Skip to main content

Deploy Chrome Collector

To deploy a browser collector, you must:

  • Install the browser extension.
  • Save AIDR collector configuration in the extension's Managed storage.

Managed storage

All deployment methods populate the browser extension's Managed storage with values required to connect to AIDR.

Chrome Enterprise pushes configuration via cloud policy to the extension's managed storage in enrolled browsers, bypassing OS-level settings.

Other methods apply configuration through managed preference profiles (macOS) or registry entries (Windows).

Configuration fields

  • Required fields:

    • registrationIdentity - Encoded credentials the extension uses to authenticate with the AIDR service and obtain an authorization token
    • urlTemplate - AIDR API base URL

    You can find collector-specific values for registrationIdentity and urlTemplate on the Install tab in the AIDR console. Configuration files and templates available on the Install tab are pre-populated with these values.

  • Optional user identity fields that appear in AIDR event logs:

    • userId - User identifier (for example, email address). Appears in AIDR logs and findings as a top-level field. If not provided, defaults to user_<device-id>.
    • userFullName - User's display name. Appears in AIDR logs and findings under Extra Info. If not provided, defaults to name_<device-id>.
    • hostname - Device hostname. Appears in AIDR logs and findings under Extra Info. Has no default value. If not configured, the field is sent empty.
tip:

To check extension managed storage in Chrome:

  1. In your browser address bar, go to chrome://extensions.
  2. Enable Developer mode.
  3. In the AIDR extension card, click service_worker.
  4. In the DevTools console for the background service worker, switch to the Application tab.
  5. Expand Extension storage and click Managed.
  6. Verify the storage keys are populated.

System paths

JAMF, Intune, Group Policy, and Self-Service apply extension configuration through OS-level settings. Verify the configuration at the following OS and browser-specific locations:

  • macOS - Managed preference plist files

    Configuration profile
    plutil -p /Library/Managed\ Preferences/<user>/com.google.Chrome.extensions.folndgmoekgkipoolphnkclopeopkecc.plist
    Example configuration
    {
      ...
      "registrationIdentity" => "eyJzIj...YiOjF9"
      "urlTemplate" => "https://api.crowdstrike.com/aidr/aiguard"
      "userFullName" => "<user-full-name>"
      "userId" => "<user-id>"
      "hostname" => "<hostname>"
    }

  • Windows - Registry keys

    Registry keys (machine level)
    Get-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Google\Chrome\3rdparty\extensions\folndgmoekgkipoolphnkclopeopkecc\policy"
    Registry keys (user-specific)
    Get-ItemProperty -Path "HKCU:\SOFTWARE\Policies\Google\Chrome\3rdparty\extensions\folndgmoekgkipoolphnkclopeopkecc\policy"
    Example configuration
    urlTemplate          : https://api.crowdstrike.com/aidr/aiguard
    registrationIdentity : eyJzIj...I6MX0=
    userId               : <user-id>
    userFullName         : <user-full-name>
    hostname             : <hostname>
    ...

Select Install option

On the collector details page, switch to the Install tab. This tab provides instructions, links, and templates for common deployment methods. This documentation includes step-by-step guides for specific methods.

  • JAMF - Use Apple-native Configuration Profiles to enforce extension deployment and system-level settings on macOS.
  • Microsoft Intune - Deploy extensions and configuration profiles across Windows and macOS managed endpoints.
  • Chrome Enterprise (Google Chrome only) - Use Chrome Enterprise to enroll browsers into the Google Admin console for centralized cloud-based policy management.
  • Group Policy (Windows only) - Use Active Directory Group Policy to force-install the extension and configure managed storage via registry settings across domain-joined Windows endpoints.
  • Self-Service - Install the extension and apply a configuration profile on a single machine to quickly test the collector.

Chrome Enterprise

With Chrome Enterprise Cloud Management, you can centrally install and configure extensions across managed Chrome browsers.

Install extension

To enroll cloud-managed Chrome browsers and browser profiles, see the

Cloud-managed Chrome browser documentation.

Configure extension

With user browsers and profiles enrolled, in your Google Admin console :

  1. Click the Main menu () icon and navigate to Chrome browser > Apps & extensions. Add the AIDR Chrome browser extension:

    1. Select or create an Organizational Unit (OU).

    2. Click the Users & browsers tab.

    3. Hover over the + icon and select Add Chrome app or extension by ID.

    4. In the Add Chrome app or extension by ID dialog, enter the Extension ID from the Install tab in the AIDR console:

      folndgmoekgkipoolphnkclopeopkecc

    5. Click SAVE.

  2. Select the added extension in the app list. Under Policy for extensions, paste the Extension Policy JSON copied from the Install tab in the AIDR console.

    This policy configuration authenticates the extension with the AIDR service and enables communication with AIDR APIs. The copied JSON contains the correct credentials and AIDR base URL for your collector.

  3. Select an Installation policy.

    For example, select Force install + pin to browser toolbar to deploy the extension to all enrolled user devices in the OU. This option also pins the extension to the browser toolbar for visibility.

  4. Click SAVE in the top right corner of the screen.

note:

Chrome Enterprise policies can't dynamically populate these fields:

  • userId
  • userFullName
  • hostname

To populate these fields in AIDR event logs, configure them on each endpoint. You can use an endpoint management tool (JAMF, Intune, or similar) to deploy a managed preference profile or registry entry. Apply the configuration at the following system paths:

  • macOS preference domain:
    • com.google.Chrome.extensions.folndgmoekgkipoolphnkclopeopkecc
  • Windows registry path:
    • HKLM:\Software\Policies\Google\Chrome\3rdparty\extensions\folndgmoekgkipoolphnkclopeopkecc\policy

See

Managed storage for details.

tip:

If you force-install the extension, DevTools might not be accessible by default.

If you plan to debug the extension on target machines, in the Google Admin console:

  1. Go to Devices > Chrome > Settings > Developer tools availability.
  2. Set Developer tools availability to Always allow use of built-in developer tools.
  3. Click Save.

Group Policy (Windows)

With Active Directory Group Policy, you can force-install the browser extension on domain-joined Windows endpoints and configure its managed storage through registry entries.

Requirements
  • Active Directory domain environment with Group Policy Management console (GPMC) installed.
  • Permission to create, edit, and link Group Policy Objects (GPOs). For example, membership in Domain Admins or Group Policy Creator Owners.
  • Target computer and user accounts in Organizational Units (OUs) linked to the GPO. Verify OU membership in Active Directory Users and Computers (dsa.msc).
  • If you plan to force-install the extension through GPO, you need write access to the domain's SYSVOL share (\\<domain>\SYSVOL\) to install administrative templates.
Create or edit Group Policy Object
  1. Open Group Policy Management console (gpmc.msc).
  2. Right-click your target OU and select Create a GPO in this domain, and Link it here..., or right-click an existing GPO and select Edit.... This opens Group Policy Management Editor.
Force-install extension

If the extension is already deployed through another method (such as Microsoft Intune), skip to Configure computer-level registry settings.

Install administrative templates

The Google Chrome administrative templates (ADMX/ADML files) aren't included with Windows. Check whether they're installed, and install them if needed.

  1. In Group Policy Management Editor, go to Computer Configuration > Policies > Administrative Templates. If Google > Google Chrome policy settings are already listed, skip to Enable force-install policy.
  2. Download the Chrome Enterprise Bundle from chromeenterprise.google by following the Quick start guide for Windows.
  3. Extract the downloaded archive.
  4. Inside the extracted folder, locate the Configuration/admx/ subfolder containing .admx files and language-specific subfolders (for example, en-US) with .adml files.
  5. Create the Central Store in SYSVOL. The Central Store is a PolicyDefinitions folder inside the domain's Policies folder. When this folder exists, GPMC reads administrative templates from the Central Store instead of the local machine. DFS Replication automatically copies the folder to all domain controllers. This folder doesn't exist by default - you must create it manually. Create PolicyDefinitions\ and a subfolder for each language you need (for example, en-US\):
    • \\<domain>\SYSVOL\<domain>\Policies\PolicyDefinitions\
    • \\<domain>\SYSVOL\<domain>\Policies\PolicyDefinitions\en-US\
  6. Copy all .admx files to PolicyDefinitions\ and the .adml files from each language subfolder to the matching subfolder under PolicyDefinitions\.
  7. Close and reopen Group Policy Management Editor to load the new templates.
note:

If no Central Store exists in SYSVOL, GPMC reads templates from the local C:\Windows\PolicyDefinitions\ folder on the machine running the console. Every Windows installation includes this folder with built-in OS templates, but the contents aren't replicated to other domain controllers. This approach works for single-admin environments and testing but isn't recommended for production.

Enable force-install policy
  1. In Group Policy Management Editor, go to: Computer Configuration > Policies > Administrative Templates > Google > Google Chrome > Extensions.
  2. Double-click Configure the list of force-installed apps and extensions.
  3. In the Configure the list of force-installed apps and extensions dialog:
    1. Click Enabled.
    2. Click Show... under Extension/App IDs and update URLs to be silently installed.
    3. In the Show Contents dialog, add the extension update URL: 
      folndgmoekgkipoolphnkclopeopkecc;https://clients2.google.com/service/update2/crx
    4. Click OK in the Show Contents dialog.
  4. Click OK in the Configure the list of force-installed apps and extensions dialog.
Configure computer-level registry settings

Add extension settings that apply to all users under Computer Configuration:

  1. Go to Computer Configuration > Preferences > Windows Settings > Registry.
  2. Add AIDR base URL:
    1. Right-click and select New > Registry Item. Use these values in the New Registry Properties dialog:
      • Action: Update
      • Hive: HKEY_LOCAL_MACHINE
      • Key Path: 
        SOFTWARE\Policies\Google\Chrome\3rdparty\extensions\folndgmoekgkipoolphnkclopeopkecc\policy
      • Value name: 
        urlTemplate
      • Value type: REG_SZ
      • Value data: Copy the cloud-specific value from the collector's Install tab in the AIDR console. The AIDR base URL depends on your CrowdStrike cloud:
        • US-1
          https://api.crowdstrike.com/aidr/aiguard
        • US-2
          https://api.us-2.crowdstrike.com/aidr/aiguard
        • EU-1
          https://api.eu-1.crowdstrike.com/aidr/aiguard
    2. Click OK.
  3. Add collector credentials:

    1. Right-click and select New > Registry Item. Use these values in the New Registry Properties dialog:

      • Action: Update
      • Hive: HKEY_LOCAL_MACHINE
      • Key Path: 
        SOFTWARE\Policies\Google\Chrome\3rdparty\extensions\folndgmoekgkipoolphnkclopeopkecc\policy
      • Value name: 
        registrationIdentity
      • Value type: REG_SZ
      • Value data: Copy the value from the collector's Install tab in the AIDR console. The value is a base64-encoded string that looks like eyJzIj...oxfQ==.

    2. Click OK.

  4. Add device hostname:

    1. Right-click and select New > Registry Item. Use these values in the New Registry Properties dialog:

      • Action: Update
      • Hive: HKEY_LOCAL_MACHINE
      • Key Path: 
        SOFTWARE\Policies\Google\Chrome\3rdparty\extensions\folndgmoekgkipoolphnkclopeopkecc\policy
      • Value name: 
        hostname
      • Value type: REG_SZ
      • Value data: 
        %COMPUTERNAME%

    2. Click OK.

To edit a registry setting, right-click it and select Properties.

note:
  • Group Policy Preferences expand variables, such as %COMPUTERNAME%, at processing time and write the target machine name to the registry as a static string. This differs from REG_EXPAND_SZ, where the OS expands variables each time the value is read.
Cleanup behavior:

GPO Registry Preferences don't remove registry entries when you delete the preference item from the GPO. To enable automatic cleanup, click the Common tab of each registry item and select Remove this item when it is no longer applied. Enable this setting before you apply the GPO to target machines. If you didn't select this option before initial application, you must remove the registry entries manually or with a script.

Configure user-level registry settings

Because the %USERNAME% variable must resolve per user, add user identity settings under User Configuration.

note:

Windows processes Computer Configuration preferences during computer startup in the SYSTEM context, before any user logs in. In that context, %USERNAME% resolves to the computer account name - for example, WORKSTATION1$ - not the logged-in user.

  1. Go to User Configuration > Preferences > Windows Settings > Registry.
  2. Add user ID:
    1. Right-click and select New > Registry Item. Use these values in the New Registry Properties dialog:
      • Action: Update
      • Hive: HKEY_CURRENT_USER
      • Key Path: 
        SOFTWARE\Policies\Google\Chrome\3rdparty\extensions\folndgmoekgkipoolphnkclopeopkecc\policy
      • Value name: 
        userId
      • Value type: REG_SZ
      • Value data: 
        %USERNAME%
    2. Click OK.
  3. Add user full name:
    1. Right-click and select New > Registry Item. Use these values in the New Registry Properties dialog:
      • Action: Update
      • Hive: HKEY_CURRENT_USER
      • Key Path: 
        SOFTWARE\Policies\Google\Chrome\3rdparty\extensions\folndgmoekgkipoolphnkclopeopkecc\policy
      • Value name: 
        userFullName
      • Value type: REG_SZ
      • Value data: 
        %USERNAME%
    2. Click OK.

To edit a registry setting, right-click it and select Properties.

note:

  • Group Policy Preferences expand variables, such as %USERNAME%, at processing time and write the result to the registry as a static string. This differs from REG_EXPAND_SZ, where the OS expands variables each time the value is read.

  • %USERNAME% resolves to the Windows SAM account name (for example, jhammond), not an email address or display name.

  • Multi-domain environments

    By default, userId is set to %USERNAME%. In multi-domain environments, you can use %USERDOMAIN%\%USERNAME% (for example, INGENHQ\jhammond) to distinguish users who share a SAM name across domains.

Cleanup behavior:

GPO Registry Preferences don't remove registry entries when you delete the preference item from the GPO. To enable automatic cleanup, click the Common tab of each registry item and select Remove this item when it is no longer applied. Enable this setting before you apply the GPO to target machines. If you didn't select this option before initial application, you must remove the registry entries manually or with a script.

  1. Link the GPO to target OUs.

    This GPO includes both Computer Configuration and User Configuration settings. Both computer accounts and user accounts must be in OUs linked to the GPO. If your computers and users are in different OUs, link the GPO to both, or to a parent OU that contains both.

    note:

    User accounts in the default CN=Users container don't receive User Configuration policies. GPOs can't be linked to the default Users container. Move user accounts to a proper OU.

  2. On the Scope tab of the GPO, check the Security Filtering section. By default, this section includes Authenticated Users, which covers all domain-joined accounts. If your organization has narrowed filtering to a specific security group, confirm that target computer and user accounts are members. Otherwise, no endpoints receive the policy.

  3. Run gpupdate /force on the target machine and restart Google Chrome:

    gpupdate /force

  4. Verify the computer-level registry values:

    reg query "HKLM\SOFTWARE\Policies\Google\Chrome\3rdparty\extensions\folndgmoekgkipoolphnkclopeopkecc\policy"

    Confirm that urlTemplate, registrationIdentity, and hostname are present.

  5. Verify the user-level registry values:

    reg query "HKCU\SOFTWARE\Policies\Google\Chrome\3rdparty\extensions\folndgmoekgkipoolphnkclopeopkecc\policy"

    Confirm that userId and userFullName are present with the logged-in user's name.

  6. In Google Chrome on the target machine:

    • Go to chrome://extensions and verify that the extension is installed. If you force-installed the extension through GPO, verify that users can't disable it.
    • Go to chrome://policy. Confirm that the AIDR extension policy shows all five values with the correct per-user expansion.

To confirm that the extension connects to AIDR, see Verify Deployment. After successful registration, the extension status progresses through Configured and Ready to Active.

Self-Service (testing)

Select the Self-Service option to quickly evaluate the collector on your own machine before deploying it at scale. This option:

  • Introduces the key browser collector deployment steps
  • Requires no management tools
  • Lets you perform both installation and configuration steps manually on your machine
  • Describes the extension deployment statuses and functionality, also applicable to production deployments using enterprise management tools
Self-service limitations:

Self-service deployment is intended for testing and evaluation purposes. It isn't a supported option for production deployments.

The first time you select this option, you must acknowledge these limitations in a confirmation dialog before proceeding.

Install extension

The AIDR collector for Google Chrome and Microsoft Edge is a Chrome extension in the Chrome Web Store.

  1. Click Get the AIDR Extension to open the extension page in the Chrome Web Store.
  2. Click Add to Chrome.

After you install the extension, you can manage it on the chrome://extensions page.

Extension updates:

When a new extension version includes updated permissions, the browser disables it until you accept them. Look for an Action Required indicator in the browser toolbar. Follow the prompt to accept the permissions and re-enable the extension.

For extensions deployed through enterprise management tools (MDM, GPO), the browser applies permission updates automatically.

Configure extension

  1. Return to the Install tab and download the configuration file for your operating system:

    • macOS - AIDR Chrome Profile (.mobileconfig)
    • Windows - AIDR Windows registry file (.reg)

    This file contains the collector instance configuration, including credentials to authenticate the extension with the AIDR service.

  2. Apply the configuration:

    • macOS

      1. Double-click the downloaded configuration profile (.mobileconfig), then activate it in System Settings > General > Device Management > Profiles. If a previous profile for this extension exists, remove it first.

        The exact path may vary depending on your macOS version.

    • Windows - Double-click the registry file (.reg) to merge it into the Registry and confirm the prompts.

      warning:

      The registry file modifies the Windows Registry under the extension-specific key path. This doesn't affect other settings, but as a precaution, you can make a registry backup before applying the file. If you're unsure how to back up the Registry, contact your IT or system administrator.

  3. Fully close and restart your browser. The settings take effect after restart.

note:

Downloaded configuration files are pre-populated with values from the current session:

  • urlTemplate - Set to the AIDR API URL for your CrowdStrike cloud
  • registrationIdentity - Set to collector-specific credentials
  • userId and userFullName - Set to the current AIDR console user's information

If you distribute the configuration file to other users, update the userId and userFullName fields to match the target user's identity.

hostname is machine-specific and not included in downloaded configuration files.

In production deployments, you typically set these values dynamically per user using variables in endpoint management tools or scripts.

Uninstall collector

When you're done testing, remove the browser extension and its system configuration.

  1. Remove the browser extension in your browser's extension manager.

  2. Remove the system configuration:

    • macOS - Remove the configuration profile in System Settings > General > Device Management > Profiles. The exact path may vary depending on your macOS version.

    • Windows - Delete the registry key for the browser you used.

      warning:

      This modifies the Windows Registry. You can make a registry backup before proceeding. If you're unsure how to back up the Registry, contact your IT or system administrator.

      Run the following command in a PowerShell session as Administrator:

      Remove the registry key for Chrome
      Remove-Item -Path "HKLM:\Software\Policies\Google\Chrome\3rdparty\extensions\folndgmoekgkipoolphnkclopeopkecc" -Recurse
      Remove the registry key for Edge
      Remove-Item -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge\3rdparty\extensions\folndgmoekgkipoolphnkclopeopkecc" -Recurse

636 Ramona St Palo Alto, CA 94301

Guides
Services
SDKs & APIs

©2026 CrowdStrike. All rights reserved.

PrivacyYour Privacy ChoicesTerms of UseLegal Notices
Contact Us