Blacklisting Chrome Authenticator Extension
Posted by Nick Oakman, Last modified by on 17 July 2015 10:11 PM
When deploying the 'Cipafilter Authenticator' Chrome extension using the Chrome Management Console, the extension will also be deployed to those who sign into Chrome browser on their desktop, and not just those who are on a Chromebook device. Since desktop computers will normally be using the Windows or Mac client, it is desirable to prevent the Chrome extension from being installed on these computers. We can accomplish this using group policy.
Blacklisting the Chrome Authenticator Extension Using Group Policy
Select 'Administrative Tools' from the Control Panel.
From the Administrative Tools window, double click 'Group Policy Management'.
Under Group Policy Management, descend into the forest and locate 'Group Policy Objects'. Right-click on Group Policy Objects and select 'New' from the menu.
A dialog box will appear prompting for the name of the new GPO. In this example, I have simply named it 'Blacklist Chrome Authenticator'. The Source Starter GPO option should be set to '(none)'.
Click OK and the new group policy object will appear in the window. Right-click on this and select 'Edit' from the menu.
This will bring up the Group Policy Management Editor window. Expand the 'Computer Configuration', 'Preferences', and 'Windows Settings' nodes in the tree. Right-click on 'Registry' and select 'New -> Registry Item' from the menu.
Select or enter the following in the Properties window that appears:
Key Path: SOFTWARE\Policies\Google\Chrome\ExtensionInstallBlacklist
Value name: 1
Value type: REG_SZ
Value Data: nneenclggelajmdlnehjpheofmehlgck
Click OK. The new registry value should now be created. Now, we must link the GPO to apply it. Navigate back to the Group Policy Management window. Right-click on the organizational unit you want this policy to apply to and select 'Link an Existing GPO'.
Select 'Blacklist Chrome Authenticator' and click OK.
Now that the policy has been linked, it should apply to the devices in that OU the next time they are rebooted. The registry value will prevent the extension from being installed, and remove it if it has already been installed. To test whether the change has taken effect, you should receive the following error when attempting to install the Cipafilter Authenticator from the Chrome web store: