Managing Google Chrome on Mac OS X

I had a request to add the Google Chrome web browser to our builds. This brought about a little challenge in that Google Chrome does not fully utilise MCX / Config profiles to control all of its settings, so its not quite as easy to manage as Safari.

With Firefox, we use the CCK to generate autoconfig files. We then have AutoPKG automatically download the latest ESR and add the CCK autoconfig files to the app bundle before wrapping it up in a nice installer package that is then imported directly into Munki which makes my life very easy. Hat tip to Greg Neagle for his AutoPKG recipes.

I was hoping to find something to make my life easier with Google Chrome but alas my Google-Fu failed me.

Here is what I have come up with that gets the job done for my environment.

So the first thing was to work out what we actually wanted to manage or setup for the user.

Items to manage

  • Disable Google Auto Updates
  • Set default home page
  • Set the home page to open on launch, but not on new creation of new tabs or pages
  • Disable default browser check
  • Disable first run welcome screen
  • Skip import history/bookmarks ect ect
  • Disable saving of passwords

Config Profiles

So it turns out that one item is able to be managed via a config profile. Disabling of the Google Auto Update. This is disabled by simply setting the checkInterval to 0

This then causes the Google Keystone auto update mechanism to never check for updates.

To create a profile for this, I first created the plist with the setting i wanted with the following command

defaults write checkInterval 0

Then I used MCX to Profile to generate a config profile from this plist. I won’t go into the details on how to create a profile from a plist with MCX to Profile because Tim has already written good documentation on his site.

Check it out at

Chrome Master Preferences

To manage pretty much everything else we will have to create some text files.

Google uses a file called “Google Chrome Master Preferences” This file can contain some basic preference settings that will be applied. It should be stored in /Library/Google/Google Chrome Master Preferences

Below is the content of my Master Preferences file, its just plain JSON

"homepage" : "",
"homepage_is_newtabpage" : false,
"browser" : {
"show_home_button" : true,
"check_default_browser" : false
"distribution" : {
"show_welcome_page" : false,
"skip_first_run_ui" : true,
"import_history" : false,
"import_bookmarks" : false,
"import_home_page" : false,
"import_search_engine" : false,
"suppress_first_run_bubble": true,
"suppress_first_run_default_browser_prompt": true
"sync_promo" : {
"user_skipped" : true
"first_run_tabs" : [

Application Support

Chrome also requires some files to be placed in ~/Library/Application Support/Google/Chrome

These files set the rest of our preferences and also prevent the welcome screen/ first run screen from being shown at first launch

So first create a file called Preferences, this is in the same JSON format and looks similar to the Google Chrome Master Preferences file however some of the settings in this file can not be made in the Google Master Preferences file for some reason.

My file looks like this:

"apps": {
"shortcuts_version": 2
"autofill": {
"use_mac_address_book": false
"browser": {
"check_default_browser": false,
"last_known_google_url": "",
"last_prompted_google_url": "",
"show_home_button": true,
"show_update_promotion_info_bar": false,
"window_placement": {
"always_on_top": false,
"bottom": 683,
"left": 10,
"maximized": false,
"right": 1060,
"top": 22,
"work_area_bottom": 727,
"work_area_left": 0,
"work_area_right": 1280,
"work_area_top": 22
"countryid_at_install": 16725,
"default_apps_install_state": 3,
"distribution": {
"import_bookmarks": false,
"import_history": false,
"import_home_page": false,
"import_search_engine": false,
"show_welcome_page": false,
"skip_first_run_ui": true,
"suppress_first_run_bubble": true,
"suppress_first_run_default_browser_prompt": true
"first_run_tabs": [ "" ],
"homepage": "",
"homepage_is_newtabpage": false,
"hotword": {
"previous_language": "en-US"
"intl": {
"accept_languages": "en-US,en"
"invalidator": {
"client_id": "NPkJsIb50XkFfjJb1lH8SQ=="
"media": {
"device_id_salt": "qPIPmfV9u7CJGs6aXx9DxA=="
"pinned_tabs": [ ],
"plugins": {
"migrated_to_pepper_flash": true,
"plugins_list": [ ],
"removed_old_component_pepper_flash_settings": true
"profile": {
"avatar_index": 26,
"content_settings": {
"clear_on_exit_migrated": true,
"pattern_pairs": {
"pref_version": 1
"exit_type": "Normal",
"exited_cleanly": true,
"managed_user_id": "",
"name": "First user",
"password_manager_enabled": false,
"per_host_zoom_levels": {
"proxy": {
"bypass_list": "",
"mode": "system",
"server": ""
"session": {
"restore_on_startup": 4,
"restore_on_startup_migrated": true,
"startup_urls": [ "" ],
"startup_urls_migration_time": "13064995362418883"
"sync_promo": {
"user_skipped": true
"translate_blocked_languages": [ "en" ],
"translate_whitelists": {

view raw


hosted with ❤ by GitHub

Now create a folder called Default inside ~/Library/Application Support/Google/Chrome and place the Preferences file inside this Default folder.

That will set up the default preferences.

First Run

Now to disable the first run / welcome screen, we have to create an empty file called First Run inside the ~/Library/Application Support/Google/Chrome folder. This can easily be achieved by simply using the touch command ie.

touch "First Run"

Putting it all together

So now we have all the pieces we need, how do we deploy it to client machines?

Package it all up and craft some pre/post flight scripts.

Creating the package

First create a package that deploys our Google Chrome Master Preferences file into /Library/Google

We also need to store the other files that need to go into the users home folder. What I like to do is to store those items in the Scripts folder in /Library. Then I can copy them from there with a script later.

I like using Whitebox Packages to create my pkg’s

This is what my package looks like:

Screen Shot 2016-01-07 at 1.31.06 PM

Now we get to the scripting part.

Pre-install script

First we will start with a pre-install script that will remove any pre-existing content, so that if we need to update these preferences later we can be sure that our package will remove any items before installing the new items.

# Author: Calum Hunter
# Date: 06/01/2016
# Version: 0.2
# Pre-install for Chrome Preferences
# Remove the existing preferences in the
# System user template if they exist
# Also remove the Google Master Preferences
# If it exists so that we can install a clean copy
# Remove Existing Master Preferences File if it exists
if [ -r "/Library/Google/Google Chrome Master Preferences" ]; then
rm -rf "/Library/Google/Google Chrome Master Preferences"
# Remove Existing User Template Preferences
if [ -d "/System/Library/User Template/English.lproj/Library/Application Support/Google/Chrome" ]; then
rm -rf "/System/Library/User Template/English.lproj/Library/Application Support/Google/Chrome"
exit 0

view raw


hosted with ❤ by GitHub

Post-install script

Once our package has placed our google preference files onto the machine, we will now run our post install script which will then install these files into the System User Template, as well as go through any existing home folders on the machine and add them to their home directories.

This is basically what Casper users refer to as FUT (Fill User Template) and FEU (Fill Existing Users (Folders))

# Author: Calum Hunter
# Date: 06/01/2016
# Version: 0.2
# Post-install for Chrome Preferences
# Copy the Chrome template into the
# System User Template
# We should also check for existing users on the system
# that might have fallen through the gaps.
# If they do not already have a Google Chrome Profile/Template
# Then create one and copy our preferences in to it
# Where is our generic template
# Get a list of our users in /Users – ignore some folders that are not user accounts
Users=($(find /Users -maxdepth 1 | grep -v -e ".localized" -e "Shared" -e "Deleted Users" -e ".DS_Store" | tail +2 | awk -F "/" '{print $3}'))
# Test if we have the Google Chrome folder already, if not create it.
if [ ! -d "/System/Library/User Template/English.lproj/Library/Application Support/Google/Chrome" ]; then
mkdir -p "/System/Library/User Template/English.lproj/Library/Application Support/Google/Chrome"
# Copy our template into our User Template
cp -R /Library/Scripts/YOUR_ORG_NAME/Google/Chrome "/System/Library/User Template/English.lproj/Library/Application Support/Google/"
# Set the permissions appropriately
chown -R root:wheel "/System/Library/User Template/English.lproj/Library/Application Support/Google"
chmod 755 "/System/Library/User Template/English.lproj/Library/Application Support/Google"
# Loop through our users, looking for existing google folder, create it if it doesn't exist
for P in "${Users[@]}"
if [ ! -d "/Users/$P/Library/Application Support/Google/Chrome" ]; then
mkdir -p "/Users/$P/Library/Application Support/Google/Chrome"
cp -R $chrome_template "/Users/$P/Library/Application Support/Google/"
chown -R $P "/Users/$P/Library/Application Support/Google"
chmod -R 755 "/Users/$P/Library/Application Support/Google"
echo "User already has a Google Chrome folder, assuming they have already have a profile, no need to do anything"
exit 0

view raw


hosted with ❤ by GitHub

Add the two scripts as preinstall and postinstall scripts to the package and build it.

Screen Shot 2016-01-07 at 1.49.08 PM

Deploying it

Now we have an installer package and a config profile.

I import both these items into Munki and make them an update_for Google Chrome which gets imported automatically by AutoPKG. Now when Munki installs Google Chrome it also installs the Config profile and our preferences package and the user gets a nice experience with no nagging screens.





  1. Why not move a good amount of these into the profile? A lot of the settings can be added to the profile, which installed as a device profile can disable for all users.


  2. Why not merge a bunch of the preferences into the profile? It’s supported that way (it’s how I’ve done it for a good amount of these settings). I’ll grab the link in the AM.


    1. Sure, my limited testing didn’t seem to work when i tried to do some of these via mcx/profile. Perhaps I was “doing it wrong” quite possible. Id rather put more into a config profile if possible.


  3. Sorry about the duel post, first timed out on me (crap wifi). As stated on slack I’ll grab more awareness in morning and flesh out my response better.


  4. I have tried creating a Master Preferences file using Textwrangler following a basic template from Google’s administrators pages to import a set of bookmarks but I cannot get it to work. Chrome seems to completely ignore it no matter what I do. I’ve included the text below. Do you know what could be preventing this from working?

    “distribution”: {
    “import_bookmarks”: true,
    “import_bookmarks_from_file”: “/Library/Google/bookmarks.html”
    “bookmark_bar”: {
    “show_on_all_tabs”: true


    1. Sorry afraid not, I’ve always run into trouble trying to configure bookmarks for users. And when you have 3 browsers to support its often a lot easier to simply create .webloc files and make these available to the user then they can add them to their browser themselves.


    1. Do you think, perhaps, that Google may have changed something since this was written? Bare in mind this post was written on January 7, 2016

      In any case I have around 5,500 Mac’s using this method with the latest version of Chrome – so it seems to still work for me, but thanks for your useful comment…


  5. Hi Team,
    Good day!!!
    I need help with settings common homepage on Goole Chrome (Version 60.0.3112.90 ) for all the users on Mac(10.11.6, El Capitan) in Active directory domain environment. We don’t have Casper or any other management tool. I tried the instructions mentioned above but didn’t works for Chrome.
    Could you please assist the best way to set this up without casper?

    Many thanks.


  6. Success on a Mac Sept 29, 2017:

    The “official” Google-given method to stop Google Update given is this, but it doesn’t always work.
    In Terminal: defaults write checkInterval 0

    The most foolproof method is to deny Chrome the permissions it needs to install the update software and run it. Empty these directories:

    Then change the permissions on both folders named GoogleSoftwareUpdate so that there’s no owner and no read/write/execute permissions.

    In terminal:
    cd /Library/Google/
    sudo chown nobody:nogroup GoogleSoftwareUpdate
    sudo chmod 000 GoogleSoftwareUpdate
    cd ~/Library/Google/
    sudo chown nobody:nogroup GoogleSoftwareUpdate
    sudo chmod 000 GoogleSoftwareUpdate

    If you want to be double-certain, then do the same for the folder Google one level up.
    cd /Library/
    sudo chown nobody:nogroup Google
    sudo chmod 000 Google
    cd ~/Library/
    sudo chown nobody:nogroup Google
    sudo chmod 000 Google

    I did this immediately after installing the Chrome version I need for my machine, and it worked perfectly. Now when I check About Google Chrome it gives me the error “Update failed (error: 10)” It’s still trying to update, but it can’t do it any more.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s