Google Chrome

Thank you for the help on getting us closer to migrating Chrome settings between VDI sessions! We are running into a snag that between sessions Chrome opens up showing the Account is "Paused" and we cannot seem to get it to just sync as expected. We're running Google Chrome 96.0.4664.45 currently on our Linked Clones.

Any advice on what we should be digging into or looking at to get around this "Paused" message?

Thanks to a LOT of digging into older posts we were able to get Chrome to see our user as logged in between different VDI sessions. It ended up being that we had to add a Windows Common Setting for "Personal Certificates". Thank you for the point in the right direction from https://communities.vmware.com/t5/Dynamic-Environment-Manager/Manage-Google-Chrome-with-UEM-alternat...

Honestly the only reason we were after Google Chrome to work is to get Google Drive for Desktop working (which logs in via the browser). So at this point we have Chrome working and retaining the user login which in turn allows Google Drive to launch and map up their "G" drive. Once I get our Chrome DEM config cleaned up I'll post the ini that we settled on.

[IncludeRegistryTrees]
HKCU\Software\Google

[IncludeFiles]
<LocalAppData>\Google\Chrome\User Data\First Run
<LocalAppData>\Google\Chrome\User Data\Local State

[IncludeFolderTrees]
<LocalAppData>\Google\Chrome\User Data\Default
<LocalAppData>\Google\Chrome\User Data\Profile 1
# Adding in Google Drive for Desktop
<LocalAppData>\Google\DriveFS

[ExcludeFolderTrees]
<LocalAppData>\Google\Chrome\User Data\Default\Cache
<LocalAppData>\Google\Chrome\User Data\Default\Code Cache
<LocalAppData>\Google\Chrome\User Data\Default\GPUCache
<LocalAppData>\Google\Chrome\User Data\Default\IndexedDB
<LocalAppData>\Google\Chrome\User Data\Default\Service Worker\CacheStorage
<LocalAppData>\Google\Chrome\User Data\Default\Service Worker\ScriptCache

<LocalAppData>\Google\Chrome\User Data\Profile 1\Cache
<LocalAppData>\Google\Chrome\User Data\Profile 1\Code Cache
<LocalAppData>\Google\Chrome\User Data\Profile 1\GPUCache
<LocalAppData>\Google\Chrome\User Data\Profile 1\IndexedDB
<LocalAppData>\Google\Chrome\User Data\Profile 1\Service Worker\CacheStorage
<LocalAppData>\Google\Chrome\User Data\Profile 1\Service Worker\ScriptCache

# Exclude crash/log folders from Google Drive
<LocalAppData>\Google\DriveFS\Crashpad
<LocalAppData>\Google\DriveFS\Logs

[ExcludeFiles]
# Found posts about excluding the Network Action files and at this point
# things are working without them so why not keep things a little slimmer
<LocalAppData>\Google\Chrome\User Data\Default\Network Action Predictor
<LocalAppData>\Google\Chrome\User Data\Default\Network Action Predictor-journal

<LocalAppData>\Google\Chrome\User Data\Profile 1\Network Action Predictor
<LocalAppData>\Google\Chrome\User Data\Profile 1\Network Action Predictor-journal

*.tmp

@Vanyun Is this profile still working for you? I have been using a slightly modified version of what you have and even tried your settings exactly and now Chrome forces my users to login every time. It says sync is paused. It's frustrating since we enforce 2 factor auth on our email accounts.

Authentication settings are typically handled by Windows and could be captured with the DEM templates for 'IE Passwords' and 'personal certificates' 

Are you still having issues with these DEM templates in place?

@Chris_Nodak It is, however, we have made some alterations to exclude more files/folders from the profile. The biggest piece was to also include the built-in "Personal Certificates" DEM profile. Without that added Google Chrome would always have our users as "Paused" when first logging into their desktop. Sorry for the late reply back as the email alert went into my SPAM folder.

Latest Google Chrome DEM Config;

# REQUIRES [Personal Certificates] to maintain login information between sessions

[IncludeRegistryTrees]
HKCU\Software\Google

[IncludeFiles]
<LocalAppData>\Google\Chrome\User Data\First Run
<LocalAppData>\Google\Chrome\User Data\Local State

[IncludeFolderTrees]
<LocalAppData>\Google\Chrome\User Data\Default
<LocalAppData>\Google\Chrome\User Data\Profile 1
<LocalAppData>\Google\DriveFS

[ExcludeFolderTrees]
<LocalAppData>\Google\Chrome\User Data\Default\Cache
<LocalAppData>\Google\Chrome\User Data\Default\Code Cache
<LocalAppData>\Google\Chrome\User Data\Default\GPUCache
<LocalAppData>\Google\Chrome\User Data\Default\IndexedDB
<LocalAppData>\Google\Chrome\User Data\Default\Service Worker\CacheStorage
<LocalAppData>\Google\Chrome\User Data\Default\Service Worker\ScriptCache

<LocalAppData>\Google\Chrome\User Data\Profile 1\Cache
<LocalAppData>\Google\Chrome\User Data\Profile 1\Code Cache
<LocalAppData>\Google\Chrome\User Data\Profile 1\GPUCache
<LocalAppData>\Google\Chrome\User Data\Profile 1\IndexedDB
<LocalAppData>\Google\Chrome\User Data\Profile 1\Service Worker\CacheStorage
<LocalAppData>\Google\Chrome\User Data\Profile 1\Service Worker\ScriptCache

# Exclude Extensions as they bloat user settings
<LocalAppData>\Google\Chrome\User Data\Default\Extensions
<LocalAppData>\Google\Chrome\User Data\Profile 1\Extensions

# Exclude cache/crash/log folders from Google Drive
<LocalAppData>\Google\DriveFS\[MATCHALL]\content_cache
<LocalAppData>\Google\DriveFS\[MATCHALL]\local_folders
<LocalAppData>\Google\DriveFS\[MATCHALL]\thumbnails_cache
<LocalAppData>\Google\DriveFS\cef_cache
<LocalAppData>\Google\DriveFS\Crashpad
<LocalAppData>\Google\DriveFS\Logs

[ExcludeFiles]
# Found posts about excluding the Network Action files and at this point
# things are working without them so why not keep things a little slimmer
<LocalAppData>\Google\Chrome\User Data\Default\Network Action Predictor
<LocalAppData>\Google\Chrome\User Data\Default\Network Action Predictor-journal

<LocalAppData>\Google\Chrome\User Data\Profile 1\Network Action Predictor
<LocalAppData>\Google\Chrome\User Data\Profile 1\Network Action Predictor-journal

*.tmp

@Vanyun @Pim_van_de_Vis 

We are still having issues with the users sync status being paused. I do capture personal certificates and IE Passwords, even though we're using Chrome in this instance.

I will take your new template and do some additional testing. Thanks to you both for responding.

@Vanyun 

Are you using directflex?

@Chris_Nodak 

No we do not have that enabled. Looking through all of the tabs all I see is under Advanced we have enabled "Process during logon and logoff" (which might be the default). Also for reference we are running the following;

Windows 10 Enterprise 22H2
Horizon Agent 8.6.0.20088748
DEM Enterprise 10.6.0.1047
Google Chrome 111.0.5563.147
Google Drive 72.0.3.0

I also tried removing my Google DEM profile and starting from scratch with my login and it still persist through different sessions. I was curious/testing if it was working due to a previous profile with an earlier version of Chrome, however, that wasn't the case and for us it's working regardless of a new or existing Google DEM profiles.

Sorry if this isn't helping you out in your circumstance but trying to get you any possible data/info that may point out a difference between yours and ours.

Unfortunately still not staying signed on. I updated the chrome profile and deleted all my test user's archives so I would get everything refreshed. 

@Vanyun 

I really appreciate the follow up. We're still on Horizon 7.13.2, however I am running Agent 8.4 on the instant clone vms.

Same Windows version, I need to update Chrome. Perhaps there's an issue in the version I have right now. Didn't realize my image was this far behind.

We're a version behind on DEM also. Not sure that would matter. 

@Vanyun thanks for sharing the DEM template on Chrome! Much appreciated.

@Chris_Nodak I think the version of DEM might not make a difference, but the version of Chrome could make a big difference. Chrome gets monthly updates and sometimes they change something that has a big impact. So I would start with testing how the latest version of Chrome Enterprise behaves.

@Pim_van_de_Vis 

We noticed an oddity with our image. I am installing the latest version of Chrome using OSOT and MDT but when the desktop is cloned out, the version of Chrome shows up as 99. I don't know how or why. I'm thinking this is what is causing our problem. Still troubleshooting.

@Pim_van_de_Vis 

@Vanyun 

I figured out my Chrome versioning issue. It was an appvolume that was pulling in an old version of Chrome. Now that I've resolved that, I'm back to trying to figure out the profile issue. After some more testing, I logged in as a user with no appvolume assignments and the Chrome profile is remembered perfectly. 

Are either of you using appvolumes? I'm guessing I need to recapture one or all of these and ensure chrome isn't being captured at all. I think my reference VM had Chrome installed and that is creating my problems with profiles.

Good to hear that it works when you are excluding AppVolumes.

Are you also using a AppVolumes Writable Volume, or maybe FSLogix that captures some user profile information?

Otherwise I would try to find the AppStack that causes the issue, by attaching the appstacks 1 by 1, until you face the issue again and then recreate the appstack that causes the problem with Chrome.

@Pim_van_de_Vis 

No we are not using writeables or FSLogix. I did test as you mentioned each appvolume involved. Oddly when I manually assign all the appvolumes in question, the profile works just fine. But when I add the user to the group assignment for the same set of appvolumes it doesn't work. Still working through this.

Just some follow up on this. We think we have it resolved. Turns out we were redirecting the user's appdata folder to the network and once we stopped the redirection, Chrome works fine. Sadly turning off redirection broke another appvolume application that had been working. But in this case, it's the lesser problem. Thanks for the help @Pim_van_de_Vis and @Vanyun .

Perfect, thanks for the feedback.

@Pim_van_de_Vis 

So this is working great for our users logging into Chrome sync. But I have a pool for admins that doesn't have internet access for security reasons. I notice that it will save the favorites and any pinned tabs, but if you have open tabs, they are lost on logoff. Any ideas why?

Are your users logging on to their Google accounts and using the sync to Google? I've not seen this before, but have not tested without internet connection. Not sure if I'm able to help. Probably best to do some testing.

No they can't login to their Google account as I mentioned these VMs are blocked from internet access for security reasons so there's no way to sync.