Skip to content

helaroz8/chrome-enterprise-wrapper

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
Update-Chrome.ps1
Update-Chrome.ps1
 
 

Repository files navigation

Chrome Enterprise Deployment Wrapper

Overview

A PowerShell-based deployment wrapper designed to enforce Google Chrome Enterprise security updates across domain-joined environments via SCCM, PDQ Deploy, or similar endpoint management systems.

Problem Statement

Deploying the GoogleChromeStandaloneEnterprise64.msi package frequently results in a false-positive "Success" (Exit Code 0) without applying the binary updates to the target machine. Root causes identified:

  • Omaha Engine Staging: The Google Update service defers binary replacement until the next manual browser launch.
  • GPO Conflicts: Active Directory policies (e.g., RollbackToTargetVersion) force background downgrades.
  • MSI Maintenance Mode: Corrupted registry states from previous installations force the Windows Installer into a silent reconfiguration loop, skipping file extraction.

Solution Architecture

This wrapper enforces a zero-touch deployment through a strict sequence to bypass native update blocks:

  1. Registry Sanitization: Clears local HKLM policy locks preventing updates.
  2. Process Termination: Releases file locks by terminating active Chrome and Omaha processes.
  3. Binary Removal: Deletes legacy executables to prevent deferred staging behavior.
  4. MSI Cache Purge: Executes a silent uninstall against the new MSI to reset the Windows Installer database state.
  5. Clean Installation: Executes the new MSI deployment.
  6. Service Validation: Triggers the Google Update service to validate the injected binaries.

Business Impact

  • Efficiency: Replaces manual remediation with a fully automated, zero-touch deployment model.
  • Security Compliance: Ensures immediate application of critical vulnerability patches.
  • Reliability: Eliminates false-positive deployment reports in endpoint management systems.

Deployment Guide

  1. Stage Update-Chrome.ps1 and GoogleChromeStandaloneEnterprise64.msi in the same directory.
  2. Configure the deployment system to execute the script as NT AUTHORITY\SYSTEM or a dedicated deployment account.
  3. Ensure the deployment package is configured to include the entire directory contents.

Diagnostics

The script generates local logs for troubleshooting:

  • Execution Log: C:\Windows\Temp\ChromeWrapper_Log.txt
  • MSI Verbose Log: C:\Windows\Temp\Chrome_MSI_Install.log

About

Enterprise PowerShell wrapper to enforce zero-touch Google Chrome deployments, bypassing MSI and GPO conflicts.

Topics

automation powershell sysadmin sccm windows-server pdq-deploy

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases 1

v1.0.0 - Stable Enterprise Release Latest
May 9, 2026

Packages

 
 
 

Contributors

Languages