Deployment via GPOs in Active Directory

Note:

This page includes:

About deployment via GPOs in Active Directory

If you are using GPOs in Active Directory to manage your Windows devices, then you can use GPOs to deploy the browser extension. The deployment process includes the three standard ABS extension deployment steps.

Important: Make sure to see additional important details on the 3-step deployment process, Deploying the extension [Managed deployment].

This page shows specific GPO details for Step 1 and Step 2 of the deployment process.

Step 1: Install the browser extension

Important: Before your perform Step 1, make sure to see additional important details: Step 1: Installing the extension via UEM solutions [Generic].

You can use GPOs to deploy the browser extension on Windows devices.

Below is a summarized procedure of Step 1, using a GPO to install the browser extension. You'll need to perform this procedure for each browser (Google Chrome, Microsoft Edge, Firefox). Further details for each browser are shown below.

  1. Go to each browser’s support portal to get the required ADM(X) template file.

  2. Open the ADM(X) file using the Group Policy Editor [gpedit.msc].

  3. Configure the browser policy to force-install the browser extension.

Instructions for Google Chrome

  1. Open the official Google Chrome instructions :

    [https://support.google.com/chrome/a/answer/187202?hl=en]

  2. In the instructions, scroll down to "Install and configure Chrome policy templates" and then click Windows.

  3. Perform "Step 1: Download Chrome policy templates".

  4. Perform "Step 2: Open the ADM or ADMX template you downloaded".

  5. Scroll down to "Step 3: Configure policies".

  6. In the GPO Editor, open the template you just added and change the following configuration settings:

    1. Navigate to Computer Configuration > Administrative Templates > Classic Administrative Templates (ADM) > Google > Google Chrome > Extensions, and open Extension management settings.

    2. Enable the setting - if it is not already enabled.

    3. If the value is empty or just {}, set the value to the following:

      {"kpehlcnleoaejbmmgncofcgpjnojlfbn":{"installation_mode":"force_installed","toolbar_pin":"force_pinned","update_url":"https://clients2.google.com/service/update2/crx"}}

      Otherwise, if there was a previous value in the format {<something>}, edit the value to be like this:

      {<something>,"kpehlcnleoaejbmmgncofcgpjnojlfbn":{"installation_mode":"force_installed","toolbar_pin":"force_pinned","update_url":"https://clients2.google.com/service/update2/crx"}}

Instructions for Microsoft Edge

  1. Open the official Microsoft Edge instructions :

    [https://learn.microsoft.com/en-us/deployedge/configure-microsoft-edge]

  2. In the instructions, perform "1. Download and install the Microsoft Edge administrative template".

  3. Perform "2. Set mandatory or recommended policies".

  4. In the GPO Editor:

    1. Navigate to Computer Configuration > Policies > Administrative Templates > Classic Administrative Templates (ADM) > Microsoft Edge > Extensions, and open Extension management settings.

    2. Enable the setting - if it is not already enabled.

    3. If the value is empty or just {}, set the value to the following:

      {"jcllaekmhcebhkjmmlnbcdmbbpiidnhf":{"installation_mode":"force_installed","toolbar_state":"force_shown","update_url":"https://edge.microsoft.com/extensionwebstorebase/v1/crx"}}

      Otherwise, if there was a previous value in the format {<something>}, edit the value to be like this:

      {<something>,"jcllaekmhcebhkjmmlnbcdmbbpiidnhf":{"installation_mode":"force_installed","toolbar_state":"force_shown","update_url":"https://edge.microsoft.com/extensionwebstorebase/v1/crx"}}

  5. Perform "3. Test your policies".

Instructions for Firefox

  1. Follow the official Firefox instructions :

    [https://support.mozilla.org/en-US/kb/customizing-firefox-using-group-policy-windowse]

  2. In the GPO Editor, edit the ExtensionSettings setting:

    1. If the value is empty or just {}, set the value to the following:

      {"advancedbrowsersecurityaddon@perception-point.io":{"default_area":"navbar","install_url":"https://addons.mozilla.org/firefox/downloads/latest/advanced-browser-security/latest.xpi","installation_mode":"force_installed"}}

      Otherwise, if there was a previous value in the format {<something>}, edit the value to be like this:

      {<something>}, edit the value to be like this {<something,"advancedbrowsersecurityaddon@perception-point.io":{"default_area":"navbar","install_url":"https://addons.mozilla.org/firefox/downloads/latest/advanced-browser-security/latest.xpi","installation_mode":"force_installed"}}

Step 2: Connect the browser extension

Important: Before your perform Step 2, make sure to see Step 2: Connecting the extension via UEM solutions [Generic].

Step 2 includes the following two sub-steps:

Step 2

Connect the browser extension

 

 

Step 2A

Get the PowerShell script

You can download a PowerShell script that contains the required organization token - from the Advanced Browser Security console.

  • For details on how to download the required PowerShell script file, see Downloading an organization token.

  • Make sure to download the token in a Windows - PowerShell (.ps1) file.

  • The perception-point-organization-token.ps1 file will be downloaded to your computer.

Step 2B

Deploy the PowerShell script

Use a GPO in Active Directory, or any other tool, to push the downloaded PowerShell script file [that you downloaded in Step 2A above] to all relevant Windows devices. This will deploy the organization token on the target devices.

Step 3: Activate the browser extension

For details on Step 3, see Step 3: Activating the extension on endpoints.

See also: