Initial README.md update

[policy-templates.git] / README.md

diff --git a/README.md b/README.md
index ca649060bf474cc85ef134d167fe8646e190b1f6..6a6faad13e9c64c47a423baf5446b62982e45ab7 100644 (file)
--- a/README.md
+++ b/README.md
@@ -76,6 +76,7 @@ Policies can be specified using the [Group Policy templates on Windows](https://
 | **[`PictureInPicture`](#pictureinpicture)** | Enable or disable Picture-in-Picture.
 | **[`PopupBlocking`](#popupblocking)** | Configure the default pop-up window policy as well as origins for which pop-up windows are allowed.
 | **[`Preferences`](#preferences)** | Set and lock some preferences.
 | **[`PictureInPicture`](#pictureinpicture)** | Enable or disable Picture-in-Picture.
 | **[`PopupBlocking`](#popupblocking)** | Configure the default pop-up window policy as well as origins for which pop-up windows are allowed.
 | **[`Preferences`](#preferences)** | Set and lock some preferences.

+| **[`Preferences (deprecated)`](#preferences--deprecated)** | Set and lock some preferences.

 | **[`PromptForDownloadLocation`](#promptfordownloadlocation)** | Ask where to save each file before downloading.
 | **[`Proxy`](#proxy)** | Configure proxy settings.
 | **[`RequestedLocales`](#requestedlocales)** | Set the the list of requested locales for the application in order of preference.
 | **[`PromptForDownloadLocation`](#promptfordownloadlocation)** | Ask where to save each file before downloading.
 | **[`Proxy`](#proxy)** | Configure proxy settings.
 | **[`RequestedLocales`](#requestedlocales)** | Set the the list of requested locales for the application in order of preference.


@@ -2029,7 +2030,7 @@ OMA-URI:
 ```
 Value (string):
 ```
 ```
 Value (string):
 ```

-<enabled/>or <disabled/>
+<enabled/> or <disabled/>

 ```
 OMA-URI:
 ```
 ```
 OMA-URI:
 ```


@@ -2037,7 +2038,7 @@ OMA-URI:
 ```
 Value (string):
 ```
 ```
 Value (string):
 ```

-<enabled/>or <disabled/>
+<enabled/> or <disabled/>

 ```
 OMA-URI:
 ```
 ```
 OMA-URI:
 ```


@@ -2045,7 +2046,7 @@ OMA-URI:
 ```
 Value (string):
 ```
 ```
 Value (string):
 ```

-<enabled/>or <disabled/>
+<enabled/> or <disabled/>

 ```
 OMA-URI:
 ```
 ```
 OMA-URI:
 ```


@@ -2061,7 +2062,7 @@ OMA-URI:
 ```
 Value (string):
 ```
 ```
 Value (string):
 ```

-<enabled/>or <disabled/>
+<enabled/> or <disabled/>

 ```
 #### macOS
 ```
 ```
 #### macOS
 ```


@@ -2293,6 +2294,7 @@ Value (string):
 ```
 <enabled/>
 <data id="ExtensionSettings" value='
 ```
 <enabled/>
 <data id="ExtensionSettings" value='

+{

   "*": {
     "blocked_install_message": "Custom error message.",
     "install_sources": ["about:addons","https://addons.mozilla.org/"],
   "*": {
     "blocked_install_message": "Custom error message.",
     "install_sources": ["about:addons","https://addons.mozilla.org/"],


@@ -2305,7 +2307,8 @@ Value (string):
   },
     "https-everywhere@eff.org": {
     "installation_mode": "allowed",
   },
     "https-everywhere@eff.org": {
     "installation_mode": "allowed",

-  }'/>
+  }
+}'/>

 ```
 #### macOS
 ```
 ```
 #### macOS
 ```


@@ -3747,6 +3750,145 @@ Value (string):
 }
 ```
 ### Preferences
 }
 ```
 ### Preferences

+Set the default and user values of certain preferences, as well as lock and clear them.
+
+IMPORTANT: If you set a preference using this mechanism that has be set by a different policy, the behavior is undefined. You should only use one method for setting preferences.
+
+Preferences that start with the following prefixes are supported:
+```
+accessibility.
+browser.
+datareporting.policy.
+dom.
+extensions.
+geo.
+intl.
+layout.
+media.
+network.
+places.
+print.
+ui.
+widget.
+```
+as well as the following security preferences:
+```
+security.default_personal_cert
+security.insecure_connection_text.enabled
+security.insecure_connection_text.pbmode.enabled
+security.insecure_field_warning.contextual.enabled
+security.mixed_content.block_active_content
+security.osclientcerts.autoload
+security.ssl.errorReporting.enabled
+security.tls.hello_downgrade_check
+security.warn_submit_secure_to_insecure
+```
+For a given preferences, set the `Value` to the corresponding preference value.
+
+`Status` can be "default", "locked", "user" or "clear"
+
+If a value is locked, it is also set as the default.
+
+User preferences persist across invocations of Firefox.
+
+Status
+**Compatibility:** Firefox 81, Firefox ESR 78.3\
+**CCK2 Equivalent:** `preferences`\
+**Preferences Affected:** See below
+
+#### Windows (GPO)
+```
+Software\Policies\Mozilla\Firefox\Preferences (REG_MULTI_SZ) =
+{
+  "accessibility.force_disabled": {
+    "Value": 1
+    "Status": "default",
+  },
+  "browser.cache.disk.parent_directory": {
+    "Value": "SOME_NATIVE_PATH",
+    "Status": "user"
+  },
+  "browser.tabs.warnOnClose": {
+    "Value": false,
+    "Status": "locked"
+  }
+}
+```
+#### Windows (Intune)
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/Preferences
+```
+Value (string):
+```
+<enabled/>
+<data id="Preferences" value='
+{
+  "accessibility.force_disabled": {
+    "Value": 1
+    "Status": "default",
+  },
+  "browser.cache.disk.parent_directory": {
+    "Value": "SOME_NATIVE_PATH",
+    "Status": "user"
+  },
+  "browser.tabs.warnOnClose": {
+    "Value": false,
+    "Status": "locked"
+  }
+}'/>
+```
+#### macOS
+```
+<dict>
+  <key>Preferences</key>
+  <dict>
+    <key>accessibility.force_disabled</key>
+    <dict>
+      <key>Value</key>
+      <integer>1</integer>
+      <key>Status</key>
+      <string>default</string>
+    </dict>
+    <key>browser.cache.disk.parent_directory</key>
+    <dict>
+      <key>Value</key>
+      <string>SOME_NATIVE_PATH</string>
+      <key>Status</key>
+      <string>user</string>
+    </dict>
+    <key>browser.tabs.warnOnClose</key>
+    <dict>
+      <key>Value</key>
+      <false/>
+      <key>Status</key>
+      <string>locked</string>
+    </dict>
+  </dict>
+</dict>
+```
+#### policies.json
+```
+{
+  "policies": {
+    "Preferences": {
+      "accessibility.force_disabled": {
+        "Value": 1
+        "Status": "default",
+      },
+      "browser.cache.disk.parent_directory": {
+        "Value": "SOME_NATIVE_PATH",
+        "Status": "user"
+      },
+      "browser.tabs.warnOnClose": {
+        "Value": false,
+        "Status": "locked"
+      }
+    }
+  }
+}
+```
+### Preferences (deprecated)

 Set and lock certain preferences.
 
 **Compatibility:** See below\
 Set and lock certain preferences.
 
 **Compatibility:** See below\


@@ -3772,7 +3914,7 @@ Set and lock certain preferences.
 | browser.fixup.dns_first_for_single_words | boolean | Firefox 68, Firefox ESR 68 | false
 | &nbsp;&nbsp;&nbsp;&nbsp;If true, single words are sent to DNS, not directly to search.
 | browser.newtabpage.activity-stream.default.sites | string | Firefox 72, ESR 68.4 | Locale dependent
 | browser.fixup.dns_first_for_single_words | boolean | Firefox 68, Firefox ESR 68 | false
 | &nbsp;&nbsp;&nbsp;&nbsp;If true, single words are sent to DNS, not directly to search.
 | browser.newtabpage.activity-stream.default.sites | string | Firefox 72, ESR 68.4 | Locale dependent

-| &nbsp;&nbsp;&nbsp;&nbsp;If set, a list of URLs to use as the default top sites on the new tab page.
+| &nbsp;&nbsp;&nbsp;&nbsp;If set, a list of URLs to use as the default top sites on the new tab page. Due to Firefox limitations, search sites can't be added. In addition, sites with the same name but different TLDs (example.org/example.com) will not display properly.

 | browser.places.importBookmarksHTML | boolean | Firefox 70, Firefox ESR 68.2
 | &nbsp;&nbsp;&nbsp;&nbsp;If true, bookmarks are always imported on startup.
 | browser.safebrowsing.phishing.enabled | boolean | Firefox 70, Firefox ESR 68.2 | true
 | browser.places.importBookmarksHTML | boolean | Firefox 70, Firefox ESR 68.2
 | &nbsp;&nbsp;&nbsp;&nbsp;If true, bookmarks are always imported on startup.
 | browser.safebrowsing.phishing.enabled | boolean | Firefox 70, Firefox ESR 68.2 | true