-Policies can either be specified using the GPO templates or by putting a file called policies.json in the distribution directory.
+Policies can either be specified using the Group Policy templates or by creating a file called policies.json. On Windows, create a directory called distribution where the EXE is located and place the file there. On Mac, the file goes into Firefox.app/Content/Resources/distribution.
+
The content of the JSON file should look like this:
```
{
}
}
```
-Policies are documented below.
-
+Policies are documented below. Note that even though comments are used in this file for documentation, comments are not allowed for JSON files.
+### Authentication
+This policy is for configuring sites that support integrated authentication. See https://developer.mozilla.org/en-US/docs/Mozilla/Integrated_authentication for more information.
+```
+{
+ "policies": {
+ "Authentication": {
+ "SPNEGO": ["mydomain.com", "https://myotherdomain.com"],
+ "Delegated": ["mydomain.com", "https://myotherdomain.com"],
+ "NTLM": ["mydomain.com", "https://myotherdomain.com"]
+ }
+ }
+}
+```
### BlockAboutAddons
This policy removes access to about:addons.
```
"BlockAboutSupport": true
}
```
-### BlockSetDesktopBackground
+### DisableSetDesktopBackground
This policy removes the "Set As Desktop Background..." menuitem when right clicking on an image.
```
{
"policies": {
- "BlockAboutSupport": true
+ "DisableSetDesktopBackground": true
+ }
+}
+```
+### Certificates
+This is a Windows only policy that tells Firefox to read certificates from the Windows certificate store.
+```
+{
+ "policies": {
+ "Certificates": {
+ "ImportEnterpriseRoots": [true|false]
+ }
+ }
+}
+```
+### Cookies
+This policy controls various settings related to cookies.
+```
+{
+ "policies": {
+ "Cookies": {
+ "Allow": ["http://example.org/"], /* Domains where cookies are always allowed */
+ "Block": ["http://example.edu/"], /* Domains where cookies are always blocked */
+ "Default": [true|false], /* This sets the default value for "Accept cookies from websites" */
+ "AcceptThirdParty": ["always", "never", "from-visited"], /* This sets the default value for "Accept third-party cookies" */
+ "ExpireAtSessionEnd": [true|false], /* This determines when cookies expire */
+ "Locked": [true|false] /* If this is true, cookies preferences can't be changed */
+ }
}
}
```
}
}
```
+### DisableForgetButton
+This policy disables the "Forget" button
+```
+{
+ "policies": {
+ "DisableForgetButton": true
+ }
+}
+```
### DisableFormHistory
This policy turns off the browser.formfill.enable preferences
```
}
}
```
+### DisableProfileRefresh
+This policy disables the Refresh Firefox button on about:support and support.mozilla.org.
+```
+{
+ "policies": {
+ "DisableProfileRefresh": true
+ }
+}
+```
### DisableSafeMode
This policy disables safe mode on Windows only
```
}
}
```
+### DisableSecurityBypass
+This policy prevents the user from bypassign security in certain cases.
+```
+{
+ "policies": {
+ "DisableSecurityBypass": {
+ "InvalidCertificate": [true|false], /* Prevents adding an exception when an invalid certificate is shown */
+ "SafeBrowsing": [true|false] /* Prevents selecting "ignore the risk" and visiting a harmful site anyway */
+ }
+ }
+}
+```
### DisableSysAddonUpdate
This policy prevents system add-ons from being updated or installed.
```
}
}
```
+### DisableTelemetry
+This policy prevents the upload of telemetry data. Mozilla strongly recommends that you do NOT disable telemetry if you do not have a business need to do so.
+```
+{
+ "policies": {
+ "DisableTelemetry": true
+ }
+}
+```
### DisplayBookmarksToolbar
This policy turns on the bookmarks toolbar by default. A user can still turn it off and it will stay off.
```
"Value": [true, false],
"Locked": [true, false]
}
-### NoDefaultBookmarks
-Don't create the default bookmarks. Note: this policy is only effective if used before the first run of the profile.
+```
+### Extensions
+This policy controls the install, uninstall and locking of extensions. Locked extensions cannot be disabled or uninstalled.
+For Install, you can specify a list of URLs or paths.
+For Uninstall and Locked, you specify extension IDs.
```
{
"policies": {
- "NoDefaultBookmarks": true
- }
-}
+ "Extensions": {
+ "Install": ["https://addons.mozilla.org/firefox/downloads/somefile.xpi", "//path/to/xpi"]
+ "Uninstall": ["addon_id@mozilla.org"],
+ "Locked": ["addon_id@mozilla.org"]
+ }
```
-### NoSmartBookmarks
-Remove the Smart Bookmarks (Most Visited, Recent Tags)
+### NoDefaultBookmarks
+Don't create the default bookmarks or the Smart Bookmarks (Most Visited, Recent Tags). Note: this policy is only effective if used before the first run of the profile.
```
{
"policies": {
- "NoSmartBookmarks": true
+ "NoDefaultBookmarks": true
}
}
```
}
}
```
-### Popups
-This policy sets domains for which popups are allowed
+### PopupBlocking
+This policy sets domains for which pop-up windows are allowed. It also set the default pop-up policy
```
{
"policies": {
- "Popups": {
+ "PopupBlocking": {
"Allow": ["http://example.org/",
- "http://example.edu/"]
+ "http://example.edu/"],
+ "Default": [true|false], /* If this is set to false, pop-up window are enabled by default. */
+ "Locked": [true|false]
}
}
}
```
### InstallAddons
-This policy sets domains that can install extensions
+This policy sets domains that can install extensions, as well as the default behavior.
```
{
"policies": {
"InstallAddons": {
"Allow": ["http://example.org/",
"http://example.edu/"]
+ "Default": [true|false], /* If this is set to false, add-ons cannot be installed by the user */
}
}
}
```
-### Cookies
-This policy sets domains that can set or not set cookies.
+### FlashPlugin
+This policy sets the behavior of Flash on the specified domains, as well as the default behavior.
```
{
"policies": {
- "Cookies": {
- "Allow": ["http://example.org/"],
- "Block": ["http://example.edu/"]
+ "FlashPlugin": {
+ "Allow": ["http://example.org/"], /* Sites on the allow list do not override Flash being completely disabled */
+ "Block": ["http://example.edu/"],
+ "Default": [true|false], /* If this is set to true, flash is always enabled. If it is set to false, Flash is never enabled */
+ "Locked": [true|false]
}
}
}
```
-### FlashPlugin
-This policy sets domains that can use or not use Flash
+### OverrideFirstRunPage
+This policy allowed you to override the first run page. If you leave the URL blank, the first run page will not be displayed.
```
{
"policies": {
- "FlashPlugin": {
- "Allow": ["http://example.org/"],
- "Block": ["http://example.edu/"]
- }
+ "OverrideFirstRunPage": "http://example.org"
+ }
+}
+```
+### OverridePostUpdatePage
+This policy allowed you to override the upgrade page page. If you leave the URL blank, the upgrade page will not be displayed.
+```
+{
+ "policies": {
+ "OverridePostUpdatePage": "http://example.org"
}
}
```
}
}
```
+### Proxy
+This policy allows you to specify proxy settings. These settings correspond to the connection settings in Firefox preferences.
+To specify ports, append them to the hostnames with a colon (:). If Locked is set to true, the values can't be changed by the user.
+```
+{
+ "Proxy": {
+ "Mode": ["none", "system", "manual", "autoDetect", "autoConfig"]
+ "Locked": [true, false]
+ "HTTPProxy": "hostname",
+ "UseHTTPProxyForAllProtocols": [true, false]
+ "SSLProxy": "hostname",
+ "FTPProxy": "hostname",
+ "SOCKSProxy": "hostname",
+ "SOCKSVersion": [4, 5],
+ "Passthrough": "List of passthrough addresses/domains",
+ "AutoConfigURL": "URL_TO_AUTOCONFIG",
+ "AutoLogin": [true, false],
+ "UseProxyForDNS": [true, false]
+ }
+}
+```
+### SanitizeOnShutdown
+If this policy is set to true, all data is cleared when Firefox is closed. This includes Browsing & Download History, Cookies, Active Logins, Cache, Form & Search History, Site Preferences and Offline Website Data.
+```
+{
+ "policies": {
+ "SanitizeOnShutdown": [true|false]
+ }
+}
+```
+### SearchBar
+This policy can be used to determine if the search bar is separate or combined with the URL bar.
+```
+{
+ "policies": {
+ "SearchBar": ["unified", "separate"]
+ }
+}
+```