Forum Discussion
Ephemeral mode browser auto launch
Hi jchenabc welcome to the community, and thanks for the post.
The behavior you are seeing is expected by design in ChromeOS ephemeral mode. The Chrome browser automatically launches upon login to initialize the newly created temporary user profile and apply mandatory user-level policies, such as the installation of forced extensions.
Unfortunately, to my knowledge, there is no administrative policy available to explicitly prevent Chrome from auto-launching in ephemeral mode. This automatic launch is integral to how ephemeral profiles are initialized and managed.
Since you cannot prevent the launch, your best bet is to adapt your automation process:
- Introduce a wait/delay: Modify your automation scripts to incorporate a wait condition or time-based delay (e.g., 10-15 seconds) after login. This allows the Chrome launch and extension installation process to complete before your automation begins.
- Use Managed Guest Sessions: If your primary goal is a controlled, disposable session, consider using Managed Guest Sessions. These sessions offer different launch behaviors that might be more compatible with your automation, as they are not tied to a temporary Google user profile creation process.
Otherwise, let's see if any other IT admins whether they have any other suggestions or workarounds.
Thank you Lynda. The problem is actually Chrome opening too fast, faster than we can deliver the certificate to the device via our backend automation. The browser end up picking the wrong certificate and afaik, there isn't an option to force chrome to re-pick the certificate without reset the user session, and we likely will run into the same problem again. Is there an option to force browser to pick certificates without restarting the session ?
Hi, jchenabc, I've played with the different settings that allow to control Chrome auto-launch. It seems that the FullRestoreMode policy doesn't help when used in combination with DeviceEphemeralUsersEnabled. In ephemeral mode, Chrome automatically opens the last tabs synced with the used account. So one way to disable Chrome Browser auto-launch is to disable syncing of the 'Open Tabs'. You can use the SyncTypesListDisabled policy for this.
This worked for me. FYI I also had the FullRestoreMode policy set to 3.
Regarding what you are trying to achieve, I would recommend using device certificates if you absolutely need to use the ephemeral mode, so that every user of the device benefit from the certificate and you don't generate a new certificate everytime they login.
