I've had AdBlock Plus rolled out for all of my ~500 Windows machines for Chrome for a few months now with good results. I've got tight security in place and have for years (No admin rights for users, applocker white-listing executable code, etc) but was/am tired of the scare-ware pages that my users end up redirected to via ads (And "fat fingered" domains). Until the ad networks can get their security in order I'll do what I have to do to ensure the security of our endpoints and prevent our users from being scammed, even if that unfortunately means content providers might suffer. Even the big boys like Bing and Google seem to have malicious ads making their way through pretty regularly.
Anyway, I'm now rolling it out for IE with success. I was able to use the registry keys via GPO to disable automatic updates and the first run dialog. It would be nice to be able to disable the "Disable Everywhere" option for IE. It's too accessible and I can see my users checking that just because something objectionable occurs with AdBlock on a particular site.
Are there any other current workarounds that will overwrite the users preference to "Disable Everywhere" should they select that option? It looks like when "Disable Everywhere" is checked it adds "enabled":false to the prefs.json. Can I just push this file with GPO GPP with a Replace action to keep overwriting the user's preference? If I manually delete the "enabled":false from the prefs file and restart IE it does turn it back on but are there any other implications I should be aware of when pushing this out to all of my machines? I don't have a full understanding of everything in this prefs file to know what kind of unintended consequences I may run into overwriting everyone's prefs.json with a copy of mine. I could write a script that runs as a scheduled task on the clients and just removes "enabled":false from prefs.json periodically if it exists rather than pushing a copy of all preferences to all machines.