Firefox za Enterprise Forum podrške

Hello, and good day. Some of my employees in our org have been using Mozilla as their preferred browser; however, I am having difficulty deploying or managing the browser to deploy the Torii Extension/add-on.

Torii provided me with this link https://support.toriihq.com/hc/en-us/.../5148326594203-Deploy-the-Firefox-Extension to deploy the extension but still to no avail. Can someone assist me with getting this tested and deployed?

Thank you!

Hi

i need to know how to achieve the following using windows 10 registry.

1. Block Extension installations and disable existing installed extensions.

2. Allow only approved extensions so that users could install it from the store.

These settings were able to configure easily for Chrome and Edge browsers.

Thanks Muja

Is there a way to force Firefox updates within a specified time window via group policy? The ADMX templates appear to allow enabling or disabling updates or enforcing background updates, but we are not seeing an option in Group Policy to configure a delay or time window for searching for app updates.

When I type about:policies, I get "The Enterprise Policies service is inactive". I'm trying to validate my configuration against Firefox STIGs which require certain of these policies to be set. So what does this message actually mean? Does it mean no policies are set? Are they set somewhere else? I have Windows Server 2016. Thank you.

Hello, I want to increase my productivity and add Unhook: Remove YouTube Recommended Videos Comments It hides comments and suggested videos from YouTube, or more videos, but unfortunately I can delete or deactivate it easily. I want to prevent it permanently, and also add Cold Turkey Blocker I want to prevent myself and any user from deleting it, and then I will block access to the local group policy editor using Cold Turkey Blocker And when I do this through the local group policy editor I get an error message, please help me

We would like to install a custom search engine using Firefox policies. We have the latest version of Firefox installed. We have the latest admx files installed on our Domain Controllers. In the Policy, I go into the User -> Administrative Templates -> Mozilla -> Search and setup a search engine using Search Engine One. I then go into Default Search Engine and configure our custom search to be default. What we find is that the custom search engine never installs, so the custom search engine is not set at the default. If I manually add the custom search engine using the Search Engine Helper Add-on, I can verify that the custom search settings do indeed work. With that said, does anyone have thoughts on how to troubleshoot this issue? First, need to figure out why the custom engine isn't installing at all. Thanks.

I have one extension to be installed on the enterprise network machines. There are host permissions required to access All websites data. How can I, as an Admin, enable this host permissions for the installation ?

Dears, Based on your documentation on https://github.com/mozilla/policy-templates/blob/master/README.md#extensionsettings I am not able to successfully deliver setting to firefox app via Intune OMA-URI. Can you check this on your side and help?

ExtensionSettings [./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Extensions/ExtensionSettings] Error -2016281112

Summary Session ID 68f1c5af4fb3404789cf Resource ID Not available Extension Microsoft_Intune_DeviceSettings Content PolicyReportSettingDetailBlade Error code 404

Thank you very much

Hello, I am trying to manage extensions in my organization. What would be the best way to block all extensions by default and allow only certain specific extensions?

I am following the Mac OS Extension Settings Policy and adding this to a configuration profile, but I am not sure how to manipulate it to suit my needs.

What would be the best way to go about this, and what would the plist file look like?

Thanks!

Hello,

I have a plug-in installed on multiple machines using group policy. The installation source is a link to <my_add_on.xpi>. My question is regarding the updates approach. If I replace the source file with an updated version, but keeping the name/link the same. Will Firefox automatically update the plug-in? Only found brief docs here: https://github.com/mozilla/policy-templates/blob/master/README.md#extensionsettings """

If you need to update the extension, you can change the name of the extension and it will be automatically updated. Extensions installed from file URLs will additional be updated when their internal version changes.

""" I don't point to a local file, but rather a URL. Does that make a difference. Or I'll have to provide the updates.json in the plug-in manifest that points to the latest version?

Thank you.

Hi All,

I am trying to block the Last Pass extension in Firefox using Intune, and the ADMX configuration setting is not working on the endpoint. I've used the templates found here

https://github.com/mozilla/policy-templates/releases / Target Extension "support@lastpass.com"

And have tried using the imported admx template as well as a single line OMA-URI.

I've worked with Microsoft, and they see the correct settings on the device as pushed out via Intune, so they said it is not on their end. Any ideas why blocking named browser extenstions is not working? I've configured a few other settings with Intune/ADMX templates and they work.

Thanks! -Doug

When looking at the ExtensionSettings page for Firefox or Chrome they both use an example that shows the registry key Software\Policies\Mozilla\Firefox\ExtensionSettings (REG_MULTI_SZ) being set to a long JSON string with every extension ID and the settings for that particular ID. For example...

{

 "*": {
   "blocked_install_message": "Custom error message.",
   "install_sources": ["https://yourwebsite.com/*"],
   "installation_mode": "blocked",
   "allowed_types": ["extension"]
 },
 "uBlock0@raymondhill.net": {
   "installation_mode": "force_installed",
   "install_url": "https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi"
 },
 "https-everywhere@eff.org": {
   "installation_mode": "allowed"
 }

}

The problem with this method is that if I am installing an extension, and I overwrite what already exists in Software\Policies\Mozilla\Firefox\ExtensionSettings then all of those other settings get removed. So even if I am a non-malicious actor and just make a mistake with my installer I can easily delete every other extension's settings. Instead what I have to do is during install I have to read the current value of Software\Policies\Mozilla\Firefox\ExtensionSettings and then insert my extension's settings into the JSON blob.

So the examples that Firefox and Chrome provides do of course work, however they do not make very much sense to me. Why would it be formatted this way since all of those are additional key/value pairs and that is exactly what the registry excels at storing. So why put all of those into a single key/value instead of breaking them into multiple?

Additionally breaking them a part into multiple key/value pairs does work! So if instead of the example above I were to split them into multiple key value pairs it works just fine!

Software\Policies\Mozilla\Firefox\ExtensionSettings

   uBlock0@raymondhill.net
       "installation_mode": "force_installed",
       "install_url": "https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi"

So knowing that this way with multiple key/value pairs works why am I bothering to ask this question at all instead of just doing it the way that makes sense to me? Well the issue is that by breaking it up into multiple key value pairs it actually overrides the other method and makes it so that all those registry settings are ignored. So it doesn't delete them but it still leaves me with nearly the exact same problem.

While I believe "my" way is superior because it uses the registry in a more common sense route, if that is not what the majority of extension developers do then it doesn't matter and I should be conforming to the other way.

As I am typing this question up I did realize just how hard/annoying it is to properly format and make it clear and digestible what the multi key/value format of the registry would look like instead of being a JSON string. So perhaps that is the reason why all the documentation puts it all as one JSON string?

We have used Firefox in our environment for well over a year in the configuration explained here: https://help.okta.com/en-us/content/topics/directory/ad-dsso-configure-browsers.htm

OKTA is our Identity provider to do Single Sign on to our SaaS applications.

today when version 118 rolled out, this functionality stopped working. Can you help me to get this working again. Chrome and Edge are not affected, so we have options, but we would really like to use Firefox.

Thanks so much for your help

Scott

Hi, I am looking for a security Hardening guidelines for Firefox from Mozilla. Could you please guide me to the right direction where I can find one.

Thanks Raju

Hello,

I used to deploy add-ons via group policies - this worked like a charm: Firefox esr (91.11.0esr x64), ADMX-templates in Sysvol\PolicyDefinitions, Group Policies: User configuration, administrative templates, mozilla, firefox, add-ons --> install add-ons --> https://addons.mozilla.org/firefox/downloads/file/1234567/goodaddon-1.0.01.xpi

A few months ago, we had to change our network-configuration. We were using a proxy before, but our proxy had direct access to the internet. Now our proxy forwards everything to another proxy. Since about that time, add-on-deployment via gpo doesn't work anymore. It could be something else, but i suspect the proxy-change.

I tried to deploy unc-paths, internal websites and different syntaxes; none of this works:

• http://192.168.100.10/goodaddon-1.0.01.xpi
• http://internalwebsite/goodaddon-1.0.01.xpi
• https://192.168.100.10/goodaddon-1.0.01.xpi
• https://internalwebsite/goodaddon-1.0.01.xpi
• \\192.168.100.20\netshare\goodaddon-1.0.01.xpi
• \\internalfileserver\netshare\goodaddon-1.0.01.xpi
• file://///192.168.100.20/netshare/goodaddon-1.0.01.xpi
• file://///internalfileserver/netshare/goodaddon-1.0.01.xpi

As you can see I tried using internal sites, so that no proxy would be needed. And I also added these sites to the allowed add-on-installation-sites (computer configuration, same group policy). The sites are all accessible; if I enter these addresses as url, firefox can access the xpi-file.

I know how to pack add-ons into the firefox-setup-file; that still works. But first of all, firefox is already installed on most of my clients. Second, after a fresh installation of firefox with this self-created package, all add-ons are installed, but not activated. And I would like to restrict activation/deactivation of add-ons via gpo.

1. 1 Are there other ways to deploy add-ons in a domain-network (e.g. script-based)?
2. 2 Are there any logs where I could find out what exactly goes wrong?
3. 3 Are there any other syntaxes I could try (group policy urls)?
4. 4 Can anyone guess what the problem is (why it is not working anymore)?

Help would be very much appreciated.

Best regards.

I'm setting up addon installation through `policy.json`. Below is an example. I am wondering howto configure addons thus installed using the same file. Is it possible? If yes: where to find addon-specific keys/options? As an example: when providing below `policy.json`, starting any fresh firefox profile/installation produces the dialog "Startpage.com - Private Search Engine would like to change your default search engine from Google to Startpage.com - English. Is that OK?", followed by yes/no buttons. I would like to be able to just make the addon do so forgoing the dialog.

Thanks for any pointers.

{

 "policies": {
   "ExtensionSettings": {
     "*": {
       "blocked_install_message": "Installation of extensions only allowed from 'policy.json'.",
       "installation_mode": "blocked"
     },
     "{20fc2e06-e3e4-4b2b-812b-ab431220cada}": {
       "installation_mode": "force_installed",
       "install_url": "https://addons.mozilla.org/firefox/downloads/latest/startpage-private-search/latest.xpi"
     }
   },
   "ExtensionUpdate": true
 }

}

We are working on implementing Firefox for Enterprise and rolling it out through Intune/Company Portal, one challenge we are encountering is that we have disabled Pocket as thoroughly as we can (followed the guide from Mozilla https://support.mozilla.org/en-US/kb/disable-or-re-enable-pocket-for-firefox) and we are still seeing requests go out to "img-getpocket.cdn.mozilla.net" we do not want Pocket available at all, we do not want queries made to those domains, is it not possible to completely eradicate Pocket?

It wouldn't be a problem but our AV solution (MDE) has a popup every time the URL is queried and blocked.

Attached image of our configuration profile for Pocket.

Hello

I am looking for a way to disable the QUIC protocol in Firefox through Jamf Pro. tried by below value but its not working, anyone did the settings for Mac?

<plist version="1.0"> <dict> <key>Preferences</key> <dict> <key>network.http.http3.enable</key> <dict> <key>Value</key> <false/> <key>Status</key> <string>user</string> </dict> <key>network.http.http3.enable_0rtt</key> <dict> <key>Value</key> <false/> <key>Status</key> <string>user</string> </dict> </dict> </dict> </plist>

Thanks

Hello

I am looking for a way to disable the QUIC protocol in Firefox through Intune. tried by below value but its not working, anyone did the settings in MS Intune for Windows? <enabled/> <data id="JSON" value=' {

 "network.http.http3.enable": {
   "Value": 0,
   "Status": "user"
 },

{

 "network.http.http3.enable_0rtt": {
   "Value": 0,
   "Status": "user"
 }

}'/>

Thanks