Chrome

Set Microsoft Edge as Default Browser One Time

Posted on by Adam Fowler

The New Microsoft Edge browser is great and everyone should use it :) Especially if you’re still on Internet Explorer, you can make Edge use IE mode for the sites you have that still require IE, without having to actually use IE.

I had a scenario where I wanted Internet Explorer users to be changed to Microsoft Edge. Previously, we’d had business requirements to set IE as the default – but now that’s no longer required, I wanted to flip their default. At the same time, I didn’t want to change Google Chrome default browser users as they’d already made that choice, and didn’t want to shove a similar Chromium browser down their throats.

As per Microsoft’s doco https://docs.microsoft.com/en-us/deployedge/edge-default-browser you can use an XML file with default associations, and use Group Policy to point to that XML. It doesn’t stop users from changing the associations, but it does reset the associations each time the user logs in – so not ideal if you want to set a default, but also allow flexibility.

I worked out how to do this based on current default browser and using GPO still, so here’s what I did:

As per the doco above, create an XML file that sets Microsoft Edge as the default application for certain protocols: 

<?xml version="1.0" encoding="UTF-8"?>
<DefaultAssociations> 
  <Association ApplicationName="Microsoft Edge" ProgId="MSEdgeHTM" Identifier=".html"/>
  <Association ApplicationName="Microsoft Edge" ProgId="MSEdgeHTM" Identifier=".htm"/>
  <Association ApplicationName="Microsoft Edge" ProgId="MSEdgeHTM" Identifier="http"/>
  <Association ApplicationName="Microsoft Edge" ProgId="MSEdgeHTM" Identifier="https"/>  
  <Association ApplicationName="Microsoft Edge" ProgId="MSEdgePDF" Identifier=".pdf"/>
</DefaultAssociations>

Note that .PDF is included, so if you’d rather not default .PDF files to Microsoft Edge, remove that line from the code.

The Group Policy in the doco to set this XML is called Set a default associations configuration file – and all it’s doing is populating a registry key. Instead of using the Group Policy setting, create a registry setting to apply a value to:

Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System
DefaultAssociationsConfiguration - REG_SZ - Path to XML e.g. \\dfs\share\defaultapplication.xml

The Group Policy registry setting will look like this:

We only want this registry setting to apply when the default browser is IE, and not apply any other time. We can use two options to do this – Remove this item when it is no longer applied, and Item-level targeting:

“Remove this item when it is no longer applied” will remove the registry setting when the item-level targeting condition is no longer true, which will stop the default browser applying again and again once the default browser isn’t IE.

“Item-level Targeting” is where we’ll check another registry value to see if IE is the default browser.

This is checking the registry key path Computer\HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\http\UserChoice

and the Value name ProgId

and the Value Data IE.HTTP

Only when all this is true, will the XML reg key apply. Next time someone logs on, the default program associations file will be read and apply the new browser default. Then, next time Group Policy evaluates, the registry setting will be out of scope and removed, so the default program assocations file registry setting will be removed.

For reference, Chrome will be the value ChromeHTML and Edge will be MSEdgeHTM.

This method worked quite well and gave me what I was after – a one time change from Internet Explorer to Microsoft Edge, without bothering Chrome and Firefox users.

Note that this will also keep kicking in if the user changes their browser default back to Internet Explorer, which might be what you want – but if not, you’d need to add another Item-level target using a flag file or registry setting to mark that the default browser has already been applied once.

The Current State of Edgium

Posted on by Adam Fowler

Update 16th Jan 2020: The New Edge is now live! You can download from here” https://www.microsoft.com/en-us/edge?form=MO12GC&OCID=MO12GC and more details here: https://blogs.windows.com/windowsexperience/2020/01/15/new-year-new-browser-the-new-microsoft-edge-is-out-of-preview-and-now-available-for-download/

Original Article:

“Edgium” or ‘The next version of Microsoft Edge’ is Microsoft’s rebuild of the Microsoft Edge browser, built on the open-source Chromium platform. I recently decided to start using it and see the current state of Edgium (which I’ll call it that for the rest of this post for clarification’s sake).

Microsoft Edge was met with a lot of resistance when launched – and although there were reasonable claims about it being the fastest browser around, there were a lot of features lacking and sites that wouldn’t work with it.

Here’s why Microsoft decided to abandon Edge as it is. It’s interesting to note that on mobile devices, they were already using an open-source foundation from the start, and for the desktop version there’s a focus on making sure all web standards are adopted.

You can download Microsoft Edge Beta right now and install it in parallel with the old Edge – or you can install the build that replaces old Edge direct from Microsoft here (keep in mind you can’t uninstall from this). The Beta is good if you want to have a play around before committing.

The expirience I’ve had so far is rock solid. There are some ways where it loosk and feels like Chrome, and others where it’s more Edgey. The import options (for me at least) just worked – I could import everything from browser history, favorites and saved passwords and pick which Chrome profile I wanted to import it from.

At the Edgium end, I’ve then created multiple profiles and imported each relevant profile across to match the experience I was having on Chrome. Multiple profiles is great when you’re doing things in Microsoft 365 and have multiple accounts (user and admin) and different tenants to access.

Also, Edgium fully supports Chrome extensions. Old Edge did have extensions too, but very few. Edgium will prompt, asking if you want to allow 3rd party extensions, and then you add them just like you would in Chrome:

The settings area of Edgium in my opinion, is much better than Chrome:

Google Chrome Settings Page
Microsoft Edgium Settings Page

There’s also already Group Policy ADM/ADMX files ready to use which gives IT Administrators a lot of control over the browser, which is worth putting in place and going through before you even consider piloting Edgium.

For IT Admins, also check out the security baseline you should use, currently in draft form.

Edgium also has an Internet Explorer mode, so hopefully this can end up with Edgium replacing Chrome, Internet Explorer and Old Edge with a single browser – it might take a while of course, but for a company looking to control the user experience a bit more and not manage lots of browsers, it’s looking hopeful.

At the time of writing there’s no announced release date of Edgium, but it’s expected to completely replace Edge – so it’s worth getting used to it early. I’m sure there will be some changes between here and launch, but it should all be small changes.

Personally I’ve made the move from Chrome to Edge and haven’t hit an issue yet. Old Edge is on the way out, and overall this seems to be a positive decision for all involved. Let’s see how

Azure AD Sign-in via Google Chrome and Conditional Access

Posted on by Adam Fowler

While testing MFA, Conditional Access and all the other good stuff Azure AD provides, I came across this scenario:

Conditional Access configured to require MFA if the user wasn’t on an Azure AD Hybrid PC, or coming from an internal IP.

User on an Azure AD Hybrid PC, but on an external IP.

User uses Chrome to access a Microsoft resource, and gets challenged despite being on the Azure AD Hybrid PC.

It seems that the sign-in process isn’t aware of the state of the computer when using Chrome- but there is an easy fix: deploy Windows 10 Accounts extensions for Chrome.

This is really easy to do via Group Policy.

  1. If you don’t already have them, get the ADMX Group Policy files for Google Chrome and deploy into your environment
  2. Under User Configuration > Policies > Administrative Templates > Google > Google Chrome > Extensions, configure the policy ‘Configure the list of force-installed apps and extensions’:

3. Change the radio button to enabled, click ‘Show’ and enter the value for the add-in

ppnbnpeolgkicgegkbkbjmhlideopiji;https://clients2.google.com/service/update2/crx

4. Do your normal process of configuring the Group Policy object to target the users you want, run a gpupdate and see the addin silently turn up in Chrome. The only user impact will be a visible Windows logo to the left of the Google Accounts area in the top bar of Chrome.

Peter van de Woude has documented how to do this via registry, so read his post if you want info on how to do that –  as well as how to then deploy via Intune and PowerShell script.

Worth doing if you use Azure AD connect, and highly recommended if you’re using Conditional Access. 

How To Launch A URL In Google Chrome

Posted on by Adam Fowler

How To Launch A URL In Google Chrome

When your default browser isn’t Google Chrome, how do you force a particular link to always open in it?

We want to open a particular URL in Google Chrome, but the default browser is Internet Explorer. Most company apps either support or require Internet Explorer, so we don’t want to change the default browser – but one app works better in Chrome.
URI Schemes are required to make this work.

Applies To: Windows 10

Scenario:
We want to open a particular URL in Google Chrome, but the default browser is Internet Explorer. Most company apps either support or require Internet Explorer, so we don’t want to change the default browser – but one app works better in Chrome.

We could create a desktop shortcut using chrome.exe -url http://webpage.com, but the site is also linked from our Intranet – how do we get the link to always launch in the preferred browser?

 

Update 21st Dec 2016

Updates to Chrome seem to have broken this. Thanks to Chris Done for working with me on this fix:

1.Add the String Value of “URL Protocol” with a blank value to:

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ChromeHTML\] or [HKEY_CLASSES_ROOT\Chrome]
(they’re one and the same)
“URL Protocol”:””

2. Modify the value of

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ChromeHTML\shell\open\command\Default]
“C:\Program Files (x86)\Google\Chrome\Application\chrome.exe” — %1

3. Use a space in the URL after the // you’re using for your link:

ChromeHTML:// adamfowlerit.com

4. Create this key to remove the prompt on opening the link:
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ProtocolExecute\ChromeHTML]
“WarnOnOpen”=dword:00000000

Here’s the registry settings you can copy and paste into a .reg file and import:

Copy from the next line

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ChromeHTML]
@=”Chrome HTML Document”
“URL Protocol”=””

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ChromeHTML\DefaultIcon]
@=”C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe,0″

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ChromeHTML\shell]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ChromeHTML\shell\open]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ChromeHTML\shell\open\command]
@=”\”C:\\Program Files (x86)\\Google\\Chrome\\Application\\Chrome.exe\” — %1″

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ProtocolExecute\ChromeHTML]
“WarnOnOpen”=dword:00000000

Copy stops above this line

End of update 21st Dec 2016

Answer:
URI Schemes. Any program can be launched using a protocol (you can see which ones you already have in Windows under Control Panel > Default Programs > Associate a file type or protocol with a program > Scroll past all the extensions down to the protocols.

You may have something like ‘MAILTO’ which is used in the format “Mailto:”. Type that into your browser and it will either launch a new email from your default mail client, or ask you to set a default mail client.

Some apps automatically create their own protocol, but you can also create your own through registry entries. Details from MSDN are available here.

Luckily for Chrome, this is already done for you, using ChromeHTML. This means you should be able to call Chrome with “ChromeHTML:” and insert the URL you want after it to open – except it doesn’t work. Chrome will open, but no URL is passed over.

A user has logged this bug with Google several months ago, it hasn’t been fixed. There is a workaround though, that can easily be done via group policy to change a local registry setting.

As this user mentions, a quote needs to be taken out of the following registry key, so it looks like this:

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ChromeHTML\shell\open\command]
@="\"C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe\" -- %1"

The quote removed was before the % sign.

Once this is done, the ChromeHTML protocol can be used with a URL, as long as it’s in this format:

ChromeHTML:// google.com

Note the space after the slashes.

The next issue you will notice, is that Internet Explorer will most likely prompt when launching the URL, asking ‘Do you want to allow this website to open a program on your computer?’ – there is a tickbox you can remove to ‘Always ask before opening this type of address’ but this can also be suppressed via the registry.

Snapcomms have an article on how to do it with their product, but the same rules apply for Google Chrome, as long as you use the right key:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ProtocolExecute\ChromeHTML]
“WarnOnOpen”=dword:00000000

Once this key exists, the prompt will no longer show for that particular protocol.

That’s it, now you can use a URL link such as “ChromeHTML:// adamfowlerit.com” on your intranet page to launch the website of your choice in Chrome browser.

Update 22nd January 2018

This issue has been marked as ‘Wont fix’ by the Chromium team. This means potentially, they may ‘break this/remove this/anything could happen’ in the future. Please be aware that you’re now doing something unsupported by Google. In November they removed more of the functionality that made this work, for reasons I can’t quite understand!