Google Chrome has recently add hardware acceleration and enable it by default. While this work fine for standalone PCs, it has created massive problem for our Thin Client users running in the Remote Desktop Server environment.
A quick solution is to send an email to get every RDS user to disable this themselves by typing this in the chrome URL address field: chrome://settings/?search=hardware and switch off hardware acceleration (gray instead of blue colour). Then close all your chrome windows and open it again to relaunch.
However, most users just do not bothered to read the email, less follow thru the given instruction. And to do this for every user who can connect to multiple RDS servers can be a huge administrative nightmare.
Fortunately, Google has created an enterprise chrome website designed for businesses filled with helpful information here: //enterprise.google.com/chrome/chrome-browser/, and here, you can find the ADMX templates for Chrome so that you can change the default setting and lock them up to prevent users from changing them at one go from the group policy: //dl.google.com/dl/edgedl/chrome/policy/policy_templates.zip
To add the template into the group policy, unzip the policy_templates.zip in your domain controller and copy the chrome.admx and google.admx files from the unzipped policy_templateswindowsadmx folder into C:WindowsPolicyDefinitions. And the language files chrome.adml and google.adml from the correct language folder from the unzipped policy_templateswindowsadmxen-US (I’m using US English) into C:WindowsPolicyDefinitionsen-US
To apply this group policy only to the RDS servers, I have create a subfolder in the Active Directory and label it TSServers (Remote Desktop Server used to call Terminal Server). I drag all the RDS servers into this folder.
Next I create a GPO under this TSServers in the Group Policy Management Editor:
The Google Chrome policies can be found under: Computer Configuration > Policies > Administrative Templates > Google Chrome:
The recommended items to enable and disable are:
- Enable – always open pdf files externally (opening pdf inside chrome cause all kind of unnecessary problems, especially when user want to print or fill up a pdf form etc)
- Disable – continue running background apps when Chrome is closed (don’t let chrome remain running after user quit it as this affect performance)
- Enable – download restrictions – block all dangerous download (prevent virus and malware from getting downloaded)
- Disable – use hardware acceleration when available (This is the main resource hogger that need to be disabled)
- Enable – safe browsing (Provide warning when naive users intend to do stupid things)
Enable – extension installation blacklist: value = * (I block all extension first unless users need a particular extension for work)
With this, every user (including new future users) will have these options configured and locked.