Home Admin Help Center

Credential Protection deployment using Windows and GPO

For admins only For all plans

Credential Protection deployment using Windows and GPO

Printer icon
Updated

Credential Risk Detection, AI Phishing Alerts, and Credential Risk Alerts are available to organizations with Credential Protection.

Estimated time to complete: 20 minutes

If you have Credential Protection and are deploying the Dashlane browser extension, you can deploy the Credential Protection features at the same time:

Admins can use the master data management (MDM) tool GPO to set up Credential Protection features for company-managed Google Chrome and Microsoft Edge desktop browsers on Windows.

What is GPO?
Looking to set up Risk detection on macOS using Jamf?
Looking to set up Risk detection on Windows using Intune?

Although Credential Protection features are most beneficial when rolled out to your entire organization, you can start with a smaller group (or just yourself) during setup and extend it to more employees anytime. To add more employees, update the groups included in your policy deployment.

Add employees to the policy

Process overview

Prerequisites

Make sure you have the appropriate access needed to set up Credential Protection features:

  • Admin access to a Dashlane account with Credential Protection
  • Admin access to Group Policy (GPO) on Windows
  • Permission to deploy policies to devices using GPO

Set up Credential Protection features on Windows using GPO

Setup involves two main steps:

  1. Policy deployment
  2. Extension deployment

If you prefer, watch the Windows + GPO step-by-step video

1: Policy deployment

Don't skip this step, even if you've already deployed the Dashlane browser extension.

If the extension has already been deployed and you want to turn on Credential Protection features for existing employees, you can skip step 2 in the setup guide. You can turn on the features after deploying the Credential Protection policy.

Important: You must deploy the Dashlane security policies before you deploy the Dashlane browser extension. This order ensures the extension installs silently and the security features work as expected. If you don't deploy the policies to your targeted machines, your employees will be asked to log in to Dashlane on every login screen. If you deploy the extension before the policies, employees might create a personal account before the policies are applied.

What is a silent deployment?

A "silent deployment" of the extension means installing the extension on employees' company-managed desktop browsers without any visible prompts or interaction needed from the employee. Admins must configure the managed device policy before they deploy Credential Risk Detection to avoid inadvertently notifying employees about Dashlane.

In the Dashlane Admin Console, start the setup:

  1. Log in to the Dashlane browser extension and open the Admin Console
  2. Under Integrations, select Deployment.

  3. On the Deployment page, select Start setup.

  4. On the Setup page, select Start to see the steps for the policy deployment.

  5. Select the Group Policy (GPO) tab and the browsers you're deploying to. Ensure your selection is accurate before downloading the XML files so your GPO is created correctly.

  6. In the Windows guidelines section, select Download all XML files.

  7. On a domain-joined server, open Group Policy Management, right-click, and select Run as administrator. You're going to create a new Policy Object.

  8. Right-click on Group Policy Object and select New.

  9. You can name this new GPO CRD Policy and select OK.

  10. Right-click on the CRD Policy you created and select Edit.

  11. Go to User Configuration, Preferences, Windows Settings, Registry.

  12. Select all the .xml templates you downloaded, press Ctrl + C to copy them, and Ctrl + V to paste them in the empty Registry window.

  13. Select Yes when asked if you want to import the pasted document.

  14. Close the Group Policy Management Editor.

  15. Back in the Group Policy Management window, right-click your OU (organizational unit) from the "Group Policy Management" folder and select Link an Existing GPO.

  16. Select CRD Policy and OK.

  17. Right-click on CRD Policy in the Domains folders and select Enforced.

After performing these steps, the deployment might take up to eight hours, but it's usually faster.

To ensure Risk Detection's proactive threat monitoring doesn't alert or disrupt employees, you must wait for the policy to take effect in your MDM before deploying the Dashlane browser extension to enrolled devices and activating the feature.

Check that the policy was applied:

Using a device that was part of the group the script was deployed to, go to Registry Editor and select the following folders in order.

Chrome:

HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\3rdparty\extensions\fdjamakpfbbddfjaooikfcpapjohcfmg\policy

Edge:

HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Edge\3rdparty\extensions\gehmmocbbkpblljhkekmfhjpfbkclbph\policy

In the extensions, you'll see a folder named using the Dashlane browser extension ID. Under that folder, the policy folder contains the actual values of the Credential Protection policy.

Go back to the Dashlane Admin Console, and select Continue to move to the second step.

2: Extension deployment

You can skip this step if you've previously deployed the Dashlane browser extension.

If you're deploying to both Chrome and Edge, repeat these steps for each browser.

Create new GPO policy

  1. Open all folders within Group Policy Management until you see the "Group Policy Objects" folder. Right-click that folder and select New.

  2. In the New GPO pop-up, enter "DashlaneGPO" or "Dashlane browser extension" for the Name and then select OK.

  3. Right-click your OU from the "Group Policy Management" folder and select Link an Existing GPO. For example, if the domain is "dashlanenyc.com" and the OU is "Dashlane-Client", the target computers are in the "Dashlane-Client" folder.

  4. In the Select GPO pop-up, select the "Dashlane-GPO" you created and select OK.

Select the browser you're using.

Download the template and configure the Dashlane browser extension GPO in Chrome

  1. Download the “policy_templates.zip” template file

  2. Right-click the "policy_templates.zip" file in Explorer, select Rename, and rename it: "chrome_policy_templates"

  3. Select the "chrome_policy_templates" file that you just renamed, and then select Extract all.

  4. In the Select a Destination and Extract Files pop-up, select Browse, select your "Downloads" folder, and select Extract.

  5. In the "Downloads" folder, open the "chrome_policy_templates" folder you just extracted and then open the "windows" folder inside it.

  6. In the "windows" folder, open the "admx" folder.

  7. Select the two files named "chrome.admx" and "google.admx", right-click the two files, and select Copy.

  8. Open "C:/Windows" in a new Explorer window, right-click on the "Policy Definitions" folder, and select Paste.

  9. Return to the "admx" folder again, open the "en-US" folder inside that, select the two files named "chrome.adml" and "google.adml", right-click the two files, and select Copy.

  10. Return to the "Policy Definitions" folder again, right-click the "en-US" folder, and select Paste.

  11. Right-click your OU from the "Group Policy Management" folder, as you did at the beginning of this article, and select Edit.

  12. In the Group Policy Management Editor, open "Computer Configuration", "Policies", "Administrative Templates: Policy definitions (ADMX files) retrieved from the local computer, "Google", "Google Chrome", and "Extensions". Then right-click "Configure the list of force-installed apps and extensions" and select Edit.

  13. In the Configure the list of force-installed apps and extensions pop-up, select Enabled, and select Show. In the Show Contents pop-up, paste fdjamakpfbbddfjaooikfcpapjohcfmg;https://clients2.google.com/service/update2/crx and select OK.

Download the template and configure the Dashlane browser extension GPO in Edge

  1. Download Windows 64-bit Policy

  2. In the Download Microsoft Edge Policy File pop-up, select Accept and download.

  3. Open the "MicrosoftEdgePolicyTemplates" file you just downloaded in Explorer and save it to your "Downloads" folder.

  4. Select "MicrosoftEdgePolicyTemplates" file in your "Downloads" folder and then select Extract all.

  5. In the Select a Destination and Extract Files pop-up, select Browse, select your "Downloads" folder, and select Extract.

  6. In the "Downloads" folder, open the "MicrosoftEdgePolicyTemplates" folder you just extracted, and open the "windows" folder inside it.

  7. In the "windows" folder, open the "admx" folder.

  8. Select the three files named "msedge.admx", "msedgeupdate.admx", and "msdegewebview2.admx", right-click the three files, and select Copy.

  9. Open "C:/Windows" in a new Explorer window, right-click on the "Policy Definitions" folder, and select Paste.

  10. Return to the "admx" folder again, open the "en-US" folder inside that, select the three files named "msedge.admx", "msedgeupdate.admx", and "msdegewebview2.admx", right-click the three files, and select Copy.

  11. Return to the "Policy Definitions" folder again, right-click the "en-US" folder, and select Paste.

  12. Right-click your OU from the "Group Policy Management" folder, as you did at the beginning of this article, and select Edit.

  13. In the Group Policy Management Editor, open "Computer Configuration", "Policies", "Administrative Templates: Policy definitions (ADMX files) retrieved from the local computer, "Microsoft Edge", and "Extensions". Then, right-click "Control which extensions are installed silently" and select Edit.

  14. In the Configure the list of force-installed apps and extensions pop-up, select Enabled, and select Show. In the Show Contents pop-up, paste gehmmocbbkpblljhkekmfhjpfbkclbph, and select OK.

In the Dashlane Admin Console select Complete to confirm the extension was deployed.

After this deployment you can turn on Credential Risk Detection. You can also turn on AI Phishing Alerts and Credential Risk Alerts.

Learn more about Credential Risk Detection
Learn more about AI Phishing Alerts
Learn more about Credential Risk Alerts

If you turn on Credential Risk Detection or AI Phishing Alerts, the information collected will be logged in the Activity Log and displayed on the Risk Detection and Phishing Alerts pages.

More about Risk Detection insights
More about Phishing alerts insights

If you have any issues turning on these features, please contact our Support team.

Contact Support through the Admin Console

Watch the Windows + GPO setup video

What is GPO?

A Group Policy Object (GPO) is a virtual collection of policy settings. Group Policy settings are contained in a GPO. A GPO can represent policy settings in the file system and in the Active Directory.

More on Microsoft's GPO

Powered by Zendesk