IT Admin Guide

Deploy in Minutes

Paste your API token once — your deployment scripts are generated instantly. No editing required.

1
Generate an API token in your console
2
Paste it below
3
Download and run your script
Step 1
Paste Your API Token
Generate a token in the Admin Console under API Tokens, then paste it here. All scripts update automatically.
●  Waiting for token
Step 2 — Choose Deployment Method
📄
Registry File
Double-click to apply
PowerShell
Run as Administrator
☁️
Intune
Silent MDM deployment
🏢
Group Policy
Active Directory
📄 Windows Registry File
Download and double-click on each machine — works for Microsoft Edge
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Edge\3rdparty\extensions\libdegmefidclooimlkcfmoibfjbmmkf\policy]
"api_token"="PASTE_YOUR_TOKEN_ABOVE"
"api_url"="https://api.domainguard.co"
After running — restart Microsoft Edge. The extension activates automatically.
⚡ PowerShell Script
Run as Administrator on each machine
# DomainGuard Deployment Script
# Run as Administrator

$EdgeExtId = "libdegmefidclooimlkcfmoibfjbmmkf"
$ApiToken  = "PASTE_YOUR_TOKEN_ABOVE"
$ApiUrl    = "https://api.domainguard.co"

$RegPath = "HKLM:\SOFTWARE\Policies\Microsoft\Edge\3rdparty\extensions\$EdgeExtId\policy"
New-Item -Path $RegPath -Force | Out-Null
Set-ItemProperty -Path $RegPath -Name "api_token" -Value $ApiToken
Set-ItemProperty -Path $RegPath -Name "api_url"   -Value $ApiUrl

Write-Host "DomainGuard configured successfully!" -ForegroundColor Green
Write-Host "Restart Microsoft Edge to apply." -ForegroundColor Yellow
Can also be deployed via SCCM or run remotely with Invoke-Command

☁️ Microsoft Intune

1

Force install the extension

Intune → Devices → Configuration → Settings catalog → Microsoft Edge → Extensions → Configure the list of force-installed extensions

libdegmefidclooimlkcfmoibfjbmmkf;https://edge.microsoft.com/extensionwebstorebase/v1/crx
2

Configure managed storage

Navigate to Configure extension management settings and paste this JSON:

{
  "libdegmefidclooimlkcfmoibfjbmmkf": {
    "installation_mode": "force_installed",
    "update_url": "https://edge.microsoft.com/extensionwebstorebase/v1/crx",
    "managed_configuration": {
      "api_token": "PASTE_YOUR_TOKEN_ABOVE",
      "api_url": "https://api.domainguard.co"
    }
  }
}
3

Assign and deploy

Assign the policy to your device group and save. Extension installs silently on next Intune sync (1–8 hours).

🏢 Group Policy (GPO) Deployment

For on-premise Active Directory environments. Deploys the extension silently to all machines in a target OU.

Prerequisite: Microsoft Edge ADMX policy templates must be installed on your domain controller. Download from Microsoft ↗
1

Open Group Policy Management

On your Domain Controller, open Group Policy Management (gpmc.msc). Right-click your target OU and select Create a GPO in this domain, and link it here. Name it DomainGuard — Edge Extension.

2

Force install the extension

Right-click the GPO → Edit. Navigate to:

Computer Configuration
  └─ Policies
    └─ Administrative Templates
      └─ Microsoft Edge
        └─ Extensions
          └─ Configure the list of force-installed extensions

Double-click → Enabled → click Show → add this value:

libdegmefidclooimlkcfmoibfjbmmkf;https://edge.microsoft.com/extensionwebstorebase/v1/crx
3

Configure managed storage (API token)

In the same Extensions folder, find Configure extension management settings. Double-click → Enabled → paste this JSON into the text box:

{
  "libdegmefidclooimlkcfmoibfjbmmkf": {
    "installation_mode": "force_installed",
    "update_url": "https://edge.microsoft.com/extensionwebstorebase/v1/crx",
    "managed_configuration": {
      "api_token": "PASTE_YOUR_TOKEN_ABOVE",
      "api_url": "https://api.domainguard.co"
    }
  }
}
4

Link the GPO to your OU

Close the editor. In Group Policy Management, ensure the GPO is linked to the correct OU. Check Enforced if you want it to override local policies.

5

Apply and verify

On a target machine, open Command Prompt as Administrator and run:

gpupdate /force

Then fully restart Microsoft Edge. The extension appears in the toolbar automatically. Verify at edge://extensions.

⚡ Alternative — Create GPO via PowerShell

Prefer to script the GPO creation? Run this on your Domain Controller (requires RSAT Group Policy tools):

# DomainGuard - Create GPO via PowerShell
# Run on Domain Controller as Administrator
# Requires: RSAT Group Policy Management Tools

$GpoName   = "DomainGuard - Edge Extension"
$TargetOU  = "OU=Computers,DC=yourdomain,DC=com"  # UPDATE THIS
$EdgeExtId = "libdegmefidclooimlkcfmoibfjbmmkf"
$ApiToken  = "PASTE_YOUR_TOKEN_ABOVE"
$ApiUrl    = "https://api.domainguard.co"

Import-Module GroupPolicy

# Create the GPO
$Gpo = New-GPO -Name $GpoName -Comment "Forces DomainGuard extension on Edge"
Write-Host "Created GPO: $GpoName" -ForegroundColor Green

# Force install the extension
Set-GPRegistryValue -Name $GpoName `
  -Key "HKLM\SOFTWARE\Policies\Microsoft\Edge\ExtensionInstallForcelist" `
  -ValueName "1" -Type String `
  -Value "$EdgeExtId;https://edge.microsoft.com/extensionwebstorebase/v1/crx"

# Set API token via managed storage registry
Set-GPRegistryValue -Name $GpoName `
  -Key "HKLM\SOFTWARE\Policies\Microsoft\Edge\3rdparty\extensions\$EdgeExtId\policy" `
  -ValueName "api_token" -Type String -Value $ApiToken

Set-GPRegistryValue -Name $GpoName `
  -Key "HKLM\SOFTWARE\Policies\Microsoft\Edge\3rdparty\extensions\$EdgeExtId\policy" `
  -ValueName "api_url" -Type String -Value $ApiUrl

# Link GPO to OU
New-GPLink -Name $GpoName -Target $TargetOU -Enforced Yes
Write-Host "GPO linked to: $TargetOU" -ForegroundColor Green
Write-Host "Done! Run gpupdate /force on target machines." -ForegroundColor Yellow
⚠ Update $TargetOU to your Active Directory OU path before running.

Extension IDs

🔵 Microsoft Edge
libdegmefidclooimlkcfmoibfjbmmkf
View in Store ↗
🟢 Google Chrome
⌛ Pending Chrome Web Store approval
This page will update once approved.
💬 Need help with deployment? Email support@domainguard.co and we'll walk you through it.