X-Git-Url: https://git.p6c8.net/policy-templates.git/blobdiff_plain/83649c1a4f058ed4d9da2ae495a42876b3010e4b..9387163a9b1dd93500867fcb3b33598b6d559e89:/README.md diff --git a/README.md b/README.md index e315c11..23e5939 100644 --- a/README.md +++ b/README.md @@ -59,8 +59,10 @@ Policies can be specified using the Group Policy templates on Windows (https://g | **[`NewTabPage`](#newtabpage)** | Enable or disable the New Tab page. | **[`NoDefaultBookmarks`](#nodefaultbookmarks)** | Disable the creation of default bookmarks. | **[`OfferToSaveLogins`](#offertosavelogins)** | Control whether or not Firefox offers to save passwords. +| **[`OfferToSaveLoginsDefault`](#offertosaveloginsdefault)** | Set the default value for whether or not Firefox offers to save passwords. | **[`OverrideFirstRunPage`](#overridefirstrunpage)** | Override the first run page. | **[`OverridePostUpdatePage`](#overridepostupdatepage)** | Override the upgrade page. +| **[`PasswordManagerEnabled`](#passwordmanagerenabled)** | Remove (some) access to the password manager. | **[`Permissions`](#permissions)** | Set permissions associated with camera, microphone, location, and notifications. | **[`PopupBlocking`](#popupblocking)** | Configure the default pop-up window policy as well as origins for which pop-up windows are allowed. | **[`Preferences`](#preferences)** | Set and lock some preferences. @@ -115,9 +117,9 @@ Configure sites that support integrated authentication. See https://developer.mozilla.org/en-US/docs/Mozilla/Integrated_authentication for more information. -**Compatibility:** Firefox 60, Firefox ESR 60 (AllowNonFQDN added in 62/60.2)\ +**Compatibility:** Firefox 60, Firefox ESR 60 (AllowNonFQDN added in 62/60.2, AllowProxies added in 70/68.2)\ **CCK2 Equivalent:** N/A\ -**Preferences Affected:** `network.negotiate-auth.trusted-uris`, `network.negotiate-auth.delegation-uris`, `network.automatic-ntlm-auth.trusted-uris`, `network.automatic-ntlm-auth.allow-non-fqdn`, `network.negotiate-auth.allow-non-fqdn` +**Preferences Affected:** `network.negotiate-auth.trusted-uris`,`network.negotiate-auth.delegation-uris`,`network.automatic-ntlm-auth.trusted-uris`,`network.automatic-ntlm-auth.allow-non-fqdn`,`network.negotiate-auth.allow-non-fqdn`,`network.automatic-ntlm-auth.allow-proxies`,`network.negotiate-auth.allow-proxies` #### Windows ``` @@ -129,6 +131,8 @@ Software\Policies\Mozilla\Firefox\Authentication\NTLM\1 = "mydomain.com" Software\Policies\Mozilla\Firefox\Authentication\NTLM\2 = "https://myotherdomain.com" Software\Policies\Mozilla\Firefox\Authentication\AllowNonFQDN\SPNEGO = 0x1 | 0x0 Software\Policies\Mozilla\Firefox\Authentication\AllowNonFQDN\NTLM = 0x1 | 0x0 +Software\Policies\Mozilla\Firefox\Authentication\AllowProxies\SPNEGO = 0x1 | 0x0 +Software\Policies\Mozilla\Firefox\Authentication\AllowProxies\NTLM = 0x1 | 0x0 ``` #### macOS ``` @@ -157,6 +161,13 @@ Software\Policies\Mozilla\Firefox\Authentication\AllowNonFQDN\NTLM = 0x1 | 0x0 NTLM | + AllowProxies + + SPNEGO + | + NTLM + | + ``` @@ -171,6 +182,10 @@ Software\Policies\Mozilla\Firefox\Authentication\AllowNonFQDN\NTLM = 0x1 | 0x0 "AllowNonFQDN": { "SPNEGO": true | false, "NTLM": true | false + }, + "AllowProxies": { + "SPNEGO": true | false, + "NTLM": true | false } } } @@ -1240,14 +1255,20 @@ If `Value` is set to false, tracking protection is disabled and locked in both t If `Value` is set to true, tracking protection is enabled by default in both the regular browser and private browsing and the `Locked` value determines whether or not a user can change it. -**Compatibility:** Firefox 60, Firefox ESR 60\ +If `Cryptomining` is set to true, cryptomining scripts on websites are blocked. + +If `Fingerprinting` is set to true, fingerprinting scripts on websites are blocked. + +**Compatibility:** Firefox 60, Firefox ESR 60 (Cryptomining and Fingerprinting added in 70/68.2)\ **CCK2 Equivalent:** `dontCheckDefaultBrowser`\ -**Preferences Affected:** `privacy.trackingprotection.enabled`,`privacy.trackingprotection.pbmode.enabled` +**Preferences Affected:** `privacy.trackingprotection.enabled`,`privacy.trackingprotection.pbmode.enabled`,`privacy.trackingprotection.cryptomining.enabled`,`privacy.trackingprotection.fingerprinting.enabled` #### Windows ``` Software\Policies\Mozilla\Firefox\EnableTrackingProtection\Value = 0x1 | 0x0 Software\Policies\Mozilla\Firefox\EnableTrackingProtection\Locked = 0x1 | 0x0 +Software\Policies\Mozilla\Firefox\EnableTrackingProtection\Cryptomining = 0x1 | 0x0 +Software\Policies\Mozilla\Firefox\EnableTrackingProtection\Fingerprinting = 0x1 | 0x0 ``` #### macOS ``` @@ -1256,9 +1277,12 @@ Software\Policies\Mozilla\Firefox\EnableTrackingProtection\Locked = 0x1 | 0x0 Value | - | + + | + + | ``` @@ -1268,7 +1292,9 @@ Software\Policies\Mozilla\Firefox\EnableTrackingProtection\Locked = 0x1 | 0x0 "policies": { "EnableTrackingProtection": { "Value": [true, false], - "Locked": [true, false] + "Locked": [true, false], + "Cryptomining": [true, false], + "Fingerprinting": [true, false] } } ``` @@ -1357,7 +1383,7 @@ The configuration for each extension is another dictionary that can contain the |         `blocked`| Blocks installation of the extension and removes it from the device if already installed. |         `force_installed`| The extension is automatically installed and can't be removed by the user. This option is not valid for the default configuration and requires an install_url. |         `normal_installed`| The extension is automatically installed but can be disabled by the user. This option is not valid for the default configuration and requires an install_url. -| `install_url`| Maps to a URL indicating where Firefox can download a force_installed or normal_installed extension. If installing from the addons.mozilla.org, use the following URL (substituting SHORT_NAME from the URL on AMO), https://addons.mozilla.org/firefox/downloads/latest/SHORT_NAME/latest.xpi. If installing frmo the local file system, use a file:/// URL. +| `install_url`| Maps to a URL indicating where Firefox can download a force_installed or normal_installed extension. If installing from the addons.mozilla.org, use the following URL (substituting SHORT_NAME from the URL on AMO), https://addons.mozilla.org/firefox/downloads/latest/SHORT_NAME/latest.xpi. If installing from the local file system, use a file:/// URL. Languages packs are available from https://releases.mozilla.org/pub/firefox/releases/VERSION/PLATFORM/xpi/LANGUAGE.xpi. | `install_sources` | Each item in this list is an extension-style match pattern. Users will be able to easily install items from any URL that matches an item in this list. Both the location of the *.xpi file and the page where the download is started from (i.e. the referrer) must be allowed by these patterns. This setting can be used only for the default configuration. | `allowed_types` | This setting whitelists the allowed types of extension/apps that can be installed in Firefox. The value is a list of strings, each of which should be one of the following: "extension", "theme", "dictionary", "langpack" This setting can be used only for the default configuration. | `blocked_install_message` | This maps to a string specifying the error message to display to users if they're blocked from installing an extension. This setting allows you to append text to the generic error message displayed when the extension is blocked. This could be be used to direct users to your help desk, explain why a particular extension is blocked, or something else. @@ -1824,6 +1850,32 @@ Software\Policies\Mozilla\Firefox\OfferToSaveLogins = 0x1 | 0x0 } } ``` +### OfferToSaveLoginsDefault +Sets the default value of signon.rememberSignons without locking it. + +**Compatibility:** Firefox 70, Firefox ESR 60.2\ +**CCK2 Equivalent:** `dontRememberPasswords`\ +**Preferences Affected:** `signon.rememberSignons` + +#### Windows +``` +Software\Policies\Mozilla\Firefox\OfferToSaveLoginsDefault = 0x1 | 0x0 +``` +#### macOS +``` + + OfferToSaveLoginsDefault + | + +``` +#### JSON +``` +{ + "policies": { + "OfferToSaveLoginsDefault": true | false + } +} +``` ### OverrideFirstRunPage Override the first run page. If the value is blank, no first run page is displayed. @@ -1874,6 +1926,32 @@ Software\Policies\Mozilla\Firefox\OverridePostUpdatePage = "http://example.org" "OverridePostUpdatePage": "http://example.org" } ``` +### PasswordManagerEnabled +Remove access to the password manager via preferences and blocks about:logins on Firefox 70. + +**Compatibility:** Firefox 70, Firefox ESR 60.2\ +**CCK2 Equivalent:** N/A\ +**Preferences Affected:** `prefs.privacy.disable_button.view_passwords` + +#### Windows +``` +Software\Policies\Mozilla\Firefox\PasswordManagerEnabled = 0x1 | 0x0 +``` +#### macOS +``` + + PasswordManagerEnabled + | + +``` +#### JSON +``` +{ + "policies": { + "PasswordManagerEnabled": true | false + } +} +``` ### Permissions Set permissions associated with camera, microphone, location, and notifications @@ -2075,9 +2153,9 @@ Set and lock certain preferences. | browser.bookmarks.autoExportHTML | boolean | Firefox 70, Firefox ESR 6.2 | false |     If true, bookmarks are exported on shutdown. | browser.bookmarks.file | string | Firefox 70, Firefox ESR 6.2 | N/A -|      +|     If set, the name of the file where bookmarks are exported and imported. | browser.bookmarks.restore_default_bookmarks | string | Firefox 70, Firefox ESR 6.2 | N/A -|     If true, bookmarks are restored from the profile at startup. +|     If true, bookmarks are restored to their defaults. | browser.cache.disk.enable | boolean | Firefox 68, Firefox ESR 68 | true |     If false, don't store cache on the hard drive. | browser.cache.disk.parent_directory | string | Firefox 68, Firefox ESR 68 | Profile temporary directory @@ -2085,7 +2163,7 @@ Set and lock certain preferences. | browser.fixup.dns_first_for_single_words | boolean | Firefox 68, Firefox ESR 68 | false |     If true, single words are sent to DNS, not directly to search. | browser.places.importBookmarksHTML | string | Firefox 70, Firefox ESR 6.2 -|      +|     If true, bookmarks are always imported on startup. | browser.safebrowsing.phishing.enabled | string | Firefox 70, Firefox ESR 6.2 | true |     If false, phishing protection is not enabled (Not recommended) | browser.safebrowsing.malware.enabled | string | Firefox 70, Firefox ESR 6.2 | true