When a network administrator or a third-party app has control of your Chrome browser, you’ll see a message “Managed by your organization”. This could be perfectly fine if the PC is indeed part of a network, but if it’s your own personal computer, then it might signify a problem. You’ll probably notice unwanted changes in the browser that you aren’t allowed to revoke, which indicates the presence of a browser hijacker. If any of this sounds familiar, the next paragraphs will help you.
What Is “Managed by Your Organization” in Chrome?
Sometimes, while using Google Chrome or other Chromium-based browsers like Opera or Edge, you might see this message “managed by your organization”. It will usually appear at the bottom of the Chrome menu, but you can also see it elsewhere.
If you see it on a school or work computer, it just means your browser is controlled by policies set by the respective organization that owns the machine. These policies can change settings, restrict features, install extensions, and even monitor activity remotely. Again, perfectly normal if your company, or school, or university owns the computer.
However, it’s less normal if you see the message on your own PC, which is probably what got you on this page. It usually means that some form of unwanted software has installed policies without your knowledge for reasons that will certainly not benefit you. It’s a common issue that we are now going to address in detail within the next lines. The good news is this can be fixed without too much hassle in most cases. You just need to know what you are looking, and we will help you with that.
What Is the Chrome Enterprise Policy?
The Enterprise policies are a built-in feature in Google Chrome and other Chromium-based browsers. It allows system administrators to control browser settings across all devices. That way everyone gets the necessary extensions, security settings, and rules to keep the operation smooth and secure. The admin can centrally install essential extensions and set up security measures without need for user input.
All that sounds great if you are the admin of a network and want to have control over the browsers on all connected devices. It sounds less great if that control is hijacked by a rogue app that can now leverage all the admin privileges that Chrome’s enterprise policy entails.
SUMMARY:
| Name | Managed by Your Organization |
| Type | Browser Hijacker |
| Detection Tool |
Removing the “Managed by Your Organization” Policy
There are several easy ways to remove any unwanted Chrome policies and make your browser “unmanaged” and we’ll explain them in a moment. However, since the likely reason for the “Managed by” policy in your browser is a rogue app or extension, you also need to remove it as well. Otherwise, the hijacker will likely attempt to once again take control of your browser. And there are, of course, the other issues linked to hijackers, such as the potential for getting redirected to unsafe sites and spammed with malicious ads.
We’ll show you in a separate guide below how to clean your PC and browser from any rogue apps and extensions. But before you go there, use one of the next methods to remove the unwanted policy that’s currently imposed on your Chrome or Edge browser. Otherwise, you may not be able to delete Custom Search Bar or whatever other hijacker is bothering you. You’ll probably see a “Installed by Enterprise Policy” message when attempting to delete the hijacker if you haven’t previously revoked its policies.
Method 1: Clean the Registry
Simply deleting the registry entries where the browser saves its policies should usually be enough to take care of the problem:
- Go to the Start Menu, type regedit in the search box, right-click the first icon, and click Run as administrator. Click Yes to confirm.
- For Chrome users, navigate to this Registry key (Registry folder) in the left panel: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome.
- If you are using Microsoft Edge, navigate to this key: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Edge.
- Delete all values in the respective key (right panel) and all sub-keys (sub-folders) in the left panel.
After you do this, Chrome/Edge should be free of any rogue policies and you can then proceed to delete from it any unwanted extensions.
Method 2: Delete Your Chrome Account
Another option is to delete the Chrome user profile since these policies are often linked to the user’s profile and will lose effect outside of it.
- Open Chrome, click on your profile icon in the top-right, and select the gear icon (Manage Profiles).
- Click the three dots next to your current profile, and click Delete. Confirm the deletion.
- Then click Add to create a new profile.
From now on use your newly-created Chrome profile, which shouldn’t have any rogue policies enforced on it. Note that you still need to clean your browser from suspicious extensions.
Method 3: Use the Chrome Policy Remover Tool
There is a free tool that can automatically remove any unwanted policies from your Chrome browser. Here’s how to use it:
- Download the Chrome Policy Remover tool from this page.
- If your AV flags the file, either whitelist it or temporarily turn off the antivirus. If it directly deleted/quarantined the file, download it again.
- Right-click the file, select Run as Administrator, and then click Yes.
- A command prompt window will open and automatically run a script. Wait for it to finish and then close the window.
That’s it – your Chrome policies should now be removed and you should be free to make changes to your browser.
How to Remove the “Managed by Your Organization” Hijacker
Once your Chrome or Edge browser is no longer locked by third-party policies, it’s important to find and eliminate the initial culprit for this issue. As we mentioned, it was probably a browser hijacker or a rogue that’s still on your computer. The instructions below will show you how to find and delete it from your PC, so that it no longer messes with your browser and system settings.
Uninstall the Managed by Your Organization app and kill its processes
The first thing you must try to do is look for any sketchy installs on your computer and uninstall anything you think may be behind the Managed by Your Organization message. After that, you’ll also need to get rid of any processes that may be related to the unwanted app by searching for them in the Task Manager.
Note that sometimes an app, especially a rogue one, may ask you to install something else or keep some of its data (such as settings files) on your PC – never agree to that when trying to delete a potentially rogue software. You need to make sure that everything is removed from your PC to get rid of the malware. Also, if you aren’t allowed to go through with the uninstallation, proceed with the guide, and try again after you’ve completed everything else.
- Uninstalling the rogue app
- Killing any rogue processes
Type Apps & Features in the Start Menu, open the first result, sort the list of apps by date, and look for suspicious recently installed entries.
Click on anything you think could be linked to the Managed by Your Organization policy, then select uninstall, and follow the prompts to delete the app.
Press Ctrl + Shift + Esc, click More Details (if it’s not already clicked), and look for suspicious entries that may be linked to the Managed by Your Organization policy.
If you come across a questionable process, right-click it, click Open File Location, scan the files with the free online malware scanner shown below, and then delete anything that gets flagged as a threat.
After that, if the rogue process is still visible in the Task Manager, right-click it again and select End Process.
Undo Managed by Your Organization changes made to different system settings
It’s possible that the Managed by Your Organization hijacker has affected various parts of your system, making changes to their settings. This can enable the malware to stay on the computer or automatically reinstall itself after you’ve seemingly deleted it. Therefore, you need to check the following elements by going to the Start Menu, searching for them, and pressing Enter to open them and to see if anything has been changed there without your approval. Then you must undo any unwanted changes made to these settings in the way shown below:
- DNS
- Hosts
- Startup
- Task
Scheduler - Services
- Registry
Type in Start Menu: View network connections
Right-click on your primary network, go to Properties, and do this:
Type in Start Menu: C:\Windows\System32\drivers\etc\hosts
Type in the Start Menu: Startup apps
Type in the Start Menu: Task Scheduler
Type in the Start Menu: Services
Type in the Start Menu: Registry Editor
Press Ctrl + F to open the search window
Remove Managed by Your Organization extensions from your browsers
- Delete Managed by your Organization extensions from Chrome
- Delete Managed by your Organization extensions from Firefox
- Delete Managed by your Organization extensions from Edge
- Go to the Chrome menu > More tools > Extensions, and toggle off and Remove any unwanted extensions.
- Next, in the Chrome Menu, go to Settings > Privacy and security > Clear browsing data > Advanced. Tick everything except Passwords and click OK.
- Go to Privacy & Security > Site Settings > Notifications and delete any suspicious sites that are allowed to send you notifications. Do the same in Site Settings > Pop-ups and redirects.
- Go to Appearance and if there’s a suspicious URL in the Custom web address field, delete it.
- Firefox menu, go to Add-ons and themes > Extensions, toggle off any questionable extensions, click their three-dots menu, and click Remove.
- Open Settings from the Firefox menu, go to Privacy & Security > Clear Data, and click Clear.
- Scroll down to Permissions, click Settings on each permission, and delete from it any questionable sites.
- Go to the Home tab, see if there’s a suspicious URL in the Homepage and new windows field, and delete it.
- Open the browser menu, go to Extensions, click Manage Extensions, and Disable and Remove any rogue items.
- From the browser menu, click Settings > Privacy, searches, and services > Choose what to clear, check all boxes except Passwords, and click Clear now.
- Go to the Cookies and site permissions tab, check each type of permission for permitted rogue sites, and delete them.
- Open the Start, home, and new tabs section, and if there’s a rogue URL under Home button, delete it.
Did a Virus Enforce the New Browser Policy?
This message in the browser of your personal PC is often a sign of something fishy that shouldn’t be in there. The culprit could be a rogue app or extension that has sneaked without your informed permission. The general term we use to talk about such apps and extensions is “browser hijackers”. They are not the same as viruses or Trojans but are still something you definitely don’t want in your system.
One of the biggest red flags that you are dealing with a hijacker is if you are suddenly forced to use a specific search engine (we’ll get to that in a bit). Annoying ads and pop-ups are also common when hijackers take over a browser. If your browser has started to behave oddly and there are changes in it that you are not allowed to reverse, you can be pretty certain that the “Managed by your organization.” message is from a hijacker. It’s not a virus or Trojan, so it’s less threatening, but you should still get rid of it ASAP.
Some Legitimate Apps Use the Chrome Enterprise “Managed by Policy”
There are exceptions, where the cause behind the “Managed by policy” message is an actual helpful app. Many security programs can apply policies to browsers like Chrome and Edge for improved security. Two common examples are like Avast Anti-Virus and AVG Anti-Virus, so if you have one of those, you shouldn’t be surprised by the browser change.
You don’t need to agree with it, of course, and you can always disable that policy. Just go to the program’s settings, check the section that corresponds to online/browser security, and disable the feature you don’t want.
But that’s only when the new browser policy comes from a legitimate program. If this message pops up on your PC and you have no idea why it’s there, you’ve got to dig deeper. Check your system and browser for any rogue apps or extensions. You are very likely to find something that is probably not supposed to be there, in which case you’ll have to give it the boot with the help of our guide. Better safe than sorry.
What Is the Culprit Behind the “Managed by Your Organization” Policy?
We already explained how the culprit behind the “Managed by your organization” policy is often a sneaky, but which app exactly? Truth be told, there are probably thousands of sketchy applications and extensions that exploit this Chrome function. We can’t list them all, but one of the more common offenders is the Custom Search Bar extension.
This is your typical fake search engine hijacker that will use underhanded tactics to get installed and then leverage the Enterprise policy feature to maintain its presence. Its main purpose is to make money from ads and paid site promotions. That is why it really wants you to interact with its fake search engine which will more than likely collect your browsing data and then redirect you to sites that pay for traffic. It should go without saying that you must stay away from it until it gets removed.
How You Got the Custom Search Bar or Another “Managed by Policy” Hijacker
Most users will get such rogue extensions from file bundles or cracked software. The pirate site Steamunlocked for crashed Steam games is one of the most common places where people get infected with hijackers (and more serious threats). Once you run the infected installer, you also get the hijacker. Some installers will give you the option to leave it out, but people rarely pay attention to the installation settings.
We found in our research that the installer which delivers the Custom Search Bar this hijacker asks for administrator privileges twice. This is a very clever tactic that shows this isn’t just a simple installation but a well-orchestrated takeover. The original installer secretly gets patched to include the hijacker so that even attentive users often fail to notice the change.
What follows next is a PowerShell script that hides in your system. It sets policies that force the installation of the “Custom Search Bar” hijacker that you won’t be able to remove or disable normally. The rogue script is set to run every four hours – the goal is to ensure the extension stays in the browser. It also modifies the Windows Registry and sets the execution policy to “Unrestricted”.
These changes in the system aren’t to harm anything on your computer, but they are still very invasive. They make the hijacker difficult to remove but, arguably, the bigger problem with them is that they can destabilize your system and make it an easy target for more harmful malware.
Leave a Comment