How to configure group policy for Viio Browser Extension
This document provides step-by-step instructions on how enterprise administrators can automatically install the Viio extension and deliver customerKey and employeeEmail to the extension via managed storage. This ensures the extension automatically recognises the deploying customer and employee by reading the customer key and employee email from managed storage.
Browser extension automatic installation via Group Policy
This section explains how to set up Group Policy for automatic installation of Viio browser extension. By following these instructions, administrators can ensure a smooth and consistent deployment of the extension across all devices within their organisation, minimizing manual intervention.
Windows (Group Policy via GPMC)
Chrome browser
Prerequisites
Chrome ADMX templates must be available to the GPO editor. Make sure chrome administrative templates are imported to the Central Store (Domain Controllers). Once you have imported the template, you will be able to create GPO’es that set various settings in Google Chrome for your users in the Domain.
If Chrome ADMX templates are not installed please do the following steps:
Click Bundle 64 bit or Bundle 32 bit depending on your operating system
Extract downloaded zip file. Then copy files from GoogleChromeEnterpriseBundle64.zip\Configuration\admx folder and paste them to the folder C:\Windows\PolicyDefinitions
Steps
On an admin machine, open Group Policy Management. For example, using Run open gpmc.msc
Either edit an existing GPO or create a dedicated GPO and link it to the OU(s) that contain the target computers/users. It may be beneficial to use Default Domain Policy to target as many as possible devices
In the opened window select a scope - Computer Configuration.
In Computer Configuration section navigate to Administrative Templates -> Google -> Google Chrome -> Extensions
Double click on Configure the list of force-installed apps and extensions
In opened window switch to Enabled
In the options field click the Show button. Show Contents window will be opened
In Show Contents window input the following value depending on type of extension
Silent extension - nffjckgmpigfpkmamacllkakieaphfnm;https://clients2.google.com/service/update2/crx
Standard extension - fjambfppaeandondpbbjkggkabeccjmh;https://clients2.google.com/service/update2/crx
Click Apply and OK
Note: When changing/updating policies, it can take time to have it applied. Usually changes will be applied after a computer has been restarted.
Edge browser
Prerequisites
Edge ADMX templates available to the GPO editor. Make sure chrome administrative templates are imported to the Central Store (Domain Controllers). Once you have imported the template, you will be able to create GPO’es that set various settings in Edge for your users in the Domain.
If Edge ADMX templates are not installed please do the following steps:
Go to Edge installation page https://aka.ms/EdgeEnterprise
Scroll down to older versions download, select necessary options and click Get policy files
Extract content from downloaded file. Then copy content of the folder MicrosoftEdgePolicyTemplates.zip\windows\admx and paste to the folder C:\Windows\PolicyDefinitions
Steps
Steps are similar to one for chrome except location of edge settings
On a domain controller machine, open Group Policy Management Console. For example, using Run open gpmc.msc
Either edit an existing GPO or create a dedicated GPO and link it to the OU(s) that contain the target computers/users. It may be beneficial to use Default Domain Policy to target as many as possible devices
In the opened window select a scope - Computer Configuration
In Computer Configuration section navigate to Administrative Templates -> Microsoft Edge -> Extensions
Double click on Configure which extensions are installed silently
In the opened window switch to Enabled
In the options field click the Show button. Show Contents window will be opened
In Show Contents window input the following value depending on type of extension
Silent extension - nffjckgmpigfpkmamacllkakieaphfnm;https://clients2.google.com/service/update2/crx
Standard extension - fjambfppaeandondpbbjkggkabeccjmh;https://clients2.google.com/service/update2/crx
Click Apply and Ok
Browser extension policy configuration
This section explains how to set up Group Policy to deliver customerKey the extension via managed storage.
Windows (Group Policy via GPMC)
Steps
Download Viio Administrative Templates
Copy from downloaded folder viio.admx file and en-US folder and paste them to C:\Windows\PolicyDefinitions
On a domain controller machine, open Group Policy Management. For example, using Run open gpmc.msc
Either edit an existing GPO or create a dedicated GPO and link it to the Organizational Unit(s) that contain the target computers/users. It may be beneficial to use Default Domain Policy to target as many as possible devices
In the opened window select a scope - Computer Configuration.
In the Computer Configuration section navigate to Administrative Templates -> Viio -> Extensions. Then navigate to the appropriate type of extension (Silent or Standard) and set Customer Key setting both for Chrome and Edge.
In the opened window switch to Enabled and specify your customer key
Click Apply and OK
Windows (Group Policy via Registry)
On Windows, Google Chrome and Edge browser read extension policies from the registry. You can use Group Policy (or directly edit the registry) to set the customerKey and employeeEmail for the extension:
Create the following registry key (if it doesn’t exist):
For Chrome: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome\3rdparty\extensions\BROWSER_EXTENSION_ID\policy.
For Edge HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Edge\3rdparty\extensions\BROWSER_EXTENSION_ID\policy.
Add the customerKey and employeeEmail values under the above key.
Name: customerKey
Type: REG_SZ (String)
Data: your customer key
Name: employeeEmail
Type: REG_SZ (String)
Data: employee email
You can do this manually via regedit or via PowerShell to apply policy in an automated way by running script on multiple devices. For example, using PowerShell (run as Administrator, replace extension ID accordingly):
New-Item -Path "HKLM:\SOFTWARE\Policies\Google\Chrome\3rdparty\extensions\BROWSER_EXTENSION_ID\policy" -Force
New-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Google\Chrome\3rdparty\extensions\BROWSER_EXTENSION_ID\policy" -Name "customerKey" -Value "YOUR_CUSTOMER_KEY" -PropertyType String -Force
New-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Google\Chrome\3rdparty\extensions\BROWSER_EXTENSION_ID\policy" -Name "employeeEmail" -Value "EMPLOYEE_EMAIL" -PropertyType String -Force
This will create the policy entry for the extension and set customerKey and employeeEmail.
Verify in Chrome: Launch Chrome and navigate to chrome://policy. You should see the extension’s ID or name listed, with the customerKey policy value displayed. Chrome lists policies for extensions that support managed storage on this page (If the policy does not appear, try clicking “Reload policies” on that page.) Note: Extension should be installed before verifying the policy.
macOS (Managed Preferences / Configuration Profile)
On macOS, Chrome extension policies are delivered via macOS “managed preferences” (configuration profiles). You will create a property list (plist) defining customerKey and employeeEmail and load it as a device or user policy. There are two main approaches:
Using an MDM/Configuration Profile (Recommended): If you have a Mac management solution (Jamf, Intune, etc.), create a configuration profile with the Preference Domain set to
for Standard Browser Extension: com.google.Chrome.extensions.nffjckgmpigfpkmamacllkakieaphfnm
for Silent Browser Extension: com.google.Chrome.extensions.fjambfppaeandondpbbjkggkabeccjmh
Under that, define customerKey and employeeEmail with your customer key and employee email respectively. Deploy this profile to your Macs. (The MDM will handle marking it as a “forced” policy.)
Using Terminal (Manual MCX import): For testing or small deployments without MDM, you can import a plist using the dscl command.
Steps to configure via Terminal (Manual MCX import)
Create the plist: Using a text editor, create a file (e.g., customerKey_policy.plist) with the following content (replace the extension ID and values accordingly):
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN"
<plist version="1.0">
<dict>
<key>com.google.Chrome.extensions.BROWSER_EXTENSION_ID</key>
<!-- Standard Browser Extension ID: nffjckgmpigfpkmamacllkakieaphfnm -->
<!-- Silent Browser Extension ID: fjambfppaeandondpbbjkggkabeccjmh -->
<dict>
<key>customerKey</key>
<dict>
<key>state</key>
<string>always</string>
<key>value</key>
<string>REPLACE_WITH_YOUR_CUSTOMER_KEY</string>
</dict>
<key>employeeEmail</key>
<dict>
<key>state</key>
<string>always</string>
<key>value</key>
<string>REPLACE_WITH_EMPLOYEE_EMAIL</string>
</dict>
</dict>
</dict>
</plist>
In this plist, the top-level key is the Chrome extension’s preference domain (which includes the extension’s ID). Under it, we define customerKey.
Import the plist into Managed Preferences: Run the following in Terminal (with an admin account) to import this as a device policy:
sudo dscl -u <admin_username> /Local/Default -mcximport /Computers/local_computer customerKey_policy.plist
Replace <admin_username> with an administrator’s username, and adjust the path to your plist file. This command attaches the plist as a managed preference for the “local_computer” (i.e. all users on this Mac).
If you get an error about an invalid path or the computer node not existing, you may need to create a local computer record. See steps below.
Steps to create local computer record (if missed)
Run the block below exactly once (replace admin_username with a local administrator’s short name). It creates the record and gives it a GUID and the Mac’s primary MAC address, which macOS expects. (If your primary network interface is not en0—common on some Mac mini/Studio builds—replace en0 with the correct interface, e.g. en1.)
# Collect identifiers
GUID=$(uuidgen)
ETHER=$(ifconfig en0 | awk '/ether/ {print $2}')
# Create the computer record and essential attributes
sudo dscl -u admin_username /Local/Default -create /Computers/local_computer
sudo dscl -u admin_username /Local/Default -create /Computers/local_computer RealName "Local Computer"
sudo dscl -u admin_username /Local/Default -create /Computers/local_computer GeneratedUID "$GUID"
sudo dscl -u admin_username /Local/Default -create /Computers/local_computer ENetAddress "$ETHER"
After that repeat the import (add sudo if you used it above):
sudo dscl -u admin_username /Local/Default -mcximport /Computers/local_computer /path/to/customerKey_policy.plist
You should no longer receive an “Invalid Path” message.
Force macOS to apply the new managed preference by running the following command (or simply log out/in or reboot).
sudo mcxrefresh -n "$USER"
Policy creation validation
Validate that the policy really landed
dscl . -mcxread /Computers/local_computer
It should return created policy similar to
App domain: com.google.Chrome.extensions.fjambfppaeandondpbbjkggkabeccjmh
Key: customerKey
State: always
Value: ABC12345
App domain: com.google.Chrome.extensions.fjambfppaeandondpbbjkggkabeccjmh
Key: employeeEmail
State: always
Value: [email protected]
Validate the browser can see the policy.
Open chrome://policy and verify that a new section with browser extension is presented with the created policy. Note: make sure browser extension is installed in Chrome