Manage New Microsoft Edge Chromium with Group Policy

Microsoft Edge Chromium is gaining steam as a viable browser that is ready for the enterprise environment. Microsoft is officially saying that Edge Chromium is the way forward with IE settings and defaults being migrated over to Edge Chromium. Recently, in working with a terminal server for a legacy application that required certain browser settings, I worked to control settings of Edge Chromium and wanted to share a few tidbits of the experience. Let’s take a look at how to manage the new Microsoft Edge Chromium with Group Policy.

Download Microsoft Chromium Edge Enterprise

If you are working with Microsoft Edge Chromium and want to download the Enterprise offering that can be managed with Group Policy, you can download both here:

After downloading the new Microsoft Edge, download the correlating Group Policy template for Edge as well. As a note on the download page, support ends for legacy Edge on March 9, 2021.

Manage New Microsoft Edge Chromium with Group Policy

As you can see below, on a Windows Server 2019 server, I have installed the new Microsoft Edge Chromium and have downloaded the MicrosoftEdgePolicyTemplate.cab file.

New microsoft edge and group policy template downloaded
New microsoft edge and group policy template downloaded

In this walkthrough, I will be extracting the Group Policy template files locally and controlling them locally as opposed to Domain-wide group policy. There are a couple of extraction steps to carry out once the .cab file is downloaded. Extract the .zip file from the cab file.

Extract the policy templates zip file from the cab file
Extract the policy templates zip file from the cab file

Next, you will need to extract the contents of the .zip file.

Extract the second resulting package
Extract the second resulting package

Once you have the .zip file extracted, copy the msedge.admx file from the MicrosoftEdgePolicyTemplates > windows > admx folder.

Copy the msedge.admx file from the microsoft edge policy template files
Copy the msedge.admx file from the microsoft edge policy template files

Paste this file in the c:\windows\policydefinitions folder.

The msedge.admx file copied to the local policydefinitions folder
The msedge.admx file copied to the local policydefinitions folder

Next, copy the msedge.adml and msedgeupdate.adml files from the windows > admx > en-US folder.

Copying the msedge.adml and msedgeupdate.adml files from the downloaded policy template
Copying the msedge.adml and msedgeupdate.adml files from the downloaded policy template

Paste the msedge.adml and msedgeupdate.adml files into the c:\windows\policydefinitions\en-US folder.

Pasting the msedge.adml and msedgeupdate.adml files to the locale under the local policy definitions folder
Pasting the msedge.adml and msedgeupdate.adml files to the locale under the local policy definitions folder

After copying and pasting the files around, you should be able to open your local Group Policy editor and see the new Microsoft Edge Group Policy settings.

Microsoft Edge supports what Microsoft refers to as both mandatory and recommended policies. Mandatory policies override user preferences , while recommended policy settings provide default setting that may be overridden by the user. Most policies are mandatory only. There is a small subset that are mandatory and recommended. If both settings of a policy are set, the mandatory setting takes precedence.

New microsoft edge group policy settings available after importing the edge policy template
New microsoft edge group policy settings available after importing the edge policy template

Basic Microsoft Edge Chromium Group Policy settings

Let’s take a look at basic Group Policy settings that provide basic settings and functionality for controlling the new Edge. Below, are a few of the policy settings that help to squash some of the “first run” and synchronize type dialog boxes you see when launching the new Microsoft Edge Chromium on the first launch.

Most of the settings to note are in the root Microsoft Edge folder in Group Policy. The first setting is the Hide the first run experience and splash screen.

Hiding the first run experience and splash screen in the new edge
Hiding the first run experience and splash screen in the new edge

The Configure Internet Explorer integration is a way to use what is called IE Mode in Microsoft Edge. What is IE Mode? In the About IE Mode document found here, Microsoft describes it this way.

E mode on Microsoft Edge makes it easy to use all of the sites your organization needs in a single browser. It uses the integrated Chromium engine for modern sites, and it uses the Trident MSHTML engine from Internet Explorer 11 (IE11) for legacy sites.

Configure internet explorer integration in the new microsoft edge chromium
Configure internet explorer integration in the new microsoft edge chromium

Another “first run” type message you get is if you want to synchronize your settings and services. You can turn this off with the below policy setting:

  • Disable synchronization of data using Microsoft sync services
Disable the synchronization of services using microsoft sync services in edge
Disable the synchronization of services using microsoft sync services in edge

You can control other behaviors such as the pop-up blocker using the settings under Content Settings. You see the settings such as:

  • Allow pop-up windows on specific sites
Controlling the new microsoft edge chromium popup blocker
Controlling the new microsoft edge chromium popup blocker

Other settings to note affecting the startup, home page and other settings are found in the Startup home page and new tab page settings.

Startup homepage and new tab settings in edge
Startup homepage and new tab settings in edge

Adding New Microsoft Edge Chromium Group Policy Template to Active Directory domain

Another approach to adding the new Microsoft Edge Chromium Group Policy template files is to add these at the domain level. The steps to do that are very similar to the ones shown above on an individual host, except the files are copied to a domain controller as follows:

  1. On a domain controller or workstation with RSAT, browse to the PolicyDefinition folder. This is known as the “Central Store” on any domain controller for your domain. For older versions of Windows Server, you may need to create the PolicyDefinition folder.
  2. Open MicrosoftEdgePolicyTemplates that you downloaded and go to windows > admx.
  3. Copy the msedge.admx file to the PolicyDefinition folder.
  4. In the admx folder, open the appropriate language folder. For example, if you’re in the U.S., open the en-US folder.
  5. Copy the msedge.adml file to the matching language folder in the PolicyDefinition folder. Create the folder if it does not already exist.
  6. With multiple domain controllers, the new ADMX files are replicated to using Active Directory replication.
  7. To confirm the files loaded correctly, open the Group Policy Management Editor from Windows Administrative Tools and expand Computer Configuration > Policies > Administrative Templates > Microsoft Edge. You will see the new Microsoft Edge node entries appear.

Wrapping Up

The Group Policy Template download for Microsoft Edge makes it easy to Manage New Microsoft Edge Chromium with Group Policy. This allows importing the readily available template files and configuring settings to control the behavior of the new Microsoft Edge Chromium.

This can be done at the Active Directory domain level as well as on an individual Windows host. Depending on

Post a Comment

0 Comments