SCCM – Managing Google Chrome

With Microsoft’s Edge browser not living up to expectations and Internet Explorer being what we all remember (compatibility issues anyone), most businesses have a requirement to run a third-party browser such as Google Chrome or Mozilla Firefox.

Chrome is usually the popular choice for this as most people are familiar with it, and there are Group Policy ADMX templates available.

Unfortunately, Chrome presents an issue for many businesses, with automatic updates, corrupt installations, and inaccurate version numbers being common-place.

In this post, I will cover how to get from a relatively unmanaged Chrome environment, so one that you can easily control through SCCM

Understanding Chrome installations

Let’s take a step back and understand how Chrome is installed.

When you download and run the MSI provided by Google, the first thing that is installed is the Google Update Helper. When this installs it still registers with Windows Installer that Chrome has been installed. The issue with this is that it’s registered with the package version, not the application version (e.g. Chrome 41 will appear in add/remove programs and registry as 66.56.118 when it should really be 41.0.2272.118).

Google Update Helper then handles the installation of Chrome itself as outside of the previous MSI you just ran, and in the process should update everything to reflect the correct version number. Sadly this doesn’t always happen

Removing the middle-man

The majority of the issues are around Google Update Helper, so let’s try installing Chrome without it.

If you are looking for a switch for the MSI, you are not going to find one. Remember that the MSI installed the Update Helper, not Chrome.

What we can see though is that in C:\Program Files (x86)\Google\Update\Download, there are several folders, one of which contains an EXE.

Chrome download folder

Installing Chrome

Now that we have the installer, we need to get it into SCCM.As with most applications, you should rename it to something that is readable and move it to the correct source location

There are a number of install switches available for the Chrome executable, but the only one we care about at this point is “–system-level”. If we don’t put this switch here, Chrome will install using the user context and go into AppData.

Google Chrome Install String

Uninstalling Chrome

Uninstalling Chrome follows the same process as installing Chrome. It is important to note that you will need to use the original installation media to perform the uninstall.

The correct switches to use are “–uninstall –system-level –force-uninstall”.

Google Chrome uninstall String

Detecting Chrome

Unfortunately, because we have bypassed the Chrome MSI, there is no registration with Windows Installer, and no Registry keys that you can use for detection.

For this reason, we will have to default back to folder detection.

If you are catering for both 32-Bit and 64-Bit, you will notice that the installation is placed into the exact same location, and contains almost identical files.

For my detection, I used the folder “%ProgramFiles(x86)%\Google\Chrome\Application\62.0.3202.94\WidevineCdm\_platform_specific\win_x64”.

As you can see in the string, it caters for both the version number and also for architectureGoogle Chrome Detection Method