cancel
Showing results forย 
Search instead forย 
Did you mean:ย 

Import Group Policy Templates and Manage Microsoft Edge Policies via Commands

JuergenKlaassen
Rising Star III
Rising Star III

Hi

I compiled a little script to be used via Commands which allows you to apply custom GPO-settings for Microsoft Edge via Commands (not via Custom Advanced Registry Keys).

Ingredients: What you will need

  1. a reference device -> which can be a VM
  2. Microsoft's Policy Templates ("Get policy files")
  3. Public blob storage (i.e. an S3 Bucket) or similar to host the ADMX & ADML file
    (the ADML exceeds 1MB and can't be added to a Command)
  4. The actual script for the Command

HowTo: Set it up for your own environment

I imported the Policy-Templates into my reference machine and configured the settings I wanted to apply.

Before:

Screenshot 2022-11-24 at 13.58.53.png

After:

Screenshot 2022-11-24 at 14.01.11.png

Once the templates are available, you can do your configurations.
A super exhaustive list can be found here.
Please note that some settings are limited when the devices isn't domain-joined or MDM'd, i.e. the policy ExtensionInstallForceList:
"For Windows instances not joined to a Microsoft Active Directory domain, forced installation is limited to apps and extensions listed in the Microsoft Edge Add-ons website."

There are also some settings which are completely restricted and can't be applied via LocalGroupPolicy. (I haven't found a validated list yet, but a hint can be found here.)

I strongly recommend to validate your custom settings by browsing to edge://policy before proceeding.

Screenshot 2022-11-24 at 16.24.44.png

Now you can start exporting your settings by either doing it via gpedit.msc or by using reg.exe on the Command line.
I used the manual way via UI as it's convenient and gives me the right hive in a single REG-file:

Screenshot 2022-11-24 at 14.30.54.png

After testing the policies and validating that they're working as expected, you can assemble the Command on JumpCloud for a wider deployment. I'm attaching the REG-file to the Command, the Template-files (admx/adml will be invoked from an S3-Bucket:
Screenshot 2022-11-24 at 16.35.06.pngScreenshot 2022-11-24 at 16.35.20.png
The script for the Command:

### Policy Templates from: https://www.microsoft.com/en-us/edge/business/download?form=MA13FJ ###
$URLadmx = "https://custom-pkg.s3.ap-southeast-1.amazonaws.com/msedge.admx"
$URLadml = "https://custom-pkg.s3.ap-southeast-1.amazonaws.com/msedge.adml" 

### Custom Policy Settings from reference device ###
$EdgePolicyFile = "C:\Windows\Temp\EdgePolicy.reg"

### Download the templates from a public S3-bucket ###
### Place them in the respective folders; reference: https://learn.microsoft.com/en-us/deployedge/configure-microsoft-edge#add-the-administrative-template-to-an-individual-computer ###
Invoke-WebRequest -Uri $URLadmx -OutFile "C:\Windows\PolicyDefinitions\msedge.admx" 
Invoke-WebRequest -Uri $URLadml -OutFile "C:\Windows\PolicyDefinitions\en-US\msedge.adml"

### Import the Custom Edge Policy ###
Reg import $EdgePolicyFile

### Force update of Group Policies ###
gpupdate /force 

### Remove the Custom Edge Policy file from the respective folder ###
Remove-Item $EdgePolicyFile

Now the Command can be executed - as usual - manually, scheduled, repeating, triggered.

A little side note: If you feel like a "Advanced: Custom Registry Keys Policy" is more suitable and you need an easier-to-use export to transfer the custom settings, you can use LGPO.exe to export the settings to a text-file by using: LGPO.exe /parse /m C:\Windows\System32\GroupPolicy\Machine\Registry.pol>>EdgePolicy.txt
Screenshot 2022-11-24 at 16.43.37.png



Cheers and Happy Thanksgiving

0 REPLIES 0