Hello,

Here's an update, I tried adding the registry key under HKEY_CURRENT_USER but I'm seeing the same issue.

Also tried setting the key as 1="*" to blacklist all extensions and it's not working either.

Finally, when opening chrome://policy it says no policies are set.

Thanks

Deleted: Capture.PNG 12.3 KB

	Capture.PNG 12.3 KB View Download

Checked, works on Chrome OS. Assigning to Windows folks for triage.

Hi Ligi,

Can you take a look and see if you can reproduce this on Windows?

I am taking a look at this issue, Will update soon.

Unable to reproduce the issue on latest Chrome stable i.e., 56.0.2924.76(32 and 64 bit) channel on Windows 10 please find the attached screenshot for reference. 

Note : I will check on Windows7 soon.

Deleted: GPO-policy.png 355 KB

	GPO-policy.png 355 KB View Download

@pbomm thank you!. How did you apply the policy on the machine? Asking because the full path of the registry key can't be seen on the screenshot, and that's how we are applying the setting in this scenario, not by GPO.

Thanks

You say you don't see the policy value appear in chrome://policy at all this means that you have rather an issue with loading the policies in Chrome rather than this particular policy. 

If your machines are not domain joined but have any group policy objects (GPO) applied through the local policy editor then Chrome will not load the registry contents but only check for Chrome policies in the GPO set. In this case you have to set the Chrome policies through the local policy editor as well.

Thank you for that answer, Pastarmovj. That does explain what I'm seeing in my environment: we do manually apply configurations via GPO at machine build (primarily renaming/disabling default Windows accounts).

Please confirm that, if GPO setting have been applied, the only means to ban or force removal of the a Chrome plugin is via GPO?

My situation: my team supports a global non-profit with 4500 computers deployed across 700+ offices. Due to available connectivity, local country laws, and our own corporate governance,setting up an organization-wide domain has simply not been feasible for us.  It is not possible to send IT support to each PC within a reasonable time-frame for emergency response, but likewise applying GPO setting via templates is technically beyond much of our staff (which means it is likely not to be done). 

We do have an enterprise asset management solution (BMC Client Management), which we would have used to push the Blacklisting reg key to our fleet.  However, without a dedicated uninstaller for the plug-in, or a command line and/or windows registry method a scripting a forced uninstall, BMC doesnt help here.  I'm hopeful that you know of another means to administratively remove and/or ban individual Chrome plugins; otherwise I must recommend removal of Chrome from our fleet as a security vulnerability, which I know will not be popular with our staff. 

@ pastarmovj: Request you to please respond as stated in the above comment to user.

Thanks.!

Unfortunately there is no way to circumvent this measure at the moment. We might relax the requirement to be joined to a domain to allow direct read from the registry in future versions but for the current version this is a fixed rule.

One way for you to apply GPOs to Chrome would be to craft a PS script and push it to your fleet through the asset management software you mention.

Here is the official documentation of MS on the topic: 
https://technet.microsoft.com/en-us/library/ee461027.aspx?f=255&MSPPError=-2147217396

There are some third party tools that claim to simplify this but might require you to audit them further: http://brandonpadgett.com/powershell/Local-gpo-powershell/

This looks like out of scope for TE, hence adding the respective label for it to  triage further.

I will close this issue for now since the way it works currently is as intended. I hope the workarounds in comment 13 will help you set up Chrome as intended.

I will start a discussion internally whether we want to release this restriction the upcoming versions of Chrome.