Отображение вопросов с тегом: Показать все вопросы
  • Архивировано

GitHub Registry List

on GitHub the commands are all based on Java https://github.com/mozilla/policy-templates#preferences Is there a list of all available registry settings? Or where do thes… (читать ещё)

on GitHub the commands are all based on Java https://github.com/mozilla/policy-templates#preferences

Is there a list of all available registry settings? Or where do these Java options come from, where can I read them out?

Задан edv40038 1 год назад

Последний ответ от Mike Kaply 1 год назад

  • Архивировано

How to Disable Saved Address and Credit Cards

During a client Audit earlier this week we were dinged on not having the option in Firefox ESR to block manually saving Addresses and Credit Cards. We have the autofill … (читать ещё)

During a client Audit earlier this week we were dinged on not having the option in Firefox ESR to block manually saving Addresses and Credit Cards. We have the autofill disabled however users can still manually add credit cards and addresses and this poses an issue with our call center agents handling Credit Card info. I'd like to be able to gray out the Saved Addresses and Saved Credit Card boxes so as to prevent agents from manually entering card data into it using a GPO or Registry setting that we can push and apply to all our domain PCs. Ideally, if we could add an entry to the JSON preferences in the Mozilla GPO that would gray those options out that'd be best but any option that removes the users ability to add CC info would be acceptable.

Задан rhall4 8 месяцев назад

Последний ответ от rhall4 6 месяцев назад

  • Решено
  • Архивировано

GPO Settings for AutoFill Address and Credit Cards

We downloaded the GPO Templates for AD and looking to customize Firefox. We would like to disable Forms and Autofill: Autofill addresses Autofill credit cards Also wou… (читать ещё)

We downloaded the GPO Templates for AD and looking to customize Firefox.

We would like to disable Forms and Autofill: Autofill addresses Autofill credit cards

Also would like to lock down so they can't reenable if possible.

We would like to do this all through GPOs if possible. I found these in the about:config: extensions.formautofill.addresses.enabled extensions.formautofill.creditCards.enabled

But again want to do through the GPO. Is this possible?

Side note while working on GPOs, I set Exceptions for the popup blocker and they are not showing up in the browser. I also filled out to remove Search Engines but they all still appear in the browsers. These two GPO settings don't appear to be working.

Задан Joshua_Calais 1 год назад

Дан ответ Mike Kaply 1 год назад

  • Решено
  • Архивировано

how to disable common users to modify the settings of "No proxy for" in "Connection Settings"

I am an admin of some servers, i modify the proxy settings of firefox in a GPO, and it works, but now ont thing is that users can modify the settings of "No proxy for" in… (читать ещё)

I am an admin of some servers, i modify the proxy settings of firefox in a GPO, and it works, but now ont thing is that users can modify the settings of "No proxy for" in Connection Settings, then add the urls, then users can access to any web site which they want to, is there a method to disable this? thanks.

Задан fas910 1 год назад

Дан ответ Mike Kaply 1 год назад

  • Решено
  • Архивировано

Group Policy Templates / Preferences (Deprecated)

I am looking for information regarding the support life for settings that are defined in the Preferences (Deprecated) section of the ADMX templates provided in GitHub. Th… (читать ещё)

I am looking for information regarding the support life for settings that are defined in the Preferences (Deprecated) section of the ADMX templates provided in GitHub. There doesn't appear to be a definitive answer as to when these preferences are no longer applicable to a version of Firefox. The term "Deprecated" certainly applies they're on their way to extinction. But only a small handful of preferences have been ported over to non-deprecated template settings (like Auto Update). Is there an expected version of Firefox where all these preferences are meaningless? Or will they be supported indefinitely? "Industry recommendations' from 3rd party security vendors are bloating my policies in the domain space and I can't definitively say they are 'no longer supported as of version xyz' for all these Firefox Preference settings, which happen to be about 80% of the security parameters defined by STIG and/or CIS Workbench.

Задан rott3nhippi3 1 год назад

Дан ответ TyDraniu 1 год назад

  • Архивировано

Assistance Needed with Firefox Browser and Group Policy Settings

Hi there, We are currently utilizing Windows Server 2019 as our development server. To maintain security protocols, we have implemented a Group Policy to block internet … (читать ещё)

Hi there,

We are currently utilizing Windows Server 2019 as our development server. To maintain security protocols, we have implemented a Group Policy to block internet access on this server. Initially, this configuration successfully restricted internet access on all browsers, including Firefox. However, recently we encountered an issue where internet access became available solely through the Firefox browser, posing a significant data security risk.

Upon investigation, we discovered that Firefox allows users to modify proxy settings, effectively bypassing our Group Policy restrictions. Unlike other browsers, Firefox permits users to adjust proxy settings without sufficient rights, thus overriding our established restrictions.

To mitigate this issue, we require guidance on enforcing Group Policy settings within Firefox to prevent unauthorized alterations to proxy settings and ensure internet access remains restricted. It's important to note that Firefox is exclusively utilized for development purposes on our server.

Your assistance in resolving this matter would be greatly appreciated.

Regards, Hiten

Задан hitenj.trivedi 6 месяцев назад

Последний ответ от Mike Kaply 6 месяцев назад

  • Решено
  • Архивировано

How to disable QUIC http3 in Firefow either by Windows Registry editor o by AMDX template

Hello I am looking for a way to disable the QUIC protocol in Firefox by GPO. I got your latest AMDX templates but I don't see the option to modify network.http.http3.ena… (читать ещё)

Hello

I am looking for a way to disable the QUIC protocol in Firefox by GPO. I got your latest AMDX templates but I don't see the option to modify network.http.http3.enabled.

Either an AMDX template with this option or a Registry will do the trick

Thanks

Задан rmirandacr 1 год назад

Дан ответ rmirandacr 1 год назад

  • Архивировано

I want to put Zscaler Root CA certificate for web access by terminal

Hi Team, I'm using the Zscaler in my network, when I use the Firefox, appear the error: "Software is Preventing Firefox From Safely Connecting to This Site www.googlead… (читать ещё)

Hi Team, I'm using the Zscaler in my network, when I use the Firefox, appear the error:

"Software is Preventing Firefox From Safely Connecting to This Site

www.googleadservices.com is most likely a safe site, but a secure connection could not be established. This issue is caused by Zscaler Root CA, which is either software on your computer or your network.

What can you do about it?

www.googleadservices.com has a security policy called HTTP Strict Transport Security (HSTS), which means that Firefox can only connect to it securely...." Picture 1

I have root certificate in path: /usr/share/ca-certificates/mozilla$ Picture 2

I run the command for updates CA but it doesn't work: sudo update-ca-certificates

Errors keep popping up.

The certificate not appear in the Certificate manager > Authorities Picture 3

But if I open the firefox > Settings > Privacy & Security> Certifcates > View Certificates > Import And I import the certificate ZscalerRoot.crt and I mark the option "trust this CA to identify websites" the firefox works, and I can open the site without error message.

Picture 4

And the certificate appear in the manager certificate: Picture 5


How can I put the command terminal certificate, which I have on hundreds of machines?

Note: I need to put the certificate only for internet access.

Задан walter.sena.m 1 год назад

Последний ответ от cor-el 1 год назад

  • Архивировано

Group policy for PKCS11

Can we set up these gpo`s so that there is a check for dependencies? Windows (GPO) Software\Policies\Mozilla\Firefox\SecurityDevices\Add\NAME_OF_DEVICE_TO_ADD = PATH_TO… (читать ещё)

Can we set up these gpo`s so that there is a check for dependencies?

Windows (GPO)

Software\Policies\Mozilla\Firefox\SecurityDevices\Add\NAME_OF_DEVICE_TO_ADD = PATH_TO_LIBRARY_FOR_DEVICE Software\Policies\Mozilla\Firefox\SecurityDevices\Remove\1 = NAME_OF_DEVICE_TO_REMOVE

Thank you.

Задан desislava.ivanova 1 год назад

Последний ответ от Mike Kaply 1 год назад

  • Решено
  • Архивировано

Windows GPO Help with JSON configs

Environment: Windows 10 22h2 clients, latest ESR build, Domain servers Windows 2016 or better. So I followed the guide https://github.com/mozilla/policy-templates/blob/m… (читать ещё)

Environment: Windows 10 22h2 clients, latest ESR build, Domain servers Windows 2016 or better.

So I followed the guide https://github.com/mozilla/policy-templates/blob/master/README.md#extensionsettings and tried to set up the config. We are using the latest ESR build but after the settings is applied I still dont have working extensions.

Here is the code

{
     "*": {
           "blocked_install_message": "Addon or Extension is not approved. Please submit a ticket to Help Desk if you need access to this extension.",
           "install_sources": ["https://addons.mozilla.org/"],
           "installation_mode": "blocked"
     },
     "{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}": {
           "installation_mode": "allowed",
           "install_url": "https://addons.mozilla.org/firefox/downloads/latest/adblock-plus/latest.xpi"
           },
     "ciscowebexstart1@cisco.com": {
           "installation_mode": "allowed",
           "install_url": "https://addons.mozilla.org/firefox/downloads/latest/cisco-webex-extension/latest.xpi"
     },
     "{d0210f13-a970-4f1e-8322-0f76ec80adde}": {
           "installation_mode": "allowed",
           "install_url": "https://addons.mozilla.org/firefox/downloads/latest/instapaper-official/latest.xpi"
           },
     "appstore-mini@feedly.com": {
           "installation_mode": "allowed",
           "install_url": "https://addons.mozilla.org/firefox/downloads/latest/feedly_mini/latest.xpi"
           },
     "extension@one-tab.com": {
           "installation_mode": "allowed",
           "install_url": "https://addons.mozilla.org/firefox/downloads/latest/onetab/latest.xpi"
           },
     "support@lastpass.com": {
           "installation_mode": "allowed",
           "install_url": "https://addons.mozilla.org/firefox/downloads/latest/lastpass-password-manager/latest.xpi"
           },
     "sweb2pdfextension.4@kofax.com": {
           "installation_mode": "allowed",
           "install_url": "https://addons.mozilla.org/firefox/downloads/latest/kofax-pdf-create-4-0/latest.xpi"
           },
     "Aternity-WebExt-12.1.4@aternity.com": {
           "installation_mode": "allowed",
           },
     "its_addons_wrap@onelog.com": {
           "installation_mode": "allowed",
           "install_url": "https://extensions.onelog.com/extension/onelog.xpi"
     }

}

I have placed the settings in HKCU but also tried in HKLM and there has been no difference. in each case I get Unable to parse JSON for Extensionsettings when checking the about:policies section and when I look at the registry I see the REG_MULTI_SZ value but when i click on it to read it I get another error message. Cannot edit ExtensionSettings: Error reading the values contents.

I tried re-entering the code and tried not listing the install URLs and even tried only listing 1 item. I haven't been able to get past this error so any help would be greatly appreciated.

Задан daniel.david.white 1 год назад

Дан ответ Mike Kaply 1 год назад

  • Архивировано

Issue with managing GPO default pdf handler settings

Hi, I'm blocked because for my company i have to make a GPO that will setup the default handler for pdf files. I picked up different codes on internet but it went the sa… (читать ещё)

Hi,

I'm blocked because for my company i have to make a GPO that will setup the default handler for pdf files. I picked up different codes on internet but it went the same way for all of them, it didn't work. Im pretty sure that's not a GPO application issue because actually all the others setings are working perfectly.

The json code was paste on the Handlers settings as u can see in the attachement.

Hopefully that i will find help there.

Cordially.

Задан anthony.gautiericn 1 год назад

Последний ответ от Mike Kaply 1 год назад

  • Архивировано

Disable Firefox Password Manager Completely via plist

Attempting to disable FF Password manager completely for my org via a plist. Currently have the password manager itself disabled but can't figure out how to disable the … (читать ещё)

Attempting to disable FF Password manager completely for my org via a plist.

Currently have the password manager itself disabled but can't figure out how to disable the Auto-fill settings with previously saved passwords prior to the password manager being disabled?

Is this possible? Or is this disabled already when the password manager itself is disabled?

Currently have this set via a plist:

<key>PasswordManagerEnabled</key> <false/>

Задан Matthew L 6 месяцев назад

Последний ответ от Mike Kaply 6 месяцев назад

  • Решено
  • Архивировано

network.negotiate-auth content changes are deleted after restart mozilla

in our organisation i need several domainnames to be added in network.negotiate-auth.delegation-uris and network.negotiate-auth.trusted-uris, so that sso for some webappl… (читать ещё)

in our organisation i need several domainnames to be added in network.negotiate-auth.delegation-uris and network.negotiate-auth.trusted-uris, so that sso for some webapplications is working. some are allready in the list. when i make changes to the list, everything is working ok, but when i clos all mozilla windows and restart mozilla, the changes are gone.

Задан bonami 1 год назад

Дан ответ bonami 1 год назад

  • Архивировано

Issue with Blocking Websites in Mozilla Firefox via Group Policy

We followed the links below to block internet access in Firefox browser: https://www.youtube.com/watch?v=fAGYYX5hYb8 https://github.com/mozilla/policy-templates/release… (читать ещё)

We followed the links below to block internet access in Firefox browser:

https://www.youtube.com/watch?v=fAGYYX5hYb8 https://github.com/mozilla/policy-templates/releases

We downloaded the ADMX and ADML files. Using these files, we were able to locate Mozilla Firefox in Group Policy Management and successfully block all websites in the Firefox browser using the pattern :///*.

However, we encountered an issue with exceptions. We do not wish to block certain websites, including localhost. We attempted to use the "Exceptions to block websites" option, providing values such as ://msn.com/ to exclude specific sites. Unfortunately, this approach did not work as intended. For instance, msn.com is one of the websites we want to allow, among others and also localhost.

We require assistance with the following issue: "Exceptions to block websites" is not functioning properly within the group policy of Mozilla Firefox.

Задан hitenj.trivedi 6 месяцев назад

Последний ответ от Mike Kaply 5 месяцев назад

Log-in with a certificate is not possible

With Firefox 115.14.0esr, 115.2esr and 128.xesr we can`t log in into a company website with a certificate. After the certificate login we end up on the WebSeal again. Htt… (читать ещё)

With Firefox 115.14.0esr, 115.2esr and 128.xesr we can`t log in into a company website with a certificate. After the certificate login we end up on the WebSeal again. Http status 302 for pkmslogin.form and pkmscertpromptstagen is called ~12x repeatedly with 302 error each time and then jump back to the login screen.

Задан desislava.ivanova 2 недели назад

Последний ответ от Mike Kaply 1 неделю назад

  • Архивировано

Firefox conflict with Windows HTTPS (DoH) -> Requipred DoH

When setting Windows to "Require DoH", firefox will not resolve DNS addresses, regardless of which "Enable secure DNS" setting is picked in FireFox security settings tab.… (читать ещё)

When setting Windows to "Require DoH", firefox will not resolve DNS addresses, regardless of which "Enable secure DNS" setting is picked in FireFox security settings tab.

I expected at least "Off -- Use your default DNS resolver" to work.

If Windows is configured to just "Allow DoH", Firefox has no issues resolving DNS addresses, for any of the Firefox policy settings.

For reference, you can find the DoH policy setting in windows group policy editor, here:

gpedit.msc

Computer Configuration -> Administrative Templates -> Network -> DNS Client -> Configure DNS over HTTPS

(Have to enable it, then select Configure DoH options: Require DoH.)

you may need to issue a gpupdate /force for the setting to be picked up quickly.

Задан s189 1 год назад

Последний ответ от Valentin 1 год назад

  • Архивировано

Automatic redirect in pac files doesn't work

Hello, I have a problem with a pac file in our org. We download it from a server. The basic functionality is applied and it does redirect the desired traffic to the prox… (читать ещё)

Hello,

I have a problem with a pac file in our org. We download it from a server. The basic functionality is applied and it does redirect the desired traffic to the proxy. The problem occurs when the proxy goes down, it then should automaticaly start making direct connections, but the connections fail. We want to proxy only http and https and event that with some exceptions.

It was done according to https://developer.mozilla.org/en-US/docs/Web/HTTP/Proxy_servers_and_tunneling/Proxy_Auto-Configuration_PAC_file#example_6

Is there any problem with PAC file or does the browser have issues with the config?

Thanks for any help.

function FindProxyForURL(url, host) {

   /* Our proxy list */
   OURPROXY = "PROXY 172.22.59.X:3128; DIRECT"
   INOUR = "ourgroup.internal"
   /* Normalize the URL and HOST for pattern matching */
   url = url.toLowerCase();
   host = host.toLowerCase();
   /* Our Network Entry */
   if (isResolvable(INOUR)) {
       /* Don't proxy local services */
       if (isInNet(host, "10.0.0.0", "255.0.0.0")
       ) {
           return "DIRECT";
       }
       /* Proxy only http & https */
       if (url.substring(0, 5) == "http:" || url.substring(0, 6) == "https:") {
           /* Don't proxy local hostnames (without dots) */
           if (isPlainHostName(host)) {
               return "DIRECT";
           }
           /* END: Don't proxy local hostnames */
           /* START: Internal systems */
           if (shExpMatch(host, "*.example.com") ||
               shExpMatch(host, "example.com") ||
               /* END: Internal systems */
               /* START: Split VPN tunnel */
               shExpMatch(host, "*.example2.com") ||
               shExpMatch(host, "example2.com") ||
               /* END: Split VPN tunnel */
           ) {
               return "DIRECT";
           }
           /* END: Don't proxy to internal systems */
           return OURPROXY;
       } else {
         return "DIRECT";
       }
       /* END: Proxy only http & https */
   } else {
     return "DIRECT";
   }
   /* END: Our Network Entry */
   return "DIRECT";

}

Задан piotr.jakub.kaczmarzyk 1 год назад

Последний ответ от Mike Kaply 1 год назад

  • Архивировано

Wild Card URL & "Allowed URL" ADMX not working properly

Hi there, we trying to restrict internet access that used Mozilla Firefox on client computers through Microsoft Intune. We have already configured policy by uploading A… (читать ещё)

Hi there,

we trying to restrict internet access that used Mozilla Firefox on client computers through Microsoft Intune.

We have already configured policy by uploading ADMX template & Custom OMA-URI as described in https://github.com/mozilla/policy-templates/blob/master/README.md 

We are trying to add custom allowed web sites to "WebsiteFilter" OMA-URI ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/B_WebsiteFilter_Exceptions. added web sites are not allowed. my question is what is the best way to enter URLs (I mean format) to allow list & how I can used wild card to allow all the web sites of one specific domain. eg:- microsoft

Задан fmudiyanse 1 год назад

Последний ответ от Mike Kaply 1 год назад