X
Tap here to go to the mobile version of the site.

Support Forum

Setting up firefox via GPO

Posted

Team,

I deployed firefox a few years back with the localsettings.js file and the mozilla.cfg file. Below is the settings for the localsettings.js file. I inherited these settings. I used sccm to install firefox and then copy these 2 files to mozilla folder (mozilla.cfg) and prefs folder (localsettings.js)

pref("general.config.filename", "mozilla.cfg"); pref("general.config.obscure_value", 0);

Mozilla.cfg settings are below.

// WKS Mozilla Firefox Lockdown // Disable updater lockPref("app.update.enabled", false); // Make absolutely sure it is really off lockPref("app.update.auto", false); lockPref("app.update.mode", 0); lockPref("app.update.service.enabled", false); // Disable Add-ons compatibility checking clearPref("extensions.lastAppVersion"); // Don't show 'know your rights' on first run pref("browser.rights.3.shown", true); // Don't show WhatsNew on first run after every update pref("browser.startup.homepage_override.mstone","ignore"); // Don't show Windows 10 splash screen on first run pref("browser.usedOnWindows10", true); // Set default homepage lockPref("browser.startup.homepage","Test.com"); // Disable the internal PDF viewer lockPref("pdfjs.disabled", true); // Disable the flash to javascript converter lockPref("shumway.disabled", true); // Don't ask to install the Flash plugin pref("plugins.notifyMissingFlash", false); // Disable plugin checking lockPref("plugins.hide_infobar_for_outdated_plugin", true); clearPref("plugins.update.url"); // Disable health reporter lockPref("datareporting.healthreport.service.enabled", false); // Disable all data upload (Telemetry and FHR) lockPref("datareporting.policy.dataSubmissionEnabled", false); // Disable crash reporter lockPref("toolkit.crashreporter.enabled", false); Components.classes["@mozilla.org/toolkit/crash-reporter;1"].getService(Components.interfaces.nsICrashReporter).submitReports = false; // Disable default browser check lockPref("browser.shell.checkDefaultBrowser", false); // Delete history on exit // lockPref("browser.history_expire_days", 0); // lockPref("browser.history_expire_days.mirror", 0); // lockPref("browser.formfill.enable", false); // lockPref("browser.download.manager.retention", 0); // lockPref("network.cookie.cookieBehavior", 0); // lockPref("network.cookie.lifetimePolicy", 2); // Disable password manager // lockPref("signon.rememberSignons", false); // lockPref("pref.privacy.disable_button.view_passwords", true); // Disable themes // lockPref("config.lockdown.disable_themes", true); // Enable Java Plugin lockPref("security.enable_java", true); // Automatically enable extensions lockPref("extensions.autoDisableScopes", 0);

I got the request from security to enable auto updating with firefox. After working with the security team and determining that we need to deploy a GPO to enable auto updates. I setup the gpo and created a baselines in sccm to delete those 2 files. For some reason lots of the ff clients are not updating also when i check to see if auto updates are enabled on my machine i see i can go into the options and disable the updates.

What am i missing should i be deleting another files in mozilla. Also, blogs, articles or suggestions are welcome. thanks,

Team, I deployed firefox a few years back with the localsettings.js file and the mozilla.cfg file. Below is the settings for the localsettings.js file. I inherited these settings. I used sccm to install firefox and then copy these 2 files to mozilla folder (mozilla.cfg) and prefs folder (localsettings.js) pref("general.config.filename", "mozilla.cfg"); pref("general.config.obscure_value", 0); Mozilla.cfg settings are below. // WKS Mozilla Firefox Lockdown // Disable updater lockPref("app.update.enabled", false); // Make absolutely sure it is really off lockPref("app.update.auto", false); lockPref("app.update.mode", 0); lockPref("app.update.service.enabled", false); // Disable Add-ons compatibility checking clearPref("extensions.lastAppVersion"); // Don't show 'know your rights' on first run pref("browser.rights.3.shown", true); // Don't show WhatsNew on first run after every update pref("browser.startup.homepage_override.mstone","ignore"); // Don't show Windows 10 splash screen on first run pref("browser.usedOnWindows10", true); // Set default homepage lockPref("browser.startup.homepage","Test.com"); // Disable the internal PDF viewer lockPref("pdfjs.disabled", true); // Disable the flash to javascript converter lockPref("shumway.disabled", true); // Don't ask to install the Flash plugin pref("plugins.notifyMissingFlash", false); // Disable plugin checking lockPref("plugins.hide_infobar_for_outdated_plugin", true); clearPref("plugins.update.url"); // Disable health reporter lockPref("datareporting.healthreport.service.enabled", false); // Disable all data upload (Telemetry and FHR) lockPref("datareporting.policy.dataSubmissionEnabled", false); // Disable crash reporter lockPref("toolkit.crashreporter.enabled", false); Components.classes["@mozilla.org/toolkit/crash-reporter;1"].getService(Components.interfaces.nsICrashReporter).submitReports = false; // Disable default browser check lockPref("browser.shell.checkDefaultBrowser", false); // Delete history on exit // lockPref("browser.history_expire_days", 0); // lockPref("browser.history_expire_days.mirror", 0); // lockPref("browser.formfill.enable", false); // lockPref("browser.download.manager.retention", 0); // lockPref("network.cookie.cookieBehavior", 0); // lockPref("network.cookie.lifetimePolicy", 2); // Disable password manager // lockPref("signon.rememberSignons", false); // lockPref("pref.privacy.disable_button.view_passwords", true); // Disable themes // lockPref("config.lockdown.disable_themes", true); // Enable Java Plugin lockPref("security.enable_java", true); // Automatically enable extensions lockPref("extensions.autoDisableScopes", 0); I got the request from security to enable auto updating with firefox. After working with the security team and determining that we need to deploy a GPO to enable auto updates. I setup the gpo and created a baselines in sccm to delete those 2 files. For some reason lots of the ff clients are not updating also when i check to see if auto updates are enabled on my machine i see i can go into the options and disable the updates. What am i missing should i be deleting another files in mozilla. Also, blogs, articles or suggestions are welcome. thanks,

Chosen solution

We have added the ability to flip app.update.auto in Firefox 68 and Firefox 68 ESR. So you can lock this to true.

Read this answer in context 0
Quote

Additional System Details

Application

  • User Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:60.0) Gecko/20100101 Firefox/60.0

More Information

Wesley Branton
  • Top 10 Contributor
582 solutions 4953 answers

GPO does not have the option to enable updates. It only gives you the option to block them or serve them from your own URL.

The force the updates to be enabled, you'd have to use an AutoConfig file like you were using previously.

GPO does not have the option to enable updates. It only gives you the option to block them or serve them from your own URL. The force the updates to be enabled, you'd have to [[Customizing Firefox Using AutoConfig|use an AutoConfig file]] like you were using previously.
Was this helpful to you?
Quote
cor-el
  • Top 10 Contributor
  • Moderator
17424 solutions 157436 answers

Note that current Firefox release only support "app.update.auto", so you can comment out the others.

  • lockPref("app.update.auto", false);
Note that current Firefox release only support "app.update.auto", so you can comment out the others. *lockPref("app.update.auto", false);
Was this helpful to you?
Quote
Mike Kaply
  • Moderator
37 solutions 189 answers

Chosen Solution

We have added the ability to flip app.update.auto in Firefox 68 and Firefox 68 ESR. So you can lock this to true.

We have added the ability to flip app.update.auto in Firefox 68 and Firefox 68 ESR. So you can lock this to true.
Was this helpful to you?
Quote
Ask a question

You must log in to your account to reply to posts. Please start a new question, if you do not have an account yet.