you to block by specific ID which is provided to every extension when they are added to the store. For our purposes we can simply block all extensions through the blocklist as shown on the screenshot below. An example of the client PC is also included for reference.
Now moving forward, we will be setting up the policy for firefox.
Ultimately the same for all browsers, just a few different ways of addressing the block feature.
1. Download the Firefox ADMX template.
Link: GitHub - mozilla/policy-templates: Policy Templates for Firefox
2. Extract the admx and adml files from the zip file.
2. Extract the admx and adml files from the zip file.
3. Go to the following directory in your AD server:
C:\Windows\PolicyDefinitions
C:\Windows\PolicyDefinitions
4. Add the admx file to this location.
5. Go to the following directory:
C:\Windows\PolicyDefinitions\en-US
C:\Windows\PolicyDefinitions\en-US
6. Add the adml file to this location.
With that you will have added the required templates to control the users browser.
With that you will have added the required templates to control the users browser.
Now for the group policy:
1. Open Group Policy Management.
2. Create a new GPO. The Demo policy here has been named "Firefox Extension".
3. Edit the new policy.
4. Go to User Configuration > Policies > Administrative Templates
5. Select the Mozilla template folder
6. Select Firefox > Addons > Allow add-on installs from websites
7. Set state to disabled.
Next time you open Firefox, you should be able to find extensions blocked as shown in the screenshot below.
The same can be done for Edge with the same method.
For ADMX templates, please refer to: https://admx.help/
-Leo
No comments:
Post a Comment