How to Block Users from Installing Chrome Extensions (Windows Server 2022 GPO Guide)

How to Block Users from Installing Chrome Extensions (Windows Server 2022 GPO Guide)

Xitiz Basnet Xitiz Basnet

Xitiz Basnet

Published Apr 29, 2026
+ Follow

In many organizations, controlling browser extensions is critical for security, compliance, and performance. By default, users can install extensions from the Chrome Web Store without admin approval — which can introduce risks.

Here’s a simple step-by-step guide to block Chrome extension installation using Group Policy (Windows Server 2022).

🖥️ Default Behavior (What Happens Without Policy)

On a client machine:

  • Open Google Chrome
  • Click the three dots (⋮) (top-right corner)
  • Go to Extensions → Visit Chrome Web Store

👉 Users can install extensions freely without admin rights.

Test it:

  • Select any extension
  • Click Add to Google Chrome → Add Extension
  • The extension installs successfully ✅

⚙️ Configure Group Policy (Server Side)

1️⃣ Open Group Policy Management

  • Go to Server Manager
  • Click Tools → Group Policy Management
  • Select your domain (e.g., xitiztechservices.local)

2️⃣ Create a New GPO

  • Navigate to your OU (e.g., Domain_Users)
  • Right-click → Create a GPO in this domain, and link it here
  • Name it: Block User Install Extensions From Google Chrome

3️⃣ Edit the GPO

  • Right-click the GPO → Edit

Navigate to: 

User Configuration → Administrative Templates → Google → Google Chrome → Extensions

4️⃣ Enable Extension Block Policy

  • Locate the setting: "Configure extension installation blocklist"
  • Double-click the setting.
  • Select the Enabled radio button.
  • Click Show, under: "Extension IDs the user should be prevented from installing (or * for all)"
  • In the popup window, enter:

Value: *

📌 Meaning:

  • "*" blocks all extensions
  • Unless explicitly allowed via allowlist

Click OK → Apply → OK

🔄 Apply the Policy

On Server:

Run PowerShell as Admin: 

gpupdate /force

On Client:

Run PowerShell as Admin: 

gpupdate /force

Then restart the machine 🔁

✅ Verification

On the client machine:

  • Open Chrome
  • Go to Extensions → Chrome Web Store
  • Try installing any extension

🚫 You’ll see: "Your admin has blocked this item (ID: xxxxxxxxx)"

🎯 Result

✔ Users can no longer install Chrome extensions

✔ Organization gains better control over browser security

📝 Pro Tip

If you need to allow specific extensions:

  • Use the Extension Allowlist policy
  • Add approved extension IDs

💡 Why This Matters

Uncontrolled extensions can:

  • Expose sensitive data
  • Introduce malware
  • Impact browser performance

Implementing this policy is a quick win for endpoint security.

#ITAdministration #WindowsServer #GroupPolicy #CyberSecurity #SysAdmin #Chrome #ITSecurity #ActiveDirectory

To view or add a comment, sign in

More articles by Xitiz Basnet

See all articles

Explore content categories