Browser extension deployment reference

Deploying the extension is best done using your existing endpoint management tools:

This article acts as a reference for alternative approaches for deploying and troubleshooting just the browser extension (not the Browser helper) on Windows and macOS.

Windows - Group Policies

Group Policy Objects are typically configured for Windows machines on Active Directory.

Chrome

  1. Read the Google documentation on setting up the admx and adml files for Chrome.
  2. In the Group Policy Editor, go to Google > Google Chrome >  Extensions > Configure the list of force-installed apps and extensions
  3. Select Enabled
  4. Click Show
  5. Enter the ID igjpcenkahclnlkcldhphacgmfilbefd

Edge

  1. Read the Microsoft documentation on setting up the admx and adml files for Edge. 
  2. In the Group Policy Editor, go to Administrative Templates > Microsoft Edge > Extensions and then select Control which extensions are installed silently.
  3. Select Enabled.
  4. Click Show.
  5. Enter the ID alhagkkmlflbnlckfifmlemhcmaaflon

Firefox

  1. Download the Firefox policies from https://github.com/mozilla/policy-templates/releases 
  2. Extract the Zip and find the firefox.admx file (under policy_templates_vX.X\windows) and the language specific firefox.adml file (under the respective language sub-folder, e.g. en-US).
  3. Deploy the admx and adml files.
  4. In the Group Policy Editor, go to Administrative Templates > Firefox > Extensions then Right click and Edit Extension Management.
  5. Select Enabled.
  6. Click Show.
  7. Cut and paste the following JSON:
{
    "browserextension@trelica.com": {
        "installation_mode": "force_installed",
        "install_url": "https://addons.mozilla.org/firefox/downloads/latest/trelica/latest.xpi"
    }
}

Windows - Setting the Registry

Group Policies effectively set registry keys to force-install Edge, Chrome and Firefox.

Registry settings should be edited with care. Note that the specific policy name ('ExtensionInstallForcelist') is case-sensitive.

For Chrome and Edge, the registry values are effectively a list, where the name is a numerical sequence. If you already have values set, then you should choose the next available value.

There's a PowerShell script (Set-ForceInstallBrowserExtensions.ps1) that will apply these registry settings for HKEY_CURRENT_USER for Chrome, Edge and Firefox here:

https://github.com/trelica/be-deployment

Chrome

HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\ExtensionInstallForcelist
Name Type Data
1 (or next number in the sequence) String (REG_SZ) igjpcenkahclnlkcldhphacgmfilbefd

Edge

HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Edge\ExtensionInstallForcelist
Name Type Data
1 (or next number in the sequence) String (REG_SZ) alhagkkmlflbnlckfifmlemhcmaaflon

Firefox

HKEY_LOCAL_MACHINE\Software\Policies\Mozilla\Firefox
Name Type
ExtensionSettings Multi-String Value (REG_MULTI_SZ) 
{
  "browserextension@trelica.com": {
    "installation_mode": "force_installed",
    "install_url": "https://addons.mozilla.org/firefox/downloads/latest/trelica/latest.xpi"
  }
}

Windows - Intune

Chrome and Edge

  1. Go to Devices > Configuration profiles > Create profile
  2. Choose the platform Windows 10 and later and the profile type Settings catalog, then click Create.
  3. Enter a name and description, and click Next.
  4. Click Add settings.
  5. In the Settings picker, scroll down and expand the Microsoft Edge category.
  6. Choose Extensions.
  7. Choose the Control which extensions are installed silently setting.
  8. Close the panel, and click Add settings again.
  9. Search for Chrome and select Administrative Templates\ Google\ Google Chrome\ Extensions.
  10. Choose Configure the list of force-installed apps and extensions setting.
  11. Close the panel and now Enable both of the settings you added.
  12. Enter the following IDs for the respective setting:
    • Chrome: igjpcenkahclnlkcldhphacgmfilbefd
    • Edge: alhagkkmlflbnlckfifmlemhcmaaflon
  13. Click Next to step through and assign any Scope tags or Assignments (e.g. Add all devices).
  14. Review the profile and click Create.
  15. The profile list doesn't always update so click Refresh to confirm the new profile has been created.

Firefox

  1. Go to Devices > Configuration profiles and click Create profile.
  2. Select the platform Windows 10 and later, and the profile type Templates.
  3. Select the Custom template and click Create.
  4. Enter a name and description, and click Next.
  5. Click Add to add a new OMA-URI.
  6. Enter a Name and Description.
  7. Paste in the OMA-URI: ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Extensions/ExtensionSettings
  8. Choose the Data Type String.

  9. Paste in the following value:

    <enabled/>
<data id="ExtensionSettings" value='
{
    "browserextension@trelica.com": {
        "installation_mode": "force_installed",
        "install_url": "https://addons.mozilla.org/firefox/downloads/latest/trelica/latest.xpi"
    }
}'/>
  10. Click Save.
  11. Click Next to step through and assign any Scope tags or Assignments (e.g. Add all devices).
  12. Review the profile and click Create.
  13. Step through clicking Next to assign the profile to the appropriate devices.

macOS Profile File

Many MDMs (e.g. Kandji, SimpleMDM) can deploy macOS Profile files.

Please also read our full guide to deploying SaaS Manager to macOS with an MDM.

Unsigned profile: UNSIGNED_trelica-extensions.mobileconfig
Signed profile: trelica-extensions.mobileconfig

macOS Property List (plist)

If your MDM requires Property List (plist) settings you can use the following:

com.google.Chrome preference domain

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>ExtensionInstallForcelist</key>
    <array>
        <string>igjpcenkahclnlkcldhphacgmfilbefd</string>
    </array>
    <key>NativeMessagingAllowlist</key>
    <array>
        <string>com.trelica.browser_helper</string>
    </array>
</dict>
</plist>

com.microsoft.Edge preference domain

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>ExtensionInstallForcelist</key>
    <array>
        <string>alhagkkmlflbnlckfifmlemhcmaaflon</string>
    </array>
</dict>
</plist>

org.mozilla.firefox preference domain

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>EnterprisePoliciesEnabled</key>
    <true/>
    <key>ExtensionSettings</key>
    <dict>
        <key>browserextension@trelica.com</key>
        <dict>
            <key>install_url</key>
            <string>https://addons.mozilla.org/firefox/downloads/latest/trelica/latest.xpi</string>
            <key>installation_mode</key>
            <string>force_installed</string>
        </dict>
    </dict>
    <key>ExtensionUpdate</key>
    <true/>
</dict>
</plist>

Troubleshooting

All the above apply browser policies. 

Each browser has a specific internal page which lets you view applied policies. This is very useful for troubleshooting:

Browser URL Notes
Chrome chrome://policy
Edge edge://policy
Firefox about:policies Click 'Errors' on the left to view details of issues.

Was this article helpful?

0 out of 0 found this helpful

Comments

0 comments

Please sign in to leave a comment.