Policy Templates for Firefox
License: Mozilla Public License 2.0
These policies are in active development and so might contain changes that do not work with current versions of Firefox.
You should use the officially released versions if you are deploying changes.
Official policy documentation has been moved to https://mozilla.github.io/policy-templates/.
The most important GPO for me would be the proxy settings like Address, Port, Exceptions etc. This already works via "the old method" (autoconfig and .cfg) so it would be great to add this to the templates.
The homepage GPO is confusing, it provides a textbox to enter one URL, but this is not sufficient, you then have to go into the list provided and write it in again. Is there a reason for this duplication? Cheers
After our Tests it seems like after hitting "Restore Default Search Engines" the Search Engine set via GPO is permanently overwritten. Closing FF and starting it again won't help either.
Especially for encapsulated business environments with own Search Engine and no direct access to the internet, this would probably help to be fixed.
It would also be helpful, if you could lock the "Restore Default Search Engines" for Users.
The GPO option "Disable Pocket" (using "extensions.pocket.enabled") already gets rid of the Pocket section on the "new tab" page.
It would be really nice if the other sections were also configurable through GPO.
I'm currently looking at the following options:
Steps to reproduce:
Screen capture- https://testing-1.tinytake.com/sf/MjQxNzg3M183MzI1MDEz
Actual Result:
Flash is not blocked
Expected Result
Flash should be blocked by the policy
Hi,
this is a plea to make some if not all ESR policies available for the RR (rapid release) branch, too.
Background: I'm running an Active Directory (based on Samba on my Synology NAS) at home and would like to use frequent Firefox updates as well as those GPOs. Some of those ESR policies are quite useful for RR, too.
On the first run I would need at least those GPOs:
Thanks,
Michael
Encountered an error while parsing.
DTD is prohibited.
and
Encountered an error while parsing.
DTD is prohibited.
Hello,
Can you add the this parameter ?
network.negotiate-auth.trusted-URI
https://developer.mozilla.org/en-US/docs/Mozilla/Integrated_authentication
Hi,
I've added the ADMX Files to the Central Store, created a gpo with the policy for a home page.
But Firefox doesn't apply the policy.
gpresult shows the gpo as applied...
Firefox Version: 59.0.3 (32-Bit)
Thank you
"Prevent extensions fromb being disabled or removed" should be "Prevent extensions from being disabled or removed"
Set your own default sites for activity stream (or just delete the existing) via GPO.
Would fit in section Bookmarks.
browser.newtabpage.activity-stream.default.sites
Code suggestion will follow.
Hello,
One feature that will be greatly appreciated would be the ability to import certificates into the Firefox certificate store. Indeed, Firefox does not use the Windows store
Regards,
Steps to reproduce:
1- Enable the "Disable System Add-on Updates" policy
2- Start Firefox
3- Go to about:config and set extensions.systemAddon.update.url to
http://felipc.github.io/blankupdate/update.xml
4- In to about:config set extensions.logging.enabled;true
and restart the browser
5- Open browser console and verify the following script returns "false":
Cu.import("resource://gre/modules/AddonManager.jsm").AddonManagerInternal.systemUpdateEnabled()
6-Run the following script again and check the string like "Starting system add-on update check"
Cu.import("resource://gre/modules/AddonManager.jsm"); AddonManagerPrivate.backgroundUpdateCheck()
Actual result:
It does not disable sys addon update
Expected Result:
It should disable sys addon update
The subjects tells it already: Why no policies for telemetry settings?
Still lots of work to be done manually if the devs won't release a full set of policies. And for enterprise usage it is important to stop FF from sending out telemetry data to various servers in the wild.
Steps to reproduce:
Screen capture- https://testing-1.tinytake.com/sf/MjQxNDc2N183MzE4Mzcy
1- Enabled or disable "Create Master Password" policy in Group Policy Editor
2- Go to about:preferences#privacy and check "use a master password" is unchecked and greyed out
Actual Result:
No change to the browser by using this
Expected Result:
Should disable the create master password option
Steps to reproduce:
Screen capture- https://testing-1.tinytake.com/sf/MjQxNDg0Nl83MzE4NjA0
Actual Result:
Menu bar still shows after "Display Menu Bar" is set to "Disabled"
Expected Result:
The menu bar should be hidden after "Display Menu Bar" is set to "Disabled"
In a lot encapsulated, protected enterprise environments there is no direct access from client to the internet. But we are IT-People and we want things to be done automatically. So you might want to set up your own "Update Server" (smth. like: https://developer.mozilla.org/en-US/docs/Mozilla/Setting_up_an_update_server).
It would be helpful, if the needed client-configuration can be done via GPO.
------------------------------------------->
Finally, you must override the update server that Firefox uses by doing the following:
(optional) Create a new profile
Set "app.update.auto" to false (to prevent Firefox from checking the real update server before you can override it)
Set "app.update.log" to true
Open the Scratchpad, switch to Browser context, and run Services.prefs.getDefaultBranch(null).setCharPref("app.update.url", "http://localhost/update/3/%PRODUCT%/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL%/%OS_VERSION%/%DISTRIBUTION%/%DISTRIBUTION_VERSION%/update.xml").
<-------------------------------------------
I hope this tutorial is correct. We are currently trying to get this done.
Thanks and kind regards
Steps to reproduce:
Screen capture- https://testing-1.tinytake.com/sf/MjQxNzg0NV83MzI0OTQ1
Actual Result:
Allowed flash content does not open automatically
Expected Result:
Allowed flash content should be opened automatically
I'm trying to block Addons but the policy InstallAddons don't work.
I want to block any Addons from (https://addons.mozilla.org)
All the best.
At the moment the snippets is:
{
"policies": {
"Block": ["<all_urls>"],
"Exceptions": ["http://example.org/*"]
}
}
But to get it to run, it has to be:
{
"policies": {
"WebsiteFilter": {
"Block": ["<all_urls>"],
"Exceptions": ["http://example.org/*"]
}
}
}
It would be great to have a policy (or policies) to disable various notifications to be able to create a more seamless experience. i'd have thought in particular of:
In addition to "Override the first run page" it would be great, if you could set "browser.onboarding.enabled" to false via GPO.
Code suggestion will follow.
Settings to disable the location tracking and the access to the camera/microphone would be greatly appreciated.
If possible provide the ability to provide a list for allowed websites and an option to prevent all new websites from asking for permissions.
Again, in environments where the clients are not directly connected to the internet...
It would be helpful, if you cold set your own help URL via GPO.
Thanks and kind Regards
I've made the policies.json file & placed it inside C:\Program Files (x86)\Mozilla Firefox, yet it does not seem to work....
Hello, we make use of SAML authentication and we want to support windows integrated authentication. Microsoft relies on UserAgents with ADFS to see who gets the forms based sign on and who gets the integrated.
To make it easy for the program to understand what clients are intranet clients that support it, the easiest thing is to glue a custom string at the end of the user agent with our company name to identify which are our domain joined internal clients.
So for example it might look like this
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:59.0) Gecko/20100101 Firefox/59.0 CompanyName
Internet Explorer supports this via group policy but Firefox having it would be very helpful.
Eg how flash handles it. Here is an example for NTLM --
Was -- "List of sites trusted to use NTLM authentification."
Suggested Change --
"If this policy is enabled, NTLM authentication is activated by default for the URLS indicated. If a top level domain is specified (http://example.org), NTLM authentication is allowed for all subdomains as well.
If this policy is disabled or not configured, the default NTLM authentication policy is followed."
If nothing else, correct the "authentification" typo
Hi. Not sure if this is the right place for this. Let me know if it should be somewhere else :)
I would guess the most important policies for most organisations would be configuring kerberos auth (network.negotiate-auth.trusted-uris) and allowing Firefox to use the system cert store (security.enterprise_roots.enabled).
For ideas on deploying extensions you could take a look at how Chrome has done their policies, where you insert the IDs of the extensions you want and firefox will download and install them.
https://bugzilla.mozilla.org/show_bug.cgi?id=1452104
Should wait to update until after it lands on beta.
Headline says it all.
Thanks for that work!
If I had some "whishes" where could i place them? Like: Set your own SupportUrl via GPO ...
Hello,
I received this communicate when I try to edit GPO:
Encountered an error while parsing DTD is prohibited.
File \do.ma.in\Policies\PolicyDefinitions\firefox.admx line 7, column 9.
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
Django
The Web framework for perfectionists with deadlines.
Laravel
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft
Open source projects and samples from Microsoft.
Google
Google โค๏ธ Open Source for everyone.
Alibaba
Alibaba Open Source for everyone
D3
Data-Driven Documents codes.
Tencent
China tencent open source team.
