Using Windows 10 Management in Google Workspace Enterprise for Chrome Browser Management
Update: As of January 2021, setting registry keys manually is no longer necessary. See the blog post from Google for more information.
I recently wrote a tweaked version of Google’s GCPW installation PowerShell Script, which can be on viewed on GitHub.
In the script, I added Chrome Browser installation, as well as updating registry keys for Chrome Browser enrollment for Cloud Management, the limitations of which include users changing registry keys if the devices are not managed by GPO, Intune, or other EMMs.
Google Workspace Enterprise include Windows 10 management features, and you can use custom OMA-URI to ingest the Chrome Administrative template. This allows you to push device-level Chrome policies to augment your organization’s security posture and improve user experience.
As you will soon see, using OMA-URIs to manage policies is a bit challenging for admins who may be less familiar with Windows management. Once Chrome Browser is enrolled for Cloud Management, you can use the UI that you are already familiar with to manage Chrome Browser.
Here are the steps:
- Go to https://chromeenterprise.google and download the bundle for Windows (32 or 64 bit) and unzip the files
- Enable Windows management for Organizational Units as appropriate (Instructions)
- Configure OMA-URI as table below (also linked) — if you need clarification on specific Chrome policies, please consult https://goo.gle/chromepolicylist. For line 2 in the table, you can find chrome.admx in the administrative template you unzipped in Step 1.
4. Install GCPW (Instructions) or enroll devices using Step 2 if you would rather not use GCPW for user sign-in.
As you can see, using OMA-URI requires you to have a good understanding of Registry Editor, Group Policy Objects, and admx and adml files in the Chrome Enterprise bundle.
In my future posts, I will discuss some of the benefits of Chrome Browser Cloud Management, as well as some of the recommended settings.
