In the ever-evolving landscape of IT administration, controlling and customizing the user experience on managed computers is an ever crucial task. One aspect that often demands attention is the configuration of homepages on web browsers — a seemingly small detail that can significantly impact brand awareness and overall security posture.
In this guide, we’ll explore a series of actions an administrator might take to either enforce or set a default homepage on Microsoft Edge and Google Chrome web browsers on Windows based systems.
We’ll leverage two JumpCloud features, Commands and Policies to accomplish the goal at hand. First let's break down what an ‘enforced’ and a ‘default’ homepage mean in this context.
- Enforced - a homepage that’s set on a recurring basis.
- The end-user may be able to change the value but it’ll always return to the enforced value by means of the JumpCloud Policy enforcement.
- Default - a homepage is set to some default value once.
- The end-user will be able to change this value later if they so choose.
Both options offer unique benefits, choosing which to deploy to your environment will likely depend on the type of systems being managed. Rotating workstations or kiosks might be better suited for an ‘enforced’ homepage. Whereas individual workstations are likely better candidates for a default homepage configuration.
Set a default homepage
To set a default homepage and give end-users the ability to to update this value later, we can leverage the power of JumpCloud Commands and the RunAsUser context module. To set a registry value as the current running user we can invoke the RunAsUser to set a value in the HKEY_CURRENT_USER (HKCU) registry that the user would have access to.
Registry values in HKCU are modifiable by the logged in user. The RunAsUser module enables us to execute code as the logged in user. In the examples below we’ll set the user preference homepage values for both Chrome and Edge. Users will retain access to edit these values in the future.
In both examples, create a new JumpCloud PowerShell Command, copy the example code into the script body and assign the policy to a set of devices.
Google Chrome Example:
# If Nuget is not installed, go ahead and install it
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
$PkgProvider = Get-PackageProvider
If ("Nuget" -notin $PkgProvider.Name) {
Install-PackageProvider -Name NuGet -Force
}
# If PSModule RunAsUser is not installed, install it
if ( -not (get-installedModule "RunAsUser" -ErrorAction SilentlyContinue)) {
install-module RunAsUser -force
}
$Command = {
# update the URL here:
$url = "https://www.jumpcloud.com"
# set the required Keys
$requiredKeyList = @('HKCU:\SOFTWARE\Policies\Google', 'HKCU:\SOFTWARE\Policies\Google\Chrome', 'HKCU:\SOFTWARE\Policies\Google\Chrome\RestoreOnStartupURLs')
foreach ($key in $requiredKeyList){
If ( -Not (Test-Path $key)) {
New-Item -Path $key | Out-Null
}
}
# Define Registry Key Hash:
$RegKeyList = @(
[PSCustomObject]@{
'customData' = $url;
'customRegType' = 'String';
'customLocation' = 'HKCU:\SOFTWARE\Policies\Google\Chrome';
'customValueName' = 'HomepageLocation'
},
[PSCustomObject]@{
'customData' = '0';
'customRegType' = 'DWORD';
'customLocation' = 'HKCU:\SOFTWARE\Policies\Google\Chrome';
'customValueName' = 'HomepageIsNewTabPage'
},
[PSCustomObject]@{
'customData' = '4';
'customRegType' = 'DWORD';
'customLocation' = 'HKCU:\SOFTWARE\Policies\Google\Chrome';
'customValueName' = 'RestoreOnStartup'
},
[PSCustomObject]@{
'customData' = $url;
'customRegType' = 'String';
'customLocation' = 'HKCU:\SOFTWARE\Policies\Google\Chrome\RestoreOnStartupURLs';
'customValueName' = '1'
}
)
foreach ($item in $RegKeyList){
$itemExists = Get-ItemProperty -Path $item.customLocation -Name $item.customValueName -ErrorAction Ignore
if (-not $itemExists){
New-ItemProperty -Path $item.customLocation -Name $item.customValueName -Value $item.customData -PropertyType $item.customRegType
} else {
Set-ItemProperty -Path $item.customLocation -Name $item.customValueName -Value $item.customData
}
}
}
$output = invoke-ascurrentuser -scriptblock $Command -CaptureOutput
Write-Host $output
Microsoft Edge Example:
# If Nuget is not installed, go ahead and install it
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
$PkgProvider = Get-PackageProvider
If ("Nuget" -notin $PkgProvider.Name) {
Install-PackageProvider -Name NuGet -Force
}
# If PSModule RunAsUser is not installed, install it
if ( -not (get-installedModule "RunAsUser" -ErrorAction SilentlyContinue)) {
install-module RunAsUser -force
}
$Command = {
# update the URL here:
$url = "https://www.jumpcloud.com"
# set the required Keys
$requiredKeyList = @('HKCU:\Software\Policies\Microsoft\Edge', 'HKCU:\Software\Policies\Microsoft\Edge\RestoreOnStartupURLs')
foreach ($key in $requiredKeyList) {
If ( -Not (Test-Path $key)) {
New-Item -Path $key | Out-Null
}
}
# Define Registry Key Hash:
$RegKeyList = @(
[PSCustomObject]@{
'customData' = "4";
'customRegType' = 'DWORD';
'customLocation' = 'HKCU:\Software\Policies\Microsoft\Edge';
'customValueName' = 'RestoreOnStartup'
},
[PSCustomObject]@{
'customData' = $url;
'customRegType' = 'String';
'customLocation' = 'HKCU:\Software\Policies\Microsoft\Edge\RestoreOnStartupURLs';
'customValueName' = '1'
}
)
foreach ($item in $RegKeyList) {
$itemExists = Get-ItemProperty -Path $item.customLocation -Name $item.customValueName -ErrorAction Ignore
if (-not $itemExists) {
New-ItemProperty -Path $item.customLocation -Name $item.customValueName -Value $item.customData -PropertyType $item.customRegType
} else {
Set-ItemProperty -Path $item.customLocation -Name $item.customValueName -Value $item.customData
}
}
}
$output = invoke-ascurrentuser -scriptblock $Command -CaptureOutput
Write-Host $output
For each of the commands set the Launch Event to "Run on Next JumpCloud Login" — this command event will only trigger when a JumpCloud managed user logs into a device. For more information on command and event actions check out @TomBridge's post on command triggers.
When either of these commands are sent to devices the HKCU key for the current logged in user will be set to values defined in the command script block. The user can go and change their homepage to some other value if they choose.
To change the URL, simply update the $url variable in either of the two commands to your preferred value.
Enforce a homepage
Given the scenario where a default homepage is not sufficient or desired, administrators can enforce a homepage on Google Chrome or Microsoft Edge with a JumpCloud Policy. When the policy is applied to a device, new sessions of Chrome or Edge will initiate with the homepage url defined in the policy. The following PowerShell script blocks are provided to create a the required JumpCloud Policy settings for Chrome and Edge browsers. The JumpCloud PowerShell Module is required to import these policies within your organization.
Open a new PowerShell window, connect to your org with Connect-JCOnline and paste the two script blocks into the terminal window. Change the $url variable to a website of your choosing.
Google Chrome Policy:
# Set an enforced URL for Google Chrome:
$url = "https://www.jumpcloud.com"
# Define Registry Policy Set:
$regList = @(
[PSCustomObject]@{
'customData' = $url;
'customRegType' = 'String';
'customLocation' = 'SOFTWARE\Policies\Google\Chrome';
'customValueName' = 'HomepageLocation'
},
[PSCustomObject]@{
'customData' = '0';
'customRegType' = 'DWORD';
'customLocation' = 'SOFTWARE\Policies\Google\Chrome';
'customValueName' = 'HomepageIsNewTabPage'
},
[PSCustomObject]@{
'customData' = '4 ';
'customRegType' = 'DWORD';
'customLocation' = 'SOFTWARE\Policies\Google\Chrome';
'customValueName' = 'RestoreOnStartup'
},
[PSCustomObject]@{
'customData' = $url;
'customRegType' = 'String';
'customLocation' = 'SOFTWARE\Policies\Google\Chrome\RestoreOnStartupURLs';
'customValueName' = '1'
}
)
# Create the new policy
New-JCPolicy -templateName windows_Advanced:_Custom_Registry_Keys -name "Google Chrome - Enforce HomePage" -customRegTable $regList
Microsoft Edge Policy:
$url = "https://www.jumpcloud.com"
# Define Registry Policy Set:
$regList = @(
[PSCustomObject]@{
'customData' = "4";
'customRegType' = 'DWORD';
'customLocation' = 'SOFTWARE\Policies\Microsoft\Edge';
'customValueName' = 'RestoreOnStartup'
},
[PSCustomObject]@{
'customData' = $url;
'customRegType' = 'String';
'customLocation' = 'SOFTWARE\Policies\Microsoft\Edge\RestoreOnStartupURLs';
'customValueName' = '1'
}
)
# Create the new policy
New-JCPolicy -templateName windows_Advanced:_Custom_Registry_Keys -name "Microsoft Edge - Enforce HomePage" -customRegTable $regList
Two new policies should have been imported into your organization titled "Google Chrome - Enforce HomePage" & "Microsoft Edge - Enforce HomePage".
This PowerShell Scripts will create policies within JumpCloud to set the HKLM keys. Assign the policy to a set of devices.
Wait a moment or issue your devices a `gpupdate /force` command, when a user opens their Chrome browser they’ll be greeted with your homepage value of choice. Users can still change the value of their homepage but the JumpCloud agent will enforce the homepage settings when JumpCloud policies are reinforced throughout the day.
Systems with these policies applied will eventually update their HKLM keys to enforce the Chrome/ Edge registry keys and set an enforced homepage. Even if the most tech savvy administrator users change this value in registry, the value set in JumpCloud will be enforced the next time JumpCloud Policies are applied to the device.
Hopefully this is helpful and provides some context into the differences between default and enforced policies in Windows. Let me know if you have any questions below!
New to the site? Take a look at these additional resources:
Community created scripts:
Our new Radical Admin blog:
Keep up with Product News:
Ready to join us? You can register here.
