**IMPORTANT**: This file is in active development along with the policies in Firefox. To get the policy information that corresponds to a specific release, go to https://github.com/mozilla/policy-templates/releases.
-Policies can either be specified using the Group Policy templates or by creating a file called `policies.json`. On Windows, create a directory called `distribution` where the EXE is located and place the file there. On Mac, the file goes into `Firefox.app/Contents/Resources/distribution`. On Linux, the file goes into `firefox/distribution`, where `firefox` is the installation directory for firefox, which varies by distribution.
+Policies can be specified using the Group Policy templates on Windows (https://github.com/mozilla/policy-templates/tree/master/windows), configuration profiles on macOS (https://github.com/mozilla/policy-templates/tree/master/mac), or by creating a file called `policies.json`. On Windows, create a directory called `distribution` where the EXE is located and place the file there. On Mac, the file goes into `Firefox.app/Contents/Resources/distribution`. On Linux, the file goes into `firefox/distribution`, where `firefox` is the installation directory for firefox, which varies by distribution.
The content of the JSON file should look like this:
```
}
}
```
+### CaptivePortal
+This policy enables or disables captive portal support by setting and locking the preference `network.captive-portal-service.enabled`.
+```
+{
+ "policies": {
+ "CaptivePortal": [true|false]
+}
+```
### Certificates
This policy can be used to install certificates or to read certificates from the system certificate store on Mac and Windows.
-The ImportEnterpriseRoots key will cause Firefox to import from the system certificate store.
+The ImportEnterpriseRoots key will cause Firefox to import 3rd party certificates that have been added by a user administrator from the system certificate store.
+It does not import all certificates. These certificates will not display in the Firefox certificates manager.
+
+The Install Certificates key by default will search for certificates in the locations listed below.
+Starting in Firefox 65 you can specify a fully qualified path including UNC. (See cert3.der and cert4.pem, in example).
+
+**Be advised if you wish to load a certificate from a UNC path you must use double backslashes.**
+Example: \\\\SERVER\\CERTS\\CERT5.PEM
+
-The Install key by default will search for certificates in the locations listed below. Starting in Firefox 65, you can specify a fully qualified path (see cert3.der and cert4.pem in example). If Firefox does not find something at your fully qualified path, it will search the default directories.
+If Firefox does not find something at your fully qualified path, it will search the default directories.
Certificates can be located in the following locations:
- Windows
"policies": {
"Certificates": {
"ImportEnterpriseRoots": true,
- "Install": ["cert1.der", "cert2.pem", "%SYSTEMDRIVE%\Company\cert3.der", "/Library/Company/cert4.pem"]
+ "Install": ["cert1.der", "cert2.pem", "%SYSTEMDRIVE%\\Company\\cert3.der", "/Library/Company/cert4.pem", "\\\\server\\certs\\cert.pem"]
}
}
}
"Uninstall": ["addon_id@mozilla.org"],
"Locked": ["addon_id@mozilla.org"]
}
+ }
+}
+```
+### ExtensionUpdate
+This policy enables or disables extension updates by setting and locking the preference `extensions.update.enabled`.
+```
+{
+ "policies": {
+ "ExtensionUpdate": [true|false]
}
```
### HardwareAcceleration
}
}
```
+### NetworkPrediction
+This policy enables or disables network prediction (DNS prefetching) by setting and locking the preferences `network.dns.disablePrefetch` and `network.dns.disablePrefetchFromHTTPS`.
+```
+{
+ "policies": {
+ "NetworkPrediction": [true|false]
+}
+```
### OverrideFirstRunPage
This policy allows you to override the first run page. If you leave the URL blank, the first run page will not be displayed.
```
}
}
```
+### SSLVersionMin
+This policy allows you to set the minimum TLS version.
+```
+{
+ "policies": {
+ "SSSLVersionMin": ["tls1", "tls1.1", "tls1.2",. "tls1.3"]
+ }
+}
+
+```
+### SSLVersionMax
+This policy allows you to set the maximum TLS version.
+```
+{
+ "policies": {
+ "SSSLVersionMax": ["tls1", "tls1.1", "tls1.2",. "tls1.3"]
+ }
+}
+```