Firefox for Enterprise Support Forum

Dear community,

we are an international Non-for profit organization with mostly small offices of about 2-10 staff on 3 continents. The majority of those offices does not have IT staff/knowledge, and infrastructure is often sketchy. We use mostly Windows, but have some offices with Linux. We currently use local users, and after an initial configuration of e.g. Firefox/Thunderbird, we don't have any way to intervene automatically.

So we are looking for an efficient way to control software configurations after deployment without the need for manual intervention. The scope would initially not be a lot, mostly installing/uninstalling addons. E.g. if a malicious addon is found, we want to have a way to uninstall it on all devices. Right now, we have to ask all staff to do this, and evidently this doesn't work out all the time.

Firefox and Thunderbird are 2 key programs installed on all devices, although evidently we use other software as well. I think that with TB78 the policies.json implementation might not be yet finished completely, but for now, Firefox would be more critical (also some staff tend to install addons we do not want on the device).

As far as I know, when it comes ways how to centrally manage Firefox/Thunderbird without a domain controller/GPO, there are some options:

1) Azure AD: Identity management, and maybe also ways to configure Thunderbird/Firefox (although Azure AD does not seem to have GPO, but maybe scripts could be executed at the endpoint?). Won't work for Linux I guess. Also Azure could be based in a US datacenter, and as an European NGO we have much less data protection for US-based data.

2) third party management tool (e.g. like Teamviewer remote management, or chocolately) which allows remote execution of scripts. We could update the policies.json file in the firefox profile via a chocolately/Teamviewer script to uninstall/install addons, etc. Not sure if chocolately works on Linux.

3) GPOs with Domain Controller after all via a pre-auth VPN. Won't work for Linux I guess, but maybe script to deploy policies.json. Also there would be yet another thing to potentially fail (VPN connection), and we would need 2 different deployment methods (GPO for Windows, scripts for Linux).

4) write an Firefox/Thunderbird addon which simply downloads a policies.json file from a central location, and places it in the users FF/TB profile folder. upon restart of FF/TB it should deploy the changes based on the new policies.json file. A bit cumbersome, and doesn't cover other software.

5) a simple bat/sh script which is executed upon start.

To me, it seems a third party tool (teamviewer, chocolately) seems the best option, as it could cover FF/TB, but also other software which is installed.

Before we proceed I would like to know of experiences, and best practices: could anybody provide some information how this was achieved?

kind regards,

Hello, I use on 90 computers Mozilla Firefox, v.89. In need to stop update and update notifications. I understand the benefits of an updated version, but I need to keep a version without updates, for a time. Update notifications confuse PC operators working on stations with limited users. Thank you.

Hello,

We're using firefox esr on windows 10 for long time in our high school. The users firefox profile are redirected to their map home directory on a samba share.

Everything was working as expected.

Since we deploy ESR 78 our user are randomly unable to access their gmail account. Only after we delete google cookies they can access it again. Appart from gmail access everything else works.

I am suspecting a network issue and I've tried some tweak on my samba server. But no success so far.

Has anybody seen this problem? Is it supposed to be ok to keep user profile on a samba share?

Any clue would be appreciate.

Thank you

Hi I need to know how to deploy firefox via intune. LOB or windows app(win32) is the best way to deploy firefox? Once we deploy this,how we can enable auto update of firefox? Is there an option to enable auto update of firefox in all windows devices where the firefox is installed by the users manually from internet sites(different versions) not from intune. Waiting for the response. Thank you

Good day, I think that I have researched everything in this case but couldn't find answer. Is there possibility to set the three specify preferences using GPO instead of cfg file? - security.enterprise.roots - network.http.spdy.enforce-tls-profile - security.tls.insecure.fallback.hosts

Appreciated any helps. Robert

I have created GPOs to block websites. Edge and Chrome work as expected but the Firefox Block Websites is not blocking anything. I have tried User and Computer GPO's they do not work. Does anyone know the trick to making this work for Firefox?

Hello @all,

we deployed Firefox ESR in a corporate environment, managing settings via GPOs. When users open Firefox a message box / banner appears: "Firefox can't update to the latest version"

This is what we have: Firefox 78.6.1 ESR No Background Update Service Updates Disabled via GPO Checking FF Options: "Updates disabled by your system administrator" Checking FF "about:policies#active" => Updates Disabled

BUT STILL: Open Firefox - message box appears "Firefox can't update to the latest version".

I do know that we are not on the latest version but first I need to get rid of this message for each user. I cannot thiink of why this is happening at all because updates are disabled and Firefox confirms this, too.

What am I missing here?

We are taking advantage of the Mozilla.cfg and PrefLock and that works great! Now I am looking for a way to lock down the Applications set in Firefox and I don't seem to be having any luck doing so.

Goal is to lock down the Applications section In Firefox under "General" (See the screenshot). Its currently set to a few default applications we use. These settings seem to change at random depending on user actions, or after browser updates. Is there any way to lock them in place once the settings are set? Would like the settings to stick and we don't want users to have do to anything. Example: If Adobe is set for PDF's, I just want it to always open in Adobe. Maybe grey out the section or something so it cannot be changed if possible.

Thanks!

I have been trying to automate setting a homepage for my users. I have tried a number of ways including a script I found but changing the prefs.js on my account doesn't seem to affect Firefox at all. I can append "browser.startup.homepage" in the view:config if I open Firefox locally and that seems to change the homepage as intended but putting it into a script doesn't seem to do anything unfortunately.

I have also tried what's recommended in this guide however that did not help either.

https://smallbusiness.chron.com/change-default-homepage-users-54727.html

Is there a way to do this through regedit or group policy? Preferably a way that still allows the users to change the homepage if they like.

Background information: since version 87 of firefox, I have been having problems viewing pdfs online. All the suggestions from people provided on the post, placed in another part of thecommunity, didn't work for me. I decided to remove my installation of Firefox and install a new uptodate version. I decided on this after I had installed Brave as an alternate browser and changed it to the default browser in my frustration. Now: I was unaware that I had downloaded the enterprise version. When I got to the settings, next to "make Firefox your default browser" there was a statement in red saying "your browser is being managed by your organization". Clicking the link brings up a policy screen which says "don't check default browser" with a value of true and no way - as far as i can see of changing the value. And it is also unchangeable in Brave. I hope someone has an answer for me. The one good thing about the current situation is that I can read pdfs in the browser. Is there an emoji for headache?

I am trying to package an add-on that I created with a custom installer for firefox nightly, but the add-on is not being automatically installed with the browser.

I followed the instructions at https://support.mozilla.org/en-US/kb/repackaging-windows-installer and at https://support.mozilla.org/en-US/kb/deploying-firefox-with-extensions, but to no avail.

Any help would be greatly appreciated.

I am trying to use a policies.json file to include a certificate for my own website using a certificate stored online, but not locally. Would it be possible to do so using code similar to below: {

   "policies": {
   "Certificates": {
       "ImportEnterpriseRoots": true,
       "Install" [
           "cert_name",
           "http://www.xxxxxxxx.com/xxxxx/xxxxx.der"
                  ]
            }
       }
   }

Any help would be greatly appreciated.

I am in an enterprise environment with over 500 machines, and we are looking for a way to import users Bookmarks from IE to Firefox silently and behind the scenes without requiring user interaction.

Due to security restrictions 3rd party software is not a possibility. Most users have already been using Firefox. We do not want to delete their existing bookmarks in Firefox

Does Firefox have, or plan on having, their browser updates available via SCCM Automatic Deployment Rules library? There are some non-Microsoft software vendors now allowing their software to be included in the SCCM Automatic Deployment Rules library for more efficient upgrade and distribution.

Good Morning,

In my organization some years ago I pushed to have Firefox as our default browser and finally was accepted. It has been very good as we have over 10K employees using it. However this last week there has been a new release that forces you to create a new profile, one that is achieved all of you original settings and data are gone. We are a health care organization and cannot have this. I sent the fix (about:profiles) to our triage support department. However once the old profile is chosen and made the default. It will revert back to the new one each time you restart or the next day. I need a permanent fix, is there a way to update the old profile to the new version of Firefox? Shouldnt it stay the default once you make it so? I am getting inundated with calls over this, please send the fix asap.

Good Morning, In my organization some years ago I pushed to have Firefox as our default browser and finally was accepted. It has been very good as we have over 10K employees using it. However this last week there has been a new release that forces you to create a new profile, one that is achieved all of you original settings and data are gone. We are a health care organization and cannot have this. I sent the fix (about:profiles) to our triage support department. However once the old profile is chosen and made the default. It will revert back to the new one each time you restart or the next day. I need a permanent fix, is there a way to update the old profile to the new version of Firefox? Shouldnt it stay the default once you make it so? I am getting inundated with calls over this, please send the fix asap.

AliceWyman • Top 25 Contributor • Moderator

Today at 11:30 AM Just to be clear, you tried the about:profiles fix in the Recover user data missing after Firefox update article ... but it will revert back to a new profile at every restart? (YES) In any case, since you are using Firefox in an organizational environment I'll move this to the Enterprise forum. (WHERE IS THIS AND HOW DO I GET TO IT?)

AliceWyman • Top 25 Contributor • Moderator

Today at 11:47 AM P.S. See also https://support.mozilla.org/en-US/questions/1267878 New clear profile every time after Firefox update and Dedicated profiles per Firefox installation ... which refers to Downgrade protection and starting Firefox with the --allow-downgrade command line option, when you have multiple versions of Firefox installed. (DID THIS)

NEED SOME REAL HELP HERE, NOT JUST LINKS TO STUFF I ALREADY TRIED. I APPRECIATE THE REPLY BUT SINCE YOU CLOSED THE TICKET AND MOVED IT, I CANNOT FIND IT NOR CAN I REPLY TO YOU. I HAD TO OPE A BRAND NEW TICKET.

Background: The environment is a Windows 10 based peer to peer network with one PC acting as file and print server. The printer is a Xerox WorkCentre, shared via UNC path to the clients, connecting via fixed IP address (not WSD).

OS: Microsoft Windows 10 Pro, 64-bit (build 19043) Mozilla: Mozilla Firefox ESR (x64 en-US) 78.12.0

• On this network the Xerox is defaulted to A4 paper and all PC's pull these settings from the print server.
• The local PC settings also show default paper size as A4.
• Most programs (Word, Outlook, Notepad, Print Test Page) respect these settings and so when printing, the print job prints as expected.
• Firefox will print non-PDF pages to A4 as expected.

* PDF files, when opened in Firefox, do not print without causing a paper sizing related error on the printer.

• In turns out the when querying the advanced settings, the Firefox PDF engine is defaulting to Letter paper.

So there are two issues as I see it:

1 - The Firefox PDF engine is not respecting the default paper size of the default printer. 2 - There is no way I can see to tell Firefox to use A4 paper.

As a side note none of the printers have a locally installed printer, I have no idea if this makes a difference.

My workaround has been to install Adobe Reader and set this as the default PDF reader both in Windows and Firefox.

Does anyone know how to set Firefox to A4 for it's PDF engine?

Since Firefox allows users to install to individual profiles, how do admins go about uninstalling it for all users silently and remotely? If all 1000 PCs have 50 users, all with Firefox installed to individual profiles, I can't imagine IT admins would have to find the appdata for each and every user and modify a script for each machine and every user. There must be a simpler way, right? An "Uninstall All" for Firefox?

Hello,

We use FireFox MSI file to push out to all my users that I have on my Azure Domain. But constantly I find myself having to download new MSI packages monthly in order for our users to keep there profile intact and to update there Firefox. If I do not do this, users profiles they have on their PC will be wiped cleaned and they will have to start over new and then manually update FireFox. Only to have there dreams crushed when Azure pushes out the older version of FireFox the next day when they attempt to sign-in and sync with the domain.

Is there a way to prevent this manual process from me of uploading new MSI files monthly in order for our users to use FireFox with no issue? Strong pain point for any of my users that prefer to use FireFox, but Google Chrome and Edge does not have this issue.

Dear Madam or Sir,

there seem to be new performance settings to be available since Firefox 91: https://support.mozilla.org/en-US/kb/performance-settings

While I have been able to "Use hardware acceleration when available" by using ...

{

 "policies": {
   "HardwareAcceleration": false
 }

}

... I could not find any setting to disable "Use recommended performance settings". Is there any possible way to disable this feature in dsitribution/policies.json ?

Thank you very much in advance!

Best regards

Victor