X-Git-Url: https://git.p6c8.net/policy-templates.git/blobdiff_plain/a6e3f1e71ce20e100ee2baf84482c2d9b4f3f425..85d88d0172d9e8c8a10b8604eaf9dfceda2eacab:/README.md?ds=inline
diff --git a/README.md b/README.md
index 1f4a748..d38e25a 100644
--- a/README.md
+++ b/README.md
@@ -9,6 +9,7 @@ Policies can be specified using the [Group Policy templates on Windows](https://
| **[`3rdparty`](#3rdparty)** | Set policies that WebExtensions can access via chrome.storage.managed.
| **[`AllowedDomainsForApps`](#alloweddomainsforapps)** | Define domains allowed to access Google Workspace.
| **[`AppAutoUpdate`](#appautoupdate)** | Enable or disable automatic application update.
+| **[`AppUpdatePin`](#appupdatepin)** | Prevent Firefox from being updated beyond the specified version.
| **[`AppUpdateURL`](#appupdateurl)** | Change the URL for application update.
| **[`Authentication`](#authentication)** | Configure sites that support integrated authentication.
| **[`AutoLaunchProtocolsFromOrigins`](#autolaunchprotocolsfromorigins)** | Define a list of external protocols that can be used from listed origins without prompting the user.
@@ -44,7 +45,7 @@ Policies can be specified using the [Group Policy templates on Windows](https://
| **[`DisableSafeMode`](#disablesafemode)** | Disable safe mode within the browser.
| **[`DisableSecurityBypass`](#disablesecuritybypass)** | Prevent the user from bypassing security in certain cases.
| **[`DisableSetDesktopBackground`](#disablesetdesktopbackground)** | Remove the "Set As Desktop Background..." menuitem when right clicking on an image.
-| **[`DisableSystemAddonUpdate`](#disablesystemaddonupdate)** | Prevent system add-ons from being installed or update.
+| **[`DisableSystemAddonUpdate`](#disablesystemaddonupdate)** | Prevent system add-ons from being installed or updated.
| **[`DisableTelemetry`](#disabletelemetry)** | DisableTelemetry
| **[`DisplayBookmarksToolbar`](#displaybookmarkstoolbar)** | Set the initial state of the bookmarks toolbar.
| **[`DisplayMenuBar`](#displaymenubar)** | Set the state of the menubar.
@@ -55,11 +56,13 @@ Policies can be specified using the [Group Policy templates on Windows](https://
| **[`EnableTrackingProtection`](#enabletrackingprotection)** | Configure tracking protection.
| **[`EncryptedMediaExtensions`](#encryptedmediaextensions)** | Enable or disable Encrypted Media Extensions and optionally lock it.
| **[`EnterprisePoliciesEnabled`](#enterprisepoliciesenabled)** | Enable policy support on macOS.
+| **[`ExemptDomainFileTypePairsFromFileTypeDownloadWarnings`](#exemptdomainfiletypepairsfromfiletypedownloadwarnings)** | Disable warnings based on file extension for specific file types on domains.
| **[`Extensions`](#extensions)** | Control the installation, uninstallation and locking of extensions.
| **[`ExtensionSettings`](#extensionsettings)** | Manage all aspects of extensions.
| **[`ExtensionUpdate`](#extensionupdate)** | Control extension updates.
| **[`FirefoxHome`](#firefoxhome)** | Customize the Firefox Home page.
-| **[`FlashPlugin`](#flashplugin)** | Configure the default Flash plugin policy as well as origins for which Flash is allowed.
+| **[`FlashPlugin (Deprecated)`](#flashplugin-deprecated)** | Configure the default Flash plugin policy as well as origins for which Flash is allowed.
+| **[`GoToIntranetSiteForSingleWordEntryInAddressBar`](#gotointranetsiteforsinglewordentryinaddressbar)** | Force direct intranet site navigation instead of searching when typing single word entries in the address bar.
| **[`Handlers`](#handlers)** | Configure default application handlers.
| **[`HardwareAcceleration`](#hardwareacceleration)** | Control hardware acceleration.
| **[`Homepage`](#homepage)** | Configure the default homepage and how Firefox starts.
@@ -69,7 +72,7 @@ Policies can be specified using the [Group Policy templates on Windows](https://
| **[`LegacySameSiteCookieBehaviorEnabledForDomainList`](#legacysamesitecookiebehaviorenabledfordomainlist)** | Revert to legacy SameSite behavior for cookies on specified sites.
| **[`LocalFileLinks`](#localfilelinks)** | Enable linking to local files by origin.
| **[`ManagedBookmarks`](#managedbookmarks)** | Configures a list of bookmarks managed by an administrator that cannot be changed by the user.
-| **[`ManualAppUpdateOnly`](#manualappupdateonly)** | Allow manual updates only and do not notify the user about updates..
+| **[`ManualAppUpdateOnly`](#manualappupdateonly)** | Allow manual updates only and do not notify the user about updates.
| **[`NetworkPrediction`](#networkprediction)** | Enable or disable network prediction (DNS prefetching).
| **[`NewTabPage`](#newtabpage)** | Enable or disable the New Tab page.
| **[`NoDefaultBookmarks`](#nodefaultbookmarks)** | Disable the creation of default bookmarks.
@@ -78,6 +81,7 @@ Policies can be specified using the [Group Policy templates on Windows](https://
| **[`OverrideFirstRunPage`](#overridefirstrunpage)** | Override the first run page.
| **[`OverridePostUpdatePage`](#overridepostupdatepage)** | Override the upgrade page.
| **[`PasswordManagerEnabled`](#passwordmanagerenabled)** | Remove (some) access to the password manager.
+| **[`PasswordManagerExceptions`](#passwordmanagerexceptions)** | Prevent Firefox from saving passwords for specific sites.
| **[`PDFjs`](#pdfjs)** | Disable or configure PDF.js, the built-in PDF viewer.
| **[`Permissions`](#permissions)** | Set permissions associated with camera, microphone, location, and notifications.
| **[`PictureInPicture`](#pictureinpicture)** | Enable or disable Picture-in-Picture.
@@ -101,8 +105,10 @@ Policies can be specified using the [Group Policy templates on Windows](https://
| **[`ShowHomeButton`](#showhomebutton)** | Show the home button on the toolbar.
| **[`SSLVersionMax`](#sslversionmax)** | Set and lock the maximum version of TLS.
| **[`SSLVersionMin`](#sslversionmin)** | Set and lock the minimum version of TLS.
+| **[`StartDownloadsInTempDirectory`](#startdownloadsintempdirectory)** | Force downloads to start off in a local, temporary location rather than the default download directory.
| **[`SupportMenu`](#supportmenu)** | Add a menuitem to the help menu for specifying support information.
| **[`UserMessaging`](#usermessaging)** | Don't show certain messages to the user.
+| **[`UseSystemPrintDialog`](#usesystemprintdialog)** | Print using the system print dialog instead of print preview.
| **[`WebsiteFilter`](#websitefilter)** | Block websites from being visited.
| **[`WindowsSSO`](#windowssso)** | Allow Windows single sign-on for Microsoft, work, and school accounts.
@@ -110,6 +116,58 @@ Policies can be specified using the [Group Policy templates on Windows](https://
Allow WebExtensions to configure policy. For more information, see [Adding policy support to your extension](https://extensionworkshop.com/documentation/enterprise/adding-policy-support-to-your-extension/).
+For GPO and Intune, the extension developer should provide an ADMX file.
+
+**Compatibility:** Firefox 68\
+**CCK2 Equivalent:** N/A\
+**Preferences Affected:** N/A
+
+#### macOS
+```
+
+ 3rdparty
+
+ Extensions
+
+ uBlock0@raymondhill.net
+
+ adminSettings
+
+ selectedFilterLists
+
+ ublock-privacy
+ ublock-badware
+ ublock-filters
+ user-filters
+
+
+
+
+
+
+```
+#### policies.json
+```
+{
+ "policies": {
+ "3rdparty": {
+ "Extensions": {
+ "uBlock0@raymondhill.net": {
+ "adminSettings": {
+ "selectedFilterLists": [
+ "ublock-privacy",
+ "ublock-badware",
+ "ublock-filters",
+ "user-filters"
+ ]
+ }
+ }
+ }
+ }
+ }
+}
+```
+
### AllowedDomainsForApps
Define domains allowed to access Google Workspace.
@@ -193,6 +251,49 @@ Value (string):
}
}
```
+### AppUpdatePin
+
+Prevent Firefox from being updated beyond the specified version.
+
+You can specify the any version as ```xx.``` and Firefox will be updated with all minor versions, but will not be updated beyond the major version.
+
+You can also specify the version as ```xx.xx``` and Firefox will be updated with all patch versions, but will not be updated beyond the minor version.
+
+You should specify a version that exists or is guaranteed to exist. If you specify a version that doesn't end up existing, Firefox will update beyond that version.
+
+**Compatibility:** Firefox 102,\
+**CCK2 Equivalent:** N/A\
+**Preferences Affected:** N/A
+
+#### Windows (GPO)
+```
+Software\Policies\Mozilla\Firefox\AppUpdatePin = "106."
+```
+#### Windows (Intune)
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/AppUpdatePin
+```
+Value (string):
+```
+
+
+```
+#### macOS
+```
+
+ AppUpdatePin
+ 106.
+
+```
+#### policies.json
+```
+{
+ "policies": {
+ "AppUpdatePin": "106."
+ }
+}
+```
### AppUpdateURL
Change the URL for application update if you are providing Firefox updates from a custom update server.
@@ -941,7 +1042,7 @@ OMA-URI:
Value (string):
```
-
+
```
OMA-URI:
```
@@ -950,7 +1051,7 @@ OMA-URI:
Value (string):
```
-
+
```
OMA-URI:
```
@@ -959,7 +1060,7 @@ OMA-URI:
Value (string):
```
-
+
```
OMA-URI:
```
@@ -1875,7 +1976,7 @@ Value (string):
}
```
### DisableSystemAddonUpdate
-Prevent system add-ons from being installed or update.
+Prevent system add-ons from being installed or updated.
**Compatibility:** Firefox 60, Firefox ESR 60\
**CCK2 Equivalent:** N/A\
@@ -2385,6 +2486,72 @@ Enable policy support on macOS.
```
+### ExemptDomainFileTypePairsFromFileTypeDownloadWarnings
+
+Disable warnings based on file extension for specific file types on domains.
+
+This policy is based on the [Chrome policy](https://chromeenterprise.google/policies/#ExemptDomainFileTypePairsFromFileTypeDownloadWarnings) of the same name.
+
+Important: The documentation for the policy for both Edge and Chrome is incorrect. The ```domains``` value must be a domain, not a URL pattern. Also, we do not support using ```*``` to mean all domains.
+
+**Compatibility:** Firefox 102\
+**CCK2 Equivalent:** N/A\
+**Preferences Affected:** N/A
+
+#### Windows (GPO)
+Software\Policies\Mozilla\Firefox\ExemptDomainFileTypePairsFromFileTypeDownloadWarnings (REG_MULTI_SZ) =
+```
+[
+ {
+ "file_extension": "jnlp",
+ "domains": ["example.com"]
+ }
+]
+```
+#### Windows (Intune)
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/ExemptDomainFileTypePairsFromFileTypeDownloadWarnings
+```
+Value (string):
+```
+
+
+```
+#### macOS
+```
+
+ ExemptDomainFileTypePairsFromFileTypeDownloadWarnings
+
+
+ file_extension
+ jnlp
+ domains
+
+ example.com
+
+
+
+
+```
+#### policies.json
+```
+{
+ "policies": {
+ "ExemptDomainFileTypePairsFromFileTypeDownloadWarnings": [{
+ "file_extension": "jnlp",
+ "domains": ["example.com"]
+ }]
+ }
+}
+```
### Extensions
Control the installation, uninstallation and locking of extensions.
@@ -2789,6 +2956,51 @@ Value (string):
}
}
```
+### GoToIntranetSiteForSingleWordEntryInAddressBar
+Whether to always go through the DNS server before sending a single word search string to a search engine.
+
+If the site exists, it will navigate to the website. If the intranet responds with a 404, the page will show a 404. If the intranet does not respond, the browser will attempt a search.
+
+The second result in the URL bar will be a search result to allow users to conduct a web search exactly as it was entered.
+
+If instead you would like to enable the ability to have your domain appear as a valid URL and to disallow the browser from ever searching that term using the first result that matches it, add the pref `browser.fixup.domainwhitelist.YOUR_DOMAIN` (where `YOUR_DOMAIN` is the name of the domain you'd like to add), and set the pref to `true`. The URL bar will then suggest `YOUR_DOMAIN` when the user fully types `YOUR_DOMAIN`. If the user attempts to load that domain and it fails to load, it will show an "Unable to connect" error page.
+
+You can also whitelist a domain suffix that is not part of the [Public Suffix List](https://publicsuffix.org/) by adding the pref `browser.fixup.domainsuffixwhitelist.YOUR_DOMAIN_SUFFIX` with a value of `true`.
+
+Additionally, if you want users to see a "Did you mean to go to 'YOUR_DOMAIN'" prompt below the URL bar if they land on a search results page instead of an intranet domain that provides a response, set the pref `browser.urlbar.dnsResolveSingleWordsAfterSearch` to `1`. Enabling this will cause the browser to commit a DNS check after every single word search. If the browser receives a response from the intranet, a prompt will ask the user if they'd like to instead navigate to `YOUR_DOMAIN`. If the user presses the **yes** button, `browser.fixup.domainwhitelist.YOUR_DOMAIN` will be set to `true`.
+
+**Compatibility:** Firefox 104, Firefox ESR 102.2\
+**CCK2 Equivalent:** `N/A`\
+**Preferences Affected:** `browser.fixup.dns_first_for_single_words`
+
+#### Windows (GPO)
+```
+Software\Policies\Mozilla\Firefox\GoToIntranetSiteForSingleWordEntryInAddressBar = 0x1 | 0x0
+```
+#### Windows (Intune)
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/GoToIntranetSiteForSingleWordEntryInAddressBar
+```
+Value (string):
+```
+ or
+```
+#### macOS
+```
+
+ GoToIntranetSiteForSingleWordEntryInAddressBar
+ |
+
+```
+#### policies.json
+```
+{
+ "policies": {
+ "GoToIntranetSiteForSingleWordEntryInAddressBar": true | false
+ }
+}
+```
### Handlers
Configure default application handlers. This policy is based on the internal format of `handlers.json`.
@@ -3770,6 +3982,50 @@ Value (string):
}
}
```
+### PasswordManagerExceptions
+Prevent Firefox from saving passwords for specific sites.
+
+The sites are specified as a list of origins.
+
+**Compatibility:** Firefox 101\
+**CCK2 Equivalent:** N/A\
+**Preferences Affected:** N/A
+
+#### Windows (GPO)
+```
+Software\Policies\Mozilla\Firefox\PasswordManagerExceptions\1 = "https://example.org"
+Software\Policies\Mozilla\Firefox\PasswordManagerExceptions\2 = "https://example.edu"
+```
+#### Windows (Intune)
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/PasswordManagerExceptions
+```
+Value (string):
+```
+
+
+```
+#### macOS
+```
+
+ PasswordManagerExceptions
+
+ https://example.org
+ https://example.edu
+
+
+```
+#### policies.json
+```
+{
+ "policies": {
+ "PasswordManagerExceptions": ["https://example.org",
+ "https://example.edu"]
+ }
+}
+```
+
### PDFjs
Disable or configure PDF.js, the built-in PDF viewer.
@@ -4288,13 +4544,14 @@ Using the preference as the key, set the `Value` to the corresponding preference
`Status` can be "default", "locked", "user" or "clear"
-Default preferences can be modified by the user.
-
-If a value is locked, it is also set as the default.
+* `"default"`: Read/Write: Settings appear as default even if factory default differs.
+* `"locked"`: Read-Only: Settings appear as default even if factory default differs.
+* `"user"`: Read/Write: Settings appear as changed if it differs from factory default.
+* `"clear"`: Read/Write: `Value` has no effect. Resets to factory defaults on each startup.
-User preferences persist across invocations of Firefox. It is the equivalent of a user setting the preference. They are most useful when a preference is needed very early in startup so it can't be set as default by policy. An example of this is ```toolkit.legacyUserProfileCustomizations.stylesheets```.
+`"user"` preferences persist across invocations of Firefox. It is the equivalent of a user setting the preference. They are most useful when a preference is needed very early in startup so it can't be set as default by policy. An example of this is ```toolkit.legacyUserProfileCustomizations.stylesheets```.
-User preferences persist even if the policy is removed, so if you need to remove them, you should use the clear policy.
+`"user"` preferences persist even if the policy is removed, so if you need to remove them, you should use the clear policy.
See the examples below for more detail.
@@ -5500,6 +5757,40 @@ Value (string):
}
}
```
+### StartDownloadsInTempDirectory
+Force downloads to start off in a local, temporary location rather than the default download directory.
+
+**Compatibility:** Firefox 102\
+**CCK2 Equivalent:** N/A\
+**Preferences Affected:** `browser.downloads.start_downloads_in_tmp_dir`
+
+#### Windows (GPO)
+```
+Software\Policies\Mozilla\Firefox\StartDownloadsInTempDirectory = 0x1 | 0x0
+```
+#### Windows (Intune)
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/StartDownloadsInTempDirectory
+```
+Value (string):
+```
+ or
+```
+#### macOS
+```
+
+ StartDownloadsInTempDirectory
+ |
+
+```
+#### policies.json
+```
+{
+ "policies": {
+ "StartDownloadsInTempDirectory": true | false
+}
+```
### UserMessaging
Prevent Firefox from messaging the user in certain situations.
@@ -5514,9 +5805,11 @@ Prevent Firefox from messaging the user in certain situations.
`SkipOnboarding` If true, don't show onboarding messages on the new tab page.
+`MoreFromMozilla` If false, don't show the "More from Mozilla" section in Preferences. (Firefox 98)
+
**Compatibility:** Firefox 75, Firefox ESR 68.7\
**CCK2 Equivalent:** N/A\
-**Preferences Affected:** `browser.messaging-system.whatsNewPanel.enabled`, `browser.newtabpage.activity-stream.asrouter.userprefs.cfr.addons`, `browser.newtabpage.activity-stream.asrouter.userprefs.cfr.features`, `browser.aboutwelcome.enabled`
+**Preferences Affected:** `browser.messaging-system.whatsNewPanel.enabled`, `browser.newtabpage.activity-stream.asrouter.userprefs.cfr.addons`, `browser.newtabpage.activity-stream.asrouter.userprefs.cfr.features`, `browser.aboutwelcome.enabled`, `browser.preferences.moreFromMozilla`
#### Windows (GPO)
```
@@ -5525,6 +5818,7 @@ Software\Policies\Mozilla\Firefox\UserMessaging\ExtensionRecommendations = 0x1 |
Software\Policies\Mozilla\Firefox\UserMessaging\FeatureRecommendations = 0x1 | 0x0
Software\Policies\Mozilla\Firefox\UserMessaging\UrlbarInterventions = 0x1 | 0x0
Software\Policies\Mozilla\Firefox\UserMessaging\SkipOnboarding = 0x1 | 0x0
+Software\Policies\Mozilla\Firefox\UserMessaging\MoreFromMozilla = 0x1 | 0x0
```
#### Windows (Intune)
OMA-URI:
@@ -5534,6 +5828,7 @@ OMA-URI:
./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~UserMessaging/UserMessaging_FeatureRecommendations
./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~UserMessaging/UserMessaging_UrlbarInterventions
./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~UserMessaging/UserMessaging_SkipOnboarding
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~UserMessaging/UserMessaging_MoreFromMozilla
```
Value (string):
```
@@ -5554,6 +5849,8 @@ Value (string):
|
SkipOnboarding
|
+ MoreFromMozilla
+ |
```
@@ -5565,12 +5862,48 @@ Value (string):
"WhatsNew": true | false,
"ExtensionRecommendations": true | false,
"FeatureRecommendations": true | false,
- "UrlbarInterventions": true | false
- "SkipOnboarding": true | false
+ "UrlbarInterventions": true | false,
+ "SkipOnboarding": true | false,
+ "MoreFromMozilla": true | false
}
}
}
```
+### UseSystemPrintDialog
+Use the system print dialog instead of the print preview window.
+
+**Compatibility:** Firefox 102\
+**CCK2 Equivalent:** N/A\
+**Preferences Affected:** `print.prefer_system_dialog`
+
+#### Windows (GPO)
+```
+Software\Policies\Mozilla\Firefox\UseSystemPrintDialog = 0x1 | 0x0
+```
+#### Windows (Intune)
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/UseSystemPrintDialog
+```
+Value (string):
+```
+ or
+```
+#### macOS
+```
+
+ UseSystemPrintDialog
+ |
+
+```
+#### policies.json
+```
+{
+ "policies": {
+ "UseSystemPrintDialog": true | false
+ }
+}
+```
### WebsiteFilter
Block websites from being visited. The parameters take an array of Match Patterns, as documented in https://developer.mozilla.org/en-US/Add-ons/WebExtensions/Match_patterns.
The arrays are limited to 1000 entries each.