I had a request to add the Google Chrome web browser to our builds. This brought about a little challenge in that Google Chrome does not fully utilise MCX / Config profiles to control all of its settings, so its not quite as easy to manage as Safari.
With Firefox, we use the CCK to generate autoconfig files. We then have AutoPKG automatically download the latest ESR and add the CCK autoconfig files to the app bundle before wrapping it up in a nice installer package that is then imported directly into Munki which makes my life very easy. Hat tip to Greg Neagle for his AutoPKG recipes.
I was hoping to find something to make my life easier with Google Chrome but alas my Google-Fu failed me.
Here is what I have come up with that gets the job done for my environment.
So the first thing was to work out what we actually wanted to manage or setup for the user.
Items to manage
- Disable Google Auto Updates
- Set default home page
- Set the home page to open on launch, but not on new creation of new tabs or pages
- Disable default browser check
- Disable first run welcome screen
- Skip import history/bookmarks ect ect
- Disable saving of passwords
Config Profiles
So it turns out that one item is able to be managed via a config profile. Disabling of the Google Auto Update. This is disabled by simply setting the checkInterval
to 0
This then causes the Google Keystone auto update mechanism to never check for updates.
To create a profile for this, I first created the plist with the setting i wanted with the following command
defaults write com.google.Keystone.Agent checkInterval 0
Then I used MCX to Profile to generate a config profile from this plist. I won’t go into the details on how to create a profile from a plist with MCX to Profile because Tim has already written good documentation on his site.
Check it out at https://github.com/timsutton/mcxToProfile
Chrome Master Preferences
To manage pretty much everything else we will have to create some text files.
Google uses a file called “Google Chrome Master Preferences
” This file can contain some basic preference settings that will be applied. It should be stored in /Library/Google/Google Chrome Master Preferences
Below is the content of my Master Preferences file, its just plain JSON
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{ | |
"homepage" : "http://www.YOURHOMEPAGE.au/", | |
"homepage_is_newtabpage" : false, | |
"browser" : { | |
"show_home_button" : true, | |
"check_default_browser" : false | |
}, | |
"distribution" : { | |
"show_welcome_page" : false, | |
"skip_first_run_ui" : true, | |
"import_history" : false, | |
"import_bookmarks" : false, | |
"import_home_page" : false, | |
"import_search_engine" : false, | |
"suppress_first_run_bubble": true, | |
"suppress_first_run_default_browser_prompt": true | |
}, | |
"sync_promo" : { | |
"user_skipped" : true | |
}, | |
"first_run_tabs" : [ | |
"http://www.YOURHOMEPAGE.au/" | |
] | |
} |
Application Support
Chrome also requires some files to be placed in ~/Library/Application Support/Google/Chrome
These files set the rest of our preferences and also prevent the welcome screen/ first run screen from being shown at first launch
So first create a file called Preferences, this is in the same JSON format and looks similar to the Google Chrome Master Preferences file however some of the settings in this file can not be made in the Google Master Preferences file for some reason.
My file looks like this:
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{ | |
"apps": { | |
"shortcuts_version": 2 | |
}, | |
"autofill": { | |
"use_mac_address_book": false | |
}, | |
"browser": { | |
"check_default_browser": false, | |
"last_known_google_url": "https://www.google.com.au/", | |
"last_prompted_google_url": "https://www.google.com.au/", | |
"show_home_button": true, | |
"show_update_promotion_info_bar": false, | |
"window_placement": { | |
"always_on_top": false, | |
"bottom": 683, | |
"left": 10, | |
"maximized": false, | |
"right": 1060, | |
"top": 22, | |
"work_area_bottom": 727, | |
"work_area_left": 0, | |
"work_area_right": 1280, | |
"work_area_top": 22 | |
} | |
}, | |
"countryid_at_install": 16725, | |
"default_apps_install_state": 3, | |
"distribution": { | |
"import_bookmarks": false, | |
"import_history": false, | |
"import_home_page": false, | |
"import_search_engine": false, | |
"show_welcome_page": false, | |
"skip_first_run_ui": true, | |
"suppress_first_run_bubble": true, | |
"suppress_first_run_default_browser_prompt": true | |
}, | |
"first_run_tabs": [ "http://www.YOURPAGE.au/" ], | |
"homepage": "http://www.YOURPAGE.au/", | |
"homepage_is_newtabpage": false, | |
"hotword": { | |
"previous_language": "en-US" | |
}, | |
"intl": { | |
"accept_languages": "en-US,en" | |
}, | |
"invalidator": { | |
"client_id": "NPkJsIb50XkFfjJb1lH8SQ==" | |
}, | |
"media": { | |
"device_id_salt": "qPIPmfV9u7CJGs6aXx9DxA==" | |
}, | |
"pinned_tabs": [ ], | |
"plugins": { | |
"migrated_to_pepper_flash": true, | |
"plugins_list": [ ], | |
"removed_old_component_pepper_flash_settings": true | |
}, | |
"profile": { | |
"avatar_index": 26, | |
"content_settings": { | |
"clear_on_exit_migrated": true, | |
"pattern_pairs": { | |
}, | |
"pref_version": 1 | |
}, | |
"exit_type": "Normal", | |
"exited_cleanly": true, | |
"managed_user_id": "", | |
"name": "First user", | |
"password_manager_enabled": false, | |
"per_host_zoom_levels": { | |
} | |
}, | |
"proxy": { | |
"bypass_list": "", | |
"mode": "system", | |
"server": "" | |
}, | |
"session": { | |
"restore_on_startup": 4, | |
"restore_on_startup_migrated": true, | |
"startup_urls": [ "http://www.YOURPAGE.au/" ], | |
"startup_urls_migration_time": "13064995362418883" | |
}, | |
"sync_promo": { | |
"user_skipped": true | |
}, | |
"translate_blocked_languages": [ "en" ], | |
"translate_whitelists": { | |
} | |
} |
Now create a folder called Default inside ~/Library/Application Support/Google/Chrome and place the Preferences file inside this Default folder.
That will set up the default preferences.
First Run
Now to disable the first run / welcome screen, we have to create an empty file called First Run inside the ~/Library/Application Support/Google/Chrome folder. This can easily be achieved by simply using the touch
command ie.
touch "First Run"
Putting it all together
So now we have all the pieces we need, how do we deploy it to client machines?
Package it all up and craft some pre/post flight scripts.
Creating the package
First create a package that deploys our Google Chrome Master Preferences file into /Library/Google
We also need to store the other files that need to go into the users home folder. What I like to do is to store those items in the Scripts folder in /Library. Then I can copy them from there with a script later.
I like using Whitebox Packages to create my pkg’s
This is what my package looks like:
Now we get to the scripting part.
Pre-install script
First we will start with a pre-install script that will remove any pre-existing content, so that if we need to update these preferences later we can be sure that our package will remove any items before installing the new items.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# Author: Calum Hunter | |
# Date: 06/01/2016 | |
# Version: 0.2 | |
# | |
# Pre-install for Chrome Preferences | |
# Remove the existing preferences in the | |
# System user template if they exist | |
# Also remove the Google Master Preferences | |
# If it exists so that we can install a clean copy | |
# Remove Existing Master Preferences File if it exists | |
if [ -r "/Library/Google/Google Chrome Master Preferences" ]; then | |
rm -rf "/Library/Google/Google Chrome Master Preferences" | |
fi | |
# Remove Existing User Template Preferences | |
if [ -d "/System/Library/User Template/English.lproj/Library/Application Support/Google/Chrome" ]; then | |
rm -rf "/System/Library/User Template/English.lproj/Library/Application Support/Google/Chrome" | |
fi | |
exit 0 |
Post-install script
Once our package has placed our google preference files onto the machine, we will now run our post install script which will then install these files into the System User Template
, as well as go through any existing home folders on the machine and add them to their home directories.
This is basically what Casper users refer to as FUT (Fill User Template)
and FEU (Fill Existing Users (Folders))
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# Author: Calum Hunter | |
# Date: 06/01/2016 | |
# Version: 0.2 | |
# | |
# Post-install for Chrome Preferences | |
# Copy the Chrome template into the | |
# System User Template | |
# | |
# We should also check for existing users on the system | |
# that might have fallen through the gaps. | |
# If they do not already have a Google Chrome Profile/Template | |
# Then create one and copy our preferences in to it | |
# Where is our generic template | |
chrome_template="/Library/Scripts/YOUR_ORG_NAME/Google/Chrome" | |
# Get a list of our users in /Users – ignore some folders that are not user accounts | |
Users=($(find /Users -maxdepth 1 | grep -v -e ".localized" -e "Shared" -e "Deleted Users" -e ".DS_Store" | tail +2 | awk -F "/" '{print $3}')) | |
# Test if we have the Google Chrome folder already, if not create it. | |
if [ ! -d "/System/Library/User Template/English.lproj/Library/Application Support/Google/Chrome" ]; then | |
mkdir -p "/System/Library/User Template/English.lproj/Library/Application Support/Google/Chrome" | |
fi | |
# Copy our template into our User Template | |
cp -R /Library/Scripts/YOUR_ORG_NAME/Google/Chrome "/System/Library/User Template/English.lproj/Library/Application Support/Google/" | |
# Set the permissions appropriately | |
chown -R root:wheel "/System/Library/User Template/English.lproj/Library/Application Support/Google" | |
chmod 755 "/System/Library/User Template/English.lproj/Library/Application Support/Google" | |
# Loop through our users, looking for existing google folder, create it if it doesn't exist | |
for P in "${Users[@]}" | |
do | |
if [ ! -d "/Users/$P/Library/Application Support/Google/Chrome" ]; then | |
mkdir -p "/Users/$P/Library/Application Support/Google/Chrome" | |
cp -R $chrome_template "/Users/$P/Library/Application Support/Google/" | |
chown -R $P "/Users/$P/Library/Application Support/Google" | |
chmod -R 755 "/Users/$P/Library/Application Support/Google" | |
else | |
echo "User already has a Google Chrome folder, assuming they have already have a profile, no need to do anything" | |
fi | |
done | |
exit 0 |
Add the two scripts as preinstall
and postinstall
scripts to the package and build it.
Deploying it
Now we have an installer package and a config profile.
I import both these items into Munki and make them an update_for
Google Chrome which gets imported automatically by AutoPKG. Now when Munki installs Google Chrome it also installs the Config profile and our preferences package and the user gets a nice experience with no nagging screens.
Why not move a good amount of these into the profile? A lot of the settings can be added to the profile, which installed as a device profile can disable for all users.
LikeLike
Why not merge a bunch of the preferences into the profile? It’s supported that way (it’s how I’ve done it for a good amount of these settings). I’ll grab the link in the AM.
LikeLike
Sure, my limited testing didn’t seem to work when i tried to do some of these via mcx/profile. Perhaps I was “doing it wrong” quite possible. Id rather put more into a config profile if possible.
LikeLike
Sorry about the duel post, first timed out on me (crap wifi). As stated on slack I’ll grab more awareness in morning and flesh out my response better.
LikeLike
I have tried creating a Master Preferences file using Textwrangler following a basic template from Google’s administrators pages to import a set of bookmarks but I cannot get it to work. Chrome seems to completely ignore it no matter what I do. I’ve included the text below. Do you know what could be preventing this from working?
{
“distribution”: {
“import_bookmarks”: true,
“import_bookmarks_from_file”: “/Library/Google/bookmarks.html”
},
“bookmark_bar”: {
“show_on_all_tabs”: true
}
}
LikeLike
Sorry afraid not, I’ve always run into trouble trying to configure bookmarks for users. And when you have 3 browsers to support its often a lot easier to simply create .webloc files and make these available to the user then they can add them to their browser themselves.
LikeLike
How about setting Chrome as the default browser?
LikeLike
This whole caper did absolutely nothing…
LikeLike
Do you think, perhaps, that Google may have changed something since this was written? Bare in mind this post was written on January 7, 2016
In any case I have around 5,500 Mac’s using this method with the latest version of Chrome – so it seems to still work for me, but thanks for your useful comment…
LikeLike
Hi Team,
Good day!!!
I need help with settings common homepage on Goole Chrome (Version 60.0.3112.90 ) for all the users on Mac(10.11.6, El Capitan) in Active directory domain environment. We don’t have Casper or any other management tool. I tried the instructions mentioned above but didn’t works for Chrome.
Could you please assist the best way to set this up without casper?
Many thanks.
Faced
LikeLike
Success on a Mac Sept 29, 2017:
The “official” Google-given method to stop Google Update given is this, but it doesn’t always work.
In Terminal: defaults write com.google.Keystone.Agent checkInterval 0
The most foolproof method is to deny Chrome the permissions it needs to install the update software and run it. Empty these directories:
/Library/Google/GoogleSoftwareUpdate/
~/Library/Google/GoogleSoftwareUpdate/
Then change the permissions on both folders named GoogleSoftwareUpdate so that there’s no owner and no read/write/execute permissions.
In terminal:
cd /Library/Google/
sudo chown nobody:nogroup GoogleSoftwareUpdate
sudo chmod 000 GoogleSoftwareUpdate
cd ~/Library/Google/
sudo chown nobody:nogroup GoogleSoftwareUpdate
sudo chmod 000 GoogleSoftwareUpdate
If you want to be double-certain, then do the same for the folder Google one level up.
cd /Library/
sudo chown nobody:nogroup Google
sudo chmod 000 Google
cd ~/Library/
sudo chown nobody:nogroup Google
sudo chmod 000 Google
I did this immediately after installing the Chrome version I need for my machine, and it worked perfectly. Now when I check About Google Chrome it gives me the error “Update failed (error: 10)” It’s still trying to update, but it can’t do it any more.
LikeLike