Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

How to lock down Firefox in an Enterprise Environment?

  • 8 replies
  • 3 have this problem
  • 3 views
  • Last reply by cor-el

more options

I need to lock a bunch of preferences so they can not be changed by users on multiple Windows 7 computers running Firefox. I was able to get most of the settings I needed locked down in a test environment by using the Firefox-GPO-Addon and an .adm template I found online:

https://addons.mozilla.org/en-us/firefox/addon/gpo-for-firefox/

   The template is outdated and does not match many of the settings, but it was easy to add settings to the .adm template. I do not like this method since I have to install the addon (somehow) on all of the computers. Also, there are a couple of settings I need to configure (such as privacy.sanitize.promptOnSanitize", false) that are not currently in the 'about:config' by default and the GPO does not create them.
   So, I have been trying to figure out the other method of configuring Firefox settings in an enterprise environment, and have been working mostly with these articles:

http://stealthpuppy.com/prepare-mozilla-firefox-for-enterprise-deployment-and-virtualization/
http://kb.mozillazine.org/Locking_preferences

   I figured once I have the mozilla.cfg and local-settings.js configured, I can copy them to all of the computers with a script, instead of having to install the GPO AddOn. Here's what my local-settings.js looks like:

pref("general.config.obscure_value", 0);
pref("general.config.filename", "mozilla.cfg");

And here's my mozilla.cfg file, with some of the settings I need configured:

//
pref("browser.startup.homepage", http://www.msn.com);
lockPref("browser.startup.homepage", http://www.msn.com);
pref("security.tls.version.max", 1);
lockPref("security.tls.version.max", 1);
pref("security.tls.version.min", 0);
lockPref("security.tls.version.min", 0);
pref("security.default_personal_cert", Ask Every Time);
lockPref("security.default_personal_cert", Ask Every Time);
pref("app.update.enable", false);
lockPref("app.update.enable", false);
pref("browser.search.update", false);
lockPref("browser.search.update", false);
pref("extensions.update.enabled", false);
lockPref("extensions.update.enabled", false);
pref("network.protocol-handler.external.shell", false);
lockPref("network.protocol-handler.external.shell", false);
pref("plugin.disable_full_page_plugin_for_types", PDF, FDF, XFDF, LSL, LSO, LSS, IQY, RQY, XLK, XLS, XLT, POT PPS, PPT, DOS, DOT;
lockPref("plugin.disable_full_page_plugin_for_types", PDF, FDF, XFDF, LSL, LSO, LSS, IQY, RQY, XLK, XLS, XLT, POT PPS, PPT, DOS, DOT);
   However, when I copy the mozilla.cfg file to C:\Program Files (x86)\Mozilla Firefox\ and the local-settings.js file to C:\Program Files (x86)\Mozilla Firefox\defaults\pref it has no effect on the settings in Firefox. I can go to about:config and see nothing has changed. 
   Any help is appreciated!
I need to lock a bunch of preferences so they can not be changed by users on multiple Windows 7 computers running Firefox. I was able to get most of the settings I needed locked down in a test environment by using the Firefox-GPO-Addon and an .adm template I found online: https://addons.mozilla.org/en-us/firefox/addon/gpo-for-firefox/ The template is outdated and does not match many of the settings, but it was easy to add settings to the .adm template. I do not like this method since I have to install the addon (somehow) on all of the computers. Also, there are a couple of settings I need to configure (such as privacy.sanitize.promptOnSanitize", false) that are not currently in the 'about:config' by default and the GPO does not create them. So, I have been trying to figure out the other method of configuring Firefox settings in an enterprise environment, and have been working mostly with these articles: http://stealthpuppy.com/prepare-mozilla-firefox-for-enterprise-deployment-and-virtualization/<br /> http://kb.mozillazine.org/Locking_preferences I figured once I have the mozilla.cfg and local-settings.js configured, I can copy them to all of the computers with a script, instead of having to install the GPO AddOn. Here's what my local-settings.js looks like: pref("general.config.obscure_value", 0);<br /> pref("general.config.filename", "mozilla.cfg"); And here's my mozilla.cfg file, with some of the settings I need configured: <pre><nowiki>// pref("browser.startup.homepage", http://www.msn.com); lockPref("browser.startup.homepage", http://www.msn.com); pref("security.tls.version.max", 1); lockPref("security.tls.version.max", 1); pref("security.tls.version.min", 0); lockPref("security.tls.version.min", 0); pref("security.default_personal_cert", Ask Every Time); lockPref("security.default_personal_cert", Ask Every Time); pref("app.update.enable", false); lockPref("app.update.enable", false); pref("browser.search.update", false); lockPref("browser.search.update", false); pref("extensions.update.enabled", false); lockPref("extensions.update.enabled", false); pref("network.protocol-handler.external.shell", false); lockPref("network.protocol-handler.external.shell", false); pref("plugin.disable_full_page_plugin_for_types", PDF, FDF, XFDF, LSL, LSO, LSS, IQY, RQY, XLK, XLS, XLT, POT PPS, PPT, DOS, DOT; lockPref("plugin.disable_full_page_plugin_for_types", PDF, FDF, XFDF, LSL, LSO, LSS, IQY, RQY, XLK, XLS, XLT, POT PPS, PPT, DOS, DOT); </nowiki></pre> However, when I copy the mozilla.cfg file to C:\Program Files (x86)\Mozilla Firefox\ and the local-settings.js file to C:\Program Files (x86)\Mozilla Firefox\defaults\pref it has no effect on the settings in Firefox. I can go to about:config and see nothing has changed. Any help is appreciated!

Modified by cor-el

Chosen solution

hello, the mozilla.cfg file isn't very error tolerant - so please first only try it with one line to see if it is correctly called by the local-settings.js file:

//
pref("browser.startup.homepage", "http://www.msn.com"); 

you also shouldn't set each preference twice - pref, lockPref & defaultPref have different meanings: http://mike.kaply.com/2012/03/16/customizing-firefox-autoconfig-files/

Read this answer in context 👍 2

All Replies (8)

more options

Hi,

Have you read the http://kb.mozillazine.org/Locking_preferences article?

Hope this helps!

cyborg4

more options

It might also be useful to join and search the Enterprise Working Group (EWG) mailing list. There's a link on this page: http://www.mozilla.org/en-US/firefox/organizations/

Modified by jscher2000 - Support Volunteer

more options

Yes Cyborg 4, I have read that article as well.

more options

Hmm. That's rather odd!

Let me see if I can find a way to sort this for you.

more options

Hi,

Not sure if this article is relevant - it's quite old! http://mike.kaply.com/2013/05/13/more-major-changes-coming-in-firefox-21/

Curtis

more options

Chosen Solution

hello, the mozilla.cfg file isn't very error tolerant - so please first only try it with one line to see if it is correctly called by the local-settings.js file:

//
pref("browser.startup.homepage", "http://www.msn.com"); 

you also shouldn't set each preference twice - pref, lockPref & defaultPref have different meanings: http://mike.kaply.com/2012/03/16/customizing-firefox-autoconfig-files/

more options

Phillip, my issue was I was lacking "the quotations", thanks!

more options

Note that string prefs need to have their values surrounded by quotes as you probably found out.
Integer and Boolean prefs mustn't have quotes.
The mozilla.cfg file is run as JavaScript (prefs.js and user.js are interpreted) and thus can contain JavaScript code as well and will throw an exception in case of errors.

lockPref("security.default_personal_cert", "Ask Every Time");
lockPref("plugin.disable_full_page_plugin_for_types", "PDF, FDF, XFDF, LSL, LSO, LSS, IQY, RQY, XLK, XLS, XLT, POT PPS, PPT, DOS, DOT");

Modified by cor-el