Skip to main content

Install Cloud Filter Extension on Windows using Domain Group Policy Object (GPO)

Updated
This article applies to our Cloud products, including the Admin Panel, Cloud Filter, Cloud Reporting, and Monitor. It does not apply to the On-Premise Appliance.

 

To use Cloud Filter on Windows devices that use Domain Group Policy Object (GPO), you must deploy an MSI (Microsoft Software Installer) along with a browser extension.

Before you begin

  • Force-install the Chrome and/or Edge browsers on all relevant devices.
  • Ensure your devices don’t use a non-transparent proxy.
  • Prevent your antivirus software from quarantining the Smoothwall client by adding these exception paths to the antivirus software on student devices:
    • C:\Program Files\Smoothwall
    • C:\ProgramData\Smoothwall
  • Some antivirus software might require the full path of each program:
    • C:\Program Files\Smoothwall\Unified Client\bin\sw-uc-desktop-client.exe
    • C:\Program Files\Smoothwall\Unified Client\bin\sw-uc-browser-bridge.exe

Step 1: Download the Cloud Filter Unified Client

  1. Go to software.smoothwall.com
  2. In the Cloud Filter Unified Client section, select Windows x64.

This downloads smoothwall-unified-client-x-windows.zip to your computer, which contains a few files. For this deployment, you need the MSI installer and smoothwall.admx file.

Step 2: Create a GPO

In Group Policy Management, create a new GPO called ‘Smoothwall GPO’ for the AD Domain Controller where you want to deploy the Cloud Filter Extension.

Step 3: Install the Cloud Filter Unified Client

  1. Copy the Smoothwall MSI file into a network shared folder so devices can access it over the network. For example, \\MACHINE_NAME\Shared_Folder
  2. Attach the Smoothwall MSI file to the Smoothwall GPO.
  3. Assign the MSI application to the GPO.
  4. Set permissions for the Group Policy Software Installation for Authenticated users to give both Read and Special permissions.

Step 4: Provision the Unified Client using the ADMX template

  1. In the Smoothwall GPO, add the Smoothwall ADMX template from the download in Step 1. 
  2. Configure the Smoothwall ADMX template in the Smoothwall/Unified Client path as below and leave any other settings as Not Configured.

Serial number

  • Enabled
  • Value = Your UNCL

Tenant ID

  • Enable = multi-tenanted, Disabled = not multi-tenanted
  • If enabled, the Tenant ID

Alternative method to provision

If you can’t use the ADMX template, you must create a registry key at this path: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Smoothwall\UnifiedClient\

  • SerialId = String (REG_SZ) containing your UNCL.
  • TenantId = String (REG_SZ) containing your Tenant ID, if you have a multi-tenant environment. If you don’t, leave this blank.

Step 5: Configure your browsers

  1. Use Group Policy to install the extension into the Chrome or Edge browser.
  2. Additionally, Chrome and Edge require some configuration to force install the Cloud Filter Extension and lock them down to ensure safe usage. Configure Chrome or Edge with the listed policies at the device level, not the user level.

Chrome

  1. Install the Google Chrome ADMX templates.
  2. Configure the list of force-installed apps and extensions:
    • State = Enabled
    • Value = jbldkhfglmgeihlcaeliadhipokhocnm;https://clients2.google.com/service/update2/crx

Edge

Control which extensions are installed silently:

  • State = Enabled
  • Value = dlcaglefdlidioooijnigjhfcndlncfp;https://edge.microsoft.com/extensionwebstorebase/v1/crx

Next steps

If you are part of a multi-tenant organisation, repeat steps 3-5 for each tenant, targeting the GPO at the organisational unit that contains the devices for that tenant.

Check that your deployment works as expected:

You can also prevent users from using their own extensions. If you are already familiar with Intune, you can use Microsoft’s Use group policies to manage Microsoft Edge extensions article.