Browsers

How to Enforce Browser Extensions

Normally, it's pretty easy to uninstall browser extensions that help block content. It is possible to prevent these browser extensions from being uninstalled so easily.

Tech Lockdown Team

Updated July 9, 2024

If you’ve installed a browser extension to block webpages or content within websites, then it’s important to make sure that it can’t easily be removed from your browser. Fortunately, it is possible to choose specific extensions that you need to be installed, without the option to remove them later on.

When you enforce a browser extension in Google Chrome or Microsoft Edge, the option to remove the extension will be greyed out and not selectable:

However, enforcing a browser extension is not intuitive at all. In fact, this option is hidden from the browser's settings page and not possible to configure using the typical methods.

When I tried looking for information about how to go about doing this, I was overwhelmed with answers that were not at all intuitive. For example, this is possible to do on Windows with something called the Group Policy editor, but this method takes a lot of patience just to get started. Instead, I found a more accessible way that doesn’t involve the Group Policy Editor at all.

How to Change Hidden Settings on Your Browser

On Google Chrome, you are probably familiar with how to access Settings:

However, your browser also has hidden settings that you can’t change from this menu. One of these hidden settings is called the ExtensionInstallForcelist.

How exactly you go about enabling this will depend on which device you have. On Windows computers, you can edit it by using the Registry. Mac devices have a similar option called the defaults system and plist files.

Fortunately, I’ve found a way to simplify this process using Command Prompt or Terminal Commands.

Find the Extension's ID

To get started, you first need to find the extension ID of the browser extension that you want to enforce. You will have to use the extension ID in order to instruct your browser to keep it installed.

Fortunately, this is pretty easy.

Once you have an extension you want to enforce, look at its home page (we'll use Cold Turkey as an example):

Take a look at its URL. At the very end of the long address, you should see a forward-slash followed by a long string of letters. This string of letters is the extension ID.

Copy this ID, you will need it later. Alternatively, if you have multiple extensions that you want to install, I would create a list in Notepad so you don't forget.

In our example, we will install the Cold Turkey blocker using the extension ID: pganeibhckoanndahmnfggfoeofncnii.

How to Enforce a Browser Extension on Windows

In order to enforce a browser extension on Windows in browsers like Google Chrome and Edge, you can modify the Window's registry to specify the browser extension IDs that you want to enforce.

The easiest way to modify the Registry on Windows is to use Command Prompt, although it can get a bit confusing if you're unfamiliar with how to use it.

If you prefer a cleaner user-interface, it is still possible to do this with the Registry Editor.

We'll enforce an extension using both approaches and you can choose the one that works best for you.

Use the Command Prompt to Edit the Registry

You can use the Windows Command Prompt program to run commands that make changes to your system. This is the simplest way to enforce browser extensions since you can just copy/paste the commands.

Now that you have the extension ID(s) that you want to enforce, it's now time to start modifying the Registry.

Keep in mind that modifying the Registry without knowing what you're doing can be dangerous. I would strongly recommend that you make a backup before continuing.

Open Command Prompt as an Administrator.

In order to create a blocklist, you'll first need to create a directory in the Registry called the ExtensionInstallForcelist.

To create the directory, copy/paste this command into Command Prompt (make sure that you are running as an Administrator):

For Google Chrome, use this command:

reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome\ExtensionInstallForcelist"

For Microsoft Edge, use this command:

reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Edge\ExtensionInstallForcelist"

After you've created this directory in the Registry, you can start adding entries to start building your Forcelist.

To add an entry, you'll need to use a command to add a String Value within the ExtensionInstallForcelist; before you try to run this command in Command Prompt, take a look at it:

For Google Chrome, look at this command:

reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome\ExtensionInstallForcelist" /v "1" /t REG_SZ /d "pganeibhckoanndahmnfggfoeofncnii"

For Microsoft Edge, look at this command:

reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Edge\ExtensionInstallForcelist" /v "1" /t REG_SZ /d "pganeibhckoanndahmnfggfoeofncnii"

You'll see that the command starts going to the ExtensionInstallForcelist directory first. Next, it creates a new String value with the title "1", then you might recognize the extension ID near the end for Cold Turkey: "pganeibhckoanndahmnfggfoeofncnii".

If you want to change which extension is enforced, just take the extension ID you've copied earlier and replace Cold Turkey's ID with a different ID.

If you want to add additional extensions to your Forcelist, you can, but just make sure that you change the name to "2" for the second entry, "3" for the third entry, and so on.

For example, if you also wanted to add and enforce the Google translate extension on Chrome:

reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome\ExtensionInstallForcelist" /v "2" /t REG_SZ /d "aapbdbdomjkkjkaonfhkkikfgjllcleb"

(and for Edge)

reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Edge\ExtensionInstallForcelist" /v "2" /t REG_SZ /d "aapbdbdomjkkjkaonfhkkikfgjllcleb"

Notice the "2" and the changed extension ID in the above command.

Edit the Registry Manually

If you aren't comfortable using command prompt, you can use the Window's Registry graphic user interface to make the exact changes we did above. This approach just requires more steps.

We'll take the same steps as you would with the Command Prompt, it just might make it easier to "see" what you're doing.

First, search for Registry in the Start Menu, and accept the User Account Control prompt:

You should see a screen that looks like this:

From here, navigate to HKEY_LOCAL_MACHINE > Policies:

If you've never done this before, you will probably have to create a Google entry. To do this, right-click on Policies and choose New > Key.

Name this new key Google:

Under Google, create another key named Chrome. Under Chrome, add one called ExtensionInstallForcelist:

The final path should be Computer \ HKEY_LOCAL_MACHINE \ SOFTWARE \ Policies \ Google \ Chrome \ ExtensionInstallForcelist. You can check this towards the top of the Registry Editor:

On the ExtensionInstallForcelist entry you just created, then right-click and choose New > String Value:

Name this new String Value "1":

Double-click on this value and enter your first extension ID under Value data:

Click OK when you're done.

Perfect! The final product should look like this:

If you want to add more extensions to this blocklist, right-click on ExtensionInstallForcelist again, choose New > String Value, then set this new value's name to "2". If you had three extensions that you wanted to the blocklist, it might look like this:

How to Enforce a Browser Extension on MacOS

You should have the extension ID(s) handy before continuing.

This tutorial is going to assume you're using Google Chrome.

Open Terminal:

First, copy/paste this command into Command Prompt (make sure that you are running as an Administrator):

sudo defaults write /Library/Preferences/com.google.Chrome ExtensionInstallForcelist -dict-add 1 "pganeibhckoanndahmnfggfoeofncnii"

To add more entries, you can add them by adding a "2" after "-dict-add" for the second entry, "3" for the third, and so on:

sudo defaults write /Library/Preferences/com.google.Chrome ExtensionInstallForcelist -dict-add 2 "aapbdbdomjkkjkaonfhkkikfgjllcleb"

Force an Extension on MacOS with Managed Mode

If you are using a blocking application like Cold Turkey, it will require you to install a browser extension to work properly.

Ideally, you would prevent the user from removing that browser extension. Here's how to do that.

Edit the managed browser profile you've been using and navigate to the Extensions tab in

Scroll down to the Extension/App IDs and update URLs to be silently installed and add the extension ID(s) that you found earlier to the table.

If you save the config and push the changes to your Macbook (using the associated Manage Engine profile), you'll see that the extension can't be removed or disabled anymore:

Frequently Asked Questions

What is an Extension ID?

The extension ID is how your browser knows which extension to install. To find a browser extension's ID, go to its store page and look for the string of letters:

Does enforcing an extension install it?

You don't need to have the extension already installed in order to add it to the Forcelist. If you manually add the entry to the Forcelist without the extension being installed, your browser will automatically download and install it.

Keep in mind that just because the browser is installed that it will function perfectly; some browser extensions might still need you to enable required permissions.

How do I remove an extension I’ve enforced?

If you need to remove an entry, the easiest way is to delete the ExtensionInstallForcelist entry in either the Registry (for Windows) or the Plist file (for Mac).

For Windows, open Command Prompt as administrator and enter the following command for Chrome:

reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome\ExtensionInstallForcelist" /v 1 /f

Here's the command for Edge:

reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Edge\ExtensionInstallForcelist" /v 1 /f

For Mac, open Terminal and enter the following command for Chrome:

defaults delete com.google.Chrome ExtensionInstallForcelist

For Edge, use this command:

defaults delete com.microsoft.Edge ExtensionInstallForcelist

Restart your browsers in order for the changes to take effect.