Problem:
RDP users cannot install Chrome extensions from the Chrome Web Store.
Errors:
- Could not install package
- COULD_NOT_GET_TEMP_DIRECTORY
|
Figure 1: Chrome Temp Directory Error |
Solution:
- User logs
onto RDP. User does not open Chrome.
- Admin creates a new directory on the system drive. This new directory holds user Chrome AppData. For example:
c:\\mkdir c:\Temp\RDP\
- Move user’s Chrome AppData to the new directory. For example:
c:\move "c:\users\stevenjordan\AppData\Local\Google\Chrome" "c:\temp\RDP\stevenjordan\"
- Delete
original folder if necessary.
- Create new
symbolic junction where the old data was located. This junction links to
the new location:
c:\mklink /j c:\users\stevenjordan\AppData\Local\Google\Chrome\
"c:\temp\RDP\stevenjordan\Chrome\"
Junction created for c:\users\smjordan\AppData\Local\Google\Chrome\
=== c:\temp\RDP\stevenjordan\Chrome\
|
Figure 2: New Symbolic Junction for Chrome extension. |
Analysis:
Chrome extensions reference DOS device paths. Let's consider how dynamic profile disks use symbolic junctions that point to different disks:
c:\Users dir
02/23/2018 11:29 AM bgates {\??\Volume{a5ae22c7-18b8-11e8-968e-00145de79140}
The junction link causes the problem. Ironically, a second junction link fixes this issue:
c:\Users\bgates\AppData\Local\Google dir
Directory of c:\Users\bgates\AppData\Local\Google
02/20/2018 10:58 AM DIR
02/20/2018 10:58 AM DIR
02/20/2018 10:58 AM JUNCTION Chrome c:\temp\RDP\bgates\Chrome
09/16/2015 07:46 AM DIR Chrome Cleanup Tool
05/14/2014 06:09 AM DIR CrashReports
03/11/2014 04:26 PM DIR Google Talk
12/04/2017 02:27 AM DIR Software Reporter Tool
0 File(s) 0 bytes
7 Dir(s) 36,942,458,880 bytes free
Note how the new junction link points to the system drive.
Additional Thoughts:
This solution is implemented on a per-user basis. It does not universally "fix" Chrome extensions for all RDP users. Nonetheless, it may be a good fit because it narrows the scope of untrusted applications.
Alternatively, use Group Policy to change user environmental variables:
Group Policy
→ Computer Configuration
→ Administrative Templates
→ System
→ Group Policy
→ Configure user Group Policy loopback processing mode:
Enabled: On
Mode: Merge
→ User Configuration
→ Windows Settings
→ Preferences
→ Environment (right-click) → New
→ New Environment Properties:
Action: Update
User Variable=Check
Name=Temp
Value=c:\Temp\RDP\%USERNAME%
→ Environment (right-click) → New
Action: Update
User Variable=Check
Name=TMP
Value=c:\Temp\RDP\%USERNAME%
This change has a wider-scoping impact. It affects all related AppData programs -not just Chrome. It impacts all RDP users (without GP filtering). Avoid the system drive if possible -use a secondary disk instead. In addition, loopback processing applies user configurations to computer objects (i.e., RDP servers).
That's It!
References:
https://blogs.technet.microsoft.com/grouppolicy/2009/05/13/environment-variables-in-gp-preferences/
https://devtidbits.com/2009/09/07/windows-file-junctions-symbolic-links-and-hard-links/
https://blogs.msdn.microsoft.com/jeremykuhne/2016/04/21/path-format-overview/
https://blog.brankovucinec.com/2017/01/09/users-cant-install-google-chrome-extensions-on-rds-farm/