Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Locked Enterprise roots

  • 6 replies
  • 1 has this problem
  • 54 views
  • Last reply by cor-el

more options

I have "the Enterprise Roots preference" problem. I followed the solution and changed the "security.certerrors.mitm.auto_enable_enterprise_roots " toggle without a problem. However, when it came to the "security.enterprise_roots.enabled" line in config... I show a lock and I am unable to highlight that function. Thanks for the help!!

All Replies (6)

more options

Is it locked to true or false, what do you want it to be, and what problem(s) are you having?

Is your PC part of a managed network or is this your own computer?

more options

You can check the about:policies#active page to see whether policies are active (63+).

You can inspect the Mozilla and Firefox keys with the Windows Registry Editor in HKEY_LOCAL_MACHINE and in HKEY_CURRENT_USER with the Windows Registry Editor to see whether GPO policy rules are active.

  • HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Mozilla\Firefox\

Note that the mere presence of the "Mozilla\Firefox\" key is sufficient to make Firefox display this notification, so if you have the Firefox key then remove it and only leave the Mozilla key or remove this key as well if it is empty.

  • HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Mozilla\Firefox\ =>
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Mozilla\
more options

To jscher2000, It is my machine, {I use Avast - begrudgingly} I would prefer it to be false {and empty}. I am having some performance issues. Thanks

more options
more options

One way Avast might lock a preference is an Autoconfig file. Actually, it's a pair of files. This is a little difficult to describe because the file name can vary, but here is where you can check for it. In Windows File Explorer, check either (usually you only have one of these):

  • C:\Program Files\Mozilla Firefox\defaults\pref
  • C:\Program Files (x86)\Mozilla Firefox\defaults\pref

Normally, there is only one file in this folder, named channel-pref.js -- any other file here is suspicious and could be a mechanism to apply a preference lock.

By default, Windows hides the .js file extension. You can set Windows to show all file extensions to aid in precise identification and renaming: https://www.bleepingcomputer.com/tutorials/how-to-show-file-extensions-in-windows/

Anything unusual? Let's say you find an alien file name avast.js, you could move it out of the folder so that Firefox doesn't find it at the next startup. If you decide you want to empty out the file instead, make sure to right-click > Edit and not double-click (double clicking a .js file executes it as a system script which can be risky).

more options

I think that Avast usually will use GPO rules as that works globally without needing to modify the Firefox installation.

Did you already inspect the registry keys I posted above ?