We have a Google Chrome extension built for internal corporate use. Up till now it's been deployed using GPO and that worked fine until Chrome 33 came along. Now the extension doesn't appear in the Extensions list and is not active :'(. Has the deploy/install process changed with Chrome 33 for GPO? Do we need to do anything different now, or how does one deploy an extension via GPO in a post-Chrome 33 world?
We install using GPO as advised here ('Pre-installing via group policy' section) and detailed here. We set GPOs ExtensionInstallForcelist
, ExtensionInstallWhitelist
, and ExtensionInstallSources
.
Our extension and our update xml file is not hosted on the Chrome Web Store. There were planned changes in Chrome 33 (to protect users from malicious extensions) which force extensions to be on the Chrome Web Store, but from all the documentation we can find this shouldn't apply to GPO-installed extensions, as described http://www.chromium.org/developers/extensions-deployment-faq:
Users can only install extensions hosted in the Chrome Web store, except for installs via enterprise policy or developer mode.
...
What are the supported deployment options for extensions after this change? ... For Enterprises, we’ll continue to support group policy to install extensions, irrespective of where the extensions are hosted. Note that the user's machine has to join a domain for GPO policy pushes to be effective.
...
Extensions that were previously installed, but not hosted on the Chrome Web Store will be hard-disabled (i.e the user cannot enable these extensions again), except for installs via enterprise policy or developer mode.
and http://blog.chromium.org/2013/11/protecting-windows-users-from-malicious.html:
We’ll continue to support local extension installs during development as well as installs via Enterprise policy, and Chrome Apps will also continue to be supported normally.
Once users upgraded to Chrome 33 the extension disappeared, so it appears that something has changed regarding GPO deployment, but I don't see anything documented about the change (or obviously how to fix my deployment).
We can't host on the Chrome Web Store because our extension uses an NPAPI component, which is no longer allowed for new Chrome Web Store extensions. There's significant effort involved in migrating to a different architecture that doesn't use NPAPI so that's not a short term resolution (although it is planned for the medium term). However, we've tried removing the NPAPI component to check if that's what Chrome 33 doesn't like, and it doesn't seem to be related to that. We've tried only using https in the urls, also doesn't work.
Could be related to Issue 346386
Thanks for any suggestions!
Are the machines in question actually on a windows domain that is using Group Policy? We saw some malicious software abusing registry/GPO and have been tightening up the checks we already had in place that attempt to ensure that enterprise policy is only used by enterprise managed machines.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With