Windows 10 will reach EOS (end of support) on October 14, 2025. For more information, see this article.

Avatar for Username

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

This thread was archived. Please ask a new question if you need help.

Group Policy Block Extensions

  • 1 reply
  • 0 have this problem
  • 34 views
  • Last reply by Mike Kaply

bortkyle199410
bortkyle199410
more options

Hello. I have trying to test a GPO this week that will lock down the use of extensions. In summary we are shifting to a complete "deny all/allow by exception format".

As a reference I have been using the below article as my source on how to set this up. https://github.com/mozilla/policy-templates#extensionsettings

After reading through the article the base example they have works flawlessly. I have put this base example below.


{ 

 "*": {
   "blocked_install_message": "Custom error message.",
   "install_sources": ["https://yourwebsite.com/*"],
   "installation_mode": "blocked",
   "allowed_types": ["extension"]
 },
 "uBlock0@raymondhill.net": {
   "installation_mode": "force_installed",
   "install_url": "https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi"
 },
 "https-everywhere@eff.org": {
   "installation_mode": "allowed"
 }

}


The minute I try to change it though the whole thing breaks. For context, I have tried adding 1 password as a forced installed add in, and also try placing it below under allowed. See my example below of the one where I am putting it is allowed. Any idea of what I am doing wrong?


{ 

 "*": {
   "blocked_install_message": "Custom error message.",
   "install_sources": ["https://yourwebsite.com/*"],
   "installation_mode": "blocked",
   "allowed_types": ["extension"]
 },
 "uBlock0@raymondhill.net": {
   "installation_mode": "force_installed",
   "install_url": "https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi"
 },
 "*": {
   "installation_mode": "force_installed",
   "install_url": "https://addons.mozilla.org/firefox/downloads/latest/1password-x-password-manager/latest.xpi"
 }

}

Hello. I have trying to test a GPO this week that will lock down the use of extensions. In summary we are shifting to a complete "deny all/allow by exception format". As a reference I have been using the below article as my source on how to set this up. https://github.com/mozilla/policy-templates#extensionsettings After reading through the article the base example they have works flawlessly. I have put this base example below. { "*": { "blocked_install_message": "Custom error message.", "install_sources": ["https://yourwebsite.com/*"], "installation_mode": "blocked", "allowed_types": ["extension"] }, "uBlock0@raymondhill.net": { "installation_mode": "force_installed", "install_url": "https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi" }, "https-everywhere@eff.org": { "installation_mode": "allowed" } } The minute I try to change it though the whole thing breaks. For context, I have tried adding 1 password as a forced installed add in, and also try placing it below under allowed. See my example below of the one where I am putting it is allowed. Any idea of what I am doing wrong? { "*": { "blocked_install_message": "Custom error message.", "install_sources": ["https://yourwebsite.com/*"], "installation_mode": "blocked", "allowed_types": ["extension"] }, "uBlock0@raymondhill.net": { "installation_mode": "force_installed", "install_url": "https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi" }, "*": { "installation_mode": "force_installed", "install_url": "https://addons.mozilla.org/firefox/downloads/latest/1password-x-password-manager/latest.xpi" } }

All Replies (1)

Mike Kaply
Mike Kaply
  • Moderator
Mozilla Staff
more options

You have two instances of "*". For the second instance, you need to know the ID of that addon.

It's {d634138d-c276-4fc8-924b-40a0ea21d284}

I was able to get that using an addon I built to query IDs:

https://github.com/mkaply/queryamoid/releases

In your "*" section, you can remove install_sources and allowed_types.

install_sources is only needed if you want to allow extensions from another locations. and allowed_types is only needed if you aren't blocking addons and want to allow other things.