Issue metadata
Sign in to add a comment
|
chrome.reg not working as it used to
Reported by
weaver.j...@gmail.com,
Apr 11 2017
|
||||||||||||||||||||||
Issue descriptionUserAgent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36 Steps to reproduce the problem: 1. Download chrome.reg file and edit as you would like 2. Merge the file with Windows Registry 3. Restart computer and launch Google Chrome and check if policies applied. What is the expected behavior? It normally works with non-domain computers where I am the administrator where Google Chrome should be able to pick those values up and use them as the chrome policies. What went wrong? Google Chrome didn't pick up the registry policies and use them. Policies are present in the Registry Editor. Did this work before? Yes Forgot when it last worked but it did work before in my environment. Chrome version: 57.0.2987.133 Channel: stable OS Version: 6.1 (Windows 7, Windows Server 2008 R2) Flash Version: Shockwave Flash 25.0 r0 I tried on three types of Windows 7, Home Premium, Professional, and Ultimate, none of them worked with the registry. The GPO still works with Pro and Ultimate. I know with one of the versions in the 50's it did get fixed then it went away again, even tested on Vista with version 49 and it still doesn't work there as well.
,
Apr 20 2017
Also wanted to add that it still doesn't work with 58.0.3029.81 chrome.reg file now included.
,
Apr 25 2017
The issue also persists with Chrome 58.0.3029.81
,
May 10 2017
Assigned to Julian for triage.
,
May 10 2017
Chrome will only read the registry on an AD joined machine. On non-ad joined machine it will only respect policies coming from GPO (set locally). This has been the case for many releases. We were discussing relaxing this requirement but there is no decision on that front until the security implications of this change have been all understood. +blumberg, georgesak for discussion of whether we want to allow reg only policies on non-AD machines again.
,
May 10 2017
Ok. All I know is that sometimes it would work and sometimes it wouldn't depending on the version
,
Nov 8 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/0acd1627a3481649ceb76eaebbf82a410419b02c commit 0acd1627a3481649ceb76eaebbf82a410419b02c Author: Julian Pastarmov <pastarmovj@chromium.org> Date: Wed Nov 08 11:06:15 2017 Revert to reading the registry in all cases. This change removes the logic to read GPO files instead of registry keys on non-domain-joined machines. It was supposed to increase the security of policy operations but in effect only made the logic harder to follow. Still some policies will only be respected if the computer is joined to an AD domain but the contents of the policies will only be read from the registry in all cases. BUG= 710641 TEST=existing unit tests. TBR=garykac@chromium.org Change-Id: Ic02d955de7f331370e92ce5a837d4e3b671eddc2 Reviewed-on: https://chromium-review.googlesource.com/756707 Commit-Queue: Julian Pastarmov <pastarmovj@chromium.org> Reviewed-by: Lutz Justen <ljusten@chromium.org> Cr-Commit-Position: refs/heads/master@{#514796} [delete] https://crrev.com/7b5439b5a01b843398dfc0f84945af0abb9f7f79/chrome/test/data/policy/gpo/bad/Registry.pol/.keep [delete] https://crrev.com/7b5439b5a01b843398dfc0f84945af0abb9f7f79/chrome/test/data/policy/gpo/empty/Registry.pol [delete] https://crrev.com/7b5439b5a01b843398dfc0f84945af0abb9f7f79/chrome/test/data/policy/gpo/extension_alternative_spelling/Registry.pol [delete] https://crrev.com/7b5439b5a01b843398dfc0f84945af0abb9f7f79/chrome/test/data/policy/gpo/test1/Registry.pol [delete] https://crrev.com/7b5439b5a01b843398dfc0f84945af0abb9f7f79/chrome/test/data/policy/gpo/test2/Registry.pol [modify] https://crrev.com/0acd1627a3481649ceb76eaebbf82a410419b02c/components/policy/core/common/policy_loader_win.cc [modify] https://crrev.com/0acd1627a3481649ceb76eaebbf82a410419b02c/components/policy/core/common/policy_loader_win.h [modify] https://crrev.com/0acd1627a3481649ceb76eaebbf82a410419b02c/components/policy/core/common/policy_loader_win_unittest.cc [modify] https://crrev.com/0acd1627a3481649ceb76eaebbf82a410419b02c/remoting/host/policy_watcher.cc
,
Nov 10 2017
FYI: the UMA Sampling Profiler detected that the change in comment 7 has resulted in a 41ms average improvement in pre-message loop start time on 64 bit Windows. (Congrats!) Execution profile flame graph diff between 64.0.3262.0 and 64.0.3263.0: https://uma.googleplex.com/p/chrome/callstacks?sid=603544892a95d183e601014bf6a9a864
,
Nov 13 2017
We now will always read from the registry instead of the mix of registry and POL file reading it used to do until now. This change will appear in Chrome 64 on the stable track.
,
Nov 23 2017
would it be better if the AD requirement completely?
,
Nov 23 2017
Re c#10: Not sure what you mean? If you are asking why some policies are still only respected in AD setups. It is because those are often abused by malware to lock users in settings they did not opt in for and/or can not get easily out of.
,
Nov 23 2017
Ok. |
|||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||
Comment 1 by ranjitkan@chromium.org
, Apr 12 2017