Description

Deploy the ConcealBrowse extension to Google Chrome. Microsoft Edge, and Brave on Windows 10+ endpoints seamlessly with Group Policy Objects (GPO) and PowerShell.

Applies to

• Active Directory and Group Policy Objects (GPO)
  • You need an administrator account capable of administering your active directory domain(s) and Group Policy.
• Microsoft PowerShell

• Any edition of Windows 10 and 11 but not Windows Home

• Google Chrome 101+

• Microsoft Edge version 77 and newer
  • Windows must be joined to Active Directory or Azure Active Directory
• Brave browser

Procedure

1. You may download the Install-ConcealBrowse.ps1 PowerShell script from this article: Current ConcealBrowse PowerShell Script
   1. The script contains detailed documentation and examples for your review.
2. Open your ConcealBrowse dashboard (https://dashboard.conceal.io) and navigate to the tab labelled Devices on the left side menu.
   
3. On the Devices page, click Register New Device in the upper right hand corner.
4. Once you click on Register a New Device, you will see two variables generated for the Company ID and Site ID. These will be used as arguments when executing the PowerShell script.

Microsoft Group Policy Steps

Step 1: Create the Group Policy Object

1. Open the Group Policy Management Console
2. Expand the navigation tree until you see your domain
3. Expand your domain
4. Right click Group Policy Objects and click New
5. Name the new policy, example “Computer - ConcealBrowse Deploy Script” and click OK
6. Right Click the new policy and choose Edit
7. Within the policy, navigate to Computer Configuration > Policies > Windows Settings > Scripts (Startup/Shutdown)
8. Open the Startup policy
9. Click the PowerShell Scripts tab
10. Click Add... then click Browse...
11. This will open the directory associated with the policy, we will place the script here
12. Copy and paste the Install-ConcealBrowse.ps1 script into this folder and click Open
13. If this has been done correctly, the Script Name will only show Install-ConcealBrowse.ps1 instead of a path
14. For Script Parameters: 
    1. You may open the script and review the documentation at the top to see options you can use to customize your deployment. At a minimum you must specify the following.
    2. Use the following format and enter your CompanyID and SiteID:

       -CompanyId <CompanyID from dashboard.conceal.io> -SiteID <SiteID from dashboard.conceal.io>

    3. Example:

       -CompanyId 12345678-9012-3456-7890-123456789012 -SiteID abcdefgh-ijkl-mnop-qrst-uvwxyzabcdef

    4. Click OK
15. Click OK then close the Group Policy Management Editor

Step 3: Apply

1. Apply the policy to a limited group of test devices, this is usually done with an Organizational Unit (OU) containing a few test Users
   - Right click the target OU and choose Link an Existing GPO
   - Select the policy created above

Step 4: Test

1. For one or more test devices, restart
2. It may require two restarts to fully apply
3. After restarting, launch a supported browser and check that ConcealBrowse has been installed and says ON
4. Event Viewer > Windows Logs > System with Source "GroupPolicy(Microsoft-Windows-GroupPolicy)" will show any warnings or errors regarding group policy application
5. Once testing is successful, apply the policy more generally across your organization.
   

Recommended Steps

Assuming your policy contains no User settings, it’s recommended to disable User settings to improve enterprise group policy performance:

1. Right click the policy created above and choose properties
2. Click the General tab
3. Select Disable User Configuration Settings
4. Save