Deploying Turbo Browser URL Redirection via Group Policy

The Turbo URL Redirector lets you automatically launch a specific containerized browser when a user accesses a specific web site. (Details of the Turbo URL Redirector were discussed in the article Automatic URL Redirection to Turbo Browsers.)

In this article, we explain how to deploy this great feature to users through Local Group Policy (GPO).

Before You Start

The Turbo URL Redirector is a native browser extension that assists in web navigation by processing clicked hyperlinks and URLs entered in the navigation bar. The extension can be configured to open specified domains using a browser available on Turbo.net or a local TurboServer.

The Turbo URL Redirector for Internet Explorer is implemented in the Turbo.net Browser Helper Object and supports IE versions 8, 9, 10 and 11. The Turbo.net Chrome Extension provides the same experience for users of Chrome 42 and above.

A step-by-step walkthrough of the Turbo URL Redirector for Internet Explorer was described in this article. If you are not sure how to configure URL redirections using the Turbo.net website, we encourage you to read the previous post before moving to the next section.

Enable Redirection

The Turbo URL Redirector is disabled by default, because its installation requires elevated permissions to copy IE Browser Helper binaries to %ProgramFiles(x86)%.

To enable the Turbo.net URL Redirector, execute the following command:

> turbo config --enable-redirector
Hub server: https://turbo.net/
Browser redirection is enabled

Enable the Turbo Browser Helper Object for All IE Users

Microsoft Internet Explorer can be configured for all users through Local Group Policy. This section explains how to specify the GPO to silently load and enable the Turbo.net Browser Helper Object. Depending on the policy settings the user may be allowed to disable the add-on afterwards.

First open the Local Group Policy Editor:

> gpedit.msc

Select the Add-on Management node under Computer Configuration/Administrative Templates/Windows Components/Internet Explorer/Security Features in the Local Computer Policy panel.

IE_AddOnList

Double click Add-on List in the detailed view.

Select Enabled and click the Show button in the Options panel.

Add a new entry with Value name {DEC8F2AC-A81F-4BC9-A973-41EE4C4AF116} and Value 1. The Value name corresponds to the class identifier (CLSID) of the Browser Helper Object. The Value is a number indicating whether Internet Explorer should deny or allow the add-on to be loaded. Setting Value to 1 means that an add-on should be allowed. Enter a 2 to allow the add-on to be loaded and permit the user to manage the add-on through Add-on Manager. We recommend using 1 for most administration scenarios.

IE_ShowContents

Click OK to save options and close the dialog.

Press the Apply button to update the policy settings and OK to close the dialog.

Launch the native IE to verify settings.

If the Turbo Sandbox Manager is not running you may see an Internet Explorer Security alert explaining the process will be opened outside of Protected mode. (Turbo Sandbox Manager is the service responsible for integration of Turbo applications with the Turbo.net website.) You can ignore this warning by checking Do not show me the warning for this program again and then clicking Allow.

Go to Tools (Alt + X) and open Manage Add-ons (M).

IE_ManageAddOns

Turbo.net Browser Helper should be included in the list of currently loaded add-ons and be enabled. Note that actions to change the status of the Turbo.net Browser Helper are disabled.

Enable the Turbo.net Extension for All Chrome Users

Google Chrome configuration for all Windows domain users can also be defined using Local Group Policy. This section provides step-by-step instructions on adding the Turbo.net Extension to force-install extensions in Chrome. The extension will be installed silently, without user interaction and cannot be uninstalled by the user. All permissions requested by the extension will be granted implicitly, without user interaction.

As of this writing the Turbo.net Extension requires permissions to read and change all data on the visited websites and communicate with cooperating native applications. The extension supports Chrome 42 and above.

First, Download the IP archive with policy templates from the Chrome website.

(For more information about the policy templates and other supported configuration settings refer to the documentation for Chrome administrators.)

Unpack the archive to and install templates on the local machine by copying them to %SystemRoot%\PolicyDefinitions directory.

Copy .\policy_templates\windows\admx\chrome.admx to %SystemRoot%\PolicyDefinitions.

Copy .\policy_templates\windows\admx\locale\chrome.adml to the %SystemRoot%\PolicyDefinitions\locale directory, where the locale alias corresponds to the locale name (en-US for United States) of the Windows display language used on the host machine.

Run the Local Group Policy Editor:

> gpedit.msc

Select Extensions node under Computer Configuration/Administrative Templates/Google/Google Chrome in the Local Computer Policy panel.

Chrome_LocalGroupPolicyEditor

Double click on the Configure the list of force-installed apps and extensions in the detailed view.

Select Enabled and click the Show button in the Options panel.

Add the following entry to the list of Extension/app ids and update URLs to be silently installed.

ldibmiofagdkgiphkcokpooepankmacl;https://clients2.google.com/service/update2/crx

The first component is the Id of the Turbo.net Extension. The URL points to the standard Chrome Web Store update service.

Chrome_ShowContents

Click OK to save options and close the dialog.

Press the Apply button to update the policy settings and OK to close the dialog.

To verify that local policy settings are applied correctly launch Google Chrome and go to chrome://extensions URL.

Chrome_TurboNetExtension

The Turbo.net Extension should be listed on the page with the Enabled checkbox set, but not available for user interaction and a badge informing that the extension was installed by enterprise policy.

The Local Group Policies presented in this article apply equally well to browsers launched with merge or write-copy isolation using Turbo:

> turbo try google/chrome --isolate=merge
> turbo try microsoft/ie --isolate=write-copy

For a list of all browsers available in Turbo.net, see the Browser Sandbox Channel. Customized web applications for browsing popular web sites such as Facebook, Twitter and WebEx are available in the TurboBrowsers repository. Remember that all Turbo browsers can be customized with specific plugins, IP and site blocking, and many other customizations.

Please share any comments or suggestions on this article with us at @turbohq!