Install Google Credential Provider for Windows

Google Credential Provider for Windows® (GCPW) lets users sign in to Windows® devices with the Google Account they use for work. GCPW provides users with a single sign-on experience to Google services and all the security features available with their Google Account. 

Pre-requisite

1. Google Chrome should be installed on Windows devices.

Steps to install

You can use the script below to install the GCPW app on your managed devices,

1. Create a file on your desktop, for example install_gcpw.ps1 and open it in a text editor like notepad++
2. Copy the contents below to the file or click here to download the file.
   ShellShell

   <# This script downloads Google Credential Provider for Windows from
   https://tools.google.com/dlpage/gcpw/, then installs and configures it.
   Windows administrator access is required to use the script. #>
   
   <# Set the following key to the domains you want to allow users to sign in from.
   
   For example:
   $domainsAllowedToLogin = "acme1.com,acme2.com"
   #>
   
   $domainsAllowedToLogin = "REPLACE_WITH_DOMAIN_NAME"
   
   Add-Type -AssemblyName System.Drawing
   Add-Type -AssemblyName PresentationFramework
   
   <# Check if one or more domains are set #>
   if ($domainsAllowedToLogin.Equals('')) {
       Write-Output 'The list of domains cannot be empty! Please edit this script.'
       exit 5
   }
   
   function Is-Admin() {
       $admin = [bool](([System.Security.Principal.WindowsIdentity]::GetCurrent()).groups -match 'S-1-5-32-544')
       return $admin
   }
   
   <# Check if the current user is an admin and exit if they aren't. #>
   if (-not (Is-Admin)) {
       Write-Output 'Please run as administrator!'
       exit 5
   }
   
   <# Choose the GCPW file to download. 32-bit and 64-bit versions have different names #>
   $gcpwFileName = 'gcpwstandaloneenterprise.msi'
   if ([Environment]::Is64BitOperatingSystem) {
       $gcpwFileName = 'gcpwstandaloneenterprise64.msi'
   }
   
   <# Download the GCPW installer. #>
   $gcpwUrlPrefix = 'https://dl.google.com/credentialprovider/'
   $gcpwUri = $gcpwUrlPrefix + $gcpwFileName
   Write-Host 'Downloading GCPW from' $gcpwUri
   Invoke-WebRequest -Uri $gcpwUri -OutFile $gcpwFileName
   
   <# Run the GCPW installer and wait for the installation to finish #>
   $arguments = "/i `"$gcpwFileName`" /quiet"
   $installProcess = (Start-Process msiexec.exe -ArgumentList $arguments -PassThru -Wait)
   
   <# Check if installation was successful #>
   if ($installProcess.ExitCode -ne 0) {
       Write-Output 'Installation failed!'
       exit $installProcess.ExitCode
   }
   else {
       Write-Output  'Installation completed successfully!'
   }
   
   <# Set the required registry key with the allowed domains #>
   $registryPath = 'HKEY_LOCAL_MACHINE\Software\Google\GCPW'
   $name = 'domains_allowed_to_login'
   [microsoft.win32.registry]::SetValue($registryPath, $name, $domainsAllowedToLogin)
   
   $domains = Get-ItemPropertyValue HKLM:\Software\Google\GCPW -Name $name
   
   if ($domains -eq $domainsAllowedToLogin) {
       Write-Output 'Configuration completed successfully!'
   }
   else {
       Write-Output 'Could not write to registry. Configuration was not completed.'
   
   }

   
   
3. Replace the phrase REPLACE_WITH_DOMAIN_NAME domain name(s) that you want the user to allow sign in with.
4. Follow our guide to upload & publish the powershell script using Scalefusion Dashboard.
5. Once the script is successfully executed, the following new option would be seen on the Windows Login screen