Google Chrome in the Enterprise(en)

Google Chrome in the Enterprise

English

de vez enquanto vou postar in English🙂

Google chrome brought new challenges to system admins since it came out. Recently this browser has gained good ground, gaining users from both Mozilla Firefox and Microsoft Internet Explorer. One reason for being a challenge to System Admins is its ability to be installed in the user’s profile. This lead to users having the ability to install the browser in their user profile where they have total control.To control that in a domain user environment we can create GPO’s to return our domains back to their organized state. This control can be done using the Google prepared Administrative Template.

First thing we need to do before we can start the configuration is get the Administrative template.
http://dl.google.com/dl/edgedl/chrome/policy/policy_templates.zip

The important file at this moment is chrome.adm which can be found in the folder path \windows\adm\”desired language folder”
Where the desired language is composed of a two letter abbreviation of the language. Some languages such English and Portuguese have regional language suffix such pt-be (for Brazilian Portuguese) and pt-pt for Portugal Portuguese. For English there is the en-us(US English) and en-gb (Great Britain English).

These language files differ in the [Strings] section where the explanation of the GPO’s can be found.

The settings of the objects once applied are reflected in the registry of the computers in the path
Software\Policies\Google\Chrome\ in the registry hive HKLM(HKEY_LOCAL_MACHINE) or HKCU (HKEY_CURRENT_USER)

Once you choose your language and locate the file chrome.adm, we need to to create a group policy object and import the administrative template.
Let’s do that.
For this example let’s use a local group policy in a windows XP or 2003 Server computer, which we can later (after testing and testing and testing) apply to an Organizational Unit or the entire domain.
(in this first version of the tutorial I will be only writing the info, later I will capture some screens to make things easier for junior system admins)

  1. Open the local group policy management in your test computer using the command line gpedit.msc
  2. In this case (using a local group policy) we don’t have the chance to create a group policy, we are only able to edit the local computer policy. In the domain we can create a GPO using the GPMC tool.
  3. Go down the GP path \Computer Configuration\Administrative Templates.(although we could as well import into the User Configuration path as well)
  4. Right click on the “folder” Administrative Templates and choose add/remove templates
  5. Navigate to the location where you decompressed the file downloaded from the link mentioned above.
  6. Now if you refresh the page you will see a new “folder or container” named Google
  7. From here on ahead the alterations and edits you make are similar to the windows GP edits.

It is important to note the size of imported templates. When we deal with domain GPO or Organizational units with hundreds of computer or thousands of users, the size of newly imported templates will be critical for WAN networks or leased lines or pay per usage enterprise WAN.

If you will import big templates, don’t forget that those templates will be loaded from the domain controller on GPO call time.

GPO call time can be

  • when a PC bootup
  • when a PC shuts-down
  • when a user logs on
  • when a user logs off
  • when a GPO is forced using the command gpupdate /force.

Imagine your 800 computers booting between 7:30 and 8:00 and they all have to load a GPO that imported a two megabyte administrative template. This will quickly saturate your link to the domain controller and if the domain controller does not have adequate memory and a good LAN card then your Monday morning will be pretty sour.

Deixe um comentário

Preencha os seus dados abaixo ou clique em um ícone para log in:

Logotipo do WordPress.com

Você está comentando utilizando sua conta WordPress.com. Sair / Alterar )

Imagem do Twitter

Você está comentando utilizando sua conta Twitter. Sair / Alterar )

Foto do Facebook

Você está comentando utilizando sua conta Facebook. Sair / Alterar )

Foto do Google+

Você está comentando utilizando sua conta Google+. Sair / Alterar )

Conectando a %s