X-Git-Url: https://git.p6c8.net/policy-templates.git/blobdiff_plain/0ecdfca165593ea4d7f5c70d74a0394a2001bc07..302850d96b6e8f82f936fe04d4e5ca893ca198b2:/README.md diff --git a/README.md b/README.md index ca54c36..9938b1a 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,5 @@ -Policies can either be specified using the GPO templates or by putting a file called policies.json in the distribution directory. +Policies can either be specified using the Group Policy templates or by creating a file called policies.json. On Windows, create a directory called distribution where the EXE is located and place the file there. On Mac, the file goes into Firefox.app/Content/Resources/distribution. + The content of the JSON file should look like this: ``` { @@ -7,8 +8,20 @@ The content of the JSON file should look like this: } } ``` -Policies are documented below. - +Policies are documented below. Note that even though comments are used in this file for documentation, comments are not allowed for JSON files. +### Authentication +This policy is for configuring sites that support integrated authentication. See https://developer.mozilla.org/en-US/docs/Mozilla/Integrated_authentication for more information. +``` +{ + "policies": { + "Authentication": { + "SPNEGO": ["mydomain.com", "https://myotherdomain.com"], + "Delegated": ["mydomain.com", "https://myotherdomain.com"], + "NTLM": ["mydomain.com", "https://myotherdomain.com"] + } + } +} +``` ### BlockAboutAddons This policy removes access to about:addons. ``` @@ -44,21 +57,48 @@ This policy removes access to about:support. "BlockAboutSupport": true } ``` -### BlockSetDesktopBackground +### DisableSetDesktopBackground This policy removes the "Set As Desktop Background..." menuitem when right clicking on an image. ``` { "policies": { - "BlockAboutSupport": true + "DisableSetDesktopBackground": true + } +} +``` +### Certificates +This is a Windows only policy that tells Firefox to read certificates from the Windows certificate store. +``` +{ + "policies": { + "Certificates": { + "ImportEnterpriseRoots": [true|false] + } + } +} +``` +### Cookies +This policy controls various settings related to cookies. +``` +{ + "policies": { + "Cookies": { + "Allow": ["http://example.org/"], /* Domains where cookies are always allowed */ + "Block": ["http://example.edu/"], /* Domains where cookies are always blocked */ + "Default": [true|false], /* This sets the default value for "Accept cookies from websites" */ + "AcceptThirdParty": ["always", "never", "from-visited"], /* This sets the default value for "Accept third-party cookies" */ + "ExpireAtSessionEnd": [true|false], /* This determines when cookies expire */ + "Locked": [true|false] /* If this is true, cookies preferences can't be changed */ + } } } ``` -### CreateMasterPassword -This policy removes the master password functionality. +### DisableMasterPasswordCreation +This policy removes the master password functionality if set to true. ``` { "policies": { - "CreateMasterPassword": false + "DisableMasterPasswordCreation": [true|false] } } ``` @@ -125,6 +165,15 @@ This policy disables Firefox studies (Shield) } } ``` +### DisableForgetButton +This policy disables the "Forget" button +``` +{ + "policies": { + "DisableForgetButton": true + } +} +``` ### DisableFormHistory This policy turns off the browser.formfill.enable preferences ``` @@ -152,6 +201,15 @@ This policy removes access to private browsing } } ``` +### DisableProfileRefresh +This policy disables the Refresh Firefox button on about:support and support.mozilla.org. +``` +{ + "policies": { + "DisableProfileRefresh": true + } +} +``` ### DisableSafeMode This policy disables safe mode on Windows only ``` @@ -161,12 +219,33 @@ This policy disables safe mode on Windows only } } ``` -### DisableSysAddonUpdate +### DisableSecurityBypass +This policy prevents the user from bypassign security in certain cases. +``` +{ + "policies": { + "DisableSecurityBypass": { + "InvalidCertificate": [true|false], /* Prevents adding an exception when an invalid certificate is shown */ + "SafeBrowsing": [true|false] /* Prevents selecting "ignore the risk" and visiting a harmful site anyway */ + } + } +} +``` +### DisableSystemAddonUpdate This policy prevents system add-ons from being updated or installed. ``` { "policies": { - "DisableSysAddonUpdate": true + "DisableSystemAddonUpdate": true + } +} +``` +### DisableTelemetry +This policy prevents the upload of telemetry data. Mozilla strongly recommends that you do NOT disable telemetry if you do not have a business need to do so. +``` +{ + "policies": { + "DisableTelemetry": true } } ``` @@ -213,6 +292,19 @@ If Value is set to true, private browsing is enabled by default in both the brow "Locked": [true, false] } ``` +### Extensions +This policy controls the install, uninstall and locking of extensions. Locked extensions cannot be disabled or uninstalled. +For Install, you can specify a list of URLs or paths. +For Uninstall and Locked, you specify extension IDs. +``` +{ + "policies": { + "Extensions": { + "Install": ["https://addons.mozilla.org/firefox/downloads/somefile.xpi", "//path/to/xpi"] + "Uninstall": ["addon_id@mozilla.org"], + "Locked": ["addon_id@mozilla.org"] + } +``` ### NoDefaultBookmarks Don't create the default bookmarks or the Smart Bookmarks (Most Visited, Recent Tags). Note: this policy is only effective if used before the first run of the profile. ``` @@ -222,12 +314,12 @@ Don't create the default bookmarks or the Smart Bookmarks (Most Visited, Recent } } ``` -### RememberPasswords -This policy sets the signon.rememberSignons preference. It can either be enabled or disabled. +### OfferToSaveLogins +This policy sets the signon.rememberSignons preference. It determines whether or not Firefox offers to save passwords. It can either be enabled or disabled. ``` { "policies": { - "RememberPasswords": true + "OfferToSaveLogins": true } } ``` @@ -245,51 +337,62 @@ This policy sets the default homepage value. It can also be used to lock the hom } } ``` -### Popups -This policy sets domains for which popups are allowed +### PopupBlocking +This policy sets domains for which pop-up windows are allowed. It also set the default pop-up policy ``` { "policies": { - "Popups": { + "PopupBlocking": { "Allow": ["http://example.org/", - "http://example.edu/"] + "http://example.edu/"], + "Default": [true|false], /* If this is set to false, pop-up window are enabled by default. */ + "Locked": [true|false] } } } ``` -### InstallAddons -This policy sets domains that can install extensions +### InstallAddonsPermission +This policy sets domains that can install extensions, as well as the default behavior. ``` { "policies": { - "InstallAddons": { + "InstallAddonsPermission": { "Allow": ["http://example.org/", "http://example.edu/"] + "Default": [true|false], /* If this is set to false, add-ons cannot be installed by the user */ } } } ``` -### Cookies -This policy sets domains that can set or not set cookies. +### FlashPlugin +This policy sets the behavior of Flash on the specified domains, as well as the default behavior. ``` { "policies": { - "Cookies": { - "Allow": ["http://example.org/"], - "Block": ["http://example.edu/"] + "FlashPlugin": { + "Allow": ["http://example.org/"], /* Sites on the allow list do not override Flash being completely disabled */ + "Block": ["http://example.edu/"], + "Default": [true|false], /* If this is set to true, flash is always enabled. If it is set to false, Flash is never enabled */ + "Locked": [true|false] } } } ``` -### FlashPlugin -This policy sets domains that can use or not use Flash +### OverrideFirstRunPage +This policy allowed you to override the first run page. If you leave the URL blank, the first run page will not be displayed. ``` { "policies": { - "FlashPlugin": { - "Allow": ["http://example.org/"], - "Block": ["http://example.edu/"] - } + "OverrideFirstRunPage": "http://example.org" + } +} +``` +### OverridePostUpdatePage +This policy allowed you to override the upgrade page page. If you leave the URL blank, the upgrade page will not be displayed. +``` +{ + "policies": { + "OverridePostUpdatePage": "http://example.org" } } ``` @@ -324,7 +427,7 @@ To specify ports, append them to the hostnames with a colon (:). If Locked is se "UseHTTPProxyForAllProtocols": [true, false] "SSLProxy": "hostname", "FTPProxy": "hostname", - "SOCKSProxy": { "hostname", + "SOCKSProxy": "hostname", "SOCKSVersion": [4, 5], "Passthrough": "List of passthrough addresses/domains", "AutoConfigURL": "URL_TO_AUTOCONFIG", @@ -333,3 +436,31 @@ To specify ports, append them to the hostnames with a colon (:). If Locked is se } } ``` +### SanitizeOnShutdown +If this policy is set to true, all data is cleared when Firefox is closed. This includes Browsing & Download History, Cookies, Active Logins, Cache, Form & Search History, Site Preferences and Offline Website Data. +``` +{ + "policies": { + "SanitizeOnShutdown": [true|false] + } +} +``` +### SearchBar +This policy can be used to determine if the search bar is separate or combined with the URL bar. +``` +{ + "policies": { + "SearchBar": ["unified", "separate"] + } +} +``` +### WebsiteFilter +Blocks websites from being visited. The parameters take an array of Match Patterns, as documented in https://developer.mozilla.org/en-US/Add-ons/WebExtensions/Match_patterns. Only http/https accesses are supported at the moment. The arrays are limited to 1000 entries each. +``` +{ + "policies": { + "Block": [""], + "Exceptions": ["http://example.org/*"] + } +} +```