Deploy the Extension via Active Directory GPO

No Intune or Google Workspace? You can roll the extension out with Group Policy. Here the extension lives on your own web server (not an app store), and Group Policy tells every PC to install it. It works for Edge and Chrome. It is a longer setup, but you only do it once.

What you will need

• An Active Directory domain with the Group Policy Management Console (gpmc.msc).
• Windows 10/11 PCs joined to the domain, in an OU.
• A web server on your network (IIS works well) to host two files.
• Your API key, and Edge and/or Chrome on the PCs.

Step 1 — Get the extension files

Download zeus-extension.crx (the extension), zeus-extension.pem (a private key — keep it safe for future updates), and extension-id.txt. You will reuse one value everywhere, the Extension ID:

hgooghpcnalhpjbemnnmdoabfjhchoip

Step 2 — Create the update file

Browsers need a small update.xml that points to the extension:

<?xml version='1.0' encoding='UTF-8'?>
<gupdate xmlns='http://www.google.com/update2/response' protocol='2.0'>
  <app appid='hgooghpcnalhpjbemnnmdoabfjhchoip'>
    <updatecheck codebase='http://YOUR_SERVER/zeus/zeus-extension.crx' version='3.24.0' />
  </app>
</gupdate>

Swap YOUR_SERVER for your server's name or IP address.

Step 3 — Put the files on your web server

1. Install IIS and create the folder C:\inetpub\wwwroot\zeus.
2. Copy zeus-extension.crx and update.xml into it.
3. Let IIS serve the extension by adding a MIME type — extension .crx, type application/x-chrome-extension. (Without this, the download fails.)
4. Test from another PC: open http://YOUR_SERVER/zeus/update.xml (you should see XML) and the .crx link should download.

Step 4 — Add the browser policy templates

So Group Policy can show the extension settings, copy the Edge and Chrome ADMX templates into your domain's Central Store (the PolicyDefinitions folder). Then open gpmc.msc, edit any GPO, and confirm Microsoft Edge and Google Chrome now appear under Computer Configuration → Administrative Templates, each with an Extensions section.

Step 5 — Tell PCs to install the extension

Create a new GPO linked to your workstation OU, then turn on force-install:

Edge: Computer Configuration → Administrative Templates → Microsoft Edge → Extensions → "Control which extensions are installed silently" → Enabled → Show → add:

hgooghpcnalhpjbemnnmdoabfjhchoip;http://YOUR_SERVER/zeus/update.xml

Chrome: Computer Configuration → Administrative Templates → Google → Google Chrome → Extensions → "Configure the list of force-installed apps and extensions" → Enabled → Show → add the same line.

Step 6 — Add your Zeuslock settings

This gives the extension your API key so it connects automatically. In Computer Configuration → Preferences → Windows Settings → Registry, add the settings below, under the key for each browser you use:

• Edge: HKLM\SOFTWARE\Policies\Microsoft\Edge\3rdparty\extensions\hgooghpcnalhpjbemnnmdoabfjhchoip\policy
• Chrome: HKLM\SOFTWARE\Policies\Google\Chrome\3rdparty\extensions\hgooghpcnalhpjbemnnmdoabfjhchoip\policy

Tip: create the first registry item, then copy-paste it for the rest — just change the name and value each time.

Step 7 — Roll it out and check

1. On a test PC, run gpupdate /force, then restart the browser.
2. Open edge://extensions or chrome://extensions — Zeuslock shows "Installed by your organization" and cannot be turned off.
3. Quick test: paste 4111 1111 1111 1111 into ChatGPT and send — you should see the red "SEND BLOCKED" banner, and the incident on your dashboard.

Once it works on one PC, run gpupdate /force across the OU (or let it apply at the next sign-in).