Firefox for Enterprise Support Forum

Hi Dear support mozila Firefox IT team,

I need to find out if there is an option on the user's computer in the local network, how to connect to the bypass list of the Firefox browser with a hidden version. Which aims to adjust, add and modify without bothering the user to quickly organize the work. If there is an option, please send me a guide.

Hello,

I have a plug-in installed on multiple machines using group policy. The installation source is a link to <my_add_on.xpi>. My question is regarding the updates approach. If I replace the source file with an updated version, but keeping the name/link the same. Will Firefox automatically update the plug-in? Only found brief docs here: https://github.com/mozilla/policy-templates/blob/master/README.md#extensionsettings """

If you need to update the extension, you can change the name of the extension and it will be automatically updated. Extensions installed from file URLs will additional be updated when their internal version changes.

""" I don't point to a local file, but rather a URL. Does that make a difference. Or I'll have to provide the updates.json in the plug-in manifest that points to the latest version?

Thank you.

Hello, I am trying to manage extensions in my organization. What would be the best way to block all extensions by default and allow only certain specific extensions?

I am following the Mac OS Extension Settings Policy and adding this to a configuration profile, but I am not sure how to manipulate it to suit my needs.

What would be the best way to go about this, and what would the plist file look like?

Thanks!

Hi All,

I am trying to block the Last Pass extension in Firefox using Intune, and the ADMX configuration setting is not working on the endpoint. I've used the templates found here

https://github.com/mozilla/policy-templates/releases / Target Extension "support@lastpass.com"

And have tried using the imported admx template as well as a single line OMA-URI.

I've worked with Microsoft, and they see the correct settings on the device as pushed out via Intune, so they said it is not on their end. Any ideas why blocking named browser extenstions is not working? I've configured a few other settings with Intune/ADMX templates and they work.

Thanks! -Doug

Hello,

I am trying to create a management policy for extensions where all themes are allowed, some extensions are force installed, other specified ones are allowed, and anything else is blocked. I have been scouring the web looking for samples and I just can't get it to work as intended. Here is a sample of what I have written.

{ "*": { "blocked_install_message": "IT has blocked the installation of UNAPPROVED add-ons. Please contact the IT Service Desk to request approval.", "install_sources": "https://addons.mozilla.org/*", "allowed_types": ["theme","extension"] }, "plugin@okta.com": { "installation_mode": "force_installed", "install_url": "https://addons.mozilla.org/firefox/downloads/file/3601147/okta_browser_plugin.xpi" }, "support@lastpass.com": { "installation_mode": "force_installed", "install_url": "https://addons.mozilla.org/firefox/downloads/latest/lastpass-password-manager/latest.xpi" }, "developer@zoom.us": { "installation_mode": "allowed", "install_url": "https://addons.mozilla.org/firefox/downloads/file/4212428/zoom_new_scheduler-2.1.52.xpi" }, "info@katalon.com": { "installation_mode": "allowed", "install_url": "https://addons.mozilla.org/firefox/downloads/file/3826743/katalon_automation_record-5.5.3.xpi" } }

In this current state, I am allowed to install themes, I get the forced installs, but I can install ANY extension. I don't want that.

If I modify the blocking section with [ "installation_mode": "blocked", ], then I only get the force installed plugins and I can't do anything else. It even removes any previously installed themes or plugins not explicitly forced in. The allowed plugins can't be installed either.

I have also tried it without the "extensions" allowed_type but the result did not change. To recap, I need to block any extensions not explicitly pushed or allowed. Would anyone be able to assist and point out what I may be missing please?

~Regards

Hello, I want to increase my productivity and add Unhook: Remove YouTube Recommended Videos Comments It hides comments and suggested videos from YouTube, or more videos, but unfortunately I can delete or deactivate it easily. I want to prevent it permanently, and also add Cold Turkey Blocker I want to prevent myself and any user from deleting it, and then I will block access to the local group policy editor using Cold Turkey Blocker And when I do this through the local group policy editor I get an error message, please help me

We would like to install a custom search engine using Firefox policies. We have the latest version of Firefox installed. We have the latest admx files installed on our Domain Controllers. In the Policy, I go into the User -> Administrative Templates -> Mozilla -> Search and setup a search engine using Search Engine One. I then go into Default Search Engine and configure our custom search to be default. What we find is that the custom search engine never installs, so the custom search engine is not set at the default. If I manually add the custom search engine using the Search Engine Helper Add-on, I can verify that the custom search settings do indeed work. With that said, does anyone have thoughts on how to troubleshoot this issue? First, need to figure out why the custom engine isn't installing at all. Thanks.

Hello. I have trying to test a GPO this week that will lock down the use of extensions. In summary we are shifting to a complete "deny all/allow by exception format".

As a reference I have been using the below article as my source on how to set this up. https://github.com/mozilla/policy-templates#extensionsettings

After reading through the article the base example they have works flawlessly. I have put this base example below.

{

 "*": {
   "blocked_install_message": "Custom error message.",
   "install_sources": ["https://yourwebsite.com/*"],
   "installation_mode": "blocked",
   "allowed_types": ["extension"]
 },
 "uBlock0@raymondhill.net": {
   "installation_mode": "force_installed",
   "install_url": "https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi"
 },
 "https-everywhere@eff.org": {
   "installation_mode": "allowed"
 }

}

The minute I try to change it though the whole thing breaks. For context, I have tried adding 1 password as a forced installed add in, and also try placing it below under allowed. See my example below of the one where I am putting it is allowed. Any idea of what I am doing wrong?

{

 "*": {
   "blocked_install_message": "Custom error message.",
   "install_sources": ["https://yourwebsite.com/*"],
   "installation_mode": "blocked",
   "allowed_types": ["extension"]
 },
 "uBlock0@raymondhill.net": {
   "installation_mode": "force_installed",
   "install_url": "https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi"
 },
 "*": {
   "installation_mode": "force_installed",
   "install_url": "https://addons.mozilla.org/firefox/downloads/latest/1password-x-password-manager/latest.xpi"
 }

}

Hi,

I deployed the last Firefox ESR update and I just found about this new feature : https://support.mozilla.org/en-US/kb/manage-downloads-preferences-using-downloads-menu

So files are now downloaded and users are no longer prompted for what to do. My question is can we change this to "Ask whether to open or save files" using policies.json?

Kind regards,

McB

I'm trying to configure the "Extension Management" policy for firefox in my company. We have 14 addons to manage. using JSON this will end to a line of about 2500 characters.

when I try to copy the code into the gpo I get a message telling me the limit is 2048 characters.

Is there a way to baypass this limitation ?

thank you

We have 50 workstations set up for certain jobs and the users roam as needed. Each workstation has two printers using different media. the printers are controlled by having two instances of Firefox with each having a user profile to use one printer or the other. In addition to printer settings we set a number of other profile settings such as silent printing etc.

Having a profile per user requires a great deal of setup work to allow different users to log in with authentication and to align the printers with the programs which will print to them.

A solution that would allow us to write a copy of a master profile to each new user via a program would be nearly perfect. Thank you,

We use GPO to push out our Firefox homepage and bookmarks. I get totally different results for each user, some will make changes right away if I add a new book marks, but they don't see older ones?

I decided to build a few test machines (we don't have time to build a dev envir) and it applies the GPO for the home page but not the bookmarks, I can see the book marks in the registry even but nothing on firefox. Anyone have a guess?

thanks David

I work in an enterprise environment. We have certain requirements that we must maintain for our system to maintain accreditation. One of these requirements is to prevent the installation of add-ons using the policies.json file.

We are also trying to develop an extension that adds banners to each page the user interacts with. I understand this can be loaded using the process [https://support.mozilla.org/en-US/kb/deploying-firefox-with-extensions|he...] and does not have to be signed following this [https://support.mozilla.org/en-US/kb/install-system-add-ons-firefox-enter...] .

My question is, before embarking on the journey to create this web extension, can it still be installed following the enterprise process, despite being denied by default by the policies.json? Or is there a way to allow for the extension to be installed by changing the policy?

Hi,

I've been struggling for a week to try and get our extensions managed in Firefox. Firstly I tried doing it in Intune through the Extension Management setting in the ADMX however that wouldn't work as it couldn't parse the JSON. Then I've tried using the OMA-URI ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Extensions/ExtensionSettings

I'm now getting a straight up error in Intune -2016281112 (0x87d1fde8). I've followed the documentation as best as I can but it still doesn't seem to work. In the Intune logs there is no record of the Config profile even being attempted. Any ideas as to what is causing this error? Here is the full code being used for the OMA-URI string:

<enabled/>
<data id="ExtensionSettings" value='
{

   "*": {
       "blocked_install_message": "This extension is blocked. Please contact the helpdesk for further assistance.",
       "install_sources": ["about:addons","https://addons.mozilla.org/*"],
       "installation_mode": "blocked",
       "allowed_types": ["extension"]
   },
   "rested@restedclient": {
       "installation_mode": "allowed"
   },
   "{c45c406e-ab73-11d8-be73-000a95be3b12}": {
       "installation_mode": "allowed"
   },
   "{5caff8cc-3d2e-4110-a88a-003cc85b3858}": {
       "installation_mode": "allowed"
   },
   "selenium-ide": {
       "installation_mode": "allowed"
   },
   "{a6fd85ed-e919-4a43-a5af-8da18bda539f}": {
       "installation_mode": "allowed"
   },
   "{16a49f65-1369-4839-a5ef-db2581e08b16}": {
       "installation_mode": "allowed"
   },
   "{5384767E-00D9-40E9-B72F-9CC39D655D6F}": {
       "installation_mode": "allowed"
   },
   "{83efb7a7-cf21-4f94-840a-316f651053ef}": {
       "installation_mode": "allowed"
   },
   "{edfc63b3-fc9b-4b6b-b9bf-4561ad548044}": {
       "installation_mode": "allowed"
   },
    "{f1a3d59a-f759-4d03-9545-6f741e64524e}": {
       "installation_mode": "allowed"
   },
    "cors-everywhere@spenibus": {
       "installation_mode": "allowed"
   }
}'/>

OMA-URI:

./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/Proxy Value (string):

<enabled/> <data id="ProxyLocked" value="true | false"/> <data id="ConnectionType" value="none | system | manual | autoDetect | autoConfig"/> <data id="HTTPProxy" value="https://httpproxy.example.com"/> <data id="UseHTTPProxyForAllProtocols" value="true | false"/> <data id="SSLProxy" value="https://sslproxy.example.com"/> <data id="FTPProxy" value="https://ftpproxy.example.com"/> <data id="SOCKSProxy" value="https://socksproxy.example.com"/> <data id="SOCKSVersion" value="4 | 5"/> <data id="AutoConfigURL" value="URL_TO_AUTOCONFIG"/> <data id="Passthrough" value="<local>" >="" <data="" <="" p=""></data>

This has mixure of String and Integer , when we configure as string and use one from the above or leaving blank or setting only string , it failed the policy with error - -2016281112

In our organization, we enforce through group policy to clear cookies and site data each time the browser is closed. I see there's an exception list to define certain sites that it will not clear cookies or site data. Where in group policy can this exception be set.

This option can be seen (allow) from the article here under Block cookies and site data for more than one website > Step 3 https://support.mozilla.org/en-US/kb/block-websites-storing-cookies-site-data-firefox

Thanks,

Hi All- I am in charge of deploying Firefox ESR to my company and trying to get it to silently auto update on it's on with user interaction. We have policies in place (GPO) that prevent it at this point. I need some guidance on whether I should use just GPOs to manage this or should I go the route of the .cfg file? If someone has a step by step on how to best achieve this I would appreciate it. I am currently using the .msi installer.

Here is settings in an old .cfg file that I am testing with:

lockPref("app.update.mode", 1); lockPref("app.update.service.enabled", true); lockPref("extensions.update.enabled", false); lockPref("extensions.update.autoUpdateEnabled", false);

// Set default homepage - users can change // Requires a complex preference defaultPref("browser.startup.homepage","data:text/plain,browser.startup.homepage=http://workday");

// Don't ask to install the Flash plugin lockPref("plugins.notifyMissingFlash", false);

// Disable Search Engine automatic updates lockPref("browser.search.update", false);

//Disable telemetry lockPref("toolkit.telemetry.prompted", 2); lockPref("toolkit.telemetry.rejected", true); lockPref("toolkit.telemetry.enabled", false);

// Disable health reporter lockPref("datareporting.healthreport.service.enabled", false); lockPref("datareporting.healthreport.logging.consoleEnabled", false); lockPref("datareporting.healthreport.uploadEnabled", false);

// Disable all data upload (Telemetry and FHR) lockPref("datareporting.policy.dataSubmissionEnabled", false);

// Disable crash reporter lockPref("toolkit.crashreporter.enabled", false); Components.classes["@mozilla.org/toolkit/crash-reporter;1"].getService(Components.interfaces.nsICrashReporter).submitReports = false;

// Don't show WhatsNew on first run after every update pref("browser.startup.homepage_override.mstone","ignore");

// Don't show 'know your rights' on first run pref("browser.rights.3.shown", true);

Hello

I am looking for a way to disable the QUIC protocol in Firefox through Jamf Pro. tried by below value but its not working, anyone did the settings for Mac?

<plist version="1.0"> <dict> <key>Preferences</key> <dict> <key>network.http.http3.enable</key> <dict> <key>Value</key> <false/> <key>Status</key> <string>user</string> </dict> <key>network.http.http3.enable_0rtt</key> <dict> <key>Value</key> <false/> <key>Status</key> <string>user</string> </dict> </dict> </dict> </plist>

Thanks

I'm setting up addon installation through `policy.json`. Below is an example. I am wondering howto configure addons thus installed using the same file. Is it possible? If yes: where to find addon-specific keys/options? As an example: when providing below `policy.json`, starting any fresh firefox profile/installation produces the dialog "Startpage.com - Private Search Engine would like to change your default search engine from Google to Startpage.com - English. Is that OK?", followed by yes/no buttons. I would like to be able to just make the addon do so forgoing the dialog.

Thanks for any pointers.

{

 "policies": {
   "ExtensionSettings": {
     "*": {
       "blocked_install_message": "Installation of extensions only allowed from 'policy.json'.",
       "installation_mode": "blocked"
     },
     "{20fc2e06-e3e4-4b2b-812b-ab431220cada}": {
       "installation_mode": "force_installed",
       "install_url": "https://addons.mozilla.org/firefox/downloads/latest/startpage-private-search/latest.xpi"
     }
   },
   "ExtensionUpdate": true
 }

}