Toggle navigation
Group Policy Home
Google Chrome Enterprise
(current)
English (United Kingdom)
German (Germany)
Deutsch (Deutschland)
English (United States)
English (United States)
Spanish (Latin America)
Español (América Latina)
Spanish (Spain, International Sort)
Español (España, alfabetización internacional)
French (France)
français (France)
Indonesian (Indonesia)
Bahasa Indonesia (Indonesia)
Italian (Italy)
italiano (Italia)
Japanese (Japan)
日本語 (日本)
Korean (Korea)
한국어 (대한민국)
Dutch (Netherlands)
Nederlands (Nederland)
Portuguese (Brazil)
Português (Brasil)
Russian (Russia)
русский (Россия)
Thai (Thailand)
ไทย (ไทย)
Turkish (Turkey)
Türkçe (Türkiye)
Ukrainian (Ukraine)
українська (Україна)
Vietnamese (Vietnam)
Tiếng Việt (Việt Nam)
Chinese (Simplified, PRC)
中文(中华人民共和国)
Chinese (Traditional, Taiwan)
中文(台灣)
Search
DHEEnabled
Supported on:
SUPPORTED_WIN7
Registry Hive
HKEY_LOCAL_MACHINE or HKEY_CURRENT_USER
Registry Path
Software\Policies\Google\Chrome
Value Name
DHEEnabled
Value Type
REG_DWORD
Enabled Value
1
Disabled Value
0
chrome.admx
Administrative Templates (Computers)
Google
Google Chrome - Default Settings (users can override)
Content Settings
Register protocol handlers
Default search provider
Default search provider encodings
Default search provider icon
Default search provider keyword
Default search provider name
Default search provider new tab page URL
Default search provider search URL
Default search provider suggest URL
Enable the default search provider
List of alternative URLs for the default search provider
Parameter providing search-by-image feature for the default search provider
Parameters for image URL which uses POST
Parameters for search URL which uses POST
Parameters for suggest URL which uses POST
Deprecated policies
Enable AutoFill
Enable Safe Browsing
Password manager
Enable leak detection for entered credentials
Enable saving passwords to the password manager
Printing
Print Headers and Footers
Use System Default Printer as Default
Removed policies
Clear site data on browser shutdown (deprecated)
Default search provider instant URL
Enable Instant
Enable network prediction.
Parameter controlling search term placement for the default search provider
Parameters for instant URL which uses POST
Safe Browsing settings
Safe Browsing Protection Level
Startup, Home page and New Tab page
Action on start-up
Configure the home page URL
Show Home button on the toolbar
URLs to open on start-up
Use New Tab Page as homepage
Allow default search provider context menu search access
Allow download restrictions
Always Open PDF files externally
Application locale
Block third-party cookies
Continue running background apps when Google Chrome is closed
Enable alternate error pages
Enable AutoFill for addresses
Enable AutoFill for credit cards
Enable Bookmark Bar
Enable network prediction.
Enable or disable spell checking web service
Enable reporting of usage and crash-related data
Enable search suggestions
Enable Translate
Import autofill form data from default browser on first run
Import bookmarks from default browser on first run
Import browsing history from default browser on first run
Import saved passwords from default browser on first run
Import search engines from default browser on first run
SafeBrowsing enable state for trusted sources
Set default download directory
Set download directory
Show Full URLs
Google Chrome
Configure remote access options
Allow remote access connections to this machine
Allow remote access users to transfer files to/from the host
Allow remote users to interact with elevated windows in remote assistance sessions
Configure the required domain names for remote access clients
Configure the required domain names for remote access hosts
Enable curtaining of remote access hosts
Enable firewall traversal from remote access host
Enable or disable PIN-less authentication for remote access hosts
Enable the use of relay servers by the remote access host
Maximum session duration allowed for remote access connections
Restrict the UDP port range used by the remote access host
Content Settings
Allow access to sensors on these sites
Allow cookies on these sites
Allow images on these sites
Allow insecure content on these sites
Allow JavaScript on these sites
Allow JavaScript to use JIT on these sites
Allow notifications on these sites
Allow pop-ups on these sites
Allow read access via the File System API on these sites
Allow session only cookies on these sites
Allow the File Handling API on these web apps
Allow the Serial API on these sites
Allow WebUSB on these sites
Allow write access to files and directories on these sites
Automatically grant permission to these sites to connect to USB devices with the given vendor and product IDs.
Automatically select client certificates for these sites
Block access to sensors on these sites
Block cookies on these sites
Block images on these sites
Block insecure content on these sites
Block JavaScript from using JIT on these sites
Block JavaScript on these sites
Block notifications from these sites
Block pop-ups on these sites
Block read access via the File System API on these sites
Block the File Handling API on these web apps
Block the Serial API on these sites
Block WebUSB on these sites
Block write access to files and directories on these sites
Control use of insecure content exceptions
Control use of JavaScript JIT
Control use of the File Handling API
Control use of the File System API for reading
Control use of the File System API for writing
Control use of the Serial API
Control use of the Web Bluetooth API
Control use of the WebUSB API
Default cookies setting
Default geolocation setting
Default images setting
Default JavaScript setting
Default notification settings
Default sensors setting
Revert to legacy SameSite behavior for cookies on these sites
setting
Default search provider
Default search provider encodings
Default search provider icon
Default search provider keyword
Default search provider name
Default search provider new tab page URL
Default search provider search URL
Default search provider suggest URL
Enable the default search provider
List of alternative URLs for the default search provider
Parameter providing search-by-image feature for the default search provider
Parameters for image URL which uses POST
Parameters for search URL which uses POST
Parameters for suggest URL which uses POST
Deprecated policies
Address or URL of proxy server
Allow media autoplay on a whitelist of URL patterns
Allows access to a list of URLs
Allow sign in to Google Chrome
Authentication server whitelist
Block access to a list of URLs
Choose how to specify proxy server settings
Choose how to specify proxy server settings
Configure extension installation blacklist
Configure extension installation whitelist
Configure native messaging blacklist
Configure native messaging whitelist
Configure the list of domains on which Safe Browsing will not trigger warnings.
Configure the required domain name for remote access clients
Configure the required domain name for remote access hosts
Control the User-Agent Client Hints feature.
Default mediastream setting
Disable Developer Tools
Disable URL protocol schemes
Enable AutoFill
Enable Incognito mode
Enable JavaScript
Enable Native Window Occlusion
Enable Safe Browsing
Enables force sign in for Google Chrome
Enable stricter treatment for mixed content
Force disable spellcheck languages
Force SafeSearch
Force YouTube Safety Mode
Kerberos delegation server whitelist
Origins or hostname patterns for which restrictions on insecure origins should not apply
Proxy bypass rules
URL to a proxy .pac file
Extensions
Blocks external extensions from being installed
Configure allowed app/extension types
Configure extension, app, and user script install sources
Configure extension installation allow list
Configure extension installation blocklist
Configure the list of force-installed apps and extensions
Extension management settings
Google Cast
Enables Google Cast
Shows the Google Cast toolbar icon
Legacy Browser Support
Alternative browser to launch for configured websites.
Command-line parameters for switching from the alternative browser.
Command-line parameters for the alternative browser.
Delay before launching alternative browser (milliseconds)
Enable the Legacy Browser Support feature.
Keep last tab open in Chrome.
Path to Chrome for switching from the alternative browser.
URL of an XML file that contains URLs that should never trigger a browser switch.
URL of an XML file that contains URLs to load in an alternative browser.
Use Internet Explorer's SiteList policy for Legacy Browser Support.
Websites that should never trigger a browser switch.
Websites to open in alternative browser
Native Messaging
Allow user-level Native Messaging hosts (installed without admin permissions)
Configure native messaging allowlist
Configure native messaging blocklist
Password manager
Enable leak detection for entered credentials
Enable saving passwords to the password manager
Policies for HTTP authentication
Allow Basic authentication for HTTP
Authentication server allowlist
Cross-origin HTTP Basic Auth prompts
Disable CNAME lookup when negotiating Kerberos authentication
Include non-standard port in Kerberos SPN
Kerberos delegation server allowlist
Supported authentication schemes
Printing
Default background graphics printing mode
Default printer selection rules
Default printing page size
Disable printer types on the deny list
Disable Print Preview
Enable Google Cloud Print proxy
Enable printing
Enable submission of documents to Google Cloud Print
Print Headers and Footers
Print Rasterization Mode
Restrict background graphics printing mode
Use System Default Printer as Default
Removed policies
Additional command line parameters for Google Chrome
Allow background tabs freeze
Allow Google Chrome Frame to handle the listed content types
Allow insecure algorithms in integrity checks on extension updates and installs
Allow key generation on these sites
Allow running plug-ins that are outdated
Allows a page to show popups during its unloading
Allow sites to simultaneously navigate and open pop-ups
Allow the Flash plug-in on these sites
Allow users to opt in to Safe Browsing extended reporting
Allow users to show passwords in Password Manager (deprecated)
Allow WebDriver to Override Incompatible Policies
Always render the following URL patterns in Google Chrome Frame
Always render the following URL patterns in the host browser
Always runs plug-ins that require authorisation
Block key generation on these sites
Block the Flash plug-in on these sites
Clear site data on browser shutdown (deprecated)
Configure the TalkGadget prefix for remote access hosts
Default Flash setting
Default HTML renderer for Google Chrome Frame
Default key generation setting
Default legacy SameSite cookie behavior setting
Default search provider instant URL
Disable SPDY protocol
Disable TLS False Start
Enable a TLS 1.3 security feature for local trust anchors.
Enable chrome://devices
Enable CORS check mitigations in the new CORS implementation
Enable creation of supervised users
Enable deprecated web platform features for a limited time
Enable firewall traversal from remote access client
Enable Instant
Enable network prediction.
Enable PAC URL stripping (for https://)
Enable sending downloads to Google for deep scanning for users enrolled in the Advanced Protection program
Enable showing the welcome page on the first browser launch following OS upgrade
Enables HTTP/0.9 support on non-default ports
Enable the old web-based signin flow
Enable trust in Symantec Corporation's Legacy PKI Infrastructure
Enable two-factor authentication for remote access hosts
Enterprise web store name (deprecated)
Enterprise web store URL (deprecated)
Extend Flash content setting to all content (deprecated)
finder should be disabled
Force networking code to run in the browser process
Maximum SSL version enabled
Minimum TLS version to fallback to
Parameter controlling search term placement for the default search provider
Parameters for instant URL which uses POST
Policy overrides for Debug builds of the remote access host
Prevent app promotions from appearing on the new tab page
Re-enable Web Components v0 API until M84.
Set Google Chrome Frame user data directory
Set media disk cache size in bytes
Skip the meta tag check in Google Chrome Frame
Specify a list of disabled plug-ins
Specify a list of enabled plug-ins
Specify a list of plug-ins that the user can enable or disable
Suppress Google Cloud Print deprecation messages
Suppress the Google Chrome Frame turn-down prompt
The enrollment token of cloud policy on desktop
Use a default referrer policy of no-referrer-when-downgrade.
Use Legacy Form Controls until M84.
Use the legacy CORS implementation rather than new CORS
Whether DHE cipher suites in TLS are enabled
Whether RC4 cipher suites in TLS are enabled
Whether SHA-1 signed certificates issued by local trust anchors are allowed
Whether to allow certificates issued by local trust anchors that are missing the subjectAlternativeName extension
Safe Browsing settings
Configure the change password URL.
Configure the list of domains on which Safe Browsing will not trigger warnings.
Configure the list of enterprise login URLs where password protection service should capture salted hashes of passwords.
Enable Safe Browsing Extended Reporting
Password protection warning trigger
Safe Browsing Protection Level
Startup, Home page and New Tab page
Action on start-up
Configure the home page URL
Configure the New Tab page URL
Show Home button on the toolbar
URLs to open on start-up
Use New Tab Page as homepage
Abusive Experience Intervention Enforce
Ads setting for sites with intrusive ads
Allow access to a list of URLs
Allow collection of WebRTC event logs from Google services
Allow default search provider context menu search access
Allow Dinosaur Easter Egg Game
Allow DNS queries for additional DNS record types
Allow download restrictions
Allow fullscreen mode
Allow Google Cast to connect to Cast devices on all IP addresses.
Allow invocation of file selection dialogues
Allow legacy TLS/DTLS downgrade in WebRTC
Allow media autoplay
Allow media autoplay on a allowlist of URL patterns
Allow merging dictionary policies from different sources
Allow merging list policies from different sources
Allow or deny audio capture
Allow or deny screen capture
Allow or deny video capture
Allow proceeding from the SSL warning page
Allow proceeding from the SSL warning page on specific origins
Allow queries to a Google time service
Allow remote debugging
Allows a page to perform synchronous XHR requests during page dismissal.
Allows QUIC protocol
Allows the AppCache feature to be re-enabled even if it is off by default.
Allow the audio process to run with priority above normal on Windows
Allow the audio sandbox to run
Allow the listed sites to make requests to more-private network endpoints from insecure contexts.
Allow user feedback
Allow users to customize the background on the New Tab page
Allow websites to query for available payment methods.
Always Open PDF files externally
Application locale
Ask where to save each file before downloading
Block access to a list of URLs
Block third-party cookies
Browser experiments icon in toolbar
Browser sign in settings
Browsing Data Lifetime Settings
CECPQ2 post-quantum key-agreement enabled for TLS
Clear Browsing Data on Exit
Configure list of force-installed Web Apps
Configure the color of the browser's theme
Configure the content and order of preferred languages
Continue running background apps when Google Chrome is closed
Control how Chrome Cleanup reports data to Google
Control SafeSites adult content filtering.
Controls the mode of DNS-over-HTTPS
Control the IntensiveWakeUpThrottling feature.
Control use of the Headless Mode
Control where Developer Tools can be used
Define a list of protocols that can launch an external application from listed origins without prompting the user
Define domains allowed to access Google Apps
Determine the availability of variations
Disable Certificate Transparency enforcement for a list of Legacy Certificate Authorities
Disable Certificate Transparency enforcement for a list of subjectPublicKeyInfo hashes
Disable Certificate Transparency enforcement for a list of URLs
Disable proceeding from the Safe Browsing warning page
Disable saving browser history
Disable support for 3D graphics APIs
Disable synchronisation of data with Google
Disable taking screenshots
DNS interception checks enabled
Do not set window.opener for links targeting _blank
Enable 3DES cipher suites in TLS
Enable additional protections for users enrolled in the Advanced Protection program
Enable add person in user manager
Enable alternate error pages
Enable Ambient Authentication for profile types.
Enable AutoFill for addresses
Enable AutoFill for credit cards
Enable Bookmark Bar
Enable Chrome Cleanup on Windows
Enable deleting browser and download history
Enable deprecated privet printing
Enable desktop sharing in the omnibox and 3-dot menu
Enable Get Image Descriptions from Google.
Enable globally scoped HTTP auth cache
Enable guest mode in browser
Enable lock icon in the omnibox for secure connections
Enable mandatory cloud management enrollment
Enable Media Recommendations
Enable network prediction.
Enable or disable spell checking web service
Enable Renderer Code Integrity
Enable reporting of usage and crash-related data
Enables component updates in Google Chrome
Enable scrolling to text specified in URL fragments
Enable search suggestions
Enable security warnings for command-line flags
Enables ending processes in Task Manager
Enables experimental policies
Enable showing full-tab promotional content
Enable Signed HTTP Exchange (SXG) support
Enable signin interception
Enable Site Isolation for every site
Enable Site Isolation for specified origins
Enables managed extensions to use the Enterprise Hardware Platform API
Enables merging of user cloud policies into machine-level policies
Enables or disables bookmark editing
Enable spellcheck
Enables the concept of policy atomic groups
Enable the Click to Call Feature
Enable the creation of roaming copies for Google Chrome profile data
Enable the Shared Clipboard Feature
Enable third party software injection blocking
Enable Translate
Enable URL-keyed anonymized data collection
Enable warnings for insecure forms
Enable Window Occlusion
Enable WPAD optimisation
Enforce browser guest mode
Ephemeral profile
Explicitly allowed network ports
Fetch keepalive duration on Shutdown
Force disable spellcheck languages
Force enable spellcheck languages
Force Google SafeSearch
Force minimum YouTube Restricted Mode
Google Chrome cloud policy overrides Platform policy.
Hide the web store from the New Tab Page and app launcher
Import autofill form data from default browser on first run
Import bookmarks from default browser on first run
Import browsing history from default browser on first run
Import of homepage from default browser on first run
Import saved passwords from default browser on first run
Import search engines from default browser on first run
Incognito mode availability
Intranet Redirection Behavior
Limits the number of user data snapshots retained for use in case of emergency rollback.
List of file types that should be automatically opened on download
List of names that will bypass the HSTS policy check
List of types that should be excluded from synchronization
Managed Bookmarks
Maximum fetch delay after a policy invalidation
Maximum number of concurrent connections to the proxy server
Minimum SSL version enabled
Notify a user that a browser relaunch or device restart is recommended or required
Origins or hostname patterns for which restrictions on insecure origins should not apply
Profile picker availability on startup
Proxy settings
Refresh rate for user policy
Restrict the range of local UDP ports used by WebRTC
Restrict which users are allowed to sign in to Google Chrome
SafeBrowsing enable state for trusted sources
Set disk cache directory
Set disk cache size in bytes
Set download directory
Set Google Chrome as Default Browser
Set limit on megabytes of memory a single Chrome instance can use.
Sets managed configuration values to websites to specific origins
Set the roaming profile directory
Set the time interval for relaunch
Set the time period for update notifications
Set user data directory
Show an "Always open" checkbox in external protocol dialog.
Show cards on the New Tab Page
Show Full URLs
Show the apps shortcut in the bookmark bar
Specifies whether SharedArrayBuffers can be used in a non cross-origin-isolated context
Specifies whether to allow insecure websites to make requests to more-private network endpoints
Specify URI template of desired DNS-over-HTTPS resolver
Suppress JavaScript Dialogs triggered from different origin subframes
Suppress lookalike domain warnings on domains
Suppress the unsupported OS warning
The enrollment token of cloud policy on desktop
The IP handling policy of WebRTC
URLs/domains automatically permitted direct Security Key attestation
URLs for which local IPs are exposed in WebRTC ICE candidates
URLs that will be granted access to audio capture devices without prompt
URLs that will be granted access to video capture devices without prompt
URLs where AutoOpenFileTypes can apply
Use built-in DNS client
Use hardware acceleration when available
Whether online OCSP/CRL checks are performed
Whether online OCSP/CRL checks are required for local trust anchors
Google Update
Applications
Gears
Allow installation
Rollback to Target version
Target Channel override
Target version prefix override
Update policy override
Google Advertising Cookie Opt-out Plugin
Allow installation
Rollback to Target version
Target Channel override
Target version prefix override
Update policy override
Google Amharic Input
Allow installation
Rollback to Target version
Target Channel override
Target version prefix override
Update policy override
Google Analytics Opt-out Browser Add-on (for Internet Explorer)
Allow installation
Rollback to Target version
Target Channel override
Target version prefix override
Update policy override
Google Arabic Input
Allow installation
Rollback to Target version
Target Channel override
Target version prefix override
Update policy override
Google Bengali Input
Allow installation
Rollback to Target version
Target Channel override
Target version prefix override
Update policy override
Google Chrome Beta
Allow installation
Rollback to Target version
Target Channel override
Target version prefix override
Update policy override
Google Chrome Binaries
Allow installation
Rollback to Target version
Target Channel override
Target version prefix override
Update policy override
Google Chrome Canary Build
Allow installation
Rollback to Target version
Target Channel override
Target version prefix override
Update policy override
Google Chrome Dev
Allow installation
Rollback to Target version
Target Channel override
Target version prefix override
Update policy override
Google Chrome Frame
Allow installation
Rollback to Target version
Target Channel override
Target version prefix override
Update policy override
Google Chrome
Allow installation
Rollback to Target version
Target Channel override
Target version prefix override
Update policy override
Google Credential Provider for Windows (GCPW)
Allow installation
Rollback to Target version
Target Channel override
Target version prefix override
Update policy override
Google Drive File Stream
Allow installation
Rollback to Target version
Target Channel override
Target version prefix override
Update policy override
Google Drive plug-in for Microsoft Office
Allow installation
Rollback to Target version
Target Channel override
Target version prefix override
Update policy override
Google Drive plug-in for Microsoft Office Per Machine
Allow installation
Rollback to Target version
Target Channel override
Target version prefix override
Update policy override
Google Earth (per-user install)
Allow installation
Rollback to Target version
Target Channel override
Target version prefix override
Update policy override
Google Earth
Allow installation
Rollback to Target version
Target Channel override
Target version prefix override
Update policy override
Google Earth Plugin
Allow installation
Rollback to Target version
Target Channel override
Target version prefix override
Update policy override
Google Earth Pro
Allow installation
Rollback to Target version
Target Channel override
Target version prefix override
Update policy override
Google Email Uploader
Allow installation
Rollback to Target version
Target Channel override
Target version prefix override
Update policy override
Google Farsi Input
Allow installation
Rollback to Target version
Target Channel override
Target version prefix override
Update policy override
Google Greek Input
Allow installation
Rollback to Target version
Target Channel override
Target version prefix override
Update policy override
Google Gujarati Input
Allow installation
Rollback to Target version
Target Channel override
Target version prefix override
Update policy override
Google Hangouts Plugin for Microsoft Outlook®
Allow installation
Rollback to Target version
Target Channel override
Target version prefix override
Update policy override
Google Hebrew Input
Allow installation
Rollback to Target version
Target Channel override
Target version prefix override
Update policy override
Google Hindi Input
Allow installation
Rollback to Target version
Target Channel override
Target version prefix override
Update policy override
Google Japanese Input
Allow installation
Rollback to Target version
Target Channel override
Target version prefix override
Update policy override
Google Kannada Input
Allow installation
Rollback to Target version
Target Channel override
Target version prefix override
Update policy override
Google Malayalam Input
Allow installation
Rollback to Target version
Target Channel override
Target version prefix override
Update policy override
Google Marathi Input
Allow installation
Rollback to Target version
Target Channel override
Target version prefix override
Update policy override
Google Nepali Input
Allow installation
Rollback to Target version
Target Channel override
Target version prefix override
Update policy override
Google Oriya Input
Allow installation
Rollback to Target version
Target Channel override
Target version prefix override
Update policy override
Google Punjabi Input
Allow installation
Rollback to Target version
Target Channel override
Target version prefix override
Update policy override
Google Russian Input
Allow installation
Rollback to Target version
Target Channel override
Target version prefix override
Update policy override
Google Sanskrit Input
Allow installation
Rollback to Target version
Target Channel override
Target version prefix override
Update policy override
Google Serbian Input
Allow installation
Rollback to Target version
Target Channel override
Target version prefix override
Update policy override
Google Sinhalese Input
Allow installation
Rollback to Target version
Target Channel override
Target version prefix override
Update policy override
Google Talk Labs Edition
Allow installation
Rollback to Target version
Target Channel override
Target version prefix override
Update policy override
Google Talk Plugin (Voice and Video Chat)
Allow installation
Rollback to Target version
Target Channel override
Target version prefix override
Update policy override
Google Tamil Input
Allow installation
Rollback to Target version
Target Channel override
Target version prefix override
Update policy override
Google Telugu Input
Allow installation
Rollback to Target version
Target Channel override
Target version prefix override
Update policy override
Google Tigrinya Input
Allow installation
Rollback to Target version
Target Channel override
Target version prefix override
Update policy override
Google Toolbar (for Firefox)
Allow installation
Rollback to Target version
Target Channel override
Target version prefix override
Update policy override
Google Toolbar (for Internet Explorer)
Allow installation
Rollback to Target version
Target Channel override
Target version prefix override
Update policy override
Google Urdu Input
Allow installation
Rollback to Target version
Target Channel override
Target version prefix override
Update policy override
GWT Developer Plugin For Internet Explorer
Allow installation
Rollback to Target version
Target Channel override
Target version prefix override
Update policy override
Legacy Browser Support
Allow installation
Rollback to Target version
Target Channel override
Target version prefix override
Update policy override
O3D Extras
Allow installation
Rollback to Target version
Target Channel override
Target version prefix override
Update policy override
O3D
Allow installation
Rollback to Target version
Target Channel override
Target version prefix override
Update policy override
Allow installation default
Update policy override default
Preferences
Auto-update check period override
Cloud Policy takes precedence over Group Policy
Download URL class override
Time period in each day to suppress auto-update check
Proxy Server
Address or URL of proxy server
Choose how to specify proxy server settings
URL to a proxy .pac file
Legacy Browser Support
Alternative Browser Arguments
Alternative Browser Path
Chrome Arguments
Chrome Path
Hosts that Should not Trigger a Transition in Either Browser
Hosts to Open in the Alternative Browser
Keep Last Chrome Tab on Transition
Show Transition Screen in Chrome for Some Time
Use IE Enterprise Mode Site List Policy
User-Agent Switcher for Chrome
Allow the user to specify user agent overrides for managed pages
Allow users to customize options in "Other settings"
Allow users to define custom permanent spoofs
Allow users to define custom user agents
Change the user agent string per tab
Custom user-agent list
Send error reports from the extension
Administrative Templates (Users)
Google
Google Chrome - Default Settings (users can override)
Content Settings
Register protocol handlers
Default search provider
Default search provider encodings
Default search provider icon
Default search provider keyword
Default search provider name
Default search provider new tab page URL
Default search provider search URL
Default search provider suggest URL
Enable the default search provider
List of alternative URLs for the default search provider
Parameter providing search-by-image feature for the default search provider
Parameters for image URL which uses POST
Parameters for search URL which uses POST
Parameters for suggest URL which uses POST
Deprecated policies
Enable AutoFill
Enable Safe Browsing
Password manager
Enable leak detection for entered credentials
Enable saving passwords to the password manager
Printing
Print Headers and Footers
Use System Default Printer as Default
Removed policies
Clear site data on browser shutdown (deprecated)
Default search provider instant URL
Enable Instant
Enable network prediction.
Parameter controlling search term placement for the default search provider
Parameters for instant URL which uses POST
Safe Browsing settings
Safe Browsing Protection Level
Startup, Home page and New Tab page
Action on start-up
Configure the home page URL
Show Home button on the toolbar
URLs to open on start-up
Use New Tab Page as homepage
Allow default search provider context menu search access
Allow download restrictions
Always Open PDF files externally
Application locale
Block third-party cookies
Continue running background apps when Google Chrome is closed
Enable alternate error pages
Enable AutoFill for addresses
Enable AutoFill for credit cards
Enable Bookmark Bar
Enable network prediction.
Enable or disable spell checking web service
Enable reporting of usage and crash-related data
Enable search suggestions
Enable Translate
Import autofill form data from default browser on first run
Import bookmarks from default browser on first run
Import browsing history from default browser on first run
Import saved passwords from default browser on first run
Import search engines from default browser on first run
SafeBrowsing enable state for trusted sources
Set default download directory
Set download directory
Show Full URLs
Google Chrome
Configure remote access options
Allow remote access connections to this machine
Allow remote access users to transfer files to/from the host
Allow remote users to interact with elevated windows in remote assistance sessions
Configure the required domain names for remote access clients
Configure the required domain names for remote access hosts
Enable curtaining of remote access hosts
Enable firewall traversal from remote access host
Enable or disable PIN-less authentication for remote access hosts
Enable the use of relay servers by the remote access host
Maximum session duration allowed for remote access connections
Restrict the UDP port range used by the remote access host
Content Settings
Allow access to sensors on these sites
Allow cookies on these sites
Allow images on these sites
Allow insecure content on these sites
Allow JavaScript on these sites
Allow JavaScript to use JIT on these sites
Allow notifications on these sites
Allow pop-ups on these sites
Allow read access via the File System API on these sites
Allow session only cookies on these sites
Allow the File Handling API on these web apps
Allow the Serial API on these sites
Allow WebUSB on these sites
Allow write access to files and directories on these sites
Automatically grant permission to these sites to connect to USB devices with the given vendor and product IDs.
Automatically select client certificates for these sites
Block access to sensors on these sites
Block cookies on these sites
Block images on these sites
Block insecure content on these sites
Block JavaScript from using JIT on these sites
Block JavaScript on these sites
Block notifications from these sites
Block pop-ups on these sites
Block read access via the File System API on these sites
Block the File Handling API on these web apps
Block the Serial API on these sites
Block WebUSB on these sites
Block write access to files and directories on these sites
Control use of insecure content exceptions
Control use of JavaScript JIT
Control use of the File Handling API
Control use of the File System API for reading
Control use of the File System API for writing
Control use of the Serial API
Control use of the Web Bluetooth API
Control use of the WebUSB API
Default cookies setting
Default geolocation setting
Default images setting
Default JavaScript setting
Default notification settings
Default sensors setting
Revert to legacy SameSite behavior for cookies on these sites
setting
Default search provider
Default search provider encodings
Default search provider icon
Default search provider keyword
Default search provider name
Default search provider new tab page URL
Default search provider search URL
Default search provider suggest URL
Enable the default search provider
List of alternative URLs for the default search provider
Parameter providing search-by-image feature for the default search provider
Parameters for image URL which uses POST
Parameters for search URL which uses POST
Parameters for suggest URL which uses POST
Deprecated policies
Address or URL of proxy server
Allow media autoplay on a whitelist of URL patterns
Allows access to a list of URLs
Allow sign in to Google Chrome
Authentication server whitelist
Block access to a list of URLs
Choose how to specify proxy server settings
Choose how to specify proxy server settings
Configure extension installation blacklist
Configure extension installation whitelist
Configure native messaging blacklist
Configure native messaging whitelist
Configure the list of domains on which Safe Browsing will not trigger warnings.
Configure the required domain name for remote access clients
Configure the required domain name for remote access hosts
Control the User-Agent Client Hints feature.
Default mediastream setting
Disable Developer Tools
Disable URL protocol schemes
Enable AutoFill
Enable Incognito mode
Enable JavaScript
Enable Native Window Occlusion
Enable Safe Browsing
Enables force sign in for Google Chrome
Enable stricter treatment for mixed content
Force disable spellcheck languages
Force SafeSearch
Force YouTube Safety Mode
Kerberos delegation server whitelist
Origins or hostname patterns for which restrictions on insecure origins should not apply
Proxy bypass rules
URL to a proxy .pac file
Extensions
Blocks external extensions from being installed
Configure allowed app/extension types
Configure extension, app, and user script install sources
Configure extension installation allow list
Configure extension installation blocklist
Configure the list of force-installed apps and extensions
Extension management settings
Google Cast
Enables Google Cast
Shows the Google Cast toolbar icon
Legacy Browser Support
Alternative browser to launch for configured websites.
Command-line parameters for switching from the alternative browser.
Command-line parameters for the alternative browser.
Delay before launching alternative browser (milliseconds)
Enable the Legacy Browser Support feature.
Keep last tab open in Chrome.
Path to Chrome for switching from the alternative browser.
URL of an XML file that contains URLs that should never trigger a browser switch.
URL of an XML file that contains URLs to load in an alternative browser.
Use Internet Explorer's SiteList policy for Legacy Browser Support.
Websites that should never trigger a browser switch.
Websites to open in alternative browser
Native Messaging
Allow user-level Native Messaging hosts (installed without admin permissions)
Configure native messaging allowlist
Configure native messaging blocklist
Password manager
Enable leak detection for entered credentials
Enable saving passwords to the password manager
Policies for HTTP authentication
Allow Basic authentication for HTTP
Authentication server allowlist
Cross-origin HTTP Basic Auth prompts
Disable CNAME lookup when negotiating Kerberos authentication
Include non-standard port in Kerberos SPN
Kerberos delegation server allowlist
Supported authentication schemes
Printing
Default background graphics printing mode
Default printer selection rules
Default printing page size
Disable printer types on the deny list
Disable Print Preview
Enable Google Cloud Print proxy
Enable printing
Enable submission of documents to Google Cloud Print
Print Headers and Footers
Print Rasterization Mode
Restrict background graphics printing mode
Use System Default Printer as Default
Removed policies
Additional command line parameters for Google Chrome
Allow background tabs freeze
Allow Google Chrome Frame to handle the listed content types
Allow insecure algorithms in integrity checks on extension updates and installs
Allow key generation on these sites
Allow running plug-ins that are outdated
Allows a page to show popups during its unloading
Allow sites to simultaneously navigate and open pop-ups
Allow the Flash plug-in on these sites
Allow users to opt in to Safe Browsing extended reporting
Allow users to show passwords in Password Manager (deprecated)
Allow WebDriver to Override Incompatible Policies
Always render the following URL patterns in Google Chrome Frame
Always render the following URL patterns in the host browser
Always runs plug-ins that require authorisation
Block key generation on these sites
Block the Flash plug-in on these sites
Clear site data on browser shutdown (deprecated)
Configure the TalkGadget prefix for remote access hosts
Default Flash setting
Default HTML renderer for Google Chrome Frame
Default key generation setting
Default legacy SameSite cookie behavior setting
Default search provider instant URL
Disable SPDY protocol
Disable TLS False Start
Enable a TLS 1.3 security feature for local trust anchors.
Enable chrome://devices
Enable CORS check mitigations in the new CORS implementation
Enable creation of supervised users
Enable deprecated web platform features for a limited time
Enable firewall traversal from remote access client
Enable Instant
Enable network prediction.
Enable PAC URL stripping (for https://)
Enable sending downloads to Google for deep scanning for users enrolled in the Advanced Protection program
Enable showing the welcome page on the first browser launch following OS upgrade
Enables HTTP/0.9 support on non-default ports
Enable the old web-based signin flow
Enable trust in Symantec Corporation's Legacy PKI Infrastructure
Enable two-factor authentication for remote access hosts
Enterprise web store name (deprecated)
Enterprise web store URL (deprecated)
Extend Flash content setting to all content (deprecated)
finder should be disabled
Force networking code to run in the browser process
Maximum SSL version enabled
Minimum TLS version to fallback to
Parameter controlling search term placement for the default search provider
Parameters for instant URL which uses POST
Policy overrides for Debug builds of the remote access host
Prevent app promotions from appearing on the new tab page
Re-enable Web Components v0 API until M84.
Set Google Chrome Frame user data directory
Set media disk cache size in bytes
Skip the meta tag check in Google Chrome Frame
Specify a list of disabled plug-ins
Specify a list of enabled plug-ins
Specify a list of plug-ins that the user can enable or disable
Suppress Google Cloud Print deprecation messages
Suppress the Google Chrome Frame turn-down prompt
The enrollment token of cloud policy on desktop
Use a default referrer policy of no-referrer-when-downgrade.
Use Legacy Form Controls until M84.
Use the legacy CORS implementation rather than new CORS
Whether DHE cipher suites in TLS are enabled
Whether RC4 cipher suites in TLS are enabled
Whether SHA-1 signed certificates issued by local trust anchors are allowed
Whether to allow certificates issued by local trust anchors that are missing the subjectAlternativeName extension
Safe Browsing settings
Configure the change password URL.
Configure the list of domains on which Safe Browsing will not trigger warnings.
Configure the list of enterprise login URLs where password protection service should capture salted hashes of passwords.
Enable Safe Browsing Extended Reporting
Password protection warning trigger
Safe Browsing Protection Level
Startup, Home page and New Tab page
Action on start-up
Configure the home page URL
Configure the New Tab page URL
Show Home button on the toolbar
URLs to open on start-up
Use New Tab Page as homepage
Abusive Experience Intervention Enforce
Ads setting for sites with intrusive ads
Allow access to a list of URLs
Allow collection of WebRTC event logs from Google services
Allow default search provider context menu search access
Allow Dinosaur Easter Egg Game
Allow DNS queries for additional DNS record types
Allow download restrictions
Allow fullscreen mode
Allow Google Cast to connect to Cast devices on all IP addresses.
Allow invocation of file selection dialogues
Allow legacy TLS/DTLS downgrade in WebRTC
Allow media autoplay
Allow media autoplay on a allowlist of URL patterns
Allow merging dictionary policies from different sources
Allow merging list policies from different sources
Allow or deny audio capture
Allow or deny screen capture
Allow or deny video capture
Allow proceeding from the SSL warning page
Allow proceeding from the SSL warning page on specific origins
Allow queries to a Google time service
Allow remote debugging
Allows a page to perform synchronous XHR requests during page dismissal.
Allows QUIC protocol
Allows the AppCache feature to be re-enabled even if it is off by default.
Allow the audio process to run with priority above normal on Windows
Allow the audio sandbox to run
Allow the listed sites to make requests to more-private network endpoints from insecure contexts.
Allow user feedback
Allow users to customize the background on the New Tab page
Allow websites to query for available payment methods.
Always Open PDF files externally
Application locale
Ask where to save each file before downloading
Block access to a list of URLs
Block third-party cookies
Browser experiments icon in toolbar
Browser sign in settings
Browsing Data Lifetime Settings
CECPQ2 post-quantum key-agreement enabled for TLS
Clear Browsing Data on Exit
Configure list of force-installed Web Apps
Configure the color of the browser's theme
Configure the content and order of preferred languages
Continue running background apps when Google Chrome is closed
Control how Chrome Cleanup reports data to Google
Control SafeSites adult content filtering.
Controls the mode of DNS-over-HTTPS
Control the IntensiveWakeUpThrottling feature.
Control use of the Headless Mode
Control where Developer Tools can be used
Define a list of protocols that can launch an external application from listed origins without prompting the user
Define domains allowed to access Google Apps
Determine the availability of variations
Disable Certificate Transparency enforcement for a list of Legacy Certificate Authorities
Disable Certificate Transparency enforcement for a list of subjectPublicKeyInfo hashes
Disable Certificate Transparency enforcement for a list of URLs
Disable proceeding from the Safe Browsing warning page
Disable saving browser history
Disable support for 3D graphics APIs
Disable synchronisation of data with Google
Disable taking screenshots
DNS interception checks enabled
Do not set window.opener for links targeting _blank
Enable 3DES cipher suites in TLS
Enable additional protections for users enrolled in the Advanced Protection program
Enable add person in user manager
Enable alternate error pages
Enable Ambient Authentication for profile types.
Enable AutoFill for addresses
Enable AutoFill for credit cards
Enable Bookmark Bar
Enable Chrome Cleanup on Windows
Enable deleting browser and download history
Enable deprecated privet printing
Enable desktop sharing in the omnibox and 3-dot menu
Enable Get Image Descriptions from Google.
Enable globally scoped HTTP auth cache
Enable guest mode in browser
Enable lock icon in the omnibox for secure connections
Enable mandatory cloud management enrollment
Enable Media Recommendations
Enable network prediction.
Enable or disable spell checking web service
Enable Renderer Code Integrity
Enable reporting of usage and crash-related data
Enables component updates in Google Chrome
Enable scrolling to text specified in URL fragments
Enable search suggestions
Enable security warnings for command-line flags
Enables ending processes in Task Manager
Enables experimental policies
Enable showing full-tab promotional content
Enable Signed HTTP Exchange (SXG) support
Enable signin interception
Enable Site Isolation for every site
Enable Site Isolation for specified origins
Enables managed extensions to use the Enterprise Hardware Platform API
Enables merging of user cloud policies into machine-level policies
Enables or disables bookmark editing
Enable spellcheck
Enables the concept of policy atomic groups
Enable the Click to Call Feature
Enable the creation of roaming copies for Google Chrome profile data
Enable the Shared Clipboard Feature
Enable third party software injection blocking
Enable Translate
Enable URL-keyed anonymized data collection
Enable warnings for insecure forms
Enable Window Occlusion
Enable WPAD optimisation
Enforce browser guest mode
Ephemeral profile
Explicitly allowed network ports
Fetch keepalive duration on Shutdown
Force disable spellcheck languages
Force enable spellcheck languages
Force Google SafeSearch
Force minimum YouTube Restricted Mode
Google Chrome cloud policy overrides Platform policy.
Hide the web store from the New Tab Page and app launcher
Import autofill form data from default browser on first run
Import bookmarks from default browser on first run
Import browsing history from default browser on first run
Import of homepage from default browser on first run
Import saved passwords from default browser on first run
Import search engines from default browser on first run
Incognito mode availability
Intranet Redirection Behavior
Limits the number of user data snapshots retained for use in case of emergency rollback.
List of file types that should be automatically opened on download
List of names that will bypass the HSTS policy check
List of types that should be excluded from synchronization
Managed Bookmarks
Maximum fetch delay after a policy invalidation
Maximum number of concurrent connections to the proxy server
Minimum SSL version enabled
Notify a user that a browser relaunch or device restart is recommended or required
Origins or hostname patterns for which restrictions on insecure origins should not apply
Profile picker availability on startup
Proxy settings
Refresh rate for user policy
Restrict the range of local UDP ports used by WebRTC
Restrict which users are allowed to sign in to Google Chrome
SafeBrowsing enable state for trusted sources
Set disk cache directory
Set disk cache size in bytes
Set download directory
Set Google Chrome as Default Browser
Set limit on megabytes of memory a single Chrome instance can use.
Sets managed configuration values to websites to specific origins
Set the roaming profile directory
Set the time interval for relaunch
Set the time period for update notifications
Set user data directory
Show an "Always open" checkbox in external protocol dialog.
Show cards on the New Tab Page
Show Full URLs
Show the apps shortcut in the bookmark bar
Specifies whether SharedArrayBuffers can be used in a non cross-origin-isolated context
Specifies whether to allow insecure websites to make requests to more-private network endpoints
Specify URI template of desired DNS-over-HTTPS resolver
Suppress JavaScript Dialogs triggered from different origin subframes
Suppress lookalike domain warnings on domains
Suppress the unsupported OS warning
The enrollment token of cloud policy on desktop
The IP handling policy of WebRTC
URLs/domains automatically permitted direct Security Key attestation
URLs for which local IPs are exposed in WebRTC ICE candidates
URLs that will be granted access to audio capture devices without prompt
URLs that will be granted access to video capture devices without prompt
URLs where AutoOpenFileTypes can apply
Use built-in DNS client
Use hardware acceleration when available
Whether online OCSP/CRL checks are performed
Whether online OCSP/CRL checks are required for local trust anchors
Google
Password Alert
corp_email_domain
corp_html
corp_html_tight
domain_auth_secret
report_url
security_email_address
should_initialize_password
sso_form_selector
sso_password_selector
sso_url
sso_username_selector
whitelist_top_domains
×
Search in Group Policy Administrative Templates