CHROME’S MESSAGE: “MANAGED BY YOUR ORGANIZATION” ISSUE

PROBLEM

Suddenly, appears on chrome’s menu the following message:
“Managed by your organization”

Searching, I found  this page (portuguese) where the user had the same issue, telling us that he had tried many things without success, including reinstallation.

The support answered that was due a code change made at Google Chrome 73 but without side effects that would be solved in future release.

SOLUTION

It makes sense the support answer.

Reading this article “how-to-resolve-ssl-certificate-warnings-produced-by-the-latest-chrome-update” from techrepublic,  they say:

The latest version of Google Chrome (58), released on April 20, includes a new checking mechanism for secured websites (which are accessed using https).

This check analyzes the SSL certificate used by the site to encrypt traffic, and will produce a warning if the certificate does not include the common name of the website (e.g. website.company.com) as a subjective alternative name (SAN), which is a fancy word for alias.
This check can be suppressed on Windows systems (for a temporary basis at least), and I’ll explain how to do so below.

If you’re getting this error when accessing internal sites, the best bet is to roll up your sleeves and update the SSL certificates
for those sites to include the common name of the website as a SAN.

It’s possible to implement or deploy a registry key to suppress this prompt (make sure you know what you’re doing when editing a system registry!)

Run regedit and access this registry key:
HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome

Create a REG_DWORD subkey called EnableCommonNameFallbackForLocalAnchors and give it a value of 1:

1. Executed CCleaner app using the registry cleaning option that also creates registry backup before performing any change.
I’ve decided on this option that is faster and more secure, furthermore, a backup is also done – this is very important.

2. After, I checked chrome’s policy pointing to :
chrome://policy .

There were two entries.

EnableCommonNameFallbackForLocalAnchors

At:
Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome

ghbmnnjooekpmoecnnnilnnbdlolhkhi

At:
Computer\HKEY_USERS\S-1-5-21-3476796703-2076744489-1358881622-1003\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings

If you access the Windows’ registry using regedit and point  to this entry:
EnableCommonNameFallbackForLocalAnchors and remove it, the “managed by your organization” message disappears.  (To do this, just copy the entry above and paste on regedit, then delete it, but first do a backup, just in case).

This entry will return again when the browser is restarted since it is Chrome’s configuration entry.

After

CHECKING POLICIES

According to another site, you may check if your policies are acceptable and really not managed by a company. The author says:

To check which policies are applied in your Chrome browser, head to the chrome://policy page—just type or copy and paste that address into Chrome’s location box.

This will show you both policies set by software on your system and policies set by your organization. You can click the name of each policy to view technical information about it on Google’s website. If you see the “No policies set” message here, that means no policies are managing Chrome on your system.

In the screenshot below, we can see that the “ExtensionInstallSources” policy is set, but with no visible policy value—that should mean it isn’t doing anything, so it’s odd that it’s even here. We probably shouldn’t worry about it, but the message is rather annoying.

@FROM:
www.howtogeek.com/410106/why-does-chrome-say-its-managed-by-your-organization/

FINAL CONCLUSION

The support tells us that it is a bug introduced in Chrome 73.

The EnableCommonNameFallbackForLocalAnchors registry entry seems responsible for the message as shown above, and this entry is a configuration that concerns the certificate’s policies requiring a better approach for future releases by Chrome’s team.

The sources suggest that suffices a verification on the policies at  chromes://policy

If not? If is it caused by an external agent?
Would it be enough about this procedure?
If it remains doubts, scan using anti-malware software,

WHAT DOES NOT WORK

Registry’s entry removal as shown in many sources on the Internet doesn’t work.
The issue returns.

1. Run CCleaner to clean registry doing registry backup.
2. Access chrome’s policy:
   chrome://policy
3. Export content to a json file.
4. Open the registry using regedit command.
5. Using the key from the json file find the respective entry to be deleted or cleaned.
   
6. Delete the undesirable entries.

Before and after but returns when the browser is reopend.

FROM:

– support:
support.google.com/chrome/thread/3916990?hl=pt-BR

– good explanation
www.howtogeek.com/410106/why-does-chrome-say-its-managed-by-your-organization/

– solution and verification
www.howtogeek.com/410106/why-does-chrome-say-its-managed-by-your-organization/

– good explanation but no solution
www.enigmasoftware.com/pt/chrome-dizendo-gerenciado-sua-organizacao-pode-indicar-malware/

– solution fixing registry
www.meuwindows.com/remover-gerenciado-pela-sua-organizacao-chrome/

– others:

comofazergeek.blogspot.com/2019/04/por-que-o-chrome-diz-que-e-gerenciado.html

www.enigmasoftware.com/pt/chrome-dizendo-gerenciado-sua-organizacao-pode-indicar-malware/

Getting Chrome to accept self-signed localhost certificate

community.spiceworks.com/topic/2000664-chrome-and-windows-7-enterprise

bugs.chromium.org/p/chromium/issues/detail?id=700595#c28

how-to-resolve-ssl-certificate-warnings-produced-by-the-latest-chrome-update