Extension IDs and update URLs to be silently installed Application locale Default search provider suggest URL Sample value Enable the password manager Allows you to specify which extensions the users cannot install. Extensions already installed will be removed if blacklisted. A blacklist value of * means all extensions are blacklisted unless they are explicitly listed in the white list. Specifies the URL of the search engine used to provide instant results. The URL should contain the string , which will be replaced at query time by the text the user has entered so far. Optional. List of disabled protocol schemes Default geolocation setting Enable AutoFill Allows you to specify which extensions are not subject to the blacklist. A blacklist value of * means all extensions are blacklisted and users can only install extensions listed in the whitelist. By default, all extensions are whitelisted, but if all extensions have been blacklisted by policy, the whitelist can be used to override that policy. since version Block images on these sites Specifies whether the user may open pages in Incognito mode in . If 'Enabled' is selected, pages may be opened in Incognito mode. If 'Disabled' is selected, pages may not be opened in Incognito mode. If 'Forced' is selected, pages may be opened ONLY in Incognito mode. Maximum number of concurrent connections to the proxy server Controls whether third-party sub-content on a page is allowed to pop up an HTTP Basic Auth dialogue box. Typically, this is disabled as a phishing defence. Configures extension-related policies. The user is not allowed to install blacklisted extensions unless they are whitelisted. You can also force to automatically install extensions by specifying them in . The blacklist takes precedence over the list of forced extensions. Specifies the keyword, which is the shortcut used in the omnibox to trigger the search for this provider. Optional. Import of homepage from default browser on first run Enable firewall traversal from remote access host Default search provider Allow plug-ins on these sites Specify a list of plug-ins that the user can enable or disable Address or URL of proxy server Use fixed proxy servers Disable plug-in finder Release channel Allows you to specify the behaviour on startup. If you choose 'Open home page' the home page will always be opened when you start . If you choose 'Reopen the URLs that were open last', the URLs that were open last time was closed will be reopened. If you choose 'Open a list of URLs', the list of 'URLs to open on startup' will be opened when a user starts . If you enable this setting, users cannot change or override it in . Disabling this setting is equivalent to leaving it unconfigured. The user will still be able to change it in . Data Types List of enabled plug-ins Enable lock when ChromeOS devices become idle or suspended. If you enable this setting, users will be asked for a password to unlock ChromeOS devices from sleep. If you disable this setting, users will not be asked for a password to wake ChromeOS devices from sleep. If you enable or disable this setting, users cannot change or override this setting in . Enables usage of STUN and relay servers when remote clients are trying to establish a connection to this machine. If this setting is enabled, then remote clients can discover and connect to this machine even if they are separated by a firewall. If this setting is disabled and outgoing UDP connections are filtered by the firewall, then this machine will only allow connections from client machines within the local network. Allow users to show passwords in Password Manager Configure the default home page in and prevent users from changing it. The user's home page settings are only completely locked down, if you either select the home page to be the new tab page, or set it to be a URL and specify a home page URL. If you don't specify the home page URL, then the user is still able to set the home page to the new tab page by specifying 'chrome://newtab'. Import browsing history from default browser on first run Startup pages: This policy forces the browsing history to be imported from the current default browser, if enabled. If disabled, no browsing history is imported. If it is not configured, the default behaviour is used. If enabled, this policy also affects the import dialogue. Configures the password manager. If the password manager is enabled, then you can choose to enable or disable whether the user may show stored passwords in clear text. Default images setting Incognito mode disabled. Allow JavaScript on these sites Do not allow any site to show desktop notifications Automatically select client certificates for these sites Disable Developer Tools Configure the list of force-installed extensions Allows you to set whether websites are allowed to automatically run plug-ins. Automatically running plug-ins can be either allowed for all websites or denied for all websites. Disables use of the SPDY protocol in . Enable Safe Browsing Block plug-ins on these sites Allow session only cookies on these sites Password manager Specifies whether the generated Kerberos SPN should include a non-standard port. If you enable this setting, and a non-standard port (i.e., a port other than 80 or 443) is entered, it will be included in the generated Kerberos SPN. If you disable this setting, the generated Kerberos SPN will not include a port in any case. Enable proxy Enables or disables editing bookmarks in . If you enable this setting, bookmarks can be added, removed or modified. This is the default. If you disable this setting, bookmarks cannot be added, removed or modified. Existing bookmarks are still available. Mac/Linux preference name: Allows you to set a list of url patterns that specify sites which are not allowed to set cookies. Set Chrome as Default Browser Allow all sites to show all images URL to a proxy .pac file Disables data synchronisation in using Google-hosted synchronisation services and prevents users from changing this setting. If you enable this setting, users cannot change or override this setting in . Extension IDs the user should be prevented from installing (or * for all) Allows access to local files on the machine by allowing to display file selection dialogues. If you enable this setting, users can open file selection dialogues as normal. If you disable this setting, whenever the user performs an action which would provoke a file selection dialogue (like importing bookmarks, uploading files, saving links etc.) a message is displayed instead and the user is assumed to have clicked Cancel on the file selection dialogue. If this setting is not set, users can open file selection dialogues as normal. Dynamic Policy Refresh Configures the directory that will use for storing user data. If you set this policy, will use the directory provided. Allows you to set a list of url patterns that specify sites which are allowed to display images. . Yes Use the host browser by default Import search engines from default browser on first run Configure the home page URL Enables saving passwords and using saved passwords in . If you enable this setting, users can have memorise passwords and provide them automatically the next time they log in to a site. If you disable this setting, users are not able to save passwords or use already saved passwords. If you enable or disable this setting, users cannot change or override this setting in . Disable CNAME lookup when negotiating Kerberos authentication Enables the integrated Google Translate service on . If you enable this setting, will show an integrated toolbar offering to translate the page for the user, when appropriate. If you disable this setting, users will never see the translation bar. If you enable or disable this setting, users cannot change or override this setting in . Configures the directory that will use for storing user data. If you set this policy, will use the provided directory regardless of whether the user has specified the '--user-data-dir' flag or not. Incognito mode availability. Enable alternate error pages Specifies the name of the default search provider. If left empty, the host name specified by the search URL will be used. deprecated Disable saving browser history Ask every time a site wants to show desktop notifications Extensions Allows you to specify the proxy server used by file'. For detailed examples, visit: If you enable this setting, ignores all proxy-related options specified from the command line. Auto detect proxy settings Open home page This policy forces bookmarks to be imported from the current default browser, if enabled. If disabled, no bookmarks are imported. If it is not configured, the default behaviour is used. If enabled, this policy also affects the import dialogue. Do not allow any site to show images List of disabled plug-ins Open a list of URLs Default cookies setting Enables the use of a default search provider. If you enable this setting, a default search is performed when the user types text in the omnibox that is not a URL. You can specify the default search provider to be used by setting the rest of the default search policies. If these are left empty, the user can choose the default provider. If you disable this setting, no search is performed when the user enters non-URL text in the omnibox. If you enable or disable this setting, users cannot change or override this setting in . Back to top Allows you to set whether websites are allowed to run JavaScript. Running JavaScript can be either allowed for all websites or denied for all websites. No Allow sites to track the users' physical location Configures the default home page URL in and prevents users from changing it. The home page type can either be set to a URL you specify here or set to the New Tab Page. If you select the New Tab Page, then this policy is ignored. If you enable this setting, users cannot change their home page URL in , but they can still can choose the New Tab Page as their home page. Manually specify proxy settings Stable channel Allows you to set whether websites are allowed to display images. Displaying images can be either allowed for all websites or denied for all websites. Extension IDs to exempt from the blacklist Allows you to set a list of url patterns that specify sites which are not allowed to display images. Configures the application locale in and prevents users from changing the locale. If you enable this setting, uses the specified locale. If the configured locale is not supported, 'en-US' is used instead. If this setting is disabled or not configured, uses either the user-specified preferred locale (if configured), the system locale or the fallback locale 'en-US'. Allows access to a list of URLs Action on startup Allows you to set a list of url patterns that specify sites which are not allowed to run JavaScript. Specifies which GSSAPI library to be used for HTTP Authentication. You can set either just a library name, or a full path. If no setting is provided, will fall back to using a default library name. This policy forces the saved passwords to be imported from the previous default browser, if enabled. If disabled, the saved passwords are not imported. If it is not configured, the default behaviour is used. If enabled, this policy also affects the import dialogue. instead. Allows you to specify the proxy server used by file' and 'Comma-separated list of proxy bypass rules'. For detailed examples, visit: If you enable this setting, ignores all proxy-related options specified from the command line. Blocks third-party cookies. Enabling this setting prevents cookies from being set by web page elements that are not from the domain that is in the browser's address bar. Disabling this setting allows cookies to be set by web page elements that are not from the domain that is in the browser's address bar and prevents users from changing this setting. setting Microsoft Windows XP SP2 or later will bypass any proxy for the list of hosts given here. This policy only takes effect if you have selected manual proxy settings at 'Choose how to specify proxy server settings'. For more detailed examples, visit: Dev channel (may be unstable) Proxy bypass rules Set user data directory Incognito mode forced. Configures the directory that will use for storing cached files on the disk. If you set this policy, will use the directory provided, regardless of whether the user has specified the '--disk-cache-dir' flag or not. will be disabled in . Enables to act as a proxy between and legacy printers connected to the machine. If this setting is enabled or not configured, users can enable the cloud print proxy by authentication with their Google account. If this setting is disabled, users cannot enable the proxy, and the machine will not be allowed to share it's printers with . Enables network prediction in and prevents users from changing this setting. If you enable or disable this setting, users cannot change or override this setting in . Disable support for 3D graphics APIs Allows you to specify a list of URL patterns that specify sites for which should automatically select a client certificate, if the site requests a certificate. This is the list of policies that respects. You don't need to change these settings by hand! You can download easy-to-use templates from . The list of supported policies is the same for Chromium and Google Chrome, but their Windows registry locations differ. It starts with for Chromium policies and with for Google Chrome policies. preferences Enable firewall traversal from remote access client Allows pushing network configuration to be applied per-user to a device. The network configuration is a JSON-formatted string as defined by the Open Network Configuration format described at https://sites.google.com/a/chromium.org/dev/chromium-os/chromiumos-design-docs/open-network-configuration Authentication server whitelist Allow pop-ups on these sites Enable Incognito mode Allows to run plug-ins that require authorisation. If you enable this setting, plug-ins that are not outdated always run. If this setting is disabled or not set, users will be asked for permission to run plug-ins that require authorisation. These are plug-ins that can compromise security. Comma-separated list of proxy bypass rules Always runs plug-ins that require authorisation Homepage Servers to which that may delegate. Description Do not allow any site to set local data Block third-party cookies Allows you to specify the proxy server used by and prevents users from changing proxy settings. If you choose never to use a proxy server and always connect directly, all other options are ignored. If you choose to auto detect the proxy server, all other options are ignored. For detailed examples, visit: If you enable this setting, ignores all proxy-related options specified from the command line. Specifies the character encodings supported by the search provider. Encodings are code page names like UTF-8, GB2312 and ISO-8859-1. They are tried in the order provided. The default is UTF-8. This policy is an override for the "Clear cookies and other site data when I close my browser" content settings option. When set to True will delete all locally stored data from the browser when it is shut down. Show Home button on the toolbar Configure extension installation blacklist Use New Tab Page as homepage Controls whether the user may show passwords in clear text in the password manager. If you disable this setting, the password manager does not allow showing stored passwords in clear text in the password manager window. If you enable or do not configure this setting, users can view their passwords in clear text in the password manager. Content Settings allow you to specify how contents of a specific type (for example Cookies, Images or JavaScript) is handled. Block notifications from these sites Supported features: GSSAPI library name Allows you to set whether websites are allowed to set local data. Setting local data can be either allowed for all websites or denied for all websites. URLs to open on startup Windows registry location: You can specify a URL to a proxy .pac file here. This policy only takes effect if you have selected manual proxy settings at 'Choose how to specify proxy server settings'. For detailed examples, visit: Block cookies on these sites Cross-origin HTTP Basic Auth prompts Clear site data on browser shutdown Specifies which servers should be whitelisted for integrated authentication. Integrated authentication is only enabled when receives an authentication challenge from a proxy or from a server which is in this permitted list. Separate multiple server names with commas. Wildcards (*) are allowed. Allow to handle the following content types. Allows you to set a list of URL patterns that specify sites which are allowed to display notifications. Allows you to configure the pages that are loaded on startup. The contents of the list 'URLs to open at startup' are ignored unless you select 'Open a list of URLs' in 'Action on startup'. Import bookmarks from default browser on first run Allows you to set a list of url patterns that specify sites which are allowed to run JavaScript. Set user data directory Default search provider keyword You can specify the URL of the proxy server here. This policy only takes effect if you have selected manual proxy settings at 'Choose how to specify proxy server settings'. For more options and detailed examples, visit: Enable Translate Specifies the URL of the search engine to be used when doing a default search. The URL should contain the string '', which will be replaced at query time by the terms the user is searching for. Ask whenever a site wants to track the users' physical location Do not allow any site to run JavaScript Allow SITE to show desktop notifications? Enable printing Default search provider icon Enables 's Safe Browsing feature and prevents users from changing this setting. If you enable this setting, Safe Browsing is always active. If you disable this setting, Safe Browsing is never active. If you enable or disable this setting, users cannot change or override this setting in . Policy Name Enables or disables bookmark editing Allows you to set a list of url patterns, which specify sites that are allowed to set cookies. Enables search suggestions in 's Omnibox and prevents users from changing this setting. If you enable this setting, search suggestions are used. If you disable this setting, search suggestions are never used. If you enable or disable this setting, users cannot change or override this setting in . Enables printing in and prevents users from changing this setting. If this setting is enabled or not configured, users can print. If this setting is disabled, users cannot print from . Printing is disabled in the wrench menu, extensions, JavaScript applications etc. It is still possible to print from plug-ins that bypass while printing. For example certain Flash applications have the print option in their context menu, and that will not be disabled. Configures the default search provider. You can specify the default search provider that the user will use or choose to disable default search. Specifies the maximum number of simultanious connections to the proxy server. Some proxy servers cannot handle a high number of concurrent connections per client; this can be solved by setting this policy to a lower value. The value of this policy should be lower than 100 and higher than 6, with the default value of 32. Some web apps are known to consume many connections with hanging GETs, so lowering below 32 may lead to browser networking hangs if too many such web apps are open. Lower below the default at your own risk. Supported authentication schemes Enable the default search provider Default notification settings This policy forces search engines to be imported from the current default browser, if enabled. If disabled, the default search engine is not imported. If it is not configured, the default behaviour is used. If enabled, this policy also affects the import dialogue. Configures the default browser checks in and prevents users from changing them. If you enable this setting, will always check, on startup, whether it is the default browser and automatically register itself if possible. If this setting is disabled, will never check if it is the default browser and will disable user controls for setting this option. If this setting is not set, will allow the user to control whether it is the default browser and whether user notifications should be shown when it isn't. Always render the following URL patterns in the host browser Block access to a list of URLs setting Do not allow any site to show pop-ups Policies related to integrated HTTP authentication. This policy is deprecated. Please, use IncognitoModeAvailability instead. Enables Incognito mode in . If this setting is enabled or not configured, users can open web pages in Incognito mode. If this setting is disabled, users cannot open web pages in Incognito mode. Allows you to set whether websites are allowed to display desktop notifications. Displaying desktop notifications can be allowed by default, denied by default or the user can be asked every time a website wants to show desktop notifications. Set disk cache directory Specifies the period in milliseconds at which the device management service is queried for policy information. Setting this policy overrides the default value of 3 hours. Valid values for this policy range between 1800000 (30 minutes) and 86400000 (1 day). Any values not in this range will be clamped to the respective boundary. Specifies whether the generated Kerberos SPN is based on the canonical DNS name or the original name entered. If you enable this setting, CNAME lookup will be skipped and the server name will be used as entered. If you disable this setting, the canonical name of the server will be determined via CNAME lookup. Blocks access to the URLs listed. This policy prevents the user from loading web pages from blacklisted URLs. A URL has the format 'scheme://host:port/path'. The optional scheme can be http, https or ftp. Only this scheme will be blocked; if none is specified, all schemes are blocked. The host can be a hostname or an IP address. Sub-domains of a hostname will also be blocked. To prevent blocking of sub-domains, include a '.' before the hostname. The special hostname '*' will block all domains. The optional port is a valid port number from 1 to 65535. If none is specified, all ports are blocked. If the optional path is specified, only paths with that prefix will be blocked. Exceptions can be defined in the URL whitelist policy. These policies are limited to 100 entries; subsequent entries will be ignored. Proxy server Allow all sites to show pop-ups Block all plug-ins Block pop-ups on these sites Enable Instant Allow running plug-ins that are outdated . Allow all sites to set local data. User-level network configuration Allows you to set a list of url patterns that specify sites which are allowed to set session-only cookies. Default search provider search URL Disable URL protocol schemes Reopen the pages that were opened last Specifies the URL of the search engine used to provide search suggestions. The URL should contain the string '', which will be replaced at query time by the text the user has entered so far. Optional. Default search provider instant URL This policy forces the homepage to be imported from the current default browser, if enabled. If disabled, the homepage is not imported. If it is not configured, the default behaviour is used. Supported on: Enables 's Instant feature and prevents users from changing this setting. If you enable this setting, Instant is enabled. If you disable this setting, Instant is disabled. If you enable or disable this setting, users cannot change or override this setting. Default search provider encodings Specifies a list of plug-ins that are enabled in and prevents users from changing this setting. The wildcard characters '*' and '?' can be used to match sequences of arbitrary characters. '*' matches an arbitrary number of characters while '?' specifies an optional single character, i.e. matches zero or one characters. The escape character is '\', so to match actual '*', '?' or '\' characters, you can put a '\' in front of them. The specified list of plug-ins is always used in if they are installed. The plug-ins are marked as enabled in 'about:plugins' and users cannot disable them. Note that this policy overrides both Disabledplugins and DisabledpluginsExceptions. Enable network prediction. Description: Configures the directory that will use for downloading files. If you set this policy, will use the provided directory regardless of whether the user has specified a different directory or enabled the flag to be prompted for a download location every time. . Default HTML renderer for List of exceptions to the list of disabled plugins Set download directory When set to True, promotions for Chrome Web Store apps will not appear on the new tab page. Specify a list of enabled plug-ins Import saved passwords from default browser on first run Disables saving browser history in and prevents users from changing this setting. If this setting is enabled, browsing history is not saved. If this setting is disabled or not configured, browsing history is saved. Allow all sites to run JavaScript (recommended) Allows pushing network configuration to be applied for all users of a device. The network configuration is a JSON-formatted string as defined by the Open Network Configuration format described at https://sites.google.com/a/chromium.org/dev/chromium-os/chromiumos-design-docs/open-network-configuration Enables the bookmark bar on . If you enable this setting, will show a bookmark bar. If you disable this setting, users will never see the bookmark bar. If you enable or disable this setting, users cannot change or override it in . Disable synchronisation of data with Google Content Settings . Shows the Home button on 's toolbar. If you enable this setting, the Home button is always shown. If you disable this setting, the Home button is never shown. If you enable or disable this setting, users cannot change or override this setting in . Always render the following URL patterns in . Configure extension installation whitelist Choose how to specify proxy server settings Use system proxy settings Enable JavaScript Allow all sites to automatically run plug-ins finder should be disabled can be either allowed for all websites or denied for all websites. Incognito mode available. Default search provider name Refresh rate for user policy Kerberos delegation server whitelist Specifies which HTTP Authentication schemes are supported by . Possible values are 'basic', 'digest', 'ntlm' and 'negotiate'. Separate multiple values with commas. Console will be disabled. Disables the listed protocol schemes in . URLs using a scheme from this list will not load and cannot be navigated to. Enables usage of STUN and relay servers when connecting to a remote client. If this setting is enabled, then this machine can discover and connect to remote host machines even if they are separated by a firewall. If this setting is disabled and outgoing UDP connections are filtered by the firewall, then this machine can only connect to host machines within the local network. Disable SPDY protocol Specify a list of disabled plug-ins Allows you to set whether websites are allowed to track the users' physical location. Tracking the users' physical location can be allowed by default, denied by default or the user can be asked every time a website requests the physical location. Customise the list of URL patterns that should always be rendered by . For example patterns see http://www.chromium.org/developers/how-tos/chrome-frame-getting-started. Enable reporting of usage and crash-related data Allow images on these sites . Specifies the release channel to which this device should be locked. This policy is a work in progress; currently, the user can still change the release channel even if it's specified by the policy. Use a .pac proxy script until version Enable search suggestions Refresh rate for Device Policy Enable Bookmark Bar when is installed. The default setting is to allow the host browser do the rendering, but you can optionally override this and have render HTML pages by default. Allows you to configure the default HTML renderer when is installed. The default setting is to allow the host browser do the rendering, but you can optionally override this and have render HTML pages by default. Prevent app promotions from appearing on the new tab page Allow notifications on these sites Customise the list of URL patterns that should always be rendered by the host browser. For example patterns see http://www.chromium.org/developers/how-tos/chrome-frame-getting-started Specifies the period in milliseconds at which the device management service is queried for policy information. Setting this policy overrides the default value of 3 hours. Valid values for this policy range between 1800000 (30 minutes) and 86400000 (1 day). Any values not in this range will be clamped to the respective boundary. Configure remote access options Specifies a list of plug-ins that user can enable or disable in characters '*' and '?' can be used to match sequences of arbitrary characters. '*' matches an arbitrary number of characters while '?' specifies an optional single character, i.e. matches zero or one characters. The escape character is '\', so to match actual '*', '?' or '\' characters, you can put a '\' in front of them. If you enable this setting, the specified list of plug-ins can be used in . Allows . Configure remote access options in . These features are ignored unless the Remote Access web application is installed. Allows you to specify a list of extensions that will be installed silently, without user interaction. Each item of the list is a string, that contains an extension ID and an update URL delimited by a semicolon (). For example: . For each item, will retrieve the extension specified by the ID from the specified URL and silently install it. The following pages explain how you can host extensions on your own server. About update URLs: , about hosting extensions in general: . Users will be unable to uninstall extensions that are specified by this policy. If you remove an extension from this list, then it will be automatically uninstalled by . Extensions that are blacklisted in 'ExtensionInstallBlacklist' and not whitelisted, cannot be force-installed by this policy. Specifies the favorite icon URL of the default search provider. Optional. Use by default Do not allow any site to track the users' physical location Default JavaScript setting Block JavaScript on these sites If 'Open a list of URLs' is selected as the startup action, this allows you to specify the list of URLs that are opened. Include non-standard port in Kerberos SPN Never use a proxy Device-level network configuration Home page URL Enables anonymous reporting of usage and crash-related data about to Google and prevents users from changing this setting. If you enable this setting, anonymous reporting of usage and crash-related data is sent to Google. If you disable this setting, anonymous reporting of usage and crash-related data is never sent to Google. If you enable or disable this setting, users cannot change or override this setting in . Enable lock when ChromeOS devices become idle or suspended. Enables the use of alternative error pages that are built into (such as 'page not found') and prevents users from changing this setting. If you enable this setting, alternative error pages are used. If you disable this setting, alternative error pages are never used. If you enable or disable this setting, users cannot change or override this setting in . Policies for HTTP Authentication Beta channel Enables 's AutoFill feature and allows users to auto complete web forms using previously stored information such as address or credit card information. If you disable this setting, AutoFill will be inaccessible to users. If you enable this setting or do not configure a value, AutoFill will remain under the control of the user. This will allow the user to configure AutoFill profiles and to switch AutoFill on or off at the user's own discretion. Configures the type of the default homepage in and prevents users from changing homepage preferences. The homepage can either be set to a URL that you specify or set to the New Tab Page. If you enable this setting, the New Tab Page will always be used as the homepage and the homepage URL location will be ignored. If you disable this setting, the user's homepage will never be the New Tab Page, unless its URL is set to 'chrome://newtab'. If you enable or disable this setting, users cannot change their homepage type in . Allows access to the URLs listed, as exceptions to the URL blacklist. See the description of the URL blacklist policy for the format of entries of this list. This policy can be used to open exceptions to restrictive blacklists. For example, '*' can be blacklisted to block all requests and this policy can be used to allow access to a limited list of URLs. It can be used to open exceptions to certain schemes, sub-domains of other domains, ports or specific paths. The most specific filter will determine if a URL is blocked or allowed. The whitelist takes precedence over the blacklist. This policy is limited to 100 entries; subsequent entries will be ignored. Allow cookies on these sites Allows you to set a list of URL patterns that specify sites which are not allowed to display notifications. Enables JavaScript in and prevents users from changing this setting. If this setting is enabled or not configured, web pages can use JavaScript. If this setting is disabled, web pages cannot use JavaScript. Specifies a list of plug-ins that are disabled in and prevents users from changing this setting. The wildcard characters '*' and '?' can be used to match sequences of arbitrary characters. '*' matches an arbitrary number of characters while '?' specifies an optional single character, i.e. matches zero or one characters. The escape character is '\', so to match actual '*', '?' or '\' characters, you can put a '\' in front of them. If you enable this setting, the specified list of plug-ins is never used in . The plug-ins are marked as disabled in 'about:plugins' and users cannot enable them. Note that this policy can be overriden by Enabledplugins and DisabledpluginsExceptions.