Skip to content

Instantly share code, notes, and snippets.

@g3rhard
Forked from meets2tarun/chrome.json
Last active January 8, 2021 18:14
Show Gist options
  • Save g3rhard/9c3ee0ebd6cdb6c198644ac92677a185 to your computer and use it in GitHub Desktop.
Save g3rhard/9c3ee0ebd6cdb6c198644ac92677a185 to your computer and use it in GitHub Desktop.
Copy the file in /etc/chromium-browser/policies/managed and make required changes in chromium-browser or /etc/opt/chrome/policies/managed for Google Chrome
// Policy template for Linux.
// Uncomment the policies you wish to activate and change their values to
// something useful for your case. The provided values are for reference only
// and do not provide meaningful defaults!
// More information in https://www.chromium.org/administrators/policy-list-3
{
// Cross-origin HTTP Basic Auth prompts
//-------------------------------------------------------------------------
// Controls whether third-party sub-content on a page is allowed to pop-up an
// HTTP Basic Auth dialog box. Typically this is disabled as a phishing
// defense. If this policy is not set, this is disabled and third-party sub-
// content will not be allowed to pop up a HTTP Basic Auth dialog box.
//"AllowCrossOriginAuthPrompt": false,
// Allow invocation of file selection dialogs.
//-------------------------------------------------------------------------
// Allows access to local files on the machine by allowing Google Chrome to
// display file selection dialogs. If you enable this setting, users can open
// file selection dialogs as normal. If you disable this setting, whenever
// the user performs an action which would provoke a file selection dialog
// (like importing bookmarks, uploading files, saving links, etc.) a message
// is displayed instead and the user is assumed to have clicked Cancel on the
// file selection dialog. If this setting is not set, users can open file
// selection dialogs as normal.
//"AllowFileSelectionDialogs": true,
// Allow running plugins that are outdated
//-------------------------------------------------------------------------
// Allows Google Chrome to run plugins that are outdated. If you enable this
// setting, outdated plugins are used as normal plugins. If you disable this
// setting, outdated plugins will not be used and users will not be asked for
// permission to run them. If this setting is not set, users will be asked
// for permission to run outdated plugins.
//"AllowOutdatedPlugins": true,
// Enable alternate error pages
//-------------------------------------------------------------------------
// Enables the use of alternate error pages that are built into Google Chrome
// (such as 'page not found') and prevents users from changing this setting.
// If you enable this setting, alternate error pages are used. If you disable
// this setting, alternate error pages are never used. If you enable or
// disable this setting, users cannot change or override this setting in
// Google Chrome. If this policy is left not set, this will be enabled but
// the user will be able to change it.
//"AlternateErrorPagesEnabled": true,
// Always runs plugins that require authorization
//-------------------------------------------------------------------------
// Allows Google Chrome to run plugins that require authorization. If you
// enable this setting, plugins that are not outdated always run. If this
// setting is disabled or not set, users will be asked for permission to run
// plugins that require authorization. These are plugins that can compromise
// security.
//"AlwaysAuthorizePlugins": true,
// Kerberos delegation server whitelist
//-------------------------------------------------------------------------
// Servers that Google Chrome may delegate to. Separate multiple server names
// with commas. Wildcards (*) are allowed. If you leave this policy not set
// any server will be accepted for integrated authentication.
//"AuthNegotiateDelegateWhitelist": "foobar.example.com",
// Supported authentication schemes
//-------------------------------------------------------------------------
// Specifies which HTTP Authentication schemes are supported by Google Chrome.
// Possible values are 'basic', 'digest', 'ntlm' and 'negotiate'. Separate
// multiple values with commas. If this policy is left not set, all four
// schemes will be used.
//"AuthSchemes": "basic,digest,ntlm,negotiate",
// Authentication server whitelist
//-------------------------------------------------------------------------
// Specifies which servers should be whitelisted for integrated
// authentication. Integrated authentication is only enabled when Google
// Chrome receives an authentication challenge from a proxy or from a server
// which is in this permitted list. Separate multiple server names with
// commas. Wildcards (*) are allowed. If you leave this policy not set any
// server will be accepted for integrated authentication.
//"AuthServerWhitelist": "*example.com,foobar.com,*baz",
// Enable AutoFill
//-------------------------------------------------------------------------
// Enables Google Chrome's AutoFill feature and allows users to auto complete
// web forms using previously stored information such as address or credit
// card information. If you disable this setting, AutoFill will be
// inaccessible to users. If you enable this setting or do not set a value,
// AutoFill will remain under the control of the user. This will allow them to
// configure AutoFill profiles and to switch AutoFill on or off at their own
// discretion.
//"AutoFillEnabled": false,
// Automatically select client certificates for these sites
//-------------------------------------------------------------------------
// Allows you to specify a list of url patterns that specify sites for which
// Google Chrome should automatically select a client certificates, if the
// site requests a certificate. If this policy is left not set no auto-
// selection will be done for any site.
//"AutoSelectCertificateForUrls": ["{\"pattern\":\"https://www.example.com\",\"filter\":{\"ISSUER\":{\"CN\":\"certificate issuer name\"}}}"],
// Continue running background apps when Google Chrome is closed
//-------------------------------------------------------------------------
// Determines whether a Google Chrome process is started on OS login and keeps
// running when the last browser window is closed, allowing background apps to
// remain active. The background process displays an icon in the system tray
// and can always be closed from there. If this policy is set to True,
// background mode is enabled and cannot be controlled by the user in the
// browser settings. If this policy is set to False, background mode is
// disabled and cannot be controlled by the user in the browser settings. If
// this policy is left unset, background mode is initially disabled and can be
// controlled by the user in the browser settings.
//"BackgroundModeEnabled": true,
// Block third party cookies
//-------------------------------------------------------------------------
// Blocks third party cookies. Enabling this setting prevents cookies from
// being set by web page elements that are not from the domain that is in the
// browser's address bar. Disabling this setting allows cookies to be set by
// web page elements that are not from the domain that is in the browser's
// address bar and prevents users from changing this setting. If this policy
// is left not set, third party cookies will be enabled but the user will be
// able to change that.
//"BlockThirdPartyCookies": false,
// Enable Bookmark Bar
//-------------------------------------------------------------------------
// Enables the bookmark bar on Google Chrome. If you enable this setting,
// Google Chrome will show a bookmark bar. If you disable this setting, users
// will never see the bookmark bar. If you enable or disable this setting,
// users cannot change or override it in Google Chrome. If this setting is
// left not set the user can decide to use this function or not.
"BookmarkBarEnabled": true,
// Clear site data on browser shutdown
//-------------------------------------------------------------------------
// This policy is an override for the "Clear cookies and other site data when
// I close my browser" content settings option. When set to enabled Google
// Chrome will delete all locally stored data from the browser when it is shut
// down. If set to disabled site data will not be cleared on exit. If this
// policy is left not set Google Chrome will use the default which is to
// preserve site data on shut down and the user will be able to change this.
// If the "RestoreOnStartup" policy is set to restore URLs from previous
// sessions this policy will not clear cookies or other data relevant to
// restoring the previous browsing session completely.
// "ClearSiteDataOnExit": true,
// Enable Google Cloud Print proxy
//-------------------------------------------------------------------------
// Enables Google Chrome to act as a proxy between Google Cloud Print and
// legacy printers connected to the machine. If this setting is enabled or
// not configured, users can enable the cloud print proxy by authentication
// with their Google account. If this setting is disabled, users cannot
// enable the proxy, and the machine will not be allowed to share it's
// printers with Google Cloud Print. If this policy is left not set, this
// will be enabled but the user will be able to change it.
//"CloudPrintProxyEnabled": true,
// Enable submission of documents to Google Cloud Print
//-------------------------------------------------------------------------
// Enables Google Chrome to submit documents to Google Cloud Print for
// printing. NOTE: This only affects Google Cloud Print support in Google
// Chrome. It does not prevent users from submitting print jobs on web sites.
// If this setting is enabled or not configured, users can print to Google
// Cloud Print from the Google Chrome print dialog. If this setting is
// disabled, users cannot print to Google Cloud Print from the Google Chrome
// print dialog
//"CloudPrintSubmitEnabled": true,
// Allow cookies on these sites
//-------------------------------------------------------------------------
// Allows you to set a list of url patterns that specify sites which are
// allowed to set cookies. If this policy is left not set the global default
// value will be used for all sites either from the 'DefaultCookiesSetting'
// policy if it is set, or the user's personal configuration otherwise.
//"CookiesAllowedForUrls": ["http://www.example.com", "[*.]example.edu"],
// Block cookies on these sites
//-------------------------------------------------------------------------
// Allows you to set a list of url patterns that specify sites which are not
// allowed to set cookies. If this policy is left not set the global default
// value will be used for all sites either from the 'DefaultCookiesSetting'
// policy if it is set, or the user's personal configuration otherwise.
//"CookiesBlockedForUrls": ["http://www.example.com", "[*.]example.edu"],
// Allow session only cookies on these sites
//-------------------------------------------------------------------------
// Allows you to set a list of url patterns that specify sites which are
// allowed to set session only cookies. If this policy is left not set the
// global default value will be used for all sites either from the
// 'DefaultCookiesSetting' policy if it is set, or the user's personal
// configuration otherwise. If the "RestoreOnStartup" policy is set to
// restore URLs from previous sessions this policy will not be respectred and
// cookies will be stored permanently for those sites.
//"CookiesSessionOnlyForUrls": ["http://www.example.com", "[*.]example.edu"],
// Set Chrome as Default Browser
//-------------------------------------------------------------------------
// Configures the default browser checks in Google Chrome and prevents users
// from changing them. If you enable this setting, Google Chrome will always
// check on startup whether it is the default browser and automatically
// register itself if possible. If this setting is disabled, Google Chrome
// will never check if it is the default browser and will disable user
// controls for setting this option. If this setting is not set, Google
// controls for setting this option. If this setting is not set, Google
// Chrome will allow the user to control whether it is the default browser and
// whether user notifications should be shown when it isn't.
//"DefaultBrowserSettingEnabled": true,
// Default cookies setting
//-------------------------------------------------------------------------
// Allows you to set whether websites are allowed to set local data. Setting
// local data can be either allowed for all websites or denied for all
// websites. If this policy is left not set, 'AllowCookies' will be used and
// the user will be able to change it.
//"DefaultCookiesSetting": 1,
// Default geolocation setting
//-------------------------------------------------------------------------
// Allows you to set whether websites are allowed to track the users' physical
// location. Tracking the users' physical location can be allowed by default,
// denied by default or the user can be asked every time a website requests
// the physical location. If this policy is left not set, 'AskGeolocation'
// will be used and the user will be able to change it.
//"DefaultGeolocationSetting": 0,
// Default images setting
//-------------------------------------------------------------------------
// Allows you to set whether websites are allowed to display images.
// Displaying images can be either allowed for all websites or denied for all
// websites. If this policy is left not set, 'AllowImages' will be used and
// the user will be able to change it.
//"DefaultImagesSetting": 1,
// Default JavaScript setting
//-------------------------------------------------------------------------
// Allows you to set whether websites are allowed to run JavaScript. Running
// JavaScript can be either allowed for all websites or denied for all
// websites. If this policy is left not set, 'AllowJavaScript' will be used
// and the user will be able to change it.
//"DefaultJavaScriptSetting": 1,
// Default notification setting
//-------------------------------------------------------------------------
// Allows you to set whether websites are allowed to display desktop
// notifications. Displaying desktop notifications can be allowed by default,
// denied by default or the user can be asked every time a website wants to
// show desktop notifications. If this policy is left not set,
// 'AskNotifications' will be used and the user will be able to change it.
//"DefaultNotificationsSetting": 2,
// Default plugins setting
//-------------------------------------------------------------------------
// Allows you to set whether websites are allowed to automatically run
// plugins. Automatically running plugins can be either allowed for all
// websites or denied for all websites. If this policy is left not set,
// 'AllowPlugins' will be used and the user will be able to change it.
//"DefaultPluginsSetting": 1,
// Default popups setting
//-------------------------------------------------------------------------
// Allows you to set whether websites are allowed to show pop-ups. Showing
// popups can be either allowed for all websites or denied for all websites.
// If this policy is left not set, 'BlockPopups' will be used and the user
// will be able to change it.
//"DefaultPopupsSetting": 1,
// Enable the default search provider
//-------------------------------------------------------------------------
// Enables the use of a default search provider. If you enable this setting,
// a default search is performed when the user types text in the omnibox that
// is not a URL. You can specify the default search provider to be used by
// setting the rest of the default search policies. If these are left empty,
// the user can choose the default provider. If you disable this setting, no
// search is performed when the user enters non-URL text in the omnibox. If
// you enable or disable this setting, users cannot change or override this
// setting in Google Chrome. If this policy is left not set, the default
// search provider is enabled, and the user will be able to set the search
// provider list.
// "DefaultSearchProviderEnabled": true,
// Default search provider encodings
//-------------------------------------------------------------------------
// Specifies the character encodings supported by the search provider.
// Encodings are code page names like UTF-8, GB2312, and ISO-8859-1. They are
// tried in the order provided. This policy is optional. If not set, the
// default will be used which is UTF-8. This policy is only respected if the
// 'DefaultSearchProviderEnabled' policy is enabled.
//"DefaultSearchProviderEncodings": ["UTF-8", "UTF-16", "GB2312", "ISO-8859-1"],
// Default search provider icon
//-------------------------------------------------------------------------
// Specifies the favorite icon URL of the default search provider. This
// policy is optional. If not set, no icon will be present for the search
// provider. This policy is only respected if the
// 'DefaultSearchProviderEnabled' policy is enabled.
//"DefaultSearchProviderIconURL": "http://search.my.company/favicon.ico",
// Default search provider instant URL
//-------------------------------------------------------------------------
// Specifies the URL of the search engine used to provide instant results. The
// URL should contain the string '{searchTerms}', which will be replaced at
// query time by the text the user has entered so far. This policy is
// optional. If not set, no instant search results will be provided. This
// policy is only respected if the 'DefaultSearchProviderEnabled' policy is
// enabled.
//"DefaultSearchProviderInstantURL": "http://search.my.company/suggest?q={searchTerms}",
// Default search provider keyword
//-------------------------------------------------------------------------
// Specifies the keyword, which is the shortcut used in the omnibox to trigger
// the search for this provider. This policy is optional. If not set, no
// keyword will activate the search provider. This policy is only considered
// if the 'DefaultSearchProviderEnabled' policy is enabled.
//"DefaultSearchProviderKeyword": "mis",
// Default search provider name
//-------------------------------------------------------------------------
// Specifies the name of the default search provider. If left empty or not
// set, the host name specified by the search URL will be used. This policy
// is only considered if the 'DefaultSearchProviderEnabled' policy is enabled.
// "DefaultSearchProviderName": "Google",
// Default search provider search URL
//-------------------------------------------------------------------------
// Specifies the URL of the search engine used when doing a default search.
// The URL should contain the string '{searchTerms}', which will be replaced
// at query time by the terms the user is searching for. This option must be
// set when the 'DefaultSearchProviderEnabled' policy is enabled and will only
// be respected if this is the case.
// "DefaultSearchProviderSearchURL": "http://www.google.com/cse?cx=partner-pub-6065445074637525:8941524350&q={searchTerms}",
// Default search provider suggest URL
//-------------------------------------------------------------------------
// Specifies the URL of the search engine used to provide search suggestions.
// The URL should contain the string '{searchTerms}', which will be replaced
// at query time by the text the user has entered so far. This policy is
// optional. If not set, no suggest URL will be used. This policy is only
// respected if the 'DefaultSearchProviderEnabled' policy is enabled.
//"DefaultSearchProviderSuggestURL": "http://search.my.company/suggest?q={searchTerms}",
// Disable Developer Tools
//-------------------------------------------------------------------------
// Disables the Developer Tools and the JavaScript console. If you enable
// this setting, the Developer Tools can not be accessed and web-site elements
// can not be inspected anymore. Any keyboard shortcuts and any menu or
// context menu entries to open the Developer Tools or the JavaScript Console
// will be disabled. Setting this option to disabled or leaving it not set
// will allow the use to use the Developer Tools and the JavaScript console.
"DeveloperToolsDisabled": true,
// Disable support for 3D graphics APIs
//-------------------------------------------------------------------------
// Disable support for 3D graphics APIs. Enabling this setting prevents web
// pages from accessing the graphics processing unit (GPU). Specifically, web
// pages can not access the WebGL API and plugins can not use the Pepper 3D
// API. Disabling this setting or leaving it not set potentially allows web
// pages to use the WebGL API and plugins to use the Pepper 3D API. The
// default settings of the browser may still require command line arguments to
// be passed in order to use these APIs.
//"Disable3DAPIs": false,
// Disable CNAME lookup when negotiating Kerberos authentication
//-------------------------------------------------------------------------
// Specifies whether the generated Kerberos SPN is based on the canonical DNS
// name or the original name entered. If you enable this setting, CNAME
// lookup will be skipped and the server name will be used as entered. If you
// disable this setting or leave it not set, the canonical name of the server
// will be determined via CNAME lookup.
//"DisableAuthNegotiateCnameLookup": false,
// Specify whether the plugin finder should be disabled
//-------------------------------------------------------------------------
// If you set this setting to enabled the automatic search and installation of
// missing plugins will be disabled in Google Chrome. Setting this option to
// disabled or leave it not set the plugin finder will be active.
//"DisablePluginFinder": true,
// Disable Print Preview
//-------------------------------------------------------------------------
// Disable print preview. This setting is used to force the use of the system
// print dialog instead of print preview.
//"DisablePrintPreview": false,
// Disable SSL record splitting
//-------------------------------------------------------------------------
// Specifies whether SSL record splitting should be disabled. Record splitting
// is a workaround for a weakness in SSL 3.0 and TLS 1.0 but can cause
// compatibility issues with some HTTPS servers and proxies. If the policy is
// not set, or is set to false, then record splitting will be used on SSL/TLS
// connections which use CBC ciphersuites.
//"DisableSSLRecordSplitting": true,
// Disable SPDY protocol
//-------------------------------------------------------------------------
// Disables use of the SPDY protocol in Google Chrome. If this policy is
// enabled the SPDY protocol will not be available in Google Chrome. Setting
// this policy to disabled will allow the usage of SPDY. If this policy is
// left not set, SPDY will be available.
//"DisableSpdy": true,
// Specify a list of disabled plugins
//-------------------------------------------------------------------------
// Specifies a list of plugins that are disabled in Google Chrome and prevents
// users from changing this setting. The wildcard characters '*' and '?' can
// be used to match sequences of arbitrary characters. '*' matches an
// arbitrary number of characters while '?' specifies an optional single
// character, i.e. matches zero or one characters. The escape character is
// '\', so to match actual '*', '?', or '\' characters, you can put a '\' in
// front of them. If you enable this setting, the specified list of plugins
// is never used in Google Chrome. The plugins are marked as disabled in
// 'about:plugins' and users cannot enable them. Note that this policy can be
// overriden by EnabledPlugins and DisabledPluginsExceptions. If this policy
// is left not set the user can use any plugin installed on the system except
// for hard-coded incompatible, outdated or dangerous plugins.
//"DisabledPlugins": ["Java", "Shockwave Flash", "Chrome PDF Viewer"],
// Specify a list of plugins that the user can enable or disable
//-------------------------------------------------------------------------
// Specifies a list of plugins that user can enable or disable in Google
// Chrome. The wildcard characters '*' and '?' can be used to match sequences
// of arbitrary characters. '*' matches an arbitrary number of characters
// while '?' specifies an optional single character, i.e. matches zero or one
// characters. The escape character is '\', so to match actual '*', '?', or
// '\' characters, you can put a '\' in front of them. If you enable this
// setting, the specified list of plugins can be used in Google Chrome. Users
// can enable or disable them in 'about:plugins', even if the plugin also
// matches a pattern in DisabledPlugins. Users can also enable and disable
// plugins that don't match any patterns in DisabledPlugins,
// DisabledPluginsExceptions and EnabledPlugins. This policy is meant to
// allow for strict plugin balcklisting where the 'DisabledPlugins' list
// contains wildcarded entries like disable all plugins '*' or disable all
// Java plugins '*Java*' but the administrator wishes to enable some
// particular version like 'IcedTea Java 2.3'. This particular versions can be
// specified in this policy. If this policy is left not set any plugin that
// matches the patterns in the 'DisabledPlugins' will be locked disabled and
// the user won't be able to enable them.
//"DisabledPluginsExceptions": ["Java", "Shockwave Flash", "Chrome PDF Viewer"],
// Disable URL protocol schemes
//-------------------------------------------------------------------------
// Disables the listed protocol schemes in Google Chrome. URLs using a scheme
// from this list will not load and can not be navigated to. If this policy
// is left not set or the list is empty all schemes will be accessible in
// Google Chrome.
//"DisabledSchemes": ["file", "mailto"],
// Set disk cache directory
//-------------------------------------------------------------------------
// Configures the directory that Google Chrome will use for storing cached
// files on the disk. If you set this policy, Google Chrome will use the
// provided directory regardless whether the user has specified the '--disk-
// cache-dir' flag or not. If this policy is left not set the default cache
// directory will be used and the user will be able to override it with the
// '--disk-cache-dir' command line flag.
//"DiskCacheDir": "${user_home}/Chrome_cache",
// Set disk cache size in bytes
//-------------------------------------------------------------------------
// Configures the cache size that Google Chrome will use for storing cached
// files on the disk. If you set this policy, Google Chrome will use the
// provided cache size regardless whether the user has specified the '--disk-
// cache-size' flag or not. If the value of this policy is 0, the default
// cache size will be used but the user will not be able to change it. If
// this policy is not set the default size will be used and the user will be
// able to override it with the --disk-cache-size flag.
//"DiskCacheSize": 104857600,
// Enable network prediction.
//-------------------------------------------------------------------------
// Enables network prediction in Google Chrome and prevents users from
// changing this setting. If you enable or disable this setting, users cannot
// change or override this setting in Google Chrome. If this policy is left
// not set, this will be enabled but the user will be able to change it.
//"DnsPrefetchingEnabled": true,
// Set download directory
//-------------------------------------------------------------------------
// Configures the directory that Google Chrome will use for downloading files.
// If you set this policy, Google Chrome will use the provided directory
// regardless whether the user has specified one or enabled the flag to be
// prompted for download location every time. If this policy is left not set
// the default download directory will be used and the user will be able to
// change it.
//"DownloadDirectory": "/home/${user_name}/Downloads",
// Enables or disables bookmark editing
//-------------------------------------------------------------------------
// Enables or disables editing bookmarks in Google Chrome. If you enable this
// setting, bookmarks can be added, removed or modified. This is the default
// also when this policy is not set. If you disable this setting, bookmarks
// can not be added, removed or modified. Existing bookmarks are still
// available.
//"EditBookmarksEnabled": false,
// Include non-standard port in Kerberos SPN
//-------------------------------------------------------------------------
// Specifies whether the generated Kerberos SPN should include a non-standard
// port. If you enable this setting, and a non-standard port (i.e., a port
// other than 80 or 443) is entered, it will be included in the generated
// Kerberos SPN. If you disable this setting or leave it not set, the
// generated Kerberos SPN will not include a port in any case.
//"EnableAuthNegotiatePort": false,
// Whether online OCSP/CRL checks are performed
//-------------------------------------------------------------------------
// In light of the fact that soft-fail, online revocation checks provide no
// effective security benefit, they are disabled by default in Google Chrome
// version 19 and later. By setting this policy to true, the previous
// behaviour is restored and online OCSP/CRL checks will be performed. If the
// policy is not set, or is set to false, then Chrome will not perform online
// revocation checks in Chrome 19 and later.
//"EnableOnlineRevocationChecks": false,
// Specify a list of enabled plugins
//-------------------------------------------------------------------------
// Specifies a list of plugins that are enabled in Google Chrome and prevents
// users from changing this setting. The wildcard characters '*' and '?' can
// be used to match sequences of arbitrary characters. '*' matches an
// arbitrary number of characters while '?' specifies an optional single
// character, i.e. matches zero or one characters. The escape character is
// '\', so to match actual '*', '?', or '\' characters, you can put a '\' in
// front of them. The specified list of plugins is always used in Google
// Chrome if they are installed. The plugins are marked as enabled in
// 'about:plugins' and users cannot disable them. Note that this policy
// overrides both DisabledPlugins and DisabledPluginsExceptions. If this
// policy is left not set the user can disable any plugin installed on the
// system.
//"EnabledPlugins": ["Java", "Shockwave Flash", "Chrome PDF Viewer"],
// Enterprise web store name
//-------------------------------------------------------------------------
// The name of the enterprise web store, which will appear underneath the app
// icon on the new tab page. This setting has no effect if
// EnterpriseWebStoreURL is not set. If this setting is disabled, the
// enterprise web store app (if it exists) will be labeled with its URL.
//"EnterpriseWebStoreName": "WidgCo Chrome Apps",
// Enterprise web store URL
//-------------------------------------------------------------------------
// Specifies the URL for the enterprise web store. When this setting is
// enabled, an app will appear on the new tab page which, when clicked, will
// take the user to the specified URL. Extensions and apps can be installed
// from this page without extra warnings being presented to the user. If this
// policy is set, the EnterpriseWebStoreName setting should also be set. If
// this setting is disabled, no enterprise web store app will appear on the
// new tab page.
//"EnterpriseWebStoreURL": "http://company-intranet/chromeapps",
// Configure extension installation blacklist
//-------------------------------------------------------------------------
// Allows you to specify which extensions the users can NOT install.
// Extensions already installed will be removed if blacklisted. A blacklist
// value of '*' means all extensions are blacklisted unless they are
// explicitly listed in the whitelist. If this policy is left not set the
// user can install any extension in Google Chrome.
//"ExtensionInstallBlacklist": ["extension_id1", "extension_id2"],
// Configure the list of force-installed extensions
//-------------------------------------------------------------------------
// Allows you to specify a list of extensions that will be installed silently,
// without user interaction. Each item of the list is a string that contains
// an extension ID and an update URL delimited by a semicolon (;). The
// extension ID is the 32-letter string found e.g. on chrome://extensions when
// in developer mode. The update URL should point to an Update Manifest XML
// document as described at
// http://code.google.com/chrome/extensions/autoupdate.html. For each item,
// Google Chrome will retrieve the extension specified by the extension ID
// from the update service at the specified update URL and silently install
// it. For example,
// lcncmkcnkcdbbanbjakcencbaoegdjlp;https://clients2.google.com/service/update2/crx
// installs the Google SSL Web Search extension from the standard Chrome Web
// Store update URL. For more information about hosting extensions, see:
// http://code.google.com/chrome/extensions/hosting.html. Users will be
// unable to uninstall extensions that are specified by this policy. If you
// remove an extension from this list, then it will be automatically
// uninstalled by Google Chrome. If this policy is left not set the user can
// uninstall any extension in Google Chrome.
"ExtensionInstallForcelist": [
"cfhdojbkjhnklbpkdaibdccddilifddb;https://clients2.google.com/service/update2/crx",
"hdbipekpdpggjaipompnomhccfemaljm;https://clients2.google.com/service/update2/crx",
"mdnmhbnbebabimcjggckeoibchhckemm;https://clients2.google.com/service/update2/crx"
],
// Configure extension installation whitelist
//-------------------------------------------------------------------------
// Allows you to specify which extensions are not subject to the blacklist. A
// blacklist value of * means all extensions are blacklisted and users can
// only install extensions listed in the whitelist. By default, all
// extensions are whitelisted, but if all extensions have been blacklisted by
// policy, the whitelist can be used to override that policy.
//"ExtensionInstallWhitelist": ["extension_id1", "extension_id2"],
// GSSAPI library name
//-------------------------------------------------------------------------
// Specifies which GSSAPI library to use for HTTP Authentication. You can set
// either just a library name, or a full path. If no setting is provided,
// Google Chrome will fall back to using a default library name.
//"GSSAPILibraryName": "libgssapi_krb5.so.2",
// Prevent app promotions from appearing on the new tab page
//-------------------------------------------------------------------------
// When set to True, promotions for Chrome Web Store apps will not appear on
// the new tab page. Setting this option to False or leaving it not set will
// make the promotions for Chrome Web Store apps appear on the new tab page
//"HideWebStorePromo": false,
// Use New Tab Page as homepage
//-------------------------------------------------------------------------
// Configures the type of the default home page in Google Chrome and prevents
// users from changing home page preferences. The home page can either be set
// to a URL you specify or set to the New Tab Page. If you enable this
// setting, the New Tab Page is always used for the home page, and the home
// page URL location is ignored. If you disable this setting, the user's
// homepage will never be the New Tab Page, unless its URL is set to
// 'chrome://newtab'. If you enable or disable this setting, users cannot
// change their homepage type in Google Chrome. Leaving this policy not set
// will allow the user to choose whether the new tab page is his home page on
// his own.
"HomepageIsNewTabPage": false,
// Configure the home page URL
//-------------------------------------------------------------------------
// Configures the default home page URL in Google Chrome and prevents users
// from changing it. The home page type can either be set to a URL you
// specify here or set to the New Tab Page. If you select the New Tab Page,
// then this policy is ignored. If you enable this setting, users cannot
// change their home page URL in Google Chrome, but they can still can choose
// the New Tab Page as their home page. Leaving this policy not set will
// allow the user to choose his home page on his own if HomepageIsNewTabPage
// is not set too.
// "HomepageLocation": "http://www.google.com/cse/home?cx=partner-pub-6065445074637525:8941524350",
// Allow images on these sites
//-------------------------------------------------------------------------
// Allows you to set a list of url patterns that specify sites which are
// allowed to display images. If this policy is left not set the global
// default value will be used for all sites either from the
// 'DefaultImagesSetting' policy if it is set, or the user's personal
// configuration otherwise.
//"ImagesAllowedForUrls": ["http://www.example.com", "[*.]example.edu"],
// Block images on these sites
//-------------------------------------------------------------------------
// Allows you to set a list of url patterns that specify sites which are not
// allowed to display images. If this policy is left not set the global
// default value will be used for all sites either from the
// 'DefaultImagesSetting' policy if it is set, or the user's personal
// configuration otherwise.
//"ImagesBlockedForUrls": ["http://www.example.com", "[*.]example.edu"],
// Import bookmarks from default browser on first run
//-------------------------------------------------------------------------
// This policy forces bookmarks to be imported from the current default
// browser if enabled. If enabled, this policy also affects the import dialog.
// If disabled, no bookmarks are imported. If it is not set, the user may be
// asked whether to import, or importing may happen automatically.
//"ImportBookmarks": true,
// Import browsing history from default browser on first run
//-------------------------------------------------------------------------
// This policy forces the browsing history to be imported from the current
// default browser if enabled. If enabled, this policy also affects the import
// dialog. If disabled, no browsing history is imported. If it is not set,
// the user may be asked whether to import, or importing may happen
// automatically.
//"ImportHistory": true,
// Import of homepage from default browser on first run
//-------------------------------------------------------------------------
// This policy forces the home page to be imported from the current default
// browser if enabled. If disabled, the home page is not imported. If it is
// not set, the user may be asked whether to import, or importing may happen
// automatically.
//"ImportHomepage": true,
// Import saved passwords from default browser on first run
//-------------------------------------------------------------------------
// This policy forces the saved passwords to be imported from the previous
// default browser if enabled. If enabled, this policy also affects the import
// dialog. If disabled, the saved passwords are not imported. If it is not
// set, the user may be asked whether to import, or importing may happen
// automatically.
//"ImportSavedPasswords": true,
// Import search engines from default browser on first run
//-------------------------------------------------------------------------
// This policy forces search engines to be imported from the current default
// browser if enabled. If enabled, this policy also affects the import dialog.
// If disabled, the default search engine is not imported. If it is not set,
// the user may be asked whether to import, or importing may happen
// automatically.
"ImportSearchEngine": false,
// Incognito mode availability.
//-------------------------------------------------------------------------
// Specifies whether the user may open pages in Incognito mode in Google
// Chrome. If 'Enabled' is selected or the policy is left unset, pages may be
// opened in Incognito mode. If 'Disabled' is selected, pages may not be
// opened in Incognito mode. If 'Forced' is selected, pages may be opened
// ONLY in Incognito mode.
//"IncognitoModeAvailability": 1,
// Enable Instant
//-------------------------------------------------------------------------
// Enables Google Chrome's Instant feature and prevents users from changing
// this setting. If you enable this setting, Google Chrome Instant is
// enabled. If you disable this setting, Google Chrome Instant is disabled.
// If you enable or disable this setting, users cannot change or override this
// setting. If this setting is left not set the user can decide to use this
// function or not.
//"InstantEnabled": true,
// Allow JavaScript on these sites
//-------------------------------------------------------------------------
// Allows you to set a list of url patterns that specify sites which are
// allowed to run JavaScript. If this policy is left not set the global
// default value will be used for all sites either from the
// 'DefaultJavaScriptSetting' policy if it is set, or the user's personal
// configuration otherwise.
//"JavaScriptAllowedForUrls": ["http://www.example.com", "[*.]example.edu"],
// Block JavaScript on these sites
//-------------------------------------------------------------------------
// Allows you to set a list of url patterns that specify sites which are not
// allowed to run JavaScript. If this policy is left not set the global
// default value will be used for all sites either from the
// 'DefaultJavaScriptSetting' policy if it is set, or the user's personal
// configuration otherwise.
//"JavaScriptBlockedForUrls": ["http://www.example.com", "[*.]example.edu"],
// Maximal number of concurrent connections to the proxy server
//-------------------------------------------------------------------------
// Specifies the maximal number of simultanious connections to the proxy
// server. Some proxy servers can not handle high number of concurrent
// connections per client and this can be solved by setting this policy to a
// lower value. The value of this policy should be lower than 100 and higher
// than 6 and the default value is 32. Some web apps are known to consume
// many connections with hanging GETs, so lowering below 32 may lead to
// browser networking hangs if too many such web apps are open. Lower below
// the default at your own risk. If this policy is left not set the default
// value will be used which is 32.
//"MaxConnectionsPerProxy": 32,
// Set media disk cache size in bytes
//-------------------------------------------------------------------------
// Configures the chache size that Google Chrome will use for storing cached
// media files on the disk. If you set this policy, Google Chrome will use
// the provided cache size regardless whether the user has specified the
// '--media-cache-size' flag or not. If the value of this policy is 0, the
// default cache size will be used but the user will not be able to change it.
// If this policy is not set the default size will be used and the user will
// be able to override it with the --media-cache-size flag.
//"MediaCacheSize": 104857600,
// Enable reporting of usage and crash-related data
//-------------------------------------------------------------------------
// Enables anonymous reporting of usage and crash-related data about Google
// Chrome to Google and prevents users from changing this setting. If you
// enable this setting, anonymous reporting of usage and crash-related data is
// sent to Google. If you disable this setting, anonymous reporting of usage
// and crash-related data is never sent to Google. If you enable or disable
// this setting, users cannot change or override this setting in Google
// Chrome. If this policy is left not set the setting will be what the user
// chose upon installation / first run.
//"MetricsReportingEnabled": true,
// Allow notifications on these sites
//-------------------------------------------------------------------------
// Allows you to set a list of url patterns that specify sites which are
// allowed to display notifications. If this policy is left not set the
// global default value will be used for all sites either from the
// 'DefaultNotificationsSetting' policy if it is set, or the user's personal
// configuration otherwise.
//"NotificationsAllowedForUrls": ["http://www.example.com", "[*.]example.edu"],
// Block notifications on these sites
//-------------------------------------------------------------------------
// Allows you to set a list of url patterns that specify sites which are not
// allowed to display notifications. If this policy is left not set the
// global default value will be used for all sites either from the
// 'DefaultNotificationsSetting' policy if it is set, or the user's personal
// configuration otherwise.
//"NotificationsBlockedForUrls": ["http://www.example.com", "[*.]example.edu"],
// Allow users to show passwords in Password Manager
//-------------------------------------------------------------------------
// Controls whether the user may show passwords in clear text in the password
// manager. If you disable this setting, the password manager does not allow
// showing stored passwords in clear text in the password manager window. If
// you enable or do not set this policy, users can view their passwords in
// clear text in the password manager.
"PasswordManagerAllowShowPasswords": true,
// Enable the password manager
//-------------------------------------------------------------------------
// Enables saving passwords and using saved passwords in Google Chrome. If
// you enable this setting, users can have Google Chrome memorize passwords
// and provide them automatically the next time they log in to a site. If you
// disable this setting, users are not able to save passwords or use already
// saved passwords. If you enable or disable this setting, users cannot
// change or override this setting in Google Chrome. If this policy is left
// not set, this will be enabled but the user will be able to change it.
"PasswordManagerEnabled": true,
// Allow plugins on these sites
//-------------------------------------------------------------------------
// Allows you to set a list of url patterns that specify sites which are
// allowed to run plugins. If this policy is left not set the global default
// value will be used for all sites either from the 'DefaultPluginsSetting'
// policy if it is set, or the user's personal configuration otherwise.
//"PluginsAllowedForUrls": ["http://www.example.com", "[*.]example.edu"],
// Block plugins on these sites
//-------------------------------------------------------------------------
// Allows you to set a list of url patterns that specify sites which are not
// allowed to run plugins. If this policy is left not set the global default
// value will be used for all sites either from the 'DefaultPluginsSetting'
// policy if it is set, or the user's personal configuration otherwise.
//"PluginsBlockedForUrls": ["http://www.example.com", "[*.]example.edu"],
// Allow popups on these sites
//-------------------------------------------------------------------------
// Allows you to set a list of url patterns that specify sites which are
// allowed to open popups. If this policy is left not set the global default
// value will be used for all sites either from the 'DefaultPopupsSetting'
// policy if it is set, or the user's personal configuration otherwise.
//"PopupsAllowedForUrls": ["http://www.example.com", "[*.]example.edu"],
// Block popups on these sites
//-------------------------------------------------------------------------
// Allows you to set a list of url patterns that specify sites which are not
// allowed to open popups. If this policy is left not set the global default
// value will be used for all sites either from the 'DefaultPopupsSetting'
// policy if it is set, or the user's personal configuration otherwise.
//"PopupsBlockedForUrls": ["http://www.example.com", "[*.]example.edu"],
// Enable printing
//-------------------------------------------------------------------------
// Enables printing in Google Chrome and prevents users from changing this
// setting. If this setting is enabled or not configured, users can print.
// If this setting is disabled, users cannot print from Google Chrome.
// Printing is disabled in the wrench menu, extensions, JavaScript
// applications, etc. It is still possible to print from plugins that bypass
// Google Chrome while printing. For example certain Flash applications has
// the print option in their context menu, and that will not be disabled. If
// this policy is left not set, this will be enabled but the user will be able
// to change it.
//"PrintingEnabled": true,
// Proxy bypass rules
//-------------------------------------------------------------------------
// Google Chrome will bypass any proxy for the list of hosts given here. This
// policy only takes effect if you have selected manual proxy settings at
// 'Choose how to specify proxy server settings'. You should leave this
// policy not set if you have selected any other mode for setting proxy
// policies. For more detailed examples, visit:
// http://www.chromium.org/developers/design-documents/network-settings#TOC-
// Command-line-options-for-proxy-sett
//"ProxyBypassList": "http://www.example1.com,http://www.example2.com,http://internalsite/",
// Choose how to specify proxy server settings
//-------------------------------------------------------------------------
// Allows you to specify the proxy server used by Google Chrome and prevents
// users from changing proxy settings. If you choose to never use a proxy
// server and always connect directly, all other options are ignored. If you
// choose to use system proxy settings or auto detect the proxy server, all
// other options are ignored. If you choose fixed server proxy mode, you can
// specify further options in 'Address or URL of proxy server' and 'Comma-
// separated list of proxy bypass rules'. If you choose to use a .pac proxy
// script, you must specify the URL to the script in 'URL to a proxy .pac
// file'. For detailed examples, visit: http://www.chromium.org/developers
// /design-documents/network-settings#TOC-Command-line-options-for-proxy-sett
// If you enable this setting, Google Chrome ignores all proxy-related options
// specified from the command line. Leaving this policy not set will allow
// the users to choose the proxy settings on their own.
//"ProxyMode": "direct",
// URL to a proxy .pac file
//-------------------------------------------------------------------------
// You can specify a URL to a proxy .pac file here. This policy only takes
// effect if you have selected manual proxy settings at 'Choose how to specify
// proxy server settings'. You should leave this policy not set if you have
// selected any other mode for setting proxy policies. For detailed examples,
// visit: http://www.chromium.org/developers/design-documents/network-settings
// #TOC-Command-line-options-for-proxy-sett
//"ProxyPacUrl": "http://internal.site/example.pac",
// Address or URL of proxy server
//-------------------------------------------------------------------------
// You can specify the URL of the proxy server here. This policy only takes
// effect if you have selected manual proxy settings at 'Choose how to specify
// proxy server settings'. You should leave this policy not set if you have
// selected any other mode for setting proxy policies. For more options and
// detailed examples, visit: http://www.chromium.org/developers/design-
// documents/network-settings#TOC-Command-line-options-for-proxy-sett
//"ProxyServer": "123.123.123.123:8080",
// Enable firewall traversal from remote access host
//-------------------------------------------------------------------------
// Enables usage of STUN and relay servers when remote clients are trying to
// establish a connection to this machine. If this setting is enabled, then
// remote clients can discover and connect to this machines even if they are
// separated by a firewall. If this setting is disabled and outgoing UDP
// connections are filtered by the firewall, then this machine will only allow
// connections from client machines within the local network. If this policy
// is left not set the setting will be enabled.
//"RemoteAccessHostFirewallTraversal": false,
// Action on startup
//-------------------------------------------------------------------------
// Allows you to specify the behavior on startup. If you choose 'Open home
// page' the home page will always be opened when you start Google Chrome. If
// you choose 'Restore the last session', the URLs that were open last time
// Google Chrome was closed will be reopened and the browsing session will be
// restored as it was left. Choosing this option disables some settings that
// rely on sessions or that perform actions on exit (such as Clear browsing
// data on exit or session-only cookies). If you choose 'Open a list of
// URLs', the list of 'URLs to open on startup' will be opened when a user
// starts Google Chrome. If you enable this setting, users cannot change or
// override it in Google Chrome. Disabling this setting is equvalent to
// leaving it not configured. The user will still be able to change it in
// Google Chrome.
"RestoreOnStartup": 1,
// URLs to open on startup
//-------------------------------------------------------------------------
// If 'Open a list of URLs' is selected as the startup action, this allows you
// to specify the list of URLs that are opened. If left not set no URL will be
// opened on start up. This policy only works if the 'RestoreOnStartup'
// policy is set to 'RestoreOnStartupIsURLs'.
// "RestoreOnStartupURLs": ["http://www.google.com/cse?cx=partner-pub-6065445074637525:8941524350"],
// Enable Safe Browsing
//-------------------------------------------------------------------------
// Enables Google Chrome's Safe Browsing feature and prevents users from
// changing this setting. If you enable this setting, Safe Browsing is always
// active. If you disable this setting, Safe Browsing is never active. If
// you enable or disable this setting, users cannot change or override this
// setting in Google Chrome. If this policy is left not set, this will be
// enabled but the user will be able to change it.
//"SafeBrowsingEnabled": true,
// Disable saving browser history
//-------------------------------------------------------------------------
// Disables saving browser history in Google Chrome and prevents users from
// changing this setting. If this setting is enabled, browsing history is not
// saved. If this setting is disabled or not set, browsing history is saved.
//"SavingBrowserHistoryDisabled": true,
// Enable search suggestions
//-------------------------------------------------------------------------
// Enables search suggestions in Google Chrome's Omnibox and prevents users
// from changing this setting. If you enable this setting, search suggestions
// are used. If you disable this setting, search suggestions are never used.
// If you enable or disable this setting, users cannot change or override this
// setting in Google Chrome. If this policy is left not set, this will be
// enabled but the user will be able to change it.
//"SearchSuggestEnabled": true,
// Show Home button on toolbar
//-------------------------------------------------------------------------
// Shows the Home button on Google Chrome's toolbar. If you enable this
// setting, the Home button is always shown. If you disable this setting, the
// Home button is never shown. If you enable or disable this setting, users
// cannot change or override this setting in Google Chrome. Leaving this
// policy not set will allow the user to choose whether to show the home
// button.
"ShowHomeButton": false,
// Disable synchronization of data with Google
//-------------------------------------------------------------------------
// Disables data synchronization in Google Chrome using Google-hosted
// synchronization services and prevents users from changing this setting. If
// you enable this setting, users cannot change or override this setting in
// Google Chrome. If this policy is left not set Google Sync will be
// available for the user to choose whether to use it or not.
"SyncDisabled": false,
// Enable Translate
//-------------------------------------------------------------------------
// Enables the integrated Google Translate service on Google Chrome. If you
// enable this setting, Google Chrome will show an integrated toolbar offering
// to translate the page for the user, when appropriate. If you disable this
// setting, users will never see the translation bar. If you enable or
// disable this setting, users cannot change or override this setting in
// Google Chrome. If this setting is left not set the user can decide to use
// this function or not.
"TranslateEnabled": true,
// Block access to a list of URLs
//-------------------------------------------------------------------------
// Blocks access to the listed URLs. This policy prevents the user from
// loading web pages from blacklisted URLs. A URL has the format
// 'scheme://host:port/path'. The optional scheme can be http, https or ftp.
// Only this scheme will be blocked; if none is specified, all schemes are
// blocked. The host can be a hostname or an IP address. Subdomains of a
// hostname will also be blocked. To prevent blocking subdomains, include a
// '.' before the hostname. The special hostname '*' will block all domains.
// The optional port is a valid port number from 1 to 65535. If none is
// specified, all ports are blocked. If the optional path is specified, only
// paths with that prefix will be blocked. Exceptions can be defined in the
// URL whitelist policy. These policies are limited to 100 entries; subsequent
// entries will be ignored. If this policy is not set no URL will be
// blacklisted in the browser.
//"URLBlacklist": ["example.com", "https://ssl.server.com", "hosting.com/bad_path", "http://server:8080/path", ".exact.hostname.com", "*"],
// Allows access to a list of URLs
//-------------------------------------------------------------------------
// Allows access to the listed URLs, as exceptions to the URL blacklist. See
// the description of the URL blacklist policy for the format of entries of
// this list. This policy can be used to open exceptions to restrictive
// blacklists. For example, '*' can be blacklisted to block all requests, and
// this policy can be used to allow access to a limited list of URLs. It can
// be used to open exceptions to certain schemes, subdomains of other domains,
// ports, or specific paths. The most specific filter will determine if a URL
// is blocked or allowed. The whitelist takes precedence over the blacklist.
// This policy is limited to 100 entries; subsequent entries will be ignored.
// If this policy is not set there will be no exceptions to the blacklist from
// the 'URLBlacklist' policy.
//"URLWhitelist": ["example.com", "https://ssl.server.com", "hosting.com/bad_path", "http://server:8080/path", ".exact.hostname.com"]
// Hide Chrome Web Store from bookmark bar
"HideWebStoreIcon": true,
// ManagedBookmarks
"ManagedBookmarks": [{"toplevel_name": "My managed bookmarks folder"}, {"url": "google.com", "name": "Google"}, {"url": "youtube.com", "name": "Youtube"}, {"name": "Chrome links", "children": [{"url": "chromium.org", "name": "Chromium"}, {"url": "dev.chromium.org", "name": "Chromium Developers"}]}]
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment