Bulk Installation of VisualSP Browser Extension – Chrome/Edge

Bulk installation for Chrome on PC

1. Go to the server that manages the group policies and login.
2. Go to the link below and download Google ADM / ADMX templates: https://dl.google.com/dl/edgedl/chrome/policy/policy_templates.zip
3. Extract the files to C:\Google Group Policies Templates\
4. Open Group Policy Management.
   Note

   Always install with elevated privileges.

5. Right click on the GPO you want to configure and click Edit.
6. Go to Computer Configuration > Policies > Administrative Templates, and right click on Add/Remove Templates
7. Click Add and choose the file C:\Google Group Policies Templates\windows\adm\en-US\chrome.adm
8. Close the Add/Remove Templates popup.
9. Go to Classic Administrative Templates > Google > Google Chrome > Extensions, and, in the right panel, double click Configure the list of forced installed extensions.
10. From the radio button, select Enabled.
11. In the panel under Options, click Show.
12. To the list in a new row, enter the following line: mahfncngjcmmhemjlbdiogjnngdcajab; https://clients2.google.com/service/update2/crx

13. Click OK on both the open windows to close them
14. Open the run window on the clients' computers (Windows + R).
15. Run the command: gpupdate /force

Bulk installation for New Edge on PC

1. Download the Edge Administrative Templates from here: https://www.microsoft.com/en-us/edge/business/download  You will need to fill out the required fields and click the "GET POLICY FILES" button
2. Open Group Policy Management
3. Create a new GPO for the policy (or add to an existing policy)
4. Right-click your GPO, and select “Edit”
5. You will then see the “Group policy management Editor” window
6. Expand the Computer/User configuration tree on the left-hand side, depending on how you wish to configure your policy
7. Right-click on “Administrative templates” and select “Add/Remove Templates”
8. Click on "add"
9. Browse to the templates you downloaded in step 1 and open the “msedge.adm” template that is relevant to your operating system and Language.
10. Once uploaded, expand to the following path (may vary depending on your OS) on the left of the Group policy management editor: “Computer/User configuration > Policies > Administrative templates > Classic administrative templates > Microsoft Edge > Extensions > ”
11. On the right-hand side, select “Control which extensions are installed silently”
12. Right-click, and select “Edit”
13. Mark the “Enabled” button
14. Click the “Show…” button
15. Under the “Value” column, enter the following: fpgebigbgnplnghkglogdclngficjjij;https://edge.microsoft.com/extensionwebstorebase/v1/crx (Please make sure you have no blank spaces in the Value Box)

16. Click “OK”, followed by “Apply”
17. Back in the Group Policy Management window, assign this policy to users/computers as normal
18. Users affected by this GPO should now see the Edge extensions installed and enabled automatically (once the GPO has updated on their machine).
19. To enable Developer Mode in Windows 10, set the above policies to Enabled and then click Apply followed by OK.
20. Reboot your PC to save changes

Common Group Policy Problems and Troubleshooting

• Policies can be attached at different levels of the Active Directory structure, and there is a specific order in which these levels are processed. If there's a conflict on the same setting in multiple policies, the last one applied wins.
• Exceptions to the default order of precendence (such as like 'block', 'enforce', 'loopback') are possible. However, it is usually considered best practice to minimize the use of these. They change the way policies are collectively applied and make things more challenging to troubleshoot.
• Remember that new policies may take time to replicate to additional domain controllers and eventually reach the specified users. Servers in the same geographic site may sync as quickly as 15 minutes. However, the default interval for servers on different sites 3 hours.
• As documented above, we recommend applying these settings to the user rather than the computer for most scenarios. This usually leads to more consistent and predictable results. The 'loopback' option may be useful for situations where you want all users that logon to a specific computer.

If you are not seeing the results you expect, Microsoft offers several utilities for analyzing how multiple Group Policies are applying for a given scenario. This kind of analysis is typically referred to as 'RSoP' (Resultant Set of Policy), and it includes listing which policies are being applied, in which order, which settings each policy contains, and in the case of conflicts - which setting wins.

• Use Rsop.msc to gather computer policy - Windows Server | Microsoft Learn A point-and-click tool used to display RSoP information. (Not available on all computers)
• gpresult | Microsoft Learn A command-line tool for Windows that allows you to pull RSoP (Resultant Set of Policy) information for a specified user and / or computer.
• Get-GPResultantSetOfPolicy (GroupPolicy) | Microsoft Learn A PowerShell command that writes RSoP information for a specified user and / or computer to a file.

Installation using InTune

Microsoft InTune can be used to deploy our extension out to your users or devices. Here are the pertinent differences from the UI in Group Policy Management.

Create the Configuration Profile

1. Go to Devices > Policy > Configuration profiles page
2. Click Create profile
3. Select your Platform
4. Select your Profile type (Settings Catalog)
5. Click the Create button

6. Insert the profile name
7. Click Next

8. On the next screen, click Add settings
9. Search for extension
10. Select "Administrative Templates\Google\Google Chrome\Extensions" or "Microsoft Edge\Extensions"
11. Select "Configure the list of force-installed apps and extensions" for Chrome or "Control which extensions are installed silently" for Edge.

When ticking the box for the appropriate extension, the screen will change to show additional configuration options:

12. Enable the option to Control which extensions are installed silently (Edge) or Configure the list of Force-installed apps and extensions (Chrome)
13. Add the appropriate app ID (found earlier in this article). Make sure there is no leading space in the ID
14.  Click Next until you finally click Create

Confirm the configuration profile has been created: Assign the appropriate groups to the profile. Once configured, the groups will get the extension on the next sync, which is usually around 2 hours. Click next.

Common InTune Problems and Troubleshooting

InTune is the most modern device configuration tool within the Microsoft ecosystem, and many organizations consider it to be the best method for configuring devices - especially when the intended audience includes remote workers. Since the complexity of customer environments differ, it is important to understand what factors could cause inconsistencies across users. Here are a number of these factors to investigate if some of your users are not receiving the installation.

• Device Not Enrolled: The device must be properly enrolled in Intune. If it’s not, it won’t receive any policies.
• Policy Conflicts: If there are conflicting policies with different settings, Intune may not be able to apply them.
• Platform Incompatibility: Some policies are platform-specific. For example, an iOS policy won’t apply to an Android device.
• Network Issues: The device needs a stable network connection to communicate with Intune servers. Without it, policies can’t be applied.
• License Issues: The user or device must have the appropriate Intune license assigned.
• Compliance Issues: If the device is not compliant with existing policies, new policies may not be applied.
• Pending Policies: Sometimes policies are in a pending state and haven’t been processed yet.
• Device Sync Issues: The device might not have synced with Intune recently. Regular syncs are necessary for policy updates.
• Policy Assignment: Ensure that the policy is correctly assigned to the user or device group.
• Policy Removal: Sometimes, policies might be removed or not applied due to errors in the policy removal process.

The following Microsoft article is very helpful when trying to identify which problem(s) might be affecting any given user or device.

https://learn.microsoft.com/en-us/troubleshoot/mem/intune/device-configuration/troubleshoot-policies-in-microsoft-intune

Addressing compatibility or performance problems in specific applications

If you discover that one of your organization's web applications has a compatibility or performance problem with our browser extension, the best way to address this is not to completely uninstall the browser extension. The same Group Policy or InTune policy you use to deploy the extension can also block the extension from being loaded for the specific domain name causing the conflict. Please use the Using Group Policy to block a domain from our browser extension knowledge article.