{"id":696,"date":"2024-11-08T17:33:20","date_gmt":"2024-11-08T17:33:20","guid":{"rendered":"https:\/\/cleanbrowsing.org\/help\/?post_type=ht_kb&p=696"},"modified":"2025-07-30T21:20:23","modified_gmt":"2025-07-30T21:20:23","slug":"how-to-secure-google-chrome-disable-secure-dns-and-harden-browser-policies","status":"publish","type":"ht_kb","link":"https:\/\/cleanbrowsing.org\/help\/docs\/how-to-secure-google-chrome-disable-secure-dns-and-harden-browser-policies\/","title":{"rendered":"How to Secure Google Chrome: Disable Secure DNS and Harden Browser Policies"},"content":{"rendered":"\n

To strengthen your organization’s security posture, it’s essential to secure browser settings, particularly for widely used browsers like Google Chrome. By leveraging Chrome’s Group Policy settings, administrators can control browser behavior and limit potential vulnerabilities. This includes disabling features like Secure DNS (DNS-over-HTTPS), which can bypass network-level filtering and pose a security risk. Additionally, managing policies to restrict or block extensions, enforce SafeSearch <\/a>filtering, and control built-in DNS clients can further reduce exposure to cyber threats. This guide provides detailed, step-by-step instructions on how to configure Chrome through administrative templates to harden your browser and protect your network environment.<\/p>\n\n\n

\n

\n \ud83d\udee1\ufe0f CleanBrowsing: Internet Safety Made Simple\n <\/h3>\n

\n Filter harmful websites, block adult content, and protect your entire network. All with fast, privacy-respecting DNS.\n <\/p>\n \n Start Filtering Here \u2192\n <\/a>\n<\/div>\n\n\n

Installing Administrative Templates<\/a><\/a><\/h2>\n\n\n\n

Step 1: Download Chrome Administrative Template<\/strong><\/h3>\n\n\n\n
    \n
  1. Download the Administrative Template:<\/strong> First, you need to download the Chrome administrative template from the Chrome Enterprise page as a bundle. It contains the necessary files within it (https:\/\/chromeenterprise.google\/browser\/download\/#download-browser<\/a>).<\/li>\n\n\n\n
  2. Extract the Contents:<\/strong> The download will include a ZIP file containing the template and documentation. Extract the contents of this ZIP file to a folder.<\/li>\n<\/ol>\n\n\n\n

    Step 2: Add the Template to Group Policy<\/strong><\/a><\/h3>\n\n\n\n
      \n
    1. Open Group Policy Management:<\/strong> Press Windows Key + R<\/code><\/strong>, type gpedit.msc<\/code><\/strong>, and press Enter to open the Local Group Policy Editor.<\/li>\n\n\n\n
    2. Navigate to Administrative Templates:<\/strong> Go to Local Computer Policy<\/code><\/strong> > Computer Configuration<\/code><\/strong> > Administrative Templates<\/code><\/strong>.<\/li>\n\n\n\n
    3. Add\/Remove Templates:<\/strong> Right-click on Administrative Templates<\/code><\/strong>, and select Add\/Remove Templates<\/code><\/strong>.<\/li>\n\n\n\n
    4. Add the Chrome Template:<\/strong> Click on Add<\/code><\/strong>, navigate to the location where you extracted the Chrome policy templates, and select the chrome.adm<\/code><\/strong> or chrome.admx<\/code><\/strong> file (depending on your version of Windows). If you’re using the ADMX template, you should copy the ADMX file and its language folder (ADML) to the C:\\Windows\\PolicyDefinitions<\/code><\/strong> directory instead of using the Add\/Remove Templates option.<\/li>\n\n\n\n
    5. Close the Dialog:<\/strong> After adding the template, click Close<\/code><\/strong> in the Add\/Remove Templates<\/code><\/strong> dialog.<\/li>\n<\/ol>\n\n\n\n

      Configure Chrome Policy for Blocking Extensions and Allowing Some<\/strong><\/a><\/h2>\n\n\n\n
        \n
      1. Navigate to Chrome Policies:<\/strong> Back in the Group Policy Editor, you’ll now see a Google<\/code><\/strong> or Google Chrome<\/code><\/strong> section under Administrative Templates<\/code><\/strong> (the exact path might vary slightly based on the template version). Navigate to it.<\/li>\n\n\n\n
      2. Enable Extension Allow List:<\/strong> Look for a policy named Configure extension installation allow list<\/code>