Firefox 60 ships with Windows Group Policy Support - gHacks Tech News

Firefox 60 ships with Windows Group Policy Support

Mozilla is working on integrating Group Policy Support for Firefox running on Windows devices in the upcoming Firefox 60 release.

Firefox 60 is the next Extended Support Release of the web browser which replaces Firefox ESR 52.x, the last official version of Firefox to support the old extensions system. Mozilla made Firefox 60 the next ESR target and not Firefox 59.

According to the Firefox release schedule, Firefox 60 will be released on May 8, 2018.

Mozilla Firefox supports an automatic configuration system for Firefox installations already using autoconfig files which works on any supported desktop platform.

The new Policy Engine in Firefox reads data from the Registry created by Group Policy Objects and applies the policies if found to be valid.

Development bug 1433136 documents the implementation progress and bug 1433173 work on the Policy Engine.

Firefox 60: the policies

firefox policies

All available policies are listed under Computer Configuration > Administrative Templates > Firefox and User Configuration > Administrative Templates > Firefox after the policy template files are added to the relevant directories on Windows.

The following options are available at the time of writing:

  • Block About Addons -- prevents access to about://addons to manage addons.
  • Block About Config -- prevents access to about://config.
  • Block About Support -- prevents access to the troubleshooting page about://support.
  • Block Set Desktop Background -- users cannot set the wallpaper of the desktop using Firefox.
  • Create Master Password -- prevent the creation of a master password.
  • Disable Update -- block Firefox from updating.
  • Disable Developer Tools -- turn off the Developer Tools in the browser.
  • Disable Firefox Accounts -- prevent sign-in to accounts and syncing.
  • Disable Firefox Screenshots -- turn the Screenshots tool off.
  • Disable Firefox Studies -- turn participation in Firefox studies off.
  • Disable Form History -- prevent Firefox from remembering the form history.
  • Disable Pocket -- turn off Pocket in Firefox.
  • Disable Private Browsing -- block Private Browsing functionality.
  • Display Bookmarks Toolbar -- show the Bookmarks Toolbar by default.
  • Display Menu Bar -- show the Menu Bar by default.
  • Don't Check Default Browser -- block checks for default browser.
  • Homepage -- set a homepage (or multiple), and optionally disallow the changing of those.
  • Remember Passwords -- allow or disallow the saving of passwords.
  • Bookmarks -- Set default bookmarks.
  • Permissions: Addons -- Allow addon installation on specified URLs.
  • Permissions: Cookies -- Set URLs to allow or block cookies on.
  • Permissions: Flash -- Set URLs to allow or block Flash on.
  • Permissions: Popups -- Allow popups on selected sites.

Note that the template file and integration is a work in progress and that additional policies will be supported when Firefox 60 launches. This may include network.proxy, data reporting, or update policies according to Mike Kaply, a developer who works on the implementation.

Chrome admins have access to a similar set of policies.

Closing Words

Integration with Group Policy on Windows machines should make things a lot easier for system administrators who deploy Firefox on a computer network. Regular Firefox users may use the policies as well to modify certain browser settings.

Now You: What's your take on the development?

Summary
Firefox 60 ships with Windows Group Policy Support
Article Name
Firefox 60 ships with Windows Group Policy Support
Description
Mozilla is working on integrating Group Policy Support for Firefox running on Windows devices in the upcoming Firefox 60 release.
Author
Publisher
Ghacks Technology News
Logo
Advertisement

We need your help

Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.

We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats or subscription fees.

If you like our content, and would like to help, please consider making a contribution:


Previous Post: «
Next Post: »

Comments

  1. jupe said on March 10, 2018 at 9:36 am
    Reply

    Cool, I like it.

  2. Tom Hawack said on March 10, 2018 at 10:53 am
    Reply

    I’m presently using the Firefox autoconfig feature. I’m curious to know if this autoconfig will continue to run alongside Windows Group Policy for Firefox and if so which of the two will prevail.

    Autoconfig is really handy, not only to have a basis for new profiles but as well to impose a user setting which otherwise (when set from regular about:config/user.js) can, in certain situations, be invalidated by an extension. For instance I run a dedicated ‘new tab’ extension which not only builds a personalized new tab page (which is its purpose) but moreover replaces the about:home by its new tab : with autoconfig I can block about:home to my preferences hence forbidding it from being changed by an extension…

    Not sure Group Policies will be as feature-rich as Autoconfig, the settings definitely won’t concern all those of Firefox when Autoconfig has for only limit that of about:config. We’ll see.

    1. Mike Kaply said on March 10, 2018 at 9:44 pm
      Reply

      Are you using the basic APIs in AutoConfig (pref, defaultPref, lockPref) or something else?

      1. Martin Brinkmann said on March 11, 2018 at 7:59 am
        Reply

        Mike, great work on the implementation, looking really good. Thanks for coming by.

      2. Tom Hawack said on March 11, 2018 at 10:17 am
        Reply

        @Mile, I’m using lockPref,

        I have a config a config-prefs.js in [Firefox install folder]\defaults\pref\ :

        // config.js
        pref(“general.config.obscure_value”, 0);
        pref(“general.config.filename”, “config.js”);

        calling config.js in [Firefox install folder] :

        // config.js
        // DISABLE CONTAINER
        lockPref(“privacy.userContext.ui.enabled”, false);
        lockPref(“privacy.userContext.extension”, “”);
        lockPref(“privacy.userContext.longPressBehavior”, 0);
        lockPref(“privacy.userContext.enabled”, false);
        lockPref(“privacy.usercontext.about_newtab_segregation.enabled”, false);
        //
        // AUTO-RESETS TO TRUE ON START -> SET TO FALSE
        lockPref(“devtools.onboarding.telemetry.logged”, false);
        //
        // ENFORCE HOMEPAGE
        lockPref(“browser.startup.homepage”, “about:home”);
        lockPref(“browser.startup.page”, 1);

        Personal settings of course inherent to my context and wishes, but that’s the idea, now and here on Firefox 58.0.2

      3. Mike Kaply said on March 11, 2018 at 4:10 pm
        Reply

        Great. Looks like you’re using the standard API, so you should be fine.

        Those disable container prefs are interesting. I’m wondering if we should add a policy for that.

      4. Tom Hawack said on March 11, 2018 at 4:32 pm
        Reply

        Of course, first line of config-prefs.js is // config-prefs.js and not // config.js
        No impact, just for the sake of good sense…

        @Mike Kaply, I had disabled containers at a time I was using an extension called ‘Cookie Autodelete’ which would modify the containers’ settings even though I had checked the extension’s option to avoid containers. I don’t use the extension anymore but neither the container feature so I kept its settings disabled.

        Anyway, a very handy feature, that of autoconfig. The user decides, the application follows, “It’s good to be the king” :=)

    2. Klaus Rauser said on May 30, 2018 at 2:57 pm
      Reply

      If you have an autoconfig.js under -> Mozilla Firefox / defaults / prefs / this should continue to work!

      However, “security.enterprise_roots.enabled = true” must be set so that your own certificates can be better used. In addition, from Firefox 60 should be under Windows the Enterprise Police -> Mozilla Firefox / distribution / policies.json available.
      Certificates must therefore be imported only once with the following example!

      Policy-JSON-Sample:

      {
      “policies”:
      {
      “Certificates”:
      {
      “ImportEnterpriseRoots”: [true]
      }
      }
      }

      Youtube: https://www.youtube.com/channel/UCHJF_wP0UzdQUa5WtlpaQWw

  3. Franck said on March 10, 2018 at 11:13 am
    Reply

    Very interesting, I just hope it won’t give problems to portable versions…

    1. Anonymous said on March 10, 2018 at 3:49 pm
      Reply

      Portable versions have already problems with v.57+

  4. dark said on March 10, 2018 at 1:52 pm
    Reply

    Will similar exist on Linux?

    1. Jessica said on March 10, 2018 at 5:19 pm
      Reply

      The Policy Engine is for all OSs, yes. Mozilla will soon launch a campaign on Firefox targeted at enterprises to promote the new feature.

      1. Mike Kaply said on March 10, 2018 at 9:45 pm
        Reply

        I’ve started updating the docs here (https://developer.mozilla.org/en-US/Firefox/Enterprise_deployment) with how it works on Linux and Mac

  5. Paul said on March 10, 2018 at 2:35 pm
    Reply

    “ships with”

    sigh…

  6. Ron said on March 10, 2018 at 2:50 pm
    Reply

    Firefox ESR 52 will be the last version of FF I’ll use. It’s a shame what’s become of it. It started going downhill with version 4. I miss the days of 3.6.

  7. ULBoom said on March 10, 2018 at 4:36 pm
    Reply

    Good for network admins to prevent users from wrecking FF inadvertently and it gives easy access to some of the settings tweakers want to change but leaves out most of the privacy settings.

    Only Windows versions that have access to gp editor are Win Pro and Server, so these seem intended to get more FF network installs.

    1. Mike Kaply said on March 10, 2018 at 9:46 pm
      Reply

      We’re not done yet. What privacy settings are you referring to?

      As far as Windows without GP Editor, you can use the JSON file in those cases.

    2. x said on March 11, 2018 at 10:32 am
      Reply

      You can install gpedit in Windows 10 Home, http://www.justfuckingoogleit.com “windows 10 home group policy”

  8. Gavin said on March 11, 2018 at 12:39 am
    Reply

    Not one comment (yet) about how someone’s rinky-dink extension doesn’t work with Quantum. Nice!

  9. Matthew Borcherding said on March 13, 2018 at 12:09 am
    Reply

    About time that they did this. There were other Firefox Group Policy projects in the past, but they were third party and spotty.

    If you want enterprise mass adoption, make it easy for administrators to do centralized configuration!

  10. Steve Hare said on August 5, 2018 at 3:58 pm
    Reply

    As FF is used on other operating systems (e.g., Linux) what kind of policy engines might be available. I currently use the about:config as my primary tool.

  11. Terry said on November 2, 2018 at 5:18 pm
    Reply

    Do you know of any plan to create policies for the stigs for Firefox security implementation?

    https://nvd.nist.gov/ncp/checklist/356/download/3178

  12. Kinger said on November 9, 2018 at 3:53 pm
    Reply

    I’ve attempted to use GP settings to activate Flash on websites (our timesheets system still requires Flash). To cover the bases, I configured the same settings under Computer Configuration and User Configuration and applied the test GPO to a computer OU and a user OU. Unfortunately, I still have to manually activate Flash for the specified website.
    I set “Activate Flash on websites” to Enabled, as well as specified URLs under “Allowed Sites” — both settings found under Policies/Administrative Templates/Mozilla/Firefox/Flash
    Any ideas on what I may have missed or done incorrectly?

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

Please note that your comment may not appear immediately after you post it.