X-Git-Url: https://git.p6c8.net/policy-templates.git/blobdiff_plain/2b825a0df95e71cf5cf02417a6f460962a5e9087..94eb6262b3eaaf3457de6f4e4f0a2fe26c8d06b5:/README.md?ds=inline diff --git a/README.md b/README.md index 3da66d3..1f50b95 100644 --- a/README.md +++ b/README.md @@ -38,7 +38,8 @@ Policies can be specified using the Group Policy templates on Windows (https://g | **[`DisableSystemAddonUpdate`](#disablesystemaddonupdate)** | Prevent system add-ons from being installed or update. | **[`DisableTelemetry`](#disabletelemetry)** | DisableTelemetry | **[`DisplayBookmarksToolbar`](#displaybookmarkstoolbar)** | Set the initial state of the bookmarks toolbar. -| **[`DisplayMenuBar`](#displaymenubar)** | Set the initial state of the menubar. +| **[`DisplayMenuBar (Deprecated)`](#displaymenubar-deprecated)** | Set the initial state of the menubar. +| **[`DisplayMenuBar`](#displaymenubar)** | Set the state of the menubar. | **[`DNSOverHTTPS`](#dnsoverhttps)** | Configure DNS over HTTPS. | **[`DontCheckDefaultBrowser`](#dontcheckdefaultbrowser)** | Don't check if Firefox is the default browser at startup. | **[`DefaultDownloadDirectory`](#defaultdownloaddirectory)** | Set the default download directory. @@ -59,8 +60,10 @@ Policies can be specified using the Group Policy templates on Windows (https://g | **[`NewTabPage`](#newtabpage)** | Enable or disable the New Tab page. | **[`NoDefaultBookmarks`](#nodefaultbookmarks)** | Disable the creation of default bookmarks. | **[`OfferToSaveLogins`](#offertosavelogins)** | Control whether or not Firefox offers to save passwords. +| **[`OfferToSaveLoginsDefault`](#offertosaveloginsdefault)** | Set the default value for whether or not Firefox offers to save passwords. | **[`OverrideFirstRunPage`](#overridefirstrunpage)** | Override the first run page. | **[`OverridePostUpdatePage`](#overridepostupdatepage)** | Override the upgrade page. +| **[`PasswordManagerEnabled`](#passwordmanagerenabled)** | Remove (some) access to the password manager. | **[`Permissions`](#permissions)** | Set permissions associated with camera, microphone, location, and notifications. | **[`PopupBlocking`](#popupblocking)** | Configure the default pop-up window policy as well as origins for which pop-up windows are allowed. | **[`Preferences`](#preferences)** | Set and lock some preferences. @@ -90,7 +93,7 @@ Change the URL for application update. **CCK2 Equivalent:** N/A\ **Preferences Affected:** `app.update.url` -#### Windows +#### Windows (GPO) ``` Software\Policies\Mozilla\Firefox\AppUpdateURL = "https://yoursite.com" ``` @@ -101,7 +104,7 @@ Software\Policies\Mozilla\Firefox\AppUpdateURL = "https://yoursite.com" https://yoursite.com ``` -#### JSON +#### policies.json ``` { "policies": { @@ -115,11 +118,11 @@ Configure sites that support integrated authentication. See https://developer.mozilla.org/en-US/docs/Mozilla/Integrated_authentication for more information. -**Compatibility:** Firefox 60, Firefox ESR 60 (AllowNonFQDN added in 62/60.2)\ +**Compatibility:** Firefox 60, Firefox ESR 60 (AllowNonFQDN added in 62/60.2, AllowProxies added in 70/68.2, Locked added in 71/68.3)\ **CCK2 Equivalent:** N/A\ -**Preferences Affected:** `network.negotiate-auth.trusted-uris`, `network.negotiate-auth.delegation-uris`, `network.automatic-ntlm-auth.trusted-uris`, `network.automatic-ntlm-auth.allow-non-fqdn`, `network.negotiate-auth.allow-non-fqdn` +**Preferences Affected:** `network.negotiate-auth.trusted-uris`,`network.negotiate-auth.delegation-uris`,`network.automatic-ntlm-auth.trusted-uris`,`network.automatic-ntlm-auth.allow-non-fqdn`,`network.negotiate-auth.allow-non-fqdn`,`network.automatic-ntlm-auth.allow-proxies`,`network.negotiate-auth.allow-proxies` -#### Windows +#### Windows (GPO) ``` Software\Policies\Mozilla\Firefox\Authentication\SPNEGO\1 = "mydomain.com" Software\Policies\Mozilla\Firefox\Authentication\SPNEGO\2 = "https://myotherdomain.com" @@ -129,6 +132,9 @@ Software\Policies\Mozilla\Firefox\Authentication\NTLM\1 = "mydomain.com" Software\Policies\Mozilla\Firefox\Authentication\NTLM\2 = "https://myotherdomain.com" Software\Policies\Mozilla\Firefox\Authentication\AllowNonFQDN\SPNEGO = 0x1 | 0x0 Software\Policies\Mozilla\Firefox\Authentication\AllowNonFQDN\NTLM = 0x1 | 0x0 +Software\Policies\Mozilla\Firefox\Authentication\AllowProxies\SPNEGO = 0x1 | 0x0 +Software\Policies\Mozilla\Firefox\Authentication\AllowProxies\NTLM = 0x1 | 0x0 +Software\Policies\Mozilla\Firefox\Authentication\Locked = 0x1 | 0x0 ``` #### macOS ``` @@ -157,10 +163,19 @@ Software\Policies\Mozilla\Firefox\Authentication\AllowNonFQDN\NTLM = 0x1 | 0x0 NTLM | + AllowProxies + + SPNEGO + | + NTLM + | + + Locked + | ``` -#### JSON +#### policies.json ``` { "policies": { @@ -171,7 +186,12 @@ Software\Policies\Mozilla\Firefox\Authentication\AllowNonFQDN\NTLM = 0x1 | 0x0 "AllowNonFQDN": { "SPNEGO": true | false, "NTLM": true | false - } + }, + "AllowProxies": { + "SPNEGO": true | false, + "NTLM": true | false + }, + "Locked": true | false } } } @@ -184,7 +204,7 @@ Block access to the Add-ons Manager (about:addons). **CCK2 Equivalent:** `disableAddonsManager`\ **Preferences Affected:** N/A -#### Windows +#### Windows (GPO) ``` Software\Policies\Mozilla\Firefox\BlockAboutAddons = 0x1 | 0x0 ``` @@ -195,7 +215,7 @@ Software\Policies\Mozilla\Firefox\BlockAboutAddons = 0x1 | 0x0 | ``` -#### JSON +#### policies.json ``` { "policies": { @@ -211,7 +231,7 @@ Block access to about:config. **CCK2 Equivalent:** `disableAboutConfig`\ **Preferences Affected:** N/A -#### Windows +#### Windows (GPO) ``` Software\Policies\Mozilla\Firefox\BlockAboutConfig = 0x1 | 0x0 ``` @@ -222,7 +242,7 @@ Software\Policies\Mozilla\Firefox\BlockAboutConfig = 0x1 | 0x0 | ``` -#### JSON +#### policies.json ``` { "policies": { @@ -238,7 +258,7 @@ Block access to About Profiles (about:profiles). **CCK2 Equivalent:** `disableAboutProfiles`\ **Preferences Affected:** N/A -#### Windows +#### Windows (GPO) ``` Software\Policies\Mozilla\Firefox\BlockAboutProfiles = 0x1 | 0x0 ``` @@ -249,7 +269,7 @@ Software\Policies\Mozilla\Firefox\BlockAboutProfiles = 0x1 | 0x0 | ``` -#### JSON +#### policies.json ``` { "policies": { @@ -265,7 +285,7 @@ Block access to Troubleshooting Information (about:support). **CCK2 Equivalent:** `disableAboutSupport`\ **Preferences Affected:** N/A -#### Windows +#### Windows (GPO) ``` Software\Policies\Mozilla\Firefox\BlockAboutSupport = 0x1 | 0x0 ``` @@ -276,7 +296,7 @@ Software\Policies\Mozilla\Firefox\BlockAboutSupport = 0x1 | 0x0 | ``` -#### JSON +#### policies.json ``` { "policies": { @@ -292,7 +312,7 @@ Add bookmarks in either the bookmarks toolbar or menu. Only `Title` and `URL` ar **CCK2 Equivalent:** `bookmarks.toolbar`,`bookmarks.menu`\ **Preferences Affected:** N/A -#### Windows +#### Windows (GPO) ``` Software\Policies\Mozilla\Firefox\Bookmarks\1\Title = "Example" Software\Policies\Mozilla\Firefox\Bookmarks\1\URL = "https://example.com" @@ -320,7 +340,7 @@ Software\Policies\Mozilla\Firefox\Bookmarks\1\Folder = "FolderName" ``` -#### JSON +#### policies.json ``` { "policies": { @@ -343,7 +363,7 @@ Enable or disable the detection of captive portals. **CCK2 Equivalent:** N/A\ **Preferences Affected:** `network.captive-portal-service.enabled` -#### Windows +#### Windows (GPO) ``` Software\Policies\Mozilla\Firefox\CaptivePortal = 0x1 | 0x0 ``` @@ -354,7 +374,7 @@ Software\Policies\Mozilla\Firefox\CaptivePortal = 0x1 | 0x0 | ``` -#### JSON +#### policies.json ``` { "policies": { @@ -374,7 +394,7 @@ See https://support.mozilla.org/kb/setting-certificate-authorities-firefox for m **CCK2 Equivalent:** N/A\ **Preferences Affected:** `security.enterprise_roots.enabled` -#### Windows +#### Windows (GPO) ``` Software\Policies\Mozilla\Firefox\Certificates\ImportEnterpriseRoots = 0x1 | 0x0 ``` @@ -388,7 +408,7 @@ Software\Policies\Mozilla\Firefox\Certificates\ImportEnterpriseRoots = 0x1 | 0x0 ``` -#### JSON +#### policies.json ``` { "policies": { @@ -425,7 +445,7 @@ Binary (DER) and ASCII (PEM) certificates are both supported. **CCK2 Equivalent:** `certs.ca`\ **Preferences Affected:** N/A -#### Windows +#### Windows (GPO) ``` Software\Policies\Mozilla\Firefox\Certificates\Install\1 = "cert1.der" Software\Policies\Mozilla\Firefox\Certificates\Install\2 = "C:\Users\username\cert2.pem" @@ -443,7 +463,7 @@ Software\Policies\Mozilla\Firefox\Certificates\Install\2 = "C:\Users\username\ce ``` -#### JSON +#### policies.json ``` { "policies": { @@ -474,7 +494,7 @@ Configure cookie preferences. **CCK2 Equivalent:** N/A\ **Preferences Affected:** `network.cookie.cookieBehavior`,`network.cookie.lifetimePolicy` -#### Windows +#### Windows (GPO) ``` Software\Policies\Mozilla\Firefox\Cookies\Allow\1 = "https://example.com" Software\Policies\Mozilla\Firefox\Cookies\Block\1 = "https://example.org" @@ -510,7 +530,7 @@ Software\Policies\Mozilla\Firefox\Cookies\Locked = 0x1 | 0x0 ``` -#### JSON +#### policies.json ``` { "policies": { @@ -518,7 +538,7 @@ Software\Policies\Mozilla\Firefox\Cookies\Locked = 0x1 | 0x0 "Allow": ["http://example.org/"], "Block": ["http://example.edu/"], "Default": true | false, - "AcceptThirdParty": "always" | "never" | "from-visited"], + "AcceptThirdParty": "always" | "never" | "from-visited", "ExpireAtSessionEnd": true | false, "RejectTracker": true | false, "Locked": true | false @@ -533,7 +553,7 @@ Remove the "Set As Desktop Background..." menuitem when right clicking on an ima **CCK2 Equivalent:** `removeSetDesktopBackground`\ **Preferences Affected:** N/A -#### Windows +#### Windows (GPO) ``` Software\Policies\Mozilla\Firefox\DisableSetDesktopBackground = 0x1 | 0x0 ``` @@ -545,7 +565,7 @@ Software\Policies\Mozilla\Firefox\DisableSetDesktopBackground = 0x1 | 0x0 | ``` -#### JSON +#### policies.json ``` { "policies": { @@ -560,7 +580,7 @@ Remove the master password functionality. **CCK2 Equivalent:** `noMasterPassword`\ **Preferences Affected:** N/A -#### Windows +#### Windows (GPO) ``` Software\Policies\Mozilla\Firefox\DisableMasterPasswordCreation = 0x1 | 0x0 ``` @@ -572,7 +592,7 @@ Software\Policies\Mozilla\Firefox\DisableMasterPasswordCreation = 0x1 | 0x0 | ``` -#### JSON +#### policies.json ``` { "policies": { @@ -587,7 +607,7 @@ Turn off application updates. **CCK2 Equivalent:** `disableFirefoxUpdates`\ **Preferences Affected:** N/A -#### Windows +#### Windows (GPO) ``` Software\Policies\Mozilla\Firefox\DisableAppUpdate = 0x1 | 0x0 ``` @@ -598,7 +618,7 @@ Software\Policies\Mozilla\Firefox\DisableAppUpdate = 0x1 | 0x0 | ``` -#### JSON +#### policies.json ``` { "policies": { @@ -613,7 +633,7 @@ Disable the built in PDF viewer. PDF files are downloaded and sent externally. **CCK2 Equivalent:** `disablePDFjs`\ **Preferences Affected:** `pdfjs.disabled` -#### Windows +#### Windows (GPO) ``` Software\Policies\Mozilla\Firefox\DisableBuiltinPDFViewer = 0x1 | 0x0 ``` @@ -625,7 +645,7 @@ Software\Policies\Mozilla\Firefox\DisableBuiltinPDFViewer = 0x1 | 0x0 | ``` -#### JSON +#### policies.json ``` { "policies": { @@ -640,7 +660,7 @@ Remove access to all developer tools. **CCK2 Equivalent:** `removeDeveloperTools`\ **Preferences Affected:** `devtools.policy.disabled` -#### Windows +#### Windows (GPO) ``` Software\Policies\Mozilla\Firefox\DisableDeveloperTools = 0x1 | 0x0` ``` @@ -652,7 +672,7 @@ Software\Policies\Mozilla\Firefox\DisableDeveloperTools = 0x1 | 0x0` | ``` -#### JSON +#### policies.json ``` { "policies": { @@ -667,7 +687,7 @@ Disable the menus for reporting sites (Submit Feedback, Report Deceptive Site). **CCK2 Equivalent:** N/A\ **Preferences Affected:** N/A -#### Windows +#### Windows (GPO) ``` Software\Policies\Mozilla\Firefox\DisableFeedbackCommands = 0x1 | 0x0 ``` @@ -678,7 +698,7 @@ Software\Policies\Mozilla\Firefox\DisableFeedbackCommands = 0x1 | 0x0 | ``` -#### JSON +#### policies.json ``` { "policies": { @@ -693,7 +713,7 @@ Remove access to Firefox Screenshots. **CCK2 Equivalent:** N/A\ **Preferences Affected:** `extensions.screenshots.disabled` -#### Windows +#### Windows (GPO) ``` Software\Policies\Mozilla\Firefox\DisableFirefoxScreenshots = 0x1 | 0x0 ``` @@ -704,7 +724,7 @@ Software\Policies\Mozilla\Firefox\DisableFirefoxScreenshots = 0x1 | 0x0 | ``` -#### JSON +#### policies.json ``` { "policies": { @@ -719,7 +739,7 @@ Disable Firefox Accounts integration (Sync). **CCK2 Equivalent:** `disableSync`\ **Preferences Affected:** `identity.fxaccounts.enabled` -#### Windows +#### Windows (GPO) ``` Software\Policies\Mozilla\Firefox\DisableFirefoxAccounts = 0x1 | 0x0 ``` @@ -730,7 +750,7 @@ Software\Policies\Mozilla\Firefox\DisableFirefoxAccounts = 0x1 | 0x0 | ``` -#### JSON +#### policies.json ``` { "policies": { @@ -745,7 +765,7 @@ Disable Firefox studies (Shield). **CCK2 Equivalent:** `disableForget`\ **Preferences Affected:** N/A -#### Windows +#### Windows (GPO) ``` Software\Policies\Mozilla\Firefox\DisableFirefoxStudies = 0x1 | 0x0 ``` @@ -756,7 +776,7 @@ Software\Policies\Mozilla\Firefox\DisableFirefoxStudies = 0x1 | 0x0 | ``` -#### JSON +#### policies.json ``` { "policies": { @@ -771,7 +791,7 @@ Disable the "Forget" button. **CCK2 Equivalent:** `disableForget`\ **Preferences Affected:** N/A -#### Windows +#### Windows (GPO) ``` Software\Policies\Mozilla\Firefox\DisableForgetButton = 0x1 | 0x0 ``` @@ -782,7 +802,7 @@ Software\Policies\Mozilla\Firefox\DisableForgetButton = 0x1 | 0x0 | ``` -#### JSON +#### policies.json ``` { "policies": { @@ -797,7 +817,7 @@ Turn off saving information on web forms and the search bar. **CCK2 Equivalent:** `disableFormFill`\ **Preferences Affected:** ` browser.formfill.enable` -#### Windows +#### Windows (GPO) ``` Software\Policies\Mozilla\Firefox\DisableFormHistory = 0x1 | 0x0 ``` @@ -808,7 +828,7 @@ Software\Policies\Mozilla\Firefox\DisableFormHistory = 0x1 | 0x0 | ``` -#### JSON +#### policies.json ``` { "policies": { @@ -816,6 +836,33 @@ Software\Policies\Mozilla\Firefox\DisableFormHistory = 0x1 | 0x0 } } ``` +### DisablePasswordReveal +Do not allow passwords to be shown in saved logins + +**Compatibility:** Firefox 71, Firefox ESR 68.3\ +**CCK2 Equivalent:** N/A +**Preferences Affected:** N/A + +#### Windows (GPO) +``` +Software\Policies\Mozilla\Firefox\DisablePasswordReveal = 0x1 | 0x0 +``` + +#### macOS +``` + + DisablePasswordReveal + | + +``` +#### policies.json +``` +{ + "policies": { + "DisablePasswordReveal": true | false + } +} +``` ### DisablePocket Remove Pocket in the Firefox UI. It does not remove it from the new tab page. @@ -823,7 +870,7 @@ Remove Pocket in the Firefox UI. It does not remove it from the new tab page. **CCK2 Equivalent:** `disablePocket`\ **Preferences Affected:** `extensions.pocket.enabled` -#### Windows +#### Windows (GPO) ``` Software\Policies\Mozilla\Firefox\DisablePocket = 0x1 | 0x0 ``` @@ -834,7 +881,7 @@ Software\Policies\Mozilla\Firefox\DisablePocket = 0x1 | 0x0 | ``` -#### JSON +#### policies.json ``` { "policies": { @@ -849,7 +896,7 @@ Remove access to private browsing. **CCK2 Equivalent:** `disablePrivateBrowsing`\ **Preferences Affected:** N/A -#### Windows +#### Windows (GPO) ``` Software\Policies\Mozilla\Firefox\DisablePrivateBrowsing = 0x1 | 0x0 ``` @@ -860,7 +907,7 @@ Software\Policies\Mozilla\Firefox\DisablePrivateBrowsing = 0x1 | 0x0 | ``` -#### JSON +#### policies.json ``` { "policies": { @@ -875,7 +922,7 @@ Disables the "Import data from another browser" option in the bookmarks window. **CCK2 Equivalent:** N/A\ **Preferences Affected:** N/A -#### Windows +#### Windows (GPO) ``` Software\Policies\Mozilla\Firefox\DisableProfileImport = 0x1 | 0x0 ``` @@ -886,7 +933,7 @@ Software\Policies\Mozilla\Firefox\DisableProfileImport = 0x1 | 0x0 | ``` -#### JSON +#### policies.json ``` { "policies": { @@ -901,7 +948,7 @@ Disable the Refresh Firefox button on about:support and support.mozilla.org, as **CCK2 Equivalent:** `disableResetFirefox`\ **Preferences Affected:** `browser.disableResetPrompt` -#### Windows +#### Windows (GPO) ``` Software\Policies\Mozilla\Firefox\DisableProfileRefresh = 0x1 | 0x0 ``` @@ -912,7 +959,7 @@ Software\Policies\Mozilla\Firefox\DisableProfileRefresh = 0x1 | 0x0 | ``` -#### JSON +#### policies.json ``` { "policies": { @@ -929,7 +976,7 @@ On Windows, this disables safe mode via the command line as well. **CCK2 Equivalent:** `disableSafeMode`\ **Preferences Affected:** N/A -#### Windows +#### Windows (GPO) ``` Software\Policies\Mozilla\Firefox\DisableSafeMode = 0x1 | 0x0 ``` @@ -940,7 +987,7 @@ Software\Policies\Mozilla\Firefox\DisableSafeMode = 0x1 | 0x0 | ``` -#### JSON +#### policies.json ``` { "policies": { @@ -959,7 +1006,7 @@ Prevent the user from bypassing security in certain cases. **CCK2 Equivalent:** N/A\ **Preferences Affected:** `security.certerror.hideAddException`,`browser.safebrowsing.allowOverride` -#### Windows +#### Windows (GPO) ``` Software\Policies\Mozilla\Firefox\DisableSecurityBypass\InvalidCertificate = 0x1 | 0x0 Software\Policies\Mozilla\Firefox\DisableSecurityBypass\SafeBrowsing = 0x1 | 0x0 @@ -976,7 +1023,7 @@ Software\Policies\Mozilla\Firefox\DisableSecurityBypass\SafeBrowsing = 0x1 | 0x0 ``` -#### JSON +#### policies.json ``` { "policies": { @@ -994,7 +1041,7 @@ Prevent system add-ons from being installed or update. **CCK2 Equivalent:** N/A\ **Preferences Affected:** N/A -#### Windows +#### Windows (GPO) ```Software\Policies\Mozilla\Firefox\DisableSystemAddonUpdate = 0x1 | 0x0 ``` #### macOS @@ -1004,7 +1051,7 @@ Prevent system add-ons from being installed or update. | ``` -#### JSON +#### policies.json ``` { "policies": { @@ -1021,7 +1068,7 @@ Mozilla recommends that you do not disable telemetry. Information collected thro **CCK2 Equivalent:** `disableTelemetry`\ **Preferences Affected:** `datareporting.healthreport.uploadEnabled,datareporting.policy.dataSubmissionEnabled` -#### Windows +#### Windows (GPO) ``` Software\Policies\Mozilla\Firefox\DisableTelemetry = 0x1 | 0x0 ``` @@ -1032,7 +1079,7 @@ Software\Policies\Mozilla\Firefox\DisableTelemetry = 0x1 | 0x0 | ``` -#### JSON +#### policies.json ``` { "policies": { @@ -1047,7 +1094,7 @@ Set the initial state of the bookmarks toolbar. A user can still hide it and it **CCK2 Equivalent:** `displayBookmarksToolbar`\ **Preferences Affected:** N/A -#### Windows +#### Windows (GPO) ``` Software\Policies\Mozilla\Firefox\DisplayBookmarksToolbar = 0x1 | 0x0 ``` @@ -1058,7 +1105,7 @@ Software\Policies\Mozilla\Firefox\DisplayBookmarksToolbar = 0x1 | 0x0 | ``` -#### JSON +#### policies.json ``` { "policies": { @@ -1066,14 +1113,14 @@ Software\Policies\Mozilla\Firefox\DisplayBookmarksToolbar = 0x1 | 0x0 } } ``` -### DisplayMenuBar +### DisplayMenuBar (Deprecated) Set the initial state of the menubar. A user can still hide it and it will stay hidden. **Compatibility:** Firefox 60, Firefox ESR 60 (Windows, some Linux)\ **CCK2 Equivalent:** `displayMenuBar`\ **Preferences Affected:** N/A -#### Windows +#### Windows (GPO) ``` Software\Policies\Mozilla\Firefox\DisplayMenuBar = 0x1 | 0x0 ``` @@ -1084,7 +1131,7 @@ Software\Policies\Mozilla\Firefox\DisplayMenuBar = 0x1 | 0x0 | ``` -#### JSON +#### policies.json ``` { "policies": { @@ -1092,6 +1139,40 @@ Software\Policies\Mozilla\Firefox\DisplayMenuBar = 0x1 | 0x0 } } ``` +### DisplayMenuBar +Set the state of the menubar. + +`always` means the menubar is shown and cannot be hidden. + +`never` means the menubar is hidden and cannot be shown. + +`default-on` means the menubar is on by default but can be hidden. + +`default-off` means the menubar is off by default but can be shown. + +**Compatibility:** Firefox 73, Firefox ESR 68.5 (Windows, some Linux)\ +**CCK2 Equivalent:** `displayMenuBar`\ +**Preferences Affected:** N/A + +#### Windows (GPO) +``` +Software\Policies\Mozilla\Firefox\DisplayMenuBar = "always", "never", "default-on", "default-off" +``` +#### macOS +``` + + DisplayMenuBar + always | never | default-on | default-off + +``` +#### policies.json +``` +{ + "policies": { + "DisplayMenuBar": "always", "never", "default-on", "default-off" + } +} +``` ### DNSOverHTTPS Configure DNS over HTTPS. @@ -1105,7 +1186,7 @@ Configure DNS over HTTPS. **CCK2 Equivalent:** N/A\ **Preferences Affected:** `network.trr.mode`,`network.trr.uri` -#### Windows +#### Windows (GPO) ``` Software\Policies\Mozilla\Firefox\DNSOverHTTPS\Enabled = 0x1 | 0x0 Software\Policies\Mozilla\Firefox\DNSOverHTTPS\ProviderURL = "URL_TO_ALTERNATE_PROVIDER" @@ -1125,7 +1206,7 @@ Software\Policies\Mozilla\Firefox\DNSOverHTTPS\Locked = 0x1 | 0x0 ``` -#### JSON +#### policies.json ``` { "policies": { @@ -1144,7 +1225,7 @@ Don't check if Firefox is the default browser at startup. **CCK2 Equivalent:** `dontCheckDefaultBrowser`\ **Preferences Affected:** `browser.shell.checkDefaultBrowser` -#### Windows +#### Windows (GPO) ``` Software\Policies\Mozilla\Firefox\DontCheckDefaultBrowser = 0x1 | 0x0 ``` @@ -1155,7 +1236,7 @@ Software\Policies\Mozilla\Firefox\DontCheckDefaultBrowser = 0x1 | 0x0 | ``` -#### JSON +#### policies.json ``` { "policies": { @@ -1172,7 +1253,7 @@ You can use ${home} for the native home directory. **CCK2 Equivalent:** N/A\ **Preferences Affected:** `browser.download.dir`,`browser.download.folderList` -#### Windows +#### Windows (GPO) ``` Software\Policies\Mozilla\Firefox\DefaultDownloadDirectory = "${home}\Downloads" ``` @@ -1183,14 +1264,14 @@ Software\Policies\Mozilla\Firefox\DefaultDownloadDirectory = "${home}\Downloads" ${home}/Downloads ``` -#### JSON (macOS and Linux) +#### policies.json (macOS and Linux) ``` { "policies": { "DefaultDownloadDirectory": "${home}/Downloads" } ``` -#### JSON (Windows) +#### policies.json (Windows) ``` { "policies": { @@ -1206,7 +1287,7 @@ You can use ${home} for the native home directory. **CCK2 Equivalent:** N/A\ **Preferences Affected:** `browser.download.dir`,`browser.download.folderList`,`browser.download.useDownloadDir` -#### Windows +#### Windows (GPO) ``` Software\Policies\Mozilla\Firefox\DownloadDirectory = "${home}\Downloads" ``` @@ -1217,14 +1298,14 @@ Software\Policies\Mozilla\Firefox\DownloadDirectory = "${home}\Downloads" ${home}/Downloads ``` -#### JSON (macOS and Linux) +#### policies.json (macOS and Linux) ``` { "policies": { "DownloadDirectory": "${home}/Downloads" } ``` -#### JSON (Windows) +#### policies.json (Windows) ``` { "policies": { @@ -1240,14 +1321,24 @@ If `Value` is set to false, tracking protection is disabled and locked in both t If `Value` is set to true, tracking protection is enabled by default in both the regular browser and private browsing and the `Locked` value determines whether or not a user can change it. -**Compatibility:** Firefox 60, Firefox ESR 60\ -**CCK2 Equivalent:** `dontCheckDefaultBrowser`\ -**Preferences Affected:** `privacy.trackingprotection.enabled`,`privacy.trackingprotection.pbmode.enabled` +If `Cryptomining` is set to true, cryptomining scripts on websites are blocked. + +If `Fingerprinting` is set to true, fingerprinting scripts on websites are blocked. + +`Exceptions` are origins for which tracking protection is not enabled. + +**Compatibility:** Firefox 60, Firefox ESR 60 (Cryptomining and Fingerprinting added in 70/68.2, Exceptions added in 73/68.5)\ +**CCK2 Equivalent:** N/A\ +**Preferences Affected:** `privacy.trackingprotection.enabled`,`privacy.trackingprotection.pbmode.enabled`,`privacy.trackingprotection.cryptomining.enabled`,`privacy.trackingprotection.fingerprinting.enabled` -#### Windows +#### Windows (GPO) ``` Software\Policies\Mozilla\Firefox\EnableTrackingProtection\Value = 0x1 | 0x0 Software\Policies\Mozilla\Firefox\EnableTrackingProtection\Locked = 0x1 | 0x0 +Software\Policies\Mozilla\Firefox\EnableTrackingProtection\Cryptomining = 0x1 | 0x0 +Software\Policies\Mozilla\Firefox\EnableTrackingProtection\Fingerprinting = 0x1 | 0x0 +Software\Policies\Mozilla\Firefox\EnableTrackingProtection\Exceptions\1= "https://example.com" + ``` #### macOS ``` @@ -1256,19 +1347,29 @@ Software\Policies\Mozilla\Firefox\EnableTrackingProtection\Locked = 0x1 | 0x0 Value | - - + + | + + | + | + Exceptions + + https://example.com + ``` -#### JSON +#### policies.json ``` { "policies": { "EnableTrackingProtection": { "Value": [true, false], - "Locked": [true, false] + "Locked": [true, false], + "Cryptomining": [true, false], + "Fingerprinting": [true, false], + "Exceptions": ["https://example.com"] } } ``` @@ -1299,7 +1400,7 @@ Control the installation, uninstallation and locking of extensions. **CCK2 Equivalent:** `addons`\ **Preferences Affected:** N/A -#### Windows +#### Windows (GPO) ``` Software\Policies\Mozilla\Firefox\Extensions\Install\1 = "https://addons.mozilla.org/firefox/downloads/somefile.xpi" Software\Policies\Mozilla\Firefox\Extensions\Install\2 = "//path/to/xpi" @@ -1327,9 +1428,7 @@ Software\Policies\Mozilla\Firefox\Extensions\Locked\1 = "addon_id@mozilla.org" ``` -#### JSON - - +#### policies.json ``` { "policies": { @@ -1366,9 +1465,21 @@ The configuration for each extension is another dictionary that can contain the **CCK2 Equivalent:** N/A\ **Preferences Affected:** N/A -#### Windows +#### Windows (GPO) ``` -Software\Policies\Mozilla\Firefox\ExtensionSettings (REG_MULTI_SZ) = '{"*": {"installation_mode": "blocked"}}' +Software\Policies\Mozilla\Firefox\ExtensionSettings (REG_MULTI_SZ) = +{ + "*": { + "blocked_install_message": "Custom error message.", + "install_sources": ["https://addons.mozilla.org/"], + "installation_mode": "blocked", + "allowed_types": ["extension"] + }, + "uBlock0@raymondhill.net": { + "installation_mode": "force_installed", + "install_url": "https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi" + } +} ``` #### macOS ``` @@ -1385,6 +1496,10 @@ Software\Policies\Mozilla\Firefox\ExtensionSettings (REG_MULTI_SZ) = '{"*": {"in installation_mode blocked + allowed_types + + extension + uBlock0@raymondhill.net @@ -1396,7 +1511,7 @@ Software\Policies\Mozilla\Firefox\ExtensionSettings (REG_MULTI_SZ) = '{"*": {"in ``` -#### JSON +#### policies.json ``` { "policies": { @@ -1404,7 +1519,8 @@ Software\Policies\Mozilla\Firefox\ExtensionSettings (REG_MULTI_SZ) = '{"*": {"in "*": { "blocked_install_message": "Custom error message.", "install_sources": ["https://addons.mozilla.org/"], - "installation_mode": "blocked" + "installation_mode": "blocked", + "allowed_types": ["extension"] }, "uBlock0@raymondhill.net": { "installation_mode": "force_installed", @@ -1421,7 +1537,7 @@ Control extension updates. **CCK2 Equivalent:** N/A\ **Preferences Affected:** `extensions.update.enabled` -#### Windows +#### Windows (GPO) ``` Software\Policies\Mozilla\Firefox\ExtensionUpdate = 0x1 | 0x0 ``` @@ -1432,7 +1548,7 @@ Software\Policies\Mozilla\Firefox\ExtensionUpdate = 0x1 | 0x0 | ``` -#### JSON +#### policies.json ``` { "policies": { @@ -1455,7 +1571,7 @@ Configure the default Flash plugin policy as well as origins for which Flash is **CCK2 Equivalent:** `permissions.plugin`\ **Preferences Affected:** `plugin.state.flash` -#### Windows +#### Windows (GPO) ``` Software\Policies\Mozilla\Firefox\FlashPlugin\Allow\1 = "https://example.org" Software\Policies\Mozilla\Firefox\FlashPlugin\Block\1 = "https://example.edu" @@ -1482,7 +1598,7 @@ Software\Policies\Mozilla\Firefox\FlashPlugin\Locked = 0x1 | 0x0 ``` -#### JSON +#### policies.json ``` { "policies": { @@ -1502,7 +1618,7 @@ Customize the Firefox Home page. **CCK2 Equivalent:** N/A\ **Preferences Affected:** `browser.newtabpage.activity-stream.showSearch`,`browser.newtabpage.activity-stream.feeds.topsites`,`browser.newtabpage.activity-stream.feeds.section.highlights`,`browser.newtabpage.activity-stream.feeds.section.topstories`,`browser.newtabpage.activity-stream.feeds.snippets` -#### Windows +#### Windows (GPO) ``` Software\Policies\Mozilla\Firefox\FirefoxHome\Search = 0x1 | 0x0 Software\Policies\Mozilla\Firefox\FirefoxHome\TopSites = 0x1 | 0x0 @@ -1531,7 +1647,7 @@ Software\Policies\Mozilla\Firefox\FirefoxHome\Locked = 0x1 | 0x0 ``` -#### JSON +#### policies.json ``` { "policies": { @@ -1553,7 +1669,7 @@ Control hardware acceleration. **CCK2 Equivalent:** N/A\ **Preferences Affected:** `layers.acceleration.disabled` -#### Windows +#### Windows (GPO) ``` Software\Policies\Mozilla\Firefox\HardwareAcceleration = 0x1 | 0x0 ``` @@ -1564,7 +1680,7 @@ Software\Policies\Mozilla\Firefox\HardwareAcceleration = 0x1 | 0x0 | ``` -#### JSON +#### policies.json ``` { "policies": { @@ -1587,7 +1703,7 @@ Configure the default homepage and how Firefox starts. **CCK2 Equivalent:** `homePage`,`lockHomePage`\ **Preferences Affected:** `browser.startup.homepage`,`browser.startup.page` -#### Windows +#### Windows (GPO) ``` Software\Policies\Mozilla\Firefox\Homepage\URL = "https://example.com" Software\Policies\Mozilla\Firefox\Homepage\Locked = 0x1 | 0x0 @@ -1610,11 +1726,11 @@ Software\Policies\Mozilla\Firefox\Homepage\StartPage = "none" | "homepage" | "p http://example.edu StartPage - always | never | from-visited + none | homepage | previous-session ``` -#### JSON +#### policies.json ``` { "policies": { @@ -1623,7 +1739,7 @@ Software\Policies\Mozilla\Firefox\Homepage\StartPage = "none" | "homepage" | "p "Locked": true | false, "Additional": ["http://example.org/", "http://example.edu/"], - "StartPage": "none" | "homepage" | "previous-session" + "StartPage": "none" | "homepage" | "previous-session" } } } @@ -1639,7 +1755,7 @@ Configure the default extension install policy as well as origins for extension **CCK2 Equivalent:** `permissions.install`\ **Preferences Affected:** `xpinstall.enabled` -#### Windows +#### Windows (GPO) ``` Software\Policies\Mozilla\Firefox\InstallAddonsPermission\Allow\1 = "https://example.org" Software\Policies\Mozilla\Firefox\InstallAddonsPermission\Allow\2 = "https://example.edu" @@ -1660,7 +1776,7 @@ Software\Policies\Mozilla\Firefox\InstallAddonsPermission\Default = 0x1 | 0x0 ``` -#### JSON +#### policies.json ``` { "policies": { @@ -1685,7 +1801,7 @@ This policy only work on Windows via GPO (not policies.json). **CCK2 Equivalent:** N/A\ **Preferences Affected:** N/A -#### Windows +#### Windows (GPO) ``` Software\Policies\Mozilla\Firefox\LegacyProfiles = = 0x1 | 0x0 ``` @@ -1696,7 +1812,7 @@ Enable linking to local files by origin. **CCK2 Equivalent:** N/A\ **Preferences Affected:** `capability.policy.localfilelinks.*` -#### Windows +#### Windows (GPO) ``` Software\Policies\Mozilla\Firefox\LocalFileLinks\1 = "https://example.org" Software\Policies\Mozilla\Firefox\LocalFileLinks\2 = "https://example.edu" @@ -1711,7 +1827,7 @@ Software\Policies\Mozilla\Firefox\LocalFileLinks\2 = "https://example.edu" ``` -#### JSON +#### policies.json ``` { "policies": { @@ -1729,7 +1845,7 @@ This policy is only effective if the user profile has not been created yet. **CCK2 Equivalent:** `removeDefaultBookmarks`\ **Preferences Affected:** N/A -#### Windows +#### Windows (GPO) ``` Software\Policies\Mozilla\Firefox\NoDefaultBookmarks = 0x1 | 0x0 ``` @@ -1740,7 +1856,7 @@ Software\Policies\Mozilla\Firefox\NoDefaultBookmarks = 0x1 | 0x0 | ``` -#### JSON +#### policies.json ``` { "policies": { @@ -1755,7 +1871,7 @@ Enable or disable network prediction (DNS prefetching). **CCK2 Equivalent:** N/A\ **Preferences Affected:** `network.dns.disablePrefetch`,`network.dns.disablePrefetchFromHTTPS` -#### Windows +#### Windows (GPO) ``` Software\Policies\Mozilla\Firefox\NetworkPrediction = 0x1 | 0x0 ``` @@ -1766,7 +1882,7 @@ Software\Policies\Mozilla\Firefox\NetworkPrediction = 0x1 | 0x0 | ``` -#### JSON +#### policies.json ``` { "policies": { @@ -1780,7 +1896,7 @@ Enable or disable the New Tab page. **CCK2 Equivalent:** N/A\ **Preferences Affected:** `browser.newtabpage.enabled` -#### Windows +#### Windows (GPO) ``` Software\Policies\Mozilla\Firefox\NewTabPage = 0x1 | 0x0 ``` @@ -1791,7 +1907,7 @@ Software\Policies\Mozilla\Firefox\NewTabPage = 0x1 | 0x0 | ``` -#### JSON +#### policies.json ``` { "policies": { @@ -1805,7 +1921,7 @@ Control whether or not Firefox offers to save passwords. **CCK2 Equivalent:** `dontRememberPasswords`\ **Preferences Affected:** `signon.rememberSignons` -#### Windows +#### Windows (GPO) ``` Software\Policies\Mozilla\Firefox\OfferToSaveLogins = 0x1 | 0x0 ``` @@ -1816,7 +1932,7 @@ Software\Policies\Mozilla\Firefox\OfferToSaveLogins = 0x1 | 0x0 | ``` -#### JSON +#### policies.json ``` { "policies": { @@ -1824,6 +1940,32 @@ Software\Policies\Mozilla\Firefox\OfferToSaveLogins = 0x1 | 0x0 } } ``` +### OfferToSaveLoginsDefault +Sets the default value of signon.rememberSignons without locking it. + +**Compatibility:** Firefox 70, Firefox ESR 60.2\ +**CCK2 Equivalent:** `dontRememberPasswords`\ +**Preferences Affected:** `signon.rememberSignons` + +#### Windows (GPO) +``` +Software\Policies\Mozilla\Firefox\OfferToSaveLoginsDefault = 0x1 | 0x0 +``` +#### macOS +``` + + OfferToSaveLoginsDefault + | + +``` +#### policies.json +``` +{ + "policies": { + "OfferToSaveLoginsDefault": true | false + } +} +``` ### OverrideFirstRunPage Override the first run page. If the value is blank, no first run page is displayed. @@ -1831,7 +1973,7 @@ Override the first run page. If the value is blank, no first run page is display **CCK2 Equivalent:** `welcomePage`,`noWelcomePage`\ **Preferences Affected:** `startup.homepage_welcome_url` -#### Windows +#### Windows (GPO) ``` Software\Policies\Mozilla\Firefox\OverrideFirstRunPage = "http://example.org" ``` @@ -1842,7 +1984,7 @@ Software\Policies\Mozilla\Firefox\OverrideFirstRunPage = "http://example.org" http://example.org ``` -#### JSON +#### policies.json ``` { "policies": { @@ -1856,7 +1998,7 @@ Override the upgrade page. If the value is blank, no upgrade page is displayed. **CCK2 Equivalent:** `upgradePage`,`noUpgradePage`\ **Preferences Affected:** `startup.homepage_override_url` -#### Windows +#### Windows (GPO) ``` Software\Policies\Mozilla\Firefox\OverridePostUpdatePage = "http://example.org" ``` @@ -1867,15 +2009,41 @@ Software\Policies\Mozilla\Firefox\OverridePostUpdatePage = "http://example.org" http://example.org ``` -#### JSON +#### policies.json ``` { "policies": { "OverridePostUpdatePage": "http://example.org" } ``` +### PasswordManagerEnabled +Remove access to the password manager via preferences and blocks about:logins on Firefox 70. + +**Compatibility:** Firefox 70, Firefox ESR 60.2\ +**CCK2 Equivalent:** N/A\ +**Preferences Affected:** `prefs.privacy.disable_button.view_passwords` + +#### Windows (GPO) +``` +Software\Policies\Mozilla\Firefox\PasswordManagerEnabled = 0x1 | 0x0 +``` +#### macOS +``` + + PasswordManagerEnabled + | + +``` +#### policies.json +``` +{ + "policies": { + "PasswordManagerEnabled": true | false + } +} +``` ### Permissions -Set permissions associated with camera, microphone, location, and notifications +Set permissions associated with camera, microphone, location, and notifications. Because these are origins, not domains, entries with unique ports must be specified separately. See examples below. `Allow` is a list of origins where the feature is allowed. @@ -1889,9 +2057,10 @@ Set permissions associated with camera, microphone, location, and notifications **CCK2 Equivalent:** N/A\ **Preferences Affected:** `permissions.default.camera`,`permissions.default.microphone`,`permissions.default.geo`,`permissions.default.desktop-notification` -#### Windows +#### Windows (GPO) ``` Software\Policies\Mozilla\Firefox\Permissions\Camera\Allow\1 = "https://example.org" +Software\Policies\Mozilla\Firefox\Permissions\Camera\Allow\2 = "https://example.org:1234" Software\Policies\Mozilla\Firefox\Permissions\Camera\Block\1 = "https://example.edu" Software\Policies\Mozilla\Firefox\Permissions\Camera\BlockNewRequests = 0x1 | 0x0 Software\Policies\Mozilla\Firefox\Permissions\Camera\Locked = 0x1 | 0x0 @@ -1918,6 +2087,7 @@ Software\Policies\Mozilla\Firefox\Permissions\Notifications\Locked = 0x1 | 0x0 Allow https://example.org + https://example.org:1234 Block @@ -1976,13 +2146,13 @@ Software\Policies\Mozilla\Firefox\Permissions\Notifications\Locked = 0x1 | 0x0 ``` -#### JSON +#### policies.json ``` { "policies": { "Permissions": { "Camera": { - "Allow": ["https://example.org"], + "Allow": ["https://example.org","https://example.org:1234"], "Block": ["https://example.edu"], "BlockNewRequests": true | false, "Locked": true | false @@ -2022,7 +2192,7 @@ Configure the default pop-up window policy as well as origins for which pop-up w **CCK2 Equivalent:** `permissions.popup`\ **Preferences Affected:** `dom.disable_open_during_load` -#### Windows +#### Windows (GPO) ``` Software\Policies\Mozilla\Firefox\PopupBlocking\Allow\1 = "https://example.org" Software\Policies\Mozilla\Firefox\PopupBlocking\Allow\2 = "https://example.edu" @@ -2046,7 +2216,7 @@ Software\Policies\Mozilla\Firefox\PopupBlocking\Locked = 0x1 | 0x0 ``` -#### JSON +#### policies.json ``` { "policies": { @@ -2068,55 +2238,102 @@ Set and lock certain preferences. | Preference | Type | Compatibility | Default | --- | --- | --- | --- -| app.update.auto | boolean | Firefox 68, Firefox 68 ESR | true +| accessibility.force_disabled | integer | Firefox 70, Firefox ESR 68.2 | 0 +|     If set to 1, platform accessibility is disabled. +| app.update.auto | boolean | Firefox 68, Firefox ESR 68 | true |     If false, Firefox doesn't automatically install update. -| browser.cache.disk.enable | boolean | Firefox 68, Firefox 68 ESR | true +| browser.bookmarks.autoExportHTML | boolean | Firefox 70, Firefox ESR 68.2 | false +|     If true, bookmarks are exported on shutdown. +| browser.bookmarks.file | string | Firefox 70, Firefox ESR 68.2 | N/A +|     If set, the name of the file where bookmarks are exported and imported. +| browser.bookmarks.restore_default_bookmarks | boolean | Firefox 70, Firefox ESR 68.2 | N/A +|     If true, bookmarks are restored to their defaults. +| browser.cache.disk.enable | boolean | Firefox 68, Firefox ESR 68 | true |     If false, don't store cache on the hard drive. -| browser.cache.disk.parent_directory | string | Firefox 68, Firefox 68 ESR | Profile temporary directory -|     If set, changes the location of the disk cache. -| browser.fixup.dns_first_for_single_words | boolean | Firefox 68, Firefox 68 ESR | false +| ~browser.cache.disk.parent_directory~ | string | Firefox 68, Firefox ESR 68 | Profile temporary directory +|     ~If set, changes the location of the disk cache.~ This policy doesn't work. It's being worked on. +| browser.fixup.dns_first_for_single_words | boolean | Firefox 68, Firefox ESR 68 | false |     If true, single words are sent to DNS, not directly to search. -| browser.search.update | boolean | Firefox 68, Firefox 68 ESR | true +| browser.newtabpage.activity-stream.default.sites | string | Firefox 72, ESR 68.4 | Locale dependent +|     If set, a list of URLs to use as the default top sites on the new tab page. +| browser.places.importBookmarksHTML | boolean | Firefox 70, Firefox ESR 68.2 +|     If true, bookmarks are always imported on startup. +| browser.safebrowsing.phishing.enabled | boolean | Firefox 70, Firefox ESR 68.2 | true +|     If false, phishing protection is not enabled (Not recommended) +| browser.safebrowsing.malware.enabled | boolean | Firefox 70, Firefox ESR 68.2 | true +|     If false, malware protection is not enabled (Not recommended) +| browser.search.update | boolean | Firefox 68, Firefox ESR 68 | true |     If false, updates for search engines are not checked. -| browser.tabs.warnOnClose | boolean | Firefox 68, Firefox 68 ESR | true +| browser.slowStartup.notificationDisabled | boolean | Firefox 70, Firefox ESR 68.2 | false +|     If true, a notification isn't shown if startup is slow. +| browser.tabs.warnOnClose | boolean | Firefox 68, Firefox ESR 68 | true |     If false, there is no warning when the browser is closed. -| browser.urlbar.suggest.bookmark | boolean | Firefox 68, Firefox 68 ESR | true +| browser.taskbar.previews.enable | boolean | Firefox 70, Firefox ESR 68.2 (Windows only) | false +|     If true, tab previews are shown in the Windows taskbar. +| browser.urlbar.suggest.bookmark | boolean | Firefox 68, Firefox ESR 68 | true |     If false, bookmarks aren't suggested when typing in the URL bar. -| browser.urlbar.suggest.history | boolean | Firefox 68, Firefox 68 ESR | true +| browser.urlbar.suggest.history | boolean | Firefox 68, Firefox ESR 68 | true |     If false, history isn't suggested when typing in the URL bar. -| browser.urlbar.suggest.openpage | boolean | Firefox 68, Firefox 68 ESR | true +| browser.urlbar.suggest.openpage | boolean | Firefox 68, Firefox ESR 68 | true |     If false, open tabs aren't suggested when typing in the URL bar. -| datareporting.policy.dataSubmissionPolicyBypassNotification | boolean | Firefox 68, Firefox 68 ESR | false +| datareporting.policy.dataSubmissionPolicyBypassNotification | boolean | Firefox 68, Firefox ESR 68 | false |     If true, don't show the privacy policy tab on first run. -| dom.disable_window_flip | boolean | Firefox 68, Firefox 68 ESR | true +| dom.allow_scripts_to_close_windows | boolean | Firefox 70, Firefox ESR 68.2 | false +|     If false, web page can close windows. +| dom.disable_window_flip | boolean | Firefox 68, Firefox ESR 68 | true |     If false, web pages can focus and activate windows. -| dom.disable_window_move_resize | boolean | Firefox 68, Firefox 68 ESR | false +| dom.disable_window_move_resize | boolean | Firefox 68, Firefox ESR 68 | false |     If true, web pages can't move or resize windows. -| dom.event.contextmenu.enabled | boolean | Firefox 68, Firefox 68 ESR | true +| dom.event.contextmenu.enabled | boolean | Firefox 68, Firefox ESR 68 | true |     If false, web pages can't override context menus. -| dom.keyboardevent.keypress.hack.dispatch_non_printable_keys.addl | string | Firefox 68, Firefox 68 ESR | N/A +| dom.keyboardevent.keypress.hack.dispatch_non_printable_keys.addl | string | Firefox 68, Firefox ESR 68 | N/A |     See https://support.mozilla.org/en-US/kb/dom-events-changes-introduced-firefox-66 -| dom.keyboardevent.keypress.hack.use_legacy_keycode_and_charcode.addl | string | Firefox 68, Firefox 68 ESR | N/A +| dom.keyboardevent.keypress.hack.use_legacy_keycode_and_charcode.addl | string | Firefox 68, Firefox ESR 68 | N/A |     See https://support.mozilla.org/en-US/kb/dom-events-changes-introduced-firefox-66 -| extensions.getAddons.showPane | boolean | Firefox 68, Firefox 68 ESR | N/A +| extensions.blocklist.enabled | boolean | Firefox 70, Firefox ESR 68.2 | true +|     If false, the extensions blocklist is not used (Not recommended) +| extensions.getAddons.showPane | boolean | Firefox 68, Firefox ESR 68 | N/A |     If false, the Recommendations tab is not displayed in the Add-ons Manager. -| media.gmp-gmpopenh264.enabled | boolean | Firefox 68, Firefox 68 ESR | true +| extensions.htmlaboutaddons.recommendations.enabled | boolean | Firefox 72, Firefox ESR 68.4 | true +|     If false, recommendations are not shown on the Extensions tab in the Add-ons Manager. +| geo.enabled | boolean | Firefox 70, Firefox ESR 68.2 | true +|     If false, the geolocation API is disabled. | Language dependent +| intl.accept_languages | string | Firefox 70, Firefox ESR 68.2 +|     If set, preferred language for web pages. +| media.eme.enabled | boolean | Firefox 70, Firefox ESR 68.2 | true +|     If false, Encrypted Media Extensions are not enabled. +| media.gmp-gmpopenh264.enabled | boolean | Firefox 68, Firefox ESR 68 | true |     If false, the OpenH264 plugin is not downloaded. -| media.gmp-widevinecdm.enabled | boolean | Firefox 68, Firefox 68 ESR | true +| media.gmp-widevinecdm.enabled | boolean | Firefox 68, Firefox ESR 68 | true |     If false, the Widevine plugin is not downloaded. -| network.dns.disableIPv6 | boolean | Firefox 68, Firefox 68 ESR | false +| media.peerconnection.enabled | boolean | Firefox 72, Firefox ESR 68.4 | true +|     If false, WebRTC is disabled +| media.peerconnection.ice.obfuscate_host_addresses.whitelist | string | Firefox 72, Firefox ESR 68.4 | N/A +|     If set, a list of domains for which mDNS hostname obfuscation is +disabled +| network.dns.disableIPv6 | boolean | Firefox 68, Firefox ESR 68 | false |     If true, IPv6 DNS lokoups are disabled. -| network.IDN_show_punycode | boolean | Firefox 68, Firefox 68 ESR | false +| network.IDN_show_punycode | boolean | Firefox 68, Firefox ESR 68 | false |     If true, display the punycode version of internationalized domain names. -| places.history.enabled | boolean | Firefox 68, Firefox 68 ESR | true +| places.history.enabled | boolean | Firefox 68, Firefox ESR 68 | true |     If false, history is not enabled. -| security.default_personal_cert | string | Firefox 68, Firefox 68 ESR | Ask Every Time +| print.save_print_settings | boolean | Firefox 70, Firefox ESR 68.2 | true +|     If false, print settings are not saved between jobs. +| security.default_personal_cert | string | Firefox 68, Firefox ESR 68 | Ask Every Time |     If set to Select Automatically, Firefox automatically chooses the default personal certificate. -| security.ssl.errorReporting.enabled | boolean | Firefox 68, Firefox 68 ESR | true +| security.mixed_content.block_active_content | boolean | Firefox 70, Firefox ESR 68.2 | true +|     If false, mixed active content (HTTP and HTTPS) is not blocked. +| security.osclientcerts.autoload | boolean | Firefox 72, Firefox ESR 68.4 (Windows only) | false +|     If true, client certificates are loaded from the operating system certificate store. +| security.ssl.errorReporting.enabled | boolean | Firefox 68, Firefox ESR 68 | true |     If false, SSL errors cannot be sent to Mozilla. -| ui.key.menuAccessKeyFocuses | boolean | Firefox 68, Firefox 68 ESR | true +| security.tls.hello_downgrade_check | boolean | Firefox 72, Firefox ESR 68.4 | true +|     If false, the TLS 1.3 downgrade check is disabled. +| ui.key.menuAccessKeyFocuses | boolean | Firefox 68, Firefox ESR 68 | true |     If false, the Alt key doesn't show the menubar on Windows. -#### Windows +| widget.content.gtk-theme-override | string | Firefox 72, Firefox ESR 68.4 (Linux only) | N/A +|     If set, overrides the GTK theme for widgets. +#### Windows (GPO) ``` Software\Policies\Mozilla\Firefox\Preferences\boolean_preference_name = 0x1 | 0x0 Software\Policies\Mozilla\Firefox\Preferences\string_preference_name = "string_value" @@ -2133,7 +2350,7 @@ Software\Policies\Mozilla\Firefox\Preferences\string_preference_name = "string_v ``` -#### JSON +#### policies.json ``` { "policies": { @@ -2151,7 +2368,7 @@ Ask where to save each file before downloading. **CCK2 Equivalent:** N/A **Preferences Affected:** `browser.download.useDownloadDir` -#### Windows +#### Windows (GPO) ``` Software\Policies\Mozilla\Firefox\PromptForDownloadLocation = 0x1 | 0x0 ``` @@ -2162,7 +2379,7 @@ Software\Policies\Mozilla\Firefox\PromptForDownloadLocation = 0x1 | 0x0 | ``` -#### JSON +#### policies.json ``` { "policies": { @@ -2202,7 +2419,7 @@ To specify ports, append them to the hostnames with a colon (:). **CCK2 Equivalent:** `networkProxy*`\ **Preferences Affected:** `network.proxy.type`,`network.proxy.autoconfig_url`,`network.proxy.socks_remote_dns`,`signon.autologin.proxy`,`network.proxy.socks_version`,`network.proxy.no_proxies_on`,`network.proxy.share_proxy_settings`,`network.proxy.http`,`network.proxy.http_port`,`network.proxy.ftp`,`network.proxy.ftp_port`,`network.proxy.ssl`,`network.proxy.ssl_port`,`network.proxy.socks`,`network.proxy.socks_port` -#### Windows +#### Windows (GPO) ``` Software\Policies\Mozilla\Firefox\Proxy\Mode = "none", "system", "manual", "autoDetect", "autoConfig" Software\Policies\Mozilla\Firefox\Proxy\Locked = 0x1 | 0x0 @@ -2223,7 +2440,7 @@ Software\Policies\Mozilla\Firefox\Proxy\UseProxyForDNS = 0x1 | 0x0 Proxy Mode - none | system | manual | autoDetect| autoConfig + none | system | manual | autoDetect | autoConfig Locked | HTTPProxy @@ -2249,7 +2466,7 @@ Software\Policies\Mozilla\Firefox\Proxy\UseProxyForDNS = 0x1 | 0x0 ``` -#### JSON +#### policies.json ``` { "policies": { @@ -2278,7 +2495,7 @@ Note: For Firefox 68, this can now be a string so that you can specify an empty **Compatibility:** Firefox 64, Firefox ESR 60.4, Updated in Firefox 68, Firefox ESR 68\ **CCK2 Equivalent:** N/A\ **Preferences Affected:** N/A -#### Windows +#### Windows (GPO) ``` Software\Policies\Mozilla\Firefox\RequestedLocales\1 = "de" Software\Policies\Mozilla\Firefox\RequestedLocales\2 = "en-US" @@ -2305,7 +2522,7 @@ or ``` -#### JSON +#### policies.json ``` { "policies": { @@ -2327,7 +2544,7 @@ Clear data on shutdown. Choose from Cache, Cookies, Download History, Form & Sea **Compatibility:** Firefox 68, Firefox ESR 68\ **CCK2 Equivalent:** N/A\ **Preferences Affected:** `privacy.sanitize.sanitizeOnShutdown`,`privacy.clearOnShutdown.cache`,`privacy.clearOnShutdown.cookies`,`privacy.clearOnShutdown.downloads`,`privacy.clearOnShutdown.formdata`,`privacy.clearOnShutdown.history`,`privacy.clearOnShutdown.sessions`,`privacy.clearOnShutdown.siteSettings`,`privacy.clearOnShutdown.offlineApps` -#### Windows +#### Windows (GPO) ``` Software\Policies\Mozilla\Firefox\SanitizeOnShutdown\Cache = 0x1 | 0x0 Software\Policies\Mozilla\Firefox\SanitizeOnShutdown\Cookies = 0x1 | 0x0 @@ -2362,7 +2579,7 @@ Software\Policies\Mozilla\Firefox\SanitizeOnShutdown\OfflineApps = 0x1 | 0x0 ``` -#### JSON +#### policies.json ``` { "policies": { @@ -2385,7 +2602,7 @@ Clear all data on shutdown, including Browsing & Download History, Cookies, Acti **Compatibility:** Firefox 60, Firefox ESR 60\ **CCK2 Equivalent:** N/A\ **Preferences Affected:** `privacy.sanitize.sanitizeOnShutdown`,`privacy.clearOnShutdown.cache`,`privacy.clearOnShutdown.cookies`,`privacy.clearOnShutdown.downloads`,`privacy.clearOnShutdown.formdata`,`privacy.clearOnShutdown.history`,`privacy.clearOnShutdown.sessions`,`privacy.clearOnShutdown.siteSettings`,`privacy.clearOnShutdown.offlineApps` -#### Windows +#### Windows (GPO) ``` Software\Policies\Mozilla\Firefox\SanitizeOnShutdown = 0x1 | 0x0 ``` @@ -2396,7 +2613,7 @@ Software\Policies\Mozilla\Firefox\SanitizeOnShutdown = 0x1 | 0x0 | ``` -#### JSON +#### policies.json ``` { "policies": { @@ -2411,7 +2628,7 @@ Set whether or not search bar is displayed. **CCK2 Equivalent:** `showSearchBar`\ **Preferences Affected:** N/A -#### Windows +#### Windows (GPO) ``` Software\Policies\Mozilla\Firefox\SearchBar = "unified" | "separate" ``` @@ -2423,7 +2640,7 @@ Software\Policies\Mozilla\Firefox\SearchBar = "unified" | "separate" ``` -#### JSON +#### policies.json ``` { "policies": { @@ -2446,7 +2663,7 @@ Set the default search engine. This policy is only available on the ESR. **CCK2 Equivalent:** `defaultSearchEngine`\ **Preferences Affected:** N/A -#### Windows +#### Windows (GPO) ``` Software\Policies\Mozilla\Firefox\SearchEngines\Default = NAME_OF_SEARCH_ENGINE ``` @@ -2460,7 +2677,7 @@ Software\Policies\Mozilla\Firefox\SearchEngines\Default = NAME_OF_SEARCH_ENGINE ``` -#### JSON +#### policies.json ``` { "policies": { @@ -2478,7 +2695,7 @@ Prevent installing search engines from webpages. **CCK2 Equivalent:** `disableSearchEngineInstall`\ **Preferences Affected:** N/A -#### Windows +#### Windows (GPO) ``` Software\Policies\Mozilla\Firefox\SearchEngines\PreventInstalls = 0x1 | 0x0 ``` @@ -2492,7 +2709,7 @@ Software\Policies\Mozilla\Firefox\SearchEngines\PreventInstalls = 0x1 | 0x0 ``` -#### JSON +#### policies.json ``` { "policies": { @@ -2510,7 +2727,7 @@ Hide built-in search engines. This policy is only available on the ESR. **CCK2 Equivalent:** `removeDefaultSearchEngines` (removed all built-in engines)\ **Preferences Affected:** N/A -#### Windows +#### Windows (GPO) ``` Software\Policies\Mozilla\Firefox\SearchEngines\Remove\1 = NAME_OF_SEARCH_ENGINE ``` @@ -2526,7 +2743,7 @@ Software\Policies\Mozilla\Firefox\SearchEngines\Remove\1 = NAME_OF_SEARCH_ENGINE ``` -#### JSON +#### policies.json ``` { "policies": { @@ -2560,7 +2777,7 @@ Add new search engines (up to five). This policy is only available on the ESR. ` **CCK2 Equivalent:** `searchplugins`\ **Preferences Affected:** N/A -#### Windows +#### Windows (GPO) ``` Software\Policies\Mozilla\Firefox\SearchEngines\Add\1\Name = "Example1" Software\Policies\Mozilla\Firefox\SearchEngines\Add\1\URLTemplate = "https://www.example.org/q={searchTerms}" @@ -2601,7 +2818,7 @@ Software\Policies\Mozilla\Firefox\SearchEngines\Add\1\PostData = "name=value&q={ ``` -#### JSON +#### policies.json ``` { "policies": { @@ -2630,7 +2847,7 @@ Enable search suggestions. **CCK2 Equivalent:** N/A\ **Preferences Affected:** `browser.urlbar.suggest.searches`,`browser.search.suggest.enabled` -#### Windows +#### Windows (GPO) ``` Software\Policies\Mozilla\Firefox\SearchSuggestEnabled = 0x1 | 0x0 ``` @@ -2641,7 +2858,7 @@ Software\Policies\Mozilla\Firefox\SearchSuggestEnabled = 0x1 | 0x0 | ``` -#### JSON +#### policies.json ``` { "policies": { @@ -2657,7 +2874,7 @@ Install PKCS #11 modules. **CCK2 Equivalent:** `certs.devices`\ **Preferences Affected:** N/A -#### Windows +#### Windows (GPO) ``` Software\Policies\Mozilla\Firefox\SecurityDevices\NAME_OF_DEVICE = PATH_TO_LIBRARY_FOR_DEVICE ``` @@ -2672,7 +2889,7 @@ Software\Policies\Mozilla\Firefox\SecurityDevices\NAME_OF_DEVICE = PATH_TO_LIBRA ``` -#### JSON +#### policies.json ``` { "policies": { @@ -2690,7 +2907,7 @@ Set and lock the maximum version of TLS. **CCK2 Equivalent:** N/A\ **Preferences Affected:** `security.tls.version.max` -#### Windows +#### Windows (GPO) ``` Software\Policies\Mozilla\Firefox\SSLVersionMax = "tls1" | "tls1.1" | "tls1.2" | "tls1.3" ``` @@ -2702,7 +2919,7 @@ Software\Policies\Mozilla\Firefox\SSLVersionMax = "tls1" | "tls1.1" | "tls1.2" | ``` -#### JSON +#### policies.json ``` { "policies": { @@ -2718,7 +2935,7 @@ Set and lock the minimum version of TLS. **CCK2 Equivalent:** N/A\ **Preferences Affected:** `security.tls.version.min` -#### Windows +#### Windows (GPO) ``` Software\Policies\Mozilla\Firefox\SSLVersionMin = "tls1" | "tls1.1" | "tls1.2" | "tls1.3" ``` @@ -2730,7 +2947,7 @@ Software\Policies\Mozilla\Firefox\SSLVersionMin = "tls1" | "tls1.1" | "tls1.2" | ``` -#### JSON +#### policies.json ``` { "policies": { @@ -2745,7 +2962,7 @@ Add a menuitem to the help menu for specifying support information. **CCK2 Equivalent:** helpMenu\ **Preferences Affected:** N/A -#### Windows +#### Windows (GPO) ``` Software\Policies\Mozilla\Firefox\SupportMenu\Title = "Support Menu" Software\Policies\Mozilla\Firefox\SupportMenu\URL = "http://example.com/support" @@ -2765,7 +2982,7 @@ Software\Policies\Mozilla\Firefox\SupportMenu\AccessKey = "S" ``` -#### JSON +#### policies.json ``` { "policies": { @@ -2784,7 +3001,7 @@ Block websites from being visited. The parameters take an array of Match Pattern **CCK2 Equivalent:** N/A\ **Preferences Affected:** N/A -#### Windows +#### Windows (GPO) ``` Software\Policies\Mozilla\Firefox\WebsiteFilters\Block\1 = "" Software\Policies\Mozilla\Firefox\WebsiteFilters\Exceptions\1 = "http://example.org/*" @@ -2806,7 +3023,7 @@ Software\Policies\Mozilla\Firefox\WebsiteFilters\Exceptions\1 = "http://example. ``` -#### JSON +#### policies.json ``` { "policies": {