How to block un-installation of extensions in Chrome/Chromium, using ExtensionInstallForcelist?

In order to prevent de-installation of the chrome extension "stayfocusd" In a windows 10 pc with both Chrome Version 67.0.3396.62 (Official Build) (64-bit) and chromium Version 67.0.3396.62 (Official Build) (64-bit) installed, I took the following steps:

  1. Downloaded the synced version of Chromium from: https://chromium.woolyss.com/

  2. Went to: https://chrome.google.com/webstore/search/ and installed stayfocusd

  3. Pressed start, typed> "regedit">enter
  4. In the registry browsed to: Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Policies
  5. Right mouse Button (RMB) clicked on "Policies"
  6. Clicked: New>Key>
  7. Named the new Key "Google"
  8. repeated the process untill I created the following path in the registry: Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome\ExtensionInstallForcelist

  9. Then in the white field next to it RMB>New>string value

  10. Named the string 1
  11. Gave the string the following value: laankejkbhbdhmipfmgcngdelahlfoji (That is the 32 character-ID of the stayfocusd extension)
  12. repeated the process for the following folder in the registry: Computer\HKEY_CURRENT_USER\Software\Policies\Chrome\ExtensionInstallForcelist
  13. Yielding:

This picture but then for both folders to illustrate the process.

  1. Closed Chromium
  2. Rebooted the pc.

Then I opened Chromium again, but I was still able to uninstall stayfocusd without any problems.

Does anyone have any suggestions on what I did wrong, or what I forgot, or another way to prevent de-installation of the stayfocusd extension?

Problem analysis:

0. Currently I think the problem might be that I do not add a reference to the location where the stayfocusd extension is hosted as in some of the examples of the documentation is done here:

Windows (Windows clients): Software\Policies\Google\Chrome\ExtensionInstallForcelist\1 = "gbchcmhmhahfdphkhkmpfmihenigjmpp;https://clients2.google.com/service/update2/crx"

Software\Policies\Google\Chrome\ExtensionInstallForcelist\2 = "abcdefghijklmnopabcdefghijklmnop"

However I do not understand/cannot find how to supply that equivalent link for the stayfocusd extension. And I would think that its source to perform a re-installation should not be a determining factor in whether it would be able to prevent de-installation, but that is an assumption, which I am currently not able to test because I did not find that equivalent hosting link yet.

  1. Another cause of the problem might be that I had to manually create the policy folders for google, which could be an indication that the chromium browser does not look at that location for its policies at a different registry location.

To test this I have searched for the "ExtensionInstallForcelist" but was unable to locate the folder in the registry before I had manually created them. Now that I have created them I do not know how to continue searching after it finds the first instance that I have created, so I cannot check if there is an additional location where the "ExtensionInstallForcelist" folder existst which I did not create.

Any suggestions are much appreciated!


Solution 1:

Preventing un-installation of any webstore extension in Chrome, not Chromium. Using the example of stayfocusd!: I am currently not sure if step 1 is needed, you can first try it without step 1 to see if it works. If it does please leave a comment with confirmation or not.

  1. As explained in: https://dev.chromium.org/administrators/policy-list-3#ExtensionInstallForcelist

  2. downloaded the following templates from: https://www.chromium.org/administrators/policy-templates "ZIP file of ADM/ADMX/JSON templates and documentation"= https://dl.google.com/dl/edgedl/chrome/policy/policy_templates.zip

  3. copied:

C:\Users\<Your username>\Downloads\policy_templates\windows\admx\en-US\chrome.adml C:\Users\<Your username>\Downloads\policy_templates\windows\admx\en-US\Google.adml

to:

C:\Windows\PolicyDefinitions\en-US

and

C:\Users\<Your username>\Downloads\policy_templates\windows\admx\chrome.admx C:\Users\<Your username>\Downloads\policy_templates\windows\admx\google.admx

to:

C:\Windows\PolicyDefinitions\

  1. Then opened Local Group Policy Editor with:

start>"run">gpedit.msc

  1. Computer Configuration>Administrative tools>add/remove templates>add

opened:

C:\Users\<Your username>\Downloads\policy_templates\windows\adm\en-US\chrome.adm

  1. That adds the "Google" folder in the subfolder:

Computer configuration\Administrative Templates\

Yielding

Computer configuration\Administrative Templates\Google Chrome Computer configuration\Administrative Templates\Google Chrome - Default Settings(user can override)

  1. Then opened:

Computer configuration\Administrative Templates\Google Chrome\Extensions

Example screenshot

  1. in the window on the right (still in Local Group Policy Editor) I double clicked: Configure the list of force-installed apps and extensions

  2. Then in the new popped up window I changed:

Not Configured to:

Enabled

Example screenshot

  1. In the "Options" Pane, I clicked add, or show:

  2. In the value screen I added the following value(s) (ID(s) of the extension I want to force Install) Stayfocusd: laankejkbhbdhmipfmgcngdelahlfoji;https://clients2.google.com/service/update2/crx requestly mdnleldcmiljblolnjhpnblkcekpdkpa;https://clients2.google.com/service/update2/crx ad block plus cfhdojbkjhnklbpkdaibdccddilifddb;https://clients2.google.com/service/update2/crx

    *Note that just the ID without hosting url: laankejkbhbdhmipfmgcngdelahlfoji does NOT work. (Also if you are on a windows computer that is not part of a domain you cannot apply this method to InstallForceList extensions that are not in the Chrome Webstore.)

Example screenshot

  1. then I rebooted the system

  2. The policy can be checked by browsing to: chrome://policy

there you should see the InstallForceList extension.


Now that you cannot un-install the extensions anymore