Pim_van_de_Vis
VMware Employee
VMware Employee

Manage Google Chrome with UEM - alternative way

Jump to solution

The biggest issue with managing Google Chrome with UEM is that Chrome stores a lot of data in the %LocalAppData% folder, making it very time consuming to import and export that location.

Google provides an option to make Chrome store the browser user profile information in the Roaming AppData folder, to make it compatible with roaming user profiles.

This option stores most personal Chrome settings in a small 'profile.pb' file. This is a huge improvement over the original location, that can easily grow to 100's of megabytes.

This page describes the solution:

Using Chrome on roaming user profiles - Chrome for business and education Help

The site provides an ADMX template that can be imported in UEM 'ADMX based settings'.

You only need to enable the setting called 'Enable the creation of roaming copies for Google Chrome profile data'.

This will create the '%AppData%\Google\Chrome\User Data\Default\profile.pb' file, which we will further manage with a UEM config file (attached to this post).

The roaming user profile (profile.pb) contains information such as bookmarks, autofill data, passwords, per-computer browsing history, browser preferences, and installed extensions.

The downside it that the 'profile.pb' file doesn’t contain information about cookies, browsing sessions, cached or downloaded files, and other local browser instance and transient data.

I found out that capturing the 'Cookies' file from the LocalAppData folder, together with the 'profile.pb' file solves the cookies issue.

Attached is a UEM config file that you can use to test this new approach. It's not perfect yet, because some personal settings are still missing, but by including the correct specific files from LocalAppData we might get it to roam all settings, while still maintaining a small and fast UEM profile.

Please give this a try, and let me know what you are missing, or what files need to be included additionally to make this work.

58 Replies
RachelW
Enthusiast
Enthusiast

Hi DEMdev​ and Shreyskar​,

Thank you for the information, that is very helpful.

Another question...currently I have a Chrome Config file (my original chrome config file) and a Chrome - Roaming config file (the new one will all of the changes).  I have a few users testing this new Chrome config file before pushing it out to the entire environment.  Is there a way to "disable" the original Chrome config file for those specific users so it doesn't "run" that along with the new config file?

Thank you.

0 Kudos
DEMdev
VMware Employee
VMware Employee

Hi RachelW,

Is there a way to "disable" the original Chrome config file for those specific users so it doesn't "run" that along with the new config file?

Sure, you can configure some conditions on your original config file so that it won't take effect for your test users. Similar to how you targeted your new config file, I assume.

So, for your new Chrome - Roaming config file, you probably have something like:

pastedImage_3.png

So it will only take effect for users in the "TestUsers" group, or one of those two user names.

To prevent your original config file taking effect for those same users, you can pretty much take those conditions, and put in a few strategic NOTs:

pastedImage_6.png

RachelW
Enthusiast
Enthusiast

DEMdev​,

This is excellent, thank you.

I have added the conditions to disable the accounts from "running" the original Chrome config file and that seems to have done the trick.

Also, just to confirm the Backups folder is NOT read and imported/exported as a user logs into a Horizon desktop, is that correct?  It is strictly a backup and does not get read by UEM at all.

0 Kudos
DEMdev
VMware Employee
VMware Employee

Hi RachelW,

Happy to hear that the conditions did the trick. And, indeed, backups are never read directly by the DEM agent. If backups are configured, at export time the previous profile archive is moved to the backups folder. A backup can be restored via the Self-Support Tool or the Helpdesk Support Tool, which means that a particular profile archive backup is copied over the "normal" profile archive. The next time the DEM agent performs an import (at logon or – if DirectFlex is enabled for that config file – at application launch), the DEM agent will import those settings.

0 Kudos
RachelW
Enthusiast
Enthusiast

Hi DEMdev​, Shreyskar​, ap_idb​, dimich34​,

I am continuing to look at folders/files that can be excluded for Chrome to continue to reduce the size.  I see there is one called SafeBrowsing under LocalAppData\Google\Chrome\User Data.  What is this folder for?  Can it be safely excluded?

There is a file called Urlsoceng.store in there that is 8.4 MB in size and many other .store files which are relatively small.

0 Kudos
RachelW
Enthusiast
Enthusiast

So, would it make sense that both UEM Chrome config files need to be active initially so that the chrome settings from the existing chrome config file "copies" (for lack of a better word) into the new profile?  And once that is done, the original Chrome config can then be disabled?

The reason I ask this is because in my testing I had the original Chrome config file disabled while the new one was enabled and when the user logged out the "Google Chrome - Roaming" (my new config file) archive file was only 1 KB in size.  When the user logged back in, none of their bookmarks, etc. were there so it didn't appear to create the new archive file correctly.

Not sure what I am doing wrong.

Any help is appreciated.

Thank you!

0 Kudos
DEMdev
VMware Employee
VMware Employee

Hi RachelW,

I am continuing to look at folders/files that can be excluded for Chrome to continue to reduce the size.  I see there is one called SafeBrowsing under LocalAppData\Google\Chrome\User Data.  What is this folder for?  Can it be safely excluded?

Sorry, I can really only answer product questions. I don't know enough about application-specific config files to contribute anything useful, I'm afraid.

DEMdev
VMware Employee
VMware Employee

Hi RachelW,

So, would it make sense that both UEM Chrome config files need to be active initially so that the chrome settings from the existing chrome config file "copies" (for lack of a better word) into the new profile?  And once that is done, the original Chrome config can then be disabled?

Indeed, that makes sense. If your "old" config file is disabled, or has conditions that do not match, the corresponding profile archive will not be imported at logon. When the "new" config is used at logoff, there will be (hardly) any Chrome settings in the profile to export, resulting in a tiny profile archive.

There are a number of ways to deal with this, but it probably would be easiest to just update your old config file with the new contents.

RachelW
Enthusiast
Enthusiast

DEMdev​,

I am still struggling with preventing the original Chrome Config file from running for the specific users that I have set the Roaming config file for.  Here is what I have in the conditions for the Original Chrome config file:

pastedImage_0.png

Both config files are currently running for the test group.

0 Kudos
DEMdev
VMware Employee
VMware Employee

Hi RachelW,

Those conditions effectively mean:

  • If the user is not a member of group ..., the config file is applied.
  • Otherwise: If the user name is equal to ..., the config file is applied.
  • Otherwise: If the user is a member of group ..., the config file is applied.
  • Otherwise: If the user name is equal to ..., the config file is applied.
  • Otherwise: If the user is a member of group ..., the config file is applied.
  • Otherwise: the config file is not applied.

Is that your intent? If not, can you describe what behavior you're after exactly, with "fake but consistent" user and group names?

0 Kudos
RachelW
Enthusiast
Enthusiast

Hi DEMdev​,

So, I DO not want the config file to be applied to any of those situations listed.  If the user is a part of the specific group, I do NOT want the config file applied.  If a specific user is listed, I do not want the config file applied either.

So after reading your explanation of each line listed, if I do not want the config file applied to any of those situations, do I use AND NOT or OR NOT?  Or do I use something else?

pastedImage_0.png

0 Kudos
DEMdev
VMware Employee
VMware Employee

Hi RachelW,

Simplifying the scenario a bit: let's say you do not want this to apply to user "Jane" and user "John". If you were to configure this as:


NOT Environment variable 'username' is equal to 'Jane'

OR NOT Environment variable 'username' is equal to 'John'

that would not have the intended result, as OR'ing two conditions results in a match if either condition evaluates to true. If Jane were to log in, NOT Environment variable 'username' is equal to 'Jane' would be false, but NOT Environment variable 'username' is equal to 'John' would be true (as Jane is not equal to John), and false OR true evaluates to true.

So, for this you would use AND NOT. "I only want this to apply if this user is NOT a member of group ABC, AND this user is NOT a member of group DEF, AND this use is NOT Jane, AND this user is NOT John."

There are other ways to achieve this as well, but I'm not sure whether that might just be confusing the topic further...

amensing59
Contributor
Contributor

Hey CyberTron123,

Did you find a solution for your bookmarks problem? We encountered the same problem and have not found a solution yet. 

0 Kudos
MatCox
Contributor
Contributor

@CyberTron123 @amensing59 

I'd also love to hear if you got anywhere with this! As of sometime early this month, users have slowly lost their roaming profiles and the profile.pb files are no longer being loaded or updated. Nothing we can see has changed in the environment, so keen to know if you had any updates 🙂 

0 Kudos
CyberTron123
Enthusiast
Enthusiast

yes it is working now. I am using the roaming profile version. i haven´t got everything perfect (it doesn´t remember old tabs that were open before restart and such, but it is close enough!.

 

Check your GPO and see to it that it matches the Chrome Enterprise version

 

0 Kudos
MatCox
Contributor
Contributor

Thanks for replying! After a few hours digging around yesterday, I realised the VDIs have recently moved OU and there was some conflicting chrome policies which were causing the issue.

0 Kudos
Soap01
Enthusiast
Enthusiast

Has anyone been able to get 'cloud-sync' working with Chrome in a non persistent environment?

Tags (1)
0 Kudos
antonpaloka
Enthusiast
Enthusiast

Has anyone had issues with this config not storing the pinned tabs? I've been trying to find this all day with no luck

0 Kudos
jlstraat
Contributor
Contributor

What is the advantage of this configuration over redirecting the cache to a writable disk and capture only the files with no extentions in the C:\Users\Username\AppData\Local\Google\Chrome\User Data\Default folder. I have a foodprint of max 6 mb per user with captured data. Just wondering if I should investigate this a bit more?

btw we do not allow logon to google chrome. 

0 Kudos