InvestigAItor

GPO Deployment

Group Policy Objects (GPO) allow you to silently force-install InvestigAItor on every managed Windows device in your domain - no user interaction required.

Prerequisites

  • Windows Server with Active Directory and Group Policy Management Console (GPMC)
  • Chrome or Edge ADMX templates deployed to your central store
  • Your InvestigAItor Extension ID and update URL (available in the admin portal)

Step 1 - Add Chrome/Edge ADMX templates

If not already done, download the Chrome ADMX bundle from Google and copy the .admx and .adml files to your central store:

\\yourdomain.com\SYSVOL\yourdomain.com\Policies\PolicyDefinitions\

Repeat for Edge if needed.

Step 2 - Create or edit a GPO

  1. Open Group Policy Management Console.
  2. Create a new GPO (e.g., InvestigAItor Deployment) or edit an existing one scoped to the OUs where you want the extension deployed.

Step 3 - Force-install the extension

Navigate to:

Computer Configuration
  → Policies
    → Administrative Templates
      → Google Chrome (or Microsoft Edge)
        → Extensions
          → Configure the list of force-installed extensions
  1. Set the policy to Enabled.
  2. Click Show… and add an entry in the format:
    <extension-id>;https://clients2.google.com/service/update2/crx
    Replace <extension-id> with the ID from your admin portal. For self-hosted CRX files, replace the update URL with your own update manifest URL.
  3. Click OKApply.

Step 4 - Push managed configuration (optional but recommended)

Avoid per-machine manual configuration by pushing the backend URL and device token via managed storage. Navigate to:

Computer Configuration
  → Policies
    → Administrative Templates
      → Google Chrome
        → Extensions
          → Configure extension management settings

Set the policy to Enabled and provide a JSON blob matching the InvestigAItor managed storage schema:

{
  "<extension-id>": {
    "installation_mode": "force_installed",
    "update_url": "https://clients2.google.com/service/update2/crx",
    "runtime_allowed_hosts": ["<all_urls>"],
    "managed_storage": {
      "backendUrl": "https://investigaitor.yourcompany.com",
      "deviceToken": "YOUR_DEVICE_OR_OU_TOKEN"
    }
  }
}

Step 5 - Apply the GPO

  1. Link the GPO to the target OU(s).
  2. Run gpupdate /force on a test machine, or wait for the next policy refresh cycle (default: 90 minutes).
  3. Open chrome://extensions on the test machine - InvestigAItor (or its masked name) should appear and be marked as Installed by enterprise policy.

Verifying deployment

From the Admin Dashboard, navigate to Devices and confirm the test machine appears with a recent heartbeat timestamp.

MDM (Intune / JAMF)

For organizations using Intune, use the Chrome Browser Cloud Management or the Administrative Templatesprofile to configure the same force-install policy. Refer to Microsoft's documentation for Chrome extension deployment via Intune.

For macOS endpoints managed with JAMF, deploy the extension via a Configuration Profile targeting Chrome's managed preferences key com.google.Chrome.extensions.force_install.