38 |
39 |
40 | ```
41 | Unenroll-from-CBCM.cmd
42 | ```
43 |
--------------------------------------------------------------------------------
/Windows/PowerShell/Unenroll-from-CBCM.cmd:
--------------------------------------------------------------------------------
1 | :: This script will unenroll the Chrome browser from Chrome Browser Cloud Mgmt (CBCM) console by removing the :
2 | :: CloudManagementEnrollmentToken
3 | :: Device token
4 | :: Note: You must delete the enrolled browser from CBCM in the Google Admin Console.
5 | :: Use adminstrator mode when running this script in command prompt.
6 |
7 | :: Remove CloudManagementEnrollmentToken
8 | reg delete "HKLM\SOFTWARE\Policies\Google\Chrome" /v "CloudManagementEnrollmentToken" /f
9 |
10 | :: Remove Device token
11 | reg delete "HKLM\SOFTWARE\Google\Chrome\Enrollment" /f
12 | reg delete "HKLM\SOFTWARE\WOW6432Node\Google\Enrollment" /f
13 |
14 | ::Delete the directory where Google Update writes cached cloud policies
15 | rmdir /s /q "C:\Program Files (x86)\Google\Policies"
16 |
--------------------------------------------------------------------------------
/Windows/PowerShell/WakeBrowser.ps1:
--------------------------------------------------------------------------------
1 | # Execute As System. Launch chrome browser as system in a temp data dir.
2 | Write-Output "Launch the browser"
3 |
4 | # set chrome user data dir.
5 | $chromeUserDataDir = "c:/temp/ChromeLauncherProfile"
6 | #Write-Output $chromeUserDataDir
7 |
8 | # set a name for the chrome profile.
9 | $chromeProfile = "CECProfile"
10 | #Write-Output $chromeProfile
11 |
12 | $chromepaths = $chromeUserDataDir, $chromeUserDataDir + "\" + $chromeProfile
13 |
14 | # construct the chrome arg list.
15 | $chromeArgList = "--user-data-dir=""" + $chromeUserDataDir + """ --profile-directory=""" + $chromeProfile + """"
16 | #Write-Output $chromeArgList
17 | Start-Process "chrome.exe" -ArgumentList $chromeArgList
18 |
19 | Start-Sleep -Seconds 45
20 |
21 | # Execute As System - Find chrome processes running as system and stop the process.
22 | Write-Output "Stop the browser"
23 |
24 | Get-Process -Name chrome -IncludeUserName | Where UserName -match system | Stop-Process -Force
25 |
26 | # wait for the chrome processes to stop.
27 | Start-Sleep -Seconds 15
28 |
29 | # clean up chrome user data dir.
30 | Write-Output "Clean up work"
31 |
32 | if (Test-Path -Path $chromeUserDataDir) {
33 | # Folder exists, so delete it and its contents
34 | Remove-Item -Path $chromeUserDataDir -Recurse -Force
35 | Write-Host "Folder '$chromeUserDataDir' and its contents have been deleted."
36 | }
37 |
--------------------------------------------------------------------------------
/Windows/PowerShell/cbcm/AddEnrollmentTokenThenRegister.ps1:
--------------------------------------------------------------------------------
1 |
2 | #add enrollment token
3 | Write-Output "enrollment token"
4 | Invoke-Command -ScriptBlock {
5 | # policy doc - https://chromeenterprise.google/policies/#CloudManagementEnrollmentToken
6 | #The value of this policy is an enrollment token you can retrieve from the Google Admin console.
7 | $enrollmentToken = ''
8 |
9 | #validate Google policy path
10 | $GoogleRegistryPath = 'HKLM:\SOFTWARE\Policies\Google'
11 | $test = test-path -path $GoogleRegistryPath
12 |
13 | #create if the required path doesn't exist
14 | if(-not($test)){
15 | New-Item -Path $GoogleRegistryPath
16 | }
17 |
18 | #validate Google/Chrome policy path
19 | $GoogleChromeRegistryPath = $GoogleRegistryPath + '\Chrome'
20 | $test = test-path -path $GoogleChromeRegistryPath
21 |
22 | #create if the required path doesn't exist
23 | if(-not($test)){
24 | New-Item -Path $GoogleChromeRegistryPath
25 | }
26 |
27 | #The enrollment token of cloud policy
28 | $keyName = 'CloudManagementEnrollmentToken'
29 |
30 | $member = (Get-Item $GoogleChromeRegistryPath).Property -contains $keyName
31 |
32 | if( $member ) {
33 | Set-ItemProperty -Path $GoogleChromeRegistryPath -Name $keyName -Value $enrollmentToken
34 | }
35 | else {
36 | New-ItemProperty -Path $GoogleChromeRegistryPath -Name $keyName -PropertyType String -Value $enrollmentToken
37 | }
38 | }
39 |
40 | #print enrollment token
41 | #Get-ItemProperty -Path HKLM:\SOFTWARE\Policies\Google\Chrome -Name "CloudManagementEnrollmentToken"
42 |
43 | # Execute As System. Launch chrome browser as system in a temp data dir.
44 | Write-Output "Launch the browser"
45 | Invoke-Command -ScriptBlock {
46 | # set chrome user data dir.
47 | $chromeUserDataDir = "c:/temp3/cbcmLauncher"
48 | #Write-Output $chromeUserDataDir
49 |
50 | # set a name for the chrome profile.
51 | $chromeProfile = "cbcmProfile"
52 | #Write-Output $chromeProfile
53 |
54 | $chromepaths = $chromeUserDataDir, $chromeUserDataDir + "\" + $chromeProfile
55 |
56 | # construct the chrome arg list.
57 | $chromeArgList = "--user-data-dir=""" + $chromeUserDataDir + """ --profile-directory=""" + $chromeProfile + """"
58 | #Write-Output $chromeArgList
59 | Start-Process "chrome.exe" -ArgumentList $chromeArgList
60 | }
61 |
62 | Start-Sleep -Seconds 45
63 |
64 | # Execute As System - Find chrome processes running as system and stop the process.
65 | Write-Output "Stop the browser"
66 | Invoke-Command -ScriptBlock {
67 | Get-Process -Name chrome -IncludeUserName | Where UserName -match system | Stop-Process -Force
68 | }
69 |
70 | # wait for the chrome processes to stop.
71 | Start-Sleep -Seconds 15
72 |
73 | # clean up chrome user data dir.
74 | Write-Output "Clean up work"
75 | $chromeUserDataDir = "c:/temp3"
76 | if (Test-Path -Path $chromeUserDataDir) {
77 | Remove-Item $chromeUserDataDir -Recurse
78 | }
79 |
--------------------------------------------------------------------------------
/Windows/PowerShell/cbcm/CommandAs/AddEnrollmentTokenThenRegisterAsSystem.ps1:
--------------------------------------------------------------------------------
1 | #Requirement - https://github.com/mkellerman/Invoke-CommandAs
2 | Install-Module -Name Invoke-CommandAs -Force
3 |
4 | #add enrollment token
5 | Write-Output "enrollment token"
6 | Invoke-CommandAs -ScriptBlock {
7 | # policy doc - https://chromeenterprise.google/policies/#CloudManagementEnrollmentToken
8 | #The value of this policy is an enrollment token you can retrieve from the Google Admin console.
9 | $enrollmentToken = ''
10 |
11 | #validate Google policy path
12 | $GoogleRegistryPath = 'HKLM:\SOFTWARE\Policies\Google'
13 | $test = test-path -path $GoogleRegistryPath
14 |
15 | #create if the required path doesn't exist
16 | if(-not($test)){
17 | New-Item -Path $GoogleRegistryPath
18 | }
19 |
20 | #validate Google/Chrome policy path
21 | $GoogleChromeRegistryPath = $GoogleRegistryPath + '\Chrome'
22 | $test = test-path -path $GoogleChromeRegistryPath
23 |
24 | #create if the required path doesn't exist
25 | if(-not($test)){
26 | New-Item -Path $GoogleChromeRegistryPath
27 | }
28 |
29 | #The enrollment token of cloud policy
30 | $keyName = 'CloudManagementEnrollmentToken'
31 |
32 | $member = (Get-Item $GoogleChromeRegistryPath).Property -contains $keyName
33 |
34 | if( $member ) {
35 | Set-ItemProperty -Path $GoogleChromeRegistryPath -Name $keyName -Value $enrollmentToken
36 | }
37 | else {
38 | New-ItemProperty -Path $GoogleChromeRegistryPath -Name $keyName -PropertyType String -Value $enrollmentToken
39 | }
40 | } -AsSystem
41 |
42 | #print enrollment token
43 | #Get-ItemProperty -Path HKLM:\SOFTWARE\Policies\Google\Chrome -Name "CloudManagementEnrollmentToken"
44 |
45 | # Execute As System. Launch chrome browser as system in a temp data dir.
46 | Write-Output "Launch the browser"
47 | Invoke-CommandAs -ScriptBlock {
48 | # set chrome user data dir.
49 | $chromeUserDataDir = "c:/temp3/cbcmLauncher"
50 | #Write-Output $chromeUserDataDir
51 |
52 | # set a name for the chrome profile.
53 | $chromeProfile = "cbcmProfile"
54 | #Write-Output $chromeProfile
55 |
56 | $chromepaths = $chromeUserDataDir, $chromeUserDataDir + "\" + $chromeProfile
57 |
58 | # construct the chrome arg list.
59 | $chromeArgList = "--user-data-dir=""" + $chromeUserDataDir + """ --profile-directory=""" + $chromeProfile + """"
60 | #Write-Output $chromeArgList
61 | Start-Process "chrome.exe" -ArgumentList $chromeArgList
62 | } -AsSystem
63 |
64 | Start-Sleep -Seconds 45
65 |
66 | # Execute As System - Find chrome processes running as system and stop the process.
67 | Write-Output "Stop the browser"
68 | Invoke-CommandAs -ScriptBlock {
69 | Get-Process -Name chrome -IncludeUserName | Where UserName -match system | Stop-Process -Force
70 | } -AsSystem
71 |
72 | # wait for the chrome processes to stop.
73 | Start-Sleep -Seconds 15
74 |
75 | # clean up chrome user data dir.
76 | Write-Output "Clean up work"
77 | $chromeUserDataDir = "c:/temp3"
78 | if (Test-Path -Path $chromeUserDataDir) {
79 | Remove-Item $chromeUserDataDir -Recurse
80 | }
81 |
--------------------------------------------------------------------------------
/Windows/PowerShell/cbcm/MoveEnrolledBrowserByWindowsOSName.ps1:
--------------------------------------------------------------------------------
1 | #Define Variables
2 | $scriptFolder = Split-Path ($MyInvocation.MyCommand.Path) -Parent
3 |
4 | #Configure NuGet and then download required libraries
5 | if (Get-PackageProvider -Name NuGet) {
6 | Copy-WriteToLog -logString "NuGet is installed"
7 | }
8 | else {
9 | register-packagesource -Name NuGet -ProviderName NuGet -location https://www.nuget.org/api/v2/
10 | }
11 |
12 | #https://www.nuget.org/packages/Newtonsoft.Json/13.0.1
13 | Install-Package Newtonsoft.Json -Destination $scriptFolder -Force -Source 'https://www.nuget.org/api/v2' -ProviderName NuGet -RequiredVersion '13.0.1' -SkipDependencies -ErrorAction SilentlyContinue
14 | #https://www.nuget.org/packages/Google.Apis.Core/1.57.0
15 | Install-Package Google.Apis.Core -Destination $scriptFolder -Force -Source 'https://www.nuget.org/api/v2' -ProviderName NuGet -RequiredVersion '1.57.0' -SkipDependencies -ErrorAction SilentlyContinue
16 | #https://www.nuget.org/packages/Google.Apis/1.57.0
17 | Install-Package Google.Apis -Destination $scriptFolder -Force -Source 'https://www.nuget.org/api/v2' -ProviderName NuGet -RequiredVersion '1.57.0' -SkipDependencies -ErrorAction SilentlyContinue
18 | #https://www.nuget.org/packages/Google.Apis.Auth/1.57.0
19 | Install-Package Google.Apis.Auth -Destination $scriptFolder -Force -Source 'https://www.nuget.org/api/v2' -ProviderName NuGet -RequiredVersion '1.57.0' -SkipDependencies -ErrorAction SilentlyContinue
20 |
21 |
22 |
23 | #/******* Required Add Types for Google APIs *******/
24 | Add-Type -Path "$scriptFolder\Newtonsoft.Json.13.0.1\lib\net45\Newtonsoft.Json.dll"
25 |
26 | Add-Type -Path "$scriptFolder\Google.Apis.Core.1.57.0\lib\net45\Google.Apis.Core.dll"
27 |
28 | Add-Type -Path "$scriptFolder\Google.Apis.1.57.0\lib\net45\Google.Apis.dll"
29 |
30 | Add-Type -Path "$scriptFolder\Google.Apis.Auth.1.57.0\lib\net45\Google.Apis.Auth.dll"
31 |
32 | #/******* BEGIN: Customer to modify this section *******/
33 | $customerId = ''
34 | $machineName = $env:computername
35 | $secretFile = ''
36 | $org_unit_path = ''
37 | #/******* END: Customer to modify this section *******/
38 |
39 |
40 | #/******* Unenrolling a browser from CBCM *******/
41 | function Set-EnrolledBrowser
42 | {
43 | param (
44 | [Parameter(Mandatory)] [string]$CustomerId,
45 |
46 | [Parameter(Mandatory)] [string]$MachineName,
47 |
48 | [Parameter(Mandatory)] [string]$SecretFile,
49 |
50 | [Parameter(Mandatory)] [string]$OrgUnitPath
51 | )
52 |
53 | $response = ""
54 |
55 | try
56 | {
57 | $qualified = Get-IsWindowsLTSC
58 |
59 | if (-Not $qualified) {
60 | return "Does not qualify."
61 | }
62 |
63 | $authToken = Get-GoogleToken -SecretFile $SecretFile
64 |
65 | $bearerToken = [string]::Format(“Bearer {0}”, $authToken)
66 |
67 | $deviceId = Get-EnrolledBrowser -Token $bearerToken -CustomerId $CustomerId -MachineName $MachineName
68 |
69 | $headers = New-Object "System.Collections.Generic.Dictionary[[String],[String]]"
70 | $headers.Add("Authorization", [string]::Format(“{0}”, $bearerToken))
71 | $headers.Add("Content-Type", "application/json")
72 |
73 | $body = "{`"org_unit_path`":`"$OrgUnitPath`",`"resource_ids`":[`"$deviceId`"]}"
74 |
75 | [string]$requestURL = [string]::Format(“https://www.googleapis.com/admin/directory/v1.1beta1/customer/{0}/devices/chromebrowsers/moveChromeBrowsersToOu”,$CustomerId)
76 |
77 | $response = Invoke-RestMethod $requestURL -Method 'POST' -Headers $headers -Body $body
78 | $response | ConvertTo-Json
79 |
80 | Copy-WriteToLog -logString $response.ToString()
81 | }
82 | catch [System.Net.WebException] {
83 | Copy-WriteToLog -logString $_.Exception + "\r\n" + ($_.Exception.Response.StatusCode.value__ ).ToString().Trim() + "\r\n" + ($_.Exception.Message).ToString().Trim() + "\r\n" + ($_.Exception.TargetSite).ToString().Trim()
84 | } catch {
85 | Copy-WriteToLog -logString $_.Exception
86 | }
87 |
88 |
89 | return $response
90 | }
91 |
92 | #/******* What version of Windows am I running? *******/
93 | function Get-IsWindowsLTSC
94 | {
95 | # get OS name information. Ref: https://learn.microsoft.com/en-us/windows/client-management/windows-version-search
96 | $osName = systeminfo | findstr /B /C:"OS Name" /B
97 |
98 | if (($osName -like "*LTSB*") -or ($osName -like "*LTSC*")){
99 | return $true
100 | }
101 |
102 | return $false
103 | }
104 |
105 |
106 | #/******* Get the device Id from the enrolled browser *******/
107 | function Get-EnrolledBrowser
108 | {
109 | param (
110 | [Parameter(Mandatory)] [Object[]]$Token,
111 |
112 | [Parameter(Mandatory)] [string]$CustomerId,
113 |
114 | [Parameter(Mandatory)] [string]$MachineName
115 | )
116 | $deviceId = ""
117 | try
118 | {
119 |
120 | $headers = New-Object "System.Collections.Generic.Dictionary[[String],[String]]"
121 | $headers.Add("Authorization", [string]::Format(“{0}”, $Token))
122 | [string]$requestURL = [string]::Format(“https://www.googleapis.com/admin/directory/v1.1beta1/customer/{0}/devices/chromebrowsers?query=machine_name:{1}&projection=BASIC”,$CustomerId, $MachineName)
123 |
124 | $response = Invoke-RestMethod $requestURL -Method 'GET' -Headers $headers
125 |
126 | $deviceId = $response.browsers[0].deviceId
127 | Copy-WriteToLog -logString "The device ID is $($deviceId)"
128 | }
129 | catch
130 | {
131 | Copy-WriteToLog -logString $_.Exception.Message
132 | }
133 |
134 | return $deviceId
135 |
136 | }
137 |
138 |
139 | #/******* Get Auth Token *******/
140 | function Get-GoogleToken
141 | {
142 | param (
143 | [Parameter(Mandatory)] [string]$SecretFile
144 | )
145 | $token = ''
146 | try
147 | {
148 | $JsonFilePath = $SecretFile
149 | $scopes = New-Object -TypeName System.Collections.Generic.List[string]
150 | #add additional scope to the collection
151 | $scopes.Add('https://www.googleapis.com/auth/admin.directory.device.chromebrowsers')
152 |
153 | $googleCred = [Google.Apis.Auth.OAuth2.GoogleCredential]::FromFile($JsonFilePath)
154 | $googleCred = $googleCred.CreateScoped($scopes)
155 |
156 | $token = ([Google.Apis.Auth.OAuth2.ITokenAccess]$googleCred).GetAccessTokenForRequestAsync().GetAwaiter().GetResult()
157 | Copy-WriteToLog -logString "The token is $($token)"
158 |
159 | }
160 | catch
161 | {
162 | Copy-WriteToLog -logString $_.Exception.Message
163 | }
164 |
165 | return $token
166 | }
167 |
168 | #/******* Write to a local log fle *******/
169 | function Copy-WriteToLog
170 | {
171 | Param (
172 | [string]$logString
173 | )
174 |
175 | $logfile = $scriptFolder + "\" + "MoveBrowser.txt"
176 | $stamp = (Get-Date).toString("yyyy/MM/dd HH:mm:ss")
177 | $logMessage = "$stamp $logString"
178 | Add-content $logfile -value $logMessage
179 | }
180 |
181 |
182 | #/******* BEGIN: main *******/
183 | Set-EnrolledBrowser -CustomerId $customerId -MachineName $machineName -SecretFile $secretFile -OrgUnitPath $org_unit_path
184 | #/******* END: rmain *******/
185 |
--------------------------------------------------------------------------------
/Windows/PowerShell/cbcm/MoveReEnrollBrowser.ps1:
--------------------------------------------------------------------------------
1 | #/******* Start: Move browsers between OUs using the CBCM enrollment token *******/
2 | #The value of this policy is an enrollment token you can retrieve from the Google Admin console.
3 | $enrollmentToken = ''
4 |
5 | #/******* Write to a local log fle *******/
6 | function Copy-WriteToLog
7 | {
8 | Param (
9 | [string]$logString
10 | )
11 |
12 | $logfile = $scriptFolder + "\" + "MoveReEnrollBrowser_log.txt"
13 | $stamp = (Get-Date).toString("yyyy/MM/dd HH:mm:ss")
14 | $logMessage = "$stamp $logString"
15 | Add-content $logfile -value $logMessage
16 | }
17 |
18 | #/******* Test registry value *******/
19 | Function Test-RegistryValue ($regkey, $name) {
20 | if (Get-ItemProperty -Path $regkey -Name $name -ErrorAction Ignore) {
21 | return $true
22 | } else {
23 | return $false
24 | }
25 | }
26 |
27 | $GoogleChromeRegistryPath = 'HKLM:\SOFTWARE\Policies\Google\Chrome'
28 | #The enrollment token of cloud policy
29 | $keyName = 'CloudManagementEnrollmentToken'
30 |
31 | #chrome browser cloud enrollment token
32 | if ((Test-RegistryValue $GoogleChromeRegistryPath 'CloudManagementEnrollmentToken'))
33 | {
34 | Set-ItemProperty -Path $GoogleChromeRegistryPath -Name $keyName -Value $enrollmentToken
35 | Copy-WriteToLog -logString "Cloud Management Enrollment Token Updated"
36 | }
37 |
38 | $dmTokenInRegularHive = 'HKLM:\SOFTWARE\Google\Chrome\Enrollment'
39 |
40 | #device management token from regular hive
41 | if ((Test-RegistryValue $dmTokenInRegularHive 'dmtoken'))
42 | {
43 | Remove-Item $dmTokenInRegularHive
44 | Copy-WriteToLog -logString "dmtoken deleted from regular hive"
45 | }
46 |
47 | $dmTokenInWOWHive = 'HKLM:\SOFTWARE\WOW6432Node\Google\Enrollment'
48 |
49 | #device management token from WOW6432Node hive
50 | if ((Test-RegistryValue $dmTokenInWOWHive 'dmtoken'))
51 | {
52 | Remove-Item $dmTokenInWOWHive
53 | Copy-WriteToLog -logString "dmtoken deleted from WOW6432Node hive"
54 | }
55 |
56 |
57 | #/******* END: Move browsers between OUs using the CBCM enrollment token *******/
--------------------------------------------------------------------------------
/Windows/PowerShell/cbcm/README.md:
--------------------------------------------------------------------------------
1 | # Random CBCM Scripts
2 | ## Enroll the browser
3 | Consider using the [Add Enrollment Token then Register script](AddEnrollmentTokenThenRegister.ps1) to set the [CloudManagementEnrollmentToken](https://chromeenterprise.google/policies/#CloudManagementEnrollmentToken) to register the browser with Chrome Browser Cloud Management (CBCM). In order to complete the registration process, the script should run under the System context.
4 |
5 | **Note:** Insert the enrollment token from the Google Admin console in [line](AddEnrollmentTokenThenRegister.ps1#L9) before running the script.
6 |
7 | ```
8 | .\AddEnrollmentTokenThenRegister.ps1
9 | ```
10 |
11 | ## Move browsers between OU using enrollment token
12 | Consider using the [Move Re-enroll Browser script](MoveReEnrollBrowser.ps1) to move enrolled browsers between OUs based on the enrollment token. In order to update registry settings, the script should run under the System context.
13 |
14 | This feature is only available via an allowlist - please contaact your Chrome Browser Enterprise team to add your domain to the allowlist.
15 |
16 | **Note:** Insert the enrollment token from the Google Admin console in [line](MoveReEnrollBrowser.ps1#L3) before running the script.
17 |
18 | ```
19 | .\MoveReEnrollBrowser.ps1
20 | ```
21 |
22 | ## Unenroll the browser
23 | Consider using the [Unenroll Browser script](UnenrollBrowser.ps1) to unenroll a browser from CBCM and delete the CloudManagementEnrollmentToken and device management token from the device. Unenrolling devices from CBCM also deletes the already uploaded data to the Admin console. Platform policies and cloud-based user policies are not affected.
24 |
25 | **Note:** You will need to add the customer ID and the OAuth key JSON file to the script to allow an API call to delete an enrolled browser. Run the script from devices that should be unenrolled.
26 |
27 | :point_right: Add the customer id [here](https://github.com/google/ChromeBrowserEnterprise/blob/main/ps/src/cbcm/UnenrollBrowser.ps1#L159). You can find the customer Id by navigating to the [Google Admin Console](https://admin.google.com) > Account > Account Settings.
28 |
29 | :point_right: Add the path to the OAuth client secret file [here](https://github.com/google/ChromeBrowserEnterprise/blob/main/ps/src/cbcm/UnenrollBrowser.ps1#L161). You can download the file from the [Google Developer Console](https://console.developers.google.com/apis/api/admin.googleapis.com/overview?project=_)
30 |
31 |
32 | ```
33 | .\UnenrollBrowser.ps1
34 | ```
35 |
36 | ## Move Chrome browsers between Organization Units
37 | Consider using the [Move enrolled browser by Windows OS Name](MoveEnrolledBrowserByWindowsOSName.ps1) to move enrolled browser between Organization Units (OU). The script performs the move if the Windows OS is qualifies as [Long-Term Servicing Channel (LTSC, formerly LTSB)](https://learn.microsoft.com/en-us/windows/client-management/windows-version-search). However, you can change the qualification rule(s) to fit your business needs.
38 |
39 | **Note:** You will need to add the customer ID, the service account key JSON file, and the destination OU path to the script.
40 |
41 | :point_right: Add the customer id [here](https://github.com/google/ChromeBrowserEnterprise/blob/main/ps/src/cbcm/MoveEnrolledBrowserByWindowsOSName.ps1#L33). You can find the customer Id by navigating to the [Google Admin Console](https://admin.google.com) > Account > Account Settings.
42 |
43 | :point_right: Add the path to the OAuth client secret file [here]((https://github.com/google/ChromeBrowserEnterprise/blob/main/ps/src/cbcm/MoveEnrolledBrowserByWindowsOSName.ps1#L48)). You can download the file from the [Google Developer Console](https://console.developers.google.com/apis/api/admin.googleapis.com/overview?project=_)
44 |
45 | :point_right: Add the destination [OU path](https://github.com/google/ChromeBrowserEnterprise/blob/main/ps/src/cbcm/MoveEnrolledBrowserByWindowsOSName.ps1#L50). An example of the destination OU path 'North America/Austin/AUS Managed User'
46 |
47 |
48 | ```
49 | .\MoveEnrolledBrowserByWindowsOSName.ps1
50 | ```
51 |
52 |
--------------------------------------------------------------------------------
/Windows/PowerShell/cbcm/UnenrollBrowser.ps1:
--------------------------------------------------------------------------------
1 | #Define Variables
2 | $scriptFolder = Split-Path ($MyInvocation.MyCommand.Path) -Parent
3 |
4 | #Configure NuGet and then download required libraries
5 | if (Get-PackageProvider -Name NuGet) {
6 | Copy-WriteToLog -logString "NuGet is installed"
7 | }
8 | else {
9 | register-packagesource -Name NuGet -ProviderName NuGet -location https://www.nuget.org/api/v2/
10 | }
11 |
12 | #https://www.nuget.org/packages/Newtonsoft.Json/13.0.1
13 | Install-Package Newtonsoft.Json -Destination $scriptFolder -Force -Source 'https://www.nuget.org/api/v2' -ProviderName NuGet -RequiredVersion '13.0.1' -SkipDependencies -ErrorAction SilentlyContinue
14 | #https://www.nuget.org/packages/Google.Apis.Core/1.57.0
15 | Install-Package Google.Apis.Core -Destination $scriptFolder -Force -Source 'https://www.nuget.org/api/v2' -ProviderName NuGet -RequiredVersion '1.57.0' -SkipDependencies -ErrorAction SilentlyContinue
16 | #https://www.nuget.org/packages/Google.Apis/1.57.0
17 | Install-Package Google.Apis -Destination $scriptFolder -Force -Source 'https://www.nuget.org/api/v2' -ProviderName NuGet -RequiredVersion '1.57.0' -SkipDependencies -ErrorAction SilentlyContinue
18 | #https://www.nuget.org/packages/Google.Apis.Auth/1.57.0
19 | Install-Package Google.Apis.Auth -Destination $scriptFolder -Force -Source 'https://www.nuget.org/api/v2' -ProviderName NuGet -RequiredVersion '1.57.0' -SkipDependencies -ErrorAction SilentlyContinue
20 |
21 |
22 |
23 | #/******* Required Add Types for Google APIs *******/
24 | Add-Type -Path "$scriptFolder\Newtonsoft.Json.13.0.1\lib\net45\Newtonsoft.Json.dll"
25 |
26 | Add-Type -Path "$scriptFolder\Google.Apis.Core.1.57.0\lib\net45\Google.Apis.Core.dll"
27 |
28 | Add-Type -Path "$scriptFolder\Google.Apis.1.57.0\lib\net45\Google.Apis.dll"
29 |
30 | Add-Type -Path "$scriptFolder\Google.Apis.Auth.1.57.0\lib\net45\Google.Apis.Auth.dll"
31 |
32 |
33 |
34 | #/******* Unenrolling a browser from CBCM *******/
35 | function Clear-EnrolledBrowser
36 | {
37 | param (
38 | [Parameter(Mandatory)] [string]$CustomerId,
39 |
40 | [Parameter(Mandatory)] [string]$MachineName,
41 |
42 | [Parameter(Mandatory)] [string]$SecretFile
43 | )
44 |
45 | $response = ""
46 |
47 | try
48 | {
49 | $authToken = Get-GoogleToken -SecretFile $SecretFile
50 |
51 | $bearerToken = [string]::Format(“Bearer {0}”, $authToken)
52 |
53 | $deviceId = Get-EnrolledBrowser -Token $bearerToken -CustomerId $CustomerId -MachineName $MachineName
54 |
55 | $headers = New-Object "System.Collections.Generic.Dictionary[[String],[String]]"
56 | $headers.Add("Authorization", [string]::Format(“{0}”, $bearerToken))
57 |
58 | [string]$requestURL = [string]::Format(“https://www.googleapis.com/admin/directory/v1.1beta1/customer/{0}/devices/chromebrowsers/{1}”,$CustomerId, $deviceId)
59 |
60 | $response = Invoke-RestMethod $requestURL -Method 'DELETE' -Headers $headers
61 | $response | ConvertTo-Json
62 |
63 | Copy-WriteToLog -logString $response.ToString()
64 | }
65 | catch
66 | {
67 | Copy-WriteToLog -logString $_.Exception.GetType().FullName + "::" + $_.Exception.Message
68 | }
69 |
70 | return $response
71 | }
72 |
73 | #/******* Get the device Id from the enrolled browser *******/
74 | function Get-EnrolledBrowser
75 | {
76 | param (
77 | [Parameter(Mandatory)] [Object[]]$Token,
78 |
79 | [Parameter(Mandatory)] [string]$CustomerId,
80 |
81 | [Parameter(Mandatory)] [string]$MachineName
82 | )
83 | $deviceId = ""
84 | try
85 | {
86 |
87 | $headers = New-Object "System.Collections.Generic.Dictionary[[String],[String]]"
88 | $headers.Add("Authorization", [string]::Format(“{0}”, $Token))
89 | [string]$requestURL = [string]::Format(“https://www.googleapis.com/admin/directory/v1.1beta1/customer/{0}/devices/chromebrowsers?query=machine_name:{1}&projection=BASIC”,$CustomerId, $MachineName)
90 |
91 | $response = Invoke-RestMethod $requestURL -Method 'GET' -Headers $headers
92 |
93 | $deviceId = $response.browsers[0].deviceId
94 | Copy-WriteToLog -logString "The device ID is $($deviceId)"
95 | }
96 | catch
97 | {
98 | Copy-WriteToLog -logString $_.Exception.Message
99 | }
100 |
101 | return $deviceId
102 |
103 | }
104 |
105 |
106 | #/******* Get Auth Token *******/
107 | function Get-GoogleToken
108 | {
109 | param (
110 | [Parameter(Mandatory)] [string]$SecretFile
111 | )
112 | $token = ''
113 | try
114 | {
115 | $JsonFilePath = $SecretFile
116 | $scopes = New-Object -TypeName System.Collections.Generic.List[string]
117 | #add additional scope to the collection
118 | $scopes.Add('https://www.googleapis.com/auth/admin.directory.device.chromebrowsers')
119 |
120 | $googleCred = [Google.Apis.Auth.OAuth2.GoogleCredential]::FromFile($JsonFilePath)
121 | $googleCred = $googleCred.CreateScoped($scopes)
122 |
123 | $token = ([Google.Apis.Auth.OAuth2.ITokenAccess]$googleCred).GetAccessTokenForRequestAsync().GetAwaiter().GetResult()
124 | Copy-WriteToLog -logString "The token is $($token)"
125 |
126 | }
127 | catch
128 | {
129 | Copy-WriteToLog -logString $_.Exception.Message
130 | }
131 |
132 | return $token
133 | }
134 |
135 | #/******* Write to a local log fle *******/
136 | function Copy-WriteToLog
137 | {
138 | Param (
139 | [string]$logString
140 | )
141 |
142 | $logfile = $scriptFolder + "\" + "UnenrollBrowser.txt"
143 | $stamp = (Get-Date).toString("yyyy/MM/dd HH:mm:ss")
144 | $logMessage = "$stamp $logString"
145 | Add-content $logfile -value $logMessage
146 | }
147 |
148 | #/******* Test registry value *******/
149 | Function Test-RegistryValue ($regkey, $name) {
150 | if (Get-ItemProperty -Path $regkey -Name $name -ErrorAction Ignore) {
151 | return $true
152 | } else {
153 | return $false
154 | }
155 | }
156 |
157 |
158 | #/******* BEGIN: Customer to modify this section *******/
159 | $customerId = ''
160 | $machineName = $env:computername
161 | $secretFile = ''
162 | #/******* END: Customer to modify this section *******/
163 |
164 | #/******* BEGIN: remove browser from CBCM *******/
165 | Clear-EnrolledBrowser -CustomerId $customerId -MachineName $machineName -SecretFile $secretFile
166 | #/******* END: remove browser from CBCM *******/
167 |
168 | #/******* BEGIN: cbcm data from local device *******/
169 |
170 | #CloudManagementEnrollmentToken
171 | if ((Test-RegistryValue 'HKLM:\SOFTWARE\Policies\Google\Chrome', 'CloudManagementEnrollmentToken'))
172 | {
173 | Remove-ItemProperty –Path 'HKLM:\SOFTWARE\Policies\Google\Chrome' –Name 'CloudManagementEnrollmentToken'
174 | Copy-WriteToLog -logString "CloudManagementEnrollmentToken deleted"
175 | }
176 |
177 | #device management token from regular hive
178 | if ((Test-RegistryValue 'HKLM:\SOFTWARE\Google\Chrome\Enrollment' 'dmtoken'))
179 | {
180 | Remove-Item 'HKLM:\SOFTWARE\Google\Chrome\Enrollment'
181 | Copy-WriteToLog -logString "dmtoken deleted from regular hive"
182 | }
183 |
184 | #device management token from WOW6432Node hive
185 | if ((Test-RegistryValue 'HKLM:\SOFTWARE\WOW6432Node\Google\Enrollment' 'dmtoken'))
186 | {
187 | Remove-Item 'HKLM:\SOFTWARE\WOW6432Node\Google\Enrollment'
188 | Copy-WriteToLog -logString "dmtoken deleted from WOW6432Node hive"
189 | }
190 |
191 | #/******* END: cbcm data from local device *******/
192 |
--------------------------------------------------------------------------------
/Windows/PowerShell/cbcm/cbcm_get_token_with_json_file.ps1:
--------------------------------------------------------------------------------
1 | #Define Variables
2 | $scriptFolder = Split-Path ($MyInvocation.MyCommand.Path) -Parent
3 |
4 | #Configure NuGet and then download required libraries
5 | if (Get-PackageProvider -Name NuGet) {
6 | Copy-WriteToLog -logString "Version of NuGet installed = " + (Get-PackageProvider -Name NuGet).version
7 | }
8 | else {
9 | register-packagesource -Name NuGet -ProviderName NuGet -location https://www.nuget.org/api/v2/
10 | }
11 |
12 | #https://www.nuget.org/packages/Newtonsoft.Json/13.0.1
13 | Install-Package Newtonsoft.Json -Destination $scriptFolder -Force -Source 'https://www.nuget.org/api/v2' -ProviderName NuGet -RequiredVersion '13.0.1' -SkipDependencies -ErrorAction SilentlyContinue
14 | #https://www.nuget.org/packages/Google.Apis.Core/1.57.0
15 | Install-Package Google.Apis.Core -Destination $scriptFolder -Force -Source 'https://www.nuget.org/api/v2' -ProviderName NuGet -RequiredVersion '1.57.0' -SkipDependencies -ErrorAction SilentlyContinue
16 | #https://www.nuget.org/packages/Google.Apis/1.57.0
17 | Install-Package Google.Apis -Destination $scriptFolder -Force -Source 'https://www.nuget.org/api/v2' -ProviderName NuGet -RequiredVersion '1.57.0' -SkipDependencies -ErrorAction SilentlyContinue
18 | #https://www.nuget.org/packages/Google.Apis.Auth/1.57.0
19 | Install-Package Google.Apis.Auth -Destination $scriptFolder -Force -Source 'https://www.nuget.org/api/v2' -ProviderName NuGet -RequiredVersion '1.57.0' -SkipDependencies -ErrorAction SilentlyContinue
20 |
21 |
22 |
23 | #/******* Required Add Types for Google APIs *******/
24 | Add-Type -Path "$scriptFolder\Newtonsoft.Json.13.0.1\lib\net45\Newtonsoft.Json.dll"
25 |
26 | Add-Type -Path "$scriptFolder\Google.Apis.Core.1.57.0\lib\net45\Google.Apis.Core.dll"
27 |
28 | Add-Type -Path "$scriptFolder\Google.Apis.1.57.0\lib\net45\Google.Apis.dll"
29 |
30 | Add-Type -Path "$scriptFolder\Google.Apis.Auth.1.57.0\lib\net45\Google.Apis.Auth.dll"
31 |
32 |
33 |
34 | #/******* Get Auth Token *******/
35 | function Get-GoogleToken
36 | {
37 | param (
38 | [Parameter(Mandatory)] [string]$SecretFile
39 | )
40 | $token = ''
41 | try
42 | {
43 | $JsonFilePath = $scriptFolder + "\" + $SecretFile
44 | $scopes = New-Object -TypeName System.Collections.Generic.List[string]
45 | #add additional scope to the collection
46 | $scopes.Add('https://www.googleapis.com/auth/admin.directory.device.chromebrowsers')
47 |
48 | $googleCred = [Google.Apis.Auth.OAuth2.GoogleCredential]::FromFile($JsonFilePath)
49 | $googleCred = $googleCred.CreateScoped($scopes)
50 |
51 | $token = ([Google.Apis.Auth.OAuth2.ITokenAccess]$googleCred).GetAccessTokenForRequestAsync().GetAwaiter().GetResult()
52 | Copy-WriteToLog -logString "The token is $($token)"
53 |
54 | }
55 | catch
56 | {
57 | Copy-WriteToLog -logString $_.Exception.Message
58 | }
59 |
60 | return $token
61 | }
62 |
63 | #/******* Write to a local log fle *******/
64 | function Copy-WriteToLog
65 | {
66 | Param (
67 | [string]$logString
68 | )
69 |
70 | $logfile = $scriptFolder + "\" + "cbcmLog.txt"
71 | $stamp = (Get-Date).toString("yyyy/MM/dd HH:mm:ss")
72 | $logMessage = "$stamp $logString"
73 | Add-content $logfile -value $logMessage
74 | }
75 |
76 |
77 | #/******* BEGIN: Customer to modify this section *******/
78 | $secretFile = ''
79 | #/******* END: Customer to modify this section *******/
80 |
81 | #/******* BEGIN: Get auth token *******/
82 | $authToken = Get-GoogleToken -SecretFile $secretFile
83 |
--------------------------------------------------------------------------------
/Windows/PowerShell/cbcm/cbcm_get_token_with_json_var.ps1:
--------------------------------------------------------------------------------
1 | #Define Variables
2 | $scriptFolder = Split-Path ($MyInvocation.MyCommand.Path) -Parent
3 |
4 |
5 | #Add Types for Google APIs
6 |
7 | Add-Type -Path "$scriptFolder\Newtonsoft.Json.dll"
8 |
9 | Add-Type -Path "$scriptFolder\Google.Apis.Core.dll"
10 |
11 | Add-Type -Path "$scriptFolder\Google.Apis.Auth.dll"
12 |
13 | Add-Type -Path "$scriptFolder\Google.Apis.dll"
14 |
15 | Add-Type -Path "$scriptFolder\Google.Apis.ChromeManagement.v1.dll"
16 |
17 | Add-Type -Path "$scriptFolder\Google.Apis.Auth.PlatformServices.dll"
18 |
19 |
20 |
21 | function Get-GoogleToken
22 | {
23 | #Set private key start/end tags
24 | $GooglePrivateKey = "-----BEGIN PRIVATE KEY-----\n$($GooglePrivateKey)\n-----END PRIVATE KEY-----\n"
25 |
26 | #Build json for authorization certificate
27 | $jsonFile = @{ }
28 | $jsonFile.Add("type", "service_account")
29 | $jsonFile.Add("project_id", $GoogleProjectID)
30 | $jsonFile.Add("private_key_id", $GooglePrivateID)
31 | $jsonFile.Add("private_key", $GooglePrivateKey)
32 | $jsonFile.Add("client_email", $GoogleClienteMail)
33 | $jsonFile.Add("client_id", $GoogleClientID)
34 | $jsonFile.Add("auth_uri", https://accounts.google.com/o/oauth2/auth)
35 | $jsonFile.Add("token_uri", https://oauth2.googleapis.com/token)
36 | $jsonFile.Add("auth_provider_x509_cert_url", https://www.googleapis.com/oauth2/v1/certs)
37 | $jsonFile.Add("client_x509_cert_url", https://www.googleapis.com/robot/v1/metadata/x509/$($GoogleClienteMail.Replace('@','%40')))
38 |
39 | #Convert to json and fix
40 | $jsonCert = $jsonFile | ConvertTo-Json
41 | $jsonCert = $jsonCert.Replace(\\n, "\n")
42 |
43 | #Add necessary scopes
44 | $scopes = New-Object -TypeName System.Collections.Generic.List[string]
45 | $scopes.Add(https://www.googleapis.com/auth/admin.directory.device.chromebrowsers)
46 |
47 | #Create the credential and get token
48 | $googleCred = [Google.Apis.Auth.OAuth2.GoogleCredential]::FromJson($jsonCert)
49 | $googleCred = $googleCred.CreateScoped($scopes)
50 | $token = ([Google.Apis.Auth.OAuth2.ITokenAccess]$googleCred).GetAccessTokenForRequestAsync().GetAwaiter().GetResult()
51 |
52 | return $token
53 | }
54 |
--------------------------------------------------------------------------------
/Windows/PowerShell/disableEdgeDefaultBrowserSettingsCampaigns.ps1:
--------------------------------------------------------------------------------
1 |
2 | #disable Edge default browser settings campaigns
3 |
4 | Invoke-Command -ScriptBlock {
5 | # policy doc - https://learn.microsoft.com/en-us/deployedge/microsoft-edge-policies#defaultbrowsersettingscampaignenabled
6 | #default browser settings campaigns policy
7 | $keyName = 'DefaultBrowserSettingsCampaignEnabled'
8 | $DefaultBrowserSettingsCampaignEnabledValue = 0
9 |
10 | #validate Microsoft policy path
11 | $MicrosoftRegistryPath = 'HKLM:\SOFTWARE\Policies\Microsoft'
12 | $test = test-path -path $MicrosoftRegistryPath
13 |
14 | #create if the required path doesn't exist
15 | if(-not($test)){
16 | New-Item -Path $MicrosoftRegistryPath
17 | }
18 |
19 | #validate Microsoft\Edge policy path
20 | $MicrosoftEdgeRegistryPath = $MicrosoftRegistryPath + '\Edge'
21 | $test = test-path -path $MicrosoftEdgeRegistryPath
22 |
23 | #create if the required path doesn't exist
24 | if(-not($test)){
25 | New-Item -Path $MicrosoftEdgeRegistryPath
26 | }
27 |
28 | $member = (Get-Item $MicrosoftEdgeRegistryPath).Property -contains $keyName
29 |
30 | if( $member ) {
31 | Set-ItemProperty -Path $MicrosoftEdgeRegistryPath -Name $keyName -Value $DefaultBrowserSettingsCampaignEnabledValue
32 | }
33 | else {
34 | New-ItemProperty -Path $MicrosoftEdgeRegistryPath -Name $keyName -PropertyType DWORD -Value $DefaultBrowserSettingsCampaignEnabledValue
35 | }
36 |
37 | #print enrollment token
38 | #Get-ItemProperty -Path $MicrosoftEdgeRegistryPath -Name $keyName
39 | }
40 |
--------------------------------------------------------------------------------
/Windows/PowerShell/unenroll-admin-cmd-capture.PNG:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/google/ChromeBrowserEnterprise/5bd9bab4bac21180209a84e67ee5cc67bd6fcaf9/Windows/PowerShell/unenroll-admin-cmd-capture.PNG
--------------------------------------------------------------------------------
/Windows/README.md:
--------------------------------------------------------------------------------
1 | # Windows
2 | ## Pin Chrome to the taskbar
3 | You can pin Chrome to the Windows taskbar using the [XML configuration file](/Windows/PinChromeToTaskbar.xml). To learn more about task bar config file, deployment methods, and user experience, check out [Configure the applications pinned to the taskbar](https://learn.microsoft.com/en-us/windows/configuration/taskbar/pinned-apps?tabs=intune&pivots=windows-11).
4 |
5 |
--------------------------------------------------------------------------------
/curl/authorization.md:
--------------------------------------------------------------------------------
1 | Create OAuth2.0 Client IDs and configure the OAuth concent screen. Refer to [Using OAuth 2.0 to Access Google APIs](https://developers.google.com/identity/protocols/oauth2).
2 |
3 | #### Get the Authorization code from the OAuth 2.0 Playground
4 | Navigate to the [OAuth 2.0 Playground](https://developers.google.com/oauthplayground/). Use the settings button to configure OAuth 2.0 configuration
5 | 
6 |
7 | Add [scope to authorize](/../main/docs/auth.md). Click on "Exchnage authorization code for tokens" button found in Step 2. Don't forget to consent the request. You will need the resulting Authorization code, Refresh token, and Access token.
8 |
9 | Request using curl
10 |
11 | ```
12 | curl -s --request POST --data "client_id=[CLIENT ID]&client_secret=[CLIENT SECRET]&refresh_token=[REFRESH TOKEN]&grant_type=refresh_token" https://accounts.google.com/o/oauth2/token
13 | ```
14 |
15 | Response
16 |
17 | ```json
18 | {
19 | "access_token": "ya29.some_hash_value",
20 | "expires_in": 3599,
21 | "scope": "https://www.googleapis.com/auth/admin.directory.device.chromebrowsers.readonly",
22 | "token_type": "Bearer"
23 | }
24 | ```
25 |
--------------------------------------------------------------------------------
/docs/API_Get_Started.md:
--------------------------------------------------------------------------------
1 | # Getting started with CBCM API
2 | CBCM offers a wide range of APIs that let you integrate your services with CBCM.
3 |
4 | ## Learn about how authentication & authorization works in the CBCM API
5 | Authentication and authorization are used to verify identity and access to resources. This document identifies key terms you should know before implementing authentication and authorization in your app.
6 |
7 | ### OAuth consent process overview
8 | Use this credential to authenticate as an end user and requires your app to request and receive consent from the user (helpful in [Postman](https://github.com/google/ChromeBrowserEnterprise/tree/main/postman)).
9 | The following diagram shows the high-level steps of authentication and authorization for OAuth consent.
10 | 
11 | 1. **Configure your Google Cloud project and app**: During development, you register your app in the Google Cloud console, defining authorization scopes and access credentials to authenticate your app.
12 |
13 | 2. **Authenticate your app for access**: The registered access credentials are evaluated when your app runs. A sign-in prompt might be displayed if your app authenticates as an end user.
14 |
15 | 3. **Request resources**: When your app needs access to Google resources, it asks Google to use the relevant scopes of access you previously registered.
16 |
17 | 4. **Ask for user consent**: If your app authenticates as an end user, Google displays the OAuth consent screen so the user can decide whether to grant your app access to the requested data.
18 |
19 | 5. **Send approved request for resources**: If the user consents to the scopes of access, your app bundles the credentials and the user-approved scopes of access into a request. The request is sent to the Google authorization server to obtain an access token.
20 |
21 | 6. **Google returns an access token**: The access token contains a list of granted scopes of access. If the returned list of scopes is more limited than the requested scopes of access, your app disables any features limited by the token.
22 |
23 | 7. **Access requested resources**: Your app uses the access token from Google to invoke the relevant APIs and access the resources.
24 |
25 | ### Service Account process overview
26 | Service accounts represent non-human users. They're intended for scenarios where a workload, such as a custom application, needs to access resources or perform actions without end-user involvement (beneficial for [CBCM-CSharp](https://github.com/google/ChromeBrowserEnterprise/tree/main/dotnet), [Python](https://github.com/google/ChromeBrowserEnterprise/tree/main/Python), and [PowerShell](https://github.com/google/ChromeBrowserEnterprise/tree/main/ps/src/cbcm) scripts). Authorization using a service account does **not** require consent from the user.
27 |
28 | Since you are creating [user-managed service accounts](https://cloud.google.com/iam/docs/service-accounts#user-managed-keys) in your project, **You are responsible for managing and securing these accounts**. See [Best practices for working with service accounts](https://cloud.google.com/iam/docs/best-practices-service-accounts).
29 |
30 | ## Follow these steps to set up the CBCM API
31 | 1. [Create a Google Cloud project](https://github.com/google/ChromeBrowserEnterprise/blob/main/docs/create_proj.MD) for your Google Workspace app, extension, or integration.
32 |
33 | 2. [Enable the APIs you want to use](https://github.com/google/ChromeBrowserEnterprise/blob/main/docs/proj_apis.MD) in your Google Cloud project.
34 |
35 | 3. Create a [service account](https://github.com/google/ChromeBrowserEnterprise/blob/main/docs/service_acct.MD).
36 |
37 | 4. Configure [OAuth consent](https://github.com/google/ChromeBrowserEnterprise/blob/main/postman/README.md) to ensure users can understand and approve what access your app has to their data.
38 |
--------------------------------------------------------------------------------
/docs/App_Details_api.md:
--------------------------------------------------------------------------------
1 | # App Details API
2 | The [App Details API](https://developers.google.com/chrome/management/guides/app_details_api) enables you to get detailed information about requested or specified apps. The Reports API is part of the [Chrome Management API](https://developers.google.com/chrome/management/?hl=en_US).
3 | - Postman collection: [App Details API.postman_collection.json](https://github.com/google/ChromeBrowserEnterprise/blob/main/postman/App%20Details%20API.postman_collection.json)
4 | - Scope: https://www.googleapis.com/auth/chrome.management.appdetails.readonly
5 |
6 | ## Retrieve a specific app by its resource name
7 | Get a specific app for a customer by its resource name. If successful, the response body contains an instance of [AppDetails](https://developers.google.com/chrome/management/reference/rest/v1/customers.apps.android#AppDetails).
8 | #### Request
9 | ```
10 | GET https://chromemanagement.googleapis.com/v1/customers/my_customer/apps/chrome/blipmdconlkpinefehnmjammfjpmpbjk
11 | ```
12 | #### Response
13 | ```
14 | {
15 | "name": "customers/C033fmrgf/apps/chrome/blipmdconlkpinefehnmjammfjpmpbjk",
16 | "displayName": "Lighthouse",
17 | "appId": "blipmdconlkpinefehnmjammfjpmpbjk",
18 | "revisionId": "100.0.0.0",
19 | "type": "CHROME",
20 | "iconUri": "https://lh3.googleusercontent.com/JsGtt7BHEbHhQl5OzJikROL49WGoN0fBNcU_mvLRjWqx7nm7r7rzdG0DpET4qcK1FhNkFpcKf600G-Eoxx-_q3D4iA",
21 | "detailUri": "https://chrome.google.com/webstore/detail/blipmdconlkpinefehnmjammfjpmpbjk",
22 | "firstPublishTime": "2016-03-20T00:58:48.378Z",
23 | "latestPublishTime": "2019-11-21T03:56:08.202Z",
24 | "publisher": "developers.google.com/web",
25 | "homepageUri": "https://developers.google.com/web/tools/lighthouse/",
26 | "reviewNumber": "286",
27 | "reviewRating": 4.4,
28 | "chromeAppInfo": {
29 | "supportEnabled": false,
30 | "minUserCount": 800000,
31 | "permissions": [
32 | {
33 | "type": "activetab",
34 | "documentationUri": "https://developer.chrome.com/docs/extensions/mv3/manifest/activeTab/",
35 | "accessUserData": true
36 | },
37 | {
38 | "type": "storage",
39 | "documentationUri": "https://developer.chrome.com/docs/extensions/reference/storage/",
40 | "accessUserData": false
41 | }
42 | ],
43 | "isTheme": false,
44 | "googleOwned": false,
45 | "isCwsHosted": true,
46 | "kioskEnabled": false,
47 | "isKioskOnly": false,
48 | "type": "EXTENSION",
49 | "isExtensionPolicySupported": false
50 | }
51 | }
52 | ```
53 |
54 | ## Retrieve Extension Workflow Request Count
55 | Generate summary of [app installation requests](https://developers.google.com/chrome/management/reference/rest/v1/customers.apps/countChromeAppRequests).
56 | #### Request
57 | ```
58 | GET https://chromemanagement.googleapis.com/v1/customers/my_customer/apps:countChromeAppRequests?orgUnitId=&pageSize=1&orderBy=latestRequestTime desc
59 | ```
60 | #### Response
61 | ```
62 | {
63 | "requestedApps": [
64 | {
65 | "appId": "hkgfoiooedgoejojocmhlaklaeopbecg",
66 | "displayName": "Picture-in-Picture Extension (by Google)",
67 | "appDetails": "customers/C033fmrgf/apps/chrome/hkgfoiooedgoejojocmhlaklaeopbecg",
68 | "iconUri": "https://lh3.googleusercontent.com/cvfpnTKw3B67DtM1ZpJG2PNAIjP6hVMOyYy403X4FMkOuStgG1y4cjCn21vmTnnsip1dTZSVsWBA9IxutGuA3dVDWhg",
69 | "detailUri": "https://chrome.google.com/webstore/detail/hkgfoiooedgoejojocmhlaklaeopbecg",
70 | "requestCount": "1",
71 | "latestRequestTime": "2022-07-29T13:15:23.423Z"
72 | }
73 | ],
74 | "nextPageToken": "AGwWS9CHvU_3ge1dP_ewstOVAA8ZDbLoFeCCGcpv3CJ1Dbh-06wgGPvWYaW5cD84fs5bcvo48e0sEXdpVI8=",
75 | "totalSize": 19
76 | }
77 | ```
78 |
--------------------------------------------------------------------------------
/docs/Chrome_Management_Reports_api.md:
--------------------------------------------------------------------------------
1 | # Chrome Management API
2 | The [Chrome Management API](https://developers.google.com/chrome/management/reference/rest) enables you to generate reports that give you aggregate information on your managed Chrome Browser deployment.
3 | - Postman collections:
4 | [Chrome Management - Apps API](https://www.postman.com/google-chrome-enterprise-apis/workspace/google-chrome-enterprise-public/collection/17723612-1f198842-802b-4900-af38-7ffc1f32bfdf)
5 | [Chrome Management - Reports API](https://www.postman.com/google-chrome-enterprise-apis/workspace/google-chrome-enterprise-public/collection/17723612-cae3a18e-7399-4e9f-83b2-084b8798ffed)
6 | - Scope: https://www.googleapis.com/auth/chrome.management.reports.readonly
7 |
8 | ## Chrome Management Apps API
9 |
10 | ### Retrieve a specific app by its resource name
11 | [customers.apps.chrome.get](https://developers.google.com/chrome/management/reference/rest/v1/customers.apps.chrome/get)
12 |
13 | ### Retrieve Extension Workflow Requests
14 | [countChromeAppRequests](https://developers.google.com/chrome/management/reference/rest/v1/customers.apps/countChromeAppRequests)
15 |
16 | ## Retrieve a list of devices that have requested to install an extension
17 | [fetchDevicesRequestingExtension](https://developers.google.com/chrome/management/reference/rest/v1/customers.apps/fetchDevicesRequestingExtension)
18 |
19 | ### Retrieve a list of users that have requested to install an extension
20 | [fetchUsersRequestingExtension](https://developers.google.com/chrome/management/reference/rest/v1/customers.apps/fetchUsersRequestingExtension)
21 |
22 | ## Chrome Management Reports API
23 |
24 | ### Chrome Browsers Needing Attention
25 | [countChromeBrowsersNeedingAttention](https://developers.google.com/chrome/management/reference/rest/v1/customers.reports/countChromeBrowsersNeedingAttention)
26 |
27 | ### Get a count of Chrome crash events
28 | [countChromeCrashEvents](https://developers.google.com/chrome/management/reference/rest/v1/customers.reports/countChromeCrashEvents)
29 |
30 | ### Generate report of all installed Chrome versions
31 | [countChromeVersions](https://developers.google.com/chrome/management/reference/rest/v1/customers.reports/countChromeVersions)
32 |
33 | ### Generate report of app installations
34 | [countInstalledApps](https://developers.google.com/chrome/management/reference/rest/v1/customers.reports/countInstalledApps)
35 |
36 | ### Generate report to find devices that have an app installed
37 | [findInstalledAppDevices ](https://developers.google.com/chrome/management/reference/rest/v1/customers.reports/findInstalledAppDevices)
38 |
39 |
40 |
41 |
42 |
43 |
--------------------------------------------------------------------------------
/docs/Directory_api.md:
--------------------------------------------------------------------------------
1 | # Directory API
2 | The [Directory API](https://developers.google.com/admin-sdk/directory) is used to create and manage resources attached to your Google domain, such as users, org charts, and groups.
3 | - Postman collection: [Directory API.postman_collection.json](https://github.com/google/ChromeBrowserEnterprise/blob/main/postman/Directory%20API.postman_collection.json)
4 | - Scope: https://www.googleapis.com/auth/admin.directory.orgunit
5 |
6 | ## Retrieves all organizational units
7 | Retrieves a [list](https://developers.google.com/admin-sdk/directory/reference/rest/v1/orgunits/list) of all organizational units for an account.
8 | #### Request
9 | ```
10 | GET https://www.googleapis.com/admin/directory/v1/customer/my_customer/orgunits?type=ALL&maxResults=1&pageToken
11 | ```
12 | #### Response
13 | ```
14 | {
15 | "kind": "admin#directory#orgUnits",
16 | "etag": "\"7dD2lEGw_cSWElgnmooDH6C54E0q2uifMqS1m-4dUqU/7fLPaFivzUt-IwJ16r-To7s2daU\"",
17 | "organizationUnits": [
18 | {
19 | "kind": "admin#directory#orgUnit",
20 | "etag": "\"7dD2lEGw_cSWElgnmooDH6C54E0q2uifMqS1m-4dUqU/mzVAzGt4X7LTuMjT4MDeg-x-Dl0\"",
21 | "name": "Seattle",
22 | "description": "Seattle Office",
23 | "orgUnitPath": "/North America/Seattle",
24 | "orgUnitId": "id:03ph8a2z496ipdk",
25 | "parentOrgUnitPath": "/North America",
26 | "parentOrgUnitId": "id:03ph8a2z1v3xa3o"
27 | },
28 | {
29 | "kind": "admin#directory#orgUnit",
30 | "etag": "\"7dD2lEGw_cSWElgnmooDH6C54E0q2uifMqS1m-4dUqU/jU8l7HvmxKEYE1tPO6852LN52WI\"",
31 | "name": "Sydney",
32 | "description": "Sydney Office",
33 | "orgUnitPath": "/APAC/Sydney",
34 | "orgUnitId": "id:03ph8a2z2awn3mc",
35 | "parentOrgUnitPath": "/APAC",
36 | "parentOrgUnitId": "id:03ph8a2z0vl7zj4"
37 | },
38 | ...
39 | ]
40 | }
41 | ```
42 |
43 | ## Retrieve an organizational unit
44 | Retrieves [an organizational unit](https://developers.google.com/admin-sdk/directory/reference/rest/v1/orgunits/get).
45 | #### Request
46 | ```
47 | GET https://www.googleapis.com/admin/directory/v1/customer/my_customer/orgunits/North America/Austin
48 | ```
49 | #### Response
50 | ```
51 | {
52 | "kind": "admin#directory#orgUnit",
53 | "etag": "\"7dD2lEGw_cSWElgnmooDH6C54E0q2uifMqS1m-4dUqU/oGdJG7Et1xmNUR5VdTTYF5MjflM\"",
54 | "name": "Austin",
55 | "description": "Austin Office",
56 | "orgUnitPath": "/North America/Austin",
57 | "orgUnitId": "id:03ph8a2z4jbpnn4",
58 | "parentOrgUnitPath": "/North America",
59 | "parentOrgUnitId": "id:03ph8a2z1v3xa3o"
60 | }
61 | ```
62 |
63 | ## Retrieve all child organizational units
64 |
65 | #### Request
66 | ```
67 | GET https://www.googleapis.com/admin/directory/v1/customer/my_customer/orgunits/?orgUnitPath=North America&type=all
68 | ```
69 | #### Response
70 | ```
71 | {
72 | "kind": "admin#directory#orgUnits",
73 | "etag": "\"7dD2lEGw_cSWElgnmooDH6C54E0q2uifMqS1m-4dUqU/WUDXpc9TJxyJ3Qap_CccFJsCz8k\"",
74 | "organizationUnits": [
75 | {
76 | "kind": "admin#directory#orgUnit",
77 | "etag": "\"7dD2lEGw_cSWElgnmooDH6C54E0q2uifMqS1m-4dUqU/mzVAzGt4X7LTuMjT4MDeg-x-Dl0\"",
78 | "name": "Seattle",
79 | "description": "Seattle Office",
80 | "orgUnitPath": "/North America/Seattle",
81 | "orgUnitId": "id:03ph8a2z496ipdk",
82 | "parentOrgUnitPath": "/North America",
83 | "parentOrgUnitId": "id:03ph8a2z1v3xa3o"
84 | },
85 | {
86 | "kind": "admin#directory#orgUnit",
87 | "etag": "\"7dD2lEGw_cSWElgnmooDH6C54E0q2uifMqS1m-4dUqU/h2j9vXveK_uWIphIPmBwj8fRXNY\"",
88 | "name": "New York",
89 | "description": "New York Office",
90 | "orgUnitPath": "/North America/New York",
91 | "orgUnitId": "id:03ph8a2z1604z3y",
92 | "parentOrgUnitPath": "/North America",
93 | "parentOrgUnitId": "id:03ph8a2z1v3xa3o"
94 | },
95 | ...
96 | ]
97 | }
98 | ```
99 |
100 | ## Delete an organizational unit
101 | [Removes](https://developers.google.com/admin-sdk/directory/reference/rest/v1/orgunits/delete) an organizational unit.
102 | #### Request
103 | ```
104 | curl --location --request DELETE 'https://www.googleapis.com/admin/directory/v1/customer/my_customer/orgunits/UX/Research/Research_support' \
105 | --header 'Authorization: Bearer '
106 | ```
107 | #### Response
108 | ```
109 |
110 | ```
111 |
112 | ## Update an organizational unit
113 | [Updates](https://developers.google.com/admin-sdk/directory/reference/rest/v1/orgunits/update) an organizational unit.
114 | #### Request
115 | ```
116 | curl --location --request PUT 'https://www.googleapis.com/admin/directory/v1/customer/my_customer/orgunits/UX/Research/Research_support' \
117 | --header 'Authorization: Bearer ' \
118 | --header 'Content-Type: application/json' \
119 | --data-raw '{
120 | "description": "Where is Algonquin"
121 | }'
122 | ```
123 | #### Response
124 | ```
125 |
126 | ```
127 |
128 | ## Create an organizational unit
129 | [Adds](https://developers.google.com/admin-sdk/directory/reference/rest/v1/orgunits/insert) an organizational unit.
130 | #### Request
131 | ```
132 | curl --location --request POST 'https://admin.googleapis.com/admin/directory/v1/customer/my_customer/orgunits' \
133 | --header 'Authorization: Bearer ' \
134 | --header 'Content-Type: application/json' \
135 | --data-raw '{
136 | "name": "Research_support",
137 | "description": "The research support team",
138 | "parentOrgUnitPath": "/UX/Research",
139 | "blockInheritance": false
140 | }'
141 | ```
142 | #### Response
143 | ```
144 |
145 | ```
146 |
--------------------------------------------------------------------------------
/docs/Enrollment_Token_api.md:
--------------------------------------------------------------------------------
1 | # Enrollment Token API
2 | The [Enrollment Token API](https://developers.google.com/admin-sdk/reports/v1/get-start/overview) is a RESTful API you can use to access information about the Chrome browser enrollment token.
3 | - Postman collection: [Enrollment Token API.postman_collection.json](https://github.com/google/ChromeBrowserEnterprise/blob/main/postman/Enrollment%20Token%20API.postman_collection.json)
4 | - Scope: https://www.googleapis.com/auth/admin.directory.device.chromebrowsers
5 |
6 | ## List all enrollment tokens for an account
7 | To retrieve a report of all administrative activities done for an account, use the following GET HTTP request and include the authorization token.
8 | #### Request
9 | ```
10 | GET https://www.googleapis.com/admin/directory/v1.1beta1/customer/my_customer/chrome/enrollmentTokens?orgUnitPath=&pageToken&pageSize=100&query
11 | ```
12 | #### Response
13 | ```
14 | {
15 | "kind": "admin#directory#chromeEnrollmentTokens",
16 | "chromeEnrollmentTokens": [
17 | {
18 | "tokenPermanentId": "50a2573a-923c-4eac-b7f9-49a78e346684",
19 | "kind": "admin#directory#chromeEnrollmentToken",
20 | "token": "9e4e1468-e978-494e-9dd7-531b83ba1bee",
21 | "customerId": "033fmrgf",
22 | "orgUnitPath": "/AlexTest/FictionalCo",
23 | "state": "active",
24 | "createTime": "2022-08-23T14:08:38Z",
25 | "creatorId": "108572335719235898846",
26 | "tokenType": "chromeBrowser"
27 | },
28 | {
29 | "tokenPermanentId": "dc0087b9-8d32-46ff-bf9a-3d0966ead680",
30 | "kind": "admin#directory#chromeEnrollmentToken",
31 | "token": "ed61a74f-9040-458e-b799-4e4ac9120aef",
32 | "customerId": "033fmrgf",
33 | "orgUnitPath": "/AlexTest/FictionalCo/Test",
34 | "state": "active",
35 | "createTime": "2022-08-15T17:37:46Z",
36 | "creatorId": "108572335719235898846",
37 | "tokenType": "chromeBrowser"
38 | },
39 | ...
40 | ]
41 | }
42 | ```
43 |
44 | ## List all enrollment tokens for an account
45 | To retrieve a report of all administrative activities done for an account, use the following GET HTTP request and include the authorization token.
46 | #### Request
47 | ```
48 | GET https://www.googleapis.com/admin/directory/v1.1beta1/customer/my_customer/chrome/enrollmentTokens?orgUnitPath=&pageToken&pageSize=100&query
49 | ```
50 | #### Response
51 | ```
52 | {
53 | "kind": "admin#directory#chromeEnrollmentTokens",
54 | "chromeEnrollmentTokens": [
55 | {
56 | "tokenPermanentId": "50a2573a-923c-4eac-b7f9-49a78e346684",
57 | "kind": "admin#directory#chromeEnrollmentToken",
58 | "token": "9e4e1468-e978-494e-9dd7-531b83ba1bee",
59 | "customerId": "033fmrgf",
60 | "orgUnitPath": "/AlexTest/FictionalCo",
61 | "state": "active",
62 | "createTime": "2022-08-23T14:08:38Z",
63 | "creatorId": "108572335719235898846",
64 | "tokenType": "chromeBrowser"
65 | },
66 | {
67 | "tokenPermanentId": "dc0087b9-8d32-46ff-bf9a-3d0966ead680",
68 | "kind": "admin#directory#chromeEnrollmentToken",
69 | "token": "ed61a74f-9040-458e-b799-4e4ac9120aef",
70 | "customerId": "033fmrgf",
71 | "orgUnitPath": "/AlexTest/FictionalCo/Test",
72 | "state": "active",
73 | "createTime": "2022-08-15T17:37:46Z",
74 | "creatorId": "108572335719235898846",
75 | "tokenType": "chromeBrowser"
76 | },
77 | ...
78 | ]
79 | }
80 | ```
81 |
82 | ## Create an enrollment token
83 |
84 | #### Request
85 | ```
86 | curl --location --request POST 'https://www.googleapis.com/admin/directory/v1.1beta1/customer/my_customer/chrome/enrollmentTokens' \
87 | --header 'Authorization: Bearer ' \
88 | --header 'Content-Type: application/json' \
89 | --data-raw '{
90 | "token_type": "CHROME_BROWSER",
91 | "org_unit_path": "/UX/Research/Research_support"
92 | }'
93 | ```
94 | #### Response
95 | ```
96 | {
97 | "tokenPermanentId": "77dc2a5a-ebec-44c1-bcee-84c09bb7312e",
98 | "kind": "admin#directory#chromeEnrollmentToken",
99 | "token": "33d20f0f-4d1e-4fa3-a39a-105e4b01c41b",
100 | "customerId": "033fmrgf",
101 | "orgUnitPath": "/UX/Research/Research_support",
102 | "state": "active",
103 | "createTime": "2022-09-18T21:08:18Z",
104 | "creatorId": "113456549147281770764",
105 | "tokenType": "chromeBrowser"
106 | }
107 | ```
108 |
109 | ## Revoke an enrollment token
110 | To revoke an enrollment token, use the following POST request and include the token Permanent Id
111 | #### Request
112 | ```
113 | curl --location --request POST 'https://www.googleapis.com/admin/directory/v1.1beta1/customer/my_customer/chrome/enrollmentTokens/77dc2a5a-ebec-44c1-bcee-84c09bb7312e:revoke' \
114 | --header 'Authorization: Bearer '
115 | ```
116 | #### Response
117 | ```
118 |
119 | ```
120 |
121 |
--------------------------------------------------------------------------------
/docs/ExtensionRiskSignals_FromImport.PNG:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/google/ChromeBrowserEnterprise/5bd9bab4bac21180209a84e67ee5cc67bd6fcaf9/docs/ExtensionRiskSignals_FromImport.PNG
--------------------------------------------------------------------------------
/docs/ExtensionRiskSignals_FromOU.PNG:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/google/ChromeBrowserEnterprise/5bd9bab4bac21180209a84e67ee5cc67bd6fcaf9/docs/ExtensionRiskSignals_FromOU.PNG
--------------------------------------------------------------------------------
/docs/auth.md:
--------------------------------------------------------------------------------
1 |
2 |
3 | ## Scopes
4 | |Scope |Description |
5 | |-------------------------------|-----------------------------|
6 | | `https://www.googleapis.com/auth/admin.directory.device.chromebrowsers.readonly`|Chrome Browser Cloud Managment (CBCM) - get detailed information on enrolled browsers and enrollment tokens (read-only)|
7 | | `https://www.googleapis.com/auth/admin.directory.device.chromebrowsers`|Chrome Browser Cloud Managment (CBCM) - lets you view and modify enrolled browsers and enrollment tokens|
8 | | `https://www.googleapis.com/auth/chrome.management.reports.readonly`|Reports - Chrome versions and installed apps |
9 | | `https://www.googleapis.com/auth/chrome.management.appdetails.readonly`|App Details- get detailed information about requested or specified apps |
10 | | `https://www.googleapis.com/auth/chrome.management.policy.readonly`|Chrome Policy - lets you view Chrome policies for devices and users |
11 | | `https://www.googleapis.com/auth/chrome.management.policy`|Chrome Policy - lets you view and modify Chrome policies for devices and users |
12 | | `https://www.googleapis.com/auth/admin.directory.orgunit.readonly`|Org Units - lets you view organizational units |
13 | | `https://www.googleapis.com/auth/admin.directory.orgunit`|Org Units - lets you view and modify organizational units |
14 | | `https://www.googleapis.com/auth/admin.reports.audit.readonly`|Admin Console Reports - lets you view activities done by administrators using the Admin console and oAuth token acivities |
15 |
--------------------------------------------------------------------------------
/docs/create_proj.MD:
--------------------------------------------------------------------------------
1 | # Create a Google Cloud project
2 | A Google Cloud project is required to use CBCM APIs. This project forms the basis for creating, enabling, and using all Google Cloud services, including managing APIs.
3 |
4 | To create a Google Cloud project:
5 |
6 | 1. In the Google Cloud console, go to **Menu > IAM & Admin > Create a Project**.
7 |
8 | > Go to [Create a Project](https://console.cloud.google.com/projectcreate)
9 |
10 | 2. In the **Project Name** field, enter a descriptive name for your project.
11 | Optional: To edit the **Project ID**, click **Edit**. The project ID can't be changed after the project is created, so choose an ID that meets your needs for the lifetime of the project.
12 |
13 | 3. In the **Location** field, click **Browse** to display potential locations for your project. Then, click Select.
14 |
15 | 4. Click **Create**. The console navigates to the Dashboard page, and your project is created within a few minutes.
16 | For further information on Google Cloud projects, refer to [Creating and managing projects](https://cloud.google.com/resource-manager/docs/creating-managing-projects).
17 |
18 | ## Next step
19 | [Enable Google CBCM APIs](https://github.com/google/ChromeBrowserEnterprise/blob/main/docs/proj_apis.MD)
20 |
--------------------------------------------------------------------------------
/docs/create_project.md:
--------------------------------------------------------------------------------
1 | # Creating and managing projects
2 | ## Creating a project
3 | To create a project, you must have the resourcemanager.projects.create permission. This permission is included in roles like the Project Creator role (roles/resourcemanager.projectCreator).
4 |
5 | To create a new project, do the following:
6 |
7 | 1. Go to the **[Manage resources](https://console.cloud.google.com/cloud-resource-manager)** page in the Google Cloud console.
8 | 2. On the **Select organization** drop-down list at the top of the page, select the organization resource in which you want to create a project.
9 | 3. Click **Create** Project
10 | 4. In the New Project window that appears, enter a project name. A project name can contain only letters, numbers, single quotes, hyphens, spaces, or exclamation points, and must be between 4 and 30 characters.
11 | 5. Enter the parent organization or folder resource in the **Location** box. That resource will be the hierarchical parent of the new project. If No organization is the only option, you will need to reach out to your company Cloud admin.
12 | 6. When you're finished entering new project details, click **Create**.
13 |
14 | ## Get an existing project
15 | You can get an existing project using the Google Cloud console. If you are not a project owner, you must have the permissions included in the Browser role (roles/browser).
16 |
17 | To view a project using the Google Cloud console, do the following:
18 | 1. Go to the **[Dashboard page](https://console.cloud.google.com/home?_ga=2.56387567.536968724.1673197321-1348019484.1672850961)** in the Google Cloud console.
19 | 2. Click the Select from drop-down list at the top of the page. In the Select from window that appears, select your project.
20 |
21 | ## Shutting down (deleting) projects
22 | You can shut down projects using the Google Cloud console. [Refer to this article](https://cloud.google.com/resource-manager/docs/creating-managing-projects) for additional information.
23 |
24 | ## Restoring a project
25 | Project owners can restore a deleted project within the 30-day recovery period that starts when the project is shut down. [Refer to this article](https://cloud.google.com/resource-manager/docs/creating-managing-projects#restoring_a_project) for additional information.
26 |
--------------------------------------------------------------------------------
/docs/images/blank.md:
--------------------------------------------------------------------------------
1 |
2 |
--------------------------------------------------------------------------------
/docs/images/consent_screen_1.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/google/ChromeBrowserEnterprise/5bd9bab4bac21180209a84e67ee5cc67bd6fcaf9/docs/images/consent_screen_1.png
--------------------------------------------------------------------------------
/docs/images/consent_screen_scope.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/google/ChromeBrowserEnterprise/5bd9bab4bac21180209a84e67ee5cc67bd6fcaf9/docs/images/consent_screen_scope.png
--------------------------------------------------------------------------------
/docs/images/oAuth_Cred_Create.PNG:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/google/ChromeBrowserEnterprise/5bd9bab4bac21180209a84e67ee5cc67bd6fcaf9/docs/images/oAuth_Cred_Create.PNG
--------------------------------------------------------------------------------
/docs/policy_examples/com.google.Chrome.plist:
--------------------------------------------------------------------------------
1 |
2 |
3 |