X-Git-Url: https://git.p6c8.net/policy-templates.git/blobdiff_plain/0f1242f9df53feb73bd8956d7d4a97b6f30c7e9c..7d2872c68ea39b0dce6da4c644aa65597a5aa894:/README.md
diff --git a/README.md b/README.md
index 4588fb0..9dc5938 100644
--- a/README.md
+++ b/README.md
@@ -31,6 +31,7 @@ Policies can be specified using the Group Policy templates on Windows (https://g
| **[`DisableFormHistory`](#disableformhistory)** | Turn off saving information on web forms and the search bar.
| **[`DisablePocket`](#disablepocket)** | Remove Pocket in the Firefox UI.
| **[`DisablePrivateBrowsing`](#disableprivatebrowsing)** | Remove access to private browsing.
+| **[`DisablePasswordReveal`](#disablepasswordreveal)** | Do not allow passwords to be revealed in saved logins.
| **[`DisableProfileImport`](#disableprofileimport)** | Disables the "Import data from another browser" option in the bookmarks window.
| **[`DisableProfileRefresh`](#disableprofilerefresh)** | Disable the Refresh Firefox button on about:support and support.mozilla.org
| **[`DisableSafeMode`](#disablesafemode)** | Disable safe mode within the browser.
@@ -38,7 +39,8 @@ Policies can be specified using the Group Policy templates on Windows (https://g
| **[`DisableSystemAddonUpdate`](#disablesystemaddonupdate)** | Prevent system add-ons from being installed or update.
| **[`DisableTelemetry`](#disabletelemetry)** | DisableTelemetry
| **[`DisplayBookmarksToolbar`](#displaybookmarkstoolbar)** | Set the initial state of the bookmarks toolbar.
-| **[`DisplayMenuBar`](#displaymenubar)** | Set the initial state of the menubar.
+| **[`DisplayMenuBar (Deprecated)`](#displaymenubar-deprecated)** | Set the initial state of the menubar.
+| **[`DisplayMenuBar`](#displaymenubar)** | Set the state of the menubar.
| **[`DNSOverHTTPS`](#dnsoverhttps)** | Configure DNS over HTTPS.
| **[`DontCheckDefaultBrowser`](#dontcheckdefaultbrowser)** | Don't check if Firefox is the default browser at startup.
| **[`DefaultDownloadDirectory`](#defaultdownloaddirectory)** | Set the default download directory.
@@ -82,6 +84,7 @@ Policies can be specified using the Group Policy templates on Windows (https://g
| **[`SSLVersionMax`](#sslversionmax)** | Set and lock the maximum version of TLS.
| **[`SSLVersionMin`](#sslversionmin)** | Set and lock the minimum version of TLS.
| **[`SupportMenu`](#supportmenu)** | Add a menuitem to the help menu for specifying support information.
+| **[`UserMessaging`](#usermessaging)** | Don't show certain messages to the user.
| **[`WebsiteFilter`](#websitefilter)** | Block websites from being visited.
### AppUpdateURL
@@ -761,7 +764,7 @@ Software\Policies\Mozilla\Firefox\DisableFirefoxAccounts = 0x1 | 0x0
Disable Firefox studies (Shield).
**Compatibility:** Firefox 60, Firefox ESR 60\
-**CCK2 Equivalent:** `disableForget`\
+**CCK2 Equivalent:** N/A\
**Preferences Affected:** N/A
#### Windows (GPO)
@@ -1112,7 +1115,7 @@ Software\Policies\Mozilla\Firefox\DisplayBookmarksToolbar = 0x1 | 0x0
}
}
```
-### DisplayMenuBar
+### DisplayMenuBar (Deprecated)
Set the initial state of the menubar. A user can still hide it and it will stay hidden.
**Compatibility:** Firefox 60, Firefox ESR 60 (Windows, some Linux)\
@@ -1138,6 +1141,40 @@ Software\Policies\Mozilla\Firefox\DisplayMenuBar = 0x1 | 0x0
}
}
```
+### DisplayMenuBar
+Set the state of the menubar.
+
+`always` means the menubar is shown and cannot be hidden.
+
+`never` means the menubar is hidden and cannot be shown.
+
+`default-on` means the menubar is on by default but can be hidden.
+
+`default-off` means the menubar is off by default but can be shown.
+
+**Compatibility:** Firefox 73, Firefox ESR 68.5 (Windows, some Linux)\
+**CCK2 Equivalent:** `displayMenuBar`\
+**Preferences Affected:** N/A
+
+#### Windows (GPO)
+```
+Software\Policies\Mozilla\Firefox\DisplayMenuBar = "always", "never", "default-on", "default-off"
+```
+#### macOS
+```
+
+ DisplayMenuBar
+ always | never | default-on | default-off
+
+```
+#### policies.json
+```
+{
+ "policies": {
+ "DisplayMenuBar": "always", "never", "default-on", "default-off"
+ }
+}
+```
### DNSOverHTTPS
Configure DNS over HTTPS.
@@ -1290,8 +1327,10 @@ If `Cryptomining` is set to true, cryptomining scripts on websites are blocked.
If `Fingerprinting` is set to true, fingerprinting scripts on websites are blocked.
-**Compatibility:** Firefox 60, Firefox ESR 60 (Cryptomining and Fingerprinting added in 70/68.2)\
-**CCK2 Equivalent:** `dontCheckDefaultBrowser`\
+`Exceptions` are origins for which tracking protection is not enabled.
+
+**Compatibility:** Firefox 60, Firefox ESR 60 (Cryptomining and Fingerprinting added in 70/68.2, Exceptions added in 73/68.5)\
+**CCK2 Equivalent:** N/A\
**Preferences Affected:** `privacy.trackingprotection.enabled`,`privacy.trackingprotection.pbmode.enabled`,`privacy.trackingprotection.cryptomining.enabled`,`privacy.trackingprotection.fingerprinting.enabled`
#### Windows (GPO)
@@ -1300,6 +1339,7 @@ Software\Policies\Mozilla\Firefox\EnableTrackingProtection\Value = 0x1 | 0x0
Software\Policies\Mozilla\Firefox\EnableTrackingProtection\Locked = 0x1 | 0x0
Software\Policies\Mozilla\Firefox\EnableTrackingProtection\Cryptomining = 0x1 | 0x0
Software\Policies\Mozilla\Firefox\EnableTrackingProtection\Fingerprinting = 0x1 | 0x0
+Software\Policies\Mozilla\Firefox\EnableTrackingProtection\Exceptions\1 = "https://example.com"
```
#### macOS
```
@@ -1308,12 +1348,16 @@ Software\Policies\Mozilla\Firefox\EnableTrackingProtection\Fingerprinting = 0x1
Value
|
-
+
|
-
+
|
-
+
|
+ Exceptions
+
+ https://example.com
+
```
@@ -1325,7 +1369,8 @@ Software\Policies\Mozilla\Firefox\EnableTrackingProtection\Fingerprinting = 0x1
"Value": [true, false],
"Locked": [true, false],
"Cryptomining": [true, false],
- "Fingerprinting": [true, false]
+ "Fingerprinting": [true, false],
+ "Exceptions": ["https://example.com"]
}
}
```
@@ -1977,7 +2022,7 @@ Remove access to the password manager via preferences and blocks about:logins on
**Compatibility:** Firefox 70, Firefox ESR 60.2\
**CCK2 Equivalent:** N/A\
-**Preferences Affected:** `prefs.privacy.disable_button.view_passwords`
+**Preferences Affected:** `pref.privacy.disable_button.view_passwords`
#### Windows (GPO)
```
@@ -1999,7 +2044,7 @@ Software\Policies\Mozilla\Firefox\PasswordManagerEnabled = 0x1 | 0x0
}
```
### Permissions
-Set permissions associated with camera, microphone, location, and notifications. Because these are origins, not domains, entries with unique ports must be specified separately. See examples below.
+Set permissions associated with camera, microphone, location, notifications, and autoplay. Because these are origins, not domains, entries with unique ports must be specified separately. See examples below.
`Allow` is a list of origins where the feature is allowed.
@@ -2009,7 +2054,7 @@ Set permissions associated with camera, microphone, location, and notifications.
`Locked` prevents the user from changing preferences for the feature.
-**Compatibility:** Firefox 62, Firefox ESR 60.2\
+**Compatibility:** Firefox 62, Firefox ESR 60.2 (Autoplay added in Firefox 74, Firefox ESR 68.6\
**CCK2 Equivalent:** N/A\
**Preferences Affected:** `permissions.default.camera`,`permissions.default.microphone`,`permissions.default.geo`,`permissions.default.desktop-notification`
@@ -2032,6 +2077,8 @@ Software\Policies\Mozilla\Firefox\Permissions\Notifications\Allow\1 = "https://e
Software\Policies\Mozilla\Firefox\Permissions\Notifications\Block\1 = "https://example.edu"
Software\Policies\Mozilla\Firefox\Permissions\Notifications\BlockNewRequests = 0x1 | 0x0
Software\Policies\Mozilla\Firefox\Permissions\Notifications\Locked = 0x1 | 0x0
+Software\Policies\Mozilla\Firefox\Permissions\Autoplay\Allow\1 = "https://example.org"
+Software\Policies\Mozilla\Firefox\Permissions\Autoplay\Block\1 = "https://example.edu"
```
#### macOS
```
@@ -2099,6 +2146,17 @@ Software\Policies\Mozilla\Firefox\Permissions\Notifications\Locked = 0x1 | 0x0
Locked
+ Autoplay
+
+ Allow
+
+ https://example.org
+
+ Block
+
+ https://example.edu
+
+
```
@@ -2130,6 +2188,10 @@ Software\Policies\Mozilla\Firefox\Permissions\Notifications\Locked = 0x1 | 0x0
"Block": ["https://example.edu"],
"BlockNewRequests": true | false,
"Locked": true | false
+ },
+ "Autoplay": {
+ "Allow": ["https://example.org"],
+ "Block": ["https://example.edu"]
}
}
}
@@ -2246,6 +2308,10 @@ Set and lock certain preferences.
| See https://support.mozilla.org/en-US/kb/dom-events-changes-introduced-firefox-66
| dom.keyboardevent.keypress.hack.use_legacy_keycode_and_charcode.addl | string | Firefox 68, Firefox ESR 68 | N/A
| See https://support.mozilla.org/en-US/kb/dom-events-changes-introduced-firefox-66
+| dom.xmldocument.load.enabled | boolean | Firefox ESR 68.5 | true.
+| If false, XMLDocument.load is not available.
+| dom.xmldocument.async.enabled | boolean | Firefox ESR 68.5 | true
+| If false, XMLDocument.async is not available.
| extensions.blocklist.enabled | boolean | Firefox 70, Firefox ESR 68.2 | true
| If false, the extensions blocklist is not used (Not recommended)
| extensions.getAddons.showPane | boolean | Firefox 68, Firefox ESR 68 | N/A
@@ -2321,7 +2387,7 @@ Software\Policies\Mozilla\Firefox\Preferences\string_preference_name = "string_v
Ask where to save each file before downloading.
**Compatibility:** Firefox 68, Firefox ESR 68\
-**CCK2 Equivalent:** N/A
+**CCK2 Equivalent:** N/A\
**Preferences Affected:** `browser.download.useDownloadDir`
#### Windows (GPO)
@@ -2396,7 +2462,7 @@ Software\Policies\Mozilla\Firefox\Proxy\UseProxyForDNS = 0x1 | 0x0
Proxy
Mode
- none | system | manual | autoDetect| autoConfig
+ none | system | manual | autoDetect | autoConfig
Locked
|
HTTPProxy
@@ -2497,7 +2563,9 @@ or
### SanitizeOnShutdown (Selective)
Clear data on shutdown. Choose from Cache, Cookies, Download History, Form & Search History, Browsing History, Active Logins, Site Preferences and Offline Website Data.
-**Compatibility:** Firefox 68, Firefox ESR 68\
+Previously, these values were always locked. Starting with Firefox 74 and Firefox ESR 68.6, you can use the `Locked` option to either keep the values unlocked (set it to false), or lock only the values you set (set it to true). If you want the old behavior of locking everything, do not set `Locked` at all.
+
+**Compatibility:** Firefox 68, Firefox ESR 68 (Locked added in 74/68.6)\
**CCK2 Equivalent:** N/A\
**Preferences Affected:** `privacy.sanitize.sanitizeOnShutdown`,`privacy.clearOnShutdown.cache`,`privacy.clearOnShutdown.cookies`,`privacy.clearOnShutdown.downloads`,`privacy.clearOnShutdown.formdata`,`privacy.clearOnShutdown.history`,`privacy.clearOnShutdown.sessions`,`privacy.clearOnShutdown.siteSettings`,`privacy.clearOnShutdown.offlineApps`
#### Windows (GPO)
@@ -2510,6 +2578,7 @@ Software\Policies\Mozilla\Firefox\SanitizeOnShutdown\History = 0x1 | 0x0
Software\Policies\Mozilla\Firefox\SanitizeOnShutdown\Sessions = 0x1 | 0x0
Software\Policies\Mozilla\Firefox\SanitizeOnShutdown\SiteSettings = 0x1 | 0x0
Software\Policies\Mozilla\Firefox\SanitizeOnShutdown\OfflineApps = 0x1 | 0x0
+Software\Policies\Mozilla\Firefox\SanitizeOnShutdown\Locked = 0x1 | 0x0
```
#### macOS
```
@@ -2532,6 +2601,8 @@ Software\Policies\Mozilla\Firefox\SanitizeOnShutdown\OfflineApps = 0x1 | 0x0
|
OfflineApps
|
+ Locked
+ |
```
@@ -2547,7 +2618,8 @@ Software\Policies\Mozilla\Firefox\SanitizeOnShutdown\OfflineApps = 0x1 | 0x0
"History": true | false,
"Sessions": true | false,
"SiteSettings": true | false,
- "OfflineApps": true | false
+ "OfflineApps": true | false,
+ "Locked": true | false
}
}
}
@@ -2950,6 +3022,58 @@ Software\Policies\Mozilla\Firefox\SupportMenu\AccessKey = "S"
}
}
```
+### UserMessaging
+
+Prevent installing search engines from webpages.
+
+`WhatsNew` Remove the "What's New" icon and menuitem. (Firefox 75 only)
+
+`ExtensionRecommendations` Don't recommend extensions.
+
+`FeatureRecommendations` Don't recommend browser features.
+
+`UrlbarInterventions` Don't offer Firefox specific suggestions in the URL bar. (Firefox 75 only)
+
+**Compatibility:** Firefox 75, Firefox ESR 68.7\
+**CCK2 Equivalent:** N/A\
+**Preferences Affected:** `browser.messaging-system.whatsNewPanel.enabled`,`browser.newtabpage.activity-stream.asrouter.userprefs.cfr.addons`,`browser.newtabpage.activity-stream.asrouter.userprefs.cfr.features`
+
+#### Windows (GPO)
+```
+Software\Policies\Mozilla\Firefox\UserMessaging\WhatsNew = 0x1 | 0x0
+Software\Policies\Mozilla\Firefox\UserMessaging\ExtensionRecommendations = 0x1 | 0x0
+Software\Policies\Mozilla\Firefox\UserMessaging\FeatureRecommendations = 0x1 | 0x0
+Software\Policies\Mozilla\Firefox\UserMessaging\UrlbarInterventions = 0x1 | 0x0
+```
+#### macOS
+```
+
+ UserMessaging
+
+ WhatsNew
+ |
+ ExtensionRecommendations
+ |
+ FeatureRecommendations
+ |
+ UrlbarInterventions
+ |
+
+
+```
+#### policies.json
+```
+{
+ "policies": {
+ "UserMessaging": {
+ "WhatsNew": true | false,
+ "ExtensionRecommendations": true | false,
+ "FeatureRecommendations": true | false,
+ "UrlbarInterventions": true | false
+ }
+ }
+}
+```
### WebsiteFilter
Block websites from being visited. The parameters take an array of Match Patterns, as documented in https://developer.mozilla.org/en-US/Add-ons/WebExtensions/Match_patterns. Only http/https addresses are supported at the moment. The arrays are limited to 1000 entries each.
@@ -2959,8 +3083,8 @@ Block websites from being visited. The parameters take an array of Match Pattern
#### Windows (GPO)
```
-Software\Policies\Mozilla\Firefox\WebsiteFilters\Block\1 = ""
-Software\Policies\Mozilla\Firefox\WebsiteFilters\Exceptions\1 = "http://example.org/*"
+Software\Policies\Mozilla\Firefox\WebsiteFilter\Block\1 = ""
+Software\Policies\Mozilla\Firefox\WebsiteFilter\Exceptions\1 = "http://example.org/*"
```
#### macOS
```