Google Chrome
662 Group Policy settings under Google Chrome. Browse the sub-folders and settings below.
Sub-folders
- Accessibility settings (2)
- Allow or deny screen capture (5)
- Certificate management settings (6)
- Content settings (71)
- Cryptography compliance policies (2)
- Default search provider (12)
- Deprecated policies (36)
- Extensions (11)
- Generative AI (13)
- Google Cast (6)
- HTTP authentication (8)
- Idle Browser Actions (2)
- Legacy Browser Support (13)
- Local Network Access settings (9)
- Native Messaging (3)
- Network settings (5)
- Password manager (8)
- Printing (16)
- Remote access (15)
- Removed policies (152)
- Safe Browsing settings (10)
- Sign-in settings (2)
- Startup, Home page and New Tab page (6)
- WebRtc settings (4)
Settings
- Abusive Experience Intervention Enforce
- Ads setting for sites with intrusive ads
- Allow access to a list of URLs
- Allow access to a list of URLs in Incognito mode.
- Allow automatic sign-in to Microsoft® cloud identity providers
- Allow Chrome for Testing
- Allow Chrome to block navigations toward external protocols in sandboxed iframes
- Allow collection of WebRTC event logs from Google services
- Allow default search provider context menu search access
- Allow Dinosaur Easter Egg Game
- Allow DNS queries for additional DNS record types
- Allow download restrictions
- Allow file or directory picker APIs to be called without prior user gesture
- Allow fullscreen mode
- Allow HTTPS-Only Mode to be enabled
- Allow invocation of file selection dialogs
- Allow media autoplay
- Allow media autoplay on a allowlist of URL patterns
- Allow merging dictionary policies from different sources
- Allow merging list policies from different sources
- Allow or deny audio capture
- Allow or deny video capture
- Allow pages to use the built-in AI APIs.
- Allow pages with Cache-Control: no-store header to enter back/forward cache
- Allow proceeding from the SSL warning page
- Allow proceeding from the SSL warning page on specific origins
- Allow queries to a Google time service
- Allow QUIC protocol
- Allow remote debugging
- Allow reporting of domain reliability related data
- Allow screen capture without prior user gesture
- Allow ServiceWorker to control srcdoc iframes
- Allow ServiceWorker to dispatch navigation requests without waiting for its startup
- Allow showing the most recent default search engine results page in a Browser side panel
- Allow software WebGL fallback using SwiftShader
- Allow SpeculationRules prefetch to ServiceWorker-controlled URLs
- Allow the audio process to run with priority above normal on Windows
- Allow the audio sandbox to run
- Allow the shopping list feature to be enabled
- Allow Translator API
- Allow user cloud policies to override Chrome Browser Cloud Management policies.
- Allow user feedback
- Allow users to customize the background on the New Tab page
- Allow Web Authentication requests on sites with broken TLS certificates.
- Allow WebRTC text logs collection from Google Services
- Allow websites to query for available payment methods.
- Allowed Origins for Proxied WebAuthn Requests from Remote Desktop Applications.
- Allows origin-keyed agent clustering by default.
- Allows web pages to use identifiers for the purpose of protected content playback
- Always Open PDF files externally
- Application locale
- Ask where to save each file before downloading
- Block access to a list of URLs
- Block access to a list of URLs in Incognito mode.
- Block Browser Legacy Extension Points
- Block third party cookies
- Browser experiments icon in toolbar
- Browser sign in settings
- Browsing Data Lifetime Settings
- Change Memory Saver Mode Savings
- Clear Browsing Data on Exit
- Configure list of force-installed Web Apps
- Configure the color of the browser's theme
- Configure the content and order of preferred languages
- Continue running background apps when Google Chrome is closed
- Control Accept-Language Reduction
- Control SafeSites adult content filtering.
- Control the availability of the XSLT feature
- Control the IntensiveWakeUpThrottling feature.
- Control the visibility of the extension attribution on the New Tab page
- Control the visibility of the management notice on the New Tab Page for managed browsers
- Control use of the Headless Mode
- Control where Developer Tools can be used
- Control whether storage quota APIs will return static values
- Controls the mode of DNS-over-HTTPS
- Controls visibility of enterprise profile badge in the toolbar
- Controls whether unload event handlers can be disabled.
- Controls which managed users can set the ProxyOverrideRules policy.
- CORS non-wildcard request headers support
- Define a list of protocols that can launch an external application from listed origins without prompting the user
- Define domains allowed to access Google Workspace
- Determine the availability of variations
- Disable Certificate Transparency enforcement for a list of subjectPublicKeyInfo hashes
- Disable Certificate Transparency enforcement for a list of URLs
- Disable download file type extension-based warnings for specified file types on domains
- Disable saving browser history
- Disable support for 3D graphics APIs
- Disable synchronization of data with Google
- Disable taking screenshots
- DNS interception checks enabled
- Dynamic Code Settings
- Enable adaptive buffering for Web Audio
- Enable add person in user manager
- Enable additional protections for users enrolled in the Advanced Protection program
- Enable alternate error pages
- Enable Ambient Authentication for profile types.
- Enable Application Bound Encryption
- Enable AutoFill for addresses
- Enable AutoFill for credit cards
- Enable automatic HTTPS upgrades
- Enable Battery Saver Mode
- Enable Bookmark Bar
- Enable component updates in Google Chrome
- Enable deleting browser and download history
- Enable desktop sharing in the omnibox and 3-dot menu
- Enable ending processes in Task Manager
- Enable extended lifetime for SharedWorkers
- Enable Get Image Descriptions from Google.
- Enable globally scoped HTTP auth cache
- Enable Google Developer Program Profiles in Chrome DevTools
- Enable Google Search Side Panel
- Enable guest mode in browser
- Enable High Efficiency Mode
- Enable mandatory cloud management enrollment
- Enable Media Recommendations
- Enable network prediction
- Enable online OCSP/CRL checks
- Enable opaque origins for data URLs in Web Workers
- Enable or disable bookmark editing
- Enable or disable spell checking web service
- Enable PDF Annotations
- Enable QR Code Generator
- Enable Renderer App Container
- Enable reporting of usage and crash-related data
- Enable Safe Browsing for trusted sources
- Enable scrolling to text specified in URL fragments
- Enable search suggestions
- Enable security warnings for command-line flags
- Enable showing promotional content
- Enable Signed HTTP Exchange (SXG) support
- Enable signin interception
- Enable Silent Printing
- Enable Site Isolation for specified origins
- Enable spellcheck
- Enable Standardized Browser Zoom Behavior
- Enable strict MIME type checking for worker scripts
- Enable the Click to Call Feature
- Enable the creation of roaming copies for Google Chrome profile data
- Enable the network service sandbox
- Enable the Shared Clipboard Feature
- Enable TLS 1.3 Early Data
- Enable TLS Encrypted ClientHello
- Enable Translate
- Enable URL-keyed anonymized data collection
- Enable User Web App Install From Browser
- Enable Window Occlusion
- Enable WPAD optimization
- Enables experimental policies
- Enables managed extensions to use the Enterprise Hardware Platform API
- Enables merging of user cloud policies into machine-level policies
- Enables the concept of policy atomic groups
- Enforce browser guest mode
- Enterprise Logo URL for a managed browser
- Enterprise Logo URL for a managed profile
- Enterprise search aggregator settings
- Ephemeral profile
- Explicitly allowed network ports
- Fetch keepalive duration on Shutdown
- Force disable spellcheck languages
- Force enable spellcheck languages
- Force foreground priority for all tabs
- Force foreground priority for specific URLs
- Force Google SafeSearch
- Force minimum YouTube Restricted Mode
- Force Windows executable Native Messaging hosts to launch directly
- Google Chrome cloud policy overrides Platform policy.
- Hide the web store from the New Tab Page and app launcher
- HTTP Allowlist
- Import autofill form data from default browser on first run
- Import bookmarks from default browser on first run
- Import browsing history from default browser on first run
- Import of homepage from default browser on first run
- Import saved passwords from default browser on first run
- Import search engines from default browser on first run
- Incognito mode availability
- Intranet Redirection Behavior
- Keep browsing data when creating enterprise profile by default
- Limits the number of user data snapshots retained for use in case of emergency rollback.
- List of file types that should be automatically opened on download
- List of names that will bypass the HSTS policy check
- List of types that should be excluded from synchronization
- List of URL patterns for which Chrome DevTools are allowed to be opened
- List of URL patterns for which Chrome DevTools are blocked
- Make SharedWorker blob URL behavior aligned with the specification
- Managed Bookmarks
- Maximal number of concurrent connections per proxy server for non-WebSocket requests
- Maximal number of concurrent connections per proxy server for WebSocket requests
- Maximum fetch delay after a policy invalidation
- Notify a user that a browser relaunch or device restart is recommended or required
- Origins or hostname patterns for which restrictions on insecure origins should not apply
- Override for the CPU performance tier
- Profile picker availability on startup
- Prompt users to re-authenticate to the profile
- Prompt when multiple certificates match
- Proxy settings
- Refresh rate for user policy
- Relaunch fast if outdated
- Require online OCSP/CRL checks for local trust anchors
- Require Site Isolation for every site
- Restrict Background Fetch API when called from a Service Worker
- Restrict CPU core sharing for renderer process
- Restrict eligible Google accounts for saving PDF files to Google Drive from the Google Chrome PDF Viewer
- Restrict the range of local UDP ports used by WebRTC
- Restrict which Google accounts are allowed to be set as browser primary accounts in Google Chrome
- Set a custom enterprise label for a managed browser
- Set a custom enterprise label for a managed profile
- Set disk cache directory
- Set disk cache size in bytes
- Set download directory
- Set Google Chrome as Default Browser
- Set limit on megabytes of memory a single Chrome instance can use.
- Set the roaming profile directory
- Set the time interval for relaunch
- Set the time period for update notifications
- Set user data directory
- Sets managed configuration values to websites to specific origins
- Setting shortcuts on the New Tab Page
- Show a view of Chrome history with groups of pages
- Show an "Always open" checkbox in external protocol dialog.
- Show cards on the New Tab Page
- Show Full URLs
- Show Outlook Calendar card on the New Tab Page
- Show SharePoint and OneDrive File Card on the New Tab Page
- Show the apps shortcut in the bookmark bar
- Show the middle slot announcement on the New Tab Page
- Site search settings
- Specifies whether in-product Google Chrome surveys are shown to users.
- Specifies whether SharedArrayBuffers can be used in a non cross-origin-isolated context
- Specify URI template of desired DNS-over-HTTPS resolver
- Suppress JavaScript Dialogs triggered from different origin subframes
- Suppress lookalike domain warnings on domains
- Suppress the unsupported OS warning
- The enrollment token of cloud policy
- This policy allows administrators to encrypt http cache on disk.
- URL pattern Exceptions to tab discarding
- URLs for which local IPs are exposed in WebRTC ICE candidates
- URLs that will be granted access to audio capture devices without prompt
- URLs that will be granted access to video capture devices without prompt
- URLs where AutoOpenFileTypes can apply
- URLs/domains automatically permitted direct Security Key attestation
- Use built-in DNS client
- Use graphics acceleration when available
- Use out-of-process iframe PDF Viewer
- Use Skia renderer for PDF rendering
- Web App management settings