Unidesk recommends including the OS Type and OS bit level in the name, for Example Google Chrome 31 Win7x32. For versions remember that when choosing a layer you can see the version name but not the version description. Use naming that will allow you to differentiate versions appropriately. For example “1.0 12-12-2013”.
The basic installation steps are straight forward:
- Create a Google Chrome application layer
- Install Chrome using the offline installer or msi
- Note on extensions
- Disable Google Updates (optional)
- Configure Chrome AD GPO’s
- Apply the layer to desired desktops
Step 1 Create a Google Chrome Application Layer
The first step is to install Chrome itself. Download the offline installer from here:
Choose the Alternate installer for all user accounts. Then install Chrome. It will install into the “Program Files” directory.
To install extensions please use a GPO http://dev.chromium.org/administrators/policy-list-3#ExtensionInstallForcelist
There are two ways that can be used to disable Google Updates for Chrome. You can use the enterprise GPOs, see the next section or follow this link to disable via the registry
or set the value of HKEY_LOCAL_MACHINESOFTWAREPoliciesGoogleUpdateAutoUpdateCheckPeriodMinutes to the REG_DWORD value of “0”.
Step 2 (Optional but recommended) Install and configure the Google Enterprise Active Directory Templates In Order To Manage These Settings
The Goggle Chromium project has created a set of GPO settings that can be used to manage Chrome in an Enterprise Environment.
Here is where you can download the ADM files and see the documentation:
Once you have the ADM files installed its very easy to configure Chrome settings.
If you are using a GPO to disable updates just add a version to your layer and open Chrome it will automatically update. If you have used the registry setting to disable updates modify the registry setting to a number other than 0 and open chrome, it will update then you can set the registry entry back to 0. Note: If this doesn’t work for you let me know I was not able to test this in the lab.
If you have enabled any updates through scheduled tasks, disable that as well.
Considerations for Non-Persistent Desktops
It is not possible to add custom extensions for a single user with a NP desktop.
The supported solution for printing with Workspace App for Chrome during ICA Sessions is documented in our edocs under the following section:
The section on “Citrix PDF Universal Printer driver” and “Google Cloud Print support” describes supported steps to enable printing.
·GroomApplicationInstanceRetentionDays can be set only in Premium licensed Sites – This implies that that all other settings can be set to maximum allowed but not this one unless it is a premium/Platinum Site.
Hence in Enterprise site version we can see only the same day data (As the default value is 0 Days) in Citrix director for application instances, however GroomApplicationInstanceRetentionDays was set to 30/90 days.
We have Symantec Endpoint Protection on our systems, however, looking through task manager I have found Elevation_Service.exe It is causing our laptops cpu usage to go up for no reason even though nothing is running in the task bar? We have run full system scans which took a couple hours and came out clean however I am still very concerned about it and wanted to ask other peoples opinions, Does it mean the chrome browsers have been hijacked? I have done some research and found out it is Google Chrome trying to do some sort of updates in the background causing load on the CPU. According to this site https://securedyou.com/what-is-google-chrome-elevation-service-exe/ I have followed what they suggested and got rid of it manually but it keeps coming back once you reboot the system? Any ideas or recommendations would be appreciated, can someone please confirm that this is not a virus and is harmless. Thank you
- Please gothrough the google chrome enterprise policy list documentation https://www.chromium.org/administrators/policy-list-3#URLWhitelist and do see below details about URL whitelist and blacklist.
Allow access to a list of URLs
List of strings [Android:string] (encoded as a JSON string, for details see https://www.chromium.org/administrators/complex-policies-on-windows)
Windows registry location for Windows clients:
Android restriction name:
Allows access to the listed URLs, as exceptions to the URL blacklist.
See the description of the URL blacklist policy for the format of entries of this list.
This policy can be used to open exceptions to restrictive blacklists. For example, ‘*’ can be blacklisted to block all requests, and this policy can be used to allow access to a limited list of URLs. It can be used to open exceptions to certain schemes, subdomains of other domains, ports, or specific paths.
The most specific filter will determine if a URL is blocked or allowed. The whitelist takes precedence over the blacklist.
If this policy is not set there will be no exceptions to the blacklist from the ‘URLBlacklist’ policy.
- The way Android Managed configuration is designed is CEM only saves and sends the config to google android management via google api , its google who sends the config to Chrome app installed inside Work container. There is no Secure Hub involved in this . The policy keys, values all are decided by App developer.
- It could also be that when the policy is configured on the CEM server you are not passing the right expected format for the values .
Based on the doc here https://www.chromium.org/administrators/url-blacklist-filter-format ,
please Block all sites and allow selected site as below.
I have been trying to load https://ipaddress:8004 and in repose i always get blank page . i have installed trial version for Symantec_Protection_Engine_CS_18.104.22.168_Windows_IN
response is 200 with html
i have tired IE and chrome and both went BLANK
Any help will be appreciated