Setting up firefox via GPO
Team,
I deployed firefox a few years back with the localsettings.js file and the mozilla.cfg file. Below is the settings for the localsettings.js file. I inherited these settings. I used sccm to install firefox and then copy these 2 files to mozilla folder (mozilla.cfg) and prefs folder (localsettings.js)
pref("general.config.filename", "mozilla.cfg"); pref("general.config.obscure_value", 0);
Mozilla.cfg settings are below.
// WKS Mozilla Firefox Lockdown // Disable updater lockPref("app.update.enabled", false); // Make absolutely sure it is really off lockPref("app.update.auto", false); lockPref("app.update.mode", 0); lockPref("app.update.service.enabled", false); // Disable Add-ons compatibility checking clearPref("extensions.lastAppVersion"); // Don't show 'know your rights' on first run pref("browser.rights.3.shown", true); // Don't show WhatsNew on first run after every update pref("browser.startup.homepage_override.mstone","ignore"); // Don't show Windows 10 splash screen on first run pref("browser.usedOnWindows10", true); // Set default homepage lockPref("browser.startup.homepage","Test.com"); // Disable the internal PDF viewer lockPref("pdfjs.disabled", true); // Disable the flash to javascript converter lockPref("shumway.disabled", true); // Don't ask to install the Flash plugin pref("plugins.notifyMissingFlash", false); // Disable plugin checking lockPref("plugins.hide_infobar_for_outdated_plugin", true); clearPref("plugins.update.url"); // Disable health reporter lockPref("datareporting.healthreport.service.enabled", false); // Disable all data upload (Telemetry and FHR) lockPref("datareporting.policy.dataSubmissionEnabled", false); // Disable crash reporter lockPref("toolkit.crashreporter.enabled", false); Components.classes["@mozilla.org/toolkit/crash-reporter;1"].getService(Components.interfaces.nsICrashReporter).submitReports = false; // Disable default browser check lockPref("browser.shell.checkDefaultBrowser", false); // Delete history on exit // lockPref("browser.history_expire_days", 0); // lockPref("browser.history_expire_days.mirror", 0); // lockPref("browser.formfill.enable", false); // lockPref("browser.download.manager.retention", 0); // lockPref("network.cookie.cookieBehavior", 0); // lockPref("network.cookie.lifetimePolicy", 2); // Disable password manager // lockPref("signon.rememberSignons", false); // lockPref("pref.privacy.disable_button.view_passwords", true); // Disable themes // lockPref("config.lockdown.disable_themes", true); // Enable Java Plugin lockPref("security.enable_java", true); // Automatically enable extensions lockPref("extensions.autoDisableScopes", 0);
I got the request from security to enable auto updating with firefox. After working with the security team and determining that we need to deploy a GPO to enable auto updates. I setup the gpo and created a baselines in sccm to delete those 2 files. For some reason lots of the ff clients are not updating also when i check to see if auto updates are enabled on my machine i see i can go into the options and disable the updates.
What am i missing should i be deleting another files in mozilla. Also, blogs, articles or suggestions are welcome. thanks,
Vahaolana nofidina
We have added the ability to flip app.update.auto in Firefox 68 and Firefox 68 ESR. So you can lock this to true.
Hamaky an'ity valiny ity @ sehatra 👍 0All Replies (3)
GPO does not have the option to enable updates. It only gives you the option to block them or serve them from your own URL.
The force the updates to be enabled, you'd have to use an AutoConfig file like you were using previously.
Note that current Firefox release only support "app.update.auto", so you can comment out the others.
- lockPref("app.update.auto", false);
Vahaolana Nofidina
We have added the ability to flip app.update.auto in Firefox 68 and Firefox 68 ESR. So you can lock this to true.