lock down settings
I am trying to lock down settings in a FF deployment, it is version 17.0.1 (though i tested this on a fully updated FF and had the same problems). I am using a .cfg file and local-settings.js I enable/disable each particular setting and watch them in about:config to verify that I have the correct settings. They get marked as 'locked' when FF is loaded with the .cfg and .js in place, but some of the settings still dont seem to take or can be over-ridden in other ways. for example: below I have set every 'clear on shutdown' option available. they are even shown as locked when looking at about:config. but if you go to options gui, I can change the 'firefox will' dropdown to 'remember history' and it will now remember everything and ignore the 'clear' settings. I could also simply uncheck the checkbox 'clear history when firefox closes', which has the same effect. The settings below dont have any effect on the 'parent' options it seems. if you go into the sub-menu for 'clear history when firefox closes' the options are all grayed out..as they should be (except for 'site preferences'..i cant get that one to lock either). I also want to disable the 'set up firefox sync' link, but i cant find that anywhere in about:config.
// lockPref("browser.formfill.enable",true); lockPref("places.history.enabled",true); lockPref("privacy.clearOnShutdown.cache",true); lockPref("privacy.clearOnShutdown.cookies",true); lockPref("privacy.clearOnShutdown.downloads",true); lockPref("privacy.clearOnShutdown.formdata",true); lockPref("privacy.clearOnShutdown.history",true); lockPref("privacy.clearOnShutdown.offlineApps",true); lockPref("privacy.clearOnShutdown.passwords",true); lockPref("privacy.clearOnShutdown.sessions",true); lockPref("privacy.clearOnShutdwon.siteSettings",true); lockPref("privacy.donottrackheader.enabled",true); lockPref("privacy.sanitize.sanitizeOnShutdwon",true); lockPref("privacy.item.siteprefs",true); lockPref("signon.rememberSignons",false); lockPref("services.sync.autoconnect",false); lockPref("app.update.auto",false); lockPref("app.update.enabled",false);
All Replies (6)
You should always start the mozilla.cfg auto configuration file with a blank comment line consisting of //
Note that there are two sets: one for "Clear history when Firefox closes" (privacy.clearOnShutdown.*) and one for "Clear Recent History" (privacy.cpd.*) in the History menu.
Clearing this data has nothing to do with other History and Cookies settings in the Privacy tab and you can opt to lock the involved prefs if you want users to prevent them from changing.
Note that the "Use custom settings for history" only makes it possible to inspect the history settings and doesn't make changes like the others do (Remember or Never remember history).
You can prevent Firefox from setting up sync properly by locking services.sync.*URL prefs to an empty string.
Thank you for your response, and I apologize for my delayed response...duties/scheduling have derailed me. dont worry, the // has always been present in my config file, it just pasted poorly into the post.
I have now further tried the 'privacy.cpd.*' settings that you mentioned, however I am still not having any luck with the 'clear history when firefox closes' setting. below you can see my latest config file. I have also attached a screenshot of what the privacy tab looks like when first opened with this config file in place...
// lockPref("browser.formfill.enable",true); lockPref("places.history.enabled",true); lockPref("privacy.clearOnShutdown.cache",true); lockPref("privacy.clearOnShutdown.cookies",true); lockPref("privacy.clearOnShutdown.downloads",true); lockPref("privacy.clearOnShutdown.formdata",true); lockPref("privacy.clearOnShutdown.history",true); lockPref("privacy.clearOnShutdown.offlineApps",true); lockPref("privacy.clearOnShutdown.passwords",true); lockPref("privacy.clearOnShutdown.sessions",true); lockPref("privacy.clearOnShutdwon.siteSettings",true); lockPref("privacy.donottrackheader.enabled",true); lockPref("privacy.sanitize.sanitizeOnShutdwon",true); lockPref("privacy.item.siteprefs",true); lockPref("signon.rememberSignons",false); lockPref("services.sync.autoconnect",false); lockPref("app.update.auto",false); lockPref("app.update.enabled",false); lockPref("privacy.cpd.cache",true); lockPref("privacy.cpd.cookies",true); lockPref("privacy.cpd.downloads",true); lockPref("privacy.cpd.formdata",true); lockPref("privacy.cpd.history",true); lockPref("privacy.cpd.offlineApps",true); lockPref("privacy.cpd.passwords",true); lockPref("privacy.cpd.sessions",true); lockPref("privacy.cpd.siteSettings",true);
Okulungisiwe
I assume that those prefs show as locked on the about:config page page, easiest to see if you sort by Status.
That is normal and expected behavior because Firefox shows this setting if all history items have the default setting.
The entries under the settings button for "Clear history when Firefox closes" should be grayed and disabled.
The same for History > Clear Recent History and the Privacy setting for passwords.
yes, everything I am setting as locked, is showing as locked in about:config, though I am not seeing any effect from the privacy.cpd.* settings. I have attached a couple more screenshots to hopefully illustrate better the odd situation I am seeing.
If you reference back to the first screenshot, that is how FF is set when the user FIRST opens FF with the settings locked per my config...'Firefox will: Remember History' is selected...which isn't completely correct. Now.. If I were to manually change it to 'Firefox will: Use custom settings for history', you will see what is in the screenshot attached. Notice, 'Clear history when Firefox closes' is NOT checked. (I cannot for the life of me find the about:config setting that affects this box..hence this post). Ok, so if I manually check this box, then click 'settings'...take a look at the last screenshot, notice all the settings except 'site preferences' are properly grayed out (another setting that refuses to respond to the config file)
That is this pref:
- privacy.sanitize.sanitizeOnShutdown
Easiest to find this is to open the about:config page and toggle the setting in Options.
You can (temporarily) set the browser.preferences.instantApply pref to true then changes are applied immediately.