Showing questions tagged: Show all questions
  • Solved
  • Archived

ManagedBookmarks [JSON]

Hello, Firefox 102.6.0esr (x64) Firefox 108.2.0 (x64) after implementing the bookmarks (JSON) setting by GPO policy, it turns out that an entry for Bookmarks is created… (read more)

Hello,

Firefox 102.6.0esr (x64) Firefox 108.2.0 (x64)

after implementing the bookmarks (JSON) setting by GPO policy, it turns out that an entry for Bookmarks is created in the registry and not ManagedBookmarks, which causes bookmarks not to appear in the bookmarks bar. When I manually rename a registry entry from Bookmarks to ManagedBookmarks, the bookmarks appear properly. Please let me know if I'm doing something wrong or if there really is a problem reported by me.

Yours sincerely Bart

Asked by bartekbrzozka 1 year ago

Answered by Mike Kaply 1 year ago

  • Archived

Login Loop for embedded Stream Video

We have configured Windows Single Sign On to Microsoft 365 in Firefox 102.6.0esr (64-Bit). We have embedded a Video from the new Microsoft Stream on SharePoint Online in… (read more)

We have configured Windows Single Sign On to Microsoft 365 in Firefox 102.6.0esr (64-Bit).

We have embedded a Video from the new Microsoft Stream on SharePoint Online into a SharePoint 2019 onpremise Site via the provided iFrame. Here every user gets an endless Login Loop (see Screenshot).

If you open the deeplink to the video, Single Sign On works perfectly.

And this also works in Microsoft Edge, why the Microsoft support is not willing to analyse this issue further.

Do you have any ideas how to narrow down the problem?

Asked by Jens.Voigt 1 year ago

Last reply by Mike Kaply 1 year ago

  • Archived

Removing Firefox

We have put user and computer startup scripts to detect and delete firefox from our enterprise customers. Firefox cannot be kept SAFe through InfoSec. InfoSec and SAFe r… (read more)

We have put user and computer startup scripts to detect and delete firefox from our enterprise customers. Firefox cannot be kept SAFe through InfoSec.

InfoSec and SAFe require the business be in charge of security which is what our customers understand. They constantly find firefox out of date and vulnerable. We have tried over and over to use the firefox admx files to force background update both at the computer and user OUs but find that users can uncheck the box and it remains vulnerable and out of compliance. Edge and Chrome can be controlled by the business (not end user) through group policy and kept up to date and we never find either out of date by implementing our policies.

Firefox constantly tells end users how to check the boxes and no group policy can enforce them as we don't see the registry updated even though we even put a registry patch in, firefox is still in the control of the end user and not SAFe. If you don't know what I mean by SAFe, check this out.

https://www.scaledagileframework.com/devops/

Asked by bruce92 1 year ago

Last reply by Mike Kaply 1 year ago

  • Solved
  • Archived

Firefox 102.3.0 ESR, installs extension without permission

Hello, I am managing Firefox for a very large organization. We have several extension that we deploy using registry keys and we don't allow users to install additional a… (read more)

Hello,

I am managing Firefox for a very large organization. We have several extension that we deploy using registry keys and we don't allow users to install additional addons. However, since version 102.3 I noticed some extensions that are present on the machine as .xpi files, but should not install unless a specific application is also present, are also being activated. They are enabled in the add-on manager, the information is present in the "extensions.json" and "extension-preferences.json" files. This should not happen. Is there any way to prevent the activation of these files?

Thank you!

Asked by antoniu-laurentiu.imbrea 1 year ago

Answered by antoniu-laurentiu.imbrea 1 year ago

  • Archived

Firefox won't uninstall automatically via GPO

Hello, We have set up a GPO in our Active Directory environment for the install of Firefox which works great, however since at least version 90, we have had an issue whe… (read more)

Hello,

We have set up a GPO in our Active Directory environment for the install of Firefox which works great, however since at least version 90, we have had an issue where Firefox won't uninstall automatically when removing the computer object from the security group associated with the GPO. The box is ticked to "uninstall this application when it falls out of scope of management", which works for every other GPO we have created. The computer removes the assignment of the application, but does not then remove the application as it should.

Are you aware of this issue?

Thanks.

Asked by smc98 1 year ago

Last reply by Mike Kaply 1 year ago

  • Solved
  • Archived

Windows GPO Help with JSON configs

Environment: Windows 10 22h2 clients, latest ESR build, Domain servers Windows 2016 or better. So I followed the guide https://github.com/mozilla/policy-templates/blob/m… (read more)

Environment: Windows 10 22h2 clients, latest ESR build, Domain servers Windows 2016 or better.

So I followed the guide https://github.com/mozilla/policy-templates/blob/master/README.md#extensionsettings and tried to set up the config. We are using the latest ESR build but after the settings is applied I still dont have working extensions.

Here is the code

{
     "*": {
           "blocked_install_message": "Addon or Extension is not approved. Please submit a ticket to Help Desk if you need access to this extension.",
           "install_sources": ["https://addons.mozilla.org/"],
           "installation_mode": "blocked"
     },
     "{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}": {
           "installation_mode": "allowed",
           "install_url": "https://addons.mozilla.org/firefox/downloads/latest/adblock-plus/latest.xpi"
           },
     "ciscowebexstart1@cisco.com": {
           "installation_mode": "allowed",
           "install_url": "https://addons.mozilla.org/firefox/downloads/latest/cisco-webex-extension/latest.xpi"
     },
     "{d0210f13-a970-4f1e-8322-0f76ec80adde}": {
           "installation_mode": "allowed",
           "install_url": "https://addons.mozilla.org/firefox/downloads/latest/instapaper-official/latest.xpi"
           },
     "appstore-mini@feedly.com": {
           "installation_mode": "allowed",
           "install_url": "https://addons.mozilla.org/firefox/downloads/latest/feedly_mini/latest.xpi"
           },
     "extension@one-tab.com": {
           "installation_mode": "allowed",
           "install_url": "https://addons.mozilla.org/firefox/downloads/latest/onetab/latest.xpi"
           },
     "support@lastpass.com": {
           "installation_mode": "allowed",
           "install_url": "https://addons.mozilla.org/firefox/downloads/latest/lastpass-password-manager/latest.xpi"
           },
     "sweb2pdfextension.4@kofax.com": {
           "installation_mode": "allowed",
           "install_url": "https://addons.mozilla.org/firefox/downloads/latest/kofax-pdf-create-4-0/latest.xpi"
           },
     "Aternity-WebExt-12.1.4@aternity.com": {
           "installation_mode": "allowed",
           },
     "its_addons_wrap@onelog.com": {
           "installation_mode": "allowed",
           "install_url": "https://extensions.onelog.com/extension/onelog.xpi"
     }

}

I have placed the settings in HKCU but also tried in HKLM and there has been no difference. in each case I get Unable to parse JSON for Extensionsettings when checking the about:policies section and when I look at the registry I see the REG_MULTI_SZ value but when i click on it to read it I get another error message. Cannot edit ExtensionSettings: Error reading the values contents.

I tried re-entering the code and tried not listing the install URLs and even tried only listing 1 item. I haven't been able to get past this error so any help would be greatly appreciated.

Asked by daniel.david.white 1 year ago

Answered by Mike Kaply 1 year ago

  • Archived

GitHub Registry List

on GitHub the commands are all based on Java https://github.com/mozilla/policy-templates#preferences Is there a list of all available registry settings? Or where do thes… (read more)

on GitHub the commands are all based on Java https://github.com/mozilla/policy-templates#preferences

Is there a list of all available registry settings? Or where do these Java options come from, where can I read them out?

Asked by edv40038 1 year ago

Last reply by Mike Kaply 1 year ago

  • Archived

Group Policy define exceptions for cookies and site data

In our organization, we enforce through group policy to clear cookies and site data each time the browser is closed. I see there's an exception list to define certain sit… (read more)

In our organization, we enforce through group policy to clear cookies and site data each time the browser is closed. I see there's an exception list to define certain sites that it will not clear cookies or site data. Where in group policy can this exception be set.

This option can be seen (allow) from the article here under Block cookies and site data for more than one website > Step 3 https://support.mozilla.org/en-US/kb/block-websites-storing-cookies-site-data-firefox

Thanks,

Asked by Robert.Fitzgerald 1 year ago

Last reply by Mike Kaply 1 year ago

  • Archived

SIlent Push of SSL Certificate

I work for the local County and we recently got a new content provider that allows for SSL Inspection (Barracuda 410) but it requires a certificate to be installed on eve… (read more)

I work for the local County and we recently got a new content provider that allows for SSL Inspection (Barracuda 410) but it requires a certificate to be installed on every device to work. I am aware of Edge having a way to create a custom installer that would allow us to preinstall the proper certificate, but was wondering if Firefox had the same thing. I am also needing to know that if we push out the version of Firefox with the certificate preinstalled, would it auto import our user's data from their current install of standard Firefox?

Asked by jkemmerer 1 year ago

Last reply by Mike Kaply 1 year ago

  • Solved
  • Archived

How to disable QUIC http3 in Firefow either by Windows Registry editor o by AMDX template

Hello I am looking for a way to disable the QUIC protocol in Firefox by GPO. I got your latest AMDX templates but I don't see the option to modify network.http.http3.ena… (read more)

Hello

I am looking for a way to disable the QUIC protocol in Firefox by GPO. I got your latest AMDX templates but I don't see the option to modify network.http.http3.enabled.

Either an AMDX template with this option or a Registry will do the trick

Thanks

Asked by rmirandacr 1 year ago

Answered by rmirandacr 1 year ago

  • Archived

Rapid-release updates sometimes require Admin

We have Firefox rapid-release (not ESR) deployed on Windows 10 across our Enterprise where users do not have local Administrator privileges. Occasionally the rapid-relea… (read more)

We have Firefox rapid-release (not ESR) deployed on Windows 10 across our Enterprise where users do not have local Administrator privileges.

Occasionally the rapid-release updates fail to be installed, with the updater requiring Admin privileges to execute. For example, today a user's Firefox 111.0.1 was asking for elevate to update to 112.0.

The IT team user accounts also are non-admin, but we have not run into this, and judging from the lack of support tickets on this I would say most of our users are not running into this either.

Does anyone have any suggestions on how to avoid this, or troubleshoot further?

Asked by Damon 1 year ago

Last reply by Damon 1 year ago

  • Solved
  • Archived

network.negotiate-auth content changes are deleted after restart mozilla

in our organisation i need several domainnames to be added in network.negotiate-auth.delegation-uris and network.negotiate-auth.trusted-uris, so that sso for some webappl… (read more)

in our organisation i need several domainnames to be added in network.negotiate-auth.delegation-uris and network.negotiate-auth.trusted-uris, so that sso for some webapplications is working. some are allready in the list. when i make changes to the list, everything is working ok, but when i clos all mozilla windows and restart mozilla, the changes are gone.

Asked by bonami 1 year ago

Answered by bonami 1 year ago

  • Archived

Wild Card URL & "Allowed URL" ADMX not working properly

Hi there, we trying to restrict internet access that used Mozilla Firefox on client computers through Microsoft Intune. We have already configured policy by uploading A… (read more)

Hi there,

we trying to restrict internet access that used Mozilla Firefox on client computers through Microsoft Intune.

We have already configured policy by uploading ADMX template & Custom OMA-URI as described in https://github.com/mozilla/policy-templates/blob/master/README.md 

We are trying to add custom allowed web sites to "WebsiteFilter" OMA-URI ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/B_WebsiteFilter_Exceptions. added web sites are not allowed. my question is what is the best way to enter URLs (I mean format) to allow list & how I can used wild card to allow all the web sites of one specific domain. eg:- microsoft

Asked by fmudiyanse 1 year ago

Last reply by Mike Kaply 1 year ago

  • Archived

Group Policy Block Extensions

Hello. I have trying to test a GPO this week that will lock down the use of extensions. In summary we are shifting to a complete "deny all/allow by exception format". As… (read more)

Hello. I have trying to test a GPO this week that will lock down the use of extensions. In summary we are shifting to a complete "deny all/allow by exception format".

As a reference I have been using the below article as my source on how to set this up. https://github.com/mozilla/policy-templates#extensionsettings

After reading through the article the base example they have works flawlessly. I have put this base example below.


{

 "*": {
   "blocked_install_message": "Custom error message.",
   "install_sources": ["https://yourwebsite.com/*"],
   "installation_mode": "blocked",
   "allowed_types": ["extension"]
 },
 "uBlock0@raymondhill.net": {
   "installation_mode": "force_installed",
   "install_url": "https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi"
 },
 "https-everywhere@eff.org": {
   "installation_mode": "allowed"
 }

}


The minute I try to change it though the whole thing breaks. For context, I have tried adding 1 password as a forced installed add in, and also try placing it below under allowed. See my example below of the one where I am putting it is allowed. Any idea of what I am doing wrong?


{

 "*": {
   "blocked_install_message": "Custom error message.",
   "install_sources": ["https://yourwebsite.com/*"],
   "installation_mode": "blocked",
   "allowed_types": ["extension"]
 },
 "uBlock0@raymondhill.net": {
   "installation_mode": "force_installed",
   "install_url": "https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi"
 },
 "*": {
   "installation_mode": "force_installed",
   "install_url": "https://addons.mozilla.org/firefox/downloads/latest/1password-x-password-manager/latest.xpi"
 }

}

Asked by bortkyle199410 1 year ago

Last reply by Mike Kaply 1 year ago

  • Archived

Firefox clearkey addon crash when Applocker is in use drm content does not work.

We have Firefox-ESR in use and we are using Applocker. When we enable applocker dll Rule policys and start https://shaka-player-demo.appspot.com page clearkey addon cra… (read more)

We have Firefox-ESR in use and we are using Applocker.

When we enable applocker dll Rule policys and start https://shaka-player-demo.appspot.com page clearkey addon crashes.

We have allowed widevinedrm.dll in applocker rule policys, and we have used Process Monitor to track which dll file / files are being "locked" but we cant seem to pinpoint it.

Where does Firefox-ESR run DRM content and which dll files are needed to run ?

What we know that it is caused by applocker DLL rule policys, when disabling it clearkey addon does not crash and drm content can be played.

Also Applocker eventlogs does not show anything related to this.

br Ben

Asked by chef 1 year ago

Last reply by Mike Kaply 1 year ago

  • Archived

Intune Bookmarks

Been managing bookmarks for users through Intune, but for some reason on my HP Elitebook 840 I keep getting an error "Unable to parse JSON for ManagedBookmarks" I haven't… (read more)

Been managing bookmarks for users through Intune, but for some reason on my HP Elitebook 840 I keep getting an error "Unable to parse JSON for ManagedBookmarks" I haven't changed anything to the bookmarks before swapping to the HP laptop from a Dell 5410. I have double-checked GitHub for the proper string for bookmarks and everything looks to be correct as well as submitting a support case with Microsoft who checked it and say it is something on Firefox's side that needs fixing.

I am also constantly getting this unknown extension setting. Not sure why I have this or where I can remove it.

ExtensionSettings {"firefoxhpsureclicksecurebrowsing@bromium.com":{"installation_mode":"blocked"},"firefoxhpwolfsecurityextension@bromium.com":{"installation_mode":"blocked"}}

Asked by aclawson 1 year ago

Last reply by Mike Kaply 1 year ago

  • Archived

Understanding How Extension Install Policy Interacts with Enterprise Installed Add Ons

I work in an enterprise environment. We have certain requirements that we must maintain for our system to maintain accreditation. One of these requirements is to prevent … (read more)

I work in an enterprise environment. We have certain requirements that we must maintain for our system to maintain accreditation. One of these requirements is to prevent the installation of add-ons using the policies.json file.

We are also trying to develop an extension that adds banners to each page the user interacts with. I understand this can be loaded using the process [https://support.mozilla.org/en-US/kb/deploying-firefox-with-extensions|he...] and does not have to be signed following this [https://support.mozilla.org/en-US/kb/install-system-add-ons-firefox-enter...] .

My question is, before embarking on the journey to create this web extension, can it still be installed following the enterprise process, despite being denied by default by the policies.json? Or is there a way to allow for the extension to be installed by changing the policy?

Asked by chriscross673 1 year ago

Last reply by jscher2000 - Support Volunteer 1 year ago

  • Solved
  • Archived

GPO Settings for AutoFill Address and Credit Cards

We downloaded the GPO Templates for AD and looking to customize Firefox. We would like to disable Forms and Autofill: Autofill addresses Autofill credit cards Also wou… (read more)

We downloaded the GPO Templates for AD and looking to customize Firefox.

We would like to disable Forms and Autofill: Autofill addresses Autofill credit cards

Also would like to lock down so they can't reenable if possible.

We would like to do this all through GPOs if possible. I found these in the about:config: extensions.formautofill.addresses.enabled extensions.formautofill.creditCards.enabled

But again want to do through the GPO. Is this possible?

Side note while working on GPOs, I set Exceptions for the popup blocker and they are not showing up in the browser. I also filled out to remove Search Engines but they all still appear in the browsers. These two GPO settings don't appear to be working.

Asked by Joshua_Calais 11 months ago

Answered by Mike Kaply 11 months ago

  • Archived

Firefox Bookmarks GPO Using JSON

I am using the most recent Firefox ADMX templates and I am unable to get bookmarks to show up using JSON. I have verified that the GPO is applied, and there is a registry… (read more)

I am using the most recent Firefox ADMX templates and I am unable to get bookmarks to show up using JSON. I have verified that the GPO is applied, and there is a registry key being created under the user's profile, however it is not the right registry key.

The key it is creating: SOFTWARE\Policies\Mozilla\Firefox\Bookmarks Type: Reg_Multi-SZ


If I rename this registry key from Bookmarks to ManagedBookmarks, the bookmarks show up and work as intended.

I do not see "ManagedBookmarks" in the GPO anywhere. If I am not setting "ManagedBookmarks" in the correct location then please show me where I am supposed to set them. I am tempted to just modify the ADMX template and have it create the registry key "ManagedBookmarks" instead of "Bookmarks" as that seems to work, but I can't imagine this is how the devs wanted this.

Asked by tmgordon 11 months ago

Last reply by Mike Kaply 11 months ago