Disabling Web Bluetooth API in Google Chrome seems to be on the mind of many administrators in recent days. Google Chrome 56 recently came out (update notes here), it included the fancy new Web Bluetooth API. This allows developers to easily create web applications that can communicate with Bluetooth devices. While there are many fun and creative things that could be done with this, you may have some privacy red flags popping up in your brain. Because, security. Assuming that you stumbled upon this blog because you wish to disable it, here is how you would do just that.
Disabling Web Bluetooth API in Google Chrome is pretty straightforward. In fact, Google Chrome policies can be enabled and disabled very easily. They are documented in the Chromium Administrators policy list.
Here’s a link directly to the policy we’re going to use when disabling Web Bluetooth API. By default, this setting is not disabled. There are couple of different ways to change Google Chrome policy settings:
Group Policy and Active Directory administrative templates (get them here)
Ideally, you’ve downloaded the Google Chrome Active Directory policy templates. With these, you should easily be able to set up a Group Policy Object (GPO) to get this setting deployed throughout your domain. Seriously, folks.
Use Group Policy to apply these settings and live the dream. That being said, however, I also ♥ PowerShell and want to show you how you could tackle this with PowerShell.
After grabbing those Google Chrome administrative templates, you’ll need to create a Group Policy Object that enables the following:
Location – Computer Configuration > Administrative Templates > Google > Google Chrome > Content Settings
Setting – Control use of the Web Bluetooth API
Value – “Do not allow any site to request access to Bluetooth devices via the Web Bluetooth API”
In addition to the instructions above, here are some pretty screenshots to show the process.
In order to disable the Web Bluetooth API manually, you’ll want to create the following in your registry:
Location – HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome\
Setting – DefaultWebBluetoothGuardSetting (DWORD)
Value – 2
While you could easily add this to the registry manually like an animal, you could also choose to flex your PowerShell muscles and whip this problem out like a proper champ:
Voila! Disabling Web Bluetooth API in Google Chrome was no problem thanks to Group Policy and PowerShell! As a result, you should go grab yourself a delicious cookie and enjoy it. Seems like you earned it. PS: While it is awesome to use PowerShell, please please please use Group Policy where you can!
Kris was an employee at PDQ.