Chrome ExtensionInstallBlocklist Group Policy Audit
Operating System SecurityList Devices With the “ExtensionInstallBlocklist” Group Policy Enabled
With Chrome being the most popular browser by far, it is important that you manage the browser well, after all it is one of the last lines of defense to protect users from clicking malicious links or downloading the wrong file. One of those ways that users can easily make a mistake, is by installing one of Chrome’s extensions. It is not uncommon that malicious extensions are approved in Chrome’s web store, or that existing extensions get modified by a malicious actor. In these cases extensions could steal browser history data, steal form inputs or redirect users to malicious sites. All reasons to ensure you manage which extensions a user is allowed to use.
Using this block list group policy is just one of the possible measures, to explore all of them you can find more info in the Pro Tips blog post.
Google Chrome ExtensionInstallBlocklist GP Query
Select Top 1000000 tblAssets.AssetID,
tblAssets.AssetName,
tblAssets.Domain,
tblAssets.Username,
tblAssets.Userdomain,
Coalesce(tsysOS.Image, tsysAssetTypes.AssetTypeIcon10) As icon,
tblAssets.IPAddress,
tsysIPLocations.IPLocation,
tblAssetCustom.Manufacturer,
tblAssetCustom.Model,
tsysOS.OSname As OS,
tblAssets.Version,
tblAssets.SP,
Case
When TsysLastscan.Lasttime < GetDate() - 1 Then
'Last registry scan more than 24 hours ago! Information may not be up-to-date. Try rescanning this machine.'
End As Comment,
Case
When SubQuery1.Valuename Is Not Null And SubQuery1.Valuename <> ''
Then 'Yes'
Else 'No'
End As ValuenameFound,
SubQuery1.Value,
Case
When tblErrors.ErrorText Is Not Null Or
tblErrors.ErrorText != '' Then
'Scanning Error: ' + tsysasseterrortypes.ErrorMsg
Else ''
End As ScanningErrors,
TsysLastscan.Lasttime As LastRegistryScan,
SubQuery1.Lastchanged,
tblAssets.Firstseen,
tblAssets.Lastseen,
tblAssets.Lasttried
From tblAssets
Inner Join tblAssetCustom On tblAssets.AssetID = tblAssetCustom.AssetID
Inner Join tsysAssetTypes On tsysAssetTypes.AssetType = tblAssets.Assettype
Inner Join tsysIPLocations On tsysIPLocations.LocationID =
tblAssets.LocationID
Inner Join tblState On tblState.State = tblAssetCustom.State
Left Join tsysOS On tsysOS.OScode = tblAssets.OScode
Left Join (Select Distinct Top 1000000 tblErrors.AssetID As ID,
Max(tblErrors.Teller) As ErrorID
From tblErrors
Group By tblErrors.AssetID) As ScanningError On tblAssets.AssetID =
ScanningError.ID
Left Join tblErrors On ScanningError.ErrorID = tblErrors.Teller
Left Join tsysasseterrortypes On tsysasseterrortypes.Errortype =
tblErrors.ErrorType
Inner Join TsysLastscan On tblAssets.AssetID = TsysLastscan.AssetID
Inner Join TsysWaittime On TsysWaittime.CFGCode = TsysLastscan.CFGcode
Left Join (Select Top 1000000 tblRegistry.AssetID,
tblRegistry.Regkey,
tblRegistry.Valuename,
tblRegistry.Value,
tblRegistry.Lastchanged
From tblRegistry
Where
tblRegistry.Regkey Like
'%Software\Policies\Google\Chrome\ExtensionInstallBlocklist' And
(tblRegistry.Valuename = '1' Or tblRegistry.Valuename = '2' Or
tblRegistry.Valuename = '3' Or tblRegistry.Valuename = '4' Or
tblRegistry.Valuename = '5')) SubQuery1 On SubQuery1.AssetID =
tblAssets.AssetID
Where tblAssetCustom.State = 1 And TsysWaittime.CFGname = 'registry'
Order By tblAssets.Domain,
tblAssets.AssetName,
SubQuery1.value