Skip to content
Permalink
Branch: master
Find file Copy path
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
6902 lines (6319 sloc) 341 KB
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>pfm_app_url</key>
<string>https://enterprise.google.com/chrome/chrome-browser/</string>
<key>pfm_description</key>
<string>Google Chrome Managed Settings</string>
<key>pfm_documentation_url</key>
<string>https://cloud.google.com/docs/chrome-enterprise/policies/</string>
<key>pfm_domain</key>
<string>com.google.Chrome</string>
<key>pfm_format_version</key>
<integer>3</integer>
<key>pfm_interaction</key>
<string>combined</string>
<key>pfm_last_modified</key>
<date>2019-12-10T11:34:00Z</date>
<key>pfm_name</key>
<string>Google_Chrome</string>
<key>pfm_platforms</key>
<array>
<string>macOS</string>
</array>
<key>pfm_subkeys</key>
<array>
<dict>
<key>pfm_default</key>
<string>Configures Google Chrome settings</string>
<key>pfm_description</key>
<string>Description of the payload.</string>
<key>pfm_description_reference</key>
<string>Optional. A human-readable description of this payload. This description is shown on the Detail screen.</string>
<key>pfm_name</key>
<string>PayloadDescription</string>
<key>pfm_title</key>
<string>Payload Description</string>
<key>pfm_type</key>
<string>string</string>
</dict>
<dict>
<key>pfm_default</key>
<string>Google Chrome</string>
<key>pfm_description</key>
<string>Name of the payload.</string>
<key>pfm_description_reference</key>
<string>A human-readable name for the profile payload. This name is displayed on the Detail screen. It does not have to be unique.</string>
<key>pfm_name</key>
<string>PayloadDisplayName</string>
<key>pfm_require</key>
<string>always</string>
<key>pfm_title</key>
<string>Payload Display Name</string>
<key>pfm_type</key>
<string>string</string>
</dict>
<dict>
<key>pfm_default</key>
<string>com.google.Chrome</string>
<key>pfm_description</key>
<string>A unique identifier for the payload, dot-delimited. Usually root PayloadIdentifier+subidentifier.</string>
<key>pfm_description_reference</key>
<string>A reverse-DNS-style identifier for the specific payload. It is usually the same identifier as the root-level PayloadIdentifier value with an additional component appended.</string>
<key>pfm_name</key>
<string>PayloadIdentifier</string>
<key>pfm_require</key>
<string>always</string>
<key>pfm_title</key>
<string>Payload Identifier</string>
<key>pfm_type</key>
<string>string</string>
</dict>
<dict>
<key>pfm_default</key>
<string>com.google.Chrome</string>
<key>pfm_description</key>
<string>The type of the payload, a reverse dns string.</string>
<key>pfm_description_reference</key>
<string>The payload type.</string>
<key>pfm_name</key>
<string>PayloadType</string>
<key>pfm_require</key>
<string>always</string>
<key>pfm_title</key>
<string>Payload Type</string>
<key>pfm_type</key>
<string>string</string>
</dict>
<dict>
<key>pfm_default</key>
<string></string>
<key>pfm_description</key>
<string>Unique identifier for the payload (format 01234567-89AB-CDEF-0123-456789ABCDEF).</string>
<key>pfm_description_reference</key>
<string>A globally unique identifier for the payload. The actual content is unimportant, but it must be globally unique. In macOS, you can use uuidgen to generate reasonable UUIDs.</string>
<key>pfm_format</key>
<string>^[0-9A-Za-z]{8}-[0-9A-Za-z]{4}-[0-9A-Za-z]{4}-[0-9A-Za-z]{4}-[0-9A-Za-z]{12}$</string>
<key>pfm_name</key>
<string>PayloadUUID</string>
<key>pfm_require</key>
<string>always</string>
<key>pfm_title</key>
<string>Payload UUID</string>
<key>pfm_type</key>
<string>string</string>
</dict>
<dict>
<key>pfm_default</key>
<integer>1</integer>
<key>pfm_description</key>
<string>The version of the whole configuration profile.</string>
<key>pfm_description_reference</key>
<string>The version number of the individual payload. A profile can consist of payloads with different version numbers. For example, changes to the VPN software in iOS might introduce a new payload version to support additional features, but Mail payload versions would not necessarily change in the same release.</string>
<key>pfm_name</key>
<string>PayloadVersion</string>
<key>pfm_require</key>
<string>always</string>
<key>pfm_title</key>
<string>Payload Version</string>
<key>pfm_type</key>
<string>integer</string>
</dict>
<dict>
<key>pfm_description</key>
<string>This value describes the issuing organization of the profile, as displayed to the user.</string>
<key>pfm_description_reference</key>
<string>Optional. A human-readable string containing the name of the organization that provided the profile. The payload organization for a payload need not match the payload organization in the enclosing profile.</string>
<key>pfm_name</key>
<string>PayloadOrganization</string>
<key>pfm_title</key>
<string>Payload Organization</string>
<key>pfm_type</key>
<string>string</string>
</dict>
<dict>
<key>pfm_name</key>
<string>PFC_SegmentedControl_0</string>
<key>pfm_range_list_titles</key>
<array>
<string>Content Settings</string>
<string>Default Search Provider</string>
<string>Extensions</string>
<string>Google Cast</string>
<string>HTTP Authentication</string>
<string>Legacy Browser Support</string>
<string>Misc.</string>
<string>Native Messaging</string>
<string>Password Manager</string>
<string>Printing</string>
<string>Proxy Server</string>
<string>Remote Access</string>
<string>Safe Browsing Settings</string>
<string>Startup, Home &amp; New Tab Page</string>
</array>
<key>pfm_require</key>
<string>always</string>
<key>pfm_segments</key>
<dict>
<key>Content Settings</key>
<array>
<string>PFC_SegmentedControl_ContentSettings</string>
<string>AutoSelectCertificateForUrls</string>
<string>AutoplayAllowed</string>
<string>BlockThirdPartyCookies</string>
<string>CookiesAllowedForUrls</string>
<string>CookiesBlockedForUrls</string>
<string>CookiesSessionOnlyForUrls</string>
<string>DefaultCookiesSetting</string>
<string>DefaultGeolocationSetting</string>
<string>DefaultImagesSetting</string>
<string>DefaultJavaScriptSetting</string>
<string>DefaultMediaStreamSetting</string>
<string>DefaultNotificationsSetting</string>
<string>DefaultPluginsSetting</string>
<string>DefaultPopupsSetting</string>
<string>DefaultWebBluetoothGuardSetting</string>
<string>DefaultWebUsbGuardSetting</string>
<string>ImagesAllowedForUrls</string>
<string>ImagesBlockedForUrls</string>
<string>JavaScriptAllowedForUrls</string>
<string>JavaScriptBlockedForUrls</string>
<string>NotificationsAllowedForUrls</string>
<string>NotificationsBlockedForUrls</string>
<string>PluginsAllowedForUrls</string>
<string>PluginsBlockedForUrls</string>
<string>PopupsAllowedForUrls</string>
<string>PopupsBlockedForUrls</string>
<string>RegisteredProtocolHandlers</string>
<string>WebDriverOverridesIncompatiblePolicies</string>
<string>WebUsbAllowDevicesForUrls</string>
<string>WebUsbAskForUrls</string>
<string>WebUsbBlockedForUrls</string>
</array>
<key>Default Search Provider</key>
<array>
<string>DefaultSearchProviderAlternateURLs</string>
<string>DefaultSearchProviderEnabled</string>
<string>DefaultSearchProviderEncodings</string>
<string>DefaultSearchProviderIconURL</string>
<string>DefaultSearchProviderImageURL</string>
<string>DefaultSearchProviderImageURLPostParams</string>
<string>DefaultSearchProviderKeyword</string>
<string>DefaultSearchProviderName</string>
<string>DefaultSearchProviderNewTabURL</string>
<string>DefaultSearchProviderSearchURL</string>
<string>DefaultSearchProviderSearchURLPostParams</string>
<string>DefaultSearchProviderSuggestURLPostParams</string>
<string>DefaultSearchProviderSuggestURL</string>
</array>
<key>Extensions</key>
<array>
<string>ExtensionAllowInsecureUpdates</string>
<string>ExtensionAllowedTypes</string>
<string>ExtensionInstallBlacklist</string>
<string>ExtensionInstallForcelist</string>
<string>ExtensionInstallSources</string>
<string>ExtensionInstallWhitelist</string>
<string>ExtensionSettings</string>
</array>
<key>Google Cast</key>
<array>
<string>EnableMediaRouter</string>
<string>ShowCastIconInToolbar</string>
</array>
<key>HTTP Authentication</key>
<array>
<string>AllowCrossOriginAuthPrompt</string>
<string>AuthNegotiateDelegateWhitelist</string>
<string>AuthSchemes</string>
<string>AuthServerWhitelist</string>
<string>DisableAuthNegotiateCnameLookup</string>
<string>EnableAuthNegotiatePort</string>
</array>
<key>Legacy Browser Support</key>
<array>
<string>AlternativeBrowserParameters</string>
<string>AlternativeBrowserPath</string>
<string>BrowserSwitcherDelay</string>
<string>BrowserSwitcherEnabled</string>
<string>BrowserSwitcherExternalGreylistUrl</string>
<string>BrowserSwitcherExternalSitelistUrl</string>
<string>BrowserSwitcherKeepLastChromeTab</string>
<string>BrowserSwitcherUrlGreylist</string>
<string>BrowserSwitcherUrlList</string>
</array>
<key>Misc.</key>
<array>
<string>AbusiveExperienceInterventionEnforce</string>
<string>AdsSettingForIntrusiveAdsSites</string>
<string>AllowDeletingBrowserHistory</string>
<string>AllowDinosaurEasterEgg</string>
<string>AllowFileSelectionDialogs</string>
<string>AllowOutdatedPlugins</string>
<string>AllowPopupsDuringPageUnload</string>
<string>AllowedDomainsForApps</string>
<string>AlternateErrorPagesEnabled</string>
<string>AlwaysOpenPdfExternally</string>
<string>AudioCaptureAllowed</string>
<string>AudioCaptureAllowedUrls</string>
<string>AutoFillEnabled</string>
<string>AutofillAddressEnabled</string>
<string>AutofillCreditCardEnabled</string>
<string>AutoplayWhitelist</string>
<string>BookmarkBarEnabled</string>
<string>BrowserAddPersonEnabled</string>
<string>BrowserGuestModeEnabled</string>
<string>BrowserGuestModeEnforced</string>
<string>BrowserNetworkTimeQueriesEnabled</string>
<string>BrowserSignin</string>
<string>BuiltInDnsClientEnabled</string>
<string>CertificateTransparencyEnforcementDisabledForCas</string>
<string>CertificateTransparencyEnforcementDisabledForLegacyCas</string>
<string>CertificateTransparencyEnforcementDisabledForUrls</string>
<string>CloudManagementEnrollmentMandatory</string>
<string>CloudManagementEnrollmentToken</string>
<string>CloudPolicyOverridesPlatformPolicy</string>
<string>CommandLineFlagSecurityWarningsEnabled</string>
<string>ComponentUpdatesEnabled</string>
<string>DefaultBrowserSettingEnabled</string>
<string>DefaultDownloadDirectory</string>
<string>DeveloperToolsAvailability</string>
<string>DeveloperToolsDisabled</string>
<string>Disable3DAPIs</string>
<string>DisableSafeBrowsingProceedAnyway</string>
<string>DisableScreenshots</string>
<string>DisabledPlugins</string>
<string>DisabledPluginsExceptions</string>
<string>DisabledSchemes</string>
<string>DiskCacheDir</string>
<string>DiskCacheSize</string>
<string>DownloadDirectory</string>
<string>DownloadRestrictions</string>
<string>EditBookmarksEnabled</string>
<string>EnableDeprecatedWebPlatformFeatures</string>
<string>EnableOnlineRevocationChecks</string>
<string>EnabledPlugins</string>
<string>EnterpriseHardwarePlatformAPIEnabled</string>
<string>ForceBrowserSignin</string>
<string>ForceEphemeralProfiles</string>
<string>ForceGoogleSafeSearch</string>
<string>ForceSafeSearch</string>
<string>ForceYouTubeRestrict</string>
<string>ForceYouTubeSafetyMode</string>
<string>HardwareAccelerationModeEnabled</string>
<string>HideWebStoreIcon</string>
<string>Http09OnNonDefaultPortsEnabled</string>
<string>ImportAutofillFormData</string>
<string>ImportBookmarks</string>
<string>ImportHistory</string>
<string>ImportHomepage</string>
<string>ImportSavedPasswords</string>
<string>ImportSearchEngine</string>
<string>IncognitoEnabled</string>
<string>IncognitoModeAvailability</string>
<string>IsolateOrigins</string>
<string>JavascriptEnabled</string>
<string>MachineLevelUserCloudPolicyEnrollmentToken</string>
<string>ManagedBookmarks</string>
<string>MaxConnectionsPerProxy</string>
<string>MaxInvalidationFetchDelay</string>
<string>MediaRouterCastAllowAllIPs</string>
<string>MetricsReportingEnabled</string>
<string>NetworkPredictionOptions</string>
<string>OverrideSecurityRestrictionsOnInsecureOrigin</string>
<string>PolicyDictionaryMultipleSourceMergeList</string>
<string>PolicyListMultipleSourceMergeList</string>
<string>PromotionalTabsEnabled</string>
<string>PromptForDownloadLocation</string>
<string>ProxySettings</string>
<string>QuicAllowed</string>
<string>RelaunchNotification</string>
<string>RelaunchNotificationPeriod</string>
<string>RestrictSigninToPattern</string>
<string>RunAllFlashInAllowMode</string>
<string>SSLErrorOverrideAllowed</string>
<string>SSLVersionMin</string>
<string>SafeSitesFilterBehavior</string>
<string>SavingBrowserHistoryDisabled</string>
<string>SearchSuggestEnabled</string>
<string>SecurityKeyPermitAttestation</string>
<string>ShowAppsShortcutInBookmarkBar</string>
<string>SignedHTTPExchangeEnabled</string>
<string>SigninAllowed</string>
<string>SitePerProcess</string>
<string>SpellCheckServiceEnabled</string>
<string>SpellcheckEnabled</string>
<string>SuppressUnsupportedOSWarning</string>
<string>SyncDisabled</string>
<string>TaskManagerEndProcessEnabled</string>
<string>TranslateEnabled</string>
<string>URLBlacklist</string>
<string>URLWhitelist</string>
<string>UnsafelyTreatInsecureOriginAsSecure</string>
<string>UrlKeyedAnonymizedDataCollectionEnabled</string>
<string>UserDataDir</string>
<string>UserFeedbackAllowed</string>
<string>VideoCaptureAllowed</string>
<string>VideoCaptureAllowedUrls</string>
<string>WPADQuickCheckEnabled</string>
<string>WebAppInstallForceList</string>
<string>WebDriverOverridesIncompatiblePolicies</string>
<string>WebRtcEventLogCollectionAllowed</string>
<string>WebRtcUdpPortRange</string>
</array>
<key>Native Messaging</key>
<array>
<string>NativeMessagingBlacklist</string>
<string>NativeMessagingUserLevelHosts</string>
<string>NativeMessagingWhitelist</string>
</array>
<key>Password Manager</key>
<array>
<string>PasswordManagerEnabled</string>
</array>
<key>Printing</key>
<array>
<string>CloudPrintProxyEnabled</string>
<string>CloudPrintSubmitEnabled</string>
<string>DefaultPrinterSelection</string>
<string>DisablePrintPreview</string>
<string>PrintHeaderFooter</string>
<string>PrintPreviewUseSystemDefaultPrinter</string>
<string>PrintingEnabled</string>
</array>
<key>Proxy Server</key>
<array>
<string>ProxyBypassList</string>
<string>ProxyMode</string>
<string>ProxyPacUrl</string>
<string>ProxyServer</string>
<string>ProxyServerMode</string>
</array>
<key>Remote Access</key>
<array>
<string>RemoteAccessHostAllowClientPairing</string>
<string>RemoteAccessHostAllowGnubbyAuth</string>
<string>RemoteAccessHostAllowRelayedConnection</string>
<string>RemoteAccessHostClientDomain</string>
<string>RemoteAccessHostClientDomainList</string>
<string>RemoteAccessHostDomain</string>
<string>RemoteAccessHostDomainList</string>
<string>RemoteAccessHostFirewallTraversal</string>
<string>RemoteAccessHostMatchUsername</string>
<string>RemoteAccessHostRequireCurtain</string>
<string>RemoteAccessHostTalkGadgetPrefix</string>
<string>RemoteAccessHostTokenUrl</string>
<string>RemoteAccessHostTokenValidationCertificateIssuer</string>
<string>RemoteAccessHostTokenValidationUrl</string>
<string>RemoteAccessHostUdpPortRange</string>
</array>
<key>Safe Browsing Settings</key>
<array>
<string>PasswordProtectionChangePasswordURL</string>
<string>PasswordProtectionLoginURLs</string>
<string>PasswordProtectionWarningTrigger</string>
<string>SafeBrowsingEnabled</string>
<string>SafeBrowsingExtendedReportingEnabled</string>
<string>SafeBrowsingExtendedReportingOptInAllowed</string>
<string>SafeBrowsingWhitelistDomains</string>
</array>
<key>Startup, Home &amp; New Tab Page</key>
<array>
<string>HomepageIsNewTabPage</string>
<string>HomepageLocation</string>
<string>NewTabPageLocation</string>
<string>RestoreOnStartup</string>
<string>RestoreOnStartupURLs</string>
<string>ShowHomeButton</string>
</array>
</dict>
<key>pfm_type</key>
<string>string</string>
</dict>
<dict>
<key>pfm_app_min</key>
<string>10</string>
<key>pfm_description</key>
<string>Allows you to set whether websites are allowed to set local data. Setting local data can be either allowed for all websites or denied for all websites.</string>
<key>pfm_description_reference</key>
<string>1 - Allow all sites to set local data
2 - Do not allow any site to set local data
4 - Keep cookies for the duration of the session
Allows you to set whether websites are allowed to set local data. Setting local data can be either allowed for all websites or denied for all websites.
If this policy is set to 'Keep cookies for the duration of the session' then cookies will be cleared when the session closes. Note that if Google Chrome is running in 'background mode', the session may not close when the last window is closed. Please see the 'BackgroundModeEnabled' policy for more information about configuring this behavior.
If this policy is left not set, 'AllowCookies' will be used and the user will be able to change it.</string>
<key>pfm_documentation_url</key>
<string>https://cloud.google.com/docs/chrome-enterprise/policies/?policy=DefaultCookiesSetting</string>
<key>pfm_name</key>
<string>DefaultCookiesSetting</string>
<key>pfm_range_list</key>
<array>
<integer>1</integer>
<integer>2</integer>
<integer>4</integer>
</array>
<key>pfm_range_list_titles</key>
<array>
<string>Allow all sites to set local data</string>
<string>Do not allow any site to set local data</string>
<string>Keep cookies for the duration of the session</string>
</array>
<key>pfm_title</key>
<string>Default cookies setting</string>
<key>pfm_type</key>
<string>integer</string>
</dict>
<dict>
<key>pfm_app_min</key>
<string>10</string>
<key>pfm_description</key>
<string>Enabling this setting prevents cookies from being set by web page elements that are not from the domain that is in the browser's address bar.</string>
<key>pfm_description_reference</key>
<string>Enabling this setting prevents cookies from being set by web page elements that are not from the domain that is in the browser's address bar.
Disabling this setting allows cookies to be set by web page elements that are not from the domain that is in the browser's address bar and prevents users from changing this setting.
If this policy is left not set, third party cookies will be enabled but the user will be able to change that.</string>
<key>pfm_documentation_url</key>
<string>https://cloud.google.com/docs/chrome-enterprise/policies/?policy=BlockThirdPartyCookies</string>
<key>pfm_name</key>
<string>BlockThirdPartyCookies</string>
<key>pfm_title</key>
<string>Block third party cookies</string>
<key>pfm_type</key>
<string>boolean</string>
</dict>
<dict>
<key>pfm_app_min</key>
<string>11</string>
<key>pfm_description</key>
<string>Allows you to set a list of url patterns that specify sites which are allowed to set cookies.</string>
<key>pfm_description_reference</key>
<string>Allows you to set a list of url patterns that specify sites which are allowed to set cookies.
If this policy is left not set the global default value will be used for all sites either from the 'DefaultCookiesSetting' policy if it is set, or the user's personal configuration otherwise.
See also policies 'CookiesBlockedForUrls' and 'CookiesSessionOnlyForUrls'. Note that there must be no conflicting URL patterns between these three policies - it is unspecified which policy takes precedence.</string>
<key>pfm_documentation_url</key>
<string>https://cloud.google.com/docs/chrome-enterprise/policies/?policy=CookiesAllowedForUrls</string>
<key>pfm_name</key>
<string>CookiesAllowedForUrls</string>
<key>pfm_subkeys</key>
<array>
<dict>
<key>pfm_type</key>
<string>string</string>
<key>pfm_value_placeholder</key>
<string>[*.]example.edu</string>
</dict>
</array>
<key>pfm_title</key>
<string>Allow cookies on these sites</string>
<key>pfm_type</key>
<string>array</string>
</dict>
<dict>
<key>pfm_app_min</key>
<string>11</string>
<key>pfm_description</key>
<string>Allows you to set a list of url patterns that specify sites which are not allowed to set cookies.</string>
<key>pfm_description_reference</key>
<string>Allows you to set a list of url patterns that specify sites which are not allowed to set cookies.
If this policy is left not set the global default value will be used for all sites either from the 'DefaultCookiesSetting' policy if it is set, or the user's personal configuration otherwise.
See also policies 'CookiesAllowedForUrls' and 'CookiesSessionOnlyForUrls'. Note that there must be no conflicting URL patterns between these three policies - it is unspecified which policy takes precedence.</string>
<key>pfm_documentation_url</key>
<string>https://cloud.google.com/docs/chrome-enterprise/policies/?policy=CookiesBlockedForUrls</string>
<key>pfm_name</key>
<string>CookiesBlockedForUrls</string>
<key>pfm_subkeys</key>
<array>
<dict>
<key>pfm_type</key>
<string>string</string>
<key>pfm_value_placeholder</key>
<string>[*.]example.edu</string>
</dict>
</array>
<key>pfm_title</key>
<string>Block cookies on these sites</string>
<key>pfm_type</key>
<string>array</string>
</dict>
<dict>
<key>pfm_app_min</key>
<string>11</string>
<key>pfm_description</key>
<string>Cookies set by pages matching these URL patterns will be limited to the current session, i.e. they will be deleted when the browser exits.</string>
<key>pfm_description_reference</key>
<string>Cookies set by pages matching these URL patterns will be limited to the current session, i.e. they will be deleted when the browser exits.
For URLs not covered by the patterns specified here, or for all URLs if this policy is not set, the global default value will be used either from the 'DefaultCookiesSetting' policy, if it is set, or the user's personal configuration otherwise.
Note that if Google Chrome is running in 'background mode', the session may not be closed when the last browser window is closed, but will instead stay active until the browser exits. Please see the 'BackgroundModeEnabled' policy for more information about configuring this behavior.
See also policies 'CookiesAllowedForUrls' and 'CookiesBlockedForUrls'. Note that there must be no conflicting URL patterns between these three policies - it is unspecified which policy takes precedence.
If the "RestoreOnStartup" policy is set to restore URLs from previous sessions this policy will not be respected and cookies will be stored permanently for those sites.</string>
<key>pfm_documentation_url</key>
<string>https://cloud.google.com/docs/chrome-enterprise/policies/?policy=CookiesSessionOnlyForUrls</string>
<key>pfm_name</key>
<string>CookiesSessionOnlyForUrls</string>
<key>pfm_subkeys</key>
<array>
<dict>
<key>pfm_type</key>
<string>string</string>
<key>pfm_value_placeholder</key>
<string>[*.]example.edu</string>
</dict>
</array>
<key>pfm_title</key>
<string>Limit cookies from matching URLs to the current session</string>
<key>pfm_type</key>
<string>array</string>
</dict>
<dict>
<key>pfm_app_min</key>
<string>10</string>
<key>pfm_description</key>
<string>Allows you to set whether websites are allowed to display images. Displaying images can be either allowed for all websites or denied for all websites.</string>
<key>pfm_description_reference</key>
<string>1 - Allow all sites to show all images
2 - Do not allow any site to show images
Allows you to set whether websites are allowed to display images. Displaying images can be either allowed for all websites or denied for all websites.
If this policy is left not set, 'AllowImages' will be used and the user will be able to change it.
Note that previously this policy was erroneously enabled on Android, but this functionality has never been fully supported on Android.</string>
<key>pfm_documentation_url</key>
<string>https://cloud.google.com/docs/chrome-enterprise/policies/?policy=DefaultImagesSetting</string>
<key>pfm_name</key>
<string>DefaultImagesSetting</string>
<key>pfm_range_list</key>
<array>
<integer>1</integer>
<integer>2</integer>
</array>
<key>pfm_range_list_titles</key>
<array>
<string>Allow all sites to show all images</string>
<string>Do not allow any site to show images</string>
</array>
<key>pfm_title</key>
<string>Default images setting</string>
<key>pfm_type</key>
<string>integer</string>
</dict>
<dict>
<key>pfm_app_min</key>
<string>10</string>
<key>pfm_description</key>
<string>Allows you to set whether websites are allowed to run JavaScript. Running JavaScript can be either allowed for all websites or denied for all websites.</string>
<key>pfm_description_reference</key>
<string>1 - Allow all sites to run JavaScript
2 - Do not allow any site to run JavaScript
Allows you to set whether websites are allowed to run JavaScript. Running JavaScript can be either allowed for all websites or denied for all websites.
If this policy is left not set, 'AllowJavaScript' will be used and the user will be able to change it.</string>
<key>pfm_documentation_url</key>
<string>https://cloud.google.com/docs/chrome-enterprise/policies/?policy=DefaultJavaScriptSetting</string>
<key>pfm_name</key>
<string>DefaultJavaScriptSetting</string>
<key>pfm_range_list</key>
<array>
<integer>1</integer>
<integer>2</integer>
</array>
<key>pfm_range_list_titles</key>
<array>
<string>Allow all sites to run JavaScript</string>
<string>Do not allow any site to run JavaScript</string>
</array>
<key>pfm_title</key>
<string>Default JavaScript setting</string>
<key>pfm_type</key>
<string>integer</string>
</dict>
<dict>
<key>pfm_app_min</key>
<string>10</string>
<key>pfm_description</key>
<string>Allows you to set whether websites are allowed to automatically run the Flash plugin. Automatically running the Flash plugin can be either allowed for all websites or denied for all websites.</string>
<key>pfm_description_reference</key>
<string>1 - Allow all sites to automatically run the Flash plugin
2 - Block the Flash plugin
3 - Click to play
Allows you to set whether websites are allowed to automatically run the Flash plugin. Automatically running the Flash plugin can be either allowed for all websites or denied for all websites.
Click to play allows the Flash plugin to run but the user must click on the placeholder to start its execution.
Automatic playback is only allowed for domains explictly listed in the PluginsAllowedForUrls policy. If you want to enabled automatic playback for all sites consider adding http://* and https://* to this list.
If this policy is left not set, the user will be able to change this setting manually.</string>
<key>pfm_documentation_url</key>
<string>https://cloud.google.com/docs/chrome-enterprise/policies/?policy=DefaultPluginsSetting</string>
<key>pfm_name</key>
<string>DefaultPluginsSetting</string>
<key>pfm_range_list</key>
<array>
<integer>1</integer>
<integer>2</integer>
<integer>3</integer>
</array>
<key>pfm_range_list_titles</key>
<array>
<string>Allow all sites to automatically run the Flash plugin</string>
<string>Block the Flash plugin</string>
<string>Click to play</string>
</array>
<key>pfm_title</key>
<string>Default Flash setting</string>
<key>pfm_type</key>
<string>integer</string>
</dict>
<dict>
<key>pfm_app_min</key>
<string>10</string>
<key>pfm_description</key>
<string>Allows you to set whether websites are allowed to show pop-ups. Showing popups can be either allowed for all websites or denied for all websites.</string>
<key>pfm_description_reference</key>
<string>1 - Allow all sites to show pop-ups
2 - Do not allow any site to show popups
Allows you to set whether websites are allowed to show pop-ups. Showing popups can be either allowed for all websites or denied for all websites.
If this policy is left not set, 'BlockPopups' will be used and the user will be able to change it.</string>
<key>pfm_documentation_url</key>
<string>https://cloud.google.com/docs/chrome-enterprise/policies/?policy=DefaultPopupsSetting</string>
<key>pfm_name</key>
<string>DefaultPopupsSetting</string>
<key>pfm_range_list</key>
<array>
<integer>1</integer>
<integer>2</integer>
</array>
<key>pfm_range_list_titles</key>
<array>
<string>Allow all sites to show pop-ups</string>
<string>Do not allow any site to show popups</string>
</array>
<key>pfm_title</key>
<string>Default popups setting</string>
<key>pfm_type</key>
<string>integer</string>
</dict>
<dict>
<key>pfm_app_min</key>
<string>50</string>
<key>pfm_description</key>
<string>Allows you to set whether websites are allowed to get access to nearby Bluetooth devices. Access can be completely blocked, or the user can be asked every time a website wants to get access to nearby Bluetooth devices.</string>
<key>pfm_description_reference</key>
<string>2 - Do not allow any site to request access to Bluetooth devices via the Web Bluetooth API
3 - Allow sites to ask the user to grant access to a nearby Bluetooth device
Allows you to set whether websites are allowed to get access to nearby Bluetooth devices. Access can be completely blocked, or the user can be asked every time a website wants to get access to nearby Bluetooth devices.
If this policy is left not set, '3' will be used, and the user will be able to change it.</string>
<key>pfm_documentation_url</key>
<string>https://cloud.google.com/docs/chrome-enterprise/policies/?policy=DefaultWebBluetoothGuardSetting</string>
<key>pfm_name</key>
<string>DefaultWebBluetoothGuardSetting</string>
<key>pfm_range_list</key>
<array>
<integer>2</integer>
<integer>3</integer>
</array>
<key>pfm_range_list_titles</key>
<array>
<string>Do not allow any site to request access to Bluetooth devices via the Web Bluetooth API</string>
<string>Allow sites to ask the user to grant access to a nearby Bluetooth device</string>
</array>
<key>pfm_title</key>
<string>Control use of the Web Bluetooth API</string>
<key>pfm_type</key>
<string>integer</string>
</dict>
<dict>
<key>pfm_app_min</key>
<string>67</string>
<key>pfm_description</key>
<string>Allows you to set whether websites are allowed to get access to connected USB devices. Access can be completely blocked, or the user can be asked every time a website wants to get access to connected USB devices.</string>
<key>pfm_description_reference</key>
<string>2 - Do not allow any site to request access to USB devices via the WebUSB API
3 - Allow sites to ask the user to grant access to a connected USB device
Allows you to set whether websites are allowed to get access to connected USB devices. Access can be completely blocked, or the user can be asked every time a website wants to get access to connected USB devices.
This policy can be overridden for specific URL patterns using the 'WebUsbAskForUrls' and 'WebUsbBlockedForUrls' policies.
If this policy is left not set, '3' will be used, and the user will be able to change it.</string>
<key>pfm_documentation_url</key>
<string>https://cloud.google.com/docs/chrome-enterprise/policies/?policy=DefaultWebUsbGuardSetting</string>
<key>pfm_name</key>
<string>DefaultWebUsbGuardSetting</string>
<key>pfm_range_list</key>
<array>
<integer>2</integer>
<integer>3</integer>
</array>
<key>pfm_range_list_titles</key>
<array>
<string>Do not allow any site to request access to USB devices via the WebUSB API</string>
<string>Allow sites to ask the user to grant access to a connected USB device</string>
</array>
<key>pfm_title</key>
<string>Control use of the WebUSB API</string>
<key>pfm_type</key>
<string>integer</string>
</dict>
<dict>
<key>pfm_app_min</key>
<string>11</string>
<key>pfm_description</key>
<string>Allows you to set a list of url patterns that specify sites which are allowed to display images.</string>
<key>pfm_description_reference</key>
<string>Allows you to set a list of url patterns that specify sites which are allowed to display images.
If this policy is left not set the global default value will be used for all sites either from the 'DefaultImagesSetting' policy if it is set, or the user's personal configuration otherwise.
Note that previously this policy was erroneously enabled on Android, but this functionality has never been fully supported on Android.</string>
<key>pfm_documentation_url</key>
<string>https://cloud.google.com/docs/chrome-enterprise/policies/?policy=ImagesAllowedForUrls</string>
<key>pfm_name</key>
<string>ImagesAllowedForUrls</string>
<key>pfm_subkeys</key>
<array>
<dict>
<key>pfm_type</key>
<string>string</string>
<key>pfm_value_placeholder</key>
<string>[*.]example.edu</string>
</dict>
</array>
<key>pfm_title</key>
<string>Allow images on these sites</string>
<key>pfm_type</key>
<string>array</string>
</dict>
<dict>
<key>pfm_app_min</key>
<string>11</string>
<key>pfm_description</key>
<string>Allows you to set a list of url patterns that specify sites which are not allowed to display images.</string>
<key>pfm_description_reference</key>
<string>Allows you to set a list of url patterns that specify sites which are not allowed to display images.
If this policy is left not set the global default value will be used for all sites either from the 'DefaultImagesSetting' policy if it is set, or the user's personal configuration otherwise.
Note that previously this policy was erroneously enabled on Android, but this functionality has never been fully supported on Android.</string>
<key>pfm_documentation_url</key>
<string>https://cloud.google.com/docs/chrome-enterprise/policies/?policy=ImagesBlockedForUrls</string>
<key>pfm_name</key>
<string>ImagesBlockedForUrls</string>
<key>pfm_subkeys</key>
<array>
<dict>
<key>pfm_type</key>
<string>string</string>
<key>pfm_value_placeholder</key>
<string>[*.]example.edu</string>
</dict>
</array>
<key>pfm_title</key>
<string>Block images on these sites</string>
<key>pfm_type</key>
<string>array</string>
</dict>
<dict>
<key>pfm_app_min</key>
<string>11</string>
<key>pfm_description</key>
<string>Allows you to set a list of url patterns that specify sites which are allowed to run JavaScript.</string>
<key>pfm_description_reference</key>
<string>Allows you to set a list of url patterns that specify sites which are allowed to run JavaScript.
If this policy is left not set the global default value will be used for all sites either from the 'DefaultJavaScriptSetting' policy if it is set, or the user's personal configuration otherwise.</string>
<key>pfm_documentation_url</key>
<string>https://cloud.google.com/docs/chrome-enterprise/policies/?policy=JavaScriptAllowedForUrls</string>
<key>pfm_name</key>
<string>JavaScriptAllowedForUrls</string>
<key>pfm_subkeys</key>
<array>
<dict>
<key>pfm_type</key>
<string>string</string>
<key>pfm_value_placeholder</key>
<string>[*.]example.edu</string>
</dict>
</array>
<key>pfm_title</key>
<string>Allow JavaScript on these sites</string>
<key>pfm_type</key>
<string>array</string>
</dict>
<dict>
<key>pfm_app_min</key>
<string>11</string>
<key>pfm_description</key>
<string>Allows you to set a list of url patterns that specify sites which are not allowed to run JavaScript.</string>
<key>pfm_description_reference</key>
<string>Allows you to set a list of url patterns that specify sites which are not allowed to run JavaScript.
If this policy is left not set the global default value will be used for all sites either from the 'DefaultJavaScriptSetting' policy if it is set, or the user's personal configuration otherwise.</string>
<key>pfm_documentation_url</key>
<string>https://cloud.google.com/docs/chrome-enterprise/policies/?policy=JavaScriptBlockedForUrls</string>
<key>pfm_name</key>
<string>JavaScriptBlockedForUrls</string>
<key>pfm_subkeys</key>
<array>
<dict>
<key>pfm_type</key>
<string>string</string>
<key>pfm_value_placeholder</key>
<string>[*.]example.edu</string>
</dict>
</array>
<key>pfm_title</key>
<string>Block JavaScript on these sites</string>
<key>pfm_type</key>
<string>array</string>
</dict>
<dict>
<key>pfm_app_min</key>
<string>11</string>
<key>pfm_description</key>
<string>Allows you to set a list of url patterns that specify sites which are allowed to run the Flash plugin.</string>
<key>pfm_description_reference</key>
<string>Allows you to set a list of url patterns that specify sites which are allowed to run the Flash plugin.
If this policy is left not set the global default value will be used for all sites either from the 'DefaultPluginsSetting' policy if it is set, or the user's personal configuration otherwise.</string>
<key>pfm_documentation_url</key>
<string>https://cloud.google.com/docs/chrome-enterprise/policies/?policy=PluginsAllowedForUrls</string>
<key>pfm_name</key>
<string>PluginsAllowedForUrls</string>
<key>pfm_subkeys</key>
<array>
<dict>
<key>pfm_type</key>
<string>string</string>
<key>pfm_value_placeholder</key>
<string>[*.]example.edu</string>
</dict>
</array>
<key>pfm_title</key>
<string>Allow the Flash plugin on these sites</string>
<key>pfm_type</key>
<string>array</string>
</dict>
<dict>
<key>pfm_app_min</key>
<string>11</string>
<key>pfm_description</key>
<string>Allows you to set a list of url patterns that specify sites which are not allowed to run the Flash plugin.</string>
<key>pfm_description_reference</key>
<string>Allows you to set a list of url patterns that specify sites which are not allowed to run the Flash plugin.
If this policy is left not set the global default value will be used for all sites either from the 'DefaultPluginsSetting' policy if it is set, or the user's personal configuration otherwise.</string>
<key>pfm_documentation_url</key>
<string>https://cloud.google.com/docs/chrome-enterprise/policies/?policy=PluginsBlockedForUrls</string>
<key>pfm_name</key>
<string>PluginsBlockedForUrls</string>
<key>pfm_subkeys</key>
<array>
<dict>
<key>pfm_type</key>
<string>string</string>
<key>pfm_value_placeholder</key>
<string>[*.]example.edu</string>
</dict>
</array>
<key>pfm_title</key>
<string>Block the Flash plugin on these sites</string>
<key>pfm_type</key>
<string>array</string>
</dict>
<dict>
<key>pfm_app_min</key>
<string>11</string>
<key>pfm_description</key>
<string>Allows you to set a list of url patterns that specify sites which are allowed to open popups.</string>
<key>pfm_description_reference</key>
<string>Allows you to set a list of url patterns that specify sites which are allowed to open popups.
If this policy is left not set the global default value will be used for all sites either from the 'DefaultPopupsSetting' policy if it is set, or the user's personal configuration otherwise.</string>
<key>pfm_documentation_url</key>
<string>https://cloud.google.com/docs/chrome-enterprise/policies/?policy=PopupsAllowedForUrls</string>
<key>pfm_name</key>
<string>PopupsAllowedForUrls</string>
<key>pfm_subkeys</key>
<array>
<dict>
<key>pfm_type</key>
<string>string</string>
<key>pfm_value_placeholder</key>
<string>[*.]example.edu</string>
</dict>
</array>
<key>pfm_title</key>
<string>Allow popups on these sites</string>
<key>pfm_type</key>
<string>array</string>
</dict>
<dict>
<key>pfm_app_min</key>
<string>11</string>
<key>pfm_description</key>
<string>Allows you to set a list of url patterns that specify sites which are not allowed to open popups.</string>
<key>pfm_description_reference</key>
<string>Allows you to set a list of url patterns that specify sites which are not allowed to open popups.
If this policy is left not set the global default value will be used for all sites either from the 'DefaultPopupsSetting' policy if it is set, or the user's personal configuration otherwise.</string>
<key>pfm_documentation_url</key>
<string>https://cloud.google.com/docs/chrome-enterprise/policies/?policy=PopupsBlockedForUrls</string>
<key>pfm_name</key>
<string>PopupsBlockedForUrls</string>
<key>pfm_subkeys</key>
<array>
<dict>
<key>pfm_type</key>
<string>string</string>
<key>pfm_value_placeholder</key>
<string>[*.]example.edu</string>
</dict>
</array>
<key>pfm_title</key>
<string>Block popups on these sites</string>
<key>pfm_type</key>
<string>array</string>
</dict>
<dict>
<key>pfm_app_min</key>
<string>15</string>
<key>pfm_description</key>
<string>Allows you to specify a list of url patterns that specify sites for which Google Chrome should automatically select a client certificate, if the site requests a certificate.</string>
<key>pfm_description_reference</key>
<string>Allows you to specify a list of url patterns that specify sites for which Google Chrome should automatically select a client certificate, if the site requests a certificate.
The value must be an array of stringified JSON dictionaries. Each dictionary must have the form { "pattern": "$URL_PATTERN", "filter" : $FILTER }, where $URL_PATTERN is a content setting pattern. $FILTER restricts from which client certificates the browser will automatically select. Independent of the filter, only certificates will be selected that match the server's certificate request. If $FILTER has the form { "ISSUER": { "CN": "$ISSUER_CN" } }, additionally only client certificates are selected that are issued by a certificate with the CommonName $ISSUER_CN. If $FILTER is the empty dictionary {}, the selection of client certificates is not additionally restricted.
If this policy is left not set, no auto-selection will be done for any site.</string>
<key>pfm_documentation_url</key>
<string>https://cloud.google.com/docs/chrome-enterprise/policies/?policy=AutoSelectCertificateForUrls</string>
<key>pfm_name</key>
<string>AutoSelectCertificateForUrls</string>
<key>pfm_note</key>
<string>The value must be an array of stringified JSON dictionaries. Each dictionary must have the form { "pattern": "$URL_PATTERN", "filter" : $FILTER }, where $URL_PATTERN is a content setting pattern. $FILTER restricts from which client certificates the browser will automatically select. Independent of the filter, only certificates will be selected that match the server's certificate request. If $FILTER has the form { "ISSUER": { "CN": "$ISSUER_CN" } }, additionally only client certificates are selected that are issued by a certificate with the CommonName $ISSUER_CN. If $FILTER is the empty dictionary {}, the selection of client certificates is not additionally restricted.</string>
<key>pfm_subkeys</key>
<array>
<dict>
<key>pfm_type</key>
<string>string</string>
<key>pfm_value_placeholder</key>
<string>{"pattern":"https://www.example.com","filter":{"ISSUER":{"CN":"certificate issuer name", "L": "certificate issuer location", "O": "certificate issuer org", "OU": "certificate issuer org unit"}, "SUBJECT":{"CN":"certificate subject name", "L": "certificate subject location", "O": "certificate subject org", "OU": "certificate subject org unit"}}}</string>
</dict>
</array>
<key>pfm_title</key>
<string>Automatically select client certificates for these sites</string>
<key>pfm_type</key>
<string>array</string>
</dict>
<dict>
<key>pfm_app_min</key>
<string>10</string>
<key>pfm_description</key>
<string>Allows you to set whether websites are allowed to track the users' physical location. Tracking the users' physical location can be allowed by default, denied by default or the user can be asked every time a website requests the physical location.</string>
<key>pfm_description_reference</key>
<string>1 - Allow sites to track the users' physical location
2 - Do not allow any site to track the users' physical location
3 - Ask whenever a site wants to track the users' physical location
Allows you to set whether websites are allowed to track the users' physical location. Tracking the users' physical location can be allowed by default, denied by default or the user can be asked every time a website requests the physical location.
If this policy is left not set, 'AskGeolocation' will be used and the user will be able to change it.</string>
<key>pfm_documentation_url</key>
<string>https://cloud.google.com/docs/chrome-enterprise/policies/?policy=DefaultGeolocationSetting</string>
<key>pfm_name</key>
<string>DefaultGeolocationSetting</string>
<key>pfm_range_list</key>
<array>
<integer>1</integer>
<integer>2</integer>
<integer>3</integer>
</array>
<key>pfm_range_list_titles</key>
<array>
<string>Allow sites to track the users' physical location</string>
<string>Do not allow any site to track the users' physical location</string>
<string>Ask whenever a site wants to track the users' physical location</string>
</array>
<key>pfm_title</key>
<string>Default geolocation setting</string>
<key>pfm_type</key>
<string>integer</string>
</dict>
<dict>
<key>pfm_app_deprecated</key>
<string>25</string>
<key>pfm_app_min</key>
<string>22</string>
<key>pfm_description</key>
<string>Allows you to set whether websites are allowed to get access to media capture devices. Access to media capture devices can be allowed by default, or the user can be asked every time a website wants to get access to media capture devices. - Documentation doesn't indicate when this was deprecated, but AudioCaptureAllowed was added in M25, so making an assumption.</string>
<key>pfm_description_reference</key>
<string>Allows you to set whether websites are allowed to get access to media capture devices. Access to media capture devices can be allowed by default, or the user can be asked every time a website wants to get access to media capture devices.
If this policy is left not set, 'PromptOnAccess' will be used and the user will be able to change it.
2 = Do not allow any site to access the camera and microphone
3 = Ask every time a site wants to access the camera and/or microphone</string>
<key>pfm_documentation_url</key>
<string>https://cloud.google.com/docs/chrome-enterprise/policies/?policy=DefaultMediaStreamSetting</string>
<key>pfm_name</key>
<string>DefaultMediaStreamSetting</string>
<key>pfm_range_list</key>
<array>
<integer>2</integer>
<integer>3</integer>
</array>
<key>pfm_range_list_titles</key>
<array>
<string>Do not allow any site to access the camera and microphone</string>
<string>Ask every time a site wants to access the camera and/or microphone</string>
</array>
<key>pfm_title</key>
<string>Default mediastream setting</string>
<key>pfm_type</key>
<string>integer</string>
</dict>
<dict>
<key>pfm_app_min</key>
<string>37</string>
<key>pfm_description</key>
<string>Allows you to register a list of protocol handlers. This can only be a recommended policy. The property |protocol| should be set to the scheme such as 'mailto' and the property |url| should be set to the URL pattern of the application that handles the scheme. The pattern can include a '%s', which if present will be replaced by the handled URL.</string>
<key>pfm_description_reference</key>
<string>Allows you to register a list of protocol handlers. This can only be a recommended policy. The property |protocol| should be set to the scheme such as 'mailto' and the property |url| should be set to the URL pattern of the application that handles the scheme. The pattern can include a '%s', which if present will be replaced by the handled URL.
The protocol handlers registered by policy are merged with the ones registered by the user and both are available for use. The user can override the protocol handlers installed by policy by installing a new default handler, but cannot remove a protocol handler registered by policy.</string>
<key>pfm_documentation_url</key>
<string>https://cloud.google.com/docs/chrome-enterprise/policies/?policy=RegisteredProtocolHandlers</string>
<key>pfm_name</key>
<string>RegisteredProtocolHandlers</string>
<key>pfm_subkeys</key>
<array>
<dict>
<key>pfm_name</key>
<string>RegisteredProtocolDictionary</string>
<key>pfm_subkeys</key>
<array>
<dict>
<key>pfm_default</key>
<true/>
<key>pfm_name</key>
<string>default</string>
<key>pfm_type</key>
<string>boolean</string>
</dict>
<dict>
<key>pfm_name</key>
<string>protocol</string>
<key>pfm_type</key>
<string>string</string>
<key>pfm_value_placeholder</key>
<string>ex. mailto</string>
</dict>
<dict>
<key>pfm_name</key>
<string>url</string>
<key>pfm_type</key>
<string>string</string>
<key>pfm_value_placeholder</key>
<string>ex. https://mail.google.com/mail/?extsrc=mailto&amp;url=%s</string>
</dict>
</array>
<key>pfm_type</key>
<string>dictionary</string>
</dict>
</array>
<key>pfm_title</key>
<string>Register protocol handlers</string>
<key>pfm_type</key>
<string>array</string>
</dict>
<!-- <dict>
<key>pfm_app_min</key>
<string>74</string>
<key>pfm_description</key>
<string>Allows you to set a list of urls that specify which sites will automatically be granted permission to access a USB device with the given vendor and product IDs.</string>
<key>pfm_description_reference</key>
<string>Allows you to set a list of urls that specify which sites will automatically be granted permission to access a USB device with the given vendor and product IDs. Each item in the list must contain both devices and urls in order for the policy to be valid. Each item in devices can contain a vendor ID and product ID field. Any ID that is omitted is treated as a wildcard with one exception, and that exception is that a product ID cannot be specified without a vendor ID also being specified. Otherwise, the policy will not be valid and will be ignored.
The USB permission model uses the URL of the requesting site ("requesting URL") and the URL of the top-level frame site ("embedding URL") to grant permission to the requesting URL to access the USB device. The requesting URL may be different than the embedding URL when the requesting site is loaded in an iframe. Therefore, the "urls" field can contain up to two URL strings delimited by a comma to specify the requesting and embedding URL respectively. If only one URL is specified, then access to the corresponding USB devices will be granted when the requesting site's URL matches this URL regardless of embedding status. The URLs in "urls" must be valid URLs, otherwise the policy will be ignored.
If this policy is left not set, the global default value will be used for all sites either from the 'DefaultWebUsbGuardSetting' policy if it is set, or the user's personal configuration otherwise.
URL patterns in this policy should not clash with the ones configured via WebUsbBlockedForUrls. If there is a clash, this policy will take precedence over WebUsbBlockedForUrls and WebUsbAskForUrls.</string>
<key>pfm_documentation_url</key>
<string>https://cloud.google.com/docs/chrome-enterprise/policies/?policy=WebUsbAllowDevicesForUrls</string>
<key>pfm_name</key>
<string>WebUsbAllowDevicesForUrls</string>
<key>pfm_note</key>
<string>Each item in devices can contain a vendor ID and product ID field. Any ID that is omitted is treated as a wildcard with one exception, and that exception is that a product ID cannot be specified without a vendor ID also being specified. Otherwise, the policy will not be valid and will be ignored.</string>
<key>pfm_subkeys</key>
<array>
<dict>
<key>pfm_name</key>
<string>urls</string>
<key>pfm_subkeys</key>
<array>
<dict>
<key>pfm_format</key>
<string>https?://.*</string>
<key>pfm_type</key>
<string>string</string>
</dict>
</array>
<key>pfm_title</key>
<string>URLs</string>
<key>pfm_type</key>
<string>array</string>
</dict>
<dict>
<key>pfm_name</key>
<string>devices</string>
<key>pfm_subkeys</key>
<array>
<dict>
<key>pfm_name</key>
<string>product_id</string>
<key>pfm_type</key>
<string>integer</string>
</dict>
<dict>
<key>pfm_name</key>
<string>vendor_id</string>
<key>pfm_type</key>
<string>integer</string>
</dict>
</array>
<key>pfm_title</key>
<string>Devices</string>
<key>pfm_type</key>
<string>dictionary</string>
</dict>
</array>
<key>pfm_title</key>
<string>Automatically grant permission to these sites to connect to USB devices with the given vendor and product IDs</string>
<key>pfm_type</key>
<string>dictionary</string>
</dict> -->
<dict>
<key>pfm_app_min</key>
<string>66</string>
<key>pfm_description</key>
<string>Allows you to control if videos can play automatically (without user consent) with audio content in Google Chrome.</string>
<key>pfm_description_reference</key>
<string>Allows you to control if videos can play automatically (without user consent) with audio content in Google Chrome.
If the policy is set to True, Google Chrome is allowed to autoplay media.
If the policy is set to False, Google Chrome is not allowed to autoplay media. The AutoplayWhitelist policy can be used to override this for certain URL patterns.
By default, Google Chrome is not allowed to autoplay media. The AutoplayWhitelist policy can be used to override this for certain URL patterns.
Note that if Google Chrome is running and this policy changes, it will be applied only to new opened tabs. Therefore some tabs might still observe the previous behavior.</string>
<key>pfm_documentation_url</key>
<string>https://cloud.google.com/docs/chrome-enterprise/policies/?policy=AutoplayAllowed</string>
<key>pfm_name</key>
<string>AutoplayAllowed</string>
<key>pfm_title</key>
<string>Allow media autoplay</string>
<key>pfm_type</key>
<string>boolean</string>
</dict>
<dict>
<key>pfm_app_min</key>
<string>66</string>
<key>pfm_description</key>
<string>Controls the whitelist of URL patterns that autoplay will always be enabled on.</string>
<key>pfm_description_reference</key>
<string>Controls the whitelist of URL patterns that autoplay will always be enabled on.
If autoplay is enabled then videos can play automatically (without user consent) with audio content in Google Chrome.
A URL pattern has to be formatted according to https://www.chromium.org/administrators/url-blacklist-filter-format.
If the AutoplayAllowed policy is set to True then this policy will have no effect.
If the AutoplayAllowed policy is set to False then any URL patterns set in this policy will still be allowed to play.
Note that if Google Chrome is running and this policy changes, it will be applied only to new opened tabs. Therefore some tabs might still observe the previous behavior.</string>
<key>pfm_documentation_url</key>
<string>https://cloud.google.com/docs/chrome-enterprise/policies/?policy=AutoplayWhitelist</string>
<key>pfm_name</key>
<string>AutoplayWhitelist</string>
<key>pfm_subkeys</key>
<array>
<dict>
<key>pfm_type</key>
<string>string</string>
<key>pfm_value_placeholder</key>
<string>[*.]example.edu</string>
</dict>
</array>
<key>pfm_title</key>
<string>Allow media autoplay on a whitelist of URL patterns</string>
<key>pfm_type</key>
<string>array</string>
</dict>
<dict>
<key>pfm_app_min</key>
<string>10</string>
<key>pfm_description</key>
<string>Allows you to set whether websites are allowed to display desktop notifications. Displaying desktop notifications can be allowed by default, denied by default or the user can be asked every time a website wants to show desktop notifications.</string>
<key>pfm_description_reference</key>
<string>1 - Allow sites to show desktop notifications
2 - Do not allow any site to show desktop notifications
3 - Ask every time a site wants to show desktop notifications
Allows you to set whether websites are allowed to display desktop notifications. Displaying desktop notifications can be allowed by default, denied by default or the user can be asked every time a website wants to show desktop notifications.
If this policy is left not set, 'AskNotifications' will be used and the user will be able to change it.</string>
<key>pfm_documentation_url</key>
<string>https://cloud.google.com/docs/chrome-enterprise/policies/?policy=DefaultNotificationsSetting</string>
<key>pfm_name</key>
<string>DefaultNotificationsSetting</string>
<key>pfm_range_list</key>
<array>
<integer>1</integer>
<integer>2</integer>
<integer>3</integer>
</array>
<key>pfm_range_list_titles</key>
<array>
<string>Allow sites to show desktop notifications</string>
<string>Do not allow any site to show desktop notifications</string>
<string>Ask every time a site wants to show desktop notifications</string>
</array>
<key>pfm_title</key>
<string>Default notification setting</string>
<key>pfm_type</key>
<string>integer</string>
</dict>
<dict>
<key>pfm_app_min</key>
<string>16</string>
<key>pfm_description</key>
<string>Allows you to set a list of url patterns that specify sites which are allowed to display notifications.</string>
<key>pfm_description_reference</key>
<string>Allows you to set a list of url patterns that specify sites which are allowed to display notifications.
If this policy is left not set the global default value will be used for all sites either from the 'DefaultNotificationsSetting' policy if it is set, or the user's personal configuration otherwise.</string>
<key>pfm_documentation_url</key>
<string>https://cloud.google.com/docs/chrome-enterprise/policies/?policy=NotificationsAllowedForUrls</string>
<key>pfm_name</key>
<string>NotificationsAllowedForUrls</string>
<key>pfm_subkeys</key>
<array>
<dict>
<key>pfm_type</key>
<string>string</string>
<key>pfm_value_placeholder</key>
<string>[*.]example.edu</string>
</dict>
</array>
<key>pfm_title</key>
<string>Allow notifications on these sites</string>
<key>pfm_type</key>
<string>array</string>
</dict>
<dict>
<key>pfm_app_min</key>
<string>16</string>
<key>pfm_description</key>
<string>Allows you to set a list of url patterns that specify sites which are not allowed to display notifications.</string>
<key>pfm_description_reference</key>
<string>Allows you to set a list of url patterns that specify sites which are not allowed to display notifications.
If this policy is left not set the global default value will be used for all sites either from the 'DefaultNotificationsSetting' policy if it is set, or the user's personal configuration otherwise.</string>
<key>pfm_documentation_url</key>
<string>https://cloud.google.com/docs/chrome-enterprise/policies/?policy=NotificationsBlockedForUrls</string>
<key>pfm_name</key>
<string>NotificationsBlockedForUrls</string>
<key>pfm_subkeys</key>
<array>
<dict>
<key>pfm_type</key>
<string>string</string>
<key>pfm_value_placeholder</key>
<string>[*.]example.edu</string>
</dict>
</array>
<key>pfm_title</key>
<string>Block notifications on these sites</string>
<key>pfm_type</key>
<string>array</string>
</dict>
<!-- START ContentSettings/DefaultSearchProvider -->
<dict>
<key>pfm_app_min</key>
<string>24</string>
<key>pfm_description</key>
<string>Specifies a list of alternate URLs that can be used to extract search terms from the search engine. The URLs should contain the string '{searchTerms}', which will be used to extract the search terms.</string>
<key>pfm_description_reference</key>
<string>Specifies a list of alternate URLs that can be used to extract search terms from the search engine. The URLs should contain the string '{searchTerms}', which will be used to extract the search terms.
This policy is optional. If not set, no alternate urls will be used to extract search terms.
This policy is only respected if the 'DefaultSearchProviderEnabled' policy is enabled.</string>
<key>pfm_documentation_url</key>
<string>https://cloud.google.com/docs/chrome-enterprise/policies/?policy=DefaultSearchProviderAlternateURLs</string>
<key>pfm_name</key>
<string>DefaultSearchProviderAlternateURLs</string>
<key>pfm_subkeys</key>
<array>
<dict>
<key>pfm_type</key>
<string>string</string>
<key>pfm_value_placeholder</key>
<string>https://search.my.company/suggest/search#q={searchTerms}</string>
</dict>
</array>
<key>pfm_title</key>
<string>List of alternate URLs for the default search provider</string>
<key>pfm_type</key>
<string>array</string>
</dict>
<dict>
<key>pfm_app_min</key>
<string>8</string>
<key>pfm_description</key>
<string>Enables the use of a default search provider.</string>
<key>pfm_description_reference</key>
<string>Enables the use of a default search provider.
If you enable this setting, a default search is performed when the user types text in the omnibox that is not a URL.
You can specify the default search provider to be used by setting the rest of the default search policies. If these are left empty, the user can choose the default provider.
If you disable this setting, no search is performed when the user enters non-URL text in the omnibox.
If you enable or disable this setting, users cannot change or override this setting in Google Chrome.
If this policy is left not set, the default search provider is enabled, and the user will be able to set the search provider list.
This policy is not available on Windows instances that are not joined
to a Microsoft® Active Directory® domain.</string>
<key>pfm_documentation_url</key>
<string>https://cloud.google.com/docs/chrome-enterprise/policies/?policy=DefaultSearchProviderEnabled</string>
<key>pfm_name</key>
<string>DefaultSearchProviderEnabled</string>
<key>pfm_title</key>
<string>Enable the default search provider</string>
<key>pfm_type</key>
<string>boolean</string>
</dict>
<dict>
<key>pfm_app_min</key>
<string>8</string>
<key>pfm_description</key>
<string>Specifies the character encodings supported by the search provider. Encodings are code page names like UTF-8, GB2312, and ISO-8859-1. They are tried in the order provided.</string>
<key>pfm_description_reference</key>
<string>Specifies the character encodings supported by the search provider. Encodings are code page names like UTF-8, GB2312, and ISO-8859-1. They are tried in the order provided.
This policy is optional. If not set, the default will be used which is UTF-8.
This policy is only respected if the 'DefaultSearchProviderEnabled' policy is enabled.</string>
<key>pfm_documentation_url</key>
<string>https://cloud.google.com/docs/chrome-enterprise/policies/?policy=DefaultSearchProviderEncodings</string>
<key>pfm_name</key>
<string>DefaultSearchProviderEncodings</string>
<key>pfm_subkeys</key>
<array>
<dict>
<key>pfm_type</key>
<string>string</string>
<key>pfm_value_placeholder</key>
<string>ex. UTF-8</string>
</dict>
</array>
<key>pfm_title</key>
<string>Default search provider encodings</string>
<key>pfm_type</key>
<string>array</string>
</dict>
<dict>
<key>pfm_app_min</key>
<string>8</string>
<key>pfm_description</key>
<string>Specifies the favorite icon URL of the default search provider.</string>
<key>pfm_description_reference</key>
<string>Specifies the favorite icon URL of the default search provider.
This policy is optional. If not set, no icon will be present for the search provider.
This policy is only respected if the 'DefaultSearchProviderEnabled' policy is enabled.</string>
<key>pfm_documentation_url</key>
<string>https://cloud.google.com/docs/chrome-enterprise/policies/?policy=DefaultSearchProviderIconURL</string>
<key>pfm_name</key>
<string>DefaultSearchProviderIconURL</string>
<key>pfm_title</key>
<string>Default search provider icon</string>
<key>pfm_type</key>
<string>string</string>
<key>pfm_value_placeholder</key>
<string>https://search.my.company/favicon.ico</string>
</dict>
<dict>
<key>pfm_app_min</key>
<string>29</string>
<key>pfm_description</key>
<string>Specifies the URL of the search engine used to provide image search. Search requests will be sent using the GET method. If the DefaultSearchProviderImageURLPostParams policy is set then image search requests will use the POST method instead.</string>
<key>pfm_description_reference</key>
<string>Specifies the URL of the search engine used to provide image search. Search requests will be sent using the GET method. If the DefaultSearchProviderImageURLPostParams policy is set then image search requests will use the POST method instead.
This policy is optional. If not set, no image search will be used.
This policy is only respected if the 'DefaultSearchProviderEnabled' policy is enabled.</string>
<key>pfm_documentation_url</key>
<string>https://cloud.google.com/docs/chrome-enterprise/policies/?policy=DefaultSearchProviderImageURL</string>
<key>pfm_name</key>
<string>DefaultSearchProviderImageURL</string>
<key>pfm_title</key>
<string>Parameter providing search-by-image feature for the default search provider</string>
<key>pfm_type</key>
<string>string</string>
<key>pfm_value_placeholder</key>
<string>https://search.my.company/searchbyimage/upload</string>
</dict>
<dict>
<key>pfm_app_min</key>
<string>29</string>
<key>pfm_description</key>
<string>Specifies the parameters used when doing image search with POST. It consists of comma-separated name/value pairs. If a value is a template parameter, like {imageThumbnail} in above example, it will be replaced with real image thumbnail data.</string>
<key>pfm_description_reference</key>
<string>Specifies the parameters used when doing image search with POST. It consists of comma-separated name/value pairs. If a value is a template parameter, like {imageThumbnail} in above example, it will be replaced with real image thumbnail data.
This policy is optional. If not set, image search request will be sent using the GET method.
This policy is only respected if the 'DefaultSearchProviderEnabled' policy is enabled.</string>
<key>pfm_documentation_url</key>
<string>https://cloud.google.com/docs/chrome-enterprise/policies/?policy=DefaultSearchProviderImageURLPostParams</string>
<key>pfm_name</key>
<string>DefaultSearchProviderImageURLPostParams</string>
<key>pfm_title</key>
<string>Parameters for image URL which uses POST</string>
<key>pfm_type</key>
<string>string</string>
<key>pfm_value_placeholder</key>
<string>content={imageThumbnail},url={imageURL},sbisrc={SearchSource}</string>
</dict>
<dict>
<key>pfm_app_min</key>
<string>8</string>
<key>pfm_description</key>
<string>Specifies the keyword, which is the shortcut used in the omnibox to trigger the search for this provider.</string>
<key>pfm_description_reference</key>
<string>Specifies the keyword, which is the shortcut used in the omnibox to trigger the search for this provider.
This policy is optional. If not set, no keyword will activate the search provider.
This policy is only considered if the 'DefaultSearchProviderEnabled' policy is enabled.</string>
<key>pfm_documentation_url</key>
<string>https://cloud.google.com/docs/chrome-enterprise/policies/?policy=DefaultSearchProviderKeyword</string>
<key>pfm_name</key>
<string>DefaultSearchProviderKeyword</string>
<key>pfm_title</key>
<string>Default search provider keyword</string>
<key>pfm_type</key>
<string>string</string>
<key>pfm_value_placeholder</key>
<string>mis</string>
</dict>
<dict>
<key>pfm_app_min</key>
<string>8</string>
<key>pfm_description</key>
<string>Specifies the name of the default search provider. If left empty or not set, the host name specified by the search URL will be used.</string>
<key>pfm_description_reference</key>
<string>Specifies the name of the default search provider. If left empty or not set, the host name specified by the search URL will be used.
This policy is only considered if the 'DefaultSearchProviderEnabled' policy is enabled.</string>
<key>pfm_documentation_url</key>
<string>https://cloud.google.com/docs/chrome-enterprise/policies/?policy=DefaultSearchProviderName</string>
<key>pfm_name</key>
<string>DefaultSearchProviderName</string>
<key>pfm_title</key>
<string>Default search provider name</string>
<key>pfm_type</key>
<string>string</string>
<key>pfm_value_placeholder</key>
<string>Google</string>
</dict>
<dict>
<key>pfm_app_min</key>
<string>30</string>
<key>pfm_description</key>
<string>Specifies the URL that a search engine uses to provide a new tab page.</string>
<key>pfm_description_reference</key>
<string>Specifies the URL that a search engine uses to provide a new tab page.
This policy is optional. If not set, no new tab page will be provided.
This policy is only respected if the 'DefaultSearchProviderEnabled' policy is enabled.</string>
<key>pfm_documentation_url</key>
<string>https://cloud.google.com/docs/chrome-enterprise/policies/?policy=DefaultSearchProviderNewTabURL</string>
<key>pfm_name</key>
<string>DefaultSearchProviderNewTabURL</string>
<key>pfm_title</key>
<string>Default search provider new tab page URL</string>
<key>pfm_type</key>
<string>string</string>
<key>pfm_value_placeholder</key>
<string>https://search.my.company/newtab</string>
</dict>
<dict>
<key>pfm_app_min</key>
<string>8</string>
<key>pfm_description</key>
<string>Specifies the URL of the search engine used when doing a default search. The URL should contain the string '{searchTerms}', which will be replaced at query time by the terms the user is searching for.</string>
<key>pfm_description_reference</key>
<string>Specifies the URL of the search engine used when doing a default search. The URL should contain the string '{searchTerms}', which will be replaced at query time by the terms the user is searching for.
Google's search URL can be specified as: '{google:baseURL}search?q={searchTerms}&amp;{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}ie={inputEncoding}'.
This option must be set when the 'DefaultSearchProviderEnabled' policy is enabled and will only be respected if this is the case.</string>
<key>pfm_documentation_url</key>
<string>https://cloud.google.com/docs/chrome-enterprise/policies/?policy=DefaultSearchProviderSearchURL</string>
<key>pfm_name</key>
<string>DefaultSearchProviderSearchURL</string>
<key>pfm_title</key>
<string>Default search provider search URL</string>
<key>pfm_type</key>
<string>string</string>
<key>pfm_value_placeholder</key>
<string>https://search.my.company/search?q={searchTerms}</string>
</dict>
<dict>
<key>pfm_app_min</key>
<string>29</string>
<key>pfm_description</key>
<string>Specifies the parameters used when searching a URL with POST. It consists of comma-separated name/value pairs. If a value is a template parameter, like {searchTerms} in above example, it will be replaced with real search terms data.</string>
<key>pfm_description_reference</key>
<string>Specifies the parameters used when searching a URL with POST. It consists of comma-separated name/value pairs. If a value is a template parameter, like {searchTerms} in above example, it will be replaced with real search terms data.
This policy is optional. If not set, search request will be sent using the GET method.
This policy is only respected if the 'DefaultSearchProviderEnabled' policy is enabled.</string>
<key>pfm_documentation_url</key>
<string>https://cloud.google.com/docs/chrome-enterprise/policies/?policy=DefaultSearchProviderSearchURLPostParams</string>
<key>pfm_name</key>
<string>DefaultSearchProviderSearchURLPostParams</string>
<key>pfm_title</key>
<string>Parameters for search URL which uses POST</string>
<key>pfm_type</key>
<string>string</string>
<key>pfm_value_placeholder</key>
<string>q={searchTerms},ie=utf-8,oe=utf-8</string>
</dict>
<dict>
<key>pfm_app_min</key>
<string>8</string>
<key>pfm_description</key>
<string>Specifies the URL of the search engine used to provide search suggestions. The URL should contain the string '{searchTerms}', which will be replaced at query time by the text the user has entered so far.</string>
<key>pfm_description_reference</key>
<string>Specifies the URL of the search engine used to provide search suggestions. The URL should contain the string '{searchTerms}', which will be replaced at query time by the text the user has entered so far.
This policy is optional. If not set, no suggest URL will be used.
Google's suggest URL can be specified as: '{google:baseURL}complete/search?output=chrome&amp;q={searchTerms}'.
This policy is only respected if the 'DefaultSearchProviderEnabled' policy is enabled.</string>
<key>pfm_documentation_url</key>
<string>https://cloud.google.com/docs/chrome-enterprise/policies/?policy=DefaultSearchProviderSuggestURL</string>
<key>pfm_name</key>
<string>DefaultSearchProviderSuggestURL</string>
<key>pfm_title</key>
<string>Default search provider suggest URL</string>
<key>pfm_type</key>
<string>string</string>
<key>pfm_value_placeholder</key>
<string>https://search.my.company/suggest?q={searchTerms}</string>
</dict>
<dict>
<key>pfm_app_min</key>
<string>29</string>
<key>pfm_description</key>
<string>Specifies the parameters used when doing suggestion search with POST. It consists of comma-separated name/value pairs. If a value is a template parameter, like {searchTerms} in above example, it will be replaced with real search terms data.</string>
<key>pfm_description_reference</key>
<string>Specifies the parameters used when doing suggestion search with POST. It consists of comma-separated name/value pairs. If a value is a template parameter, like {searchTerms} in above example, it will be replaced with real search terms data.
This policy is optional. If not set, suggest search request will be sent using the GET method.
This policy is only respected if the 'DefaultSearchProviderEnabled' policy is enabled.</string>
<key>pfm_documentation_url</key>
<string>https://cloud.google.com/docs/chrome-enterprise/policies/?policy=DefaultSearchProviderSuggestURLPostParams</string>
<key>pfm_name</key>
<string>DefaultSearchProviderSuggestURLPostParams</string>
<key>pfm_title</key>
<string>Parameters for suggest URL which uses POST</string>
<key>pfm_type</key>
<string>string</string>
<key>pfm_value_placeholder</key>
<string>q={searchTerms},ie=utf-8,oe=utf-8</string>
</dict>
<!-- END ContentSettings/DefaultSearchProvider -->
<!-- START ContentSettings/Extensions -->
<dict>
<key>pfm_app_min</key>
<string>25</string>
<key>pfm_description</key>
<string>Controls which app/extension types are allowed to be installed and limits runtime access.</string>
<key>pfm_description_reference</key>
<string>Controls which app/extension types are allowed to be installed and limits runtime access.
This setting white-lists the allowed types of extension/apps that can be installed in Google Chrome and which hosts they can interact with. The value is a list of strings, each of which should be one of the following: "extension", "theme", "user_script", "hosted_app", "legacy_packaged_app", "platform_app". See the Google Chrome extensions documentation for more information on these types.
Note that this policy also affects extensions and apps to be force-installed via ExtensionInstallForcelist.
If this setting is configured, extensions/apps which have a type that is not on the list will not be installed.
If this settings is left not-configured, no restrictions on the acceptable extension/app types are enforced.</string>
<key>pfm_documentation_url</key>
<string>https://cloud.google.com/docs/chrome-enterprise/policies/?policy=ExtensionAllowedTypes</string>
<key>pfm_name</key>
<string>ExtensionAllowedTypes</string>
<key>pfm_note</key>
<string>Note that this policy also affects extensions and apps to be force-installed via ExtensionInstallForcelist.
If this setting is configured, extensions/apps which have a type that is not on the list will not be installed.
If this settings is left not-configured, no restrictions on the acceptable extension/app types are enforced.</string>
<key>pfm_subkeys</key>
<array>
<dict>
<key>pfm_range_list</key>
<array>
<string>extension</string>
<string>hosted_app</string>
<string>legacy_packaged_app</string>
<string>platform_app</string>
<string>theme</string>
<string>user_script</string>
</array>
<key>pfm_range_list_titles</key>
<array>
<string>Extension</string>
<string>Hosted App</string>
<string>Legacy Packaged App</string>
<string>Platform App</string>
<string>Theme</string>
<string>User Script</string>
</array>
<key>pfm_type</key>
<string>string</string>
<key>pfm_value_unique</key>
<true/>
</dict>
</array>
<key>pfm_title</key>
<string>Types of extensions/apps that are allowed to be installed</string>
<key>pfm_type</key>
<string>array</string>
</dict>
<dict>
<key>pfm_app_min</key>
<string>21</string>
<key>pfm_description</key>
<string>Allows you to specify which URLs are allowed to install extensions, apps, and themes.</string>
<key>pfm_description_reference</key>
<string>Allows you to specify which URLs are allowed to install extensions, apps, and themes.
Starting in Google Chrome 21, it is more difficult to install extensions, apps, and user scripts from outside the Chrome Web Store. Previously, users could click on a link to a *.crx file, and Google Chrome would offer to install the file after a few warnings. After Google Chrome 21, such files must be downloaded and dragged onto the Google Chrome settings page. This setting allows specific URLs to have the old, easier installation flow.
Each item in this list is an extension-style match pattern (see https://developer.chrome.com/extensions/match_patterns). Users will be able to easily install items from any URL that matches an item in this list. Both the location of the *.crx file and the page where the download is started from (i.e. the referrer) must be allowed by these patterns.
ExtensionInstallBlacklist takes precedence over this policy. That is, an extension on the blacklist won't be installed, even if it happens from a site on this list.</string>
<key>pfm_documentation_url</key>
<string>https://cloud.google.com/docs/chrome-enterprise/policies/?policy=ExtensionInstallSources</string>
<key>pfm_name</key>
<string>ExtensionInstallSources</string>
<key>pfm_subkeys</key>
<array>
<dict>
<key>pfm_type</key>
<string>string</string>
<key>pfm_value_placeholder</key>
<string>https://corp.mycompany.com/*</string>
</dict>
</array>
<key>pfm_title</key>
<string>URL patterns to allow extension, app, and user script installs from</string>
<key>pfm_type</key>
<string>array</string>
</dict>
<dict>
<key>pfm_app_min</key>
<string>8</string>
<key>pfm_description</key>
<string>Allows you to specify which extensions the users can NOT install. Extensions already installed will be disabled if blacklisted, without a way for the user to enable them. Once an extension disabled due to the blacklist is removed from it, it will automatically get re-enabled.</string>
<key>pfm_description_reference</key>
<string>Allows you to specify which extensions the users can NOT install. Extensions already installed will be disabled if blacklisted, without a way for the user to enable them. Once an extension disabled due to the blacklist is removed from it, it will automatically get re-enabled.
A blacklist value of '*' means all extensions are blacklisted unless they are explicitly listed in the whitelist.
If this policy is left not set the user can install any extension in Google Chrome.</string>
<key>pfm_documentation_url</key>
<string>https://cloud.google.com/docs/chrome-enterprise/policies/?policy=ExtensionInstallBlacklist</string>
<key>pfm_name</key>
<string>ExtensionInstallBlacklist</string>
<key>pfm_subkeys</key>
<array>
<dict>
<key>pfm_type</key>
<string>string</string>
<key>pfm_value_placeholder</key>
<string>extension_id</string>
</dict>
</array>
<key>pfm_title</key>
<string>Extension IDs the user should be prevented from installing (or * for all)</string>
<key>pfm_type</key>
<string>array</string>
</dict>
<dict>
<key>pfm_app_min</key>
<string>8</string>
<key>pfm_description</key>
<string>Allows you to specify which extensions are not subject to the blacklist.</string>
<key>pfm_description_reference</key>
<string>Allows you to specify which extensions are not subject to the blacklist.
A blacklist value of * means all extensions are blacklisted and users can only install extensions listed in the whitelist.
By default, all extensions are whitelisted, but if all extensions have been blacklisted by policy, the whitelist can be used to override that policy.</string>
<key>pfm_documentation_url</key>
<string>https://cloud.google.com/docs/chrome-enterprise/policies/?policy=ExtensionInstallWhitelist</string>
<key>pfm_name</key>
<string>ExtensionInstallWhitelist</string>
<key>pfm_subkeys</key>
<array>
<dict>
<key>pfm_type</key>
<string>string</string>
<key>pfm_value_placeholder</key>
<string>extension_id</string>
</dict>
</array>
<key>pfm_title</key>
<string>Extension IDs to exempt from the blacklist</string>
<key>pfm_type</key>
<string>array</string>
</dict>
<dict>
<key>pfm_app_min</key>
<string>9</string>
<key>pfm_description</key>
<string>Specifies a list of apps and extensions that are installed silently, without user interaction, and which cannot be uninstalled nor disabled by the user. All permissions requested by the apps/extensions are granted implicitly, without user interaction, including any additional permissions requested by future versions of the app/extension. Furthermore, permissions are granted for the enterprise.deviceAttributes and enterprise.platformKeys extension APIs. (These two APIs are not available to apps/extensions that are not force-installed.)</string>
<key>pfm_description_reference</key>
<string>Specifies a list of apps and extensions that are installed silently, without user interaction, and which cannot be uninstalled nor disabled by the user. All permissions requested by the apps/extensions are granted implicitly, without user interaction, including any additional permissions requested by future versions of the app/extension. Furthermore, permissions are granted for the enterprise.deviceAttributes and enterprise.platformKeys extension APIs. (These two APIs are not available to apps/extensions that are not force-installed.)
This policy takes precedence over a potentially conflicting ExtensionInstallBlacklist policy. If an app or extension that previously had been force-installed is removed from this list, it is automatically uninstalled by Google Chrome.
For Windows instances that are not joined to a Microsoft® Active Directory® domain, forced installation is limited to apps and extensions listed in the Chrome Web Store.
Note that the source code of any extension may be altered by users via Developer Tools (potentially rendering the extension dysfunctional). If this is a concern, the DeveloperToolsDisabled policy should be set.
Each list item of the policy is a string that contains an extension ID and, optionally, an "update" URL separated by a semicolon (;). The extension ID is the 32-letter string found e.g. on chrome://extensions when in developer mode. The "update" URL, if specified, should point to an Update Manifest XML document as described at https://developer.chrome.com/extensions/autoupdate. By default, the Chrome Web Store's update URL is used (which currently is "https://clients2.google.com/service/update2/crx"). Note that the "update" URL set in this policy is only used for the initial installation; subsequent updates of the extension employ the update URL indicated in the extension's manifest. Note also that specifying the "update" URL explicitly was mandatory in Google Chrome versions up to and including 67.
For example, gbchcmhmhahfdphkhkmpfmihenigjmpp;https://clients2.google.com/service/update2/crx installs the Chrome Remote Desktop app from the standard Chrome Web Store "update" URL. For more information about hosting extensions, see: https://developer.chrome.com/extensions/hosting.
If this policy is left not set, no apps or extensions are installed automatically and the user can uninstall any app or extension in Google Chrome.</string>
<key>pfm_documentation_url</key>
<string>https://cloud.google.com/docs/chrome-enterprise/policies/?policy=ExtensionInstallForcelist</string>
<key>pfm_name</key>
<string>ExtensionInstallForcelist</string>
<key>pfm_subkeys</key>
<array>
<dict>
<key>pfm_type</key>
<string>string</string>
<key>pfm_value_placeholder</key>
<string>extension_id</string>
</dict>
</array>
<key>pfm_title</key>
<string>Extension/App IDs and update URLs to be silently installed</string>
<key>pfm_type</key>
<string>array</string>
</dict>
<dict>
<key>pfm_app_min</key>
<string>62</string>
<key>pfm_description</key>
<string>Configures extension management settings for Google Chrome. A default configuration can be set for the special ID "*"</string>
<key>pfm_description_reference</key>
<string>Configures extension management settings for Google Chrome.
This policy controls multiple settings, including settings controlled by any existing extension-related policies. This policy will override any legacy policies if both are set.
This policy maps an extension ID or an update URL to its configuration. With an extension ID, configuration will be applied to the specified extension only. A default configuration can be set for the special ID "*", which will apply to all extensions that don't have a custom configuration set in this policy. With an update URL, configuration will be applied to all extensions with the exact update URL stated in manifest of this extension, as described at https://developer.chrome.com/extensions/autoupdate.
For a full description of possible settings and structure of this policy please visit https://www.chromium.org/administrators/policy-list-3/extension-settings-full</string>
<key>pfm_documentation_url</key>
<string>https://cloud.google.com/docs/chrome-enterprise/policies/?policy=ExtensionSettings</string>
<key>pfm_name</key>
<string>ExtensionSettings</string>
<key>pfm_subkeys</key>
<array>
<dict>
<key>pfm_description</key>
<string></string>
<key>pfm_description_reference</key>
<string></string>
<key>pfm_name</key>
<string>{{key}}</string>
<key>pfm_title</key>
<string>Extension ID</string>
<key>pfm_type</key>
<string>string</string>
</dict>
<dict>
<key>pfm_description</key>
<string></string>
<key>pfm_description_reference</key>
<string></string>
<key>pfm_name</key>
<string>{{value}}</string>
<key>pfm_hidden</key>
<string>container</string>
<key>pfm_subkeys</key>
<array>
<dict>
<key>pfm_description</key>
<string>Maps to a string indicating the installation mode for the extension.</string>
<key>pfm_description_reference</key>
<string></string>
<key>pfm_name</key>
<string>installation_mode</string>
<key>pfm_range_list</key>
<array>
<string>allowed</string>
<string>blocked</string>
<string>force_installed</string>
<string>normal_installed</string>
</array>
<key>pfm_range_list_titles</key>
<array>
<string>Allowed</string>
<string>Blocked</string>
<string>Force Installed</string>
<string>Normal Installed</string>
</array>
<key>pfm_type</key>
<string>string</string>
</dict>
<dict>
<key>pfm_description</key>
<string>Maps to a string indicating where Chrome can download a force_installed or normal_installed extension.</string>
<key>pfm_description_reference</key>
<string></string>
<key>pfm_name</key>
<string>update_url</string>
<key>pfm_type</key>
<string>string</string>
</dict>
<dict>
<key>pfm_description</key>
<string>Maps to a list of strings indicating the blocked API permissions for the extension.</string>
<key>pfm_description_reference</key>
<string></string>
<key>pfm_name</key>
<string>blocked_permissions</string>
<key>pfm_subkeys</key>
<array>
<dict>
<key>pfm_documentation_url</key>
<string>https://developer.chrome.com/extensions/declare_permissions</string>
<key>pfm_range_list</key>
<array>
<string>activeTab</string>
<string>alarms</string>
<string>background</string>
<string>bookmarks</string>
<string>browsingData</string>
<string>certificateProvider</string>
<string>clipboardRead</string>
<string>clipboardWrite</string>
<string>contentSettings</string>
<string>contextMenus</string>
<string>cookies</string>
<string>debugger</string>
<string>declarativeContent</string>
<string>declarativeNetRequest</string>
<string>declarativeWebRequest</string>
<string>desktopCapture</string>
<string>displaySource</string>
<string>dns</string>
<string>documentScan</string>
<string>downloads</string>
<string>enterprise.deviceAttributes</string>
<string>enterprise.hardwarePlatform</string>
<string>enterprise.platformKeys</string>
<string>experimental</string>
<string>fileBrowserHandler</string>
<string>fileSystemProvider</string>
<string>fontSettings</string>
<string>gcm</string>
<string>geolocation</string>
<string>history</string>
<string>identity</string>
<string>idle</string>
<string>idltest</string>
<string>management</string>
<string>nativeMessaging</string>
<string>networking.config</string>
<string>notifications</string>
<string>pageCapture</string>
<string>platformKeys</string>
<string>power</string>
<string>printerProvider</string>
<string>privacy</string>
<string>processes</string>
<string>proxy</string>
<string>sessions</string>
<string>signedInDevices</string>
<string>storage</string>
<string>system.cpu</string>
<string>system.display</string>
<string>system.memory</string>
<string>system.storage</string>
<string>tabCapture</string>
<string>tabs</string>
<string>topSites</string>
<string>tts</string>
<string>ttsEngine</string>
<string>unlimitedStorage</string>
<string>vpnProvider</string>
<string>wallpaper</string>
<string>webNavigation</string>
<string>webRequest</string>
<string>webRequestBlocking</string>
</array>
<key>pfm_type</key>
<string>string</string>
<key>pfm_value_unique</key>
<true/>
</dict>
</array>
<key>pfm_type</key>
<string>array</string>
</dict>
<dict>
<key>pfm_description</key>
<string>Maps to a version string.</string>
<key>pfm_description_reference</key>
<string></string>
<key>pfm_name</key>
<string>minimum_version_required</string>
<key>pfm_type</key>
<string>string</string>
</dict>
<dict>
<key>pfm_description</key>
<string>Each item in this list is an extension-style match pattern.</string>
<key>pfm_description_reference</key>
<string></string>
<key>pfm_name</key>
<string>install_sources</string>
<key>pfm_subkeys</key>
<array>
<dict>
<key>pfm_type</key>
<string>string</string>
</dict>
</array>
<key>pfm_type</key>
<string>array</string>
</dict>
<dict>
<key>pfm_description</key>
<string>This setting whitelists the allowed types of extension/apps that can be installed in Google Chrome.</string>
<key>pfm_description_reference</key>
<string></string>
<key>pfm_name</key>
<string>allowed_types</string>
<key>pfm_subkeys</key>
<array>
<dict>
<key>pfm_range_list</key>
<array>
<string>extension</string>
<string>theme</string>
<string>user_script</string>
<string>hosted_app</string>
<string>legacy_packaged_app</string>
<string>platform_app</string>
</array>
<key>pfm_type</key>
<string>string</string>
</dict>
</array>
<key>pfm_type</key>
<string>array</string>
</dict>
<dict>
<key>pfm_description</key>
<string>This maps to a string specifying the error message to display to users if they're blocked from installing an extension.</string>
<key>pfm_description_reference</key>
<string></string>
<key>pfm_name</key>
<string>blocked_install_message</string>
<key>pfm_type</key>
<string>string</string>
</dict>
<dict>
<key>pfm_description</key>
<string>Maps to a list of strings representing hosts whose webpages the extension will be blocked from modifying.</string>
<key>pfm_description_reference</key>
<string></string>
<key>pfm_name</key>
<string>runtime_blocked_hosts</string>
<key>pfm_subkeys</key>
<array>
<dict>
<key>pfm_type</key>
<string>string</string>
<key>pfm_value_placeholder</key>
<string>*://*.example.com</string>
</dict>
</array>
<key>pfm_type</key>
<string>array</string>
</dict>
<dict>
<key>pfm_description</key>
<string>Maps to a list of strings representing hosts that an extension can interact with regardless of whether they are listed in "runtime_blocked_hosts".</string>
<key>pfm_description_reference</key>
<string></string>
<key>pfm_name</key>
<string>runtime_allowed_hosts</string>
<key>pfm_subkeys</key>
<array>
<dict>
<key>pfm_type</key>
<string>string</string>
<key>pfm_value_placeholder</key>
<string>*://*.example.com</string>
</dict>
</array>
<key>pfm_type</key>
<string>array</string>
</dict>
</array>
<key>pfm_type</key>
<string>dictionary</string>
</dict>
</array>
<key>pfm_title</key>
<string>Extension management settings</string>
<key>pfm_type</key>
<string>dictionary</string>
</dict>
<dict>
<key>pfm_app_deprecated</key>
<string>78</string>
<key>pfm_app_min</key>
<string>73</string>
<key>pfm_description</key>
<string>Allow insecure algorithms in integrity checks on extension updates and installs.</string>
<key>pfm_description_reference</key>
<string>Google Chrome provides for the secure update and installation of extensions. However, the content of some extensions hosted outside of the Chrome Web Store may only be protected by insecure signing or hashing algorithms such as SHA1. When this policy is disabled, fresh installation of and updates to such extensions will not be permitted by Chrome (until the extension developers rebuild the extension with stronger algorithms). When this policy is enabled, installation and updates for such extensions will be permitted.
This will default to the enabled behavior when unset. Starting in Google Chrome 76, this will default to the disabled behavior when unset.
Starting in Google Chrome 78, this policy will be ignored and treated as disabled.</string>
<key>pfm_name</key>
<string>ExtensionAllowInsecureUpdates</string>
<key>pfm_note</key>
<string>This will default to the enabled behavior when unset. Starting in Google Chrome 76, this will default to the disabled behavior when unset. Starting in Google Chrome 78, this policy will be ignored and treated as disabled.</string>
<key>pfm_title</key>
<string>Allow insecure extension updates</string>
<key>pfm_type</key>
<string>boolean</string>
</dict>
<!-- END ContentSettings/Extensions -->
<!-- START ContentSettings/GoogleCast -->
<dict>
<key>pfm_app_min</key>
<string>52</string>
<key>pfm_description</key>
<string>If this policy is set to true or is not set, Google Cast will be enabled, and users will be able to launch it from the app menu, page context menus, media controls on Cast-enabled websites, and (if shown) the Cast toolbar icon.</string>
<key>pfm_description_reference</key>
<string>If this policy is set to true or is not set, Google Cast will be enabled, and users will be able to launch it from the app menu, page context menus, media controls on Cast-enabled websites, and (if shown) the Cast toolbar icon.
If this policy set to false, Google Cast will be disabled.</string>
<key>pfm_documentation_url</key>
<string>https://cloud.google.com/docs/chrome-enterprise/policies/?policy=EnableMediaRouter</string>
<key>pfm_name</key>
<string>EnableMediaRouter</string>
<key>pfm_title</key>
<string>Enable Google Cast</string>
<key>pfm_type</key>
<string>boolean</string>
</dict>
<dict>
<key>pfm_app_min</key>
<string>58</string>
<key>pfm_description</key>
<string>If this policy is set to true, the Cast toolbar icon will always be shown on the toolbar or the overflow menu, and users will not be able to remove it.</string>
<key>pfm_description_reference</key>
<string>If this policy is set to true, the Cast toolbar icon will always be shown on the toolbar or the overflow menu, and users will not be able to remove it.
If this policy is set to false or is not set, users will be able to pin or remove the icon via its contextual menu.
If the policy "EnableMediaRouter" is set to false, then this policy's value would have no effect, and the toolbar icon would not be shown.</string>
<key>pfm_documentation_url</key>
<string>https://cloud.google.com/docs/chrome-enterprise/policies/?policy=ShowCastIconInToolbar</string>
<key>pfm_name</key>
<string>ShowCastIconInToolbar</string>
<key>pfm_title</key>
<string>Show the Google Cast toolbar icon</string>
<key>pfm_type</key>
<string>boolean</string>
</dict>
<!-- END ContentSettings/GoogleCast -->
<!-- START ContentSettings/HTTPAuthentication -->
<dict>
<key>pfm_app_min</key>
<string>13</string>
<key>pfm_description</key>
<string>Controls whether third-party sub-content on a page is allowed to pop-up an HTTP Basic Auth dialog box.</string>
<key>pfm_description_reference</key>
<string>Controls whether third-party sub-content on a page is allowed to pop-up an HTTP Basic Auth dialog box.
Typically this is disabled as a phishing defense. If this policy is not set, this is disabled and third-party sub-content will not be allowed to pop up a HTTP Basic Auth dialog box.</string>
<key>pfm_documentation_url</key>
<string>https://cloud.google.com/docs/chrome-enterprise/policies/?policy=AllowCrossOriginAuthPrompt</string>
<key>pfm_name</key>
<string>AllowCrossOriginAuthPrompt</string>
<key>pfm_title</key>
<string>Cross-origin HTTP Basic Auth prompts</string>
<key>pfm_type</key>
<string>boolean</string>
</dict>
<dict>
<key>pfm_app_min</key>
<string>9</string>
<key>pfm_description</key>
<string>Servers that Google Chrome may delegate to.</string>
<key>pfm_description_reference</key>
<string>Servers that Google Chrome may delegate to.
Separate multiple server names with commas. Wildcards (*) are allowed.
If you leave this policy not set Google Chrome will not delegate user credentials even if a server is detected as Intranet.</string>
<key>pfm_documentation_url</key>
<string>https://cloud.google.com/docs/chrome-enterprise/policies/?policy=AuthNegotiateDelegateWhitelist</string>
<key>pfm_name</key>
<string>AuthNegotiateDelegateWhitelist</string>
<key>pfm_title</key>
<string>Kerberos delegation server whitelist</string>
<key>pfm_type</key>
<string>string</string>
<key>pfm_value_placeholder</key>
<string>foobar.example.com</string>
</dict>
<dict>
<key>pfm_app_min</key>
<string>9</string>
<key>pfm_description</key>
<string>Specifies which HTTP authentication schemes are supported by Google Chrome. Possible values are 'basic', 'digest', 'ntlm' and 'negotiate'. Separate multiple values with commas.</string>
<key>pfm_description_reference</key>
<string>Specifies which HTTP authentication schemes are supported by Google Chrome.
Possible values are 'basic', 'digest', 'ntlm' and 'negotiate'. Separate multiple values with commas.
If this policy is left not set, all four schemes will be used.</string>
<key>pfm_documentation_url</key>
<string>https://cloud.google.com/docs/chrome-enterprise/policies/?policy=AuthSchemes</string>
<key>pfm_name</key>
<string>AuthSchemes</string>
<key>pfm_title</key>
<string>Supported authentication schemes</string>
<key>pfm_type</key>
<string>string</string>
<key>pfm_value_placeholder</key>
<string>basic,digest,ntlm,negotiate</string>
</dict>
<dict>
<key>pfm_app_min</key>
<string>9</string>
<key>pfm_description</key>
<string>Specifies which servers should be whitelisted for integrated authentication. Integrated authentication is only enabled when Google Chrome receives an authentication challenge from a proxy or from a server which is in this permitted list.</string>
<key>pfm_description_reference</key>
<string>Specifies which servers should be whitelisted for integrated authentication. Integrated authentication is only enabled when Google Chrome receives an authentication challenge from a proxy or from a server which is in this permitted list.
Separate multiple server names with commas. Wildcards (*) are allowed.
If you leave this policy not set Google Chrome will try to detect if a server is on the Intranet and only then will it respond to IWA requests. If a server is detected as Internet then IWA requests from it will be ignored by Google Chrome.</string>
<key>pfm_documentation_url</key>
<string>https://cloud.google.com/docs/chrome-enterprise/policies/?policy=AuthServerWhitelist</string>
<key>pfm_name</key>
<string>AuthServerWhitelist</string>
<key>pfm_title</key>
<string>Authentication server whitelist</string>
<key>pfm_type</key>
<string>string</string>
<key>pfm_value_placeholder</key>
<string>*example.com,foobar.com,*baz</string>
</dict>
<dict>
<key>pfm_app_min</key>
<string>9</string>
<key>pfm_description</key>
<string>Specifies whether the generated Kerberos SPN is based on the canonical DNS name or the original name entered.</string>
<key>pfm_description_reference</key>
<string>Specifies whether the generated Kerberos SPN is based on the canonical DNS name or the original name entered.
If you enable this setting, CNAME lookup will be skipped and the server name will be used as entered.
If you disable this setting or leave it not set, the canonical name of the server will be determined via CNAME lookup.</string>
<key>pfm_documentation_url</key>
<string>https://cloud.google.com/docs/chrome-enterprise/policies/?policy=DisableAuthNegotiateCnameLookup</string>
<key>pfm_name</key>
<string>DisableAuthNegotiateCnameLookup</string>
<key>pfm_title</key>
<string>Disable CNAME lookup when negotiating Kerberos authentication</string>
<key>pfm_type</key>
<string>boolean</string>
</dict>
<dict>
<key>pfm_app_min</key>
<string>9</string>
<key>pfm_description</key>
<string>Specifies whether the generated Kerberos SPN should include a non-standard port.</string>
<key>pfm_description_reference</key>
<string>Specifies whether the generated Kerberos SPN should include a non-standard port.
If you enable this setting, and a non-standard port (i.e., a port other than 80 or 443) is entered, it will be included in the generated Kerberos SPN.
If you disable this setting or leave it not set, the generated Kerberos SPN will not include a port in any case.</string>
<key>pfm_documentation_url</key>
<string>https://cloud.google.com/docs/chrome-enterprise/policies/?policy=EnableAuthNegotiatePort</string>
<key>pfm_name</key>
<string>EnableAuthNegotiatePort</string>
<key>pfm_title</key>
<string>Include non-standard port in Kerberos SPN</string>
<key>pfm_type</key>
<string>boolean</string>
</dict>
<!-- END HTTPAuthentication -->
<!-- START ContentSettings/LegacyBrowserSupport -->
<dict>
<key>pfm_app_min</key>
<string>73</string>
<key>pfm_description</key>
<string>This policy controls whether to enable Legacy Browser Support. When this policy is set to true, Chrome will attempt to launch some URLs in an alternate browser.</string>
<key>pfm_description_reference</key>
<string>This policy controls whether to enable Legacy Browser Support.
When this policy is left unset, or is set to false, Chrome will not attempt to launch designated URLs in an alternate browser.
When this policy is set to true, Chrome will attempt to launch some URLs in an alternate browser (such as Internet Explorer). This feature is configured using the policies in the Legacy Browser support group.
This feature is a replacement for the 'Legacy Browser Support' extension. Configuration from the extension will carry over to this feature, but it is strongly advised to use the Chrome policies instead. This ensures better compatibility in the future.</string>
<key>pfm_documentation_url</key>
<string>https://cloud.google.com/docs/chrome-enterprise/policies/?policy=BrowserSwitcherEnabled</string>
<key>pfm_name</key>
<string>BrowserSwitcherEnabled</string>
<key>pfm_title</key>
<string>Browser Switcher Enabled</string>
<key>pfm_type</key>
<string>boolean</string>
</dict>
<dict>
<key>pfm_app_min</key>
<string>71</string>
<key>pfm_description</key>
<string>This policy controls command-line parameters to launch to the alternative browser.</string>
<key>pfm_description_reference</key>
<string>This policy controls command-line parameters to launch to the alternative browser.
When this policy is left unset, only the URL is passed as a command-line parameters.
When this policy is set to a list of strings, each string is passed to the alternative browser as a separate command-line parameters. On Windows, the parameters are joined with spaces. On Mac OS X and Linux, a parameter may contain spaces, and still be treated as a single parameter.
If an element contains ${url}, it gets replaced with the URL of the page to open.
If no element contains ${url}, the URL is appended at the end of the command line.
Environment variables are expanded. On Windows, %ABC% is replaced with the value of the ABC environment variable. On Mac OS X and Linux, ${ABC} is replaced with the value of the ABC environment variable.</string>
<key>pfm_documentation_url</key>
<string>https://cloud.google.com/docs/chrome-enterprise/policies/?policy=AlternativeBrowserParameters</string>
<key>pfm_name</key>
<string>AlternativeBrowserParameters</string>
<key>pfm_note</key>
<string>If an element contains ${url}, it gets replaced with the URL of the page to open. On Mac OS X and Linux, ${ABC} is replaced with the value of the ABC environment variable.</string>
<key>pfm_subkeys</key>
<array>
<dict>
<key>pfm_type</key>
<string>string</string>
<key>pfm_value_placeholder</key>
<string></string>
</dict>
</array>
<key>pfm_title</key>
<string>Alternative Browser Parameters</string>
<key>pfm_type</key>
<string>array</string>
</dict>
<dict>
<key>pfm_app_min</key>
<string>71</string>
<key>pfm_description</key>
<string>This policy controls which command to use to open URLs in an alternative browser.</string>
<key>pfm_description_reference</key>
<string>This policy controls which command to use to open URLs in an alternative browser.
When this policy is left unset, a platform-specific default is used: Internet Explorer for Windows, or Safari for Mac OS X. On Linux, launching an alternative browser will fail when this is unset.
When this policy is set to one of ${ie}, ${firefox}, ${safari} or ${opera}, that browser will launch if it is installed. ${ie} is only available on Windows, and ${safari} is only available on Windows and Mac OS X.
When this policy is set to a file path, that file is used as an executable file.</string>
<key>pfm_documentation_url</key>
<string>https://cloud.google.com/docs/chrome-enterprise/policies/?policy=AlternativeBrowserPath</string>
<key>pfm_name</key>
<string>AlternativeBrowserPath</string>
<key>pfm_note</key>
<string>When this policy is set to one of ${ie}, ${firefox}, ${safari} or ${opera}, that browser will launch if it is installed. When this policy is set to a file path, that file is used as an executable file.</string>
<key>pfm_range_list</key>
<array>
<string>${safari}</string>
<string>${firefox}</string>
<string>${opera}</string>
<string>${ie}</string>
</array>
<key>pfm_range_list_allow_custom_value</key>
<true/>
<key>pfm_title</key>
<string>Alternative Browser Path</string>
<key>pfm_type</key>
<string>string</string>
</dict>
<dict>
<key>pfm_app_min</key>
<string>74</string>
<key>pfm_description</key>
<string>This policy controls how long to wait before launching an alternative browser, in milliseconds. When this policy is set to a number, Chrome shows a message for that many milliseconds, and then opens the alternative browser.</string>
<key>pfm_description_reference</key>
<string>This policy controls how long to wait before launching an alternative browser, in milliseconds.
When this policy is left unset, or set to 0, navigating to a designated URL immediately opens it in an alternative browser.
When this policy is set to a number, Chrome shows a message for that many milliseconds, and then opens the alternative browser.</string>
<key>pfm_documentation_url</key>
<string>https://cloud.google.com/docs/chrome-enterprise/policies/?policy=BrowserSwitcherDelay</string>
<key>pfm_name</key>
<string>BrowserSwitcherDelay</string>
<key>pfm_title</key>
<string>Browser Switcher Delay</string>
<key>pfm_type</key>
<string>integer</string>
<key>pfm_value_unit</key>
<string>milliseconds</string>
</dict>
<dict>
<key>pfm_app_min</key>
<string>74</string>
<key>pfm_description</key>
<string>This policy controls whether to close Chrome completely when the last tab would switch to another browser.</string>
<key>pfm_description_reference</key>
<string>This policy controls whether to close Chrome completely when the last tab would switch to another browser.
When this policy is left unset, or is set to true, Chrome will keep at least one tab open, after switching to an alternate browser.
When this policy is set to false, Chrome will close the tab after switching to an alternate browser, even if it was the last tab. This will cause Chrome to exit completely.</string>
<key>pfm_documentation_url</key>
<string>https://cloud.google.com/docs/chrome-enterprise/policies/?policy=BrowserSwitcherKeepLastChromeTab</string>
<key>pfm_name</key>
<string>BrowserSwitcherKeepLastChromeTab</string>
<key>pfm_note</key>
<string>When this policy is left unset, or is set to true, Chrome will keep at least one tab open, after switching to an alternate browser. When this policy is set to false, Chrome will close the tab after switching to an alternate browser, even if it was the last tab. This will cause Chrome to exit completely.</string>
<key>pfm_title</key>
<string>Keep Chrome open when the last tab switches to another browser</string>
<key>pfm_type</key>
<string>boolean</string>
</dict>
<dict>
<key>pfm_app_min</key>
<string>71</string>
<key>pfm_description</key>
<string>This policy controls the list of websites to open in an alternative browser.</string>
<key>pfm_description_reference</key>
<string>This policy controls the list of websites to open in an alternative browser.
Note that elements can also be added to this list through the BrowserSwitcherUseIeSitelist and BrowserSwitcherExternalSitelistUrl policies.
When this policy is left unset, no websites are added to the list.
When this policy is set, each item is treated as a rule for something to open in an alternative browser. Google Chrome uses those rules when choosing if a URL should open in an alternative browser.
When the Internet Explorer add-in is present and enabled, Internet Explorer switches back to Google Chrome when the rules do not match.
If rules contradict eachother, Google Chrome uses the most specific rule.</string>
<key>pfm_documentation_url</key>
<string>https://cloud.google.com/docs/chrome-enterprise/policies/?policy=BrowserSwitcherUrlGreylist</string>
<key>pfm_name</key>
<string>BrowserSwitcherUrlList</string>
<key>pfm_note</key>
<string>When the Internet Explorer add-in is present and enabled, Internet Explorer switches back to Google Chrome when the rules do not match.</string>
<key>pfm_subkeys</key>
<array>
<dict>
<key>pfm_format</key>
<string>^https?://.*$</string>
<key>pfm_type</key>
<string>string</string>
<key>pfm_value_placeholder</key>
<string>http://google.com</string>
</dict>
</array>
<key>pfm_title</key>
<string>Browser Switcher URL List</string>
<key>pfm_type</key>
<string>array</string>
</dict>
<dict>
<key>pfm_app_min</key>
<string>71</string>
<key>pfm_description</key>
<string>This policy controls the list of websites that will never cause a browser switch.</string>
<key>pfm_description_reference</key>
<string>This policy controls the list of websites that will never cause a browser switch.
Note that elements can also be added to this list through the BrowserSwitcherExternalGreylistUrl policy.
When this policy is left unset, no websites are added to the list.
When this policy is set, each item is treated as a rule, similar to the BrowserSwitcherUrlList policy. However, the logic is reversed: rules that match will not open an alternative browser.
Unlike BrowserSwitcherUrlList, rules apply to both directions. That is, when the Internet Explorer add-in is present and enabled, it also controls whether Internet Explorer should open these URLs in Google Chrome.</string>
<key>pfm_documentation_url</key>
<string>https://cloud.google.com/docs/chrome-enterprise/policies/?policy=BrowserSwitcherUrlGreylist</string>
<key>pfm_name</key>
<string>BrowserSwitcherUrlGreylist</string>
<key>pfm_note</key>
<string>Unlike BrowserSwitcherUrlList, rules apply to both directions. That is, when the Internet Explorer add-in is present and enabled, it also controls whether Internet Explorer should open these URLs in Google Chrome.</string>
<key>pfm_subkeys</key>
<array>
<dict>
<key>pfm_format</key>
<string>^https?://.*$</string>
<key>pfm_type</key>
<string>string</string>
<key>pfm_value_placeholder</key>
<string>http://google.com</string>
</dict>
</array>
<key>pfm_title</key>
<string>Browser Switcher URL Greylist</string>
<key>pfm_type</key>
<string>array</string>
</dict>
<dict>
<key>pfm_app_min</key>
<string>77</string>
<key>pfm_description</key>
<string>This policy is a URL, that points to an XML file in the same format as Internet Explorer's SiteList policy. This loads rules from an XML file, without sharing those rules with Internet Explorer.</string>
<key>pfm_description_reference</key>
<string>This policy is a URL, that points to an XML file in the same format as Internet Explorer's SiteList policy. This loads rules from an XML file, without sharing those rules with Internet Explorer.
The rules in this XML file apply in the same way as BrowserSwitcherUrlGreylist. That is, these rules prevent Google Chrome from opening the alternative browser, and also prevent the alternative browser from opening Google Chrome.
When this policy is left unset, or not set to a valid URL, Google Chrome does not use it as a source of rules that don't trigger a browser switch.
When this policy is set to a valid URL, Google Chrome downloads the site list from that URL, and applies the rules as if they had been configured with the BrowserSwitcherUrlGreylist policy.
For more information on Internet Explorer's SiteList policy: https://docs.microsoft.com/internet-explorer/ie11-deploy-guide/what-is-enterprise-mode</string>
<key>pfm_documentation_url</key>
<string>https://cloud.google.com/docs/chrome-enterprise/policies/?policy=BrowserSwitcherExternalGreylistUrl</string>
<key>pfm_format</key>
<string>^https?://.*.xml$</string>
<key>pfm_name</key>
<string>BrowserSwitcherExternalGreylistUrl</string>
<key>pfm_note</key>
<string>When this policy is set to a valid URL, Google Chrome downloads the grey list from that URL, and applies the rules as if they had been configured with the BrowserSwitcherUrlGreylist policy.
For more information on Internet Explorer's SiteList policy: https://docs.microsoft.com/internet-explorer/ie11-deploy-guide/what-is-enterprise-mode</string>
<key>pfm_title</key>
<string>Browser Switcher External Greylist URL</string>
<key>pfm_type</key>
<string>string</string>
<key>pfm_value_placeholder</key>
<string>http://example.com/greylist.xml</string>
</dict>
<dict>
<key>pfm_app_min</key>
<string>72</string>
<key>pfm_description</key>
<string>This policy is a URL, that points to an XML file in the same format as Internet Explorer's SiteList policy. This loads rules from an XML file, without sharing those rules with Internet Explorer.</string>
<key>pfm_description_reference</key>
<string>This policy is a URL, that points to an XML file in the same format as Internet Explorer's SiteList policy. This loads rules from an XML file, without sharing those rules with Internet Explorer.
When this policy is left unset, or not set to a valid URL, Google Chrome does not use it as a source of rules for switching browsers.
When this policy is set to a valid URL, Google Chrome downloads the site list from that URL, and applies the rules as if they had been configured with the BrowserSwitcherUrlList policy.
For more information on Internet Explorer's SiteList policy: https://docs.microsoft.com/internet-explorer/ie11-deploy-guide/what-is-enterprise-mode</string>
<key>pfm_documentation_url</key>
<string>https://cloud.google.com/docs/chrome-enterprise/policies/?policy=BrowserSwitcherExternalSitelistUrl</string>
<key>pfm_format</key>
<string>^https?://.*.xml$</string>
<key>pfm_name</key>
<string>BrowserSwitcherExternalSitelistUrl</string>
<key>pfm_note</key>
<string>When this policy is set to a valid URL, Google Chrome downloads the site list from that URL, and applies the rules as if they had been configured with the BrowserSwitcherUrlGreylist policy.
For more information on Internet Explorer's SiteList policy: https://docs.microsoft.com/internet-explorer/ie11-deploy-guide/what-is-enterprise-mode</string>
<key>pfm_title</key>
<string>Browser Switcher External Sitelist URL</string>
<key>pfm_type</key>
<string>string</string>
<key>pfm_value_placeholder</key>
<string>http://example.com/sitelist.xml</string>
</dict>
<!-- END ContentSettings/LegacyBrowserSupport -->
<!-- START ContentSettings/Misc -->
<dict>
<key>pfm_app_min</key>
<string>65</string>
<key>pfm_description</key>
<string>Allows you to set whether sites with abusive experiences should be prevented from opening new windows or tabs.</string>
<key>pfm_description_reference</key>
<string>Allows you to set whether sites with abusive experiences should be prevented from opening new windows or tabs.
If this policy is set to True, sites with abusive experiences will be prevented from opening new windows or tabs.
However this behavior will not trigger if SafeBrowsingEnabled policy is set to False.
If this policy is set to False, sites with abusive experiences will be allowed to open new windows or tabs.
If this policy is left not set, True will be used.</string>
<key>pfm_documentation_url</key>
<string>https://cloud.google.com/docs/chrome-enterprise/policies/?policy=AbusiveExperienceInterventionEnforce</string>
<key>pfm_name</key>
<string>AbusiveExperienceInterventionEnforce</string>
<key>pfm_title</key>
<string>Abusive Experience Intervention Enforce</string>
<key>pfm_type</key>
<string>boolean</string>
</dict>
<dict>
<key>pfm_app_min</key>
<string>65</string>
<key>pfm_description</key>
<string>Allows you to set whether ads should be blocked on sites with intrusive ads.</string>
<key>pfm_description_reference</key>
<string>1 - Allow ads on all sites
2 - Do not allow ads on sites with intrusive ads
Allows you to set whether ads should be blocked on sites with intrusive ads.
If this policy is set to 2, ads will be blocked on sites with intrusive ads.
However this behavior will not trigger if SafeBrowsingEnabled policy is set to False.
If this policy is set to 1, ads will not be blocked on sites with intrusive ads.
If this policy is left not set, 2 will be used.</string>
<key>pfm_documentation_url</key>
<string>https://cloud.google.com/docs/chrome-enterprise/policies/?policy=AdsSettingForIntrusiveAdsSites</string>
<key>pfm_name</key>
<string>AdsSettingForIntrusiveAdsSites</string>
<key>pfm_range_list</key>
<array>
<integer>1</integer>
<integer>2</integer>
</array>
<key>pfm_range_list_titles</key>
<array>
<string>Allow ads on all sites</string>
<string>Do not allow ads on sites with intrusive ads</string>
</array>
<key>pfm_title</key>
<string>Ads setting for sites with intrusive ads</string>
<key>pfm_type</key>
<string>integer</string>
</dict>
<dict>
<key>pfm_app_min</key>
<string>57</string>
<key>pfm_description</key>
<string>Enables deleting browser history and download history in Google Chrome and prevents users from changing this setting.</string>
<key>pfm_description_reference</key>
<string>Enables deleting browser history and download history in Google Chrome and prevents users from changing this setting.
Note that even with this policy disabled, the browsing and download history are not guaranteed to be retained: users may be able to edit or delete the history database files directly, and the browser itself may expire or archive any or all history items at any time.
If this setting is enabled or not set, browsing and download history can be deleted.
If this setting is disabled, browsing and download history cannot be deleted.</string>
<key>pfm_documentation_url</key>
<string>https://cloud.google.com/docs/chrome-enterprise/policies/?policy=AllowDeletingBrowserHistory</string>
<key>pfm_name</key>
<string>AllowDeletingBrowserHistory</string>
<key>pfm_title</key>
<string>Enable deleting browser and download history</string>
<key>pfm_type</key>
<string>boolean</string>
</dict>
<dict>
<key>pfm_app_min</key>
<string>48</string>
<key>pfm_description</key>
<string>Allow users to play dinosaur easter egg game when device is offline.</string>
<key>pfm_description_reference</key>
<string>Allow users to play dinosaur easter egg game when device is offline.
If this policy is set to False, users will not be able to play the dinosaur easter egg game when device is offline. If this setting is set to True, users are allowed to play the dinosaur game. If this policy is not set, users are not allowed to play the dinosaur easter egg game on enrolled Chrome OS, but are allowed to play it under other circumstances.</string>
<key>pfm_documentation_url</key>
<string>https://cloud.google.com/docs/chrome-enterprise/policies/?policy=AllowDinosaurEasterEgg</string>
<key>pfm_name</key>
<string>AllowDinosaurEasterEgg</string>
<key>pfm_title</key>
<string>Allow Dinosaur Easter Egg Game</string>
<key>pfm_type</key>
<string>boolean</string>
</dict>
<dict>
<key>pfm_app_min</key>
<string>12</string>
<key>pfm_description</key>
<string>Allows access to local files on the machine by allowing Google Chrome to display file selection dialogs.</string>
<key>pfm_description_reference</key>
<string>Allows access to local files on the machine by allowing Google Chrome to display file selection dialogs.
If you enable this setting, users can open file selection dialogs as normal.
If you disable this setting, whenever the user performs an action which would provoke a file selection dialog (like importing bookmarks, uploading files, saving links, etc.) a message is displayed instead and the user is assumed to have clicked Cancel on the file selection dialog.
If this setting is not set, users can open file selection dialogs as normal.</string>
<key>pfm_documentation_url</key>
<string>https://cloud.google.com/docs/chrome-enterprise/policies/?policy=AllowFileSelectionDialogs</string>
<key>pfm_name</key>
<string>AllowFileSelectionDialogs</string>
<key>pfm_title</key>
<string>Allow invocation of file selection dialogs</string>
<key>pfm_type</key>
<string>boolean</string>
</dict>
<dict>
<key>pfm_app_min</key>
<string>12</string>
<key>pfm_description</key>
<string>If you enable this setting, outdated plugins are used as normal plugins.</string>
<key>pfm_description_reference</key>
<string>If you enable this setting, outdated plugins are used as normal plugins.
If you disable this setting, outdated plugins will not be used and users will not be asked for permission to run them.
If this setting is not set, users will be asked for permission to run outdated plugins.</string>
<key>pfm_documentation_url</key>
<string>https://cloud.google.com/docs/chrome-enterprise/policies/?policy=AllowOutdatedPlugins</string>
<key>pfm_name</key>
<string>AllowOutdatedPlugins</string>
<key>pfm_title</key>
<string>Allow running plugins that are outdated</string>
<key>pfm_type</key>
<string>boolean</string>
</dict>
<dict>
<key>pfm_deprecated</key>
<string>82</string>
<key>pfm_app_min</key>
<string>74</string>
<key>pfm_description</key>
<string>This policy allows an admin to specify that a page may show popups during its unloading.</string>
<key>pfm_description_reference</key>
<string>This policy allows an admin to specify that a page may show popups during its unloading.
When the policy is set to enabled, pages are allowed to show popups while they are being unloaded.
When the policy is set to disabled or not set, pages are not allowed to show popups while they are being unloaded, as per the spec (https://html.spec.whatwg.org/#apis-for-creating-and-navigating-browsing-contexts-by-name).
This policy will be removed in Chrome 82.</string>
<key>pfm_documentation_url</key>
<string>https://cloud.google.com/docs/chrome-enterprise/policies/?policy=AllowPopupsDuringPageUnload</string>
<key>pfm_name</key>
<string>AllowPopupsDuringPageUnload</string>
<key>pfm_title</key>
<string>Allow a page to show popups during its unloading</string>
<key>pfm_type</key>
<string>boolean</string>
</dict>
<dict>
<key>pfm_app_min</key>
<string>51</string>
<key>pfm_description</key>
<string>Enables Google Chrome's restricted log in feature in G Suite and prevents users from changing this setting.</string>
<key>pfm_description_reference</key>
<string>Enables Google Chrome's restricted log in feature in G Suite and prevents users from changing this setting.
If you define this setting, the user will only be able to access Google
Apps using accounts from the specified domains (note that this does not
work for gmail.com/googlemail.com).
This setting will NOT prevent the user from loging in on a managed device
that requires Google authentication. The user will still be allowed to
sign in to accounts from other domains, but they will receive an error
when trying to use G Suite with those accounts.
If you leave this setting empty/not-configured, the user will be able to
access G Suite with any account.
This policy causes the X-GoogApps-Allowed-Domains header to be appended to
all HTTP and HTTPS requests to all google.com domains, as described in
https://support.google.com/a/answer/1668854.
Users cannot change or override this setting.</string>
<key>pfm_documentation_url</key>
<string>https://cloud.google.com/docs/chrome-enterprise/policies/?policy=AllowedDomainsForApps</string>
<key>pfm_name</key>
<string>AllowedDomainsForApps</string>
<key>pfm_title</key>
<string>Define domains allowed to access G Suite</string>
<key>pfm_type</key>
<string>string</string>
<key>pfm_value_placeholder</key>
<string>managedchrome.com,example.com</string>
</dict>
<dict>
<key>pfm_app_min</key>
<string>8</string>
<key>pfm_description</key>
<string>Enables the use of alternate error pages that are built into Google Chrome (such as 'page not found') and prevents users from changing this setting.</string>
<key>pfm_description_reference</key>
<string>Enables the use of alternate error pages that are built into Google Chrome (such as 'page not found') and prevents users from changing this setting.
If you enable this setting, alternate error pages are used.
If you disable this setting, alternate error pages are never used.
If you enable or disable this setting, users cannot change or override this setting in Google Chrome.
If this policy is left not set, this will be enabled but the user will be able to change it.</string>
<key>pfm_documentation_url</key>
<string>https://cloud.google.com/docs/chrome-enterprise/policies/?policy=AlternateErrorPagesEnabled</string>
<key>pfm_name</key>
<string>AlternateErrorPagesEnabled</string>
<key>pfm_title</key>
<string>Enable alternate error pages</string>
<key>pfm_type</key>
<string>boolean</string>
</dict>
<dict>
<key>pfm_app_min</key>
<string>55</string>
<key>pfm_description</key>
<string>Disables the internal PDF viewer in Google Chrome. Instead it treats it as download and allows the user to open PDF files with the default application.</string>
<key>pfm_description_reference</key>
<string>Disables the internal PDF viewer in Google Chrome. Instead it treats it as download and allows the user to open PDF files with the default application.
If this policy is left not set or disabled the PDF plugin will be used to open PDF files unless the user disables it.</string>
<key>pfm_documentation_url</key>
<string>https://cloud.google.com/docs/chrome-enterprise/policies/?policy=AlwaysOpenPdfExternally</string>
<key>pfm_name</key>
<string>AlwaysOpenPdfExternally</string>
<key>pfm_title</key>
<string>Always Open PDF files externally</string>
<key>pfm_type</key>
<string>boolean</string>
</dict>
<dict>
<key>pfm_app_min</key>
<string>25</string>
<key>pfm_description</key>
<string>If enabled or not configured (default), the user will be prompted for audio capture access except for URLs configured in the AudioCaptureAllowedUrls list which will be granted access without prompting.</string>
<key>pfm_description_reference</key>
<string>If enabled or not configured (default), the user will be prompted for audio capture access except for URLs configured in the AudioCaptureAllowedUrls list which will be granted access without prompting.
When this policy is disabled, the user will never be prompted and audio capture only be available to URLs configured in AudioCaptureAllowedUrls.
This policy affects all types of audio inputs and not only the built-in microphone.</string>
<key>pfm_documentation_url</key>
<string>https://cloud.google.com/docs/chrome-enterprise/policies/?policy=AudioCaptureAllowed</string>
<key>pfm_name</key>
<string>AudioCaptureAllowed</string>
<key>pfm_title</key>
<string>Allow or deny audio capture</string>
<key>pfm_type</key>