Firefox ignores policies.json if you are signed into Windows as Guest user. Is there any workaround?
I've been using Firefox on all the public computers in our public library for years. I used to be able to protect the users from being harassed with pop-ups to update firefox (which the user cannot do anyway, because they're a guest user and don't have permission to install programs) by changing settings in about:config. Now that this doesn't work anymore, I am trying to use a policies.json file to prevent the update popup. This works fine if I am logged into Windows as a standard or elevated user, but when I run Firefox as a Guest user, the policies.json file is completely ignored. Is there some other folder where I need to put the file? Is there something else I can try like running Firefox Portable or some other trick? The update pop-up is now a constant annoyance for all the library's users and I'd like to make it go away.
Additional System Details
- Shockwave Flash 26.0 r0
- User Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:66.0) Gecko/20100101 Firefox/66.0
Firstly, it's not really an answer to your question, but have you considered using a Windows Group Policy instead of a policies.json file? Since your environment is likely all Windows-based computers, it's potentially a little easier to manage.
Otherwise, you need to make sure that you don't have the Firefox rules enabled in Windows Group Policy because those settings will override the policies.json file.
Also, depending on whether your computers access software remotely or each computer has the software installed locally, you may need to push the file to the Firefox installation directory on each system. It's common to use some kind of software distribution program to share a repackaged installer to the computers on the network.
If none of that helps, I have some followup questions for you. When you say "Guest" are you referring to the Windows Guest Accounts or guest as in each user? Also, if you go to
about:policies on the computers with issues in Firefox, do you see any policies listed as active?
Thanks for your response. Hopefully I can clarify a little and address your followups. On a given library computer, which has the specified policies.json file in the Firefox installation directory: If I'm logged into windows as a standard user (Library staff member) and browse to about:policies, I see all the policies I've set in the .json file as active, including DisableAppUpdate : true. If I'm logged into windows as an admin user (Library IT staff) and browse to about:policies, I also see all the policies I've set in the .json file as active. All good so far. BUT, If I'm logged into windows as a Guest (which is how all the members of the public using the library must log into windows) and I browse to about:policies, I see... nothing. In Options > General I no longer see the notification that "my organization has disabled the ability to change some options," and the Firefox Update settings are back on the (undesirable) default.
It strikes me that this must be a bug, as I can't see how it could have been intentional. It also suggests to me that making any custom installer that puts a customized policies.json file into the install directory won't make any difference in my use case, as I've already demonstrated that having the right .json file in the right place does not solve the problem. I guess I need to look into how I might try doing this with Windows Group Policy if I want the library to keep using Firefox, but the more work this turns out to be (compared to how simple it was in the past before Mozilla's recent decision to eliminate options I needed in about:config), the larger that 'if' becomes.
Can you confirm that nothing is listed on the about:policies#active page?
You can also check the Browser Console.
- "3-bar" menu button or Tools -> Web Developer
This might be far off, but is it possible that the Windows Guest account doesn't have read permission to the file?
Try right clicking the policies.json file and select Properties. Then select the Security tab and click the Edit button. Then Add and put Everyone in the names list. Click Check Names and save that. Then ensure that you give everyone Read & Execute and Read access. If that doesn't help, try adding Guest and giving the same permissions.
Hope this helps.
@Wesley - I thought the same thing, and manually granted read permissions to Guest on the policies.json file and the directory containing it (since of course I was Admin when I created them). On your advice I also added 'Everyone,' but still no luck.
@cor-el - I can indeed confirm, if I'm logged into Windows as a Guest and I launch Firefox, I see nothing at all on my about:policies page - even though other (non-guest) windows users can launch the same Firefox on the same machine and see the whole list of active policies set in the .json file. I do find an error in the Browser Console while I'm looking at the empty space where all my active policies should be, though. Not sure what it means, but it looks awfully relevant.
NS_ERROR_FAILURE: Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsIWindowsRegKey.open] EnterprisePolicies.js:434
Thanks again to you both for helping me crack this puzzle.
Hmm, inability to access the Windows Registry should not prevent reading the local file. Perhaps those need to be decoupled if there is currently a dependency.
Modified by jscher2000
It gets worse: I've now downloaded Firefox administrative templates and set the policies I want with Group Policy, and the Guest user still gets the annoying "Firefox cannot update" pop-up in the top right corner. I realize that Windows deserves the blame for the fact that the Guest account is broken as regards the registry and group policy, but it should not be this hard to find a working tool I can use to protect our library users from being spammed by pointless and obtrusive pop-ups. At least if it was an ad for imported Viagra there would be some chance the user could act on it, you know? Nagging for an update which the user can't even perform is behavior that belongs next to BonziBuddy in the UX Hall of Shame.
Sorry to rant. Thanks for your patient attempts to help me find a solution, and also thanks to anyone who tried advocating for FF 60+ to keep the old options in about:config - which worked perfectly in spite of the Guest account's weird exceptions, sparing me from ever having to think about this issue. I just can't fathom that Mozilla took them away, seemingly without any investigation into how that choice might affect libraries or school computer labs where people are using Guest logons.
This isn't really an answer to your question, but I believe you mentioned before that you were using about:config options that were removed. Are there any particular ones that you can think of? They probably just changed and we can probably find the option for you until you can fix the issue with the policies.