When deploying the Cipafilter
Authenticator Chrome extension using the Chrome Management Console, the
extension will also be deployed to those who sign into Chrome browser
on their desktop, not just those who are on a Chromebook device.
Since desktop computers will normally be using the Windows or Mac
client, it is desirable to prevent the Chrome extension from being
installed on these computers. This can be accomplished this using group
1. Select Administrative Tools from the Control Panel.
2. From the Administrative Tools window, double click Group Policy Management.
3. Under Group Policy Management, descend
into the forest and locate Group Policy Objects. Right-click on Group
Policy Objects and select New from the menu.
4. A dialog box will appear, prompting for
the name of the new GPO. In this example, I have simply named it Blacklist Chrome Authenticator. The Source Starter GPO option should
be set to (none).
5. Click OK, and the new group policy object will appear in the window. Right-click on this and select Edit from the menu.
6. This will bring up the Group Policy
Management Editor window. Expand the Computer Configuration, Preferences, and Windows Settings nodes in the tree. Right-click on Registry and select New > Registry Item from the menu.
7. Select or enter the following in the Properties window that appears:
Key Path: SOFTWAREPoliciesGoogleChromeExtensionInstallBlacklist
Value name: 1
Value type: REG_SZ
Value Data: nneenclggelajmdlnehjpheofmehlgck (for the Cipafilter Authenticator extension) or ebknnihoedejfnnjeckfifeojelocbll (For the Cipafilter Direct Authenticator extension)
8. Click OK. The new registry value
should now be created. Now, we must link the GPO to apply it. Navigate
back to the Group Policy Management window. Right-click on the
organizational unit you want this policy to apply to and select Link an
9. Select Blacklist Chrome Authenticator (Or the name you chose) and click OK.
10. Now that the policy has been linked, it
should apply to the devices in that OU the next time they are rebooted.
The registry value will prevent the extension from being installed,
and remove it if it has already been installed. To test whether the
change has taken effect, you should receive the following error when
attempting to install the Cipafilter Authenticator from the Chrome web