The Google Chrome browser has Group Policy extensions available for managing computer and user settings for the chrome browser via group policy.
These settings include enabling/disabling default browser prompts and settings, controlling password manager, chrome apps settings and numerous other items.
The ones we’ll look at today are whitelisting and blacklisting websites via GPO.
To start, make sure you have the Chrome admx and adml files downloaded. They can be downloaded from Google:
This zip contains HTML listings of the policy settings, linux templates and windows templates. The windows templates come in two flavors. adm and admx. For the admx template:
Copy chrome.admx to SYSVOL\domain\Policies\PolicyDefinitions\
Also copy the appropriate adml language file to the subfolder for your language
Chrome processes policies in the order of Machine –> User –> Chrome
When you launch Group Policy Management Console, and edit a policy, expand Administrative templates under either user or computer configuration and you’ll now see a folder titled Google. When you expand this folder, there are two options. Google Chrome or Google Chrome default settings. The defualt settings allow you to set default settings but allow end user over riding of these policy settings.
The other option enforces the settings defined in the policy with no ability to override.
In the Google Chrome policy, there are two options related to white listing and black listing of sites. They are “Block access to a list of URLs” and “Allow access to a list of URLs”. Both of these settings are available at the user and computer/machine level.
These settings take a list of urls or can take the wildcard *
To block all sites and only whitelist the ones you want, set “Block access to a list of URLs” to enabled and add * to the list.
Next, go to “Allow access to a set of URLs” click enable and add the sites you want to the list.
In the background, these are setting registry values at the following locations:
These are added as strings in numerical order.
1 REG_SZ https://www.google.com
2 REG_SZ https://translate.google.com
Once you have the settings how you like them, close the editor,complete any other GPO related tasks such as security filtering and attach to the appropriate OU.
Now you have Chrome filtered to only allow whitelisted sites or whatever combination of whitelisted and blacklisted sites you desire.