Group Policy Settings list with description

Hi, I would like to implement GPO settings for Firefox, and would like to review the list of the policies with description (explanation of what the policy is about and w… (read more)

Hi, I would like to implement GPO settings for Firefox, and would like to review the list of the policies with description (explanation of what the policy is about and what happens if its enabled or disabled) on a table or excel format. Is there a site or page that will give me that list?

Asked by aurel_dimaculangan 3 weeks ago

Last reply by cor-el 3 weeks ago

  • Solved

How to Add preferences to Firefox through Windows Server Group Policy

Hi everyone. I have installed Firefox on all windows 10 workstations and I have also installed latest Firefox Group Policy ADMX on Server. I need to set some preferences … (read more)

Hi everyone. I have installed Firefox on all windows 10 workstations and I have also installed latest Firefox Group Policy ADMX on Server. I need to set some preferences on all Workstations. The preferences that I want to set are the ones that can be found in about:config.

But the problem is that only some of these preferences exist in Group Policy by default and it says "deprecated". I know that I can add additional about:config preferences in a Group Policy object called "Preferences". But no matter how I enter the format or how I change the JASON file, no preference policy is applied to Firefox in workstations. By the way when I change "Preferences" gpo in group Policy the next Policy called "Preferences (JASON on one file)" does also change. I have thoroughly searched the web and Mozilla support and have tested all suggestions but all to no avail. Can you please help me and Give me an example of how to do that? I would appreciate any answer in advance.

Asked by manoochehr.zangooei 1 month ago

Answered by TyDraniu 1 month ago

Issue getting Firefox to launch for the first time, directly to a clicked link, without start page/default browser prompt

We are deploying Firefox installed via the v122 binary on Ubuntu 22.04.4 Server w/ubuntu-desktop-minimal --no-install-recommends (we need to have no-user-interaction inst… (read more)

We are deploying Firefox installed via the v122 binary on Ubuntu 22.04.4 Server w/ubuntu-desktop-minimal --no-install-recommends (we need to have no-user-interaction install). We are using an Ansible playbook to copy over and unarchive the tarball, then create a firefox/distribution folder in the install directory and copying a profiles.json file to said folder, links the install directory to the /usr/bin/local directory, and setting firefox.desktop as the system default browser.

Using the instructions from: https://mozilla.github.io/policy-templates/

What we are hoping to accomplish is the user who has never launched Firefox will click on a link in an application, which will launch Firefox and go directly to the requested page. As it stands right now, the first time a user clicks the link, it launches firefox and shows a start page. The user must then close this window, and click the link again. This brings up a "Use Firefox as the default browser" prompt, which the user must accept, but then does not display the link. The third time the user clicks the link, the requested page pops up, and works from this time out.

We would like to have this be a one-click experience for the user. Looking at the options in about:config after getting firefox to launch, it appears firefox is not getting the options from the profiles.json file. Are we missing something about placement of this file? Missing some lines? Should we be using AutoConfig instead? Thank you for any assistance!

{

   "policies": {
       "Homepage": {
           "StartPage": "none"
       },
       "Preferences": {
           "browser.shell.checkDefaultBrowser": {
               "Value": false,
               "Status": "default",
               "Type": "boolean"
           },
           "browser.shell.skipDefaultBrowserCheckOnFirstRun": {
               "Value": true,
               "Status": "default",
               "Type": "boolean"
           },
           "browser.startup.homepage_override.mstone": {
               "Value": "ignore",
               "Status": "default",
               "Type": "string"
           }
       },
       "PopupBlocking": {
           "Default": false
       },
       "DontCheckDefaultBrowser": true,
       "OverrideFirstRunPage": "",
       "OverridePostUpdatePage": ""
   }

}

Asked by JuniorDevOps 4 weeks ago

Last reply by Mike Kaply 3 weeks ago

Enforce use of extension

Hello, My company recently started using ActivTrak Monitoring software and I need some help configuring the setup for Apple computers. I'm trying to create a custom .mob… (read more)

Hello,

My company recently started using ActivTrak Monitoring software and I need some help configuring the setup for Apple computers. I'm trying to create a custom .mobileconfig to automatically turn on the browser extension and then stop the end users from turning the add-on off. I can successfully install and lock the extension on once installed but need to manually activate the add-on first. What do I need to add to the plist to enable the extension automatically?

Thank you!

Asked by MiITsolutions 4 days ago

Enquiry On Force Update Firefox

Does anyone possess expertise in executing a forced update for Firefox within the user's profile directory located at "AppData\Local\Mozilla Firefox"? It would be advanta… (read more)

Does anyone possess expertise in executing a forced update for Firefox within the user's profile directory located at "AppData\Local\Mozilla Firefox"? It would be advantageous to employ a PowerShell script for rectifying this issue. It appears that certain users are not frequently opening Firefox, thus impeding the automatic update process.

Asked by slimmonkey 1 week ago

Last reply by Mike Kaply 1 week ago

Policy to set startpage not working on first start / Linux

Hello, I am using firefox 126.0 on linux mint 21.2 with an policy file in the directory "/usr/lib/firefox/distribution/policies.json". This is just working fine with one… (read more)

Hello,

I am using firefox 126.0 on linux mint 21.2 with an policy file in the directory "/usr/lib/firefox/distribution/policies.json". This is just working fine with one little problem. When opening firefox the first time, it does not apply the policy to set the startpage to the url in the policy file. All other policies seem to be applied correctly. I figured out, that at the first start of firefox, no user profile (folder) "~/.mozilla/" exists. When i click the little "house" button on the the top besides the refresh buton, the correct startpage is shown. After the first start this folder is created and then the policies work fine even the startpage shows up directly. Can I somehow use a template profiles-folder for new users, so they have the correct firefox feeling at the first start or is there something missing in my policy file ? The policy file has rights set to "644 root:root" Image of the policy file is attached because I can't upload files other then images.

Thank you.

Asked by naumaj 1 day ago

  • Solved
  • Archived

Install extention using GPO

Hello, I want to download an extension using firefox policy templates. I put the location folder and extension id so that it cannot be deleted, but for some reason it do… (read more)

Hello,

I want to download an extension using firefox policy templates. I put the location folder and extension id so that it cannot be deleted, but for some reason it doesn't want to install most of the times. The policy is added after using the gpupdate /force command and restarting the machine then open and close the browser. I wait 10 minutes for the policy to be configured on the computer and open the browser again and nothing happens. Also, the keys in the registry have the corresponding value type (checked in site https://admx.help/?Category=Firefox&Policy=Mozilla.Policies.Firefox::Extensions_Locked). But when I drag and drop with a mouse, the extension is installed and cannot be deleted. Can you tell me why does the extension not install when the policy is in effect?

I sent pictures from Group Policy Manager, Registry editor and showing that the extension can not be deleted after drag and drop with a mouse.

Thank you in advanced!

Asked by thristov1980 1 year ago

Answered by Mike Kaply 1 year ago

  • Solved
  • Archived

How to disable QUIC http3 in Firefow either by Windows Registry editor o by AMDX template

Hello I am looking for a way to disable the QUIC protocol in Firefox by GPO. I got your latest AMDX templates but I don't see the option to modify network.http.http3.ena… (read more)

Hello

I am looking for a way to disable the QUIC protocol in Firefox by GPO. I got your latest AMDX templates but I don't see the option to modify network.http.http3.enabled.

Either an AMDX template with this option or a Registry will do the trick

Thanks

Asked by rmirandacr 1 year ago

Answered by rmirandacr 1 year ago

  • Solved
  • Archived

Changing FireFox preferences via Registry Editor

Hello! As you may know, FireFox does not use the Windows Certificate Store by default. Therefore I have to change the "security.enterprise-roots.enabled" in the preferenc… (read more)

Hello! As you may know, FireFox does not use the Windows Certificate Store by default. Therefore I have to change the "security.enterprise-roots.enabled" in the preferences on each workstation. I have searched and found ways to enforce this change by GPE , but I wonder if there is a way to change firefox preferences, especially the one I've mentioned, via Registry Editor.

Asked by AmirSF 1 year ago

Answered by TyDraniu 1 year ago

  • Solved
  • Archived

ManagedBookmarks [JSON]

Hello, Firefox 102.6.0esr (x64) Firefox 108.2.0 (x64) after implementing the bookmarks (JSON) setting by GPO policy, it turns out that an entry for Bookmarks is created… (read more)

Hello,

Firefox 102.6.0esr (x64) Firefox 108.2.0 (x64)

after implementing the bookmarks (JSON) setting by GPO policy, it turns out that an entry for Bookmarks is created in the registry and not ManagedBookmarks, which causes bookmarks not to appear in the bookmarks bar. When I manually rename a registry entry from Bookmarks to ManagedBookmarks, the bookmarks appear properly. Please let me know if I'm doing something wrong or if there really is a problem reported by me.

Yours sincerely Bart

Asked by bartekbrzozka 1 year ago

Answered by Mike Kaply 1 year ago

  • Solved
  • Archived

Intune ExtensionSettings Policy No Longer Working in Firefox

Hello, in Firefox browser, my organization has always blocked all extensions except for ones we allow through OMA-URI ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~fi… (read more)

Hello, in Firefox browser, my organization has always blocked all extensions except for ones we allow through OMA-URI ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Extensions/ExtensionSettings.

About a month ago this stopped working and our end users can now install any extension in the Firefox browser that they choose, without approval, creating a security risk.

When checking in about:policies, there is a policy error: Unable to parse JSON for ExtensionSettings. We have checked with Microsoft Intune support and they verified that the policy looks to be configured and targeted correctly.

Here is a snippet of our JSON, this is a test policy where microsoft support had us remove "about:addons" from the 'install sources'. Both test and production policies are not working.

<enabled/>
<data id="ExtensionSettings" value='
{
    "*": {
        "blocked_install_message": "Contact Service Line",
        "install_sources": ["https://addons.mozilla.org/*"],
        "installation_mode": "blocked",
        "allowed_types": ["extension"]
    },
    "cloudmetering@snowsoftware.com": {
        "installation_mode": "force_installed",
        "install_url": "file:///C:/Program Files/Snow Software/Inventory/Agent/FFCloudmetering.xpi"
    },
    "fpdlpffext2@forcepoint.com": {
        "installation_mode": "force_installed",
        "install_url": "file:///C:/Program Files/Websense/Websense Endpoint/winFFext.xpi"
    },
    "jid1-5AULKXLKGyjuLQ@jetpack": {
        "installation_mode": "allowed"
    },
    "abb@amazon.com": {
        "installation_mode": "allowed"
    },
    "ciscowebexstart1@cisco.com": {
        "installation_mode": "allowed"
    },
    "linkedinConverted@firefox-extension": {
        "installation_mode": "allowed"
    },
    "{7bc53591-5218-45a0-b572-4366979097fd}": {
        "installation_mode": "allowed"
    },
    "queryamoid@kaply.com": {
        "installation_mode": "allowed"
    },
    "jid1-93WyvpgvxzGATw@jetpack": {
        "installation_mode": "allowed"
    },

Is this a bug? Or something wrong with our configuration? Has firefox changed the requirements of the extensionsettings OMA-URI?

Thanks for any help in advance.

Asked by victoria.gray 1 year ago

Answered by victoria.gray 1 year ago

  • Solved
  • Archived

GPO to set firefox to open ICA files in Citrix Workspace

Hi, We've GPOs in place for Edge and Chrome that set said browsers on all our Windows endpoints to open downloaded ICA files in Citrix Workspace. I've imported the fi… (read more)

Hi,

We've GPOs in place for Edge and Chrome that set said browsers on all our Windows endpoints to open downloaded ICA files in Citrix Workspace.

I've imported the firefox.admx and mozilla.admx file along with assocaited .adml files, checked Github, checked through the GPO settings yet cannot figure out how to do the same with Firefox.

Is there a Mozila Firefox for Windows GPO ADMX setting I can use to control the "Firefox>Settings>General>Files and Applications>Applications" section to add "Content type: ica | Action: Use Citrix Workspace"?

Thanking you....

Asked by Denis.Payne 1 year ago

Answered by Mike Kaply 1 year ago

  • Solved
  • Archived

Can no longer play media with Firefox ESR 102.x

Hello, ever since we moved endpoints from Firefox ESR 91.13 to 102.3, it has become impossible to play any media with Firefox. No video will play in youtube, for instanc… (read more)

Hello, ever since we moved endpoints from Firefox ESR 91.13 to 102.3, it has become impossible to play any media with Firefox.

No video will play in youtube, for instance (it just loads endlessly as if it would start, but it doesn't).

Can't use radio websites either. Anything with a "play" button (video or sound) does nothing.

This has been tested with a clean profile, a clean install, after allowing autoplay in the settings.

Is there any info on what exactly changed between ESR 91 and 102 that might explain this ? There has been no system change, If I reinstall 91 instead it works again as usual.

No issues anywhere else on the endpoints (Edge, Windows), this is on Windows 10 if it makes any difference.

Tanks for any help on this.

Asked by OdeonFF 1 year ago

Answered by OdeonFF 1 year ago

  • Solved
  • Archived

how to disable common users to modify the settings of "No proxy for" in "Connection Settings"

I am an admin of some servers, i modify the proxy settings of firefox in a GPO, and it works, but now ont thing is that users can modify the settings of "No proxy for" in… (read more)

I am an admin of some servers, i modify the proxy settings of firefox in a GPO, and it works, but now ont thing is that users can modify the settings of "No proxy for" in Connection Settings, then add the urls, then users can access to any web site which they want to, is there a method to disable this? thanks.

Asked by fas910 10 months ago

Answered by Mike Kaply 10 months ago

  • Solved
  • Archived

Unable to set Homepage via Intune configuration profile for MacOS

Hi everyone, I'm trying to standardize the homepage for the browser which enrolled with Intune on MacOS. I have imported the .plist file as below with the preference doma… (read more)

Hi everyone, I'm trying to standardize the homepage for the browser which enrolled with Intune on MacOS. I have imported the .plist file as below with the preference domain name as "org.mozilla.firefox". After applied, it returned error and nothing has been changed on the browser. Thanks.

<key>Homepage</key> <key>URL</key> <string>http://example.com</string> <key>StartPage</key> <string>homepage</string>

Asked by thomas1881 1 year ago

Answered by Mike Kaply 1 year ago

  • Solved
  • Archived

GPO Settings for AutoFill Address and Credit Cards

We downloaded the GPO Templates for AD and looking to customize Firefox. We would like to disable Forms and Autofill: Autofill addresses Autofill credit cards Also wou… (read more)

We downloaded the GPO Templates for AD and looking to customize Firefox.

We would like to disable Forms and Autofill: Autofill addresses Autofill credit cards

Also would like to lock down so they can't reenable if possible.

We would like to do this all through GPOs if possible. I found these in the about:config: extensions.formautofill.addresses.enabled extensions.formautofill.creditCards.enabled

But again want to do through the GPO. Is this possible?

Side note while working on GPOs, I set Exceptions for the popup blocker and they are not showing up in the browser. I also filled out to remove Search Engines but they all still appear in the browsers. These two GPO settings don't appear to be working.

Asked by Joshua_Calais 11 months ago

Answered by Mike Kaply 11 months ago

  • Solved
  • Archived

deploying firefox-add-ons via group policies doesn't work anymore after proxy-change

Hello, I used to deploy add-ons via group policies - this worked like a charm: Firefox esr (91.11.0esr x64), ADMX-templates in Sysvol\PolicyDefinitions, Group Policies: … (read more)

Hello,

I used to deploy add-ons via group policies - this worked like a charm: Firefox esr (91.11.0esr x64), ADMX-templates in Sysvol\PolicyDefinitions, Group Policies: User configuration, administrative templates, mozilla, firefox, add-ons --> install add-ons --> https://addons.mozilla.org/firefox/downloads/file/1234567/goodaddon-1.0.01.xpi

A few months ago, we had to change our network-configuration. We were using a proxy before, but our proxy had direct access to the internet. Now our proxy forwards everything to another proxy. Since about that time, add-on-deployment via gpo doesn't work anymore. It could be something else, but i suspect the proxy-change.

I tried to deploy unc-paths, internal websites and different syntaxes; none of this works:

  • http://192.168.100.10/goodaddon-1.0.01.xpi
  • http://internalwebsite/goodaddon-1.0.01.xpi
  • https://192.168.100.10/goodaddon-1.0.01.xpi
  • https://internalwebsite/goodaddon-1.0.01.xpi
  • \\192.168.100.20\netshare\goodaddon-1.0.01.xpi
  • \\internalfileserver\netshare\goodaddon-1.0.01.xpi
  • file://///192.168.100.20/netshare/goodaddon-1.0.01.xpi
  • file://///internalfileserver/netshare/goodaddon-1.0.01.xpi

As you can see I tried using internal sites, so that no proxy would be needed. And I also added these sites to the allowed add-on-installation-sites (computer configuration, same group policy). The sites are all accessible; if I enter these addresses as url, firefox can access the xpi-file.

I know how to pack add-ons into the firefox-setup-file; that still works. But first of all, firefox is already installed on most of my clients. Second, after a fresh installation of firefox with this self-created package, all add-ons are installed, but not activated. And I would like to restrict activation/deactivation of add-ons via gpo.

  1. 1 Are there other ways to deploy add-ons in a domain-network (e.g. script-based)?
  2. 2 Are there any logs where I could find out what exactly goes wrong?
  3. 3 Are there any other syntaxes I could try (group policy urls)?
  4. 4 Can anyone guess what the problem is (why it is not working anymore)?

Help would be very much appreciated.

Best regards.

Asked by mozilla355 1 year ago

Answered by mozilla355 1 year ago

  • Solved
  • Archived

I can’t change the min and max TLS versions with either policies.json or mozilla.cfg

I need to set the max TLS version to 1.3 and the min version to 1.2 on my shstems. The max and min TLS versions are set to 4 and 3 by default in about:config. If I use lo… (read more)

I need to set the max TLS version to 1.3 and the min version to 1.2 on my shstems. The max and min TLS versions are set to 4 and 3 by default in about:config. If I use lockPref(“security.tls.version.max”,”3”), it is still 4 in about:config for some reason. If I set the min version to 2, it is still 3. This also doesn’t work if I use “SSLVersionMin”: “tls1.2” how can I fix this issue? Thank you in advance!

Asked by Terwassolam21434 9 months ago

Answered by jscher2000 - Support Volunteer 8 months ago

  • Solved
  • Archived

Firefox Install Location/Versions

Hello, I am working to convert my Org to Firefox ESR, but in order to this I need to uninstall the per user install of Firefox. We have many users that have the Firefox.… (read more)

Hello,

I am working to convert my Org to Firefox ESR, but in order to this I need to uninstall the per user install of Firefox. We have many users that have the Firefox.exe located in their Local Appdata folder. So I need to test the uninstall of the Appdata install and then the install of ESR. But the problem is I haven't been able to get Firefox to automatically install into the appdata folder. How am I able to do this? The users who have it installed in the appdata folder are not admins on their computers. When I'm testing I've also been using a normal user account. Please let me know how I can install the exe into the appdata folder automatically without me specifically placing it there or which exe version I need to do this.

Thanks!

Asked by tmlloyd 9 months ago

Answered by tmlloyd 9 months ago

  • Solved
  • Archived

Windows GPO Help with JSON configs

Environment: Windows 10 22h2 clients, latest ESR build, Domain servers Windows 2016 or better. So I followed the guide https://github.com/mozilla/policy-templates/blob/m… (read more)

Environment: Windows 10 22h2 clients, latest ESR build, Domain servers Windows 2016 or better.

So I followed the guide https://github.com/mozilla/policy-templates/blob/master/README.md#extensionsettings and tried to set up the config. We are using the latest ESR build but after the settings is applied I still dont have working extensions.

Here is the code

{
     "*": {
           "blocked_install_message": "Addon or Extension is not approved. Please submit a ticket to Help Desk if you need access to this extension.",
           "install_sources": ["https://addons.mozilla.org/"],
           "installation_mode": "blocked"
     },
     "{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}": {
           "installation_mode": "allowed",
           "install_url": "https://addons.mozilla.org/firefox/downloads/latest/adblock-plus/latest.xpi"
           },
     "ciscowebexstart1@cisco.com": {
           "installation_mode": "allowed",
           "install_url": "https://addons.mozilla.org/firefox/downloads/latest/cisco-webex-extension/latest.xpi"
     },
     "{d0210f13-a970-4f1e-8322-0f76ec80adde}": {
           "installation_mode": "allowed",
           "install_url": "https://addons.mozilla.org/firefox/downloads/latest/instapaper-official/latest.xpi"
           },
     "appstore-mini@feedly.com": {
           "installation_mode": "allowed",
           "install_url": "https://addons.mozilla.org/firefox/downloads/latest/feedly_mini/latest.xpi"
           },
     "extension@one-tab.com": {
           "installation_mode": "allowed",
           "install_url": "https://addons.mozilla.org/firefox/downloads/latest/onetab/latest.xpi"
           },
     "support@lastpass.com": {
           "installation_mode": "allowed",
           "install_url": "https://addons.mozilla.org/firefox/downloads/latest/lastpass-password-manager/latest.xpi"
           },
     "sweb2pdfextension.4@kofax.com": {
           "installation_mode": "allowed",
           "install_url": "https://addons.mozilla.org/firefox/downloads/latest/kofax-pdf-create-4-0/latest.xpi"
           },
     "Aternity-WebExt-12.1.4@aternity.com": {
           "installation_mode": "allowed",
           },
     "its_addons_wrap@onelog.com": {
           "installation_mode": "allowed",
           "install_url": "https://extensions.onelog.com/extension/onelog.xpi"
     }

}

I have placed the settings in HKCU but also tried in HKLM and there has been no difference. in each case I get Unable to parse JSON for Extensionsettings when checking the about:policies section and when I look at the registry I see the REG_MULTI_SZ value but when i click on it to read it I get another error message. Cannot edit ExtensionSettings: Error reading the values contents.

I tried re-entering the code and tried not listing the install URLs and even tried only listing 1 item. I haven't been able to get past this error so any help would be greatly appreciated.

Asked by daniel.david.white 1 year ago

Answered by Mike Kaply 1 year ago