Distribuera webbläsartillägg med hjälp av GPO, Linux-policyer och .plist-filer

När du använder Bitwarden i en affärsmiljö kan administratörer vilja automatisera distributionen av Bitwarden webbläsartillägg till användare med en plattform för hantering av slutpunkter eller grupppolicy. Den här artikeln kommer att täcka hur man använder GPO och andra mallar för att automatisera distributionen av Bitwarden-webbläsartillägg till användare med en plattform för hantering av slutpunkter.



Windows

Att distribuera Bitwarden-webbläsartillägg till webbläsare på Windows kräver i allmänhet att Windows Group Policy används för att rikta in sig på hanterade datorer med en ADMX-policymall. Proceduren är lite olika för varje webbläsare:

To deploy the browser extension on Windows and Google Chrome:

Download and unzip the Chrome Enterprise Bundle for Windows.
From the unzipped directory:
- Copy \Configuration\admx\chrome.admx to C:\Windows\PolicyDefinitions
- Copy \Configuration\admx\en-US\chrome.adml to C:\Windows\PolicyDefinitions\en-US
Open the Windows Group Policy Manager and create a new GPO for Bitwarden browser extension installation.
Right-click on the new GPO and select Edit..., and proceed to navigate to Computer Configuration → Policies → Administrative Templates → Google Chrome → Extensions.
In the right-hand settings area, select Configure the list of force-installed apps and extensions. In the dialog, toggle the Enabled option.

Select the Show... button and add the following:

Bash
nngceckbapebfimnlniiiahkandclblb;https://clients2.google.com/service/update2/crx

Click OK.

Still in ...Administrative Templates → Google Chrome, select Password manager from the file tree.
In the right-hand settings area, right-click Enable saving passwords to the password manager and select Edit. In the dialog, toggle the Disabled option and select OK.
Repeat Step 8 for the Enable Autofill for addresses and Enable Autofill for credit cards options, found in settings area for ...Administrative Templates → Google Chrome.
Apply the newly-configured GPO to your desired scope.

To deploy the browser extension on Windows and Firefox:

Download and unzip the Firefox ADMX Template file.
From the unzipped directory:
- Copy \policy_templates_<version>\windows\firefox.admx to C:\Windows\PolicyDefinitions
- Copy \policy_templates_<version>\windows\en-US\firefox.adml to C:\Windows\PolicyDefinitions\en-US
Open the Windows Group Policy Manager and create a new GPO for the Bitwarden browser extension installation.
Right-click on the new GPO and select Edit..., and proceed to navigate to Computer Configuration → Policies → Administrative Templates → Firefox → Extensions.
In the right-hand settings area, select Extensions to Install. In the dialog, toggle the Enabled option.

Select the Show... button and add the following:

Bash
https://addons.mozilla.org/firefox/downloads/latest/bitwarden-password-manager/latest.xpi

Click OK.

Back in the file tree select Firefox. In the right-hand settings area, Edit... and disable both the Offer to save logins and Offer to save logins (default) options.
Apply the newly-configured GPO to your desired scope.

To deploy the browser extension on Windows and Edge:

Download and unzip the Microsoft Edge Policy Files.
From the unzipped directory:
- Copy \windows\admx\msedge.admx to C:\Windows\PolicyDefinitions
- Copy \windows\admx\en-US\msedge.adml to C:\Windows\PolicyDefinitions\en-US
Open the Windows Group Policy Manager and create a new GPO for the Bitwarden browser extension installation.
Right-click on the new GPO and select Edit..., and proceed to navigate to Computer Configuration → Policies → Administrative Templates → Microsoft Edge → Extensions.
In the right-hand settings area, select Control which extensions are installed silently. In the dialog, toggle the Enabled option.

Select the Show... button and add the following:

Bash
jbkfoedolllekgbhcbcoahefnbanhhlh;https://edge.microsoft.com/extensionwebstorebase/v1/crx

Click OK.

Still in ..Administrative Templates → Microsoft Edge, select Password manager and protection from the file tree.
In the right-hand settings area, right-click Enable saving passwords to the password manager and select Edit. In the dialog, toggle the Disabled option and select OK.
Repeat Step 8 for the Enable Autofill for addresses and Enable Autofill for payment instruments options, found in settings area for ...Administrative Templates → Microsoft Edge.
Apply the newly-configured GPO to your desired scope.



Linux

Att distribuera Bitwarden-webbläsartillägg till webbläsare på Linux innebär i allmänhet att man använder en .json-fil för att ställa in konfigurationsegenskaper. Proceduren är lite olika för varje webbläsare:

To deploy the browser extension on Linux and Google Chrome:

Download the Google Chrome .deb or .rpm for Linux.
Download the Chrome Enterprise Bundle.
Unzip the Enterprise Bundle (GoogleChromeEnterpriseBundle64.zip or GoogleChromeEnterpriseBundle32.zip) and open the /Configuration folder.
Make a copy of the master_preferences.json (in Chrome 91+, initial_preferences.json) and rename it managed_preferences.json.
Add the following to managed_preferences.json:
```
Bash
{
  "policies:" {
  "ExtensionSettings": {
    "nngceckbapebfimnlniiiahkandclblb": {
      "installation_mode": "force_installed",
      "update_url":
         "https://clients2.google.com/service/update2/crx"
      }
    }
  }
}
```
In this JSON object, "nngceckbapebfimnlniiiahkandclblb" is the application identifier for the Bitwarden browser extension. Similarly, "https://clients2.google.com/service/update2/crx" signals Chrome to use the Chrome Web Store to retrieve the identified application.

note
You may also configure forced installations using the ExtensionInstallForcelist policy, however the ExtensionSettings method will supersede ExtensionInstallForceList.
(Recommended) To disable Chrome's built-in password manager, add the following to managed_preferences.json inside of "policies": { }:
```
Bash
{
  "PasswordManagerEnabled": false
}
```

Create the following directories if they do not already exist:

Bash
mkdir /etc/opt/chrome/policies
mkdir /etc/opt/chrome/policies/managed

Move managed_preferences.json into /etc/opt/chrome/policies/managed.
As you will need to deploy these files to users' machines, we recommend making sure only admins can write files in the /managed directory:
```
Bash
chmod -R 755 /etc/opt/chrome/policies
```
Using your preferred software distribution or MDM tool, deploy the following to users' machines:
- Google Chrome Browser
- /etc/opt/chrome/policies/managed/managed_preferences.json



tip

For more help, refer to Google's Chrome Browser Quick Start for Linux guide.

To deploy the browser extension on Linux and Firefox:

Download Firefox for Linux.
Create a distribution directory within the Firefox installation directory.
In the distrubition directory, create a file policies.json.
Add the following to policies.json:
```
Bash
{
"policies": {
 "ExtensionSettings": {
   "446900e4-71c2-419f-a6a7-df9c091e268b": {
     "installation_mode": "force_installed",
     "install_url": "https://addons.mozilla.org/firefox/downloads/latest/bitwarden-password-manager/latest.xpi"
      }
    }
  }
}
```
In this JSON object, "446900e4-71c2-419f-a6a7-df9c091e268b" is the extension ID for the Bitwarden browser extension. Similarly, "https://addons.mozilla.org/firefox/downloads/latest/bitwarden-password-manager/latest.xpi" signals Firefox to use the extension store to retrieve the extension.
(Recommended) To disable Firefox's built-in password manager, add the following to policies.json inside of "policies": { }:
```
Bash
{
 "PasswordManagerEnabled": false
}
```
Using your preferred software distribution or MDM tool, deploy the following to users' machines:
- Firefox Browser
- /distribution/policies.json



tip

For more help, refer to Firefox's policies.json Overview or Policies README on Github.



MacOS

Att distribuera Bitwarden-webbläsartillägg till webbläsare på macOS innebär vanligtvis att man använder en egenskapslista (.plist). Proceduren är lite olika för varje webbläsare:

To deploy the browser extension on macOS & Google Chrome:

Download the Google Chrome .dmg or .pkg for macOS.
Download the Chrome Enterprise Bundle.
Unzip the Enterprise Bundle (GoogleChromeEnterpriseBundle64.zip or GoogleChromeEnterpriseBundle32.zip).
Open the /Configuration/com.Google.Chrome.plist file with any text editor.
Add the following to the .plist file:
```
Bash
<key>ExtensionSettings</key>
<dict>
  <key>nngceckbapebfimnlniiiahkandclblb</key>
  <dict>
    <key>installation_mode</key>
    <string>force_installed</string>
    <key>update_url</key>
    <string>https://clients2.google.com/service/update2/crx</string>
  </dict>
 </dict>
```
In this codeblock, nngceckbapebfimnlniiiahkandclblb is the application identifier for the Bitwarden browser extension. Similarly, https://clients2.google.com/service/update2/crx signals Chrome to use the Chrome Web Store to retrieve the identified application.

note
You may also configure forced installations using the ExtensionInstallForcelist policy, however the ExtensionSettings method will supersede ExtensionInstallForceList.
(Recommended) To disable Chrome's built-in password manager, add the following to com.Google.Chrome.plist:
```
Bash
<key>PasswordManagerEnabled</key>
<false />
```
Convert the com.Google.Chrome.plist file to a configuration profile using a conversion tool like mcxToProfile.
Deploy the Chrome .dmg or .pkg and the configuration profile using your software distribution or MDM tool to all managed computers.



tip

For more help, refer to Google's Chrome Browser Quick Start for Mac guide.

To deploy the browser extension on MacOS and Firefox:

Download and install Firefox for Enterprise for macOS.
Create a distribution directory in Firefox.app/Contents/Resources/.
In the created /distribution directory, create a new file org.mozilla.firefox.plist.

tip
Use the Firefox .plist template and Policy README for reference.

Add the following to org.mozilla.firefox.plist:

Bash
<key>ExtensionSettings</key>
<dict>
   <key>446900e4-71c2-419f-a6a7-df9c091e268b</key>
   <dict>
     <key>installation_mode</key>
     <string>force_installed</string>
     <key>update_url</key>
     <string>https://addons.mozilla.org/firefox/downloads/latest/bitwarden-password-manager/latest.xpi</string>
   </dict>
 </dict>

In this codeblock, 446900e4-71c2-419f-a6a7-df9c091e268b is the extension ID for the Bitwarden browser extension. Similarly, https://addons.mozilla.org/firefox/downloads/latest/bitwarden-password-manager/latest.xpi signals Firefox to use the extension store to retrieve the application.

(Recommended) To disable Firefox's built-in password manager, add the following to org.mozilla.firefox.plist:
```
Bash
<dict>
  <key>PasswordManagerEnabled</key>
  <false/>
</dict>
```
Convert the org.mozilla.firefox.plist file to a configuration profile using a conversion tool like mcxToProfile.
Deploy the Firefox .dmg and the configuration profile using your software distribution or MDM tool to all managed computers.

To deploy the browser extension on macOS and Microsoft Edge:

Download the Microsoft Edge for macOS .pkg file.

In Terminal, use the following command to create a .plist file for Microsoft Edge:

Bash
/usr/bin/defaults write ~/Desktop/com.microsoft.Edge.plist RestoreOnStartup -int 1

Use the following command to convert the .plist from binary to plain text:

Bash
/usr/bin/plutil -convert xml1 ~/Desktop/com.microsoft.Edge.plist

Open com.microsoft.Edge.plist and add the following:
```
Bash
<key>ExtensionSettings</key>
<dict>
  <key>jbkfoedolllekgbhcbcoahefnbanhhlh</key>
  <dict>
    <key>installation_mode</key>
    <string>force_installed</string>
    <key>update_url</key>
    <string>https://edge.microsoft.com/extensionwebstorebase/v1/crx</string>
  </dict>
</dict>
```
In this codeblock, jbkfoedolllekgbhcbcoahefnbanhhlh is the application identifier for the Bitwarden browser extension. Similarly, https://edge.microsoft.com/extensionwebstorebase/v1/crx signals Edge to use the Edge Add-On Store to retrieve the identified application.

note
You may also configure forced installations using the ExtensionInstallForceList, however the ExtensionSettings method will supersede ExtensionInstallForceList.
(Recommended) To disable Edge's built-in password manager, add the following to com.microsoft.Edge.plist:
```
Bash
<key>PasswordManagerEnabled</key>
<false/>
```
Convert the com.microsoft.Edge.plist file to a configuration profile using a conversion tool like mcxToProfile.
Deploy the Edge .pkg and the configuration profile using your software distribution or MDM tool to all managed computers.



tip

For Jamf-specific help, refer to Microsoft's documentation on Configuring Microsoft Edge policy settings on macOS with Jamf.

Distribuera webbläsartillägg med hjälp av GPO, Linux-policyer och .plist-filer

Windows

Linux

note

tip

tip

MacOS

note

tip

tip

note

tip

Suggest changes to this page

Molnstatus