]> git.p6c8.net - policy-templates.git/blobdiff - README.md
Merge pull request #792 from dneto-ame/patch-1
[policy-templates.git] / README.md
index df48c65a49096877a4c3bfd4ab2b08250be91d90..50dbe0c79ff7dbfec3e13876026a97c40dc4e3cb 100644 (file)
--- a/README.md
+++ b/README.md
@@ -11,6 +11,7 @@ Policies can be specified using the [Group Policy templates on Windows](https://
 | **[`AppAutoUpdate`](#appautoupdate)** | Enable or disable automatic application update.
 | **[`AppUpdateURL`](#appupdateurl)** | Change the URL for application update.
 | **[`Authentication`](#authentication)** | Configure sites that support integrated authentication.
+| **[`AutoLaunchProtocolsFromOrigins`](#autolaunchprotocolsfromorigins)** | Define a list of external protocols that can be used from listed origins without prompting the user.
 | **[`BackgroundAppUpdate`](#backgroundappupdate)** | Enable or disable the background updater (Windows only).
 | **[`BlockAboutAddons`](#blockaboutaddons)** | Block access to the Add-ons Manager (about:addons).
 | **[`BlockAboutConfig`](#blockaboutconfig)** | Block access to about:config.
@@ -370,6 +371,98 @@ Value (string):
   }
 }
 ```
+### AutoLaunchProtocolsFromOrigins
+Define a list of external protocols that can be used from listed origins without prompting the user.
+
+The syntax of this policy is exactly the same as the [Chrome AutoLaunchProtocolsFromOrigins policy](https://cloud.google.com/docs/chrome-enterprise/policies/?policy=AutoLaunchProtocolsFromOrigins) except that you can only use valid origins (not just hostnames). This also means that you cannot specify an asterisk for all origins.
+
+The schema is:
+```
+{
+ "items": {
+  "properties": {
+   "allowed_origins": {
+    "items": {
+     "type": "string"
+    },
+    "type": "array"
+   },
+   "protocol": {
+    "type": "string"
+   }
+  },
+  "required": [
+   "protocol",
+   "allowed_origins"
+  ],
+  "type": "object"
+ },
+ "type": "array"
+}
+```
+**Compatibility:** Firefox 90, Firefox ESR 78.12\
+**CCK2 Equivalent:** N/A\
+**Preferences Affected:** N/A
+
+#### Windows (GPO)
+Software\Policies\Mozilla\Firefox\AutoLaunchProtocolsFromOrigins (REG_MULTI_SZ) =
+```
+[
+  {
+    "protocol": "zoommtg",
+    "allowed_origins": [
+      "https://somesite.zoom.us"
+    ]
+  }
+]
+```
+#### Windows (Intune)
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/AutoLaunchProtocolsFromOrigins
+```
+Value (string):
+```
+<enabled/>
+<data id="JSON" value='
+[
+  {
+    "protocol": "zoommtg",
+    "allowed_origins": [
+      "https://somesite.zoom.us"
+    ]
+  }
+]'/>
+```
+#### macOS
+```
+<dict>
+  <key>AutoLaunchProtocolsFromOrigins</key>
+  <array>
+    <dict>
+      <key>protocol</key>
+      <string>zoommtg</string>
+      <key>allowed_origins</key>
+      <array>
+        <string>https://somesite.zoom.us</string>
+      </array>
+    </dict>
+  </array>
+</dict>
+```
+#### policies.json
+```
+{
+  "policies": {
+    "AutoLaunchProtocolsFromOrigins": [{
+      "protocol": "zoommtg",
+      "allowed_origins": [
+        "https://somesite.zoom.us"
+      ]
+    }]
+  }
+}
+```
 ### BackgroundAppUpdate
 
 Enable or disable **automatic** application update **in the background**, when the application is not running.
@@ -378,7 +471,7 @@ If set to true, application updates may be installed (without user approval) in
 
 If set to false, the application will not try to install updates when the application is not running.
 
-If you have disabled updates via `DisableAppUpdate` or disabled automatic updates via `AppUpdateAuto`, this policy has no effect.
+If you have disabled updates via `DisableAppUpdate` or disabled automatic updates via `AppAutoUpdate`, this policy has no effect.
 
 **Compatibility:** Firefox 90 (Windows only)\
 **CCK2 Equivalent:** N/A\
@@ -3196,7 +3289,7 @@ Value (string):
   <array>
     <dict>
       <key>toplevel_name</key>
-      <string>My managed bookmarks folder</string></dict>
+      <string>My managed bookmarks folder</string>
       <dict>
         <key>url</key>
         <string>example.com</string>
@@ -4790,7 +4883,7 @@ OMA-URI:
 Value (string):
 ```
 <enabled/>
-<data id="Permissions" value="unified | separate"/>
+<data id="SearchBar" value="unified | separate"/>
 ```
 #### macOS
 ```
@@ -5312,11 +5405,11 @@ Software\Policies\Mozilla\Firefox\UserMessaging\SkipOnboarding = 0x1 | 0x0
 #### Windows (Intune)
 OMA-URI:
 ```
-./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/UserMessaging_WhatsNew
-./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/UserMessaging_ExtensionRecommendations
-./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/UserMessaging_FeatureRecommendations
-./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/UserMessaging_UrlbarInterventions
-./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/UserMessaging_SkipOnboarding
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~UserMessaging/UserMessaging_WhatsNew
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~UserMessaging/UserMessaging_ExtensionRecommendations
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~UserMessaging/UserMessaging_FeatureRecommendations
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~UserMessaging/UserMessaging_UrlbarInterventions
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~UserMessaging/UserMessaging_SkipOnboarding
 ```
 Value (string):
 ```
@@ -5358,6 +5451,10 @@ Value (string):
 Block websites from being visited. The parameters take an array of Match Patterns, as documented in https://developer.mozilla.org/en-US/Add-ons/WebExtensions/Match_patterns.
 The arrays are limited to 1000 entries each.
 
+If you want to block all URLs, you can use `<all_urls>` or `*://*/*`. You can't have just a `*` on the right side.
+
+For specific protocols, use `https://*/*` or `http://*/*`.
+
 As of Firefox 83 and Firefox ESR 78.5, file URLs are supported.
 
 **Compatibility:** Firefox 60, Firefox ESR 60\
@@ -5376,8 +5473,7 @@ OMA-URI:
 ```
 Value (string):
 ```
-<enabled/>
-<data id="WebsiteFilter" value="1&#xF000;<all_urls>"/>
+<enabled/> <data id="WebsiteFilter" value="1&#xF000;&#60;all_urls&#62;"/>
 ```
 OMA-URI:
 ```

patrick-canterino.de