X-Git-Url: https://git.p6c8.net/policy-templates.git/blobdiff_plain/97ad8d5b4807ae93b27b5ad63778664e1f9352e6..a7fc840571f46316bedad58c821c97c30f78eb94:/docs/index.md?ds=sidebyside diff --git a/docs/index.md b/docs/index.md index 8fd1d59..8f507c1 100644 --- a/docs/index.md +++ b/docs/index.md @@ -71,6 +71,7 @@ Unfortunately, JSON files do not support comments, but you can add extra entries | **[`ExtensionSettings`](#extensionsettings)** | Manage all aspects of extensions. | **[`ExtensionUpdate`](#extensionupdate)** | Control extension updates. | **[`FirefoxHome`](#firefoxhome)** | Customize the Firefox Home page. +| **[`FirefoxSuggest`](#firefoxsuggest)** | Customize Firefox Suggest. | **[`GoToIntranetSiteForSingleWordEntryInAddressBar`](#gotointranetsiteforsinglewordentryinaddressbar)** | Force direct intranet site navigation instead of searching when typing single word entries in the address bar. | **[`Handlers`](#handlers)** | Configure default application handlers. | **[`HardwareAcceleration`](#hardwareacceleration)** | Control hardware acceleration. @@ -97,6 +98,7 @@ Unfortunately, JSON files do not support comments, but you can add extra entries | **[`PopupBlocking`](#popupblocking)** | Configure the default pop-up window policy as well as origins for which pop-up windows are allowed. | **[`Preferences`](#preferences)** | Set and lock preferences. | **[`PrimaryPassword`](#primarypassword)** | Require or prevent using a primary (formerly master) password. +| **[`PrintingEnabled`](#printingenabled)** | Enable or disable printing. | **[`PromptForDownloadLocation`](#promptfordownloadlocation)** | Ask where to save each file before downloading. | **[`Proxy`](#proxy)** | Configure proxy settings. | **[`RequestedLocales`](#requestedlocales)** | Set the the list of requested locales for the application in order of preference. @@ -585,6 +587,8 @@ If set to false, the application will not try to install updates when the applic If you have disabled updates via `DisableAppUpdate` or disabled automatic updates via `AppAutoUpdate`, this policy has no effect. +If you are having trouble getting the background task to run, verify your configuration with the ["Requirements to run" section in this support document](https://support.mozilla.org/en-US/kb/enable-background-updates-firefox-windows). + **Compatibility:** Firefox 90 (Windows only)\ **CCK2 Equivalent:** N/A\ **Preferences Affected:** `app.update.background.enabled` @@ -1977,6 +1981,8 @@ Prevent the user from bypassing security in certain cases. `SafeBrowsing` prevents selecting "ignore the risk" and visiting a harmful site anyway. +These policies only affect what happens when an error is shown, they do not affect any settings in preferences. + **Compatibility:** Firefox 60, Firefox ESR 60\ **CCK2 Equivalent:** N/A\ **Preferences Affected:** `security.certerror.hideAddException`, `browser.safebrowsing.allowOverride` @@ -2255,7 +2261,9 @@ Configure DNS over HTTPS. `ExcludedDomains` excludes domains from DNS over HTTPS. -**Compatibility:** Firefox 63, Firefox ESR 68 (ExcludedDomains added in 75/68.7)\ +`Fallback` determines whether or not Firefox will use your default DNS resolver if there is a problem with the secure DNS provider. + +**Compatibility:** Firefox 63, Firefox ESR 68 (ExcludedDomains added in 75/68.7) (Fallback added in 124)\ **CCK2 Equivalent:** N/A\ **Preferences Affected:** `network.trr.mode`, `network.trr.uri` @@ -2265,6 +2273,7 @@ Software\Policies\Mozilla\Firefox\DNSOverHTTPS\Enabled = 0x1 | 0x0 Software\Policies\Mozilla\Firefox\DNSOverHTTPS\ProviderURL = "URL_TO_ALTERNATE_PROVIDER" Software\Policies\Mozilla\Firefox\DNSOverHTTPS\Locked = 0x1 | 0x0 Software\Policies\Mozilla\Firefox\DNSOverHTTPS\ExcludedDomains\1 = "example.com" +Software\Policies\Mozilla\Firefox\DNSOverHTTPS\Fallback = 0x1 | 0x0 ``` #### Windows (Intune) OMA-URI: @@ -2301,6 +2310,14 @@ Value (string): ``` +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~DNSOverHTTPS/DNSOverHTTPS_Fallback +``` +Value (string): +``` + or +``` #### macOS ``` @@ -2316,6 +2333,8 @@ Value (string): example.com + Fallback + | ``` @@ -2327,7 +2346,8 @@ Value (string): "Enabled": true | false, "ProviderURL": "URL_TO_ALTERNATE_PROVIDER", "Locked": true | false, - "ExcludedDomains": ["example.com"] + "ExcludedDomains": ["example.com"], + "Fallback": true | false, } } } @@ -2648,7 +2668,9 @@ Value (string): ### Extensions Control the installation, uninstallation and locking of extensions. -While this policy is not technically deprecated, it is recommended that you use the **[`ExtensionSettings`](#extensionsettings)** policy. It has the same functionality and adds more. It does not support native paths, though, so you'll have to use file:/// URLs. +We strongly recommend that you use the **[`ExtensionSettings`](#extensionsettings)** policy. It has the same functionality and adds more. It does not support native paths, though, so you'll have to use file:/// URLs. + +This method will be deprecated in the near future. `Install` is a list of URLs or native paths for extensions to be installed. @@ -2771,7 +2793,8 @@ Software\Policies\Mozilla\Firefox\ExtensionSettings (REG_MULTI_SZ) = "install_url": "https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi" }, "https-everywhere@eff.org": { - "installation_mode": "allowed" + "installation_mode": "allowed", + "updates_disabled": false } } ``` @@ -2796,7 +2819,8 @@ Value (string): "install_url": "https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi" }, "https-everywhere@eff.org": { - "installation_mode": "allowed" + "installation_mode": "allowed", + "updates_disabled": false } }'/> ``` @@ -2823,14 +2847,16 @@ Value (string): uBlock0@raymondhill.net installation_mode - force_installed + force_installed install_url https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi https-everywhere@eff.org installation_mode - allowed + allowed + updates_disabled + | @@ -2851,7 +2877,8 @@ Value (string): "install_url": "https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi" }, "https-everywhere@eff.org": { - "installation_mode": "allowed" + "installation_mode": "allowed", + "updates_disabled": false } } } @@ -2895,7 +2922,7 @@ Value (string): ### FirefoxHome Customize the Firefox Home page. -**Compatibility:** Firefox 68, Firefox ESR 68 (SponsoredTopSites and SponsoredPocket were added in Firefox 95, Firefox ESR 91.4) +**Compatibility:** Firefox 68, Firefox ESR 68 (SponsoredTopSites and SponsoredPocket were added in Firefox 95, Firefox ESR 91.4, Snippets was deprecated in Firefox 122) **CCK2 Equivalent:** N/A\ **Preferences Affected:** `browser.newtabpage.activity-stream.showSearch`, `browser.newtabpage.activity-stream.feeds.topsites`, `browser.newtabpage.activity-stream.feeds.section.highlights`, `browser.newtabpage.activity-stream.feeds.section.topstories`, `browser.newtabpage.activity-stream.feeds.snippets`, `browser.newtabpage.activity-stream.showSponsoredTopSites`, `browser.newtabpage.activity-stream.showSponsored` @@ -2968,6 +2995,82 @@ Value (string): } } ``` +### FirefoxSuggest +Customize Firefox Suggest (US only). + +**Compatibility:** Firefox 118, Firefox ESR 115.3. +**CCK2 Equivalent:** N/A\ +**Preferences Affected:** `browser.urlbar.suggest.quicksuggest.nonsponsored`, `browser.urlbar.suggest.quicksuggest.sponsored`, `browser.urlbar.quicksuggest.dataCollection.enabled` + +#### Windows (GPO) +``` +Software\Policies\Mozilla\Firefox\FirefoxSuggest\WebSuggestions = 0x1 | 0x0 +Software\Policies\Mozilla\Firefox\FirefoxSuggest\SponsoredSuggestions = 0x1 | 0x0 +Software\Policies\Mozilla\Firefox\FirefoxSuggest\ImproveSuggest = 0x1 | 0x0 +Software\Policies\Mozilla\Firefox\FirefoxSuggest\Locked = 0x1 | 0x0 +``` +#### Windows (Intune) +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~FirefoxSuggest/WebSuggestions +``` +Value (string): +``` + or +``` +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~FirefoxSuggest/SponsoredSuggestions +``` +Value (string): +``` + or +``` +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~FirefoxSuggest/ImproveSuggest +``` +Value (string): +``` + or +``` +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~FirefoxSuggest/Locked +``` +Value (string): +``` + or +``` +#### macOS +``` + + FirefoxSuggest + + WebSuggestions + | + SponsoredSuggestions + | + ImproveSuggest + | + Locked + | + + +``` +#### policies.json +``` +{ + "policies": { + "FirefoxSuggest": { + "WebSuggestions": true | false, + "SponsoredSuggestions": true | false, + "ImproveSuggest": true | false, + "Locked": true | false + } + } +} +``` ### GoToIntranetSiteForSingleWordEntryInAddressBar Whether to always go through the DNS server before sending a single word search string to a search engine. @@ -4049,7 +4152,7 @@ Note: DisableBuiltinPDFViewer has not been deprecated. You can either continue t **Compatibility:** Firefox 77, Firefox ESR 68.9\ **CCK2 Equivalent:** N/A\ -**Preferences Affected:** `pdfjs.diabled`, `pdfjs.enablePermissions` +**Preferences Affected:** `pdfjs.disabled`, `pdfjs.enablePermissions` #### Windows (GPO) ``` @@ -4501,7 +4604,8 @@ Previously you could only set and lock a subset of preferences. Starting with Fi Preferences that start with the following prefixes are supported: ``` accessibility. -app.update.* (Firefox 86, Firefox 78.8) +alerts.* (Firefox 122, Firefox ESR 115.7) +app.update.* (Firefox 86, Firefox ESR 78.8) browser. datareporting.policy. dom. @@ -4518,6 +4622,7 @@ media. network. pdfjs. (Firefox 84, Firefox ESR 78.6) places. +pref. print. signon. (Firefox 83, Firefox ESR 78.5) spellchecker. (Firefox 84, Firefox ESR 78.6) @@ -4525,6 +4630,7 @@ toolkit.legacyUserProfileCustomizations.stylesheets (Firefox 95, Firefox ESR 91. ui. widget. xpinstall.signatures.required (Firefox ESR 102.10, Firefox ESR only) +xpinstall.whitelist.required (Firefox 118, Firefox ESR 115.3) ``` as well as the following security preferences: @@ -4532,6 +4638,10 @@ as well as the following security preferences: | --- | --- | --- | | security.default_personal_cert | string | Ask Every Time |     If set to Select Automatically, Firefox automatically chooses the default personal certificate. +| security.disable_button.openCertManager | string | N/A +|     If set to true and locked, the View Certificates button in preferences is disabled (Firefox 121, Firefox ESR 115.6) +| security.disable_button.openDeviceManager | string | N/A +|     If set to true and locked, the Security Devices button in preferences is disabled (Firefox 121, Firefox ESR 115.6) | security.insecure_connection_text.enabled | bool | false |     If set to true, adds the words "Not Secure" for insecure sites. | security.insecure_connection_text.pbmode.enabled | bool | false @@ -4574,6 +4684,8 @@ Using the preference as the key, set the `Value` to the corresponding preference `"user"` preferences persist even if the policy is removed, so if you need to remove them, you should use the clear policy. +You can also set the `Type` starting in Firefox 123 and Firefox ESR 115.8. It can be `number`, `boolean` or `string`. This is especially useful if you are seeing 0 or 1 values being converted to booleans when set as user preferences. + See the examples below for more detail. IMPORTANT: Make sure you're only setting a particular preference using this mechanism and not some other way. @@ -4589,7 +4701,9 @@ Software\Policies\Mozilla\Firefox\Preferences (REG_MULTI_SZ) = { "accessibility.force_disabled": { "Value": 1, - "Status": "default" + "Status": "default", + "Type": "number" + }, "browser.cache.disk.parent_directory": { "Value": "SOME_NATIVE_PATH", @@ -4613,7 +4727,8 @@ Value (string): { "accessibility.force_disabled": { "Value": 1, - "Status": "default" + "Status": "default", + "Type": "number" }, "browser.cache.disk.parent_directory": { "Value": "SOME_NATIVE_PATH", @@ -4636,6 +4751,8 @@ Value (string): 1 Status default + Type + number browser.cache.disk.parent_directory @@ -4662,6 +4779,7 @@ Value (string): "accessibility.force_disabled": { "Value": 1, "Status": "default" + "Type": "number" }, "browser.cache.disk.parent_directory": { "Value": "SOME_NATIVE_PATH", @@ -4714,6 +4832,41 @@ Value (string): } } ``` +### PrintingEnabled +Enable or disable printing. + +**Compatibility:** Firefox 120, Firefox ESR 115.5\ +**CCK2 Equivalent:** N/A\ +**Preferences Affected:** `print.enabled` + +#### Windows (GPO) +``` +Software\Policies\Mozilla\Firefox\PrintingEnabled = 0x1 | 0x0 +``` +#### Windows (Intune) +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/PrintingEnabled +``` +Value (string): +``` + or +``` +#### macOS +``` + + PrintingEnabled + | + +``` +#### policies.json +``` +{ + "policies": { + "PrintingEnabled": true | false + } +} +``` ### PromptForDownloadLocation Ask where to save each file before downloading. @@ -4787,7 +4940,7 @@ Unless you lock this policy, changes the user already has in place will take eff ``` Software\Policies\Mozilla\Firefox\Proxy\Mode = "none" | "system" | "manual" | "autoDetect" | "autoConfig" Software\Policies\Mozilla\Firefox\Proxy\Locked = 0x1 | 0x0 -Software\Policies\Mozilla\Firefox\=Proxy\HTTPProxy = https://httpproxy.example.com +Software\Policies\Mozilla\Firefox\Proxy\HTTPProxy = https://httpproxy.example.com Software\Policies\Mozilla\Firefox\Proxy\UseHTTPProxyForAllProtocols = 0x1 | 0x0 Software\Policies\Mozilla\Firefox\Proxy\SSLProxy = https://sslproxy.example.com Software\Policies\Mozilla\Firefox\Proxy\FTPProxy = https://ftpproxy.example.com