X-Git-Url: https://git.p6c8.net/policy-templates.git/blobdiff_plain/9d157baef353ef8292667af13158dc0715a0a64d..1e807d951a24daa38d4ccd4d4c7b03a4c3f8a5db:/README.md
diff --git a/README.md b/README.md
index 91ce04b..e8af2a7 100644
--- a/README.md
+++ b/README.md
@@ -1,7 +1,3 @@
-**These policies are in active development and so might contain changes that do not work with current versions of Firefox.**
-
-**You should use the [officially released versions](https://github.com/mozilla/policy-templates/releases) if you are deploying changes.**
-
Policies can be specified using the [Group Policy templates on Windows](https://github.com/mozilla/policy-templates/tree/master/windows), [Intune on Windows](https://support.mozilla.org/kb/managing-firefox-intune), [configuration profiles on macOS](https://github.com/mozilla/policy-templates/tree/master/mac), or by creating a file called `policies.json`. On Windows, create a directory called `distribution` where the EXE is located and place the file there. On Mac, the file goes into `Firefox.app/Contents/Resources/distribution`. On Linux, the file goes into `firefox/distribution`, where `firefox` is the installation directory for firefox, which varies by distribution or you can specify system-wide policy by placing the file in `/etc/firefox/policies`.
| Policy Name | Description
@@ -23,14 +19,15 @@ Policies can be specified using the [Group Policy templates on Windows](https://
| **[`Certificates -> ImportEnterpriseRoots`](#certificates--importenterpriseroots)** | Trust certificates that have been added to the operating system certificate store by a user or administrator.
| **[`Certificates -> Install`](#certificates--install)** | Install certificates into the Firefox certificate store.
| **[`Cookies`](#cookies)** | Configure cookie preferences.
+| **[`DefaultDownloadDirectory`](#defaultdownloaddirectory)** | Set the default download directory.
| **[`DisableAppUpdate`](#disableappupdate)** | Turn off application updates.
| **[`DisableBuiltinPDFViewer`](#disablebuiltinpdfviewer)** | Disable the built in PDF viewer.
| **[`DisabledCiphers`](#disabledciphers)** | Disable ciphers.
| **[`DisableDefaultBrowserAgent`](#disabledefaultbrowseragent)** | Prevent the default browser agent from taking any actions (Windows only).
| **[`DisableDeveloperTools`](#disabledevelopertools)** | Remove access to all developer tools.
| **[`DisableFeedbackCommands`](#disablefeedbackcommands)** | Disable the menus for reporting sites.
-| **[`DisableFirefoxScreenshots`](#disablefirefoxscreenshots)** | Remove access to Firefox Screenshots.
| **[`DisableFirefoxAccounts`](#disablefirefoxaccounts)** | Disable Firefox Accounts integration (Sync).
+| **[`DisableFirefoxScreenshots`](#disablefirefoxscreenshots)** | Remove access to Firefox Screenshots.
| **[`DisableFirefoxStudies`](#disablefirefoxstudies)** | Disable Firefox studies (Shield).
| **[`DisableForgetButton`](#disableforgetbutton)** | Disable the "Forget" button.
| **[`DisableFormHistory`](#disableformhistory)** | Turn off saving information on web forms and the search bar.
@@ -46,11 +43,10 @@ Policies can be specified using the [Group Policy templates on Windows](https://
| **[`DisableSystemAddonUpdate`](#disablesystemaddonupdate)** | Prevent system add-ons from being installed or update.
| **[`DisableTelemetry`](#disabletelemetry)** | DisableTelemetry
| **[`DisplayBookmarksToolbar`](#displaybookmarkstoolbar)** | Set the initial state of the bookmarks toolbar.
-| **[`DisplayMenuBar (Deprecated)`](#displaymenubar-deprecated)** | Set the initial state of the menubar.
| **[`DisplayMenuBar`](#displaymenubar)** | Set the state of the menubar.
+| **[`DisplayMenuBar (Deprecated)`](#displaymenubar-deprecated)** | Set the initial state of the menubar.
| **[`DNSOverHTTPS`](#dnsoverhttps)** | Configure DNS over HTTPS.
| **[`DontCheckDefaultBrowser`](#dontcheckdefaultbrowser)** | Don't check if Firefox is the default browser at startup.
-| **[`DefaultDownloadDirectory`](#defaultdownloaddirectory)** | Set the default download directory.
| **[`DownloadDirectory`](#downloaddirectory)** | Set and lock the download directory.
| **[`EnableTrackingProtection`](#enabletrackingprotection)** | Configure tracking protection.
| **[`EncryptedMediaExtensions`](#encryptedmediaextensions)** | Enable or disable Encrypted Media Extensions and optionally lock it.
@@ -58,17 +54,16 @@ Policies can be specified using the [Group Policy templates on Windows](https://
| **[`Extensions`](#extensions)** | Control the installation, uninstallation and locking of extensions.
| **[`ExtensionSettings`](#extensionsettings)** | Manage all aspects of extensions.
| **[`ExtensionUpdate`](#extensionupdate)** | Control extension updates.
-| **[`FlashPlugin`](#flashplugin)** | Configure the default Flash plugin policy as well as origins for which Flash is allowed.
| **[`FirefoxHome`](#firefoxhome)** | Customize the Firefox Home page.
-| **[`HardwareAcceleration`](#hardwareacceleration)** | Control hardware acceleration.
+| **[`FlashPlugin`](#flashplugin)** | Configure the default Flash plugin policy as well as origins for which Flash is allowed.
| **[`Handlers`](#handlers)** | Configure default application handlers.
+| **[`HardwareAcceleration`](#hardwareacceleration)** | Control hardware acceleration.
| **[`Homepage`](#homepage)** | Configure the default homepage and how Firefox starts.
| **[`InstallAddonsPermission`](#installaddonspermission)** | Configure the default extension install policy as well as origins for extension installs are allowed.
| **[`LegacyProfiles`](#legacyprofiles)** | Disable the feature enforcing a separate profile for each installation.
| **[`LocalFileLinks`](#localfilelinks)** | Enable linking to local files by origin.
| **[`ManagedBookmarks`](#managedbookmarks)** | Configures a list of bookmarks managed by an administrator that cannot be changed by the user.
| **[`ManualAppUpdateOnly`](#manualappupdateonly)** | Allow manual updates only and do not notify the user about updates..
-| **[`PrimaryPassword`](#primarypassword)** | Require or prevent using a primary (formerly master) password.
| **[`NetworkPrediction`](#networkprediction)** | Enable or disable network prediction (DNS prefetching).
| **[`NewTabPage`](#newtabpage)** | Enable or disable the New Tab page.
| **[`NoDefaultBookmarks`](#nodefaultbookmarks)** | Disable the creation of default bookmarks.
@@ -83,6 +78,7 @@ Policies can be specified using the [Group Policy templates on Windows](https://
| **[`PopupBlocking`](#popupblocking)** | Configure the default pop-up window policy as well as origins for which pop-up windows are allowed.
| **[`Preferences`](#preferences)** | Set and lock preferences.
| **[`Preferences (Deprecated)`](#preferences-deprecated)** | Set and lock some preferences.
+| **[`PrimaryPassword`](#primarypassword)** | Require or prevent using a primary (formerly master) password.
| **[`PromptForDownloadLocation`](#promptfordownloadlocation)** | Ask where to save each file before downloading.
| **[`Proxy`](#proxy)** | Configure proxy settings.
| **[`RequestedLocales`](#requestedlocales)** | Set the the list of requested locales for the application in order of preference.
@@ -90,10 +86,10 @@ Policies can be specified using the [Group Policy templates on Windows](https://
| **[`SanitizeOnShutdown` (Selective)](#sanitizeonshutdown-selective)** | Clear data on shutdown.
| **[`SearchBar`](#searchbar)** | Set whether or not search bar is displayed.
| **[`SearchEngines`](#searchengines-this-policy-is-only-available-on-the-esr)** |
+| **[`SearchEngines -> Add`](#searchengines--add)** | Add new search engines.
| **[`SearchEngines -> Default`](#searchengines--default)** | Set the default search engine.
| **[`SearchEngines -> PreventInstalls`](#searchengines--preventinstalls)** | Prevent installing search engines from webpages.
| **[`SearchEngines -> Remove`](#searchengines--remove)** | Hide built-in search engines.
-| **[`SearchEngines -> Add`](#searchengines--add)** | Add new search engines.
| **[`SearchSuggestEnabled`](#searchsuggestenabled)** | Enable search suggestions.
| **[`SecurityDevices`](#securitydevices)** | Install PKCS #11 modules.
| **[`ShowHomeButton`](#showhomebutton)** | Show the home button on the toolbar.
@@ -108,86 +104,86 @@ Policies can be specified using the [Group Policy templates on Windows](https://
Allow WebExtensions to configure policy. For more information, see [Adding policy support to your extension](https://extensionworkshop.com/documentation/enterprise/adding-policy-support-to-your-extension/).
-### AppAutoUpdate
-
-Enable or disable **automatic** application update.
+### AllowedDomainsForApps
-If set to true, application updates are installed without user approval within Firefox. The operating system might still require approval.
+Define domains allowed to access Google Workspace.
-If set to false, application updates are downloaded but the user can choose when to install the update.
+This policy is based on the [Chrome policy](https://chromeenterprise.google/policies/#AllowedDomainsForApps) of the same name.
-If you have disabled updates via DisableAppUpdate, this policy has no effect.
+If this policy is enabled, users can only access Google Workspace using accounts from the specified domains. If you want to allow Gmail, you can add ```consumer_accounts``` to the list.
-**Compatibility:** Firefox 75, Firefox ESR 68.7\
+**Compatibility:** Firefox 89, Firefox ESR 78.11\
**CCK2 Equivalent:** N/A\
-**Preferences Affected:** `app.update.auto`
+**Preferences Affected:** N/A
#### Windows (GPO)
```
-Software\Policies\Mozilla\Firefox\AppAutoUpdate = 0x1 | 0x0
+Software\Policies\Mozilla\Firefox\AllowedDomainsForApps = "managedfirefox.com,example.com"
```
#### Windows (Intune)
OMA-URI:
```
-./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/AppAutoUpdate
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/AllowedDomainsForApps
```
Value (string):
```
- or
+
+
```
#### macOS
```
- AppAutoUpdate
- |
+ AllowedDomainsForApps
+ managedfirefox.com,example.com
```
#### policies.json
```
{
"policies": {
- "AppAutoUpdate": true | false
+ "AllowedDomainsForApps": "managedfirefox.com,example.com"
}
}
```
-### AllowedDomainsForApps
+### AppAutoUpdate
-Define domains allowed to access Google Workspace.
+Enable or disable **automatic** application update.
-This policy is based on the [Chrome policy](https://chromeenterprise.google/policies/#AllowedDomainsForApps) of the same name.
+If set to true, application updates are installed without user approval within Firefox. The operating system might still require approval.
-If this policy is enabled, users can only access Google Workspace using accounts from the specified domains. If you want to allow Gmail, you can add ```consumer_accounts``` to the list.
+If set to false, application updates are downloaded but the user can choose when to install the update.
-**Compatibility:** Firefox 89, Firefox ESR 78.11\
+If you have disabled updates via `DisableAppUpdate`, this policy has no effect.
+
+**Compatibility:** Firefox 75, Firefox ESR 68.7\
**CCK2 Equivalent:** N/A\
-**Preferences Affected:** N/A
+**Preferences Affected:** `app.update.auto`
#### Windows (GPO)
```
-Software\Policies\Mozilla\Firefox\AllowedDomainsForApps = "managedfirefox.com,example.com"
+Software\Policies\Mozilla\Firefox\AppAutoUpdate = 0x1 | 0x0
```
#### Windows (Intune)
OMA-URI:
```
-./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/AllowedDomainsForApps
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/AppAutoUpdate
```
Value (string):
```
-
-
+ or
```
#### macOS
```
- AllowedDomainsForApps
- managedfirefox.com,example.com
+ AppAutoUpdate
+ |
```
#### policies.json
```
{
"policies": {
- "AllowedDomainsForApps": "managedfirefox.com,example.com"
+ "AppAutoUpdate": true | false
}
}
```
@@ -232,7 +228,7 @@ Value (string):
Configure sites that support integrated authentication.
-See https://developer.mozilla.org/en-US/docs/Mozilla/Integrated_authentication for more information.
+See [Integrated authentication](https://htmlpreview.github.io/?https://github.com/mdn/archived-content/blob/main/files/en-us/mozilla/integrated_authentication/raw.html) for more information.
`PrivateBrowsing` enables integrated authentication in private browsing.
@@ -656,6 +652,8 @@ Note: [`ManagedBookmarks`](#managedbookmarks) is the new recommended way to add
Add bookmarks in either the bookmarks toolbar or menu. Only `Title` and `URL` are required. If `Placement` is not specified, the bookmark will be placed on the toolbar. If `Folder` is specified, it is automatically created and bookmarks with the same folder name are grouped together.
+If you want to clear all bookmarks set with this policy, you can set the value to an empty array (```[]```). This can be on Windows via the new Bookmarks (JSON) policy available with GPO and Intune.
+
**Compatibility:** Firefox 60, Firefox ESR 60\
**CCK2 Equivalent:** `bookmarks.toolbar`,`bookmarks.menu`\
**Preferences Affected:** N/A
@@ -667,6 +665,12 @@ Software\Policies\Mozilla\Firefox\Bookmarks\1\URL = "https://example.com"
Software\Policies\Mozilla\Firefox\Bookmarks\1\Favicon = "https://example.com/favicon.ico"
Software\Policies\Mozilla\Firefox\Bookmarks\1\Placement = "toolbar" | "menu"
Software\Policies\Mozilla\Firefox\Bookmarks\1\Folder = "FolderName"
+
+Software\Policies\Mozilla\Firefox\Bookmarks (REG_MULTI_SZ) =
+```
+[]
+```
+
```
#### Windows (Intune)
OMA-URI:
@@ -682,6 +686,15 @@ Value (string):
```
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/Bookmarks
+```
+Value (string):
+```
+
+
+```
#### macOS
```
@@ -874,19 +887,32 @@ Configure cookie preferences.
`Block` is a list of origins (not domains) where cookies are always blocked. You must include http or https.
-`Default` determines whether cookies are accepted at all.
+`Behavior` sets the default behavior for cookies based on the values below.
-`AcceptThirdParty` determines how third-party cookies are handled.
+`BehaviorPrivateBrowsing` sets the default behavior for cookies in private browsing based on the values below.
+
+| Value | Description
+| --- | ---
+| accept | Accept all cookies
+| reject-foreign | Reject third party cookies
+| reject | Reject all cookies
+| limit-foreign | Reject third party cookies for sites you haven't visited
+| reject-tracker | Reject cookies for known trackers (default)
+| reject-tracker-and-partition-foreign | Reject cookies for known trackers and partition third-party cookies (Total Cookie Protection) (default for private browsing)
+
+`Default` (Deprecated) determines whether cookies are accepted at all.
+
+`AcceptThirdParty` (Deprecated) determines how third-party cookies are handled.
`ExpireAtSessionEnd` determines when cookies expire.
-`RejectTracker` only rejects cookies for trackers.
+`RejectTracker` (Deprecated) only rejects cookies for trackers.
`Locked` prevents the user from changing cookie preferences.
-**Compatibility:** Firefox 60, Firefox ESR 60 (RejectTracker added in Firefox 63, AllowSession added in Firefox 79/78.1)\
+**Compatibility:** Firefox 60, Firefox ESR 60 (RejectTracker added in Firefox 63, AllowSession added in Firefox 79/78.1, Behavior added in Firefox 95/91.4)\
**CCK2 Equivalent:** N/A\
-**Preferences Affected:** `network.cookie.cookieBehavior`, `network.cookie.lifetimePolicy`
+**Preferences Affected:** `network.cookie.cookieBehavior`, `network.cookie.cookieBehavior.pbmode`, `network.cookie.lifetimePolicy`
#### Windows (GPO)
```
@@ -897,6 +923,8 @@ Software\Policies\Mozilla\Firefox\Cookies\Default = 0x1 | 0x0
Software\Policies\Mozilla\Firefox\Cookies\AcceptThirdParty = "always" | "never" | "from-visited"
Software\Policies\Mozilla\Firefox\Cookies\ExpireAtSessionEnd = 0x1 | 0x0
Software\Policies\Mozilla\Firefox\Cookies\RejectTracker = 0x1 | 0x0
+Software\Policies\Mozilla\Firefox\Cookies\Behavior = "accept" | "reject-foreign" | "reject" | "limit-foreign" | "reject-tracker" | "reject-tracker-and-partition-foreign"
+Software\Policies\Mozilla\Firefox\Cookies\BehaviorPrivateBrowsing = "accept" | "reject-foreign" | "reject" | "limit-foreign" | "reject-tracker" | "reject-tracker-and-partition-foreign"
Software\Policies\Mozilla\Firefox\Cookies\Locked = 0x1 | 0x0
```
#### Windows (Intune)
@@ -968,6 +996,24 @@ Value (string):
```
or
```
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Cookies/Cookies_Behavior
+```
+Value (string):
+```
+
+
+```
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Cookies/Cookies_BehaviorPrivateBrowsing
+```
+Value (string):
+```
+
+
+```
#### macOS
```
@@ -995,6 +1041,10 @@ Value (string):
|
Locked
|
+ Behavior
+ accept | reject-foreign | reject | limit-foreign | reject-tracker | reject-tracker-and-partition-foreign
+ BehaviorPrivateBrowsing
+ accept | reject-foreign | reject | limit-foreign | reject-tracker | reject-tracker-and-partition-foreign
```
@@ -1010,7 +1060,9 @@ Value (string):
"AcceptThirdParty": "always" | "never" | "from-visited",
"ExpireAtSessionEnd": true | false,
"RejectTracker": true | false,
- "Locked": true | false
+ "Locked": true | false,
+ "Behavior": "accept" | "reject-foreign" | "reject" | "limit-foreign" | "reject-tracker" | "reject-tracker-and-partition-foreign",
+ "BehaviorPrivateBrowsing": "accept" | "reject-foreign" | "reject" | "limit-foreign" | "reject-tracker" | "reject-tracker-and-partition-foreign",
}
}
}
@@ -1055,7 +1107,7 @@ Remove the master password functionality.
If this value is true, it works the same as setting [`PrimaryPassword`](#primarypassword) to false and removes the primary password functionality.
-If both DisableMasterPasswordCreation and PrimaryPassword are used, DisableMasterPasswordCreation takes precedent.
+If both `DisableMasterPasswordCreation` and `PrimaryPassword` are used, `DisableMasterPasswordCreation` takes precedent.
**Compatibility:** Firefox 60, Firefox ESR 60\
**CCK2 Equivalent:** `noMasterPassword`\
@@ -1089,6 +1141,50 @@ Value (string):
}
}
```
+### DefaultDownloadDirectory
+Set the default download directory.
+
+You can use ${home} for the native home directory.
+
+**Compatibility:** Firefox 68, Firefox ESR 68\
+**CCK2 Equivalent:** N/A\
+**Preferences Affected:** `browser.download.dir`, `browser.download.folderList`
+
+#### Windows (GPO)
+```
+Software\Policies\Mozilla\Firefox\DefaultDownloadDirectory = "${home}\Downloads"
+```
+#### Windows (Intune)
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DefaultDownloadDirectory
+```
+Value (string):
+```
+
+
+```
+#### macOS
+```
+
+ DefaultDownloadDirectory
+ ${home}/Downloads
+
+```
+#### policies.json (macOS and Linux)
+```
+{
+ "policies": {
+ "DefaultDownloadDirectory": "${home}/Downloads"
+}
+```
+#### policies.json (Windows)
+```
+{
+ "policies": {
+ "DefaultDownloadDirectory": "${home}\\Downloads"
+}
+```
### DisableAppUpdate
Turn off application updates within Firefox.
@@ -1357,21 +1453,21 @@ Value (string):
}
}
```
-### DisableFirefoxScreenshots
-Remove access to Firefox Screenshots.
+### DisableFirefoxAccounts
+Disable Firefox Accounts integration (Sync).
**Compatibility:** Firefox 60, Firefox ESR 60\
-**CCK2 Equivalent:** N/A\
-**Preferences Affected:** `extensions.screenshots.disabled`
+**CCK2 Equivalent:** `disableSync`\
+**Preferences Affected:** `identity.fxaccounts.enabled`
#### Windows (GPO)
```
-Software\Policies\Mozilla\Firefox\DisableFirefoxScreenshots = 0x1 | 0x0
+Software\Policies\Mozilla\Firefox\DisableFirefoxAccounts = 0x1 | 0x0
```
#### Windows (Intune)
OMA-URI:
```
-./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableFirefoxScreenshots
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableFirefoxAccounts
```
Value (string):
```
@@ -1380,7 +1476,7 @@ Value (string):
#### macOS
```
- DisableFirefoxScreenshots
+ DisableFirefoxAccounts
|
```
@@ -1388,25 +1484,25 @@ Value (string):
```
{
"policies": {
- "DisableFirefoxScreenshots": true | false
+ "DisableFirefoxAccounts": true | false
}
}
```
-### DisableFirefoxAccounts
-Disable Firefox Accounts integration (Sync).
+### DisableFirefoxScreenshots
+Remove access to Firefox Screenshots.
**Compatibility:** Firefox 60, Firefox ESR 60\
-**CCK2 Equivalent:** `disableSync`\
-**Preferences Affected:** `identity.fxaccounts.enabled`
+**CCK2 Equivalent:** N/A\
+**Preferences Affected:** `extensions.screenshots.disabled`
#### Windows (GPO)
```
-Software\Policies\Mozilla\Firefox\DisableFirefoxAccounts = 0x1 | 0x0
+Software\Policies\Mozilla\Firefox\DisableFirefoxScreenshots = 0x1 | 0x0
```
#### Windows (Intune)
OMA-URI:
```
-./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableFirefoxAccounts
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableFirefoxScreenshots
```
Value (string):
```
@@ -1415,7 +1511,7 @@ Value (string):
#### macOS
```
- DisableFirefoxAccounts
+ DisableFirefoxScreenshots
|
```
@@ -1423,7 +1519,7 @@ Value (string):
```
{
"policies": {
- "DisableFirefoxAccounts": true | false
+ "DisableFirefoxScreenshots": true | false
}
}
```
@@ -1910,32 +2006,6 @@ Value (string):
}
}
```
-### DisplayMenuBar (Deprecated)
-Set the initial state of the menubar. A user can still hide it and it will stay hidden.
-
-**Compatibility:** Firefox 60, Firefox ESR 60 (Windows, some Linux)\
-**CCK2 Equivalent:** `displayMenuBar`\
-**Preferences Affected:** N/A
-
-#### Windows (GPO)
-```
-Software\Policies\Mozilla\Firefox\DisplayMenuBar = 0x1 | 0x0
-```
-#### macOS
-```
-
- DisplayMenuBar
- |
-
-```
-#### policies.json
-```
-{
- "policies": {
- "DisplayMenuBar": true | false
- }
-}
-```
### DisplayMenuBar
Set the state of the menubar.
@@ -1980,6 +2050,32 @@ Value (string):
}
}
```
+### DisplayMenuBar (Deprecated)
+Set the initial state of the menubar. A user can still hide it and it will stay hidden.
+
+**Compatibility:** Firefox 60, Firefox ESR 60 (Windows, some Linux)\
+**CCK2 Equivalent:** `displayMenuBar`\
+**Preferences Affected:** N/A
+
+#### Windows (GPO)
+```
+Software\Policies\Mozilla\Firefox\DisplayMenuBar = 0x1 | 0x0
+```
+#### macOS
+```
+
+ DisplayMenuBar
+ |
+
+```
+#### policies.json
+```
+{
+ "policies": {
+ "DisplayMenuBar": true | false
+ }
+}
+```
### DNSOverHTTPS
Configure DNS over HTTPS.
@@ -2103,23 +2199,23 @@ Value (string):
}
}
```
-### DefaultDownloadDirectory
-Set the default download directory.
+### DownloadDirectory
+Set and lock the download directory.
You can use ${home} for the native home directory.
**Compatibility:** Firefox 68, Firefox ESR 68\
**CCK2 Equivalent:** N/A\
-**Preferences Affected:** `browser.download.dir`, `browser.download.folderList`
+**Preferences Affected:** `browser.download.dir`, `browser.download.folderList`, `browser.download.useDownloadDir`
#### Windows (GPO)
```
-Software\Policies\Mozilla\Firefox\DefaultDownloadDirectory = "${home}\Downloads"
+Software\Policies\Mozilla\Firefox\DownloadDirectory = "${home}\Downloads"
```
#### Windows (Intune)
OMA-URI:
```
-./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DefaultDownloadDirectory
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DownloadDirectory
```
Value (string):
```
@@ -2129,7 +2225,7 @@ Value (string):
#### macOS
```
- DefaultDownloadDirectory
+ DownloadDirectory
${home}/Downloads
```
@@ -2137,66 +2233,22 @@ Value (string):
```
{
"policies": {
- "DefaultDownloadDirectory": "${home}/Downloads"
+ "DownloadDirectory": "${home}/Downloads"
}
```
#### policies.json (Windows)
```
{
"policies": {
- "DefaultDownloadDirectory": "${home}\\Downloads"
+ "DownloadDirectory": "${home}\\Downloads"
}
```
-### DownloadDirectory
-Set and lock the download directory.
+### EnableTrackingProtection
+Configure tracking protection.
-You can use ${home} for the native home directory.
+If this policy is not configured, tracking protection is not enabled by default in the browser, but it is enabled by default in private browsing and the user can change it.
-**Compatibility:** Firefox 68, Firefox ESR 68\
-**CCK2 Equivalent:** N/A\
-**Preferences Affected:** `browser.download.dir`, `browser.download.folderList`, `browser.download.useDownloadDir`
-
-#### Windows (GPO)
-```
-Software\Policies\Mozilla\Firefox\DownloadDirectory = "${home}\Downloads"
-```
-#### Windows (Intune)
-OMA-URI:
-```
-./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DownloadDirectory
-```
-Value (string):
-```
-
-
-```
-#### macOS
-```
-
- DownloadDirectory
- ${home}/Downloads
-
-```
-#### policies.json (macOS and Linux)
-```
-{
- "policies": {
- "DownloadDirectory": "${home}/Downloads"
-}
-```
-#### policies.json (Windows)
-```
-{
- "policies": {
- "DownloadDirectory": "${home}\\Downloads"
-}
-```
-### EnableTrackingProtection
-Configure tracking protection.
-
-If this policy is not configured, tracking protection is not enabled by default in the browser, but it is enabled by default in private browsing and the user can change it.
-
-If `Value` is set to false, tracking protection is disabled and locked in both the regular browser and private browsing.
+If `Value` is set to false, tracking protection is disabled and locked in both the regular browser and private browsing.
If `Value` is set to true, tracking protection is enabled by default in both the regular browser and private browsing and the `Locked` value determines whether or not a user can change it.
@@ -2603,7 +2655,83 @@ Value (string):
}
}
```
-### FlashPlugin
+### FirefoxHome
+Customize the Firefox Home page.
+
+**Compatibility:** Firefox 68, Firefox ESR 68 (SponsoredTopSites and SponsoredPocket were added in Firefox 95, Firefox ESR 91.4)
+**CCK2 Equivalent:** N/A\
+**Preferences Affected:** `browser.newtabpage.activity-stream.showSearch`, `browser.newtabpage.activity-stream.feeds.topsites`, `browser.newtabpage.activity-stream.feeds.section.highlights`, `browser.newtabpage.activity-stream.feeds.section.topstories`, `browser.newtabpage.activity-stream.feeds.snippets`, `browser.newtabpage.activity-stream.showSponsoredTopSites`, `browser.newtabpage.activity-stream.showSponsored`
+
+#### Windows (GPO)
+```
+Software\Policies\Mozilla\Firefox\FirefoxHome\Search = 0x1 | 0x0
+Software\Policies\Mozilla\Firefox\FirefoxHome\TopSites = 0x1 | 0x0
+Software\Policies\Mozilla\Firefox\FirefoxHome\SponsoredTopSites = 0x1 | 0x0
+Software\Policies\Mozilla\Firefox\FirefoxHome\Highlights = 0x1 | 0x0
+Software\Policies\Mozilla\Firefox\FirefoxHome\Pocket = 0x1 | 0x0
+Software\Policies\Mozilla\Firefox\FirefoxHome\SponsoredPocket = 0x1 | 0x0
+Software\Policies\Mozilla\Firefox\FirefoxHome\Snippets = 0x1 | 0x0
+Software\Policies\Mozilla\Firefox\FirefoxHome\Locked = 0x1 | 0x0
+```
+#### Windows (Intune)
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/CustomizeFirefoxHome
+```
+Value (string):
+```
+
+
+
+
+
+
+
+
+
+```
+#### macOS
+```
+
+ FirefoxHome
+
+ Search
+ |
+ TopSites
+ |
+ SponsoredTopSites
+ |
+ Highlights
+ |
+ Pocket
+ |
+ SponsoredPocket
+ |
+ Snippets
+ |
+ Locked
+ |
+
+
+```
+#### policies.json
+```
+{
+ "policies": {
+ "FirefoxHome": {
+ "Search": true | false,
+ "TopSites": true | false,
+ "SponsoredTopSites": true | false,
+ "Highlights": true | false,
+ "Pocket": true | false,
+ "SponsoredPocket": true | false,
+ "Snippets": true | false,
+ "Locked": true | false
+ }
+ }
+}
+```
+### FlashPlugin (Deprecated)
Configure the default Flash plugin policy as well as origins for which Flash is allowed.
`Allow` is a list of origins where Flash are allowed.
@@ -2684,9 +2812,6 @@ Value (string):
}
}
```
-
-
-
### Handlers
Configure default application handlers. This policy is based on the internal format of `handlers.json`.
@@ -2869,72 +2994,6 @@ Value (string):
}
}
```
-### FirefoxHome
-Customize the Firefox Home page.
-
-**Compatibility:** Firefox 68, Firefox ESR 68\
-**CCK2 Equivalent:** N/A\
-**Preferences Affected:** `browser.newtabpage.activity-stream.showSearch`, `browser.newtabpage.activity-stream.feeds.topsites`, `browser.newtabpage.activity-stream.feeds.section.highlights`, `browser.newtabpage.activity-stream.feeds.section.topstories`, `browser.newtabpage.activity-stream.feeds.snippets`
-
-#### Windows (GPO)
-```
-Software\Policies\Mozilla\Firefox\FirefoxHome\Search = 0x1 | 0x0
-Software\Policies\Mozilla\Firefox\FirefoxHome\TopSites = 0x1 | 0x0
-Software\Policies\Mozilla\Firefox\FirefoxHome\Highlights = 0x1 | 0x0
-Software\Policies\Mozilla\Firefox\FirefoxHome\Pocket = 0x1 | 0x0
-Software\Policies\Mozilla\Firefox\FirefoxHome\Snippets = 0x1 | 0x0
-Software\Policies\Mozilla\Firefox\FirefoxHome\Locked = 0x1 | 0x0
-```
-#### Windows (Intune)
-OMA-URI:
-```
-./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/CustomizeFirefoxHome
-```
-Value (string):
-```
-
-
-
-
-
-
-
-```
-#### macOS
-```
-
- FirefoxHome
-
- Search
- |
- TopSites
- |
- Highlights
- |
- Pocket
- |
- Snippets
- |
- Locked
- |
-
-
-```
-#### policies.json
-```
-{
- "policies": {
- "FirefoxHome": {
- "Search": true | false,
- "TopSites": true | false,
- "Highlights": true | false,
- "Pocket": true | false,
- "Snippets": true | false,
- "Locked": true | false
- }
- }
-}
-```
### HardwareAcceleration
Control hardware acceleration.
@@ -3371,45 +3430,6 @@ This policy is primarily intended for advanced end users, not for enterprises.
}
}
```
-### PrimaryPassword
-Require or prevent using a primary (formerly master) password.
-
-If this value is true, a primary password is required. If this value is false, it works the same as if [`DisableMasterPasswordCreation`](#disablemasterpasswordcreation) was true and removes the primary password functionality.
-
-If both DisableMasterPasswordCreation and PrimaryPassword are used, DisableMasterPasswordCreation takes precedent.
-
-**Compatibility:** Firefox 79, Firefox ESR 78.1\
-**CCK2 Equivalent:** `noMasterPassword`\
-**Preferences Affected:** N/A
-
-#### Windows (GPO)
-```
-Software\Policies\Mozilla\Firefox\PrimaryPassword = 0x1 | 0x0
-```
-#### Windows (Intune)
-OMA-URI:
-```
-./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/PrimaryPassword
-```
-Value (string):
-```
- or
-```
-#### macOS
-```
-
- PrimaryPassword
- |
-
-```
-#### policies.json
-```
-{
- "policies": {
- "PrimaryPassword": true | false
- }
-}
-```
### NetworkPrediction
Enable or disable network prediction (DNS prefetching).
@@ -4167,6 +4187,7 @@ general.smoothScroll (Firefox 83, Firefox ESR 78.5)
geo.
gfx.
intl.
+keyword.enabled (Firefox 95, Firefox ESR 91.4)
layers.
layout.
media.
@@ -4176,6 +4197,7 @@ places.
print.
signon. (Firefox 83, Firefox ESR 78.5)
spellchecker. (Firefox 84, Firefox ESR 78.6)
+toolkit.legacyUserProfileCustomizations.stylesheets (Firefox 95, Firefox ESR 91.4)
ui.
widget.
```
@@ -4203,7 +4225,7 @@ as well as the following security preferences:
| security.tls.version.enable-deprecated | boolean | false
| If true, browser will accept TLS 1.0. and TLS 1.1 (Firefox 86, Firefox 78.8).
| security.warn_submit_secure_to_insecure | boolean | true
-| If false, no warning is shown when submitting s form from https to http.
+| If false, no warning is shown when submitting a form from https to http.
Using the preference as the key, set the `Value` to the corresponding preference value.
@@ -4214,7 +4236,7 @@ Default preferences can be modified by the user.
If a value is locked, it is also set as the default.
-User preferences persist across invocations of Firefox. It is the equivalent of a user setting the preference. They are most useful when a preference is needed very early in startup so it can't be set as default by policy.
+User preferences persist across invocations of Firefox. It is the equivalent of a user setting the preference. They are most useful when a preference is needed very early in startup so it can't be set as default by policy. An example of this is ```toolkit.legacyUserProfileCustomizations.stylesheets```.
User preferences persist even if the policy is removed, so if you need to remove them, you should use the clear policy.
@@ -4476,6 +4498,45 @@ Value (string):
}
}
```
+### PrimaryPassword
+Require or prevent using a primary (formerly master) password.
+
+If this value is true, a primary password is required. If this value is false, it works the same as if [`DisableMasterPasswordCreation`](#disablemasterpasswordcreation) was true and removes the primary password functionality.
+
+If both DisableMasterPasswordCreation and PrimaryPassword are used, DisableMasterPasswordCreation takes precedent.
+
+**Compatibility:** Firefox 79, Firefox ESR 78.1\
+**CCK2 Equivalent:** `noMasterPassword`\
+**Preferences Affected:** N/A
+
+#### Windows (GPO)
+```
+Software\Policies\Mozilla\Firefox\PrimaryPassword = 0x1 | 0x0
+```
+#### Windows (Intune)
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/PrimaryPassword
+```
+Value (string):
+```
+ or
+```
+#### macOS
+```
+
+ PrimaryPassword
+ |
+
+```
+#### policies.json
+```
+{
+ "policies": {
+ "PrimaryPassword": true | false
+ }
+}
+```
### PromptForDownloadLocation
Ask where to save each file before downloading.
@@ -4907,35 +4968,86 @@ Value (string):
### SearchEngines (This policy is only available on the ESR.)
-### SearchEngines | Default
+### SearchEngines | Add
-Set the default search engine. This policy is only available on the ESR.
+Add new search engines (up to five). This policy is only available on the ESR. `Name` and `URLTemplate` are required.
-**Compatibility:** Firefox ESR 60\
-**CCK2 Equivalent:** `defaultSearchEngine`\
+`Name` is the name of the search engine.
+
+`URLTemplate` is the search URL with {searchTerms} to substitute for the search term.
+
+`Method` is either GET or POST
+
+`IconURL` is a URL for the icon to use.
+
+`Alias` is a keyword to use for the engine.
+
+`Description` is a description of the search engine.
+
+`PostData` is the POST data as name value pairs separated by &.
+
+`SuggestURLTemplate` is a search suggestions URL with {searchTerms} to substitute for the search term.
+
+`Encoding` is the query charset for the engine. It defaults to UTF-8.
+
+**Compatibility:** Firefox ESR 60 (POST support in Firefox ESR 68, Encoding support in Firefox 91)\
+**CCK2 Equivalent:** `searchplugins`\
**Preferences Affected:** N/A
#### Windows (GPO)
```
-Software\Policies\Mozilla\Firefox\SearchEngines\Default = NAME_OF_SEARCH_ENGINE
+Software\Policies\Mozilla\Firefox\SearchEngines\Add\1\Name = "Example1"
+Software\Policies\Mozilla\Firefox\SearchEngines\Add\1\URLTemplate = "https://www.example.org/q={searchTerms}"
+Software\Policies\Mozilla\Firefox\SearchEngines\Add\1\Method = "GET" | "POST"
+Software\Policies\Mozilla\Firefox\SearchEngines\Add\1\IconURL = "https://www.example.org/favicon.ico"
+Software\Policies\Mozilla\Firefox\SearchEngines\Add\1\Alias = "example"
+Software\Policies\Mozilla\Firefox\SearchEngines\Add\1\Description = "Example Description"
+Software\Policies\Mozilla\Firefox\SearchEngines\Add\1\SuggestURLTemplate = "https://www.example.org/suggestions/q={searchTerms}"
+Software\Policies\Mozilla\Firefox\SearchEngines\Add\1\PostData = "name=value&q={searchTerms}"
```
#### Windows (Intune)
OMA-URI:
```
-./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Search/SearchEngines_Default
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Search/SearchEngines_1
```
Value (string):
```
-
+
+
+
+
+
+
+
+
```
#### macOS
```
SearchEngines
- Default
- NAME_OF_SEARCH_ENGINE
+ Add
+
+
+ Name
+ Example1
+ URLTemplate
+ https://www.example.org/q={searchTerms}
+ Method
+ GET | POST
+ IconURL
+ https://www.example.org/favicon.ico
+ Alias
+ example
+ Description
+ Example Description
+ SuggestURLTemplate
+ https://www.example.org/suggestions/q={searchTerms}
+ PostData
+ name=value&q={searchTerms}
+
+
```
@@ -4944,39 +5056,51 @@ Value (string):
{
"policies": {
"SearchEngines": {
- "Default": "NAME_OF_SEARCH_ENGINE"
+ "Add": [
+ {
+ "Name": "Example1",
+ "URLTemplate": "https://www.example.org/q={searchTerms}",
+ "Method": "GET" | "POST",
+ "IconURL": "https://www.example.org/favicon.ico",
+ "Alias": "example",
+ "Description": "Description",
+ "PostData": "name=value&q={searchTerms}",
+ "SuggestURLTemplate": "https://www.example.org/suggestions/q={searchTerms}"
+ }
+ ]
}
}
}
```
-### SearchEngines | PreventInstalls
+### SearchEngines | Default
-Prevent installing search engines from webpages.
+Set the default search engine. This policy is only available on the ESR.
**Compatibility:** Firefox ESR 60\
-**CCK2 Equivalent:** `disableSearchEngineInstall`\
+**CCK2 Equivalent:** `defaultSearchEngine`\
**Preferences Affected:** N/A
#### Windows (GPO)
```
-Software\Policies\Mozilla\Firefox\SearchEngines\PreventInstalls = 0x1 | 0x0
+Software\Policies\Mozilla\Firefox\SearchEngines\Default = NAME_OF_SEARCH_ENGINE
```
#### Windows (Intune)
OMA-URI:
```
-./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Search/SearchEngines_PreventInstalls
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Search/SearchEngines_Default
```
Value (string):
```
- or
+
+
```
#### macOS
```
SearchEngines
- PreventInstalls
- |
+ Default
+ NAME_OF_SEARCH_ENGINE
```
@@ -4985,42 +5109,39 @@ Value (string):
{
"policies": {
"SearchEngines": {
- "PreventInstalls": true | false
+ "Default": "NAME_OF_SEARCH_ENGINE"
}
}
}
```
-### SearchEngines | Remove
+### SearchEngines | PreventInstalls
-Hide built-in search engines. This policy is only available on the ESR.
+Prevent installing search engines from webpages.
-**Compatibility:** Firefox ESR 60.2\
-**CCK2 Equivalent:** `removeDefaultSearchEngines` (removed all built-in engines)\
+**Compatibility:** Firefox ESR 60\
+**CCK2 Equivalent:** `disableSearchEngineInstall`\
**Preferences Affected:** N/A
#### Windows (GPO)
```
-Software\Policies\Mozilla\Firefox\SearchEngines\Remove\1 = NAME_OF_SEARCH_ENGINE
+Software\Policies\Mozilla\Firefox\SearchEngines\PreventInstalls = 0x1 | 0x0
```
#### Windows (Intune)
OMA-URI:
```
-./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Search/SearchEngines_Remove
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Search/SearchEngines_PreventInstalls
```
Value (string):
```
-
-
+ or
```
#### macOS
```
SearchEngines
- Remove
-
- NAME_OF_SEARCH_ENGINE
-
+ PreventInstalls
+ |
```
@@ -5029,91 +5150,42 @@ Value (string):
{
"policies": {
"SearchEngines": {
- "Remove": ["NAME_OF_SEARCH_ENGINE"]
+ "PreventInstalls": true | false
}
}
}
```
-### SearchEngines | Add
-
-Add new search engines (up to five). This policy is only available on the ESR. `Name` and `URLTemplate` are required.
-
-`Name` is the name of the search engine.
-
-`URLTemplate` is the search URL with {searchTerms} to substitute for the search term.
-
-`Method` is either GET or POST
-
-`IconURL` is a URL for the icon to use.
-
-`Alias` is a keyword to use for the engine.
-
-`Description` is a description of the search engine.
-
-`PostData` is the POST data as name value pairs separated by &.
-
-`SuggestURLTemplate` is a search suggestions URL with {searchTerms} to substitute for the search term.
+### SearchEngines | Remove
-`Encoding` is the query charset for the engine. It defaults to UTF-8.
+Hide built-in search engines. This policy is only available on the ESR.
-**Compatibility:** Firefox ESR 60 (POST support in Firefox ESR 68, Encoding support in Firefox 91)\
-**CCK2 Equivalent:** `searchplugins`\
+**Compatibility:** Firefox ESR 60.2\
+**CCK2 Equivalent:** `removeDefaultSearchEngines` (removed all built-in engines)\
**Preferences Affected:** N/A
#### Windows (GPO)
```
-Software\Policies\Mozilla\Firefox\SearchEngines\Add\1\Name = "Example1"
-Software\Policies\Mozilla\Firefox\SearchEngines\Add\1\URLTemplate = "https://www.example.org/q={searchTerms}"
-Software\Policies\Mozilla\Firefox\SearchEngines\Add\1\Method = "GET" | "POST"
-Software\Policies\Mozilla\Firefox\SearchEngines\Add\1\IconURL = "https://www.example.org/favicon.ico"
-Software\Policies\Mozilla\Firefox\SearchEngines\Add\1\Alias = "example"
-Software\Policies\Mozilla\Firefox\SearchEngines\Add\1\Description = "Example Description"
-Software\Policies\Mozilla\Firefox\SearchEngines\Add\1\SuggestURLTemplate = "https://www.example.org/suggestions/q={searchTerms}"
-Software\Policies\Mozilla\Firefox\SearchEngines\Add\1\PostData = "name=value&q={searchTerms}"
+Software\Policies\Mozilla\Firefox\SearchEngines\Remove\1 = NAME_OF_SEARCH_ENGINE
```
#### Windows (Intune)
OMA-URI:
```
-./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Search/SearchEngines_1
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Search/SearchEngines_Remove
```
Value (string):
```
-
-
-
-
-
-
-
-
+
```
#### macOS
```
SearchEngines
- Add
-
-
- Name
- Example1
- URLTemplate
- https://www.example.org/q={searchTerms}
- Method
- GET | POST
- IconURL
- https://www.example.org/favicon.ico
- Alias
- example
- Description
- Example Description
- SuggestURLTemplate
- https://www.example.org/suggestions/q={searchTerms}
- PostData
- name=value&q={searchTerms}
-
+ Remove
+ NAME_OF_SEARCH_ENGINE
+
```
@@ -5122,18 +5194,7 @@ Value (string):
{
"policies": {
"SearchEngines": {
- "Add": [
- {
- "Name": "Example1",
- "URLTemplate": "https://www.example.org/q={searchTerms}",
- "Method": "GET" | "POST",
- "IconURL": "https://www.example.org/favicon.ico",
- "Alias": "example",
- "Description": "Description",
- "PostData": "name=value&q={searchTerms}",
- "SuggestURLTemplate": "https://www.example.org/suggestions/q={searchTerms}"
- }
- ]
+ "Remove": ["NAME_OF_SEARCH_ENGINE"]
}
}
}
@@ -5389,7 +5450,7 @@ Prevent Firefox from messaging the user in certain situations.
`ExtensionRecommendations` If false, don't recommend extensions while the user is visiting web pages.
-`FeatureRecommendations` IF false, don't recommend browser features.
+`FeatureRecommendations` If false, don't recommend browser features.
`UrlbarInterventions` If false, Don't offer Firefox specific suggestions in the URL bar.