Skip to main content

Migrate to CrowdStrike-hosted Chrome extension

note:

This page applies to deployments running the Chrome Web Store edition of the extension, version 0.6.x.

Starting with version 0.6.12, the old extension displays as AIDR (Chrome Store) in the browser toolbar and the extensions page.

If you're already running the CrowdStrike-hosted edition, version 1.x.x, you don't need to migrate.

The AIDR Chrome browser extension has moved from the Chrome Web Store to a CrowdStrike update server. This change enables

Site Access monitoring. Migration is required only if you need Site Access rules in your browser collector policies.

The new edition uses a different extension ID and update URL:

Extension IDUpdate URL
Oldfolndgmoekgkipoolphnkclopeopkecchttps://clients2.google.com/service/update2/crx
Newgppamppofhecmnlhmhdobepbifmpafmphttps://update-crx.falcon.crowdstrike.com/aidr/v1/update.xml

Update your deployment policies and configuration to reference the new ID and update URL.

What to expect

  • You might need to correlate old and new device IDs:
    • New device IDs in the collector Devices tab. Both old and new device entries appear until you remove the old entries.
    • New COLLECTOR INSTANCE ID values in Findings. During the transition, old and new device IDs appear in the COLLECTOR INSTANCE ID column on the Findings page.
    • New Collector Instance Id values in Visibility. During the transition, old and new device IDs appear as Collector Instance Id on the Visibility page.

Chrome Enterprise

Chrome Enterprise Cloud Management pushes extension configuration via cloud policy in the Google Admin console. Extension entries use the ID as a key and don't support in-place editing. To migrate, add the new extension alongside the old one, copy the configuration, verify, and then remove the old entry.

Requirements

  • Chrome Web Store edition of the AIDR extension v0.6.11

    This version can run alongside the CrowdStrike-hosted edition during migration.

Step 1 - Add new extension

  1. Log in to the Google Admin console.
  2. Click the Main menu () icon and go to Chrome browser > Apps & extensions.
  3. Select the OU where the AIDR extension is deployed.
  4. Click the Users & browsers tab.
  5. Hover over the + icon and select Add Chrome app or extension by ID.
  6. In the Add Chrome app or extension by ID dialog:
    1. Extension ID: 

      gppamppofhecmnlhmhdobepbifmpafmp
    2. Select From a custom URL.
    3. URL: 

      https://update-crx.falcon.crowdstrike.com/aidr/v1/update.xml
    4. Click SAVE.

Step 2 - Copy configuration from old extension

  1. Select the old AIDR extension (folndgmoekgkipoolphnkclopeopkecc) in the App list. You might need to clear the filter to see all registered extensions.
  2. Record the old extension settings:
    • Policy for extensions - Copy the extension policy JSON.
    • Other settings, such as Installation policy, Incognito mode, and Permissions and URL access.
  3. Select the new AIDR extension (gppamppofhecmnlhmhdobepbifmpafmp) in the App list.
  4. Apply the settings from the old extension:
    • Policy for extensions - Paste the extension policy JSON from the old extension or from the collector's Install tab in the AIDR console.
    • Other settings, such as Installation policy, Incognito mode, and Permissions and URL access.
  5. Click SAVE in the top right corner of the screen.
note:

The urlTemplate and registrationIdentity values are reusable between the Chrome Web Store and CrowdStrike-hosted editions.

Step 3 - Verify new extension installation

On a target machine, restart Google Chrome and verify that the extension is installed and configured:

  1. In Google Chrome, go to chrome://extensions.
    1. Confirm that the AIDR extension is enabled and shows version 1.x.x.
  2. Go to chrome://policy and click Reload policies.
    1. Confirm that under Chrome Policies, ExtensionInstallForcelist > Policy value includes the new extension:
      Policy value
      [
        ...
        "gppamppofhecmnlhmhdobepbifmpafmp;https://update-crx.falcon.crowdstrike.com/aidr/v1/update.xml"
        ...
      ]
    2. Confirm that the AIDR policy shows the new ID, gppamppofhecmnlhmhdobepbifmpafmp, and all configuration values are present.

  3. Open the AIDR extension from the browser toolbar and verify its status.

    After successful registration, the extension status progresses through Configured and Ready to Active.

    To confirm that the extension connects to AIDR, see Verify Deployment .

note:

Two AIDR extensions appear in the browser toolbar:

  • AIDR (Chrome Store) version 0.6.x - Old extension from Chrome Web Store
  • AIDR version 1.x.x - New CrowdStrike-hosted extension

Step 4 - Remove old extension

After you confirm that the new extension is installed and configured:

  1. In the Google Admin console, go to Chrome browser > Apps & extensions > Users & browsers.
  2. Select the old AIDR extension (folndgmoekgkipoolphnkclopeopkecc).
  3. Click the delete icon (🗑️).
  4. In the Delete AIDR dialog, click DELETE.

After enrolled browsers check in, the browser removes the old extension automatically.

Step 5 - Verify migration

On a target machine, restart Google Chrome and verify that the extension is installed and configured:

  1. In Google Chrome, go to chrome://extensions.
    1. Confirm that the AIDR extension is enabled and shows version 1.x.x.
    2. Confirm that AIDR (Chrome Store) version 0.6.x is not listed.
  2. Go to chrome://policy and click Reload policies.
    1. Confirm that under Chrome Policies, ExtensionInstallForcelist > Policy value includes the new extension:
      Policy value
      [
        ...
        "gppamppofhecmnlhmhdobepbifmpafmp;https://update-crx.falcon.crowdstrike.com/aidr/v1/update.xml"
        ...
      ]
    2. Confirm that the AIDR policy shows the new ID, gppamppofhecmnlhmhdobepbifmpafmp, and all configuration values are present.
    3. Confirm that no references to folndgmoekgkipoolphnkclopeopkecc appear.

  3. Open the AIDR extension from the browser toolbar and verify its status.

    After successful registration, the extension status progresses through Configured and Ready to Active.

    To confirm that the extension connects to AIDR, see Verify Deployment .

Jamf (macOS)

Jamf supports an atomic update-in-place approach. You can edit the existing configuration profile rather than creating a new one. When Jamf pushes the updated profile, macOS replaces the old force-install entry and managed preferences in a single operation.

Step 1 - Update configuration profile

  1. In Jamf, go to Computers > Configuration Profiles.
  2. Find the configuration profile that manages the AIDR Google Chrome extension.
  3. On the configuration profile page, under Options, expand Application & Custom Settings and click External Applications.
  4. Click Edit.
  5. Update the force-install payload:

    1. Find the payload with com.google.Chrome preference domain.

      note:

      The Preference Domain (com.google.Chrome) stays the same - it targets Google Chrome browser-level policies, not the extension itself.

    2. In Preference Domain Properties > ExtensionInstallForcelist > Extension ID 1, replace the existing value with the new extension ID and update URL:

      With new extension ID
      gppamppofhecmnlhmhdobepbifmpafmp;https://update-crx.falcon.crowdstrike.com/aidr/v1/update.xml
  6. Update the extension settings payload:

    1. Find the payload with com.google.Chrome.extensions.folndgmoekgkipoolphnkclopeopkecc preference domain.

    2. In Preference Domain, replace the existing value with the new preference domain:

      New preference domain
      com.google.Chrome.extensions.gppamppofhecmnlhmhdobepbifmpafmp
  7. Click Save.
  8. In the Redistribution Options dialog:
    1. Select Distribute to All.
    2. Click Save.
  9. In the saved profile, confirm that:

    1. The com.google.Chrome payload shows the new extension in the ExtensionInstallForcelist:

      gppamppofhecmnlhmhdobepbifmpafmp;https://update-crx.falcon.crowdstrike.com/aidr/v1/update.xml

    2. The extension settings payload shows the new Preference Domain:

      com.google.Chrome.extensions.gppamppofhecmnlhmhdobepbifmpafmp

    3. No remaining payloads reference the old extension ID (folndgmoekgkipoolphnkclopeopkecc).

Step 2 - Verify migration

Spot-check the migration on a target machine to confirm the new extension is active and configured.

To apply the profile update immediately without waiting for the next scheduled check-in, run this command on the target machine:

sudo jamf recon
Browser

On a target machine, restart Google Chrome and verify that the extension is installed and configured:

  1. In Google Chrome, go to chrome://extensions.
    1. Confirm that the AIDR extension is enabled and shows version 1.x.x.
    2. Confirm that AIDR (Chrome Store) version 0.6.x is not listed.
  2. Go to chrome://policy and click Reload policies.
    1. Confirm that under Chrome Policies, ExtensionInstallForcelist > Policy value includes the new extension:
      Policy value
      [
        ...
        "gppamppofhecmnlhmhdobepbifmpafmp;https://update-crx.falcon.crowdstrike.com/aidr/v1/update.xml"
        ...
      ]
    2. Confirm that the AIDR policy shows the new ID, gppamppofhecmnlhmhdobepbifmpafmp, and all configuration values are present.
    3. Confirm that no references to folndgmoekgkipoolphnkclopeopkecc appear.

  3. Open the AIDR extension from the browser toolbar and verify its status.

    After successful registration, the extension status progresses through Configured and Ready to Active.

    To confirm that the extension connects to AIDR, see Verify Deployment .

macOS plist

On a target machine, verify that the old managed preferences file no longer exists:

find /Library/Managed\ Preferences -name "com.google.Chrome.extensions.folndgmoekgkipoolphnkclopeopkecc.plist" 2>/dev/null

If the command returns no output, the old configuration no longer exists.

tip:

For troubleshooting, review the logs for errors during the Google Chrome restart:

pkill -a "Google Chrome" ; sleep 2 ; /Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --enable-logging=stderr --v=1 2>&1 | grep -i "gppamppofhecmnlhmhdobepbifmpafmp"

Microsoft Intune (Windows)

A Microsoft Intune PowerShell script configures the AIDR extension. The script writes registry values that persist after you remove or unassign the script. To migrate, apply the new configuration, deploy the new extension, and clean up residual registry values.

Step 1 - Deploy new configuration script

Create a Platform Script with the new extension configuration. This prepares managed storage before the swap. The old extension continues to operate from its existing registry values. You remove those values separately after the swap.

Copy this script and save it as Configure-ChromeAIDR-CrowdStrike.ps1.

Configure Chrome AIDR Extension - CrowdStrike > Configure-ChromeAIDR-CrowdStrike.ps1
# Chrome AIDR Extension Configuration (CrowdStrike-hosted)
$ErrorActionPreference = "Stop"

try {
  # Registry path for Chrome 3rdparty extensions
  $registryPath = "HKLM:\SOFTWARE\Policies\Google\Chrome\3rdparty\extensions\gppamppofhecmnlhmhdobepbifmpafmp\policy"

  # Create path
  if (-not (Test-Path $registryPath)) {
    New-Item -Path $registryPath -Force | Out-Null
  }

  # Set configuration values
  Set-ItemProperty -Path $registryPath -Name "registrationIdentity" `
    -Value "eyJzIj...YiOjF9 `
    -Type String -Force

  Set-ItemProperty -Path $registryPath -Name "urlTemplate" `
    -Value "https://api.crowdstrike.com/aidr/aiguard" `
    -Type String -Force

  # Use REG_EXPAND_SZ to expand %...% variables at read time

  New-ItemProperty -Path $registryPath -Name "userId" `
    -Value "%USERNAME%" -PropertyType ExpandString -Force | Out-Null

  New-ItemProperty -Path $registryPath -Name "userFullName" `
    -Value "%USERNAME%" -PropertyType ExpandString -Force | Out-Null

  New-ItemProperty -Path $registryPath -Name "hostname" `
    -Value "%COMPUTERNAME%" -PropertyType ExpandString -Force | Out-Null

  # Verify
  $config = Get-ItemProperty -Path $registryPath
  Write-Output "Configuration applied successfully"
  Write-Output "  - registrationIdentity: Set"
  Write-Output "  - urlTemplate: $($config.urlTemplate)"
  Write-Output "  - userId: $($config.userId)"
  Write-Output "  - userFullName: $($config.userFullName)"
  Write-Output "  - hostname: $($config.hostname)"

  Exit 0
} catch {
  Write-Error "Failed: $($_.Exception.Message)"
  Exit 1
}
tip:

You can reuse the registrationIdentity and urlTemplate values between the Chrome Web Store and CrowdStrike-hosted editions. Copy these values from the collector page in the AIDR console or from your existing configuration script.

Add a Platform Script:

  1. Log in to Microsoft Intune at intune.microsoft.com.
  2. Go to Devices > Manage devices > Scripts and remediations > Platform scripts.
  3. Click + Add and select Windows 10 and later.
  4. On the Add PowerShell script page:
    1. Basics > Name: Configure Chrome AIDR Extension - CrowdStrike
    2. Click Next.
    3. Script settings:
      1. Script location: Select the Configure-ChromeAIDR-CrowdStrike.ps1 file.
      2. Run this script using the logged on credentials: No (run as System)
      3. Enforce script signature check: No
      4. Run script in 64-bit PowerShell host: Yes
    4. Click Next.
    5. Assignments: Add groups, users, or devices.
    6. Click Next.
    7. Review + create: Review script configuration.
    8. Click Create.

note:

Platform scripts don't execute immediately. Registry changes might take additional time to appear after the script runs.

To trigger the script sooner on a target device, restart the machine or restart the Intune Management Extension service:

Restart-Service -Name IntuneManagementExtension

Allow a few minutes for the script to execute after the service restart.

Step 2 - Verify configuration

Before you swap extensions, verify that the script has executed and applied the new extension configuration.

Intune admin center
  1. Log in to Microsoft Intune at intune.microsoft.com.
  2. Go to Devices > Manage devices > Scripts and remediations > Platform scripts.
    1. Click the AIDR script name.
    2. Verify that Device status and User status show Succeeded.
note:

Status reports update after each device check-in and might take time to reflect the latest state. Allow enough time for devices to check in before you review the results.

Windows registry

On a target machine, verify the extension configuration.

Get-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Google\Chrome\3rdparty\extensions\gppamppofhecmnlhmhdobepbifmpafmp\policy"

Confirm that the output includes the managed field values.

  • Required:
    • urlTemplate
    • registrationIdentity
  • Optional:
    • userId
    • userFullName
    • hostname

Step 3 - Swap extensions in force-install policy

In a single policy edit, add the new extension and remove the old one. Removing the old entry from the force-install list causes the browser to uninstall the old extension automatically.

  1. Log in to Microsoft Intune at intune.microsoft.com.
  2. Go to Devices > Manage devices > Configuration > Policies.
  3. Click the existing Settings Catalog policy that force-installs the AIDR Google Chrome extension.
  4. Click Edit in the Configuration settings section.
  5. Expand the Google category.
  6. In Google Chrome > Extensions, add a new entry with the CrowdStrike-hosted extension: 
    gppamppofhecmnlhmhdobepbifmpafmp;https://update-crx.falcon.crowdstrike.com/aidr/v1/update.xml
  7. Select the old entry: 
    folndgmoekgkipoolphnkclopeopkecc;https://clients2.google.com/service/update2/crx
  8. Click Delete.
  9. Click Review + save.
  10. Click Save.
note:

Intune notifies online devices when a policy changes. The policy update typically applies within minutes. If a device is offline, the update applies at the next scheduled check-in, up to 8 hours.

To confirm a specific device received the update:

  1. Go to Devices > All devices.
  2. Select the device.
  3. Click Sync.

Step 4 - Verify migration

Intune admin center
  1. Log in to Microsoft Intune at intune.microsoft.com.
  2. Go to Devices > Manage devices > Configuration > Policies.
    1. Click the AIDR Settings Catalog policy that force-installs the Chrome extension.
    2. Under Device and user check-in status, confirm the policy shows Succeeded.
  3. Go to Devices > Manage devices > Scripts and remediations > Platform scripts.
    1. Click the AIDR script name.
    2. Verify that Device status and User status show Succeeded.
note:

Status reports update after each device check-in and might take time to reflect the latest state. Allow enough time for devices to check in before you review the results.

Browser

On a target machine, restart Google Chrome and verify that the extension is installed and configured:

  1. In Google Chrome, go to chrome://extensions.
    1. Confirm that the AIDR extension is enabled and shows version 1.x.x.
    2. Confirm that AIDR (Chrome Store) version 0.6.x is not listed.
  2. Go to chrome://policy and click Reload policies.
    1. Confirm that under Chrome Policies, ExtensionInstallForcelist > Policy value includes the new extension:
      Policy value
      [
        ...
        "gppamppofhecmnlhmhdobepbifmpafmp;https://update-crx.falcon.crowdstrike.com/aidr/v1/update.xml"
        ...
      ]
    2. Confirm that the AIDR policy shows the new ID, gppamppofhecmnlhmhdobepbifmpafmp, and all configuration values are present.
    3. Confirm that no references to folndgmoekgkipoolphnkclopeopkecc appear.

  3. Open the AIDR extension from the browser toolbar and verify its status.

    After successful registration, the extension status progresses through Configured and Ready to Active.

    To confirm that the extension connects to AIDR, see Verify Deployment .

Windows registry

  1. On a target machine, verify that the force-install policy includes the new extension.

    Get-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Google\Chrome\ExtensionInstallForcelist"
    Confirm that the output includes an entry with the extension ID and update URL:
    gppamppofhecmnlhmhdobepbifmpafmp;https://update-crx.falcon.crowdstrike.com/aidr/v1/update.xml

  2. On a target machine, verify the extension configuration.

    Get-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Google\Chrome\3rdparty\extensions\gppamppofhecmnlhmhdobepbifmpafmp\policy"

    Confirm that the output includes the managed field values.

    • Required:
      • urlTemplate
      • registrationIdentity
    • Optional:
      • userId
      • userFullName
      • hostname

Step 5 - Clean up old registry values

  1. Log in to Microsoft Intune at intune.microsoft.com.
  2. Go to Devices > Manage devices > Scripts and remediations > Platform scripts.
  3. Delete the old configuration Platform Script.
  4. To remove the residual registry values that the old configuration script wrote, deploy a cleanup script. Copy this script and save it as Remove-Old-ChromeAIDR-configuration.ps1.

    Remove Configuration for old Chrome AIDR Extension > Remove-Old-ChromeAIDR-configuration.ps1
    # Remove old AIDR Chrome extension residual registry values
    $ErrorActionPreference = "Stop"
    try {
       $oldExtensionId = "folndgmoekgkipoolphnkclopeopkecc"

       # Remove old extension configuration
       $oldConfigPath = "HKLM:\SOFTWARE\Policies\Google\Chrome\3rdparty\Extensions\$oldExtensionId"
       if (Test-Path $oldConfigPath) {
           Remove-Item -Path $oldConfigPath -Recurse -Force
           Write-Output "Removed old extension configuration"
       }

       Write-Output "Cleanup complete."
       Exit 0
    } catch {
       Write-Error "Failed: $($_.Exception.Message)"
       Exit 1
    }

  5. Add a Platform Script:

    1. Log in to Microsoft Intune at intune.microsoft.com.
    2. Go to Devices > Manage devices > Scripts and remediations > Platform scripts.
    3. Click + Add and select Windows 10 and later.
    4. On the Add PowerShell script page:
      1. Basics > Name: Remove Configuration for old Chrome AIDR Extension
      2. Click Next.
      3. Script settings:
        1. Script location: Select the Remove-Old-ChromeAIDR-configuration.ps1 file.
        2. Run this script using the logged on credentials: No (run as System)
        3. Enforce script signature check: No
        4. Run script in 64-bit PowerShell host: Yes
      4. Click Next.
      5. Assignments: Add groups, users, or devices assigned to the old configuration.
      6. Click Next.
      7. Review + create: Review script configuration.
      8. Click Create.

    note:

    Platform scripts don't execute immediately. Registry changes might take additional time to appear after the script runs.

    To trigger the script sooner on a target device, restart the machine or restart the Intune Management Extension service:

    Restart-Service -Name IntuneManagementExtension

    Allow a few minutes for the script to execute after the service restart.

  6. On a target machine, verify that the old extension is no longer in the registry: 

    reg query "HKLM\SOFTWARE\Policies\Google\Chrome" /s /f "folndgmoekgkipoolphnkclopeopkecc"
    Expected output: End of search: 0 match(es) found.
  7. In the Intune admin center, delete the cleanup Platform Script.

Group Policy (Windows)

A Group Policy Object (GPO) configures the AIDR extension through Administrative Template policies and Registry Preferences. To migrate, update the registry key paths in Computer Configuration and User Configuration, swap the force-install policy to the new extension, apply the policy, and clean up old registry entries.

Step 1 - Update computer-level registry items

Update the Key Path on each existing computer-level registry item to point to the new extension. The values stay the same.

  1. In Group Policy Management Editor for AIDR policy, go to Computer Configuration > Preferences > Windows Settings > Registry.
  2. For each registry item (urlTemplate, registrationIdentity, hostname):
    1. Right-click the item and select Properties.
    2. Update Key Path:

      Old key path
      SOFTWARE\Policies\Google\Chrome\3rdparty\extensions\folndgmoekgkipoolphnkclopeopkecc\policy
      New key path
      SOFTWARE\Policies\Google\Chrome\3rdparty\extensions\gppamppofhecmnlhmhdobepbifmpafmp\policy
    3. Click OK.

Step 2 - Update user-level registry items

Update the Key Path on each existing user-level registry item. The values stay the same.

  1. Go to User Configuration > Preferences > Windows Settings > Registry.
  2. For each registry item (userId, userFullName):
    1. Right-click the item and select Properties.
    2. Update Key Path:

      Old key path
      SOFTWARE\Policies\Google\Chrome\3rdparty\extensions\folndgmoekgkipoolphnkclopeopkecc\policy
      New key path
      SOFTWARE\Policies\Google\Chrome\3rdparty\extensions\gppamppofhecmnlhmhdobepbifmpafmp\policy
    3. Click OK.

Step 3 - Update force-install policy

Replace the old extension entry with the new one in the existing GPO. When the policy applies, the browser silently installs the new extension. Removing the old entry from the force-install list causes the browser to uninstall the old extension automatically.

  1. Open Group Policy Management Editor for the GPO that deploys the AIDR extension.
  2. Go to: Computer Configuration > Policies > Administrative Templates > Google > Google Chrome > Extensions.
  3. Double-click Configure the list of force-installed apps and extensions.
  4. Click Show... under Extension/App IDs and update URLs to be silently installed.
  5. In the Show Contents dialog:
    1. Replace the old entry with the new extension update URL.

      Old entry
      folndgmoekgkipoolphnkclopeopkecc;https://clients2.google.com/service/update2/crx
      New extension update URL
      gppamppofhecmnlhmhdobepbifmpafmp;https://update-crx.falcon.crowdstrike.com/aidr/v1/update.xml
    2. Click OK.
  6. Click OK in the Configure the list of force-installed apps and extensions dialog.

Step 4 - Apply policy

Domain-joined machines automatically refresh Group Policy every 90 minutes, with a random offset of up to 30 minutes. Computer Configuration settings also apply at startup, and User Configuration settings at logon.

To apply the updated policy sooner, you can use one of the Group Policy update methods:

  • Run Invoke-GPUpdate from a domain controller or an admin workstation with Remote Server Administration Tools (RSAT) to remotely trigger a refresh on target machines:

    Invoke-GPUpdate -Computer "<target-machine-name>" -RandomDelayInMinutes 0 -Force

  • In the Group Policy Management console, right-click the target OU and select Group Policy Update. This creates a remote scheduled task on each computer in the OU, with up to a 10-minute random delay.

  • To test on a target machine, run:

    gpupdate /force

Step 5 - Verify migration

Spot-check the migration on a target machine to confirm that the new extension is active and configured.

Browser

On a target machine, restart Google Chrome and verify that the extension is installed and configured:

  1. In Google Chrome, go to chrome://extensions.
    1. Confirm that the AIDR extension is enabled and shows version 1.x.x.
    2. Confirm that AIDR (Chrome Store) version 0.6.x is not listed.
  2. Go to chrome://policy and click Reload policies.
    1. Confirm that under Chrome Policies, ExtensionInstallForcelist > Policy value includes the new extension:
      Policy value
      [
        ...
        "gppamppofhecmnlhmhdobepbifmpafmp;https://update-crx.falcon.crowdstrike.com/aidr/v1/update.xml"
        ...
      ]
    2. Confirm that the AIDR policy shows the new ID, gppamppofhecmnlhmhdobepbifmpafmp, and all configuration values are present.
    3. Confirm that no references to folndgmoekgkipoolphnkclopeopkecc appear.

  3. Open the AIDR extension from the browser toolbar and verify its status.

    After successful registration, the extension status progresses through Configured and Ready to Active.

    To confirm that the extension connects to AIDR, see Verify Deployment .

Windows registry

  1. On a target machine, verify that the force-install policy includes the new extension.

    Get-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Google\Chrome\ExtensionInstallForcelist"
    Confirm that the output includes an entry with the extension ID and update URL:
    gppamppofhecmnlhmhdobepbifmpafmp;https://update-crx.falcon.crowdstrike.com/aidr/v1/update.xml

  2. Verify the computer-level registry values:

    Get-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Google\Chrome\3rdparty\extensions\gppamppofhecmnlhmhdobepbifmpafmp\policy"

    Confirm that the output includes:

    • urlTemplate
    • registrationIdentity
    • hostname

  3. Verify the user-level registry values:

    Get-ItemProperty -Path "HKCU:\SOFTWARE\Policies\Google\Chrome\3rdparty\extensions\gppamppofhecmnlhmhdobepbifmpafmp\policy"

    Confirm that the output includes the logged-in user's values for:

    • userId
    • userFullName

Step 6 - Clean up old registry entries

GPO Registry Preferences don't automatically remove old registry entries when you change the Key Path. Use GPO-native Delete action items to remove them.

  1. Remove computer-level registry items:

    1. In Group Policy Management Editor for AIDR policy, go to Computer Configuration > Preferences > Windows Settings > Registry.
    2. Right-click and select New > Registry Item. Use these values in the New Registry Properties dialog:
      • Action: Delete
      • Hive: HKEY_LOCAL_MACHINE
      • Key Path: 

        SOFTWARE\Policies\Google\Chrome\3rdparty\extensions\folndgmoekgkipoolphnkclopeopkecc
      Leave all other fields empty. This deletes the entire key and all its subkeys.
    3. Click OK.

  2. Remove user-level registry items:

    1. In Group Policy Management Editor for AIDR policy, go to User Configuration > Preferences > Windows Settings > Registry.
    2. Right-click and select New > Registry Item. Use these values in the New Registry Properties dialog:
      • Action: Delete
      • Hive: HKEY_CURRENT_USER
      • Key Path: 

        SOFTWARE\Policies\Google\Chrome\3rdparty\extensions\folndgmoekgkipoolphnkclopeopkecc
      Leave all other fields empty. This deletes the entire key and all its subkeys.
    3. Click OK.

  3. Apply the updated policy:

    Domain-joined machines automatically refresh Group Policy every 90 minutes, with a random offset of up to 30 minutes. Computer Configuration settings also apply at startup, and User Configuration settings at logon.

    To apply the updated policy sooner, you can use one of the Group Policy update methods:

    • Run Invoke-GPUpdate from a domain controller or an admin workstation with Remote Server Administration Tools (RSAT) to remotely trigger a refresh on target machines:

      Invoke-GPUpdate -Computer "<target-machine-name>" -RandomDelayInMinutes 0 -Force

    • In the Group Policy Management console, right-click the target OU and select Group Policy Update. This creates a remote scheduled task on each computer in the OU, with up to a 10-minute random delay.

    • To test on a target machine, run:

      gpupdate /force

  4. On a target machine, verify that the old entries are removed:

    Test-Path -Path "HKLM:\SOFTWARE\Policies\Google\Chrome\3rdparty\extensions\folndgmoekgkipoolphnkclopeopkecc"
    Test-Path -Path "HKCU:\SOFTWARE\Policies\Google\Chrome\3rdparty\extensions\folndgmoekgkipoolphnkclopeopkecc"

    Expected output: False for both.

  5. After you confirm cleanup across target machines, remove the temporary Delete items from the GPO to keep the configuration clean.

©2026 CrowdStrike. All rights reserved.

PrivacyTerms of UseLegal Notices