Block Google Chrome Execution in Your Organization using Windows Registry key

Does your organization need to block the execution of Google Chrome? Perhaps for security reasons, compliance with internal policies, or to promote productivity?

This guide provides a simple and efficient method to disallow the running of Google Chrome on Windows machines, using PowerShell. Our approach is robust and doesn’t rely on the path, hash, or certificate of Chrome’s executable file. This ensures that the rule remains in effect even when Chrome is updated or moved to a different location on the system.

This tutorial uses a straightforward one-liner PowerShell command that creates a unique registry entry to block the execution of `chrome.exe`.

$guid = [guid]::NewGuid().Guid; New-Item -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\$guid" -Force; Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\$guid" -Name "ItemData" -Value "chrome.exe" -Force; Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\$guid" -Name "SaferFlags" -Value 0 -Force

This command generates a unique GUID for the registry entry, creates a new item at the designated path, sets the `ItemData` property to `chrome.exe`, and finally, sets the `SaferFlags` property to `0` (disallowed).

Remember to be cautious when making changes to the registry as incorrect changes can cause system instability. Always backup your system and registry before making any changes.

By following the above steps, you can ensure that Google Chrome cannot be run on the system, helping maintain your organization’s security and compliance standards.

Disclaimer: This blog post is intended for educational purposes only. Always test scripts and commands in a controlled environment before using them in production.