blob: 66a18ad873a23567d59c2aff93e46ff990d63d5d [file] [log] [blame]
<?xml version="1.0" ?>
<!DOCTYPE translationbundle>
<translationbundle lang="en-GB">
<translation id="101438888985615157">Rotate screen by 180 degrees</translation>
<translation id="1017967144265860778">Power management on the login screen</translation>
<translation id="1019101089073227242">Set user data directory</translation>
<translation id="1022361784792428773">Extension IDs the user should be prevented from installing (or * for all)</translation>
<translation id="102492767056134033">Set default state of the on-screen keyboard on the login screen</translation>
<translation id="1027000705181149370">Specifies whether authentication cookies set by a SAML IdP during login should be transferred to the user's profile.
When a user authenticates via a SAML IdP during login, cookies set by the IdP are written to a temporary profile at first. These cookies can be transferred to the user's profile to carry forward the authentication state.
When this policy is set to true, cookies set by the IdP are transferred to the user's profile every time they authenticate against the SAML IdP during login.
When this policy is set to false or unset, cookies set by the IdP are transferred to the user's profile during their first login on a device only.
This policy affects users whose domain matches the device's enrolment domain only. For all other users, cookies set by the IdP are transferred to the user's profile during their first login on the device only.</translation>
<translation id="1040446814317236570">Enable PAC URL stripping (for https://)</translation>
<translation id="1044878202534415707">Report hardware statistics such as CPU/RAM usage.
If the policy is set to false, the statistics will not be reported.
If set to true or left unset, statistics will be reported.</translation>
<translation id="1046484220783400299">Enable deprecated web platform features for a limited time</translation>
<translation id="1047128214168693844">Do not allow any site to track the users' physical location</translation>
<translation id="1049138910114524876">Configures the locale which is enforced on the <ph name="PRODUCT_OS_NAME" /> sign-in screen.
If this policy is set, the sign-in screen will always be displayed in the locale which is given by the first value of this policy (the policy is defined as a list for forward compatibility). If this policy is not set or is set to an empty list, the sign-in screen will be displayed in the locale of the last user session. If this policy is set to a value which is not a valid locale, the sign-in screen will be displayed in a fallback locale (currently, en-US).</translation>
<translation id="1062011392452772310">Enable remote attestation for the device</translation>
<translation id="1093082332347834239">If this setting is enabled, the remote assistance host will be run in a process with <ph name="UIACCESS_PERMISSION_NAME" /> permissions. This will allow remote users to interact with elevated windows on the local user's desktop.
If this setting is disabled or not configured, the remote assistance host will run in the user's context and remote users cannot interact with elevated windows on the desktop.</translation>
<translation id="1096105751829466145">Default search provider</translation>
<translation id="1117535567637097036">The protocol handlers set via this policy are not used when handling Android intents.</translation>
<translation id="1122282995569868661">Shows the <ph name="PRODUCT_NAME" /> toolbar icon</translation>
<translation id="1128903365609589950">Configures the directory that <ph name="PRODUCT_NAME" /> will use for storing cached files on the disk.
If you set this policy, <ph name="PRODUCT_NAME" /> will use the provided directory regardless of whether the user has specified the '--disk-cache-dir' flag or not. To avoid data loss or other unexpected errors this policy should not be set to a volume's root directory or to a directory used for other purposes, because <ph name="PRODUCT_NAME" /> manages its contents.
See https://www.chromium.org/administrators/policy-list-3/user-data-directory-variables for a list of variables that can be used.
If this policy is left not set the default cache directory will be used and the user will be able to override it with the '--disk-cache-dir' command line flag.</translation>
<translation id="1138294736309071213">This policy is active in retail mode only.
Determines the duration before the screen saver is shown on the sign-in screen for devices in retail mode.
The policy value should be specified in milliseconds.</translation>
<translation id="1151353063931113432">Allow images on these sites</translation>
<translation id="1152117524387175066">Report the state of the device's dev switch at boot.
If the policy is set to false, the state of the dev switch will not be reported.</translation>
<translation id="1160939557934457296">Disable proceeding from the Safe Browsing warning page</translation>
<translation id="1166377463685560145">Specifies the printers which a user cannot use.
This policy is only used if <ph name="PRINTERS_BLACKLIST" /> is chosen for <ph name="DEVICE_PRINTERS_ACCESS_MODE" />.
If this policy is used, all printers are provided to the user except for the IDs listed in this policy.
</translation>
<translation id="1198465924256827162">How frequently device status uploads are sent, in milliseconds.
If this policy is unset, the default frequency is 3 hours. The minimum
allowed frequency is 60 seconds.</translation>
<translation id="1204263402976895730">Enabled enterprise printers</translation>
<translation id="1221359380862872747">Load specified URLs on demo login</translation>
<translation id="123081309365616809">Enable casting content to the device</translation>
<translation id="1265053460044691532">Limit the time for which a user authenticated via SAML can log in offline</translation>
<translation id="1291880496936992484">Warning: RC4 will be completely removed from <ph name="PRODUCT_NAME" /> after version 52 (around September 2016) and this policy will stop working then.
If the policy is not set, or is set to false, then RC4 cipher suites in TLS will not be enabled. Otherwise it may be set to true to retain compatibility with an outdated server. This is a stopgap measure and the server should be reconfigured.</translation>
<translation id="1297182715641689552">Use a .pac proxy script</translation>
<translation id="1304973015437969093">Extension/App IDs and update URLs to be silently installed</translation>
<translation id="1313457536529613143">Specifies the percentage by which the screen dim delay is scaled when user activity is observed while the screen is dimmed or soon after the screen has been turned off.
If this policy is set, it specifies the percentage by which the screen dim delay is scaled when user activity is observed while the screen is dimmed or soon after the screen has been turned off. When the dim delay is scaled, the screen off, screen lock and idle delays get adjusted to maintain the same distances from the screen dim delay as originally configured.
If this policy is unset, a default scale factor is used.
The scale factor must be 100% or more.</translation>
<translation id="131353325527891113">Show usernames on login screen</translation>
<translation id="1327466551276625742">Enable network configuration prompt when offline</translation>
<translation id="1330145147221172764">Enable on-screen keyboard</translation>
<translation id="1330985749576490863">Disables Google Drive over mobile connections in the <ph name="PRODUCT_OS_NAME" /> Files app</translation>
<translation id="13356285923490863">Policy Name</translation>
<translation id="1353966721814789986">Startup pages:</translation>
<translation id="1359553908012294236">If this policy is set to true or not configured, <ph name="PRODUCT_NAME" /> will enable guest logins. Guest logins are <ph name="PRODUCT_NAME" /> profiles where all windows are in incognito mode.
If this policy is set to false, <ph name="PRODUCT_NAME" /> will not allow guest profiles to be started.</translation>
<translation id="1363275621236827384">Enable queries to Quirks Server for hardware profiles</translation>
<translation id="1393485621820363363">Enabled enterprise device printers</translation>
<translation id="1397855852561539316">Default search provider suggest URL</translation>
<translation id="1420281424655200442">Controls which printers from the <ph name="DEVICE_PRINTERS_POLICY" /> are available to users.
Designates which access policy is used for bulk printer configuration. If <ph name="PRINTERS_ALLOW_ALL" /> is selected, all printers are shown. If <ph name="PRINTERS_BLACKLIST" /> is selected, <ph name="DEVICE_PRINTERS_BLACKLIST" /> is used to restrict access to the specified printers. f <ph name="PRINTERS_WHITELIST" /> is selected, <ph name="DEVICE_PRINTERS_WHITELIST" /> designates only those printers which are selectable.
If this policy is not set, <ph name="PRINTERS_BLACKLIST" /> is assumed.
</translation>
<translation id="1426410128494586442">Yes</translation>
<translation id="1427655258943162134">Address or URL of proxy server</translation>
<translation id="1435659902881071157">Device-level network configuration</translation>
<translation id="1438739959477268107">Default key generation setting</translation>
<translation id="1454846751303307294">Allows you to set a list of url patterns that specify sites which are not allowed to run JavaScript.
If this policy is left not set the global default value will be used for all sites either from the 'DefaultJavaScriptSetting' policy, if it is set, or the user's personal configuration otherwise.</translation>
<translation id="1456822151187621582">Windows (<ph name="PRODUCT_OS_NAME" /> clients):</translation>
<translation id="1464848559468748897">Control the user behaviour in a multi-profile session on <ph name="PRODUCT_OS_NAME" /> devices.
If this policy is set to 'Multi-ProfileUserBehaviourUnrestricted', the user can be either the primary or secondary user in a multi-profile session.
If this policy is set to 'Multi-ProfileUserBehaviourMustBePrimary', the user can only be the primary user in a multi-profile session.
If this policy is set to 'Multi-ProfileUserBehaviourNotAllowed', the user cannot be part of a multi-profile session.
If you set this setting, users cannot change or override it.
If the setting is changed while the user is signed into a multi-profile session, all users in the session will be checked against their corresponding settings. The session will be closed if any one of the users is no longer allowed to be in the session.
If the policy is left not set, the default value 'Multi-ProfileUserBehaviourMustBePrimary' applies for enterprise-managed users and 'Multi-ProfileUserBehaviourUnrestricted' will be used for non-managed users.</translation>
<translation id="1465619815762735808">Click to play</translation>
<translation id="1466133662354365542">Enables <ph name="PRODUCT_NAME" />'s AutoFill feature and allows users to auto complete credit card and address information in web forms using previously stored information.
If you disable this setting, Autofill will never suggest, or fill credit card information, nor will it save additional credit card information that the user might submit while browsing the web.
If you enable this setting or do not set a value, then user will be able to control the overall AutoFill feature (including credit cards) in the UI.</translation>
<translation id="1468307069016535757">Set the default state of the high contrast mode accessibility feature on the login screen.
If this policy is set to true, high contrast mode will be enabled when the login screen is shown.
If this policy is set to false, high contrast mode will be disabled when the login screen is shown.
If you set this policy, users can temporarily override it by enabling or disabling high contrast mode. However, the user's choice is not persistent and the default is restored whenever the login screen is shown anew or the user remains idle on the login screen for a minute.
If this policy is left unset, high contrast mode is disabled when the login screen is first shown. Users can enable or disable high contrast mode at any time and its status on the login screen is persisted between users.</translation>
<translation id="1468707346106619889">If this policy is set to true, Unified Desktop is allowed and
enabled by default, which allows applications to span multiple displays.
The user may disable Unified Desktop for individual displays by unticking
it in the display settings.
If this policy is set to false or unset, Unified Desktop will be
disabled. In this case, the user cannot enable the feature.</translation>
<translation id="1474273443907024088">Disable TLS False Start</translation>
<translation id="1477934438414550161">TLS 1.2</translation>
<translation id="1484146587843605071"><ph name="PRODUCT_NAME" /> will bypass any proxy for the list of hosts given here.
This policy only takes effect if you have selected manual proxy settings at 'Choose how to specify proxy server settings'.
You should leave this policy unset if you have selected any other mode for setting proxy policies.
For more detailed examples, visit:
<ph name="PROXY_HELP_URL" />.</translation>
<translation id="1504431521196476721">Remote Attestation</translation>
<translation id="1509692106376861764">This policy has been retired as of <ph name="PRODUCT_NAME" /> version 29.</translation>
<translation id="1522425503138261032">Allow sites to track the users' physical location</translation>
<translation id="152657506688053119">List of alternative URLs for the default search provider</translation>
<translation id="1530812829012954197">Always render the following URL patterns in the host browser</translation>
<translation id="1553684822621013552">When this policy is set to true, ARC will be enabled for the user
(subject to additional policy settings checks – ARC will still be
unavailable if either ephemeral mode or multiple sign-in is enabled
in the current user session).
If this setting is disabled or not configured then enterprise users are
unable to use ARC.</translation>
<translation id="1561424797596341174">Policy overrides for Debug builds of the remote access host</translation>
<translation id="1561967320164410511">U2F plus extensions for individual attestation</translation>
<translation id="1583248206450240930">Use <ph name="PRODUCT_FRAME_NAME" /> by default</translation>
<translation id="1603058613431276040">Provides configurations for enterprise printers bound to devices.
This policy allows you to provide printer configurations to <ph name="PRODUCT_OS_NAME" /> devices. The size of the file must not exceed 5 MB and must be encoded in JSON. The format is the same as the NativePrinters dictionary. It is estimated that a file containing approximately 21,000 printers will encode as a 5 MB file. The cryptographic hash is used to verify the integrity of the download.
The file is downloaded and cached. It will be re-downloaded whenever the URL or the hash changes.
If this policy is set, <ph name="PRODUCT_OS_NAME" /> will download the file for printer configurations and make printers available in accordance with <ph name="DEVICE_PRINTERS_ACCESS_MODE" />, <ph name="DEVICE_PRINTERS_WHITELIST" /> and <ph name="DEVICE_PRINTERS_BLACKLIST" />.
This policy has no effect on whether users can configure printers on individual devices. It is intended to be supplementary to the configuration of printers by individual users.
This policy is additive to the <ph name="BULK_PRINTERS_POLICY" />.
If this policy is unset, there will be no device printers and the other <ph name="DEVICE_PRINTERS_POLICY_PATTERN" /> policies will be ignored.</translation>
<translation id="1608755754295374538">URLs that will be granted access to audio capture devices without prompt</translation>
<translation id="1617235075406854669">Enable deleting browser and download history</translation>
<translation id="163200210584085447">Patterns in this list will be matched against the security
origin of the requesting URL. If a match is found, access to video
capture devices will be granted on SAML login pages. If no match is
found, access will be automatically denied. Wildcard patterns are not
allowed.</translation>
<translation id="1634989431648355062">Allow the <ph name="FLASH_PLUGIN_NAME" /> plug-in on these sites</translation>
<translation id="1655229863189977773">Set disk cache size in bytes</translation>
<translation id="166427968280387991">Proxy server</translation>
<translation id="1668836044817793277">Whether to allow the auto launched with zero delay kiosk app to control <ph name="PRODUCT_OS_NAME" /> version.
This policy controls whether to allow the auto launched with zero delay kiosk app to control <ph name="PRODUCT_OS_NAME" /> version by declaring a required_platform_version in its manifest and use it as the auto update target version prefix.
If the policy is set to true, the value of required_platform_version manifest key of the auto launched with zero delay kiosk app is used as auto update target version prefix.
If the policy is not configured or set to false, the required_platform_version manifest key is ignored and auto update proceeds as normal.
Warning: It is not recommended to delegate control of the <ph name="PRODUCT_OS_NAME" /> version to a kiosk app as it may prevent the device from receiving software updates and critical security fixes. Delegating control of the <ph name="PRODUCT_OS_NAME" /> version might leave users at risk.</translation>
<translation id="1675002386741412210">Supported on:</translation>
<translation id="1679420586049708690">Public session for auto-login</translation>
<translation id="1689963000958717134">Allows pushing network configuration to be applied for all users of a <ph name="PRODUCT_OS_NAME" /> device. The network configuration is a JSON-formatted string as defined by the Open Network Configuration format described at <ph name="ONC_SPEC_URL" /></translation>
<translation id="1708496595873025510">Set the restriction on the fetching of the Variations seed</translation>
<translation id="172374442286684480">Allow all sites to set local data.</translation>
<translation id="1734716591049455502">Configure remote access options</translation>
<translation id="1736269219679256369">Allow proceeding from the SSL warning page</translation>
<translation id="1749815929501097806">Sets the Terms of Service that the user must accept before starting a device-local account session.
If this policy is set, <ph name="PRODUCT_OS_NAME" /> will download the Terms of Service and present them to the user whenever a device-local account session is starting. The user will only be allowed into the session after accepting the Terms of Service.
If this policy is not set, no Terms of Service are shown.
The policy should be set to a URL from which <ph name="PRODUCT_OS_NAME" /> can download the Terms of Service. The Terms of Service must be plain text, served as MIME type text/plain. No markup is allowed.</translation>
<translation id="1750315445671978749">Block all downloads</translation>
<translation id="1781356041596378058">This policy also controls access to Android Developer Options. If you set this policy to true, users cannot access Developer Options. If you set this policy to false or leave it unset, users can access Developer Options by tapping seven times on the build number in the Android settings app.</translation>
<translation id="1803646570632580723">List of pinned apps to show in the launcher</translation>
<translation id="1808715480127969042">Block cookies on these sites</translation>
<translation id="1827523283178827583">Use fixed proxy servers</translation>
<translation id="1843117931376765605">Refresh rate for user policy</translation>
<translation id="1844620919405873871">Configures quick unlock related policies.</translation>
<translation id="1847960418907100918">Specifies the parameters used when doing instant search with POST. It consists of comma-separated name/value pairs. If a value is a template parameter, like {searchTerms} in above example, it will be replaced with real search terms data.
This policy is optional. If not set, instant search request will be sent using the GET method.
This policy is only respected if the 'DefaultSearchProviderEnabled' policy is enabled.</translation>
<translation id="1859859319036806634">Warning: The TLS version fallback will be removed from <ph name="PRODUCT_NAME" /> after version 52 (around September 2016) and this policy will stop working then.
When a TLS handshake fails, <ph name="PRODUCT_NAME" /> would previously retry the connection with a lesser version of TLS in order to work around bugs in HTTPS servers. This setting configures the version at which this fallback process will stop. If a server performs version negotiation correctly (i.e. without breaking the connection) then this setting doesn't apply. Regardless, the resulting connection must still comply with SSLVersionMin.
If this policy is not configured or if it is set to "tls1.2" then <ph name="PRODUCT_NAME" /> no longer performs this fallback. Note that this does not disable support for older TLS versions, only whether <ph name="PRODUCT_NAME" /> will work around buggy servers which cannot negotiate versions correctly.
Otherwise, if compatibility with a buggy server must be maintained, this policy may be set to "tls1.1". This is a stopgap measure and the server should be rapidly fixed.</translation>
<translation id="1864269674877167562">If this policy is set to a blank string or not configured, <ph name="PRODUCT_OS_NAME" /> will not show an auto-complete option during user sign-in flow.
If this policy is set to a string representing a domain name, <ph name="PRODUCT_OS_NAME" /> will show an auto-complete option during user sign-in allowing the user to type in only their user name without the domain name extension. The user will be able to overwrite this domain name extension.</translation>
<translation id="1865417998205858223">Key Permissions</translation>
<translation id="186719019195685253">Action to take when the idle delay is reached while running on AC power</translation>
<translation id="187819629719252111">Allows access to local files on the machine by allowing <ph name="PRODUCT_NAME" /> to display file selection dialogues.
If you enable this setting, users can open file selection dialogues as normal.
If you disable this setting, whenever the user performs an action which would provoke a file selection dialogue (like importing bookmarks, uploading files, saving links, etc.) a message is displayed instead and the user is assumed to have clicked Cancel on the file selection dialogue.
If this setting is not set, users can open file selection dialogues as normal.</translation>
<translation id="1879485426724769439">Specifies the timezone to be used for the device. Users can override the specified timezone for the current session. However, on logout it is set back to the specified timezone. If an invalid value is provided, the policy is still activated using "GMT" instead. If an empty string is provided, the policy is ignored.
If this policy is not used, the currently active timezone will remain in use however users can change the timezone and the change is persistent. Thus a change by one user affects the login-screen and all other users.
New devices start out with the timezone set to "US/Pacific".
The format of the value follows the names of timezones in the "IANA Time Zone Database" (see "https://en.wikipedia.org/wiki/Tz_database"). In particular, most timezones can be referred to by "continent/large_city" or "ocean/large_city".
Setting this policy completely disables automatic timezone resolve by device location. It also overrides SystemTimezoneAutomaticDetection policy.</translation>
<translation id="1897365952389968758">Allow all sites to run JavaScript (recommended)</translation>
<translation id="193259052151668190">Whitelist of USB detachable devices</translation>
<translation id="1933378685401357864">Wallpaper image</translation>
<translation id="1956493342242507974">Configure power management on the log-in screen in <ph name="PRODUCT_OS_NAME" />.
This policy lets you configure how <ph name="PRODUCT_OS_NAME" /> behaves when there is no user activity for some amount of time while the log-in screen is being shown. The policy controls multiple settings. For their individual semantics and value ranges, see the corresponding policies that control power management within a session. The only deviations from these policies are:
* The actions to take on idle or lid close cannot be to end the session.
* The default action taken on idle when running on AC power is to shut down.
If a setting is left unspecified, a default value is used.
If this policy is unset, defaults are used for all settings.</translation>
<translation id="1960840544413786116">Whether to allow certificates issued by local trust anchors that are missing the subjectAlternativeName extension</translation>
<translation id="1964634611280150550">Incognito mode disabled.</translation>
<translation id="1964802606569741174">This policy has no effect on the Android YouTube app. If Safety Mode on YouTube should be enforced, installation of the Android YouTube app should be disallowed.</translation>
<translation id="1969212217917526199">Overrides policies on Debug builds of the remote access host.
The value is parsed as a JSON dictionary of policy name to policy value mappings.</translation>
<translation id="1988371335297483117">Auto-update payloads on <ph name="PRODUCT_OS_NAME" /> can be downloaded via HTTP instead of HTTPS. This allows transparent HTTP caching of HTTP downloads.
If this policy is set to true, <ph name="PRODUCT_OS_NAME" /> will attempt to download auto-update payloads via HTTP. If the policy is set to false or not set, HTTPS will be used for downloading auto-update payloads.</translation>
<translation id="2006530844219044261">Power management</translation>
<translation id="201557587962247231">Frequency of device status report uploads</translation>
<translation id="2018836497795982119">Specifies the period in milliseconds at which the device management service is queried for user policy information.
Setting this policy overrides the default value of 3 hours. Valid values for this policy are in the range from 1,800,000 (30 minutes) to 86,400,000 (1 day). Any values not in this range will be clamped to the respective boundary. If the platform supports policy notifications, the refresh delay will be set to 24 hours because it is expected that policy notifications will force a refresh automatically whenever policy changes.
Leaving this policy not set will make <ph name="PRODUCT_NAME" /> use the default value of 3 hours.
Note that if the platform supports policy notifications, the refresh delay will be set to 24 hours (ignoring all defaults and the value of this policy) because it is expected that policy notifications will force a refresh automatically whenever policy changes, making more frequent refreshes unnecessary.</translation>
<translation id="2024476116966025075">Configure the required domain name for remote access clients</translation>
<translation id="2030905906517501646">Default search provider keyword</translation>
<translation id="203096360153626918">This policy has no effect on the Android apps. They will be able to enter full screen mode even if this policy is set to <ph name="FALSE" />.</translation>
<translation id="2043770014371753404">Disabled enterprise printers</translation>
<translation id="2063380907529983889">Controls which printers from the <ph name="BULK_PRINTERS_POLICY" /> are available to users.
Designates which access policy is used for bulk printer configuration. If <ph name="PRINTERS_ALLOW_ALL" /> is selected, all printers are shown. If <ph name="PRINTERS_BLACKLIST" /> is selected, <ph name="BULK_PRINTERS_BLACKLIST" /> is used to restrict access to the specified printers. If <ph name="PRINTERS_WHITELIST" /> is selected, <ph name="BULK_PRINTERS_WHITELIST" /> designates only those printers which are selectable.
If this policy is not set, <ph name="PRINTERS_BLACKLIST" /> is assumed.
</translation>
<translation id="206623763829450685">Specifies which HTTP authentication schemes are supported by <ph name="PRODUCT_NAME" />.
Possible values are 'basic', 'digest', 'ntlm' and 'negotiate'. Separate multiple values with commas.
If this policy is left unset, all four schemes will be used.</translation>
<translation id="2067011586099792101">Block access to sites outside of content packs</translation>
<translation id="2077129598763517140">Use hardware acceleration when available</translation>
<translation id="2077273864382355561">Screen off delay when running on battery power</translation>
<translation id="2082205219176343977">Configure minimum allowed Chrome version for the device.</translation>
<translation id="209586405398070749">Stable channel</translation>
<translation id="2098658257603918882">Enable reporting of usage and crash-related data</translation>
<translation id="2113068765175018713">Limit device uptime by automatically rebooting</translation>
<translation id="2127599828444728326">Allow notifications on these sites</translation>
<translation id="2131902621292742709">Screen dim delay when running on battery power</translation>
<translation id="2134437727173969994">Permit locking the screen</translation>
<translation id="2137064848866899664">If this policy is set, each display is rotated to the
specified orientation on every reboot and the first time that it is connected
after the policy value has changed. Users may change the display
rotation via the settings page after logging in, but their
setting will be overridden by the policy value at the next reboot.
This policy applies to both the primary and all secondary displays.
If the policy is not set, the default value is 0 degrees and the user is
free to change it. In this case, the default value is not reapplied at
restart.</translation>
<translation id="2156132677421487971">Configure policies for <ph name="PRODUCT_NAME" />, a feature that allows users to send the contents of tabs, sites or the desktop from the browser to remote displays and sound systems.</translation>
<translation id="2168397434410358693">Idle delay when running on AC power</translation>
<translation id="2170233653554726857">Enable WPAD optimisation</translation>
<translation id="2176565653304920879">When this policy is set, automatic time zone detection flow will be in one of the following ways depending on the value of the setting:
If set to TimezoneAutomaticDetectionUsersDecide, users would be able to control automatic time zone detection using normal controls in chrome://settings.
If set to TimezoneAutomaticDetectionDisabled, automatic time zone controls in chrome://settings will be disabled. Automatic time zone detection will always be off.
If set to TimezoneAutomaticDetectionIPOnly, time zone controls in chrome://settings will be disabled. Automatic time zone detection will always be on. Time zone detection will use IP-only method to resolve location.
If set to TimezoneAutomaticDetectionSendWiFiAccessPoints, time zone controls in chrome://settings will be disabled. Automatic time zone detection will always be on. The list of visible Wi-Fi access points will always be sent to Geolocation API server for fine-grained time zone detection.
If set to TimezoneAutomaticDetectionSendAllLocationInfo, time zone controls in chrome://settings will be disabled. Automatic time zone detection will always be on. Location information (such as Wi-Fi access points, reachable mobile masts, GPS) will be sent to a server for fine-grained time zone detection.
If this policy is not set, it will behave as if TimezoneAutomaticDetectionUsersDecide is set.
If SystemTimezone policy is set, it overrides this policy. In this case automatic time zone detection is completely disabled.</translation>
<translation id="2178899310296064282">Enforce at least Moderate Restricted Mode on YouTube</translation>
<translation id="2183294522275408937">This setting controls how often the lock screen will request the password to be entered in order to continue using quick unlock. Each time the lock screen is entered, if the last password entry was more than this setting, the quick unlock will not be available on entering the lock screen. Should the user stay on the lock screen past this period of time, a password will be requested next time the user enters the wrong code, or re-enters the lock screen, whichever comes first.
If this setting is configured, users using quick unlock will be requested to enter their passwords on the lock screen depending on this setting.
If this setting is not configured, users using quick unlock will be requested to enter their password on the lock screen every day.</translation>
<translation id="2194470398825717446">This policy is deprecated in M61, please use EcryptfsMigrationStrategy instead.
Specifies how a device should behave that shipped with ecryptfs and needs to transition to ext4 encryption.
If you set this policy to 'DisallowArc', Android apps will be disabled for all users on the device (including those that have ext4 encryption already) and no migration from ecryptfs to ext4 encryption will be offered to any users.
If you set this policy to 'AllowMigration', users with ecryptfs home directories will be offered to migrate these to ext4 encryption as necessary (currently when Android N becomes available on the device).
This policy does not apply to kiosk apps – these are migrated automatically. If this policy is left not set, the device will behave as if 'DisallowArc' was chosen.</translation>
<translation id="2201555246697292490">Configure native messaging whitelist</translation>
<translation id="2204753382813641270">Control shelf auto-hiding</translation>
<translation id="2208976000652006649">Parameters for search URL which uses POST</translation>
<translation id="2223598546285729819">Default notification settings</translation>
<translation id="2231817271680715693">Import browsing history from default browser on first run</translation>
<translation id="2236488539271255289">Do not allow any site to set local data</translation>
<translation id="2240879329269430151">Allows you to set whether websites are allowed to show pop-ups. Showing pop-ups can be either allowed for all websites or denied for all websites.
If this policy is left unset, 'BlockPop-ups' will be used and the user will be able to change it.</translation>
<translation id="2274864612594831715">This policy configures enabling the virtual keyboard as an input device on ChromeOS. Users cannot override this policy.
If the policy is set to true, the on-screen virtual keyboard will always be enabled.
If set to false, the on-screen virtual keyboard will always be disabled.
If you set this policy, users cannot change or override it. However, users will still be able to enable/disable an accessibility on-screen keyboard which takes precedence over the virtual keyboard controlled by this policy. See the |VirtualKeyboardEnabled| policy for controlling the accessibility on-screen keyboard.
If this policy is left unset, the on-screen keyboard is disabled initially but can be enabled by the user anytime. Heuristic rules may also be used to decide when to display the keyboard.</translation>
<translation id="228659285074633994">Specifies the length of time without user input after which a warning dialogue is shown when running on AC power.
When this policy is set, it specifies the length of time that the user must remain idle before <ph name="PRODUCT_OS_NAME" /> shows a warning dialogue telling the user that the idle action is about to be taken.
When this policy is unset, no warning dialogue is shown.
The policy value should be specified in milliseconds. Values are clamped to be less than or equal the idle delay.</translation>
<translation id="2292084646366244343"><ph name="PRODUCT_NAME" /> can use a Google web service to help resolve spelling errors. If this setting is enabled, then this service is always used. If this setting is disabled, then this service is never used.
Spell checking can still be performed using a downloaded dictionary; this policy only controls the usage of the online service.
If this setting is not configured then users can choose whether the spell checking service should be used or not.</translation>
<translation id="2294382669900758280">Video playing in Android apps is not taken into consideration, even if this policy is set to <ph name="TRUE" />.</translation>
<translation id="2298647742290373702">Configure the default New Tab page in <ph name="PRODUCT_NAME" />.</translation>
<translation id="2299220924812062390">Specify a list of enabled plug-ins</translation>
<translation id="2303795211377219696">Enable AutoFill for credit cards</translation>
<translation id="2309390639296060546">Default geolocation setting</translation>
<translation id="2312134445771258233">Allows you to configure the pages that are loaded on start-up.
The contents of the list 'URLs to open at start-up' are ignored unless you select 'Open a list of URLs' in 'Action on start-up'.</translation>
<translation id="2334591568684482454">Configures availability and behaviour of <ph name="TPM_FIRMWARE_UPDATE_TPM" /> firmware update functionality.
Individual settings can be specified in JSON properties:
<ph name="TPM_FIRMWARE_UPDATE_SETTINGS_ALLOW_USER_INITIATED_POWERWASH" />: If set to <ph name="TPM_FIRMWARE_UPDATE_SETTINGS_ALLOW_USER_INITIATED_POWERWASH_TRUE" />, users will be able to trigger the powerwash flow to install a <ph name="TPM_FIRMWARE_UPDATE_TPM" /> firmware update.
If the policy is not set, <ph name="TPM_FIRMWARE_UPDATE_TPM" /> firmware update functionality will not be available.</translation>
<translation id="2337466621458842053">Allows you to set a list of url patterns that specify sites which are allowed to display images.
If this policy is left unset, the global default value will be used for all sites either from the 'DefaultImagesSetting' policy, if it is set, or the user's personal configuration otherwise.</translation>
<translation id="2372547058085956601">The public session auto-login delay.
If the |DeviceLocalAccountAutoLoginId| policy is unset, this policy has no effect. Otherwise:
If this policy is set, it determines the amount of time without user activity that should elapse before automatically logging into the public session specified by the |DeviceLocalAccountAutoLoginId| policy.
If this policy is unset, 0 milliseconds will be used as the timeout.
This policy is specified in milliseconds.</translation>
<translation id="237494535617297575">Allows you to set a list of url patterns that specify sites which are allowed to display notifications.
If this policy is left unset, the global default value will be used for all sites either from the 'DefaultNotificationsSetting' policy, if it is set, or the user's personal configuration otherwise.</translation>
<translation id="2386362615870139244">Allow screen wake locks</translation>
<translation id="2411919772666155530">Block notifications from these sites</translation>
<translation id="2418507228189425036">Disables saving browser history in <ph name="PRODUCT_NAME" /> and prevents users from changing this setting.
If this setting is enabled, browsing history is not saved. This setting also disables tab syncing.
If this setting is disabled or not set, browsing history is saved.</translation>
<translation id="2424023834246613232">Overrides <ph name="PRODUCT_NAME" /> default printer selection rules.
This policy determines the rules for selecting the default printer in <ph name="PRODUCT_NAME" /> which happens the first time the print function is used with a profile.
When this policy is set, <ph name="PRODUCT_NAME" /> will attempt to find a printer matching all of the specified attributes and select it as default printer. The first printer found that matches the policy is selected. In the case of non-unique match, any matching printer can be selected, depending on the order in which printers are discovered.
If this policy is not set or a matching printer is not found within the timeout, the printer defaults to built-in PDF printer or no printer selected when PDF printer is not available.
The value is parsed as JSON object, conforming to the following schema:
{
"type": "object",
"properties": {
"kind": {
"description": "Whether to limit the search of the matching printer to a specific set of printers.",
"type": {
"enum": [ "local", "cloud" ]
}
},
"idPattern": {
"description": "Regular expression to match printer id.",
"type": "string"
},
"namePattern": {
"description": "Regular expression to match printer display name.",
"type": "string"
}
}
}
Printers connected to <ph name="CLOUD_PRINT_NAME" /> are considered <ph name="PRINTER_TYPE_CLOUD" />, the rest of the printers are classified as <ph name="PRINTER_TYPE_LOCAL" />.
Omitting a field means all values match, for example, not specifying connectivity will cause Print Preview to initiate the discovery of all types of printers, local and cloud.
Regular expression patterns must follow the JavaScript RegExp syntax and matches are case sensitive.</translation>
<translation id="2426782419955104525">Enables <ph name="PRODUCT_NAME" />'s Instant feature and prevents users from changing this setting.
If you enable this setting, <ph name="PRODUCT_NAME" /> Instant is enabled.
If you disable this setting, <ph name="PRODUCT_NAME" /> Instant is disabled.
If you enable or disable this setting, users cannot change or override this setting.
If this setting is left unset, the user can decide to use this function or not.
This setting has been removed from <ph name="PRODUCT_NAME" /> 29 and higher versions.</translation>
<translation id="2436445024487698630">Allows sign in to <ph name="PRODUCT_NAME" /></translation>
<translation id="244317009688098048">Enable bailout keyboard shortcut for auto-login.
If this policy is unset or set to True and a device-local account is configured for zero-delay auto-login, <ph name="PRODUCT_OS_NAME" /> will honour the keyboard shortcut Ctrl+Alt+S for bypassing auto-login and showing the login screen.
If this policy is set to False, zero-delay auto-login (if configured) cannot be bypassed.</translation>
<translation id="2463365186486772703">Application locale</translation>
<translation id="2466131534462628618">Captive portal authentication ignores proxy</translation>
<translation id="2482676533225429905">Native Messaging</translation>
<translation id="2483146640187052324">Predict network actions on any network connection</translation>
<translation id="2486371469462493753">Disables enforcing Certificate Transparency requirements to the listed URLs.
This policy allows certificates for the hostnames in the specified URLs to not be disclosed via Certificate Transparency. This allows certificates that would otherwise be untrusted, because they were not properly publicly disclosed, to continue to be used, but makes it harder to detect miss-isued certificates for those hosts.
A URL pattern is formatted according to https://www.chromium.org/administrators/url-blacklist-filter-format. However, because certificates are valid for a given hostname independent of the scheme, port or path, only the hostname portion of the URL is considered. Wildcard hosts are not supported.
If this policy is not set, any certificate that is required to be disclosed via Certificate Transparency will be treated as untrusted if it is not disclosed according to the Certificate Transparency policy.</translation>
<translation id="2488010520405124654">Enable network configuration prompt when offline.
If this policy is unset or set to True and a device-local account is configured for zero-delay auto-login and the device does not have access to the Internet, <ph name="PRODUCT_OS_NAME" /> will show a network configuration prompt.
If this policy is set to False, an error message will be displayed instead of the network configuration prompt.</translation>
<translation id="2498238926436517902">Always auto-hide the shelf</translation>
<translation id="2514328368635166290">Specifies the favourite icon URL of the default search provider.
This policy is optional. If not set, no icon will be present for the search provider.
This policy is only respected if the 'DefaultSearchProviderEnabled' policy is enabled.</translation>
<translation id="2516600974234263142">Enables printing in <ph name="PRODUCT_NAME" /> and prevents users from changing this setting.
If this setting is enabled or not configured, users can print.
If this setting is disabled, users cannot print from <ph name="PRODUCT_NAME" />. Printing is disabled in the wrench menu, extensions, JavaScript applications etc. It is still possible to print from plugins that bypass <ph name="PRODUCT_NAME" /> while printing. For example, certain Flash applications have the print option in their context menu, which is not covered by this policy.</translation>
<translation id="2518231489509538392">Allow playing audio</translation>
<translation id="2521581787935130926">Show the apps shortcut in the bookmark bar</translation>
<translation id="2529700525201305165">Restrict which users are allowed to sign in to <ph name="PRODUCT_NAME" /></translation>
<translation id="2529880111512635313">Configure the list of force-installed apps and extensions</translation>
<translation id="253135976343875019">Idle warning delay when running on AC power</translation>
<translation id="2552966063069741410">Timezone</translation>
<translation id="2562339630163277285">Specifies the URL of the search engine used to provide instant results. The URL should contain the string <ph name="SEARCH_TERM_MARKER" />, which will be replaced at query time by the text the user has entered so far.
This policy is optional. If not set, no instant search results will be provided.
Google's instant results URL can be specified as: <ph name="GOOGLE_INSTANT_SEARCH_URL" />.
This policy is only respected if the 'DefaultSearchProviderEnabled' policy is enabled.</translation>
<translation id="2569647487017692047">If this policy is set to false, <ph name="PRODUCT_OS_NAME" /> will disable Bluetooth and the user cannot enable it back.
If this policy is set to true or left unset, the user will be able to enable or disable Bluetooth as they wish.
If this policy is set, the user cannot change or override it.
After enabling Bluetooth, the user must log out and log back in for the changes to take effect (no need for this when disabling Bluetooth).</translation>
<translation id="2571066091915960923">Enable or disable the data compression proxy and prevent users from changing this setting.
If you enable or disable this setting, users cannot change or override this setting.
If this policy is left not set, the data compression proxy feature will be available for the user to choose whether to use it or not.</translation>
<translation id="2587719089023392205">Set <ph name="PRODUCT_NAME" /> as Default Browser</translation>
<translation id="2592091433672667839">Duration of inactivity before the screen saver is shown on the sign-in screen in retail mode</translation>
<translation id="2623014935069176671">Wait for initial user activity</translation>
<translation id="262740370354162807">Enable submission of documents to <ph name="CLOUD_PRINT_NAME" /></translation>
<translation id="2633084400146331575">Enable spoken feedback</translation>
<translation id="2646290749315461919">Allows you to set whether websites are allowed to track the users' physical location. Tracking the users' physical location can be allowed by default, denied by default or the user can be asked every time a website requests the physical location.
If this policy is left not set, 'AskGeolocation' will be used and the user will be able to change it.</translation>
<translation id="2650049181907741121">Action to take when the user closes the lid</translation>
<translation id="2655233147335439767">Specifies the URL of the search engine used when doing a default search. The URL should contain the string '<ph name="SEARCH_TERM_MARKER" />', which will be replaced at query time by the terms the user is searching for.
Google's search URL can be specified as: <ph name="GOOGLE_SEARCH_URL" />.
This option must be set when the 'DefaultSearchProviderEnabled' policy is enabled and will only be respected if this is the case.</translation>
<translation id="2660846099862559570">Never use a proxy</translation>
<translation id="267596348720209223">Specifies the character encodings supported by the search provider. Encodings are code page names like UTF-8, GB2312, and ISO-8859-1. They are tried in the order provided.
This policy is optional. If not set, the default will be used which is UTF-8.
This policy is only respected if the 'DefaultSearchProviderEnabled' policy is enabled.</translation>
<translation id="2682225790874070339">Disables Drive in the <ph name="PRODUCT_OS_NAME" /> Files app</translation>
<translation id="268577405881275241">Enable the data compression proxy feature</translation>
<translation id="2731627323327011390">Disable usage of <ph name="PRODUCT_OS_NAME" /> certificates to ARC-apps</translation>
<translation id="2742843273354638707">Hide the Chrome Web Store app and footer link from the New Tab Page and <ph name="PRODUCT_OS_NAME" /> app launcher.
When this policy is set to true, the icons are hidden.
When this policy is set to false or is not configured, the icons are visible.</translation>
<translation id="2744751866269053547">Register protocol handlers</translation>
<translation id="2746016768603629042">This policy is deprecated, please use DefaultJavaScriptSetting instead.
Can be used to disable JavaScript in <ph name="PRODUCT_NAME" />.
If this setting is disabled, web pages cannot use JavaScript and the user cannot change that setting.
If this setting is enabled or not set, web pages can use JavaScript but the user can change that setting.</translation>
<translation id="2753637905605932878">Restrict the range of local UDP ports used by WebRTC</translation>
<translation id="2757054304033424106">Types of extensions/apps that are allowed to be installed</translation>
<translation id="2759224876420453487">Control the user behaviour in a multiprofile session</translation>
<translation id="2761483219396643566">Idle warning delay when running on battery power</translation>
<translation id="2762164719979766599">Specifies the list of device-local accounts to be shown on the login screen.
Every list entry specifies an identifier, which is used internally to tell the different device-local accounts apart.</translation>
<translation id="2766302473082018239">Specifies the printers which a user can use.
This policy is only used if <ph name="PRINTERS_WHITELIST" /> is chosen for <ph name="BULK_PRINTERS_ACCESS_MODE" />.
If this policy is used, only the printers with IDs matching the values in this policy are available to the user. The IDs must correspond to the entries in the file specified in <ph name="BULK_PRINTERS_POLICY" />.
</translation>
<translation id="2769952903507981510">Configure the required domain name for remote access hosts</translation>
<translation id="2787173078141616821">Report information about status of Android</translation>
<translation id="2801230735743888564">Allow users to play dinosaur easter egg game when device is offline.
If this policy is set to False, users will not be able to play the dinosaur Easter egg game when device is offline. If this setting is set to True, users are allowed to play the dinosaur game. If this policy is not set, users are not allowed to play the dinosaur Easter egg game on enrolled Chrome OS, but are allowed to play it under other circumstances.</translation>
<translation id="2805707493867224476">Allow all sites to show pop-ups</translation>
<translation id="2808013382476173118">Enables usage of STUN servers when remote clients are trying to establish a connection to this machine.
If this setting is enabled, then remote clients can discover and connect to this machine even if they are separated by a firewall.
If this setting is disabled and outgoing UDP connections are filtered by the firewall, then this machine will only allow connections from client machines within the local network.
If this policy is not set, the setting will be enabled.</translation>
<translation id="2823870601012066791">Windows registry location for <ph name="PRODUCT_OS_NAME" /> clients:</translation>
<translation id="2824715612115726353">Enable Incognito mode</translation>
<translation id="2838830882081735096">Disallow data migration and ARC</translation>
<translation id="2844404652289407061">Enables the availability of Touch to Search in <ph name="PRODUCT_NAME" />'s content view.
If you enable this setting, Touch to Search will be available to the user and they can choose to turn the feature on or off.
If you disable this setting, Touch to Search will be disabled completely.
If this policy is left not set, it is equivalent to being enabled, see description above.</translation>
<translation id="285480231336205327">Enable high contrast mode</translation>
<translation id="2854919890879212089">Causes <ph name="PRODUCT_NAME" /> to use the system default printer as the default choice in Print Preview instead of the most recently used printer.
If you disable this setting or do not set a value, Print Preview will use the most recently used printer as the default destination choice.
If you enable this setting, Print Preview will use the OS system default printer as the default destination choice.</translation>
<translation id="2872961005593481000">Shut down</translation>
<translation id="2874209944580848064">Note for <ph name="PRODUCT_OS_NAME" /> devices supporting Android apps:</translation>
<translation id="2877225735001246144">Disable CNAME lookup when negotiating Kerberos authentication</translation>
<translation id="2884728160143956392">Allow session only cookies on these sites</translation>
<translation id="2893546967669465276">Send system logs to the management server</translation>
<translation id="2899002520262095963">Android apps can use the network configurations and CA certificates set via this policy, but do not have access to some configuration options.</translation>
<translation id="2906874737073861391">List of AppPack extensions</translation>
<translation id="2908277604670530363">Maximum number of concurrent connections to the proxy server</translation>
<translation id="2956777931324644324">This policy has been retired as of <ph name="PRODUCT_NAME" /> version 36.
Specifies whether the TLS domain-bound certificates extension should be enabled.
This setting is used to enable the TLS domain-bound certificates extension for testing. This experimental setting will be removed in the future.</translation>
<translation id="2957506574938329824">Do not allow any site to request access to Bluetooth devices via the Web Bluetooth API</translation>
<translation id="2957513448235202597">Account type for <ph name="HTTP_NEGOTIATE" /> authentication</translation>
<translation id="2959898425599642200">Proxy bypass rules</translation>
<translation id="2960691910306063964">Enable or disable PIN-less authentication for remote access hosts</translation>
<translation id="2976002782221275500">Specifies the length of time without user input after which the screen is dimmed when running on battery power.
When this policy is set to a value greater than zero, it specifies the length of time that the user must remain idle before <ph name="PRODUCT_OS_NAME" /> dims the screen.
When this policy is set to zero, <ph name="PRODUCT_OS_NAME" /> does not dim the screen when the user becomes idle.
When this policy is unset, a default length of time is used.
The policy value should be specified in milliseconds. Values are clamped to be less than or equal the screen off delay (if set) and the idle delay.</translation>
<translation id="2987155890997901449">Enable ARC</translation>
<translation id="2987227569419001736">Control use of the Web Bluetooth API</translation>
<translation id="3001534538097271560">Setting this policy to false stops users from choosing to send some system information and page content to Google servers. If this setting is true or not configured, users will be allowed to send some system information and page content to Safe Browsing to help detect dangerous apps and sites.
See https://developers.google.com/safe-browsing for more info on SafeBrowsing.</translation>
<translation id="3016255526521614822">Whitelist note-taking apps allowed on the <ph name="PRODUCT_OS_NAME" /> lock screen</translation>
<translation id="3030000825273123558">Enable metrics reporting</translation>
<translation id="3034580675120919256">Allows you to set whether websites are allowed to run JavaScript. Running JavaScript can be either allowed for all websites or denied for all websites.
If this policy is left unset, 'AllowJavaScript' will be used and the user will be able to change it.</translation>
<translation id="3038323923255997294">Continue running background apps when <ph name="PRODUCT_NAME" /> is closed</translation>
<translation id="3046192273793919231">Send network packets to the management server to monitor online status</translation>
<translation id="3048744057455266684">If this policy is set and a search URL suggested from the omnibox contains this parameter in the query string or in the fragment identifier, then the suggestion will show the search terms and search provider instead of the raw search URL.
This policy is optional. If not set, no search term replacement will be performed.
This policy is only respected if the 'DefaultSearchProviderEnabled' policy is enabled.</translation>
<translation id="3069958900488014740">Allows you to turn off WPAD (Web Proxy Auto-Discovery) optimisation in <ph name="PRODUCT_NAME" />.
If this policy is set to false, WPAD optimisation is disabled causing <ph name="PRODUCT_NAME" /> to wait longer for DNS-based WPAD servers. If the policy is not set or is enabled, WPAD optimisation is enabled.
Independent of whether or how this policy is set, the WPAD optimisation setting cannot be changed by users.</translation>
<translation id="3072045631333522102">Screen saver to be used on the sign-in screen in retail mode</translation>
<translation id="3072847235228302527">Set the Terms of Service for a device-local account</translation>
<translation id="3086995894968271156">Configure the cast receiver in <ph name="PRODUCT_NAME" />.</translation>
<translation id="3096595567015595053">List of enabled plug-ins</translation>
<translation id="3101501961102569744">Choose how to specify proxy server settings</translation>
<translation id="3117676313396757089">Warning: DHE will be completely removed from <ph name="PRODUCT_NAME" /> after version 57 (around March 2017) and this policy will stop working then.
If the policy is not set, or is set to false, then DHE cipher suites in TLS will not be enabled. Otherwise it may be set to true to enable DHE cipher suites and retain compatibility with an outdated server. This is a stopgap measure and the server should be reconfigured.
Servers are encouraged to migrate to ECDHE cipher suites. If these are unavailable, ensure a cipher suite using RSA key exchange is enabled.</translation>
<translation id="316778957754360075">This setting has been retired as of <ph name="PRODUCT_NAME" /> version 29. The recommended way to set up organisation-hosted extension/app collections is to include the site hosting the CRX packages in ExtensionInstallSources and put direct download links to the packages on a web page. A launcher for that web page can be created using the ExtensionInstallForcelist policy.</translation>
<translation id="3185009703220253572">since version <ph name="SINCE_VERSION" /></translation>
<translation id="3187220842205194486">Android apps cannot get access to corporate keys. This policy has no effect on them.</translation>
<translation id="3201273385265130876">Allows you to specify the proxy server used by <ph name="PRODUCT_NAME" /> and prevents users from changing proxy settings.
If you choose to never use a proxy server and always connect directly, all other options are ignored.
If you choose to use system proxy settings, all other options are ignored.
If you choose to auto detect the proxy server, all other options are ignored.
If you choose fixed server proxy mode, you can specify further options in 'Address or URL of proxy server' and 'Comma-separated list of proxy bypass rules'. Only the HTTP proxy server with the highest priority is available for ARC-apps.
If you choose to use a .pac proxy script, you must specify the URL to the script in 'URL to a proxy .pac file'.
For detailed examples, visit:
<ph name="PROXY_HELP_URL" />.
If you enable this setting, <ph name="PRODUCT_NAME" /> and ARC-apps ignore all proxy-related options specified from the command line.
Leaving this policy unset will allow the users to choose the proxy settings on their own.</translation>
<translation id="3205825995289802549">Maximise the first browser window on first run</translation>
<translation id="3213821784736959823">Controls whether the built-in DNS client is used in <ph name="PRODUCT_NAME" />.
If this policy is set to true, the built-in DNS client will be used, if available.
If this policy is set to false, the built-in DNS client will never be used.
If this policy is left not set, the users will be able to change whether the built-in DNS client is used by editing chrome://flags or specifying a command-line flag.</translation>
<translation id="3214164532079860003">This policy forces the home page to be imported from the current default browser if enabled.
If disabled, the home page is not imported.
If it is not set, the user may be asked whether to import or importing may happen automatically.</translation>
<translation id="3219421230122020860">Incognito mode available.</translation>
<translation id="3220624000494482595">If the kiosk app is an Android app, it will have no control over the <ph name="PRODUCT_OS_NAME" /> version, even if this policy is set to <ph name="TRUE" />.</translation>
<translation id="3236046242843493070">URL patterns to allow extension, app, and user script installs from</translation>
<translation id="3240609035816615922">Printer configuration access policy.</translation>
<translation id="3243309373265599239">Specifies the length of time without user input after which the screen is dimmed when running on AC power.
When this policy is set to a value greater than zero, it specifies the length of time that the user must remain idle before <ph name="PRODUCT_OS_NAME" /> dims the screen.
When this policy is set to zero, <ph name="PRODUCT_OS_NAME" /> does not dim the screen when the user becomes idle.
When this policy is unset, a default length of time is used.
The policy value should be specified in milliseconds. Values are clamped to be less than or equal to the screen off delay (if set) and the idle delay.</translation>
<translation id="3264793472749429012">Default search provider encodings</translation>
<translation id="3273221114520206906">Default JavaScript setting</translation>
<translation id="3288595667065905535">Release channel</translation>
<translation id="3292147213643666827">Enables <ph name="PRODUCT_NAME" /> to act as a proxy between <ph name="CLOUD_PRINT_NAME" /> and legacy printers connected to the machine.
If this setting is enabled or not configured, users can enable the cloud print proxy by authentication with their Google account.
If this setting is disabled, users cannot enable the proxy, and the machine will not be allowed to share it's printers with <ph name="CLOUD_PRINT_NAME" />.</translation>
<translation id="3297010562646015826">Enables ending processes in Task Manager</translation>
<translation id="3307746730474515290">Controls which app/extension types are allowed to be installed and limits runtime access.
This setting white-lists the allowed types of extension/apps that can be installed in <ph name="PRODUCT_NAME" /> and which hosts they can interact with. The value is a list of strings, each of which should be one of the following: 'extension', 'theme', 'user_script', 'hosted_app', 'legacy_packaged_app', 'platform_app'. See the <ph name="PRODUCT_NAME" /> extensions documentation for more information on these types.
Note that this policy also affects extensions and apps to be force-installed via ExtensionInstallForcelist.
If this setting is configured, extensions/apps which have a type that is not on the list will not be installed.
If this setting is left non-configured, no restrictions on the acceptable extension/app types are enforced.</translation>
<translation id="3322771899429619102">Allows you to set a list of URL patterns that specify sites which are allowed to use key generation. If a URL pattern is in 'KeygenBlockedForUrls', that overrides these exceptions.
If this policy is left not set the global default value will be used for all sites either from the 'DefaultKeygenSetting' policy if it is set or the user's personal configuration otherwise.</translation>
<translation id="332771718998993005">Determine the name advertised as a <ph name="PRODUCT_NAME" /> destination.
If this policy is set to a non-empty string, that string will be used as the name of the <ph name="PRODUCT_NAME" /> destination. Otherwise, the destination name will be the device name. If this policy is not set, the destination name will be the device name, and the owner of the device (or a user from the domain managing the device) will be allowed to change it. The name is limited to 24 characters.</translation>
<translation id="3381968327636295719">Use the host browser by default</translation>
<translation id="3395348522300156660">Specifies the printers which a user can use.
This policy is only used if <ph name="PRINTERS_WHITELIST" /> is chosen for <ph name="DEVICE_PRINTERS_ACCESS_MODE" />
If this policy is used, only the printers with IDs matching the values in this policy are available to the user. The IDs must correspond to the entries in the file specified in <ph name="DEVICE_PRINTERS_POLICY" />.
</translation>
<translation id="3417418267404583991">If this policy is set to true or not configured, <ph name="PRODUCT_OS_NAME" /> will enable guest logins. Guest logins are anonymous user sessions and do not require a password.
If this policy is set to false, <ph name="PRODUCT_OS_NAME" /> will not allow guest sessions to be started.</translation>
<translation id="3418871497193485241">Enforces a minimum Restricted Mode on YouTube and prevents users from
picking a less restricted mode.
If this setting is set to Strict, Strict Restricted Mode on YouTube is always active.
If this setting is set to Moderate, the user may only pick Moderate Restricted Mode
and Strict Restricted Mode on YouTube, but cannot disable Restricted Mode.
If this setting is set to Off or no value is set, Restricted Mode on YouTube is not enforced by <ph name="PRODUCT_NAME" />. However, external policies such as YouTube policies might still enforce Restricted Mode.</translation>
<translation id="3428247105888806363">Enable network prediction.</translation>
<translation id="3449886121729668969">Configures the proxy settings for <ph name="PRODUCT_NAME" />. These proxy settings will be available for ARC-apps too.
This policy isn't ready for usage yet, please don't use it.</translation>
<translation id="3460784402832014830">Specifies the URL that a search engine uses to provide a new tab page.
This policy is optional. If not set, no new tab page will be provided.
This policy is only respected if the 'DefaultSearchProviderEnabled' policy is enabled.</translation>
<translation id="346731943813722404">Specifies whether power management delays and the session length limit should only start running after the first user activity has been observed in a session.
If this policy is set to True, power management delays and the session length limit do not start running until after the first user activity has been observed in a session.
If this policy is set to False or left unset, power management delays and the session length limit start running immediately on session start.</translation>
<translation id="3478024346823118645">Wipe user data on sign-out</translation>
<translation id="348495353354674884">Enable virtual keyboard</translation>
<translation id="3496296378755072552">Password manager</translation>
<translation id="350443680860256679">Configure ARC</translation>
<translation id="3504791027627803580">Specifies the URL of the search engine used to provide image search. Search requests will be sent using the GET method. If the DefaultSearchProviderImageURLPostParams policy is set then image search requests will use the POST method instead.
This policy is optional. If not set, no image search will be used.
This policy is only respected if the 'DefaultSearchProviderEnabled' policy is enabled.</translation>
<translation id="350797926066071931">Enable Translate</translation>
<translation id="3512226956150568738">If the client device model already supported ARC before migration to ext4 was necessary to run ARC and if the ArcEnabled policy is set to true, this option will behave as AskUser (value 3). In all other cases (if the device model did not support ARC before, or if ArcEnabled policy is set to false), this value is equivalent to DisallowArc (value 0).</translation>
<translation id="3528000905991875314">Enable alternate error pages</translation>
<translation id="3547954654003013442">Proxy settings</translation>
<translation id="3591584750136265240">Configure the login authentication behaviour</translation>
<translation id="3627678165642179114">Enable or disable spell checking web service</translation>
<translation id="3646859102161347133">Set screen magnifier type</translation>
<translation id="3653237928288822292">Default search provider icon</translation>
<translation id="3660562134618097814">Transfer SAML IdP cookies during login</translation>
<translation id="3687282113223807271">The Safe Browsing service shows a warning page when users navigate to sites that are flagged as potentially malicious. Enabling this setting prevents users from proceeding anyway from the warning page to the malicious site.
If this setting is disabled or not configured then users can choose to proceed to the flagged site after being shown the warning.
See https://developers.google.com/safe-browsing for more info on SafeBrowsing.</translation>
<translation id="3709266154059827597">Configure extension installation blacklist</translation>
<translation id="3711895659073496551">Suspend</translation>
<translation id="3736879847913515635">Enable add person in user manager</translation>
<translation id="3750220015372671395">Block key generation on these sites</translation>
<translation id="3756011779061588474">Block developer mode</translation>
<translation id="3758089716224084329">Allows you to specify the proxy server used by <ph name="PRODUCT_NAME" /> and prevents users from changing proxy settings.
If you choose to never use a proxy server and always connect directly, all other options are ignored.
If you choose to auto detect the proxy server, all other options are ignored.
For detailed examples, visit:
<ph name="PROXY_HELP_URL" />.
If you enable this setting, <ph name="PRODUCT_NAME" /> and ARC-apps, ignore all proxy-related options specified from the command line.
Leaving these policies unset will allow the users to choose the proxy settings on their own.</translation>
<translation id="3758249152301468420">Disable Developer Tools</translation>
<translation id="3765260570442823273">Duration of the idle log-out warning message</translation>
<translation id="376931976323225993">Allows you to set whether websites are allowed to automatically run the <ph name="FLASH_PLUGIN_NAME" /> plug-in. Automatically running the <ph name="FLASH_PLUGIN_NAME" /> plug-in can be either allowed for all websites or denied for all websites.
Click to play allows the <ph name="FLASH_PLUGIN_NAME" /> plug-in to run but the user must click on the placeholder to start its execution.
If this policy is left not set, the user will be able to change this setting manually.</translation>
<translation id="3780152581321609624">Include non-standard port in Kerberos SPN</translation>
<translation id="3780319008680229708">If this policy is set to true, the Cast toolbar icon will always be shown on the toolbar or the overflow menu and users will not be able to remove it.
If this policy is set to false or is not set, users will be able to pin or remove the icon via its contextual menu.
If the policy "EnableMediaRouter" is set to false, then this policy's value would have no effect and the toolbar icon would not be shown.</translation>
<translation id="3788662722837364290">Power management settings when the user becomes idle</translation>
<translation id="3793095274466276777">Configures the default browser checks in <ph name="PRODUCT_NAME" /> and prevents users from changing them.
If you enable this setting, <ph name="PRODUCT_NAME" /> will always check on start-up whether it is the default browser and automatically register itself if possible.
If this setting is disabled, <ph name="PRODUCT_NAME" /> will never check if it is the default browser and will disable user controls for setting this option.
If this setting is not set, <ph name="PRODUCT_NAME" /> will allow the user to control whether it is the default browser and whether user notifications should be shown when it isn't.</translation>
<translation id="379602782757302612">Allows you to specify which extensions the users can NOT install. Extensions already installed will be disabled if blacklisted, without a way for the user to enable them. Once a disabled, blacklisted extension is removed, it will automatically get re-enabled.
A blacklist value of '*' means all extensions are blacklisted unless they are explicitly listed in the whitelist.
If this policy is left 'not set' the user can install any extension in <ph name="PRODUCT_NAME" />.</translation>
<translation id="3800626789999016379">Configures the directory that <ph name="PRODUCT_NAME" /> will use for downloading files.
If you set this policy, <ph name="PRODUCT_NAME" /> will use the provided directory regardless of whether the user has specified one or enabled the flag to be prompted for download location every time.
See https://www.chromium.org/administrators/policy-list-3/user-data-directory-variables for a list of variables that can be used.
If this policy is left not set the default download directory will be used and the user will be able to change it.</translation>
<translation id="3805659594028420438">Enable TLS domain-bound certificates extension (deprecated)</translation>
<translation id="3808945828600697669">Specify a list of disabled plug-ins</translation>
<translation id="3816312845600780067">Enable bailout keyboard shortcut for auto-login</translation>
<translation id="3820526221169548563">Enable the on-screen keyboard accessibility feature.
If this policy is set to true, the on-screen keyboard will always be enabled.
If this policy is set to false, the on-screen keyboard will always be disabled.
If you set this policy, users cannot change or override it.
If this policy is left unset, the on-screen keyboard is disabled initially but can be enabled by the user at any time.</translation>
<translation id="382476126209906314">Configure the TalkGadget prefix for remote access hosts</translation>
<translation id="383466854578875212">Allows you to specify which native messaging hosts are not subject to the blacklist.
A blacklist value of * means that all native messaging hosts are blacklisted and only native messaging hosts listed in the whitelist will be loaded.
By default, all native messaging hosts are whitelisted, but if all native messaging hosts have been blacklisted by policy, the whitelist can be used to override that policy.</translation>
<translation id="384743459174066962">Allows you to set a list of url patterns that specify sites which are not allowed to open pop-ups.
If this policy is left unset, the global default value will be used for all sites either from the 'DefaultPop-upsSetting' policy, if it is set, or the user's personal configuration otherwise.</translation>
<translation id="3851039766298741586">Report information about the active kiosk session, such as
application ID and version.
If the policy is set to false, the kiosk session information will not be
reported. If set to true or left unset, kiosk session information will be
reported.</translation>
<translation id="3859780406608282662">Add a parameter to the fetching of the Variations seed in <ph name="PRODUCT_OS_NAME" />.
If specified, will add a query parameter called 'restrict' to the URL used to fetch the Variations seed. The value of the parameter will be the value specified in this policy.
If not specified, will not modify the Variations seed URL.</translation>
<translation id="3863409707075047163">Minimum SSL version enabled</translation>
<translation id="3864020628639910082">Specifies the URL of the search engine used to provide search suggestions. The URL should contain the string '<ph name="SEARCH_TERM_MARKER" />', which will be replaced at query time by the text the user has entered so far.
This policy is optional. If not set, no suggest URL will be used.
Google's suggest URL can be specified as: <ph name="GOOGLE_SUGGEST_SEARCH_URL" />.
This policy is only respected if the 'DefaultSearchProviderEnabled' policy is enabled.</translation>
<translation id="3866249974567520381">Description</translation>
<translation id="3868347814555911633">This policy is active in retail mode only.
Lists extensions that are automatically installed for the Demo user, for devices in retail mode. These extensions are saved in the device and can be installed while offline, after the installation.
Each list entry contains a dictionary that must include the extension ID in the 'extension-id' field, and its update URL in the 'update-url' field.</translation>
<translation id="3877517141460819966">Integrated second factor authentication mode</translation>
<translation id="388237772682176890">This policy is deprecated in M53 and removed in M54, because SPDY/3.1 support is removed.
Disables use of the SPDY protocol in <ph name="PRODUCT_NAME" />.
If this policy is enabled the SPDY protocol will not be available in <ph name="PRODUCT_NAME" />.
Setting this policy to disabled will allow the usage of SPDY.
If this policy is left unset, SPDY will be available.</translation>
<translation id="3890999316834333174">Quick unlock policies</translation>
<translation id="3891357445869647828">Enable JavaScript</translation>
<translation id="3891953007921334498">Disables the Developer Tools and the JavaScript console.
If you enable this setting, the Developer Tools can not be accessed and web-site elements can not be inspected any more. Any keyboard shortcuts and any menu or context menu entries to open the Developer Tools or the JavaScript Console will be disabled.
Setting this option to disabled or leaving it not set allows the user to use the Developer Tools and the JavaScript console.</translation>
<translation id="3907986150060929099">Set the recommended locales for a public session</translation>
<translation id="3911737181201537215">This policy has no effect on the logging done by Android.</translation>
<translation id="391531815696899618">Disables Google Drive syncing in the <ph name="PRODUCT_OS_NAME" /> Files app when set to True. In that case, no data is uploaded to Google Drive.
If not set or set to False, then users will be able to transfer files to Google Drive.</translation>
<translation id="3915395663995367577">URL to a proxy .pac file</translation>
<translation id="3939893074578116847">Send network packets to the management server to monitor online status, to allow
the server to detect if the device is offline.
If this policy is set to true, monitoring network packets (so-called <ph name="HEARTBEATS_TERM" />) will be sent.
If set to false or unset, no packets will be sent.</translation>
<translation id="3963602271515417124">If true, remote attestation is allowed for the device and a certificate will automatically be generated and uploaded to the Device Management Server.
If it is set to false, or if it is not set, no certificate will be generated and calls to the enterprise.platformKeys extension API will fail.</translation>
<translation id="3964909636571393861">Allows access to a list of URLs</translation>
<translation id="3965339130942650562">Timeout until idle user log-out is executed</translation>
<translation id="3973371701361892765">Never auto-hide the shelf</translation>
<translation id="3984028218719007910">Determines whether <ph name="PRODUCT_OS_NAME" /> keeps local account data after logout. If set to true, no persistent accounts are kept by <ph name="PRODUCT_OS_NAME" /> and all data from the user session will be discarded after logout. If this policy is set to false or not configured, the device may keep (encrypted) local user data.</translation>
<translation id="3997519162482760140">URLs that will be granted access to video capture devices on SAML login pages</translation>
<translation id="4001275826058808087">IT admins for enterprise devices can use this flag to control whether to allow users to redeem offers through Chrome OS Registration.
If this policy is set to true or left not set, users will be able to redeem offers through Chrome OS Registration.
If this policy is set to false, user will not be able to redeem offers.</translation>
<translation id="4010738624545340900">Allow invocation of file selection dialogues</translation>
<translation id="4012737788880122133">Disables automatic updates when set to True.
<ph name="PRODUCT_OS_NAME" /> devices automatically check for updates when this setting is not configured or set to False.
Warning: It is recommended to keep auto-updates enabled so that users receive software updates and critical security fixes. Turning off auto-updates might leave users at risk.</translation>
<translation id="4020682745012723568">Cookies transferred to the user's profile are not accessible to Android apps.</translation>
<translation id="402759845255257575">Do not allow any site to run JavaScript</translation>
<translation id="4027608872760987929">Enable the default search provider</translation>
<translation id="4039085364173654945">Controls whether third-party sub-content on a page is allowed to pop up an HTTP Basic Auth dialogue box.
Typically this is disabled as a phishing defence. If this policy is not set, this is disabled and third-party sub-content will not be allowed to pop up a HTTP Basic Auth dialogue box.</translation>
<translation id="4056910949759281379">Disable SPDY protocol</translation>
<translation id="408029843066770167">Allow queries to a Google time service</translation>
<translation id="4088589230932595924">Incognito mode forced.</translation>
<translation id="4088983553732356374">Allows you to set whether websites are allowed to set local data. Setting local data can be either allowed for all websites or denied for all websites.
If this policy is set to 'Keep cookies for the duration of the session' then cookies will be cleared when the session closes. Note that if <ph name="PRODUCT_NAME" /> is running in 'background mode', the session may not close when the last window is closed. Please see the 'BackgroundModeEnabled' policy for more information about configuring this behaviour.
If this policy is left not set, 'AllowCookies' will be used and the user will be able to change it.</translation>
<translation id="4103289232974211388">Redirect to SAML IdP after user confirmation</translation>
<translation id="410478022164847452">Specifies the length of time without user input after which the idle action is taken when running on AC power.
When this policy is set, it specifies the length of time that the user must remain idle before <ph name="PRODUCT_OS_NAME" /> takes the idle action, which can be configured separately.
When this policy is unset, a default length of time is used.
The policy value should be specified in milliseconds.</translation>
<translation id="4105989332710272578">Disable Certificate Transparency enforcement for a list of URLs</translation>
<translation id="4121350739760194865">Prevent app promotions from appearing on the new tab page</translation>
<translation id="4157003184375321727">Report OS and firmware version</translation>
<translation id="4183229833636799228">Default <ph name="FLASH_PLUGIN_NAME" /> setting</translation>
<translation id="4192388905594723944">URL for validating remote access client authentication token</translation>
<translation id="4203389617541558220">Limit the device uptime by scheduling automatic reboots.
When this policy is set, it specifies the length of device uptime after which an automatic reboot is scheduled.
When this policy is not set, the device uptime is not limited.
If you set this policy, users cannot change or override it.
An automatic reboot is scheduled at the selected time but may be delayed on the device by up to 24 hours if a user is currently using the device.
Note: Currently, automatic reboots are only enabled while the login screen is being shown or a Kiosk app session is in progress. This will change in the future and the policy will always apply, regardless of whether a session of any particular type is in progress or not.
The policy value should be specified in seconds. Values are clamped to be at least 3600 (one hour).</translation>
<translation id="4203879074082863035">Only printers in the whitelist are shown to users</translation>
<translation id="420512303455129789">A dictionary mapping URLs to a boolean flag specifying whether access to the host should be allowed (true) or blocked (false).
This policy is for internal use by <ph name="PRODUCT_NAME" /> itself.</translation>
<translation id="4224610387358583899">Screen lock delays</translation>
<translation id="423797045246308574">Allows you to set a list of URL patterns that specify sites which are not allowed to use key generation. If a URL pattern is in 'KeygenAllowedForUrls', this policy overrides these exceptions.
If this policy is left not set the global default value will be used for all sites either from the 'DefaultKeygenSetting' policy if it is set or the user's personal configuration otherwise.</translation>
<translation id="4239720644496144453">The cache is not used for Android apps. If multiple users install the same Android app, it will be downloaded anew for each user.</translation>
<translation id="4250680216510889253">No</translation>
<translation id="4261820385751181068">Device sign-in screen locale</translation>
<translation id="427632463972968153">Specifies the parameters used when doing image search with POST. It consists of comma-separated name/value pairs. If a value is a template parameter, like {imageThumbnail} in above example, it will be replaced with real image thumbnail data.
This policy is optional. If not set, image search request will be sent using the GET method.
This policy is only respected if the 'DefaultSearchProviderEnabled' policy is enabled.</translation>
<translation id="4294280661005713627">Sets a target version for Auto-Updates.
Specifies the prefix of a target version <ph name="PRODUCT_OS_NAME" /> should update to. If the device is running a version that's before the specified prefix, it will update to the latest version with the given prefix. If the device is already on a later version, there is no effect (i.e. no downgrades are performed) and the device will remain on the current version. The prefix format works component-wise as is demonstrated in the following example:
"" (or not configured): update to latest version available.
"1412.": update to any minor version of 1412 (e.g. 1412.24.34 or 1412.60.2)
"1412.2.": update to any minor version of 1412.2 (e.g. 1412.2.34 or 1412.2.2)
"1412.24.34": update to this specific version only
Warning: It is not recommended to configure version restrictions as they may prevent users from receiving software updates and critical security fixes. Restricting updates to a specific version prefix might leave users at risk.</translation>
<translation id="4298509794364745131">Specifies list of apps that can be enabled as a note-taking app on the <ph name="PRODUCT_OS_NAME" /> lock screen.
If the preferred note-taking app is enabled on the lock screen, the lock screen will contain UI element for launching the preferred note taking app.
When launched, the app will be able to create an app window on top of the lock screen and create data items (notes) in the lock screen context. The app will be able to import created notes to the primary user session, when the session is unlocked. Currently, only Chrome note-taking apps are supported on the lock screen.
If the policy is set, the user will be allowed to enable an app on the lock screen only if the app's extension ID is contained in the policy list value.
As a consequence, setting this policy to an empty list will disable note-taking on the lock screen entirely.
Note that the policy containing an app ID does not necessarily mean that the user will be able to enable the app as a note-taking app on the lock screen - for example, on Chrome 61, the set of available apps is additionally restricted by the platform.
If the policy is left unset, there will be no restrictions on the set of apps the user can enable on the lock screen imposed by the policy.</translation>
<translation id="4309640770189628899">Whether DHE cipher suites in TLS are enabled</translation>
<translation id="4320376026953250541">Microsoft Windows XP SP2 or later</translation>
<translation id="4322842393287974810">Allow the auto launched with zero delay kiosk app to control <ph name="PRODUCT_OS_NAME" /> version</translation>
<translation id="4325690621216251241">Add a logout button to the system tray</translation>
<translation id="4347908978527632940">If true and the user is a supervised user, then other Android apps can query the user's web restrictions through a content provider.
If false or unset, then the content provider returns no information.</translation>
<translation id="436581050240847513">Report device network interfaces</translation>
<translation id="4372704773119750918">Do not allow enterprise user to be part of multiprofile (primary or secondary)</translation>
<translation id="4377599627073874279">Allow all sites to show all images</translation>
<translation id="437791893267799639">Policy unset, disallow data migration and ARC</translation>
<translation id="4389091865841123886">Configure the remote attestation with TPM mechanism.</translation>
<translation id="4418726081189202489">Setting this policy to false stops <ph name="PRODUCT_NAME" /> from occasionally sending queries to a Google server to retrieve an accurate timestamp. These queries will be enabled if this policy is set to True or is not set.</translation>
<translation id="4423597592074154136">Manually specify proxy settings</translation>
<translation id="4429220551923452215">Enables or disables the apps shortcut in the bookmark bar.
If this policy is not set then the user can choose to show or hide the apps shortcut from the bookmark bar context menu.
If this policy is configured then the user can't change it, and the apps shortcut is always shown or never shown.</translation>
<translation id="443665821428652897">Clear site data on browser shutdown (deprecated)</translation>
<translation id="4439336120285389675">Specify a list of deprecated web platform features to re-enable temporarily.
This policy gives administrators the ability to re-enable deprecated web platform features for a limited time. Features are identified by a string tag and the features corresponding to the tags included in the list specified by this policy will get re-enabled.
If this policy is left not set or the list is empty or does not match one of the supported string tags, all deprecated web platform features will remain disabled.
While the policy itself is supported on the above platforms, the feature that it is enabling may be available on fewer platforms. Not all deprecated Web Platform features can be re-enabled. Only the ones explicitly listed below can be for a limited period of time, which is different per feature. The general format of the string tag will be [DeprecatedFeatureName]_EffectiveUntil[yyyymmdd]. As reference, you can find the intent behind the Web Platform feature changes at https://bit.ly/blinkintents.
</translation>
<translation id="4442582539341804154">Enable lock when the device become idle or suspended</translation>
<translation id="4449545651113180484">Rotate screen clockwise by 270 degrees</translation>
<translation id="4467952432486360968">Block third-party cookies</translation>
<translation id="4474167089968829729">Enable saving passwords to the password manager</translation>
<translation id="4476769083125004742">If this policy is set to <ph name="BLOCK_GEOLOCATION_SETTING" />, Android apps cannot access location information. If you set this policy to any other value or leave it unset, the user is asked to consent when an Android app wants to access location information.</translation>
<translation id="4480694116501920047">Force SafeSearch</translation>
<translation id="4482640907922304445">Shows the Home button on <ph name="PRODUCT_NAME" />'s toolbar.
If you enable this setting, the Home button is always shown.
If you disable this setting, the Home button is never shown.
If you enable or disable this setting, users cannot change or override this setting in <ph name="PRODUCT_NAME" />.
Leaving this policy unset will allow the user to choose whether to show the home button.</translation>
<translation id="4485425108474077672">Configure the New Tab page URL</translation>
<translation id="4492287494009043413">Disable taking screenshots</translation>
<translation id="450537894712826981">Configures the cache size that <ph name="PRODUCT_NAME" /> will use for storing cached media files on the disk.
If you set this policy, <ph name="PRODUCT_NAME" /> will use the provided cache size regardless of whether the user has specified the '--media-cache-size' flag or not. The value specified in this policy is not a hard boundary but rather a suggestion to the caching system, any value below a few megabytes is too small and will be rounded up to a sane minimum.
If the value of this policy is 0, the default cache size will be used but the user will not be able to change it.
If this policy is not set, the default size will be used and the user will be able to override it with the --media-cache-size flag.</translation>
<translation id="4508686775017063528">If this policy is set to true or is not set, <ph name="PRODUCT_NAME" /> will be enabled, and users will be able to launch it from the app menu, page context menus, media controls on Cast-enabled websites and (if shown), the cast toolbar icon.
If this policy set to false, <ph name="PRODUCT_NAME" /> will be disabled.</translation>
<translation id="4518251772179446575">Ask whenever a site wants to track the users' physical location</translation>
<translation id="4519046672992331730">Enables search suggestions in <ph name="PRODUCT_NAME" />'s omnibox and prevents users from changing this setting.
If you enable this setting, search suggestions are used.
If you disable this setting, search suggestions are never used.
If you enable or disable this setting, users cannot change or override this setting in <ph name="PRODUCT_NAME" />.
If this policy is left not set, this will be enabled but the user will be able to change it.</translation>
<translation id="4525521128313814366">Allows you to set a list of url patterns that specify sites which are not allowed to display images.
If this policy is left unset, the global default value will be used for all sites either from the 'DefaultImagesSetting' policy, if it is set, or the user's personal configuration otherwise.</translation>
<translation id="4531706050939927436">Android apps can be force-installed from the Google Admin console using Google Play. They do not use this policy.</translation>
<translation id="4534500438517478692">Android restriction name:</translation>
<translation id="4541530620466526913">Device-local accounts</translation>
<translation id="4555850956567117258">Enable remote attestation for the user</translation>
<translation id="4557134566541205630">Default search provider new tab page URL</translation>
<translation id="4600786265870346112">Enable large cursor</translation>
<translation id="4604931264910482931">Configure native messaging blacklist</translation>
<translation id="4617338332148204752">Skip the meta tag check in <ph name="PRODUCT_FRAME_NAME" /></translation>
<translation id="4625915093043961294">Configure extension installation whitelist</translation>
<translation id="4632343302005518762">Allow <ph name="PRODUCT_FRAME_NAME" /> to handle the listed content types</translation>
<translation id="4633786464238689684">Changes the default behaviour of the top row keys to function keys.
If this policy is set to true, the keyboard's top row of keys will produce function key commands by default. The search key has to be pressed to revert their behaviour back to media keys.
If this policy is set to false or left unset, the keyboard will produce media key commands by default and function key commands when the search key is held.</translation>
<translation id="4639407427807680016">Names of the native messaging hosts to be exempt from the blacklist</translation>
<translation id="4650759511838826572">Disable URL protocol schemes</translation>
<translation id="465099050592230505">Enterprise web store URL (deprecated)</translation>
<translation id="4665897631924472251">Extension management settings</translation>
<translation id="4668325077104657568">Default images setting</translation>
<translation id="467236746355332046">Supported features:</translation>
<translation id="4674167212832291997">Customise the list of URL patterns that should always be rendered by <ph name="PRODUCT_FRAME_NAME" />.
If this policy is not set the default renderer will be used for all sites as specified by the 'ChromeFrameRendererSettings' policy.
For example patterns see https://www.chromium.org/developers/how-tos/chrome-frame-getting-started.</translation>
<translation id="467449052039111439">Open a list of URLs</translation>
<translation id="4680961954980851756">Enable AutoFill</translation>
<translation id="4722399051042571387">If false, users will be unable to set PINs which are weak and easy to guess.
Some example weak PINs: PINs containing only one digit (1111), PINs whose digits are increasing by 1 (1234), PINs whose digits are decreasing by 1 (4321) and PINs which are commonly used.
By default, users will get a warning, not error, if the PIN is considered weak.</translation>
<translation id="4723829699367336876">Enable firewall traversal from remote access client</translation>
<translation id="4725123658714754485">Controls whether usage metrics and diagnostic data, including crash reports, are reported back to Google. If set to true, <ph name="PRODUCT_OS_NAME" /> will report usage metrics and diagnostic data. If not configured or set to false, metrics and diagnostic data reporting will be disabled.</translation>
<translation id="4725528134735324213">Enable Android Backup Service</translation>
<translation id="4733471537137819387">Policies related to integrated HTTP authentication.</translation>
<translation id="4744190513568488164">Servers that <ph name="PRODUCT_NAME" /> may delegate to.
Separate multiple server names with commas. Wildcards (*) are allowed.
If you leave this policy unset <ph name="PRODUCT_NAME" /> will not delegate user credentials even if a server is detected as Intranet.</translation>
<translation id="4752880493649142945">Client certificate for connecting to RemoteAccessHostTokenValidationUrl</translation>
<translation id="4791031774429044540">Enable the large cursor accessibility feature.
If this policy is set to true, the large cursor will always be enabled.
If this policy is set to false, the large cursor will always be disabled.
If you set this policy, users cannot change or override it.
If this policy is left unset, the large cursor is disabled initially but can be enabled by the user at any time.</translation>
<translation id="4802905909524200151">Configure <ph name="TPM_FIRMWARE_UPDATE_TPM" /> firmware update behaviour</translation>
<translation id="4807950475297505572">Least recently used users are removed until there is enough free space</translation>
<translation id="4815725774537609998">This policy is deprecated, use ProxyMode instead.
Allows you to specify the proxy server used by <ph name="PRODUCT_NAME" /> and prevents users from changing proxy settings.
If you choose to never use a proxy server and always connect directly, all other options are ignored.
If you choose to use system proxy settings or auto detect the proxy server, all other options are ignored.
If you choose manual proxy settings, you can specify further options in 'Address or URL of proxy server', 'URL to a proxy .pac file' and 'Comma-separated list of proxy bypass rules'. Only the HTTP proxy server with the highest priority is available for ARC-apps.
For detailed examples, visit:
<ph name="PROXY_HELP_URL" />.
If you enable this setting, <ph name="PRODUCT_NAME" /> ignores all proxy-related options specified from the command line.
Leaving this policy unset will allow the users to choose the proxy settings on their own.</translation>
<translation id="4816674326202173458">Allow enterprise user to be both primary and secondary (Default behaviour for non-managed users)</translation>
<translation id="4826326557828204741">Action to take when the idle delay is reached while running on battery power</translation>
<translation id="4834526953114077364">Least recently used users who have not logged in within the last 3 months are removed until there is enough free space</translation>
<translation id="4838572175671839397">Contains a regular expression which is used to determine which users can sign in to <ph name="PRODUCT_NAME" />.
An appropriate error is displayed if a user tries to log in with a username that does not match this pattern.
If this policy is left not set or blank, then any user can sign in to <ph name="PRODUCT_NAME" />.</translation>
<translation id="4858735034935305895">Allow fullscreen mode</translation>
<translation id="4869787217450099946">Specifies whether screen wake locks are allowed. Screen wake locks can be requested by extensions via the power management extension API.
If this policy is set to true or left not set, screen wake locks will be honoured for power management.
If this policy is set to false, screen wake lock requests will be ignored.</translation>
<translation id="4876805738539874299">Maximum SSL version enabled</translation>
<translation id="4881315447528084360">Specifies a list of apps and extensions that are installed silently,
without user interaction, and which cannot be uninstalled nor
disabled by the user. All permissions requested by the
apps/extensions are granted implicitly, without user interaction,
including any additional permissions requested by future versions of
the app/extension. Furthermore, permissions are granted for the
enterprise.deviceAttributes and enterprise.platformKeys extension
APIs. (These two APIs are not available to apps/extensions that are
not force-installed.)
This policy takes precedence over a potentially conflicting <ph name="EXTENSION_INSTALL_BLACKLIST_POLICY_NAME" /> policy. If an app or extension that previously had been force-installed is removed from this list, it is automatically uninstalled by <ph name="PRODUCT_NAME" />.
For Windows instances that are not joined to a <ph name="MS_AD_NAME" /> domain, forced installation is limited to apps and extensions listed in the Chrome Web Store.
Note that the source code of any extension may be altered by users via Developer Tools (potentially rendering the extension dysfunctional). If this is a concern, the <ph name="DEVELOPER_TOOLS_POLICY_NAME" /> policy should be set.
Each list item of the policy is a string that contains an extension ID and an 'update' URL separated by a semicolon (<ph name="SEMICOLON" />). The extension ID is the 32-letter string found for example on <ph name="CHROME_EXTENSIONS_LINK" /> when in developer mode. The 'update' URL should point to an Update Manifest XML document as described at <ph name="LINK_TO_EXTENSION_DOC1" />. Note that the 'update' URL set in this policy is only used for the initial installation; subsequent updates of the extension employ the update URL indicated in the extension's manifest.
For example, <ph name="EXTENSION_POLICY_EXAMPLE" /> installs the <ph name="EXTENSION_POLICY_EXAMPLE_EXTENSION_NAME" /> app from the standard Chrome Web Store 'update' URL. For more information about hosting extensions, see: <ph name="LINK_TO_EXTENSION_DOC2" />.
If this policy is left not set, no apps or extensions are installed automatically and the user can uninstall any app or extension in <ph name="PRODUCT_NAME" />.</translation>
<translation id="4897928009230106190">Specifies the parameters used when doing suggestion search with POST. It consists of comma-separated name/value pairs. If a value is a template parameter, like {searchTerms} in above example, it will be replaced with real search terms data.
This policy is optional. If not set, suggest search request will be sent using the GET method.
This policy is only respected if the 'DefaultSearchProviderEnabled' policy is enabled.</translation>
<translation id="489803897780524242">Parameter controlling search term placement for the default search provider</translation>
<translation id="4899708173828500852">Enable Safe Browsing</translation>
<translation id="4906194810004762807">Refresh rate for Device Policy</translation>
<translation id="494613465159630803">Cast Receiver</translation>
<translation id="4962262530309732070">If this policy is set to true or not configured, <ph name="PRODUCT_NAME" /> will allow Add Person from the user manager.
If this policy is set to false, <ph name="PRODUCT_NAME" /> will not allow creation of new profiles from the user manager.</translation>
<translation id="4971529314808359013">Allows you to specify a list of URL patterns that specify sites for which <ph name="PRODUCT_NAME" /> should automatically select a client certificate, if the site requests a certificate.
The value must be an array of stringified JSON dictionaries. Each dictionary must have the form { "pattern": "$URL_PATTERN", "filter" : $FILTER }, where $URL_PATTERN is a content setting pattern. $FILTER restricts from which client certificates the browser will automatically select. Independent of the filter, only certificates will be selected that match the server's certificate request. If $FILTER has the form { "ISSUER": { "CN": "$ISSUER_CN" } }, additionally only client certificates are selected that are issued by a certificate with the CommonName $ISSUER_CN. If $FILTER is the empty dictionary {}, the selection of client certificates is not additionally restricted.
If this policy is left not set, no auto-selection will be done for any site.</translation>
<translation id="4978405676361550165">If 'OffHours' policy is set, then the specified device policies are ignored (use the default settings of these policies) during the defined time intervals. Device policies are re-applied by Chrome on every event when 'OffHours' period starts or ends. User will be notified and forced to sign out when 'OffHours' time end and device policy settings are changed (e.g. when user is logged in with an unallowed account).</translation>
<translation id="4980635395568992380">Data Types</translation>
<translation id="4983201894483989687">Allow running plug-ins that are outdated</translation>
<translation id="4988291787868618635">Action to take when the idle delay is reached</translation>
<translation id="4995548127349206948">Whether NTLMv2 authentication is enabled.</translation>
<translation id="5047604665028708335">Allow access to sites outside of content packs</translation>
<translation id="5052081091120171147">This policy forces the browsing history to be imported from the current default browser, if enabled. If enabled, this policy also affects the import dialogue.
If disabled, no browsing history is imported.
If it is not set, the user may be asked whether to import or importing may happen automatically.</translation>
<translation id="5056708224511062314">Screen magnifier disabled</translation>
<translation id="5067143124345820993">Login user white list</translation>
<translation id="5068140065960598044"><ph name="PRODUCT_NAME" /> cloud policy overrides Machine policy.</translation>
<translation id="5085647276663819155">Disable Print Preview</translation>
<translation id="5090209345759901501">Extend Flash content setting to all content</translation>
<translation id="5105313908130842249">Screen lock delay when running on battery power</translation>
<translation id="5108031557082757679">Disabled enterprise device printers</translation>
<translation id="5130288486815037971">Whether RC4 cipher suites in TLS are enabled</translation>
<translation id="5141670636904227950">Set the default screen magnifier type enabled on the login screen</translation>
<translation id="5142301680741828703">Always render the following URL patterns in <ph name="PRODUCT_FRAME_NAME" /></translation>
<translation id="5148753489738115745">Allows you to specify additional parameters that are used when <ph name="PRODUCT_FRAME_NAME" /> launches <ph name="PRODUCT_NAME" />.
If this policy is not set the default command line will be used.</translation>
<translation id="5159469559091666409">How frequently monitoring network packets are sent, in milliseconds.
If this policy is unset, the default interval is 3 minutes. The minimum
interval is 30 seconds and the maximum interval is 24 hours – values
outside of this range will be clamped to this range.</translation>
<translation id="5182055907976889880">Configure Google Drive in <ph name="PRODUCT_OS_NAME" />.</translation>
<translation id="5183383917553127163">Allows you to specify which extensions are not subject to the blacklist.
A blacklist value of * means all extensions are blacklisted and users can only install extensions listed in the whitelist.
By default, all extensions are whitelisted, but if all extensions have been blacklisted by policy, the whitelist can be used to override that policy.</translation>
<translation id="5192837635164433517">Enables the use of alternative error pages that are built into <ph name="PRODUCT_NAME" /> (such as 'page not found') and prevents users from changing this setting.
If you enable this setting, alternative error pages are used.
If you disable this setting, alternative error pages are never used.
If you enable or disable this setting, users cannot change or override this setting in <ph name="PRODUCT_NAME" />.
If this policy is left unset, this will be enabled but the user will be able to change it.</translation>
<translation id="5196805177499964601">Block developer mode.
If this policy is set to True, <ph name="PRODUCT_OS_NAME" /> will prevent the device from booting into developer mode. The system will refuse to boot and show an error screen when the developer switch is turned on.
If this policy is unset or set to False, developer mode will remain available for the device.</translation>
<translation id="5208240613060747912">Allows you to set a list of url patterns that specify sites which are not allowed to display notifications.
If this policy is left unset the global default value will be used for all sites either from the 'DefaultNotificationsSetting' policy, if it is set, or the user's personal configuration otherwise.</translation>
<translation id="5219844027738217407">For Android apps, this policy affects the microphone only. When this policy is set to true, the microphone is muted for all Android apps, with no exceptions.</translation>
<translation id="523505283826916779">Accessibility settings</translation>
<translation id="5247006254130721952">Block dangerous downloads</translation>
<translation id="5255162913209987122">Can be Recommended</translation>
<translation id="527237119693897329">Allows you to specify which native messaging hosts should not be loaded.
A blacklist value of '*' means that all native messaging hosts are blacklisted unless they are explicitly listed in the whitelist.
If this policy is left not set <ph name="PRODUCT_NAME" /> will load all installed native messaging hosts.</translation>
<translation id="5272684451155669299">If true, the user can use the hardware on Chrome devices to remotely attest its identity to the privacy CA via the <ph name="ENTERPRISE_PLATFORM_KEYS_API" /> using <ph name="CHALLENGE_USER_KEY_FUNCTION" />.
If it is set to false, or if it is not set, calls to the API will fail with an error code.</translation>
<translation id="5288772341821359899">If the policy is set, the UDP port range used by WebRTC is restricted to the specified port interval (endpoints included).
If the policy is not set, or if it is set to the empty string or an invalid port range, WebRTC is allowed to use any available local UDP port.</translation>
<translation id="5290940294294002042">Specify a list of plug-ins that the user can enable or disable</translation>
<translation id="5302612588919538756">This policy is deprecated, consider using SyncDisabled instead.
Allows the user to sign in to <ph name="PRODUCT_NAME" />.
If you set this policy, you can configure whether a user is allowed to sign in to <ph name="PRODUCT_NAME" />. Setting this policy to 'False' will prevent apps and extensions that use the chrome.identity API from functioning, so you may want to use SyncDisabled instead.</translation>
<translation id="5304269353650269372">Specifies the length of time without user input after which a warning dialogue is shown when running on battery power.
When this policy is set, it specifies the length of time that the user must remain idle before <ph name="PRODUCT_OS_NAME" /> shows a warning dialogue telling the user that the idle action is about to be taken.
When this policy is unset, no warning dialogue is shown.
The policy value should be specified in milliseconds. Values are clamped to be less than or equal the idle delay.</translation>
<translation id="5307432759655324440">Incognito mode availability</translation>
<translation id="5318185076587284965">Enable the use of relay servers by the remote access host</translation>
<translation id="5323128137188992869">Allow content to be cast to the device using <ph name="PRODUCT_NAME" />.
If this policy is set to False, users will not be able to cast content to their device. If this policy is set to True, users are allowed to cast content. If this policy is not set, users are not allowed to cast content to enrolled Chrome OS devices, but can cast to non-enrolled devices.</translation>
<translation id="5330684698007383292">Allow <ph name="PRODUCT_FRAME_NAME" /> to handle the following content types</translation>
<translation id="5365946944967967336">Show Home button on the toolbar</translation>
<translation id="5366977351895725771">If set to false, supervised-user creation by this user will be disabled. Any existing supervised users will still be available.
If set to true or not configured, supervised users can be created and managed by this user.</translation>
<translation id="5378985487213287085">Allows you to set whether websites are allowed to display desktop notifications. Displaying desktop notifications can be allowed by default, denied by default or the user can be asked every time a website wants to show desktop notifications.
If this policy is left not set, 'AskNotifications' will be used and the user will be able to change it.</translation>
<translation id="538108065117008131">Allow <ph name="PRODUCT_FRAME_NAME" /> to handle the following content types.</translation>
<translation id="5388730678841939057">Selects the strategy used to free up disk space during automatic clean-up</translation>
<translation id="5392172595902933844">Information about the status of Android is sent back to the
server.
If the policy is set to false or left unset, no status information is reported.
If set to true, status information is reported.
This policy only applies if Android apps are enabled.</translation>
<translation id="5395271912574071439">Enables curtaining of remote access hosts while a connection is in progress.
If this setting is enabled, then hosts' physical input and output devices are disabled while a remote connection is in progress.
If this setting is disabled or not set, then both local and remote users can interact with the host when it is being shared.</translation>
<translation id="5405289061476885481">Configures which keyboard layouts are allowed on the <ph name="PRODUCT_OS_NAME" /> sign-in screen.
If this policy is set to a list of input method identifiers, the given input methods will be available on the sign-in screen. The first given input method will be preselected. While a user pod is focused on the sign-in screen, the user's last used input method will be available in addition to the input methods given by this policy. If this policy is not set, the input methods on the sign-in screen will be derived from the locale in which the sign-in screen is displayed. Values which are not valid input method identifiers will be ignored.</translation>
<translation id="5423001109873148185">This policy forces search engines to be imported from the current default browser, if enabled. If enabled, this policy also affects the import dialogue.
If disabled, the default search engine is not imported.
If it is not set, the user may be asked whether to import or importing may happen automatically.</translation>
<translation id="5423197884968724595">Android WebView restriction name:</translation>
<translation id="5447306928176905178">Enable reporting memory info (JS heap size) to page (deprecated)</translation>
<translation id="5457065417344056871">Enable guest mode in browser</translation>
<translation id="5457924070961220141">Allows you to configure the default HTML renderer when <ph name="PRODUCT_FRAME_NAME" /> is installed.
The default setting used when this policy is left unset is to allow the host browser do the rendering, but you can optionally override this and have <ph name="PRODUCT_FRAME_NAME" /> render HTML pages by default.</translation>
<translation id="5464816904705580310">Configure settings for managed users.</translation>
<translation id="546726650689747237">Screen dim delay when running on AC power</translation>
<translation id="5469484020713359236">Allows you to set a list of url patterns that specify sites which are allowed to set cookies.
If this policy is left not set the global default value will be used for all sites either from the 'DefaultCookiesSetting' policy, if it is set, or the user's personal configuration otherwise.</translation>
<translation id="5469825884154817306">Block images on these sites</translation>
<translation id="5475361623548884387">Enable printing</translation>
<translation id="5499375345075963939">This policy is active in retail mode only.
When the value of this policy is set and is not 0 then the currently logged in demo user will be logged out automatically after an inactivity time of the specified duration has elapsed.
The policy value should be specified in milliseconds.</translation>
<translation id="5511702823008968136">Enable Bookmark Bar</translation>
<translation id="5512418063782665071">Home page URL</translation>
<translation id="5523812257194833591">A public session to auto-login after a delay.
If this policy is set, the specified session will be automatically logged in after a period of time has elapsed at the login screen without user interaction. The public session must already be configured (see |DeviceLocalAccounts|).
If this policy is unset, there will be no auto-login.</translation>
<translation id="5529037166721644841">Specifies the period in milliseconds at which the device management service is queried for device policy information.
Setting this policy overrides the default value of 3 hours. Valid values for this policy are in the range from 1,800,000 (30 minutes) to 86,400,000 (1 day). Any values not in this range will be clamped to the respective boundary.
Leaving this policy not set will make <ph name="PRODUCT_OS_NAME" /> use the default value of 3 hours.
Note that if the platform supports policy notifications, the refresh delay will be set to 24 hours (ignoring all defaults and the value of this policy) because it is expected that policy notifications will force a refresh automatically whenever policy changes, making more frequent refreshes unnecessary.</translation>
<translation id="5530347722229944744">Block potentially dangerous downloads</translation>
<translation id="5535973522252703021">Kerberos delegation server whitelist</translation>
<translation id="555077880566103058">Allow all sites to automatically run the <ph name="FLASH_PLUGIN_NAME" /> plug-in</translation>
<translation id="5559079916187891399">This policy has no effect on Android apps.</translation>
<translation id="5560039246134246593">Add a parameter to the fetching of the Variations seed in <ph name="PRODUCT_NAME" />.
If specified, will add a query parameter called 'restrict' to the URL used to fetch the Variations seed. The value of the parameter will be the value specified in this policy.
If not specified, will not modify the Variations seed URL.</translation>
<translation id="556941986578702361">Control auto-hiding of the <ph name="PRODUCT_OS_NAME" /> shelf.
If this policy is set to 'AlwaysAutoHideShelf', the shelf will always auto-hide.
If this policy is set to 'NeverAutoHideShelf', the shelf never auto-hides.
If you set this policy, users cannot change or override it.
If the policy is left not set, users can choose whether the shelf should auto-hide.</translation>
<translation id="557360560705413259">When this setting is enabled, <ph name="PRODUCT_NAME" /> will use the commonName of a server certificate to match a hostname if the certificate is missing a subjectAlternativeName extension, as long as it successfully validates and chains to a locally-installed CA certificates.
Note that this is not recommended, as this may allow bypassing the nameConstraints extension that restricts the hostnames that a given certificate can be authorised for.
If this policy is not set, or is set to false, server certificates that lack a subjectAlternativeName extension containing either a DNS name or IP address will not be trusted.</translation>
<translation id="557658534286111200">Enables or disables bookmark editing</translation>
<translation id="5586942249556966598">Do nothing</translation>
<translation id="5630352020869108293">Restore the last session</translation>
<translation id="5645779841392247734">Allow cookies on these sites</translation>
<translation id="5693469654327063861">Allow data migration</translation>
<translation id="5694594914843889579">When this policy is set to true, external storage will not be available in the file browser.
This policy affects all types of storage media. For example: USB flash drives, external hard drives, SD and other memory cards, optical storage, etc. Internal storage is not affected, therefore files saved in the Download folder can still be accessed. Google Drive is also not affected by this policy.
If this setting is disabled or not configured then users can use all supported types of external storage on their device.</translation>
<translation id="5697306356229823047">Report device users</translation>
<translation id="570062449808736508">When this policy is set to a non-empty string, the WebView will read URL restrictions from the content provider with the given authority name.</translation>
<translation id="5722934961007828462">When this setting is enabled, <ph name="PRODUCT_NAME" /> will always perform revocation checking for server certificates that successfully validate and are signed by locally-installed CA certificates.
If <ph name="PRODUCT_NAME" /> is unable to obtain revocation status information, such certificates will be treated as revoked ('hard-fail').
If this policy is not set or it is set to false then <ph name="PRODUCT_NAME" /> will use the existing online revocation checking settings.</translation>
<translation id="572720239788271400">Enables component updates in <ph name="PRODUCT_NAME" /></translation>
<translation id="5728154254076636808">Enable the creation of roaming copies for <ph name="PRODUCT_NAME" /> profile data</translation>
<translation id="5732972008943405952">Import autofill form data from default browser on first run</translation>
<translation id="5765780083710877561">Description:</translation>
<translation id="5770738360657678870">Dev channel (may be unstable)</translation>
<translation id="5774856474228476867">Default search provider search URL</translation>
<translation id="5776485039795852974">Ask every time a site wants to show desktop notifications</translation>
<translation id="5781412041848781654">Specifies which GSSAPI library to use for HTTP authentication. You can set either just a library name or a full path.
If no setting is provided, <ph name="PRODUCT_NAME" /> will fall back to using a default library name.</translation>
<translation id="5781806558783210276">Specifies the length of time without user input after which the idle action is taken when running on battery power.
When this policy is set, it specifies the length of time that the user must remain idle before <ph name="PRODUCT_OS_NAME" /> takes the idle action, which can be configured separately.
When this policy is unset, a default length of time is used.
The policy value should be specified in milliseconds.</translation>
<translation id="5795001131770861387">Enables HTTP/0.9 support on non-default ports</translation>
<translation id="5809728392451418079">Set the display name for device-local accounts</translation>
<translation id="5814301096961727113">Set the default state of spoken feedback on the login screen</translation>
<translation id="5815129011704381141">Automatically reboot after update</translation>
<translation id="5815353477778354428">Configures the directory that <ph name="PRODUCT_FRAME_NAME" /> will use for storing user data.
If you set this policy, <ph name="PRODUCT_FRAME_NAME" /> will use the provided directory.
See https://www.chromium.org/administrators/policy-list-3/user-data-directory-variables for a list of variables that can be used.
If this setting is left not set the default profile directory will be used.</translation>
<translation id="5826047473100157858">Specifies whether the user may open pages in Incognito mode in <ph name="PRODUCT_NAME" />.
If 'Enabled' is selected or the policy is left unset, pages may be opened in Incognito mode.
If 'Disabled' is selected, pages may not be opened in Incognito mode.
If 'Forced' is selected, pages may be opened ONLY in Incognito mode.</translation>
<translation id="5836064773277134605">Restrict the UDP port range used by the remote access host</translation>
<translation id="5862253018042179045">Set the default state of the spoken feedback accessibility feature on the login screen.
If this policy is set to true, spoken feedback will be enabled when the login screen is shown.
If this policy is set to false, spoken feedback will be disabled when the login screen is shown.
If you set this policy, users can temporarily override it by enabling or disabling spoken feedback. However, the user's choice is not persistent and the default is restored whenever the login screen is shown anew or the user remains idle on the login screen for a minute.
If this policy is left unset, spoken feedback is disabled when the login screen is first shown. Users can enable or disable spoken feedback at any time and its status on the login screen is persisted between users.</translation>
<translation id="5868414965372171132">User-level network configuration</translation>
<translation id="588135807064822874">Enable Touch to Search</translation>
<translation id="5883015257301027298">Default cookies setting</translation>
<translation id="5887414688706570295">Configures the TalkGadget prefix that will be used by remote access hosts and prevents users from changing it.
If specified, this prefix is prepended to the base TalkGadget name to create a full domain name for the TalkGadget. The base TalkGadget domain name is '.talkgadget.google.com'.
If this setting is enabled, then hosts will use the custom domain name when accessing the TalkGadget instead of the default domain name.
If this setting is disabled or not set, then the default TalkGadget domain name ('chromoting-host.talkgadget.google.com') will be used for all hosts.
Remote access clients are not affected by this policy setting. They will always use 'chromoting-client.talkgadget.google.com' to access the TalkGadget.</translation>
<translation id="5893553533827140852">If this setting is enabled, then gnubby authentication requests will be proxied across a remote host connection.
If this setting is disabled or not configured, gnubby authentication requests will not be proxied.</translation>
<translation id="5898486742390981550">When multiple users are logged in, only the primary user can use Android apps.</translation>
<translation id="5906199912611534122">Allows enabling or disabling network throttling.
This applies to all users, and to all interfaces on the device. Once set,
the throttling persists until the policy is changed to disable it.
If set to false, there is no throttling.
If set to true, the system is throttled to achieve the provided upload and download rates (in kbits/s).</translation>
<translation id="5921713479449475707">Allow autoupdate downloads via HTTP</translation>
<translation id="5921888683953999946">Set the default state of the large cursor accessibility feature on the login screen.
If this policy is set to true, the large cursor will be enabled when the login screen is shown.
If this policy is set to false, the large cursor will be disabled when the login screen is shown.
If you set this policy, users can temporarily override it by enabling or disabling the large cursor. However, the user's choice is not persistent and the default is restored whenever the login screen is shown anew or the user remains idle on the login screen for a minute.
If this policy is left unset, the large cursor is disabled when the login screen is first shown. Users can enable or disable the large cursor at any time and its status on the login screen is persisted between users.</translation>
<translation id="5932767795525445337">This policy can also be used to pin Android apps.</translation>
<translation id="5936622343001856595">Forces queries in Google Web Search to be done with SafeSearch set to active and prevents users from changing this setting.
If you enable this setting, SafeSearch in Google Search is always active.
If you disable this setting or do not set a value, SafeSearch in Google Search is not enforced.</translation>
<translation id="5946082169633555022">Beta channel</translation>
<translation id="5950205771952201658">In light of the fact that soft-fail, online revocation checks provide no effective security benefit, they are disabled by default in <ph name="PRODUCT_NAME" /> version 19 and later. By setting this policy to true, the previous behaviour is restored and online OCSP/CRL checks will be performed.
If the policy is not set, or is set to false, then <ph name="PRODUCT_NAME" /> will not perform online revocation checks in <ph name="PRODUCT_NAME" /> 19 and later.</translation>
<translation id="5966615072639944554">Extensions allowed to to use the remote attestation API</translation>
<translation id="5983708779415553259">Default behaviour for sites not in any content pack</translation>
<translation id="5997543603646547632">Use 24 hour clock by default</translation>
<translation id="6005179188836322782">Enables <ph name="PRODUCT_NAME" />'s Safe Browsing feature and prevents users from changing this setting.
If you enable this setting, Safe Browsing is always active.
If you disable this setting, Safe Browsing is never active.
If you enable or disable this setting, users cannot change or override the 'Enable phishing and malware protection' setting in <ph name="PRODUCT_NAME" />.
If this policy is left unset, this will be enabled but the user will be able to change it.
See https://developers.google.com/safe-browsing for more info on SafeBrowsing.</translation>
<translation id="6017568866726630990">Show the system print dialogue instead of print preview.
When this setting is enabled, <ph name="PRODUCT_NAME" /> will open the system print dialogue instead of the built-in print preview when a user requests a page to be printed.
If this policy is not set or is set to false, print commands trigger the print preview screen.</translation>
<translation id="6022948604095165524">Action on start-up</translation>
<translation id="6023030044732320798">Specifies a set of policies that will be handed over to the ARC runtime. The value must be valid JSON.
This policy can be used to configure which Android apps are automatically installed on the device:
{
"type": "object",
"properties": {
"applications": {
"type": "array",
"items": {
"type": "object",
"properties": {
"packageName": {
"description": "Android app identifier, e.g. "com.google.android.gm" for Gmail",
"type": "string"
},
"installType": {
"description": 'Specifies how an app is installed. OPTIONAL: The app is not installed automatically, but the user can install it. This is the default if this policy is not specified. PRELOAD: The app is installed automatically, but the user can uninstall it. FORCE_INSTALLED: The app is installed automatically and the user cannot uninstall it. BLOCKED: The app is blocked and cannot be installed. If the app was installed under a previous policy it will be uninstalled.',
"type": "string",
"enum": [
"OPTIONAL",
"PRELOAD",
"FORCE_INSTALLED",
"BLOCKED"
]
},
"defaultPermissionPolicy": {
"description": 'Policy for granting permission requests to apps. PERMISSION_POLICY_UNSPECIFIED: Policy not specified. If no policy is specified for a permission at any level, then the `PROMPT` behaviour is used by default. PROMPT: Prompt the user to grant a permission. GRANT: Automatically grant a permission. DENY: Automatically deny a permission.',
"type": "string",
"enum": [
"PERMISSION_POLICY_UNSPECIFIED",
"PROMPT",
"GRANT",
"DENY"
]
},
"managedConfiguration": {
"description": 'App-specific JSON configuration object with a set of key-value pairs, e.g. '"managedConfiguration": { "key1": value1, "key2": value2 }'. The keys are defined in the app manifest.',
"type": "object"
}
}
}
}
}
}
To pin apps to the launcher, see PinnedLauncherApps.</translation>
<translation id="602728333950205286">Default search provider instant URL</translation>
<translation id="603410445099326293">Parameters for suggest URL which uses POST</translation>
<translation id="6036523166753287175">Enable firewall traversal from remote access host</translation>
<translation id="6070667616071269965">Device sign-in screen keyboard layouts</translation>
<translation id="6074963268421707432">Do not allow any site to show desktop notifications</translation>
<translation id="6076099373507468537">Defines the list of USB devices that are allowed to be detached from their kernel driver in order to be used through the chrome.usb API directly inside a web application. Entries are pairs of USB Vendor Identifier and Product Identifier to identify a specific hardware.
If this policy is not configured, the list of a detachable USB devices is empty.</translation>
<translation id="6083631234867522991">Windows (Windows clients):</translation>
<translation id="6093156968240188330">Allow remote users to interact with elevated windows in remote assistance sessions</translation>
<translation id="6095999036251797924">Specifies the length of time without user input after which the screen is locked when running on AC power or battery.
When the length of time is set to a value greater than zero, it represents the length of time that the user must remain idle before <ph name="PRODUCT_OS_NAME" /> locks the screen.
When the length of time is set to zero, <ph name="PRODUCT_OS_NAME" /> does not lock the screen when the user becomes idle.
When the length of time is unset, a default length of time is used.
The recommended way to lock the screen on idle is to enable screen locking on suspend and have <ph name="PRODUCT_OS_NAME" /> suspend after the idle delay. This policy should only be used when screen locking should occur a significant amount of time sooner than suspend or when suspend on idle is not desired at all.
The policy value should be specified in milliseconds. Values are clamped to be less than the idle delay.</translation>
<translation id="6111936128861357925">Allow Dinosaur Easter Egg Game</translation>
<translation id="6114416803310251055">deprecated</translation>
<translation id="6133088669883929098">Allow all sites to use key generation</translation>
<translation id="6145799962557135888">Allows you to set a list of url patterns that specify sites which are allowed to run JavaScript.
If this policy is left not set the global default value will be used for all sites either from the 'DefaultJavaScriptSetting' policy, if it is set, or the user's personal configuration otherwise.</translation>
<translation id="614662973812186053">This policy also controls Android usage and diagnostic data collection.</translation>
<translation id="6155936611791017817">Set default state of the large cursor on the login screen</translation>
<translation id="6157537876488211233">Comma-separated list of proxy bypass rules</translation>
<translation id="6158324314836466367">Enterprise web store name (deprecated)</translation>
<translation id="6161405879872578475">Enables <ph name="PRODUCT_NAME" /></translation>
<translation id="6167074305866468481">Warning: SSLv3 support will be entirely removed from <ph name="PRODUCT_NAME" /> after version 43 (around July 2015) and this policy will be removed at the same time.
If this policy is not configured then <ph name="PRODUCT_NAME" /> uses a default minimum version which is SSLv3 in <ph name="PRODUCT_NAME" /> 39 and TLS 1.0 in later versions.
Otherwise it may be set to one of the following values: "sslv3", "tls1", "tls1.1" or "tls1.2". When set, <ph name="PRODUCT_NAME" /> will not use SSL/TLS versions less than the specified version. An unrecognised value will be ignored.
Note that, despite the number, "sslv3" is an earlier version than "tls1".</translation>
<translation id="6181608880636987460">Allows you to set a list of URL patterns that specify sites which are not allowed to run the <ph name="FLASH_PLUGIN_NAME" /> plug-in.
If this policy is left not set the global default value will be used for all sites either from the 'DefaultPluginsSetting' policy if it is set, or the user's personal configuration otherwise.</translation>
<translation id="6190022522129724693"> setting</translation>
<translation id="6197453924249895891">Grants access to corporate keys to extensions.
Keys are designated for corporate usage if they're generated using the chrome.enterprise.platformKeys API on a managed account. Keys imported or generated in another way are not designated for corporate usage.
Access to keys designated for corporate usage is solely controlled by this policy. The user can neither grant nor withdraw access to corporate keys to or from extensions.
By default an extension cannot use a key designated for corporate usage, which is equivalent to setting allowCorporateKeyUsage to false for that extension.
Only if allowCorporateKeyUsage is set to true for an extension, it can use any platform key marked for corporate usage to sign arbitrary data. This permission should only be granted if the extension is trusted to secure access to the key against attackers.</translation>
<translation id="6211428344788340116">Report device activity times.
If this setting is not set or set to True, enrolled devices will report time periods when a user is active on the device. If this setting is set to False, device activity times will not be recorded or reported.</translation>
<translation id="6212868225782276239">All printers are shown except those in the blacklist.</translation>
<translation id="6219965209794245435">This policy forces the autofill form data to be imported from the previous default browser if enabled. If enabled, this policy also affects the import dialogue.
If disabled, the autofill form data is not imported.
If it is not set, the user may be asked whether to import or importing may happen automatically.</translation>
<translation id="6233173491898450179">Set download directory</translation>
<translation id="6244210204546589761">URLs to open on start-up</translation>
<translation id="6258193603492867656">Specifies whether the generated Kerberos SPN should include a non-standard port. If you enable this setting, and a non-standard port (i.e. a port other than 80 or 443) is entered, it will be included in the generated Kerberos SPN. If you disable this setting, the generated Kerberos SPN will not include a port in any case.</translation>
<translation id="6281043242780654992">Configures policies for Native Messaging. Blacklisted native messaging hosts won't be allowed unless they are whitelisted.</translation>
<translation id="6282799760374509080">Allow or deny audio capture</translation>
<translation id="6284362063448764300">TLS 1.1</translation>
<translation id="6287694548537067861">Enables component updates for all components in <ph name="PRODUCT_NAME" /> when unset or set to True.
If set to False, updates to components are disabled. However, some components are exempt from this policy: updates to any component that does not contain executable code, or does not significantly alter the behaviour of the browser, or is critical for its security, will not be disabled.
Examples of such components include the certificate revocation lists and safe browsing data.
See https://developers.google.com/safe-browsing for more info on SafeBrowsing.</translation>
<translation id="6310223829319187614">Enable domain name autocomplete during user sign in</translation>
<translation id="6315673513957120120">Chrome shows a warning page when users navigate to sites that have SSL errors. By default or when this policy is set to true, users are allowed to click through these warning pages.
Setting this policy to false disallows users to click through any warning page.</translation>
<translation id="6353901068939575220">Specifies the parameters used when searching a URL with POST. It consists of comma-separated name/value pairs. If a value is a template parameter, like {searchTerms} in above example, it will be replaced with real search terms data.
This policy is optional. If not set, search request will be sent using the GET method.
This policy is only respected if the 'DefaultSearchProviderEnabled' policy is enabled.</translation>
<translation id="6367755442345892511">Whether the release channel should be configurable by the user</translation>
<translation id="6368011194414932347">Configure the home page URL</translation>
<translation id="6368403635025849609">Allow JavaScript on these sites</translation>
<translation id="6376659517206731212">Can Be Mandatory</translation>
<translation id="6378076389057087301">Specify whether audio activity affects power management</translation>
<translation id="637934607141010488">Report list of device users that have recently logged in.
If the policy is set to false, the users will not be reported.</translation>
<translation id="6392973646875039351">Enables <ph name="PRODUCT_NAME" />'s Auto-fill feature and allows users to auto-complete web forms using previously stored information such as address or credit card information.
If you disable this setting, Auto-fill will be inaccessible to users.
If you enable this setting or do not set a value, Auto-fill will remain under the control of the user. This will allow them to configure Auto-fill profiles and to switch Auto-fill on or off at their own discretion.</translation>
<translation id="6394350458541421998">This policy has been retired as of <ph name="PRODUCT_OS_NAME" /> version 29. Please use the PresentationScreenDimDelayScale policy instead.</translation>
<translation id="6401669939808766804">Log the user out</translation>
<translation id="6417861582779909667">Allows you to set a list of url patterns that specify sites which are not allowed to set cookies.
If this policy is left unset, the global default value will be used for all sites, either from the 'DefaultCookiesSetting' policy, if it is set, or the user's personal configuration otherwise.</translation>
<translation id="6426205278746959912">You cannot force Android apps to use a proxy. A subset of proxy settings is made available to Android apps, which they may voluntarily choose to honour:
If you choose to never use a proxy server, Android apps are informed that no proxy is configured.
If you choose to use system proxy settings or a fixed server proxy, Android apps are provided with the http proxy server address and port.
If you choose to auto detect the proxy server, the script URL "http://wpad/wpad.dat" is provided to Android apps. No other part of the proxy auto-detection protocol is used.
If you choose to use a .pac proxy script, the script URL is provided to Android apps.</translation>
<translation id="6491139795995924304">Allow bluetooth on device</translation>
<translation id="6520802717075138474">Import search engines from default browser on first run</translation>
<translation id="6525955212636890608">If you enable this setting, all Flash content embedded on websites that have been set to allow Flash in content settings – either by the user or by enterprise policy – will be run, including content from other origins or small content.
To control which websites are allowed to run Flash, see the 'DefaultPluginsSetting', 'PluginsAllowedForURLs' and 'PluginsBlockedForURLs' policies.
If this setting is disabled or not set, Flash content from other origins or small content might be blocked.</translation>
<translation id="653608967792832033">Specifies the length of time without user input after which the screen is locked when running on battery power.
When this policy is set to a value greater than zero, it specifies the length of time that the user must remain idle before <ph name="PRODUCT_OS_NAME" /> locks the screen.
When this policy is set to zero, <ph name="PRODUCT_OS_NAME" /> does not lock the screen when the user becomes idle.
When this policy is unset, a default length of time is used.
The recommended way to lock the screen on idle is to enable screen locking on suspend and have <ph name="PRODUCT_OS_NAME" /> suspend after the idle delay. This policy should only be used when screen locking should occur a significant amount of time sooner than suspend or when suspend on idle is not desired at all.
The policy value should be specified in milliseconds. Values are clamped to be less than the idle delay.</translation>
<translation id="6536600139108165863">Automatic reboot on device shutdown</translation>
<translation id="6539246272469751178">This policy has no effect on Android apps. Android apps always use the default downloads directory and cannot access any files downloaded by <ph name="PRODUCT_OS_NAME" /> into a non-default downloads directory.</translation>
<translation id="654303922206238013">Migration strategy for eCryptfs</translation>
<translation id="6544897973797372144">If this policy is set to True and the ChromeOsReleaseChannel policy is not specified then users of the enrolling domain will be allowed to change the release channel of the device. If this policy is set to false the device will be locked in whatever channel it was last set.
The user selected channel will be overridden by the ChromeOsReleaseChannel policy, but if the policy channel is more stable than the one that was installed on the device, then the channel will only switch after the version of the more stable channel reaches a higher version number than the one installed on the device.</translation>
<translation id="6559057113164934677">Do not allow any site to access the camera and microphone</translation>
<translation id="6561396069801924653">Show accessibility options in system tray menu</translation>
<translation id="6565312346072273043">Set the default state of the on-screen keyboard accessibility feature on the login screen.
If this policy is set to true, the on-screen keyboard will be enabled when the login screen is shown.
If this policy is set to false, the on-screen keyboard will be disabled when the login screen is shown.
If you set this policy, users can temporarily override it by enabling or disabling the on-screen keyboard. However, the user's choice is not persistent and the default is restored whenever the login screen is shown anew or the user remains idle on the login screen for a minute.
If this policy is left unset, the on-screen keyboard is disabled when the login screen is first shown. Users can enable or disable the on-screen keyboard any time and its status on the login screen is persisted between users.</translation>
<translation id="6573305661369899995">Set an external source of URL restrictions</translation>
<translation id="6598235178374410284">User avatar image</translation>
<translation id="6603004149426829878">Always send any available location signals to the server while resolving time zone</translation>
<translation id="6628646143828354685">Allows you to set whether websites are allowed to get access to nearby Bluetooth devices. Access can be completely blocked, or the user can be asked every time a website wants to get access to nearby Bluetooth devices.
If this policy is left not set, '3' will be used, and the user will be able to change it.</translation>
<translation id="6641981670621198190">Disable support for 3D graphics APIs</translation>
<translation id="6647965994887675196">If set to true, supervised users can be created and used.
If set to false or not configured, supervised-user creation and login will be disabled. All existing supervised users will be hidden.
NOTE: The default behaviour for consumer and enterprise devices differs: on consumer devices, supervised users are enabled by default, but on enterprise devices they are disabled by default.</translation>
<translation id="6649397154027560979">This policy is deprecated, please use URLBlacklist instead.
Disables the listed protocol schemes in <ph name="PRODUCT_NAME" />.
URLs using a scheme from this list will not load and can not be navigated to.
If this policy is left not set or the list is empty all schemes will be accessible in <ph name="PRODUCT_NAME" />.</translation>
<translation id="6652197835259177259">Locally managed users settings</translation>
<translation id="6654559957643809067">Enables network prediction in <ph name="PRODUCT_NAME" /> and prevents users from changing this setting.
This controls DNS prefetching, TCP and SSL preconnection and prerendering of web pages.
If you set this preference to 'always', 'never' or 'Wi-Fi only', users cannot change or override this setting in <ph name="PRODUCT_NAME" />.
If this policy is left not set, network prediction will be enabled but the user will be able to change it.</translation>
<translation id="6658245400435704251">Specifies the number of seconds up to which a device may randomly delay its download of an update from the time the update was first pushed out to the server. The device may wait a portion of this time in terms of wall-clock-time and the remaining portion in terms of the number of update checks. In any case, the scatter is upper bounded to a constant amount of time so that a device does not ever get stuck waiting to download an update forever.</translation>
<translation id="6689792153960219308">Report hardware status</translation>
<translation id="6699880231565102694">Enable two-factor authentication for remote access hosts</translation>
<translation id="6724842112053619797">If you enable this setting, the settings stored in <ph name="PRODUCT_NAME" /> profiles like bookmarks, auto-fill data, passwords, etc. will also be written to a file stored in the roaming user profile folder or a location specified by the Administrator through the <ph name="ROAMING_PROFILE_LOCATION_POLICY_NAME" /> policy. Enabling this policy disables cloud sync.
If this policy is disabled or left not set, only the regular local profiles will be used.
The <ph name="SYNC_DISABLED_POLICY_NAME" /> policy disables all data synchronisation, overriding RoamingProfileSupportEnabled.</translation>
<translation id="6757438632136860443">Allows you to set a list of URL patterns that specify sites which are allowed to run the <ph name="FLASH_PLUGIN_NAME" /> plug-in.
If this policy is left not set the global default value will be used for all sites either from the 'DefaultPluginsSetting' policy if it is set, or the user's personal configuration otherwise.</translation>
<translation id="6766216162565713893">Allow sites to ask the user to grant access to a nearby Bluetooth device</translation>
<translation id="6770454900105963262">Report information about active kiosk sessions</translation>
<translation id="6786747875388722282">Extensions</translation>
<translation id="6786967369487349613">Set the roaming profile directory</translation>
<translation id="6810445994095397827">Block JavaScript on these sites</translation>
<translation id="681446116407619279">Supported authentication schemes</translation>
<translation id="685769593149966548">Enforce Strict Restricted Mode for YouTube</translation>
<translation id="687046793986382807">This policy has been retired as of <ph name="PRODUCT_NAME" /> version 35.
Memory info is reported to page anyway, regardless of the option value, but the sizes reported are
quantised and the rate of updates is limited for security reasons. To obtain real-time precise data,
please use tools like Telemetry.</translation>
<translation id="6894178810167845842">New Tab page URL</translation>
<translation id="6899705656741990703">Auto detect proxy settings</translation>
<translation id="6903814433019432303">This policy is active in retail mode only.
Determines the set of URLs to be loaded when the demo session is started. This policy will override any other mechanisms for setting the initial URL and thus can only be applied to a session not associated with a particular user.</translation>
<translation id="6908640907898649429">Configures the default search provider. You can specify the default search provider that the user will use or choose to disable default search.</translation>
<translation id="6915442654606973733">Enable the spoken feedback accessibility feature.
If this policy is set to true, spoken feedback will always be enabled.
If this policy is set to false, spoken feedback will always be disabled.
If you set this policy, users cannot change or override it.
If this policy is left unset, spoken feedback is disabled initially but can be enabled by the user at any time.</translation>
<translation id="6922040258551909078">
If the policy is set to true, cloud policy takes precedence if it conflicts with machine policy.
If the policy is set to false or not configured, machine policy takes precedence if it conflicts with cloud policy.
For more details about policy priority, please visit: https://support.google.com/chrome?p=set_chrome_policies_for_devices
This policy is not available on Window instances that are not joined to a <ph name="MS_AD_NAME" /> domain.
</translation>
<translation id="6922884955650325312">Block the <ph name="FLASH_PLUGIN_NAME" /> plug-in</translation>
<translation id="6923366716660828830">Specifies the name of the default search provider. If left empty or not set, the host name specified by the search URL will be used.
This policy is only considered if the 'DefaultSearchProviderEnabled' policy is enabled.</translation>
<translation id="6931242315485576290">Disable synchronisation of data with Google</translation>
<translation id="6936894225179401731">Specifies the maximal number of simultaneous connections to the proxy server.
Some proxy servers can not handle high number of concurrent connections per client and this can be solved by setting this policy to a lower value.
The value of this policy should be lower than 100 and higher than 6 and the default value is 32.
Some web apps are known to consume many connections with hanging GETs, so lowering below 32 may lead to browser networking hangs if too many such web apps are open. Lower below the default at your own risk.
If this policy is left not set the default value will be used which is 32.</translation>
<translation id="6943577887654905793">Mac/Linux preference name:</translation>
<translation id="69525503251220566">Parameter providing search-by-image feature for the default search provider</translation>
<translation id="6956272732789158625">Do not allow any site to use key generation</translation>
<translation id="6994082778848658360">Specifies how the on-board secure element hardware can be used to provide a second-factor authentication if it is compatible with this feature. The machine power button is used to detect the user physical presence.
If 'Disabled' is selected, no second factor is provided.
If 'U2F' is selected, the integrated second factor will behave according the FIDO U2F specification.
If 'U2F_EXTENDED' is selected, the integrated second factor will provide the U2F functions plus some extensions for individual attestation.</translation>
<translation id="6997592395211691850">Whether online OCSP/CRL checks are required for local trust anchors</translation>
<translation id="7003334574344702284">This policy forces the saved passwords to be imported from the previous default browser, if enabled. If enabled, this policy also affects the import dialogue.
If disabled, the saved passwords are not imported.
If it is not set, the user may be asked whether to import or importing may happen automatically.</translation>
<translation id="7003746348783715221"><ph name="PRODUCT_NAME" /> preferences</translation>
<translation id="7006788746334555276">Content Settings</translation>
<translation id="7007671350884342624">Configures the directory that <ph name="PRODUCT_NAME" /> will use for storing user data.
If you set this policy, <ph name="PRODUCT_NAME" /> will use the provided directory regardless of whether the user has specified the '--user-data-dir' flag or not. To avoid data loss or other unexpected errors this policy should not be set to a volume's root directory or to a directory used for other purposes, because <ph name="PRODUCT_NAME" /> manages its contents.
See https://www.chromium.org/administrators/policy-list-3/user-data-directory-variables for a list of variables that can be used.
If this policy is left not set the default profile path will be used and the user will be able to override it with the '--user-data-dir' command line flag.</translation>
<translation id="7027785306666625591">Configure power management in <ph name="PRODUCT_OS_NAME" />.
These policies let you configure how <ph name="PRODUCT_OS_NAME" /> behaves when the user remains idle for some amount of time.</translation>
<translation id="7040229947030068419">Sample value</translation>
<translation id="7049373494483449255">Enables <ph name="PRODUCT_NAME" /> to submit documents to <ph name="CLOUD_PRINT_NAME" /> for printing. NOTE: This only affects <ph name="CLOUD_PRINT_NAME" /> support in <ph name="PRODUCT_NAME" />. It does not prevent users from submitting print jobs on websites.
If this setting is enabled or not configured, users can print to <ph name="CLOUD_PRINT_NAME" /> from the <ph name="PRODUCT_NAME" /> print dialogue.
If this setting is disabled, users cannot print to <ph name="CLOUD_PRINT_NAME" /> from the <ph name="PRODUCT_NAME" /> print dialogue</translation>
<translation id="7053678646221257043">This policy forces bookmarks to be imported from the current default browser if enabled. If enabled, this policy also affects the import dialogue.
If disabled, no bookmarks are imported.
If it is not set, the user may be asked whether to import or importing may happen automatically.</translation>
<translation id="7063895219334505671">Allow pop-ups on these sites</translation>
<translation id="706669471845501145">Allow SITE to show desktop notifications?</translation>
<translation id="7072406291414141328">Enables throttling network bandwidth</translation>
<translation id="7079519252486108041">Block pop-ups on these sites</translation>
<translation id="7091198954851103976">Always runs plug-ins that require authorisation</translation>
<translation id="7106631983877564505">Enable lock when <ph name="PRODUCT_OS_NAME" /> devices become idle or suspended.
If you enable this setting, users will be asked for a password to unlock the device from sleep.
If you disable this setting, users will not be asked for a password to unlock the device from sleep.
If you enable or disable this setting, users cannot change or override it.
If the policy is left not set the user can choose whether they want to be asked for password to unlock the device or not.</translation>
<translation id="7115494316187648452">Determines whether a <ph name="PRODUCT_NAME" /> process is started on OS login and keeps running when the last browser window is closed, allowing background apps and the current browsing session to remain active, including any session cookies. The background process displays an icon in the system tray and can always be closed from there.
If this policy is set to True, background mode is enabled and cannot be controlled by the user in the browser settings.
If this policy is set to False, background mode is disabled and cannot be controlled by the user in the browser settings.
If this policy is left unset, background mode is initially disabled and can be controlled by the user in the browser settings.</translation>
<translation id="7128918109610518786">Lists the application identifiers <ph name="PRODUCT_OS_NAME" /> shows as pinned apps in the launcher bar.
If this policy is configured, the set of applications is fixed and can't be changed by the user.
If this policy is left unset, the user may change the list of pinned apps in the launcher.</translation>
<translation id="7132877481099023201">URLs that will be granted access to video capture devices without prompt</translation>
<translation id="7167436895080860385">Allow users to show passwords in Password Manager (deprecated)</translation>
<translation id="7173856672248996428">Ephemeral profile</translation>
<translation id="717630378807352957">Allow all printers from the configuration file.</translation>
<translation id="7185078796915954712">TLS 1.3</translation>
<translation id="718956142899066210">Connection types allowed for updates</translation>
<translation id="7194407337890404814">Default search provider name</translation>
<translation id="7199300565886109054">Allows you to set a list of URL patterns that specify sites which are allowed to set session only cookies.
If this policy is left not set the global default value will be used for all sites either from the 'DefaultCookiesSetting' policy if it is set or the user's personal configuration otherwise.
Note that if <ph name="PRODUCT_NAME" /> is running in 'background mode', the session may not be closed when the last browser window is closed, but will instead stay active until the browser exits. Please see the 'BackgroundModeEnabled' policy for more information about configuring this behaviour.
If the "RestoreOnStartup" policy is set to restore URLs from previous sessions this policy will not be respected and cookies will be stored permanently for those sites.</translation>
<translation id="7202925763179776247">Allow download restrictions</translation>
<translation id="7207095846245296855">Force Google SafeSearch</translation>
<translation id="7216442368414164495">Allow users to opt in to Safe Browsing extended reporting</translation>
<translation id="7234280155140786597">Names of the forbidden native messaging hosts (or * for all)</translation>
<translation id="7236775576470542603">Set the default type of screen magnifier that is enabled on the login screen.
If this policy is set, it controls the type of screen magnifier that is enabled when the login screen is shown. Setting the policy to "None" disables the screen magnifier.
If you set this policy, users can temporarily override it by enabling or disabling the screen magnifier. However, the user's choice is not persistent and the default is restored whenever the login screen is shown anew or the user remains idle on the login screen for a minute.
If this policy is left unset, the screen magnifier is disabled when the login screen is first shown. Users can enable or disable the screen magnifier at any time and its status on the login screen is persisted between users.</translation>
<translation id="7249828445670652637">Enable <ph name="PRODUCT_OS_NAME" /> CA certificates to ARC-apps</translation>
<translation id="7258823566580374486">Enable curtaining of remote access hosts</translation>
<translation id="7260277299188117560">Auto update p2p enabled</translation>
<translation id="7261252191178797385">Device wallpaper image</translation>
<translation id="7267809745244694722">Media keys default to function keys</translation>
<translation id="7271085005502526897">Import of homepage from default browser on first run</translation>
<translation id="7273823081800296768">If this setting is enabled or not configured, then users can opt to pair clients and hosts at connection time, eliminating the need to enter a PIN every time.
If this setting is disabled, then this feature will not be available.</translation>
<translation id="7275334191706090484">Managed Bookmarks</translation>
<translation id="7295019613773647480">Enable supervised users</translation>
<translation id="7301543427086558500">Specifies a list of alternative URLs that can be used to extract search terms from the search engine. The URLs should contain the string <ph name="SEARCH_TERM_MARKER" />, which will be used to extract the search terms.
This policy is optional. If not set, no alternative urls will be used to extract search terms.
This policy is only respected if the 'DefaultSearchProviderEnabled' policy is enabled.</translation>
<translation id="7302043767260300182">Screen lock delay when running on AC power</translation>
<translation id="7311458740754205918">If this is set to true or not set, the New Tab page may show content suggestions based on the user's browsing history, interests or location.
If this is set to false, automatically-generated content suggestions are not shown on the New Tab page.</translation>
<translation id="7323896582714668701">Additional command line parameters for <ph name="PRODUCT_NAME" /></translation>
<translation id="7326394567531622570">Similar to Wipe (value 2), but tries to preserve login tokens so that the user does not have to sign in again.</translation>
<translation id="7329842439428490522">Specifies the length of time without user input after which the screen is turned off when running on battery power.
When this policy is set to a value greater than zero, it specifies the length of time that the user must remain idle before <ph name="PRODUCT_OS_NAME" /> turns off the screen.
When this policy is set to zero, <ph name="PRODUCT_OS_NAME" /> does not turn off the screen when the user becomes idle.
When this policy is unset, a default length of time is used.
The policy value should be specified in milliseconds. Values are clamped to be less than or equal the idle delay.</translation>
<translation id="7329968046053403405">Specifies the account type of the accounts provided by the Android authentication app that supports <ph name="HTTP_NEGOTIATE" /> authentication (e.g. Kerberos authentication). This information should be available from the supplier of the authentication app. For more details see https://goo.gl/hajyfN.
If no setting is provided, <ph name="HTTP_NEGOTIATE" /> authentication is disabled on Android.</translation>
<translation id="7331962793961469250">When set to True, promotions for Chrome Web Store apps will not appear on the new tab page.
Setting this option to False or leaving it unset will make the promotions for Chrome Web Store apps appear on the new tab page</translation>
<translation id="7332963785317884918">This policy is deprecated. <ph name="PRODUCT_OS_NAME" /> will always use the 'RemoveLRU' clean-up strategy.
Controls the automatic clean-up behaviour on <ph name="PRODUCT_OS_NAME" /> devices. Automatic clean-up is triggered when the amount of free disk space reaches a critical level to recover some disk space.
If this policy is set to 'RemoveLRU', the automatic clean-up will keep removing users from the device in least-recently-logged-in order until there is enough free space.
If this policy is set to 'RemoveLRUIfDormant', the automatic clean-up will keep removing users who have not logged in for at least 3 months in least-recently-logged-in order until there is enough free space.
If this policy is not set, automatic clean-up uses the default built-in strategy. Currently, it is the 'RemoveLRUIfDormant' strategy.</translation>
<translation id="7336878834592315572">Keep cookies for the duration of the session.</translation>
<translation id="7340034977315324840">Report device activity times</translation>
<translation id="7343497214039883642">Enterprise printer configuration file for devices</translation>
<translation id="7384999953864505698">Allows QUIC protocol</translation>
<translation id="7417972229667085380">Percentage by which to scale the idle delay in presentation mode (deprecated)</translation>
<translation id="7421483919690710988">Set media disk cache size in bytes</translation>
<translation id="7424751532654212117">List of exceptions to the list of disabled plugins</translation>
<translation id="7426112309807051726">Specifies whether the <ph name="TLS_FALSE_START" /> optimisation should be disabled. For historical reasons, this policy is named DisableSSLRecordSplitting.
If the policy is not set or is set to false, then <ph name="TLS_FALSE_START" /> will be enabled. If it is set to true, <ph name="TLS_FALSE_START" /> will be disabled.</translation>
<translation id="7433714841194914373">Enable Instant</translation>
<translation id="7443616896860707393">Cross-origin HTTP Basic Auth prompts</translation>
<translation id="7469554574977894907">Enable search suggestions</translation>
<translation id="7474249562477552702">Whether SHA-1 signed certificates issued by local trust anchors are allowed</translation>
<translation id="7485481791539008776">Default printer selection rules</translation>
<translation id="749556411189861380">Report OS and firmware version of enrolled devices.
If this setting is not set or set to True, enrolled devices will report the OS and firmware version periodically. If this setting is set to False, version info will not be reported.</translation>
<translation id="7511361072385293666">If this policy is set to true or not set usage of QUIC protocol in <ph name="PRODUCT_NAME" /> is allowed.
If this policy is set to false usage of QUIC protocol is disallowed.</translation>
<translation id="7519251620064708155">Allow key generation on these sites</translation>
<translation id="7529100000224450960">Allows you to set a list of url patterns that specify sites which are allowed to open pop-ups.
If this policy is left unset the global default value will be used for all sites either from the 'DefaultPop-upsSetting' policy, if it is set, or the user's personal configuration otherwise.</translation>
<translation id="7529144158022474049">Auto update scatter factor</translation>
<translation id="7534199150025803530">This policy has no effect on the Android Google Drive app. If you want to prevent use of Google Drive over mobile connections, you should disallow installation of the Android Google Drive app.</translation>
<translation id="7553535237300701827">When this policy is set, the login authentication flow will happen in one of the following ways depending on the value of the setting:
If set to GAIA, login will be done via the normal GAIA authentication flow.
If set to SAML_INTERSTITIAL, login will show an interstitial screen offering the user the option to go forward with authentication via the SAML IdP of the device's enrolment domain or go back to the normal GAIA login flow.</translation>
<translation id="757395965347379751">When this setting is enabled, <ph name="PRODUCT_NAME" /> allows SHA-1 signed certificates as long as they successfully validate and chain to a locally-installed CA certificates.
Note that this policy depends on the operating system certificate verification stack allowing SHA-1 signatures. If an OS update changes the OS handling of SHA-1 certificates, this policy may no longer have effect. Furthermore, this policy is intended as a temporary workaround to give enterprises more time to move away from SHA-1. This policy will be removed on or around 1 January 2019.
If this policy is not set, or it is set to false, then <ph name="PRODUCT_NAME" /> follows the publicly announced SHA-1 deprecation schedule.</translation>
<translation id="7593523670408385997">Configures the cache size that <ph name="PRODUCT_NAME" /> will use for storing cached files on the disk.
If you set this policy, <ph name="PRODUCT_NAME" /> will use the provided cache size regardless of whether the user has specified the '--disk-cache-size' flag or not. The value specified in this policy is not a hard boundary but rather a suggestion to the caching system, any value below a few megabytes is too small and will be rounded up to a sane minimum.
If the value of this policy is 0, the default cache size will be used but the user will not be able to change it.
If this policy is not set, the default size will be used and the user will be able to override it with the --disk-cache-size flag.</translation>
<translation id="7604169113182304895">Android apps may voluntarily choose to honour this list. You cannot force them to honour it.</translation>
<translation id="7612157962821894603">System wide flags to be applied on <ph name="PRODUCT_NAME" /> startup</translation>
<translation id="7614663184588396421">List of disabled protocol schemes</translation>
<translation id="7617319494457709698">This policy specifies the allowed extensions to use the <ph name="ENTERPRISE_PLATFORM_KEYS_API" /> function <ph name="CHALLENGE_USER_KEY_FUNCTION" /> for remote attestation. Extensions must be added to this list to use the API.
If an extension is not in the list, or the list is not set, the call to the API will fail with an error code.</translation>
<translation id="7625444193696794922">Specifies the release channel that this device should be locked to.</translation>
<translation id="7632724434767231364">GSSAPI library name</translation>
<translation id="7635471475589566552">Configures the application locale in <ph name="PRODUCT_NAME" /> and prevents users from changing the locale.
If you enable this setting, <ph name="PRODUCT_NAME" /> uses the specified locale. If the configured locale is not supported, 'en-US' is used instead.
If this setting is disabled or not set, <ph name="PRODUCT_NAME" /> uses either the user-specified preferred locale (if configured), the system locale or the default locale 'en-US'.</translation>
<translation id="7651739109954974365">Determines whether data roaming should be enabled for the device. If set to true, data roaming is allowed. If left unconfigured or set to false, data roaming will be unavailable.</translation>
<translation id="7683777542468165012">Dynamic Policy Refresh</translation>
<translation id="7694807474048279351">Schedule an automatic reboot after a <ph name="PRODUCT_OS_NAME" /> update has been applied.
When this policy is set to true, an automatic reboot is scheduled when a <ph name="PRODUCT_OS_NAME" /> update has been applied and a reboot is required to complete the update process. The reboot is scheduled immediately but may be delayed on the device by up to 24 hours if a user is currently using the device.
When this policy is set to false, no automatic reboot is scheduled after applying a <ph name="PRODUCT_OS_NAME" /> update. The update process is completed when the user next reboots the device.
If you set this policy, users cannot change or override it.
Note: Currently, automatic reboots are only enabled while the login screen is being shown or a Kiosk app session is in progress. This will change in the future and the policy will always apply, regardless of whether a session of any particular type is in progress or not.</translation>
<translation id="7701341006446125684">Set Apps and Extensions cache size (in bytes)</translation>
<translation id="7709537117200051035">A dictionary mapping host names to a boolean flag specifying whether access to the host should be allowed (true) or blocked (false).
This policy is for internal use by <ph name="PRODUCT_NAME" /> itself.</translation>
<translation id="7712109699186360774">Ask every time a site wants to access the camera and/or microphone</translation>
<translation id="7713608076604149344">Download restrictions</translation>
<translation id="7715711044277116530">Percentage by which to scale the screen dim delay in presentation mode</translation>
<translation id="7717938661004793600">Configure <ph name="PRODUCT_OS_NAME" /> accessibility features.</translation>
<translation id="7724994675283793633">This policy enables HTTP/0.9 on ports other than 80 for HTTP and 443 for HTTPS.
This policy is disabled by default and, if enabled, leaves users open to the security issue https://crbug.com/600352.
This policy is intended to give enterprises a chance to migrate existing servers off HTTP/0.9, and will be removed in the future.
If this policy is not set, HTTP/0.9 will be disabled on non-default ports.</translation>
<translation id="7749402620209366169">Enables two-factor authentication for remote access hosts instead of a user-specified PIN.
If this setting is enabled, then users must provide a valid two-factor code when accessing a host.
If this setting is disabled or not set, then two-factor will not be enabled and the default behaviour of having a user-defined PIN will be used.</translation>
<translation id="7750991880413385988">Open New Tab Page</translation>
<translation id="7754704193130578113">Ask where to save each file before downloading</translation>
<translation id="7761446981238915769">Configure the list of installed apps on the login screen</translation>
<translation id="7761526206824804472">Sets one or more recommended locales for a public session, allowing users to easily choose one of these locales.
The user can choose a locale and a keyboard layout before starting a public session. By default, all locales supported by <ph name="PRODUCT_OS_NAME" /> are listed in alphabetic order. You can use this policy to move a set of recommended locales to the top of the list.
If this policy is not set, the current UI locale will be pre-selected.
If this policy is set, the recommended locales will be moved to the top of the list and will be visually separated from all other locales. The recommended locales will be listed in the order in which they appear in the policy. The first recommended locale will be pre-selected.
If there is more than one recommended locale, it is assumed that users will want to select among these locales. Locale and keyboard layout selection will be prominently offered when starting a public session. Otherwise, it is assumed that most users will want to use the pre-selected locale. Locale and keyboard layout selection will be less prominently offered when starting a public session.
When this policy is set and automatic login is enabled (see the |DeviceLocalAccountAutoLoginId| and |DeviceLocalAccountAutoLoginDelay| policies), the automatically started public session will use the first recommended locale and the most popular keyboard layout matching this locale.
The pre-selected keyboard layout will always be the most popular layout matching the pre-selected locale.
This policy can only be set as recommended. You can use this policy to move a set of recommended locales to the top but users are always allowed to choose any locale supported by <ph name="PRODUCT_OS_NAME" /> for their session.
</translation>
<translation id="7763311235717725977">Allows you to set whether websites are allowed to display images. Displaying images can be either allowed for all websites or denied for all websites.
If this policy is left unset, 'AllowImages' will be used and the user will be able to change it.</translation>
<translation id="7763479091692861127"> The types of connections that are allowed to use for OS updates. OS updates potentially put heavy strain on the connection due to their size and may incur additional cost. Therefore, they are by default not enabled for connection types that are considered expensive, which include WiMax, Bluetooth and Cellular at the moment.
The recognised connection type identifiers are "ethernet", "wifi", "wimax", "bluetooth" and "cellular".</translation>
<translation id="7763614521440615342">Show content suggestions on the New Tab page</translation>
<translation id="7774768074957326919">Use system proxy settings</translation>
<translation id="7775831859772431793">You can specify the URL of the proxy server here.
This policy only takes effect if you have selected manual proxy settings at 'Choose how to specify proxy server settings'.
You should leave this policy not set if you have selected any other mode for setting proxy policies.
For more options and detailed examples, visit:
<ph name="PROXY_HELP_URL" />.</translation>
<translation id="7781069478569868053">New Tab Page</translation>
<translation id="7788511847830146438">Per Profile</translation>
<translation id="7801886189430766248">When this policy is set to true, Android app data is uploaded to Android Backup servers and restored from them upon app re-installations for compatible apps.
When this policy is set to false, Android Backup Service will be switched off.
If this setting is configured then users are not able change it themselves.
If this setting is not configured then users are able to turn Android Backup Service on and off in the Android Settings app.</translation>
<translation id="7818131573217430250">Set the default state of high contrast mode on the login screen</translation>
<translation id="7822837118545582721">When this policy is set to true, users cannot write anything to external storage devices.
If this setting is set to false or not configured, then users can create and modify files of external storage devices which are physically writable.
The ExternalStorageDisabled policy takes precedence over this policy – if ExternalStorageDisabled is set to true, then all access to external storage is disabled and this policy is consequently ignored.
Dynamic refresh of this policy is supported in M56 and later.</translation>
<translation id="7831595031698917016">Specifies the maximum delay in milliseconds between receiving a policy invalidation and fetching the new policy from the device management service.
Setting this policy overrides the default value of 5,000 milliseconds. Valid values for this policy are in the range from 1,000 (1 second) to 300,000 (5 minutes). Any values not in this range will be clamped to the respective boundary.
Leaving this policy not set will make <ph name="PRODUCT_NAME" /> use the default value of 5,000 milliseconds.</translation>
<translation id="7841880500990419427">Minimum TLS version to fallback to</translation>
<translation id="7842869978353666042">Configure Google Drive options</translation>
<translation id="7843525027689416831">Specifies the flags that should be applied to <ph name="PRODUCT_NAME" /> when it starts. The specified flags are applied on the login screen only. Flags that are set via this policy do not propagate into user sessions.</translation>
<translation id="7844537954833753199">Configures extension management settings for <ph name="PRODUCT_NAME" />.
This policy controls multiple settings, including settings controlled by any existing extension-related policies. This policy will override any legacy policies if both are set.
This policy maps an extension ID or an update URL to its configuration. With an extension ID, configuration will be applied to the specified extension only. A default configuration can be set for the special ID <ph name="DEFAULT_SCOPE" />, which will apply to all extensions that don't have a custom configuration set in this policy. With an update URL, configuration will be applied to all extensions with the exact update URL stated in manifest of this extension, as described at <ph name="LINK_TO_EXTENSION_DOC1" />.
The configuration for each extension (or extensions with same update URL) is another dictionary that can contain the fields documented below.
<ph name="INSTALLATION_MODE" />: maps to a string indicating the installation mode for the extension. The valid strings are:
* <ph name="ALLOWED" />: allows the extension to be installed by the user. This is the default behaviour.
* <ph name="BLOCKED" />: blocks installation of the extension.
* <ph name="FORCE_INSTALLED" />: the extension is automatically installed and can't be removed by the user.
* <ph name="NORMAL_INSTALLED" />: the extension is automatically installed but can be disabled by the user.
The <ph name="INSTALLTION_MODE" /> can also be configured for multiple extensions as well, including the <ph name="DEFAULT_SCOPE" /> extension (as default settings) and extensions with same update URL. Only the <ph name="ALLOWED" /> and <ph name="BLOCKED" /> values can be used in this case.
If the mode is set to <ph name="FORCE_INSTALLED" /> or <ph name="NORMAL_INSTALLED" /> then an <ph name="UPDATE_URL" /> must be configured too. Note that the update URL set in this policy is only used for the initial installation; subsequent updates of the extension will use the update URL indicated in the extension's manifest. The update URL should point to an Update Manifest XML document as mentioned above.
<ph name="BLOCKED_PERMISSIONS" />: maps to a list of strings indicating the blocked API permissions for the extension. The permissions names are same as the permission strings declared in manifest of extension as described at <ph name="LINK_TO_EXTENSION_DOC3" />. This setting also can be configured for <ph name="DEFAULT_SCOPE" /> extension. If the extension requires a permission which is on the blocklist, it will not be allowed to load. If it contains a blocked permission as optional requirement, it will be handled in the normal way, but requesting conflicting permissions will be declined automatically at runtime.
<ph name="ALLOWED_PERMISSIONS" />: similar to <ph name="BLOCKED_PERMISSIONS" />, but instead explicitly allow some permissions which might be blocked by global blocked permission list, thus can not be configured for <ph name="DEFAULT_SCOPE" /> extension. Note that this setting doesn't give granted permissions to extensions automatically.
<ph name="MINIMUM_VERSION_REQUIRED" />: maps to a version string. The format of the version string is the same as the one used in extension manifest, as described at <ph name="LINK_TO_EXTENSION_DOC4" />. An extension with a version older than the specified minimum version will be disabled. This applies to force-installed extensions as well.
The following settings can be used only for the default <ph name="DEFAULT_SCOPE" /> configuration:
<ph name="INSTALL_SOURCES" />: Each item in this list is an extension-style match pattern (<ph name="LINK_TO_MATCH_PATTERNS" />). Users will be able to easily install items from any URL that matches an item in this list. Both the location of the <ph name="EXTENSION_SUFFIX_WILDCARD" /> file and the page where the download is started from (i.e. the referrer) must be allowed by these patterns.
<ph name="ALLOWED_TYPES" />: This setting whitelists the allowed types of extension/apps that can be installed in <ph name="PRODUCT_NAME" />. The value is a list of strings, each of which should be one of the following: <ph name="VALID_ALLOWED_TYPES" />. See the <ph name="PRODUCT_NAME" /> extensions documentation for more information on these types.
<ph name="BLOCKED_INSTALL_MESSAGE" />: If a user tries to install an extension, but it is blocked by policy, the Chrome Webstore displays a generic error message. This setting allows you to append text to the error message. This could be be used to direct users to your help desk, explain why a particular extension is blocked or something else. This error message will be truncated if longer than 1000 characters.
<ph name="RUNTIME_BLOCKED_HOSTS" />: Accepts a list of hosts that an extension will be blocked from interacting with. This includes injecting javascript, altering and viewing webRequests / webNavigation, viewing and altering cookies. The format is similar to Match Patterns <ph name="LINK_TO_MATCH_PATTERNS" /> except no paths may be defined. e.g. '*://*.example.com'. This also supports effective TLD wildcarding e.g. '*://example.*'.
<ph name="RUNTIME_ALLOWED_HOSTS" />: Accepts a list of hosts that an extension can interact with regardless of whether they are listed in <ph name="RUNTIME_BLOCKED_HOSTS" />. This is the same format as <ph name="RUNTIME_BLOCKED_HOSTS" />.
</translation>
<translation id="787125417158068494">If set to SyncDisabled or not configured, <ph name="PRODUCT_OS_NAME" /> certificates are not available for ARC-apps.
If set to CopyCaCerts, all ONC-installed CA certificates with <ph name="WEB_TRUSTED_BIT" /> are available for ARC-apps.</translation>
<translation id="7882585827992171421">This policy is active in retail mode only.
Determines the id of the extension to be used as a screen saver on the sign-in screen. The extension must be part of the AppPack that is configured for this domain through the DeviceAppPack policy.</translation>
<translation id="7882857838942884046">Disabling Google Sync will cause Android Backup and Restore to not function properly.</translation>
<translation id="7882890448959833986">Suppress the unsupported OS warning</translation>
<translation id="7912255076272890813">Configure allowed app/extension types</translation>
<translation id="7915236031252389808">You can specify a URL to a proxy .pac file here.
This policy only takes effect if you have selected manual proxy settings at 'Choose how to specify proxy server settings'.
You should leave this policy unset if you have selected any other mode for setting proxy policies.
For detailed examples, visit:
<ph name="PROXY_HELP_URL" />.</translation>
<translation id="793134539373873765">Specifies whether p2p is to be used for OS update payloads. If set to True, devices will share and attempt to consume update payloads on the LAN, potentially reducing Internet bandwidth usage and congestion. If the update payload is not available on the LAN, the device will fall back to downloading from an update server. If set to False or not configured, p2p will not be used.</translation>
<translation id="7933141401888114454">Enable creation of supervised users</translation>
<translation id="793473937901685727">Set certificate availability for ARC-apps</translation>
<translation id="7937766917976512374">Allow or deny video capture</translation>
<translation id="7941975817681987555">Do not predict network actions on any network connection</translation>
<translation id="7953256619080733119">Managed user manual exception hosts</translation>
<translation id="7971839631300653352">SSL</translation>
<translation id="7974114691960514888">This policy is no longer supported.
Enables usage of STUN and relay servers when connecting to a remote client.
If this setting is enabled, then this machine can discover and connect to remote host machines even if they are separated by a firewall.
If this setting is disabled and outgoing UDP connections are filtered by the firewall, then this machine can only connect to host machines within the local network.</translation>
<translation id="7976157349247117979">Name of the <ph name="PRODUCT_NAME" /> destination</translation>
<translation id="7980227303582973781">No special restrictions</translation>
<translation id="7985242821674907985"><ph name="PRODUCT_NAME" /></translation>
<translation id="802147957407376460">Rotate screen by 0 degrees</translation>
<translation id="8044493735196713914">Report device boot mode</translation>
<translation id="8050080920415773384">Native Printing</translation>
<translation id="8059164285174960932">URL where remote access clients should obtain their authentication token</translation>
<translation id="8073243368829195">Allows Smart Lock to be used</translation>
<translation id="8099880303030573137">Idle delay when running on battery power</translation>
<translation id="8102913158860568230">Default mediastream setting</translation>
<translation id="8104962233214241919">Automatically select client certificates for these sites</translation>
<translation id="8112122435099806139">Specifies the clock format be used for the device.
This policy configures the clock format to use on the log-in screen and as a default for user sessions. Users can still override the clock format for their account.
If the policy is set to true, the device will use a 24-hour clock format. If the policy is set to false, the device will use a 12-hour clock format.
If this policy is not set, the device will default to a 24-hour clock format.</translation>
<translation id="8114382167597081590">Do not enforce Restricted Mode on YouTube</translation>
<translation id="8118665053362250806">Set media disk cache size</translation>
<translation id="8124468781472887384">Device printers configuration access policy.</translation>
<translation id="8135937294926049787">Specifies the length of time without user input after which the screen is turned off when running on AC power.
When this policy is set to a value greater than zero, it specifies the length of time that the user must remain idle before <ph name="PRODUCT_OS_NAME" /> turns off the screen.
When this policy is set to zero, <ph name="PRODUCT_OS_NAME" /> does not turn off the screen when the user becomes idle.
When this policy is unset, a default length of time is used.
The policy value should be specified in milliseconds. Values are clamped to be less than or equal to the idle delay.</translation>
<translation id="8140204717286305802">Report list of network interfaces with their types and hardware addresses to the server.
If the policy is set to false, the interface list will not be reported.</translation>
<translation id="8141795997560411818">This policy does not prevent the user from using the Android Google Drive app. If you want to prevent access to Google Drive, you should disallow installation of the Android Google Drive app as well.</translation>
<translation id="8146727383888924340">Allow users to redeem offers through Chrome OS Registration</translation>
<translation id="8148785525797916822">Suppresses the warning that appears when <ph name="PRODUCT_NAME" /> is running on a computer or operating system that is no longer supported.</translation>
<translation id="8148901634826284024">Enable the high contrast mode accessibility feature.
If this policy is set to true, high contrast mode will always be enabled.
If this policy is set to false, high contrast mode will always be disabled.
If you set this policy, users cannot change or override it.
If this policy is left unset, high contrast mode is disabled initially but can be enabled by the user at any time.</translation>
<translation id="815061180603915310">If set to enabled this policy forces the profile to be switched to ephemeral mode. If this policy is specified as an OS policy (e.g. GPO on Windows) it will apply to every profile on the system; if the policy is set as a Cloud policy it will apply only to a profile signed in with a managed account.
In this mode the profile data is persisted on disk only for the length of the user session. Features like browser history, extensions and their data, web data like cookies and web databases are not preserved after the browser is closed. However this does not prevent the user from downloading any data to disk manually, save pages or print them.
If the user has enabled sync, all this data is preserved in their sync profile just as with regular profiles. Incognito mode is also available if not explicitly disabled by policy.
If the policy is set to disabled or left not set signing in leads to regular profiles.</translation>
<translation id="8158758865057576716">Enable the creation of roaming copies for <ph name="PRODUCT_NAME" /> profile data.</translation>
<translation id="8170878842291747619">Enables the integrated Google Translate service on <ph name="PRODUCT_NAME" />.
If you enable this setting, <ph name="PRODUCT_NAME" /> will show an integrated toolbar offering to translate the page for the user, when appropriate.
If you disable this setting, users will never see the translation bar.
If you enable or disable this setting, users cannot change or override this setting in <ph name="PRODUCT_NAME" />.
If this setting is left unset the user can decide to use this function or not.</translation>
<translation id="817455428376641507">Allows access to the listed URLs, as exceptions to the URL blacklist.
See the description of the URL blacklist policy for the format of entries of this list.
This policy can be used to open exceptions to restrictive blacklists. For example, '*' can be blacklisted to block all requests, and this policy can be used to allow access to a limited list of URLs. It can be used to open exceptions to certain schemes, subdomains of other domains, ports or specific paths.
The most specific filter will determine if a URL is blocked or allowed. The whitelist takes precedence over the blacklist.
This policy is limited to 1000 entries; subsequent entries will be ignored.
If this policy is not set there will be no exceptions to the blacklist from the 'URLBlacklist' policy.</translation>
<translation id="8176035528522326671">Allow enterprise user to be primary multi-profile user only (Default behaviour for enterprise-managed users)</translation>
<translation id="8214600119442850823">Configures the password manager.</translation>
<translation id="8244525275280476362">Maximum fetch delay after a policy invalidation</translation>
<translation id="8256688113167012935">Controls the account name <ph name="PRODUCT_OS_NAME" /> shows on the login screen for the corresponding device-local account.
If this policy is set, the login screen will use the specified string in the picture-based login chooser for the corresponding device-local account.
If the policy is left not set, <ph name="PRODUCT_OS_NAME" /> will use the device-local account's email account ID as the display name on the login screen.
This policy is ignored for regular user accounts.</translation>
<translation id="8279832363395120715">Strips privacy and security sensitive parts of https:// URLs before passing them on to PAC scripts (Proxy Auto Config) used by <ph name="PRODUCT_NAME" /> during proxy resolution.
When True, the security feature is enabled and https:// URLs are
stripped before submitting them to a PAC script. In this manner the PAC
script is not able to view data that is ordinarily protected by an
encrypted channel (such as the URL's path and query).
When False, the security feature is disabled and PAC scripts are
implicitly granted the ability to view all components of an https://
URL. This applies to all PAC scripts regardless of origin (including
those fetched over an insecure transport, or discovered insecurely
through WPAD).
This defaults to True (security feature enabled), except for Chrome OS
enterprise users for which this currently defaults to False.
It is recommended that this be set to True. The only reason to set it to
False is if it causes a compatibility problem with existing PAC scripts.
The desire is to remove this override in the future.</translation>
<translation id="8285435910062771358">Full-screen magnifier enabled</translation>
<translation id="8288199156259560552">Enable Android Google Location Service</translation>
<translation id="8294750666104911727">Normally pages with X-UA-Compatible set to chrome=1 will be rendered in <ph name="PRODUCT_FRAME_NAME" /> regardless of the 'ChromeFrameRendererSettings' policy.
If you enable this setting, pages will not be scanned for meta tags.
If you disable this setting, pages will be scanned for meta tags.
If this policy is not set, pages will be scanned for meta tags.</translation>
<translation id="8300455783946254851">Disables Google Drive syncing in the <ph name="PRODUCT_OS_NAME" /> Files app when using a mobile connection when set to True. In that case, data is only synced to Google Drive when connected via Wi-Fi or Ethernet.
If not set or set to False, then users will be able to transfer files to Google Drive via mobile connections.</translation>
<translation id="8312129124898414409">Allows you to set whether websites are allowed to use key generation. Using key generation can be either allowed for all websites or denied for all websites.
If this policy is left not set, 'BlockKeygen' will be used and the user will be able to change it.</translation>
<translation id="8329984337216493753">This policy is active in retail mode only.
When DeviceIdleLogoutTimeout is specified, this policy defines the duration of the warning box with a count down timer that is shown to the user before the logout is executed.
The policy value should be specified in milliseconds.</translation>
<translation id="8339420913453596618">Second factor disabled</translation>
<translation id="8344454543174932833">Import bookmarks from default browser on first run</translation>
<translation id="8359734107661430198">Enable ExampleDeprecatedFeature API through 2008/09/02</translation>
<translation id="8369602308428138533">Screen off delay when running on AC power</translation>
<translation id="8370471134641900314">If this policy is set to true, user has to sign in to <ph name="PRODUCT_NAME" /> with their profile before using the browser. And the default value of BrowserGuestModeEnabled will be set to false.
If this policy is set to false or not configured, user can use the browser without sign in to <ph name="PRODUCT_NAME" />.</translation>
<translation id="8382184662529825177">Enable the use of remote attestation for content protection for the device</translation>
<translation id="838870586332499308">Enable data roaming</translation>
<translation id="8390049129576938611">Disables the internal PDF viewer in <ph name="PRODUCT_NAME" />. Instead, it treats it as download and allows the user to open PDF files with the default application.
If this policy is left not set or disabled the PDF plug-in will be used to open PDF files, unless the user disables it.</translation>
<translation id="8402079500086185021">Always Open PDF files externally</translation>
<translation id="8412312801707973447">Whether online OCSP/CRL checks are performed</translation>
<translation id="8424255554404582727">Set default display rotation, reapplied on every reboot</translation>
<translation id="8426231401662877819">Rotate screen clockwise by 90 degrees</translation>
<translation id="8451988835943702790">Use New Tab Page as homepage</translation>
<translation id="8465065632133292531">Parameters for instant URL which uses POST</translation>
<translation id="847472800012384958">Do not allow any site to show pop-ups</translation>
<translation id="8477885780684655676">TLS 1.0</translation>
<translation id="8484458986062090479">Customise the list of URL patterns that should always be rendered by the host browser.
If this policy is not set the default renderer will be used for all sites as specified by the 'ChromeFrameRendererSettings' policy.
For example patterns see https://www.chromium.org/developers/how-tos/chrome-frame-getting-started.</translation>
<translation id="8493645415242333585">Disable saving browser history</translation>
<translation id="8499172469244085141">Default Settings (users can override)</translation>
<translation id="8519264904050090490">Managed user manual exception URLs</translation>
<translation id="8527932539502116028">Specifies the printers which a user cannot use.
This policy is only used if <ph name="PRINTERS_BLACKLIST" /> is chosen for <ph name="BULK_PRINTERS_ACCESS_MODE" />.
If this policy is used, all printers are provided to the user except for the IDs listed in this policy.
</translation>
<translation id="8538235451413605457">Configures the requirement of the minimum allowed version of <ph name="PRODUCT_NAME" />. Versions below given are treated as obsolete and device would not allow user to sign in before OS is updated.
If current version becomes obsolete during user session, user will be forcefully signed out.
If this policy is not set, no restrictions are applied, and user can sign in regardless of <ph name="PRODUCT_NAME" /> version.
Here 'Version' can be either an exact version such as '61.0.3163.120' or a version prefix, such as '61.0' </translation>
<translation id="8544375438507658205">Default HTML renderer for <ph name="PRODUCT_FRAME_NAME" /></translation>
<translation id="8549772397068118889">Warn when visiting sites outside of content packs</translation>
<translation id="8566842294717252664">Hide the web store from the New Tab Page and app launcher</translation>
<translation id="8587229956764455752">Allow creation of new user accounts</translation>
<translation id="8614804915612153606">Disables Auto Update</translation>
<translation id="8631434304112909927">until version <ph name="UNTIL_VERSION" /></translation>
<translation id="863319402127182273">For Android apps, this policy affects the built-in camera only. When this policy is set to true, the camera is disabled for all Android apps, with no exceptions.</translation>
<translation id="8649763579836720255">Chrome OS devices can use remote attestation (Verified Access) to get a certificate issued by the Chrome OS CA that asserts that the device is eligible to play protected content. This process involves sending hardware endorsement information to the Chrome OS CA which uniquely identifies the device.
If this setting is false, the device will not use remote attestation for content protection and the device may be unable to play protected content.
If this setting is true, or if it is not set, remote attestation may be used for content protection.</translation>
<translation id="8650974590712548439">Windows registry location for Windows clients:</translation>
<translation id="8654286232573430130">Specifies which servers should be whitelisted for integrated authentication. Integrated authentication is only enabled when <ph name="PRODUCT_NAME" /> receives an authentication challenge from a proxy or from a server which is in this permitted list.
Separate multiple server names with commas. Wildcards (*) are allowed.
If you leave this policy unset <ph name="PRODUCT_NAME" /> will try to detect if a server is on the Intranet and only then will it respond to IWA requests. If a server is detected as Internet then IWA requests from it will be ignored by <ph name="PRODUCT_NAME" />.</translation>
<translation id="8672321184841719703">Target Auto-Update Version</translation>
<translation id="867410340948518937">U2F (Universal Second Factor)</translation>
<translation id="8693243869659262736">Use built-in DNS client</translation>
<translation id="8704831857353097849">List of disabled plug-ins</translation>
<translation id="8711086062295757690">Specifies the keyword, which is the shortcut used in the omnibox to trigger the search for this provider.
This policy is optional. If not set, no keyword will activate the search provider.
This policy is only considered if the 'DefaultSearchProviderEnabled' policy is enabled.</translation>
<translation id="8731693562790917685">Content Settings allow you to specify how contents of a specific type (for example Cookies, Images or JavaScript) is handled.</translation>
<translation id="8736538322216687231">Force minimum YouTube Restricted Mode</translation>
<translation id="8749370016497832113">Enables deleting browser history and download history in <ph name="PRODUCT_NAME" /> and prevents users from changing this setting.
Note that even with this policy disabled, the browsing and download history are not guaranteed to be retained: users may be able to edit or delete the history database files directly and the browser itself may expire or archive any or all history items at any time.
If this setting is enabled or not set, browsing and download history can be deleted.
If this setting is disabled, browsing and download history cannot be deleted.</translation>
<translation id="8764119899999036911">Specifies whether the generated Kerberos SPN is based on the canonical DNS name or the original name entered.
If you enable this setting, CNAME lookup will be skipped and the server name will be used as entered.
If you disable this setting or leave it unset, the canonical name of the server will be determined via CNAME lookup.</translation>
<translation id="87812015706645271">Requires that the name of the local user and the remote access host owner match</translation>
<translation id="8782750230688364867">Specifies the percentage by which the screen dim delay is scaled when the device is in presentation mode.
If this policy is set, it specifies the percentage by which the screen dim delay is scaled when the device is in presentation mode. When the screen dim delay is scaled, the screen off, screen lock and idle delays get adjusted to maintain the same distances from the screen dim delay as originally configured.
If this policy is unset, a default scale factor is used.
The scale factor must be 100% or more. Values that would make the screen dim delay in presentation mode shorter than the regular screen dim delay are not allowed.</translation>
<translation id="8818173863808665831">Report the geographic location of the device.
If the policy is not set or set to false, the location will not be reported.</translation>
<translation id="8818768076343557335">Predict network actions on any network that is not cellular.
(Deprecated in 50, removed in 52. After 52, if value 1 is set, it will be treated as 0 – predict network actions on any network connection.)</translation>
<translation id="8828766846428537606">Configure the default home page in <ph name="PRODUCT_NAME" /> and prevent users from changing it.
The user's home page settings are only completely locked down, if you either select the home page to be the new tab page, or set it to be a URL and specify a home page URL. If you don't specify the home page URL, then the user is still able to set the home page to the new tab page by specifying 'chrome://newtab'.</translation>
<translation id="8833109046074170275">Authentication via the default GAIA flow</translation>
<translation id="8838303810937202360"><ph name="PRODUCT_OS_NAME" /> caches Apps and Extensions for installation by multiple users of a single device to avoid re-downloading them for each user.
If this policy is not configured or the value is lower than 1 MB, <ph name="PRODUCT_OS_NAME" /> will use the default cache size.</translation>
<translation id="8858642179038618439">Force YouTube Safety Mode</translation>
<translation id="8864975621965365890">Suppresses the turn-down prompt that appears when a site is rendered by <ph name="PRODUCT_FRAME_NAME" />.</translation>
<translation id="8870318296973696995">Homepage</translation>
<translation id="8882006618241293596">Block the <ph name="FLASH_PLUGIN_NAME" /> plug-in on these sites</translation>
<translation id="8906768759089290519">Enable guest mode</translation>
<translation id="8908294717014659003">Allows you to set whether websites are allowed to get access to media capture devices. Access to media capture devices can be allowed by default, or the user can be asked every time a website wants to get access to media capture devices.
If this policy is left not set, 'PromptOnAccess' will be used and the user will be able to change it.</translation>
<translation id="8909280293285028130">Specifies the length of time without user input after which the screen is locked when running on AC power.
When this policy is set to a value greater than zero, it specifies the length of time that the user must remain idle before <ph name="PRODUCT_OS_NAME" /> locks the screen.
When this policy is set to zero, <ph name="PRODUCT_OS_NAME" /> does not lock the screen when the user becomes idle.