How To Disable Native Password Managers In Chrome, Edge, Firefox Using Group Policy Templates

Key Points

  • There is no native method to disable Password Manager in web browsers.
  • Domain administrators can disable browsers from asking to save credentials using Grou Policy ADMX templates, dedicated for each web browser.

When using web browsers, you must have noticed that it asks you to save a password for a website when you enter your credentials. It is then up to you whether you want to save them or prevent the browser from asking again on that specific website. But, you do not have the option to prevent the browser from asking you altogether.

This option is shown by the built-in, native Password Manager in most modern browsers, such as Chrome, Edge, and Firefox. Unfortunately, you cannot disable these Password Managers on your own.

Although these features are now becoming more secure by the day, they are still a potential hazard if your computer is accessed without authorization, or any data is compromised. Therefore, you may want to disable them, especially at an enterprise level.

In this article, we show you how to manage the Password Managers in Microsoft Edge, Mozilla Firefox, and Google Chrome in a managed network. Therefore, this post is directed toward the sysadmin and organization administrators who want to make their environment more secure by disabling the Password Manager of the aforementioned web browsers.

Disabling Password Manager for web browsers

Having your web credentials pre-saved and only having to autofill them saves time, and you do not have to recall the username and the password each time. However, from a sysadmin’s perspective, this can be quite insecure, as anyone with access to your PC could potentially log in to all websites that have your credentials saved within the browser’s Password Manager.

That said, this is only possible if you are using a managed system, which means that you must be a member of an Active Directory Domain. You must use a Domain Controller with browser templates installed, and then configure them to disable the Password Managers on the managed systems.

In this post, we will give you a step-by-step guide on installing the browser templates and then configuring them to disable the Password Managers.

Note: Make sure that you have access to the Domain Controller and that the target computers are joined to the same domain. Additionally, you must also include the target computer(s) inside an Organizational Unit (OU) to which a policy can be applied.

Disable Password Manager in Microsoft Edge using Group Policy

You must first download and install the Microsoft Edge ADMX templates, and then use them to disable the Password Manager on the target devices. Therefore, this section has been divided into two portions, and the steps must be performed in the given order:

  1. Download and install Edge ADMX templates
  2. Configure GPO to disable Edge Password Manager

Download and install Edge ADMX templates

  1. Start by logging into the Domain Controller.

  2. Download the ADMX templates for Edge from the following link:

    Microsoft Edge for Business: Download Edge and ADMX policy templates

    Download Microsoft Edge ADMX policy templates
    Download Microsoft Edge ADMX policy templates
  3. Double-click the downloaded .CAB file, and then extract the folder within.

  4. Navigate to the extracted folder, then inside the “Windows” folder, and then inside the “admx” folder. The path should look like this:

    C:\Users\Administrator\Downloads\MicrosoftEdgePolicyTemplates.zip\windows\admx
  5. Copy the file “msedge.admx” and paste it at the following path:

    Note: Do not close this current admx directory.

    C:\Windows\PolicyDefinitions\
  6. Now, inside the “admx” directory, go inside your preferred language folder (e.g “en-US”), copy the file “msedge.adml,” and paste it into the following path:

    C:\Windows\PolicyDefinitions\en-us\

Once pasted, you can proceed to the next section below to use these templates to disable the Edge Password Manager.

Configure GPO to disable Edge Password Manager

Once the Edge templates are installed, use these steps to configure a Group Policy Object and disable the Password Manager in Microsoft Edge:

  1. On the Domain Controller, press the Windows Key + R to open the Run Command box.

  2. Type in “gpmc.msc” to open the Group Policy Management Console.

    Open the Group Policy Management Console
    Open the Group Policy Management Console
  3. Expand the following trees from the left pane:

    Forest:[ForestName] >> Domains >> [DomainName]
    Expand the trees to the domain name
    Expand the trees to the domain name
  4. Right-click “Group Policy Objects” and click New.

    Create a new GPO
    Create a new GPO
  5. Enter a name for the GPO and click Ok.

    Set a custom name for the GPO
    Set a custom name for the GPO
  6. Right-click the new GPO and click Edit.

    Edit the new GPO
    Edit the new GPO

    This will open the Group Policy Management Editor.

  7. In the Group Policy Management Editor, navigate to the following path from the left pane:

    User Configuration >> Policies >> Administrative Templates >> Microsoft Edge
  8. Now double-click the following two policies, select Disabled, and then click Apply and Ok.

    • Enable AutoFill for addresses
    • Enable AutoFill for payment instruments
    Disable autofilling for addresses and credit cards in Edge
    Disable autofilling for addresses and credit cards in Edge
  9. Enable the policy “Disable synchronization of data using Microsoft sync services.”

    Enable policy to disable synchronization in Edge
    Enable policy to disable synchronization in Edge
  10. Now navigate to the following path from the left pane:

    User Configuration >> Policies >> Administrative Templates >> Microsoft Edge >> Password manager and protection
  11. Disable the policy “Enable saving passwords to the password manager” in the right pane.

    Disable saving passwords to Edge's password manager
    Disable saving passwords to Edge’s password manager
  12. Close the Group Policy Management Editor.

  13. In Group Policy Management, right-click the OU to assign the GPO, and then click “Link an existing GPO.”

    Link GPO to OU
    Link GPO to OU
  14. Select the GPO created in Step 5 and click Ok.

    Select the GPO to disable Password Manager in Edge
    Select the GPO to disable Password Manager in Edge
  15. On the target computer where you want to disable Password Manager in Edge, open an elevated Command Prompt and run the following command:

    GPUpdate /Force
    Enforce group policy changes
    Enforce group policy changes

After performing all of the steps above, you can check that Microsoft Edge on the target devices will no longer ask you to save the passwords or autofill any critical information like addresses, payment details, etc.

Disable Password Manager in Google Chrome using Group Policy

The process of disabling the Password Manager to prevent it from asking the users to save credentials is very much similar to Edge. You must first download and install the Google Chrome ADMX templates, and then use them to disable the Password Manager on the target devices. Therefore, this section has been divided into two portions, and the steps must be performed in the given order:

  1. Download and install Chrome ADMX templates
  2. Configure GPO to disable Chrome Password Manager

Download and install Chrome ADMX templates

  1. Start by logging into the Domain Controller.

  2. Download the ADMX templates for Chrome from the following link:

    Chrome browser for Enterprise: Download Chrome ADMX policy templates

    Download ADMX policy templates for Google Chrome
    Download ADMX policy templates for Google Chrome
  3. Navigate to the downloaded folder, then inside the “Windows” folder, and then inside the “admx” folder. The path should look like this:

    C:\Users\Administrator\Downloads\policy_templates.zip\windows\admx
  4. Copy the file “chrome.admx” and paste it at the following path:

    Note: Do not close this current admx directory.

    C:\Windows\PolicyDefinitions\
  5. Now, inside the “admx” directory, go inside your preferred language folder (e.g “en-US”), copy the file “chrome.adml,” and paste it into the following path:

    C:\Windows\PolicyDefinitions\en-us\

Once pasted, you can proceed to the next section below to use these templates to disable the Chrome Password Manager.

Configure GPO to disable Chrome Password Manager

Once the Chrome templates are installed, use these steps to configure a Group Policy Object and disable the Password Manager in Google Chrome:

  1. On the Domain Controller, press the Windows Key + R to open the Run Command box.

  2. Type in “gpmc.msc” to open the Group Policy Management Console.

    Open the Group Policy Management Console
    Open the Group Policy Management Console
  3. Expand the following trees from the left pane:

    Forest:[ForestName] >> Domains >> [DomainName]
    Expand the trees to the domain name
    Expand the trees to the domain name
  4. Right-click “Group Policy Objects” and click New.

    Create a new GPO
    Create a new GPO
  5. Enter a name for the GPO and click Ok.

    Set a custom name for the GPO 2
    Set a custom name for the GPO
  6. Right-click the new GPO and click Edit.

    Edit the new GPO 2
    Edit the new GPO

    This will open the Group Policy Management Editor.

  7. In the Group Policy Management Editor, navigate to the following path from the left pane:

    User Configuration >> Policies >> Administrative Templates >> Google Chrome
  8. Now double-click the following two policies, select Disabled, and then click Apply and Ok.

    • Enable AutoFill for addresses
    • Enable AutoFill for credit cards
    Disable autofilling for addresses and credit cards in Chrome
    Disable autofilling for addresses and credit cards in Chrome
  9. (Optional) Enable the policy “Disable saving browser history.”

    Enable policy to disable saving browser history in Chrome
    Enable policy to disable saving browser history in Chrome
  10. Now navigate to the following path from the left pane:

    User Configuration >> Policies >> Administrative Templates >> Google Chrome >> Content settings
  11. Open the policy “Default cookies setting” from the right pane.

  12. Select Enabled, then select “Keep cookies for the duration of the session” from the drop-down menu in the “Options” section, and then click Apply and Ok.

    Configure Chrome cookies policy
    Configure Chrome cookies policy
  13. Now navigate to the following path from the left pane:

    User Configuration >> Policies >> Administrative Templates >> Google Chrome >> Password manager
  14. Disable the policy “Enable saving passwords to the password manager.”

    Disable password saving in Chrome through Group Policy
    Disable password saving in Chrome through Group Policy
  15. Close the Group Policy Management Editor.

  16. In Group Policy Management, right-click the OU to assign the GPO, and then click “Link an existing GPO.”

    Link a GPO to the OU
    Link a GPO to the OU
  17. Select the GPO created in Step 5 and click Ok.

    Select the GPO to disable Password Manager in Chrome
    Select the GPO to disable Password Manager in Chrome
  18. On the target computer where you want to disable Password Manager in Chrome, open an elevated Command Prompt and run the following command:

    GPUpdate /Force
    Enforce group policy changes
    Enforce group policy changes

Similar to Microsoft Edge, Chrome will now also not ask the user to save their password for any website or autofill any sensitive information, like addresses, or payment details.

Disable Password Manager in Mozilla Firefox using Group Policy

The method to disable the Password Manager from asking the user to save their credentials is the same for Firefox, as it is for Edge and Chrome.

You must first download and install the Firefox ADMX templates, and then use them to disable the Password Manager on the target devices. Therefore, this section has been divided into two portions, and the steps must be performed in the given order:

  1. Download and install Firefox ADMX templates
  2. Configure GPO to disable Firefox Password Manager

Download and install Firefox ADMX templates

  1. Start by logging into the Domain Controller.

  2. Download the ADMX templates for Mozilla Firefox from the following link:

    Latest Mozilla Firefox policy templates

    Download the latest ADMX policy templates for Mozilla Firefox
    Download the latest ADMX policy templates for Mozilla Firefox
  3. Navigate to the downloaded folder, then inside the “Windows” folder. The path should look like this:

    C:\Users\Administrator\Downloads\policy_templates_v5.0.zip\windows
  4. Copy the file “firefox.admx” and paste it at the following path:

    Note: Do not close this current “windows” directory.

    C:\Windows\PolicyDefinitions\
  5. Now, inside the “windows” directory, go inside your preferred language folder (e.g “en-US”), copy the file “firefox.adml,” and paste it into the following path:

    C:\Windows\PolicyDefinitions\en-us\

Once pasted, you can proceed to the next section below to use these templates to disable the Firefox Password Manager.

Configure GPO to disable Firefox Password Manager

Once the Firefox templates are installed, use these steps to configure a Group Policy Object and disable the Password Manager in Mozilla Firefox:

  1. On the Domain Controller, press the Windows Key + R to open the Run Command box.

  2. Type in “gpmc.msc” to open the Group Policy Management Console.

    Open the Group Policy Management Console
    Open the Group Policy Management Console
  3. Expand the following trees from the left pane:

    Forest:[ForestName] >> Domains >> [DomainName]
    Expand the trees to the domain name
    Expand the trees to the domain name
  4. Right-click “Group Policy Objects” and click New.

    Create a new GPO
    Create a new GPO
  5. Enter a name for the GPO and click Ok.

    Enter a custom name for the GPO
    Enter a custom name for the GPO
  6. Right-click the new GPO and click Edit.

    Edit the new GPO 3
    Edit the new GPO

    This will open the Group Policy Management Editor.

  7. In the Group Policy Management Editor, navigate to the following path from the left pane:

    User Configuration >> Policies >> Administrative Templates >> Firefox
  8. Now double-click the following 4 policies, select Disabled, and then click Apply and Ok.

    • Disable Firefox Accounts
    • Offer to save logins
    • Offer to save logins (default)
    • Password Manager
  9. Close the Group Policy Management Editor.

  10. In Group Policy Management, right-click the OU to assign the GPO, and then click “Link an existing GPO.”

    Link GPO to OU 2
    Link GPO to OU
  11. Select the GPO created in Step 5 and click Ok.

    Select the GPO to disable Password Manager in Firefox
    Select the GPO to disable Password Manager in Firefox
  12. On the target computer where you want to disable Password Manager in Firefox, open an elevated Command Prompt and run the following command:

    GPUpdate /Force
    Enforce group policy changes
    Enforce group policy changes

After performing these steps, Firefox should no longer ask the users to save their credentials and sensitive details.

Conclusion

Although saving the password for autofilling will save time and effort, it makes your credentials vulnerable. Therefore, the sysadmin might choose to disable the option to save passwords in web browsers.

This guide illustrates in-depth processes to use Group Policy templates to disable Password Manager in Chrome, Edge, and Firefox. If you are a sys or netadmin and looking to secure your organization further, then performing these steps will increase an extra layer of security.

If you liked this post, Share it on:
Subhan Zafar is an established IT professional with interests in Windows and Server infrastructure testing and research, and is currently working with Itechtics as a research consultant. He has studied Electrical Engineering and is also certified by Huawei (HCNA & HCNP Routing and Switching).

Leave the first comment

Get Updates in Your Inbox

Sign up for the regular updates and be the first to know about the latest tech information