How To Disable Native Password Managers In Chrome, Edge, Firefox Using Group Policy Templates

When using web browsers, you must have noticed that it asks you to save a password for a website when you enter your credentials. It is then up to you whether you want to save them or prevent the browser from asking again on that specific website. But, you do not have the option to prevent the browser from asking you altogether.

This option is shown by the built-in, native Password Manager in most modern browsers, such as Chrome, Edge, and Firefox. Unfortunately, you cannot disable these Password Managers on your own.

Although these features are now becoming more secure by the day, they are still a potential hazard if your computer is accessed without authorization, or any data is compromised. Therefore, you may want to disable them, especially at an enterprise level.

In this article, we show you how to manage the Password Managers in Microsoft Edge, Mozilla Firefox, and Google Chrome in a managed network. Therefore, this post is directed toward the sysadmin and organization administrators who want to make their environment more secure by disabling the Password Manager of the aforementioned web browsers.

Disabling Password Manager for web browsers

Having your web credentials pre-saved and only having to autofill them saves time, and you do not have to recall the username and the password each time. However, from a sysadmin’s perspective, this can be quite insecure, as anyone with access to your PC could potentially log in to all websites that have your credentials saved within the browser’s Password Manager.

That said, this is only possible if you are using a managed system, which means that you must be a member of an Active Directory Domain. You must use a Domain Controller with browser templates installed, and then configure them to disable the Password Managers on the managed systems.

In this post, we will give you a step-by-step guide on installing the browser templates and then configuring them to disable the Password Managers.

Note: Make sure that you have access to the Domain Controller and that the target computers are joined to the same domain. Additionally, you must also include the target computer(s) inside an Organizational Unit (OU) to which a policy can be applied.

Disable Password Manager in Microsoft Edge using Group Policy

You must first download and install the Microsoft Edge ADMX templates, and then use them to disable the Password Manager on the target devices. Therefore, this section has been divided into two portions, and the steps must be performed in the given order:

1. Download and install Edge ADMX templates
2. Configure GPO to disable Edge Password Manager

Download and install Edge ADMX templates

1. Start by logging into the Domain Controller.

2. Download the ADMX templates for Edge from the following link:

   Microsoft Edge for Business: Download Edge and ADMX policy templates

   

3. Double-click the downloaded .CAB file, and then extract the folder within.

4. Navigate to the extracted folder, then inside the “Windows” folder, and then inside the “admx” folder. The path should look like this:

   C:\Users\Administrator\Downloads\MicrosoftEdgePolicyTemplates.zip\windows\admx

5. Copy the file “msedge.admx” and paste it at the following path:

   Note: Do not close this current admx directory.

   C:\Windows\PolicyDefinitions\

6. Now, inside the “admx” directory, go inside your preferred language folder (e.g “en-US”), copy the file “msedge.adml,” and paste it into the following path:

   C:\Windows\PolicyDefinitions\en-us\

Once pasted, you can proceed to the next section below to use these templates to disable the Edge Password Manager.

Configure GPO to disable Edge Password Manager

Once the Edge templates are installed, use these steps to configure a Group Policy Object and disable the Password Manager in Microsoft Edge:

1. On the Domain Controller, press the Windows Key + R to open the Run Command box.

2. Type in “gpmc.msc” to open the Group Policy Management Console.

   

3. Expand the following trees from the left pane:

   Forest:[ForestName] >> Domains >> [DomainName]

   

4. Right-click “Group Policy Objects” and click New.

   

5. Enter a name for the GPO and click Ok.

   

6. Right-click the new GPO and click Edit.

   

   This will open the Group Policy Management Editor.

7. In the Group Policy Management Editor, navigate to the following path from the left pane:

   User Configuration >> Policies >> Administrative Templates >> Microsoft Edge

8. Now double-click the following two policies, select Disabled, and then click Apply and Ok.

   • Enable AutoFill for addresses
   • Enable AutoFill for payment instruments

   

9. Enable the policy “Disable synchronization of data using Microsoft sync services.”

   

10. Now navigate to the following path from the left pane:

    User Configuration >> Policies >> Administrative Templates >> Microsoft Edge >> Password manager and protection

11. Disable the policy “Enable saving passwords to the password manager” in the right pane.

    

12. Close the Group Policy Management Editor.

13. In Group Policy Management, right-click the OU to assign the GPO, and then click “Link an existing GPO.”

    

14. Select the GPO created in Step 5 and click Ok.

    

15. On the target computer where you want to disable Password Manager in Edge, open an elevated Command Prompt and run the following command:

    GPUpdate /Force

    

After performing all of the steps above, you can check that Microsoft Edge on the target devices will no longer ask you to save the passwords or autofill any critical information like addresses, payment details, etc.

Disable Password Manager in Google Chrome using Group Policy

The process of disabling the Password Manager to prevent it from asking the users to save credentials is very much similar to Edge. You must first download and install the Google Chrome ADMX templates, and then use them to disable the Password Manager on the target devices. Therefore, this section has been divided into two portions, and the steps must be performed in the given order:

1. Download and install Chrome ADMX templates
2. Configure GPO to disable Chrome Password Manager

Download and install Chrome ADMX templates

1. Start by logging into the Domain Controller.

2. Download the ADMX templates for Chrome from the following link:

   Chrome browser for Enterprise: Download Chrome ADMX policy templates

   

3. Navigate to the downloaded folder, then inside the “Windows” folder, and then inside the “admx” folder. The path should look like this:

   C:\Users\Administrator\Downloads\policy_templates.zip\windows\admx

4. Copy the file “chrome.admx” and paste it at the following path:

   Note: Do not close this current admx directory.

   C:\Windows\PolicyDefinitions\

5. Now, inside the “admx” directory, go inside your preferred language folder (e.g “en-US”), copy the file “chrome.adml,” and paste it into the following path:

   C:\Windows\PolicyDefinitions\en-us\

Once pasted, you can proceed to the next section below to use these templates to disable the Chrome Password Manager.

Configure GPO to disable Chrome Password Manager

Once the Chrome templates are installed, use these steps to configure a Group Policy Object and disable the Password Manager in Google Chrome:

1. On the Domain Controller, press the Windows Key + R to open the Run Command box.

2. Type in “gpmc.msc” to open the Group Policy Management Console.

   

3. Expand the following trees from the left pane:

   Forest:[ForestName] >> Domains >> [DomainName]

   

4. Right-click “Group Policy Objects” and click New.

   

5. Enter a name for the GPO and click Ok.

   

6. Right-click the new GPO and click Edit.

   

   This will open the Group Policy Management Editor.

7. In the Group Policy Management Editor, navigate to the following path from the left pane:

   User Configuration >> Policies >> Administrative Templates >> Google Chrome

8. Now double-click the following two policies, select Disabled, and then click Apply and Ok.

   • Enable AutoFill for addresses
   • Enable AutoFill for credit cards

   

9. (Optional) Enable the policy “Disable saving browser history.”

   

10. Now navigate to the following path from the left pane:

    User Configuration >> Policies >> Administrative Templates >> Google Chrome >> Content settings

11. Open the policy “Default cookies setting” from the right pane.

12. Select Enabled, then select “Keep cookies for the duration of the session” from the drop-down menu in the “Options” section, and then click Apply and Ok.

    

13. Now navigate to the following path from the left pane:

    User Configuration >> Policies >> Administrative Templates >> Google Chrome >> Password manager

14. Disable the policy “Enable saving passwords to the password manager.”

    

15. Close the Group Policy Management Editor.

16. In Group Policy Management, right-click the OU to assign the GPO, and then click “Link an existing GPO.”

    

17. Select the GPO created in Step 5 and click Ok.

    

18. On the target computer where you want to disable Password Manager in Chrome, open an elevated Command Prompt and run the following command:

    GPUpdate /Force

    

Similar to Microsoft Edge, Chrome will now also not ask the user to save their password for any website or autofill any sensitive information, like addresses, or payment details.

Disable Password Manager in Mozilla Firefox using Group Policy

The method to disable the Password Manager from asking the user to save their credentials is the same for Firefox, as it is for Edge and Chrome.

You must first download and install the Firefox ADMX templates, and then use them to disable the Password Manager on the target devices. Therefore, this section has been divided into two portions, and the steps must be performed in the given order:

1. Download and install Firefox ADMX templates
2. Configure GPO to disable Firefox Password Manager

Download and install Firefox ADMX templates

1. Start by logging into the Domain Controller.

2. Download the ADMX templates for Mozilla Firefox from the following link:

   Latest Mozilla Firefox policy templates

   

3. Navigate to the downloaded folder, then inside the “Windows” folder. The path should look like this:

   C:\Users\Administrator\Downloads\policy_templates_v5.0.zip\windows

4. Copy the file “firefox.admx” and paste it at the following path:

   Note: Do not close this current “windows” directory.

   C:\Windows\PolicyDefinitions\

5. Now, inside the “windows” directory, go inside your preferred language folder (e.g “en-US”), copy the file “firefox.adml,” and paste it into the following path:

   C:\Windows\PolicyDefinitions\en-us\

Once pasted, you can proceed to the next section below to use these templates to disable the Firefox Password Manager.

Configure GPO to disable Firefox Password Manager

Once the Firefox templates are installed, use these steps to configure a Group Policy Object and disable the Password Manager in Mozilla Firefox:

1. On the Domain Controller, press the Windows Key + R to open the Run Command box.

2. Type in “gpmc.msc” to open the Group Policy Management Console.

   

3. Expand the following trees from the left pane:

   Forest:[ForestName] >> Domains >> [DomainName]

   

4. Right-click “Group Policy Objects” and click New.

   

5. Enter a name for the GPO and click Ok.

   

6. Right-click the new GPO and click Edit.

   

   This will open the Group Policy Management Editor.

7. In the Group Policy Management Editor, navigate to the following path from the left pane:

   User Configuration >> Policies >> Administrative Templates >> Firefox

8. Now double-click the following 4 policies, select Disabled, and then click Apply and Ok.

   • Disable Firefox Accounts
   • Offer to save logins
   • Offer to save logins (default)
   • Password Manager

9. Close the Group Policy Management Editor.

10. In Group Policy Management, right-click the OU to assign the GPO, and then click “Link an existing GPO.”

    

11. Select the GPO created in Step 5 and click Ok.

    

12. On the target computer where you want to disable Password Manager in Firefox, open an elevated Command Prompt and run the following command:

    GPUpdate /Force

    

After performing these steps, Firefox should no longer ask the users to save their credentials and sensitive details.

Conclusion

Although saving the password for autofilling will save time and effort, it makes your credentials vulnerable. Therefore, the sysadmin might choose to disable the option to save passwords in web browsers.

This guide illustrates in-depth processes to use Group Policy templates to disable Password Manager in Chrome, Edge, and Firefox. If you are a sys or netadmin and looking to secure your organization further, then performing these steps will increase an extra layer of security.