I'd like to disable all file downloads in Google Chrome. I've done this to IE with group policy trivially, however Google Chrome apparently cannot do this natively. There is a setting named "set download directory", but disabling it has no effect, and setting it to a directory inaccessible to user just makes Chrome prompt for a save location.
I also tried an extension named "EXE and msi blocker", but it blocks ALL URLs that end with .exe, there are legitimate web sites that don't serve downloads that have .EXE in URLs.
I just want to make my kid's browsing a bit safer. I prefer a secure solution (one that cannot be subverted trivially), but will settle for something less secure too, if it does the job.
Update (some more background info): We've "standardized" on Chrome in the family, so I'd prefer to use it as a default browser on all computers. I'm using K9 web protection for generic online filtering. We don't have any IMs installed on the kid's computer, so we don't need to worry about that yet. My son is 9 year old, so we try to stay on top whatever he's doing on his computer, he's not allowed to install/run/download anything on his own, etc.
Best Answer
Chrome uses Windows Attachment Manager for handling downloads. Its KB article describes its Group Policy settings, but I’m not sure that any of those directly allows blocking of all downloads.
What you can do, however, is use IE’s URL Security Zones to block downloads by setting the policy to “disallow” for the URL Actions
URLACTION_SHELL_EXECUTE_HIGHRISK,URLACTION_SHELL_EXECUTE_MODRISKandURLACTION_SHELL_EXECUTE_LOWRISK.IE only exposes a GUI for the “high risk” category, which is the security setting “Launching programs and unsafe files”. The others can be set programatically using
IInternetZoneManager::SetZoneActionPolicy()or by setting the corresponding values directly in the Registry underSoftware\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\n(where n is a zone number; 0–4 correspond to “Computer”, “Local intranet”, “Trusted sites”, “Internet” and “Untrusted sites” respectively.) The three action value names are 1806, 1807 and 1808, and the setting for “disallow” is 3.(Chrome has slightly strange behaviour in that files are actually downloaded to temporary .crdownload files, then immediately deleted when Attachment Manager blocks the attempt to save them. At least it appears that the block can’t be subverted by removing delete permissions from the download directory...)