How to harden Chrome.exe when logged in as admin?

gtownladytn
gtownladytn used Ask the Experts™
on
Chrome browser is being used by domain admins.  I have noticed that there are "sensitive Privilege use" successful events during the night hours requested by chrome.exe.  I have looked for 'hardening ' suggestions for Chrome.  There are hundreds.   Typically, domain admins lock their desktop in the evening which leaves Chrome up and running in the background.  We have several web portals from our federal headquarters that run in Chrome and not IE or Edge.   We are moving to Windows 10 and most of the domain admins are using Windows 10.  We will be moving to Standard user accounts in the next 60 days.  For the next 60 days, I have concerns about event 4674 from chrome.exe.
event4674.txt
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Technical Specialist
Awarded 2017
Distinguished Expert 2018
Commented:
Chrome browser is being used by domain admins.
You won't get around it from a risk point of view. You need to use standard accounts from web browsing

Typically, domain admins lock their desktop in the evening which leaves Chrome up and running in the background.
Why are domain admins logging on to desktops?

You can reference CIS Chrome benchmarks but I would never allow desktops with mail, web etc. logging on with DA
https://www.cisecurity.org/benchmark/google_chrome/
ste5anSenior Developer

Commented:
Just a comment:
Typically, domain admins lock their desktop in the evening which leaves Chrome up and running in the background.
This will keep any program in the background alive, thus not only Chrome. (domain) admins not do that. They should/must log out instead of locking desktops.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial