Showing questions tagged: Show all questions

Addon/Extension allow list with group policy

Hello! I manage our browser configuration for our enterprise. We use group policy to restrict browser addons until they clear our internal security review. I'm looking … (read more)

Hello!

I manage our browser configuration for our enterprise. We use group policy to restrict browser addons until they clear our internal security review.

I'm looking for a way to allow specific addons using group policy, while generally blocking everything else.

I've found the setting to enforce the installation of addons, but we'd like to avoid forcing every addon to install on every system as there would be overlap between things like password managers and such.

Is there a way to accomplish this?

Asked by ggroathouse 1 week ago

Last reply by Mike Kaply 4 days ago

Azure Virtual Desktop

Hello, We have a client using Azure Virtual Desktops. Most of the users prefer to use Firefox. We are having an issue that anytime we update Firefox and reimage the vi… (read more)

Hello,

We have a client using Azure Virtual Desktops. Most of the users prefer to use Firefox. We are having an issue that anytime we update Firefox and reimage the virtual hosts. When the users login they get a new Firefox profile. We have to remote in and copy their old profile data to the new profile.

Is there a better way for us to handle Firefox and profiling in and Azure Virtual Desktop deployment?

Asked by jbrady6 4 weeks ago

Last reply by Mike Kaply 2 weeks ago

Extensions through GPO

Hi, I already have the admx and adml templates installed on my gpo. I would like to control or prevent the install of vpn extensions on the firefox browser. Specificall… (read more)

Hi,

I already have the admx and adml templates installed on my gpo. I would like to control or prevent the install of vpn extensions on the firefox browser.

Specifically I would like to prevent the install of all vpn extensions to the firefox browser for the users in my company. I would like them to download and install other extensions. How could I do this through modifying the json file in the extensions folder of the firefox template in my gpo.

Thanks in advance, Floyd,

Asked by fcastellino 3 weeks ago

Last reply by Mike Kaply 2 weeks ago

  • Solved

ExtensionSettings does not show up as a GPO setting with the latest ADMX files

the settings ExtessionSettings does not show up to be able to modify even tho it is on the ADMX file (5.11)? Should I use the older Extensions policies? I want to install… (read more)

the settings ExtessionSettings does not show up to be able to modify even tho it is on the ADMX file (5.11)? Should I use the older Extensions policies? I want to install and pin an extension from the store.

Asked by Christopher Roble 3 weeks ago

Answered by Mike Kaply 3 weeks ago

Enforce use of extension

Hello, My company recently started using ActivTrak Monitoring software and I need some help configuring the setup for Apple computers. I'm trying to create a custom .mob… (read more)

Hello,

My company recently started using ActivTrak Monitoring software and I need some help configuring the setup for Apple computers. I'm trying to create a custom .mobileconfig to automatically turn on the browser extension and then stop the end users from turning the add-on off. I can successfully install and lock the extension on once installed but need to manually activate the add-on first. What do I need to add to the plist to enable the extension automatically?

Thank you!

Asked by MiITsolutions 1 month ago

Enquiry On Force Update Firefox

Does anyone possess expertise in executing a forced update for Firefox within the user's profile directory located at "AppData\Local\Mozilla Firefox"? It would be advanta… (read more)

Does anyone possess expertise in executing a forced update for Firefox within the user's profile directory located at "AppData\Local\Mozilla Firefox"? It would be advantageous to employ a PowerShell script for rectifying this issue. It appears that certain users are not frequently opening Firefox, thus impeding the automatic update process.

Asked by slimmonkey 1 month ago

Last reply by Mike Kaply 1 month ago

Group Policy Settings list with description

Hi, I would like to implement GPO settings for Firefox, and would like to review the list of the policies with description (explanation of what the policy is about and w… (read more)

Hi, I would like to implement GPO settings for Firefox, and would like to review the list of the policies with description (explanation of what the policy is about and what happens if its enabled or disabled) on a table or excel format. Is there a site or page that will give me that list?

Asked by aurel_dimaculangan 1 month ago

Last reply by cor-el 1 month ago

Issue with Blocking Websites in Mozilla Firefox via Group Policy

We followed the links below to block internet access in Firefox browser: https://www.youtube.com/watch?v=fAGYYX5hYb8 https://github.com/mozilla/policy-templates/release… (read more)

We followed the links below to block internet access in Firefox browser:

https://www.youtube.com/watch?v=fAGYYX5hYb8 https://github.com/mozilla/policy-templates/releases

We downloaded the ADMX and ADML files. Using these files, we were able to locate Mozilla Firefox in Group Policy Management and successfully block all websites in the Firefox browser using the pattern :///*.

However, we encountered an issue with exceptions. We do not wish to block certain websites, including localhost. We attempted to use the "Exceptions to block websites" option, providing values such as ://msn.com/ to exclude specific sites. Unfortunately, this approach did not work as intended. For instance, msn.com is one of the websites we want to allow, among others and also localhost.

We require assistance with the following issue: "Exceptions to block websites" is not functioning properly within the group policy of Mozilla Firefox.

Asked by hitenj.trivedi 2 months ago

Last reply by Mike Kaply 2 months ago

Folder redirection conflicts synchronization firefox profile

Welcome, We are implementing redirected folders in our company via Widnows Server. We are also redirecting the Appdata folder. We have offline mode enabled which means th… (read more)

Welcome, We are implementing redirected folders in our company via Widnows Server. We are also redirecting the Appdata folder. We have offline mode enabled which means that the folders are synchronised every 5 minutes. The synchronised Appdata folder has a Firefox profile which causes a lot of conflicts. Every time the folder is synced there are conflicts like "Both versions have been updated since the last sync" or "Cannot sync now. Try again". I attach a screen shot of how much of this there is. No other applications cause such errors. Only Firefox blocks us from a large deployment. If the problem cannot be resolved we will be forced to abandon the FireFox browser altogether. Has anyone had a similar problem?

Asked by sebastian.pawlowski 3 months ago

Last reply by Mike Kaply 2 months ago

Assistance Needed with Firefox Browser and Group Policy Settings

Hi there, We are currently utilizing Windows Server 2019 as our development server. To maintain security protocols, we have implemented a Group Policy to block internet … (read more)

Hi there,

We are currently utilizing Windows Server 2019 as our development server. To maintain security protocols, we have implemented a Group Policy to block internet access on this server. Initially, this configuration successfully restricted internet access on all browsers, including Firefox. However, recently we encountered an issue where internet access became available solely through the Firefox browser, posing a significant data security risk.

Upon investigation, we discovered that Firefox allows users to modify proxy settings, effectively bypassing our Group Policy restrictions. Unlike other browsers, Firefox permits users to adjust proxy settings without sufficient rights, thus overriding our established restrictions.

To mitigate this issue, we require guidance on enforcing Group Policy settings within Firefox to prevent unauthorized alterations to proxy settings and ensure internet access remains restricted. It's important to note that Firefox is exclusively utilized for development purposes on our server.

Your assistance in resolving this matter would be greatly appreciated.

Regards, Hiten

Asked by hitenj.trivedi 2 months ago

Last reply by Mike Kaply 2 months ago

Trigger Update through command line or script

Is there a way to trigger a Firefox browser update through command line or script? I need to trigger an update across a few hundered computers and I can do this, but thr… (read more)

Is there a way to trigger a Firefox browser update through command line or script? I need to trigger an update across a few hundered computers and I can do this, but through command line or script automation. What is the command line syntax to do this, if there is any?

Thank you for your help

Asked by pcdl 2 months ago

Last reply by cor-el 2 months ago

Saving passwords for specific websites GPO

Dear Forum, Maybe this has been already asked but i keep getting the quite opposite when searching. is there a way that i can save passwords, for autofill purposes, for… (read more)

Dear Forum,

Maybe this has been already asked but i keep getting the quite opposite when searching.

is there a way that i can save passwords, for autofill purposes, for specific websites in Firefox using GPO?.

I have 4 computers, that are currently deployed with Firefox and all 4 should be able to login to a specific website with a given username and password. I would like to set the username and password for them stored in the Firefox password manager and let it autofill it for them when going to the given website.

Or should i do this using the created shortcut they received, deployed to their systems using GPO?

Thank you in advanced.

Asked by cbraafhart 4 months ago

Last reply by Mike Kaply 4 months ago

  • Archived

Proxy not working

Hello, from Terminal Servers, it is not possible to browse the Internet via FortiGate's explicit proxy from the Firefox browser, while there is no problem with Chrome or … (read more)

Hello, from Terminal Servers, it is not possible to browse the Internet via FortiGate's explicit proxy from the Firefox browser, while there is no problem with Chrome or Edge. When the user tries to browse external sites, the proxy sends the error page "You need to authenticate to use this service". It seems that Firefox does not pass user authentication to FortiGate. The proxy authenticates users per session via Kerberos tickets.

Firefox version: 115.5.0esr

I also performed the following settings to pass the Kerberos ticket to the proxy without success: https://people.redhat.com/mikeb/negotiate/

I also noticed that it is not possible to change the "network.negotiate-auth.allow-proxies" setting from "false" to "true." Is this my problem? Is it normal that it cannot be changed?

Attached are the settings.

Thank you in advance.

Asked by akas89 6 months ago

Last reply by Mike Kaply 4 months ago

  • Solved

Subscriptions for security advisory alerts for Firefox enterprise

I'm a security analyst. I would like to get email notifications on security advisories, alerts and vulnerability information regarding Firefox to stay up to date. Please … (read more)

I'm a security analyst. I would like to get email notifications on security advisories, alerts and vulnerability information regarding Firefox to stay up to date. Please help on how I can get the subscription?

Asked by nandini.vempati 4 months ago

Answered by Mike Kaply 4 months ago

How to disable welcome back notification?

Seems to be new in 122.0 because i never received that before. It asks if you want to open links with Firefox and if you do, it sets file associations for htm / html and … (read more)

Seems to be new in 122.0 because i never received that before. It asks if you want to open links with Firefox and if you do, it sets file associations for htm / html and things like that. However in a company environment i want to supress that notification

Asked by Tynth 4 months ago

Last reply by Mike Kaply 4 months ago

GPO, Reg Key, Nothing works to force add/install an extension.

I am writing from an enterprise environment and I have been directed to the community page by Mozilla support to seek answers. This approach seems somewhat unreasonable f… (read more)

I am writing from an enterprise environment and I have been directed to the community page by Mozilla support to seek answers. This approach seems somewhat unreasonable for an enterprise setting and it has led me to consider discontinuing their product within our organization. I had requested support to send me a copy of my previous correspondence as I had forgotten some details, but this request was ignored, which is disappointing.

I am skeptical about receiving the help or answers I need here. If there is a more direct line to Mozilla support, I would greatly appreciate being redirected there.

We are currently using Firefox 121.0 and are attempting to implement the Applied Epic extension. I have updated the ADMX policy.

Originally, the reg key flip I created did work but something has changed since then. See screenshot of this. I followed the guide provided at https://github.com/mozilla/policy-templates/blob/v5.5/docs/index.md, which instructed me to place the registry key in Software\Policies\Mozilla\Firefox\Extensions\Install\1. However, the guide did not specify whether this should be in HKLM or HKCU. I tried this instead, and it did not work.

I also attempted to implement the extension via GPO, but this was unsuccessful. I tried the new Extension Management system as well, but to no avail.

Here is the JSON configuration I used: {

 "AppliedEpicExtension@gmail.com": {
   "installation_mode": "force_installed",
   "install_url": "https://addons.mozilla.org/firefox/downloads/file/4143256/applied_epic_extension-3.16.3.xpi"
 }

}

Despite following the guide and trying multiple methods, none of the options seem to work. I would appreciate any guidance on what I might be doing wrong.

Asked by BM 5 months ago

Last reply by Mike Kaply 5 months ago

  • Archived

Background update task

Hello everyone, being annoyed of a huge amount of Qualys tickets in my enterprise environment, i have decided to use the ability of firefox to update itself on its own i… (read more)

Hello everyone,

being annoyed of a huge amount of Qualys tickets in my enterprise environment, i have decided to use the ability of firefox to update itself on its own instead of deploying a new version each time.

Requirement: Firefox has to stay up-to-date even on devices where it is not used. That´s what the scheduled background update task and Mozilla Maintenance Service are for, right?

Problem: The background update task will only be created if a logged on user will run firefox at least one time. Since Firefox is used as the secondary browser here, it is installed on all clients, but not even half of the clients/users are running it.

I didn´t find any option to create that task manually. So - at least in my environment - the autoupdate mechanism is useless.

Is there any hope for an autoupdate mechanism which can be run independent of logged on users? Or does anyone have an idea how i could achieve my goal?

Thank you in advance!

Asked by alexander.propp 10 months ago

Last reply by Mike Kaply 5 months ago

  • Solved

Extensions Management .json is not working

Hello, I am trying to create a management policy for extensions where all themes are allowed, some extensions are force installed, other specified ones are allowed, and … (read more)

Hello,

I am trying to create a management policy for extensions where all themes are allowed, some extensions are force installed, other specified ones are allowed, and anything else is blocked. I have been scouring the web looking for samples and I just can't get it to work as intended. Here is a sample of what I have written.

{ "*": { "blocked_install_message": "IT has blocked the installation of UNAPPROVED add-ons. Please contact the IT Service Desk to request approval.", "install_sources": "https://addons.mozilla.org/*", "allowed_types": ["theme","extension"] }, "plugin@okta.com": { "installation_mode": "force_installed", "install_url": "https://addons.mozilla.org/firefox/downloads/file/3601147/okta_browser_plugin.xpi" }, "support@lastpass.com": { "installation_mode": "force_installed", "install_url": "https://addons.mozilla.org/firefox/downloads/latest/lastpass-password-manager/latest.xpi" }, "developer@zoom.us": { "installation_mode": "allowed", "install_url": "https://addons.mozilla.org/firefox/downloads/file/4212428/zoom_new_scheduler-2.1.52.xpi" }, "info@katalon.com": { "installation_mode": "allowed", "install_url": "https://addons.mozilla.org/firefox/downloads/file/3826743/katalon_automation_record-5.5.3.xpi" } }

In this current state, I am allowed to install themes, I get the forced installs, but I can install ANY extension. I don't want that.

If I modify the blocking section with [ "installation_mode": "blocked", ], then I only get the force installed plugins and I can't do anything else. It even removes any previously installed themes or plugins not explicitly forced in. The allowed plugins can't be installed either.

I have also tried it without the "extensions" allowed_type but the result did not change. To recap, I need to block any extensions not explicitly pushed or allowed. Would anyone be able to assist and point out what I may be missing please?

~Regards

Asked by yaponte 5 months ago

Answered by yaponte 5 months ago

  • Solved

Firefox Intune OMA-URI error

Dear Everyone, Facing issue with deploying Configuration Profile for Extension Settings via Intune. Tried ADMX imported template with adding there "block all extensions"… (read more)

Dear Everyone, Facing issue with deploying Configuration Profile for Extension Settings via Intune. Tried ADMX imported template with adding there "block all extensions" and allow certain ones. Worked perfect in Jamf, for Intune failing all time. We are using Firefox v.121, policies are for v.120, but I am in doubt that this is the issue. Can someone review and let me know if there any issue or may be changes? Using latest instructions https://mozilla.github.io/policy-templates/#extensionsettings Also here is my OMA, very easy.

OMA used ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Extensions/ExtensionSettings

Value(string):

<enabled/> <data id="ExtensionSettings" value=' {

 "*": {
   "blocked_install_message": "Security Test",
   "installation_mode": "blocked",
   "allowed_types": ["extension"]
 },
 "{bf855ead-d7c3-4c7b-9f88-9a7e75c0efdf}": {
   "installation_mode": "force_installed",
   "install_url": "https://addons.mozilla.org/firefox/downloads/latest/zoom-new-scheduler/latest.xpi"
 },
   "@react-devtools": {
   "installation_mode": "allowed"
 }

}'/>

Asked by Valery Volos 5 months ago

Answered by Mike Kaply 5 months ago