My company has instructed employees to stop using built-in password managers in Chrome and Edge, as these automatically fill out our single sign-on details. Unfortunately, many employees aren't complying with this request. I've been assigned the task of finding a way to enforce this policy, but I'm running into some challenges. My current role limits me to running scripts that don't require admin privileges, and any administrative scripts need to be approved by multiple people and only take effect after user updates. I'm open to unconventional solutions, but so far, attempts like altering Chrome shortcuts haven't worked. Also, extensions are blocked by our group policy. Can anyone suggest a viable method to disable these password managers?
5 Answers
You might be overthinking it; there's no need for complex scripts. Just focus on deploying the enterprise versions of Chrome and Edge with the correct policies set. Users shouldn’t even have the option to install consumer versions.
Right! Some people circumvent policies just because they prefer the consumer version. Gotta stay vigilant!
If GPOs aren’t an option for you, consider a script that modifies the registry settings to disable these features. It’s not as ideal but might work with your access restrictions.
That’s a great workaround! Just make sure you test it as some users might still manage to restore their old settings.
Make sure to document the changes, so you don’t create confusion down the road.
The best route is to use Group Policy Objects (GPOs). You can download the Chrome and Edge Enterprise policy templates to manage settings like disabling autofill and password managers. It’s a straightforward way to enforce this across your organization. If you can get those templates into your Active Directory or management solution, you'll be set!
Yeah, GPOs are super effective for this! Just make sure you keep the templates updated to cater to both browsers.
Absolutely! GPOs also let you control other aspects like login settings and syncing, which is crucial for security.
Another approach is to create a clear policy regarding password management. Communicate the risks of using built-in managers and the importance of sticking to approved solutions, then enforce consequences for breaking this policy.
I totally agree. Sometimes a firm policy and communication can be more effective than tech solutions.
For sure! Establish the ground rules upfront and hold everyone accountable.
Is your company providing an approved password manager? If not, disabling built-in ones without an alternative isn’t a great security measure. Users might just resort to insecure methods instead.
Absolutely! Without a better option, users might start jotting down passwords, which is risky.
Exactly, better to guide them towards a secure solution than just take away their tools.
True, but if the users keep reverting back to the regular versions, it’ll be an uphill battle.