Look, I was just trying to enable Secure DNS in Chrome last week, you know, the entire privacy scenario where your ISP did not know what sites you were accessing. However, when I would press the setting, it was grayed out with the following message: This setting is disabled on managed browsers.
I do not work in some large organization. This is my laptop. Why then is it like I am not the boss here?
It happens out to be a fairly common problem–and yes, I had it fixed in 5 minutes or so. This is how and what happened and how you can do the same.
What’s Actually Blocking Use Secure DNS?
I would like to know what happened before I entered the fix mode. The managed browser science fiction alert is the one that e.g. appears when something is controlling your chrome settings out of the background.
Three main culprits:
Antivirus software – Browser programs such as Avast, AVG or Kaspersky are also fond of playing around with browser settings. It is referred to as web protection or HTTPS scanning, but it simply ciphers your DNS selections.
Windows Group Policy – Windows group policy is one of the many that remained behind as a result of someone having setup policies on your PC (that could have been a work computer back then).
Privacy tools –Sadly enough, privacy-protecting tools like WindowsSpyBlocker can even block DNS settings that are secured.
I typed chrome/policy into my address bar–and, lo! there were policies which I had not established. It was at that point that I realized there was something that was ordering things around.
The 5-Minute Fix I Used
Here’s exactly what I did. It’s easier than it sounds.
Step 1: Check What’s Controlling Chrome
First, I typed chrome://policy in the address bar and entered. This page displays all the policies that are governing your browser.
When you observe anything on the list there, particularly DNS or security related items you have policies that are prohibiting you. In mine there were several entries of Chrome Policies which I obviously did not create.
Step 2: Open Registry Editor
I will not fib–Registry Editor opens scares. However, it is not so bad as long as you follow the steps.
Here’s what I did:
- Tapped Windows+R in my keyboard.
- Typed regedit and clicked OK
- I said Yes when it requested permission of the administrator.
Step 3: Find and Delete the Chrome Policies
It is in this that the magic occurs. Registry Editor I changed to the following path:
HKEYCURRENTUSER\SOFTWARE\Policies\Google\ChromeYou can cut-pasta that path into the address bar at the top of registry editor it is much faster clicking down folders to cut-paste.
After arriving there I noticed that there was a folder named Chrome and there were various entries in it. I clicked on the whole Chrome folder on my right and deleted it.
Then I did likewise to this way (in case):
HKEYLOCALMACHINE\SOFTWARE\Policies\Google\ChromeUninstalled the Chrome folder too.
Step 4: Check Your Antivirus
Given the re-enforceable nature of such restrictions by the antivirus software, I opened my antivirus (I had Avast there) and searched something under the name of Web Shield or HTTPS Scanning.
Located it in Core Shields – Web Shield. I switched it off–just to see whether it was the matter. And yep, it was.
Assuming that you use Kaspersky, AVG, or any other antivirus, find the same features in their web protection options and leave them disabled.
Step 5: Privatization of Chrome and prime Secure DNS.
Close Chrome totally (not a window only I made sure that it did not run in background). Then I opened it again.
Clicked directly on: Settings – Privacy and Security – Security.
Clicked down to Use Secure DNS-and- Ah! the switch at last became angry!
I decided to use Cloudflare (1.1.1.1) as it was the fastest and privacy-oriented provider that I decided to use. One can also use Google DNS or Quad9 and add malware blocking.
Why Use Secure DNS Anyway?
At this point since I got it going, here is the reason why I even took the time to put up with this whole thing.
The classical DNS transmits your requests as plaintext. It is that whatever your ISP, network administrator or whoever is spying on your network is able to know which sites you are visiting. It is a way of sending postcards as opposed to confidential mails.
Those queries are encrypted as secure DNS i.e. DNS over HTTPS. Your ISP only knows that you are connecting to a DNS server, but not to what sites you are performing a look up.
It does not render you invisible (they can still see the IP that is connecting to the sites), but it is one brick of privacy that needs no work whatsoever to be up and running.
Quick Comparison: DNS Providers I Considered
| Provider | IP Address | What It’s Good For |
|---|---|---|
| Cloudflare | 1.1.1.1 | Speed + privacy (my choice) |
| Google DNS | 8.8.8.8 | Reliable, widely used |
| Quad9 | 9.9.9.9 | Blocks malware automatically |
| OpenDNS | 208.67.222.222 | Parental controls built-in |
I chose Cloudflare as they are fast and they have a sound privacy policy. But honestly? Any of these work fine.
What If It’s Still Disabled?
And in case you went by my instructions and the setting still turns gray, then use the following:
Cross-verify both registry paths – It is possible that policies were in HKEYLOCALMACHINE, but even after being deleted in HKEYCURRENTUSER.
Shut down your computer – There is no use denying the fact that restarting your computer is the IT basican advice, but policies sometimes have to be cleared by doing a full reboot.
Check whether your computer is really controlled – In case this is a laptop used in work or school, your IT department may, in fact, legally control it. Then, you are unlucky unless they are willing to change it.
Install Fresh Chrome – Only after all the other attempts have been used up, completely wipe out Chrome, including; any remaining folders in Program files or any other area, then install again. Clean slate usually works.
My Take After Using It for a Week
I have been managing Secure DNS approximately one week long and frankly speaking? I do not notice any change in speed which is expected as encryption only requires a few milliseconds.
But that my ISP can no longer see my queries to the DNS? That feels good. It is one of those minor privacy victories, which do not include the need to adjust the entire workflow.
In case you are left with that disabled on managed browsers message, combined try this fix. It only took 5 minutes, did not need any technical skills–just have to buy a license to push some keys around in Registry Editor.
Read:
What CNN Means In Deep Learning: Easy Explaination.
I’m software engineer and tech writer with a passion for digital marketing. Combining technical expertise with marketing insights, I write engaging content on topics like Technology, AI, and digital strategies. With hands-on experience in coding and marketing, Connect with me on LinkedIn for more insights and collaboration opportunities: