Chrome ExtensionInstallBlocklist Group Policy Audit
Operating System SecurityList Devices With the „ExtensionInstallBlocklist“ Group Policy Enabled
With Chrome being the most popular browser by far, it is important that you manage the browser well, after all it is one of the last lines of defense to protect users from clicking malicious links or downloading the wrong file. One of those ways that users can easily make a mistake, is by installing one of Chrome’s extensions. It is not uncommon that malicious extensions are approved in Chrome’s web store, or that existing extensions get modified by a malicious actor. In these cases extensions could steal browser history data, steal form inputs or redirect users to malicious sites. All reasons to ensure you manage which extensions a user is allowed to use.
Using this block list group policy is just one of the possible measures, to explore all of them you can find more info in the Pro Tips blog post.
Google Chrome ExtensionInstallBlocklist GP Query
Select Top 1000000 tblAssets.AssetID, tblAssets.AssetName, tblAssets.Domain, tblAssets.Username, tblAssets.Userdomain, Coalesce(tsysOS.Image, tsysAssetTypes.AssetTypeIcon10) As icon, tblAssets.IPAddress, tsysIPLocations.IPLocation, tblAssetCustom.Manufacturer, tblAssetCustom.Model, tsysOS.OSname As OS, tblAssets.Version, tblAssets.SP, Case When TsysLastscan.Lasttime < GetDate() - 1 Then 'Last registry scan more than 24 hours ago! Information may not be up-to-date. Try rescanning this machine.' End As Comment, Case When SubQuery1.Valuename Is Not Null And SubQuery1.Valuename <> '' Then 'Yes' Else 'No' End As ValuenameFound, SubQuery1.Value, Case When tblErrors.ErrorText Is Not Null Or tblErrors.ErrorText != '' Then 'Scanning Error: ' + tsysasseterrortypes.ErrorMsg Else '' End As ScanningErrors, TsysLastscan.Lasttime As LastRegistryScan, SubQuery1.Lastchanged, tblAssets.Firstseen, tblAssets.Lastseen, tblAssets.Lasttried From tblAssets Inner Join tblAssetCustom On tblAssets.AssetID = tblAssetCustom.AssetID Inner Join tsysAssetTypes On tsysAssetTypes.AssetType = tblAssets.Assettype Inner Join tsysIPLocations On tsysIPLocations.LocationID = tblAssets.LocationID Inner Join tblState On tblState.State = tblAssetCustom.State Left Join tsysOS On tsysOS.OScode = tblAssets.OScode Left Join (Select Distinct Top 1000000 tblErrors.AssetID As ID, Max(tblErrors.Teller) As ErrorID From tblErrors Group By tblErrors.AssetID) As ScanningError On tblAssets.AssetID = ScanningError.ID Left Join tblErrors On ScanningError.ErrorID = tblErrors.Teller Left Join tsysasseterrortypes On tsysasseterrortypes.Errortype = tblErrors.ErrorType Inner Join TsysLastscan On tblAssets.AssetID = TsysLastscan.AssetID Inner Join TsysWaittime On TsysWaittime.CFGCode = TsysLastscan.CFGcode Left Join (Select Top 1000000 tblRegistry.AssetID, tblRegistry.Regkey, tblRegistry.Valuename, tblRegistry.Value, tblRegistry.Lastchanged From tblRegistry Where tblRegistry.Regkey Like '%Software\Policies\Google\Chrome\ExtensionInstallBlocklist' And (tblRegistry.Valuename = '1' Or tblRegistry.Valuename = '2' Or tblRegistry.Valuename = '3' Or tblRegistry.Valuename = '4' Or tblRegistry.Valuename = '5')) SubQuery1 On SubQuery1.AssetID = tblAssets.AssetID Where tblAssetCustom.State = 1 And TsysWaittime.CFGname = 'registry' Order By tblAssets.Domain, tblAssets.AssetName, SubQuery1.value