Google Chrome has a built in policy management which allows you to black or white list URLs.
If you want to do that for your whole system, the approach is easy and can be done using the following article:
How to black/white list URLs in Chrome
If you want to do that by app it gets a bit trickier, since writing to the users policy hive is denied by the operating system.
In this case the following approach might help:
- Create a launch script with the following content:
if ($env:CHROME_WHITELIST -ne $null) {
Set-Location HKLM:
$path = "\Software\Policies\Google\Chrome"
New-Item -Path $path -Name URLAllowlist -Force
Set-ItemProperty -Path $path\URLAllowlist\ -Name "1" -Value “chrome://policy”
Set-ItemProperty -Path $path\URLAllowlist\ -Name "2" -Value $env:CHROME_WHITELIST
New-Item -Path $path -Name URLBlocklist -Force
Set-ItemProperty -Path $path\URLBlocklist\ -Name "1" -Value “*”
} else {
Remove-Item -Path $path
}
Start-Process -FilePath "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -ArgumentList "$env:CHROME_WHITELIST" -WindowStyle Maximized - Create the following two PowerTags on the App:
CHROME_WHITELIST=www.cameyo.com
!SANDBOX=REGISTRY\MACHINE\SOFTWARE\Policies\Google=isolatedThe !SANDBOX PowerTag will do a sandboxing of HKLM, so it is only visible/(writable) for that specific user
The CHROME_WHITELIST variable will set the entry in the whitelist and open that page in Chrome (if you have multiple entries, you have to iterate through it) - Start the script instead of Chrome.exe
SECURITY NOTICE: By sandboxing the registry, a user can theoretically get access to the HKLM\SOFTWARE\Policies\Google hive and change other Chrome policies. If you want to disable regedit.exe and cmd.exe, add the following PowerTag: !STOPFILES=regedit.exe,cmd.exe see: StopFiles: denying access to files or folders