Users can delete browser history even when the policy prevents it. |
|||||
Issue descriptionChrome Version: 66.0.3359.117 OS: Win10 / maybe all What steps will reproduce the problem? (1) Configure the AllowDeletingBrowserHistory policy to prevent deleting browser history. (2) Go to Settings - Manage Other People. Delete the user profile (if only one, it has the name "You"). (3) All browser history is deleted. What is the expected result? Not being able to delete browser history, if policy prevents it. What happens instead? All browser history is deleted. Reference this forum post https://productforums.google.com/forum/#!topic/chrome-admins/46nXDWDRPcY;context-place=forum/chrome-admins
,
Apr 19 2018
,
Apr 20 2018
Thanks for filing the issue. We are unable to reproduce the issue on Windows 10 Enterprise setup using chrome reported version-66.0.3359.117(stable) & latest dev-67.0.3396.10 as per the steps mentioned in C#0. User unable to delete history when we Disable 'Enable delete history' policy. Please find the attached screencast for reference & let us know if we anything to reproduce the issue.
,
Apr 20 2018
Read the description again, specifically step (2). (2) Go to Settings - Manage Other People. Delete the user profile (if only one, it has the name "You"). Yes, chrome://settings/clearBrowserData cannot be used if AllowDeletingBrowserHistory is set. That's not the issue. By deleting their profile, users CAN clear their browsing history. More detailed steps: chrome://settings "People" section Find and click the "Manage other people" line. (see pic settings.jpg) That pops up a window showing all user profiles. If only one, it has the name "You". (see pic you.jpg) Select the three vertical buttons on the upper right to present a popup window with the choice "Remove this person". (see pic delete1.jpg) Removing the user allows deletion of browser history. (see pic delete2.jpg) Thus, it is possible to delete browser history even when policy prevents it, by deleting the user profile.
,
Apr 20 2018
Although this is true, we make no hard guarantees for that policy. After all, users can just delete their user profile manually as well, and there's nothing Chrome can do about it. I will keep this open as P3.
,
May 1 2018
A non escalated user shouldn't have file system level access to remove their user profile manually so I have have no response to the previous comment. However there is an expectation, however inaccurate that when AllowDeletingBrowserHistory is set a user shouldn't be able to delete their use profile in 2 clicks circumventing it. At the very least it would be nice to have a AllowUserPorfileRemoval operating independent or as a dependency to the other,
,
May 7 2018
Having a new policy to control profile removal makes sense to me, please open a new bug for that and assign it to me. But I'll reiterate that determined users can still delete their data, unless there is something else explicitly blocking them from doing so. They don't need elevation, as Chrome is running in user mode, so the profile it's writing is fully owned by that user I'm closing this as WontFix, feel free to open a new feature request for the other policy. |
|||||
►
Sign in to add a comment |
|||||
Comment 1 by mheinsohn@chromium.org
, Apr 19 2018