Configure on Chrome for Windows using GPO

Last updated:

This article covers the process to configure the Pendo Launcher extension on the Chrome web browser on a Windows computer using Group Policy Management, which involves:

  1. Determining the values to configure.
  2. Adding the configuration GPO.
  3. Creating a registry key for your extension API key.
  4. Creating a PowerShell script.
  5. Pushing the PowerShell script to end-user devices.
  6. Validating your configuration.

The process described in this article can be used to configure the following types of data:

  • API key
  • Visitor ID
  • Metadata


Before configuring the extension on end-user devices, you must first install it on end-user browsers. See the IT guide to deploying the Pendo Launcher for all implementation options. We also recommend reading the Plan your browser extension implementation article before running any deployment steps.

Step 1. Determine values to configure

To fully deploy the Pendo Launcher, you must configure an API key and Visitor ID. You can also include metadata, such as role or location, which can be used to enhance your analytics and guide targeting. For more information about selecting appropriate Visitor IDs and metadata, see Plan your browser extension implementation.

API key

Pendo Admin users can access the the API key needed for Step 2 of the configuration process by navigating to Settings > Subscription Settings. Your unique extension API key is displayed at the top of the page and looks something like the following:

  "APIKey": {
      "Value": "c022bb1e-676d-4c58-731c-caf13fe12a89"

Visitor ID and metadata

In most cases, Windows deployments provide only the Visitor ID through the registry, which can be controlled by MDM tooling (such as GPO), and supplement metadata through other means, such as API or CSV upload. However, it's possible to provide metadata in the visitor object if you have a method for dynamically retrieving the values on a user’s machine.

For more information about providing metadata, see Customize metadata sent to Pendo with Active Directory scripts.

The visitor information should be formatted as a string JSON object with all PowerShell-incompatible characters escaped. See Microsoft’s documentation, About Quoting Rules, for information about PowerShell escape characters.

Step 2. Add the configuration GPO

If you've already created a GPO for installing the Pendo Launcher as described in Install on Chrome for Windows using GPO, you can skip this step and use the existing GPO for the following steps in this article.

  1. Right-click the Windows icon in the bottom-left corner of the screen.
  2. Select Run from the menu. This opens the run.exe application.
  3. Enter "GPMC.msc" into the Open field.
  4. Select OK.
  5. Right-click the Group Policy Object from the left-side menu.
  6. Select New.
  7. Give the new GPO a meaningful name, such as "PendoConfig".

Step 3. Create a registry key

Create a registry key in your GPO to automatically apply your extension API key from Step 1 to all machines in your network.

  1. In the GPO created as part of Install on Chrome for Windows using GPO or in Step 2 of this article, navigate to Computer Configuration > Preferences > Windows Settings > Registry.
  2. Select New > Registry Item from the menu.
  3. In the Registry window that opens, set the following:
Key Path SOFTWARE\Policies\Microsoft\Edge\3rdparty\extensions\lgpofjmgggolmabddgdmbgipcnblpnbm\policy
Value name APIKey
Value data Your Pendo extension (subscription) API key. This is the API key identified in Step 1 of this article.

Step 4. Create a PowerShell script 

Create a file on your own machine called pendo-launcher-config.ps1.

  1. Copy the following code into the file, then insert the API key value you determined in Step 1.
  2. Save the PowerShell script to the NETLOGON folder in your domain’s shared Network folder with the following permissions for authenticated users: Read and Read & Execute.

Note: This script sets the Visitor ID by adding an email domain to the signed-in username, creating an email address. Adjust this code to identify visitors the way your system requires.

$username = $null

# Wait for username to be populated

while ($username -eq $null) {
  $username= (Get-CimInstance Win32_Process -Filter 'name = "explorer.exe"'|Invoke-CimMethod-MethodName getowner).User
  if ($username-is [array]) {
  $username=$username-replace' ','.'
  Start-Sleep-Seconds 5# Sleep for 5 seconds (optional)

# Define the Visitor ID by converting the username to an email address
# Your definition of a Visitor ID may vary

$visitor_id = $username + ""
$visitor_json= "{ `"id`": `"$visitor_id`" }"
$registry_path_chrome = "HKLM:\Software\Policies\Google\Chrome\3rdparty\extensions\epnhoepnmfjdbjjfanpjklemanhkjgil\policy"
$parent_path_chrome = Split-Path -Path $registry_path_chrome

# Create Chrome policy path for the Pendo Launcher if it does not exist

if (!(Test-Path $parent_path_chrome)) {
  New-Item-Path $parent_path_chrome-Force -ItemType Directory |Out-Null
if (!(Test-Path $parent_path_chrome\policy)) {
  New-Item-Path ("$parent_path_chrome\policy") -Force -ItemType Directory |Out-Null

# Set the Visitor ID and Data Environment policies

Set-ItemProperty -Path $registry_path_chrome -Name "visitor" -Value $visitor_json -Type ExpandString

# For eu environments, change io to eu; for US1 environments, change io to us1; for Japan environments, change io to jpn

Set-ItemProperty -Path $registry_path_chrome -Name "dataEnvironment" -Value "io"

exit 0

Step 5. Push the PowerShell script to end-user devices

  1. Navigate back to the GPO that you created.
  2. Go to User Configuration > Policies > Windows Settings > Scripts (Startup/Shutdown).
  3. Select Startup.
  4. Add a new script named “powershell.exe” with the parameters of -nonInteractive -executionPolicy Bypass -file \\YOURSHARE\NETLOGON\pendo-launcher-config.ps1”.
  5. Select OK and then Apply.
  6. Close the Logon Properties window.

Step 6. Validate your configuration

First, test the script on a single device that you can physically access to verify correct configuration. Validation involves confirming the registry keys are set correctly and that the extension is configured as expected.

Confirm the presence of the registry key

  1. On your Windows device, open the registry editor: type "regedit" into the search box of the task bar and then select Registry Editor (Desktop app) from the results.
  2. Navigate to the registry key location: HKEY_LOCAL_MACHINE > SOFTWARE > Microsoft > Chrome > 3rdparty > extensions > epnhoepnmfjdbjjfanpjklemanhkjgil

The registry keys should look similar to the following:


Confirm the extension was configured in the browser

After confirming that the registry keys are set, validate that the content is formatted correctly by checking that the browser extension is working.

  1. Open Chrome on a device that has the configuration profile present. If the app is already running, quit and reopen it.
  2. In your browser, copy and paste the following into your URL bar: chrome://extensions
  3. Find the Pendo Launcher extension in the top-right corner of your browser toolbar. If the extension isn't visible, you might need to view more extensions by selecting the puzzle icon.
  4. Right-click on the extension icon and select Show Debug Info.


  5. Select Show Configuration Tab > IT-Managed Config.
  6. Check that the values match the values configured in your registry keys. If your dataEnvironment is set to the default value of io then the dataEnvironment key doesn't display in this view.


Was this article helpful?
0 out of 0 found this helpful