Tech Paper: Deploying Google Chrome
May 20, 2021
One of the most popular browsers nowadays, Google Chrome, is a must-have for many Citrix Virtual Apps and Desktops environments. Google Chrome was chiefly oriented at consumers and background operating systems when launched, but nowadays, it is coarse in the Enterprise and more administrators are deploying this browser in their virtual Apps and Desktops environments. This led Google to release a raw Chrome Enterprise Bundle package in 2017 that is much friendlier to enterprise deployments than past iterations. To by rights install and configure Google Chrome, there are some details you need to be aware of. This article shows you the recommend steps to a successful deployment, configuration, and optimization of Google Chrome in your arrangement .
first, download the latest translation of Google Chrome. You can choose to download either the Enterprise Bundle or the stand-alone translation. The Enterprise Bundle includes the installers for the Chrome browser and the Chrome Legacy Browser, and the Microsoft Group Policy template ( ADMX ) files. Choose either the 32-bit or 64-bit version. Extract the ZIP file after download .
NOTE: The Chrome Legacy Browser Support reference allows users to switch mechanically between Chrome and another browser. When a user clicks a connect that requires a bequest browser to open ( such as a site that requires ActiveX ), the URL will automatically open in the bequest browser from Chrome .
To install Google Chrome on your master prototype, whether for hosted-shared or VDI, follow these steps :
- Install Chrome using the MSI installer:
msiexec.exe /i "C:\GoogleChromeStandaloneEnterprise64.msi" /qn /norestart /l*v
"C:\Logs\GoogleChromeStandaloneEnterprise64.log"If you run into troubles when Chrome cannot reach the internet, add the MSI parameter
- Optional: Install the Chrome Legacy Browser support extension using the MSI installer:
msiexec.exe /i "C:\LegacyBrowserSupport_18.104.22.168_en_x64.msi" /qn /norestart /l*v "C:\Logs\LegacyBrowserSupport_22.214.171.124_en_x64.log"
We strongly recommend always using the latest adaptation of Google Chrome. At a minimum, interpretation 59 should be used, because from this translation and higher, Chrome mechanically detects if it ’ randomness running in a outside background environment and adjusts its settings consequently. In addition, publishing Chrome in Citrix Studio is easier than it used to be ; you only need to publish the follow command cable :
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
The facility directory is the same for both 32-bit and 64-bit installations .
It is no long necessary to add the parameters
–allow-no-sandbox-job –disable-gpu to the command line .
however, there remains an issue with the Citrix API hooks. Google Chrome can not launch properly and you can have to exclude the Chrome processes chrome.exe and nacl64.exe from these hooks. The Google article Run Chrome as a virtual application describes this issue in more detail. The Citrix article How to Disable Citrix API Hooks on a Per-application provides bit-by-bit instructions on how to disable the hook for person processes ( applications ). Be mindful that from XenApp and XenDesktop version 7.9 and newer, changes to API hooks shape must be followed by a boot .
The Citrix article Chrome fails to launch in a published desktop deals with chrome errors such as “ Aw, Snap ! ” page crashes and grey screens without any message. The solution for these errors is the lapp as mentioned above ; the processes
nacl64.exe necessitate to be excluded from the Citrix API hooks .
Manage Google Chrome using Group Policies
Google Chrome can be managed using Microsoft Group Policy. As mentioned, the Enterprise Bundle includes the ADMX files. Copy the ADMX files and the speech files ( *.ADML ) to your central store for Group Policy administrative templates ( for case
\\contoso.com\SYSVOL\contoso.com\policies\PolicyDefinitions ). You find all Chrome related policies in the section Computer Configuration \ Policies \ Administrative Templates \ Google .
Manage the master_preferences file
Google Chrome comes with a master_preferences file. This file contains the default Chrome settings. This file can be modified by the administrator to make surely settings are available after initiation. By default, the master_preferences file is located in the directory
C:\Program Files (x86)\Google\Chrome\Application .
Individual exploiter settings are stored in a file called Preferences, stored in the user ’ s profile. This Preferences file is created on first practice of Chrome. By default, this file is located in the directory
C:\Users\%UserName%\AppData\Local\Google\Chrome\User Data\Default .
See the article Configuring other Preferences for more details.
Read more: A Few Thoughts on Cryptographic Engineering
Roaming User Settings
Google Chrome offers three ways how to roam exploiter settings :
- Google account
- Chrome roaming profiles
- Roaming profiles
Google Account (preferred method)
You can create a Google report and sign in with it in all your trust environments and on all your trusted devices ( sign in or out of Chrome ) .
This is the prefer method according to the article Common Problems and Solutions ( see the section Can I store my users ’ Chrome profiles on a Roaming Profile ? )
By default, the follow user-specific settings are stored and synchronized :
- Themes & Wallpapers
- Open Tabs
- Credit cards and addresses using Google Pay
The drug user can customize which settings are synchronized ( sync your report settings ) .
Chrome roaming profiles
If using a Google account to synchronize user settings is not an option for you, use Chrome roaming profiles alternatively. As explained in the article Using Chrome on roaming user profiles, settings such as bookmarks, auto-fill data, passwords, per-computer browse history, browser preferences and install extensions can be stored in a file called profile.pb. By default, this file is stored in the directory
C:\Users\%UserName%\AppData\Roaming\Google\Chrome, but the default directory can be changed .
All profile solutions, including the Citrix Profile Management, synchronize the directory
C:\Users\%UserName%\AppData\Roaming ( =
%AppData% ), therefore ensuring that the file profile.pb is synchronized deoxyadenosine monophosphate well. There are three methods how you can enable the creation of the profile.pb file :
- Enable the Group Policy setting Enable the creation of roaming copies for Google Chrome profile data in User or Computer Configuration \ Policies \ Administrative Templates \ Google \ Google Chrome.
- Set the registry value RoamingProfileSupportEnabled to 00000001 in the registry key
HKEY_CURRENT_USER\Software\Policies\Google\Chromeas described in the section RoamingProfileSupportEnabled in the article Policy List on Chromium.org.
- Add the command line flag –enable-local-sync-backend to the Chrome.exe in the Chrome shortcut. See the article Using Chrome on roaming user profiles for more information.
There are three methods how to change the default directory of the profile.pb file :
- Enable the Group Policy setting Set the roaming profile directory in User or Computer Configuration \ Policies \ Administrative Templates \ Google \ Google Chrome.
- Add the profile directory to the registry value RoamingProfileLocation in the registry key
HKEY_CURRENT_USER\Software\Policies\Google\Chromeas described in the section RoamingProfileLocation in the article Policy List on Chromium.org.
- Add the command line flag
–local-sync-backend-dir=path_to_directoryto the Chrome.exe in the Chrome shortcut. See the article Using Chrome on roaming user profiles for more information.
so, what happens if the exploiter is not signed in with a Google bill or a Chrome roll profile ( “ profile.pb ” ) has not been configured ? In cases such as these, Google Chrome stores all user data in the directory
C:\Users\%UserName%\**AppData\Local**\Google\Chrome\User Data ( see besides the Chromium article User Data Directory ). This directory is synchronized by default option by the Citrix Profile Management .
This method has its drawbacks and should be used carefully. As stated in the article Common Problems and Solutions, Chrome user profiles are not backward-compatible. If you try to use mismatched profiles and Chrome versions, you can experience crashes or data loss. This mismatch can frequently occur if a Chrome profile is synced to a roaming profile or net drive across multiple machines that have unlike versions of Chrome .
In short-circuit, it is crucial not to mix different versions of Chrome into a individual roll profile. If you want to use this method to synchronize your drug user ’ second settings, make sure to create discriminate roll profiles for each environment or device type. This method can work for your organization, but you do so at your own risk .
note that Citrix recommends excluding the following four subfolders :
!ctx_localappdata!\Google\Chrome\User Data\Default\Cached Theme Images=
On non-persistent machines, Chrome should not be allowed to update itself automatically. Installing updates should merely be allowed when modifying or creating the passkey picture or when updating the lotion layer ( Citrix App Layering ). To disable automatic updates, proceed as follows :
- Disable the Group Policy setting Update policy override in the section Computer Configuration \ Policies \ Administrative Templates \ Google \ Google Update \ Applications \ Google Chrome on the Organization Unit in the Active Directory that contains your productive workers.
- Disable the following services and scheduled tasks (responsible for automatic updates):
- Google Update Service (gupdate)
- Google Update Service (gupdatem)
Disable Active Setup
Chrome besides creates an active Setup detail. As explained by Citrix CTP Helge Klein : “Active Setup is a mechanism for executing commands once per user early during logon. Active Setup is used by some operating system components like Internet Explorer to set up an initial configuration for new users logging on for the first time.” Active Setup is ran at logon by the explorer.exe process, which means that it does not work with print applications. As a rule, I recommend disabling Active Setup completely to improve drug user logon time. In casing you would like to run the Chrome Active Setup command once at drug user logon, I recommend using a logon script that mechanically reads the command course from the stubpath register value and run the command .
Remove the Chrome desktop icon
One stopping point detail you can configure is removing the automatically created background picture. This requires two steps :
- Delete the shortcut file
Google Chrome.lnk, located in the directory
%Public%\Desktop, which by default points to
- Add the following lines to Chrome’s master_preferences file (explained previously in the Configuration section) to prevent shortcuts from being created for new users:
Memory and CPU Optimization
Browsers can be quite RAM- and CPU-intensive and Chrome is no exception. On a native client, this might not be much of a problem, but it is in a Citrix Virtual Apps and Desktops environment where ( normally ) all workers are virtual machines, sharing the underlying hardware. Resource-intensive applications reduce the maximal drug user concentration per physical host .
Did you know that Chrome comes with its own task manager that allows you to see the resource consumption for each individual tab? To access the Chrome tax director, either use the shortcut SHIFT+ESC or go to the menu ( the three erect dots ), and navigate to More tools \ Task coach. The tax coach allows you to identify which webpages consume the most resources .
It is possible to reduce the memory and CPU utilization of Chrome :
- First of all, use Citrix Workspace Environment Manager (WEM). The features CPU Management and Memory Management reduce the memory and CPU utilization for many processes and applications, Chrome included.
- Another way of reducing Chrome’s footprint is by using a Chrome extension to manage tabs to free up system resources. These extensions suspend unused tabs, thus reducing memory and (especially!) CPU consumption. Test these plug-in and use the Chrome task manager to see how the resource consumption of each suspended tab reduces significantly.
- In case your physical hosts come with a Graphics Processing Unit (GPU), certain processing tasks are offloaded to the GPU, thus freeing up the CPU. Citrix CTP Helge Klein wrote two great articles on this topic: Impact of GPU Acceleration on Browser CPU Usage and Comparison: CPU & GPU Usage of 4 Browsers.
Manage Chrome extensions
When building your worker overcome persona, whether hosted-shared or VDI, you may be inclined to include the command Google Chrome extensions. Don ’ thymine ! Chrome extensions can be managed and deployed using Microsoft Group Policy. More importantly, Chrome extensions are installed on a per-user footing ! You do not need to update your picture to add or remove an extension. If you are adding numerous extensions through policy, you should be aware that this can have a negative impact on the inauguration times of Google Chrome.
The facility directory is :
Using Microsoft Group Policy to manage your extensions besides works when using the Citrix Provisioning Server ( PVS ) to deploy your images, not fair with Machine Creation Services ( MCS ) .
For more detail data on how to manage Chrome extensions using Microsoft Group Policy, please see the article Deploying Google Chrome extensions using Group Policy .