Google Chrome for Business was first launched in 2010 to provide IT administrators with a free method to centrally deploy pre-configured Chrome browsers throughout an organisation. Chrome for Business was updated in April 2013, and Google added a number of new policies to configure Chrome (there are now 100), implement legacy browser support, and use cloud-based IT admin tools for organisations using Google Apps.
The update makes configuring and pushing out Chrome to clients in a Windows domain quite easy because it integrates with Group Policy (GP), although Google's instructive documentation is rather pitiful. However, if you want and need Chrome deployed to a significant number of users on a network, there is no more efficient way to deploy and manage it than with Chrome for Business.
You can download Google Chrome for Business from the Chrome for Business site. Google's documentation instructs you to download the Windows Installer package – the MSI file for installing the Chrome browser and placing it in a network share, accessible to users.
The instructions then outline how to import Google templates into Group Policy, but leave out an important step: You must download the Chrome ADM or ADMX templates files. The instructions also don't tell you where to download them from, but a quick Google search points you to the right location.
Installation and deployment
I installed Chrome for Business on two Windows domains: One a Server 2008 R2-level domain, the other a Windows Server 2012-level domain.
I placed the downloaded MSI file in a network share within each domain – the share accessible to authenticated domain users. I then downloaded the Chrome ADMX template files (in a zipped folder) to use with Group Policy. Of course, if you are not working within a Windows domain and are using Google Apps, you will want to use the cloud-based IT tools supported in Google Apps environments and not Group Policy.
Once I downloaded the templates, I went into Group Policy Management and created a Group Policy Object which I named "Chrome." I linked that object to my domain, then I edited the new object and under "Software Settings" defined the UNC path to the .MSI file. You must use the UNC path in this scenario, a drive-letter path will not work.
Google instructs you to then use the Add/Remove templates feature in Group Policy to browse to the ADMX files for setting up the Chrome policies you want to push to clients. If you follow Google's documentation for doing so to the letter, you may end up frustrated. The documentation is sloppy and only shows adding the templates to a local machine, and not the entire domain.
When working with GP templates, I prefer dropping them into the %systemroot%\PolicyDefintions folder. When unzipped, the Chrome ADMX files reveal a language pack folder (for example, it’s en-US for US English). When copying ADMX files into the PolicyDefinition you will want to create that en-US (or whichever appropriate language) folder as a sub-folder under PolicyDefinitions, and drop in the accompanying ADML file that is part of the zipped package.
Once you've finished setup, you then go into Group Policy Edit. Under Administrative Templates you will now see a Google object. This is where you set a myriad of configuration options and policies for Chrome client installs.
Some of the policy settings include setting a default home page; preventing the New Tab window from opening; specifying how Google Frame handles various content; managing extensions; configuring Password Manager – and much more.
I specified a default home page, and to not allow a new tab to open when the user launches Chrome, and also enabled Password Manager for users. First, I checked to ensure each client automatically received the Chrome browser upon restart. I tested on a physical Windows 7 client in the Server 2008 R2 domain and a virtual Windows 8 guest running on Hyper-V R2 in the Server 2012 domain. Everything worked as expected. Both clients received the Chrome browser and the appropriate settings.
When uninstalling Chrome from a client, I discovered that performing an uninstall prevents Chrome from being automatically installed again when the client is rebooted. I had to go into the client's Registry and delete any keys related to the Chrome deployment policy. Once I did, Chrome was pushed out again to the clients. This may be fine in some cases where Chrome is no longer wanted on the client, but it's kind of a pain in case an admin has to uninstall and reinstall Chrome for troubleshooting purposes. I would prefer that the uninstallation process removed Chrome cleanly from the Windows registry.
There are obviously other ways to automate an install in a Windows domain – using scripting and batch files are typical methods. However, the ability to push out an install and pre-configure some very granular Chrome settings including managing updates (the quick update cycle of Chrome can sometimes frustrate IT managers) is invaluable with Chrome for Business.
By all means, if Chrome is in heavy use in an organisation, give Chrome for Business a try. One plus is that it works wonderfully with Windows domains.