“Managed by your organization” is a line that appears when the web browser is attacked by browser hijackers. This malware abuses a legitimate Chrome policy to make itself impossible to delete. And it turns out to be pretty effective – without a special approach, all browser plugins remain untouchable after this line appears. In this post, I will show you how to remove the “Managed by your organization” thing with a simple instruction.
Managed by your organization – what is the problem?
Managed by your organization is the line in the web browser that is displayed when the remote management policy is enabled in the browser configurations. By design, this feature aims at protecting the browsers running on the corporate workstations or industrial IoT devices from unintended changes. But, same as quite a lot of restrictive techniques, it is a double-edged sword.
As it prevents users from making changes to browser settings, this configuration is often a target of abuse from browser hijackers. In particular, such a technique is often used by browser hijackers. Such malware redirects users’ searches to a different search engine, collecting user information and potentially exposing them to phishing sites.
Once installed, browser hijackers go through either Group Policies or registry keys that belong to the browser. By setting a selection of values responsible for enabling remote management to true, they block the user’s ability to change any settings of the browser and delete/change browser extensions. This becomes especially critical when the hijacker sits inside of a malicious browser extension.
Remove Managed by your organization Guide
You may encounter several ways to solve the problem: by editing registry, disabling Group Policies through GP Editor, or else. But as actual removal attempts show, the most effect appears when you apply all the steps together. Still, some of the steps may not be viable for certain users, thus I picked only those which will work most of the time.
Group Policies Removal
First step in dealing with Managed by your organization is to remove policies that the malware changes to enable this state. This method does not require having access to Group Policies Editor, which is unavailable for non-Pro editions of Windows. All you have to do is find and remove all the folders listed below. Note: their deletion will require administrator privileges.
Windows\System32\GroupPolicy
Windows\System32\GroupPolicyUsers
ProgramFiles(x86)\Google\Policies
ProgramFiles\Google\Policies
Removing Registry Keys
Next step is going through the registry keys that may contain malicious configurations. Press the Win+R combination, and type “regedit” in the search window. This will get you to the Registry Editor; there, find and delete the keys you see below.
HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome
HKEY_LOCAL_MACHINE\Software\Policies\Google\Update
HKEY_LOCAL_MACHINE\Software\Policies\Chromium
HKEY_LOCAL_MACHINE\Software\Google\Chrome
HKEY_LOCAL_MACHINE\Software\WOW6432Node\Google\Enrollment
HKEY_CURRENT_USER\Software\Policies\Google\Chrome
HKEY_CURRENT_USER\Software\Policies\Chromium
HKEY_CURRENT_USER\Software\Google\Chrome
"HKEY_LOCAL_MACHINE\Software\WOW6432Node\Google\Update\ClientState\{430FD4D0-B729-4F61-AA34-91526481799D}" /v "CloudManagementEnrollmentToken"
Not all keys may be present, as it depends on installed software, browser configurations, malware that did the changes and other things. Nonetheless, you should delete all the keys you can find.
Once done, reboot your computer to apply the changes. Then, you should be able to edit any of the Chrome settings and remove any browser extensions that may have previously been blocked from editing.
