Group Policy Block Extensions
Hello. I have trying to test a GPO this week that will lock down the use of extensions. In summary we are shifting to a complete "deny all/allow by exception format".
As a reference I have been using the below article as my source on how to set this up. https://github.com/mozilla/policy-templates#extensionsettings
After reading through the article the base example they have works flawlessly. I have put this base example below.
{
"*": { "blocked_install_message": "Custom error message.", "install_sources": ["https://yourwebsite.com/*"], "installation_mode": "blocked", "allowed_types": ["extension"] }, "uBlock0@raymondhill.net": { "installation_mode": "force_installed", "install_url": "https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi" }, "https-everywhere@eff.org": { "installation_mode": "allowed" }
}
The minute I try to change it though the whole thing breaks. For context, I have tried adding 1 password as a forced installed add in, and also try placing it below under allowed. See my example below of the one where I am putting it is allowed. Any idea of what I am doing wrong?
{
"*": { "blocked_install_message": "Custom error message.", "install_sources": ["https://yourwebsite.com/*"], "installation_mode": "blocked", "allowed_types": ["extension"] }, "uBlock0@raymondhill.net": { "installation_mode": "force_installed", "install_url": "https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi" }, "*": { "installation_mode": "force_installed", "install_url": "https://addons.mozilla.org/firefox/downloads/latest/1password-x-password-manager/latest.xpi" }
}
Wšě wotmołwy (1)
You have two instances of "*". For the second instance, you need to know the ID of that addon.
It's {d634138d-c276-4fc8-924b-40a0ea21d284}
I was able to get that using an addon I built to query IDs:
https://github.com/mkaply/queryamoid/releases
In your "*" section, you can remove install_sources and allowed_types.
install_sources is only needed if you want to allow extensions from another locations. and allowed_types is only needed if you aren't blocking addons and want to allow other things.