Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.velatir.com/llms.txt

Use this file to discover all available pages before exploring further.

Most Windows fleets should use the MSI. Use the methods on this page when you do not deploy via the MSI, for example when you push policy through Group Policy Preferences, a policies.json file, or the Intune Settings Catalog. Unlike the MSI (which configures Chrome, Edge, and Firefox), the PowerShell script and manual registry tables here also cover Vivaldi and Brave.

PowerShell script

A single PowerShell script covers Chrome, Edge, Firefox, Vivaldi and Brave. It uses the Windows computer name ($env:COMPUTERNAME) as the machineId shared across all five browsers, matching the MSI’s behaviour so both deployment paths produce the same value. Edit $ApiToken and $OrganizationName at the top of the script, then run it as Administrator or SYSTEM in 64-bit PowerShell. Set $EnablePrivateBrowsing = $true to enable the extension in Edge InPrivate and Firefox private browsing. Configuration script (Configure-Velatir.ps1): 
# Configuration - UPDATE THESE VALUES
$ApiToken = "your-api-token-here"
$OrganizationName = "Your Organization"
$EnablePrivateBrowsing = $false  # Set to $true to enable in Edge InPrivate and Firefox private browsing

# Extension IDs
# Vivaldi and Brave install the Chrome Web Store build of the extension and
# therefore share Chrome's extension ID.
$ChromeId = "bbiokppljpbjgiogcoggjnfffbeiihja"
$EdgeId = "phgnjcoglpdamjjmidheehacjbkgkooc"
$FirefoxId = "velatir@velatir.com"
$VivaldiId = $ChromeId
$BraveId = $ChromeId

# Machine ID: Windows computer name. Matches the MSI's [ComputerName] behaviour.
$MachineId = $env:COMPUTERNAME

function Set-ManagedPolicy($Path, $Token, $OrgName, $Id) {
    if (-not (Test-Path $Path)) {
        New-Item -Path $Path -Force | Out-Null
    }
    Set-ItemProperty -Path $Path -Name "apiToken" -Value $Token -Type String
    Set-ItemProperty -Path $Path -Name "organizationName" -Value $OrgName -Type String
    Set-ItemProperty -Path $Path -Name "machineId" -Value $Id -Type String
}

# Chrome
$ChromeForcelist = "HKLM:\SOFTWARE\Policies\Google\Chrome\ExtensionInstallForcelist"
if (-not (Test-Path $ChromeForcelist)) {
    New-Item -Path $ChromeForcelist -Force | Out-Null
}
# Use name "1000" to avoid colliding with MDM-managed entries (which start at 1)
Set-ItemProperty -Path $ChromeForcelist -Name "1000" -Value "$ChromeId;https://clients2.google.com/service/update2/crx" -Type String
Set-ManagedPolicy "HKLM:\SOFTWARE\Policies\Google\Chrome\3rdparty\extensions\$ChromeId\policy" $ApiToken $OrganizationName $MachineId

# Edge
$EdgeForcelist = "HKLM:\SOFTWARE\Policies\Microsoft\Edge\ExtensionInstallForcelist"
if (-not (Test-Path $EdgeForcelist)) {
    New-Item -Path $EdgeForcelist -Force | Out-Null
}
Set-ItemProperty -Path $EdgeForcelist -Name "1000" -Value "$EdgeId;https://edge.microsoft.com/extensionwebstorebase/v1/crx" -Type String
Set-ManagedPolicy "HKLM:\SOFTWARE\Policies\Microsoft\Edge\3rdparty\extensions\$EdgeId\policy" $ApiToken $OrganizationName $MachineId

# Edge InPrivate (opt-in)
$EdgeInPrivate = "HKLM:\SOFTWARE\Policies\Microsoft\Edge\MandatoryExtensionsForInPrivateNavigation"
if ($EnablePrivateBrowsing) {
    if (-not (Test-Path $EdgeInPrivate)) {
        New-Item -Path $EdgeInPrivate -Force | Out-Null
    }
    Set-ItemProperty -Path $EdgeInPrivate -Name "1000" -Value $EdgeId -Type String
} elseif (Test-Path $EdgeInPrivate) {
    Remove-ItemProperty -Path $EdgeInPrivate -Name "1000" -ErrorAction SilentlyContinue
}

# Firefox
# Force-install via Extensions\Install to avoid overwriting ExtensionSettings (a single JSON value that may conflict with MDM)
$FirefoxInstall = "HKLM:\SOFTWARE\Policies\Mozilla\Firefox\Extensions\Install"
if (-not (Test-Path $FirefoxInstall)) {
    New-Item -Path $FirefoxInstall -Force | Out-Null
}
Set-ItemProperty -Path $FirefoxInstall -Name "1000" -Value "https://addons.mozilla.org/firefox/downloads/latest/velatir/latest.xpi" -Type String
Set-ManagedPolicy "HKLM:\SOFTWARE\Policies\Mozilla\Firefox\3rdparty\Extensions\$FirefoxId" $ApiToken $OrganizationName $MachineId

# Firefox private browsing (opt-in)
$FirefoxPolicyKey = "HKLM:\SOFTWARE\Policies\Mozilla\Firefox"
if ($EnablePrivateBrowsing) {
    $ExtensionSettings = '{"velatir@velatir.com":{"private_browsing":true}}'
    Set-ItemProperty -Path $FirefoxPolicyKey -Name "ExtensionSettings" -Value $ExtensionSettings -Type String
} elseif (Get-ItemProperty -Path $FirefoxPolicyKey -Name "ExtensionSettings" -ErrorAction SilentlyContinue) {
    Remove-ItemProperty -Path $FirefoxPolicyKey -Name "ExtensionSettings" -ErrorAction SilentlyContinue
}

# Vivaldi (Chromium-based; reads ExtensionInstallForcelist + 3rdparty\extensions\<id>\policy)
$VivaldiForcelist = "HKLM:\SOFTWARE\Policies\Vivaldi\ExtensionInstallForcelist"
if (-not (Test-Path $VivaldiForcelist)) {
    New-Item -Path $VivaldiForcelist -Force | Out-Null
}
Set-ItemProperty -Path $VivaldiForcelist -Name "1000" -Value "$VivaldiId;https://clients2.google.com/service/update2/crx" -Type String
Set-ManagedPolicy "HKLM:\SOFTWARE\Policies\Vivaldi\3rdparty\extensions\$VivaldiId\policy" $ApiToken $OrganizationName $MachineId

# Brave (Chromium-based; the policy root drops the "-Browser" suffix even
# though the install directory is "Brave-Browser")
$BraveForcelist = "HKLM:\SOFTWARE\Policies\BraveSoftware\Brave\ExtensionInstallForcelist"
if (-not (Test-Path $BraveForcelist)) {
    New-Item -Path $BraveForcelist -Force | Out-Null
}
Set-ItemProperty -Path $BraveForcelist -Name "1000" -Value "$BraveId;https://clients2.google.com/service/update2/crx" -Type String
Set-ManagedPolicy "HKLM:\SOFTWARE\Policies\BraveSoftware\Brave\3rdparty\extensions\$BraveId\policy" $ApiToken $OrganizationName $MachineId

Write-Output "Velatir browser extensions configured (machineId: $MachineId)"
The script uses the Windows computer name ($env:COMPUTERNAME) as the machineId and writes it into each browser’s managed policy. The value is stable across reruns and consistent between Chrome, Edge, Firefox, Vivaldi and Brave, matching the MSI deployment behaviour.
To deploy to a subset of browsers, comment out the corresponding Chrome, Edge, Firefox, Vivaldi, or Brave section in both the configuration and uninstall scripts.
In Firefox, setting $EnablePrivateBrowsing = $true enables the extension in private browsing automatically. In Edge, the policy requires the extension to be allowed in InPrivate, but each user must still manually enable the extension for InPrivate mode in their browser settings. Chrome does not support an Incognito policy on Windows.

Uninstall

To reverse everything the configuration script writes, run the script below. It’s safe to run whether or not the configuration script has been applied, and it leaves any MDM-managed policies (at forcelist indexes other than 1000) untouched. Uninstall script (Remove-Velatir.ps1): 
$ChromeId = "bbiokppljpbjgiogcoggjnfffbeiihja"
$EdgeId = "phgnjcoglpdamjjmidheehacjbkgkooc"
$FirefoxId = "velatir@velatir.com"
$VivaldiId = $ChromeId
$BraveId = $ChromeId

function Remove-ForcelistEntry($Path, $Name) {
    if (Test-Path $Path) {
        Remove-ItemProperty -Path $Path -Name $Name -ErrorAction SilentlyContinue
    }
}

# Chrome
Remove-ForcelistEntry "HKLM:\SOFTWARE\Policies\Google\Chrome\ExtensionInstallForcelist" "1000"
Remove-Item -Path "HKLM:\SOFTWARE\Policies\Google\Chrome\3rdparty\extensions\$ChromeId" -Recurse -Force -ErrorAction SilentlyContinue

# Edge
Remove-ForcelistEntry "HKLM:\SOFTWARE\Policies\Microsoft\Edge\ExtensionInstallForcelist" "1000"
Remove-ForcelistEntry "HKLM:\SOFTWARE\Policies\Microsoft\Edge\MandatoryExtensionsForInPrivateNavigation" "1000"
Remove-Item -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge\3rdparty\extensions\$EdgeId" -Recurse -Force -ErrorAction SilentlyContinue

# Vivaldi
Remove-ForcelistEntry "HKLM:\SOFTWARE\Policies\Vivaldi\ExtensionInstallForcelist" "1000"
Remove-Item -Path "HKLM:\SOFTWARE\Policies\Vivaldi\3rdparty\extensions\$VivaldiId" -Recurse -Force -ErrorAction SilentlyContinue

# Brave
Remove-ForcelistEntry "HKLM:\SOFTWARE\Policies\BraveSoftware\Brave\ExtensionInstallForcelist" "1000"
Remove-Item -Path "HKLM:\SOFTWARE\Policies\BraveSoftware\Brave\3rdparty\extensions\$BraveId" -Recurse -Force -ErrorAction SilentlyContinue

# Firefox (registry)
Remove-ForcelistEntry "HKLM:\SOFTWARE\Policies\Mozilla\Firefox\Extensions\Install" "1000"
# Only clear ExtensionSettings if it matches the private-browsing-only blob written by the configuration script
$FxKey = "HKLM:\SOFTWARE\Policies\Mozilla\Firefox"
$ExtSettings = (Get-ItemProperty -Path $FxKey -Name "ExtensionSettings" -ErrorAction SilentlyContinue).ExtensionSettings
if ($ExtSettings -eq '{"velatir@velatir.com":{"private_browsing":true}}') {
    Remove-ItemProperty -Path $FxKey -Name "ExtensionSettings" -ErrorAction SilentlyContinue
}
Remove-Item -Path "HKLM:\SOFTWARE\Policies\Mozilla\Firefox\3rdparty\Extensions\$FirefoxId" -Recurse -Force -ErrorAction SilentlyContinue

# Firefox policies.json alternative: remove only Velatir entries, leave other policies intact
$PolicyFile = "C:\Program Files\Mozilla Firefox\distribution\policies.json"
if (Test-Path $PolicyFile) {
    try {
        $Policy = Get-Content $PolicyFile -Raw | ConvertFrom-Json -AsHashtable
        if ($Policy.policies.ExtensionSettings) {
            $Policy.policies.ExtensionSettings.Remove($FirefoxId)
            if ($Policy.policies.ExtensionSettings.Count -eq 0) { $Policy.policies.Remove("ExtensionSettings") }
        }
        if ($Policy.policies."3rdparty".Extensions) {
            $Policy.policies."3rdparty".Extensions.Remove($FirefoxId)
            if ($Policy.policies."3rdparty".Extensions.Count -eq 0) { $Policy.policies.Remove("3rdparty") }
        }
        if ($Policy.policies.Count -eq 0) {
            Remove-Item -Path $PolicyFile -Force
        } else {
            $Policy | ConvertTo-Json -Depth 10 | Set-Content -Path $PolicyFile -Encoding UTF8
        }
    } catch {}
}

# Legacy cleanup: earlier versions of the configuration script persisted a
# generated GUID here. Remove it if present so upgrades leave no stale data.
Remove-Item -Path "HKLM:\SOFTWARE\Velatir\BrowserExtension" -Recurse -Force -ErrorAction SilentlyContinue
$VelatirRoot = "HKLM:\SOFTWARE\Velatir"
if ((Test-Path $VelatirRoot) -and -not (Get-ChildItem $VelatirRoot -ErrorAction SilentlyContinue)) {
    Remove-Item -Path $VelatirRoot -Force -ErrorAction SilentlyContinue
}

Write-Output "Velatir browser policies removed"
Removing the force-install policy does not uninstall the extension from existing browser profiles. Users will simply be able to disable or remove it themselves. To force removal, block the extension first (Chrome/Edge ExtensionInstallBlocklist, or Firefox ExtensionSettings with installation_mode: blocked) before running the uninstall script.
If you deployed via the MSI rather than this script, use msiexec /x VelatirExtension-x64.msi /qn (or VelatirExtension-arm64.msi for ARM64 fleets) — the MSI’s uninstall removes its own registry writes cleanly.

Firefox via policies.json

If you prefer a policies.json file over registry keys for Firefox, use the following script instead of (or alongside) the Firefox section above. Configuration script (Configure-VelatirFirefoxJson.ps1): 
# Configuration - UPDATE THESE VALUES
$ApiToken = "your-api-token-here"
$OrganizationName = "Your Organization"

# Machine ID: Windows computer name. Matches the MSI's [ComputerName] behaviour.
$MachineId = $env:COMPUTERNAME

$PolicyDir = "C:\Program Files\Mozilla Firefox\distribution"
$PolicyFile = "$PolicyDir\policies.json"

if (-not (Test-Path $PolicyDir)) {
    New-Item -Path $PolicyDir -ItemType Directory -Force | Out-Null
}

# Merge with existing policies.json if present
$Policy = @{ policies = @{} }
if (Test-Path $PolicyFile) {
    try {
        $Policy = Get-Content $PolicyFile -Raw | ConvertFrom-Json -AsHashtable
    } catch {
        $Policy = @{ policies = @{} }
    }
}

$Policy.policies.ExtensionSettings = @{
    "velatir@velatir.com" = @{
        installation_mode = "force_installed"
        install_url = "https://addons.mozilla.org/firefox/downloads/latest/velatir/latest.xpi"
        private_browsing = $true
    }
}

$Policy.policies."3rdparty" = @{
    Extensions = @{
        "velatir@velatir.com" = @{
            apiToken = $ApiToken
            organizationName = $OrganizationName
            machineId = $MachineId
        }
    }
}

$Policy | ConvertTo-Json -Depth 10 | Set-Content -Path $PolicyFile -Encoding UTF8

Write-Output "Velatir Firefox policies.json configured (machineId: $MachineId)"
Firefox updates may remove the distribution folder. If using this method, schedule the script to run regularly (e.g., once per day) to ensure the file is recreated after updates.

Intune Settings Catalog (force-install only)

Use this method if you only need to force-install the extension without pre-configured settings. Users will need to enter their API token manually after installation.
The Intune Settings Catalog does not support Firefox extension deployment. For Firefox, use the MSI or the PowerShell script above.
  1. Sign in to the Microsoft Intune admin center
  2. Go to Devices > Configuration > Create > New policy
  3. Select:
    • Platform: Windows 10 and later
    • Profile type: Settings catalog
  4. Name your profile (e.g., “Velatir Chrome Extension”)
  5. Click Add settings and search for Google Chrome
  6. Select Google Chrome > Extensions
  7. Enable Configure the list of force-installed apps and extensions
  8. Add the following value: 
    bbiokppljpbjgiogcoggjnfffbeiihja;https://clients2.google.com/service/update2/crx
  9. Assign to your device groups and create the profile

Manual Registry Configuration (Windows)

If you’re not using Intune or SCCM, you can apply the same policies directly to the Windows registry. Use regedit, Group Policy Preferences, or any other tool that writes registry values. The tables below list every key, value name, and data needed. All values are written under HKEY_LOCAL_MACHINE (HKLM) as REG_SZ (String). Run any tool you use in 64-bit context so writes don’t land under WOW6432Node.
Use the value name 1000 for the force-install entries. This avoids colliding with MDM-managed entries, which typically start at 1.
Required
KeyValue nameData
SOFTWARE\Policies\Google\Chrome\ExtensionInstallForcelist1000bbiokppljpbjgiogcoggjnfffbeiihja;https://clients2.google.com/service/update2/crx
SOFTWARE\Policies\Google\Chrome\3rdparty\extensions\bbiokppljpbjgiogcoggjnfffbeiihja\policyapiTokenYour Velatir API token (e.g. vltr_...)
SOFTWARE\Policies\Google\Chrome\3rdparty\extensions\bbiokppljpbjgiogcoggjnfffbeiihja\policyorganizationNameYour organisation’s display name
Optional
KeyValue nameData
SOFTWARE\Policies\Google\Chrome\3rdparty\extensions\bbiokppljpbjgiogcoggjnfffbeiihja\policymachineIdStable per-device identifier (e.g. computer name)
Chrome does not support an Incognito policy on Windows, so there’s no equivalent to the Edge InPrivate or Firefox private-browsing entry.
To remove the configuration, delete the values you added. Removing the force-install entry doesn’t uninstall the extension from existing browser profiles. Users will simply be able to disable or remove it themselves.

Windows MSI (recommended)

The simpler, supported path for most Windows fleets

Verify the deployment

Confirm policies applied and the extension is installed