X-Git-Url: https://git.p6c8.net/policy-templates.git/blobdiff_plain/2cde024a39d0df54fb441d1a33ca433b9158aa29..bf8d020d8d7fd009645c7072b6202b1c5c9cc2e9:/README.md diff --git a/README.md b/README.md index 13db59a..f62e6e9 100644 --- a/README.md +++ b/README.md @@ -1,283 +1,2259 @@ -Policies can either be specified using the GPO templates or by putting a file called policies.json in the distribution directory. -The content of the JSON file should look like this: +**IMPORTANT**: This file is in active development along with the policies in Firefox. Make sure to check the compatibility section to see if a policy is available in a specific version of Firefox. To get the policy information that corresponds to a specific release, go to https://github.com/mozilla/policy-templates/releases. + +Policies can be specified using the Group Policy templates on Windows (https://github.com/mozilla/policy-templates/tree/master/windows), configuration profiles on macOS (https://github.com/mozilla/policy-templates/tree/master/mac), or by creating a file called `policies.json`. On Windows, create a directory called `distribution` where the EXE is located and place the file there. On Mac, the file goes into `Firefox.app/Contents/Resources/distribution`. On Linux, the file goes into `firefox/distribution`, where `firefox` is the installation directory for firefox, which varies by distribution. + +| Policy Name | Description +| --- | --- | +| **[`AppUpdateURL`](#AppUpdateURL)** | Change the URL for application update. +| **[`Authentication`](#Authentication)** | Configure sites that support integrated authentication. +| **[`BlockAboutAddons`](#blockaboutaddons)** | Block access to the Add-ons Manager (about:addons). +| **[`BlockAboutConfig`](#blockaboutconfig)** | Block access to about:config. +| **[`BlockAboutProfiles`](#blockaboutprofiles)** | Block access to About Profiles (about:profiles). +| **[`BlockAboutSupport`](#blockaboutsupport)** | Block access to Troubleshooting Information (about:support). +| **[`Bookmarks`](#bookmarks)** | Add bookmarks in either the bookmarks toolbar or menu. +| **[`CaptivePortal`](#captiveportal)** | Enable or disable the detection of captive portals. +| **[`Certificates`](#certificates)** | +| **[`Certificates -> ImportEnterpriseRoots`](#certificates--importenterpriseroots)** | Trust certificates that have been added to the operating system certificate store by a user or administrator. +| **[`Certificates -> Install`](#certificates--install)** | Install certificates into the Firefox certificate store. +| **[`Cookies`](#cookies)** | Configure cookie preferences. +| **[`DisableSetDesktopBackground`](#disablesetdesktopbackground)** | Remove the "Set As Desktop Background..." menuitem when right clicking on an image. +| **[`DisableMasterPasswordCreation`](#disablemasterpasswordcreation)** | Remove the master password functionality. +| **[`DisableAppUpdate`](#disableappupdate)** | Turn off application updates. +| **[`DisableBuiltinPDFViewer`](#disablebuiltinpdfviewer)** | Disable the built in PDF viewer. +| **[`DisableDeveloperTools`](#disabledevelopertools)** | Remove access to all developer tools. +| **[`DisableFeedbackCommands`](#disablefeedbackcommands)** | Disable the menus for reporting sites. +| **[`DisableFirefoxScreenshots`](#disablefirefoxscreenshots)** | Remove access to Firefox Screenshots. +| **[`DisableFirefoxAccounts`](#disablefirefoxaccounts)** | Disable Firefox Accounts integration (Sync). +| **[`DisableFirefoxStudies`](#disablefirefoxstudies)** | Disable Firefox studies (Shield). +| **[`DisableForgetButton`](#disableforgetbutton)** | Disable the "Forget" button. +| **[`DisableFormHistory`](#disableformhistory)** | Turn off saving information on web forms and the search bar. +| **[`DisablePocket`](#disablepocket)** | Remove Pocket in the Firefox UI. +| **[`DisablePrivateBrowsing`](#disableprivatebrowsing)** | Remove access to private browsing. +| **[`DisableProfileImport`](#disableprofileimport)** | Disables the "Import data from another browser" option in the bookmarks window. +| **[`DisableProfileRefresh`](#disableprofilerefresh)** | Disable the Refresh Firefox button on about:support and support.mozilla.org +| **[`DisableSafeMode`](#disablesafemode)** | Disable safe mode. +| **[`DisableSecurityBypass`](#disablesecuritybypass)** | Prevent the user from bypassing security in certain cases. +| **[`DisableSystemAddonUpdate`](#disablesystemaddonupdate)** | Prevent system add-ons from being installed or update. +| **[`DisableTelemetry`](#disabletelemetry)** | DisableTelemetry +| **[`DisplayBookmarksToolbar`](#displaybookmarkstoolbar)** | Set the initial state of the bookmarks toolbar. +| **[`DisplayMenuBar`](#displaymenubar)** | Set the initial state of the menubar +| **[`DNSOverHTTPS`](#dnsoverhttps)** | Configure DNS over HTTPS. +| **[`DontCheckDefaultBrowser`](#dontcheckdefaultbrowser)** | Don't check if Firefox is the default browser at startup. +| **[`EnableTrackingProtection`](#enabletrackingprotection)** | Configure tracking protection. +| **[`Extensions`](#extensions)** | Control the installation, uninstallation and locking of extensions. +| **[`ExtensionUpdate`](#extensionupdate)** | Control extension updates. +| **[`FlashPlugin`](#flashplugin)** | Configure the default Flash plugin policy as well as origins for which Flash is allowed. +| **[`HardwareAcceleration`](#hardwareacceleration)** | Control hardware acceleration. +| **[`Homepage`](#homepage)** | Configure the default homepage and how Firefox starts. +| **[`InstallAddonsPermission`](#installaddonspermission)** | Configure the default extension install policy as well as origins for extension installs are allowed. +| **[`NetworkPrediction`](#networkprediction)** | Enable or disable network prediction (DNS prefetching). +| **[`NoDefaultBookmarks`](#nodefaultbookmarks)** | Disable the creation of default bookmarks. +| **[`OfferToSaveLogins`](#offertosavelogins)** | Control whether or not Firefox offers to save passwords. +| **[`OverrideFirstRunPage`](#overridefirstrunpage)** | Override the first run page. +| **[`OverridePostUpdatePage`](#overridepostupdatepage)** | Override the upgrade page. +| **[`PopupBlocking`](#popupblocking)** | Configure the default pop-up window policy as well as origins for which pop-up windows are allowed. +| **[`Permissions`](#permissions)** | Set permissions associated with camera, microphone, location, and notifications. +| **[`Proxy`](#proxy)** | Configure proxy settings. +| **[`RequestedLocales`](#requestedlocales)** | Set the the list of requested locales for the application in order of preference. +| **[`SanitizeOnShutdown`](#sanitizeonshutdown)** | Clear all data on shutdown. +| **[`SearchBar`](#searchbar)** | Set whether or not search bar is displayed. +| **[`SearchEngines`](#searchengines-this-policy-is-only-available-on-the-esr)** | +| **[`SearchEngines -> Default`](#searchengines--default)** | Set the default search engine. +| **[`SearchEngines -> PreventInstalls`](#searchengines--preventinstalls)** | Prevent installing search engines from webpages. +| **[`SearchEngines -> Remove`](#searchengines--remove)** | Hide built-in search engines. +| **[`SearchEngines -> Add`](#searchengines--add)** | Add new search engines. +| **[`SecurityDevices`](#securitydevices)** | Install PKCS #11 modules. +| **[`SSLVersionMax`](#sslversionmax)** | Set and lock the maximum version of TLS. +| **[`SSLVersionMin`](#sslversionmin)** | Set and lock the minimum version of TLS. +| **[`WebsiteFilter`](#websitefilter)** | Block websites from being visited. + + +### AppUpdateURL + +Change the URL for application update. + +**Compatibility:** Firefox 62, Firefox ESR 60.2\ +**CCK2 Equivalent:** N/A\ +**Preferences Affected:** `app.update.url` + +#### Windows +``` +Software\Policies\Mozilla\Firefox\AppUpdateURL = "https://yoursite.com" +``` +#### macOS +``` + + AppUpdateURL + https://yoursite.com + +``` +### JSON ``` { "policies": { - ...POLICIES... + "AppUpdateURL": "https://yoursite.com" } } ``` -Policies are documented below. +### Authentication + +Configure sites that support integrated authentication. +See https://developer.mozilla.org/en-US/docs/Mozilla/Integrated_authentication for more information. + +**Compatibility:** Firefox 60, Firefox ESR 60 (AllowNonFQDN added in 62/60.2)\ +**CCK2 Equivalent:** N/A\ +**Preferences Affected:** `network.negotiate-auth.trusted-uris`, `network.negotiate-auth.delegation-uris`, `network.automatic-ntlm-auth.trusted-uris`, `network.automatic-ntlm-auth.allow-non-fqdn`, `network.negotiate-auth.allow-non-fqdn` + +#### Windows +``` +Software\Policies\Mozilla\Firefox\Authentication\SPNEGO\1 = "mydomain.com" +Software\Policies\Mozilla\Firefox\Authentication\SPNEGO\2 = "https://myotherdomain.com" +Software\Policies\Mozilla\Firefox\Authentication\Delegated\1 = "mydomain.com" +Software\Policies\Mozilla\Firefox\Authentication\Delegated\2 = "https://myotherdomain.com" +Software\Policies\Mozilla\Firefox\Authentication\NTLM\1 = "mydomain.com" +Software\Policies\Mozilla\Firefox\Authentication\NTLM\2 = "https://myotherdomain.com" +Software\Policies\Mozilla\Firefox\Authentication\AllowNonFQDN\SPNEGO = 0x1 | 0x0 +Software\Policies\Mozilla\Firefox\Authentication\AllowNonFQDN\NTLM = 0x1 | 0x0 +``` +#### macOS +``` + + Authentication + + SPNEGO + + mydomain.com + https://myotherdomain.com + + Delegated + + mydomain.com + https://myotherdomain.com + + NTLM + + mydomain.com + https://myotherdomain.com + + AllowNonFQDN + + SPNEGO + | + NTLM + | + + + +``` +### JSON +``` +{ + "policies": { + "Authentication": { + "SPNEGO": ["mydomain.com", "https://myotherdomain.com"], + "Delegated": ["mydomain.com", "https://myotherdomain.com"], + "NTLM": ["mydomain.com", "https://myotherdomain.com"], + "AllowNonFQDN": { + "SPNEGO": true | false, + "NTLM": true | false + } + } + } +} +``` ### BlockAboutAddons -This policy removes access to about:addons. + +Block access to the Add-ons Manager (about:addons). + +**Compatibility:** Firefox 60, Firefox ESR 60\ +**CCK2 Equivalent:** `disableAddonsManager`\ +**Preferences Affected:** N/A + +#### Windows +``` +Software\Policies\Mozilla\Firefox\BlockAboutAddons = 0x1 | 0x0 +``` +#### macOS +``` + + BlockAboutAddons + | + +``` +#### JSON ``` { "policies": { - "BlockAboutAddons": true + "BlockAboutAddons": true | false } } ``` ### BlockAboutConfig -This policy removes access to about:config. + +Block access to about:config. + +**Compatibility:** Firefox 60, Firefox ESR 60\ +**CCK2 Equivalent:** `disableAboutConfig`\ +**Preferences Affected:** N/A + +#### Windows +``` +Software\Policies\Mozilla\Firefox\BlockAboutConfig = 0x1 | 0x0 +``` +#### macOS +``` + + BlockAboutConfig + | + +``` +#### JSON ``` { "policies": { - "BlockAboutConfig": true + "BlockAboutConfig": true | false } } ``` -### BlockAboutSupport -This policy removes access to about:support. +### BlockAboutProfiles + +Block access to About Profiles (about:profiles). + +**Compatibility:** Firefox 60, Firefox ESR 60\ +**CCK2 Equivalent:** `disableAboutProfiles`\ +**Preferences Affected:** N/A + +#### Windows +``` +Software\Policies\Mozilla\Firefox\BlockAboutProfiles = 0x1 | 0x0 +``` +#### macOS +``` + + BlockAboutProfiles + | + +``` +#### JSON ``` { "policies": { - "BlockAboutSupport": true + "BlockAboutProfiles": true | false + } } ``` -### BlockSetDesktopBackground -This policy removes the "Set As Desktop Background..." menuitem when right clicking on an image. +### BlockAboutSupport + +Block access to Troubleshooting Information (about:support). + +**Compatibility:** Firefox 60, Firefox ESR 60\ +**CCK2 Equivalent:** `disableAboutSupport`\ +**Preferences Affected:** N/A + +#### Windows +``` +Software\Policies\Mozilla\Firefox\BlockAboutSupport = 0x1 | 0x0 +``` +#### macOS +``` + + BlockAboutSupport + | + +``` +#### JSON ``` { "policies": { - "BlockAboutSupport": true + "BlockAboutSupport": true | false } } ``` -### CreateMasterPassword -This policy removes the master password functionality. +### Bookmarks + +Add bookmarks in either the bookmarks toolbar or menu. Only `Title` and `URL` are required. If `Placement` is not specified, the bookmark will be placed on the toolbar. If `Folder` is specified, it is automatically created and bookmarks with the same folder name are grouped together. + +**Compatibility:** Firefox 60, Firefox ESR 60\ +**CCK2 Equivalent:** `bookmarks.toolbar`,`bookmarks.menu`\ +**Preferences Affected:** N/A + +#### Windows +``` +Software\Policies\Mozilla\Firefox\Bookmarks\1\Title = "Example" +Software\Policies\Mozilla\Firefox\Bookmarks\1\URL = "https://example.com" +Software\Policies\Mozilla\Firefox\Bookmarks\1\Favicon = "https://example.com/favicon.ico" +Software\Policies\Mozilla\Firefox\Bookmarks\1\Placement = "toolbar" | "menu" +Software\Policies\Mozilla\Firefox\Bookmarks\1\Folder = "FolderName" +``` +#### macOS +``` + + Bookmarks + + + Title + Example + URL + https://example.com + Favicon + https://example.com/favicon.ico + Placement + toolbar | menu + Folder + FolderName + + + +``` +### JSON ``` { "policies": { - "CreateMasterPassword": false + "Bookmarks": [ + { + "Title": "Example", + "URL": "https://example.com", + "Favicon": "https://example.com/favicon.ico", + "Placement": "toolbar" | "menu", + "Folder": "FolderName" + } + ] } } ``` -### DisableAppUpdate -This policy turns off application updates. +### CaptivePortal +Enable or disable the detection of captive portals. + +**Compatibility:** Firefox 67, Firefox ESR 60.7\ +**CCK2 Equivalent:** N/A\ +**Preferences Affected:** `network.captive-portal-service.enabled` + +#### Windows +``` +Software\Policies\Mozilla\Firefox\CaptivePortal = 0x1 | 0x0 +``` +#### macOS +``` + + CaptivePortal + | + +``` +#### JSON ``` { "policies": { - "DisableAppUpdate": true + "CaptivePortal": true | false } } ``` -### DisableDeveloperTools -This policy removes access to all developer tools. +### Certificates + +### Certificates | ImportEnterpriseRoots + +Trust certificates that have been added to the operating system certificate store by a user or administrator. + +See https://support.mozilla.org/kb/setting-certificate-authorities-firefox for more detail. + +**Compatibility:** Firefox 60, Firefox ESR 60 (macOS support in Firefox 63, Firefox ESR 68)\ +**CCK2 Equivalent:** N/A\ +**Preferences Affected:** `security.enterprise_roots.enabled` + +#### Windows +``` +Software\Policies\Mozilla\Firefox\Certificates\ImportEnterpriseRoots = 0x1 | 0x0 +``` +#### macOS +``` + + Certificates + + ImportEnterpriseRoots + | + + +``` +#### JSON ``` { "policies": { - "DisableDeveloperTools": true + "Certificates": { + "ImportEnterpriseRoots": true | false + } } } ``` -### DisableDeveloperTools -This policy removes access to all developer tools. +### Certificates | Install + +Install certificates into the Firefox certificate store. If only a filename is specified, Firefox searches for the file in the following locations: + +- Windows + - %USERPROFILE%\AppData\Local\Mozilla\Certificates + - %USERPROFILE%\AppData\Roaming\Mozilla\Certificates +- macOS + - /Library/Application Support/Mozilla/Certificates + - ~/Library/Application Support/Mozilla/Certificates +- Linux + - /usr/lib/mozilla/certificates + - /usr/lib64/mozilla/certificates + - ~/.mozilla/certificates + +Starting with Firefox 65, Firefox 60.5 ESR, a fully qualified path can be used, including UNC paths. You should use the native path style for your operating system. We do not support using %USERPROFILE% or other environment variables on Windows. + +If you are specifying the path in the policies.json file on Windows, you need to escape your backslashes (`\\`) which means that for UNC paths, you need to escape both (`\\\\`). If you use group policy, you only need one backslash. + +Certificates are installed using the trust string `CT,CT,`. + +Binary (DER) and ASCII (PEM) certificates are both supported. + +**Compatibility:** Firefox 64, Firefox ESR 64\ +**CCK2 Equivalent:** `certs.ca`\ +**Preferences Affected:** N/A + +#### Windows +``` +Software\Policies\Mozilla\Firefox\Certificates\Install\1 = "cert1.der" +Software\Policies\Mozilla\Firefox\Certificates\Install\2 = "C:\Users\username\cert2.pem" +``` +#### macOS +``` + + Certificates + + Install + + cert1.der + /Users/username/cert2.pem + + + +``` +#### JSON ``` { "policies": { - "DisableDeveloperTools": true + "Certificates": { + "Install": ["cert1.der", "/home/username/cert2.pem"] + } } } ``` -### DisableFirefoxScreenshots -This policy removes access to Firefox Screenshots +### Cookies +Configure cookie preferences. + +`Allow` is a list of origins (not domains) where cookies are always allowed. You must include http or https. + +`Block` is a list of origins (not domains) where cookies are always blocked. You must include http or https. + +`Default` determines whether cookies are accepted at all. + +`AcceptThirdParty` determines how third-party cookies are handled. + +`ExpireAtSessionEnd` determines when cookies expire. + +`RejectTracker` only rejects cookies for trackers. + +`Locked` prevents the user from changing cookie preferences. + +**Compatibility:** Firefox 60, Firefox ESR 60 (RejectTracker was added in Firefox 63)\ +**CCK2 Equivalent:** N/A\ +**Preferences Affected:** `network.cookie.cookieBehavior`,`network.cookie.lifetimePolicy` + +#### Windows +``` +Software\Policies\Mozilla\Firefox\Cookies\Allow\1 = "https://example.com" +Software\Policies\Mozilla\Firefox\Cookies\Block\1 = "https://example.org" +Software\Policies\Mozilla\Firefox\Cookies\Default = 0x1 | 0x0 +Software\Policies\Mozilla\Firefox\Cookies\AcceptThirdParty = "always" | "never" |"from-visited" +Software\Policies\Mozilla\Firefox\Cookies\ExpireAtSessionEnd = 0x1 | 0x0 +Software\Policies\Mozilla\Firefox\Cookies\RejectTracker = 0x1 | 0x0 +Software\Policies\Mozilla\Firefox\Cookies\Locked = 0x1 | 0x0 +``` +#### macOS +``` + + Cookies + + Allow + + http://example.com + + Block + + http://example.org + + Default + | + AcceptThirdParty + always | never | from-visited + ExpireAtSessionEnd + | + RejectTracker + | + Locked + | + + +``` +#### JSON ``` { "policies": { - "DisableFirefoxScreenshots": true + "Cookies": { + "Allow": ["http://example.org/"], + "Block": ["http://example.edu/"], + "Default": true | false, + "AcceptThirdParty": "always" | "never" | "from-visited"], + "ExpireAtSessionEnd": true | false, + "RejectTracker": true | false, + "Locked": true | false + } } } ``` -### DisableFirefoxAccounts -This policy disables Sync +### DisableSetDesktopBackground +Remove the "Set As Desktop Background..." menuitem when right clicking on an image. + +**Compatibility:** Firefox 60, Firefox ESR 60\ +**CCK2 Equivalent:** `removeSetDesktopBackground`\ +**Preferences Affected:** N/A + +#### Windows +``` +Software\Policies\Mozilla\Firefox\DisableSetDesktopBackground = 0x1 | 0x0 +``` + +#### macOS +``` + + DisableSetDesktopBackground + | + +``` +#### JSON ``` { "policies": { - "DisableFirefoxAccounts": true + "DisableSetDesktopBackground": true | false } } ``` -### DisableFirefoxStudies -This policy disables Firefox studies (Shield) +### DisableMasterPasswordCreation +Remove the master password functionality. + +**Compatibility:** Firefox 60, Firefox ESR 60\ +**CCK2 Equivalent:** `noMasterPassword`\ +**Preferences Affected:** N/A + +#### Windows +``` +Software\Policies\Mozilla\Firefox\DisableMasterPasswordCreation = 0x1 | 0x0 +``` + +#### macOS +``` + + DisableMasterPasswordCreation + | + +``` +#### JSON ``` { "policies": { - "DisableFirefoxAccounts": true + "DisableMasterPasswordCreation": true | false } } ``` -### DisableFormHistory -This policy turns off the browser.formfill.enable preferences +### DisableAppUpdate +Turn off application updates. + +**Compatibility:** Firefox 60, Firefox ESR 60\ +**CCK2 Equivalent:** `disableFirefoxUpdates`\ +**Preferences Affected:** N/A + +#### Windows +``` +Software\Policies\Mozilla\Firefox\DisableAppUpdate = 0x1 | 0x0 +``` +#### macOS +``` + + DisableAppUpdate + | + +``` +#### JSON ``` { "policies": { - "DisableFormHistory": true + "DisableAppUpdate": true | false } } ``` -### DisablePocket -This policy turns off Pocket +### DisableBuiltinPDFViewer +Disable the built in PDF viewer. PDF files are downloaded and sent externally. + +**Compatibility:** Firefox 60, Firefox ESR 60\ +**CCK2 Equivalent:** `disablePDFjs`\ +**Preferences Affected:** `pdfjs.disabled` + +#### Windows +``` +Software\Policies\Mozilla\Firefox\DisableBuiltinPDFViewer = 0x1 | 0x0 +``` + +#### macOS +``` + + DisableBuiltinPDFViewer + | + +``` +#### JSON ``` { "policies": { - "DisablePocket": true + "DisableBuiltinPDFViewer": true | false } } ``` -### DisablePrivateBrowsing -This policy removes access to private browsing +### DisableDeveloperTools +Remove access to all developer tools. + +**Compatibility:** Firefox 60, Firefox ESR 60\ +**CCK2 Equivalent:** `removeDeveloperTools`\ +**Preferences Affected:** `devtools.policy.disabled` + +#### Windows +``` +Software\Policies\Mozilla\Firefox\DisableDeveloperTools = 0x1 | 0x0` +``` + +#### macOS +``` + + DisableDeveloperTools + | + +``` +#### JSON ``` { "policies": { - "DisablePrivateBrowsing": true + "DisableDeveloperTools": true | false } } ``` -### DisableSysAddonUpdate -This policy prevents system add-ons from being updated or installed. +### DisableFeedbackCommands +Disable the menus for reporting sites (Submit Feedback, Report Deceptive Site). + +**Compatibility:** Firefox 60, Firefox ESR 60\ +**CCK2 Equivalent:** N/A\ +**Preferences Affected:** N/A + +#### Windows +``` +Software\Policies\Mozilla\Firefox\DisableFeedbackCommands = 0x1 | 0x0 +``` +#### macOS +``` + + DisableFeedbackCommands + | + +``` +#### JSON ``` { "policies": { - "DisableSysAddonUpdate": true + "DisableFeedbackCommands": true | false } } ``` -### DisplayBookmarksToolbar -This policy turns on the bookmarks toolbar by default. A user can still turn it off and it will stay off. +### DisableFirefoxScreenshots +Remove access to Firefox Screenshots. + +**Compatibility:** Firefox 60, Firefox ESR 60\ +**CCK2 Equivalent:** N/A\ +**Preferences Affected:** `extensions.screenshots.disabled` + +#### Windows +``` +Software\Policies\Mozilla\Firefox\DisableFirefoxScreenshots = 0x1 | 0x0 +``` +#### macOS +``` + + DisableFirefoxScreenshots + | + +``` +#### JSON ``` { "policies": { - "DisplayBookmarksToolbar": true + "DisableFirefoxScreenshots": true | false } } ``` -### DisplayMenuBar -This policy turns on the menubar by default. A user can still turn it off and it will stay off. +### DisableFirefoxAccounts +Disable Firefox Accounts integration (Sync). + +**Compatibility:** Firefox 60, Firefox ESR 60\ +**CCK2 Equivalent:** `disableSync`\ +**Preferences Affected:** `identity.fxaccounts.enabled` + +#### Windows +``` +Software\Policies\Mozilla\Firefox\DisableFirefoxAccounts = 0x1 | 0x0 +``` +#### macOS +``` + + DisableFirefoxAccounts + | + +``` +#### JSON ``` { "policies": { - "DisplayMenuBar": true + "DisableFirefoxAccounts": true | false } } ``` -### DontCheckDefaultBrowser -This policy stops Firefox from checking if it is the default browser at startup. +### DisableFirefoxStudies +Disable Firefox studies (Shield). + +**Compatibility:** Firefox 60, Firefox ESR 60\ +**CCK2 Equivalent:** `disableForget`\ +**Preferences Affected:** N/A + +#### Windows +``` +Software\Policies\Mozilla\Firefox\DisableFirefoxStudies = 0x1 | 0x0 +``` +#### macOS +``` + + DisableFirefoxStudies + | + +``` +#### JSON ``` { "policies": { - "DontCheckDefaultBrowser": true + "DisableFirefoxStudies": true | false } } ``` -### RememberPasswords -This policy sets the signon.rememberSignons preference. It can either be enabled or disabled. +### DisableForgetButton +Disable the "Forget" button. + +**Compatibility:** Firefox 60, Firefox ESR 60\ +**CCK2 Equivalent:** `disableForget`\ +**Preferences Affected:** N/A + +#### Windows +``` +Software\Policies\Mozilla\Firefox\DisableForgetButton = 0x1 | 0x0 +``` +#### macOS +``` + + DisableForgetButton + | + +``` +#### JSON ``` { "policies": { - "RememberPasswords": true + "DisableForgetButton": true | false } } ``` -### Homepage -This policy sets the default homepage value. It can also be used to lock the homepage and add additional homepages. +### DisableFormHistory +Turn off saving information on web forms and the search bar. + +**Compatibility:** Firefox 60, Firefox ESR 60\ +**CCK2 Equivalent:** `disableFormFill`\ +**Preferences Affected:** ` browser.formfill.enable` + +#### Windows +``` +Software\Policies\Mozilla\Firefox\DisableFormHistory = 0x1 | 0x0 +``` +#### macOS +``` + + DisableFormHistory + | + +``` +#### JSON ``` { "policies": { - "Homepage": { - "URL": "http://example.com/", - "Locked": true, - "Additional": ["http://example.org/", - "http://example.edu/"] - } + "DisableFormHistory": true | false } } ``` -### Popups -This policy sets domains for which popups are allowed +### DisablePocket +Remove Pocket in the Firefox UI. It does not remove it from the new tab page. + +**Compatibility:** Firefox 60, Firefox ESR 60\ +**CCK2 Equivalent:** `disablePocket`\ +**Preferences Affected:** `extensions.pocket.enabled` + +#### Windows +``` +Software\Policies\Mozilla\Firefox\DisablePocket = 0x1 | 0x0 +``` +#### macOS +``` + + DisablePocket + | + +``` +#### JSON ``` { "policies": { - "Popups": { - "Allow": ["http://example.org/", - "http://example.edu/"] - } + "DisablePocket": true | false } } ``` -### InstallAddons -This policy sets domains that can install extensions +### DisablePrivateBrowsing +Remove access to private browsing. + +**Compatibility:** Firefox 60, Firefox ESR 60\ +**CCK2 Equivalent:** `disablePrivateBrowsing`\ +**Preferences Affected:** N/A + +#### Windows +``` +Software\Policies\Mozilla\Firefox\DisablePrivateBrowsing = 0x1 | 0x0 +``` +#### macOS +``` + + DisablePrivateBrowsing + | + +``` +#### JSON ``` { "policies": { - "InstallAddons": { - "Allow": ["http://example.org/", - "http://example.edu/"] - } + "DisablePrivateBrowsing": true | false } } ``` -### Cookies -This policy sets domains that can set or not set cookies. +### DisableProfileImport +Disables the "Import data from another browser" option in the bookmarks window. + +**Compatibility:** Firefox 60, Firefox ESR 60\ +**CCK2 Equivalent:** N/A\ +**Preferences Affected:** N/A + +#### Windows +``` +Software\Policies\Mozilla\Firefox\DisableProfileImport = 0x1 | 0x0 +``` +#### macOS +``` + + DisableProfileImport + | + +``` +#### JSON ``` { "policies": { - "Cookies": { - "Allow": ["http://example.org/"], - "Block": ["http://example.edu/"] - } + "DisableProfileImport": true | false } } ``` -### FlashPlugin -This policy sets domains that can use or not use Flash +### DisableProfileRefresh +Disable the Refresh Firefox button on about:support and support.mozilla.org, as well as the prompt that displays offering to refresh Firefox when you haven't used it in a while. + +**Compatibility:** Firefox 60, Firefox ESR 60\ +**CCK2 Equivalent:** `disableResetFirefox`\ +**Preferences Affected:** `browser.disableResetPrompt` + +#### Windows +``` +Software\Policies\Mozilla\Firefox\DisableProfileRefresh = 0x1 | 0x0 +``` +#### macOS +``` + + DisableProfileRefresh + | + +``` +#### JSON ``` { "policies": { - "FlashPlugin": { - "Allow": ["http://example.org/"], - "Block": ["http://example.edu/"] - } + "DisableProfileRefresh": true | false } } ``` -### Bookmarks -This policy allows you to specify bookmarks. You can have any number of bookmarks although only ten are specified in the ADMX file. -Placement can be specified as either toolbar or menu. If a folder is specified, it is automatically created and bookmarks with the -same folder name are grouped together. +### DisableSafeMode +Disable safe mode. +**Compatibility:** Firefox 60, Firefox ESR 60 (Windows, macOS)\ +**CCK2 Equivalent:** `disableSafeMode`\ +**Preferences Affected:** N/A + +#### Windows +``` +Software\Policies\Mozilla\Firefox\DisableSafeMode = 0x1 | 0x0 +``` +#### macOS +``` + + DisableSafeMode + | + +``` +#### JSON ``` { "policies": { - "Bookmarks": [ - {"Title": "Example", - "URL": "http://example.org", - "Favicon": "http://example.com/favicon.ico", - "Placement": "toolbar", - "Folder": "Bookmarks" - } - ] + "DisableSafeMode": true | false } } ``` -### Proxy -This policy allows you to specify proxy settings. These settings correspond to the connection settings in Firefox preferences. -To specify ports, append them to the URLs with a colon (:). If Locked is set to true, the values can't be changed by the user. -``` -{ - "Proxy": { - "Mode": ["none", "system", "manual", "autoDetect", "autoConfig"] - "Locked": [true, false] -Z "HTTPProxy": "URL_TO_PROXY", - "UseHTTPProxyForAllProtocols": [true, false] - "SSLProxy": "URL_TO_PROXY", - "FTPProxy": "URL_TO_PROXY", - "SOCKSProxy": { "URL_TO_PROXY", - "SOCKSVersion": [4, 5], - "Passthrough": "List of passthrough addresses/domains", - "AutoConfigURL": "URL_TO_AUTOCONFIG", - "AutoLogin": [true, false], - "UseProxyForDNS": [true, false] +### DisableSecurityBypass +Prevent the user from bypassing security in certain cases. + +`InvalidCertificate` prevents adding an exception when an invalid certificate is shown. + +`SafeBrowsing` prevents selecting "ignore the risk" and visiting a harmful site anyway. + +**Compatibility:** Firefox 60, Firefox ESR 60\ +**CCK2 Equivalent:** N/A\ +**Preferences Affected:** `security.certerror.hideAddException`,`browser.safebrowsing.allowOverride` + +#### Windows +``` +Software\Policies\Mozilla\Firefox\DisableSecurityBypass\InvalidCertificate = 0x1 | 0x0 +Software\Policies\Mozilla\Firefox\DisableSecurityBypass\SafeBrowsing = 0x1 | 0x0 +``` +#### macOS +``` + + DisableSecurityBypass + + InvalidCertificate + | + + | + + +``` +#### JSON +``` +{ + "policies": { + "DisableSecurityBypass": { + "InvalidCertificate": true false, + "SafeBrowsing": true false + } + } +} +``` +### DisableSystemAddonUpdate +Prevent system add-ons from being installed or update. + +**Compatibility:** Firefox 60, Firefox ESR 60\ +**CCK2 Equivalent:** N/A\ +**Preferences Affected:** N/A + +#### Windows +```Software\Policies\Mozilla\Firefox\DisableSystemAddonUpdate = 0x1 | 0x0 +``` +#### macOS +``` + + DisableSystemAddonUpdate + | + +``` +#### JSON +``` +{ + "policies": { + "DisableSystemAddonUpdate": true | false + } +} +``` +### DisableTelemetry +Prevent the upload of telemetry data. + +Mozilla recommends that you do not disable telemetry. Information collected through telemetry helps us build a better product for businesses like yours. + +**Compatibility:** Firefox 60, Firefox ESR 60\ +**CCK2 Equivalent:** `disableTelemetry`\ +**Preferences Affected:** `datareporting.healthreport.uploadEnabled,datareporting.policy.dataSubmissionEnabled` + +#### Windows +``` +Software\Policies\Mozilla\Firefox\DisableTelemetry = 0x1 | 0x0 +``` +#### macOS +``` + + DisableTelemetry + | + +``` +#### JSON +``` +{ + "policies": { + "DisableTelemetry": true | false + } +} +``` +### DisplayBookmarksToolbar +Set the initial state of the bookmarks toolbar. A user can still hide it and it will stay hidden. + +**Compatibility:** Firefox 60, Firefox ESR 60\ +**CCK2 Equivalent:** `displayBookmarksToolbar`\ +**Preferences Affected:** N/A + +#### Windows +``` +Software\Policies\Mozilla\Firefox\DisplayBookmarksToolbar = 0x1 | 0x0 +``` +#### macOS +``` + + DisplayBookmarksToolbar + | + +``` +#### JSON +``` +{ + "policies": { + "DisplayBookmarksToolbar": true | false + } +} +``` +### DisplayMenuBar +Set the initial state of the menubar. A user can still hide it and it will stay hidden. + +**Compatibility:** Firefox 60, Firefox ESR 60 (Windows, some Linux)\ +**CCK2 Equivalent:** `displayMenuBar`\ +**Preferences Affected:** N/A + +#### Windows +``` +Software\Policies\Mozilla\Firefox\DisplayMenuBar = 0x1 | 0x0 +``` +#### macOS +``` + + DisplayMenuBar + | + +``` +#### JSON +``` +{ + "policies": { + "DisplayMenuBar": true | false + } +} +``` +### DNSOverHTTPS +Configure DNS over HTTPS. + +`Enabled` determines whether DNS over HTTPS is enabled + +`ProviderURL` is a URL to another provider. + +`Locked` prevents the user from changing DNS over HTTPS preferences. + +**Compatibility:** Firefox 63, Firefox ESR 68\ +**CCK2 Equivalent:** N/A\ +**Preferences Affected:** `network.trr.mode`,`network.trr.uri` + +#### Windows +``` +Software\Policies\Mozilla\Firefox\Cookies\Enabled = 0x1 | 0x0 +Software\Policies\Mozilla\Firefox\Cookies\ProviderURL = "URL_TO_ALTERNATE_PROVIDER" +Software\Policies\Mozilla\Firefox\Cookies\Locked = 0x1 | 0x0 +``` +#### macOS +``` + + Cookies + + Enabled + | + ProviderURL + URL_TO_ALTERNATE_PROVIDER + Locked + | + + +``` +#### JSON +``` +{ + "policies": { + "DNSOverHTTPS": { + "Enabled": true | false, + "ProviderURL": "URL_TO_ALTERNATE_PROVIDER", + "Locked": true | false + } + } +} +``` +### DontCheckDefaultBrowser +Don't check if Firefox is the default browser at startup. + +**Compatibility:** Firefox 60, Firefox ESR 60\ +**CCK2 Equivalent:** `dontCheckDefaultBrowser`\ +**Preferences Affected:** `browser.shell.checkDefaultBrowser` + +#### Windows +``` +Software\Policies\Mozilla\Firefox\DontCheckDefaultBrowser = 0x1 | 0x0 +``` +#### macOS +``` + + DontCheckDefaultBrowser + | + +``` +#### JSON +``` +{ + "policies": { + "DontCheckDefaultBrowser": true | false + } +} +``` +### EnableTrackingProtection +Configure tracking protection. + +If this policy is not configured, tracking protection is not enabled by default in the browser, but it is enabled by default in private browsing and the user can change it. + +If `Value` is set to false, tracking protection is disabled and locked in both the regular browser and private browsing. + +If `Value` is set to true, tracking protection is enabled by default in both the regular browser and private browsing and the `Locked` value determines whether or not a user can change it. + +**Compatibility:** Firefox 60, Firefox ESR 60\ +**CCK2 Equivalent:** `dontCheckDefaultBrowser`\ +**Preferences Affected:** `privacy.trackingprotection.enabled`,`privacy.trackingprotection.pbmode.enabled` + +#### Windows +``` +Software\Policies\Mozilla\Firefox\EnableTrackingProtection\Value = 0x1 | 0x0 +Software\Policies\Mozilla\Firefox\EnableTrackingProtection\Locked = 0x1 | 0x0 +``` +#### macOS +``` + + EnableTrackingProtection + + Value + | + + + | + + +``` +#### JSON +``` +{ + "policies": { + "EnableTrackingProtection": { + "Value": [true, false], + "Locked": [true, false] + } +} +``` +### Extensions +Control the installation, uninstallation and locking of extensions. + +`Install` is a list of URLs or native paths for extensions to be installed. + +`Uninstall` is a list of extension IDs that should be uninstalled if found. + +`Locked` is a list of extension IDs that the user cannot disable or uninstall. + +**Compatibility:** Firefox 60, Firefox ESR 60\ +**CCK2 Equivalent:** `addons`\ +**Preferences Affected:** N/A + +#### Windows +``` +Software\Policies\Mozilla\Firefox\Extensions\Install\1 = "https://addons.mozilla.org/firefox/downloads/somefile.xpi" +Software\Policies\Mozilla\Firefox\Extensions\Install\2 = "//path/to/xpi" +Software\Policies\Mozilla\Firefox\Extensions\Uninstall\1 = "bad_addon_id@mozilla.org" +Software\Policies\Mozilla\Firefox\Extensions\Locked\1 = "addon_id@mozilla.org" +``` +#### macOS +``` + + Extensions + + Install + + https://addons.mozilla.org/firefox/downloads/somefile.xpi + //path/to/xpi + + Uninstall + + bad_addon_id@mozilla.org + + Locked + + addon_id@mozilla.org + + + +``` +#### JSON + + +``` +{ + "policies": { + "Extensions": { + "Install": ["https://addons.mozilla.org/firefox/downloads/somefile.xpi", "//path/to/xpi"], + "Uninstall": ["bad_addon_id@mozilla.org"], + "Locked": ["addon_id@mozilla.org"] + } + } +} +``` +### ExtensionUpdate +Control extension updates. + +**Compatibility:** Firefox 67, Firefox ESR 60.7\ +**CCK2 Equivalent:** N/A\ +**Preferences Affected:** `extensions.update.enabled` + +#### Windows +``` +Software\Policies\Mozilla\Firefox\ExtensionUpdate = 0x1 | 0x0 +``` +#### macOS +``` + + ExtensionUpdate + | + +``` +#### JSON +``` +{ + "policies": { + "ExtensionUpdate": true | false + } +} +``` +### FlashPlugin +Configure the default Flash plugin policy as well as origins for which Flash is allowed. + +`Allow` is a list of origins where Flash are allowed. + +`Block` is a list of origins where Flash is not allowed. + +`Default` determines whether or not Flash is allowed by default. + +`Locked` prevents the user from changing Flash preferences. + +**Compatibility:** Firefox 60, Firefox ESR 60\ +**CCK2 Equivalent:** `permissions.plugin`\ +**Preferences Affected:** `plugin.state.flash` + +#### Windows +``` +Software\Policies\Mozilla\Firefox\FlashPlugin\Allow\1 = "https://example.org" +Software\Policies\Mozilla\Firefox\FlashPlugin\Block\1 = "https://example.edu" +Software\Policies\Mozilla\Firefox\FlashPlugin\Default = 0x1 | 0x0 +Software\Policies\Mozilla\Firefox\FlashPlugin\Locked = 0x1 | 0x0 +``` +#### macOS +``` + + FlashPlugin + + Allow + + http://example.org + + Block + + http://example.edu + + Default + | + Locked + | + + +``` +#### JSON +``` +{ + "policies": { + "FlashPlugin": { + "Allow": ["http://example.org/"], + "Block": ["http://example.edu/"], + "Default": true | false, + "Locked": true | false + } + } +} +``` +### HardwareAcceleration +Control hardware acceleration. + +**Compatibility:** Firefox 60, Firefox ESR 60\ +**CCK2 Equivalent:** N/A\ +**Preferences Affected:** `layers.acceleration.disabled` + +#### Windows +``` +Software\Policies\Mozilla\Firefox\HardwareAcceleration = 0x1 | 0x0 +``` +#### macOS +``` + + HardwareAcceleration + | + +``` +#### JSON +``` +{ + "policies": { + "HardwareAcceleration": true | false + } +} +``` +### Homepage +Configure the default homepage and how Firefox starts. + +`URL` is the default homepage. + +`Locked` prevents the user from changing homepage preferences. + +`Additional` allows for more than one homepage. + +`StartPage` is how Firefox starts. The choices are no homepage, the default homepage or the previous session. + +**Compatibility:** Firefox 60, Firefox ESR 60 (StartPage was added in Firefox 60, Firefox ESR 60.4)\ +**CCK2 Equivalent:** `homePage`,`lockHomePage`\ +**Preferences Affected:** `browser.startup.homepage`,`browser.startup.page` + +#### Windows +``` +Software\Policies\Mozilla\Firefox\Homepage\URL = "https://example.com" +Software\Policies\Mozilla\Firefox\Homepage\Locked = 0x1 | 0x0 +Software\Policies\Mozilla\Firefox\Homepage\Additional\1 = "https://example.org" +Software\Policies\Mozilla\Firefox\Homepage\Additional\2 = "https://example.edu" +Software\Policies\Mozilla\Firefox\Homepage\StartPage = "none" | "homepage" | "previous-session" +``` +#### macOS +``` + + Homepage + + URL + http://example.com + Locked + | + Additional + + http://example.org + http://example.edu + + StartPage + always | never | from-visited + + +``` +#### JSON +``` +{ + "policies": { + "Homepage": { + "URL": "http://example.com/", + "Locked": true | false, + "Additional": ["http://example.org/", + "http://example.edu/"], + "StartPage": "none" | "homepage" | "previous-session" + } + } +} +``` +### InstallAddonsPermission +Configure the default extension install policy as well as origins for extension installs are allowed. This policy does not override turning off all extension installs. + +`Allow` is a list of origins where extension installs are allowed. + +`Default` determines whether or not extension installs are allowed by default. + +**Compatibility:** Firefox 60, Firefox ESR 60\ +**CCK2 Equivalent:** `permissions.install`\ +**Preferences Affected:** `xpinstall.enabled` + +#### Windows +``` +Software\Policies\Mozilla\Firefox\InstallAddonsPermission\Allow\1 = "https://example.org" +Software\Policies\Mozilla\Firefox\InstallAddonsPermission\Allow\2 = "https://example.edu" +Software\Policies\Mozilla\Firefox\InstallAddonsPermission\Default = 0x1 | 0x0 +``` +#### macOS +``` + + InstallAddonsPermission + + Allow + + http://example.org + http://example.edu + + Default + | + + +``` +#### JSON +``` +{ + "policies": { + "InstallAddonsPermission": { + "Allow": ["http://example.org/", + "http://example.edu/"], + "Default": true | false + } + } +} +``` +### NoDefaultBookmarks +Disable the creation of default bookmarks. + +This policy is only effective if the user profile has not been created yet. + +**Compatibility:** Firefox 60, Firefox ESR 60\ +**CCK2 Equivalent:** `removeDefaultBookmarks`\ +**Preferences Affected:** N/A + +#### Windows +``` +Software\Policies\Mozilla\Firefox\NoDefaultBookmarks = 0x1 | 0x0 +``` +#### macOS +``` + + NoDefaultBookmarks + | + +``` +#### JSON +``` +{ + "policies": { + "NoDefaultBookmarks": true | false + } +} +``` +### NetworkPrediction +Enable or disable network prediction (DNS prefetching). + +**Compatibility:** Firefox 67, Firefox ESR 60.7\ +**CCK2 Equivalent:** N/A\ +**Preferences Affected:** `network.dns.disablePrefetch`,`network.dns.disablePrefetchFromHTTPS` + +#### Windows +``` +Software\Policies\Mozilla\Firefox\NetworkPrediction = 0x1 | 0x0 +``` +#### macOS +``` + + NetworkPrediction + | + +``` +#### JSON +``` +{ + "policies": { + "NetworkPrediction": true | false +} +``` +### OfferToSaveLogins +Control whether or not Firefox offers to save passwords. + +**Compatibility:** Firefox 60, Firefox ESR 60\ +**CCK2 Equivalent:** `dontRememberPasswords`\ +**Preferences Affected:** `signon.rememberSignons` + +#### Windows +``` +Software\Policies\Mozilla\Firefox\OfferToSaveLogins = 0x1 | 0x0 +``` +#### macOS +``` + + OfferToSaveLogins + | + +``` +#### JSON +``` +{ + "policies": { + "OfferToSaveLogins": true | false + } +} +``` +### OverrideFirstRunPage +Override the first run page. If the value is blank, no first run page is displayed. + +**Compatibility:** Firefox 60, Firefox ESR 60\ +**CCK2 Equivalent:** `welcomePage`,`noWelcomePage`\ +**Preferences Affected:** `startup.homepage_welcome_url` + +#### Windows +``` +Software\Policies\Mozilla\Firefox\OverrideFirstRunPage = "http://example.org" +``` +#### macOS +``` + + OverrideFirstRunPage + http://example.org + +``` +#### JSON +``` +{ + "policies": { + "OverrideFirstRunPage": ""http://example.org"" +} +``` +### OverridePostUpdatePage +Override the upgrade page. If the value is blank, no upgrade page is displayed. + +**Compatibility:** Firefox 60, Firefox ESR 60\ +**CCK2 Equivalent:** `upgradePage`,`noUpgradePage`\ +**Preferences Affected:** `startup.homepage_override_url` + +#### Windows +``` +Software\Policies\Mozilla\Firefox\OverridePostUpdatePage = "http://example.org" +``` +#### macOS +``` + + OverridePostUpdatePage + http://example.org + +``` +#### JSON +``` +{ + "policies": { + "OverridePostUpdatePage": ""http://example.org"" +} +``` +### Permissions +Set permissions associated with camera, microphone, location, and notifications + +`Allow` is a list of origins where the feature is allowed. + +`Block` is a list of origins where the feature is not allowed. + +`BlockNewRequests` determines whether or not new requests can be made for the feature. + +`Locked` prevents the user from changing preferences for the feature. + +**Compatibility:** Firefox 62, Firefox ESR 60.2\ +**CCK2 Equivalent:** N/A\ +**Preferences Affected:** `permissions.default.camera`,`permissions.default.microphone`,`permissions.default.geo`,`permissions.default.desktop-notification` + +#### Windows +``` +Software\Policies\Mozilla\Firefox\Permissions\Camera\Allow\1 = "https://example.org" +Software\Policies\Mozilla\Firefox\Permissions\Camera\Block\1 = "https://example.edu" +Software\Policies\Mozilla\Firefox\Permissions\Camera\BlockNewRequests = 0x1 | 0x0 +Software\Policies\Mozilla\Firefox\Permissions\Camera\Locked = 0x1 | 0x0 +Software\Policies\Mozilla\Firefox\Permissions\Microphone\Allow\1 = "https://example.org" +Software\Policies\Mozilla\Firefox\Permissions\Microphone\Block\1 = "https://example.edu" +Software\Policies\Mozilla\Firefox\Permissions\Microphone\BlockNewRequests = 0x1 | 0x0 +Software\Policies\Mozilla\Firefox\Permissions\Microphone\Locked = 0x1 | 0x0 +Software\Policies\Mozilla\Firefox\Permissions\Location\Allow\1 = "https://example.org" +Software\Policies\Mozilla\Firefox\Permissions\Location\Block\1 = "https://example.edu" +Software\Policies\Mozilla\Firefox\Permissions\Location\BlockNewRequests = 0x1 | 0x0 +Software\Policies\Mozilla\Firefox\Permissions\Location\Locked = 0x1 | 0x0 +Software\Policies\Mozilla\Firefox\Permissions\Notifications\Allow\1 = "https://example.org" +Software\Policies\Mozilla\Firefox\Permissions\Notifications\Block\1 = "https://example.edu" +Software\Policies\Mozilla\Firefox\Permissions\Notifications\BlockNewRequests = 0x1 | 0x0 +Software\Policies\Mozilla\Firefox\Permissions\Notifications\Locked = 0x1 | 0x0 +``` +#### macOS +``` + + Permissions + + Camera + + Allow + + https://example.org + + Block + + https://example.edu + + BlockNewRequests + + Locked + + + Microphone + + Allow + + https://example.org + + Block + + https://example.edu + + BlockNewRequests + + Locked + + + Location + + Allow + + https://example.org + + Block + + https://example.edu + + BlockNewRequests + + Locked + + + Notifications + + Allow + + https://example.org + + Block + + https://example.edu + + BlockNewRequests + + Locked + + + + +``` +#### JSON +``` +{ + "policies": { + "Permissions": { + "Camera": { + "Allow": ["https://example.org"], + "Block": ["https://example.edu"], + "BlockNewRequests": true | false, + "Locked": true | false + }, + "Microphone": { + "Allow": ["https://example.org"], + "Block": ["https://example.edu"], + "BlockNewRequests": true | false, + "Locked": true | false + }, + "Location": { + "Allow": ["https://example.org"], + "Block": ["https://example.edu"], + "BlockNewRequests": true | false, + "Locked": true | false + }, + "Notifications": { + "Allow": ["https://example.org"], + "Block": ["https://example.edu"], + "BlockNewRequests": true | false, + "Locked": true | false + } + } + } +} +``` +### PopupBlocking +Configure the default pop-up window policy as well as origins for which pop-up windows are allowed. + +`Allow` is a list of origins where popup-windows are allowed. + +`Default` determines whether or not pop-up windows are allowed by default. + +`Locked` prevents the user from changing pop-up preferences. + +**Compatibility:** Firefox 60, Firefox ESR 60\ +**CCK2 Equivalent:** `permissions.popup`\ +**Preferences Affected:** `dom.disable_open_during_load` + +#### Windows +``` +Software\Policies\Mozilla\Firefox\PopupBlocking\Allow\1 = "https://example.org" +Software\Policies\Mozilla\Firefox\PopupBlocking\Allow\2 = "https://example.edu" +Software\Policies\Mozilla\Firefox\PopupBlocking\Default = 0x1 | 0x0 +Software\Policies\Mozilla\Firefox\PopupBlocking\Locked = 0x1 | 0x0 +``` +#### macOS +``` + + PopupBlocking + + Allow + + http://example.org + http://example.edu + + Default + | + Locked + | + + +``` +#### JSON +``` +{ + "policies": { + "PopupBlocking": { + "Allow": ["http://example.org/", + "http://example.edu/"], + "Default": true | false, + "Locked": true | false + } + } +} +``` +### Proxy +Configugre proxy settings. These settings correspond to the connection settings in Firefox preferences. +To specify ports, append them to the hostnames with a colon (:). + +`Mode` is the proxy method being used. + +`Locked` is whether or not proxy settings can be changed. + +`HTTPProxy` is the HTTP proxy server. + +`UseHTTPProxyForAllProtocols` is whether or not the HTTP proxy should be used for all other proxies. + +`SSLProxy` is the SSL proxy server. + +`FTPProxy` is the FTP proxy server. + +`SOCKSProxy` is the SOCKS proxy server + +`SOCKSVersion` is the SOCKS version (4 or 5) + +`Passthrough` is list of hostnames or IP addresses that will not be proxied. Use `` to bypass proxying for all hostnames which do not contain periods. + +`AutoConfigURL` is a URL for proxy configuration (only used if Mode is autoConfig). + +`AutoLogin` means do not prompt for authentication if password is saved. + +`UseProxyForDNS` to use proxy DNS when using SOCKS v5. + +**Compatibility:** Firefoox 60, Firefox ESR 60\ +**CCK2 Equivalent:** `networkProxy*`\ +**Preferences Affected:** `network.proxy.type`,`network.proxy.autoconfig_url`,`network.proxy.socks_remote_dns`,`signon.autologin.proxy`,`network.proxy.socks_version`,`network.proxy.no_proxies_on`,`network.proxy.share_proxy_settings`,`network.proxy.http`,`network.proxy.http_port`,`network.proxy.ftp`,`network.proxy.ftp_port`,`network.proxy.ssl`,`network.proxy.ssl_port`,`network.proxy.socks`,`network.proxy.socks_port` + +#### Windows +``` +Software\Policies\Mozilla\Firefox\Proxy\Mode = "none", "system", "manual", "autoDetect", "autoConfig" +Software\Policies\Mozilla\Firefox\Proxy\Locked = 0x1 | 0x0 +Software\Policies\Mozilla\Firefox\=Proxy\HTTPProxy = https://httpproxy.example.com +Software\Policies\Mozilla\Firefox\Proxy\UseHTTPProxyForAllProtocols = 0x1 | 0x0 +Software\Policies\Mozilla\Firefox\Proxy\SSLProxy = https://sslproxy.example.com +Software\Policies\Mozilla\Firefox\Proxy\FTPProxy = https://ftpproxy.example.com +Software\Policies\Mozilla\Firefox\Proxy\SOCKSProxy = https://socksproxy.example.com +Software\Policies\Mozilla\Firefox\Proxy\SOCKSVersion = 0x4 | 0x5 +Software\Policies\Mozilla\Firefox\Proxy\Passthrough = +Software\Policies\Mozilla\Firefox\Proxy\AutoConfigURL = URL_TO_AUTOCONFIG +Software\Policies\Mozilla\Firefox\Proxy\AutoLogin = 0x1 | 0x0 +Software\Policies\Mozilla\Firefox\Proxy\UseProxyForDNS = 0x1 | 0x0 +``` +#### macOS +``` + + Proxy + + Mode + none | system | manual | autoDetect| autoConfig + Locked + | + HTTPProxy + https://httpproxy.example.com + UseHTTPProxyForAllProtocols + | + SSLProxy + https://sslproxy.example.com + FTPProxy + https://ftpproxy.example.com + SOCKSProxy + https://socksproxy.example.com + SOCKSVersion + 4 | 5 + Passthrough + <local>> + AutoConfigURL + URL_TO_AUTOCONFIG + AutoLogin + | + UseProxyForDNS + | + + +``` +### JSON +``` +{ + "policies": { + "Proxy": { + "Mode": "none", "system", "manual", "autoDetect", "autoConfig", + "Locked": [true, false], + "HTTPProxy": "hostname", + "UseHTTPProxyForAllProtocols": [true, false], + "SSLProxy": "hostname", + "FTPProxy": "hostname", + "SOCKSProxy": "hostname", + "SOCKSVersion": 4 | 5 + "Passthrough": "", + "AutoConfigURL": "URL_TO_AUTOCONFIG", + "AutoLogin": [true, false], + "UseProxyForDNS": [true, false] + } + } +} +``` +### RequestedLocales +Set the the list of requested locales for the application in order of preference. It will cause the corresponding language pack to become active. + +**Compatibility:** Firefox 64, Firefox ESR 60.4\ +**CCK2 Equivalent:** N/A\ +**Preferences Affected:** N/A +#### Windows +``` +Software\Policies\Mozilla\Firefox\RequestedLocales\1 = "de" +Software\Policies\Mozilla\Firefox\RequestedLocales\2 = "en-US" +``` +#### macOS +``` + + RequestedLocales + + de + en-US + + +``` +#### JSON +``` +{ + "policies": { + "RequestedLocales": ["de", "en-US"] + } +} +``` +### SanitizeOnShutdown +Clear all data on shutdown, including Browsing & Download History, Cookies, Active Logins, Cache, Form & Search History, Site Preferences and Offline Website Data. + +**Compatibility:** Firefox 60, Firefox ESR 60\ +**CCK2 Equivalent:** N/A\ +**Preferences Affected:** `privacy.sanitize.sanitizeOnShutdown,privacy.clearOnShutdown.cache,privacy.clearOnShutdown.cookies,privacy.clearOnShutdown.downloads,privacy.clearOnShutdown.formdata,privacy.clearOnShutdown.history,privacy.clearOnShutdown.sessions,privacy.clearOnShutdown.siteSettings,privacy.clearOnShutdown.offlineApps` +#### Windows +``` +Software\Policies\Mozilla\Firefox\SanitizeOnShutdown = 0x1 | 0x0 +``` +#### macOS +``` + + SanitizeOnShutdown + | + +``` +#### JSON +``` +{ + "policies": { + "SanitizeOnShutdown": true | false + } +} +``` +### SearchBar +Set whether or not search bar is displayed. + +**Compatibility:** Firefox 60, Firefox ESR 60\ +**CCK2 Equivalent:** `showSearchBar`\ +**Preferences Affected:** N/A + +#### Windows +``` +Software\Policies\Mozilla\Firefox\SearchBar = "unified" | "separate" +``` +#### macOS +``` + + SearchBar + unified | separate + +``` + +#### JSON +``` +{ + "policies": { + "SearchBar": "unified" | "separate" + } +} +``` + + + + + +### SearchEngines (This policy is only available on the ESR.) + +### SearchEngines | Default + +Set the default search engine. This policy is only available on the ESR. + +**Compatibility:** Firefox ESR 60\ +**CCK2 Equivalent:** `defaultSearchEngine`\ +**Preferences Affected:** N/A + +### Windows +``` +Software\Policies\Mozilla\Firefox\SearchEngines\Default = NAME_OF_SEARCH_ENGINE +``` +#### macOS +``` + + SearchEngines + + Default + NAME_OF_SEARCH_ENGINE + + +``` +### JSON +``` +{ + "policies": { + "SearchEngines": { + "Default": "NAME_OF_SEARCH_ENGINE" + } + } +} +``` +### SearchEngines | PreventInstalls + +Prevent installing search engines from webpages. + +**Compatibility:** Firefox ESR 60\ +**CCK2 Equivalent:** `disableSearchEngineInstall`\ +**Preferences Affected:** N/A + +### Windows +``` +Software\Policies\Mozilla\Firefox\SearchEngines\PreventInstalls = 0x1 | 0x0 +``` +#### macOS +``` + + SearchEngines + + PreventInstalls + | + + +``` +### JSON +``` +{ + "policies": { + "SearchEngines": { + "PreventInstalls": true | false + } + } +} +``` +### SearchEngines | Remove + +Hide built-in search engines. This policy is only available on the ESR. + +**Compatibility:** Firefox ESR 60.2\ +**CCK2 Equivalent:** `removeDefaultSearchEngines` (removed all built-in engines)\ +**Preferences Affected:** N/A + +### Windows +``` +Software\Policies\Mozilla\Firefox\SearchEngines\Remove\1 = NAME_OF_SEARCH_ENGINE +``` +#### macOS +``` + + SearchEngines + + Remove + + NAME_OF_SEARCH_ENGINE + + + +``` +### JSON +``` +{ + "policies": { + "SearchEngines": { + "Remove": ["NAME_OF_SEARCH_ENGINE"] + } + } +} +``` +### SearchEngines | Add + +Adddd new search engines (up to five). This policy is only available on the ESR. `Name` and `URLTemplate` are required. + +`Name` is the name of the search engine. + +`URLTemplate` is the search URL with {searchTerms} to substitute for the search term. + +`Method` is either GET or POST + +`IconURL` is a URL for the icon to use. + +`Alias` is a keyword to use for the engine. + +`Description` is a description of the search engine. + +`SuggestURLTemplate` is a search suggestions URL with {searchTerms} to substitute for the search term. + +**Compatibility:** Firefox ESR 60\ +**CCK2 Equivalent:** `searchplugins`\ +**Preferences Affected:** N/A + +#### Windows +Software\Policies\Mozilla\Firefox\SearchEngines\Add\1\Name = "Example1" +Software\Policies\Mozilla\Firefox\SearchEngines\Add\1\URLTemplate = "https://www.example.org/q={searchTerms}" +Software\Policies\Mozilla\Firefox\SearchEngines\Add\1\Method = "GET" | "POST" +Software\Policies\Mozilla\Firefox\SearchEngines\Add\1\IconURL = "https://www.example.org/favicon.ico" +Software\Policies\Mozilla\Firefox\SearchEngines\Add\1\Alias = "example" +Software\Policies\Mozilla\Firefox\SearchEngines\Add\1\Description = "Example Description" +Software\Policies\Mozilla\Firefox\SearchEngines\Add\1\SuggestURLTemplate = "https://www.example.org/suggestions/q={searchTerms}" + +#### macOS +``` + + SearchEngines + + Add + + + Name + Example1 + URLTemplate + https://www.example.org/q={searchTerms} + Method + GET | POST + IconURL + https://www.example.org/favicon.ico + Alias + example + Description + Example Description + SuggestURLTemplate + https://www.example.org/suggestions/q={searchTerms} + + + + +``` +### JSON +``` +{ + "policies": { + "SearchEngines": { + "Add": [ + { + "Name": "Example1", + "URLTemplate": "https://www.example.org/q={searchTerms}", + "Method": "GET" | "POST", + "IconURL": "https://www.example.org/favicon.ico", + "Alias": "example", + "Description": "Description", + "SuggestURLTemplate": "https://www.example.org/suggestions/q={searchTerms}" + } + ] + } + } +} +``` +### SecurityDevices + +Install PKCS #11 modules. + +**Compatibility:** Firefox 64, Firefox ESR 60.4\ +**CCK2 Equivalent:** `certs.devices`\ +**Preferences Affected:** N/A + +#### Windows +``` +Software\Policies\Mozilla\Firefox\SecurityDevices\NAME_OF_DEVICE = PATH_TO_LIBRARY_FOR_DEVICE +``` +#### macOS +``` + + SecurityDevices + + NAME_OF_DEVICE + PATH_TO_LIBRARY_FOR_DEVICE + + +``` + +#### JSON +``` +{ + "policies": { + "SecurityDevices": { + "NAME_OF_DEVICE": "PATH_TO_LIBRARY_FOR_DEVICE" + } + } +} +``` +### SSLVersionMax + +Set and lock the maximum version of TLS. + +**Compatibility:** Firefox 66, Firefox ESR 60.6\ +**CCK2 Equivalent:** N/A\ +**Preferences Affected:** `security.tls.version.max` + +#### Windows +``` +Software\Policies\Mozilla\Firefox\SSLVersionMax = "tls1" | "tls1.1" | "tls1.2" | "tls1.3" +``` +#### macOS +``` + + SSLVersionMax + tls1 | tls1.1 | tls1.2 | tls1.3 + +``` + +#### JSON +``` +{ + "policies": { + "SSLVersionMax": "tls1" | "tls1.1" | "tls1.2" | "tls1.3" + } +} +``` +### SSLVersionMin + +Set and lock the minimum version of TLS. + +**Compatibility:** Firefox 66, Firefox ESR 60.6\ +**CCK2 Equivalent:** N/A\ +**Preferences Affected:** `security.tls.version.min` + +#### Windows +``` +Software\Policies\Mozilla\Firefox\SSLVersionMin = "tls1" | "tls1.1" | "tls1.2" | "tls1.3" +``` +#### macOS +``` + + SSLVersionMin + tls1 | tls1.1 | tls1.2 | tls1.3 + +``` + +#### JSON +``` +{ + "policies": { + "SSLVersionMin": "tls1" | "tls1.1" | "tls1.2" | "tls1.3" + } +} +``` +### WebsiteFilter +Block websites from being visited. The parameters take an array of Match Patterns, as documented in https://developer.mozilla.org/en-US/Add-ons/WebExtensions/Match_patterns. Only http/https addresses are supported at the moment. The arrays are limited to 1000 entries each. + +**Compatibility:** Firefox 60, Firefox ESR 60\ +**CCK2 Equivalent:** N/A\ +**Preferences Affected:** N/A + +#### Windows +``` +Software\Policies\Mozilla\Firefox\WebsiteFilters\Block\1 = "" +Software\Policies\Mozilla\Firefox\WebsiteFilters\Exceptions\1 = "http://example.org/*" +``` +#### macOS +``` + + WebsiteFilter + + Block + + + + Exceptions + + http://example.org/* + + + + +``` +### JSON +``` +{ + "policies": { + "WebsiteFilter": { + "Block": [""], + "Exceptions": ["http://example.org/*"] + } } } ```