• Solved

How to Add preferences to Firefox through Windows Server Group Policy

Hi everyone. I have installed Firefox on all windows 10 workstations and I have also installed latest Firefox Group Policy ADMX on Server. I need to set some preferences … (read more)

Hi everyone. I have installed Firefox on all windows 10 workstations and I have also installed latest Firefox Group Policy ADMX on Server. I need to set some preferences on all Workstations. The preferences that I want to set are the ones that can be found in about:config.

But the problem is that only some of these preferences exist in Group Policy by default and it says "deprecated". I know that I can add additional about:config preferences in a Group Policy object called "Preferences". But no matter how I enter the format or how I change the JASON file, no preference policy is applied to Firefox in workstations. By the way when I change "Preferences" gpo in group Policy the next Policy called "Preferences (JASON on one file)" does also change. I have thoroughly searched the web and Mozilla support and have tested all suggestions but all to no avail. Can you please help me and Give me an example of how to do that? I would appreciate any answer in advance.

Asked by manoochehr.zangooei 1 month ago

Answered by TyDraniu 1 month ago

  • Solved
  • Archived

Install extention using GPO

Hello, I want to download an extension using firefox policy templates. I put the location folder and extension id so that it cannot be deleted, but for some reason it do… (read more)

Hello,

I want to download an extension using firefox policy templates. I put the location folder and extension id so that it cannot be deleted, but for some reason it doesn't want to install most of the times. The policy is added after using the gpupdate /force command and restarting the machine then open and close the browser. I wait 10 minutes for the policy to be configured on the computer and open the browser again and nothing happens. Also, the keys in the registry have the corresponding value type (checked in site https://admx.help/?Category=Firefox&Policy=Mozilla.Policies.Firefox::Extensions_Locked). But when I drag and drop with a mouse, the extension is installed and cannot be deleted. Can you tell me why does the extension not install when the policy is in effect?

I sent pictures from Group Policy Manager, Registry editor and showing that the extension can not be deleted after drag and drop with a mouse.

Thank you in advanced!

Asked by thristov1980 1 year ago

Answered by Mike Kaply 1 year ago

  • Solved
  • Archived

How to disable QUIC http3 in Firefow either by Windows Registry editor o by AMDX template

Hello I am looking for a way to disable the QUIC protocol in Firefox by GPO. I got your latest AMDX templates but I don't see the option to modify network.http.http3.ena… (read more)

Hello

I am looking for a way to disable the QUIC protocol in Firefox by GPO. I got your latest AMDX templates but I don't see the option to modify network.http.http3.enabled.

Either an AMDX template with this option or a Registry will do the trick

Thanks

Asked by rmirandacr 1 year ago

Answered by rmirandacr 1 year ago

  • Solved
  • Archived

Changing FireFox preferences via Registry Editor

Hello! As you may know, FireFox does not use the Windows Certificate Store by default. Therefore I have to change the "security.enterprise-roots.enabled" in the preferenc… (read more)

Hello! As you may know, FireFox does not use the Windows Certificate Store by default. Therefore I have to change the "security.enterprise-roots.enabled" in the preferences on each workstation. I have searched and found ways to enforce this change by GPE , but I wonder if there is a way to change firefox preferences, especially the one I've mentioned, via Registry Editor.

Asked by AmirSF 1 year ago

Answered by TyDraniu 1 year ago

  • Solved
  • Archived

ManagedBookmarks [JSON]

Hello, Firefox 102.6.0esr (x64) Firefox 108.2.0 (x64) after implementing the bookmarks (JSON) setting by GPO policy, it turns out that an entry for Bookmarks is created… (read more)

Hello,

Firefox 102.6.0esr (x64) Firefox 108.2.0 (x64)

after implementing the bookmarks (JSON) setting by GPO policy, it turns out that an entry for Bookmarks is created in the registry and not ManagedBookmarks, which causes bookmarks not to appear in the bookmarks bar. When I manually rename a registry entry from Bookmarks to ManagedBookmarks, the bookmarks appear properly. Please let me know if I'm doing something wrong or if there really is a problem reported by me.

Yours sincerely Bart

Asked by bartekbrzozka 1 year ago

Answered by Mike Kaply 1 year ago

  • Solved
  • Archived

Intune ExtensionSettings Policy No Longer Working in Firefox

Hello, in Firefox browser, my organization has always blocked all extensions except for ones we allow through OMA-URI ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~fi… (read more)

Hello, in Firefox browser, my organization has always blocked all extensions except for ones we allow through OMA-URI ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Extensions/ExtensionSettings.

About a month ago this stopped working and our end users can now install any extension in the Firefox browser that they choose, without approval, creating a security risk.

When checking in about:policies, there is a policy error: Unable to parse JSON for ExtensionSettings. We have checked with Microsoft Intune support and they verified that the policy looks to be configured and targeted correctly.

Here is a snippet of our JSON, this is a test policy where microsoft support had us remove "about:addons" from the 'install sources'. Both test and production policies are not working.

<enabled/>
<data id="ExtensionSettings" value='
{
    "*": {
        "blocked_install_message": "Contact Service Line",
        "install_sources": ["https://addons.mozilla.org/*"],
        "installation_mode": "blocked",
        "allowed_types": ["extension"]
    },
    "cloudmetering@snowsoftware.com": {
        "installation_mode": "force_installed",
        "install_url": "file:///C:/Program Files/Snow Software/Inventory/Agent/FFCloudmetering.xpi"
    },
    "fpdlpffext2@forcepoint.com": {
        "installation_mode": "force_installed",
        "install_url": "file:///C:/Program Files/Websense/Websense Endpoint/winFFext.xpi"
    },
    "jid1-5AULKXLKGyjuLQ@jetpack": {
        "installation_mode": "allowed"
    },
    "abb@amazon.com": {
        "installation_mode": "allowed"
    },
    "ciscowebexstart1@cisco.com": {
        "installation_mode": "allowed"
    },
    "linkedinConverted@firefox-extension": {
        "installation_mode": "allowed"
    },
    "{7bc53591-5218-45a0-b572-4366979097fd}": {
        "installation_mode": "allowed"
    },
    "queryamoid@kaply.com": {
        "installation_mode": "allowed"
    },
    "jid1-93WyvpgvxzGATw@jetpack": {
        "installation_mode": "allowed"
    },

Is this a bug? Or something wrong with our configuration? Has firefox changed the requirements of the extensionsettings OMA-URI?

Thanks for any help in advance.

Asked by victoria.gray 1 year ago

Answered by victoria.gray 1 year ago

  • Solved
  • Archived

GPO to set firefox to open ICA files in Citrix Workspace

Hi, We've GPOs in place for Edge and Chrome that set said browsers on all our Windows endpoints to open downloaded ICA files in Citrix Workspace. I've imported the fi… (read more)

Hi,

We've GPOs in place for Edge and Chrome that set said browsers on all our Windows endpoints to open downloaded ICA files in Citrix Workspace.

I've imported the firefox.admx and mozilla.admx file along with assocaited .adml files, checked Github, checked through the GPO settings yet cannot figure out how to do the same with Firefox.

Is there a Mozila Firefox for Windows GPO ADMX setting I can use to control the "Firefox>Settings>General>Files and Applications>Applications" section to add "Content type: ica | Action: Use Citrix Workspace"?

Thanking you....

Asked by Denis.Payne 1 year ago

Answered by Mike Kaply 1 year ago

  • Solved
  • Archived

Can no longer play media with Firefox ESR 102.x

Hello, ever since we moved endpoints from Firefox ESR 91.13 to 102.3, it has become impossible to play any media with Firefox. No video will play in youtube, for instanc… (read more)

Hello, ever since we moved endpoints from Firefox ESR 91.13 to 102.3, it has become impossible to play any media with Firefox.

No video will play in youtube, for instance (it just loads endlessly as if it would start, but it doesn't).

Can't use radio websites either. Anything with a "play" button (video or sound) does nothing.

This has been tested with a clean profile, a clean install, after allowing autoplay in the settings.

Is there any info on what exactly changed between ESR 91 and 102 that might explain this ? There has been no system change, If I reinstall 91 instead it works again as usual.

No issues anywhere else on the endpoints (Edge, Windows), this is on Windows 10 if it makes any difference.

Tanks for any help on this.

Asked by OdeonFF 1 year ago

Answered by OdeonFF 1 year ago

  • Solved
  • Archived

how to disable common users to modify the settings of "No proxy for" in "Connection Settings"

I am an admin of some servers, i modify the proxy settings of firefox in a GPO, and it works, but now ont thing is that users can modify the settings of "No proxy for" in… (read more)

I am an admin of some servers, i modify the proxy settings of firefox in a GPO, and it works, but now ont thing is that users can modify the settings of "No proxy for" in Connection Settings, then add the urls, then users can access to any web site which they want to, is there a method to disable this? thanks.

Asked by fas910 10 months ago

Answered by Mike Kaply 10 months ago

  • Solved
  • Archived

Unable to set Homepage via Intune configuration profile for MacOS

Hi everyone, I'm trying to standardize the homepage for the browser which enrolled with Intune on MacOS. I have imported the .plist file as below with the preference doma… (read more)

Hi everyone, I'm trying to standardize the homepage for the browser which enrolled with Intune on MacOS. I have imported the .plist file as below with the preference domain name as "org.mozilla.firefox". After applied, it returned error and nothing has been changed on the browser. Thanks.

<key>Homepage</key> <key>URL</key> <string>http://example.com</string> <key>StartPage</key> <string>homepage</string>

Asked by thomas1881 1 year ago

Answered by Mike Kaply 1 year ago

  • Solved
  • Archived

GPO Settings for AutoFill Address and Credit Cards

We downloaded the GPO Templates for AD and looking to customize Firefox. We would like to disable Forms and Autofill: Autofill addresses Autofill credit cards Also wou… (read more)

We downloaded the GPO Templates for AD and looking to customize Firefox.

We would like to disable Forms and Autofill: Autofill addresses Autofill credit cards

Also would like to lock down so they can't reenable if possible.

We would like to do this all through GPOs if possible. I found these in the about:config: extensions.formautofill.addresses.enabled extensions.formautofill.creditCards.enabled

But again want to do through the GPO. Is this possible?

Side note while working on GPOs, I set Exceptions for the popup blocker and they are not showing up in the browser. I also filled out to remove Search Engines but they all still appear in the browsers. These two GPO settings don't appear to be working.

Asked by Joshua_Calais 11 months ago

Answered by Mike Kaply 11 months ago

  • Solved
  • Archived

deploying firefox-add-ons via group policies doesn't work anymore after proxy-change

Hello, I used to deploy add-ons via group policies - this worked like a charm: Firefox esr (91.11.0esr x64), ADMX-templates in Sysvol\PolicyDefinitions, Group Policies: … (read more)

Hello,

I used to deploy add-ons via group policies - this worked like a charm: Firefox esr (91.11.0esr x64), ADMX-templates in Sysvol\PolicyDefinitions, Group Policies: User configuration, administrative templates, mozilla, firefox, add-ons --> install add-ons --> https://addons.mozilla.org/firefox/downloads/file/1234567/goodaddon-1.0.01.xpi

A few months ago, we had to change our network-configuration. We were using a proxy before, but our proxy had direct access to the internet. Now our proxy forwards everything to another proxy. Since about that time, add-on-deployment via gpo doesn't work anymore. It could be something else, but i suspect the proxy-change.

I tried to deploy unc-paths, internal websites and different syntaxes; none of this works:

  • http://192.168.100.10/goodaddon-1.0.01.xpi
  • http://internalwebsite/goodaddon-1.0.01.xpi
  • https://192.168.100.10/goodaddon-1.0.01.xpi
  • https://internalwebsite/goodaddon-1.0.01.xpi
  • \\192.168.100.20\netshare\goodaddon-1.0.01.xpi
  • \\internalfileserver\netshare\goodaddon-1.0.01.xpi
  • file://///192.168.100.20/netshare/goodaddon-1.0.01.xpi
  • file://///internalfileserver/netshare/goodaddon-1.0.01.xpi

As you can see I tried using internal sites, so that no proxy would be needed. And I also added these sites to the allowed add-on-installation-sites (computer configuration, same group policy). The sites are all accessible; if I enter these addresses as url, firefox can access the xpi-file.

I know how to pack add-ons into the firefox-setup-file; that still works. But first of all, firefox is already installed on most of my clients. Second, after a fresh installation of firefox with this self-created package, all add-ons are installed, but not activated. And I would like to restrict activation/deactivation of add-ons via gpo.

  1. 1 Are there other ways to deploy add-ons in a domain-network (e.g. script-based)?
  2. 2 Are there any logs where I could find out what exactly goes wrong?
  3. 3 Are there any other syntaxes I could try (group policy urls)?
  4. 4 Can anyone guess what the problem is (why it is not working anymore)?

Help would be very much appreciated.

Best regards.

Asked by mozilla355 1 year ago

Answered by mozilla355 1 year ago

  • Solved
  • Archived

I can’t change the min and max TLS versions with either policies.json or mozilla.cfg

I need to set the max TLS version to 1.3 and the min version to 1.2 on my shstems. The max and min TLS versions are set to 4 and 3 by default in about:config. If I use lo… (read more)

I need to set the max TLS version to 1.3 and the min version to 1.2 on my shstems. The max and min TLS versions are set to 4 and 3 by default in about:config. If I use lockPref(“security.tls.version.max”,”3”), it is still 4 in about:config for some reason. If I set the min version to 2, it is still 3. This also doesn’t work if I use “SSLVersionMin”: “tls1.2” how can I fix this issue? Thank you in advance!

Asked by Terwassolam21434 9 months ago

Answered by jscher2000 - Support Volunteer 9 months ago

  • Solved
  • Archived

Firefox Install Location/Versions

Hello, I am working to convert my Org to Firefox ESR, but in order to this I need to uninstall the per user install of Firefox. We have many users that have the Firefox.… (read more)

Hello,

I am working to convert my Org to Firefox ESR, but in order to this I need to uninstall the per user install of Firefox. We have many users that have the Firefox.exe located in their Local Appdata folder. So I need to test the uninstall of the Appdata install and then the install of ESR. But the problem is I haven't been able to get Firefox to automatically install into the appdata folder. How am I able to do this? The users who have it installed in the appdata folder are not admins on their computers. When I'm testing I've also been using a normal user account. Please let me know how I can install the exe into the appdata folder automatically without me specifically placing it there or which exe version I need to do this.

Thanks!

Asked by tmlloyd 9 months ago

Answered by tmlloyd 9 months ago

  • Solved
  • Archived

Windows GPO Help with JSON configs

Environment: Windows 10 22h2 clients, latest ESR build, Domain servers Windows 2016 or better. So I followed the guide https://github.com/mozilla/policy-templates/blob/m… (read more)

Environment: Windows 10 22h2 clients, latest ESR build, Domain servers Windows 2016 or better.

So I followed the guide https://github.com/mozilla/policy-templates/blob/master/README.md#extensionsettings and tried to set up the config. We are using the latest ESR build but after the settings is applied I still dont have working extensions.

Here is the code

{
     "*": {
           "blocked_install_message": "Addon or Extension is not approved. Please submit a ticket to Help Desk if you need access to this extension.",
           "install_sources": ["https://addons.mozilla.org/"],
           "installation_mode": "blocked"
     },
     "{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}": {
           "installation_mode": "allowed",
           "install_url": "https://addons.mozilla.org/firefox/downloads/latest/adblock-plus/latest.xpi"
           },
     "ciscowebexstart1@cisco.com": {
           "installation_mode": "allowed",
           "install_url": "https://addons.mozilla.org/firefox/downloads/latest/cisco-webex-extension/latest.xpi"
     },
     "{d0210f13-a970-4f1e-8322-0f76ec80adde}": {
           "installation_mode": "allowed",
           "install_url": "https://addons.mozilla.org/firefox/downloads/latest/instapaper-official/latest.xpi"
           },
     "appstore-mini@feedly.com": {
           "installation_mode": "allowed",
           "install_url": "https://addons.mozilla.org/firefox/downloads/latest/feedly_mini/latest.xpi"
           },
     "extension@one-tab.com": {
           "installation_mode": "allowed",
           "install_url": "https://addons.mozilla.org/firefox/downloads/latest/onetab/latest.xpi"
           },
     "support@lastpass.com": {
           "installation_mode": "allowed",
           "install_url": "https://addons.mozilla.org/firefox/downloads/latest/lastpass-password-manager/latest.xpi"
           },
     "sweb2pdfextension.4@kofax.com": {
           "installation_mode": "allowed",
           "install_url": "https://addons.mozilla.org/firefox/downloads/latest/kofax-pdf-create-4-0/latest.xpi"
           },
     "Aternity-WebExt-12.1.4@aternity.com": {
           "installation_mode": "allowed",
           },
     "its_addons_wrap@onelog.com": {
           "installation_mode": "allowed",
           "install_url": "https://extensions.onelog.com/extension/onelog.xpi"
     }

}

I have placed the settings in HKCU but also tried in HKLM and there has been no difference. in each case I get Unable to parse JSON for Extensionsettings when checking the about:policies section and when I look at the registry I see the REG_MULTI_SZ value but when i click on it to read it I get another error message. Cannot edit ExtensionSettings: Error reading the values contents.

I tried re-entering the code and tried not listing the install URLs and even tried only listing 1 item. I haven't been able to get past this error so any help would be greatly appreciated.

Asked by daniel.david.white 1 year ago

Answered by Mike Kaply 1 year ago

  • Solved

Firefox Intune OMA-URI error

Dear Everyone, Facing issue with deploying Configuration Profile for Extension Settings via Intune. Tried ADMX imported template with adding there "block all extensions"… (read more)

Dear Everyone, Facing issue with deploying Configuration Profile for Extension Settings via Intune. Tried ADMX imported template with adding there "block all extensions" and allow certain ones. Worked perfect in Jamf, for Intune failing all time. We are using Firefox v.121, policies are for v.120, but I am in doubt that this is the issue. Can someone review and let me know if there any issue or may be changes? Using latest instructions https://mozilla.github.io/policy-templates/#extensionsettings Also here is my OMA, very easy.

OMA used ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Extensions/ExtensionSettings

Value(string):

<enabled/> <data id="ExtensionSettings" value=' {

 "*": {
   "blocked_install_message": "Security Test",
   "installation_mode": "blocked",
   "allowed_types": ["extension"]
 },
 "{bf855ead-d7c3-4c7b-9f88-9a7e75c0efdf}": {
   "installation_mode": "force_installed",
   "install_url": "https://addons.mozilla.org/firefox/downloads/latest/zoom-new-scheduler/latest.xpi"
 },
   "@react-devtools": {
   "installation_mode": "allowed"
 }

}'/>

Asked by Valery Volos 4 months ago

Answered by Mike Kaply 4 months ago

  • Solved
  • Archived

AutoConfig Alert

Good morning, I'm reaching out to see if I can get some assistance with Firefox on of our network. I'm System Admin at Goodfellow AFB. I've tried searching this issues … (read more)

Good morning,

I'm reaching out to see if I can get some assistance with Firefox on of our network. I'm System Admin at Goodfellow AFB. I've tried searching this issues on the web and found similar issues but solutions that were recommend online have not worked for us. Yes I have uninstalled Firefox completely and installed it from scratch. I know it has something to do with autoconfig file but not sure what exactly I'm looking for. Thanks.

Asked by Chase Cathey 1 year ago

Answered by jscher2000 - Support Volunteer 1 year ago

  • Solved
  • Archived

What is the proper format for the ExtensionSettings policy registry key/value that is used to manage browser extension settings?

When looking at the ExtensionSettings page for Firefox or Chrome they both use an example that shows the registry key Software\Policies\Mozilla\Firefox\ExtensionSettings… (read more)

When looking at the ExtensionSettings page for Firefox or Chrome they both use an example that shows the registry key Software\Policies\Mozilla\Firefox\ExtensionSettings (REG_MULTI_SZ) being set to a long JSON string with every extension ID and the settings for that particular ID. For example...

{

 "*": {
   "blocked_install_message": "Custom error message.",
   "install_sources": ["https://yourwebsite.com/*"],
   "installation_mode": "blocked",
   "allowed_types": ["extension"]
 },
 "uBlock0@raymondhill.net": {
   "installation_mode": "force_installed",
   "install_url": "https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi"
 },
 "https-everywhere@eff.org": {
   "installation_mode": "allowed"
 }

}

The problem with this method is that if I am installing an extension, and I overwrite what already exists in Software\Policies\Mozilla\Firefox\ExtensionSettings then all of those other settings get removed. So even if I am a non-malicious actor and just make a mistake with my installer I can easily delete every other extension's settings. Instead what I have to do is during install I have to read the current value of Software\Policies\Mozilla\Firefox\ExtensionSettings and then insert my extension's settings into the JSON blob.

So the examples that Firefox and Chrome provides do of course work, however they do not make very much sense to me. Why would it be formatted this way since all of those are additional key/value pairs and that is exactly what the registry excels at storing. So why put all of those into a single key/value instead of breaking them into multiple?

Additionally breaking them a part into multiple key/value pairs does work! So if instead of the example above I were to split them into multiple key value pairs it works just fine!

Software\Policies\Mozilla\Firefox\ExtensionSettings

   uBlock0@raymondhill.net
       "installation_mode": "force_installed",
       "install_url": "https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi"

So knowing that this way with multiple key/value pairs works why am I bothering to ask this question at all instead of just doing it the way that makes sense to me? Well the issue is that by breaking it up into multiple key value pairs it actually overrides the other method and makes it so that all those registry settings are ignored. So it doesn't delete them but it still leaves me with nearly the exact same problem.

While I believe "my" way is superior because it uses the registry in a more common sense route, if that is not what the majority of extension developers do then it doesn't matter and I should be conforming to the other way.

As I am typing this question up I did realize just how hard/annoying it is to properly format and make it clear and digestible what the multi key/value format of the registry would look like instead of being a JSON string. So perhaps that is the reason why all the documentation puts it all as one JSON string?

Asked by perihwk+firefox 7 months ago

Answered by Mike Kaply 7 months ago

  • Solved

How to disable Quic protocol in Windows with MS Intune

Hello I am looking for a way to disable the QUIC protocol in Firefox through Intune. tried by below value but its not working, anyone did the settings in MS Intune for W… (read more)

Hello

I am looking for a way to disable the QUIC protocol in Firefox through Intune. tried by below value but its not working, anyone did the settings in MS Intune for Windows? <enabled/> <data id="JSON" value=' {

 "network.http.http3.enable": {
   "Value": 0,
   "Status": "user"
 },

{

 "network.http.http3.enable_0rtt": {
   "Value": 0,
   "Status": "user"
 }

}'/>

Thanks

Asked by Shri Sivakumaran 4 months ago

Answered by Shri Sivakumaran 4 months ago

  • Solved
  • Archived

Firefox ESR deployment with MDT Error: 1618

We use Microsoft MDT for computer deployment. We have been installing the Standard version of Firefox for a long time with no problem. Recently we started using AD GPO Te… (read more)

We use Microsoft MDT for computer deployment. We have been installing the Standard version of Firefox for a long time with no problem. Recently we started using AD GPO Templates to configure firefox. To be able to configure certain settings you need to be running the ESR version. I downloaded the more recent ESR version: 102.12.0esr.msi file.

When deploying machine MDT to install Mozilla firefox I keep getting this error: Application Mozilla Firefox ESR returned an unexpected return code: 1618

This is the only application having issues and this issue only came up since I change the installation file to the ESR version.

This is the install command being used in MDT: msiexec /i "Firefoxesr.msi" /qn /norestart

I am posting here and not with MDT support, as this only started happening when I changed the installation file to the ESR version. Has anybody else had a problem deploying ESR version through MDT? Any help on how to fix?

Asked by Joshua_Calais 10 months ago

Answered by Joshua_Calais 10 months ago