Skip to main content
News! Click here
Sign in
Deutsch Español Français Italiano

Whitelisting Domains on Google Chrome Using Windows GPO

  • Updated

This setup allows you to avoid Safe Browsing warnings in Chrome during simulated phishing campaigns managed by Cyber Guru. It uses Group Policy Objects in Active Directory.

Prerequisites

  • Working Active Directory Domain Services (AD DS)
  • Domain Admin credentials
  • Google Chrome installed on Windows clients
  • Chrome ADMX templates (download from Google)
  • Access to Group Policy Management Console (gpmc.msc)
  • Cyber Guru domains
WHERE TO FIND THE FULL LIST OF LANDING PAGE DOMAINS
The full list of landing page domains is available on the platform in the section:
"HELP > Support - Knowledge > Click here to download whitelisting additional informations"



Note: For these configurations, landing page domains must be entered in this format (domainname.ext) without using wildcards or dots.

Step 1: Download and configure Chrome ADMX templates

  1. Go to https://chromeenterprise.google/browser/download/
  2. Download the ADMX templates package for Chrome (latest version)
  3. Extract the ZIP file to a temporary folder

  4. Copy the chrome.admx and google.admx files to:

    C:\Windows\PolicyDefinitions\
  5. Copy the .adml files to the language subfolder:
    • For English: C:\Windows\PolicyDefinitions\en-US\
    • For Italian: C:\Windows\PolicyDefinitions\it-IT\

ℹ️ Note: If you use a Central Store SYSVOL, copy the files to: \\server\SYSVOL\domain\Policies\PolicyDefinitions\

Step 2: Create and link the GPO

  1. Open Group Policy Management Console (gpmc.msc)
  2. Navigate to the target OU (Organizational Unit) where you want to apply the policy
  3. Right-click on the OU → Create a GPO in this domain, and Link it here
  4. Enter the name: Cyber Guru Safe Browsing Whitelist - Chrome
  5. Click OK

Step 3: Configure Safe Browsing Allowlist in GPO

  1. From the GPMC console, right-click the GPO you created → Edit

  2. Navigate to:

    Computer Configuration → Policies → Administrative Templates
→ Google → Google Chrome → Safe Browsing settings
  3. Find and open the policy: "Configure the list of domains on which Safe Browsing will not trigger warnings"
  4. Select Enabled
  5. Click the Show button under "Value"

  6. In the "Show Contents" window, enter the domains one per line:

    [DOMAIN-1]
[DOMAIN-2]
[DOMAIN-3]
...
[DOMAIN-N]
  7. Click OK when done
  8. Click OK to save the policy

Step 4: Verify on endpoint

  1. On a Windows client with Chrome installed, force a policy update:

    gpupdate /force

  2. Open Chrome and go to:

    chrome://policy
  3. Look for SafeBrowsingAllowlistDomains - it will show the configured domains
  4. Check that Safe Browsing warnings do not appear when accessing whitelisted domains

[screenshot placeholder]

⚠️ Warning: Never add protocols (http://, https://), wildcards (*), or paths. Enter ONLY the root domain, exactly as it appears in the authorized list. Security protections.

ℹ️ Note: The policy is applied at the Computer Configuration level, so it will affect all users who log in to the device.

Troubleshooting

The policy does not appear in chrome://policy:

  • Make sure the ADMX files are in the correct folder
  • Run gpupdate /force again
  • Restart Chrome

Safe Browsing warnings still appear:

  • Make sure the domain is typed EXACTLY as in the list
  • Remove any extra spaces
  • Wait up to 30 minutes for the policy to propagate in AD

Related articles