Hi
I compiled a little script to be used via Commands which allows you to apply custom GPO-settings for Microsoft Edge via Commands (not via Custom Advanced Registry Keys).
Ingredients: What you will need
- a reference device -> which can be a VM
- Microsoft's Policy Templates ("Get policy files")
- Public blob storage (i.e. an S3 Bucket) or similar to host the ADMX & ADML file
(the ADML exceeds 1MB and can't be added to a Command) - The actual script for the Command
HowTo: Set it up for your own environment
I imported the Policy-Templates into my reference machine and configured the settings I wanted to apply.
Before:
After:
Once the templates are available, you can do your configurations.
A super exhaustive list can be found here.
Please note that some settings are limited when the devices isn't domain-joined or MDM'd, i.e. the policy ExtensionInstallForceList:
"For Windows instances not joined to a Microsoft Active Directory domain, forced installation is limited to apps and extensions listed in the Microsoft Edge Add-ons website."
There are also some settings which are completely restricted and can't be applied via LocalGroupPolicy. (I haven't found a validated list yet, but a hint can be found here.)
I strongly recommend to validate your custom settings by browsing to edge://policy before proceeding.
Now you can start exporting your settings by either doing it via gpedit.msc or by using reg.exe on the Command line.
I used the manual way via UI as it's convenient and gives me the right hive in a single REG-file:
After testing the policies and validating that they're working as expected, you can assemble the Command on JumpCloud for a wider deployment. I'm attaching the REG-file to the Command, the Template-files (admx/adml will be invoked from an S3-Bucket:
The script for the Command:
### Policy Templates from: https://www.microsoft.com/en-us/edge/business/download?form=MA13FJ ###
$URLadmx = "https://custom-pkg.s3.ap-southeast-1.amazonaws.com/msedge.admx"
$URLadml = "https://custom-pkg.s3.ap-southeast-1.amazonaws.com/msedge.adml"
### Custom Policy Settings from reference device ###
$EdgePolicyFile = "C:\Windows\Temp\EdgePolicy.reg"
### Download the templates from a public S3-bucket ###
### Place them in the respective folders; reference: https://learn.microsoft.com/en-us/deployedge/configure-microsoft-edge#add-the-administrative-template-to-an-individual-computer ###
Invoke-WebRequest -Uri $URLadmx -OutFile "C:\Windows\PolicyDefinitions\msedge.admx"
Invoke-WebRequest -Uri $URLadml -OutFile "C:\Windows\PolicyDefinitions\en-US\msedge.adml"
### Import the Custom Edge Policy ###
Reg import $EdgePolicyFile
### Force update of Group Policies ###
gpupdate /force
### Remove the Custom Edge Policy file from the respective folder ###
Remove-Item $EdgePolicyFileNow the Command can be executed - as usual - manually, scheduled, repeating, triggered.
A little side note: If you feel like a "Advanced: Custom Registry Keys Policy" is more suitable and you need an easier-to-use export to transfer the custom settings, you can use LGPO.exe to export the settings to a text-file by using: LGPO.exe /parse /m C:\Windows\System32\GroupPolicy\Machine\Registry.pol>>EdgePolicy.txt
Cheers and Happy Thanksgiving
New to the site? Take a look at these additional resources:
Community created scripts:
Our new Radical Admin blog:
Keep up with Product News:
Ready to join us? You can register here.
