Skip to main content
Force-install the extension on Windows by pushing browser policy yourself: through Group Policy, a PowerShell script, a policies.json file, or the Intune Settings Catalog. These cover Chrome, Edge, Firefox, Vivaldi, and Brave, and all write to the machine hive (HKLM\Software\Policies\…).

PowerShell script

One script covers all five browsers. Edit $IngestKey at the top, then run it as Administrator or SYSTEM in 64-bit PowerShell. The browsers read the key from the registry value apiToken. Configuration script (Configure-Velatir.ps1):
# Configuration - UPDATE THIS VALUE
$IngestKey = "your-ingest-key-here"

# Extension IDs
# Vivaldi and Brave install the Chrome Web Store build of the extension and
# therefore share Chrome's extension ID.
$ChromeId = "bbiokppljpbjgiogcoggjnfffbeiihja"
$EdgeId = "phgnjcoglpdamjjmidheehacjbkgkooc"
$FirefoxId = "velatir@velatir.com"
$VivaldiId = $ChromeId
$BraveId = $ChromeId

# Machine ID: Windows computer name. Matches the MSI's [ComputerName] behaviour.
$MachineId = $env:COMPUTERNAME

function Set-ManagedPolicy($Path, $Key, $Id) {
    if (-not (Test-Path $Path)) {
        New-Item -Path $Path -Force | Out-Null
    }
    Set-ItemProperty -Path $Path -Name "apiToken" -Value $Key -Type String
    Set-ItemProperty -Path $Path -Name "machineId" -Value $Id -Type String
}

# Chrome
$ChromeForcelist = "HKLM:\SOFTWARE\Policies\Google\Chrome\ExtensionInstallForcelist"
if (-not (Test-Path $ChromeForcelist)) {
    New-Item -Path $ChromeForcelist -Force | Out-Null
}
# Use name "1000" to avoid colliding with MDM-managed entries (which start at 1)
Set-ItemProperty -Path $ChromeForcelist -Name "1000" -Value "$ChromeId;https://clients2.google.com/service/update2/crx" -Type String
Set-ManagedPolicy "HKLM:\SOFTWARE\Policies\Google\Chrome\3rdparty\extensions\$ChromeId\policy" $IngestKey $MachineId

# Edge
$EdgeForcelist = "HKLM:\SOFTWARE\Policies\Microsoft\Edge\ExtensionInstallForcelist"
if (-not (Test-Path $EdgeForcelist)) {
    New-Item -Path $EdgeForcelist -Force | Out-Null
}
Set-ItemProperty -Path $EdgeForcelist -Name "1000" -Value "$EdgeId;https://edge.microsoft.com/extensionwebstorebase/v1/crx" -Type String
Set-ManagedPolicy "HKLM:\SOFTWARE\Policies\Microsoft\Edge\3rdparty\extensions\$EdgeId\policy" $IngestKey $MachineId

# Firefox
# Force-install via Extensions\Install to avoid overwriting ExtensionSettings (a single JSON value that may conflict with MDM)
$FirefoxInstall = "HKLM:\SOFTWARE\Policies\Mozilla\Firefox\Extensions\Install"
if (-not (Test-Path $FirefoxInstall)) {
    New-Item -Path $FirefoxInstall -Force | Out-Null
}
Set-ItemProperty -Path $FirefoxInstall -Name "1000" -Value "https://addons.mozilla.org/firefox/downloads/latest/velatir/latest.xpi" -Type String
Set-ManagedPolicy "HKLM:\SOFTWARE\Policies\Mozilla\Firefox\3rdparty\Extensions\$FirefoxId" $IngestKey $MachineId

# Vivaldi (Chromium-based; reads ExtensionInstallForcelist + 3rdparty\extensions\<id>\policy)
$VivaldiForcelist = "HKLM:\SOFTWARE\Policies\Vivaldi\ExtensionInstallForcelist"
if (-not (Test-Path $VivaldiForcelist)) {
    New-Item -Path $VivaldiForcelist -Force | Out-Null
}
Set-ItemProperty -Path $VivaldiForcelist -Name "1000" -Value "$VivaldiId;https://clients2.google.com/service/update2/crx" -Type String
Set-ManagedPolicy "HKLM:\SOFTWARE\Policies\Vivaldi\3rdparty\extensions\$VivaldiId\policy" $IngestKey $MachineId

# Brave (Chromium-based; the policy root drops the "-Browser" suffix even
# though the install directory is "Brave-Browser")
$BraveForcelist = "HKLM:\SOFTWARE\Policies\BraveSoftware\Brave\ExtensionInstallForcelist"
if (-not (Test-Path $BraveForcelist)) {
    New-Item -Path $BraveForcelist -Force | Out-Null
}
Set-ItemProperty -Path $BraveForcelist -Name "1000" -Value "$BraveId;https://clients2.google.com/service/update2/crx" -Type String
Set-ManagedPolicy "HKLM:\SOFTWARE\Policies\BraveSoftware\Brave\3rdparty\extensions\$BraveId\policy" $IngestKey $MachineId

Write-Output "Velatir browser extensions configured (machineId: $MachineId)"
To deploy to a subset of browsers, comment out the corresponding section in both the configuration and uninstall scripts.

Uninstall

This reverses everything the configuration script writes. It is safe to run either way, and leaves MDM-managed policies (at forcelist indexes other than 1000) untouched. Uninstall script (Remove-Velatir.ps1):
$ChromeId = "bbiokppljpbjgiogcoggjnfffbeiihja"
$EdgeId = "phgnjcoglpdamjjmidheehacjbkgkooc"
$FirefoxId = "velatir@velatir.com"
$VivaldiId = $ChromeId
$BraveId = $ChromeId

function Remove-ForcelistEntry($Path, $Name) {
    if (Test-Path $Path) {
        Remove-ItemProperty -Path $Path -Name $Name -ErrorAction SilentlyContinue
    }
}

# Chrome
Remove-ForcelistEntry "HKLM:\SOFTWARE\Policies\Google\Chrome\ExtensionInstallForcelist" "1000"
Remove-Item -Path "HKLM:\SOFTWARE\Policies\Google\Chrome\3rdparty\extensions\$ChromeId" -Recurse -Force -ErrorAction SilentlyContinue

# Edge
Remove-ForcelistEntry "HKLM:\SOFTWARE\Policies\Microsoft\Edge\ExtensionInstallForcelist" "1000"
Remove-Item -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge\3rdparty\extensions\$EdgeId" -Recurse -Force -ErrorAction SilentlyContinue

# Vivaldi
Remove-ForcelistEntry "HKLM:\SOFTWARE\Policies\Vivaldi\ExtensionInstallForcelist" "1000"
Remove-Item -Path "HKLM:\SOFTWARE\Policies\Vivaldi\3rdparty\extensions\$VivaldiId" -Recurse -Force -ErrorAction SilentlyContinue

# Brave
Remove-ForcelistEntry "HKLM:\SOFTWARE\Policies\BraveSoftware\Brave\ExtensionInstallForcelist" "1000"
Remove-Item -Path "HKLM:\SOFTWARE\Policies\BraveSoftware\Brave\3rdparty\extensions\$BraveId" -Recurse -Force -ErrorAction SilentlyContinue

# Firefox (registry)
Remove-ForcelistEntry "HKLM:\SOFTWARE\Policies\Mozilla\Firefox\Extensions\Install" "1000"
Remove-Item -Path "HKLM:\SOFTWARE\Policies\Mozilla\Firefox\3rdparty\Extensions\$FirefoxId" -Recurse -Force -ErrorAction SilentlyContinue

# Firefox policies.json alternative: remove only Velatir entries, leave other policies intact
$PolicyFile = "C:\Program Files\Mozilla Firefox\distribution\policies.json"
if (Test-Path $PolicyFile) {
    try {
        $Policy = Get-Content $PolicyFile -Raw | ConvertFrom-Json -AsHashtable
        if ($Policy.policies.ExtensionSettings) {
            $Policy.policies.ExtensionSettings.Remove($FirefoxId)
            if ($Policy.policies.ExtensionSettings.Count -eq 0) { $Policy.policies.Remove("ExtensionSettings") }
        }
        if ($Policy.policies."3rdparty".Extensions) {
            $Policy.policies."3rdparty".Extensions.Remove($FirefoxId)
            if ($Policy.policies."3rdparty".Extensions.Count -eq 0) { $Policy.policies.Remove("3rdparty") }
        }
        if ($Policy.policies.Count -eq 0) {
            Remove-Item -Path $PolicyFile -Force
        } else {
            $Policy | ConvertTo-Json -Depth 10 | Set-Content -Path $PolicyFile -Encoding UTF8
        }
    } catch {}
}

# Legacy cleanup: earlier versions of the configuration script persisted a
# generated GUID here. Remove it if present so upgrades leave no stale data.
Remove-Item -Path "HKLM:\SOFTWARE\Velatir\BrowserExtension" -Recurse -Force -ErrorAction SilentlyContinue
$VelatirRoot = "HKLM:\SOFTWARE\Velatir"
if ((Test-Path $VelatirRoot) -and -not (Get-ChildItem $VelatirRoot -ErrorAction SilentlyContinue)) {
    Remove-Item -Path $VelatirRoot -Force -ErrorAction SilentlyContinue
}

Write-Output "Velatir browser policies removed"
Removing the force-install policy does not uninstall the extension from existing profiles; users can then disable or remove it themselves. To force removal, block the extension first (Chrome/Edge ExtensionInstallBlocklist, or Firefox ExtensionSettings with installation_mode: blocked) before running the uninstall script.
If you deployed via the MSI instead, uninstall with msiexec /x VelatirExtension-x64.msi /qn (or VelatirExtension-arm64.msi for ARM64 fleets).

Firefox via policies.json

To use a policies.json file instead of registry keys for Firefox, run this script in place of (or alongside) the Firefox section above. Configuration script (Configure-VelatirFirefoxJson.ps1):
# Configuration - UPDATE THIS VALUE
$IngestKey = "your-ingest-key-here"

# Machine ID: Windows computer name. Matches the MSI's [ComputerName] behaviour.
$MachineId = $env:COMPUTERNAME

$PolicyDir = "C:\Program Files\Mozilla Firefox\distribution"
$PolicyFile = "$PolicyDir\policies.json"

if (-not (Test-Path $PolicyDir)) {
    New-Item -Path $PolicyDir -ItemType Directory -Force | Out-Null
}

# Merge with existing policies.json if present
$Policy = @{ policies = @{} }
if (Test-Path $PolicyFile) {
    try {
        $Policy = Get-Content $PolicyFile -Raw | ConvertFrom-Json -AsHashtable
    } catch {
        $Policy = @{ policies = @{} }
    }
}

$Policy.policies.ExtensionSettings = @{
    "velatir@velatir.com" = @{
        installation_mode = "force_installed"
        install_url = "https://addons.mozilla.org/firefox/downloads/latest/velatir/latest.xpi"
    }
}

$Policy.policies."3rdparty" = @{
    Extensions = @{
        "velatir@velatir.com" = @{
            apiToken = $IngestKey
            machineId = $MachineId
        }
    }
}

$Policy | ConvertTo-Json -Depth 10 | Set-Content -Path $PolicyFile -Encoding UTF8

Write-Output "Velatir Firefox policies.json configured (machineId: $MachineId)"
Firefox updates may remove the distribution folder. If using this method, schedule the script to run regularly (e.g., once per day) to ensure the file is recreated after updates.

Intune Settings Catalog (force-install only)

Use this to force-install the extension without pre-configured settings. Users enter the ingest key manually afterwards.
The Settings Catalog does not support Firefox. For Firefox, use the PowerShell script above.
  1. Sign in to the Microsoft Intune admin center
  2. Go to Devices > Configuration > Create > New policy
  3. Select:
    • Platform: Windows 10 and later
    • Profile type: Settings catalog
  4. Name your profile (e.g., “Velatir Chrome Extension”)
  5. Click Add settings and search for Google Chrome
  6. Select Google Chrome > Extensions
  7. Enable Configure the list of force-installed apps and extensions
  8. Add the following value:
    bbiokppljpbjgiogcoggjnfffbeiihja;https://clients2.google.com/service/update2/crx
    
  9. Assign to your device groups and create the profile

Manual Registry Configuration (Windows)

Not using Intune or SCCM? Apply the same policies directly with regedit, Group Policy Preferences, or any tool that writes registry values. The tables below list every key, value name, and data. All values are REG_SZ (String) under HKEY_LOCAL_MACHINE (HKLM). Run your tool in 64-bit context so writes don’t land under WOW6432Node.
Use the value name 1000 for the force-install entries. This avoids colliding with MDM-managed entries, which typically start at 1.
Required
KeyValue nameData
SOFTWARE\Policies\Google\Chrome\ExtensionInstallForcelist1000bbiokppljpbjgiogcoggjnfffbeiihja;https://clients2.google.com/service/update2/crx
SOFTWARE\Policies\Google\Chrome\3rdparty\extensions\bbiokppljpbjgiogcoggjnfffbeiihja\policyapiTokenYour organisation’s ingest key (e.g. vltr_...)
Optional
KeyValue nameData
SOFTWARE\Policies\Google\Chrome\3rdparty\extensions\bbiokppljpbjgiogcoggjnfffbeiihja\policymachineIdStable per-device identifier (e.g. computer name)
To remove the configuration, delete the values you added. This does not uninstall the extension from existing profiles; users can then disable or remove it themselves.

Enterprise deployment

Browser support, managed config, and other platforms

Verify the deployment

Confirm policies applied and the extension is installed