Many educational environments use tools like Faronics DeepFreeze to keep lab devices in a very specific state. Why? Three main reasons:
- So that students can experiment and screw up the device to their heart’s content (sometimes even with admin rights), and the device will return to its pristine state upon reboot;
- So that a single generic user account can be safely used rather than having students individually login (this is done for multiple reasons, as well, which I can explain if needed);
- So that the device’s configuration stays exactly the same, ensuring all students and the instructor have the exact same experience during classes.
Because we use DeepFreeze, the settings on the device when it is imaged are the settings that will be on the device until the next time it gets imaged. Reimaging often occurs when textbooks change (especially for IT-related classes), which is often every 36 months.
We have to set all required settings at time of imaging. For example: the desktop wallpaper, the homepage of web browsers, etc.
In Chrome, Firefox, and Internet Explorer, this is not an issue. In the image, we can set settings that the instructor wants. In Edge, we can’t. After Sysprep, any settings we set in Edge (and other “Modern” apps) are reset to default. This isn’t a huge deal for regular employee machines because DeepFreeze isn’t in use, but it’s a big deal for these computer labs where DeepFreeze is present. It means that we either have to (a) manually set the settings in Edge on each device after deployment or (b) ban use of Edge. For now, we have chosen to ban Edge in some labs and simply discourage its use in other labs.
The only settings that we can pre-set in Edge are those in Group Policy, which is limited.
Chrome actually has a similar issue, but Google provided several solutions to the issue. I think Edge should adopt the same solutions:
- Group Policies: Almost every setting in Chrome can be controlled via Group Policy.In Group Policy for Chrome, settings are divided into two branches: Default Preferences and Locked Preferences. In Default Preferences, the settings are simply applied at first open of Chrome for a user. They are not applied after the user’s first open of Chrome. Locked Preferences are applied at first open of Chrome *and* prohibit the user from changing them.
The settings within the Default Preferences and Locked Preferences areas are almost identical; that is, almost every setting that is within Default Preferences is also in the Lock Preferences area. That way, the IT professional can use his/her judgement regarding which preferences should be locked and which ones should be merely set at first open of Chrome. In our case, we choose the settings that the instructors ask us to set.
- JSON Preferences File: In Chrome, *all* settings (even those not controlled via Group Policy) are stored in a per-user JSON file. However, this is a protected file and cannot be easily changed directly. That means that IT professionals cannot edit it directly. This is to prevent malware from injecting its own settings.However, Chrome allows for a JSON file named “master_preferences” to be placed in the CHROME.EXE installation directory that gets read at first open of Chrome for each user. The master_preferences file can contain any and all settings of Chrome. During the user’s first open of Chrome, the settings in master_preferenes get copied to the user’s own Chrome settings file. After a user’s first open of Chrome, the master_preferences file is not read again for that user unless the user’s own JSON settings file is somehow destroyed.
The master_preferences file does not prohibit the user from changing any settings in Chrome. The master_preferences file is only for setting default settings for users who have never before opened Chrome.
One thing that we really like about the master_preferences file is that we can literally put any Chrome setting in it. For example, an instructor wanted Chrome to open maximized. There is no Group Policy for this. So, we just put the maximized-window setting in the master_preferences file. We can easily push out the master_preferences file using Group Policy Preferences.
If Chrome comes across a setting in the master_preferences file that doesn’t exist, Chrome simply ignores it. That is how we would prefer it to be.
Other Helpful Group Policies
In addition to the above, we would find the following Edge Group Policies helpful for employee and lab devices:
- Enable Favorites bar: A Group Policy to show the Favorites bar by default.
- Enable Favorites files: A Group Policy to use the files within a new C:\Users\[USERNAME]\Edge Favorites folder to store favorites. I am aware that there is a Group Policy to “sync” favorites with Internet Explorer, but that’s not the functionality we want. We simply want the favorites to be stored as files so that we can (a) easily backup the favorites and (b) easily transfer the favorites to new devices or new user accounts.
- Force installation of extensions: Chrome has a Group Policy that allows the IT professional to force installation of certain extensions. The IT professional can configure the Group Policy to download the extension from the Chrome Web Store or use a locally stored extension. In either case, the Group Policy forces a list of extensions to be installed. It can also be set to install only at a user’s first open of Chrome or to always be forced to be installed (which prevents the user from uninstalling it).
- Force favorites from a file: A Group Policy to always use favorites stored in a file at some location. Why? We sometimes get requests from instructors to put specific favorites in the browsers. If Edge were set to always get its favorites from a file stored on a network share, we could give the instructors write access to that, and they could make whatever changes they wish to the file without IT even needing to be involved.