This week is all about simply automatically installing the Windows 10 Accounts extension for Google Chrome. About a year ago I showed that the extension is required when using conditional access and I also showed earlier that it’s possible to use ADMX ingestion to configure Google Chrome. However, the latter is always the easiest method. It actually might be a bit complicated for a simple configuration. That’s why I’m going a different road this time. This time I’m going for a small PowerShell script that will create a registry key and value. In this post I’ll show how to create the PowerShell script, how to assign it by using Microsoft Intune and the end result in Google Chrome.
Create PowerShell script
As I’ve decided to use a PowerShell script to install the Windows 10 Accounts extension for Google Chrome, together with Google Chrome, this section will explain the variables and actions used in the script. For installing Google Chrome, I’ll reuse a PowerShell script that I explained in this post about Combining the powers of the Intune Management Extension and Chocolatey.
Script variables
The PowerShell script contains a few variables that are used to make sure that the Windows 10 Accounts extension will be installed. Those variables together are actually a registry key and value. That means that the variables block on top of the script (see script snippet section) at least contains the values as shown below. The registry key and value will trigger the installation of the Windows 10 Accounts extension and is the same registry key and value that would otherwise be created by the ADMX configuration.
| Path | HKLM\Software\Policies\Google\Chrome\ExtensionInstallForcelist |
| Name | 1 |
| Type | REG_SZ (String) |
| Data | ppnbnpeolgkicgegkbkbjmhlideopiji;https://clients2.google.com/service/update2/crx |
Script actions
The PowerShell script contains a few actions that it should perform to complete the required activities of installing Google Chrome and the required Windows 10 Accounts extension. It contains the following actions that can be found in the different try-catch blocks (see script snippet section).
- Install Chocolatey if it’s not installed;
- Install Google Chrome by using Chocolatey (it will automatically check if it’s already installed);
- Create the required registry path if it doesn’t exist;
- Create the required registry key if it doesn’t exist.
Script snippet
The PowerShell script is shown below and should pretty much explain itself.
[gist https://gist.github.com/pvanderwoude/ad6a8479907e08be22b5edf02f55e689 /]
Configure PowerShell script
The next step is to configure the PowerShell script in Microsoft Intune. To upload the script, follow the next five steps. After uploading the script, simply assign the script to the required users and/or devices.
| 1 | Open the Azure portal and navigate to Intune > Device configuration > PowerShell scripts; |
| 2 | On the Device configuration – PowerShell scripts blade, click Add script to open the Script Settings blade; |
| 3 |  On the Add PowerShell script blade, provide the following information and click Settings to open the Script Settings blade;
Note: The script must be less than 10 KB (ASCII) or 5 KB (Unicode). |
| 4 |  On the Script Settings blade, provide the following configuration and click OK to return to the PowerShell script blade;
Note: Configure Run the script using the logged on credentials to No means that the PowerShell script will run in SYSTEM context; |
| 5 | Back on the Add PowerShell script blade, click Create. |
End result
Now let’s end this post by looking at the end result. I’ll do that by showing a screenshot of Google Chrome. Below is a screenshot of Google Chrome showing the policy page, which shows the configured policy, and it also shows the installed Windows 10 Accounts extension (blue Windows icon on the top right).
More information
Fore more information related to conditional access and the requirements for Google Chrome, please refer to this article about Conditional Access Technical Reference | Client apps condition.
Discover more from All about Microsoft Intune
Subscribe to get the latest posts sent to your email.
This great Peter! If I need to add a second Chrome Extension, would I just add another entry for KeyName, KeyType and KeyValue?
Hi WEnglish,
Yes, you should be able two add a second entry with the number 2 as Name.
Regards, Peter
This works amazingly.
Question: How would I acquire chrome extension URL’s?
I’m guessing this is the Windows 10 extension?
ppnbnpeolgkicgegkbkbjmhlideopiji;https://clients2.google.com/service/update2/crx
Hi Dylan,
You should be able to extract that information from the Chrome webstore.
Regards, Peter
Hi Peter if the webstore does not have a url to extract do you just add the id only?
Hi Micheal,
Here you can find the options for this configuration option:https://www.chromium.org/administrators/policy-list-3#ExtensionInstallForcelist
Regards, Peter
Hey, I do I uninstall it? Once installed using your powershell, I cant remove it.
Hi Vick,
Did you remove the registry key again?
Regards, Peter
yea that one figured out. Is that the only way?
Hi Vick,
In this case that’s the only way, as that’s what the script does. The script creates a registry key that will force the installation of the extension.
Regards, Peter
Hi Peter,
This script is over 5 years old and still helping people like me.
Amazing work.
Thank you so very much!
Thank you, Tony!
Do keep in mind that it can even be achieved easier nowadays: https://petervanderwoude.nl/post/further-simplifying-management-of-the-google-chrome-browser-on-windows-devices/
Regards, Peter