Kukhonjiswa imibuzo ethegiwe: Veza yonke imibuzo

how to add exception server in firefox ? (mass client computer)

hi all, i have mass client computer (about 1000+) need to add exception server. i know the below stop: Click "Advanced" at the bottom of the page, click "Add Exception...… (funda kabanzi)

hi all, i have mass client computer (about 1000+) need to add exception server. i know the below stop: Click "Advanced" at the bottom of the page, click "Add Exception...", then click an “Confirm Security Exception” button at the bottom of the page and the web page will be added to an exception list.

But it is Not a good way for me, client computer is too much. how can i deploy setting to all computer in one time ? my version is firefox 38.7 esr (In some reason, i can't upgrade my firefox) thanks for your help.

Asked by hao012190 1 inyanga edlule

Last reply by Mike Kaply 1 inyanga edlule

  • Okugcinwe kunqolobane

Import personal pfx certificate via policy.json

Hello, I'm trying to setup basic policy.json file to configure firefox for all my users. I'm stuck in one step, we require SSL client certificate to access our intranet.… (funda kabanzi)

Hello, I'm trying to setup basic policy.json file to configure firefox for all my users. I'm stuck in one step, we require SSL client certificate to access our intranet.

1.So far we are importing personal *.pfx file via Firefox GUI in personal tab, but I want to import this cert via policy.json and So far im not able to do it, I dont know how to set requiret certifacate password.

2. I was also thinking using Windows cert store. I imported certifacete to Windows and set flag security.enterprise_roots.enabled to true in about:config. But firefox is not using it. However Edge is working just fine.

Only way i was able to get website working so far is manualy importing that certificate via Firefox GUI.

Which way should I go? And do you have any tips how to get it working? Thanks a lot.

Asked by siba2 7 izinyanga ezidlule

Last reply by Mike Kaply 7 izinyanga ezidlule

  • Okugcinwe kunqolobane

Firefox still allowing to delete history/timeline (GPO)

Hello, we are setting our firefox setting for our domain over the gpo. I installed the the apmx template at our domain controller and setted it. Our goal is, to disable p… (funda kabanzi)

Hello,

we are setting our firefox setting for our domain over the gpo. I installed the the apmx template at our domain controller and setted it.

Our goal is, to disable private surfing and preventing to delete the history. (So we could look it up if the law&order want them).

In the pictures you can see which settings are set in the gpo. Users are still to use the delete function under Settings. Do i miss some kind of gpo?

The gpo for private surfing is working fine so nobody can use it atm. A record with rsop.msc is showing evrything correctly. The Problem is on all machines. With outher browsers and gpo we do not have that kind of problem.

Following GPO Rules (Tranlated): Disable Chronicle -> Disabled Clear the history when Firefox is closed -> Disabled Disable Clean Firefox -> Enabled Disable private browsing -> Enabled Forgot button Deactivate button -> Enabled Mozilla/Firefox/Clear data when browser is closed -> Locked -> Enabled

Asked by Schnuecker 11 izinyanga ezidlule

Last reply by Mike Kaply 9 izinyanga ezidlule

  • Okugcinwe kunqolobane

How to force Private browsing using Registry?

Hello. I manage about 1000 PCs that need to have Private Browsing forced to protect end user Information. I can't use MS GPOs because these PCs log in with a local user… (funda kabanzi)

Hello. I manage about 1000 PCs that need to have Private Browsing forced to protect end user Information. I can't use MS GPOs because these PCs log in with a local user account. Is there a way to force Private browsing on the PCs by adding a registry string to all of the PCs that could be deployed (SCCM) by running a .CMD file? Please advise. Thanks for your time.

Asked by bmendoza 1 unyaka odlule

Last reply by Wesley Branton 1 unyaka odlule

  • Okugcinwe kunqolobane

Unable to use client authentication certificates from Keychain or Windows user store.

We use user certificates as a second authentication factor, these are stored in the My Certificates (Key Chain) on OSX and under Windows Personal Certificates on Windows… (funda kabanzi)

We use user certificates as a second authentication factor, these are stored in the My Certificates (Key Chain) on OSX and under Windows Personal Certificates on Windows. These certificates are pushed via MDM and are not exportable. We have configured the Firefox setting the key "about:config", "security.enterprise_roots.enabled" to TRUE, but this only works for "System" not User based.

Asked by paul.hoff 1 unyaka odlule

Last reply by cor-el 1 unyaka odlule

  • Okugcinwe kunqolobane

Firefox Persistent settings

I have a student lab environment where any number of students can log into a machine. I want to have specific user.js settings to be applied to all Firefox profiles. Is t… (funda kabanzi)

I have a student lab environment where any number of students can log into a machine. I want to have specific user.js settings to be applied to all Firefox profiles. Is there a way to do this?

Asked by rurbanowtreefox 1 unyaka odlule

Last reply by philipp 1 unyaka odlule

  • Okugcinwe kunqolobane

Locking in Automatically install updates (recommended)

Would anyone care to share if it is possible to lock the pref "Automatically install updates (recommended)" option. I have found where I can lock in the check for update… (funda kabanzi)

Would anyone care to share if it is possible to lock the pref "Automatically install updates (recommended)" option. I have found where I can lock in the check for updates updates but specifically we are looking to take away the ability for our user to switch it from "Automatically install updates (recommended)" to "Check for updates but let you choose to install them" .

Asked by Dkiger 1 unyaka odlule

Last reply by cor-el 1 unyaka odlule

  • Okugcinwe kunqolobane

I am currently working on the configuration of Firefox via GPO, but there is also an admx template. Is there a way to force the setting of a master password ?

I am currently working on the configuration of Firefox via GPO, but there is also an admx template. Is there a way to force the setting of a master password for the passw… (funda kabanzi)

I am currently working on the configuration of Firefox via GPO, but there is also an admx template. Is there a way to force the setting of a master password for the password manager?

Asked by FrankJ71 1 unyaka odlule

Last reply by cor-el 1 unyaka odlule

  • Okugcinwe kunqolobane

As an admin can I add certificate exceptions to Firefox for all users?

As an admin in our organization I wanted to add two "Add Exception..." so end users do not have to get a certificate warning and click through to two places. One is a con… (funda kabanzi)

As an admin in our organization I wanted to add two "Add Exception..." so end users do not have to get a certificate warning and click through to two places.

One is a connection to a systray service, the url is https://127.0.0.1:51763 and to test and validate this service for the web application, one must first click test in the app, then click Advanced and Add Exception on the "Your connection is not secure" page. The second is https://tablet.sigwebtablet.com:47290/SigWeb/ which has a Thawte certificate on it, but still requires clicking through.

This is for an in house financial operating system. The vendor did place our wildcard cert on the main page which works, its just these two service test URLs cause an issue, and since we do not own these certificates, we cannot re-sign them with a trusted Subject Alternative Name.

If I can do this with Firefox CCK or Group Policy, that would be fine. We do have Firefox trust our Windows Certificate store, so maybe there is something we can do already in Group Policy and Windows Certificates? I'm not sure because the cert at 127.0.0.1 is signed by corelation.local and there are NO SAN names on it, so even trying to use GPO's to import it to the Computers Trusted Root Certificates may not be enough.

Thanks.

Asked by kjstech 2 iminyaka edlule

Last reply by Mike Kaply 2 iminyaka edlule

  • Okugcinwe kunqolobane

Insecure password warning

Hi, I want to connect my enterprise users to my internal Web App via http connection. By design they get scare message about Insecure password warning. Is that possible t… (funda kabanzi)

Hi, I want to connect my enterprise users to my internal Web App via http connection. By design they get scare message about Insecure password warning. Is that possible to rid out from this scare message for Intranet FF users via Group Policy? I read that is possible via about:config. But that will not work for me, I have around 100 users.

Asked by alilbas 2 iminyaka edlule

Last reply by cor-el 2 iminyaka edlule

  • Okugcinwe kunqolobane

how to modify security.enterprise_roots.enabled to true via javascript

My problem was in my intranet organisation IE accepts trusted root certificates from windows local machine but firefox not accepts. after modify the security.enterprise_r… (funda kabanzi)

My problem was in my intranet organisation IE accepts trusted root certificates from windows local machine but firefox not accepts.

after modify the security.enterprise_roots.enabled to true through browser about:config it works fine.

but I can't explain my huge number of clients to do the same

so if I can modify through peace of javascript code then i place this code in my landing page.

Thanks for the support

Asked by samsfeb 2 iminyaka edlule

Last reply by Mike Kaply 2 iminyaka edlule

  • Okugcinwe kunqolobane

Allow multiple Security Exceptions

Hello, In our environment, we roughly have 200~ subdomains that are all on a local network. Unfortunately, the certificates are self signed, so whenever a user visits X s… (funda kabanzi)

Hello,

In our environment, we roughly have 200~ subdomains that are all on a local network. Unfortunately, the certificates are self signed, so whenever a user visits X subdomain for the first time they have to go through and manually permanently allow exception on that one subdomain. I was wondering if there is a way to gather a list of the 200~ subdomains, and automate or bulk add them to the exception list. I wasn't able to find much on Google, or maybe there is something I'm not searching properly. I was hoping if you could further point me to the right direction, I appreciate your time in reading this.

Asked by encryptedfaith 2 iminyaka edlule

Last reply by cor-el 2 iminyaka edlule

  • Okugcinwe kunqolobane

JS script not loaded in pref directory

Hi all I have distributed a .js file via gpo to the default location: C:\Program Files (x86)\Mozilla Firefox\defaults\pref\ It seems like it is only loaded on the very fi… (funda kabanzi)

Hi all

I have distributed a .js file via gpo to the default location: C:\Program Files (x86)\Mozilla Firefox\defaults\pref\

It seems like it is only loaded on the very first boot. Once I disable the setting on about:config, the js file will not load / apply once I restart firefox.

The file looks like this(enableroot.js):

/* Allows Firefox reading Windows certificates */ pref("security.enterprise_roots.enabled", true);

I searched this and wasn't able to find any solution. Does anyone have experience with it?

best regards,

Trennety

Asked by trennety 2 iminyaka edlule

Last reply by Roland Tanglao 2 iminyaka edlule

  • Okugcinwe kunqolobane

Preventing DoH rollout on our network?

The day that DNS-over-HTTPS is released seems to come closer which has me worried. We run Firefox on 100+ machines for NGO's, most off the people use it as it is the defa… (funda kabanzi)

The day that DNS-over-HTTPS is released seems to come closer which has me worried. We run Firefox on 100+ machines for NGO's, most off the people use it as it is the default browser.

We run internal DNS, as far as I can tell DoH will break this, internal DNS won't resolve in Firefox any longer. Is there a way to prevent DoH rollout on our network. Other than blocking updates or dropping Firefox all together.

It will be a bad day when this rolls out and users start calling, so I would love to prevent it :)

Many thanks for any insights on this in advance.

Asked by peat588 2 iminyaka edlule

Last reply by jscher2000 2 iminyaka edlule

  • Okugcinwe kunqolobane

need gpo that will toggle network.http.spdy.enabled from true to false.

I'm trying to change the Mozilla Firefox about:config values for network.http.spdy.enabled options. I was hoping the .admx file for Firefox would solve this problem but… (funda kabanzi)

I'm trying to change the Mozilla Firefox about:config values for network.http.spdy.enabled options. I was hoping the .admx file for Firefox would solve this problem but the 'spdy' options aren't there. Has anyone come across this issue that is willing to share a solution. Thank you.

Asked by mega.bamafan 2 iminyaka edlule

Last reply by cor-el 2 iminyaka edlule

  • Okugcinwe kunqolobane

locking preferences in Firefox 63.0

I searched high and low on the internet to find out how to lock down preferences, most that I found had incomplete information and for older versions. The last entry I fo… (funda kabanzi)

I searched high and low on the internet to find out how to lock down preferences, most that I found had incomplete information and for older versions. The last entry I found on this forum was from three years ago for version 38 and where to place the files was clear but when to use the commands lockPref, userPref and pref wasn't clear. For version 63 none of what I found was working. Well, diligence paid off. I kept experimenting until I found the correct combination. Where the different pref commands were used and the files locations was the problem. I couldn't use lockPref in the user.js file, I couldn't use the user_pref in the mozilla.cfg file. I was hoping to combine the commands together but it wouldn't work. So, here is what I came up with, spelled out clearly as to how it is setup. Almost every place I found on the internet would not have all the information spelled out leaving me scratching my head as to what they were trying to say. Here is the procedure I put together:

Mozilla Firefox version 63.00 Setup for Locking Files

1. Open Firefox and type “about:config” into the path bar.

       a.	For any preference that is locked you will see the entries in italics and the status displaying “locked”

2. Create the following as text files and change the extension on each.

       a.	mozilla.cfg – lists desired files to be locked.
               i.	The first line is always a double forward slash (//)
               ii.	Starting at the second line, use the lockPref command – examples:
                     1.	lockPref("app.update.enabled", false);
                     2.	lockPref("security.tls.version.min", 2);
      b.	local-settings.js – uses mozilla.cfg to lock the preferences. 
              i.	Add the following entries. Do NOT place a “//” on the first line of the file.
                     1.	pref("general.config.filename", "mozilla.cfg");
                     2.	pref("general.config.obscure_value", 0);
      c.	user.js – changes the settings for each of the listed preferences.
              i.	Enter the same entries that were in mozilla.cfg but use the “user_pref” command at the beginning of 
                       each entry. Do NOT place a “//” on the first line of the file.
                    1.	user_pref("app.update.enabled", false);
                    2.	user_pref("security.tls.version.min", 2);

3. The folders where mozilla.cfg and local-settings.js files are located have full Administrators and System rights assigned, however to make changes to these files copy them to another folder (i.e. Desktop) then copy it back into its respective folder. The UAC prompt asks to accept the changes. A regular user shouldn’t have rights to do this.

4. Location is very important for each of the above files. Place each in their respective directories as shown below.

       a.	mozilla.cfg is placed into:
               i.	C:\Program Files\Mozilla Firefox
       b.	Local-settings.js is placed into:
               i.	C:\Program Files\Mozilla Firefox\defaults\pref
       c.	User.js is placed into:
               i.	C:\Users\”username”\AppData\Roaming\Mozilla\Firefox\Profiles\*this folder name will vary for each installation*

5. To disable the files listed in mozilla.cfg, open the local-setting.js file and add “//” to the beginning of each line to remark them out, save and then restart Firefox. Verify in Firefox under “about:config” that the “locked” status was removed. Of course, to lock them again, remove the “//”.


My question now stands as when GPO is set up to push, is it these three files pushed to their respective locations for each roaming profile and computer?

Asked by sullijwiii 2 iminyaka edlule

Last reply by Roland Tanglao 2 iminyaka edlule