Force Block Chrome Extension Now Zaps 'The Last Jedi' Spoilers

Block extensions based on their permissions

You can control what extensions your users can install based on permissions using the ExtensionSettings policy. If an installed extension needs a permission that’s blocked, it just won’t run. The extension isn’t removed, just disabled.

Note

The blocked permissions setting can only be set within the extension settings policy.

Use the following steps as a guide for blocking an extension.

  1. Open the group policy management editor and go to Administrative Templates > Microsoft Edge > Extensions and then select Configure extension management settings.

  2. Enable the policy, then enter the permissions that you want allowed or blocked, by using a JSON string that gets compressed. The next screenshot shows how to block an extension that uses the permission “usb”.

The following example shows the JSON to block any extension that needs the use of permission “usb” and its compressed string.

JSON example

Note

To block all extensions that use the permission, use an asterisk for the extension ID, as shown in the previous example. If you specify one extension ID, the policy will only apply to that extension. You can block more than one, but they need to be separate entries.

Video

Configure using the Windows Registry

The ExtensionSettings policy should be written to the registry under this key:

HKLM\Software\Policies\Microsoft\Edge\

[!NOTE] It’s possible to use HKCU instead of HKLM. The equivalent path can be configured with Group Policy Object (GPO).

For Microsoft Edge, all settings will start under this key:

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Edge\

The next key that you will create is either the Extension ID for individual scope or an asterisk (*) for the Default Scope. For example, you’d use the following location in the registry for settings that apply to Google Hangouts:

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Edge\ExtensionSettings\nckgahadagoaajjgafhacjanaoiihapd

For settings that apply to the Default Scope (asterisk), use the following location in the registry:

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Edge\ExtensionSettings\*

Different settings will require different formats, depending on whether they are a string or an array of strings. Array values require ["value"]. String values can be entered as is. The following list shows which settings are arrays or strings:

  • Installation_mode = String
  • update_url = String
  • blocked_permissions = Array of strings
  • allowed_permissions = Array of Strings
  • minimum_version_required = String
  • runtime_blocked_hosts = Array of strings
  • runtime_allowed_hosts = Array of Strings
  • blocked_install_message = String

8.Freedom for iOS and Android

Blocking websites on a Mac and Windows computers can boost your productivity, however that productivity will be short-lived if it means you can just turn to your phone or tablet when your brain starts to crave your blocked distractions.

We offer Freedom on iOS and Android devices so that you can sync your block sessions across all of your devices because distractions aren’t always device-specific. The Freedom iOS app will block apps and websites based on your custom blocklist, and can be used simultaneously in sessions with your Mac or Windows computer or any number of other devices. 

The Freedom Android app will block apps of your choice, and like any of the other Freedom apps, initiate or sync with your Freedom sessions if you choose. 

Pros: Freedom is the only complete multi-platform website and app blocker solution.  So even if you have every popular device on the market (iPhone, iPad, Android phone or tablet, Mac and Windows computers) – Freedom has you covered on all of them, at the same time if you’d like! 

Price: Included in Freedom Premium (see Freedom for Mac and Windows above)

Block extensions from a specific store or update URL

To block extensions from a particular store or URL, you only need to block the update_url for that store using the ExtensionSettings policy.

Use the following steps as a guide to block extensions from an particular store or URL.

  1. Open the group policy management editor and go to Administrative Templates > Microsoft Edge > Extensions > and then select Configure extension management settings.
  2. Enable the policy, then enter the permissions that you want allowed or blocked, compressing it to a single JSON string.

The next example shows the JSON and compressed JSON string to block from the Chrome Web Store using its update URL (https://clients2.google.com/service/update2/crx).

JSON example for blocking on update URL

Note

You can still use ExtensionInstallForceList and ExtensionInstallAllowList to allow/force install specific extensions even if the store is blocked using the JSON in the previous example.

ExtensionSettings policy fields

This policy can control settings such as Update URL, where the extension will be downloaded from for initial install, and Blocked permissions. You can also use this policy to identify which permissions aren’t allowed to run. The available policy fields are described in the following table.

Policy field Description
allowed_types Can only be used to configure the default configuration, *. Specifies what types of app or extension users are allowed to install on Microsoft Edge. The value is a list of strings, each of which should be one of the following types: “extension”, “theme”, “user_script”, and “hosted_app”
blocked_install_message If you block users from installing certain extensions, you can specify a custom message to display in the browser if users try to install them.Append text to the generic error message that is displayed on the Microsoft Edge Add-ons website. For example, you can tell users how to contact their IT department or why a particular extension is unavailable. The message can be up to 1,000 characters long.
blocked_permissions Prevents users from installing and running extensions that request certain API permissions that your organization doesn’t allow. For example, you can block extensions that access cookies. If an extension requires a permission that you blocked, the user can’t install it. If users previously installed the extension, it will no longer load. If an extension contains a blocked permission as an optional requirement, it installs as usual. Then, while the extension is running, blocked permissions are automatically declined.For a list of available permissions, see declare permissions.
installation_mode Controls if and how extensions that you specify are added to Microsoft Edge. You can set the installation mode to one of the following options:- allowed: Users can install the extension. If no installation mode is defined, this setting is the default.- blocked: Users can’t install the extension.- force_installed: Automatically install the extension without user interaction. Users can’t remove it. You also need to define the extension download location using update_url. Note: You can’t use this setting with * because Microsoft Edge wouldn’t know which extension to automatically install.- normal_installed: Automatically install the extension without user interaction. Users can disable it. You also need to define the extension download location using update_url. Note: You can’t use this setting with * because Microsoft Edge wouldn’t know which extension to automatically install.- removed: Users can’t install the extension. If users previously installed the extension, Microsoft Edge removes it.
install_sources Can be used only to configure the default configuration, *. Specifies which URLs are allowed to install extensions. Both the location of the *.crx file and the page where the download is started from (the referrer) must be allowed by these patterns. For URL pattern examples, see the match patterns.
minimum_version_required Microsoft Edge disables extensions, including force-installed extensions, with a version older than the specified minimum version.The format of the version string is the same as the one used in the extension manifest.
update_url Only applies to force_installed and normal_installed. Specifies where Microsoft Edge should download an extension from. If the extension is hosted in the Microsoft Edge Add-ons website, use this location: https://edge.microsoft.com/extensionwebstorebase/v1/crx.Microsoft Edge uses the URL that you specify for the initial extension installation. For subsequent extension updates, Microsoft Edge uses the URL in the extension’s manifest.
runtime_allowed_hosts Allows extensions to interact with specified websites, even if they’re also defined in runtime_blocked_hosts. You can specify up to 100 entries. Extra entries are discarded.The host pattern format is similar to match patterns except you can’t define the path. For example:- ://.example.com- ://example.—eTLD wildcards are supported
runtime_blocked_hosts Prevent extensions from interacting with or modifying websites that you specify. Modifications include blocking JavaScript injection, cookie access, and web-request modifications.You can specify up to 100 entries. Extra entries are discarded.The host pattern format is similar to match patterns except you can’t define the path. For example:- ://.example.com- ://example.—eTLD wildcards are supported
override_update_url Available from Microsoft Edge 93If this field is set to true, Microsoft Edge uses the update URL specified in the ExtensionSettings policy or in the ExtensionInstallForcelist policy, for subsequent extension updates.If this field isn’t set or is set to false, Microsoft Edge uses the URL specified in the extension’s manifest for updates.
toolbar_state Available from Microsoft Edge 94This policy setting lets you force show an installed extension to the toolbar. The default state is default_shown for all extensions. Following states are possible for this setting-force_shown: You can choose to force show an installed extension on the toolbar. Users will not be able to hide the specified extension icon from the toolbar.-default_hidden: In this state, extensions are hidden from the toolbar on installation. Users can show them on the toolbar, if needed.-default_shown: This is the default setting of all the installed extensions on the browser.

The following keys are allowed at the global scope (*):

  • blocked_permissions
  • installation_mode – only "blocked", "allowed", or "removed" are the valid values in this scope.
  • runtime_blocked_hosts
  • blocked_install_message
  • allowed_types
  • runtime_allowed_hosts
  • install_sources

The following keys are allowed at an individual extension scope:

  • blocked_permissions
  • minimum_version_required
  • blocked_install_message
  • installation_mode – "blocked", "allowed", "removed", "force_installed", and "normal_installed" are the possible values.
  • runtime_allowed_hosts
  • update_url
  • override_update_url
  • runtime_blocked_hosts
  • toolbar_state

The following keys are allowed at an update URL scope:

  • blocked_permissions
  • installation_mode – only "blocked", "allowed", or "removed" are the valid values in this scope.

Chrome browser on Windows (managed on premise)

Tags