I think these references will get you started, however I have not done this before:

http://kb.mozillazine.org/Locking_preferences

  You will need a mozilla.cfg and local-settings.js configured, I can copy them to all of the computers with a script, instead of having to install the GPO AddOn. Here's what my local-settings.js looks like:

pref("general.config.obscure_value", 0); pref("general.config.filename", "mozilla.cfg");

- pref, lockPref & defaultPref have different meanings: http://mike.kaply.com/2012/03/16/customizing-firefox-autoconfig-files...

It is not possible to white-list a plugin for a specific domain via preferences. Via preferences you can only define the default behavior and that is best left to "Ask to Activate". Normally you white-list (allow) a plugin for a specific domain in "Tools > Page Info > Permissions" and this is one of the settings that is stored in the permissions.sqlite file as part of the "Site Preferences". So you would have to inject such a record in this file to allow Java automatically for this domain.

Note that you likely also have to white-list this site in the Java plugin and that can only be done via the Java control Center AFAIK.

• "What should I do when I see a security prompt from Java?":
  http://www.java.com/en/download/help/appsecuritydialogs.xml

If you visit a website regularly then a possible workaround is to add the URL to the Java Exceptions Site List, see:

• "Why are Java applications blocked by your security settings?":
  http://www.java.com/en/download/help/java_blocked.xml
• "How can I configure the Exception Site List?":
  http://www.java.com/en/download/faq/exception_sitelist.xml

Thank you for the information, cor-el. I already have the site added to the Exception Sites list. (We did the Java dance last month.) Is there some documentation on how best to deploy such a setting as you describe into the permissions.sqlite file on a global basis? Should I configure a workstation and then port the settings file out to be deployed as part of the Firefox installation? We are already copying local-settings.js, mms.cfg and firefox.cfg files.

Thank you for the reply, guigs2. I had already looked at those links for locking other settings we were working on and they were extremely helpful in that regard.

Is this for existing profiles or for new installation that haven't used Firefox before?

You can initialize a profile by creating a browser\defaults\profile folder in the Firefox program folder (C:\Program Files\Mozilla Firefox\) and place files in it to have them copied to a newly created profile.

• http://mike.kaply.com/2013/05/13/more-major-changes-coming-in-firefox-21/

This is for both new and existing users

I didn't have time to figure out anything so granular. I ended up just setting the Java plugin to Always Activate by adding pref("plugin.state.java", 2); to our existing mozilla.cfg file