Extension IDs and update URLs to be silently installed Application locale Default search provider suggest URL Sample value Enable the password manager Allows you to specify which extensions the users cannot install. Extensions already installed will be removed if blacklisted. A blacklist value of * means all extensions are blacklisted unless they are explicitly listed in the white list. Specifies the URL of the search engine used to provide instant results. The URL should contain the string , which will be replaced at query time by the text the user has entered so far. Optional. List of disabled protocol schemes Default geolocation setting Enable AutoFill Allows you to specify which extensions are not subject to the blacklist. A blacklist value of * means all extensions are blacklisted and users can only install extensions listed in the whitelist. By default, all extensions are whitelisted, but if all extensions have been blacklisted by policy, the whitelist can be used to override that policy. since version Block images on these sites Controls whether third-party sub-content on a page is allowed to pop up an HTTP Basic Auth dialogue box. Typically, this is disabled as a phishing defence. Configures extension-related policies. The user is not allowed to install blacklisted extensions unless they are whitelisted. You can also force to automatically install extensions by specifying them in . The blacklist takes precedence over the list of forced extensions. Specifies the keyword, which is the shortcut used in the omnibox to trigger the search for this provider. Optional. Default search provider Allow plug-ins on these sites Specify a list of plug-ins that the user can enable or disable Address or URL of proxy server Use fixed proxy servers Disable plug-in finder Allows you to specify the behaviour on startup. If you choose 'Open home page' the home page will always be opened when you start . If you choose 'Reopen the URLs that were open last', the URLs that were open last time was closed will be reopened. If you choose 'Open a list of URLs', the list of 'URLs to open on startup' will be opened when a user starts . If you enable this setting, users cannot change or override it in . Disabling this setting is equivalent to leaving it unconfigured. The user will still be able to change it in . Data Types List of enabled plug-ins Enable lock when ChromeOS devices become idle or suspended. If you enable this setting, users will be asked for a password to unlock ChromeOS devices from sleep. If you disable this setting, users will not be asked for a password to wake ChromeOS devices from sleep. If you enable or disable this setting, users cannot change or override this setting in . Allow users to show passwords in Password Manager Enables the bookmark bar on the new tab page on . If you enable this setting, will show a bookmark bar on the "New tab" page. If you disable this setting, users will never see the bookmark bar. If you enable or disable this setting, users cannot change or override it in . Configure the default home page in and prevent users from changing it. The user's home page settings are only completely locked down, if you either select the home page to be the new tab page, or set it to be a URL and specify a home page URL. If you don't specify the home page URL, then the user is still able to set the home page to the new tab page by specifying 'chrome://newtab'. Startup pages: Configures the password manager. If the password manager is enabled, then you can choose to enable or disable whether the user may show stored passwords in clear text. Default images setting Allow JavaScript on these sites Do not allow any site to show desktop notifications Disable Developer Tools Configure the list of force-installed extensions Allows you to set whether websites are allowed to automatically run plug-ins. Automatically running plug-ins can be either allowed for all websites or denied for all websites. Disables use of the SPDY protocol in . Enable Safe Browsing Block plug-ins on these sites Allow session only cookies on these sites Password manager Specifies whether the generated Kerberos SPN should include a non-standard port. If you enable this setting, and a non-standard port (i.e., a port other than 80 or 443) is entered, it will be included in the generated Kerberos SPN. If you disable this setting, the generated Kerberos SPN will not include a port in any case. Enable proxy Enables or disables editing bookmarks in . If you enable this setting, bookmarks can be added, removed or modified. This is the default. If you disable this setting, bookmarks cannot be added, removed or modified. Existing bookmarks are still available. Mac/Linux preference name: Allows you to set a list of url patterns that specify sites which are not allowed to set cookies. Set Chrome as Default Browser Allow all sites to show all images URL to a proxy .pac file Disables data synchronisation in using Google-hosted synchronisation services and prevents users from changing this setting. If you enable this setting, users cannot change or override this setting in . Extension IDs the user should be prevented from installing (or * for all) Allows access to local files on the machine by allowing to display file selection dialogues. If you enable this setting, users can open file selection dialogues as normal. If you disable this setting, whenever the user performs an action which would provoke a file selection dialogue (like importing bookmarks, uploading files, saving links etc.) a message is displayed instead and the user is assumed to have clicked Cancel on the file selection dialogue. If this setting is not set, users can open file selection dialogues as normal. Dynamic Policy Refresh Configures the directory that will use for storing user data. If you set this policy, will use the directory provided. Allows you to set a list of url patterns that specify sites which are allowed to display images. . Yes Use the host browser by default Configure the home page URL Enables Incognito mode in . If this setting is enabled or not configured, users can open web pages in incognito mode. If this setting is disabled, users cannot open web pages in incognito mode. Enables saving passwords and using saved passwords in . If you enable this setting, users can have memorise passwords and provide them automatically the next time they log in to a site. If you disable this setting, users are not able to save passwords or use already saved passwords. If you enable or disable this setting, users cannot change or override this setting in . Disable CNAME lookup when negotiating Kerberos authentication Enables the integrated Google Translate service on . If you enable this setting, will show an integrated toolbar offering to translate the page for the user, when appropriate. If you disable this setting, users will never see the translation bar. If you enable or disable this setting, users cannot change or override this setting in . Configures the directory that will use for storing user data. If you set this policy, will use the provided directory regardless of whether the user has specified the '--user-data-dir' flag or not. Enable alternate error pages Specifies the name of the default search provider. If left empty, the host name specified by the search URL will be used. deprecated Disable saving browser history Ask every time a site wants to show desktop notifications Extensions Allows you to specify the proxy server used by file'. For detailed examples, visit: If you enable this setting, ignores all proxy-related options specified from the command line. Auto detect proxy settings Open home page Do not allow any site to show images List of disabled plug-ins Open a list of URLs Default cookies setting Enables the use of a default search provider. If you enable this setting, a default search is performed when the user types text in the omnibox that is not a URL. You can specify the default search provider to be used by setting the rest of the default search policies. If these are left empty, the user can choose the default provider. If you disable this setting, no search is performed when the user enters non-URL text in the omnibox. If you enable or disable this setting, users cannot change or override this setting in . Back to top Allows you to set whether websites are allowed to run JavaScript. Running JavaScript can be either allowed for all websites or denied for all websites. No Allow sites to track the users' physical location Configures the default home page URL in and prevents users from changing it. The home page type can either be set to a URL you specify here or set to the New Tab Page. If you select the New Tab Page, then this policy is ignored. If you enable this setting, users cannot change their home page URL in , but they can still can choose the New Tab Page as their home page. Manually specify proxy settings Allows you to set whether websites are allowed to display images. Displaying images can be either allowed for all websites or denied for all websites. Extension IDs to exempt from the blacklist Allows you to set a list of url patterns that specify sites which are not allowed to display images. Configures the application locale in and prevents users from changing the locale. If you enable this setting, uses the specified locale. If the configured locale is not supported, 'en-US' is used instead. If this setting is disabled or not configured, uses either the user-specified preferred locale (if configured), the system locale or the fallback locale 'en-US'. Action on startup Allows you to set a list of url patterns that specify sites which are not allowed to run JavaScript. Specifies which GSSAPI library to be used for HTTP Authentication. You can set either just a library name, or a full path. If no setting is provided, will fall back to using a default library name. instead. Allows you to specify the proxy server used by file' and 'Comma-separated list of proxy bypass rules'. For detailed examples, visit: If you enable this setting, ignores all proxy-related options specified from the command line. Blocks third-party cookies. Enabling this setting prevents cookies from being set by web page elements that are not from the domain that is in the browser's address bar. Disabling this setting allows cookies to be set by web page elements that are not from the domain that is in the browser's address bar and prevents users from changing this setting. setting Microsoft Windows XP SP2 or later will bypass any proxy for the list of hosts given here. This policy only takes effect if you have selected manual proxy settings at 'Choose how to specify proxy server settings'. For more detailed examples, visit: Proxy bypass rules Set user data directory Configures the directory that will use for storing cached files on the disk. If you set this policy, will use the directory provided, regardless of whether the user has specified the '--disk-cache-dir' flag or not. will be disabled in . Enables to act as a proxy between and legacy printers connected to the machine. If this setting is enabled or not configured, users can enable the cloud print proxy by authentication with their Google account. If this setting is disabled, users cannot enable the proxy, and the machine will not be allowed to share it's printers with . Enables network prediction in and prevents users from changing this setting. If you enable or disable this setting, users cannot change or override this setting in . Disable support for 3D graphics APIs This is the list of policies that respects. You don't need to change these settings by hand! You can download easy-to-use templates from . The list of supported policies is the same for Chromium and Google Chrome, but their Windows registry locations differ. It starts with for Chromium policies and with for Google Chrome policies. preferences Authentication server whitelist Allow pop-ups on these sites Enable Incognito mode Allows to run plug-ins that require authorisation. If you enable this setting, plug-ins that are not outdated always run. If this setting is disabled or not set, users will be asked for permission to run plug-ins that require authorisation. These are plug-ins that can compromise security. Comma-separated list of proxy bypass rules Always runs plug-ins that require authorisation Homepage Policy refresh rate Servers to which that may delegate. Description Do not allow any site to set local data Block third-party cookies Allows you to specify the proxy server used by and prevents users from changing proxy settings. If you choose never to use a proxy server and always connect directly, all other options are ignored. If you choose to auto detect the proxy server, all other options are ignored. For detailed examples, visit: If you enable this setting, ignores all proxy-related options specified from the command line. Specifies the character encodings supported by the search provider. Encodings are code page names like UTF-8, GB2312 and ISO-8859-1. They are tried in the order provided. The default is UTF-8. This policy is an override for the "Clear cookies and other site data when I close my browser" content settings option. When set to True will delete all locally stored data from the browser when it is shut down. Show Home button on the toolbar Configure extension installation blacklist Use New Tab Page as homepage Controls whether the user may show passwords in clear text in the password manager. If you disable this setting, the password manager does not allow showing stored passwords in clear text in the password manager window. If you enable or do not configure this setting, users can view their passwords in clear text in the password manager. Content Settings allow you to specify how contents of a specific type (for example Cookies, Images or JavaScript) is handled. Supported features: GSSAPI library name Allows you to set whether websites are allowed to set local data. Setting local data can be either allowed for all websites or denied for all websites. URLs to open on startup Windows registry location: You can specify a URL to a proxy .pac file here. This policy only takes effect if you have selected manual proxy settings at 'Choose how to specify proxy server settings'. For detailed examples, visit: Block cookies on these sites Cross-origin HTTP Basic Auth prompts Clear site data on browser shutdown Specifies which servers should be whitelisted for integrated authentication. Integrated authentication is only enabled when receives an authentication challenge from a proxy or from a server which is in this permitted list. Separate multiple server names with commas. Wildcards (*) are allowed. Allow to handle the following content types. Allows you to configure the pages that are loaded on startup. The contents of the list 'URLs to open at startup' are ignored unless you select 'Open a list of URLs' in 'Action on startup'. Allows you to set a list of url patterns that specify sites which are allowed to run JavaScript. Set user data directory Default search provider keyword You can specify the URL of the proxy server here. This policy only takes effect if you have selected manual proxy settings at 'Choose how to specify proxy server settings'. For more options and detailed examples, visit: Enable Translate Specifies the URL of the search engine to be used when doing a default search. The URL should contain the string '', which will be replaced at query time by the terms the user is searching for. Ask whenever a site wants to track the users' physical location Do not allow any site to run JavaScript Allow SITE to show desktop notifications? Enable printing Default search provider icon Enables 's Safe Browsing feature and prevents users from changing this setting. If you enable this setting, Safe Browsing is always active. If you disable this setting, Safe Browsing is never active. If you enable or disable this setting, users cannot change or override this setting in . Policy Name Enables or disables bookmark editing Allows you to set a list of url patterns, which specify sites that are allowed to set cookies. Enables search suggestions in 's Omnibox and prevents users from changing this setting. If you enable this setting, search suggestions are used. If you disable this setting, search suggestions are never used. If you enable or disable this setting, users cannot change or override this setting in . Enables printing in and prevents users from changing this setting. If this setting is enabled or not configured, users can print. If this setting is disabled, users cannot print from . Printing is disabled in the wrench menu, extensions, JavaScript applications etc. It is still possible to print from plug-ins that bypass while printing. For example certain Flash applications have the print option in their context menu, and that will not be disabled. Configures the default search provider. You can specify the default search provider that the user will use or choose to disable default search. Supported authentication schemes Enable the default search provider Default notification settings Configures the default browser checks in and prevents users from changing them. If you enable this setting, will always check, on startup, whether it is the default browser and automatically register itself if possible. If this setting is disabled, will never check if it is the default browser and will disable user controls for setting this option. If this setting is not set, will allow the user to control whether it is the default browser and whether user notifications should be shown when it isn't. Always render the following URL patterns in the host browser setting Do not allow any site to show pop-ups Policies related to integrated HTTP authentication. Allows you to set whether websites are allowed to display desktop notifications. Displaying desktop notifications can be allowed by default, denied by default or the user can be asked every time a website wants to show desktop notifications. Set disk cache directory Specifies whether the generated Kerberos SPN is based on the canonical DNS name or the original name entered. If you enable this setting, CNAME lookup will be skipped and the server name will be used as entered. If you disable this setting, the canonical name of the server will be determined via CNAME lookup. Proxy server Allow all sites to show pop-ups Block all plug-ins Block pop-ups on these sites Enable Instant Allow running plug-ins that are outdated . Allow all sites to set local data. Allows you to set a list of url patterns that specify sites which are allowed to set session-only cookies. Default search provider search URL Disable URL protocol schemes Reopen the pages that were opened last Specifies the URL of the search engine used to provide search suggestions. The URL should contain the string '', which will be replaced at query time by the text the user has entered so far. Optional. Default search provider instant URL Supported on: Enables 's Instant feature and prevents users from changing this setting. If you enable this setting, Instant is enabled. If you disable this setting, Instant is disabled. If you enable or disable this setting, users cannot change or override this setting. Default search provider encodings Specifies a list of plug-ins that are enabled in and prevents users from changing this setting. The wildcard characters '*' and '?' can be used to match sequences of arbitrary characters. '*' matches an arbitrary number of characters while '?' specifies an optional single character, i.e. matches zero or one characters. The escape character is '\', so to match actual '*', '?' or '\' characters, you can put a '\' in front of them. The specified list of plug-ins is always used in if they are installed. The plug-ins are marked as enabled in 'about:plugins' and users cannot disable them. Note that this policy overrides both Disabledplugins and DisabledpluginsExceptions. Enable network prediction. Description: Configures the directory that will use for downloading files. If you set this policy, will use the provided directory regardless of whether the user has specified a different directory or enabled the flag to be prompted for a download location every time. . Default HTML renderer for List of exceptions to the list of disabled plugins Set download directory Specify a list of enabled plug-ins Disables saving browser history in and prevents users from changing this setting. If this setting is enabled, browsing history is not saved. If this setting is disabled or not configured, browsing history is saved. Allow all sites to run JavaScript (recommended) Disable synchronisation of data with Google Content Settings . Shows the Home button on 's toolbar. If you enable this setting, the Home button is always shown. If you disable this setting, the Home button is never shown. If you enable or disable this setting, users cannot change or override this setting in . Always render the following URL patterns in . Configure extension installation whitelist Choose how to specify proxy server settings Use system proxy settings Enable JavaScript Allow all sites to automatically run plug-ins finder should be disabled can be either allowed for all websites or denied for all websites. Default search provider name Kerberos delegation server whitelist Specifies which HTTP Authentication schemes are supported by . Possible values are 'basic', 'digest', 'ntlm' and 'negotiate'. Separate multiple values with commas. Console will be disabled. Disables the listed protocol schemes in . URLs using a scheme from this list will not load and cannot be navigated to. Disable SPDY protocol Specify a list of disabled plug-ins Allows you to set whether websites are allowed to track the users' physical location. Tracking the users' physical location can be allowed by default, denied by default or the user can be asked every time a website requests the physical location. Customise the list of URL patterns that should always be rendered by . For example patterns see http://www.chromium.org/developers/how-tos/chrome-frame-getting-started. Enable reporting of usage and crash-related data Allow images on these sites . Use a .pac proxy script until version Enable search suggestions Enable Bookmark Bar when is installed. The default setting is to allow the host browser do the rendering, but you can optionally override this and have render HTML pages by default. Allows you to configure the default HTML renderer when is installed. The default setting is to allow the host browser do the rendering, but you can optionally override this and have render HTML pages by default. Customise the list of URL patterns that should always be rendered by the host browser. For example patterns see http://www.chromium.org/developers/how-tos/chrome-frame-getting-started Specifies a list of plug-ins that user can enable or disable in characters '*' and '?' can be used to match sequences of arbitrary characters. '*' matches an arbitrary number of characters while '?' specifies an optional single character, i.e. matches zero or one characters. The escape character is '\', so to match actual '*', '?' or '\' characters, you can put a '\' in front of them. If you enable this setting, the specified list of plug-ins can be used in . Allows . Allows you to specify a list of extensions that will be installed silently, without user interaction. Each item of the list is a string, that contains an extension ID and an update URL delimited by a semicolon (). For example: . For each item, will retrieve the extension specified by the ID from the specified URL and silently install it. The following pages explain how you can host extensions on your own server. About update URLs: , about hosting extensions in general: . Users will be unable to uninstall extensions that are specified by this policy. If you remove an extension from this list, then it will be automatically uninstalled by . Extensions that are blacklisted in 'ExtensionInstallBlacklist' and not whitelisted, cannot be force-installed by this policy. Specifies the favorite icon URL of the default search provider. Optional. Use by default Do not allow any site to track the users' physical location Default JavaScript setting Block JavaScript on these sites If 'Open a list of URLs' is selected as the startup action, this allows you to specify the list of URLs that are opened. Include non-standard port in Kerberos SPN Never use a proxy Home page URL Specifies the period in milliseconds at which the device management service is queried for policy information. Setting this policy overrides the default value of 3 hours. Valid values for this policy range between 30 minutes and 1 day. Any values not in this range will be clamped to the respective boundary. Enables anonymous reporting of usage and crash-related data about to Google and prevents users from changing this setting. If you enable this setting, anonymous reporting of usage and crash-related data is sent to Google. If you disable this setting, anonymous reporting of usage and crash-related data is never sent to Google. If you enable or disable this setting, users cannot change or override this setting in . Enable lock when ChromeOS devices become idle or suspended. Enables the use of alternative error pages that are built into (such as 'page not found') and prevents users from changing this setting. If you enable this setting, alternative error pages are used. If you disable this setting, alternative error pages are never used. If you enable or disable this setting, users cannot change or override this setting in . Policies for HTTP Authentication Enables 's AutoFill feature and allows users to auto complete web forms using previously stored information such as address or credit card information. If you disable this setting, AutoFill will be inaccessible to users. If you enable this setting or do not configure a value, AutoFill will remain under the control of the user. This will allow the user to configure AutoFill profiles and to switch AutoFill on or off at the user's own discretion. Configures the type of the default homepage in and prevents users from changing homepage preferences. The homepage can either be set to a URL that you specify or set to the New Tab Page. If you enable this setting, the New Tab Page will always be used as the homepage and the homepage URL location will be ignored. If you disable this setting, the user's homepage will never be the New Tab Page, unless its URL is set to 'chrome://newtab'. If you enable or disable this setting, users cannot change their homepage type in . Allow cookies on these sites Enables JavaScript in and prevents users from changing this setting. If this setting is enabled or not configured, web pages can use JavaScript. If this setting is disabled, web pages cannot use JavaScript. Specifies a list of plug-ins that are disabled in and prevents users from changing this setting. The wildcard characters '*' and '?' can be used to match sequences of arbitrary characters. '*' matches an arbitrary number of characters while '?' specifies an optional single character, i.e. matches zero or one characters. The escape character is '\', so to match actual '*', '?' or '\' characters, you can put a '\' in front of them. If you enable this setting, the specified list of plug-ins is never used in . The plug-ins are marked as disabled in 'about:plugins' and users cannot enable them. Note that this policy can be overriden by Enabledplugins and DisabledpluginsExceptions.