allowing only specific extensions
Due to our company security rules we tend to disallow all extensions/plugings. But it should be possible for users to install by there own some specific -from our Security departement approved- extensions.
With other words: Blacklist=* Whitelist=xxxx, yyyy, zzzz, and so on
We install FF "naked" and configure it via GPO. The above mentioned requirement should also be handled via GPO
Many thanks Karl
Chosen solution
For colorzilla, it's https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi
To Google translate is:
https://addons.mozilla.org/firefox/downloads/latest/to-google-translate/latest.xpi
You can get SHORT_NAME from the AMO URL. For instance, To google translate is:
https://addons.mozilla.org/en-US/firefox/addon/to-google-translate/?src=search
The shortname is the "to-google-translate" part.
Unfortunately, downloads/latest isn't an actual directory we can share.
I'll be developing a simple addon that makes this process better.
Read this answer in context 👍 1All Replies (14)
Hi Karl, while you're waiting for an authoritative reply, I wanted to mention this documentation on the Github for Policy Templates:
jscher2000 said
Hi Karl, while you're waiting for an authoritative reply, I wanted to mention this documentation on the Github for Policy Templates: https://github.com/mozilla/policy-templates#extensions See also: Customize Firefox using Group Policy (Windows)
I tried to deploy (as an example) Colorzilla via GPO with this Registry-Key: SOFTWARE\Policies\Mozilla\Firefox\Extensions\Install\1= https://addons.mozilla.org/firefox/downloads/file/595546/colorzilla-3.3-an+fx.xpi?src=dp-btn-primary or SOFTWARE\Policies\Mozilla\Firefox\Extensions\Install\1= https://addons.mozilla.org/firefox/downloads/file/595546/colorzilla-3.3-an+fx.xpi
none of both worked.. My expectation was, that deploying this setting FireFox automatically installs this extension on the next start up. BR Karl P.S. We use Firefox Quantum 60.7.2esr (64-bit)
You likely will have to rename the file name part to the GUID as listed in the manifest.json or mozilla.rsa file or what you see on the about:debugging page when you have installed the extension.
- {6AC85730-7D0F-4de0-B3FA-21142DD85326}.xpi
cor-el said
You likely will have to rename the file name part to the GUID as listed in the manifest.json or mozilla.rsa file or what you see on the about:debugging page when you have installed the extension.
- {6AC85730-7D0F-4de0-B3FA-21142DD85326}.xpi
Sorry - that doesn´t work. Could you please provide the complete registry-key for any extension? Many thanks in advance. I tried: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Mozilla\Firefox\Extensions\Install] "1"="https://addons.mozilla.org/firefox/downloads/{6AC85730-7D0F-4de0-B3FA-21142DD85326}.xpi"
with and without brackets and with and without path. Karl
You only need to use it for cases that include the extension ID and when you otherwise refer to a locally stored extension: Software\Policies\Mozilla\Firefox\Extensions\Uninstall\1 = "{6AC85730-7D0F-4de0-B3FA-21142DD85326}" Software\Policies\Mozilla\Firefox\Extensions\Locked\1 = "{6AC85730-7D0F-4de0-B3FA-21142DD85326}"
When you use a direct link to download the extension then you need to use the file name as present on the server.
We'll behaving a new policy called ExtensionSettings that will be in Firefox 69 and Firefox ESR 68.1 that will accomplish this.
It's similar to Chrome's version:
https://dev.chromium.org/administrators/policy-list-3/extension-settings-full
cor-el said
You only need to use it for cases that include the extension ID and when you otherwise refer to a locally stored extension: Software\Policies\Mozilla\Firefox\Extensions\Uninstall\1 = "{6AC85730-7D0F-4de0-B3FA-21142DD85326}" Software\Policies\Mozilla\Firefox\Extensions\Locked\1 = "{6AC85730-7D0F-4de0-B3FA-21142DD85326}" When you use a direct link to download the extension then you need to use the file name as present on the server.
Many Thanks for this hint: Software\Policies\Mozilla\Firefox\Extensions\Install\1 = https://addons.mozilla.org/firefox/downloads/file/595546/colorzilla-3.3-an+fx.xpi
works !!!! Jupidu!!! This is a way, how to install extensions automatically via GPO
Last question: I tried this e.g. with UblockOrigin.. but I couldn´t find the name of the XPI on the addons.mozilla.org page... Tried to view the source code... hmm... could you please give me another hint how to evaluate the filename of those xpi´s.
https://addons.mozilla.org/firefox/downloads/latest/SHORT_NAME/latest.xpi
Where for ublock that's
https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi
Also, check our our new extension policy coming in Firefox 69/ESR 68.1
https://github.com/mozilla/policy-templates/blob/master/README.md#extensionsettings
I tried this with another two extension (ColorZilla and To_Google_Translate) and it doesn´t worked. I tried ColorZilla/latest.xpi colorzilla/latest.xpi .... and all possible variations with "To_Google_Translate
And it never worked.
Please provide an additional info how I can find the so called "SHORT_NAME"
or: It would be helpful if the directory https://addons.mozilla.org/firefox/downloads/latest/ would be visible. (enable directory view)
Many thanks and sorry for those many questions Best Regards from Vienna Karl
Chosen Solution
For colorzilla, it's https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi
To Google translate is:
https://addons.mozilla.org/firefox/downloads/latest/to-google-translate/latest.xpi
You can get SHORT_NAME from the AMO URL. For instance, To google translate is:
https://addons.mozilla.org/en-US/firefox/addon/to-google-translate/?src=search
The shortname is the "to-google-translate" part.
Unfortunately, downloads/latest isn't an actual directory we can share.
I'll be developing a simple addon that makes this process better.
thank you... everything is clear now
regarding the upcoming "extension policy" a short recommendation from me.... In some caseses it might be helpful to reverse the logic.
e.g. lets take the name "allowed_types". It might be useful to create a value like "!extension", which allows everything beside installing extensions.
And as I can see you are a friend of making FF easier to use for big enterprises (I´m supporting ~ 20.000 workstations) there is another hint:
You need a method to force Microsoft Internet Explorer 11. (In Chrome there is an extension called "Support for elder browser". This is a must for big companies. BR Karl
Karl, we have now released the legacy browser support extension that should cover your IE11 use case above - see https://support.mozilla.org/en-US/kb/legacy-browser-support-extension-windows
allowed_types is currently implemented or not ? I am on FF 71.0 and it's not working:
"ExtensionSettings": { "*": { "installation_mode": "blocked",
"install_sources": ["https://addons.mozilla.org/"], "allowed_types": ["theme", "dictionary", "langpack", "locale"]
},
(....)
Is it a bug or what ?