blob: b25e21e38b31b6761041d4c1a1cf18074441d1e9 [file] [log] [blame]
<?xml version="1.0" ?>
<!DOCTYPE translationbundle>
<translationbundle lang="en-GB">
<translation id="1002439864875515590">If this policy is set to a blank string or not configured, <ph name="PRODUCT_OS_NAME" /> will not show an auto-complete option during user sign-in flow.
If this policy is set to a string representing a domain name, <ph name="PRODUCT_OS_NAME" /> will show an auto-complete option during user sign-in allowing the user to type in only their user name without the domain name extension. The user will be able to overwrite this domain name extension.
If the value of the policy is not a valid domain, the policy will not be applied.</translation>
<translation id="101438888985615157">Rotate screen by 180 degrees</translation>
<translation id="1016912092715201525">Configures the default browser checks in <ph name="PRODUCT_NAME" /> and prevents users from changing them.
If you enable this setting, <ph name="PRODUCT_NAME" /> will always check on start-up whether it is the default browser and automatically register itself if possible.
If this setting is disabled, <ph name="PRODUCT_NAME" /> will never check if it is the default browser and will disable user controls for setting this option.
If this setting is not set, <ph name="PRODUCT_NAME" /> will allow the user to control whether it is the default browser and whether user notifications should be shown when it isn't.
Note for administrators of <ph name="MS_WIN_NAME" />: Enabling this setting will only work for machines running Windows 7. For versions of Windows starting with Windows 8, you must deploy a 'default application associations' file that makes <ph name="PRODUCT_NAME" /> the handler for the <ph name="HHTPS_PROTOCOL" /> and <ph name="HTTP_PROTOCOL" /> protocols (and, optionally, the <ph name="FTP_PROTOCOL" /> protocol and file formats such as <ph name="HTML_EXTENSION" />, <ph name="HTM_EXTENSION" />, <ph name="PDF_EXTENSION" />, <ph name="SVG_EXTENSION" />, <ph name="WEBP_EXTENSION" />, etc…). See <ph name="SUPPORT_URL" /> for more information.</translation>
<translation id="1017967144265860778">Power management on the login screen</translation>
<translation id="1019101089073227242">Set user data directory</translation>
<translation id="1022361784792428773">Extension IDs the user should be prevented from installing (or * for all)</translation>
<translation id="102492767056134033">Set default state of the on-screen keyboard on the login screen</translation>
<translation id="1027000705181149370">Specifies whether authentication cookies set by a SAML IdP during login should be transferred to the user's profile.
When a user authenticates via a SAML IdP during login, cookies set by the IdP are written to a temporary profile at first. These cookies can be transferred to the user's profile to carry forward the authentication state.
When this policy is set to true, cookies set by the IdP are transferred to the user's profile every time they authenticate against the SAML IdP during login.
When this policy is set to false or unset, cookies set by the IdP are transferred to the user's profile during their first login on a device only.
This policy affects users whose domain matches the device's enrolment domain only. For all other users, cookies set by the IdP are transferred to the user's profile during their first login on the device only.</translation>
<translation id="1029052664284722254">Force device reboot when user signs out</translation>
<translation id="1030120600562044329">Enables anonymous reporting of usage and crash-related data about <ph name="PRODUCT_NAME" /> to Google, and prevents users from changing this setting.
If this setting is enabled, anonymous reporting of usage and crash-related
data is sent to Google. If it is disabled, this information is not sent
to Google. In both cases, users cannot change or override the setting.
If this policy is left not set, the setting will be what the user chose
upon installation/first run.
This policy is available only on Windows instances that are joined to a <ph name="MS_AD_NAME" /> domain. It also applies to Windows 10 Pro or Enterprise instances that enrolled for device management.
(For Chrome OS, see DeviceMetricsReportingEnabled.)</translation>
<translation id="1035385378988781231">This policy controls whether the Network File Shares feature for <ph name="PRODUCT_NAME" /> will use NTLM for authentication.
When this policy is set to True, NTLM will be used for authentication to SMB shares if necessary.
When this policy is set to False, NTLM authentication to SMB shares will be disabled.
If the policy is left not set, the default is disabled for enterprise-managed users and enabled for non-managed users.</translation>
<translation id="1040446814317236570">Enable PAC URL stripping (for https://)</translation>
<translation id="1044878202534415707">Report hardware statistics such as CPU/RAM usage.
If the policy is set to false, the statistics will not be reported.
If set to true or left unset, statistics will be reported.</translation>
<translation id="1046484220783400299">Enable deprecated web platform features for a limited time</translation>
<translation id="1047128214168693844">Do not allow any site to track the users' physical location</translation>
<translation id="1049138910114524876">Configures the locale which is enforced on the <ph name="PRODUCT_OS_NAME" /> sign-in screen.
If this policy is set, the sign-in screen will always be displayed in the locale which is given by the first value of this policy (the policy is defined as a list for forward compatibility). If this policy is not set or is set to an empty list, the sign-in screen will be displayed in the locale of the last user session. If this policy is set to a value which is not a valid locale, the sign-in screen will be displayed in a fallback locale (currently, en-US).</translation>
<translation id="1052499923181221200">This policy has no effect unless SamlInSessionPasswordChangeEnabled is true.
If that policy is true, and this policy is set to (for example) 14, that means that SAML users will be notified 14 days in advance that their password is due to expire on a certain date.
Then they can deal with this immediately by doing an in-session password change and updating their password before it expires.
But these notifications will only be shown if password expiry information is sent to the device by the SAML identity provider during the SAML login flow.
Setting this policy to zero means that the users will not be notified in advance – they will only be notified once the password has already expired.
If this policy is set, the user cannot change or override it.</translation>
<translation id="1062011392452772310">Enable remote attestation for the device</translation>
<translation id="1062407476771304334">Replace</translation>
<translation id="1079801999187584280">Disallow usage of the Developer Tools</translation>
<translation id="1087437665304381368">This policy controls <ph name="PRODUCT_OS_NAME" /> developer mode only. If you want to prevent access to Android Developer Options, you need to set the <ph name="DEVELOPER_TOOLS_DISABLED_POLICY_NAME" /> policy.</translation>
<translation id="1093082332347834239">If this setting is enabled, the remote assistance host will be run in a process with <ph name="UIACCESS_PERMISSION_NAME" /> permissions. This will allow remote users to interact with elevated windows on the local user's desktop.
If this setting is disabled or not configured, the remote assistance host will run in the user's context and remote users cannot interact with elevated windows on the desktop.</translation>
<translation id="1096105751829466145">Default search provider</translation>
<translation id="1099282607296956954">Enable Site Isolation for every site</translation>
<translation id="1100570158310952027">
The policy specifies a list of origins (URLs) or hostname patterns (such
as '*.example.com') for which security restrictions on insecure origins
will not apply.
The intent is to allow organisations to set whitelist origins for legacy
applications that cannot deploy TLS, or to set up a staging server for
internal web development so that their developers can test out features
requiring secure contexts without having to deploy TLS on the staging
server. This policy will also prevent the origin from being labelled
'Not Secure' in the omnibox.
Setting a list of URLs in this policy has the same effect as setting the
command-line flag '--unsafely-treat-insecure-origin-as-secure' to a
comma-separated list of the same URLs. If the policy is set, it will
override the command-line flag.
This policy will override UnsafelyTreatInsecureOriginAsSecure, if present.
For more information on secure contexts, see
https://www.w3.org/TR/secure-contexts/.
</translation>
<translation id="1107764601871839136">Specifies the lifetime (in hours) of the Group Policy Object (GPO) cache. Instead of re-downloading GPOs on every policy fetch, the system may reuse cached GPOs as long as their version does not change. This policy specifies the maximum duration for which cached GPOs may be reused before they are re-downloaded. Rebooting and logging out clears the cache.
If the policy is unset, cached GPOs may be reused for up to 25 hours.
If the policy is set to 0, GPO caching is turned off. Note that this increases server load since GPOs are re-downloaded on every policy fetch, even if they did not change.</translation>
<translation id="1117462881884985156"><ph name="PRODUCT_NAME" /> will bypass any proxy for the list of hosts given here.
This policy only takes effect if you have selected manual proxy settings at 'Choose how to specify proxy server settings' and if the <ph name="PROXY_SETTINGS_POLICY_NAME" /> policy has not been specified.
You should leave this policy not set if you have selected any other mode for setting proxy policies.
For more detailed examples, visit:
<ph name="PROXY_HELP_URL" />.</translation>
<translation id="1117535567637097036">The protocol handlers set via this policy are not used when handling Android intents.</translation>
<translation id="1118093128235245168">Allow sites to ask the user to grant access to a connected USB device</translation>
<translation id="1128903365609589950">Configures the directory that <ph name="PRODUCT_NAME" /> will use for storing cached files on the disk.
If you set this policy, <ph name="PRODUCT_NAME" /> will use the provided directory regardless of whether the user has specified the '--disk-cache-dir' flag or not. To avoid data loss or other unexpected errors this policy should not be set to a volume's root directory or to a directory used for other purposes, because <ph name="PRODUCT_NAME" /> manages its contents.
See https://www.chromium.org/administrators/policy-list-3/user-data-directory-variables for a list of variables that can be used.
If this policy is left not set the default cache directory will be used and the user will be able to override it with the '--disk-cache-dir' command line flag.</translation>
<translation id="113521240853905588">Configures the languages that can be used as the preferred languages by <ph name="PRODUCT_OS_NAME" />.
If this policy is set, the user can only add one of the languages listed in this policy to the list of preferred languages. If this policy is not set or set to an empty list, user can specify any languages as preferred. If this policy is set to a list with invalid values, all invalid values will be ignored. If a user previously added some languages that are not allowed by this policy, to the list of preferred languages, they will be removed. If the user had previously configured <ph name="PRODUCT_OS_NAME" /> to be displayed in one of the languages not allowed by this policy, the display language will be switched to an allowed UI language next time the user signs in. Otherwise, <ph name="PRODUCT_OS_NAME" /> will switch to the first valid value specified by this policy, or to a fallback locale (currently en-US), if this policy only contains invalid entries.</translation>
<translation id="1135264353752122851">Configures which keyboard layouts are allowed for <ph name="PRODUCT_OS_NAME" /> user sessions.
If this policy is set, the user can only select one of the input methods specified by this policy. If this policy is not set or set to an empty list, the user can select all supported input methods. If the current input method is not allowed by this policy, the input method will be switched to the hardware keyboard layout (if allowed) or the first valid entry in this list. All invalid or unsupported input methods in this list will be ignored.</translation>
<translation id="1138294736309071213">This policy is active in retail mode only.
Determines the duration before the screen saver is shown on the sign-in screen for devices in retail mode.
The policy value should be specified in milliseconds.</translation>
<translation id="1141767714195601945">This policy controls command-line parameters for Chrome from Internet Explorer.
If the 'Legacy Browser Support' add-in for Internet Explorer is not installed, this policy has no effect.
When this policy is left unset, Internet Explorer only passes the URL to Chrome as a command-line parameter.
When this policy is set to a list of strings, the strings are joined with spaces and passed to Chrome as command-line parameters.
If an element contains ${url}, it gets replaced with the URL of the page to open.
If no element contains ${url}, the URL is appended at the end of the command line.
Environment variables are expanded. On Windows, %ABC% is replaced with the value of the ABC environment variable.</translation>
<translation id="1151353063931113432">Allow images on these sites</translation>
<translation id="1152117524387175066">Report the state of the device's dev switch at boot.
If the policy is set to false, the state of the dev switch will not be reported.</translation>
<translation id="1160479894929412407">Allow QUIC protocol</translation>
<translation id="1160939557934457296">Disable proceeding from the Safe Browsing warning page</translation>
<translation id="1189817621108632689">Allows you to set a list of URL patterns that specify sites which are not allowed to display images.
If this policy is left not set, the global default value will be used for all sites, either from the 'DefaultImagesSetting' policy if it is set, or from the user's personal configuration.
Note: This policy was erroneously enabled on Android, but this functionality has never been fully supported on Android.</translation>
<translation id="1194005076170619046">If enabled, a big, red logout button is shown in the system tray while a session is active and the screen is not locked.
If disabled or not specified, no big, red logout button is shown in the system tray.</translation>
<translation id="1197437816436565375">You cannot force Android apps to use a proxy. A subset of proxy settings is made available to Android apps, which they may voluntarily choose to honour. See the <ph name="PROXY_MODE_POLICY_NAME" /> policy for more details.</translation>
<translation id="1198465924256827162">How frequently device status uploads are sent, in milliseconds.
If this policy is unset, the default frequency is 3 hours. The minimum
allowed frequency is 60 seconds.</translation>
<translation id="1204263402976895730">Enabled enterprise printers</translation>
<translation id="1216919699175573511">Enable Signed HTTP Exchange (SXG) support</translation>
<translation id="1219695476179627719">Specifies whether the device should roll back to the version set by <ph name="DEVICE_TARGET_VERSION_PREFIX_POLICY_NAME" /> if it's already running a later version.
Default is RollbackDisabled.</translation>
<translation id="1221359380862872747">Load specified URLs on demo login</translation>
<translation id="1223789468190631420">Safe Browsing enable state for trusted sources</translation>
<translation id="122899932962115297">A whitelist controlling which quick unlock modes the user can configure and use to unlock the lock screen.
This value is a list of strings; valid list entries are: 'all', 'PIN', 'FINGERPRINT'. Adding 'all' to the list means that every quick unlock mode is available to the user, including ones implemented in the future. Otherwise, only the quick unlock modes present in the list will be available.
For example, to allow every quick unlock mode, use ['all']. To allow only PIN unlock, use ['PIN']. To allow PIN and fingerprint, use ['PIN', 'FINGERPRINT']. To disable all quick unlock modes, use [].
By default, no quick unlock modes are available for managed devices.</translation>
<translation id="123081309365616809">Enable casting content to the device</translation>
<translation id="1231349879329465225">Allows enabling or disabling Fast Transition.
This applies to all users, and to all interfaces on the device.
In order for Fast Transition to be used, both this setting and the per-network ONC property need to be enabled.
Once set, Fast Transition persists until the policy is changed to disable it.
If this policy is not set or set to false, Fast Transition is not used.
If set to true, Fast Transition is used when the wireless access point supports it.</translation>
<translation id="1243570869342663665">Control SafeSites adult content filtering.</translation>
<translation id="1257550411839719984">Set default download directory</translation>
<translation id="1265053460044691532">Limit the time for which a user authenticated via SAML can log in offline</translation>
<translation id="1290634681382861275">Controls miscellaneous settings including USB, Bluetooth, policy refresh, developer mode and others.</translation>
<translation id="1291880496936992484">Warning: RC4 will be completely removed from <ph name="PRODUCT_NAME" /> after version 52 (around September 2016) and this policy will stop working then.
If the policy is not set, or is set to false, then RC4 cipher suites in TLS will not be enabled. Otherwise it may be set to true to retain compatibility with an outdated server. This is a stopgap measure and the server should be reconfigured.</translation>
<translation id="1297182715641689552">Use a .pac proxy script</translation>
<translation id="1304973015437969093">Extension/App IDs and update URLs to be silently installed</translation>
<translation id="1307454923744766368">Origins or hostname patterns for which restrictions on
insecure origins should not apply</translation>
<translation id="1312799700549720683">Controls display settings.</translation>
<translation id="131353325527891113">Show usernames on login screen</translation>
<translation id="1327466551276625742">Enable network configuration prompt when offline</translation>
<translation id="1330145147221172764">Enable on-screen keyboard</translation>
<translation id="13356285923490863">Policy Name</translation>
<translation id="1347198119056266798">This policy is deprecated; please use <ph name="FORCE_GOOGLE_SAFE_SEARCH_POLICY_NAME" /> and <ph name="FORCE_YOUTUBE_RESTRICT_POLICY_NAME" /> instead. This policy is ignored if either the <ph name="FORCE_GOOGLE_SAFE_SEARCH_POLICY_NAME" />, the <ph name="FORCE_YOUTUBE_RESTRICT_POLICY_NAME" /> or the (deprecated) <ph name="FORCE_YOUTUBE_SAFETY_MODE_POLICY_NAME" /> policies are set.
Forces queries in Google Web Search to be done with SafeSearch set to active and prevents users from changing this setting. This setting also forces Moderate Restricted Mode on YouTube.
If you enable this setting, SafeSearch in Google Search and Moderate Restricted Mode YouTube is always active.
If you disable this setting or do not set a value, SafeSearch in Google Search and Restricted Mode in YouTube is not enforced.</translation>
<translation id="1352174694615491349">This policy allows HTTP/2 connection coalescing when client certificates are in use. In order to coalesce, both the hostname of the potential new connection and the hostname of an existing connection must match one or more patterns described by this policy. The policy is a list of hosts using the URLBlacklist filter format: 'example.com' matches 'example.com' and all subdomains (e.g. 'sub.example.com'), while '.example.net' matches exactly 'example.net'.
Coalescing requests to different hosts over connections that use client certificates can create security and privacy issues, as the ambient authority will be conveyed to all requests, even if the user did not explicitly authorise this. This policy is temporary and will be removed in a future release. See https://crbug.com/855690.
If this policy is left unset, then the default behaviour of not allowing any HTTP/2 connection coalescing on connections using client certificates will be used.</translation>
<translation id="1354424209129232709">Maximum:</translation>
<translation id="1354452738176731363">When this policy is set to false, audio output will not be available on the device while the user is logged in.
This policy affects all types of audio output and not only the built-in speakers. Audio accessibility features are also inhibited by this policy. Do not enable this policy if a screen reader is required for the user.
If this setting is set to true, or not configured, then users can use all supported audio outputs on their device.</translation>
<translation id="1359553908012294236">If this policy is set to true or not configured, <ph name="PRODUCT_NAME" /> will enable guest logins. Guest logins are <ph name="PRODUCT_NAME" /> profiles where all windows are in incognito mode.
If this policy is set to false, <ph name="PRODUCT_NAME" /> will not allow guest profiles to be started.</translation>
<translation id="1363275621236827384">Enable queries to Quirks Server for hardware profiles</translation>
<translation id="1363612796557848469">This policy gives Google Assistant permission to access screen context and send the info to server.
If the policy is enabled, Google Assistant will be allowed to access screen context.
If the policy is disabled, Google Assistant will not be allowed to access screen context.
If not set, users can decide whether to allow Google Assistant to access screen context or not</translation>
<translation id="1376119291123231789">Enable advanced battery charge mode</translation>
<translation id="1383493480903114193">This policy forces networking code to run in the browser process.
This policy is disabled by default, and if enabled, leaves users open to the security issues once the networking process is sandboxed.
This policy is intended to give enterprises a chance to migrate to third-party software that does not depend on hooking the networking APIs. Proxy servers are recommended over LSPs and Win32 API patching.
If this policy is not set, networking code may run out of the browser process depending on field trials of the Network Service experiment.</translation>
<translation id="1384459581748403878">Reference: <ph name="REFERENCE_URL" /></translation>
<translation id="1384653327213929024">Allow users to manage installed certificates.</translation>
<translation id="1393485621820363363">Enabled enterprise device printers</translation>
<translation id="1397855852561539316">Default search provider suggest URL</translation>
<translation id="1404043648050567997">The Safe Browsing service shows a warning page when users navigate to sites that are flagged as potentially malicious. Enabling this setting prevents users from proceeding anyway from the warning page to the malicious site.
This policy only prevents users from proceeding on Safe Browsing warnings (e.g. malware and phishing) not for SSL certificate-related issues such as invalid or expired certificates.
If this setting is disabled or not configured then users can choose to proceed to the flagged site after being shown the warning.
See https://developers.google.com/safe-browsing for more info on Safe Browsing.</translation>
<translation id="1413936351612032792">Report information about usage of Linux apps</translation>
<translation id="142346659686073702">Allow unaffiliated users to use Crostini</translation>
<translation id="1426410128494586442">Yes</translation>
<translation id="1427655258943162134">Address or URL of proxy server</translation>
<translation id="1431272318313028342">Enables <ph name="PRODUCT_NAME" />'s Safe Browsing feature and prevents users from changing this setting.
If you enable this setting, Safe Browsing is always active.
If you disable this setting, Safe Browsing is never active.
If you enable or disable this setting, users cannot change or override the 'Enable phishing and malware protection' setting in <ph name="PRODUCT_NAME" />.
If this policy is left not set, this will be enabled but the user will be able to change it.
See https://developers.google.com/safe-browsing for more info on Safe Browsing.
This policy is available only on Windows instances that are joined to a <ph name="MS_AD_NAME" /> domain. It also applies to Windows 10 Pro or Enterprise instances that enrolled for device management.</translation>
<translation id="1432194160771348078">
Specifies a list of apps that are installed silently on the login screen, without user interaction, and which cannot be uninstalled.
All permissions requested by the apps are granted implicitly, without user interaction, including any additional permissions requested by future versions of the app.
Note that, for security and privacy reasons, extensions are not allowed to be installed using this policy. Moreover, the devices on the Stable channel will only install the apps that belong to the white list bundled into <ph name="PRODUCT_NAME" />. Any items that don't conform to these conditions will be ignored.
If an app that had previously been force-installed is removed from this list, it is automatically uninstalled by <ph name="PRODUCT_NAME" />.
Each list item of the policy is a string that contains an extension ID and an 'update' URL separated by a semi-colon (<ph name="SEMICOLON" />). The extension ID is the 32-letter string found, e.g. on <ph name="CHROME_EXTENSIONS_LINK" /> when in developer mode. The 'update' URL should point to an Update Manifest XML document as described at <ph name="LINK_TO_EXTENSION_DOC1" />. Note that the 'update' URL set in this policy is only used for the initial installation; subsequent updates of the extension employ the update URL indicated in the extension's manifest.
For example, <ph name="EXTENSION_POLICY_EXAMPLE" /> installs the <ph name="EXTENSION_POLICY_EXAMPLE_EXTENSION_NAME" /> app from the standard Chrome Web Store 'update' URL. For more information about hosting extensions, see: <ph name="LINK_TO_EXTENSION_DOC2" />.</translation>
<translation id="1435659902881071157">Device-level network configuration</translation>
<translation id="1438739959477268107">Default key generation setting</translation>
<translation id="1454846751303307294">Allows you to set a list of url patterns that specify sites which are not allowed to run JavaScript.
If this policy is left not set the global default value will be used for all sites either from the 'DefaultJavaScriptSetting' policy, if it is set, or the user's personal configuration otherwise.</translation>
<translation id="1456822151187621582">Windows (<ph name="PRODUCT_OS_NAME" /> clients):</translation>
<translation id="1458547592473993238">This policy is deprecated. Please use the <ph name="DEFAULT_PLUGINS_SETTING_POLICY_NAME" /> to control the availability of the Flash plugin and <ph name="ALWAYS_OPEN_PDF_EXTERNALLY_POLICY_NAME" /> to control whether the integrated PDF viewer should be used for opening PDF files.
Specifies a list of plugins that are disabled in <ph name="PRODUCT_NAME" /> and prevents users from changing this setting.
The wildcard characters '*' and '?' can be used to match sequences of arbitrary characters. '*' matches an arbitrary number of characters while '?' specifies an optional single character, i.e. matches zero or one characters. The escape character is '\', so to match actual '*', '?' or '\' characters, you can put a '\' in front of them.
If you enable this setting, the specified list of plugins is never used in <ph name="PRODUCT_NAME" />. The plugins are marked as disabled in 'about:plugins' and users cannot enable them.
Note that this policy can be overridden by EnabledPlugins and DisabledPluginsExceptions.
If this policy is left not set, the user can use any plugin installed on the system except for hard-coded incompatible, outdated or dangerous plugins.</translation>
<translation id="1464848559468748897">Control the user behaviour in a multi-profile session on <ph name="PRODUCT_OS_NAME" /> devices.
If this policy is set to 'Multi-ProfileUserBehaviourUnrestricted', the user can be either the primary or secondary user in a multi-profile session.
If this policy is set to 'Multi-ProfileUserBehaviourMustBePrimary', the user can only be the primary user in a multi-profile session.
If this policy is set to 'Multi-ProfileUserBehaviourNotAllowed', the user cannot be part of a multi-profile session.
If you set this setting, users cannot change or override it.
If the setting is changed while the user is signed into a multi-profile session, all users in the session will be checked against their corresponding settings. The session will be closed if any one of the users is no longer allowed to be in the session.
If the policy is left not set, the default value 'Multi-ProfileUserBehaviourMustBePrimary' applies for enterprise-managed users and 'Multi-ProfileUserBehaviourUnrestricted' will be used for non-managed users.</translation>
<translation id="1465619815762735808">Click to play</translation>
<translation id="1468307069016535757">Set the default state of the high contrast mode accessibility feature on the login screen.
If this policy is set to true, high contrast mode will be enabled when the login screen is shown.
If this policy is set to false, high contrast mode will be disabled when the login screen is shown.
If you set this policy, users can temporarily override it by enabling or disabling high contrast mode. However, the user's choice is not persistent and the default is restored whenever the login screen is shown anew or the user remains idle on the login screen for a minute.
If this policy is left unset, high contrast mode is disabled when the login screen is first shown. Users can enable or disable high contrast mode at any time and its status on the login screen is persisted between users.</translation>
<translation id="1468707346106619889">If this policy is set to true, Unified Desktop is allowed and
enabled by default, which allows applications to span multiple displays.
The user may disable Unified Desktop for individual displays by unticking
it in the display settings.
If this policy is set to false or unset, Unified Desktop will be
disabled. In this case, the user cannot enable the feature.</translation>
<translation id="1474273443907024088">Disable TLS False Start</translation>
<translation id="1477934438414550161">TLS 1.2</translation>
<translation id="1502843533062797703">Enable third-party software injection blocking</translation>
<translation id="1507382822467487898">
Configures which MAC (media access control) address will be used when a dock is connected to the device.
When a dock is connected to some device models, the device's designated dock MAC address is used to identify the device on Ethernet by default. This policy allows the administrator to change the source of the MAC address while docked.
If 'DeviceDockMacAddress' is selected or the policy is left unset, the device's designated dock MAC address will be used.
If 'DeviceNicMacAddress' is selected, the device's NIC (network interface controller) MAC address will be used.
If 'DockNicMacAddress' is selected, the dock's NIC MAC address will be used.
This setting cannot be changed by the user.</translation>
<translation id="1507957856411744193">If this policy is set to true, <ph name="PRODUCT_NAME" /> will connect to Cast devices on all IP addresses, not just RFC1918/RFC4193 private addresses.
If this policy is set to false, <ph name="PRODUCT_NAME" /> will connect to Cast devices on RFC1918/RFC4193 private addresses only.
If this policy is not set, <ph name="PRODUCT_NAME" /> will connect to Cast devices on RFC1918/RFC4193 private addresses only, unless the CastAllowAllIPs feature is enabled.
If the policy 'EnableMediaRouter' is set to false, then this policy's value would have no effect.</translation>
<translation id="1509692106376861764">This policy has been retired as of <ph name="PRODUCT_NAME" /> version 29.</translation>
<translation id="1514888685242892912">Enable <ph name="PRODUCT_NAME" /></translation>
<translation id="1522425503138261032">Allow sites to track the users' physical location</translation>
<translation id="1523774894176285446">Alternative browser to launch for configured websites.</translation>
<translation id="152657506688053119">List of alternative URLs for the default search provider</translation>
<translation id="1530812829012954197">Always render the following URL patterns in the host browser</translation>
<translation id="1541170838458414064">Restrict printing page size</translation>
<translation id="1553684822621013552">When this policy is set to true, ARC will be enabled for the user
(subject to additional policy settings checks – ARC will still be
unavailable if either ephemeral mode or multiple sign-in is enabled
in the current user session).
If this setting is disabled or not configured then enterprise users are
unable to use ARC.</translation>
<translation id="1559980755219453326">This policy controls whether to report extensions and plug-in information.
When this policy is left unset or set to True, extension and plug-in data are gathered.
When this policy is set to False, extensions and plug-in data are not gathered.
This policy is only effective when the <ph name="CHROME_REPORTING_EXTENSION_NAME" /> is enabled, and the machine is enrolled with <ph name="MACHINE_LEVEL_USER_CLOUD_POLICY_ENROLLMENT_TOKEN_POLICY_NAME" />.</translation>
<translation id="1560205870554624777">Controls whether the Kerberos functionality is enabled. Kerberos is an authentication protocol that can be used to authenticate to web apps and file shares.
If this policy is enabled, Kerberos functionality is enabled. Kerberos accounts can be added either through the 'Configure Kerberos accounts' policy or through the Kerberos accounts settings in the People settings page.
If this policy is disabled or not set, the Kerberos accounts settings are disabled. No Kerberos accounts can be added and Kerberos authentication cannot be used. All existing Kerberos accounts are deleted, and all stored passwords are deleted.</translation>
<translation id="1561424797596341174">Policy overrides for Debug builds of the remote access host</translation>
<translation id="1561967320164410511">U2F plus extensions for individual attestation</translation>
<translation id="1566329065312331399">
This policy, when set to False, does not allow the device to trigger powerwash.
When set to True, it allows the device to trigger powerwash.
If left unset, it defaults to False, meaning it doesn't allow the device to powerwash.
</translation>
<translation id="1574554504290354326">This setting is deprecated – use SafeBrowsingExtendedReportingEnabled instead. Enabling or disabling SafeBrowsingExtendedReportingEnabled is equivalent to setting SafeBrowsingExtendedReportingOptInAllowed to False.
Setting this policy to false stops users from choosing to send some system information and page content to Google servers. If this setting is true or not configured, then users will be allowed to send some system information and page content to Safe Browsing to help detect dangerous apps and sites.
See https://developers.google.com/safe-browsing for more info on Safe Browsing.</translation>
<translation id="1583248206450240930">Use <ph name="PRODUCT_FRAME_NAME" /> by default</translation>
<translation id="1599424828227887013">Enable Site Isolation for specified origins on Android devices</translation>
<translation id="1608755754295374538">URLs that will be granted access to audio capture devices without prompt</translation>
<translation id="1615221548356595305">Allow coalescing of HTTP/2 connections for these hosts even when client certificates are used</translation>
<translation id="1615855314789673708">Provides a wilco DTC (diagnostics and telemetry controller) configuration.
This policy allows to provide wilco DTC configuration that is allowed to be applied if wilco DTC is available on the given device and allowed by policy. The size of the configuration must not exceed 1 MB (1000000 bytes) and must be encoded in JSON. The wilco DTC is responsible for handling it. The cryptographic hash is used to verify the integrity of the download.
The configuration is downloaded and cached. It will be re-downloaded whenever the URL or the hash changes.
If you set this policy, users cannot change or override it.</translation>
<translation id="1617235075406854669">Enable deleting browser and download history</translation>
<translation id="163200210584085447">Patterns in this list will be matched against the security
origin of the requesting URL. If a match is found, access to video
capture devices will be granted on SAML login pages. If no match is
found, access will be automatically denied. Wildcard patterns are not
allowed.</translation>
<translation id="1634989431648355062">Allow the <ph name="FLASH_PLUGIN_NAME" /> plug-in on these sites</translation>
<translation id="1645793986494086629">Schema:</translation>
<translation id="1653229475925941921">If this policy is set, it controls the type of screen magnifier that is enabled. Setting the policy to 'None' disables the screen magnifier.
If you set this policy, users cannot change or override it.
If this policy is left unset, the screen magnifier is disabled initially but can be enabled by the user at any time.</translation>
<translation id="1655229863189977773">Set disk cache size in bytes</translation>
<translation id="166427968280387991">Proxy server</translation>
<translation id="1668836044817793277">Whether to allow the auto launched with zero delay kiosk app to control <ph name="PRODUCT_OS_NAME" /> version.
This policy controls whether to allow the auto launched with zero delay kiosk app to control <ph name="PRODUCT_OS_NAME" /> version by declaring a required_platform_version in its manifest and use it as the auto update target version prefix.
If the policy is set to true, the value of required_platform_version manifest key of the auto launched with zero delay kiosk app is used as auto update target version prefix.
If the policy is not configured or set to false, the required_platform_version manifest key is ignored and auto update proceeds as normal.
Warning: It is not recommended to delegate control of the <ph name="PRODUCT_OS_NAME" /> version to a kiosk app as it may prevent the device from receiving software updates and critical security fixes. Delegating control of the <ph name="PRODUCT_OS_NAME" /> version might leave users at risk.</translation>
<translation id="1675002386741412210">Supported on:</translation>
<translation id="1700811900332333712">Allow the device to request powerwash</translation>
<translation id="1704516734140344991">Configures availability and behaviour of <ph name="TPM_FIRMWARE_UPDATE_TPM" /> firmware update functionality.
Individual settings can be specified in JSON properties:
<ph name="TPM_FIRMWARE_UPDATE_SETTINGS_ALLOW_USER_INITIATED_POWERWASH" />: If set to <ph name="TPM_FIRMWARE_UPDATE_SETTINGS_ALLOW_USER_INITIATED_POWERWASH_TRUE" />, users will be able to trigger the powerwash flow to install a <ph name="TPM_FIRMWARE_UPDATE_TPM" /> firmware update.
<ph name="TPM_FIRMWARE_UPDATE_SETTINGS_ALLOW_USER_INITIATED_PRESERVE_DEVICE_STATE" />: If set to <ph name="TPM_FIRMWARE_UPDATE_SETTINGS_ALLOW_USER_INITIATED_PRESERVE_DEVICE_STATE_TRUE" />, users will be able to invoke the <ph name="TPM_FIRMWARE_UPDATE_TPM" /> firmware update flow that preserves device-wide state (including enterprise enrolment), but loses user data. This update flow is available starting from version 68.
<ph name="TPM_FIRMWARE_UPDATE_SETTINGS_AUTO_UPDATE_MODE" />: Controls how automatic <ph name="TPM_FIRMWARE_UPDATE_TPM" /> firmware updates are enforced for vulnerable <ph name="TPM_FIRMWARE_UPDATE_TPM" /> firmware. All flows preserve local device state.
If set to 1 or left not set, TPM firmware updates are not enforced.
If set to 2, <ph name="TPM_FIRMWARE_UPDATE_TPM" /> firmware will be updated at the next reboot after user acknowledges the update.
If set to 3, <ph name="TPM_FIRMWARE_UPDATE_TPM" /> firmware will be updated at the next reboot.
If set to 4, <ph name="TPM_FIRMWARE_UPDATE_TPM" /> firmware will be updated after enrolment, before user sign-in.
This option is available starting from version 74.
If the policy is not set, <ph name="TPM_FIRMWARE_UPDATE_TPM" /> firmware update functionality will not be available.</translation>
<translation id="1708496595873025510">Set the restriction on the fetching of the Variations seed</translation>
<translation id="1717817358640580294">If unset, should Chrome Clean-Up detect unwanted software, it may report metadata about the scan to Google, in accordance with policy set by SafeBrowsingExtendedReportingEnabled. Chrome Clean-Up will then ask the user if they wish to clean up the unwanted software. The user can choose to share results of the clean up with Google to assist with future unwanted software detection. These results contain file metadata, automatically installed extensions and registry keys as described by the Chrome Privacy Whitepaper.
If disabled, should Chrome Clean-Up detect unwanted software, it will not report metadata about the scan to Google, overriding any policy set by SafeBrowsingExtendedReportingEnabled. Chrome Clean-Up will ask the user if they wish to clean up the unwanted software. Results of the clean up will not be reported to Google and the user will not have the option to do so.
If enabled, should Chrome Clean-Up detect unwanted software, it may report metadata about the scan to Google, in accordance with policy set by SafeBrowsingExtendedReportingEnabled. Chrome Clean-Up will ask the user if they wish to clean up the unwanted software. Results of the clean up will be reported to Google and the user will not have the option to prevent it.
This policy is available only on Windows instances that are joined to a <ph name="MS_AD_NAME" /> domain. It also applies to Windows 10 Pro or Enterprise instances that enrolled for device management.</translation>
<translation id="172374442286684480">Allow all sites to set local data.</translation>
<translation id="1736269219679256369">Allow proceeding from the SSL warning page</translation>
<translation id="1745780278307622857">Identify if <ph name="PRODUCT_NAME" /> can allow download without Safe Browsing checks when it's from a trusted source.
When False, downloaded files will not be sent to be analysed by Safe Browsing when it's from a trusted source.
When not set (or set to True), downloaded files are sent to be analysed by Safe Browsing, even when it's from a trusted source.
Note that these restrictions apply to downloads triggered from web page content, as well as the 'download link…' context menu option. These restrictions do not apply to the save/download of the currently displayed page, nor does it apply to saving as PDF from the printing options.
This policy is available only on Windows instances that are joined to a <ph name="MS_AD_NAME" /> domain. It also applies to Windows 10 Pro or Enterprise instances that enrolled for device management.</translation>
<translation id="1749815929501097806">Sets the Terms of Service that the user must accept before starting a device-local account session.
If this policy is set, <ph name="PRODUCT_OS_NAME" /> will download the Terms of Service and present them to the user whenever a device-local account session is starting. The user will only be allowed into the session after accepting the Terms of Service.
If this policy is not set, no Terms of Service are shown.
The policy should be set to a URL from which <ph name="PRODUCT_OS_NAME" /> can download the Terms of Service. The Terms of Service must be plain text, served as MIME type text/plain. No markup is allowed.</translation>
<translation id="1750315445671978749">Block all downloads</translation>
<translation id="1767673020408652620">Enable App Recommendations in Zero State of Search Box</translation>
<translation id="17719159826324007">
This policy, when set to ArcSession, forces the device to reboot when a user signs out if Android has started.
When set to Always, it forces the device to reboot on every user sign-out.
If left unset, it has no effect and no reboot is forced on user sign-out. The same applies if set to Never.
This policy has effect only for unaffiliated users.
</translation>
<translation id="1781356041596378058">This policy also controls access to Android Developer Options. If you set this policy to true, users cannot access Developer Options. If you set this policy to false or leave it unset, users can access Developer Options by tapping seven times on the build number in the Android settings app.</translation>
<translation id="1793346220873697538">Disable PIN printing by default</translation>
<translation id="1797233582739332495">Show a recurring prompt to the user indicating that a relaunch is required</translation>
<translation id="1798559516913615713">GPO cache lifetime</translation>
<translation id="1803646570632580723">List of pinned apps to show in the launcher</translation>
<translation id="1808715480127969042">Block cookies on these sites</translation>
<translation id="1810261428246410396">Allow Instant Tethering to be used.</translation>
<translation id="1817685358399181673">This policy specifies the <ph name="PLUGIN_VM_NAME" /> image for a user. The policy is set by specifying the URL from which the device can download the image and a SHA-256 hash used to verify the integrity of the download.
The policy should be specified as a string that expresses the URL and hash in the JSON format.</translation>
<translation id="1827523283178827583">Use fixed proxy servers</translation>
<translation id="1831495419375964631">This policy is a URL that points to an XML file in the same format as Internet Explorer's <ph name="IEEM_SITELIST_POLICY" /> policy. This loads rules from an XML file, without sharing those rules with Internet Explorer.
When this policy is left unset, or not set to a valid URL, <ph name="PRODUCT_NAME" /> does not use it as a source of rules for switching browsers.
When this policy is set to a valid URL, <ph name="PRODUCT_NAME" /> downloads the site list from that URL, and applies the rules as if they had been configured with the <ph name="SITELIST_POLICY_NAME" /> policy.
For more information on Internet Explorer's <ph name="IEEM_SITELIST_POLICY" /> policy: https://docs.microsoft.com/internet-explorer/ie11-deploy-guide/what-is-enterprise-mode</translation>
<translation id="1839060937202387559">Report hardware statistics and identifiers for storage devices.
If the policy is set to false, the statistics will not be reported.
If set to true or left unset, statistics will be reported.</translation>
<translation id="1843117931376765605">Refresh rate for user policy</translation>
<translation id="1844620919405873871">Configures quick unlock related policies.</translation>
<translation id="1845405905602899692">Kiosk settings</translation>
<translation id="1845429996559814839">Restrict PIN printing mode</translation>
<translation id="1847960418907100918">Specifies the parameters used when doing instant search with POST. It consists of comma-separated name/value pairs. If a value is a template parameter, like {searchTerms} in above example, it will be replaced with real search terms data.
This policy is optional. If not set, instant search request will be sent using the GET method.
This policy is only respected if the 'DefaultSearchProviderEnabled' policy is enabled.</translation>
<translation id="1852294065645015766">Allow media auto-play</translation>
<translation id="1857152770025485173">This policy prevents the user from loading web pages from blacklisted URLs. The blacklist provides a list of URL patterns that specify which URLs will be blacklisted.
A URL pattern has to be formatted according to https://www.chromium.org/administrators/url-blacklist-filter-format.
Exceptions can be defined in the URL whitelist policy. These policies are limited to 1,000 entries; subsequent entries will be ignored.
Note that it is not recommended to block internal 'chrome://*' URLs after this may lead to unexpected errors.
From M73 you can block 'javascript://*' URLs. However, it only affects JavaScript typed in address bar (or, for example, bookmarklets). Note that in-page JavaScript URLs, as long as data is dynamically loaded, are not subject to this policy. For example, if you block 'example.com/abc', page 'example.com' will still be able to load 'example.com/abc' via XMLHTTPRequest.
If this policy is not set, no URL will be blacklisted in the browser.</translation>
<translation id="1859859319036806634">Warning: The TLS version fallback will be removed from <ph name="PRODUCT_NAME" /> after version 52 (around September 2016) and this policy will stop working then.
When a TLS handshake fails, <ph name="PRODUCT_NAME" /> would previously retry the connection with a lesser version of TLS in order to work around bugs in HTTPS servers. This setting configures the version at which this fallback process will stop. If a server performs version negotiation correctly (i.e. without breaking the connection) then this setting doesn't apply. Regardless, the resulting connection must still comply with SSLVersionMin.
If this policy is not configured or if it is set to "tls1.2" then <ph name="PRODUCT_NAME" /> no longer performs this fallback. Note that this does not disable support for older TLS versions, only whether <ph name="PRODUCT_NAME" /> will work around buggy servers which cannot negotiate versions correctly.
Otherwise, if compatibility with a buggy server must be maintained, this policy may be set to "tls1.1". This is a stopgap measure and the server should be rapidly fixed.</translation>
<translation id="1864382791685519617">Enables network prediction in <ph name="PRODUCT_NAME" /> and prevents users from changing this setting.
This controls DNS pre-fetching, TCP and SSL pre-connection and pre-rendering of web pages.
If you set this policy, users cannot change or override this setting in <ph name="PRODUCT_NAME" />.
If this policy is left not set, network prediction will be enabled but the user will be able to change it.</translation>
<translation id="1865417998205858223">Key Permissions</translation>
<translation id="186719019195685253">Action to take when the idle delay is reached while running on AC power</translation>
<translation id="187819629719252111">Allows access to local files on the machine by allowing <ph name="PRODUCT_NAME" /> to display file selection dialogues.
If you enable this setting, users can open file selection dialogues as normal.
If you disable this setting, whenever the user performs an action which would provoke a file selection dialogue (like importing bookmarks, uploading files, saving links, etc.) a message is displayed instead and the user is assumed to have clicked Cancel on the file selection dialogue.
If this setting is not set, users can open file selection dialogues as normal.</translation>
<translation id="1885782360784839335">Enable showing full-tab promotional content</translation>
<translation id="1888871729456797026">The enrolment token of cloud policy on desktop</translation>
<translation id="1897365952389968758">Allow all sites to run JavaScript (recommended)</translation>
<translation id="1906888171268104594">Controls whether usage metrics and diagnostic data, including crash reports, are reported back to Google.
If set to true, <ph name="PRODUCT_OS_NAME" /> will report usage metrics and diagnostic data.
If set to false, metrics and diagnostic data reporting will be disabled.
If not configured, metrics and diagnostic data reporting will be disabled on unmanaged devices, and enabled on managed devices.</translation>
<translation id="1907431809333268751">Configure the list of enterprise login URLs (HTTP and HTTPS schemes only). Fingerprint of password will be captured on these URLs and used for password reuse detection.
In order for <ph name="PRODUCT_NAME" /> to correctly capture password fingerprints, please make sure that your login pages follow the guidelines on https://www.chromium.org/developers/design-documents/create-amazing-password-forms.
If this setting is enabled, then password protection service will capture fingerprint of password on these URLs for password reuse detection purpose.
If this setting is disabled or not set, then password protection service will only capture password fingerprint on https://accounts.google.com.
This policy is available only on Windows instances that are joined to a <ph name="MS_AD_NAME" /> domain. It also applies to Windows 10 Pro or Enterprise instances that enrolled for device management.</translation>
<translation id="1914840757300882918">If this policy is set, the host will use a client certificate with the given issuer CN to authenticate to RemoteAccessHostTokenValidationUrl. Set it to '*' to use any available client certificate.
This feature is currently disabled server-side.</translation>
<translation id="1919802376548418720">Use KDC policy to delegate credentials.</translation>
<translation id="1920046221095339924">Allow managed session on device</translation>
<translation id="1929709556673267855">Provides configurations for enterprise printers bound to devices.
This policy allows you to provide printer configurations to <ph name="PRODUCT_OS_NAME" /> devices. The format is the same as the NativePrinters dictionary, with an additional required 'id' or 'guid' field per printer for whitelisting or blacklisting.
The size of the file must not exceed 5 MB and must be encoded in JSON. It is estimated that a file containing approximately 21,000 printers will encode as a 5 MB file. The cryptographic hash is used to verify the integrity of the download.
The file is downloaded and cached. It will be re-downloaded whenever the URL or the hash changes.
If this policy is set, <ph name="PRODUCT_OS_NAME" /> will download the file for printer configurations and make printers available in accordance with <ph name="DEVICE_PRINTERS_ACCESS_MODE" />, <ph name="DEVICE_PRINTERS_WHITELIST" /> and <ph name="DEVICE_PRINTERS_BLACKLIST" />.
This policy has no effect on whether users can configure printers on individual devices. It is intended to be supplementary to the configuration of printers by individual users.
This policy is additive to the <ph name="BULK_PRINTERS_POLICY" />.
If this policy is unset, there will be no device printers and the other <ph name="DEVICE_PRINTERS_POLICY_PATTERN" /> policies will be ignored.
</translation>
<translation id="193259052151668190">Whitelist of USB detachable devices</translation>
<translation id="1933378685401357864">Wallpaper image</translation>
<translation id="1956493342242507974">Configure power management on the log-in screen in <ph name="PRODUCT_OS_NAME" />.
This policy lets you configure how <ph name="PRODUCT_OS_NAME" /> behaves when there is no user activity for some amount of time while the log-in screen is being shown. The policy controls multiple settings. For their individual semantics and value ranges, see the corresponding policies that control power management within a session. The only deviations from these policies are:
* The actions to take on idle or lid close cannot be to end the session.
* The default action taken on idle when running on AC power is to shut down.
If a setting is left unspecified, a default value is used.
If this policy is unset, defaults are used for all settings.</translation>
<translation id="1958138414749279167">Enables <ph name="PRODUCT_NAME" />'s AutoFill feature and allows users to auto-complete address information in web forms using previously stored information.
If this setting is disabled, AutoFill will never suggest, or fill address information, nor will it save additional address information that the user might submit while browsing the web.
If this setting is enabled or has no value, the user will be able to control AutoFill for addresses in the UI.</translation>
<translation id="1962273523772270623">Allow collection of WebRTC event logs from Google services</translation>
<translation id="1964634611280150550">Incognito mode disabled.</translation>
<translation id="1964802606569741174">This policy has no effect on the Android YouTube app. If Safety Mode on YouTube should be enforced, installation of the Android YouTube app should be disallowed.</translation>
<translation id="1969212217917526199">Overrides policies on Debug builds of the remote access host.
The value is parsed as a JSON dictionary of policy name to policy value mappings.</translation>
<translation id="1969808853498848952">Always runs plug-ins that require authorisation (deprecated)</translation>
<translation id="1988371335297483117">Auto-update payloads on <ph name="PRODUCT_OS_NAME" /> can be downloaded via HTTP instead of HTTPS. This allows transparent HTTP caching of HTTP downloads.
If this policy is set to true, <ph name="PRODUCT_OS_NAME" /> will attempt to download auto-update payloads via HTTP. If the policy is set to false or not set, HTTPS will be used for downloading auto-update payloads.</translation>
<translation id="199764499252435679">Enable component updates in <ph name="PRODUCT_NAME" /></translation>
<translation id="1997994951395619441">If you enable this setting, <ph name="PRODUCT_NAME" /> will show a bookmark bar.
If you disable this setting, users will never see the bookmark bar.
If you enable or disable this setting, users cannot change or override it in <ph name="PRODUCT_NAME" />.
If this setting is left not set, the user can decide to use this function or not.</translation>
<translation id="2006530844219044261">Power management</translation>
<translation id="2014757022750736514">Controls the behaviour of the sign-in screen, where users log in to their accounts. Settings include who can log in, what type of accounts are allowed, what authentication methods should be used, as well as general accessibility, input method and locale settings.</translation>
<translation id="201557587962247231">Frequency of device status report uploads</translation>
<translation id="2017301949684549118">URLs for web apps to be silently installed.</translation>
<translation id="2017459564744167827">See <ph name="REFERENCE_URL" /> for more information about schema and formatting.</translation>
<translation id="2018836497795982119">Specifies the period in milliseconds at which the device management service is queried for user policy information.
Setting this policy overrides the default value of 3 hours. Valid values for this policy are in the range from 1,800,000 (30 minutes) to 86,400,000 (1 day). Any values not in this range will be clamped to the respective boundary. If the platform supports policy notifications, the refresh delay will be set to 24 hours because it is expected that policy notifications will force a refresh automatically whenever policy changes.
Leaving this policy not set will make <ph name="PRODUCT_NAME" /> use the default value of 3 hours.
Note that if the platform supports policy notifications, the refresh delay will be set to 24 hours (ignoring all defaults and the value of this policy) because it is expected that policy notifications will force a refresh automatically whenever policy changes, making more frequent refreshes unnecessary.</translation>
<translation id="2024476116966025075">Configure the required domain name for remote access clients</translation>
<translation id="2030905906517501646">Default search provider keyword</translation>
<translation id="203096360153626918">This policy has no effect on the Android apps. They will be able to enter full screen mode even if this policy is set to <ph name="FALSE" />.</translation>
<translation id="2043770014371753404">Disabled enterprise printers</translation>
<translation id="2050629715135525072">Controls the ability of a user connected to a remote access host to transfer files between the client and the host. This does not apply to remote assistance connections, which do not support file transfer.
If this setting is disabled, file transfer will not be allowed. If this setting is enabled or not set, file transfer will be allowed.</translation>
<translation id="2057317273526988987">Allow access to a list of URLs</translation>
<translation id="2061810934846663491">Configure the required domain names for remote access hosts</translation>
<translation id="206623763829450685">Specifies which HTTP authentication schemes are supported by <ph name="PRODUCT_NAME" />.
Possible values are 'basic', 'digest', 'ntlm' and 'negotiate'. Separate multiple values with commas.
If this policy is left unset, all four schemes will be used.</translation>
<translation id="2067011586099792101">Block access to sites outside of content packs</translation>
<translation id="2073552873076775140">Allow sign-in to <ph name="PRODUCT_NAME" /></translation>
<translation id="2077129598763517140">Use hardware acceleration when available</translation>
<translation id="2077273864382355561">Screen off delay when running on battery power</translation>
<translation id="2082205219176343977">Configure minimum allowed Chrome version for the device.</translation>
<translation id="209586405398070749">Stable channel</translation>
<translation id="2098658257603918882">Enable reporting of usage and crash-related data</translation>
<translation id="2104418465060359056">Report Extensions and Plug-in information</translation>
<translation id="2106627642643925514">Overrides default PIN printing mode. If the mode is unavailable this policy is ignored.</translation>
<translation id="2107601598727098402">
This policy is deprecated in M72. Please use CloudManagementEnrollmentToken instead.
</translation>
<translation id="2111016292707172233">Enables the availability of Tap to Search in <ph name="PRODUCT_NAME" />'s content view.
If you enable this setting, Tap to Search will be available to the user and they can choose to turn the feature on or off.
If you disable this setting, Tap to Search will be disabled completely.
If this policy is left not set, it is equivalent to being enabled, see description above.</translation>
<translation id="2113068765175018713">Limit device uptime by automatically rebooting</translation>
<translation id="2116790137063002724">This policy controls whether to report information that can be used to identify users, such as OS login, <ph name="PRODUCT_NAME" /> Profile login, <ph name="PRODUCT_NAME" /> Profile name, <ph name="PRODUCT_NAME" /> Profile path and <ph name="PRODUCT_NAME" /> executable path.
When this policy is left unset or set to True, information that can be used to identify users is gathered.
When this policy is set to False, information that can be used to identify users is not gathered.
This policy is only effective when the <ph name="CHROME_REPORTING_EXTENSION_NAME" /> is enabled, and the machine is enrolled with <ph name="MACHINE_LEVEL_USER_CLOUD_POLICY_ENROLLMENT_TOKEN_POLICY_NAME" />.</translation>
<translation id="2127599828444728326">Allow notifications on these sites</translation>
<translation id="2131902621292742709">Screen dim delay when running on battery power</translation>
<translation id="2134437727173969994">Permit locking the screen</translation>
<translation id="2137064848866899664">If this policy is set, each display is rotated to the
specified orientation on every reboot and the first time that it is connected
after the policy value has changed. Users may change the display
rotation via the settings page after logging in, but their
setting will be overridden by the policy value at the next reboot.
This policy applies to both the primary and all secondary displays.
If the policy is not set, the default value is 0 degrees and the user is
free to change it. In this case, the default value is not reapplied at
restart.</translation>
<translation id="2138449619211358657">This policy allows <ph name="PRODUCT_OS_NAME" /> to bypass any proxy for captive portal authentication.
This policy only takes effect if a proxy is configured (for example through policy, by the user in chrome://settings or by extensions).
If you enable this setting, any captive portal authentication pages (i.e. all web pages starting from captive portal sign-in page until <ph name="PRODUCT_NAME" /> detects successful Internet connection) will be displayed in a separate window ignoring all policy settings and restrictions for the current user.
If you disable this setting or leave it unset, any captive portal authentication pages will be shown in a (regular) new browser tab, using the current user's proxy settings.</translation>
<translation id="21394354835637379">Allows you to specify which URLs are allowed to install extensions, apps and themes.
Starting in <ph name="PRODUCT_NAME" /> 21, it is more difficult to install extensions, apps and user scripts from outside the Chrome Web Store. Previously, users could click on a link to a *.crx file, and <ph name="PRODUCT_NAME" /> would offer to install the file after a few warnings. After <ph name="PRODUCT_NAME" /> 21, such files must be downloaded and dragged onto the <ph name="PRODUCT_NAME" /> settings page. This setting allows specific URLs to have the old, easier installation flow.
Each item in this list is an extension-style match pattern (see https://developer.chrome.com/extensions/match_patterns). Users will be able to easily install items from any URL that matches an item in this list. Both the location of the *.crx file and the page where the download is started from (i.e. the referrer) must be allowed by these patterns.
<ph name="EXTENSION_INSTALL_BLACKLIST_POLICY_NAME" /> takes precedence over this policy. That is, an extension on the blacklist won't be installed, even if it happens from a site on this list.</translation>
<translation id="214901426630414675">Restrict printing duplex mode</translation>
<translation id="2149330464730004005">Enable colour printing</translation>
<translation id="2156132677421487971">Configure policies for <ph name="PRODUCT_NAME" />, a feature that allows users to send the contents of tabs, sites or the desktop from the browser to remote displays and sound systems.</translation>
<translation id="2166472654199325139">Do not filter sites for adult content</translation>
<translation id="2168397434410358693">Idle delay when running on AC power</translation>
<translation id="217013996107840632">Command-line parameters for switching from the alternative browser.</translation>
<translation id="2170233653554726857">Enable WPAD optimisation</translation>
<translation id="2176565653304920879">When this policy is set, automatic time zone detection flow will be in one of the following ways depending on the value of the setting:
If set to TimezoneAutomaticDetectionUsersDecide, users would be able to control automatic time zone detection using normal controls in chrome://settings.
If set to TimezoneAutomaticDetectionDisabled, automatic time zone controls in chrome://settings will be disabled. Automatic time zone detection will always be off.
If set to TimezoneAutomaticDetectionIPOnly, time zone controls in chrome://settings will be disabled. Automatic time zone detection will always be on. Time zone detection will use IP-only method to resolve location.
If set to TimezoneAutomaticDetectionSendWiFiAccessPoints, time zone controls in chrome://settings will be disabled. Automatic time zone detection will always be on. The list of visible Wi-Fi access points will always be sent to Geolocation API server for fine-grained time zone detection.
If set to TimezoneAutomaticDetectionSendAllLocationInfo, time zone controls in chrome://settings will be disabled. Automatic time zone detection will always be on. Location information (such as Wi-Fi access points, reachable mobile masts, GPS) will be sent to a server for fine-grained time zone detection.
If this policy is not set, it will behave as if TimezoneAutomaticDetectionUsersDecide is set.
If SystemTimezone policy is set, it overrides this policy. In this case automatic time zone detection is completely disabled.</translation>
<translation id="2178899310296064282">Enforce at least Moderate Restricted Mode on YouTube</translation>
<translation id="2182291258410176649">User decides whether to enable backup and restore</translation>
<translation id="2183294522275408937">This setting controls how often the lock screen will request the password to be entered in order to continue using quick unlock. Each time the lock screen is entered, if the last password entry was more than this setting, the quick unlock will not be available on entering the lock screen. Should the user stay on the lock screen past this period of time, a password will be requested next time the user enters the wrong code, or re-enters the lock screen, whichever comes first.
If this setting is configured, users using quick unlock will be requested to enter their passwords on the lock screen depending on this setting.
If this setting is not configured, users using quick unlock will be requested to enter their password on the lock screen every day.</translation>
<translation id="2194470398825717446">This policy is deprecated in M61, please use EcryptfsMigrationStrategy instead.
Specifies how a device should behave that shipped with ecryptfs and needs to transition to ext4 encryption.
If you set this policy to 'DisallowArc', Android apps will be disabled for all users on the device (including those that have ext4 encryption already) and no migration from ecryptfs to ext4 encryption will be offered to any users.
If you set this policy to 'AllowMigration', users with ecryptfs home directories will be offered to migrate these to ext4 encryption as necessary (currently when Android N becomes available on the device).
This policy does not apply to kiosk apps – these are migrated automatically. If this policy is left not set, the device will behave as if 'DisallowArc' was chosen.</translation>
<translation id="2195032660890227692">This policy was removed in <ph name="PRODUCT_NAME" /> 68 and replaced by <ph name="ARC_BR_POLICY_NAME" />.</translation>
<translation id="219720814106081560">If enabled or not configured (default), the user will be prompted for video capture access except for URLs configured in the VideoCaptureAllowedUrls list which will be granted access without prompting.
When this policy is disabled, the user will never be prompted and video capture will only be available to URLs configured in VideoCaptureAllowedUrls.
This policy affects all types of video inputs and not only the built-in camera.</translation>
<translation id="2201555246697292490">Configure native messaging whitelist</translation>
<translation id="2204753382813641270">Control shelf auto-hiding</translation>
<translation id="2208976000652006649">Parameters for search URL which uses POST</translation>
<translation id="2214880135980649323">When this policy is set to enabled, extensions installed by enterprise policy are allowed to use the Enterprise Hardware Platform API.
When this policy is set to disabled or not set, no extensions are allowed to use the Enterprise Hardware Platform API.
This policy also applies to component extensions such as the Hangout Services extension.</translation>
<translation id="2223598546285729819">Default notification settings</translation>
<translation id="2231817271680715693">Import browsing history from default browser on first run</translation>
<translation id="2236488539271255289">Do not allow any site to set local data</translation>
<translation id="2240879329269430151">Allows you to set whether websites are allowed to show pop-ups. Showing pop-ups can be either allowed for all websites or denied for all websites.
If this policy is left unset, 'BlockPop-ups' will be used and the user will be able to change it.</translation>
<translation id="2255326053989409609">Enabling this setting prevents web pages from accessing the graphics processing unit (GPU). Specifically, web pages cannot access the WebGL API and plugins can not use the Pepper 3D API.
Disabling this setting or leaving it not set potentially allows web pages to use the WebGL API and plugins to use the Pepper 3D API. The default settings of the browser may still require command line arguments to be passed in order to use these APIs.
If HardwareAccelerationModeEnabled is set to false, Disable3DAPIs is ignored and it is equivalent to Disable3DAPIs being set to true.</translation>
<translation id="2258126710006312594">Allow remote access users to transfer files to/from the host</translation>
<translation id="2265214338421787313">This policy allows an admin to specify that a page may show pop-ups during its unloading.
When the policy is set to enabled, pages are allowed to show pop-ups while they are being unloaded.
When the policy is set to disabled or not set, pages are not allowed to show pop-ups while they are being unloaded, as per the spec (https://html.spec.whatwg.org/#apis-for-creating-and-navigating-browsing-contexts-by-name).
This policy will be removed in Chrome 82.
See https://www.chromestatus.com/feature/5989473649164288 .</translation>
<translation id="2269319728625047531">Enable displaying Sync Consent during sign-in</translation>
<translation id="2274864612594831715">This policy configures enabling the virtual keyboard as an input device on ChromeOS. Users cannot override this policy.
If the policy is set to true, the on-screen virtual keyboard will always be enabled.
If set to false, the on-screen virtual keyboard will always be disabled.
If you set this policy, users cannot change or override it. However, users will still be able to enable/disable an accessibility on-screen keyboard which takes precedence over the virtual keyboard controlled by this policy. See the |VirtualKeyboardEnabled| policy for controlling the accessibility on-screen keyboard.
If this policy is left unset, the on-screen keyboard is disabled initially but can be enabled by the user anytime. Heuristic rules may also be used to decide when to display the keyboard.</translation>
<translation id="2292084646366244343"><ph name="PRODUCT_NAME" /> can use a Google web service to help resolve spelling errors. If this setting is enabled, then this service is always used. If this setting is disabled, then this service is never used.
Spell checking can still be performed using a downloaded dictionary; this policy only controls the usage of the online service.
If this setting is not configured then users can choose whether the spell checking service should be used or not.</translation>
<translation id="2294382669900758280">Video playing in Android apps is not taken into consideration, even if this policy is set to <ph name="TRUE" />.</translation>
<translation id="2299220924812062390">Specify a list of enabled plug-ins</translation>
<translation id="2303795211377219696">Enable AutoFill for credit cards</translation>
<translation id="2309390639296060546">Default geolocation setting</translation>
<translation id="2327252517317514801">Define domains allowed to access G Suite</translation>
<translation id="2356878440219553005">Specifies battery charge mode power management policy.
Dynamically control battery charging to minimise battery wear-out due to battery stress and extend battery life.
If custom battery charge mode is selected then DeviceBatteryChargeCustomStartCharging and DeviceBatteryChargeCustomStopCharging must be specified.
If this policy is set then battery charge mode will be applied if supported on the device.
If this policy is left unset and policy is supported on the device, the standard battery charge mode will be applied and cannot be changed by the user.
Note: <ph name="DEVICE_ADVANCED_BATTERY_CHARGE_MODE_ENABLED_NAME" /> overrides this policy if the former is specified.</translation>
<translation id="237494535617297575">Allows you to set a list of url patterns that specify sites which are allowed to display notifications.
If this policy is left unset, the global default value will be used for all sites either from the 'DefaultNotificationsSetting' policy, if it is set, or the user's personal configuration otherwise.</translation>
<translation id="2386362615870139244">Allow screen wake locks</translation>
<translation id="2411817661175306360">Password protection warning is off</translation>
<translation id="2411919772666155530">Block notifications from these sites</translation>
<translation id="2418507228189425036">Disables saving browser history in <ph name="PRODUCT_NAME" /> and prevents users from changing this setting.
If this setting is enabled, browsing history is not saved. This setting also disables tab syncing.
If this setting is disabled or not set, browsing history is saved.</translation>
<translation id="2426782419955104525">Enables <ph name="PRODUCT_NAME" />'s Instant feature and prevents users from changing this setting.
If you enable this setting, <ph name="PRODUCT_NAME" /> Instant is enabled.
If you disable this setting, <ph name="PRODUCT_NAME" /> Instant is disabled.
If you enable or disable this setting, users cannot change or override this setting.
If this setting is left unset, the user can decide to use this function or not.
This setting has been removed from <ph name="PRODUCT_NAME" /> 29 and higher versions.</translation>
<translation id="2433412232489478893">This policy controls whether the Network File Shares feature for <ph name="PRODUCT_NAME" /> is allowed for a user.
When this policy is not configured or set to True, users will be able to use Network File Shares.
When this policy is set to False, users will be unable to use Network File Shares.</translation>
<translation id="2438609638493026652">Enables reporting of key events during Android app installation to Google. Events are captured only for apps whose installation was triggered via policy.
If the policy is set to true, events will be logged.
If the policy is set to false or unset, events will not be logged.</translation>
<translation id="244317009688098048">Enable bailout keyboard shortcut for auto-login.
If this policy is unset or set to True and a device-local account is configured for zero-delay auto-login, <ph name="PRODUCT_OS_NAME" /> will honour the keyboard shortcut Ctrl+Alt+S for bypassing auto-login and showing the login screen.
If this policy is set to False, zero-delay auto-login (if configured) cannot be bypassed.</translation>
<translation id="2454228136871844693">Optimise for stability.</translation>
<translation id="2463034609187171371">Enable DHE cipher suites in TLS</translation>
<translation id="2463365186486772703">Application locale</translation>
<translation id="2466131534462628618">Captive portal authentication ignores proxy</translation>
<translation id="2471748297300970300">If disabled, prevents security warnings from appearing when Chrome is launched with some potentially dangerous command-line flags.
If enabled or unset, security warnings are displayed when some command-line flags are used to launch Chrome.
On Windows, this policy is only available on instances that are joined to a <ph name="MS_AD_NAME" /> domain or Windows 10 Pro or Enterprise instances that are enrolled for device management.</translation>
<translation id="2482676533225429905">Native Messaging</translation>
<translation id="2483146640187052324">Predict network actions on any network connection</translation>
<translation id="2484208301968418871">This policy controls the application of the SafeSites URL filter.
This filter uses the Google Safe Search API to classify URLs as pornographic or not.
When this policy is not configured or set to 'Do not filter sites for adult content', sites will not be filtered.
When this policy is set to 'Filter top-level sites for adult content', sites classified as pornographic will be filtered.</translation>
<translation id="2486371469462493753">Disables enforcing Certificate Transparency requirements to the listed URLs.
This policy allows certificates for the hostnames in the specified URLs to not be disclosed via Certificate Transparency. This allows certificates that would otherwise be untrusted, because they were not properly publicly disclosed, to continue to be used, but makes it harder to detect miss-isued certificates for those hosts.
A URL pattern is formatted according to https://www.chromium.org/administrators/url-blacklist-filter-format. However, because certificates are valid for a given hostname independent of the scheme, port or path, only the hostname portion of the URL is considered. Wildcard hosts are not supported.
If this policy is not set, any certificate that is required to be disclosed via Certificate Transparency will be treated as untrusted if it is not disclosed according to the Certificate Transparency policy.</translation>
<translation id="2488010520405124654">Enable network configuration prompt when offline.
If this policy is unset or set to True and a device-local account is configured for zero-delay auto-login and the device does not have access to the Internet, <ph name="PRODUCT_OS_NAME" /> will show a network configuration prompt.
If this policy is set to False, an error message will be displayed instead of the network configuration prompt.</translation>
<translation id="2498238926436517902">Always auto-hide the shelf</translation>
<translation id="2514328368635166290">Specifies the favourite icon URL of the default search provider.
This policy is optional. If not set, no icon will be present for the search provider.
This policy is only respected if the 'DefaultSearchProviderEnabled' policy is enabled.</translation>
<translation id="2516600974234263142">Enables printing in <ph name="PRODUCT_NAME" /> and prevents users from changing this setting.
If this setting is enabled or not configured, users can print.
If this setting is disabled, users cannot print from <ph name="PRODUCT_NAME" />. Printing is disabled in the wrench menu, extensions, JavaScript applications etc. It is still possible to print from plugins that bypass <ph name="PRODUCT_NAME" /> while printing. For example, certain Flash applications have the print option in their context menu, which is not covered by this policy.</translation>
<translation id="2518231489509538392">Allow playing audio</translation>
<translation id="2521581787935130926">Show the apps shortcut in the bookmark bar</translation>
<translation id="2529659024053332711">Allows you to specify the behaviour on start-up.
If you choose 'Open new tab page' the new tab page will always be opened when you start <ph name="PRODUCT_NAME" />.
If you choose 'Restore the last session', the URLs that were open last time <ph name="PRODUCT_NAME" /> was closed will be re-opened and the browsing session will be restored as it was left.
Choosing this option disables some settings that rely on sessions or that perform actions on exit (such as Clear browsing data on exit or session-only cookies).
If you choose 'Open a list of URLs', the list of 'URLs to open on start-up' will be opened when a user starts <ph name="PRODUCT_NAME" />.
If you enable this setting, users cannot change or override it in <ph name="PRODUCT_NAME" />.
Disabling this setting is equivalent to leaving it not configured. The user will still be able to change it in <ph name="PRODUCT_NAME" />.
This policy is available only on Windows instances that are joined to a <ph name="MS_AD_NAME" /> domain. It also applies to Windows 10 Pro or Enterprise instances that enrolled for device management.</translation>
<translation id="2529880111512635313">Configure the list of force-installed apps and extensions</translation>
<translation id="253135976343875019">Idle warning delay when running on AC power</translation>
<translation id="2536525645274582300">User decides whether to enable Google Location services</translation>
<translation id="254653220329944566">Enables <ph name="PRODUCT_NAME" /> cloud reporting</translation>
<translation id="2548572254685798999">Report Safe Browsing information</translation>
<translation id="2550593661567988768">Simplex printing only</translation>
<translation id="2552966063069741410">Timezone</translation>
<translation id="2562339630163277285">Specifies the URL of the search engine used to provide instant results. The URL should contain the string <ph name="SEARCH_TERM_MARKER" />, which will be replaced at query time by the text the user has entered so far.
This policy is optional. If not set, no instant search results will be provided.
Google's instant results URL can be specified as: <ph name="GOOGLE_INSTANT_SEARCH_URL" />.
This policy is only respected if the 'DefaultSearchProviderEnabled' policy is enabled.</translation>
<translation id="2569647487017692047">If this policy is set to false, <ph name="PRODUCT_OS_NAME" /> will disable Bluetooth and the user cannot enable it back.
If this policy is set to true or left unset, the user will be able to enable or disable Bluetooth as they wish.
If this policy is set, the user cannot change or override it.
After enabling Bluetooth, the user must log out and log back in for the changes to take effect (no need for this when disabling Bluetooth).</translation>
<translation id="2571066091915960923">Enable or disable the data compression proxy and prevent users from changing this setting.
If you enable or disable this setting, users cannot change or override this setting.
If this policy is left not set, the data compression proxy feature will be available for the user to choose whether to use it or not.</translation>
<translation id="257788512393330403">Password entry is required every six hours</translation>
<translation id="2586162458524426376">
This policy applies to the sign-in screen. Please see also the <ph name="ISOLATE_ORIGINS_POLICY_NAME" /> policy which applies to the user session.
If the policy is enabled, each of the named origins in a comma-separated list will run in its own process. This will also isolate origins named by sub-domains; e.g. specifying https://example.com/ will also cause https://foo.example.com/ to be isolated as part of the https://example.com/ site.
If the policy is not configured or disabled, the platform default site isolation settings will be used for the sign-in screen.
</translation>
<translation id="2587719089023392205">Set <ph name="PRODUCT_NAME" /> as Default Browser</translation>
<translation id="2592091433672667839">Duration of inactivity before the screen saver is shown on the sign-in screen in retail mode</translation>
<translation id="2592162121850992309">If this policy is set to true or left unset, hardware acceleration will be enabled unless a certain GPU feature is blacklisted.
If this policy is set to false, hardware acceleration will be disabled.</translation>
<translation id="2596260130957832043">Controls whether NTLMv2 is enabled.
All recent versions of Samba and Windows servers support NTLMv2. This should only be disabled for backwards compatibility and reduces the security of authentication.
If this policy is not set, the default is true and NTLMv2 is enabled.</translation>
<translation id="26023406105317310">Configure Kerberos accounts</translation>
<translation id="2604182581880595781">Configure Network File Shares-related policies.</translation>
<translation id="2623014935069176671">Wait for initial user activity</translation>
<translation id="262740370354162807">Enable submission of documents to <ph name="CLOUD_PRINT_NAME" /></translation>
<translation id="2627554163382448569">Provides configurations for enterprise printers.
This policy allows you to provide printer configurations to <ph name="PRODUCT_OS_NAME" /> devices. The format is the same as the NativePrinters dictionary, with an additional required 'id' or 'guid' field per printer for whitelisting or blacklisting.
The size of the file must not exceed 5 MB and must be encoded in JSON. It is estimated that a file containing approximately 21,000 printers will encode as a 5 MB file. The cryptographic hash is used to verify the integrity of the download.
The file is downloaded and cached. It will be re-downloaded whenever the URL or the hash changes.
If this policy is set, <ph name="PRODUCT_OS_NAME" /> will download the file for printer configurations and make printers available in accordance with <ph name="BULK_PRINTERS_ACCESS_MODE" />, <ph name="BULK_PRINTERS_WHITELIST" /> and <ph name="BULK_PRINTERS_BLACKLIST" />.
If you set this policy, users cannot change or override it.
This policy has no effect on whether users can configure printers on individual devices. It is intended to be supplementary to the configuration of printers by individual users.
</translation>
<translation id="2633084400146331575">Enable spoken feedback</translation>
<translation id="2646290749315461919">Allows you to set whether websites are allowed to track the users' physical location. Tracking the users' physical location can be allowed by default, denied by default or the user can be asked every time a website requests the physical location.
If this policy is left not set, 'AskGeolocation' will be used and the user will be able to change it.</translation>
<translation id="2647069081229792812">Enable or disable bookmark editing</translation>
<translation id="2649896281375932517">Let users decide</translation>
<translation id="2650049181907741121">Action to take when the user closes the lid</translation>
<translation id="2655233147335439767">Specifies the URL of the search engine used when doing a default search. The URL should contain the string '<ph name="SEARCH_TERM_MARKER" />', which will be replaced at query time by the terms the user is searching for.
Google's search URL can be specified as: <ph name="GOOGLE_SEARCH_URL" />.
This option must be set when the 'DefaultSearchProviderEnabled' policy is enabled and will only be respected if this is the case.</translation>
<translation id="2659019163577049044">If this setting is enabled, users will be allowed to set up their devices to sync SMS messages between their phones and Chromebooks. Note that if this policy is allowed, users must explicitly opt into this feature by completing a setup flow. Once the setup flow is complete, users will be able to send and receive SMS messages on their Chromebooks.
If this setting is disabled, users will not be allowed to set up SMS syncing.
If this policy is left not set, the default is not allowed for managed users and allowed for non-managed users.</translation>
<translation id="2660846099862559570">Never use a proxy</translation>
<translation id="2672012807430078509">Controls enabling NTLM as an authentication protocol for SMB mounts</translation>
<translation id="267596348720209223">Specifies the character encodings supported by the search provider. Encodings are code page names like UTF-8, GB2312, and ISO-8859-1. They are tried in the order provided.
This policy is optional. If not set, the default will be used which is UTF-8.
This policy is only respected if the 'DefaultSearchProviderEnabled' policy is enabled.</translation>
<translation id="268577405881275241">Enable the data compression proxy feature</translation>
<translation id="2693108589792503178">Configure the change password URL.</translation>
<translation id="2694143893026486692">Docked magnifier enabled</translation>
<translation id="2706708761587205154">Allow printing only with PIN</translation>
<translation id="2710534340210290498">If this policy is set to false, users will not be able to lock the screen (only signing out from the user session will be possible). If this setting is set to true or not set, users who authenticated with a password can lock the screen.</translation>
<translation id="2731627323327011390">Disable usage of <ph name="PRODUCT_OS_NAME" /> certificates to ARC-apps</translation>
<translation id="2742843273354638707">Hide the Chrome Web Store app and footer link from the New Tab Page and <ph name="PRODUCT_OS_NAME" /> app launcher.
When this policy is set to true, the icons are hidden.
When this policy is set to false or is not configured, the icons are visible.</translation>
<translation id="2744751866269053547">Register protocol handlers</translation>
<translation id="2746016768603629042">This policy is deprecated, please use DefaultJavaScriptSetting instead.
Can be used to disable JavaScript in <ph name="PRODUCT_NAME" />.
If this setting is disabled, web pages cannot use JavaScript and the user cannot change that setting.
If this setting is enabled or not set, web pages can use JavaScript but the user can change that setting.</translation>
<translation id="2753637905605932878">Restrict the range of local UDP ports used by WebRTC</translation>
<translation id="2757054304033424106">Types of extensions/apps that are allowed to be installed</translation>
<translation id="2758084448533744848">Specifies the enforced timezone to be used for the device. When this policy is set, users on the device cannot override the specified timezone. If an invalid value is provided, the policy is still activated using "GMT" instead. If an empty string is provided, the policy is ignored.
If this policy is not used, the currently active time zone will remain in use; however, users can change the time zone.
New devices start with the time zone set to "US/Pacific".
The format of the value follows the names of time zones in the "IANA Time Zone Database" (see "https://en.wikipedia.org/wiki/Tz_database"). In particular, most time zones can be referred to by "continent/large_city" or "ocean/large_city".
Setting this policy completely disables automatic time zone resolve by device location. It also overrides SystemTimezoneAutomaticDetection policy.</translation>
<translation id="2759224876420453487">Control the user behaviour in a multiprofile session</translation>
<translation id="2761483219396643566">Idle warning delay when running on battery power</translation>
<translation id="2762164719979766599">Specifies the list of device-local accounts to be shown on the login screen.
Every list entry specifies an identifier, which is used internally to tell the different device-local accounts apart.</translation>
<translation id="2769952903507981510">Configure the required domain name for remote access hosts</translation>
<translation id="2783078941107212091">Enable App Recommendation in Zero State of search box in launcher.
If this policy is set to true, App recommendations may appear in the zero state search.
If this policy is set to false, App recommendations will not appear in the zero state search.
If you set this policy, users cannot change or override it.
If this policy is left unset, the default is False for managed devices.</translation>
<translation id="2787173078141616821">Report information about status of Android</translation>
<translation id="2799297758492717491">Allow media auto-play on a whitelist of URL patterns</translation>
<translation id="2801155097555584385">Set battery charge custom start charging in per cent</translation>
<translation id="2801230735743888564">Allow users to play dinosaur easter egg game when device is offline.
If this policy is set to False, users will not be able to play the dinosaur Easter egg game when device is offline. If this setting is set to True, users are allowed to play the dinosaur game. If this policy is not set, users are not allowed to play the dinosaur Easter egg game on enrolled Chrome OS, but are allowed to play it under other circumstances.</translation>
<translation id="2802085784857530815">Allows you to control if users can access non-enterprise printers
If the policy is set to True, or not set at all, users will be able to add, configure and print using their own native printers.
If the policy is set to False, users will not be able to add and configure their own native printers. They will also not be able to print using any previously configured native printers.
</translation>
<translation id="2805707493867224476">Allow all sites to show pop-ups</translation>
<translation id="2808013382476173118">Enables usage of STUN servers when remote clients are trying to establish a connection to this machine.
If this setting is enabled, then remote clients can discover and connect to this machine even if they are separated by a firewall.
If this setting is disabled and outgoing UDP connections are filtered by the firewall, then this machine will only allow connections from client machines within the local network.
If this policy is not set, the setting will be enabled.</translation>
<translation id="2813281962735757923">This policy controls the time frames during which the <ph name="PRODUCT_OS_NAME" /> device is not allowed to check for updates automatically.
When this policy is set to a non-empty list of time intervals:
Devices will not be able to check for updates automatically during the specified time intervals. Devices that require a rollback or are below the minimum <ph name="PRODUCT_OS_NAME" /> version will not be affected by this policy due to potential security issues. Furthermore, this policy will not block update checks requested by users or administrators.
When this policy is unset or contains no time intervals:
No automatic update checks will be blocked by this policy, but they may be blocked by other policies. This feature is only enabled on Chrome devices configured as auto-launch kiosks. Other devices will not be restricted by this policy.</translation>
<translation id="2823870601012066791">Windows registry location for <ph name="PRODUCT_OS_NAME" /> clients:</translation>
<translation id="2824715612115726353">Enable Incognito mode</translation>
<translation id="2836621397261130126">Controls whether approval by KDC policy is respected to decide whether to delegate <ph name="KERBEROS" /> tickets.
If this policy is true, HTTP authentication respects approval by KDC policy, i.e. Chrome only delegates credentials if the KDC sets <ph name="OK_AS_DELEGATE" /> on a service ticket. Please see https://tools.ietf.org/html/rfc5896.html for more information. Service should also match 'AuthNegotiateDelegateWhitelist' policy.
If this policy is not set or set to false, KDC policy is ignored on supported platforms and 'AuthNegotiateDelegateWhitelist' policy only is respected.
On Windows KDC policy is always respected.</translation>
<translation id="283695852388224413">If the policy is set, the configured maximal PIN length is enforced. A value of 0 or less means no maximum length; in that case, the user may set a PIN as long as they want. If this setting is less than <ph name="PIN_UNLOCK_MINIMUM_LENGTH_POLICY_NAME" /> but greater than 0, the maximum length is the same as the minimum length.
If the policy is not set, no maximum length is enforced.</translation>
<translation id="2838830882081735096">Disallow data migration and ARC</translation>
<translation id="2839294585867804686">Network File Shares settings</translation>
<translation id="2840269525054388612">Specifies the printers which a user can use.
This policy is only used if <ph name="PRINTERS_WHITELIST" /> is chosen for <ph name="DEVICE_PRINTERS_ACCESS_MODE" />
If this policy is used, only the printers with ids matching the values in this policy are available to the user. The ids must correspond to the 'id' or 'guid' fields in the file specified in <ph name="DEVICE_PRINTERS_POLICY" />.
</translation>
<translation id="2842152347010310843">Controls the whitelist of URL patterns on which auto-play will always be enabled.
If auto-play is enabled then videos can play automatically (without user consent) with audio content in <ph name="PRODUCT_NAME" />.
Valid URL patterns specifications are:
- [*.]domain.tld (matches domain.tld and all sub-domains)
- host (matches an exact hostname)
- scheme://host:port (supported schemes: http,https)
- scheme://[*.]domain.tld:port (supported schemes: http,https)
- file://path (The path has to be an absolute path and start with a '/')
- a.b.c.d (matches an exact IPv4 ip)
- [a:b:c:d:e:f:g:h] (matches an exact IPv6 ip)
If the AutoplayAllowed policy is set to True then this policy will have no effect.
If the AutoplayAllowed policy is set to False then any URL patterns set in this policy will still be allowed to play.
Note that if <ph name="PRODUCT_NAME" /> is running and this policy changes, it will only be applied to new opened tabs. Therefore some tabs might still observe the previous behaviour.</translation>
<translation id="284288632677954003">URL of an XML file that contains URLs that should never trigger a browser switch.</translation>
<translation id="285480231336205327">Enable high contrast mode</translation>
<translation id="2854919890879212089">Causes <ph name="PRODUCT_NAME" /> to use the system default printer as the default choice in Print Preview instead of the most recently used printer.
If you disable this setting or do not set a value, Print Preview will use the most recently used printer as the default destination choice.
If you enable this setting, Print Preview will use the OS system default printer as the default destination choice.</translation>
<translation id="285627849510728211">Set advanced battery charge mode day config</translation>
<translation id="2856674246949497058">Roll back and stay on target version if OS version is newer than target. Do a powerwash during the process.</translation>
<translation id="2872961005593481000">Shut down</translation>
<translation id="2873651257716068683">Overrides default printing page size. If the page size is unavailable, this policy is ignored.</translation>
<translation id="2874209944580848064">Note for <ph name="PRODUCT_OS_NAME" /> devices supporting Android apps:</translation>
<translation id="2877225735001246144">Disable CNAME lookup when negotiating Kerberos authentication</translation>
<translation id="2890645751406497668">Automatically grant permission to these sites to connect to USB devices with the given vendor and product IDs.</translation>
<translation id="2892414556511568464">Restricts printing duplex mode. Unset policy and empty set are treated as no restriction.</translation>
<translation id="2893546967669465276">Send system logs to the management server</translation>
<translation id="2899002520262095963">Android apps can use the network configurations and CA certificates set via this policy, but do not have access to some configuration options.</translation>
<translation id="290002216614278247">Allows you to lock the user's session based on the client time or the usage quota of the day.
The |time_window_limit| specifies a daily window in which the user's session should be locked. We only support one rule for each day of the week, therefore the |entries| array may vary from 0 to 7 in size. |starts_at| and |ends_at| are the beginning and the end of the window limit, when |ends_at| is smaller than |starts_at| it means that the |time_limit_window| ends on the following day. |last_updated_millis| is the UTC timestamp for the last time that this entry was updated; it is sent as a string because the timestamp wouldn't fit in an integer.
The |time_usage_limit| specifies a daily screen quota, so when the user reaches it, the user's session is locked. There is a property for each day of the week, and it should be set only if there is an active quota for that day. |usage_quota_mins| is the amount of time that the managed device can be used in a day and |reset_at| is the time when the usage quota is renewed. The default value for |reset_at| is midnight ({'hour': 0, 'minute': 0}). |last_updated_millis| is the UTC timestamp for the last time that this entry was updated; it is sent as a string because the timestamp wouldn't fit in an integer.
|overrides| is provided to invalidate temporarily one or more of the previous rules.
* If neither time_window_limit nor time_usage_limit is active, |LOCK| can be used to lock the device.
* |LOCK| temporarily locks a user session until the next time_window_limit or time_usage_limit starts.
* |UNLOCK| unlocks a user's session locked by time_window_limit or time_usage_limit.
|created_time_millis| is the UTC timestamp for the override creation; it is sent as a String because the timestamp wouldn't fit in an integer. It is used to determine whether this override should still be applied. If the current active time limit feature (time usage limit or time window limit) started after the override was created, it should not take action. Also, if the override was created before the last change of the active time_window_limit or time_usage_window, it should not be applied.
Multiple overrides may be sent; the newest valid entry is the one that is going to be applied.</translation>
<translation id="2901725272378498025">Enable security warnings for command-line flags</translation>
<translation id="2905984450136807296">Authentication data cache lifetime</translation>
<translation id="2906874737073861391">List of AppPack extensions</translation>
<translation id="2907992746861405243">Controls which printers from the <ph name="BULK_PRINTERS_POLICY" /> are available to users.
Designates which access policy is used for bulk printer configuration. If <ph name="PRINTERS_ALLOW_ALL" /> is selected, all printers are shown. If <ph name="PRINTERS_BLACKLIST" /> is selected, <ph name="BULK_PRINTERS_BLACKLIST" /> is used to restrict access to the specified printers. If <ph name="PRINTERS_WHITELIST" /> is selected, <ph name="BULK_PRINTERS_WHITELIST" /> designates only those printers which are selectable.
If this policy is not set, <ph name="PRINTERS_ALLOW_ALL" /> is assumed.
</translation>
<translation id="2908277604670530363">Maximum number of concurrent connections to the proxy server</translation>
<translation id="2952347049958405264">Restrictions:</translation>
<translation id="2956777931324644324">This policy has been retired as of <ph name="PRODUCT_NAME" /> version 36.
Specifies whether the TLS domain-bound certificates extension should be enabled.
This setting is used to enable the TLS domain-bound certificates extension for testing. This experimental setting will be removed in the future.</translation>
<translation id="2957506574938329824">Do not allow any site to request access to Bluetooth devices via the Web Bluetooth API</translation>
<translation id="2957513448235202597">Account type for <ph name="HTTP_NEGOTIATE" /> authentication</translation>
<translation id="2959469725686993410">Always send Wi-Fi access points to server while resolving timezone</translation>
<translation id="2959898425599642200">Proxy bypass rules</translation>
<translation id="2960128438010718932">The staging schedule for applying a new update</translation>
<translation id="2960691910306063964">Enable or disable PIN-less authentication for remote access hosts</translation>
<translation id="2976002782221275500">Specifies the length of time without user input after which the screen is dimmed when running on battery power.
When this policy is set to a value greater than zero, it specifies the length of time that the user must remain idle before <ph name="PRODUCT_OS_NAME" /> dims the screen.
When this policy is set to zero, <ph name="PRODUCT_OS_NAME" /> does not dim the screen when the user becomes idle.
When this policy is unset, a default length of time is used.
The policy value should be specified in milliseconds. Values are clamped to be less than or equal the screen off delay (if set) and the idle delay.</translation>
<translation id="2977997796833930843">Note that this policy is deprecated and will be removed in the future.
This policy provides a fallback value for the more specific <ph name="IDLE_ACTION_AC_POLICY_NAME" /> and <ph name="IDLE_ACTION_BATTERY_POLICY_NAME" /> policies. If this policy is set, its value gets used if the respective more specific policy is not set.
When this policy is unset, behaviour of the more specific policies remains unaffected.</translation>
<translation id="2987155890997901449">Enable ARC</translation>
<translation id="2987227569419001736">Control use of the Web Bluetooth API</translation>
<translation id="2990018289267778247">If this policy is set to true, Accessibility options always appear in system tray menu.
If this policy is set to false, Accessibility options never appear in system tray menu.
If you set this policy, users cannot change or override it.
If this policy is left unset, Accessibility options will not appear in the system tray menu, but the user can cause the Accessibility options to appear via the Settings page.
When accessibility features are enabled (by other means, e.g. by a key combination), Accessibility options will always appear in system tray menu.</translation>
<translation id="3011301228198307065">Configures the default homepage URL in <ph name="PRODUCT_NAME" /> and prevents users from changing it.
The homepage is the page opened by the Home button. The pages that open on start-up are controlled by the RestoreOnStartup policies.
The homepage type can either be set to a URL that you specify here or set to the new tab page. If you select the new tab page, then this policy does not take effect.
If you enable this setting, users cannot change their homepage URL in <ph name="PRODUCT_NAME" />, but they can still choose the new tab page as their homepage.
Leaving this policy not set will also allow the user to choose their own homepage if HomepageIsNewTabPage is not set.
The URL must have a standard scheme, e.g. 'http://example.com' or 'https://example.com'.
This policy is available only on Windows instances that are joined to a <ph name="MS_AD_NAME" /> domain. It also applies to Windows 10 Pro or Enterprise instances that enrolled for device management.</translation>
<translation id="3016255526521614822">Whitelist note-taking apps allowed on the <ph name="PRODUCT_OS_NAME" /> lock screen</translation>
<translation id="3021562480854470924">Number of milestones roll-back is allowed</translation>
<translation id="3023572080620427845">URL of an XML file that contains URLs to load in an alternative browser.</translation>
<translation id="3030000825273123558">Enable metrics reporting</translation>
<translation id="3033660238345063904">You can specify the URL of the proxy server here.
This policy only takes effect if you have selected manual proxy settings at 'Choose how to specify proxy server settings' and if the <ph name="PROXY_SETTINGS_POLICY_NAME" /> policy has not been specified.
You should leave this policy not set if you have selected any other mode for setting proxy policies.
For more options and detailed examples, visit:
<ph name="PROXY_HELP_URL" />.</translation>
<translation id="3034580675120919256">Allows you to set whether websites are allowed to run JavaScript. Running JavaScript can be either allowed for all websites or denied for all websites.
If this policy is left unset, 'AllowJavaScript' will be used and the user will be able to change it.</translation>
<translation id="3038323923255997294">Continue running background apps when <ph name="PRODUCT_NAME" /> is closed</translation>
<translation id="3046192273793919231">Send network packets to the management server to monitor online status</translation>
<translation id="3047732214002457234">Control how Chrome Cleanup reports data to Google</translation>
<translation id="304775240152542058">This policy controls command-line parameters to launch to the alternative browser.
When this policy is left unset, only the URL is passed as a command-line parameter.
When this policy is set to a list of strings, each string is passed to the alternative browser as a separate command-line parameters. On Windows, the parameters are joined with spaces. On Mac OS X and Linux, a parameter may contain spaces and still be treated as a single parameter.
If an element contains ${url}, it gets replaced with the URL of the page to open.
If no element contains ${url}, the URL is appended at the end of the command line.
Environment variables are expanded. On Windows, %ABC% is replaced with the value of the ABC environment variable. On Mac OS X and Linux, ${ABC} is replaced with the value of the ABC environment variable.</translation>
<translation id="3048744057455266684">If this policy is set and a search URL suggested from the omnibox contains this parameter in the query string or in the fragment identifier, then the suggestion will show the search terms and search provider instead of the raw search URL.
This policy is optional. If not set, no search term replacement will be performed.
This policy is only respected if the 'DefaultSearchProviderEnabled' policy is enabled.</translation>
<translation id="3053265701996417839">Microsoft Windows 7</translation>
<translation id="306887062252197004">This policy allows users of the WebDriver feature to override
policies which can interfere with its operation.
Currently this policy disables SitePerProcess and IsolateOrigins policies.
If the policy is enabled, WebDriver will be able to override incompatible
policies.
If the policy is disabled or not configured, WebDriver will not be allowed
to override incompatible policies.</translation>
<translation id="3069958900488014740">Allows you to turn off WPAD (Web Proxy Auto-Discovery) optimisation in <ph name="PRODUCT_NAME" />.
If this policy is set to false, WPAD optimisation is disabled causing <ph name="PRODUCT_NAME" /> to wait longer for DNS-based WPAD servers. If the policy is not set or is enabled, WPAD optimisation is enabled.
Independent of whether or how this policy is set, the WPAD optimisation setting cannot be changed by users.</translation>
<translation id="3072045631333522102">Screen saver to be used on the sign-in screen in retail mode</translation>
<translation id="3072847235228302527">Set the Terms of Service for a device-local account</translation>
<translation id="3077183141551274418">Enables or disables tab lifecycles</translation>
<translation id="3079417254871857650">Specifies the action that should be taken when the user's home directory was created with ecryptfs encryption.
If you set this policy to 'DisallowArc', Android apps will be disabled for the user and no migration from ecryptfs to ext4 encryption will be performed. Android apps will not be prevented from running when the home directory is already ext4-encrypted.
If you set this policy to 'Migrate', ecryptfs-encrypted home directories will be automatically migrated to ext4 encryption on sign-in without asking for user consent.
If you set this policy to 'Wipe', ecryptfs-encrypted home directories will be deleted on sign-in and new ext4-encrypted home directories will be created instead. Warning: This removes the user's local data.
If you set this policy to 'MinimalMigrate', ecryptfs-encrypted home directories will be deleted on sign-in and new ext4-encrypted home directories will be created instead. However, it will be attempted to preserve login tokens so that the user does not have to sign in again. Warning: This removes the user's local data.
If you set this policy to an option that is no longer supported ('AskUser' or 'AskForEcryptfsArcUsers'), it will be treated as if you had selected 'Migrate' instead.
This policy does not apply to kiosk users. If this policy is left not set, the device will behave as if 'DisallowArc' was chosen.</translation>
<translation id="3086995894968271156">Configure the cast receiver in <ph name="PRODUCT_NAME" />.</translation>
<translation id="3088796212846734853">Allows you to set a list of URL patterns that specify sites which are allowed to display images.
If this policy is left not set, the global default value will be used for all sites, either from the 'DefaultImagesSetting' policy if it is set, or from the user's personal configuration.
Note: This policy was erroneously enabled on Android, but this functionality has never been fully supported on Android.</translation>
<translation id="3091832372132789233">Charge battery for devices that are primarily connected to an external power source.</translation>
<translation id="3096595567015595053">List of enabled plug-ins</translation>
<translation id="3101501961102569744">Choose how to specify proxy server settings</translation>
<translation id="3101709781009526431">Date and time</translation>
<translation id="3114411414586006215">This policy controls the list of websites that will never cause a browser switch.
Note that elements can also be added to this list through the <ph name="EXTERNAL_SITELIST_URL_POLICY_NAME" /> policy.
When this policy is left unset, no websites are added to the list.
When this policy is set, each item is treated as a rule, similar to the <ph name="URL_LIST_POLICY_NAME" /> policy. However, the logic is reversed: rules that match will not open an alternative browser.
Unlike <ph name="URL_LIST_POLICY_NAME" />, rules apply to both directions. That is, when the Internet Explorer add-in is present and enabled, it also controls whether <ph name="IE_PRODUCT_NAME" /> should open these URLs in <ph name="PRODUCT_NAME" />.</translation>
<translation id="3117676313396757089">Warning: DHE will be completely removed from <ph name="PRODUCT_NAME" /> after version 57 (around March 2017) and this policy will stop working then.
If the policy is not set, or is set to false, then DHE cipher suites in TLS will not be enabled. Otherwise it may be set to true to enable DHE cipher suites and retain compatibility with an outdated server. This is a stopgap measure and the server should be reconfigured.
Servers are encouraged to migrate to ECDHE cipher suites. If these are unavailable, ensure a cipher suite using RSA key exchange is enabled.</translation>
<translation id="3117706142826400449">If disabled, prevents Chrome Clean-Up from scanning the system for unwanted software and performing clean ups. Manually triggering Chrome Clean-Up from chrome://settings/cleanup is disabled.
If enabled or unset, Chrome Clean-Up periodically scans the system for unwanted software and should any be found, will ask the user if they wish to remove it. Manually triggering Chrome Clean-Up from chrome://settings is enabled.
This policy is available only on Windows instances that are joined to a <ph name="MS_AD_NAME" /> domain. It also applies to Windows 10 Pro or Enterprise instances that enrolled for device management.</translation>
<translation id="3152425128389603870">Make Unified Desktop available and turn on by default</translation>
<translation id="3159375329008977062">User is enabled to export/import Crostini containers via the UI</translation>
<translation id="3165808775394012744">These policies are included here to make them easy to remove.</translation>
<translation id="316778957754360075">This setting has been retired as of <ph name="PRODUCT_NAME" /> version 29. The recommended way to set up organisation-hosted extension/app collections is to include the site hosting the CRX packages in ExtensionInstallSources and put direct download links to the packages on a web page. A launcher for that web page can be created using the ExtensionInstallForcelist policy.</translation>
<translation id="3168968618972302728">Policies related to Kerberos authentication.</translation>
<translation id="3171369832001535378">Device network hostname template</translation>
<translation id="3172512016079904926">Enables user-level installation of Native Messaging hosts.
If this setting is enabled, then <ph name="PRODUCT_NAME" /> allows usage of Native Messaging hosts installed on user level.
If this setting is disabled, then <ph name="PRODUCT_NAME" /> will only use Native Messaging hosts installed on system level.
If this setting is left not set, <ph name="PRODUCT_NAME" /> will allow usage of user-level Native Messaging hosts.</translation>
<translation id="3177802893484440532">Require online OCSP/CRL checks for local trust anchors</translation>
<translation id="3185009703220253572">since version <ph name="SINCE_VERSION" /></translation>
<translation id="3187220842205194486">Android apps cannot get access to corporate keys. This policy has no effect on them.</translation>
<translation id="3205825995289802549">Maximise the first browser window on first run</translation>
<translation id="3211426942294667684">Browser sign in settings</translation>
<translation id="3214164532079860003">This policy forces the home page to be imported from the current default browser if enabled.
If disabled, the home page is not imported.
If it is not set, the user may be asked whether to import or importing may happen automatically.</translation>
<translation id="3219421230122020860">Incognito mode available.</translation>
<translation id="3220624000494482595">If the kiosk app is an Android app, it will have no control over the <ph name="PRODUCT_OS_NAME" /> version, even if this policy is set to <ph name="TRUE" />.</translation>
<translation id="3236046242843493070">URL patterns to allow extension, app, and user script installs from</translation>
<translation id="3240609035816615922">Printer configuration access policy.</translation>
<translation id="3240655340884151271">Dock's built-in NIC MAC address</translation>
<translation id="3243309373265599239">Specifies the length of time without user input after which the screen is dimmed when running on AC power.
When this policy is set to a value greater than zero, it specifies the length of time that the user must remain idle before <ph name="PRODUCT_OS_NAME" /> dims the screen.
When this policy is set to zero, <ph name="PRODUCT_OS_NAME" /> does not dim the screen when the user becomes idle.
When this policy is unset, a default length of time is used.
The policy value should be specified in milliseconds. Values are clamped to be less than or equal to the screen off delay (if set) and the idle delay.</translation>
<translation id="3251500716404598358">Configure policies to switch between browsers.
Configured websites will automatically open in a different browser from <ph name="PRODUCT_NAME" />.</translation>
<translation id="3264793472749429012">Default search provider encodings</translation>
<translation id="3273221114520206906">Default JavaScript setting</translation>
<translation id="3284094172359247914">Control use of the WebUSB API</translation>
<translation id="3288595667065905535">Release channel</translation>
<translation id="3292147213643666827">Enables <ph name="PRODUCT_NAME" /> to act as a proxy between <ph name="CLOUD_PRINT_NAME" /> and legacy printers connected to the machine.
If this setting is enabled or not configured, users can enable the cloud print proxy by authentication with their Google Account.
If this setting is disabled, users cannot enable the proxy, and the machine will not be allowed to share it's printers with <ph name="CLOUD_PRINT_NAME" />.</translation>
<translation id="3312206664202507568">Enables a page at chrome://password-change that lets SAML users change their SAML passwords while in-session, which ensures that the SAML password and the device lock-screen password are kept in sync.
This policy also enables notifications that warn SAML users if their SAML passwords are soon to expire so that they can deal with this immediately by doing an in-session password change.
But these notifications will only be shown if password expiry information is sent to the device by the SAML identity provider during the SAML login flow.
If this policy is set, the user cannot change or override it.</translation>
<translation id="3322771899429619102">Allows you to set a list of URL patterns that specify sites which are allowed to use key generation. If a URL pattern is in 'KeygenBlockedForUrls', that overrides these exceptions.
If this policy is left not set the global default value will be used for all sites either from the 'DefaultKeygenSetting' policy if it is set or the user's personal configuration otherwise.</translation>
<translation id="332771718998993005">Determine the name advertised as a <ph name="PRODUCT_NAME" /> destination.
If this policy is set to a non-empty string, that string will be used as the name of the <ph name="PRODUCT_NAME" /> destination. Otherwise, the destination name will be the device name. If this policy is not set, the destination name will be the device name, and the owner of the device (or a user from the domain managing the device) will be allowed to change it. The name is limited to 24 characters.</translation>
<translation id="3335468714959531450">Allows you to set a list of URL patterns that specify sites which are allowed to set cookies.
If this policy is left not set, the global default value will be used for all sites, either from the 'DefaultCookiesSetting' policy if it is set, or from the user's personal configuration.
Also see policies 'CookiesBlockedForUrls' and 'CookiesSessionOnlyForUrls'. Note: There must be no conflicting URL patterns between these three policies – it is not specified as to which policy takes precedence.</translation>
<translation id="3373364525435227558">Sets one or more recommended locales for a managed session, allowing users to easily choose one of these locales.
The user can choose a locale and a keyboard layout before starting a managed session. By default, all locales supported by <ph name="PRODUCT_OS_NAME" /> are listed in alphabetic order. You can use this policy to move a set of recommended locales to the top of the list.
If this policy is not set, the current UI locale will be pre-selected.
If this policy is set, the recommended locales will be moved to the top of the list and will be visually separated from all other locales. The recommended locales will be listed in the order in which they appear in the policy. The first recommended locale will be pre-selected.
If there is more than one recommended locale, it is assumed that users will want to select from these locales. Locale and keyboard layout selection will be prominently offered when starting a managed session. Otherwise, it is assumed that most users will want to use the pre-selected locale. Locale and keyboard layout selection will be less prominently offered when starting a managed session.
When this policy is set and automatic login is enabled (see the |DeviceLocalAccountAutoLoginId| and |DeviceLocalAccountAutoLoginDelay| policies), the automatically started managed session will use the first recommended locale and the most popular keyboard layout matching this locale.
The pre-selected keyboard layout will always be the most popular layout matching the pre-selected locale.
This policy can only be set as recommended. You can use this policy to move a set of recommended locales to the top but users are always allowed to choose any locale supported by <ph name="PRODUCT_OS_NAME" /> for their session.
</translation>
<translation id="3381968327636295719">Use the host browser by default</translation>
<translation id="3384115339826100753">Enable the power peak shift power-management policy.
Peak shift is a power-saving policy that minimises alternating current usage during the peak usage times during the day. For each weekday, a start and end time to run in power peak shift mode can be set. During these times the system will run from the battery even if the alternating current is attached, as long as the battery stays above the threshold specified. After the end time specified, the system will run from alternating current if attached but will not charge the battery. The system will again function normally using alternating current and recharging the battery after the specified charge start time.
If this policy is set to true, and DevicePowerPeakShiftBatteryThreshold, DevicePowerPeakShiftDayConfig are set, then power peak shift will always be enabled if supported on the device.
If this policy is set to false, power peak shift will always be disabled.
If you set this policy, users cannot change or override it.
If this policy is left unset, power peak shift is disabled initially and cannot be enabled by the user.</translation>
<translation id="3414260318408232239">If this policy is not configured then <ph name="PRODUCT_NAME" /> uses a default minimum version which is TLS 1.0.
Otherwise it may be set to one of the following values: 'tls1', 'tls1.1' or 'tls1.2'. When set, <ph name="PRODUCT_NAME" /> will not use SSL/TLS versions less than the specified version. An unrecognised value will be ignored.</translation>
<translation id="34160070798637152">Controls device-wide network configuration.</translation>
<translation id="3417418267404583991">If this policy is set to true or not configured, <ph name="PRODUCT_OS_NAME" /> will enable guest logins. Guest logins are anonymous user sessions and do not require a password.
If this policy is set to false, <ph name="PRODUCT_OS_NAME" /> will not allow guest sessions to be started.</translation>
<translation id="3418871497193485241">Enforces a minimum Restricted Mode on YouTube and prevents users from
picking a less restricted mode.
If this setting is set to Strict, Strict Restricted Mode on YouTube is always active.
If this setting is set to Moderate, the user may only pick Moderate Restricted Mode
and Strict Restricted Mode on YouTube, but cannot disable Restricted Mode.
If this setting is set to Off or no value is set, Restricted Mode on YouTube is not enforced by <ph name="PRODUCT_NAME" />. However, external policies such as YouTube policies might still enforce Restricted Mode.</translation>
<translation id="3428247105888806363">Enable network prediction.</translation>
<translation id="3432863169147125747">Controls printing settings.</translation>
<translation id="3434932177006334880">This setting was named EnableWebBasedSignin prior to Chrome 42, and support for it will be removed entirely in Chrome 43.
This setting is useful for enterprise customers who are using SSO solutions that are not compatible with the new inline sign-in flow yet.
If you enable this setting, the old web-based sign-in flow would be used.
If you disable this setting or leave it not set, the new inline sign-in flow would be used by default. Users may still enable the old web-based sign-in flow through the command line flag --enable-web-based-sign-in.
The experimental setting will be removed in the future when the inline sign-in fully supports all SSO sign-in flows.</translation>
<translation id="3437924696598384725">Allow the user to manage VPN connections</translation>
<translation id="3459509316159669723">Printing</translation>
<translation id="3460784402832014830">Specifies the URL that a search engine uses to provide a new tab page.
This policy is optional. If not set, no new tab page will be provided.
This policy is only respected if the 'DefaultSearchProviderEnabled' policy is enabled.</translation>
<translation id="3461279434465463233">Report power status</translation>
<translation id="346731943813722404">Specifies whether power management delays and the session length limit should only start running after the first user activity has been observed in a session.
If this policy is set to True, power management delays and the session length limit do not start running until after the first user activity has been observed in a session.
If this policy is set to False or left unset, power management delays and the session length limit start running immediately on session start.</translation>
<translation id="3478024346823118645">Wipe user data on sign-out</translation>
<translation id="3480961938508521469">Fully charge battery at a standard rate.</translation>
<translation id="348495353354674884">Enable virtual keyboard</translation>
<translation id="3487623755010328395">
If this policy is set, <ph name="PRODUCT_NAME" /> will try to register itself and apply associated cloud policy for all profiles.
The value of this policy is an Enrolment token that can be retrieved from the Google Admin console.</translation>
<translation id="3489247539215560634">If this setting is enabled, users can have <ph name="PRODUCT_NAME" /> memorise passwords and provide them automatically the next time they log in to a site.
If this setting is disabled, users cannot save new passwords but they may still use passwords that have been saved previously.
If this policy is enabled or disabled, users cannot change or override it in <ph name="PRODUCT_NAME" />. If this policy is unset, password saving is allowed (but can be turned off by the user).</translation>
<translation id="3496296378755072552">Password manager</translation>
<translation id="3500732098526756068">Allows you to control the triggering of password protection warning. Password protection alerts users when they reuse their protected password on potentially suspicious sites.
You can use 'PasswordProtectionLoginURLs' and 'PasswordProtectionChangePasswordURL' policies to configure which password to protect.
If this policy is set to 'PasswordProtectionWarningOff', no password protection warning will be shown.
If this policy is set to 'PasswordProtectionWarningOnPasswordReuse', password protection warning will be shown when the user reuses their protected password on a non-whitelisted site.
If this policy is set to 'PasswordProtectionWarningOnPhishingReuse', password protection warning will be shown when the user reuses their protected password on a phishing site.
If this policy is left unset, password protection service will only protect Google passwords but the user will be able to change this setting.</translation>
<translation id="3502555714327823858">Allow all duplex modes</translation>
<translation id="350443680860256679">Configure ARC</translation>
<translation id="3504791027627803580">Specifies the URL of the search engine used to provide image search. Search requests will be sent using the GET method. If the DefaultSearchProviderImageURLPostParams policy is set then image search requests will use the POST method instead.
This policy is optional. If not set, no image search will be used.
This policy is only respected if the 'DefaultSearchProviderEnabled' policy is enabled.</translation>
<translation id="350797926066071931">Enable Translate</translation>
<translation id="3513655665999652754">The Quirks Server provides hardware-specific configuration files, such as ICC display profiles to adjust monitor calibration.
When this policy is set to false, the device will not attempt to contact the Quirks Server to download configuration files.
If this policy is true or not configured, then <ph name="PRODUCT_OS_NAME" /> will automatically contact the Quirks Server and download configuration files, if available, and store them on the device. Such files might, for example, be used to improve display quality of attached monitors.</translation>
<translation id="3524204464536655762">Do not allow any site to request access to USB devices via the WebUSB API</translation>
<translation id="3526752951628474302">Monochrome printing only</translation>
<translation id="3528000905991875314">Enable alternate error pages</translation>
<translation id="3545457887306538845">Allows you to control where Developer Tools can be used.
If this policy is set to 'DeveloperToolsDisallowedForForceInstalledExtensions' (value 0, which is the default value), the Developer Tools and the JavaScript console can be accessed in general, but they cannot be accessed in the context of extensions installed by enterprise policy.
If this policy is set to 'DeveloperToolsAllowed' (value 1), the Developer Tools and the JavaScript console can be accessed and used in all contexts, including the context of extensions installed by enterprise policy.
If this policy is set to 'DeveloperToolsDisallowed' (value 2), the Developer Tools cannot be accessed and website elements can no longer be inspected. Any keyboard shortcuts and any menu or context menu entries to open the Developer Tools or the JavaScript Console will be disabled.</translation>
<translation id="3547954654003013442">Proxy settings</translation>
<translation id="3550875587920006460">Allows setting a custom schedule to check for updates. This applies to all users, and to all interfaces on the device. Once set, the device will check for updates according to the schedule. The policy must be removed to cancel any more scheduled update checks.</translation>
<translation id="355118380775352753">Websites to open in alternative browser</translation>
<translation id="3554984410014457319">Allow Google Assistant to listen for the voice activation phrase</translation>
<translation id="3557208865710006939">Force-enables spellcheck languages. Unrecognised languages in the list will be ignored.
If you enable this policy, spellcheck will be enabled for the languages specified, in addition to the languages for which the user has enabled spellcheck.
If you do not set this policy, or disable it, there will be no change to the user's spellcheck preferences.
If the <ph name="SPELLCHECK_ENABLED_POLICY_NAME" /> policy is set to false, this policy will have no effect.
If a language is included in both this policy and the <ph name="SPELLCHECK_LANGUAGE_BLACKLIST_POLICY_NAME" /> policy, this policy is prioritised and the spellcheck language is enabled.
The currently supported languages are: af, bg, ca, cs, da, de, el, en-AU, en-CA, en-GB, en-US, es, es-419, es-AR, es-ES, es-MX, es-US, et, fa, fo, fr, he, hi, hr, hu, id, it, ko, lt, lv, nb, nl, pl, pt-BR, pt-PT, ro, ru, sh, sk, sl, sq, sr, sv, ta, tg, tr, uk, vi.</translation>
<translation id="356579196325389849">Users may configure the Chrome OS release channel</translation>
<translation id="3575011234198230041">HTTP authentication</translation>
<translation id="3577251398714997599">Ads setting for sites with intrusive ads</translation>
<translation id="357917253161699596">Allow users to manage user certificates</translation>
<translation id="3583230441447348508">Specifies a list of pre-configured network file shares.
Each list item of the policy is an object with two members: "share_url" and "mode". "share_url" should be the URL of the share and "mode" should be either "drop_down" or "pre_mount". "drop_down" mode indicates that "share_url" will be added to the share discovery drop-down. "pre_mount" mode indicates that "share_url" will be mounted.</translation>
<translation id="3591527072193107424">Enable the Legacy Browser Support feature.</translation>
<translation id="3591584750136265240">Configure the login authentication behaviour</translation>
<translation id="3627678165642179114">Enable or disable spell checking web service</translation>
<translation id="3628480121685794414">Enable simplex printing</translation>
<translation id="3631099945620529777">If set to false, the 'End process' button is disabled in the Task Manager.
If set to true or not configured, the user can end processes in the Task Manager.</translation>
<translation id="3643284063603988867">Enable 'Remember password' feature</translation>
<translation id="3646859102161347133">Set screen magnifier type</translation>
<translation id="3653237928288822292">Default search provider icon</translation>
<translation id="3660510274595679517">
If this policy is set to true, cloud management enrolment is mandatory and blocks Chrome launch process if failed.
If this policy is left unset or set to false, cloud management enrolment is optional and does not block Chrome launch process if failed.
This policy is used by machine scope cloud policy enrolment on desktop and can be set by Registry or GPO on Windows, plist on Mac and JSON policy file on Linux.</translation>
<translation id="3660562134618097814">Transfer SAML IdP cookies during login</translation>
<translation id="3701121231485832347">Controls settings specific to <ph name="MS_AD_NAME" />-managed <ph name="PRODUCT_OS_NAME" /> devices.</translation>
<translation id="3702518095257671450">Remote attestation</translation>
<translation id="3702647575225525306"><ph name="POLICY_NAME" /> (The single-line field is deprecated and will be removed in the future. Please start using the multi-line text box below.)</translation>
<translation id="3709266154059827597">Configure extension installation blacklist</translation>
<translation id="3711895659073496551">Suspend</translation>
<translation id="3715569262675717862">Authentication based on client certificates</translation>
<translation id="3736879847913515635">Enable add person in user manager</translation>
<translation id="3738723882663496016">This policy specifies <ph name="PLUGIN_VM_NAME" /> licence key for this device.</translation>
<translation id="3748900290998155147">Specifies whether wake locks are allowed. Wake locks can be requested by extensions via the power management extension API and by ARC apps.
If this policy is set to true or left not set, wake locks will be honoured for power management.
If this policy is set to false, wake lock requests will be ignored.</translation>
<translation id="3750220015372671395">Block key generation on these sites</translation>
<translation id="375266612405883748">Restricts the UDP port range used by the remote access host in this machine.
If this policy is not set, or if it is set to an empty string, the remote access host will be allowed to use any available port, unless the policy <ph name="REMOTE_ACCESS_HOST_FIREWALL_TRAVERSAL_POLICY_NAME" /> is disabled, in which case the remote access host will use UDP ports in the 12400-12409 range.</translation>
<translation id="3756011779061588474">Block developer mode</translation>
<translation id="3758089716224084329">Allows you to specify the proxy server used by <ph name="PRODUCT_NAME" /> and prevents users from changing proxy settings.
If you choose to never use a proxy server and always connect directly, all other options are ignored.
If you choose to auto detect the proxy server, all other options are ignored.
For detailed examples, visit:
<ph name="PROXY_HELP_URL" />.
If you enable this setting, <ph name="PRODUCT_NAME" /> and ARC-apps, ignore all proxy-related options specified from the command line.
Leaving these policies unset will allow the users to choose the proxy settings on their own.</translation>
<translation id="3758249152301468420">Disable Developer Tools</translation>
<translation id="3764248359515129699">Disables enforcing Certificate Transparency requirements for a list of Legacy Certificate Authorities.
This policy allows disabling Certificate Transparency disclosure requirements for certificate chains that contain certificates with one of the specified subjectPublicKeyInfo hashes. This allows certificates that would otherwise be untrusted, because they were not properly publicly disclosed, to continue to be used for Enterprise hosts.
In order for Certificate Transparency enforcement to be disabled when this policy is set, the hash must be of a subjectPublicKeyInfo appearing in a CA certificate that is recognised as a Legacy Certificate Authority (CA). A Legacy CA is a CA that has been publicly trusted by one or more operating systems supported by <ph name="PRODUCT_NAME" />, but is not trusted by the Android Open Source Project or <ph name="PRODUCT_OS_NAME" />.
A subjectPublicKeyInfo hash is specified by concatenating the hash algorithm name, the '/' character and the Base64 encoding of that hash algorithm applied to the DER-encoded subjectPublicKeyInfo of the specified certificate. This Base64 encoding is the same format as an SPKI Fingerprint, as defined in RFC 7469, Section 2.4. Unrecognised hash algorithms are ignored. The only supported hash algorithm at this time is 'sha256'.
If this policy is not set, any certificate that is required to be disclosed via Certificate Transparency will be treated as untrusted if it is not disclosed according to the Certificate Transparency policy.</translation>
<translation id="3765260570442823273">Duration of the idle log-out warning message</translation>
<translation id="377044054160169374">Abusive Experience Intervention Enforce</translation>
<translation id="3780152581321609624">Include non-standard port in Kerberos SPN</translation>
<translation id="3780319008680229708">If this policy is set to true, the Cast toolbar icon will always be shown on the toolbar or the overflow menu and users will not be able to remove it.
If this policy is set to false or is not set, users will be able to pin or remove the icon via its contextual menu.
If the policy "EnableMediaRouter" is set to false, then this policy's value would have no effect and the toolbar icon would not be shown.</translation>
<translation id="3788662722837364290">Power management settings when the user becomes idle</translation>
<translation id="3790085888761753785">If this setting is enabled, users will be allowed to sign into their account with Smart Lock. This is more permissive than usual Smart Lock behaviour which only allows users to unlock their screen.
If this setting is disabled, users will not be allowed to use Smart Lock Sign-in.
If this policy is left not set, the default is not allowed for enterprise-managed users and allowed for non-managed users.</translation>
<translation id="379602782757302612">Allows you to specify which extensions the users can NOT install. Extensions already installed will be disabled if blacklisted, without a way for the user to enable them. Once a disabled, blacklisted extension is removed, it will automatically get re-enabled.
A blacklist value of '*' means all extensions are blacklisted unless they are explicitly listed in the whitelist.
If this policy is left 'not set' the user can install any extension in <ph name="PRODUCT_NAME" />.</translation>
<translation id="3800626789999016379">Configures the directory that <ph name="PRODUCT_NAME" /> will use for downloading files.
If you set this policy, <ph name="PRODUCT_NAME" /> will use the provided directory regardless of whether the user has specified one or enabled the flag to be prompted for download location every time.
See https://www.chromium.org/administrators/policy-list-3/user-data-directory-variables for a list of variables that can be used.
If this policy is left not set the default download directory will be used and the user will be able to change it.</translation>
<translation id="3805659594028420438">Enable TLS domain-bound certificates extension (deprecated)</translation>
<translation id="3808945828600697669">Specify a list of disabled plug-ins</translation>
<translation id="3811562426301733860">Allow ads on all sites</translation>
<translation id="3816312845600780067">Enable bailout keyboard shortcut for auto-login</translation>
<translation id="3820526221169548563">Enable the on-screen keyboard accessibility feature.
If this policy is set to true, the on-screen keyboard will always be enabled.
If this policy is set to false, the on-screen keyboard will always be disabled.
If you set this policy, users cannot change or override it.
If this policy is left unset, the on-screen keyboard is disabled initially but can be enabled by the user at any time.</translation>
<translation id="382476126209906314">Configure the TalkGadget prefix for remote access hosts</translation>
<translation id="3824972131618513497">Controls settings related to power management and rebooting.</translation>
<translation id="3826475866868158882">Google location services enabled</translation>
<translation id="3831054243924627613">This policy controls the initial state of Android backup and restore.
When this policy is not configured or set to <ph name="BR_DISABLED" />, Android backup and restore is initially disabled.
When this policy is set to <ph name="BR_ENABLED" />, Android backup and restore is initially enabled.
When this policy is set to <ph name="BR_UNDER_USER_CONTROL" />, the user is asked to choose whether to use Android backup and restore. If the user enables backup and restore, Android app data is uploaded to Android backup servers and restored from them upon app re-installations for compatible apps.
Note that this policy controls the state of Android backup and restore during initial setup only. The user can open Android settings afterwards and turn Android backup and restore on/off.</translation>
<translation id="3831376478177535007">When this setting is enabled, <ph name="PRODUCT_NAME" /> allows certificates issued by Symantec Corporation's Legacy PKI operations to be trusted if they otherwise successfully validate and chain to a recognised CA certificate.
Note that this policy depends on the operating system still recognising certificates from Symantec's legacy infrastructure. If an OS update changes the OS handling of such certificates, this policy no longer has effect. Further, this policy is intended as a temporary workaround to give enterprises more time to transition away from legacy Symantec certificates. This policy will be removed on or around 1 January 2019.
If this policy is not set, or it is set to false, then <ph name="PRODUCT_NAME" /> follows the publicly announced deprecation schedule.
See https://g.co/chrome/symantecpkicerts for more details on this deprecation.</translation>
<translation id="383466854578875212">Allows you to specify which native messaging hosts are not subject to the blacklist.
A blacklist value of * means that all native messaging hosts are blacklisted and only native messaging hosts listed in the whitelist will be loaded.
By default, all native messaging hosts are whitelisted, but if all native messaging hosts have been blacklisted by policy, the whitelist can be used to override that policy.</translation>
<translation id="3835692988507803626">Force disable spellcheck languages</translation>
<translation id="3837424079837455272">This policy controls whether new users can be added to <ph name="PRODUCT_OS_NAME" />. It does not prevent users from signing in to additional Google accounts within Android. If you want to prevent this, configure the Android-specific <ph name="ACCOUNT_TYPES_WITH_MANAGEMENT_DISABLED_CLOUDDPC_POLICY_NAME" /> policy as part of <ph name="ARC_POLICY_POLICY_NAME" />.</translation>
<translation id="384743459174066962">Allows you to set a list of url patterns that specify sites which are not allowed to open pop-ups.
If this policy is left unset, the global default value will be used for all sites either from the 'DefaultPop-upsSetting' policy, if it is set, or the user's personal configuration otherwise.</translation>
<translation id="3851039766298741586">Report information about the active kiosk session, such as
application ID and version.
If the policy is set to false, the kiosk session information will not be
reported. If set to true or left unset, kiosk session information will be
reported.</translation>
<translation id="3858658082795336534">Default printing duplex mode</translation>
<translation id="3859780406608282662">Add a parameter to the fetching of the Variations seed in <ph name="PRODUCT_OS_NAME" />.
If specified, will add a query parameter called 'restrict' to the URL used to fetch the Variations seed. The value of the parameter will be the value specified in this policy.
If not specified, will not modify the Variations seed URL.</translation>
<translation id="3863409707075047163">Minimum SSL version enabled</translation>
<translation id="3864020628639910082">Specifies the URL of the search engine used to provide search suggestions. The URL should contain the string '<ph name="SEARCH_TERM_MARKER" />', which will be replaced at query time by the text the user has entered so far.
This policy is optional. If not set, no suggest URL will be used.
Google's suggest URL can be specified as: <ph name="GOOGLE_SUGGEST_SEARCH_URL" />.
This policy is only respected if the 'DefaultSearchProviderEnabled' policy is enabled.</translation>
<translation id="3864129983143201415">Configure the allowed languages in a user session</translation>
<translation id="3866249974567520381">Description</translation>
<translation id="3868347814555911633">This policy is active in retail mode only.
Lists extensions that are automatically installed for the Demo user, for devices in retail mode. These extensions are saved in the device and can be installed while offline, after the installation.
Each list entry contains a dictionary that must include the extension ID in the 'extension-id' field, and its update URL in the 'update-url' field.</translation>
<translation id="3874773863217952418">Enable Tap to Search</translation>
<translation id="3877517141460819966">Integrated second factor authentication mode</translation>
<translation id="3879208481373875102">Configure list of force-installed web apps</translation>
<translation id="388237772682176890">This policy is deprecated in M53 and removed in M54, because SPDY/3.1 support is removed.
Disables use of the SPDY protocol in <ph name="PRODUCT_NAME" />.
If this policy is enabled the SPDY protocol will not be available in <ph name="PRODUCT_NAME" />.
Setting this policy to disabled will allow the usage of SPDY.
If this policy is left unset, SPDY will be available.</translation>
<translation id="3891357445869647828">Enable JavaScript</translation>
<translation id="3895557476567727016">Configures the default directory that <ph name="PRODUCT_NAME" /> will use for downloading files.
If you set this policy, it will change the default directory that <ph name="PRODUCT_NAME" /> downloads files to. This policy is not mandatory, so the user will be able to change the directory.
If you do not set this policy, <ph name="PRODUCT_NAME" /> will use its usual default directory (platform-specific).
See https://www.chromium.org/administrators/policy-list-3/user-data-directory-variables for a list of variables that can be used.</translation>
<translation id="3911737181201537215">This policy has no effect on the logging done by Android.</translation>
<translation id="391531815696899618">Disables Google Drive syncing in the <ph name="PRODUCT_OS_NAME" /> Files app when set to True. In that case, no data is uploaded to Google Drive.
If not set or set to False, then users will be able to transfer files to Google Drive.</translation>
<translation id="3915395663995367577">URL to a proxy .pac file</translation>
<translation id="3920892052017026701">Set battery charge custom start charging in per cent.
Battery starts charging when it depletes the battery charge custom start charging value.
DeviceBatteryChargeCustomStartCharging must be less than DeviceBatteryChargeCustomStopCharging.
This policy is only used if DeviceBatteryChargeMode is set to custom.
If this policy is not configured or left unset, the standard battery charge mode will be applied.</translation>
<translation id="3925377537407648234">Set display resolution and scale factor</translation>
<translation id="3939893074578116847">Send network packets to the management server to monitor online status, to allow
the server to detect if the device is offline.
If this policy is set to true, monitoring network packets (so-called <ph name="HEARTBEATS_TERM" />) will be sent.
If set to false or unset, no packets will be sent.</translation>
<translation id="3950239119790560549">Update Time Restrictions</translation>
<translation id="3956686688560604829">Use Internet Explorer's SiteList policy for Legacy Browser Support.</translation>
<translation id="3958586912393694012">Allow Smart Lock to be used</translation>
<translation id="3963602271515417124">If true, remote attestation is allowed for the device and a certificate will automatically be generated and uploaded to the Device Management Server.
If it is set to false, or if it is not set, no certificate will be generated and calls to the enterprise.platformKeys extension API will fail.</translation>
<translation id="3964262920683972987">Configure device-level wallpaper image that is shown on the login screen if no user has yet signed in to the device. The policy is set by specifying the URL from which the Chrome OS device can download the wallpaper image and a cryptographic hash used to verify the integrity of the download. The image must be in JPEG format and its file size must not exceed 16 MB. The URL must be accessible without any authentication. The wallpaper image is downloaded and cached. It will be re-downloaded whenever the URL or the hash changes.
If the device wallpaper policy is set, the Chrome OS device will download and use the wallpaper image on the login screen if no user has yet signed in to the device. Once the user logs in, the user's wallpaper policy kicks in.
If the device wallpaper policy is left not set, it's the user's wallpaper policy to decide what to show if the user's wallpaper policy is set.</translation>
<translation id="3965339130942650562">Timeout until idle user log-out is executed</translation>
<translation id="3973371701361892765">Never auto-hide the shelf</translation>
<translation id="3984028218719007910">Determines whether <ph name="PRODUCT_OS_NAME" /> keeps local account data after logout. If set to true, no persistent accounts are kept by <ph name="PRODUCT_OS_NAME" /> and all data from the user session will be discarded after logout. If this policy is set to false or not configured, the device may keep (encrypted) local user data.</translation>
<translation id="398475542699441679">This policy controls whether to enable Legacy Browser Support.
When this policy is left unset, or is set to false, Chrome will not attempt to launch designated URLs in an alternative browser.
When this policy is set to true, Chrome will attempt to launch some URLs in an alternative browser (such as Internet Explorer). This feature is configured using the policies in the <ph name="LEGACY_BROWSER_SUPPORT_POLICY_GROUP" /> group.
This feature is a replacement for the <ph name="LEGACY_BROWSER_SUPPORT_EXTENSION_NAME" /> extension. Configuration from the extension will carry over to this feature, but it is strongly advisable to use the Chrome policies instead. This ensures better compatibility in the future.</translation>
<translation id="3997519162482760140">URLs that will be granted access to video capture devices on SAML login pages</translation>
<translation id="4001275826058808087">IT admins for enterprise devices can use this flag to control whether to allow users to redeem offers through Chrome OS Registration.
If this policy is set to true or left not set, users will be able to redeem offers through Chrome OS Registration.
If this policy is set to false, user will not be able to redeem offers.</translation>
<translation id="4008233182078913897">Specifies a list of apps and extensions that are installed silently,
without user interaction, and which cannot be uninstalled nor
disabled by the user. All permissions requested by the
apps/extensions are granted implicitly, without user interaction,
including any additional permissions requested by future versions of
the app/extension. Furthermore, permissions are granted for the
enterprise.deviceAttributes and enterprise.platformKeys extension
APIs. (These two APIs are not available to apps/extensions that are
not force-installed.)
This policy takes precedence over a potentially conflicting <ph name="EXTENSION_INSTALL_BLACKLIST_POLICY_NAME" /> policy. If an app or extension that previously had been force-installed is removed from this list, it is automatically uninstalled by <ph name="PRODUCT_NAME" />.
For Windows, instances that are not joined to a <ph name="MS_AD_NAME" /> domain, forced installation is limited to apps and extensions listed in the Chrome Web Store.
Note that the source code of any extension may be altered by users via Developer Tools (potentially rendering the extension dysfunctional). If this is a concern, the <ph name="DEVELOPER_TOOLS_POLICY_NAME" /> policy should be set.
Each list item of the policy is a string that contains an extension ID and, optionally, an 'update' URL separated by a semicolon (<ph name="SEMICOLON" />). The extension ID is the 32-letter string found e.g. on <ph name="CHROME_EXTENSIONS_LINK" /> when in developer mode. The 'update' URL, if specified, should point to an Update Manifest XML document as described at <ph name="LINK_TO_EXTENSION_DOC1" />. By default, the Chrome Web Store's update URL is used (which currently is "https://clients2.google.com/service/update2/crx"). Note that the 'update' URL set in this policy is only used for the initial installation; subsequent updates of the extension employ the update URL indicated in the extension's manifest. Note: Specifying the 'update' URL explicitly was mandatory in <ph name="PRODUCT_NAME" /> versions up to and including 67.
For example, <ph name="EXTENSION_POLICY_EXAMPLE" /> installs the extension with ID <ph name="EXTENSION_ID_SAMPLE" /> from the standard Chrome Web Store 'update' URL. For more information about hosting extensions, see: <ph name="LINK_TO_EXTENSION_DOC2" />.
If this policy is left not set, no apps or extensions are installed automatically and the user can uninstall any app or extension in <ph name="PRODUCT_NAME" />.
Note that this policy doesn't apply to incognito mode.</translation>
<translation id="4008507541867797979">If this policy is set to true or not configured, <ph name="PRODUCT_OS_NAME" /> will show existing users on the login screen and allow to pick one.
If this policy is set to false, <ph name="PRODUCT_OS_NAME" /> will not show existing users on the login screen. The normal sign-in screen (prompting for the user email and password or phone) or the SAML interstitial screen (if enabled via the <ph name="LOGIN_AUTHENTICATION_BEHAVIOR_POLICY_NAME" /> policy) will be shown, unless a Managed Session is configured. When a Managed Session is configured, only the Managed Session accounts will be shown, allowing to pick one of them.
Note that this policy does not affect whether the device keeps or discards the local user data.</translation>
<translation id="4010738624545340900">Allow invocation of file selection dialogues</translation>
<translation id="4012737788880122133">Disables automatic updates when set to True.
<ph name="PRODUCT_OS_NAME" /> devices automatically check for updates when this setting is not configured or set to False.
Warning: It is recommended to keep auto-updates enabled so that users receive software updates and critical security fixes. Turning off auto-updates might leave users at risk.</translation>
<translation id="4020682745012723568">Cookies transferred to the user's profile are not accessible to Android apps.</translation>
<translation id="402759845255257575">Do not allow any site to run JavaScript</translation>
<translation id="4027608872760987929">Enable the default search provider</translation>
<translation id="4039085364173654945">Controls whether third-party sub-content on a page is allowed to pop up an HTTP Basic Auth dialogue box.
Typically this is disabled as a phishing defence. If this policy is not set, this is disabled and third-party sub-content will not be allowed to pop up a HTTP Basic Auth dialogue box.</translation>
<translation id="4056910949759281379">Disable SPDY protocol</translation>
<translation id="408029843066770167">Allow queries to a Google time service</translation>
<translation id="408076456549153854">Enable browser sign-in</translation>
<translation id="40853027210512570">Overrides <ph name="PRODUCT_NAME" /> default printer selection rules.
This policy determines the rules for selecting the default printer in <ph name="PRODUCT_NAME" /> which happens the first time that the print function is used with a profile.
When this policy is set, <ph name="PRODUCT_NAME" /> will attempt to find a printer matching all of the specified attributes, and select it as default printer. The first printer found matching the policy is selected; in case of non-unique match any matching printer can be selected, depending on the order printers are discovered.
If this policy is not set or matching printer is not found within the timeout, the printer defaults to built-in PDF printer or no printer selected, when PDF printer is not available.
Printers connected to <ph name="CLOUD_PRINT_NAME" /> are considered <ph name="PRINTER_TYPE_CLOUD" />; the rest of the printers are classified as <ph name="PRINTER_TYPE_LOCAL" />.
Omitting a field means all values match, for example, not specifying connectivity will cause Print Preview to initiate the discovery of all kinds of printers, local and cloud.
Regular expression patterns must follow the JavaScript RegExp syntax and matches are case sensitive.</translation>
<translation id="4088589230932595924">Incognito mode forced.</translation>
<translation id="4088983553732356374">Allows you to set whether websites are allowed to set local data. Setting local data can be either allowed for all websites or denied for all websites.
If this policy is set to 'Keep cookies for the duration of the session' then cookies will be cleared when the session closes. Note that if <ph name="PRODUCT_NAME" /> is running in 'background mode', the session may not close when the last window is closed. Please see the 'BackgroundModeEnabled' policy for more information about configuring this behaviour.
If this policy is left not set, 'AllowCookies' will be used and the user will be able to change it.</translation>
<translation id="4103289232974211388">Redirect to SAML IdP after user confirmation</translation>
<translation id="410478022164847452">Specifies the length of time without user input after which the idle action is taken when running on AC power.
When this policy is set, it specifies the length of time that the user must remain idle before <ph name="PRODUCT_OS_NAME" /> takes the idle action, which can be configured separately.
When this policy is unset, a default length of time is used.
The policy value should be specified in milliseconds.</translation>
<translation id="4105884561459127998">Configures the type of authentication for SAML logins.
When this policy is unset or set to Default (value 0), the behaviour of SAML logins is determined by the browser depending on other factors. In the most basic scenario, the user authentication and the protection of the cached user data are based on passwords manually entered by users.
When this policy is set to ClientCertificate (value 1), client certificate authentication is used for newly added users which log in via SAML. No passwords are used for such users, and their cached local data is protected using corresponding cryptographic keys. For instance, this setting allows configuring smart card-based user authentication (note that smart card middleware apps have to be installed via the DeviceLoginScreenExtensions policy).
This policy affects only users who authenticate using SAML.</translation>
<translation id="4105989332710272578">Disable Certificate Transparency enforcement for a list of URLs</translation>
<translation id="4121350739760194865">Prevent app promotions from appearing on the new tab page</translation>
<translation id="412697421478384751">Enable users to set weak PINs for the lock screen PIN</translation>
<translation id="4138655880188755661">Time Limit</translation>
<translation id="4144164749344898721">This policy controls multiple settings for the power management strategy when the user becomes idle.
There are four types of action:
* The screen will be dimmed if the user remains idle for the time specified by |ScreenDim|.
* The screen will be turned off if the user remains idle for the time specified by |ScreenOff|.
* A warning dialogue will be shown if the user remains idle for the time specified by |IdleWarning|, telling the user that the idle action is about to be taken. The warning message is only shown if the idle action is to log out or shut down.
* The action specified by |IdleAction| will be taken if the user remains idle for the time specified by |Idle|.
For each of above actions, the delay should be specified in milliseconds, and needs to be set to a value greater than zero to trigger the corresponding action. In case the delay is set to zero, <ph name="PRODUCT_OS_NAME" /> will not take the corresponding action.
For each of the above delays, when the length of time is unset, a default value will be used.
Note that |ScreenDim| values will be clamped to be less than or equal to |ScreenOff|, |ScreenOff| and |IdleWarning| will be clamped to be less than or equal to |Idle|.
|IdleAction| can be one of four possible actions:
* |Suspend|
* |Logout|
* |Shutdown|
* |DoNothing|
When the |IdleAction| is unset, the default action is taken, which is suspend.
There are also separate settings for AC power and battery.
</translation>
<translation id="4150201353443180367">Display</translation>
<translation id="4157003184375321727">Report OS and firmware version</translation>
<translation id="4157594634940419685">Allow access to native CUPS printers</translation>
<translation id="4160962198980004898">Device MAC address source when docked</translation>
<translation id="4163705126749612234">Configures the required client domain names that will be imposed on remote access clients and prevents users from changing it.
If this setting is enabled, then only clients from one of the specified domains can connect to the host.
If this setting is disabled or not set, then the default policy for the connection type is applied. For remote assistance, this allows clients from any domain to connect to the host; for anytime remote access, only the host owner can connect.
This setting will override RemoteAccessHostClientDomain, if present.
See also RemoteAccessHostDomainList.</translation>
<translation id="4164601239783385546">Enable the sticky keys accessibility feature.
If this policy is set to true, the sticky keys will always be enabled.
If this policy is set to false, the sticky keys will always be disabled.
If you set this policy, users cannot change or override it.
If this policy is left unset, the sticky keys is disabled initially but can be enabled by the user at any time.</translation>
<translation id="4171331498167688968">If the policy is set to false then third-party software will be allowed to inject executable code into Chrome's processes. If the policy is unset or set to true then third-party software will be prevented from injecting executable code into Chrome's processes.
Regardless of the value of this policy, the browser will not currently block third-party software from injecting executable code into its processes on a machine that is joined to a <ph name="MS_AD_NAME" /> domain.</translation>
<translation id="4183229833636799228">Default <ph name="FLASH_PLUGIN_NAME" /> setting</translation>
<translation id="4192388905594723944">URL for validating remote access client authentication token</translation>
<translation id="4203389617541558220">Limit the device uptime by scheduling automatic reboots.
When this policy is set, it specifies the length of device uptime after which an automatic reboot is scheduled.
When this policy is not set, the device uptime is not limited.
If you set this policy, users cannot change or override it.
An automatic reboot is scheduled at the selected time but may be delayed on the device by up to 24 hours if a user is currently using the device.
Note: Currently, automatic reboots are only enabled while the login screen is being shown or a Kiosk app session is in progress. This will change in the future and the policy will always apply, regardless of whether a session of any particular type is in progress or not.
The policy value should be specified in seconds. Values are clamped to be at least 3600 (one hour).</translation>
<translation id="4203879074082863035">Only printers in the whitelist are shown to users</translation>
<translation id="420512303455129789">A dictionary mapping URLs to a boolean flag specifying whether access to the host should be allowed (true) or blocked (false).
This policy is for internal use by <ph name="PRODUCT_NAME" /> itself.</translation>
<translation id="4224610387358583899">Screen lock delays</translation>
<translation id="423797045246308574">Allows you to set a list of URL patterns that specify sites which are not allowed to use key generation. If a URL pattern is in 'KeygenAllowedForUrls', this policy overrides these exceptions.
If this policy is left not set the global default value will be used for all sites either from the 'DefaultKeygenSetting' policy if it is set or the user's personal configuration otherwise.</translation>
<translation id="4238997902172035160">Configures the directory that <ph name="PRODUCT_NAME" /> will use for storing the roaming copy of the profiles.
If you set this policy, <ph name="PRODUCT_NAME" /> will use the provided directory to store the roaming copy of the profiles if the <ph name="ROAMING_PROFILE_SUPPORT_ENABLED_POLICY_NAME" /> policy has been enabled. If the <ph name="ROAMING_PROFILE_SUPPORT_ENABLED_POLICY_NAME" /> policy is disabled or left unset, the value stored in this policy is not used.
See https://www.chromium.org/administrators/policy-list-3/user-data-directory-variables for a list of variables that can be used.
If this policy is left not set, the default roaming profile path will be used.</translation>
<translation id="4239720644496144453">The cache is not used for Android apps. If multiple users install the same Android app, it will be downloaded anew for each user.</translation>
<translation id="4243336580717651045">Enable URL-keyed anonymised data collection in <ph name="PRODUCT_NAME" /> and prevents users from changing this setting.
URL-keyed anonymised data collection sends URLs of pages that the user visits to Google to make searches and browsing better.
If you enable this policy, URL-keyed anonymised data collection is always active.
If you disable this policy, URL-keyed anonymised data collection is never active.
If this policy is left not set, URL-keyed anonymised data collection will be enabled but the user will be able to change it.</translation>
<translation id="4250680216510889253">No</translation>
<translation id="4261820385751181068">Device sign-in screen locale</translation>
<translation id="427220754384423013">Specifies the printers which a user can use.
This policy is only used if <ph name="PRINTERS_WHITELIST" /> is chosen for <ph name="BULK_PRINTERS_ACCESS_MODE" />.
If this policy is used, only the printers with ids matching the values in this policy are available to the user. The ids must correspond to the 'id' or 'guid' fields in the file specified in <ph name="BULK_PRINTERS_POLICY" />.
</translation>
<translation id="427632463972968153">Specifies the parameters used when doing image search with POST. It consists of comma-separated name/value pairs. If a value is a template parameter, like {imageThumbnail} in above example, it will be replaced with real image thumbnail data.
This policy is optional. If not set, image search request will be sent using the GET method.
This policy is only respected if the 'DefaultSearchProviderEnabled' policy is enabled.</translation>
<translation id="4285674129118156176">Allow unaffiliated users to use ARC</translation>
<translation id="4289903996435140853">Allows you to set a list of URLs that specify which sites will automatically be granted permission to access a USB device with the given vendor and product IDs. Each item in the list must contain both devices and URLs in order for the policy to be valid. Each item in devices can contain a vendor ID and product ID field. Any ID that is omitted is treated as a wildcard with one exception, and that exception is that a product ID cannot be specified without a vendor ID also being specified. Otherwise, the policy will not be valid and will be ignored.
The USB permission model uses the URL of the requesting site ('requesting URL') and the URL of the top-level frame site ('embedding URL') to grant permission to the requesting URL to access the USB device. The requesting URL may be different from the embedding URL when the requesting site is loaded in an iframe. Therefore, the 'URLs' field can contain up to two URL strings delimited by a comma to specify the requesting and embedding URL respectively. If only one URL is specified, then access to the corresponding USB devices will be granted when the requesting site's URL matches this URL regardless of embedding status. The URLs in 'URLs' must be valid URLs, otherwise the policy will be ignored.
If this policy is left not set, the global default value will be used for all sites either from the 'DefaultWebUsbGuardSetting' policy if it is set, or the user's personal configuration otherwise.
URL patterns in this policy should not clash with the ones configured via WebUsbBlockedForUrls. If there is a clash, this policy will take precedence over WebUsbBlockedForUrls and WebUsbAskForUrls.
Values for this policy and the WebUsbAllowDevicesForUrls policy are merged together.</translation>
<translation id="4298509794364745131">Specifies list of apps that can be enabled as a note-taking app on the <ph name="PRODUCT_OS_NAME" /> lock screen.
If the preferred note-taking app is enabled on the lock screen, the lock screen will contain UI element for launching the preferred note taking app.
When launched, the app will be able to create an app window on top of the lock screen and create data items (notes) in the lock screen context. The app will be able to import created notes to the primary user session, when the session is unlocked. Currently, only Chrome note-taking apps are supported on the lock screen.
If the policy is set, the user will be allowed to enable an app on the lock screen only if the app's extension ID is contained in the policy list value.
As a consequence, setting this policy to an empty list will disable note-taking on the lock screen entirely.
Note that the policy containing an app ID does not necessarily mean that the user will be able to enable the app as a note-taking app on the lock screen - for example, on Chrome 61, the set of available apps is additionally restricted by the platform.
If the policy is left unset, there will be no restrictions on the set of apps the user can enable on the lock screen imposed by the policy.</translation>
<translation id="4313767483634435271">Device's designated dock MAC address</translation>
<translation id="4322842393287974810">Allow the auto launched with zero delay kiosk app to control <ph name="PRODUCT_OS_NAME" /> version</translation>
<translation id="4325690621216251241">Add a logout button to the system tray</translation>
<translation id="4332177773549877617">Log events for Android app installs</translation>
<translation id="4335292026668105285">Specifies the length of time without user input after which a warning dialogue is shown when running on AC power.
When this policy is set, it specifies the length of time that the user must remain idle before <ph name="PRODUCT_OS_NAME" /> shows a warning dialogue telling the user that the idle action is about to be taken.
When this policy is unset, no warning dialogue is shown.
The policy value should be specified in milliseconds. Values are clamped to be less than or equal to the idle delay.
The warning message is only shown if the idle action is to log out or shut down.</translation>
<translation id="4346674324214534449">Allows you to set whether ads should be blocked on sites with intrusive ads.
If this policy is set to 2, ads will be blocked on sites with intrusive ads.
However, this behaviour will not trigger if SafeBrowsingEnabled policy is set to False.
If this policy is set to 1, ads will not be blocked on sites with intrusive ads.
If this policy is left not set, 2 will be used.</translation>
<translation id="4347908978527632940">If true and the user is a supervised user, then other Android apps can query the user's web restrictions through a content provider.
If false or unset, then the content provider returns no information.</translation>
<translation id="435461861920493948">Contains a list of patterns which are used to control the visiblity of accounts in <ph name="PRODUCT_NAME" />.
Each Google Account on the device will be compared to patterns stored in this policy to determine the account visibility in <ph name="PRODUCT_NAME" />. The account will be visible if its name matches any pattern on the list. Otherwise, the account will be hidden.
Use the wildcard character '*' to match zero or more arbitrary characters. The escape character is '\', so to match actual '*' or '\' characters, put a '\' in front of them.
If this policy is not set, all Google Accounts on the device will be visible in <ph name="PRODUCT_NAME" />.</translation>
<translation id="4360826270668210664">If this policy is set, the remote access host will require authenticating clients to obtain an authentication token from this URL in order to connect. Must be used in conjunction with RemoteAccessHostTokenValidationUrl.
This feature is currently disabled server-side.</translation>
<translation id="4363057787588706121">Allow merging list policies from different sources</translation>
<translation id="436581050240847513">Report device network interfaces</translation>
<translation id="4372704773119750918">Do not allow enterprise user to be part of multiprofile (primary or secondary)</translation>
<translation id="4377599627073874279">Allow all sites to show all images</translation>
<translation id="437791893267799639">Policy unset, disallow data migration and ARC</translation>
<translation id="4389073105055031853">Allow users to manage all certificates</translation>
<translation id="4389091865841123886">Configure the remote attestation with TPM mechanism.</translation>
<translation id="4408428864159735559">List of pre-configured network file shares.</translation>
<translation id="4410236409016356088">Enable throttling network bandwidth</translation>
<translation id="441217499641439905">Disable Google Drive over mobile connections in the <ph name="PRODUCT_OS_NAME" /> Files app</translation>
<translation id="4415603335307944578">If this policy is set to true or not configured, the browser will re-show the welcome page on the first launch following an OS upgrade.
If this policy is set to false, the browser will not re-show the welcome page on the first launch following an OS upgrade.</translation>
<translation id="4418726081189202489">Setting this policy to false stops <ph name="PRODUCT_NAME" /> from occasionally sending queries to a Google server to retrieve an accurate timestamp. These queries will be enabled if this policy is set to True or is not set.</translation>
<translation id="4423597592074154136">Manually specify proxy settings</translation>
<translation id="4429220551923452215">Enables or disables the apps shortcut in the bookmark bar.
If this policy is not set then the user can choose to show or hide the apps shortcut from the bookmark bar context menu.
If this policy is configured then the user can't change it, and the apps shortcut is always shown or never shown.</translation>
<translation id="4432762137771104529">Enable Safe Browsing Extended Reporting</translation>
<translation id="443454694385851356">Legacy (insecure)</translation>
<translation id="443665821428652897">Clear site data on browser shutdown (deprecated)</translation>
<translation id="4439132805807595336">Enable this device to run PluginVm.
If the policy is set to false or left unset, <ph name="PLUGIN_VM_NAME" /> is not enabled for the device. If set to true, <ph name="PLUGIN_VM_NAME" /> is enabled for the device as long as other settings also allow it. <ph name="PLUGIN_VM_ALLOWED_POLICY_NAME" /> needs to be true, <ph name="PLUGIN_VM_LICENSE_KEY_POLICY_NAME" /> and <ph name="PLUGIN_VM_IMAGE_POLICY_NAME" /> need to be set for <ph name="PLUGIN_VM_NAME" /> to be allowed to run.</translation>
<translation id="4439336120285389675">Specify a list of deprecated web platform features to re-enable temporarily.
This policy gives administrators the ability to re-enable deprecated web platform features for a limited time. Features are identified by a string tag and the features corresponding to the tags included in the list specified by this policy will get re-enabled.
If this policy is left not set or the list is empty or does not match one of the supported string tags, all deprecated web platform features will remain disabled.
While the policy itself is supported on the above platforms, the feature that it is enabling may be available on fewer platforms. Not all deprecated Web Platform features can be re-enabled. Only the ones explicitly listed below can be for a limited period of time, which is different per feature. The general format of the string tag will be [DeprecatedFeatureName]_EffectiveUntil[yyyymmdd]. As reference, you can find the intent behind the Web Platform feature changes at https://bit.ly/blinkintents.
</translation>
<translation id="4442582539341804154">Enable lock when the device become idle or suspended</translation>
<translation id="4449469846627734399">Set power peak shift day config</translation>
<translation id="4449545651113180484">Rotate screen clockwise by 270 degrees</translation>
<translation id="445270821089253489">Controls what kind of user and device information is reported.</translation>
<translation id="4454820008017317557">Show the <ph name="PRODUCT_NAME" /> toolbar icon</translation>
<translation id="4467952432486360968">Block third-party cookies</translation>
<translation id="4474167089968829729">Enable saving passwords to the password manager</translation>
<translation id="4476769083125004742">If this policy is set to <ph name="BLOCK_GEOLOCATION_SETTING" />, Android apps cannot access location information. If you set this policy to any other value or leave it unset, the user is asked to consent when an Android app wants to access location information.</translation>
<translation id="4480694116501920047">Force SafeSearch</translation>
<translation id="4482640907922304445">Shows the Home button on <ph name="PRODUCT_NAME" />'s toolbar.
If you enable this setting, the Home button is always shown.
If you disable this setting, the Home button is never shown.
If you enable or disable this setting, users cannot change or override this setting in <ph name="PRODUCT_NAME" />.
Leaving this policy unset will allow the user to choose whether to show the home button.</translation>
<translation id="4483649828988077221">Disable Auto Update</translation>
<translation id="4485425108474077672">Configure the New Tab page URL</translation>
<translation id="4492287494009043413">Disable taking screenshots</translation>
<translation id="4494132853995232608">Wilco DTC</translation>
<translation id="449423975179525290">Configure <ph name="PLUGIN_VM_NAME" />-related policies.</translation>
<translation id="450537894712826981">Configures the cache size that <ph name="PRODUCT_NAME" /> will use for storing cached media files on the disk.
If you set this policy, <ph name="PRODUCT_NAME" /> will use the provided cache size regardless of whether the user has specified the '--media-cache-size' flag or not. The value specified in this policy is not a hard boundary but rather a suggestion to the caching system, any value below a few megabytes is too small and will be rounded up to a sane minimum.
If the value of this policy is 0, the default cache size will be used but the user will not be able to change it.
If this policy is not set, the default size will be used and the user will be able to override it with the --media-cache-size flag.</translation>
<translation id="4508686775017063528">If this policy is set to true or is not set, <ph name="PRODUCT_NAME" /> will be enabled, and users will be able to launch it from the app menu, page context menus, media controls on Cast-enabled websites and (if shown), the cast toolbar icon.
If this policy set to false, <ph name="PRODUCT_NAME" /> will be disabled.</translation>
<translation id="4515404363392014383">Enable Safe Browsing for trusted sources</translation>
<translation id="4518251772179446575">Ask whenever a site wants to track the users' physical location</translation>
<translation id="4519046672992331730">Enables search suggestions in <ph name="PRODUCT_NAME" />'s omnibox and prevents users from changing this setting.
If you enable this setting, search suggestions are used.
If you disable this setting, search suggestions are never used.
If you enable or disable this setting, users cannot change or override this setting in <ph name="PRODUCT_NAME" />.
If this policy is left not set, this will be enabled but the user will be able to change it.</translation>
<translation id="4531706050939927436">Android apps can be force-installed from the Google Admin console using Google Play. They do not use this policy.</translation>
<translation id="4534500438517478692">Android restriction name:</translation>
<translation id="4541530620466526913">Device-local accounts</translation>
<translation id="4543502256674577024">Device update settings</translation>
<translation id="4554651132977135445">User policy loopback processing mode</translation>
<translation id="4554841826517980623">This policy controls whether the Network File Shares feature for <ph name="PRODUCT_NAME" /> should use the <ph name="NETBIOS_PROTOCOL" /> to discover shares on the network.
When this policy is set to True, share discovery will use the <ph name="NETBIOS_PROTOCOL" /> protocol to discover shares on the network.
When this policy is set to False, share discovery will not use the <ph name="NETBIOS_PROTOCOL" /> protocol to discover shares.
If the policy is left not set, the default is disabled for enterprise-managed users and enabled for non-managed users.</translation>
<translation id="4555850956567117258">Enable remote attestation for the user</translation>
<translation id="4557134566541205630">Default search provider new tab page URL</translation>
<translation id="4567137030726189378">Allow usage of the Developer Tools</translation>
<translation id="4578265298946081589">Do not reboot on user sign-out.</translation>
<translation id="4578912515887794133">If this setting is enabled, then the remote access host compares the name of the local user (that the host is associated with) and the name of the Google Account registered as the host owner (i.e. 'johndoe' if the host is owned by 'johndoe@example.com'Google Account). The remote access host will not start if the name of the host owner is different from the name of the local user that the host is associated with. RemoteAccessHostMatchUsername policy should be used together with RemoteAccessHostDomain to also enforce that the Google Account of the host owner is associated with a specific domain (i.e. 'example.com').
If this setting is disabled or not set, then the remote access host can be associated with any local user.</translation>
<translation id="4591366717022345234">Provide users with Quick Fix Build</translation>
<translation id="4600786265870346112">Enable large cursor</translation>
<translation id="4604931264910482931">Configure native messaging blacklist</translation>
<translation id="4617338332148204752">Skip the meta tag check in <ph name="PRODUCT_FRAME_NAME" /></translation>
<translation id="4625915093043961294">Configure extension installation whitelist</translation>
<translation id="4632343302005518762">Allow <ph name="PRODUCT_FRAME_NAME" /> to handle the listed content types</translation>
<translation id="4632566332417930481">Disallow usage of the Developer Tools on extensions installed by enterprise policy; allow usage of the Developer Tools in other contexts</translation>
<translation id="4633786464238689684">Changes the default behaviour of the top row keys to function keys.
If this policy is set to true, the keyboard's top row of keys will produce function key commands by default. The search key has to be pressed to revert their behaviour back to media keys.
If this policy is set to false or left unset, the keyboard will produce media key commands by default and function key commands when the search key is held.</translation>
<translation id="4639407427807680016">Names of the native messaging hosts to be exempt from the blacklist</translation>
<translation id="4650759511838826572">Disable URL protocol schemes</translation>
<translation id="465099050592230505">Enterprise web store URL (deprecated)</translation>
<translation id="4661889655253181651">Content settings allow you to specify how contents of a specific type (for example Cookies, Images or JavaScript) are handled.</translation>
<translation id="4665897631924472251">Extension management settings</translation>
<translation id="4668325077104657568">Default images setting</translation>
<translation id="4670865688564083639">Minimum:</translation>
<translation id="4671708336564240458">Allows you to set whether sites with abusive experiences should be prevented from opening new windows or tabs.
If this policy is set to True, sites with abusive experiences will be prevented from opening new windows or tabs.
However, this behaviour will not trigger if SafeBrowsingEnabled policy is set to False.
If this policy is set to False, sites with abusive experiences will be allowed to open new windows or tabs.
If this policy is left not set, True will be used.</translation>
<translation id="467236746355332046">Supported features:</translation>
<translation id="4674167212832291997">Customise the list of URL patterns that should always be rendered by <ph name="PRODUCT_FRAME_NAME" />.
If this policy is not set the default renderer will be used for all sites as specified by the 'ChromeFrameRendererSettings' policy.
For example patterns see https://www.chromium.org/developers/how-tos/chrome-frame-getting-started.</translation>
<translation id="467449052039111439">Open a list of URLs</translation>
<translation id="4674871290487541952">Allow insecure algorithms in integrity checks on extension updates and installations</translation>
<translation id="4680936297850947973">Deprecated in M68. Use DefaultPopupsSetting instead.
For a full explanation, see https://www.chromestatus.com/features/5675755719622656.
If this policy is enabled, sites will be allowed to simultaneously navigate and open new windows/tabs.
If this policy is disabled or not set, sites will be disallowed from simultaneously navigating and opening a new window/tab.</translation>
<translation id="4680961954980851756">Enable AutoFill</translation>
<translation id="4703402283970867140">Enable smart dim model to extend the time until the screen is dimmed</translation>
<translation id="4722122254122249791">Enable Site Isolation for specified origins</translation>
<translation id="4722399051042571387">If false, users will be unable to set PINs which are weak and easy to guess.
Some example weak PINs: PINs containing only one digit (1111), PINs whose digits are increasing by 1 (1234), PINs whose digits are decreasing by 1 (4321) and PINs which are commonly used.
By default, users will get a warning, not error, if the PIN is considered weak.</translation>
<translation id="4723829699367336876">Enable firewall traversal from remote access client</translation>
<translation id="4725528134735324213">Enable Android Backup Service</translation>
<translation id="4725801978265372736">Require that the name of the local user and the remote access host owner match</translation>
<translation id="4733471537137819387">Policies related to integrated HTTP authentication.</translation>
<translation id="4744190513568488164">Servers that <ph name="PRODUCT_NAME" /> may delegate to.
Separate multiple server names with commas. Wildcards (*) are allowed.
If you leave this policy unset <ph name="PRODUCT_NAME" /> will not delegate user credentials even if a server is detected as Intranet.</translation>
<translation id="4752880493649142945">Client certificate for connecting to RemoteAccessHostTokenValidationUrl</translation>
<translation id="4757671984625088193">If this is set to true or unset, <ph name="PRODUCT_NAME" /> will suggest pages related to the current page.
These suggestions are fetched remotely from Google servers.
If this setting is set to false, suggestions will not be fetched or displayed.</translation>
<translation id="4759650396863318477">Allows you to set the time period, in milliseconds, over which users are notified that <ph name="PRODUCT_NAME" /> must be relaunched or that a <ph name="PRODUCT_OS_NAME" /> device must be restarted to apply a pending update.
Over this time period, the user will be repeatedly informed of the need for an update. For <ph name="PRODUCT_OS_NAME" /> devices, a restart notification appears in the system tray according to the <ph name="RELAUNCH_HEADS_UP_PERIOD_POLICY_NAME" /> policy. For <ph name="PRODUCT_NAME" /> browsers, the app menu changes to indicate that a relaunch is needed once one third of the notification period passes. This notification changes colour once two thirds of the notification period passes, and again once the full notification period has passed. The additional notifications enabled by the <ph name="RELAUNCH_NOTIFICATION_POLICY_NAME" /> policy follow this same schedule.
If not set, the default period of 345600000 milliseconds (four days) is used for <ph name="PRODUCT_OS_NAME" /> devices and 604800000 milliseconds (one week) for <ph name="PRODUCT_NAME" />.</translation>
<translation id="4777805166623621364">
This setting, SitePerProcess, may be used to disallow users from opting out of the default behaviour of isolating all sites. Note that the IsolateOrigins policy may also be useful for isolating additional, finer-grained origins.
If the policy is enabled, users will be unable to opt out of the default behaviour where each site runs in its own process.
If the policy is not configured or disabled, the user will be able to opt out of site isolation
(e.g. using 'Disable site isolation' entry in chrome://flags). Setting the policy to disabled and/or not configuring the policy does not turn off Site Isolation.
On <ph name="PRODUCT_OS_NAME" /> version 76 and earlier, it is recommended to also set the <ph name="DEVICE_LOGIN_SCREEN_SITE_PER_PROCESS_POLICY_NAME" /> device policy to the same value. If the values specified by the two policies don't match, a delay may be incurred when entering a user session while the value specified by user policy is being applied.
NOTE: This policy does not apply on Android. To enable SitePerProcess on Android, use the SitePerProcessAndroid policy setting.
</translation>
<translation id="4788252609789586009">Enables <ph name="PRODUCT_NAME" />'s Auto-Fill feature and allows users to auto-complete credit card information in web forms using previously stored information.
If this setting is disabled, Auto-fill will never suggest or fill in credit card information, nor will it save additional credit card information that the user might submit while browsing the web.
If this setting is enabled or has no value, the user will be able to control Auto-fill for credit cards in the UI.</translation>
<translation id="4791031774429044540">Enable the large cursor accessibility feature.
If this policy is set to true, the large cursor will always be enabled.
If this policy is set to false, the large cursor will always be disabled.
If you set this policy, users cannot change or override it.
If this policy is left unset, the large cursor is disabled initially but can be enabled by the user at any time.</translation>
<translation id="4802905909524200151">Configure <ph name="TPM_FIRMWARE_UPDATE_TPM" /> firmware update behaviour</translation>
<translation id="4804828344300125154">Always reboot on user sign-out.</translation>
<translation id="4807950475297505572">Least recently used users are removed until there is enough free space</translation>
<translation id="4816674326202173458">Allow enterprise user to be both primary and secondary (Default behaviour for non-managed users)</translation>
<translation id="4826326557828204741">Action to take when the idle delay is reached while running on battery power</translation>
<translation id="4832852360828533362">User and device reporting</translation>
<translation id="4834526953114077364">Least recently used users who have not logged in within the last 3 months are removed until there is enough free space</translation>
<translation id="4835622243021053389">Enable NTLMv2 authentication.</translation>
<translation id="4858735034935305895">Allow fullscreen mode</translation>
<translation id="4861767323695239729">Configure the allowed input methods in a user session</translation>
<translation id="487460824085252184">Migrate automatically, don’t ask for user consent.</translation>
<translation id="4874982543810021567">Block WebUSB on these sites</translation>
<translation id="4876805738539874299">Maximum SSL version enabled</translation>
<translation id="4887274746092315609">Enables a page for in-session change of password for SAML users</translation>
<translation id="4897928009230106190">Specifies the parameters used when doing suggestion search with POST. It consists of comma-separated name/value pairs. If a value is a template parameter, like {searchTerms} in above example, it will be replaced with real search terms data.
This policy is optional. If not set, suggest search request will be sent using the GET method.
This policy is only respected if the 'DefaultSearchProviderEnabled' policy is enabled.</translation>
<translation id="489803897780524242">Parameter controlling search term placement for the default search provider</translation>
<translation id="4899708173828500852">Enable Safe Browsing</translation>
<translation id="4899802251198446659">Allows you to control whether videos with audio content can play automatically (without user consent) <ph name="PRODUCT_NAME" />.
If the policy is set to True, <ph name="PRODUCT_NAME" /> is allowed to auto-play media.
If the policy is set to False, <ph name="PRODUCT_NAME" /> is not allowed to auto-play media. The Auto-PlayWhitelist policy can be used to override this for certain URL patterns.
By default, <ph name="PRODUCT_NAME" /> is not allowed to auto-play media. The Auto-PlayWhitelist policy can be used to override this for certain URL patterns.
Note that if <ph name="PRODUCT_NAME" /> is running and this policy changes, it will only be applied to newly opened tabs. Therefore, some tabs might still observe the previous behaviour.
</translation>
<translation id="4906194810004762807">Refresh rate for Device Policy</translation>
<translation id="4917385247580444890">Strong</translation>
<translation id="4923806312383904642">Allow WebDriver to Override Incompatible Policies</translation>
<translation id="494613465159630803">Cast Receiver</translation>
<translation id="494924690085329212">Reboot on user sign-out if Android has started.</translation>
<translation id="4962262530309732070">If this policy is set to true or not configured, <ph name="PRODUCT_NAME" /> will allow Add Person from the user manager.
If this policy is set to false, <ph name="PRODUCT_NAME" /> will not allow creation of new profiles from the user manager.</translation>
<translation id="4970855112942626932">Disable browser sign-in</translation>
<translation id="4978405676361550165">If 'OffHours' policy is set, then the specified device policies are ignored (use the default settings of these policies) during the defined time intervals. Device policies are re-applied by Chrome on every event when 'OffHours' period starts or ends. User will be notified and forced to sign out when 'OffHours' time end and device policy settings are changed (e.g. when user is logged in with an unallowed account).</translation>
<translation id="4980635395568992380">Data Types</translation>
<translation id="4983201894483989687">Allow running plug-ins that are outdated</translation>
<translation id="4986560318567565414">Path to Chrome for switching from the alternative browser.</translation>
<translation id="4988291787868618635">Action to take when the idle delay is reached</translation>
<translation id="5034604678285451405">Set power peak shift battery threshold in per cent.
This policy is only used if DevicePowerPeakShiftEnabled is set to true.
If this policy is not configured or left unset, power peak shift will always be disabled.</translation>
<translation id="5047604665028708335">Allow access to sites outside of content packs</translation>
<translation id="5052081091120171147">This policy forces the browsing history to be imported from the current default browser, if enabled. If enabled, this policy also affects the import dialogue.
If disabled, no browsing history is imported.
If it is not set, the user may be asked whether to import or importing may happen automatically.</translation>
<translation id="5055312535952606505">Configures the proxy settings for <ph name="PRODUCT_NAME" />. These proxy settings will be available for ARC apps too.
If you enable this setting, <ph name="PRODUCT_NAME" /> and ARC apps ignore all proxy-related options specified from the command line.
Leaving this policy not set will allow the users to choose the proxy settings on their own.
If the <ph name="PROXY_SETTINGS_POLICY_NAME" /> policy is set, it will override any of the individual policies <ph name="PROXY_MODE_POLICY_NAME" />, <ph name="PROXY_PAC_URL_POLICY_NAME" />, <ph name="PROXY_SERVER_POLICY_NAME" />, <ph name="PROXY_BYPASS_POLICY_NAME" /> and <ph name="PROXY_SERVER_MODE_POLICY_NAME" />.
The <ph name="PROXY_MODE_PROXY_SETTINGS_FIELD" /> field allows you to specify the proxy server used by <ph name="PRODUCT_NAME" /> and prevents users from changing proxy settings.
The <ph name="PROXY_PAC_URL_PROXY_SETTINGS_FIELD" /> field is a URL to a proxy .pac file.
The <ph name="PROXY_SERVER_PROXY_SETTINGS_FIELD" /> field is a URL of the proxy server.
The <ph name="PROXY_BYPASS_LIST_PROXY_SETTINGS_FIELD" /> field is a list of proxy hosts that <ph name="PRODUCT_NAME" /> will bypass.
The <ph name="PROXY_SERVER_MODE_PROXY_SETTINGS_FIELD" /> field is deprecated in favour of the field 'ProxyMode'. It allows you to specify the proxy server used by <ph name="PRODUCT_NAME" /> and prevents users from changing proxy settings.
If you choose the value 'direct' as 'ProxyMode', a proxy will never be used and all other fields will be ignored.
If you choose the value 'system' as 'ProxyMode', the systems's proxy will be used and all other fields will be ignored.
If you choose the value 'auto_detect' as 'ProxyMode', all other fields will be ignored.
If you choose the value 'fixed_server' as 'ProxyMode', the 'ProxyServer' and 'ProxyBypassList' fields will be used.
If you choose the value 'pac_script' as 'ProxyMode', the 'ProxyPacUrl' and 'ProxyBypassList' fields will be used.</translation>
<translation id="5056708224511062314">Screen magnifier disabled</translation>
<translation id="5058573563327660283">Select the strategy used to free up disk space during automatic clean-up (deprecated)</translation>
<translation id="5067143124345820993">Login user white list</translation>
<translation id="5075834892754086022">If the policy is set, the configured minimal PIN length is enforced. (The absolute minimum PIN length is 1; values less than 1 are treated as 1.)
If the policy is not set, a minimal PIN length of 6 digits is enforced. This is the recommended minimum.</translation>
<translation id="5076274878326940940">Enables the use of a default search provider.
If you enable this setting, a default search is performed when the user types text in to the omnibox that is not a URL.
You can specify the default search provider to be used by setting the rest of the default search policies. If these are left empty, the user can choose the default provider.
If you disable this setting, no search is performed when the user enters non-URL text in to the omnibox.
If you enable or disable this setting, users cannot change or override this setting in <ph name="PRODUCT_NAME" />.
If this policy is left not set, the default search provider is enabled, and the user will be able to set the search provider list.
This policy is available only on Windows instances that are joined to a <ph name="MS_AD_NAME" /> domain. It also applies to Windows 10 Pro or Enterprise instances that enrolled for device management.</translation>
<translation id="5085647276663819155">Disable Print Preview</translation>
<translation id="5090209345759901501">Extend Flash content setting to all content</translation>
<translation id="5090791951240382356">Allow merging dictionary policies from different sources</translation>
<translation id="5093540029655764852">Specifies the rate (in days) at which a client changes their machine account password. The password is randomly generated by the client and not visible to the user.
Just like user passwords, machine passwords should be changed regularly. Disabling this policy or setting a high number of days can have a negative impact on security since it gives potential attackers more time to find the machine account password and use it.
If the policy is unset, the machine account password is changed every 30 days.
If the policy is set to 0, machine account password change is disabled.
Note that passwords might get older than the specified number of days if the client has been offline for a longer period of time.</translation>
<translation id="510196893779239086">This policy controls whether to close Chrome completely when the last tab would switch to another browser.
When this policy is left unset, or is set to true, Chrome will keep at least one tab open, after switching to an alternative browser.
When this policy is set to false, Chrome will close the tab after switching to an alternative browser, even if it was the last tab. This will cause Chrome to exit completely.</translation>
<translation id="5102203758995933166">Allows pushing network configuration to be applied per-user to a <ph name="PRODUCT_OS_NAME" /> device. The network configuration is a JSON-formatted string as defined by the Open Network Configuration format.</translation>
<translation id="5105313908130842249">Screen lock delay when running on battery power</translation>
<translation id="5108031557082757679">Disabled enterprise device printers</translation>
<translation id="5124368997194894978">Enable boot on AC (alternating current)</translation>
<translation id="5131211790949066746">Enables merging of the extension install list policies <ph name="EXTENSION_INSTALL_BLACKLIST_POLICY_NAME" />, <ph name="EXTENSION_INSTALL_WHITELIST_POLICY_NAME" /> and <ph name="EXTENSION_INSTALL_FORCELIST_POLICY_NAME" />.
If you enable this setting, the values from machine platform policy, machine cloud policy and user platform policy are merged into a single list and used as a whole instead of only using the values from the single source with highest priority.
If you disable this setting or leave it unset, only list entries from the highest priority source are taken and all other sources are shown as conflicts but ignored.</translation>
<translation id="5141670636904227950">Set the default screen magnifier type enabled on the login screen</translation>
<translation id="5142301680741828703">Always render the following URL patterns in <ph name="PRODUCT_FRAME_NAME" /></translation>
<translation id="5148753489738115745">Allows you to specify additional parameters that are used when <ph name="PRODUCT_FRAME_NAME" /> launches <ph name="PRODUCT_NAME" />.
If this policy is not set the default command line will be used.</translation>
<translation id="5152787786897382519">Both Chromium and Google Chrome have some groups of policies that depend on each other to provide control over a feature. These sets are represented by the following policy groups. Given that policies can have multiple sources, only values coming from the highest priority source will be applied. Values coming from a lower priority source in the same group will be ignored. The order of priority is defined in <ph name="POLICY_PRIORITY_DOC_URL" />.</translation>
<translation id="5159469559091666409">How frequently monitoring network packets are sent, in milliseconds.
If this policy is unset, the default interval is 3 minutes. The minimum
interval is 30 seconds and the maximum interval is 24 hours – values
outside of this range will be clamped to this range.</translation>
<translation id="5163002264923337812">Enable the old web-based sign-in flow</translation>
<translation id="5168529971295111207">This policy is deprecated, use ProxyMode instead.
Allows you to specify the proxy server used by <ph name="PRODUCT_NAME" /> and prevents users from changing proxy settings.
This policy only takes effect if the <ph name="PROXY_SETTINGS_POLICY_NAME" /> policy has not been specified.
If you choose to never use a proxy server and always connect directly, all other options are ignored.
If you choose to use system proxy settings or auto-detect the proxy server, all other options are ignored.
If you choose manual proxy settings, you can specify further options in 'Address or URL of proxy server', 'URL to a proxy .pac file' and 'Comma-separated list of proxy bypass rules'. Only the HTTP proxy server with the highest priority is available for ARC-apps.
For detailed examples, visit:
<ph name="PROXY_HELP_URL" />.
If you enable this setting, <ph name="PRODUCT_NAME" /> ignores all proxy-related options specified from the command line.
Leaving this policy not set will allow the users to choose the proxy settings on their own.</translation>
<translation id="5182055907976889880">Configure Google Drive in <ph name="PRODUCT_OS_NAME" />.</translation>
<translation id="5183383917553127163">Allows you to specify which extensions are not subject to the blacklist.
A blacklist value of * means all extensions are blacklisted and users can only install extensions listed in the whitelist.
By default, all extensions are whitelisted, but if all extensions have been blacklisted by policy, the whitelist can be used to override that policy.</translation>
<translation id="519247340330463721">Configure Safe Browsing related policies.</translation>
<translation id="5192837635164433517">Enables the use of alternative error pages that are built into <ph name="PRODUCT_NAME" /> (such as 'page not found') and prevents users from changing this setting.
If you enable this setting, alternative error pages are used.
If you disable this setting, alternative error pages are never used.
If you enable or disable this setting, users cannot change or override this setting in <ph name="PRODUCT_NAME" />.
If this policy is left unset, this will be enabled but the user will be able to change it.</translation>
<translation id="5196805177499964601">Block developer mode.
If this policy is set to True, <ph name="PRODUCT_OS_NAME" /> will prevent the device from booting into developer mode. The system will refuse to boot and show an error screen when the developer switch is turned on.
If this policy is unset or set to False, developer mode will remain available for the device.</translation>
<translation id="520403427390290017">The tab life cycles feature reclaims CPU and eventually memory associated with running tabs that have not been used in a long period of time, by first throttling them, then freezing them and finally discarding them.
If the policy is set to false then tab lifecycles are disabled, and all tabs will be left running normally.
If the policy is set to true or left unspecified then tab life cycles are enabled.</translation>
<translation id="5207823059027350538">Configures the default new tab page URL and prevents users from changing it.
The new tab page is the page opened when new tabs are created (including the one opened in new windows).
This policy does not decide which pages are to be opened on start up. Those are controlled by the <ph name="RESTORE_ON_STARTUP_POLICY_NAME" /> policies. Yet this policy does affect the homepage if that is set to open the new tab page, as well as the start-up page if that is set to open the new tab page.
If the policy is not set or left empty the default new tab page is used.
This policy is available only on Windows instances that are joined to a <ph name="MS_AD_NAME" /> domain. It also applies to Windows 10 Pro or Enterprise instances that enrolled for device management.</translation>
<translation id="5208240613060747912">Allows you to set a list of url patterns that specify sites which are not allowed to display notifications.
If this policy is left unset the global default value will be used for all sites either from the 'DefaultNotificationsSetting' policy, if it is set, or the user's personal configuration otherwise.</translation>
<translation id="5213038356678567351">Websites that should never trigger a browser switch.</translation>
<translation id="5219844027738217407">For Android apps, this policy affects the microphone only. When this policy is set to true, the microphone is muted for all Android apps, with no exceptions.</translation>
<translation id="5221394278852982313">Allows you to set a list of URLs that specify which sites will automatically be granted permission to access a USB device with the given vendor and product IDs. Each item in the list must contain both devices and URLs in order for the policy to be valid. Each item in devices can contain a vendor ID and product ID field. Any ID that is omitted is treated as a wildcard with one exception, and that exception is that a product ID cannot be specified without a vendor ID also being specified. Otherwise, the policy will not be valid and will be ignored.
The USB permission model uses the URL of the requesting site ('requesting URL') and the URL of the top-level frame site ('embedding URL') to grant permission to the requesting URL to access the USB device. The requesting URL may be different from the embedding URL when the requesting site is loaded in an iframe. Therefore, the 'URLs' field can contain up to two URL strings delimited by a comma to specify the requesting and embedding URL respectively. If only one URL is specified, then access to the corresponding USB devices will be granted when the requesting site's URL matches this URL regardless of embedding status. The URLs in 'URLs' must be valid URLs, otherwise the policy will be ignored.
If this policy is left not set, the global default value will be used for all sites either from the 'DefaultWebUsbGuardSetting' policy if it is set, or the user's personal configuration otherwise.
URL patterns in this policy should not clash with the ones configured via WebUsbBlockedForUrls. If there is a clash, this policy will take precedence over WebUsbBlockedForUrls and WebUsbAskForUrls.
Values for this policy and the DeviceWebUsbAllowDevicesForUrls policy are merged together.</translation>
<translation id="5228316810085661003">The device-local account auto-login delay.
If the |DeviceLocalAccountAutoLoginId| policy is unset, this policy has no effect. Otherwise:
If this policy is set, it determines the amount of time without user activity that should elapse before automatically logging into the device-local account specified by the |DeviceLocalAccountAutoLoginId| policy.
If this policy is unset, 0 milliseconds will be used as the timeout.
This policy is specified in milliseconds.</translation>
<translation id="523505283826916779">Accessibility settings</translation>
<translation id="5236882091572996759">If this policy is set to true or is unset, the user is not considered to be idle while audio is playing. This prevents the idle timeout from being reached and the idle action from being taken. However, screen dimming, screen off and screen lock will be performed after the configured timeouts, irrespective of audio activity.
If this policy is set to false, audio activity does not prevent the user from being considered idle.</translation>
<translation id="5246700266104954355">This policy is deprecated. Please use the <ph name="DEFAULT_PLUGINS_SETTING_POLICY_NAME" /> to control the availability of the Flash plugin and <ph name="ALWAYS_OPEN_PDF_EXTERNALLY_POLICY_NAME" /> to control whether the integrated PDF viewer should be used for opening PDF files.
Specifies a list of plugins that are enabled in <ph name="PRODUCT_NAME" /> and prevents users from changing this setting.
The wildcard characters '*' and '?' can be used to match sequences of arbitrary characters. '*' matches an arbitrary number of characters while '?' specifies an optional single character, i.e. matches zero or one characters. The escape character is '\', so to match actual '*', '?' or '\' characters, you can put a '\' in front of them.
The specified list of plugins is always used in <ph name="PRODUCT_NAME" /> if they are installed. The plugins are marked as enabled in 'about:plugins' and users cannot disable them.
Note that this policy overrides both DisabledPlugins and DisabledPluginsExceptions.
If this policy is left not set, the user can disable any plugin installed on the system.</translation>
<translation id="5247006254130721952">Block dangerous downloads</translation>
<translation id="5248863213023520115">Sets encryption types that are allowed when requesting Kerberos tickets from an <ph name="MS_AD_NAME" /> server.
If the policy is set to 'All', both the AES encryption types 'aes256-cts-hmac-sha1-96' and 'aes128-cts-hmac-sha1-96' as well as the RC4 encryption type 'rc4-hmac' are allowed. AES encryption takes preference if the server supports both types. Note that RC4 is insecure and the server should be reconfigured if possible to support AES encryption.
If the policy is set to 'Strong' or if it is unset, only the AES encryption types are allowed.
If the policy is set to 'Legacy', only the RC4 encryption type is allowed. This option is insecure and should only be needed in very specific circumstances.
See also https://wiki.samba.org/index.php/Samba_4.6_Features_added/changed#Kerberos_client_encryption_types.</translation>
<translation id="5249453807420671499">Users can add Kerberos accounts</translation>
<translation id="5255162913209987122">Can be Recommended</translation>
<translation id="527237119693897329">Allows you to specify which native messaging hosts should not be loaded.
A blacklist value of '*' means that all native messaging hosts are blacklisted unless they are explicitly listed in the whitelist.
If this policy is left not set <ph name="PRODUCT_NAME" /> will load all installed native messaging hosts.</translation>
<translation id="5272684451155669299">If true, the user can use the hardware on Chrome devices to remotely attest its identity to the privacy CA via the <ph name="ENTERPRISE_PLATFORM_KEYS_API" /> using <ph name="CHALLENGE_USER_KEY_FUNCTION" />.
If it is set to false, or if it is not set, calls to the API will fail with an error code.</translation>
<translation id="5277806246014825877">Enable this user to run Crostini.
If the policy is set to false, Crostini is not enabled for the user.
If set to true or left unset, Crostini is enabled for the user as long as other settings also allow it.
All three policies, VirtualMachinesAllowed, CrostiniAllowed and DeviceUnaffiliatedCrostiniAllowed need to be true when they apply for Crostini to be allowed to run.
When this policy is changed to false, it applies to starting new Crostini containers but does not shut down containers which are already running.</translation>
<translation id="5283457834853986457">Disable plug-in finder (deprecated)</translation>
<translation id="5288772341821359899">If the policy is set, the UDP port range used by WebRTC is restricted to the specified port interval (endpoints included).
If the policy is not set, or if it is set to the empty string or an invalid port range, WebRTC is allowed to use any available local UDP port.</translation>