]> git.p6c8.net - policy-templates.git/blobdiff - README.md
Merge pull request #681 from mozilla/Preferences
[policy-templates.git] / README.md
index e4f3710495a6c380ca290c1f67baded7cd7577da..dc293d6fe4e2d56abc668f0373f57f2a91a050dc 100644 (file)
--- a/README.md
+++ b/README.md
@@ -75,7 +75,8 @@ Policies can be specified using the [Group Policy templates on Windows](https://
 | **[`Permissions`](#permissions)** | Set permissions associated with camera, microphone, location, and notifications.
 | **[`PictureInPicture`](#pictureinpicture)** | Enable or disable Picture-in-Picture.
 | **[`PopupBlocking`](#popupblocking)** | Configure the default pop-up window policy as well as origins for which pop-up windows are allowed.
-| **[`Preferences`](#preferences)** | Set and lock some preferences.
+| **[`Preferences`](#preferences)** | Set and lock preferences.
+| **[`Preferences (Deprecated)`](#preferences--deprecated)** | Set and lock some preferences.
 | **[`PromptForDownloadLocation`](#promptfordownloadlocation)** | Ask where to save each file before downloading.
 | **[`Proxy`](#proxy)** | Configure proxy settings.
 | **[`RequestedLocales`](#requestedlocales)** | Set the the list of requested locales for the application in order of preference.
@@ -2025,15 +2026,43 @@ Software\Policies\Mozilla\Firefox\EnableTrackingProtection\Exceptions\1 = "https
 #### Windows (Intune)
 OMA-URI:
 ```
-./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/TrackingProtection
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~TrackingProtection/A_TrackingProtection_Value
 ```
 Value (string):
 ```
-<enabled/>
-<data id="TrackingProtectionLocked" value="true | false"/>
-<data id="Cryptomining" value="true | false"/>
-<data id="Fingerprinting" value="true | false"/>
-<data id=TrackingProtection_Exceptions" value="1&#xF000;https://example.com"/>
+<enabled/> or <disabled/>
+```
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~TrackingProtection/B_TrackingProtection_Cryptomining
+```
+Value (string):
+```
+<enabled/> or <disabled/>
+```
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~TrackingProtection/C_TrackingProtection_Fingerprinting
+```
+Value (string):
+```
+<enabled/> or <disabled/>
+```
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~TrackingProtection/D_TrackingProtection_Exceptions
+```
+Value (string):
+```
+<data id="TrackingProtection_Exceptions" value="1&#xF000;https://example.com"/>
+```
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~TrackingProtection/E_TrackingProtection_Locked
+```
+Value (string):
+```
+<enabled/> or <disabled/>
 ```
 #### macOS
 ```
@@ -2265,6 +2294,7 @@ Value (string):
 ```
 <enabled/>
 <data id="ExtensionSettings" value='
+{
   "*": {
     "blocked_install_message": "Custom error message.",
     "install_sources": ["about:addons","https://addons.mozilla.org/"],
@@ -2277,7 +2307,8 @@ Value (string):
   },
     "https-everywhere@eff.org": {
     "installation_mode": "allowed",
-  }'/>
+  }
+}'/>
 ```
 #### macOS
 ```
@@ -2351,7 +2382,7 @@ Software\Policies\Mozilla\Firefox\ExtensionUpdate = 0x1 | 0x0
 #### Windows (Intune)
 OMA-URI:
 ```
-./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/ExtensionUpdate
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Extensions/ExtensionUpdate
 ```
 Value (string):
 ```
@@ -2478,7 +2509,7 @@ Within each handler type, you specify the given mimeType/extension/scheme as a k
 
 #### Windows (GPO)
 ```
-Software\Policies\Mozilla\Firefox\ExtensionSettings (REG_MULTI_SZ) =
+Software\Policies\Mozilla\Firefox\Handlers (REG_MULTI_SZ) =
 {
   "mimeTypes": {
     "application/msword": {
@@ -3328,7 +3359,7 @@ Value (string):
 }
 ```
 ### Permissions
-Set permissions associated with camera, microphone, location, notifications, and autoplay. Because these are origins, not domains, entries with unique ports must be specified separately. See examples below.
+Set permissions associated with camera, microphone, location, notifications, autoplay, and virtual reality. Because these are origins, not domains, entries with unique ports must be specified separately. See examples below.
 
 `Allow` is a list of origins where the feature is allowed.
 
@@ -3340,9 +3371,9 @@ Set permissions associated with camera, microphone, location, notifications, and
 
 `Default` specifies the default value for Autoplay. block-audio-video is not supported on Firefox ESR 68.
 
-**Compatibility:** Firefox 62, Firefox ESR 60.2 (Autoplay added in Firefox 74, Firefox ESR 68.6, Autoplay Default/Locked added in Firefox 76, Firefox ESR 68.8)\
+**Compatibility:** Firefox 62, Firefox ESR 60.2 (Autoplay added in Firefox 74, Firefox ESR 68.6, Autoplay Default/Locked added in Firefox 76, Firefox ESR 68.8, VirtualReality added in Firefox 80, Firefox ESR 78.2)\
 **CCK2 Equivalent:** N/A\
-**Preferences Affected:** `permissions.default.camera`,`permissions.default.microphone`,`permissions.default.geo`,`permissions.default.desktop-notification`,`media.autoplay.default`
+**Preferences Affected:** `permissions.default.camera`,`permissions.default.microphone`,`permissions.default.geo`,`permissions.default.desktop-notification`,`media.autoplay.default`.`permissions.default.xr`
 
 #### Windows (GPO)
 ```
@@ -3367,6 +3398,10 @@ Software\Policies\Mozilla\Firefox\Permissions\Autoplay\Allow\1 = "https://exampl
 Software\Policies\Mozilla\Firefox\Permissions\Autoplay\Block\1 = "https://example.edu"
 Software\Policies\Mozilla\Firefox\Permissions\Autoplay\Default = "allow-audio-video" | "block-audio" | "block-audio-video"
 Software\Policies\Mozilla\Firefox\Permissions\Autoplay\Locked = 0x1 | 0x0
+Software\Policies\Mozilla\Firefox\Permissions\VirtualReality\Allow\1 = "https://example.org"
+Software\Policies\Mozilla\Firefox\Permissions\VirtualReality\Block\1 = "https://example.edu"
+Software\Policies\Mozilla\Firefox\Permissions\VirtualReality\BlockNewRequests = 0x1 | 0x0
+Software\Policies\Mozilla\Firefox\Permissions\VirtualReality\Locked = 0x1 | 0x0
 ```
 #### Windows (Intune)
 OMA-URI:
@@ -3445,6 +3480,40 @@ Value (string):
 ```
 <enabled/> or <disabled/>
 ```
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Notifications/VirtualReality_Allow
+```
+Value (string):
+```
+<enabled/>
+<data id="Permissions" value="1&#xF000;https://example.org"/>
+```
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Notifications/VirtualReality_Block
+```
+Value (string):
+```
+<enabled/>
+<data id="Permissions" value="1&#xF000;https://example.edu"/>
+```
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Notifications/VirtualReality_BlockNewRequests
+```
+Value (string):
+```
+<enabled/> or <disabled/>
+```
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Notifications/VirtualReality_Locked
+```
+Value (string):
+```
+<enabled/> or <disabled/>
+```
 #### macOS
 ```
 <dict>
@@ -3681,6 +3750,149 @@ Value (string):
 }
 ```
 ### Preferences
+Set and lock preferences.
+
+Previously you could only set and lock a subset of preferences. Starting with Firefox 81 and Firefox ESR 78.3 you can set many more preferences. You can also set default preferences, user preferences and you can clear preferences.
+
+Preferences that start with the following prefixes are supported:
+```
+accessibility.
+browser.
+datareporting.policy.
+dom.
+extensions.
+geo.
+intl.
+layout.
+media.
+network.
+places.
+print.
+ui.
+widget.
+```
+as well as the following security preferences:
+```
+security.default_personal_cert
+security.insecure_connection_text.enabled
+security.insecure_connection_text.pbmode.enabled
+security.insecure_field_warning.contextual.enabled
+security.mixed_content.block_active_content
+security.osclientcerts.autoload
+security.ssl.errorReporting.enabled
+security.tls.hello_downgrade_check
+security.warn_submit_secure_to_insecure
+```
+Using the preference as the key, set the `Value` to the corresponding preference value.
+
+`Status` can be "default", "locked", "user" or "clear"
+
+If a value is locked, it is also set as the default.
+
+User preferences persist across invocations of Firefox.
+
+See the examples below for more detail.
+
+IMPORTANT: Make sure you're only setting a particular preference using this mechanism and not some other way.
+
+Status
+**Compatibility:** Firefox 81, Firefox ESR 78.3\
+**CCK2 Equivalent:** `preferences`\
+**Preferences Affected:** Many
+
+#### Windows (GPO)
+```
+Software\Policies\Mozilla\Firefox\Preferences (REG_MULTI_SZ) =
+{
+  "accessibility.force_disabled": {
+    "Value": 1,
+    "Status": "default"
+  },
+  "browser.cache.disk.parent_directory": {
+    "Value": "SOME_NATIVE_PATH",
+    "Status": "user"
+  },
+  "browser.tabs.warnOnClose": {
+    "Value": false,
+    "Status": "locked"
+  }
+}
+```
+#### Windows (Intune)
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/Preferences
+```
+Value (string):
+```
+<enabled/>
+<data id="Preferences" value='
+{
+  "accessibility.force_disabled": {
+    "Value": 1,
+    "Status": "default"
+  },
+  "browser.cache.disk.parent_directory": {
+    "Value": "SOME_NATIVE_PATH",
+    "Status": "user"
+  },
+  "browser.tabs.warnOnClose": {
+    "Value": false,
+    "Status": "locked"
+  }
+}'/>
+```
+#### macOS
+```
+<dict>
+  <key>Preferences</key>
+  <dict>
+    <key>accessibility.force_disabled</key>
+    <dict>
+      <key>Value</key>
+      <integer>1</integer>
+      <key>Status</key>
+      <string>default</string>
+    </dict>
+    <key>browser.cache.disk.parent_directory</key>
+    <dict>
+      <key>Value</key>
+      <string>SOME_NATIVE_PATH</string>
+      <key>Status</key>
+      <string>user</string>
+    </dict>
+    <key>browser.tabs.warnOnClose</key>
+    <dict>
+      <key>Value</key>
+      <false/>
+      <key>Status</key>
+      <string>locked</string>
+    </dict>
+  </dict>
+</dict>
+```
+#### policies.json
+```
+{
+  "policies": {
+    "Preferences": {
+      "accessibility.force_disabled": {
+        "Value": 1,
+        "Status": "default"
+      },
+      "browser.cache.disk.parent_directory": {
+        "Value": "SOME_NATIVE_PATH",
+        "Status": "user"
+      },
+      "browser.tabs.warnOnClose": {
+        "Value": false,
+        "Status": "locked"
+      }
+    }
+  }
+}
+```
+### Preferences (Deprecated)
 Set and lock certain preferences.
 
 **Compatibility:** See below\
@@ -3706,7 +3918,7 @@ Set and lock certain preferences.
 | browser.fixup.dns_first_for_single_words | boolean | Firefox 68, Firefox ESR 68 | false
 | &nbsp;&nbsp;&nbsp;&nbsp;If true, single words are sent to DNS, not directly to search.
 | browser.newtabpage.activity-stream.default.sites | string | Firefox 72, ESR 68.4 | Locale dependent
-| &nbsp;&nbsp;&nbsp;&nbsp;If set, a list of URLs to use as the default top sites on the new tab page.
+| &nbsp;&nbsp;&nbsp;&nbsp;If set, a list of URLs to use as the default top sites on the new tab page. Due to Firefox limitations, search sites can't be added. In addition, sites with the same name but different TLDs (example.org/example.com) will not display properly.
 | browser.places.importBookmarksHTML | boolean | Firefox 70, Firefox ESR 68.2
 | &nbsp;&nbsp;&nbsp;&nbsp;If true, bookmarks are always imported on startup.
 | browser.safebrowsing.phishing.enabled | boolean | Firefox 70, Firefox ESR 68.2 | true
@@ -4448,7 +4660,7 @@ Software\Policies\Mozilla\Firefox\SearchSuggestEnabled = 0x1 | 0x0
 #### Windows (Intune)
 OMA-URI:
 ```
-./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/SearchSuggestEnabled
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Search/SearchSuggestEnabled
 ```
 Value (string):
 ```

patrick-canterino.de