Help CenterYou can easily deploy the ThreatLocker Web Control Extension to devices in your organization by using Jamf. To do this, start by navigating to your Jamf Pro portal and selecting the 'Computers' tab. Then, under 'Content management', select 'Configuration profiles'.
Within your 'Configuration Profiles' page, select the '+ New' button found in the top right corner of the screen.
Upon selecting the '+ New' button, this will bring you to the 'General' section of the 'New macOS Configuration Profile' page.
In this section, provide a name for the profile. This is the only part of the page required; you can also include a Description, Category, Level, and Distribution Method. By default, Category, Level, and Distribution Method will be filled out as follows:
- Category - None
- Level - Computer Level
- Distribution Method - Install automatically
Please ensure that you select the appropriate options for your organization.
After inserting this information, navigate to the 'Options' list and select the 'Application & Custom Settings' dropdown. From here, select the 'External Applications' option from the list.
On the 'External Applications' page, select the '+ Add' button at the top right of the page.
Selecting this button will populate a new field titled 'External Applications' with a dropdown titled 'Source'. Selecting the 'Source' dropdown, choose 'Custom Schema' from the list.
Two new fields titled 'Preference Domain' and 'Custom Schema' will populate once this is selected. What you enter in both fields depends on the browser you are deploying to in your organization.
Within the 'Preference Domain' section, enter the following based on the browser you are deploying to:
Microsoft Edge - com.microsoft.Edge
Google Chrome - com.google.Chrome
Note: Jamf is case-sensitive. Make sure you are entering the information exactly as it appears above.
After inserting your 'Preference Domain', select the '+ Add schema' button under 'Custom Schema'.
A new window labeled 'Custom JSON Schema' will now open. Here, add the following text to the provided box:
{
"ExtensionInstallForcelist": [
"ExtensionID"
]
}
Depending on the browser you are deploying to in your organization, replace the 'ExtensionID' text with the correct hash:
Microsoft Edge - hgfcoifeokmjbiagpeaicjlhnlpfokfb
Google Chrome - hmblejjjbiighoepgehkcallcgiadpmc
Note: Jamf may give you an error that says the JSON format is incorrect. If this is the case, and you have copied and pasted the text above, try manually entering the text into the provided field. You can also paste it into Notepad++ and save it as a JSON file before uploading it using the provided 'Upload' button.
Once your Custom JSON Schema has been properly entered, select the 'Save' button.
Once saved, a new section titled 'Preference Domain Properties' will populate.
In the 'root' dropdown menu, ensure that it is set to 'object', then select the 'Add/Remove properties' button.
When selected, a popout window will open with a field labeled 'Custom Property'. Insert 'ExtensionInstallForcelist', then select 'Add'. Once this property has been added, select the 'Apply' button at the bottom of the window.
Note: Jamf is case-sensitive. Make sure you are entering the information exactly as it appears above.
Now, a new dropdown menu will populate under 'ExtensionInstallForcelist'. Select 'array' from the list.
Once selected, a new dropdown labeled 'item 1' will populate. Select 'string' from the dropdown, then in the provided field, enter the Extension ID matching the browser you are deploying for.
When this information has been added, navigate to the 'Scope' tab, which is found to the right of 'Options'.
In this tab, you can choose which computers or computer groups will receive this Configuration Profile by selecting Target Computers, Target Users, or adding a new Deployment Target.
Once you have selected which machines to apply this to, select the 'Save' button in the bottom right corner.
A restart of the Edge or Chrome Browser is required for the new policy to appear. To confirm that this policy deployment has worked, use the browser to navigate to edge://policy (Edge) or chrome://policy (Chrome) on an endpoint where the policy has been applied. If this policy was properly applied, it will appear within the list of policies shown on this page.