Setting ChromeOS user or browser policies

To manage your fleet of ChromeOS devices, you must be a Google administrator. You can set user policies to control the user experience when the user signs in with their managed Google account on any device.

 

Step 1:  Access the Google Admin Console
Sign in to the Google Admin console with your administrator account.

Step 2: Navigate to User Settings
From the Admin console Home page, go to Menu > Devices > Chrome > Settings > User & browser settings

Step 3: Select an Organizational Unit
On the left, select the organizational unit you want to apply the settings to. If you want to apply the settings to all devices, select the top-level organizational unit.

Step 4: Configure the Policy
Scroll to the setting you want to configure. Click on it, make your desired changes, and then click Save.

 

The policies will take effect the next time a user signs in with their managed account on a ChromeOS device.

 

Top 10 practical user policies for enterprise

 

While there isn't an official list of the "top 10 most used" user policies, the following 10 are highly valuable for enterprise customers to manage security, user experience, and device performance.

 

1. Maximum user session length: This policy is critical for security. You can set an automatic sign-out time (e.g., 60 minutes) to ensure that unattended devices are not left signed in, reducing the risk of unauthorized access.
2. Browser sign-in settings: To prevent data leaks and maintain control over user accounts, you can enforce that users can only sign in to Chrome browser with their managed work account. This prevents them from using personal accounts on company devices.
3. High efficiency mode: This policy improves device performance by automatically discarding inactive background tabs after a few hours. For a large enterprise, this can significantly reduce the memory footprint and CPU usage across the fleet, leading to better device responsiveness.
4. Exceptions to tab discarding: You can set a list of mission-critical web pages (e.g., a CRM dashboard or an internal ticketing system) that will never be automatically discarded. This ensures that essential applications remain active in the background.
5. Wake locks: This policy gives you control over whether applications and websites can prevent a device from sleeping or the screen from turning off. This is particularly useful for devices used as kiosks or for digital signage, ensuring the content is always visible.
6. Idle settings: This policy allows you to define what a device does when it's left idle or a user closes the lid. You can configure devices to automatically lock, sign out, or even shut down, which is essential for both power management and security.
7. Spoken feedback (ChromeVox): Enabling this accessibility feature is crucial for creating an inclusive workplace. It provides spoken feedback for visually impaired users, allowing them to navigate the device and use applications effectively.
8. High contrast: For users with low vision, this policy can be configured to change the font and background color scheme to make web pages easier to read. This is a practical and important accessibility feature for a diverse workforce.
9. Custom wallpaper: This policy allows you to set a company-branded wallpaper on all managed devices. This is useful for building a consistent corporate identity and can be used to display important information like IT support contact details.
10. Custom terms of service: Before a user can sign in for the first time, you can present them with a custom terms of service document. This is useful for ensuring all employees acknowledge and agree to company policies, such as an acceptable use policy.

For more detailed explanations of the device policies available, check out this article in our help center:

 

• Set Chrome policies for users or browsers