Define domains allowed to access Google Workspace
Setting the policy turns on Chrome's restricted sign-in feature in Google Workspace and prevents users from changing this setting. Users can only access Google tools using accounts from the specified domains (to allow gmail or googlemail accounts, add consumer_accounts to the list of domains). This setting prevents users from signing in and adding a Secondary Account on a managed device that requires Google authentication, if that account doesn't belong to one of the explicitly allowed domains.
Leaving this setting empty or unset means users can access Google Workspace with any account.
Users cannot change or override this setting.
Note: This policy causes the X-GoogApps-Allowed-Domains header to be appended to all HTTP and HTTPS requests to all google.com domains, as described in https://support.google.com/a/answer/1668854.
Example value: managedchrome.com,example.com
Supported on: At least Microsoft Windows 7 or Windows Server 2008 family
Define domains allowed to access Google Workspace
| Registry Hive | HKEY_LOCAL_MACHINE or HKEY_CURRENT_USER |
| Registry Path | Software\Policies\Google\Chrome |
| Value Name | AllowedDomainsForApps |
| Value Type | REG_SZ |
| Default Value |
chrome.admx
- Google
- Google Chrome - Default Settings (users can override)
- Content settings
- Default search provider
- Default search provider encodings
- Default search provider icon
- Default search provider keyword
- Default search provider name
- Default search provider new tab page URL
- Default search provider search URL
- Default search provider suggest URL
- Enable the default search provider
- List of alternate URLs for the default search provider
- Parameter providing search-by-image feature for the default search provider
- Parameters for image URL which uses POST
- Parameters for search URL which uses POST
- Parameters for suggest URL which uses POST
- Deprecated policies
- Password manager
- Printing
- Removed policies
- Safe Browsing settings
- Startup, Home page and New Tab page
- Allow default search provider context menu search access
- Allow download restrictions
- Always Open PDF files externally
- Application locale
- Block third party cookies
- Continue running background apps when Google Chrome is closed
- Enable alternate error pages
- Enable AutoFill for addresses
- Enable AutoFill for credit cards
- Enable Bookmark Bar
- Enable network prediction
- Enable or disable spell checking web service
- Enable reporting of usage and crash-related data
- Enable Safe Browsing for trusted sources
- Enable search suggestions
- Enable Translate
- Import autofill form data from default browser on first run
- Import bookmarks from default browser on first run
- Import browsing history from default browser on first run
- Import saved passwords from default browser on first run
- Import search engines from default browser on first run
- Set default download directory
- Set download directory
- Show Full URLs
- Google Chrome
- Content settings
- Allow access to sensors on these sites
- Allow cookies on these sites
- Allow images on these sites
- Allow insecure content on these sites
- Allow JavaScript on these sites
- Allow JavaScript to use JIT on these sites
- Allow notifications on these sites
- Allow popups on these sites
- Allow read access via the File System API on these sites
- Allow the File Handling API on these web apps
- Allow the Serial API on these sites
- Allow WebUSB on these sites
- Allow write access to files and directories on these sites
- Automatically grant permission to these sites to connect to USB devices with the given vendor and product IDs.
- Automatically select client certificates for these sites
- Block access to sensors on these sites
- Block cookies on these sites
- Block images on these sites
- Block insecure content on these sites
- Block JavaScript from using JIT on these sites
- Block JavaScript on these sites
- Block notifications on these sites
- Block popups on these sites
- Block read access via the File System API on these sites
- Block the File Handling API on these web apps
- Block the Serial API on these sites
- Block WebUSB on these sites
- Block write access to files and directories on these sites
- Control use of insecure content exceptions
- Control use of JavaScript JIT
- Control use of the File Handling API
- Control use of the File System API for reading
- Control use of the File System API for writing
- Control use of the Serial API
- Control use of the Web Bluetooth API
- Control use of the WebUSB API
- Default cookies setting
- Default geolocation setting
- Default images setting
- Default JavaScript setting
- Default notification setting
- Default popups setting
- Default sensors setting
- Limit cookies from matching URLs to the current session
- Revert to legacy SameSite behavior for cookies on these sites
- Default search provider
- Default search provider encodings
- Default search provider icon
- Default search provider keyword
- Default search provider name
- Default search provider new tab page URL
- Default search provider search URL
- Default search provider suggest URL
- Enable the default search provider
- List of alternate URLs for the default search provider
- Parameter providing search-by-image feature for the default search provider
- Parameters for image URL which uses POST
- Parameters for search URL which uses POST
- Parameters for suggest URL which uses POST
- Deprecated policies
- Address or URL of proxy server
- Allow access to a list of URLs
- Allow media autoplay on a whitelist of URL patterns
- Allow sign in to Google Chrome
- Authentication server whitelist
- Block access to a list of URLs
- Choose how to specify proxy server settings
- Choose how to specify proxy server settings
- Configure extension installation blacklist
- Configure extension installation whitelist
- Configure native messaging blocklist
- Configure native messaging whitelist
- Configure the list of domains on which Safe Browsing will not trigger warnings.
- Configure the required domain name for remote access clients
- Configure the required domain name for remote access hosts
- Control the User-Agent Client Hints feature.
- Default mediastream setting
- Disable Developer Tools
- Disable URL protocol schemes
- Enable AutoFill
- Enable force sign in for Google Chrome
- Enable Incognito mode
- Enable JavaScript
- Enable Native Window Occlusion
- Enable Safe Browsing
- Enable stricter treatment for mixed content
- Force disable spellcheck languages
- Force SafeSearch
- Force YouTube Safety Mode
- Kerberos delegation server whitelist
- Origins or hostname patterns for which restrictions on insecure origins should not apply
- Proxy bypass rules
- URL to a proxy .pac file
- Extensions
- Blocks external extensions from being installed
- Configure allowed app/extension types
- Configure extension, app, and user script install sources
- Configure extension installation allow list
- Configure extension installation blocklist
- Configure the list of force-installed apps and extensions
- Extension management settings
- Google Cast
- HTTP authentication
- Legacy Browser Support
- Alternative browser to launch for configured websites.
- Command-line parameters for switching from the alternative browser.
- Command-line parameters for the alternative browser.
- Delay before launching alternative browser (milliseconds)
- Enable the Legacy Browser Support feature.
- Keep last tab open in Chrome.
- Path to Chrome for switching from the alternative browser.
- URL of an XML file that contains URLs that should never trigger a browser switch.
- URL of an XML file that contains URLs to load in an alternative browser.
- Use Internet Explorer's SiteList policy for Legacy Browser Support.
- Websites that should never trigger a browser switch.
- Websites to open in alternative browser
- Native Messaging
- Password manager
- Printing
- Default background graphics printing mode
- Default printer selection rules
- Default printing page size
- Disable printer types on the deny list
- Disable Print Preview
- Enable Google Cloud Print proxy
- Enable printing
- Enable submission of documents to Google Cloud Print
- Print Rasterization Mode
- Restrict background graphics printing mode
- Use System Default Printer as Default
- Remote access
- Allow remote access connections to this machine
- Allow remote access users to transfer files to/from the host
- Allow remote users to interact with elevated windows in remote assistance sessions
- Configure the required domain names for remote access clients
- Configure the required domain names for remote access hosts
- Enable curtaining of remote access hosts
- Enable firewall traversal from remote access host
- Enable or disable PIN-less authentication for remote access hosts
- Enable the use of relay servers by the remote access host
- Maximum session duration allowed for remote access connections
- Restrict the UDP port range used by the remote access host
- Removed policies
- Additional command line parameters for Google Chrome
- Allow background tabs freeze
- Allow certificates issued by local trust anchors without subjectAlternativeName extension
- Allow Google Chrome Frame to handle the listed content types
- Allow insecure algorithms in integrity checks on extension updates and installs
- Allow key generation on these sites
- Allow running plugins that are outdated
- Allows a page to show popups during its unloading
- Allow SHA-1 signed certificates issued by local trust anchors
- Allow sites to simultaneously navigate and open pop-ups
- Allow the Flash plugin on these sites
- Allow users to opt in to Safe Browsing extended reporting
- Allow users to show passwords in Password Manager (deprecated)
- Allow WebDriver to Override Incompatible Policies
- Always render the following URL patterns in Google Chrome Frame
- Always render the following URL patterns in the host browser
- Always runs plugins that require authorization (deprecated)
- Block key generation on these sites
- Block the Flash plugin on these sites
- Clear site data on browser shutdown (deprecated)
- Configure the TalkGadget prefix for remote access hosts
- Default Flash setting
- Default HTML renderer for Google Chrome Frame
- Default key generation setting
- Default legacy SameSite cookie behavior setting
- Default search provider instant URL
- Disable SPDY protocol
- Disable TLS False Start
- Enable a TLS 1.3 security feature for local trust anchors.
- Enable chrome://devices
- Enable CORS check mitigations in the new CORS implementation
- Enable creation of supervised users
- Enable deprecated web platform features for a limited time
- Enable DHE cipher suites in TLS
- Enable firewall traversal from remote access client
- Enable HTTP/0.9 support on non-default ports
- Enable Instant
- Enable network prediction
- Enable PAC URL stripping (for https://)
- Enable RC4 cipher suites in TLS
- Enable sending downloads to Google for deep scanning for users enrolled in the Advanced Protection program
- Enable showing the welcome page on the first browser launch following OS upgrade
- Enable the old web-based signin flow
- Enable trust in Symantec Corporation's Legacy PKI Infrastructure
- Enable two-factor authentication for remote access hosts
- Enterprise web store name (deprecated)
- Enterprise web store URL (deprecated)
- Extend Flash content setting to all content (deprecated)
- Force networking code to run in the browser process
- Maximum SSL version enabled
- Minimum TLS version to fallback to
- Parameter controlling search term placement for the default search provider
- Parameters for instant URL which uses POST
- Policy overrides for Debug builds of the remote access host
- Prevent app promotions from appearing on the new tab page
- Re-enable Web Components v0 API until M84.
- Set Google Chrome Frame user data directory
- Set media disk cache size in bytes
- Skip the meta tag check in Google Chrome Frame
- Specify a list of disabled plugins
- Specify a list of enabled plugins
- Specify a list of plugins that the user can enable or disable
- Specify whether the plugin finder should be disabled (deprecated)
- Suppress Google Cloud Print deprecation messages
- Suppress the Google Chrome Frame turndown prompt
- The enrollment token of cloud policy on desktop
- Use a default referrer policy of no-referrer-when-downgrade.
- Use Legacy Form Controls until M84.
- Use the legacy CORS implementation rather than new CORS
- Safe Browsing settings
- Configure the change password URL.
- Configure the list of domains on which Safe Browsing will not trigger warnings.
- Configure the list of enterprise login URLs where password protection service should capture salted hashes of passwords.
- Enable Safe Browsing Extended Reporting
- Password protection warning trigger
- Safe Browsing Protection Level
- Startup, Home page and New Tab page
- Abusive Experience Intervention Enforce
- Ads setting for sites with intrusive ads
- Allow access to a list of URLs
- Allow collection of WebRTC event logs from Google services
- Allow default search provider context menu search access
- Allow Dinosaur Easter Egg Game
- Allow DNS queries for additional DNS record types
- Allow download restrictions
- Allow fullscreen mode
- Allow Google Cast to connect to Cast devices on all IP addresses.
- Allow invocation of file selection dialogs
- Allow legacy TLS/DTLS downgrade in WebRTC
- Allow media autoplay
- Allow media autoplay on a allowlist of URL patterns
- Allow merging dictionary policies from different sources
- Allow merging list policies from different sources
- Allow or deny audio capture
- Allow or deny screen capture
- Allow or deny video capture
- Allow proceeding from the SSL warning page
- Allow proceeding from the SSL warning page on specific origins
- Allow queries to a Google time service
- Allow QUIC protocol
- Allow remote debugging
- Allows a page to perform synchronous XHR requests during page dismissal.
- Allows the AppCache feature to be re-enabled even if it is off by default.
- Allow the audio process to run with priority above normal on Windows
- Allow the audio sandbox to run
- Allow the listed sites to make requests to more-private network endpoints from insecure contexts.
- Allow user feedback
- Allow users to customize the background on the New Tab page
- Allow websites to query for available payment methods.
- Always Open PDF files externally
- Application locale
- Ask where to save each file before downloading
- Block access to a list of URLs
- Block third party cookies
- Browser experiments icon in toolbar
- Browser sign in settings
- Browsing Data Lifetime Settings
- CECPQ2 post-quantum key-agreement enabled for TLS
- Clear Browsing Data on Exit
- Configure list of force-installed Web Apps
- Configure the color of the browser's theme
- Configure the content and order of preferred languages
- Continue running background apps when Google Chrome is closed
- Control how Chrome Cleanup reports data to Google
- Control SafeSites adult content filtering.
- Controls the mode of DNS-over-HTTPS
- Control the IntensiveWakeUpThrottling feature.
- Control use of the Headless Mode
- Control where Developer Tools can be used
- Define a list of protocols that can launch an external application from listed origins without prompting the user
- Define domains allowed to access Google Workspace
- Determine the availability of variations
- Disable Certificate Transparency enforcement for a list of Legacy Certificate Authorities
- Disable Certificate Transparency enforcement for a list of subjectPublicKeyInfo hashes
- Disable Certificate Transparency enforcement for a list of URLs
- Disable proceeding from the Safe Browsing warning page
- Disable saving browser history
- Disable support for 3D graphics APIs
- Disable synchronization of data with Google
- Disable taking screenshots
- DNS interception checks enabled
- Do not set window.opener for links targeting _blank
- Enable 3DES cipher suites in TLS
- Enable additional protections for users enrolled in the Advanced Protection program
- Enable add person in user manager
- Enable alternate error pages
- Enable Ambient Authentication for profile types.
- Enable AutoFill for addresses
- Enable AutoFill for credit cards
- Enable Bookmark Bar
- Enable Chrome Cleanup on Windows
- Enable component updates in Google Chrome
- Enable deleting browser and download history
- Enable deprecated privet printing
- Enable desktop sharing in the omnibox and 3-dot menu
- Enable ending processes in Task Manager
- Enable Get Image Descriptions from Google.
- Enable globally scoped HTTP auth cache
- Enable guest mode in browser
- Enable lock icon in the omnibox for secure connections
- Enable mandatory cloud management enrollment
- Enable Media Recommendations
- Enable network prediction
- Enable online OCSP/CRL checks
- Enable or disable bookmark editing
- Enable or disable spell checking web service
- Enable Renderer Code Integrity
- Enable reporting of usage and crash-related data
- Enable Safe Browsing for trusted sources
- Enable scrolling to text specified in URL fragments
- Enable search suggestions
- Enable security warnings for command-line flags
- Enables experimental policies
- Enable showing full-tab promotional content
- Enable Signed HTTP Exchange (SXG) support
- Enable signin interception
- Enable Site Isolation for every site
- Enable Site Isolation for specified origins
- Enables managed extensions to use the Enterprise Hardware Platform API
- Enables merging of user cloud policies into machine-level policies
- Enable spellcheck
- Enables the concept of policy atomic groups
- Enable the Click to Call Feature
- Enable the creation of roaming copies for Google Chrome profile data
- Enable third party software injection blocking
- Enable Translate
- Enable URL-keyed anonymized data collection
- Enable warnings for insecure forms
- Enable Window Occlusion
- Enable WPAD optimization
- Enforce browser guest mode
- Ephemeral profile
- Explicitly allowed network ports
- Fetch keepalive duration on Shutdown
- Force disable spellcheck languages
- Force enable spellcheck languages
- Force Google SafeSearch
- Force minimum YouTube Restricted Mode
- Google Chrome cloud policy overrides Platform policy.
- Hide the web store from the New Tab Page and app launcher
- Import autofill form data from default browser on first run
- Import bookmarks from default browser on first run
- Import browsing history from default browser on first run
- Import of homepage from default browser on first run
- Import saved passwords from default browser on first run
- Import search engines from default browser on first run
- Incognito mode availability
- Intranet Redirection Behavior
- Limits the number of user data snapshots retained for use in case of emergency rollback.
- List of file types that should be automatically opened on download
- List of names that will bypass the HSTS policy check
- List of types that should be excluded from synchronization
- Managed Bookmarks
- Maximal number of concurrent connections to the proxy server
- Maximum fetch delay after a policy invalidation
- Minimum SSL version enabled
- Notify a user that a browser relaunch or device restart is recommended or required
- Origins or hostname patterns for which restrictions on insecure origins should not apply
- Profile picker availability on startup
- Proxy settings
- Refresh rate for user policy
- Require online OCSP/CRL checks for local trust anchors
- Restrict the range of local UDP ports used by WebRTC
- Restrict which Google accounts are allowed to be set as browser primary accounts in Google Chrome
- Set disk cache directory
- Set disk cache size in bytes
- Set download directory
- Set Google Chrome as Default Browser
- Set limit on megabytes of memory a single Chrome instance can use.
- Sets managed configuration values to websites to specific origins
- Set the roaming profile directory
- Set the time interval for relaunch
- Set the time period for update notifications
- Set user data directory
- Show an "Always open" checkbox in external protocol dialog.
- Show cards on the New Tab Page
- Show Full URLs
- Show the apps shortcut in the bookmark bar
- Specifies whether to allow insecure websites to make requests to more-private network endpoints
- Specify URI template of desired DNS-over-HTTPS resolver
- Suppress JavaScript Dialogs triggered from different origin subframes
- Suppress lookalike domain warnings on domains
- Suppress the unsupported OS warning
- The enrollment token of cloud policy on desktop
- The IP handling policy of WebRTC
- URLs/domains automatically permitted direct Security Key attestation
- URLs for which local IPs are exposed in WebRTC ICE candidates
- URLs that will be granted access to audio capture devices without prompt
- URLs that will be granted access to video capture devices without prompt
- URLs where AutoOpenFileTypes can apply
- Use built-in DNS client
- Use hardware acceleration when available
- Content settings
- Google Update
- Applications
- Gears
- Google Advertising Cookie Opt-out Plugin
- Google Amharic Input
- Google Analytics Opt-out Browser Add-on (for Internet Explorer)
- Google Arabic Input
- Google Bengali Input
- Google Chrome Beta
- Google Chrome Binaries
- Google Chrome Canary Build
- Google Chrome Dev
- Google Chrome Frame
- Google Chrome
- Google Credential Provider for Windows (GCPW)
- Google Drive File Stream
- Google Drive plug-in for Microsoft Office
- Google Drive plug-in for Microsoft Office Per Machine
- Google Earth (per-user install)
- Google Earth
- Google Earth Plugin
- Google Earth Pro
- Google Email Uploader
- Google Farsi Input
- Google Greek Input
- Google Gujarati Input
- Google Hangouts Plugin for Microsoft Outlook®
- Google Hebrew Input
- Google Hindi Input
- Google Japanese Input
- Google Kannada Input
- Google Malayalam Input
- Google Marathi Input
- Google Nepali Input
- Google Oriya Input
- Google Punjabi Input
- Google Russian Input
- Google Sanskrit Input
- Google Serbian Input
- Google Sinhalese Input
- Google Talk Labs Edition
- Google Talk Plugin (Voice and Video Chat)
- Google Tamil Input
- Google Telugu Input
- Google Tigrinya Input
- Google Toolbar (for Firefox)
- Google Toolbar (for Internet Explorer)
- Google Urdu Input
- GWT Developer Plugin For Internet Explorer
- Legacy Browser Support
- O3D Extras
- O3D
- Allow installation default
- Update policy override default
- Preferences
- Proxy Server
- Applications
- Legacy Browser Support
- Alternative Browser Arguments
- Alternative Browser Path
- Chrome Arguments
- Chrome Path
- Hosts that Should Not Trigger a Transition in Either Browser
- Hosts to Open In the Alternative Browser
- Keep Last Chrome Tab On Transition
- Show Transition Screen in Chrome For Some Time
- Use IE Enterprise Mode Site List Policy
- User-Agent Switcher for Chrome
- Allow the user to specify user agent overrides for managed pages
- Allow users to customize options in "Other settings"
- Allow users to define custom permanent spoofs
- Allow users to define custom user agents
- Change the user agent string per tab
- Custom user-agent list
- Send error reports from the extension
- Google Chrome - Default Settings (users can override)
- Google
- Google Chrome - Default Settings (users can override)
- Content settings
- Default search provider
- Default search provider encodings
- Default search provider icon
- Default search provider keyword
- Default search provider name
- Default search provider new tab page URL
- Default search provider search URL
- Default search provider suggest URL
- Enable the default search provider
- List of alternate URLs for the default search provider
- Parameter providing search-by-image feature for the default search provider
- Parameters for image URL which uses POST
- Parameters for search URL which uses POST
- Parameters for suggest URL which uses POST
- Deprecated policies
- Password manager
- Printing
- Removed policies
- Safe Browsing settings
- Startup, Home page and New Tab page
- Allow default search provider context menu search access
- Allow download restrictions
- Always Open PDF files externally
- Application locale
- Block third party cookies
- Continue running background apps when Google Chrome is closed
- Enable alternate error pages
- Enable AutoFill for addresses
- Enable AutoFill for credit cards
- Enable Bookmark Bar
- Enable network prediction
- Enable or disable spell checking web service
- Enable reporting of usage and crash-related data
- Enable Safe Browsing for trusted sources
- Enable search suggestions
- Enable Translate
- Import autofill form data from default browser on first run
- Import bookmarks from default browser on first run
- Import browsing history from default browser on first run
- Import saved passwords from default browser on first run
- Import search engines from default browser on first run
- Set default download directory
- Set download directory
- Show Full URLs
- Google Chrome
- Content settings
- Allow access to sensors on these sites
- Allow cookies on these sites
- Allow images on these sites
- Allow insecure content on these sites
- Allow JavaScript on these sites
- Allow JavaScript to use JIT on these sites
- Allow notifications on these sites
- Allow popups on these sites
- Allow read access via the File System API on these sites
- Allow the File Handling API on these web apps
- Allow the Serial API on these sites
- Allow WebUSB on these sites
- Allow write access to files and directories on these sites
- Automatically grant permission to these sites to connect to USB devices with the given vendor and product IDs.
- Automatically select client certificates for these sites
- Block access to sensors on these sites
- Block cookies on these sites
- Block images on these sites
- Block insecure content on these sites
- Block JavaScript from using JIT on these sites
- Block JavaScript on these sites
- Block notifications on these sites
- Block popups on these sites
- Block read access via the File System API on these sites
- Block the File Handling API on these web apps
- Block the Serial API on these sites
- Block WebUSB on these sites
- Block write access to files and directories on these sites
- Control use of insecure content exceptions
- Control use of JavaScript JIT
- Control use of the File Handling API
- Control use of the File System API for reading
- Control use of the File System API for writing
- Control use of the Serial API
- Control use of the Web Bluetooth API
- Control use of the WebUSB API
- Default cookies setting
- Default geolocation setting
- Default images setting
- Default JavaScript setting
- Default notification setting
- Default popups setting
- Default sensors setting
- Limit cookies from matching URLs to the current session
- Revert to legacy SameSite behavior for cookies on these sites
- Default search provider
- Default search provider encodings
- Default search provider icon
- Default search provider keyword
- Default search provider name
- Default search provider new tab page URL
- Default search provider search URL
- Default search provider suggest URL
- Enable the default search provider
- List of alternate URLs for the default search provider
- Parameter providing search-by-image feature for the default search provider
- Parameters for image URL which uses POST
- Parameters for search URL which uses POST
- Parameters for suggest URL which uses POST
- Deprecated policies
- Address or URL of proxy server
- Allow access to a list of URLs
- Allow media autoplay on a whitelist of URL patterns
- Allow sign in to Google Chrome
- Authentication server whitelist
- Block access to a list of URLs
- Choose how to specify proxy server settings
- Choose how to specify proxy server settings
- Configure extension installation blacklist
- Configure extension installation whitelist
- Configure native messaging blocklist
- Configure native messaging whitelist
- Configure the list of domains on which Safe Browsing will not trigger warnings.
- Configure the required domain name for remote access clients
- Configure the required domain name for remote access hosts
- Control the User-Agent Client Hints feature.
- Default mediastream setting
- Disable Developer Tools
- Disable URL protocol schemes
- Enable AutoFill
- Enable force sign in for Google Chrome
- Enable Incognito mode
- Enable JavaScript
- Enable Native Window Occlusion
- Enable Safe Browsing
- Enable stricter treatment for mixed content
- Force disable spellcheck languages
- Force SafeSearch
- Force YouTube Safety Mode
- Kerberos delegation server whitelist
- Origins or hostname patterns for which restrictions on insecure origins should not apply
- Proxy bypass rules
- URL to a proxy .pac file
- Extensions
- Blocks external extensions from being installed
- Configure allowed app/extension types
- Configure extension, app, and user script install sources
- Configure extension installation allow list
- Configure extension installation blocklist
- Configure the list of force-installed apps and extensions
- Extension management settings
- Google Cast
- HTTP authentication
- Legacy Browser Support
- Alternative browser to launch for configured websites.
- Command-line parameters for switching from the alternative browser.
- Command-line parameters for the alternative browser.
- Delay before launching alternative browser (milliseconds)
- Enable the Legacy Browser Support feature.
- Keep last tab open in Chrome.
- Path to Chrome for switching from the alternative browser.
- URL of an XML file that contains URLs that should never trigger a browser switch.
- URL of an XML file that contains URLs to load in an alternative browser.
- Use Internet Explorer's SiteList policy for Legacy Browser Support.
- Websites that should never trigger a browser switch.
- Websites to open in alternative browser
- Native Messaging
- Password manager
- Printing
- Default background graphics printing mode
- Default printer selection rules
- Default printing page size
- Disable printer types on the deny list
- Disable Print Preview
- Enable Google Cloud Print proxy
- Enable printing
- Enable submission of documents to Google Cloud Print
- Print Rasterization Mode
- Restrict background graphics printing mode
- Use System Default Printer as Default
- Remote access
- Allow remote access connections to this machine
- Allow remote access users to transfer files to/from the host
- Allow remote users to interact with elevated windows in remote assistance sessions
- Configure the required domain names for remote access clients
- Configure the required domain names for remote access hosts
- Enable curtaining of remote access hosts
- Enable firewall traversal from remote access host
- Enable or disable PIN-less authentication for remote access hosts
- Enable the use of relay servers by the remote access host
- Maximum session duration allowed for remote access connections
- Restrict the UDP port range used by the remote access host
- Removed policies
- Additional command line parameters for Google Chrome
- Allow background tabs freeze
- Allow certificates issued by local trust anchors without subjectAlternativeName extension
- Allow Google Chrome Frame to handle the listed content types
- Allow insecure algorithms in integrity checks on extension updates and installs
- Allow key generation on these sites
- Allow running plugins that are outdated
- Allows a page to show popups during its unloading
- Allow SHA-1 signed certificates issued by local trust anchors
- Allow sites to simultaneously navigate and open pop-ups
- Allow the Flash plugin on these sites
- Allow users to opt in to Safe Browsing extended reporting
- Allow users to show passwords in Password Manager (deprecated)
- Allow WebDriver to Override Incompatible Policies
- Always render the following URL patterns in Google Chrome Frame
- Always render the following URL patterns in the host browser
- Always runs plugins that require authorization (deprecated)
- Block key generation on these sites
- Block the Flash plugin on these sites
- Clear site data on browser shutdown (deprecated)
- Configure the TalkGadget prefix for remote access hosts
- Default Flash setting
- Default HTML renderer for Google Chrome Frame
- Default key generation setting
- Default legacy SameSite cookie behavior setting
- Default search provider instant URL
- Disable SPDY protocol
- Disable TLS False Start
- Enable a TLS 1.3 security feature for local trust anchors.
- Enable chrome://devices
- Enable CORS check mitigations in the new CORS implementation
- Enable creation of supervised users
- Enable deprecated web platform features for a limited time
- Enable DHE cipher suites in TLS
- Enable firewall traversal from remote access client
- Enable HTTP/0.9 support on non-default ports
- Enable Instant
- Enable network prediction
- Enable PAC URL stripping (for https://)
- Enable RC4 cipher suites in TLS
- Enable sending downloads to Google for deep scanning for users enrolled in the Advanced Protection program
- Enable showing the welcome page on the first browser launch following OS upgrade
- Enable the old web-based signin flow
- Enable trust in Symantec Corporation's Legacy PKI Infrastructure
- Enable two-factor authentication for remote access hosts
- Enterprise web store name (deprecated)
- Enterprise web store URL (deprecated)
- Extend Flash content setting to all content (deprecated)
- Force networking code to run in the browser process
- Maximum SSL version enabled
- Minimum TLS version to fallback to
- Parameter controlling search term placement for the default search provider
- Parameters for instant URL which uses POST
- Policy overrides for Debug builds of the remote access host
- Prevent app promotions from appearing on the new tab page
- Re-enable Web Components v0 API until M84.
- Set Google Chrome Frame user data directory
- Set media disk cache size in bytes
- Skip the meta tag check in Google Chrome Frame
- Specify a list of disabled plugins
- Specify a list of enabled plugins
- Specify a list of plugins that the user can enable or disable
- Specify whether the plugin finder should be disabled (deprecated)
- Suppress Google Cloud Print deprecation messages
- Suppress the Google Chrome Frame turndown prompt
- The enrollment token of cloud policy on desktop
- Use a default referrer policy of no-referrer-when-downgrade.
- Use Legacy Form Controls until M84.
- Use the legacy CORS implementation rather than new CORS
- Safe Browsing settings
- Configure the change password URL.
- Configure the list of domains on which Safe Browsing will not trigger warnings.
- Configure the list of enterprise login URLs where password protection service should capture salted hashes of passwords.
- Enable Safe Browsing Extended Reporting
- Password protection warning trigger
- Safe Browsing Protection Level
- Startup, Home page and New Tab page
- Abusive Experience Intervention Enforce
- Ads setting for sites with intrusive ads
- Allow access to a list of URLs
- Allow collection of WebRTC event logs from Google services
- Allow default search provider context menu search access
- Allow Dinosaur Easter Egg Game
- Allow DNS queries for additional DNS record types
- Allow download restrictions
- Allow fullscreen mode
- Allow Google Cast to connect to Cast devices on all IP addresses.
- Allow invocation of file selection dialogs
- Allow legacy TLS/DTLS downgrade in WebRTC
- Allow media autoplay
- Allow media autoplay on a allowlist of URL patterns
- Allow merging dictionary policies from different sources
- Allow merging list policies from different sources
- Allow or deny audio capture
- Allow or deny screen capture
- Allow or deny video capture
- Allow proceeding from the SSL warning page
- Allow proceeding from the SSL warning page on specific origins
- Allow queries to a Google time service
- Allow QUIC protocol
- Allow remote debugging
- Allows a page to perform synchronous XHR requests during page dismissal.
- Allows the AppCache feature to be re-enabled even if it is off by default.
- Allow the audio process to run with priority above normal on Windows
- Allow the audio sandbox to run
- Allow the listed sites to make requests to more-private network endpoints from insecure contexts.
- Allow user feedback
- Allow users to customize the background on the New Tab page
- Allow websites to query for available payment methods.
- Always Open PDF files externally
- Application locale
- Ask where to save each file before downloading
- Block access to a list of URLs
- Block third party cookies
- Browser experiments icon in toolbar
- Browser sign in settings
- Browsing Data Lifetime Settings
- CECPQ2 post-quantum key-agreement enabled for TLS
- Clear Browsing Data on Exit
- Configure list of force-installed Web Apps
- Configure the color of the browser's theme
- Configure the content and order of preferred languages
- Continue running background apps when Google Chrome is closed
- Control how Chrome Cleanup reports data to Google
- Control SafeSites adult content filtering.
- Controls the mode of DNS-over-HTTPS
- Control the IntensiveWakeUpThrottling feature.
- Control use of the Headless Mode
- Control where Developer Tools can be used
- Define a list of protocols that can launch an external application from listed origins without prompting the user
- Define domains allowed to access Google Workspace
- Determine the availability of variations
- Disable Certificate Transparency enforcement for a list of Legacy Certificate Authorities
- Disable Certificate Transparency enforcement for a list of subjectPublicKeyInfo hashes
- Disable Certificate Transparency enforcement for a list of URLs
- Disable proceeding from the Safe Browsing warning page
- Disable saving browser history
- Disable support for 3D graphics APIs
- Disable synchronization of data with Google
- Disable taking screenshots
- DNS interception checks enabled
- Do not set window.opener for links targeting _blank
- Enable 3DES cipher suites in TLS
- Enable additional protections for users enrolled in the Advanced Protection program
- Enable add person in user manager
- Enable alternate error pages
- Enable Ambient Authentication for profile types.
- Enable AutoFill for addresses
- Enable AutoFill for credit cards
- Enable Bookmark Bar
- Enable Chrome Cleanup on Windows
- Enable component updates in Google Chrome
- Enable deleting browser and download history
- Enable deprecated privet printing
- Enable desktop sharing in the omnibox and 3-dot menu
- Enable ending processes in Task Manager
- Enable Get Image Descriptions from Google.
- Enable globally scoped HTTP auth cache
- Enable guest mode in browser
- Enable lock icon in the omnibox for secure connections
- Enable mandatory cloud management enrollment
- Enable Media Recommendations
- Enable network prediction
- Enable online OCSP/CRL checks
- Enable or disable bookmark editing
- Enable or disable spell checking web service
- Enable Renderer Code Integrity
- Enable reporting of usage and crash-related data
- Enable Safe Browsing for trusted sources
- Enable scrolling to text specified in URL fragments
- Enable search suggestions
- Enable security warnings for command-line flags
- Enables experimental policies
- Enable showing full-tab promotional content
- Enable Signed HTTP Exchange (SXG) support
- Enable signin interception
- Enable Site Isolation for every site
- Enable Site Isolation for specified origins
- Enables managed extensions to use the Enterprise Hardware Platform API
- Enables merging of user cloud policies into machine-level policies
- Enable spellcheck
- Enables the concept of policy atomic groups
- Enable the Click to Call Feature
- Enable the creation of roaming copies for Google Chrome profile data
- Enable third party software injection blocking
- Enable Translate
- Enable URL-keyed anonymized data collection
- Enable warnings for insecure forms
- Enable Window Occlusion
- Enable WPAD optimization
- Enforce browser guest mode
- Ephemeral profile
- Explicitly allowed network ports
- Fetch keepalive duration on Shutdown
- Force disable spellcheck languages
- Force enable spellcheck languages
- Force Google SafeSearch
- Force minimum YouTube Restricted Mode
- Google Chrome cloud policy overrides Platform policy.
- Hide the web store from the New Tab Page and app launcher
- Import autofill form data from default browser on first run
- Import bookmarks from default browser on first run
- Import browsing history from default browser on first run
- Import of homepage from default browser on first run
- Import saved passwords from default browser on first run
- Import search engines from default browser on first run
- Incognito mode availability
- Intranet Redirection Behavior
- Limits the number of user data snapshots retained for use in case of emergency rollback.
- List of file types that should be automatically opened on download
- List of names that will bypass the HSTS policy check
- List of types that should be excluded from synchronization
- Managed Bookmarks
- Maximal number of concurrent connections to the proxy server
- Maximum fetch delay after a policy invalidation
- Minimum SSL version enabled
- Notify a user that a browser relaunch or device restart is recommended or required
- Origins or hostname patterns for which restrictions on insecure origins should not apply
- Profile picker availability on startup
- Proxy settings
- Refresh rate for user policy
- Require online OCSP/CRL checks for local trust anchors
- Restrict the range of local UDP ports used by WebRTC
- Restrict which Google accounts are allowed to be set as browser primary accounts in Google Chrome
- Set disk cache directory
- Set disk cache size in bytes
- Set download directory
- Set Google Chrome as Default Browser
- Set limit on megabytes of memory a single Chrome instance can use.
- Sets managed configuration values to websites to specific origins
- Set the roaming profile directory
- Set the time interval for relaunch
- Set the time period for update notifications
- Set user data directory
- Show an "Always open" checkbox in external protocol dialog.
- Show cards on the New Tab Page
- Show Full URLs
- Show the apps shortcut in the bookmark bar
- Specifies whether to allow insecure websites to make requests to more-private network endpoints
- Specify URI template of desired DNS-over-HTTPS resolver
- Suppress JavaScript Dialogs triggered from different origin subframes
- Suppress lookalike domain warnings on domains
- Suppress the unsupported OS warning
- The enrollment token of cloud policy on desktop
- The IP handling policy of WebRTC
- URLs/domains automatically permitted direct Security Key attestation
- URLs for which local IPs are exposed in WebRTC ICE candidates
- URLs that will be granted access to audio capture devices without prompt
- URLs that will be granted access to video capture devices without prompt
- URLs where AutoOpenFileTypes can apply
- Use built-in DNS client
- Use hardware acceleration when available
- Content settings
- Google Chrome - Default Settings (users can override)