This article explains how to set a group policy to disable the browser's native password manager. This prevents corporate logins from being saved and synchronized to personal accounts. You may also consider deploying the Dashlane extension to all browsers as part of this same policy.
Disable the Edge native password manager via GPO
- Log in to a windows server and open Group Policy Editor.
- Download the Edge Policy Templates.
- In Group Policy Editor, create a new GPO for Edge - Disable PWM.
- Choose your desired scope.
- Right-click the new Group Policy Object > Edit.
- On the Group Policy Management Editor, go to User Configuration > Policies > Administrative Templates > Microsoft Edge.
- Set the following policies:
- Disable the policy Enable AutoFill for addresses.
- Disable the policy Enable AutoFill for credit cards.
- Under "Password manager and protection," disable the policy Enable saving passwords to the password manager.
- Optionally, you can enable the policy Disable synchronization of data using Microsoft sync services.
Once complete, the GPO settings will look like this:
- Ensure the GPO link is enabled.
How do I know this worked?
- On the user's computer, open a command prompt, and run gpupdate /force.
This prompts a logout to complete the new settings. - Open Edge, then click the three dots for settings ... > Settings > Passwords.
- Ensure "Offer to save passwords" is turned off and managed by the organization.
Note that 'Sign-in automatically' is still checked because there is no policy setting to turn this off.
Important: Note that any logins previously saved in Edge will not be removed and will continue to show to the user even with Edge autofill disabled. Be sure to instruct the user to import any saved logins into Dashlane and delete them from Edge.
Disable Chrome native password manager via GPO
- Download the Google Chrome Administrative Templates.
- Copy the ADMX file:
FROM the downloaded folder 'policy_templates\windows\admx\chrome.admx & google.admx
TO C:\Windows\PolicyDefinitions - Copy the ADML file:
FROM 'policy_templates\windows\admx\en-us\chrome.adml & google.adml
TO C:\Windows \PolicyDefinitions\en-us - On a Windows server, open Group Policy Editor.
- Create a new GPO called "Chrome - Disable PWM."
- Choose your desired scope.
- Right-click the Group Policy Object > Edit.
- Go to User Configuration > Policies > Administrative Templates > Google > Google Chrome.
- Edit the following settings:
- Disable the policy Enable AutoFill for Addresses.
- Disable the policy Enable AutoFill for credit cards.
- Under "Password Manager," disable the policy Enable saving passwords to the password manager.
- Once complete, the GPO settings will look like this:
- Ensure the GPO link is enabled.
How do I know this worked?
- On the user's computer, open a command prompt and type: "gpupdate /force"
This prompts a logout to complete the new settings. - Open Chrome and click the profile icon on the top right. See that the user is not signed in.
- Open Chrome, then click the three dots ... > Settings > Passwords. See that Offer to save passwords is unchecked and managed by the organization.
Disable Firefox native password manager via GPO
- Log in to a Windows server that you use to manage your Group Policies.
- Download the latest Firefox Policy Templates .zip file.
- Copy the ADMX file:
FROM the downloaded folder 'policy_templates_v1.##\windows\firefox.admx & mozilla.admx
TO C:\Windows\PolicyDefinitions - Copy the ADML file
FROM 'policy_templates\windows\en-us\firefox.adml & mozilla.adml
TO C:\Windows \PolicyDefinitions\en-us - Open Group Policy Editor.
- Create a new GPO called "Firefox - Disable PWM."
- Choose your desired scope.
- Right-click the new group policy > Edit.
- Open User Configuration > Policies > Administrative Templates > Mozilla > Firefox.
- Edit the following policies:
- Disable the policy Disable Firefox Accounts.
- Disable the policy Offer to save logins.
- Disable the policy Offer to save logins (default).
- Disable the policy Password Manager.
- Once complete, the GPO settings will look like this:
- Ensure the GPO link is enabled.
How do I know this worked?
- Log in as a user that is part of the scope, open the command line, and run gpupdate /force.
- Open Firefox and select Logins and Passwords from the menu bar.
- Ensure that a "Blocked Page" message is displayed.