/ Policy template for Linux. // Uncomment the policies you wish to activate and change their values to // something useful for your case. The provided values are for reference only // and do not provide meaningful defaults! { // Cross-origin HTTP Basic Auth prompts //------------------------------------------------------------------------- // Controls whether third-party sub-content on a page is allowed to pop-up an // HTTP Basic Auth dialog box. Typically this is disabled as a phishing // defense. If this policy is not set, this is disabled and third-party sub- // content will not be allowed to pop up a HTTP Basic Auth dialog box. //"AllowCrossOriginAuthPrompt": false, // Allow invocation of file selection dialogs. //------------------------------------------------------------------------- // Allows access to local files on the machine by allowing Google Chrome to // display file selection dialogs. If you enable this setting, users can open // file selection dialogs as normal. If you disable this setting, whenever // the user performs an action which would provoke a file selection dialog // (like importing bookmarks, uploading files, saving links, etc.) a message // is displayed instead and the user is assumed to have clicked Cancel on the // file selection dialog. If this setting is not set, users can open file // selection dialogs as normal. //"AllowFileSelectionDialogs": true, // Allow running plugins that are outdated //------------------------------------------------------------------------- // Allows Google Chrome to run plugins that are outdated. If you enable this // setting, outdated plugins are used as normal plugins. If you disable this // setting, outdated plugins will not be used and users will not be asked for // permission to run them. If this setting is not set, users will be asked // for permission to run outdated plugins. //"AllowOutdatedPlugins": true, // Enable alternate error pages //------------------------------------------------------------------------- // Enables the use of alternate error pages that are built into Google Chrome // (such as 'page not found') and prevents users from changing this setting. // If you enable this setting, alternate error pages are used. If you disable // this setting, alternate error pages are never used. If you enable or // disable this setting, users cannot change or override this setting in // Google Chrome. If this policy is left not set, this will be enabled but // the user will be able to change it. //"AlternateErrorPagesEnabled": true, // Always runs plugins that require authorization //------------------------------------------------------------------------- // Allows Google Chrome to run plugins that require authorization. If you // enable this setting, plugins that are not outdated always run. If this // setting is disabled or not set, users will be asked for permission to run // plugins that require authorization. These are plugins that can compromise // security. //"AlwaysAuthorizePlugins": true, // Kerberos delegation server whitelist //------------------------------------------------------------------------- // Servers that Google Chrome may delegate to. Separate multiple server names // with commas. Wildcards (*) are allowed. If you leave this policy not set // any server will be accepted for integrated authentication. //"AuthNegotiateDelegateWhitelist": "foobar.example.com", // Supported authentication schemes //------------------------------------------------------------------------- // Specifies which HTTP Authentication schemes are supported by Google Chrome. // Possible values are 'basic', 'digest', 'ntlm' and 'negotiate'. Separate // multiple values with commas. If this policy is left not set, all four // schemes will be used. //"AuthSchemes": "basic,digest,ntlm,negotiate", // Authentication server whitelist //------------------------------------------------------------------------- // Specifies which servers should be whitelisted for integrated // authentication. Integrated authentication is only enabled when Google // Chrome receives an authentication challenge from a proxy or from a server // which is in this permitted list. Separate multiple server names with // commas. Wildcards (*) are allowed. If you leave this policy not set any // server will be accepted for integrated authentication. //"AuthServerWhitelist": "*example.com,foobar.com,*baz", // Enable AutoFill //------------------------------------------------------------------------- // Enables Google Chrome's AutoFill feature and allows users to auto complete // web forms using previously stored information such as address or credit // card information. If you disable this setting, AutoFill will be // inaccessible to users. If you enable this setting or do not set a value, // AutoFill will remain under the control of the user. This will allow them to // configure AutoFill profiles and to switch AutoFill on or off at their own // discretion. //"AutoFillEnabled": false, // Automatically select client certificates for these sites //------------------------------------------------------------------------- // Allows you to specify a list of url patterns that specify sites for which // Google Chrome should automatically select a client certificates, if the // site requests a certificate. If this policy is left not set no auto- // selection will be done for any site. //"AutoSelectCertificateForUrls": ["{\"pattern\":\"https://www.example.com\",\"filter\":{\"ISSUER\":{\"CN\":\"certificate issuer name\"}}}"], // Continue running background apps when Google Chrome is closed //------------------------------------------------------------------------- // Determines whether a Google Chrome process is started on OS login and keeps // running when the last browser window is closed, allowing background apps to // remain active. The background process displays an icon in the system tray // and can always be closed from there. If this policy is set to True, // background mode is enabled and cannot be controlled by the user in the // browser settings. If this policy is set to False, background mode is // disabled and cannot be controlled by the user in the browser settings. If // this policy is left unset, background mode is initially disabled and can be // controlled by the user in the browser settings. //"BackgroundModeEnabled": true, // Block third party cookies //------------------------------------------------------------------------- // Blocks third party cookies. Enabling this setting prevents cookies from // being set by web page elements that are not from the domain that is in the // browser's address bar. Disabling this setting allows cookies to be set by // web page elements that are not from the domain that is in the browser's // address bar and prevents users from changing this setting. If this policy // is left not set, third party cookies will be enabled but the user will be // able to change that. //"BlockThirdPartyCookies": false, // Enable Bookmark Bar //------------------------------------------------------------------------- // Enables the bookmark bar on Google Chrome. If you enable this setting, // Google Chrome will show a bookmark bar. If you disable this setting, users // will never see the bookmark bar. If you enable or disable this setting, // users cannot change or override it in Google Chrome. If this setting is // left not set the user can decide to use this function or not. //"BookmarkBarEnabled": true, // Clear site data on browser shutdown //------------------------------------------------------------------------- // This policy is an override for the "Clear cookies and other site data when // I close my browser" content settings option. When set to enabled Google // Chrome will delete all locally stored data from the browser when it is shut // down. If set to disabled site data will not be cleared on exit. If this // policy is left not set Google Chrome will use the default which is to // preserve site data on shut down and the user will be able to change this. // If the "RestoreOnStartup" policy is set to restore URLs from previous // sessions this policy will not clear cookies or other data relevant to // restoring the previous browsing session completely. "ClearSiteDataOnExit": true, // Enable Google Cloud Print proxy //------------------------------------------------------------------------- // Enables Google Chrome to act as a proxy between Google Cloud Print and // legacy printers connected to the machine. If this setting is enabled or // not configured, users can enable the cloud print proxy by authentication // with their Google account. If this setting is disabled, users cannot // enable the proxy, and the machine will not be allowed to share it's // printers with Google Cloud Print. If this policy is left not set, this // will be enabled but the user will be able to change it. //"CloudPrintProxyEnabled": true, // Enable submission of documents to Google Cloud Print //------------------------------------------------------------------------- // Enables Google Chrome to submit documents to Google Cloud Print for // printing. NOTE: This only affects Google Cloud Print support in Google // Chrome. It does not prevent users from submitting print jobs on web sites. // If this setting is enabled or not configured, users can print to Google // Cloud Print from the Google Chrome print dialog. If this setting is // disabled, users cannot print to Google Cloud Print from the Google Chrome // print dialog //"CloudPrintSubmitEnabled": true, // Allow cookies on these sites //------------------------------------------------------------------------- // Allows you to set a list of url patterns that specify sites which are // allowed to set cookies. If this policy is left not set the global default // value will be used for all sites either from the 'DefaultCookiesSetting' // policy if it is set, or the user's personal configuration otherwise. //"CookiesAllowedForUrls": ["http://www.example.com", "[*.]example.edu"], // Block cookies on these sites //------------------------------------------------------------------------- // Allows you to set a list of url patterns that specify sites which are not // allowed to set cookies. If this policy is left not set the global default // value will be used for all sites either from the 'DefaultCookiesSetting' // policy if it is set, or the user's personal configuration otherwise. //"CookiesBlockedForUrls": ["http://www.example.com", "[*.]example.edu"], // Allow session only cookies on these sites //------------------------------------------------------------------------- // Allows you to set a list of url patterns that specify sites which are // allowed to set session only cookies. If this policy is left not set the // global default value will be used for all sites either from the // 'DefaultCookiesSetting' policy if it is set, or the user's personal // configuration otherwise. If the "RestoreOnStartup" policy is set to // restore URLs from previous sessions this policy will not be respectred and // cookies will be stored permanently for those sites. //"CookiesSessionOnlyForUrls": ["http://www.example.com", "[*.]example.edu"], // Set Chrome as Default Browser //------------------------------------------------------------------------- // Configures the default browser checks in Google Chrome and prevents users // from changing them. If you enable this setting, Google Chrome will always // check on startup whether it is the default browser and automatically // register itself if possible. If this setting is disabled, Google Chrome // will never check if it is the default browser and will disable user // controls for setting this option. If this setting is not set, Google // controls for setting this option. If this setting is not set, Google // Chrome will allow the user to control whether it is the default browser and // whether user notifications should be shown when it isn't. //"DefaultBrowserSettingEnabled": true, // Default cookies setting //------------------------------------------------------------------------- // Allows you to set whether websites are allowed to set local data. Setting // local data can be either allowed for all websites or denied for all // websites. If this policy is left not set, 'AllowCookies' will be used and // the user will be able to change it. //"DefaultCookiesSetting": 1, // Default geolocation setting //------------------------------------------------------------------------- // Allows you to set whether websites are allowed to track the users' physical // location. Tracking the users' physical location can be allowed by default, // denied by default or the user can be asked every time a website requests // the physical location. If this policy is left not set, 'AskGeolocation' // will be used and the user will be able to change it. //"DefaultGeolocationSetting": 0, // Default images setting //------------------------------------------------------------------------- // Allows you to set whether websites are allowed to display images. // Displaying images can be either allowed for all websites or denied for all // websites. If this policy is left not set, 'AllowImages' will be used and // the user will be able to change it. //"DefaultImagesSetting": 1, // Default JavaScript setting //------------------------------------------------------------------------- // Allows you to set whether websites are allowed to run JavaScript. Running // JavaScript can be either allowed for all websites or denied for all // websites. If this policy is left not set, 'AllowJavaScript' will be used // and the user will be able to change it. //"DefaultJavaScriptSetting": 1, // Default notification setting //------------------------------------------------------------------------- // Allows you to set whether websites are allowed to display desktop // notifications. Displaying desktop notifications can be allowed by default, // denied by default or the user can be asked every time a website wants to // show desktop notifications. If this policy is left not set, // 'AskNotifications' will be used and the user will be able to change it. //"DefaultNotificationsSetting": 2, // Default plugins setting //------------------------------------------------------------------------- // Allows you to set whether websites are allowed to automatically run // plugins. Automatically running plugins can be either allowed for all // websites or denied for all websites. If this policy is left not set, // 'AllowPlugins' will be used and the user will be able to change it. //"DefaultPluginsSetting": 1, // Default popups setting //------------------------------------------------------------------------- // Allows you to set whether websites are allowed to show pop-ups. Showing // popups can be either allowed for all websites or denied for all websites. // If this policy is left not set, 'BlockPopups' will be used and the user // will be able to change it. //"DefaultPopupsSetting": 1, // Enable the default search provider //------------------------------------------------------------------------- // Enables the use of a default search provider. If you enable this setting, // a default search is performed when the user types text in the omnibox that // is not a URL. You can specify the default search provider to be used by // setting the rest of the default search policies. If these are left empty, // the user can choose the default provider. If you disable this setting, no // search is performed when the user enters non-URL text in the omnibox. If // you enable or disable this setting, users cannot change or override this // setting in Google Chrome. If this policy is left not set, the default // search provider is enabled, and the user will be able to set the search // provider list. "DefaultSearchProviderEnabled": true, // Default search provider encodings //------------------------------------------------------------------------- // Specifies the character encodings supported by the search provider. // Encodings are code page names like UTF-8, GB2312, and ISO-8859-1. They are // tried in the order provided. This policy is optional. If not set, the // default will be used which is UTF-8. This policy is only respected if the // 'DefaultSearchProviderEnabled' policy is enabled. //"DefaultSearchProviderEncodings": ["UTF-8", "UTF-16", "GB2312", "ISO-8859-1"], // Default search provider icon //------------------------------------------------------------------------- // Specifies the favorite icon URL of the default search provider. This // policy is optional. If not set, no icon will be present for the search // provider. This policy is only respected if the // 'DefaultSearchProviderEnabled' policy is enabled. //"DefaultSearchProviderIconURL": "http://search.my.company/favicon.ico", // Default search provider instant URL //------------------------------------------------------------------------- // Specifies the URL of the search engine used to provide instant results. The // URL should contain the string '{searchTerms}', which will be replaced at // query time by the text the user has entered so far. This policy is // optional. If not set, no instant search results will be provided. This // policy is only respected if the 'DefaultSearchProviderEnabled' policy is // enabled. //"DefaultSearchProviderInstantURL": "http://search.my.company/suggest?q={searchTerms}", // Default search provider keyword //------------------------------------------------------------------------- // Specifies the keyword, which is the shortcut used in the omnibox to trigger // the search for this provider. This policy is optional. If not set, no // keyword will activate the search provider. This policy is only considered // if the 'DefaultSearchProviderEnabled' policy is enabled. //"DefaultSearchProviderKeyword": "mis", // Default search provider name //------------------------------------------------------------------------- // Specifies the name of the default search provider. If left empty or not // set, the host name specified by the search URL will be used. This policy // is only considered if the 'DefaultSearchProviderEnabled' policy is enabled. "DefaultSearchProviderName": "Google", // Default search provider search URL //------------------------------------------------------------------------- // Specifies the URL of the search engine used when doing a default search. // The URL should contain the string '{searchTerms}', which will be replaced // at query time by the terms the user is searching for. This option must be // set when the 'DefaultSearchProviderEnabled' policy is enabled and will only // be respected if this is the case. "DefaultSearchProviderSearchURL": "http://www.google.com/cse?cx=partner-pub-6065445074637525:8941524350&q={searchTerms}", // Default search provider suggest URL //------------------------------------------------------------------------- // Specifies the URL of the search engine used to provide search suggestions. // The URL should contain the string '{searchTerms}', which will be replaced // at query time by the text the user has entered so far. This policy is // optional. If not set, no suggest URL will be used. This policy is only // respected if the 'DefaultSearchProviderEnabled' policy is enabled. //"DefaultSearchProviderSuggestURL": "http://search.my.company/suggest?q={searchTerms}", // Disable Developer Tools //------------------------------------------------------------------------- // Disables the Developer Tools and the JavaScript console. If you enable // this setting, the Developer Tools can not be accessed and web-site elements // can not be inspected anymore. Any keyboard shortcuts and any menu or // context menu entries to open the Developer Tools or the JavaScript Console // will be disabled. Setting this option to disabled or leaving it not set // will allow the use to use the Developer Tools and the JavaScript console. "DeveloperToolsDisabled": true, // Disable support for 3D graphics APIs //------------------------------------------------------------------------- // Disable support for 3D graphics APIs. Enabling this setting prevents web // pages from accessing the graphics processing unit (GPU). Specifically, web // pages can not access the WebGL API and plugins can not use the Pepper 3D // API. Disabling this setting or leaving it not set potentially allows web // pages to use the WebGL API and plugins to use the Pepper 3D API. The // default settings of the browser may still require command line arguments to // be passed in order to use these APIs. //"Disable3DAPIs": false, // Disable CNAME lookup when negotiating Kerberos authentication //------------------------------------------------------------------------- // Specifies whether the generated Kerberos SPN is based on the canonical DNS // name or the original name entered. If you enable this setting, CNAME // lookup will be skipped and the server name will be used as entered. If you // disable this setting or leave it not set, the canonical name of the server // will be determined via CNAME lookup. //"DisableAuthNegotiateCnameLookup": false, // Specify whether the plugin finder should be disabled //------------------------------------------------------------------------- // If you set this setting to enabled the automatic search and installation of // missing plugins will be disabled in Google Chrome. Setting this option to // disabled or leave it not set the plugin finder will be active. //"DisablePluginFinder": true, // Disable Print Preview //------------------------------------------------------------------------- // Disable print preview. This setting is used to force the use of the system // print dialog instead of print preview. //"DisablePrintPreview": false, // Disable SSL record splitting //------------------------------------------------------------------------- // Specifies whether SSL record splitting should be disabled. Record splitting // is a workaround for a weakness in SSL 3.0 and TLS 1.0 but can cause // compatibility issues with some HTTPS servers and proxies. If the policy is // not set, or is set to false, then record splitting will be used on SSL/TLS // connections which use CBC ciphersuites. //"DisableSSLRecordSplitting": true, // Disable SPDY protocol //------------------------------------------------------------------------- // Disables use of the SPDY protocol in Google Chrome. If this policy is // enabled the SPDY protocol will not be available in Google Chrome. Setting // this policy to disabled will allow the usage of SPDY. If this policy is // left not set, SPDY will be available. //"DisableSpdy": true, // Specify a list of disabled plugins //------------------------------------------------------------------------- // Specifies a list of plugins that are disabled in Google Chrome and prevents // users from changing this setting. The wildcard characters '*' and '?' can // be used to match sequences of arbitrary characters. '*' matches an // arbitrary number of characters while '?' specifies an optional single // character, i.e. matches zero or one characters. The escape character is // '\', so to match actual '*', '?', or '\' characters, you can put a '\' in // front of them. If you enable this setting, the specified list of plugins // is never used in Google Chrome. The plugins are marked as disabled in // 'about:plugins' and users cannot enable them. Note that this policy can be // overriden by EnabledPlugins and DisabledPluginsExceptions. If this policy // is left not set the user can use any plugin installed on the system except // for hard-coded incompatible, outdated or dangerous plugins. //"DisabledPlugins": ["Java", "Shockwave Flash", "Chrome PDF Viewer"], // Specify a list of plugins that the user can enable or disable //------------------------------------------------------------------------- // Specifies a list of plugins that user can enable or disable in Google // Chrome. The wildcard characters '*' and '?' can be used to match sequences // of arbitrary characters. '*' matches an arbitrary number of characters // while '?' specifies an optional single character, i.e. matches zero or one // characters. The escape character is '\', so to match actual '*', '?', or // '\' characters, you can put a '\' in front of them. If you enable this // setting, the specified list of plugins can be used in Google Chrome. Users // can enable or disable them in 'about:plugins', even if the plugin also // matches a pattern in DisabledPlugins. Users can also enable and disable // plugins that don't match any patterns in DisabledPlugins, // DisabledPluginsExceptions and EnabledPlugins. This policy is meant to // allow for strict plugin balcklisting where the 'DisabledPlugins' list // contains wildcarded entries like disable all plugins '*' or disable all // Java plugins '*Java*' but the administrator wishes to enable some // particular version like 'IcedTea Java 2.3'. This particular versions can be // specified in this policy. If this policy is left not set any plugin that // matches the patterns in the 'DisabledPlugins' will be locked disabled and // the user won't be able to enable them. //"DisabledPluginsExceptions": ["Java", "Shockwave Flash", "Chrome PDF Viewer"], // Disable URL protocol schemes //------------------------------------------------------------------------- // Disables the listed protocol schemes in Google Chrome. URLs using a scheme // from this list will not load and can not be navigated to. If this policy // is left not set or the list is empty all schemes will be accessible in // Google Chrome. //"DisabledSchemes": ["file", "mailto"], // Set disk cache directory //------------------------------------------------------------------------- // Configures the directory that Google Chrome will use for storing cached // files on the disk. If you set this policy, Google Chrome will use the // provided directory regardless whether the user has specified the '--disk- // cache-dir' flag or not. If this policy is left not set the default cache // directory will be used and the user will be able to override it with the // '--disk-cache-dir' command line flag. //"DiskCacheDir": "${user_home}/Chrome_cache", // Set disk cache size in bytes //------------------------------------------------------------------------- // Configures the cache size that Google Chrome will use for storing cached // files on the disk. If you set this policy, Google Chrome will use the // provided cache size regardless whether the user has specified the '--disk- // cache-size' flag or not. If the value of this policy is 0, the default // cache size will be used but the user will not be able to change it. If // this policy is not set the default size will be used and the user will be // able to override it with the --disk-cache-size flag. //"DiskCacheSize": 104857600, // Enable network prediction. //------------------------------------------------------------------------- // Enables network prediction in Google Chrome and prevents users from // changing this setting. If you enable or disable this setting, users cannot // change or override this setting in Google Chrome. If this policy is left // not set, this will be enabled but the user will be able to change it. //"DnsPrefetchingEnabled": true, // Set download directory //------------------------------------------------------------------------- // Configures the directory that Google Chrome will use for downloading files. // If you set this policy, Google Chrome will use the provided directory // regardless whether the user has specified one or enabled the flag to be // prompted for download location every time. If this policy is left not set // the default download directory will be used and the user will be able to // change it. //"DownloadDirectory": "/home/${user_name}/Downloads", // Enables or disables bookmark editing //------------------------------------------------------------------------- // Enables or disables editing bookmarks in Google Chrome. If you enable this // setting, bookmarks can be added, removed or modified. This is the default // also when this policy is not set. If you disable this setting, bookmarks // can not be added, removed or modified. Existing bookmarks are still // available. //"EditBookmarksEnabled": false, // Include non-standard port in Kerberos SPN //------------------------------------------------------------------------- // Specifies whether the generated Kerberos SPN should include a non-standard // port. If you enable this setting, and a non-standard port (i.e., a port // other than 80 or 443) is entered, it will be included in the generated // Kerberos SPN. If you disable this setting or leave it not set, the // generated Kerberos SPN will not include a port in any case. //"EnableAuthNegotiatePort": false, // Whether online OCSP/CRL checks are performed //------------------------------------------------------------------------- // In light of the fact that soft-fail, online revocation checks provide no // effective security benefit, they are disabled by default in Google Chrome // version 19 and later. By setting this policy to true, the previous // behaviour is restored and online OCSP/CRL checks will be performed. If the // policy is not set, or is set to false, then Chrome will not perform online // revocation checks in Chrome 19 and later. //"EnableOnlineRevocationChecks": false, // Specify a list of enabled plugins //------------------------------------------------------------------------- // Specifies a list of plugins that are enabled in Google Chrome and prevents // users from changing this setting. The wildcard characters '*' and '?' can // be used to match sequences of arbitrary characters. '*' matches an // arbitrary number of characters while '?' specifies an optional single // character, i.e. matches zero or one characters. The escape character is // '\', so to match actual '*', '?', or '\' characters, you can put a '\' in // front of them. The specified list of plugins is always used in Google // Chrome if they are installed. The plugins are marked as enabled in // 'about:plugins' and users cannot disable them. Note that this policy // overrides both DisabledPlugins and DisabledPluginsExceptions. If this // policy is left not set the user can disable any plugin installed on the // system. //"EnabledPlugins": ["Java", "Shockwave Flash", "Chrome PDF Viewer"], // Enterprise web store name //------------------------------------------------------------------------- // The name of the enterprise web store, which will appear underneath the app // icon on the new tab page. This setting has no effect if // EnterpriseWebStoreURL is not set. If this setting is disabled, the // enterprise web store app (if it exists) will be labeled with its URL. //"EnterpriseWebStoreName": "WidgCo Chrome Apps", // Enterprise web store URL //------------------------------------------------------------------------- // Specifies the URL for the enterprise web store. When this setting is // enabled, an app will appear on the new tab page which, when clicked, will // take the user to the specified URL. Extensions and apps can be installed // from this page without extra warnings being presented to the user. If this // policy is set, the EnterpriseWebStoreName setting should also be set. If // this setting is disabled, no enterprise web store app will appear on the // new tab page. //"EnterpriseWebStoreURL": "http://company-intranet/chromeapps", // Configure extension installation blacklist //------------------------------------------------------------------------- // Allows you to specify which extensions the users can NOT install. // Extensions already installed will be removed if blacklisted. A blacklist // value of '*' means all extensions are blacklisted unless they are // explicitly listed in the whitelist. If this policy is left not set the // user can install any extension in Google Chrome. //"ExtensionInstallBlacklist": ["extension_id1", "extension_id2"], // Configure the list of force-installed extensions //------------------------------------------------------------------------- // Allows you to specify a list of extensions that will be installed silently, // without user interaction. Each item of the list is a string that contains // an extension ID and an update URL delimited by a semicolon (;). The // extension ID is the 32-letter string found e.g. on chrome://extensions when // in developer mode. The update URL should point to an Update Manifest XML // document as described at // http://code.google.com/chrome/extensions/autoupdate.html. For each item, // Google Chrome will retrieve the extension specified by the extension ID // from the update service at the specified update URL and silently install // it. For example, // lcncmkcnkcdbbanbjakcencbaoegdjlp;https://clients2.google.com/service/update2/crx // installs the Google SSL Web Search extension from the standard Chrome Web // Store update URL. For more information about hosting extensions, see: // http://code.google.com/chrome/extensions/hosting.html. Users will be // unable to uninstall extensions that are specified by this policy. If you // remove an extension from this list, then it will be automatically // uninstalled by Google Chrome. If this policy is left not set the user can // uninstall any extension in Google Chrome. //"ExtensionInstallForcelist": ["lcncmkcnkcdbbanbjakcencbaoegdjlp;https://clients2.google.com/service/update2/crx"], // Configure extension installation whitelist //------------------------------------------------------------------------- // Allows you to specify which extensions are not subject to the blacklist. A // blacklist value of * means all extensions are blacklisted and users can // only install extensions listed in the whitelist. By default, all // extensions are whitelisted, but if all extensions have been blacklisted by // policy, the whitelist can be used to override that policy. //"ExtensionInstallWhitelist": ["extension_id1", "extension_id2"], // GSSAPI library name //------------------------------------------------------------------------- // Specifies which GSSAPI library to use for HTTP Authentication. You can set // either just a library name, or a full path. If no setting is provided, // Google Chrome will fall back to using a default library name. //"GSSAPILibraryName": "libgssapi_krb5.so.2", // Prevent app promotions from appearing on the new tab page //------------------------------------------------------------------------- // When set to True, promotions for Chrome Web Store apps will not appear on // the new tab page. Setting this option to False or leaving it not set will // make the promotions for Chrome Web Store apps appear on the new tab page //"HideWebStorePromo": false, // Use New Tab Page as homepage //------------------------------------------------------------------------- // Configures the type of the default home page in Google Chrome and prevents // users from changing home page preferences. The home page can either be set // to a URL you specify or set to the New Tab Page. If you enable this // setting, the New Tab Page is always used for the home page, and the home // page URL location is ignored. If you disable this setting, the user's // homepage will never be the New Tab Page, unless its URL is set to // 'chrome://newtab'. If you enable or disable this setting, users cannot // change their homepage type in Google Chrome. Leaving this policy not set // will allow the user to choose whether the new tab page is his home page on // his own. "HomepageIsNewTabPage": false, // Configure the home page URL //------------------------------------------------------------------------- // Configures the default home page URL in Google Chrome and prevents users // from changing it. The home page type can either be set to a URL you // specify here or set to the New Tab Page. If you select the New Tab Page, // then this policy is ignored. If you enable this setting, users cannot // change their home page URL in Google Chrome, but they can still can choose // the New Tab Page as their home page. Leaving this policy not set will // allow the user to choose his home page on his own if HomepageIsNewTabPage // is not set too. "HomepageLocation": "http://www.google.com/cse/home?cx=partner-pub-6065445074637525:8941524350", // Allow images on these sites //------------------------------------------------------------------------- // Allows you to set a list of url patterns that specify sites which are // allowed to display images. If this policy is left not set the global // default value will be used for all sites either from the // 'DefaultImagesSetting' policy if it is set, or the user's personal // configuration otherwise. //"ImagesAllowedForUrls": ["http://www.example.com", "[*.]example.edu"], // Block images on these sites //------------------------------------------------------------------------- // Allows you to set a list of url patterns that specify sites which are not // allowed to display images. If this policy is left not set the global // default value will be used for all sites either from the // 'DefaultImagesSetting' policy if it is set, or the user's personal // configuration otherwise. //"ImagesBlockedForUrls": ["http://www.example.com", "[*.]example.edu"], // Import bookmarks from default browser on first run //------------------------------------------------------------------------- // This policy forces bookmarks to be imported from the current default // browser if enabled. If enabled, this policy also affects the import dialog. // If disabled, no bookmarks are imported. If it is not set, the user may be // asked whether to import, or importing may happen automatically. //"ImportBookmarks": true, // Import browsing history from default browser on first run //------------------------------------------------------------------------- // This policy forces the browsing history to be imported from the current // default browser if enabled. If enabled, this policy also affects the import // dialog. If disabled, no browsing history is imported. If it is not set, // the user may be asked whether to import, or importing may happen // automatically. //"ImportHistory": true, // Import of homepage from default browser on first run //------------------------------------------------------------------------- // This policy forces the home page to be imported from the current default // browser if enabled. If disabled, the home page is not imported. If it is // not set, the user may be asked whether to import, or importing may happen // automatically. //"ImportHomepage": true, // Import saved passwords from default browser on first run //------------------------------------------------------------------------- // This policy forces the saved passwords to be imported from the previous // default browser if enabled. If enabled, this policy also affects the import // dialog. If disabled, the saved passwords are not imported. If it is not // set, the user may be asked whether to import, or importing may happen // automatically. //"ImportSavedPasswords": true, // Import search engines from default browser on first run //------------------------------------------------------------------------- // This policy forces search engines to be imported from the current default // browser if enabled. If enabled, this policy also affects the import dialog. // If disabled, the default search engine is not imported. If it is not set, // the user may be asked whether to import, or importing may happen // automatically. "ImportSearchEngine": false, // Incognito mode availability. //------------------------------------------------------------------------- // Specifies whether the user may open pages in Incognito mode in Google // Chrome. If 'Enabled' is selected or the policy is left unset, pages may be // opened in Incognito mode. If 'Disabled' is selected, pages may not be // opened in Incognito mode. If 'Forced' is selected, pages may be opened // ONLY in Incognito mode. //"IncognitoModeAvailability": 1, // Enable Instant //------------------------------------------------------------------------- // Enables Google Chrome's Instant feature and prevents users from changing // this setting. If you enable this setting, Google Chrome Instant is // enabled. If you disable this setting, Google Chrome Instant is disabled. // If you enable or disable this setting, users cannot change or override this // setting. If this setting is left not set the user can decide to use this // function or not. //"InstantEnabled": true, // Allow JavaScript on these sites //------------------------------------------------------------------------- // Allows you to set a list of url patterns that specify sites which are // allowed to run JavaScript. If this policy is left not set the global // default value will be used for all sites either from the // 'DefaultJavaScriptSetting' policy if it is set, or the user's personal // configuration otherwise. //"JavaScriptAllowedForUrls": ["http://www.example.com", "[*.]example.edu"], // Block JavaScript on these sites //------------------------------------------------------------------------- // Allows you to set a list of url patterns that specify sites which are not // allowed to run JavaScript. If this policy is left not set the global // default value will be used for all sites either from the // 'DefaultJavaScriptSetting' policy if it is set, or the user's personal // configuration otherwise. //"JavaScriptBlockedForUrls": ["http://www.example.com", "[*.]example.edu"], // Maximal number of concurrent connections to the proxy server //------------------------------------------------------------------------- // Specifies the maximal number of simultanious connections to the proxy // server. Some proxy servers can not handle high number of concurrent // connections per client and this can be solved by setting this policy to a // lower value. The value of this policy should be lower than 100 and higher // than 6 and the default value is 32. Some web apps are known to consume // many connections with hanging GETs, so lowering below 32 may lead to // browser networking hangs if too many such web apps are open. Lower below // the default at your own risk. If this policy is left not set the default // value will be used which is 32. //"MaxConnectionsPerProxy": 32, // Set media disk cache size in bytes //------------------------------------------------------------------------- // Configures the chache size that Google Chrome will use for storing cached // media files on the disk. If you set this policy, Google Chrome will use // the provided cache size regardless whether the user has specified the // '--media-cache-size' flag or not. If the value of this policy is 0, the // default cache size will be used but the user will not be able to change it. // If this policy is not set the default size will be used and the user will // be able to override it with the --media-cache-size flag. //"MediaCacheSize": 104857600, // Enable reporting of usage and crash-related data //------------------------------------------------------------------------- // Enables anonymous reporting of usage and crash-related data about Google // Chrome to Google and prevents users from changing this setting. If you // enable this setting, anonymous reporting of usage and crash-related data is // sent to Google. If you disable this setting, anonymous reporting of usage // and crash-related data is never sent to Google. If you enable or disable // this setting, users cannot change or override this setting in Google // Chrome. If this policy is left not set the setting will be what the user // chose upon installation / first run. //"MetricsReportingEnabled": true, // Allow notifications on these sites //------------------------------------------------------------------------- // Allows you to set a list of url patterns that specify sites which are // allowed to display notifications. If this policy is left not set the // global default value will be used for all sites either from the // 'DefaultNotificationsSetting' policy if it is set, or the user's personal // configuration otherwise. //"NotificationsAllowedForUrls": ["http://www.example.com", "[*.]example.edu"], // Block notifications on these sites //------------------------------------------------------------------------- // Allows you to set a list of url patterns that specify sites which are not // allowed to display notifications. If this policy is left not set the // global default value will be used for all sites either from the // 'DefaultNotificationsSetting' policy if it is set, or the user's personal // configuration otherwise. //"NotificationsBlockedForUrls": ["http://www.example.com", "[*.]example.edu"], // Allow users to show passwords in Password Manager //------------------------------------------------------------------------- // Controls whether the user may show passwords in clear text in the password // manager. If you disable this setting, the password manager does not allow // showing stored passwords in clear text in the password manager window. If // you enable or do not set this policy, users can view their passwords in // clear text in the password manager. "PasswordManagerAllowShowPasswords": false, // Enable the password manager //------------------------------------------------------------------------- // Enables saving passwords and using saved passwords in Google Chrome. If // you enable this setting, users can have Google Chrome memorize passwords // and provide them automatically the next time they log in to a site. If you // disable this setting, users are not able to save passwords or use already // saved passwords. If you enable or disable this setting, users cannot // change or override this setting in Google Chrome. If this policy is left // not set, this will be enabled but the user will be able to change it. "PasswordManagerEnabled": false, // Allow plugins on these sites //------------------------------------------------------------------------- // Allows you to set a list of url patterns that specify sites which are // allowed to run plugins. If this policy is left not set the global default // value will be used for all sites either from the 'DefaultPluginsSetting' // policy if it is set, or the user's personal configuration otherwise. //"PluginsAllowedForUrls": ["http://www.example.com", "[*.]example.edu"], // Block plugins on these sites //------------------------------------------------------------------------- // Allows you to set a list of url patterns that specify sites which are not // allowed to run plugins. If this policy is left not set the global default // value will be used for all sites either from the 'DefaultPluginsSetting' // policy if it is set, or the user's personal configuration otherwise. //"PluginsBlockedForUrls": ["http://www.example.com", "[*.]example.edu"], // Allow popups on these sites //------------------------------------------------------------------------- // Allows you to set a list of url patterns that specify sites which are // allowed to open popups. If this policy is left not set the global default // value will be used for all sites either from the 'DefaultPopupsSetting' // policy if it is set, or the user's personal configuration otherwise. //"PopupsAllowedForUrls": ["http://www.example.com", "[*.]example.edu"], // Block popups on these sites //------------------------------------------------------------------------- // Allows you to set a list of url patterns that specify sites which are not // allowed to open popups. If this policy is left not set the global default // value will be used for all sites either from the 'DefaultPopupsSetting' // policy if it is set, or the user's personal configuration otherwise. //"PopupsBlockedForUrls": ["http://www.example.com", "[*.]example.edu"], // Enable printing //------------------------------------------------------------------------- // Enables printing in Google Chrome and prevents users from changing this // setting. If this setting is enabled or not configured, users can print. // If this setting is disabled, users cannot print from Google Chrome. // Printing is disabled in the wrench menu, extensions, JavaScript // applications, etc. It is still possible to print from plugins that bypass // Google Chrome while printing. For example certain Flash applications has // the print option in their context menu, and that will not be disabled. If // this policy is left not set, this will be enabled but the user will be able // to change it. //"PrintingEnabled": true, // Proxy bypass rules //------------------------------------------------------------------------- // Google Chrome will bypass any proxy for the list of hosts given here. This // policy only takes effect if you have selected manual proxy settings at // 'Choose how to specify proxy server settings'. You should leave this // policy not set if you have selected any other mode for setting proxy // policies. For more detailed examples, visit: // http://www.chromium.org/developers/design-documents/network-settings#TOC- // Command-line-options-for-proxy-sett //"ProxyBypassList": "http://www.example1.com,http://www.example2.com,http://internalsite/", // Choose how to specify proxy server settings //------------------------------------------------------------------------- // Allows you to specify the proxy server used by Google Chrome and prevents // users from changing proxy settings. If you choose to never use a proxy // server and always connect directly, all other options are ignored. If you // choose to use system proxy settings or auto detect the proxy server, all // other options are ignored. If you choose fixed server proxy mode, you can // specify further options in 'Address or URL of proxy server' and 'Comma- // separated list of proxy bypass rules'. If you choose to use a .pac proxy // script, you must specify the URL to the script in 'URL to a proxy .pac // file'. For detailed examples, visit: http://www.chromium.org/developers // /design-documents/network-settings#TOC-Command-line-options-for-proxy-sett // If you enable this setting, Google Chrome ignores all proxy-related options // specified from the command line. Leaving this policy not set will allow // the users to choose the proxy settings on their own. //"ProxyMode": "direct", // URL to a proxy .pac file //------------------------------------------------------------------------- // You can specify a URL to a proxy .pac file here. This policy only takes // effect if you have selected manual proxy settings at 'Choose how to specify // proxy server settings'. You should leave this policy not set if you have // selected any other mode for setting proxy policies. For detailed examples, // visit: http://www.chromium.org/developers/design-documents/network-settings // #TOC-Command-line-options-for-proxy-sett //"ProxyPacUrl": "http://internal.site/example.pac", // Address or URL of proxy server //------------------------------------------------------------------------- // You can specify the URL of the proxy server here. This policy only takes // effect if you have selected manual proxy settings at 'Choose how to specify // proxy server settings'. You should leave this policy not set if you have // selected any other mode for setting proxy policies. For more options and // detailed examples, visit: http://www.chromium.org/developers/design- // documents/network-settings#TOC-Command-line-options-for-proxy-sett //"ProxyServer": "123.123.123.123:8080", // Enable firewall traversal from remote access host //------------------------------------------------------------------------- // Enables usage of STUN and relay servers when remote clients are trying to // establish a connection to this machine. If this setting is enabled, then // remote clients can discover and connect to this machines even if they are // separated by a firewall. If this setting is disabled and outgoing UDP // connections are filtered by the firewall, then this machine will only allow // connections from client machines within the local network. If this policy // is left not set the setting will be enabled. //"RemoteAccessHostFirewallTraversal": false, // Action on startup //------------------------------------------------------------------------- // Allows you to specify the behavior on startup. If you choose 'Open home // page' the home page will always be opened when you start Google Chrome. If // you choose 'Restore the last session', the URLs that were open last time // Google Chrome was closed will be reopened and the browsing session will be // restored as it was left. Choosing this option disables some settings that // rely on sessions or that perform actions on exit (such as Clear browsing // data on exit or session-only cookies). If you choose 'Open a list of // URLs', the list of 'URLs to open on startup' will be opened when a user // starts Google Chrome. If you enable this setting, users cannot change or // override it in Google Chrome. Disabling this setting is equvalent to // leaving it not configured. The user will still be able to change it in // Google Chrome. "RestoreOnStartup": 4, // URLs to open on startup //------------------------------------------------------------------------- // If 'Open a list of URLs' is selected as the startup action, this allows you // to specify the list of URLs that are opened. If left not set no URL will be // opened on start up. This policy only works if the 'RestoreOnStartup' // policy is set to 'RestoreOnStartupIsURLs'. "RestoreOnStartupURLs": ["http://www.google.com/cse?cx=partner-pub-6065445074637525:8941524350"], // Enable Safe Browsing //------------------------------------------------------------------------- // Enables Google Chrome's Safe Browsing feature and prevents users from // changing this setting. If you enable this setting, Safe Browsing is always // active. If you disable this setting, Safe Browsing is never active. If // you enable or disable this setting, users cannot change or override this // setting in Google Chrome. If this policy is left not set, this will be // enabled but the user will be able to change it. //"SafeBrowsingEnabled": true, // Disable saving browser history //------------------------------------------------------------------------- // Disables saving browser history in Google Chrome and prevents users from // changing this setting. If this setting is enabled, browsing history is not // saved. If this setting is disabled or not set, browsing history is saved. //"SavingBrowserHistoryDisabled": true, // Enable search suggestions //------------------------------------------------------------------------- // Enables search suggestions in Google Chrome's Omnibox and prevents users // from changing this setting. If you enable this setting, search suggestions // are used. If you disable this setting, search suggestions are never used. // If you enable or disable this setting, users cannot change or override this // setting in Google Chrome. If this policy is left not set, this will be // enabled but the user will be able to change it. //"SearchSuggestEnabled": true, // Show Home button on toolbar //------------------------------------------------------------------------- // Shows the Home button on Google Chrome's toolbar. If you enable this // setting, the Home button is always shown. If you disable this setting, the // Home button is never shown. If you enable or disable this setting, users // cannot change or override this setting in Google Chrome. Leaving this // policy not set will allow the user to choose whether to show the home // button. "ShowHomeButton": true, // Disable synchronization of data with Google //------------------------------------------------------------------------- // Disables data synchronization in Google Chrome using Google-hosted // synchronization services and prevents users from changing this setting. If // you enable this setting, users cannot change or override this setting in // Google Chrome. If this policy is left not set Google Sync will be // available for the user to choose whether to use it or not. "SyncDisabled": true, // Enable Translate //------------------------------------------------------------------------- // Enables the integrated Google Translate service on Google Chrome. If you // enable this setting, Google Chrome will show an integrated toolbar offering // to translate the page for the user, when appropriate. If you disable this // setting, users will never see the translation bar. If you enable or // disable this setting, users cannot change or override this setting in // Google Chrome. If this setting is left not set the user can decide to use // this function or not. "TranslateEnabled": false, // Block access to a list of URLs //------------------------------------------------------------------------- // Blocks access to the listed URLs. This policy prevents the user from // loading web pages from blacklisted URLs. A URL has the format // 'scheme://host:port/path'. The optional scheme can be http, https or ftp. // Only this scheme will be blocked; if none is specified, all schemes are // blocked. The host can be a hostname or an IP address. Subdomains of a // hostname will also be blocked. To prevent blocking subdomains, include a // '.' before the hostname. The special hostname '*' will block all domains. // The optional port is a valid port number from 1 to 65535. If none is // specified, all ports are blocked. If the optional path is specified, only // paths with that prefix will be blocked. Exceptions can be defined in the // URL whitelist policy. These policies are limited to 100 entries; subsequent // entries will be ignored. If this policy is not set no URL will be // blacklisted in the browser. //"URLBlacklist": ["example.com", "https://ssl.server.com", "hosting.com/bad_path", "http://server:8080/path", ".exact.hostname.com", "*"], // Allows access to a list of URLs //------------------------------------------------------------------------- // Allows access to the listed URLs, as exceptions to the URL blacklist. See // the description of the URL blacklist policy for the format of entries of // this list. This policy can be used to open exceptions to restrictive // blacklists. For example, '*' can be blacklisted to block all requests, and // this policy can be used to allow access to a limited list of URLs. It can // be used to open exceptions to certain schemes, subdomains of other domains, // ports, or specific paths. The most specific filter will determine if a URL // is blocked or allowed. The whitelist takes precedence over the blacklist. // This policy is limited to 100 entries; subsequent entries will be ignored. // If this policy is not set there will be no exceptions to the blacklist from // the 'URLBlacklist' policy. //"URLWhitelist": ["example.com", "https://ssl.server.com", "hosting.com/bad_path", "http://server:8080/path", ".exact.hostname.com"] }