X
Tik hier voor de mobiele versie van de website.

Ondersteuningsforum

Deze conversatie is gearchiveerd. Stel een nieuwe vraag als u hulp nodig hebt.

How to lock down Firefox in an Enterprise Environment?

Geplaatst

I need to lock a bunch of preferences so they can not be changed by users on multiple Windows 7 computers running Firefox. I was able to get most of the settings I needed locked down in a test environment by using the Firefox-GPO-Addon and an .adm template I found online:

https://addons.mozilla.org/en-us/firefox/addon/gpo-for-firefox/

   The template is outdated and does not match many of the settings, but it was easy to add settings to the .adm template. I do not like this method since I have to install the addon (somehow) on all of the computers. Also, there are a couple of settings I need to configure (such as privacy.sanitize.promptOnSanitize", false) that are not currently in the 'about:config' by default and the GPO does not create them.
   So, I have been trying to figure out the other method of configuring Firefox settings in an enterprise environment, and have been working mostly with these articles:

http://stealthpuppy.com/prepare-mozilla-firefox-for-enterprise-deployment-and-virtualization/
http://kb.mozillazine.org/Locking_preferences

   I figured once I have the mozilla.cfg and local-settings.js configured, I can copy them to all of the computers with a script, instead of having to install the GPO AddOn. Here's what my local-settings.js looks like:

pref("general.config.obscure_value", 0);
pref("general.config.filename", "mozilla.cfg");

And here's my mozilla.cfg file, with some of the settings I need configured:

//
pref("browser.startup.homepage", http://www.msn.com);
lockPref("browser.startup.homepage", http://www.msn.com);
pref("security.tls.version.max", 1);
lockPref("security.tls.version.max", 1);
pref("security.tls.version.min", 0);
lockPref("security.tls.version.min", 0);
pref("security.default_personal_cert", Ask Every Time);
lockPref("security.default_personal_cert", Ask Every Time);
pref("app.update.enable", false);
lockPref("app.update.enable", false);
pref("browser.search.update", false);
lockPref("browser.search.update", false);
pref("extensions.update.enabled", false);
lockPref("extensions.update.enabled", false);
pref("network.protocol-handler.external.shell", false);
lockPref("network.protocol-handler.external.shell", false);
pref("plugin.disable_full_page_plugin_for_types", PDF, FDF, XFDF, LSL, LSO, LSS, IQY, RQY, XLK, XLS, XLT, POT PPS, PPT, DOS, DOT;
lockPref("plugin.disable_full_page_plugin_for_types", PDF, FDF, XFDF, LSL, LSO, LSS, IQY, RQY, XLK, XLS, XLT, POT PPS, PPT, DOS, DOT);
   However, when I copy the mozilla.cfg file to C:\Program Files (x86)\Mozilla Firefox\ and the local-settings.js file to C:\Program Files (x86)\Mozilla Firefox\defaults\pref it has no effect on the settings in Firefox. I can go to about:config and see nothing has changed. 
   Any help is appreciated!
I need to lock a bunch of preferences so they can not be changed by users on multiple Windows 7 computers running Firefox. I was able to get most of the settings I needed locked down in a test environment by using the Firefox-GPO-Addon and an .adm template I found online: https://addons.mozilla.org/en-us/firefox/addon/gpo-for-firefox/ The template is outdated and does not match many of the settings, but it was easy to add settings to the .adm template. I do not like this method since I have to install the addon (somehow) on all of the computers. Also, there are a couple of settings I need to configure (such as privacy.sanitize.promptOnSanitize", false) that are not currently in the 'about:config' by default and the GPO does not create them. So, I have been trying to figure out the other method of configuring Firefox settings in an enterprise environment, and have been working mostly with these articles: http://stealthpuppy.com/prepare-mozilla-firefox-for-enterprise-deployment-and-virtualization/<br /> http://kb.mozillazine.org/Locking_preferences I figured once I have the mozilla.cfg and local-settings.js configured, I can copy them to all of the computers with a script, instead of having to install the GPO AddOn. Here's what my local-settings.js looks like: pref("general.config.obscure_value", 0);<br /> pref("general.config.filename", "mozilla.cfg"); And here's my mozilla.cfg file, with some of the settings I need configured: <pre><nowiki>// pref("browser.startup.homepage", http://www.msn.com); lockPref("browser.startup.homepage", http://www.msn.com); pref("security.tls.version.max", 1); lockPref("security.tls.version.max", 1); pref("security.tls.version.min", 0); lockPref("security.tls.version.min", 0); pref("security.default_personal_cert", Ask Every Time); lockPref("security.default_personal_cert", Ask Every Time); pref("app.update.enable", false); lockPref("app.update.enable", false); pref("browser.search.update", false); lockPref("browser.search.update", false); pref("extensions.update.enabled", false); lockPref("extensions.update.enabled", false); pref("network.protocol-handler.external.shell", false); lockPref("network.protocol-handler.external.shell", false); pref("plugin.disable_full_page_plugin_for_types", PDF, FDF, XFDF, LSL, LSO, LSS, IQY, RQY, XLK, XLS, XLT, POT PPS, PPT, DOS, DOT; lockPref("plugin.disable_full_page_plugin_for_types", PDF, FDF, XFDF, LSL, LSO, LSS, IQY, RQY, XLK, XLS, XLT, POT PPS, PPT, DOS, DOT); </nowiki></pre> However, when I copy the mozilla.cfg file to C:\Program Files (x86)\Mozilla Firefox\ and the local-settings.js file to C:\Program Files (x86)\Mozilla Firefox\defaults\pref it has no effect on the settings in Firefox. I can go to about:config and see nothing has changed. Any help is appreciated!

Bewerkt door cor-el op

Gekozen oplossing

hello, the mozilla.cfg file isn't very error tolerant - so please first only try it with one line to see if it is correctly called by the local-settings.js file:

//
pref("browser.startup.homepage", "http://www.msn.com"); 

you also shouldn't set each preference twice - pref, lockPref & defaultPref have different meanings: http://mike.kaply.com/2012/03/16/customizing-firefox-autoconfig-files/

Dit antwoord in context lezen 2

Aanvullende systeemdetails

Geïnstalleerde plug-ins

  • Shockwave Flash 11.8 r800
  • Adobe Shockwave for Director Netscape plug-in, version 12.0.4.144
  • NPRuntime Script Plug-in Library for Java(TM) Deploy
  • The QuickTime Plugin allows you to view a wide variety of multimedia content in Web pages. For more information, visit the QuickTime Web site.
  • 5.1.20513.0
  • Adobe PDF Plug-In For Firefox and Netscape 11.0.03
  • VMware Remote Console Plug-in
  • The plug-in allows you to open and edit files using Microsoft Office applications
  • Office Authorization plug-in for NPAPI browsers

Toepassing

  • Useragent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:23.0) Gecko/20100101 Firefox/23.0

Meer informatie

Curtis Parfitt-Ford 33 oplossingen 363 antwoorden

Hi,

Have you read the http://kb.mozillazine.org/Locking_preferences article?

Hope this helps!

cyborg4

Hi, Have you read the http://kb.mozillazine.org/Locking_preferences article? Hope this helps! cyborg4
jscher2000
  • Top 10 Contributor
8024 oplossingen 65570 antwoorden

It might also be useful to join and search the Enterprise Working Group (EWG) mailing list. There's a link on this page: http://www.mozilla.org/en-US/firefox/organizations/

It might also be useful to join and search the Enterprise Working Group (EWG) mailing list. There's a link on this page: http://www.mozilla.org/en-US/firefox/organizations/

Bewerkt door jscher2000 op

Vraageigenaar

Yes Cyborg 4, I have read that article as well.

Yes Cyborg 4, I have read that article as well.
Curtis Parfitt-Ford 33 oplossingen 363 antwoorden

Hmm. That's rather odd!

Let me see if I can find a way to sort this for you.

Hmm. That's rather odd! Let me see if I can find a way to sort this for you.
Curtis Parfitt-Ford 33 oplossingen 363 antwoorden

Hi,

Not sure if this article is relevant - it's quite old! http://mike.kaply.com/2013/05/13/more-major-changes-coming-in-firefox-21/

Curtis

Hi, Not sure if this article is relevant - it's quite old! http://mike.kaply.com/2013/05/13/more-major-changes-coming-in-firefox-21/ Curtis
philipp
  • Top 25 Contributor
  • Moderator
5154 oplossingen 22828 antwoorden

Gekozen oplossing

hello, the mozilla.cfg file isn't very error tolerant - so please first only try it with one line to see if it is correctly called by the local-settings.js file:

//
pref("browser.startup.homepage", "http://www.msn.com"); 

you also shouldn't set each preference twice - pref, lockPref & defaultPref have different meanings: http://mike.kaply.com/2012/03/16/customizing-firefox-autoconfig-files/

hello, the mozilla.cfg file isn't very error tolerant - so please first only try it with one line to see if it is correctly called by the local-settings.js file: // pref("browser.startup.homepage", "http://www.msn.com"); you also shouldn't set each preference twice - pref, lockPref & defaultPref have different meanings: http://mike.kaply.com/2012/03/16/customizing-firefox-autoconfig-files/

Vraageigenaar

Phillip, my issue was I was lacking "the quotations", thanks!

Phillip, my issue was I was lacking "the quotations", thanks!
cor-el
  • Top 10 Contributor
  • Moderator
16790 oplossingen 151736 antwoorden

Note that string prefs need to have their values surrounded by quotes as you probably found out.
Integer and Boolean prefs mustn't have quotes.
The mozilla.cfg file is run as JavaScript (prefs.js and user.js are interpreted) and thus can contain JavaScript code as well and will throw an exception in case of errors.

lockPref("security.default_personal_cert", "Ask Every Time");
lockPref("plugin.disable_full_page_plugin_for_types", "PDF, FDF, XFDF, LSL, LSO, LSS, IQY, RQY, XLK, XLS, XLT, POT PPS, PPT, DOS, DOT");

Note that string prefs need to have their values surrounded by quotes as you probably found out.<br /> Integer and Boolean prefs mustn't have quotes.<br /> The mozilla.cfg file is run as JavaScript (prefs.js and user.js are interpreted) and thus can contain JavaScript code as well and will throw an exception in case of errors. <pre><nowiki>lockPref("security.default_personal_cert", "Ask Every Time"); lockPref("plugin.disable_full_page_plugin_for_types", "PDF, FDF, XFDF, LSL, LSO, LSS, IQY, RQY, XLK, XLS, XLT, POT PPS, PPT, DOS, DOT"); </nowiki></pre> ---- *http://mxr.mozilla.org/mozilla-central/source/extensions/pref/autoconfig/src/prefcalls.js

Bewerkt door cor-el op