搜索 | 用户支持

防范以用户支持为名的诈骗。我们绝对不会要求您拨打电话或发送短信,及提供任何个人信息。请使用“举报滥用”选项报告涉及违规的行为。

详细了解

How to properly implement group policy ExtensionSettings control

  • 4 个回答
  • 2 人有此问题
  • 1 次查看
  • 最后回复者为 Mike Kaply

more options

I've downloaded the latest admx files and tried pasting the sample JSON into the Computer section of the group policy. I used the JSON from https://github.com/mozilla/policy-templates/blob/9387163a9b1dd93500867fcb3b33598b6d559e89/README.md#extensionsettings

I think that sample is supposed to block all but 1 firefox extension, but it's still letting me install any extension. For this feature, I'm running Firefox 70.0 64-bit on Windows 10 How do I properly configure the group policy so that only approved extensions are allowed?

I've downloaded the latest admx files and tried pasting the sample JSON into the Computer section of the group policy. I used the JSON from https://github.com/mozilla/policy-templates/blob/9387163a9b1dd93500867fcb3b33598b6d559e89/README.md#extensionsettings I think that sample is supposed to block all but 1 firefox extension, but it's still letting me install any extension. For this feature, I'm running Firefox 70.0 64-bit on Windows 10 How do I properly configure the group policy so that only approved extensions are allowed?

被采纳的解决方案

You don't need the policies part of your JSON code. That is the main part of the code if you are using a policies.json file, but since you are using Group Policy instead, it's not needed and actually causes the code to stop working.

The same for the ExtensionsSettings part. Again, since we are using Group Policy, Firefox already knows the specific policy that you are referring to, so you don't need to specify it.

So the example code inserted into the Extension Management policy should be the following:

 {
      "*": {
            "blocked_install_message": "Custom error message.",
            "install_sources": ["https://addons.mozilla.org/"],
            "installation_mode": "blocked"
      },
      "uBlock0@raymondhill.net": {
            "installation_mode": "allowed",
            "install_url": "https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi"
      }
}

Hope this helps.

定位到答案原位置 👍 1

所有回复 (4)

more options

Agreed, what would be the actual syntax/data to put in the "Extension Management" setting in the GPO? I just want to block extensions on devices, it would be great if I could whitelist a few extensions as well.

more options

Glad to see that jhalder also wants the answer (means I'm not alone).

Just to clear up any possible misunderstanding, I pasted the following into the group policy "Extension Management" - but it doesn't seem to have any effect.

{

 "policies": {
   "ExtensionSettings": {
     "*": {
       "blocked_install_message": "Custom error message.",
       "install_sources": ["https://addons.mozilla.org/"],
       "installation_mode": "blocked"
     },
     "uBlock0@raymondhill.net": {
       "installation_mode": "allowed",
       "install_url": "https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi"
     }
   }
 }

}

more options

选择的解决方案

You don't need the policies part of your JSON code. That is the main part of the code if you are using a policies.json file, but since you are using Group Policy instead, it's not needed and actually causes the code to stop working.

The same for the ExtensionsSettings part. Again, since we are using Group Policy, Firefox already knows the specific policy that you are referring to, so you don't need to specify it.

So the example code inserted into the Extension Management policy should be the following:

 {
      "*": {
            "blocked_install_message": "Custom error message.",
            "install_sources": ["https://addons.mozilla.org/"],
            "installation_mode": "blocked"
      },
      "uBlock0@raymondhill.net": {
            "installation_mode": "allowed",
            "install_url": "https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi"
      }
}

Hope this helps.

more options

I've updated the documentation to try to make this clearer. Sorry about that.