X-Git-Url: https://git.p6c8.net/policy-templates.git/blobdiff_plain/3f086c8342be7dd2fd8b0aa5b905f79f63a8c8a5..f60e09be284c102db60d6b63e36e0f2a71bf6d1e:/README.md?ds=inline diff --git a/README.md b/README.md index 394406d..5791604 100644 --- a/README.md +++ b/README.md @@ -6,8 +6,9 @@ Policies can be specified using the Group Policy templates on Windows (https://g | Policy Name | Description | --- | --- | -| **[`AppUpdateURL`](#AppUpdateURL)** | Change the URL for application update. -| **[`Authentication`](#Authentication)** | Configure sites that support integrated authentication. +| **[`AppAutoUpdate`](#appautoupdate)** | Enable or disable automatic application update. +| **[`AppUpdateURL`](#appupdateurl)** | Change the URL for application update. +| **[`Authentication`](#authentication)** | Configure sites that support integrated authentication. | **[`BlockAboutAddons`](#blockaboutaddons)** | Block access to the Add-ons Manager (about:addons). | **[`BlockAboutConfig`](#blockaboutconfig)** | Block access to about:config. | **[`BlockAboutProfiles`](#blockaboutprofiles)** | Block access to About Profiles (about:profiles). @@ -22,6 +23,7 @@ Policies can be specified using the Group Policy templates on Windows (https://g | **[`DisableMasterPasswordCreation`](#disablemasterpasswordcreation)** | Remove the master password functionality. | **[`DisableAppUpdate`](#disableappupdate)** | Turn off application updates. | **[`DisableBuiltinPDFViewer`](#disablebuiltinpdfviewer)** | Disable the built in PDF viewer. +| **[`DisableDefaultBrowserAgent`](#disabledefaultbrowseragent)** | Prevent the default browser agent from taking any actions (Windows only). | **[`DisableDeveloperTools`](#disabledevelopertools)** | Remove access to all developer tools. | **[`DisableFeedbackCommands`](#disablefeedbackcommands)** | Disable the menus for reporting sites. | **[`DisableFirefoxScreenshots`](#disablefirefoxscreenshots)** | Remove access to Firefox Screenshots. @@ -31,6 +33,7 @@ Policies can be specified using the Group Policy templates on Windows (https://g | **[`DisableFormHistory`](#disableformhistory)** | Turn off saving information on web forms and the search bar. | **[`DisablePocket`](#disablepocket)** | Remove Pocket in the Firefox UI. | **[`DisablePrivateBrowsing`](#disableprivatebrowsing)** | Remove access to private browsing. +| **[`DisablePasswordReveal`](#disablepasswordreveal)** | Do not allow passwords to be revealed in saved logins. | **[`DisableProfileImport`](#disableprofileimport)** | Disables the "Import data from another browser" option in the bookmarks window. | **[`DisableProfileRefresh`](#disableprofilerefresh)** | Disable the Refresh Firefox button on about:support and support.mozilla.org | **[`DisableSafeMode`](#disablesafemode)** | Disable safe mode within the browser. @@ -83,8 +86,42 @@ Policies can be specified using the Group Policy templates on Windows (https://g | **[`SSLVersionMax`](#sslversionmax)** | Set and lock the maximum version of TLS. | **[`SSLVersionMin`](#sslversionmin)** | Set and lock the minimum version of TLS. | **[`SupportMenu`](#supportmenu)** | Add a menuitem to the help menu for specifying support information. +| **[`UserMessaging`](#usermessaging)** | Don't show certain messages to the user. | **[`WebsiteFilter`](#websitefilter)** | Block websites from being visited. +### AppAutoUpdate + +Enable or disable **automatic** application update. + +If set to true, application updates are installed without user approval. + +If set to false, application updates are downloaded but the user can choose when to install the update. + +If you have disabled updates via DisableAppUpdate, this policy has no effect. + +**Compatibility:** Firefox 75, Firefox ESR 68.7\ +**CCK2 Equivalent:** N/A\ +**Preferences Affected:** app.update.auto + +#### Windows (GPO) +``` +Software\Policies\Mozilla\Firefox\AppAutoUpdate = 0x1 | 0x0 +``` +#### macOS +``` + + AppAutoUpdate + | + +``` +#### policies.json +``` +{ + "policies": { + "AppAutoUpdate": true | false + } +} +``` ### AppUpdateURL Change the URL for application update. @@ -653,6 +690,26 @@ Software\Policies\Mozilla\Firefox\DisableBuiltinPDFViewer = 0x1 | 0x0 } } ``` +### DisableDefaultBrowserAgent +Prevent the default browser agent from taking any actions. Only applicable to Windows; other platforms don’t have the agent. + +**Compatibility:** Firefox 75, Firefox ESR 68.7 (Windows only)\ +**CCK2 Equivalent:** N/A\ +**Preferences Affected:** N/A + +#### Windows (GPO) +``` +Software\Policies\Mozilla\Firefox\DisableDefaultBrowserAgent = 0x1 | 0x0 +``` + +#### policies.json +``` +{ + "policies": { + "DisableDefaultBrowserAgent": true | false + } +} +``` ### DisableDeveloperTools Remove access to all developer tools. @@ -1182,7 +1239,9 @@ Configure DNS over HTTPS. `Locked` prevents the user from changing DNS over HTTPS preferences. -**Compatibility:** Firefox 63, Firefox ESR 68\ +`ExcludedDomains` excludes domains from DNS over HTTPS. + +**Compatibility:** Firefox 63, Firefox ESR 68 (ExcludedDomains added in 75/68.7)\ **CCK2 Equivalent:** N/A\ **Preferences Affected:** `network.trr.mode`,`network.trr.uri` @@ -1191,6 +1250,7 @@ Configure DNS over HTTPS. Software\Policies\Mozilla\Firefox\DNSOverHTTPS\Enabled = 0x1 | 0x0 Software\Policies\Mozilla\Firefox\DNSOverHTTPS\ProviderURL = "URL_TO_ALTERNATE_PROVIDER" Software\Policies\Mozilla\Firefox\DNSOverHTTPS\Locked = 0x1 | 0x0 +Software\Policies\Mozilla\Firefox\DNSOverHTTPS\ExcludedDomains\1 = "example.com" ``` #### macOS ``` @@ -1203,6 +1263,10 @@ Software\Policies\Mozilla\Firefox\DNSOverHTTPS\Locked = 0x1 | 0x0 URL_TO_ALTERNATE_PROVIDER Locked | + ExcludedDomains + + example.com + ``` @@ -1213,7 +1277,8 @@ Software\Policies\Mozilla\Firefox\DNSOverHTTPS\Locked = 0x1 | 0x0 "DNSOverHTTPS": { "Enabled": true | false, "ProviderURL": "URL_TO_ALTERNATE_PROVIDER", - "Locked": true | false + "Locked": true | false, + "ExcludedDomains": ["example.com"] } } } @@ -2042,7 +2107,7 @@ Software\Policies\Mozilla\Firefox\PasswordManagerEnabled = 0x1 | 0x0 } ``` ### Permissions -Set permissions associated with camera, microphone, location, and notifications. Because these are origins, not domains, entries with unique ports must be specified separately. See examples below. +Set permissions associated with camera, microphone, location, notifications, and autoplay. Because these are origins, not domains, entries with unique ports must be specified separately. See examples below. `Allow` is a list of origins where the feature is allowed. @@ -2052,7 +2117,7 @@ Set permissions associated with camera, microphone, location, and notifications. `Locked` prevents the user from changing preferences for the feature. -**Compatibility:** Firefox 62, Firefox ESR 60.2\ +**Compatibility:** Firefox 62, Firefox ESR 60.2 (Autoplay added in Firefox 74, Firefox ESR 68.6\ **CCK2 Equivalent:** N/A\ **Preferences Affected:** `permissions.default.camera`,`permissions.default.microphone`,`permissions.default.geo`,`permissions.default.desktop-notification` @@ -2075,6 +2140,8 @@ Software\Policies\Mozilla\Firefox\Permissions\Notifications\Allow\1 = "https://e Software\Policies\Mozilla\Firefox\Permissions\Notifications\Block\1 = "https://example.edu" Software\Policies\Mozilla\Firefox\Permissions\Notifications\BlockNewRequests = 0x1 | 0x0 Software\Policies\Mozilla\Firefox\Permissions\Notifications\Locked = 0x1 | 0x0 +Software\Policies\Mozilla\Firefox\Permissions\Autoplay\Allow\1 = "https://example.org" +Software\Policies\Mozilla\Firefox\Permissions\Autoplay\Block\1 = "https://example.edu" ``` #### macOS ``` @@ -2142,6 +2209,17 @@ Software\Policies\Mozilla\Firefox\Permissions\Notifications\Locked = 0x1 | 0x0 Locked + Autoplay + + Allow + + https://example.org + + Block + + https://example.edu + + ``` @@ -2173,6 +2251,10 @@ Software\Policies\Mozilla\Firefox\Permissions\Notifications\Locked = 0x1 | 0x0 "Block": ["https://example.edu"], "BlockNewRequests": true | false, "Locked": true | false + }, + "Autoplay": { + "Allow": ["https://example.org"], + "Block": ["https://example.edu"] } } } @@ -2239,7 +2321,7 @@ Set and lock certain preferences. | --- | --- | --- | --- | accessibility.force_disabled | integer | Firefox 70, Firefox ESR 68.2 | 0 |     If set to 1, platform accessibility is disabled. -| app.update.auto | boolean | Firefox 68, Firefox ESR 68 | true +| app.update.auto (Deprecated - Switch to AppAutoUpdate policy) | boolean | Firefox 68, Firefox ESR 68 | true |     If false, Firefox doesn't automatically install update. | browser.bookmarks.autoExportHTML | boolean | Firefox 70, Firefox ESR 68.2 | false |     If true, bookmarks are exported on shutdown. @@ -2541,6 +2623,8 @@ or } } ``` + + ### SanitizeOnShutdown (Selective) Clear data on shutdown. Choose from Cache, Cookies, Download History, Form & Search History, Browsing History, Active Logins, Site Preferences and Offline Website Data. @@ -2657,10 +2741,7 @@ Software\Policies\Mozilla\Firefox\SearchBar = "unified" | "separate" } } ``` - - - - + ### SearchEngines (This policy is only available on the ESR.) @@ -3003,6 +3084,58 @@ Software\Policies\Mozilla\Firefox\SupportMenu\AccessKey = "S" } } ``` +### UserMessaging + +Prevent installing search engines from webpages. + +`WhatsNew` Remove the "What's New" icon and menuitem. (Firefox 75 only) + +`ExtensionRecommendations` Don't recommend extensions. + +`FeatureRecommendations` Don't recommend browser features. + +`UrlbarInterventions` Don't offer Firefox specific suggestions in the URL bar. (Firefox 75 only) + +**Compatibility:** Firefox 75, Firefox ESR 68.7\ +**CCK2 Equivalent:** N/A\ +**Preferences Affected:** `browser.messaging-system.whatsNewPanel.enabled`,`browser.newtabpage.activity-stream.asrouter.userprefs.cfr.addons`,`browser.newtabpage.activity-stream.asrouter.userprefs.cfr.features` + +#### Windows (GPO) +``` +Software\Policies\Mozilla\Firefox\UserMessaging\WhatsNew = 0x1 | 0x0 +Software\Policies\Mozilla\Firefox\UserMessaging\ExtensionRecommendations = 0x1 | 0x0 +Software\Policies\Mozilla\Firefox\UserMessaging\FeatureRecommendations = 0x1 | 0x0 +Software\Policies\Mozilla\Firefox\UserMessaging\UrlbarInterventions = 0x1 | 0x0 +``` +#### macOS +``` + + UserMessaging + + WhatsNew + | + ExtensionRecommendations + | + FeatureRecommendations + | + UrlbarInterventions + | + + +``` +#### policies.json +``` +{ + "policies": { + "UserMessaging": { + "WhatsNew": true | false, + "ExtensionRecommendations": true | false, + "FeatureRecommendations": true | false, + "UrlbarInterventions": true | false + } + } +} +``` ### WebsiteFilter Block websites from being visited. The parameters take an array of Match Patterns, as documented in https://developer.mozilla.org/en-US/Add-ons/WebExtensions/Match_patterns. Only http/https addresses are supported at the moment. The arrays are limited to 1000 entries each. @@ -3012,8 +3145,8 @@ Block websites from being visited. The parameters take an array of Match Pattern #### Windows (GPO) ``` -Software\Policies\Mozilla\Firefox\WebsiteFilters\Block\1 = "" -Software\Policies\Mozilla\Firefox\WebsiteFilters\Exceptions\1 = "http://example.org/*" +Software\Policies\Mozilla\Firefox\WebsiteFilter\Block\1 = "" +Software\Policies\Mozilla\Firefox\WebsiteFilter\Exceptions\1 = "http://example.org/*" ``` #### macOS ```