Block Chrome Extensions – Windows 10

TL;DR

This guide shows you how to stop standard users on a Windows 10 computer from installing Chrome extensions. We’ll use Group Policy Editor to restrict extension access, keeping your system more secure and controlled.

Steps

1. Open the Local Group Policy Editor: Press the Windows key + R, type gpedit.msc, and press Enter. This opens the Group Policy Management Console.
   Note: This tool is not available on Windows 10 Home edition.
2. Navigate to Chrome Extension Settings: In the left pane, expand the following folders:
   • Computer Configuration
   • Administrative Templates
   • Google
   • Google Chrome
   • Extensions
3. Configure Extension Installation Policies: You’ll find several policies here. We need to focus on two main ones:
   • “Allow installation of extensions from the Chrome Web Store” – Double-click this policy. Set it to Disabled. This prevents users from installing extensions directly from the store.
     
   • “Allow installation of extensions with developer mode” – Double-click this policy. Set it to Disabled. This prevents users from sideloading extensions.
     
4. Configure Extension Blocklist (Optional): If you want to specifically block certain extensions while allowing others, use the “Specify a list of force-installed extensions” policy.
   • Double-click this policy.
   • Select Enabled.
   • Click Show….
   • In the ‘Value name’ field, enter the extension ID (you can find this in Chrome’s extensions page – see Step 6). Leave the ‘Value data’ field blank to block it.
     
5. Configure Extension Allowlist (Optional): If you want to allow only certain extensions, use the “Specify a list of force-installed extensions” policy.
   • Double-click this policy.
   • Select Enabled.
   • Click Show….
   • In the ‘Value name’ field, enter the extension ID (you can find this in Chrome’s extensions page – see Step 6). Leave the ‘Value data’ field blank to allow it.
     
6. Find Extension IDs: To block or allow specific extensions:
   • Open Chrome.
   • Type chrome://extensions in the address bar and press Enter.
   • Enable ‘Developer mode’ (top right corner).
   • The extension ID is a long string of characters after “id=” on each extension card.
     
7. Apply the Changes: Open Command Prompt as an administrator (right-click Start menu, choose ‘Command Prompt (Admin)’ or ‘Windows PowerShell (Admin)’). Run the following command to force a Group Policy update:

   gpupdate /force

8. Test the Changes: Log in as a standard user and try to install a Chrome extension. It should be blocked.
   If it doesn’t work immediately, restart your computer.