How to lock down Firefox in an Enterprise Environment?
I need to lock a bunch of preferences so they can not be changed by users on multiple Windows 7 computers running Firefox. I was able to get most of the settings I needed locked down in a test environment by using the Firefox-GPO-Addon and an .adm template I found online:
https://addons.mozilla.org/en-us/firefox/addon/gpo-for-firefox/
The template is outdated and does not match many of the settings, but it was easy to add settings to the .adm template. I do not like this method since I have to install the addon (somehow) on all of the computers. Also, there are a couple of settings I need to configure (such as privacy.sanitize.promptOnSanitize", false) that are not currently in the 'about:config' by default and the GPO does not create them.
So, I have been trying to figure out the other method of configuring Firefox settings in an enterprise environment, and have been working mostly with these articles:
http://stealthpuppy.com/prepare-mozilla-firefox-for-enterprise-deployment-and-virtualization/
http://kb.mozillazine.org/Locking_preferences
I figured once I have the mozilla.cfg and local-settings.js configured, I can copy them to all of the computers with a script, instead of having to install the GPO AddOn. Here's what my local-settings.js looks like:
pref("general.config.obscure_value", 0);
pref("general.config.filename", "mozilla.cfg");
And here's my mozilla.cfg file, with some of the settings I need configured:
// pref("browser.startup.homepage", http://www.msn.com); lockPref("browser.startup.homepage", http://www.msn.com); pref("security.tls.version.max", 1); lockPref("security.tls.version.max", 1); pref("security.tls.version.min", 0); lockPref("security.tls.version.min", 0); pref("security.default_personal_cert", Ask Every Time); lockPref("security.default_personal_cert", Ask Every Time); pref("app.update.enable", false); lockPref("app.update.enable", false); pref("browser.search.update", false); lockPref("browser.search.update", false); pref("extensions.update.enabled", false); lockPref("extensions.update.enabled", false); pref("network.protocol-handler.external.shell", false); lockPref("network.protocol-handler.external.shell", false); pref("plugin.disable_full_page_plugin_for_types", PDF, FDF, XFDF, LSL, LSO, LSS, IQY, RQY, XLK, XLS, XLT, POT PPS, PPT, DOS, DOT; lockPref("plugin.disable_full_page_plugin_for_types", PDF, FDF, XFDF, LSL, LSO, LSS, IQY, RQY, XLK, XLS, XLT, POT PPS, PPT, DOS, DOT);
However, when I copy the mozilla.cfg file to C:\Program Files (x86)\Mozilla Firefox\ and the local-settings.js file to C:\Program Files (x86)\Mozilla Firefox\defaults\pref it has no effect on the settings in Firefox. I can go to about:config and see nothing has changed. Any help is appreciated!
Moambuepyre
Ñemoĩporã poravopyre
hello, the mozilla.cfg file isn't very error tolerant - so please first only try it with one line to see if it is correctly called by the local-settings.js file:
// pref("browser.startup.homepage", "http://www.msn.com");
you also shouldn't set each preference twice - pref, lockPref & defaultPref have different meanings: http://mike.kaply.com/2012/03/16/customizing-firefox-autoconfig-files/
Emoñe’ẽ ko mbohavái ejeregua reheve 👍 2Opaite Mbohovái (8)
Hi,
Have you read the http://kb.mozillazine.org/Locking_preferences article?
Hope this helps!
cyborg4
It might also be useful to join and search the Enterprise Working Group (EWG) mailing list. There's a link on this page: http://www.mozilla.org/en-US/firefox/organizations/
Moambuepyre
Yes Cyborg 4, I have read that article as well.
Hmm. That's rather odd!
Let me see if I can find a way to sort this for you.
Hi,
Not sure if this article is relevant - it's quite old! http://mike.kaply.com/2013/05/13/more-major-changes-coming-in-firefox-21/
Curtis
Ñemoĩporã poravopyre
hello, the mozilla.cfg file isn't very error tolerant - so please first only try it with one line to see if it is correctly called by the local-settings.js file:
// pref("browser.startup.homepage", "http://www.msn.com");
you also shouldn't set each preference twice - pref, lockPref & defaultPref have different meanings: http://mike.kaply.com/2012/03/16/customizing-firefox-autoconfig-files/
Phillip, my issue was I was lacking "the quotations", thanks!
Note that string prefs need to have their values surrounded by quotes as you probably found out.
Integer and Boolean prefs mustn't have quotes.
The mozilla.cfg file is run as JavaScript (prefs.js and user.js are interpreted) and thus can contain JavaScript code as well and will throw an exception in case of errors.
lockPref("security.default_personal_cert", "Ask Every Time"); lockPref("plugin.disable_full_page_plugin_for_types", "PDF, FDF, XFDF, LSL, LSO, LSS, IQY, RQY, XLK, XLS, XLT, POT PPS, PPT, DOS, DOT");
Moambuepyre