X-Git-Url: https://git.p6c8.net/policy-templates.git/blobdiff_plain/2b825a0df95e71cf5cf02417a6f460962a5e9087..3a65c2046dafa7afdbdd64bd02389f8fc36952de:/README.md?ds=inline
diff --git a/README.md b/README.md
index 3da66d3..50b9a4b 100644
--- a/README.md
+++ b/README.md
@@ -59,8 +59,10 @@ Policies can be specified using the Group Policy templates on Windows (https://g
| **[`NewTabPage`](#newtabpage)** | Enable or disable the New Tab page.
| **[`NoDefaultBookmarks`](#nodefaultbookmarks)** | Disable the creation of default bookmarks.
| **[`OfferToSaveLogins`](#offertosavelogins)** | Control whether or not Firefox offers to save passwords.
+| **[`OfferToSaveLoginsDefault`](#offertosaveloginsdefault)** | Set the default value for whether or not Firefox offers to save passwords.
| **[`OverrideFirstRunPage`](#overridefirstrunpage)** | Override the first run page.
| **[`OverridePostUpdatePage`](#overridepostupdatepage)** | Override the upgrade page.
+| **[`PasswordManagerEnabled`](#passwordmanagerenabled)** | Remove (some) access to the password manager.
| **[`Permissions`](#permissions)** | Set permissions associated with camera, microphone, location, and notifications.
| **[`PopupBlocking`](#popupblocking)** | Configure the default pop-up window policy as well as origins for which pop-up windows are allowed.
| **[`Preferences`](#preferences)** | Set and lock some preferences.
@@ -115,9 +117,9 @@ Configure sites that support integrated authentication.
See https://developer.mozilla.org/en-US/docs/Mozilla/Integrated_authentication for more information.
-**Compatibility:** Firefox 60, Firefox ESR 60 (AllowNonFQDN added in 62/60.2)\
+**Compatibility:** Firefox 60, Firefox ESR 60 (AllowNonFQDN added in 62/60.2, AllowProxies added in 70/68.2)\
**CCK2 Equivalent:** N/A\
-**Preferences Affected:** `network.negotiate-auth.trusted-uris`, `network.negotiate-auth.delegation-uris`, `network.automatic-ntlm-auth.trusted-uris`, `network.automatic-ntlm-auth.allow-non-fqdn`, `network.negotiate-auth.allow-non-fqdn`
+**Preferences Affected:** `network.negotiate-auth.trusted-uris`,`network.negotiate-auth.delegation-uris`,`network.automatic-ntlm-auth.trusted-uris`,`network.automatic-ntlm-auth.allow-non-fqdn`,`network.negotiate-auth.allow-non-fqdn`,`network.automatic-ntlm-auth.allow-proxies`,`network.negotiate-auth.allow-proxies`
#### Windows
```
@@ -129,6 +131,8 @@ Software\Policies\Mozilla\Firefox\Authentication\NTLM\1 = "mydomain.com"
Software\Policies\Mozilla\Firefox\Authentication\NTLM\2 = "https://myotherdomain.com"
Software\Policies\Mozilla\Firefox\Authentication\AllowNonFQDN\SPNEGO = 0x1 | 0x0
Software\Policies\Mozilla\Firefox\Authentication\AllowNonFQDN\NTLM = 0x1 | 0x0
+Software\Policies\Mozilla\Firefox\Authentication\AllowProxies\SPNEGO = 0x1 | 0x0
+Software\Policies\Mozilla\Firefox\Authentication\AllowProxies\NTLM = 0x1 | 0x0
```
#### macOS
```
@@ -157,6 +161,13 @@ Software\Policies\Mozilla\Firefox\Authentication\AllowNonFQDN\NTLM = 0x1 | 0x0
NTLM
|
+ AllowProxies
+
+ SPNEGO
+ |
+ NTLM
+ |
+
```
@@ -171,6 +182,10 @@ Software\Policies\Mozilla\Firefox\Authentication\AllowNonFQDN\NTLM = 0x1 | 0x0
"AllowNonFQDN": {
"SPNEGO": true | false,
"NTLM": true | false
+ },
+ "AllowProxies": {
+ "SPNEGO": true | false,
+ "NTLM": true | false
}
}
}
@@ -1240,14 +1255,20 @@ If `Value` is set to false, tracking protection is disabled and locked in both t
If `Value` is set to true, tracking protection is enabled by default in both the regular browser and private browsing and the `Locked` value determines whether or not a user can change it.
-**Compatibility:** Firefox 60, Firefox ESR 60\
+If `Cryptomining` is set to true, cryptomining scripts on websites are blocked.
+
+If `Fingerprinting` is set to true, fingerprinting scripts on websites are blocked.
+
+**Compatibility:** Firefox 60, Firefox ESR 60 (Cryptomining and Fingerprinting added in 70/68.2)\
**CCK2 Equivalent:** `dontCheckDefaultBrowser`\
-**Preferences Affected:** `privacy.trackingprotection.enabled`,`privacy.trackingprotection.pbmode.enabled`
+**Preferences Affected:** `privacy.trackingprotection.enabled`,`privacy.trackingprotection.pbmode.enabled`,`privacy.trackingprotection.cryptomining.enabled`,`privacy.trackingprotection.fingerprinting.enabled`
#### Windows
```
Software\Policies\Mozilla\Firefox\EnableTrackingProtection\Value = 0x1 | 0x0
Software\Policies\Mozilla\Firefox\EnableTrackingProtection\Locked = 0x1 | 0x0
+Software\Policies\Mozilla\Firefox\EnableTrackingProtection\Cryptomining = 0x1 | 0x0
+Software\Policies\Mozilla\Firefox\EnableTrackingProtection\Fingerprinting = 0x1 | 0x0
```
#### macOS
```
@@ -1256,9 +1277,12 @@ Software\Policies\Mozilla\Firefox\EnableTrackingProtection\Locked = 0x1 | 0x0
Value
|
-
|
+
+ |
+
+ |
```
@@ -1268,7 +1292,9 @@ Software\Policies\Mozilla\Firefox\EnableTrackingProtection\Locked = 0x1 | 0x0
"policies": {
"EnableTrackingProtection": {
"Value": [true, false],
- "Locked": [true, false]
+ "Locked": [true, false],
+ "Cryptomining": [true, false],
+ "Fingerprinting": [true, false]
}
}
```
@@ -1824,6 +1850,32 @@ Software\Policies\Mozilla\Firefox\OfferToSaveLogins = 0x1 | 0x0
}
}
```
+### OfferToSaveLoginsDefault
+Sets the default value of signon.rememberSignons without locking it.
+
+**Compatibility:** Firefox 70, Firefox ESR 60.2\
+**CCK2 Equivalent:** `dontRememberPasswords`\
+**Preferences Affected:** `signon.rememberSignons`
+
+#### Windows
+```
+Software\Policies\Mozilla\Firefox\OfferToSaveLoginsDefault = 0x1 | 0x0
+```
+#### macOS
+```
+
+ OfferToSaveLoginsDefault
+ |
+
+```
+#### JSON
+```
+{
+ "policies": {
+ "OfferToSaveLoginsDefault": true | false
+ }
+}
+```
### OverrideFirstRunPage
Override the first run page. If the value is blank, no first run page is displayed.
@@ -1874,6 +1926,32 @@ Software\Policies\Mozilla\Firefox\OverridePostUpdatePage = "http://example.org"
"OverridePostUpdatePage": "http://example.org"
}
```
+### PasswordManagerEnabled
+Remove access to the password manager via preferences and blocks about:logins on Firefox 70.
+
+**Compatibility:** Firefox 70, Firefox ESR 60.2\
+**CCK2 Equivalent:** N/A\
+**Preferences Affected:** `prefs.privacy.disable_button.view_passwords`
+
+#### Windows
+```
+Software\Policies\Mozilla\Firefox\PasswordManagerEnabled = 0x1 | 0x0
+```
+#### macOS
+```
+
+ PasswordManagerEnabled
+ |
+
+```
+#### JSON
+```
+{
+ "policies": {
+ "PasswordManagerEnabled": true | false
+ }
+}
+```
### Permissions
Set permissions associated with camera, microphone, location, and notifications
@@ -2068,53 +2146,85 @@ Set and lock certain preferences.
| Preference | Type | Compatibility | Default
| --- | --- | --- | ---
-| app.update.auto | boolean | Firefox 68, Firefox 68 ESR | true
+| accessibility.force_disabled | integer | Firefox 70, Firefox ESR 68.2 | 0
+| If set to 1, platform accessibility is disabled.
+| app.update.auto | boolean | Firefox 68, Firefox ESR 68 | true
| If false, Firefox doesn't automatically install update.
-| browser.cache.disk.enable | boolean | Firefox 68, Firefox 68 ESR | true
+| browser.bookmarks.autoExportHTML | boolean | Firefox 70, Firefox ESR 68.2 | false
+| If true, bookmarks are exported on shutdown.
+| browser.bookmarks.file | string | Firefox 70, Firefox ESR 68.2 | N/A
+| If set, the name of the file where bookmarks are exported and imported.
+| browser.bookmarks.restore_default_bookmarks | string | Firefox 70, Firefox ESR 68.2 | N/A
+| If true, bookmarks are restored to their defaults.
+| browser.cache.disk.enable | boolean | Firefox 68, Firefox ESR 68 | true
| If false, don't store cache on the hard drive.
-| browser.cache.disk.parent_directory | string | Firefox 68, Firefox 68 ESR | Profile temporary directory
+| browser.cache.disk.parent_directory | string | Firefox 68, Firefox ESR 68 | Profile temporary directory
| If set, changes the location of the disk cache.
-| browser.fixup.dns_first_for_single_words | boolean | Firefox 68, Firefox 68 ESR | false
+| browser.fixup.dns_first_for_single_words | boolean | Firefox 68, Firefox ESR 68 | false
| If true, single words are sent to DNS, not directly to search.
-| browser.search.update | boolean | Firefox 68, Firefox 68 ESR | true
+| browser.places.importBookmarksHTML | string | Firefox 70, Firefox ESR 68.2
+| If true, bookmarks are always imported on startup.
+| browser.safebrowsing.phishing.enabled | string | Firefox 70, Firefox ESR 68.2 | true
+| If false, phishing protection is not enabled (Not recommended)
+| browser.safebrowsing.malware.enabled | string | Firefox 70, Firefox ESR 68.2 | true
+| IF false, malware protection is not enabled (Not recommended)
+| browser.search.update | boolean | Firefox 68, Firefox ESR 68 | true
| If false, updates for search engines are not checked.
-| browser.tabs.warnOnClose | boolean | Firefox 68, Firefox 68 ESR | true
+| browser.slowStartup.notificationDisabled | string | Firefox 70, Firefox ESR 68.2 | false
+| If true, a notification isn't shown if startup is slow.
+| browser.tabs.warnOnClose | boolean | Firefox 68, Firefox ESR 68 | true
| If false, there is no warning when the browser is closed.
-| browser.urlbar.suggest.bookmark | boolean | Firefox 68, Firefox 68 ESR | true
+| browser.taskbar.previews.enable | string | Firefox 70, Firefox ESR 68.2 (Windows only) | false
+| If true, tab previews are shown in the Windows taskbar.
+| browser.urlbar.suggest.bookmark | boolean | Firefox 68, Firefox ESR 68 | true
| If false, bookmarks aren't suggested when typing in the URL bar.
-| browser.urlbar.suggest.history | boolean | Firefox 68, Firefox 68 ESR | true
+| browser.urlbar.suggest.history | boolean | Firefox 68, Firefox ESR 68 | true
| If false, history isn't suggested when typing in the URL bar.
-| browser.urlbar.suggest.openpage | boolean | Firefox 68, Firefox 68 ESR | true
+| browser.urlbar.suggest.openpage | boolean | Firefox 68, Firefox ESR 68 | true
| If false, open tabs aren't suggested when typing in the URL bar.
-| datareporting.policy.dataSubmissionPolicyBypassNotification | boolean | Firefox 68, Firefox 68 ESR | false
+| datareporting.policy.dataSubmissionPolicyBypassNotification | boolean | Firefox 68, Firefox ESR 68 | false
| If true, don't show the privacy policy tab on first run.
-| dom.disable_window_flip | boolean | Firefox 68, Firefox 68 ESR | true
+| dom.allow_scripts_to_close_windows | string | Firefox 70, Firefox ESR 68.2 | false
+| If false, web page can close windows.
+| dom.disable_window_flip | boolean | Firefox 68, Firefox ESR 68 | true
| If false, web pages can focus and activate windows.
-| dom.disable_window_move_resize | boolean | Firefox 68, Firefox 68 ESR | false
+| dom.disable_window_move_resize | boolean | Firefox 68, Firefox ESR 68 | false
| If true, web pages can't move or resize windows.
-| dom.event.contextmenu.enabled | boolean | Firefox 68, Firefox 68 ESR | true
+| dom.event.contextmenu.enabled | boolean | Firefox 68, Firefox ESR 68 | true
| If false, web pages can't override context menus.
-| dom.keyboardevent.keypress.hack.dispatch_non_printable_keys.addl | string | Firefox 68, Firefox 68 ESR | N/A
+| dom.keyboardevent.keypress.hack.dispatch_non_printable_keys.addl | string | Firefox 68, Firefox ESR 68 | N/A
| See https://support.mozilla.org/en-US/kb/dom-events-changes-introduced-firefox-66
-| dom.keyboardevent.keypress.hack.use_legacy_keycode_and_charcode.addl | string | Firefox 68, Firefox 68 ESR | N/A
+| dom.keyboardevent.keypress.hack.use_legacy_keycode_and_charcode.addl | string | Firefox 68, Firefox ESR 68 | N/A
| See https://support.mozilla.org/en-US/kb/dom-events-changes-introduced-firefox-66
-| extensions.getAddons.showPane | boolean | Firefox 68, Firefox 68 ESR | N/A
+| extensions.blocklist.enabled | string | Firefox 70, Firefox ESR 68.2 | true
+| If false, the extensions blocklist is not used (Not recommended)
+| extensions.getAddons.showPane | boolean | Firefox 68, Firefox ESR 68 | N/A
| If false, the Recommendations tab is not displayed in the Add-ons Manager.
-| media.gmp-gmpopenh264.enabled | boolean | Firefox 68, Firefox 68 ESR | true
+| geo.enabled | string | Firefox 70, Firefox ESR 68.2 | true
+| If false, the geolocation API is disabled. | Language dependent
+| intl.accept_languages | string | Firefox 70, Firefox ESR 68.2
+| If set, preferred language for web pages.
+| media.eme.enabled | string | Firefox 70, Firefox ESR 68.2 | true
+| If false, Encrypted Media Extensions are not enabled.
+| media.gmp-gmpopenh264.enabled | boolean | Firefox 68, Firefox ESR 68 | true
| If false, the OpenH264 plugin is not downloaded.
-| media.gmp-widevinecdm.enabled | boolean | Firefox 68, Firefox 68 ESR | true
+| media.gmp-widevinecdm.enabled | boolean | Firefox 68, Firefox ESR 68 | true
| If false, the Widevine plugin is not downloaded.
-| network.dns.disableIPv6 | boolean | Firefox 68, Firefox 68 ESR | false
+| network.dns.disableIPv6 | boolean | Firefox 68, Firefox ESR 68 | false
| If true, IPv6 DNS lokoups are disabled.
-| network.IDN_show_punycode | boolean | Firefox 68, Firefox 68 ESR | false
+| network.IDN_show_punycode | boolean | Firefox 68, Firefox ESR 68 | false
| If true, display the punycode version of internationalized domain names.
-| places.history.enabled | boolean | Firefox 68, Firefox 68 ESR | true
+| places.history.enabled | boolean | Firefox 68, Firefox ESR 68 | true
| If false, history is not enabled.
-| security.default_personal_cert | string | Firefox 68, Firefox 68 ESR | Ask Every Time
+| print.save_print_settings | string | Firefox 70, Firefox ESR 68.2 | true
+| If false, print settings are not saved between jobs.
+| security.default_personal_cert | string | Firefox 68, Firefox ESR 68 | Ask Every Time
| If set to Select Automatically, Firefox automatically chooses the default personal certificate.
-| security.ssl.errorReporting.enabled | boolean | Firefox 68, Firefox 68 ESR | true
+| security.mixed_content.block_active_content | string | Firefox 70, Firefox ESR 68.2 | true
+| If false, mixed active content (HTTP and HTTPS) is not blocked.
+| security.ssl.errorReporting.enabled | boolean | Firefox 68, Firefox ESR 68 | true
| If false, SSL errors cannot be sent to Mozilla.
-| ui.key.menuAccessKeyFocuses | boolean | Firefox 68, Firefox 68 ESR | true
+| ui.key.menuAccessKeyFocuses | boolean | Firefox 68, Firefox ESR 68 | true
| If false, the Alt key doesn't show the menubar on Windows.
#### Windows
```