AIDR - Chrome Browser Collector - Deploy the Chrome browser extension version 1.x.x

Deploy Chrome Collector v1.x.x

note:

These instructions apply to the Site Access and Prompt Inspection Extension (1.x.x), hosted on the CrowdStrike update server.

This extension enables prompt inspection on supported AI sites and supports

Site Access policy rules.

For Prompt Inspection Extension (0.6.x), see Deploy 0.6.x .

Deploying a browser collector requires two steps:

Install the browser extension.
Save AIDR collector configuration in the extension's Managed storage.

Managed storage

All deployment methods populate the browser extension's Managed storage with values required to connect to AIDR.

Configuration fields

Required fields:
- registrationIdentity - Encoded credentials the extension uses to authenticate with the AIDR service and obtain an authorization token
- urlTemplate - AIDR API base URL
You can find collector-specific values for registrationIdentity and urlTemplate on the Install tab in the AIDR console. Configuration files and templates on the Install tab include these values.
Optional user identity fields that appear in AIDR event logs:
- userId - User identifier, such as an email address. Appears in AIDR logs and findings as a top-level field. If not provided, defaults to user_<device-id>.
- userFullName - User's display name. Appears in AIDR logs and findings under Extra Info. If not provided, defaults to name_<device-id>.
- hostname - Device hostname. Appears in AIDR logs and findings under Extra Info. If not configured, the value is empty.

System settings

Jamf, Intune, Group Policy, and Self-Service apply extension configuration through OS-level settings: managed preference profiles on macOS or registry entries on Windows.

Chrome Enterprise pushes configuration via cloud policy to the extension's managed storage in enrolled browsers, bypassing OS-level settings.

Select extension version

Choose the extension edition to deploy:

Site Access and Prompt Inspection Extension (1.x.x) - Supports prompt inspection on supported AI sites and Site Access policy rules for monitoring, blocking, or redirecting visits to specified sites.

Select distribution method

On the collector details page in the AIDR console, switch to the Install tab. This tab provides instructions, links, and templates for common deployment methods. The following sections include step-by-step guides for specific methods.

Jamf - Enforce extension deployment and system-level settings on macOS with Apple-native Configuration Profiles.
Microsoft Intune - Deploy extensions and configuration profiles across Windows and macOS managed endpoints.
Chrome Enterprise (Google Chrome only) - Enroll browsers into the Google Admin console for centralized cloud-based policy management.
Group Policy (Windows only) - Force-install the extension and configure managed storage via registry settings across domain-joined Windows endpoints.
Self-Service - Install the extension and apply a configuration profile on a single machine to quickly test the collector.

Chrome Enterprise

With Chrome Enterprise Cloud Management, you can centrally install and configure extensions across managed Chrome browsers.

Requirements

Cloud-managed Chrome browsers and browser profiles.

For more information on how to enroll, see the
Cloud-managed Chrome browser documentation.

Install and configure extension

With user browsers and profiles enrolled, log in to your Google Admin console .
Click the main menu icon and go to Chrome browser > Apps & extensions.
Add the AIDR Chrome browser extension:
1. Select or create an Organizational Unit (OU).
2. Click the Users & browsers tab.
3. Hover over the + icon and select Add Chrome app or extension by ID.
4. In the Add Chrome app or extension by ID dialog:
  1. Extension ID:
    gppamppofhecmnlhmhdobepbifmpafmp
  2. Select From a custom URL.
  3. URL:
    https://update-crx.falcon.crowdstrike.com/aidr/v1/update.xml
  4. Click SAVE.
Select the added extension in the app list.
Under Policy for extensions, paste the Extension Policy JSON from the collector's Install tab in the AIDR console, for example:
```
{
  "urlTemplate": {
    "Value": "https://api.crowdstrike.com/aidr/aiguard"
  },
  "registrationIdentity": {
    "Value": "eyJzIj...iI6MX0"
  }
}
```
This policy authenticates the extension with the AIDR service. The copied JSON contains the correct credentials and AIDR base URL for your collector.
Select an Installation policy. For example, select Force install + pin to browser toolbar to force-install the extension to all enrolled user devices in the OU. This option also pins the extension to the browser toolbar for visibility.
Click SAVE in the top right corner of the screen.

note:

Chrome Enterprise policies can't dynamically populate these fields:

userId
userFullName
hostname

To populate these fields in AIDR event logs, configure them on each endpoint. You can use an endpoint management tool, such as Jamf or Intune, to deploy a managed preference profile or registry entry. Apply the configuration at these system paths:

macOS preference domain:
- com.google.Chrome.extensions.gppamppofhecmnlhmhdobepbifmpafmp
Windows registry path:
- HKLM:\SOFTWARE\Policies\Google\Chrome\3rdparty\extensions\gppamppofhecmnlhmhdobepbifmpafmp\policy

tip:

If you force-install the extension, DevTools might not be accessible by default.

If you plan to debug the extension on target machines, in the Google Admin console:

Go to Devices > Chrome > Settings > Developer tools availability.
Set Developer tools availability to Always allow use of built-in developer tools.
Click Save.

Group Policy (Windows)

Active Directory Group Policy lets you force-install the browser extension on domain-joined Windows endpoints and configure its managed storage through registry entries.

Requirements

Active Directory domain environment with Group Policy Management console (GPMC) installed.
Permission to create, edit, and link Group Policy Objects (GPOs). For example, membership in Domain Admins or Group Policy Creator Owners.
Target computer and user accounts in Organizational Units (OUs) linked to the GPO. Verify OU membership in Active Directory Users and Computers (dsa.msc).
If you plan to force-install the extension through GPO, you need write access to the domain's SYSVOL share (\\<domain>\SYSVOL\) to install administrative templates.

Create or edit Group Policy Object

Open Group Policy Management console (gpmc.msc).
Right-click your target OU and select Create a GPO in this domain, and Link it here..., or right-click an existing GPO and select Edit... to open Group Policy Management Editor.

Force-install extension

If the extension is already deployed through another method, such as Microsoft Intune, skip to Configure computer-level registry settings.

Install administrative templates

The Google Chrome administrative templates (ADMX/ADML files) aren't included with Windows. Check whether they're installed, and install them if needed.

In Group Policy Management Editor, go to Computer Configuration > Policies > Administrative Templates. If Google > Google Chrome policy settings are already listed, skip to Enable force-install policy.
Download the Chrome Enterprise Bundle from chromeenterprise.google by following the Quick start guide for Windows.
Extract the downloaded archive.
Inside the extracted folder, locate the Configuration/admx/ subfolder containing .admx files and language-specific subfolders, such as en-US, with .adml files.
Create the Central Store in SYSVOL. The Central Store is a PolicyDefinitions folder inside the domain's Policies folder. When this folder exists, GPMC reads administrative templates from the Central Store instead of the local machine. DFS Replication automatically copies the folder to all domain controllers. This folder doesn't exist by default - you must create it manually. Create PolicyDefinitions\ and a subfolder for each language you need, such as en-US\:
- \\<domain>\SYSVOL\<domain>\Policies\PolicyDefinitions\
- \\<domain>\SYSVOL\<domain>\Policies\PolicyDefinitions\en-US\
Copy all .admx files to PolicyDefinitions\ and the .adml files from each language subfolder to the matching subfolder under PolicyDefinitions\.
Close and reopen Group Policy Management Editor to load the new templates.

note:

If no Central Store exists in SYSVOL, GPMC reads templates from the local C:\Windows\PolicyDefinitions\ folder on the machine running the console. Every Windows installation includes this folder with built-in OS templates, but the contents aren't replicated to other domain controllers. This approach works for single-admin environments and testing but isn't recommended for production.

Enable force-install policy

In Group Policy Management Editor, go to: Computer Configuration > Policies > Administrative Templates > Google > Google Chrome > Extensions.
Double-click Configure the list of force-installed apps and extensions.
In the Configure the list of force-installed apps and extensions dialog:
1. Click Enabled.
2. Click Show... under Extension/App IDs and update URLs to be silently installed.
3. In the Show Contents dialog, add the extension update URL:
```
gppamppofhecmnlhmhdobepbifmpafmp;https://update-crx.falcon.crowdstrike.com/aidr/v1/update.xml
```
4. Click OK in the Show Contents dialog.
Click OK in the Configure the list of force-installed apps and extensions dialog.

Configure computer-level registry settings

Add extension settings that apply to all users under Computer Configuration:

Go to Computer Configuration > Preferences > Windows Settings > Registry.
Add AIDR base URL:
1. Right-click and select New > Registry Item. Use these values in the New Registry Properties dialog:
  - Action: Update
  - Hive: HKEY_LOCAL_MACHINE
  - Key Path:
    SOFTWARE\Policies\Google\Chrome\3rdparty\extensions\gppamppofhecmnlhmhdobepbifmpafmp\policy
  - Value name:
    urlTemplate
  - Value type: REG_SZ
  - Value data: Copy the cloud-specific value from the collector's Install tab in the AIDR console. The AIDR base URL depends on your CrowdStrike cloud:
    - US-1
      https://api.crowdstrike.com/aidr/aiguard
    - US-2
      https://api.us-2.crowdstrike.com/aidr/aiguard
    - EU-1
      https://api.eu-1.crowdstrike.com/aidr/aiguard
2. Click OK.
Add collector credentials:
1. Right-click and select New > Registry Item. Use these values in the New Registry Properties dialog:
  - Action: Update
  - Hive: HKEY_LOCAL_MACHINE
  - Key Path:
    SOFTWARE\Policies\Google\Chrome\3rdparty\extensions\gppamppofhecmnlhmhdobepbifmpafmp\policy
  - Value name:
    registrationIdentity
  - Value type: REG_SZ
  - Value data: Copy the value from the collector's Install tab in the AIDR console. The value is a base64-encoded string that looks like eyJzIj...oxfQ==.
2. Click OK.
Add device hostname:
1. Right-click and select New > Registry Item. Use these values in the New Registry Properties dialog:
  - Action: Update
  - Hive: HKEY_LOCAL_MACHINE
  - Key Path:
    SOFTWARE\Policies\Google\Chrome\3rdparty\extensions\gppamppofhecmnlhmhdobepbifmpafmp\policy
  - Value name:
    hostname
  - Value type: REG_SZ
  - Value data:
    %COMPUTERNAME%
2. Click OK.

To edit a registry setting, right-click it and select Properties.

note:

Group Policy Preferences expand variables, such as %COMPUTERNAME%, at processing time and write the target machine name to the registry as a static string. This differs from REG_EXPAND_SZ, where the OS expands variables each time the value is read.

Cleanup behavior:

GPO Registry Preferences don't remove registry entries when you delete the preference item from the GPO. To enable automatic cleanup, click the Common tab of each registry item and select Remove this item when it is no longer applied. Enable this setting before you apply the GPO to target machines. If you didn't select this option before initial application, you must remove the registry entries manually or with a script.

Configure user-level registry settings

Because user-specific variables must resolve per user, add user identity settings under User Configuration.

note:

Windows processes Computer Configuration preferences during computer startup in the SYSTEM context, before any user logs in. In that context, %USERNAME% resolves to the computer account name - for example, WORKSTATION1$ - not the logged-in user.

Go to User Configuration > Preferences > Windows Settings > Registry.
Add user ID:
1. Right-click and select New > Registry Item. Use these values in the New Registry Properties dialog:
  - Action: Update
  - Hive: HKEY_CURRENT_USER
  - Key Path:
    SOFTWARE\Policies\Google\Chrome\3rdparty\extensions\gppamppofhecmnlhmhdobepbifmpafmp\policy
  - Value name:
    userId
  - Value type: REG_SZ
  - Value data:
    %USERNAME%
2. Click OK.
Add user full name:
1. Right-click and select New > Registry Item. Use these values in the New Registry Properties dialog:
  - Action: Update
  - Hive: HKEY_CURRENT_USER
  - Key Path:
    SOFTWARE\Policies\Google\Chrome\3rdparty\extensions\gppamppofhecmnlhmhdobepbifmpafmp\policy
  - Value name:
    userFullName
  - Value type: REG_SZ
  - Value data:
    %USERNAME%
2. Click OK.

To edit a registry setting, right-click it and select Properties.

note:

Group Policy Preferences expand variables, such as %USERNAME%, at processing time and write the result to the registry as a static string. This differs from REG_EXPAND_SZ, where the OS expands variables each time the value is read.
%USERNAME% resolves to the Windows SAM account name, such as jhammond, not an email address or display name.
Multi-domain environments

By default, userId is set to %USERNAME%. In multi-domain environments, you can use %USERDOMAIN%\%USERNAME%, such as INGENHQ\jhammond, to distinguish users who share a SAM name across domains.

Cleanup behavior:

Link GPO and verify

Link the GPO to target OUs.

This GPO includes both Computer Configuration and User Configuration settings. Both computer accounts and user accounts must be in OUs linked to the GPO. If your computers and users are in different OUs, link the GPO to both, or to a parent OU that contains both.

note:
User accounts in the default CN=Users container don't receive User Configuration policies. GPOs can't be linked to the default Users container. Move user accounts to a proper OU.
On the Scope tab of the GPO, check the Security Filtering section. By default, this section includes Authenticated Users, which covers all domain-joined accounts. If your organization has narrowed filtering to a specific security group, confirm that target computer and user accounts are members. Otherwise, no endpoints receive the policy.
Run gpupdate /force on a target machine and restart Google Chrome:
```
gpupdate /force
```
Verify the computer-level registry values:
```
reg query "HKLM\SOFTWARE\Policies\Google\Chrome\3rdparty\extensions\gppamppofhecmnlhmhdobepbifmpafmp\policy"
```
Confirm that urlTemplate, registrationIdentity, and hostname are present.
Verify the user-level registry values:
```
reg query "HKCU\SOFTWARE\Policies\Google\Chrome\3rdparty\extensions\gppamppofhecmnlhmhdobepbifmpafmp\policy"
```
Confirm that userId and userFullName are present with the logged-in user's name.
In Google Chrome on the target machine:
- Go to chrome://extensions and verify that the extension is installed. If you force-installed the extension through GPO, verify that users can't disable it.
- Go to chrome://policy. Confirm that the AIDR extension policy shows all five values with the correct per-user expansion.

Open the AIDR extension from the browser toolbar and verify its status.

After successful registration, the extension status progresses through Configured and Ready to Active.

To confirm that the extension connects to AIDR, see Verify Deployment .

Self-Service (testing)

Enterprise management required:

The Self-Service option requires an enterprise-managed machine enrolled in MDM, such as Intune or Jamf, joined to an Active Directory domain, or registered with Azure AD / Entra ID.

Unmanaged machines cannot use this deployment method in Google Chrome.

The Self-Service option lets you quickly evaluate the collector on your own machine before deploying it at scale:

Introduces the key browser collector deployment steps.
Requires no additional management tool configuration. Lets you perform installation and configuration steps on your machine using downloadable profiles and scripts.
Describes extension deployment parameters that also apply to production deployments.

Self-service limitations:

Self-service deployment is intended for testing and evaluation purposes. It isn't a supported option for production deployments.

The first time you select this option, you must acknowledge these limitations in a confirmation dialog before proceeding.

Install and configure extension

Self-service deployment uses force-install. You download and apply configuration that automatically installs the extension from the CrowdStrike update server and enables updates.

Download and apply the configuration.

macOS

Download two configuration profiles from the collector's Install tab in the AIDR console:

Force-install profile (System scope) - Installs the extension automatically and enables updates.

Example force-install profile (System scope)

This profile force-installs the extension via ExtensionInstallForcelist. Apply at the System level (Computer Channel).

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
   <key>PayloadContent</key>
   <array>
       <dict>
           <key>PayloadType</key>
           <string>com.google.Chrome</string>
           <key>PayloadIdentifier</key>
           <string>com.crowdstrike.aidr.chrome.forceinstall</string>
           <key>PayloadUUID</key>
           <string>6B8F77E1-68F0-4B1D-8946-815340636BA8</string>
           <key>PayloadVersion</key>
           <integer>1</integer>
           <key>PayloadEnabled</key>
           <true/>
           <key>PayloadDisplayName</key>
           <string>AIDR Chrome Extension Force-Install</string>
           <key>DeveloperToolsAvailability</key>
           <integer>1</integer>
           <key>ExtensionInstallForcelist</key>
           <array>
               <string>gppamppofhecmnlhmhdobepbifmpafmp;https://update-crx.falcon.crowdstrike.com/aidr/v1/update.xml</string>
           </array>
       </dict>
   </array>
   <key>PayloadType</key>
   <string>Configuration</string>
   <key>PayloadIdentifier</key>
   <string>com.crowdstrike.aidr.chrome.forceinstall.profile</string>
   <key>PayloadUUID</key>
   <string>7A1E88F2-7901-5C2E-9A57-926451747CB9</string>
   <key>PayloadVersion</key>
   <integer>1</integer>
   <key>PayloadScope</key>
   <string>System</string>
   <key>PayloadDisplayName</key>
   <string>AIDR Chrome Extension Force-Install Profile</string>
</dict>
</plist>

Configuration profile (User scope) - Authenticates the extension with AIDR.

Example configuration profile (User scope)

This profile populates the extension's managed storage with AIDR credentials. Apply at the User level (User Channel).

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
  <key>PayloadContent</key>
  <array>
      <dict>
          <key>PayloadType</key>
          <string>com.google.Chrome.extensions.gppamppofhecmnlhmhdobepbifmpafmp</string>
          <key>PayloadIdentifier</key>
          <string>com.crowdstrike.aidr.chrome.config</string>
          <key>PayloadUUID</key>
          <string>9dd7538f-f46c-482a-91d6-11f87b8f9e6d</string>
          <key>PayloadVersion</key>
          <integer>1</integer>
          <key>PayloadEnabled</key>
          <true/>
          <key>PayloadDisplayName</key>
          <string>AIDR Chrome Extension Configuration</string>
          <key>urlTemplate</key>
          <string>https://api.crowdstrike.com/aidr/aiguard</string>
          <key>registrationIdentity</key>
          <string>eyJzIj...YiOjF9</string>
          <key>userId</key>
          <string>{{user-id}}</string>
          <key>userFullName</key>
          <string>{{user-full-name}}</string>
          <key>hostname</key>
          <string>replace-with-hostname</string>
      </dict>
  </array>
  <key>PayloadType</key>
  <string>Configuration</string>
  <key>PayloadIdentifier</key>
  <string>com.crowdstrike.aidr.chrome.config.profile</string>
  <key>PayloadUUID</key>
  <string>c4d2e6f8-1a3b-5c7d-9e0f-4b6a8c2d0e1f</string>
  <key>PayloadVersion</key>
  <integer>1</integer>
  <key>PayloadScope</key>
  <string>User</string>
  <key>PayloadDisplayName</key>
  <string>AIDR Chrome Extension Configuration Profile</string>
</dict>
</plist>

Install both profiles:

Double-click each .mobileconfig file.
Install in System Settings > General > Device Management.

note:

The exact path may vary depending on your macOS version.
If a previous profile for this extension exists, remove it first.

Windows

Download the PowerShell script from the collector's Install tab in the AIDR console.

Example PowerShell script

This script creates the force-install entry, developer tools policy, and managed storage configuration in the Windows Registry. Run as Administrator.

# Chrome AIDR Extension - Force-Install + Configuration
$ErrorActionPreference = "Stop"

$extensionId = "gppamppofhecmnlhmhdobepbifmpafmp"
$updateUrl = "https://update-crx.falcon.crowdstrike.com/aidr/v1/update.xml"
$targetValue = "$extensionId;$updateUrl"

try {
    # --- Force-Install ---
    $forceInstallPath = "HKLM:\SOFTWARE\Policies\Google\Chrome\ExtensionInstallForcelist"
    if (-not (Test-Path $forceInstallPath)) {
        New-Item -Path $forceInstallPath -Force | Out-Null
        Write-Output "Registry key created: $forceInstallPath"
    }

    # Get all existing values in the key
    $existingProperties = Get-ItemProperty -Path $forceInstallPath

    # Check if the target value already exists
    $alreadyExists = $existingProperties.PSObject.Properties |
        Where-Object { $_.Name -notlike "PS*" -and $_.Value -eq $targetValue }

    if ($alreadyExists) {
        Write-Output "Extension already force-installed at index '$($alreadyExists.Name)'. No changes made."
    } else {
        # Find the first available numeric index
        $index = 1
        while ($existingProperties.PSObject.Properties.Name -contains "$index") {
            $index++
        }

        # Add the value at the next available index
        New-ItemProperty -Path $forceInstallPath -Name "$index" -Value $targetValue -PropertyType String -Force | Out-Null
        Write-Output "Extension force-installed at index '$index'."
    }

    # --- DeveloperToolsAvailability ---
    $browserPath = "HKLM:\SOFTWARE\Policies\Google\Chrome"
    Set-ItemProperty -Path $browserPath -Name "DeveloperToolsAvailability" -Value 1 -Type DWord -Force
    Write-Output "DeveloperToolsAvailability set to 1"

    # --- Managed storage configuration ---
    $policyPath = "HKLM:\SOFTWARE\Policies\Google\Chrome\3rdparty\extensions\$extensionId\policy"
    if (-not (Test-Path $policyPath)) {
        New-Item -Path $policyPath -Force | Out-Null
    }

    Set-ItemProperty -Path $policyPath -Name "registrationIdentity" `
        -Value "eyJzIj...YiOjF9" `
        -Type String -Force

    Set-ItemProperty -Path $policyPath -Name "urlTemplate" `
        -Value "https://api.crowdstrike.com/aidr/aiguard" `
        -Type String -Force

    # Use REG_EXPAND_SZ to expand %...% variables at read time
    # In multidomain environments, you can use %USERDOMAIN%\%USERNAME%
    New-ItemProperty -Path $policyPath -Name "userId" `
        -Value "%USERNAME%" -PropertyType ExpandString -Force | Out-Null

    New-ItemProperty -Path $policyPath -Name "userFullName" `
        -Value "%USERNAME%" -PropertyType ExpandString -Force | Out-Null

    New-ItemProperty -Path $policyPath -Name "hostname" `
        -Value "%COMPUTERNAME%" -PropertyType ExpandString -Force | Out-Null

    # Verify
    $config = Get-ItemProperty -Path $policyPath
    Write-Output "`nConfiguration applied successfully:"
    Write-Output "  - registrationIdentity: Set"
    Write-Output "  - urlTemplate: $($config.urlTemplate)"
    Write-Output "  - userId: $($config.userId)"
    Write-Output "  - userFullName: $($config.userFullName)"
    Write-Output "  - hostname: $($config.hostname)"

    Exit 0

} catch {
    Write-Error "Failed: $($_.Exception.Message)"
    Exit 1
}

Run the script as Administrator to add the configuration to the Registry:

Force-install entry - Installs and enables the extension automatically
DeveloperToolsAvailability - Allows developer tools (required for extension debugging)
Managed storage configuration - Authenticates the extension with AIDR

warning:

The script modifies only extension-specific key paths in the Windows Registry. As a precaution, back up the registry before running the script.

note:

By default, force-installed extensions block access to developer tools. The configuration sets DeveloperToolsAvailability to allow developer tools. This lets you inspect the extension's service worker and debug issues during testing.

Restart the browser.

Fully close and restart your browser. The extension installs automatically and connects to AIDR after the restart.

After the extension installs, you can manage it on the chrome://extensions page.

note:

The AIDR console pre-populates downloaded configuration files with values from the current session:

urlTemplate - The AIDR API URL for your CrowdStrike cloud.
registrationIdentity - Collector-specific credentials.
userId and userFullName - For macOS, the current AIDR console user's information.

If you distribute the configuration file to other users, update the userId and userFullName fields to match the target user's identity.

For Windows, the script uses environment variable expansion (%USERNAME%) to populate these fields automatically with the logged-in user's identity.
hostname - For macOS, populated with a placeholder value. Replace it with the target machine's hostname.

For Windows, the script uses environment variable expansion (%COMPUTERNAME%) to populate this field automatically.

In production deployments, set these values dynamically per user with variables in your endpoint management tool or script.

Uninstall collector

When you're done testing, remove the browser extension and its system configuration.

Remove the browser extension in your browser's extension manager.
Remove the system configuration:
- macOS - Remove both configuration profiles in System Settings > General > Device Management > Profiles:
  1. Force-install profile (AIDR Extension Force-Install Profile)
  2. Configuration profile (AIDR Extension Configuration Profile)
  The exact path may vary depending on your macOS version.
- Windows - Remove the force-install entry, DeveloperToolsAvailability, and managed storage registry keys.
  
  warning:
  This modifies the Windows Registry. You can make a registry backup before proceeding. If you're unsure how to back up the Registry, contact your IT or system administrator.
  
  Run these commands in a PowerShell session as Administrator:
  Remove force-install entry
```
# Find and remove the forcelist value matching the extension ID
$forcelistPath = "HKLM:\SOFTWARE\Policies\Google\Chrome\ExtensionInstallForcelist"
$item = Get-Item -Path $forcelistPath -ErrorAction SilentlyContinue
if ($item) {
  $item.GetValueNames() | ForEach-Object {
      if ($item.GetValue($_) -match [regex]::Escape("gppamppofhecmnlhmhdobepbifmpafmp")) {
          Remove-ItemProperty -Path $forcelistPath -Name $_
      }
  }
}
```
  Remove DeveloperToolsAvailability
```
Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Google\Chrome" -Name "DeveloperToolsAvailability" -ErrorAction SilentlyContinue
```
  Remove extension configuration
```
Remove-Item -Path "HKLM:\SOFTWARE\Policies\Google\Chrome\3rdparty\extensions\gppamppofhecmnlhmhdobepbifmpafmp" -Recurse -ErrorAction SilentlyContinue
```
  Verify that no references to the extension remain:
  Verify extension removal
```
reg query "HKLM\SOFTWARE\Policies\Google\Chrome" /s /f "gppamppofhecmnlhmhdobepbifmpafmp"
```
  Expected output: End of search: 0 match(es) found.
  Verify DeveloperToolsAvailability removal
```
reg query "HKLM\SOFTWARE\Policies\Google\Chrome" /v DeveloperToolsAvailability
```
  Expected output: The system was unable to find the specified registry key or value.

Deploy Chrome Collector v1.x.x​

Managed storage​

Configuration fields​

System settings​

Select extension version​

Select distribution method​

Chrome Enterprise​

Requirements​

Install and configure extension​

Group Policy (Windows)​

Requirements​

Create or edit Group Policy Object​

Force-install extension​

Install administrative templates​

Enable force-install policy​

Configure computer-level registry settings​

Configure user-level registry settings​

Link GPO and verify​

Self-Service (testing)​

Install and configure extension​

Uninstall collector​

Deploy Chrome Collector v1.x.x

Managed storage

Configuration fields

System settings

Select extension version

Select distribution method

Chrome Enterprise

Requirements

Install and configure extension

Group Policy (Windows)

Requirements

Create or edit Group Policy Object

Force-install extension

Install administrative templates

Enable force-install policy

Configure computer-level registry settings

Configure user-level registry settings

Link GPO and verify

Self-Service (testing)

Install and configure extension

Uninstall collector