Skip to content

Deploying Using Microsoft SCCM for Chrome on Windows

  1. Open the SCCM console on your administrative workstation.
  2. Go to Assets and Compliance > Compliance Settings > Configuration Items.
  3. Select Create Configuration Item.
  4. In the Name field, enter a name to identify the configuration item.
  5. Select Next.
  6. Select the desired platforms for which this configuration will apply.
  7. Select Next.
  8. Select New to create a new setting.

  9. In the New Settings window, complete the following:

    • In the Name field, enter ExtensionInstallForcelist.
    • In the Description field, enter SAAM Browser Extension.
    • In the Key Name field, enter Software\Policies\Google\Chrome\ExtensionInstallForcelist.
    • In the Value Name field, enter 1.

    Note

    This number must be unique. If you have added other extensions, this number should be incremented accordingly.

  10. Select OK.

  11. Select the Compliance Rules tab, and select New.
  12. In the Create window, complete the following:
    • In the Name field, enter SAAM Security Extension Compliance Rule.
    • In the Description field, enter SAAM Browser Extension.
    • In the the following values: field, enter the value ckdibgmbbhmafmjpjmknleccgcddanan;https://extension.savvy.security/update.xml.
    • Select Remediate noncompliant rules when supported.
    • Select Report noncompliance if this setting instance is not found.
  13. Select OK to close the window.
  14. Select OK to create the new compliance rule.
  15. Select Assets and Compliance > Compliance Settings > Configuration Baselines.
  16. Select Create Configuration Baseline.
  17. In the Name field, enter a name to identify the configuration baseline.
  18. Select Add > Configuration Item.
  19. Select the SAAM Browser Extension Configuration Item, and select OK.
  20. Select OK to complete the new configuration baseline.

  21. Deploy the configuration baseline containing the SAAM Browser Extension Configuration Item and complete the following:

    • Select Remediate noncompliant rules when supported.
    • In the Schedule section, set the schedule to the desired value.

    Note

    Group policies update, by default, every 90 minutes. If this is replacing a GPO, consider lowering the policies update interval.

  22. Select OK.

  23. Once SCCM has updated its policies, verify that Chrome is now managed on endpoints:
    • Open a Chrome and browse to chrome://policy.
    • Verify under Chrome Policies you can see the ExtensionInstallForcelistDesc policy name with the following value: ckdibgmbbhmafmjpjmknleccgcddanan;https://extension.savvy.security/update.xml.