============ Registry keys for Firefox - reg-ff.reg ==============
============ Registry keys for Chrome - reg-goo.reg ==============
You can dig and find lots of other registry keys that will influence the browser, but these 5 will nail most things in a hurry - which is the goal. You can also find more reg keys that will change the default browser, but these are the keys set by control panel (in Windows 7 anyway), so for me they're likely the safest keys - the ones that, for today at least, will be most likely to work most reliably for most environments.
So, what's the easiest way to push these settings out? There are a few ways to go. First, save the above into 3 different text based REG files
The easiest way in my book is to update everyone's startup - in a Group Policy, add the following to User Configuration / Windows Settings / Scripts (Logon/Logoff)
registry /s browser-chrome.reg (or whichever REG is your target).
The trick then is to get folks to logout and login - hopefully you are forcing folks to logout each day by setting a hard logout time (a good thing to consider if you're not doing that today), so if you get your change in before folks typically start, they'll get your update.
If you need to push this out with GPO in mid-stream, you can set registry keys directly in Group Policy, under GPO > User Configuration > Preferences > Windows Settings > Registry
Microsoft publishes a "right way" to set the default browser on a few different pages, but it typically involves importing settings from a known correct station ( http://social.technet.microsoft.com/Forums/windowsserver/en-US/e63fe81b-1ad8-4303-ad1d-e2f6e3d8cb0a/default-browser-via-group-policy ). This can be a problem if you've got multiple operating systems or want a more script-controlled approach.
There are certainly many other ways to push settings out using Group Policy (using ADM/ADMX files for instance), or by scripting using sysinternals or powershell commands. The sysinternals approach has a lot of appeal because many admins already have a sysinternals "go fix it" approach already in their toolbelt. Powershell appeals because it's the whiz-bang-shiny new tool, but lots of admins are still learning this language, so it might not fall into the "get it done quick" bucket so neatly. ADMs will absolutely do the job nicely - I didn't have the time to cobble together and ADM or ADMX file for this, but will give it a shot over the next few days (unless one of our readers beats me to it that is!)
Once set, each browser can be configured using group policy using a vendor-supplied or open-source ADM or ADMX file. Import the vendor file ADM(X) into GPO, and you'll be able to configure or restrict 3rd party browsers just as easily as you do IE.
This article was meant more as set of a "quick and dirty" ways to make this change for a large number of your user community in a hurry. If you've got a neat script or an ADM file that does this job in a more elegant way than I've described, please, share using our comment form!
Sep 1st 2014
3 years ago