How To - Blacklist Cipafilter Authenticator Extension in Active Directory

How To - Blacklist Chrome Authenticator Extension in Active Directory

When deploying the Cipafilter Authenticator Chrome extension using the Chrome Management Console, the extension will also be deployed to those who sign into Chrome browser on their desktop, not just those who are on a Chromebook device.  Since desktop computers will normally be using the Windows or Mac client, it is desirable to prevent the Chrome extension from being installed on these computers.  This can be accomplished this using group policy.
1. Select Administrative Tools from the Control Panel.

2. From the Administrative Tools window, double click Group Policy Management.

 3. Under Group Policy Management, descend into the forest and locate Group Policy Objects.  Right-click on Group Policy Objects and select New from the menu.

4. A dialog box will appear, prompting for the name of the new GPO.  In this example, I have simply named it Blacklist Chrome Authenticator.  The Source Starter GPO option should be set to (none).

 5. Click OK, and the new group policy object will appear in the window.  Right-click on this and select Edit from the menu.


6. This will bring up the Group Policy Management Editor window.  Expand the Computer Configuration, Preferences, and Windows Settings nodes in the tree.  Right-click on Registry and select New > Registry Item from the menu.


7. Select or enter the following in the Properties window that appears:
      Action: Create
      Key Path: SOFTWAREPoliciesGoogleChromeExtensionInstallBlacklist
      Value name: 1
      Value type: REG_SZ
      Value Data: nneenclggelajmdlnehjpheofmehlgck (for the Cipafilter Authenticator extension) or ebknnihoedejfnnjeckfifeojelocbll (For the Cipafilter Direct Authenticator extension)

 8. Click OK.  The new registry value should now be created.  Now, we must link the GPO to apply it.  Navigate back to the Group Policy Management window.  Right-click on the organizational unit you want this policy to apply to and select Link an Existing GPO.

9. Select Blacklist Chrome Authenticator (Or the name you chose) and click OK.

10. Now that the policy has been linked, it should apply to the devices in that OU the next time they are rebooted.  The registry value will prevent the extension from being installed, and remove it if it has already been installed.  To test whether the change has taken effect, you should receive the following error when attempting to install the Cipafilter Authenticator from the Chrome web store:

    • Related Articles

    • How To - Deploy Cipafilter Authentication Client Using Active Directory

      The Cipafilter Authentication Client can be easily deployed to your network clients as a Group Policy Object. This guide will walk you through creating such a policy in Active Directory. In order to deploy the Cipafilter Authentication Client, you ...
    • Manual - Group Permissions

      Permissions for groups of users are managed here. Each group has individual settings for the different filtering technologies available, as well as a separate whitelist and blacklist. On this page, you can also edit the global whitelist and blacklist ...
    • How To - Delegate Control for the Authentication User in Active Directory

      1. Log in to the AD server. 2. Click on Start > Programs > Administrative Tools > Active Directory Users and Computers. 3. Right-click on the domain (listed at the top of the tree), then click on Delegate Control...  4. Click on the Next button. 5. ...
    • How To - Install the SSL Certificate on Chrome

      This guide will help you install the SSL filtering certificate for Chome-based browsers which do not use the operating system's built-in key store — this includes Chrome OS and Chrome for Linux. These images show Chrome running on Chrome OS version ...
    • How To - Upload the SSL Certificate to the Google Admin Console

      Regardless of which deployment method you choose, all browsers must have the certificate installed for SSL inspection to work properly. It is important to know that filtering will still occur even without the certificate deployed, but users will ...