Powershell – Reflect HKLM registry changes to HKCU

Ok so I have a Local Group Policy (under Computer Config, not User Config) to force install extensions in Chrome. This policy needs to run for every user of the computer. The value is going to change based on a new version of our chrome extension and the policy checks if it needs to update the installed extension (it will just delete and install a new one). I need to update the contents of that LGP remotely. There seems to be two different registry values that this policy effects

HKLM\SOFTWARE\Policies\Google\Chrome\ExtensionInstallForcelist & HKCU\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects{There is a GUID here}Machine\Software\Policies\Google\Chrome\ExtensionInstallForcelist

If I change the HKLM value, the HKCU never updates to reflect the HKLM value, thus nothing happens. If I manually change the HKCU value, everything updates and runs great. Is there a way to push the value from HKLM to HKCU? My thought has been this: write a powershell script to check the current HKLM value vs an XML update file on a server. If these two are different, then set the HKLM value to the value from the XML file. Then, somehow reflect that change to the HKCU value and then the policy can do it's thing.

I really hope I explained this good, I don't normally do this type of stuff haha. If there is any suggestions of other ways to achieve this, it would be greatly appreciated! If you need more clarification, I can try to help.

EDIT
There is a GUID in the HKCU key name. What I would like to do is: upon a user logging on to the computer, I would run this powershell script. My problem seems to be, how can I set the value of the given HKCU registry key (of any user) when it contains the machine GUID?

EDIT 2: The ultimate goal here is to make sure the chrome extension is updated to the most up-to-date version. The extension is not in the chrome store, it is maintained by us. When we update we the extension, we put the crx file on a server and update the xml updates file. Yes, chrome does auto updating checks to see if the app has an update. Unfortunately, this does not always apply right away (could take up to a few hours). I am doing this to try and force the update to the app.

Best Answer

Google Chrome ADM/ADMX templates

You can use Google Chrome ADM/ADMX templates (ZIP including documentation) to force settings on every user on every computer via Group Policy.

gpedit.msc > Local Computer Policy > Computer Configuration > Administrative Templates
(Right click on) Administrative Templates > Add/Remove Templates
Load chrome.adm in your preferred language (policy_templates.zip\windows\adm[locale]\chrome.adm)
You'll find Google / Google Chrome folder under Administrative Templates

Active Setup

If you need to run your script only once per user during logon, you could use Active Setup.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\AarronH]
@="Aarron H's script for Chrome ExtensionInstallForcelist"
"StubPath"="PATH\TO\YOUR\SCRIPT"

Answer for EDIT: Getting the key containing the GUID

Get-ChildItem -Path 'HKCU:\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects' | Where-
Object {$_.Name -like '*Machine*'}

Best Answer

Related Solutions

Do HKLM registry keys get removed from group policy when changing organisational unit in Active Directory

How tonternet Settings from HKCU and HKLM combine

Related Topic