Switch default browser the enterprise way using the Software Center in SCCM (System Center Configuration Manager) and Powershell

Introduction

In this post I will talk about Windows 10, file associations and how you can let the user in an enterprise switch default browser through the Software Center in SCCM (System Center Configuration Manager). All of this is done in an environment where file associations are tightly managed and locked through group policies (as they should be in an enterprise) on computers running Windows 10. Curious on the topic? Read on 🙂

How to

Before getting into the dirty details, I urge anyone managing file associations on Windows 10 to read these articles. My solution is build on the same principles of using a group policy and an .xml file to lock down the file associations.

The XML file

Taking a closer look on such xml file, the content displaying the default browser is the association of following extensions and protocols:

  • .htm
  • .html
  • http
  • https

In the xml file, it should look something like this, when the default browser is set to Google Chrome

Group Policy setting

And for your reference, the setting in the GPO looks like this:

Powershell script

The magic lies in following Powershell script. As said, the association is locked through the xml file and a group policy, why switching the default browser by a standard user, will be reset back to whats defined in the xml file upon relogging.

But what if you really want those file association to be managed (for many reasons), but also wants the user to be able to switch their default browser? Powershell to the rescue. First off, some bits of the following script is kindly borrowed from the links provided in the beginning of the posts. Putting it together and modified for this solution and more, is my doing. I’m explaining along the lines what the script does, but in short:

  • Loads the function to modify the xml app association file
  • Get location and content of the specified xml file
  • Modifies the xml based on input as parameters
  • Writes to registry to use as detection methods in SCCM

Using the script in Configuration Manager

Putting the above script to use in an application in SCCM is straight forward, but I will walk you through the general steps required and go into details when necessary (this will be snips taken directly from my production environment):

  • Create a new application in the Configuration Manager console and fill out the details as you desire. Below will be snips from my application that sets the default browser to Google Chrome

  • Create a Deployment Type where the content location for above Powershell script is set

  • And where the installation program is following. (This is one of the important parts. This is where the extensions and protocols are associated to Google Chrome. Also, quotations marks are notoriously evil when copy/pasting from the internet. Use notepad to correct errors if any.
    • powershell.exe -ExecutionPolicy Bypass -NoLogo -NonInteractive -NoProfile -WindowStyle Hidden -File .\Switch-DefaultBrowser.ps1 -Path C:\windows\AppAssoc.xml -Extension “.htm,.html,http,https” -ProgId “ChromeHTML” -AppName “Google Chrome”

  • And a Detection method is equal to this. Again, modify to suit what you have made of changes to the powershell script

  • My association xml file is located in the Windows folder, and as of such, it requires local administrative rights to modify it. Therefore in this case, Install for system:

  • Last but not least. Deploy your applications to a collection of users as available. 

In action

When all of above is in place and possibly repeated for every browser available to your the users, the switching will have following effect in the xml file and Software Center.

  • The current browser is Microsoft Edge as shown in Notepad++
  • The Default Browser – Google Chrome application is run from Software Center
  • When finished, opening the xml file now displays that the current default browser is Google Chrome
  • Google Chrome is now new default browser once relogged

Note: Apologies for the super bad quality in the gif. No idea what happened there. Looked flawless in my end prior to uploading. I will make a new recording asap.

Please leave a comment and let me know, if something like this is useful 🙂

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.