cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Pravas
Employee
Employee
Report Inappropriate Content
Message 1 of 2

How to enforce WebControl Extensions on Supported Browsers

ENS WebControl uses an extension on supported browsers to manage sites. Often its required to prevent users from Disabling/Uninstalling WebControl Extensions.

KB87568 outlines key configuration to be used in GPO policies.

We will see how to use GPO configuration to enforce WebControl Extensions on Supported Browsers.

Note:- GPO configuration are beyond the scope of technical support.  Configurations for browsers has to be manually downloaded in the form of ADMX. We do Not take responsibility for any issues caused by Misconfiguration.

Computer Based GPO policies are used for the purpose of this demonstration. The same should also apply to User Based GPO policies.

Before proceeding, please ensure ENS WebControl module is installed successfully on the target systems.

Internet Explorer

It can be managed via Web Control Policy. No GPO configuration required

1. On ePO, navigate to Menu > Policy Catalog
2. Under Products. Select Endpoint Security Web Control
3. Expand Options. Click Edit next to the Policy in use
4. Select the Configuration as shown below and Save

ePO_IE.png

5. Systems will take in the policy changes as per Agent-Server communication (Default time 60mins). Alternatively, send a wake-up Agent task to the desired system.

 

Microsoft Edge

1. Follow the URL below for Edge ADMX files

_https_://_www.microsoft.com/en-us/edge/business/download

* Remove _ from the URL

2. Download latest Policy File available for Edge. Click on Windows 64-bit Policy

Edge_PolicyFiles.jpg

3. It downloads MicrosoftEdgePolicyTemplates.cab
4. Double click the file and choose a location to extract
5. Then extract MicrosoftEdgePolicyTemplates.zip file to access the path - \EdgePolicyFiles\MicrosoftEdgePolicyTemplates\windows\ADMX

6. Create PolicyDefinitions folder under C:\Windows\SYSVOL\domain\Policies on AD Server if it doesn’t exist.
7. Copy the following files from ADMX folder (Step 5) to PolicyDefinitions

Edge_Configuration.jpg

8. Open Group Policy Management and access the policy files

Edge_GPO.jpg

9. Double Click Control which extensions are installed silently
10. Choose Enabled and click on Show. Enter the following Text in Show Contents

bnloapiedmegfapoomlbhpnkipeekgfo;_https_://_edge.microsoft.com/extensionwebstorebase/v1/crx

* Remove _ from the text above. Use as shown in screenshot below.

EDGE_Policy_Page.jpg

11. Click Ok & then Apply & OK to save the changes
12. Run gpupdate /force on the client to enforce the policies


GoogleChrome

1. Follow the URL below for Chrome ADMX files.

_https_://_support.google.com/chrome/a/answer/187202?hl=en

* Remove _ from the URL

2. Click on Zip file of Google Chrome templates as shown below. It downloads policy_templates.zip

Chrome_Templates.jpg

3. Extract it to a folder. Access the path \policy_templates\windows\admx
4. Copy following files to C:\Windows\SYSVOL\domain\Policies\PolicyDefinitions on AD Server

Chrome_Admx.png

5. Open Group Policy Management and configure policies

Chrome_Policies.jpg


6. Double Click Configure the list of force-installed apps and extensions

Chrome_Policies1.jpg


7. Choose Enabled and click on Show. Enter the following Text in Show Content

jjkchpdmjjdmalgembblgafllbpcjlei;_https_://_clients2.google.com/service/update2/crx

* Remove _ from the text above. Use as shown in screenshot below.

8. Click Ok & then Apply & OK to save the changes
9. Run gpupdate /force on the client to enforce the policies


Mozilla Firefox

1. Follow the link below to download configuration files for Firefox

_https_://_github.com/mozilla/policy-templates/releases

* Remove _ from the URL

2. Download Policy_templates_<VersionNo.>.zip

Firefox_Policy_Files.jpg

3. Extract Policy_templates_<VersionNo.>.zip and access path \windows

Firefox_Policy_Extract.jpg

4. Copy the following to C:\Windows\SYSVOL\domain\Policies\PolicyDefinitions on AD Server
5. Open Group Policy Management to configure policies
6. Double Click Extensions to Install 

Firefox_Extentions to install.jpg


7. Choose Enabled. Then click Show. Enter the following values under Show Contents


C:\Program Files\McAfee\Endpoint Security\Web Control\e10swcffplg.xpi
C:\Program Files (x86)\McAfee\Endpoint Security\Web Control\e10swcffplg.xpi

Firefox_Values.jpg

8. Click Ok , then Apply and Ok.
9. In the same Policy Page. Double Click Prevent Extensions from being disabled or removed

Firefox_PreventExtensions.jpg


10. Choose Enabled. Then click Show. Enter the following values under Show Contents

{cb40da56-497a-4add-955d-3377cae4c33b}

11. Click Ok & then Apply & OK to save the changes

Firefox_Show_Contents.jpg
12. Run gpupdate /force on the client to enforce the policies

The above configuration should help restrict users from disabling/uninstalling extensions from browsers.

Extensions may not be enforced in Private/Incognito Mode. Its a browser design and only option is to disable Private Mode altogether.

To disable Private/Incognito Mode. Refer the Screenshots below.

1. Microsoft Edge

Edge_In_Private.jpg

2. Google Chrome

Chrome_Incognito.jpg

3. Mozilla Firefox

Firefox_Private.jpg

Please update GPO policies on the system (gpupdate /force) for the changes to take effect.

These configurations can also be used on a Workgroup system. The policy files (ADMX) needs to copied to C:\Windows\PolicyDefinitions. Then follow the instructions as explained above.

If there are any suggestions, please send a private message on community.

Thanks

Was my reply helpful?
If you find this post useful, Please give it a Kudos! Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!

1 Reply
Pravas
Employee
Employee
Report Inappropriate Content
Message 2 of 2

Re: How to enforce WebControl Extensions on Supported Browsers

*****The post was created as a reference guide to KB87568****

Was my reply helpful?
If you find this post useful, Please give it a Kudos! Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use our Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from product experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by employees.
Join the Community
Join the Community