the Chromium logo

The Chromium Projects

Atomic Policy Groups

This page is obsolete. Please see Chrome Enterprise policy list instead.

Both Chromium and Google Chrome have some groups of policies that depend on each other to provide control over a feature. These sets are represented by the following policy groups. Given that policies can have multiple sources, only values coming from the highest priority source will be applied. Values coming from a lower priority source in the same group will be ignored. The order of priority is defined in https://support.google.com/chrome/a/?p=policy_order.

Policy Name Description
ActiveDirectoryManagement Microsoft® Active Directory® management settings
DeviceMachinePasswordChangeRate Machine password change rate
DeviceUserPolicyLoopbackProcessingMode User policy loopback processing mode
DeviceKerberosEncryptionTypes Allowed Kerberos encryption types
DeviceGpoCacheLifetime GPO cache lifetime
DeviceAuthDataCacheLifetime Authentication data cache lifetime
Attestation Attestation
AttestationEnabledForDevice Enable remote attestation for the device
AttestationEnabledForUser Enable remote attestation for the user
AttestationExtensionWhitelist Extensions allowed to to use the remote attestation API
AttestationForContentProtectionEnabled Enable the use of remote attestation for content protection for the device
BrowserSwitcher Legacy Browser Support
AlternativeBrowserPath Alternative browser to launch for configured websites.
AlternativeBrowserParameters Command-line parameters for the alternative browser.
BrowserSwitcherChromePath Path to Chrome for switching from the alternative browser.
BrowserSwitcherChromeParameters Command-line parameters for switching from the alternative browser.
BrowserSwitcherDelay Delay before launching alternative browser (milliseconds)
BrowserSwitcherEnabled Enable the Legacy Browser Support feature.
BrowserSwitcherExternalSitelistUrl URL of an XML file that contains URLs to load in an alternative browser.
BrowserSwitcherExternalGreylistUrl URL of an XML file that contains URLs that should never trigger a browser switch.
BrowserSwitcherKeepLastChromeTab Keep last tab open in Chrome.
BrowserSwitcherUrlList Websites to open in alternative browser
BrowserSwitcherUrlGreylist Websites that should never trigger a browser switch.
BrowserSwitcherUseIeSitelist Use Internet Explorer's SiteList policy for Legacy Browser Support.
ChromeReportingExtension Chrome Reporting Extension
ReportVersionData Report OS and Chromium Version Information
ReportPolicyData Report Chromium Policy Information
ReportMachineIDData Report Machine Identification information
ReportUserIDData Report User Identification information
ReportExtensionsAndPluginsData Report Extensions and Plugins information
ReportSafeBrowsingData Report Safe Browsing information
CloudReportingEnabled Enables Chromium cloud reporting
ContentPack Content pack
ContentPackDefaultFilteringBehavior Default behavior for sites not in any content pack
ContentPackManualBehaviorHosts Managed user manual exception hosts
ContentPackManualBehaviorURLs Managed user manual exception URLs
CookiesSettings Cookies settings
DefaultCookiesSetting Default cookies setting
CookiesAllowedForUrls Allow cookies on these sites
CookiesBlockedForUrls Block cookies on these sites
CookiesSessionOnlyForUrls Limit cookies from matching URLs to the current session
DateAndTime Date and time
SystemTimezone Timezone
SystemTimezoneAutomaticDetection Configure the automatic timezone detection method
DefaultSearchProvider Default search provider
DefaultSearchProviderEnabled Enable the default search provider
DefaultSearchProviderName Default search provider name
DefaultSearchProviderKeyword Default search provider keyword
DefaultSearchProviderSearchURL Default search provider search URL
DefaultSearchProviderSuggestURL Default search provider suggest URL
DefaultSearchProviderInstantURL Default search provider instant URL
DefaultSearchProviderIconURL Default search provider icon
DefaultSearchProviderEncodings Default search provider encodings
DefaultSearchProviderAlternateURLs List of alternate URLs for the default search provider
DefaultSearchProviderSearchTermsReplacementKey Parameter controlling search term placement for the default search provider
DefaultSearchProviderImageURL Parameter providing search-by-image feature for the default search provider
DefaultSearchProviderNewTabURL Default search provider new tab page URL
DefaultSearchProviderSearchURLPostParams Parameters for search URL which uses POST
DefaultSearchProviderSuggestURLPostParams Parameters for suggest URL which uses POST
DefaultSearchProviderInstantURLPostParams Parameters for instant URL which uses POST
DefaultSearchProviderImageURLPostParams Parameters for image URL which uses POST
Display Display
DeviceDisplayResolution Set display resolution and scale factor
DisplayRotationDefault Set default display rotation, reapplied on every reboot
Drive Drive
DriveDisabled Disable Drive in the Chromium OS Files app
DriveDisabledOverCellular Disable Google Drive over cellular connections in the Chromium OS Files app
Extensions Extensions
ExtensionInstallBlacklist Configure extension installation blacklist
ExtensionInstallWhitelist Configure extension installation whitelist
ExtensionInstallForcelist Configure the list of force-installed apps and extensions
ExtensionInstallSources Configure extension, app, and user script install sources
ExtensionAllowedTypes Configure allowed app/extension types
ExtensionAllowInsecureUpdates Allow insecure algorithms in integrity checks on extension updates and installs
ExtensionSettings Extension management settings
GoogleCast Google Cast
CastReceiverEnabled Enable casting content to the device
CastReceiverName Name of the Google Cast destination
Homepage Homepage
HomepageLocation Configure the home page URL
HomepageIsNewTabPage Use New Tab Page as homepage
NewTabPageLocation Configure the New Tab page URL
ShowHomeButton Show Home button on toolbar
ImageSettings Image settings
DefaultImagesSetting Default images setting
ImagesAllowedForUrls Allow images on these sites
ImagesBlockedForUrls Block images on these sites
JavascriptSettings Javascript settings
DefaultJavaScriptSetting Default JavaScript setting
JavaScriptAllowedForUrls Allow JavaScript on these sites
JavaScriptBlockedForUrls Block JavaScript on these sites
KeygenSettings Keygen settings
DefaultKeygenSetting Default key generation setting
KeygenAllowedForUrls Allow key generation on these sites
KeygenBlockedForUrls Block key generation on these sites
Kiosk Kiosk settings
DeviceLocalAccounts Device-local accounts
DeviceLocalAccountAutoLoginId Device-local account for auto-login
DeviceLocalAccountAutoLoginDelay Device-local account auto-login timer
DeviceLocalAccountAutoLoginBailoutEnabled Enable bailout keyboard shortcut for auto-login
DeviceLocalAccountPromptForNetworkWhenOffline Enable network configuration prompt when offline
LoginScreenOrigins Login and screen origins
DeviceLoginScreenIsolateOrigins Enable Site Isolation for specified origins
DeviceLoginScreenSitePerProcess Enable Site Isolation for every site
NativeMessaging Native messaging
NativeMessagingBlacklist Configure native messaging blacklist
NativeMessagingWhitelist Configure native messaging whitelist
NativeMessagingUserLevelHosts Allow user-level Native Messaging hosts (installed without admin permissions)
NetworkFileShares Network File Shares settings
NetworkFileSharesAllowed Controls Network File Shares for ChromeOS availability
NetBiosShareDiscoveryEnabled Controls Network File Share discovery via NetBIOS
NTLMShareAuthenticationEnabled Controls enabling NTLM as an authentication protocol for SMB mounts
NetworkFileSharesPreconfiguredShares List of preconfigured network file shares.
NotificationsSettings Notification settings
DefaultNotificationsSetting Default notification setting
NotificationsAllowedForUrls Allow notifications on these sites
NotificationsBlockedForUrls Block notifications on these sites
PasswordManager Password manager
PasswordManagerEnabled Enable saving passwords to the password manager
PasswordManagerAllowShowPasswords Allow users to show passwords in Password Manager (deprecated)
PasswordProtection Password protection
PasswordProtectionWarningTrigger Password protection warning trigger
PasswordProtectionLoginURLs Configure the list of enterprise login URLs where password protection service should capture fingerprint of password.
PasswordProtectionChangePasswordURL Configure the change password URL.
PinUnlock Pin unlock
PinUnlockMinimumLength Set the minimum length of the lock screen PIN
PinUnlockMaximumLength Set the maximum length of the lock screen PIN
PinUnlockWeakPinsAllowed Enable users to set weak PINs for the lock screen PIN
PluginVm PluginVm
PluginVmAllowed Allow devices to use a PluginVm on Chromium OS
PluginVmLicenseKey PluginVm license key
PluginVmImage PluginVm image
PluginsSettings Plugins settings
DefaultPluginsSetting Default Flash setting
PluginsAllowedForUrls Allow the Flash plugin on these sites
PluginsBlockedForUrls Block the Flash plugin on these sites
PopupsSettings Popups settings
DefaultPopupsSetting Default popups setting
PopupsAllowedForUrls Allow popups on these sites
PopupsBlockedForUrls Block popups on these sites
Proxy Proxy
ProxyMode Choose how to specify proxy server settings
ProxyServerMode Choose how to specify proxy server settings
ProxyServer Address or URL of proxy server
ProxyPacUrl URL to a proxy .pac file
ProxyBypassList Proxy bypass rules
ProxySettings Proxy settings
QuickUnlock Quick unlock
QuickUnlockModeWhitelist Configure allowed quick unlock modes
QuickUnlockTimeout Set how often user has to enter password to use quick unlock
RemoteAccess Remote access
RemoteAccessClientFirewallTraversal Enable firewall traversal from remote access client
RemoteAccessHostClientDomain Configure the required domain name for remote access clients
RemoteAccessHostClientDomainList Configure the required domain names for remote access clients
RemoteAccessHostFirewallTraversal Enable firewall traversal from remote access host
RemoteAccessHostDomain Configure the required domain name for remote access hosts
RemoteAccessHostDomainList Configure the required domain names for remote access hosts
RemoteAccessHostRequireTwoFactor Enable two-factor authentication for remote access hosts
RemoteAccessHostTalkGadgetPrefix Configure the TalkGadget prefix for remote access hosts
RemoteAccessHostRequireCurtain Enable curtaining of remote access hosts
RemoteAccessHostAllowClientPairing Enable or disable PIN-less authentication for remote access hosts
RemoteAccessHostAllowGnubbyAuth Allow gnubby authentication for remote access hosts
RemoteAccessHostAllowRelayedConnection Enable the use of relay servers by the remote access host
RemoteAccessHostUdpPortRange Restrict the UDP port range used by the remote access host
RemoteAccessHostMatchUsername Require that the name of the local user and the remote access host owner match
RemoteAccessHostTokenUrl URL where remote access clients should obtain their authentication token
RemoteAccessHostTokenValidationUrl URL for validating remote access client authentication token
RemoteAccessHostTokenValidationCertificateIssuer Client certificate for connecting to RemoteAccessHostTokenValidationUrl
RemoteAccessHostDebugOverridePolicies Policy overrides for Debug builds of the remote access host
RemoteAccessHostAllowUiAccessForRemoteAssistance Allow remote users to interact with elevated windows in remote assistance sessions
RemoteAccessHostAllowFileTransfer Allow remote access users to transfer files to/from the host
RestoreOnStartup Action on startup
RestoreOnStartup Action on startup
RestoreOnStartupURLs URLs to open on startup
SAML SAML
DeviceTransferSAMLCookies Transfer SAML IdP cookies during login
SafeBrowsing Safe Browsing settings
SafeBrowsingEnabled Enable Safe Browsing
SafeBrowsingExtendedReportingEnabled Enable Safe Browsing Extended Reporting
SafeBrowsingExtendedReportingOptInAllowed Allow users to opt in to Safe Browsing extended reporting
SafeBrowsingWhitelistDomains Configure the list of domains on which Safe Browsing will not trigger warnings.
SupervisedUsers Supervised users
SupervisedUsersEnabled Enable supervised users
SupervisedUserCreationEnabled Enable creation of supervised users
SupervisedUserContentProviderEnabled Enable the supervised user content provider
UserAndDeviceReporting User and device reporting
ReportDeviceVersionInfo Report OS and firmware version
ReportDeviceBootMode Report device boot mode
ReportDeviceUsers Report device users
ReportDeviceActivityTimes Report device activity times
ReportDeviceLocation Report device location
ReportDeviceNetworkInterfaces Report device network interfaces
ReportDeviceHardwareStatus Report hardware status
ReportDeviceSessionStatus Report information about active kiosk sessions
ReportDeviceBoardStatus Report board status
ReportDevicePowerStatus Report power status
ReportDeviceStorageStatus Report storage status
ReportUploadFrequency Frequency of device status report uploads
ReportArcStatusEnabled Report information about status of Android
HeartbeatEnabled Send network packets to the management server to monitor online status
HeartbeatFrequency Frequency of monitoring network packets
LogUploadEnabled Send system logs to the management server
DeviceMetricsReportingEnabled Enable metrics reporting
WebUsbSettings Web USB settings
DefaultWebUsbGuardSetting Control use of the WebUSB API
DeviceWebUsbAllowDevicesForUrls Automatically grant permission to these sites to connect to USB devices with the given vendor and product IDs.
WebUsbAllowDevicesForUrls Automatically grant permission to these sites to connect to USB devices with the given vendor and product IDs.
WebUsbAskForUrls Allow WebUSB on these sites
WebUsbBlockedForUrls Block WebUSB on these sites
WiFi WiFi
DeviceWiFiFastTransitionEnabled Enable 802.11r Fast Transition
DeviceWiFiAllowed Enable WiFi