Deploying the browser extension

Deploying the extension is best done using your existing endpoint management tools and this article covers various approaches for Windows and macOS.

If you use Google Workspace there's a quick way to just deploy the extension to users logged in to Chrome with their work email address.

Windows - Group Policies

Group Policy Objects are typically configured for Windows machines on Active Directory.

Chrome

  1. Read the Google documentation on setting up the admx and adml files for Chrome.
  2. In the Group Policy Editor, go to Google > Google Chrome >  Extensions > Configure the list of force-installed apps and extensions
  3. Select Enabled
  4. Click Show
  5. Enter the ID igjpcenkahclnlkcldhphacgmfilbefd

Edge

  1. Read the Microsoft documentation on setting up the admx and adml files for Edge. 
  2. In the Group Policy Editor, go to Administrative Templates > Microsoft Edge > Extensions and then select Control which extensions are installed silently.
  3. Select Enabled.
  4. Click Show.
  5. Enter the ID alhagkkmlflbnlckfifmlemhcmaaflon

Firefox

  1. Download the Firefox policies from https://github.com/mozilla/policy-templates/releases 
  2. Extract the Zip and find the firefox.admx file (under policy_templates_vX.X\windows) and the language specific firefox.adml file (under the respective language sub-folder, e.g. en-US).
  3. Deploy the admx and adml files.
  4. In the Group Policy Editor, go to Administrative Templates > Firefox > Extensions then Right click and Edit Extension Management.
  5. Select Enabled.
  6. Click Show.
  7. Cut and paste the following JSON:
{
"browserextension@trelica.com": {
"installation_mode": "force_installed",
"install_url": "https://addons.mozilla.org/firefox/downloads/file/4113298/trelica-latest.xpi"
}
}

Windows - Setting the Registry

Group Policies effectively set registry keys to force-install Edge, Chrome and Firefox.

Registry settings should be edited with care. Note that the specific policy name ('ExtensionInstallForcelist') is case-sensitive.

For Chrome and Edge, the registry values are effectively a list, where the name is a numerical sequence. If you already have values set, then you should choose the next available value.

There's a Powershell script (Set-ForceInstallBrowserExtensions.ps1) that will apply these registry settings for HKEY_CURRENT_USER for Chrome, Edge and Firefox here:

https://github.com/trelica/be-deployment

Chrome

HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\ExtensionInstallForcelist
Name Type Data
1 (or next number in the sequence) String (REG_SZ) igjpcenkahclnlkcldhphacgmfilbefd

Edge

HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Edge\ExtensionInstallForcelist
Name Type Data
1 (or next number in the sequence) String (REG_SZ) alhagkkmlflbnlckfifmlemhcmaaflon

Firefox

HKEY_LOCAL_MACHINE\Software\Policies\Mozilla\Firefox
Name Type
ExtensionSettings Multi-String Value (REG_MULTI_SZ)
{
  "browserextension@trelica.com": {
    "installation_mode": "force_installed",
    "install_url": "https://addons.mozilla.org/firefox/downloads/file/4113298/trelica-latest.xpi"
  }
}

Windows - Intune

Chrome and Edge

  1. Go to Devices > Configuration profiles > Create profile
  2. Choose the platform Windows 10 and later and the profile type Settings catalog
  3. Click Create:

    intune1.png

  4. Enter a name and description, and click Next:

    intune2.png

  5. Click Add settings.
  6. In the Settings picker, scroll down and expand the Microsoft Edge category.
  7. Choose Extensions.
  8. Choose the Control which extensions are installed silently setting: intune3.png
  9. Close the panel, and click Add settings again.
  10. Search for Chrome and select Administrative Templates\ Google\ Google Chrome\ Extensions.
  11. Choose Configure the list of force-installed apps and extensions setting:intune4.png
  12. Close the panel and now Enable both of the settings you added.
  13. Enter the following IDs for the respective setting:
    • Chrome: igjpcenkahclnlkcldhphacgmfilbefd
    • Edge: alhagkkmlflbnlckfifmlemhcmaaflon

    intune5.png

  14. Click Next to step through and assign any Scope tags or Assignments (e.g. Add all devices):

    intune6.png

  15. Review the profile and click Create:

    intune7.png

  16. The profile list doesn't always update so click Refresh to confirm the new profile has been created:

    intune8.png

Firefox

  1. Go to Devices > Configuration profiles and click Create profile.
  2. Select the platform Windows 10 and later, and the profile type Templates.
  3. Select the Custom template and click Create:

    intune_ff1.png

  4. Enter a name and description, and click Next:

    intune_ff2.png

  5. Click Add to add a new OMA-URI:

    intune_ff3.png

  6. Enter a Name and Description.
  7. Paste in the OMA-URI: ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Extensions/ExtensionSettings
  8. Choose the Data Type String.
  9. Paste in the following value:
    <enabled/>
    <data id="ExtensionSettings" value='
    {
    "browserextension@trelica.com": {
    "installation_mode": "force_installed",
    "install_url": "https://addons.mozilla.org/firefox/downloads/file/4113298/trelica-latest.xpi"
    }
    }'/>

    intune_ff4.png

  10. Click Save.
  11. Click Next to step through and assign any Scope tags or Assignments (e.g. Add all devices).
  12. Review the profile and click Create.
  13. Step through clicking Next to assign the profile to the appropriate devices.

macOS Property List (plist)

If your MDM requires Property List (plist) settings (e.g. JAMF Pro) you can use the following:

com.google.Chrome preference domain

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>ExtensionInstallForcelist</key>
<array>
<string>igjpcenkahclnlkcldhphacgmfilbefd</string>
</array>
<key>NativeMessagingAllowlist</key>
<array>
<string>com.trelica.browser_helper</string>
</array>
</dict>
</plist>

com.microsoft.Edge preference domain

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>ExtensionInstallForcelist</key>
<array>
<string>alhagkkmlflbnlckfifmlemhcmaaflon</string>
</array>
</dict>
</plist>

org.mozilla.firefox preference domain

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>EnterprisePoliciesEnabled</key>
<true/>
<key>ExtensionSettings</key>
<dict>
<key>browserextension@trelica.com</key>
<dict>
<key>install_url</key>
<string>https://addons.mozilla.org/firefox/downloads/file/4113298/trelica-latest.xpi</string>
<key>installation_mode</key>
<string>force_installed</string>
</dict>
</dict>
<key>ExtensionUpdate</key>
<true/>
</dict>
</plist>

macOS Profile File

Many MDMs (e.g. Kandji) can deploy macOS Profile files.

There is a link to a Profile file that force-installs the extension for Chrome, Edge and Firefox at the bottom of this article (called TrelicaBrowserExtension.mobileconfig). 

Troubleshooting

All the above apply browser policies. 

Each browser has a specific internal page which lets you view applied policies. This is very useful for troubleshooting:

Browser URL Notes
Chrome chrome://policy  
Edge edge://policy  
Firefox about:policies Click 'Errors' on the left to view details of issues.

Was this article helpful?

0 out of 0 found this helpful

Comments

0 comments

Please sign in to leave a comment.