5

I'm currently working on a Microsoft Edge extension which will be deployed in an enterprise environment.

The Edge extension has been currently installed manually (and reloaded at each browser restart since it's from an unknown source).

For Internet Explorer extensions, the DLL can be registered on the system with RegAsm and a Registry tweak allows loading all add-ons (the IgnoreFrameApprovalCheck key, see this link) without any user prompt.

Is there a similar way of adding Edge extensions automatically to the browser with no user interaction?

Thank you!

adrianmp
  • 183
  • 1
  • 3
  • 8
  • What you mean like a virus? Not saying you're making a virus, just saying that this kind of thing was long ago disabled for security reasons. If you have an Enterprise environment I guess you _might_ be able to use group policy but I'm not sure how. – Nick.Mc Aug 02 '16 at 09:09
  • Virus :)))) It's nothing malware related, it's part of a software package which should be deployed with zero hassle in an enterprise. – adrianmp Aug 06 '16 at 10:48
  • Microsoft will be adding these capabilities in its next feature update. – WarPro Jun 13 '18 at 12:14

2 Answers2

2

At least until now (7/29/2016), installation of extensions for Microsoft Edge must be initiated and completed by the user. However, this policy may change in the future release, I'm not sure.

All extensions for Microsoft Edge must be deployed from the Windows Store. The installation must be initiated and completed by the user, using only the user experience provided by Microsoft Edge and the Windows Store. Software may refer to the extension in the Windows Store, but may not change the experience of acquiring the extension, or otherwise apply undue influence or false pretenses to the user to make them install the extension.

Haibara Ai
  • 10,703
  • 2
  • 31
  • 47
1

I think it's worth trying Add-AppxPackage. You will need:

  • Packed extension, signed with a certificate that all target machines will trust. Should be possible in enterprise environment.
  • .ps1 installation script file, signed as well.
  • Set-ExecutionPolicy changed to AllSigned option on all target machines.

Package should be signed because otherwise Add-AppxPackage would not work. Set-ExecutionPolicy is usually set to Restricted, and that will prevent ps1 files from running (and Add-AppxPackage is a PowerShell-only tool) — that's why you'll need to force AllSigned mode and sign your script. There's also Unrestricted mode, but it's totally not recommended.

Then you write a .ps1 script with something like

Add-AppxPackage Path\to\Your_extension.appx

And deploy on target machines with your method of choice. Here you can find some methods of invoking it silently.

Please note that users will probably need to enable newly installed extension manually.

Community
  • 1
  • 1
Anatoly Sazanov
  • 1,814
  • 2
  • 14
  • 24
  • Basically sideloading. I guess it's worth a shot. I'll look into it and confirm how things are working out. Thank you! – adrianmp Aug 06 '16 at 10:51
  • Yes. We just copy the files in a specific directory, activate the extension support for Edge through the Registry and ask the user to manually load the extension. Of course, each browser restart requires activating the extension once again. Not a pretty solution, but it kind of did the job. – adrianmp Sep 20 '16 at 14:25