Dieses Thema wurde archiviert. Bitte stellen Sie eine neue Frage, wenn Sie Hilfe benötigen.
GPO ineffective - Firefox ESR
We're looking at using the GPO functionality to start managing our existing Firefox deployments. We've loaded the ADMX file and have created a test GPO that does 2 things:
1. Enable AutoUpdate 2. Creates 2 bookmarks
We've deployed the GPO to a few machines, confirmed the GPO is applying via GPResult, and confirmed that there are corresponding entries in HKLM\Software\Policies\Mozilla\Firefox but we're not seeing the changes occurring in the browser. AutoUpdate is still disabled and greyed out (via the previously deployed local JSON config file) and the bookmarks aren't present.
Any idea why we wouldn't see the changes as effective in the browser? Browser is running 60.4.0 ESR (32-bit).
Alle Antworten (7)
It sounds like you were controlling Firefox using a policies.json file previously and are now trying to change over to the equivalent group policy template instead. This may be a foolish question, but you have removed the policies.json files from your systems, correct?
If not, that file could be overriding the settings that you are trying to enable through GPO.
I'd previously inquired about GPO vs JSON (https://support.mozilla.org/en-US/questions/1239683) and was told GPO overrides JSON. We were trying to avoid deleting the local JSON file as a part of our GPO deployment.
The one thing I just noticed is I don't actually see us using a JSON file. What we have is a localsettings.js file located in C:\Program Files (x86)\Mozilla Firefox\defaults\pref, and that file points to mozilla.cfg in C:\Program Files (x86)\Mozilla Firefox. Within mozilla.cfg with the following content:
This setup appears different than the normal JSON file setup I see documented elsewhere. Is it possible this file is preventing the GPO from applying properly?
You are running an AutoConfig file, which is different from a GPO or policies.json. It's designed to allow you to control preferences that can't be controlled by group policy, although it can overlap with your GPO.
For example, your specific code says:
// Disable updater
// Make absolutely sure it is really off lockPref("app.update.auto", false);
lockPref("app.update.mode", 0); lockPref("app.update.service.enabled", false);
This will override your GPO, which is why the update feature is still disabled and greyed out. It's because those preferences have been locked by this configuration.
On a test system, I'd recommend commenting out (putting a
// in front) of the lines that appear to control the updating function of Firefox. Do the same if you are having any other issues with it overriding your GPO.
Fortunately, whoever made that file added a lot of comments to tell you what each cluster of preferences does, so it should be fairly easy to find the ones that are causing issues.
After you get your test system working, you can push out the updates to that file globally to all systems on your network.
Rather than commenting out the specific lines, i just removed both the localsettings.js file and the mozilla.cfg file from the directory. That doesn't seem to have had any impact though. The bookmarks are still not showing up in the browser and I see no change in the auto-update availability.
Update: It appears the auto-update function is working, but the 2 bookmarks and the home page that are defined in the GPO are not effective. I can see the associated keys in the registry have been created, but the browser is not responding to these keys.
Here's the resulting keys: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Mozilla\Firefox\Bookmarks]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Mozilla\Firefox\Bookmarks\1] "Title"="TEST" "URL"="www.google.com" "Favicon"="" "Placement"="menu" "Folder"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Mozilla\Firefox\Bookmarks\2] "Title"="TEST2" "URL"="www.cnn.com" "Favicon"="" "Placement"="menu" "Folder"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Mozilla\Firefox\Homepage] "URL"="REDACTED" "Locked"=dword:00000001
The URLs need to be fully qualified:
Thanks for your help. We updated the URLs to be fully qualified and they successfully applied. In total, it took the removal of the local config file and the proper formatting within the GPO for the changes to be effective.