Google Chrome

Inspired by:

Sources:
https://support.google.com/chrome/a/answer/9102677?hl=en

Download Chrome Enterprise MSI
https://cloud.google.com/chrome-enterprise/browser/download/#download

Upload GoogleChromeStandaloneEnterprise64.msi

Microsoft Intune > Client apps > Apps
Line-of-business app
Add the package file GoogleChromeStandaloneEnterprise64.msi in intune.
Ignore app version: Yes
Category: Productivity
Display this as a feautured app in the Company Portal: Yes
Command-line arguments: /quiet
Upload the Chrome Logo
Wait for upload completed
Add a group in Assignments

Policy Google Chrome

First copy the content from the chrome.admx that you can find in the .zip package.

Chrome configuration

Microsoft Intune > Device configuration > Profiles
Create profile
Name: Win 10 | Chrome configuration
Platform: Windows 10 and later
Profile type: Custom
Settings > Add
Name: Chrome ADMX Ingestion
OMA-URI: ./Device/Vendor/MSFT/Policy/ConfigOperations/ADMXInstall/Chrome/Policy/ChromeAdmx
Data type: String
Paste the content from the chrome.admx file
Add a group in Assignments

Chrome Win 10 Extention

Microsoft Intune > Device configuration > Profiles
Create profile
Name: Win 10 | Chrome Win 10 Extention
Platform: Windows 10 and later
Profile type: Custom
Settings > Add
Name: Chrome – ADMX – ExtensionInstallForcelist
OMA-URI: ./Device/Vendor/MSFT/Policy/Config/Chrome~Policy~googlechrome~Extensions/ExtensionInstallForcelist
Data type: String

<enabled/> <data id="ExtensionInstallForcelistDesc" value="1&#xF000;ppnbnpeolgkicgegkbkbjmhlideopiji;https://clients2.google.com/service/update2/crx"/>

Add a group in Assignments

Create a folder named GoogleSettings
In GoogleSettings create two folders:
Installer
Source

Example

Download PSAppDeployToolkit and extract

Copy Toolkit files to Source

Create a install.ps1 file and save in source\files folder

#paths for chrome policy keys used in the scripts
$policyexists = Test-Path HKLM:\SOFTWARE\Policies\Google\Chrome
$policyexistshome = Test-Path HKLM:\SOFTWARE\Policies\Google\Chrome\RestoreOnStartupURLs
$regKeysetup = "HKLM:\SOFTWARE\Policies\Google\Chrome"
$regKeyhome = "HKLM:\SOFTWARE\Policies\Google\Chrome\RestoreOnStartupURLs"
$url = "https://www.google.nl"

#Remove Register
$regkeypath= "HKLM:\SOFTWARE\Policies\Google\Chrome"
$value1 = (Get-ItemProperty $regkeypath).test -eq $null
If ($value1 -eq $False) {Remove-ItemProperty -path HKLM:\SOFTWARE\Policies\Google\Chrome -name HomepageLocation}
Else {Write-Host "The value does not exist"}

If ($value1 -eq $False) {Remove-ItemProperty -Path HKLM:\SOFTWARE\Policies\Google\Chrome -Name HomepageIsNewTabPage}
Else {Write-Host "The value does not exist"}

If ($value1 -eq $False) {Remove-ItemProperty -Path HKLM:\SOFTWARE\Policies\Google\Chrome -Name PasswordManagerEnabled}
Else {Write-Host "The value does not exist"}

If ($value1 -eq $False) {Remove-ItemProperty -Path HKLM:\SOFTWARE\Policies\Google\Chrome -Name RestoreOnStartup}
Else {Write-Host "The value does not exist"}

If ($value1 -eq $False) {Remove-ItemProperty -Path HKLM:\SOFTWARE\Policies\Google\Chrome\RestoreOnStartupURLs -Name 1}
Else {Write-Host "The value does not exist"}

#setup policy dirs in registry if needed and set pwd manager
#else sets them to the correct values if they exist
if ($policyexists -eq $false){
New-Item -path HKLM:\SOFTWARE\Policies\Google
New-Item -path HKLM:\SOFTWARE\Policies\Google\Chrome

#Disable = Value 0 | Force = Value 1 PasswordManagerEnabled
New-ItemProperty -path $regKeysetup -Name PasswordManagerEnabled -PropertyType DWord -Value 1
New-ItemProperty -path $regKeysetup -Name RestoreOnStartup -PropertyType Dword -Value 4
New-ItemProperty -path $regKeysetup -Name HomepageLocation -PropertyType String -Value $url
New-ItemProperty -path $regKeysetup -Name HomepageIsNewTabPage -PropertyType DWord -Value 0
}

Else {
#Disable = Value 0 | Force = Value 1 PasswordManagerEnabled
Set-ItemProperty -Path $regKeysetup -Name PasswordManagerEnabled -Value 1
Set-ItemProperty -Path $regKeysetup -Name RestoreOnStartup -Value 4
Set-ItemProperty -Path $regKeysetup -Name HomepageLocation -Value $url
Set-ItemProperty -Path $regKeysetup -Name HomepageIsNewTabPage -Value 0
}

#This entry requires a subfolder in the registry
#For more then one page create another new-item and set-item line with the name -2 and the new url
if ($policyexistshome -eq $false){
New-Item -path HKLM:\SOFTWARE\Policies\Google\Chrome\RestoreOnStartupURLs
New-ItemProperty -path $regKeyhome -Name 1 -PropertyType String -Value $url
}
Else {
Set-ItemProperty -Path $regKeyhome -Name 1 -Value $url
}

Change on line $url = "https://www.google.nl" as wished

Edit in the GoogleSettings\Source the Deploy-Application.ps1 file

Line: 64 to 76
Add # on line 120
Add # on line 123
Add # on line 160
Add # on line 163
Add below line 140 the script.

$destinationFolder = join-path $envProgramFilesX86 "\GoogleSettings"
		New-Folder -Path $destinationFolder
		Copy-File -Path "$dirFiles\*.*" -Destination $destinationFolder
		
$myParameters = '-ExecutionPolicy Bypass -NoLogo -NonInteractive -NoProfile -File "{0}"' -f "$destinationFolder\install.ps1"
		Execute-Process -Path 'powershell.exe' -Parameters $myParameters -WindowStyle 'hidden'

Making GoogleSettings.exe

Download Inno Setup and install the software

Create in Notepad++ a file GoogleSettings.iss and save to Installer folder
Copy and paste the below code and generate a App id on line 8

; Script generated by the Inno Script Studio Wizard.
; SEE THE DOCUMENTATION FOR DETAILS ON CREATING INNO SETUP SCRIPT FILES!

[Setup]
; NOTE: The value of AppId uniquely identifies this application.
; Do not use the same AppId value in installers for other applications.
; (To generate a new GUID, click Tools | Generate GUID inside the IDE.)
AppId={
AppName=GoogleSettings
AppVersion=1.0
AppPublisher=knowledgebase
AppPublisherURL=https://www.knowledgebase.it
AppSupportURL=https://www.knowledgebase.it
AppUpdatesURL=https://www.knowledgebase.it
DefaultDirName={autopf}\Source\SetupFiles
DisableDirPage=yes
DefaultGroupName=GoogleSettings
DisableProgramGroupPage=yes
OutputDir="C:\GoogleSettings\Installer"
OutputBaseFilename=GoogleSettings
Compression=lzma
SolidCompression=yes

[Files]
Source: "C:\GoogleSettings\Source\Deploy-Application.exe"; DestDir: "{app}"; Flags: ignoreversion
Source: "C:\GoogleSettings\Source\*"; DestDir: "{app}"; Flags: ignoreversion recursesubdirs createallsubdirs
; NOTE: Don't use "Flags: ignoreversion" on any shared system files

[Run]
Filename: "{app}\Deploy-Application.exe"; Parameters: "install"; WorkingDir: "{app}"; Flags: waituntilterminated hidewizard runhidden

[UninstallRun]
Filename: "{app}\Deploy-Application.exe"; Parameters: "uninstall"; WorkingDir: "{app}"; Flags: waituntilterminated runhidden

[UninstallDelete]
Type: filesandordirs; Name: "{app}*"

Run the script (F9)

Making GoogleSettings.intunewin

Create a install.cmd file and save in GoogleSettings\Installer folder

GoogleSettings.exe /VERYSILENT /SUPPRESSMSGBOXES

Download IntuneWinAppUtil.exe

Open cmd with admin rights and go to IntuneWinAppUtil.exe

Upload GoogleSettings.intunewin

https://portal.azure.com/#blade/Microsoft_Intune_Apps/MainMenu/1/selectedMenuItem/Overview

Microsoft Intune > Client apps > Apps
App type: Windows app (Win32)
Name: Google Settings
Description: Google Settings
Pubisher: Knowledgebase
Category: Computer management
Display this as a featured app in the Company Portal: Yes or No
Upload a logo
Wait for complete upload
Install command: Install.cmd
Unistall command: msiexec /x "{AppId}" /q
Install behavior: System
Operating system architecture: 64-bit
Minimum operating system: Windows 10 1607
Detection rules>
Rule type: File
Path: C:\Program Files (x86)\
File or folder: GoogleSettings
Detection method: File or folder exists
Associated with a 32-bit app on 64-bit clients: Yes

Assign a group in Assignments