RDP users cannot install Chrome extensions from the Chrome Web Store.


  • Could not install package
Figure 1:  Chrome Temp Directory Error


  1. User logs onto RDP.  User does not open Chrome.
  2. Admin creates a new directory on the system drive.  This new directory holds user Chrome AppData.  For example:  c:\\mkdir c:\Temp\RDP\
  3. Move user’s Chrome AppData to the new directory.  For example:
    c:\move "c:\users\stevenjordan\AppData\Local\Google\Chrome" "c:\temp\RDP\stevenjordan\"
  4. Delete original folder if necessary. 
  5. Create new symbolic junction where the old data was located.  This junction links to the new location:

c:\mklink /j c:\users\stevenjordan\AppData\Local\Google\Chrome\

Junction created for c:\users\smjordan\AppData\Local\Google\Chrome\
=== c:\temp\RDP\stevenjordan\Chrome\
Figure 2:  New Symbolic Junction for Chrome extension.


Chrome extensions reference DOS device paths.  Let's consider how dynamic profile disks use symbolic junctions that point to different disks:
c:\Users  dir 
02/23/2018  11:29 AM  bgates {\??\Volume{a5ae22c7-18b8-11e8-968e-00145de79140}
The junction link causes the problem.  Ironically, a second junction link fixes this issue:

c:\Users\bgates\AppData\Local\Google dir
 Directory of c:\Users\bgates\AppData\Local\Google

02/20/2018  10:58 AM   DIR
02/20/2018  10:58 AM   DIR
02/20/2018  10:58 AM   JUNCTION  Chrome c:\temp\RDP\bgates\Chrome
09/16/2015  07:46 AM   DIR       Chrome Cleanup Tool
05/14/2014  06:09 AM   DIR       CrashReports
03/11/2014  04:26 PM   DIR       Google Talk
12/04/2017  02:27 AM   DIR       Software Reporter Tool

0 File(s)              0 bytes
7 Dir(s)  36,942,458,880 bytes free
Note how the new junction link points to the system drive.

Additional Thoughts:

This solution is implemented on a per-user basis.  It does not universally "fix" Chrome extensions for all RDP users.  Nonetheless, it may be a good fit because it narrows the scope of untrusted applications.

Alternatively, use Group Policy to change user environmental variables:

Group Policy
→ Computer Configuration
      → Administrative Templates
         → System
            → Group Policy
               → Configure user Group Policy loopback processing mode:
                       Enabled:  On
                       Mode:  Merge

   → User Configuration
      → Windows Settings
         → Preferences
            → Environment (right-click) → New
               → New Environment Properties:
                      Action:  Update
                      User Variable=Check
              → Environment (right-click) → New
                      Action:  Update
                      User Variable=Check

This change has a wider-scoping impact.  It affects all related AppData programs -not just Chrome.  It impacts all RDP users (without GP filtering).  Avoid the system drive if possible -use a secondary disk instead.  In addition, loopback processing applies user configurations to computer objects (i.e., RDP servers).

That's It!


About Steven Jordan

Steven Jordan is an infrastructure and process management specialist. Steven holds a Master of Science degree in ICT from the University of Wisconsin Stout. Steven is also a Cisco Certified Network Professional (CCNP) and Master Gardener.
This is the most recent post.
Older Post

No comments:

Post a Comment