0

Ok so I have a Local Group Policy (under Computer Config, not User Config) to force install extensions in Chrome. This policy needs to run for every user of the computer. The value is going to change based on a new version of our chrome extension and the policy checks if it needs to update the installed extension (it will just delete and install a new one). I need to update the contents of that LGP remotely. There seems to be two different registry values that this policy effects

HKLM\SOFTWARE\Policies\Google\Chrome\ExtensionInstallForcelist & HKCU\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects{There is a GUID here}Machine\Software\Policies\Google\Chrome\ExtensionInstallForcelist

If I change the HKLM value, the HKCU never updates to reflect the HKLM value, thus nothing happens. If I manually change the HKCU value, everything updates and runs great. Is there a way to push the value from HKLM to HKCU? My thought has been this: write a powershell script to check the current HKLM value vs an XML update file on a server. If these two are different, then set the HKLM value to the value from the XML file. Then, somehow reflect that change to the HKCU value and then the policy can do it's thing.

I really hope I explained this good, I don't normally do this type of stuff haha. If there is any suggestions of other ways to achieve this, it would be greatly appreciated! If you need more clarification, I can try to help.

EDIT There is a GUID in the HKCU key name. What I would like to do is: upon a user logging on to the computer, I would run this powershell script. My problem seems to be, how can I set the value of the given HKCU registry key (of any user) when it contains the machine GUID?

EDIT 2: The ultimate goal here is to make sure the chrome extension is updated to the most up-to-date version. The extension is not in the chrome store, it is maintained by us. When we update we the extension, we put the crx file on a server and update the xml updates file. Yes, chrome does auto updating checks to see if the app has an update. Unfortunately, this does not always apply right away (could take up to a few hours). I am doing this to try and force the update to the app.

Aarron H
  • 13
  • 6
  • A change to a value under HKLM wouldn't update the HKCU value, not normally at least. I almost think you're trying to re-invent [Loopback Processing](https://technet.microsoft.com/en-us/library/cc978513.aspx). Perhaps you can clarify why you'd need to *copy* the value if you already control the Group Policy by which you could just set it for both HKLM and HKCU. – jscott Mar 05 '15 at 17:16
  • @jscott How can I set it for the HKCU? The Registry key name has a machine GUID in it – Aarron H Mar 05 '15 at 17:23
  • I would update your question to clarify that and any other requirements/constraints. Upon a re-read I still don't see anything about machine GUIDs noted. If you control Group Policy, you can set the HKLM and HKCU values, independently, to anything you like. – jscott Mar 05 '15 at 17:28
  • I updated with hopefully a little more clarification – Aarron H Mar 05 '15 at 17:35
  • You should update the topic to meet the actual question about handling Google Chrome settings via GP. Automatically copying HKLM keys to every HKCU doesn't fit in the general philosophy of Windows Registry and GP management. – Esa Jokinen Mar 05 '15 at 17:50
  • The reason I ask about changing the registry key is because I have found that by doing it that way the GP still updates. And I can automate that through powershell script. If you have any other way I can do this, then I am open to suggestions. – Aarron H Mar 05 '15 at 18:02

1 Answers1

0

Google Chrome ADM/ADMX templates

You can use Google Chrome ADM/ADMX templates (ZIP including documentation) to force settings on every user on every computer via Group Policy.

  1. gpedit.msc > Local Computer Policy > Computer Configuration > Administrative Templates
  2. (Right click on) Administrative Templates > Add/Remove Templates
  3. Load chrome.adm in your preferred language (policy_templates.zip\windows\adm[locale]\chrome.adm)
  4. You'll find Google / Google Chrome folder under Administrative Templates

Active Setup

If you need to run your script only once per user during logon, you could use Active Setup.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\AarronH]
@="Aarron H's script for Chrome ExtensionInstallForcelist"
"StubPath"="PATH\TO\YOUR\SCRIPT"

Answer for EDIT: Getting the key containing the GUID

Get-ChildItem -Path 'HKCU:\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects' | Where-
Object {$_.Name -like '*Machine*'}
Esa Jokinen
  • 46,944
  • 3
  • 83
  • 129
  • I have already done this to create the group policy. What I want to do is make it so I don't have to manually go to the computer (would have to drive to it) and update that group policy. – Aarron H Mar 05 '15 at 17:45
  • So your network is based on _Adidas®_ technology instead of TCP/IP? – Esa Jokinen Mar 05 '15 at 17:53
  • Unfortunately Yes, remoting in is not an option. – Aarron H Mar 05 '15 at 18:01
  • You edit still does not answer my question. I need to finish my script, before I set it up to run. Right now I need to update HKCU registry value with the new extension ID. In powershell how can I access a registry key, that has a User GUID in it. I know this is explained in my question. – Aarron H Mar 05 '15 at 18:45