X-Git-Url: https://git.p6c8.net/policy-templates.git/blobdiff_plain/a6e3f1e71ce20e100ee2baf84482c2d9b4f3f425..8e0989f8ba64fd0019a12a445c23a079b9517cbc:/README.md?ds=inline diff --git a/README.md b/README.md index 1f4a748..1a4fcb6 100644 --- a/README.md +++ b/README.md @@ -44,7 +44,7 @@ Policies can be specified using the [Group Policy templates on Windows](https:// | **[`DisableSafeMode`](#disablesafemode)** | Disable safe mode within the browser. | **[`DisableSecurityBypass`](#disablesecuritybypass)** | Prevent the user from bypassing security in certain cases. | **[`DisableSetDesktopBackground`](#disablesetdesktopbackground)** | Remove the "Set As Desktop Background..." menuitem when right clicking on an image. -| **[`DisableSystemAddonUpdate`](#disablesystemaddonupdate)** | Prevent system add-ons from being installed or update. +| **[`DisableSystemAddonUpdate`](#disablesystemaddonupdate)** | Prevent system add-ons from being installed or updated. | **[`DisableTelemetry`](#disabletelemetry)** | DisableTelemetry | **[`DisplayBookmarksToolbar`](#displaybookmarkstoolbar)** | Set the initial state of the bookmarks toolbar. | **[`DisplayMenuBar`](#displaymenubar)** | Set the state of the menubar. @@ -55,11 +55,12 @@ Policies can be specified using the [Group Policy templates on Windows](https:// | **[`EnableTrackingProtection`](#enabletrackingprotection)** | Configure tracking protection. | **[`EncryptedMediaExtensions`](#encryptedmediaextensions)** | Enable or disable Encrypted Media Extensions and optionally lock it. | **[`EnterprisePoliciesEnabled`](#enterprisepoliciesenabled)** | Enable policy support on macOS. +| **[`ExemptDomainFileTypePairsFromFileTypeDownloadWarnings`](#exemptdomainfiletypepairsfromfiletypedownloadwarnings)** | Disable warnings based on file extension for specific file types on domains. | **[`Extensions`](#extensions)** | Control the installation, uninstallation and locking of extensions. | **[`ExtensionSettings`](#extensionsettings)** | Manage all aspects of extensions. | **[`ExtensionUpdate`](#extensionupdate)** | Control extension updates. | **[`FirefoxHome`](#firefoxhome)** | Customize the Firefox Home page. -| **[`FlashPlugin`](#flashplugin)** | Configure the default Flash plugin policy as well as origins for which Flash is allowed. +| **[`FlashPlugin (Deprecated)`](#flashplugin-deprecated)** | Configure the default Flash plugin policy as well as origins for which Flash is allowed. | **[`Handlers`](#handlers)** | Configure default application handlers. | **[`HardwareAcceleration`](#hardwareacceleration)** | Control hardware acceleration. | **[`Homepage`](#homepage)** | Configure the default homepage and how Firefox starts. @@ -69,7 +70,7 @@ Policies can be specified using the [Group Policy templates on Windows](https:// | **[`LegacySameSiteCookieBehaviorEnabledForDomainList`](#legacysamesitecookiebehaviorenabledfordomainlist)** | Revert to legacy SameSite behavior for cookies on specified sites. | **[`LocalFileLinks`](#localfilelinks)** | Enable linking to local files by origin. | **[`ManagedBookmarks`](#managedbookmarks)** | Configures a list of bookmarks managed by an administrator that cannot be changed by the user. -| **[`ManualAppUpdateOnly`](#manualappupdateonly)** | Allow manual updates only and do not notify the user about updates.. +| **[`ManualAppUpdateOnly`](#manualappupdateonly)** | Allow manual updates only and do not notify the user about updates. | **[`NetworkPrediction`](#networkprediction)** | Enable or disable network prediction (DNS prefetching). | **[`NewTabPage`](#newtabpage)** | Enable or disable the New Tab page. | **[`NoDefaultBookmarks`](#nodefaultbookmarks)** | Disable the creation of default bookmarks. @@ -78,6 +79,7 @@ Policies can be specified using the [Group Policy templates on Windows](https:// | **[`OverrideFirstRunPage`](#overridefirstrunpage)** | Override the first run page. | **[`OverridePostUpdatePage`](#overridepostupdatepage)** | Override the upgrade page. | **[`PasswordManagerEnabled`](#passwordmanagerenabled)** | Remove (some) access to the password manager. +| **[`PasswordManagerExceptions`](#passwordmanagerexceptions)** | Prevent Firefox from saving passwords for specific sites. | **[`PDFjs`](#pdfjs)** | Disable or configure PDF.js, the built-in PDF viewer. | **[`Permissions`](#permissions)** | Set permissions associated with camera, microphone, location, and notifications. | **[`PictureInPicture`](#pictureinpicture)** | Enable or disable Picture-in-Picture. @@ -103,6 +105,7 @@ Policies can be specified using the [Group Policy templates on Windows](https:// | **[`SSLVersionMin`](#sslversionmin)** | Set and lock the minimum version of TLS. | **[`SupportMenu`](#supportmenu)** | Add a menuitem to the help menu for specifying support information. | **[`UserMessaging`](#usermessaging)** | Don't show certain messages to the user. +| **[`UseSystemPrintDialog`](#usesystemprintdialog)** | Print using the system print dialog instead of print preview. | **[`WebsiteFilter`](#websitefilter)** | Block websites from being visited. | **[`WindowsSSO`](#windowssso)** | Allow Windows single sign-on for Microsoft, work, and school accounts. @@ -110,6 +113,58 @@ Policies can be specified using the [Group Policy templates on Windows](https:// Allow WebExtensions to configure policy. For more information, see [Adding policy support to your extension](https://extensionworkshop.com/documentation/enterprise/adding-policy-support-to-your-extension/). +For GPO and Intune, the extension developer should provide an ADMX file. + +**Compatibility:** Firefox 68\ +**CCK2 Equivalent:** N/A\ +**Preferences Affected:** N/A + +#### macOS +``` + + 3rdparty + + Extensions + + uBlock0@raymondhill.net + + adminSettings + + selectedFilterLists + + ublock-privacy + ublock-badware + ublock-filters + user-filters + + + + + + +``` +#### policies.json +``` +{ + "policies": { + "3rdparty": { + "Extensions": { + "uBlock0@raymondhill.net": { + "adminSettings": { + "selectedFilterLists": [ + "ublock-privacy", + "ublock-badware", + "ublock-filters", + "user-filters" + ] + } + } + } + } + } +} +``` + ### AllowedDomainsForApps Define domains allowed to access Google Workspace. @@ -941,7 +996,7 @@ OMA-URI: Value (string): ``` - + ``` OMA-URI: ``` @@ -950,7 +1005,7 @@ OMA-URI: Value (string): ``` - + ``` OMA-URI: ``` @@ -959,7 +1014,7 @@ OMA-URI: Value (string): ``` - + ``` OMA-URI: ``` @@ -1875,7 +1930,7 @@ Value (string): } ``` ### DisableSystemAddonUpdate -Prevent system add-ons from being installed or update. +Prevent system add-ons from being installed or updated. **Compatibility:** Firefox 60, Firefox ESR 60\ **CCK2 Equivalent:** N/A\ @@ -2385,6 +2440,72 @@ Enable policy support on macOS. ``` +### ExemptDomainFileTypePairsFromFileTypeDownloadWarnings + +Disable warnings based on file extension for specific file types on domains. + +This policy is based on the [Chrome policy](https://chromeenterprise.google/policies/#ExemptDomainFileTypePairsFromFileTypeDownloadWarnings) of the same name. + +Important: The documentation for the policy for both Edge and Chrome is incorrect. The ```domains``` value must be a domain, not a URL pattern. Also, we do not support using ```*``` to mean all domains. + +**Compatibility:** Firefox 102\ +**CCK2 Equivalent:** N/A\ +**Preferences Affected:** N/A + +#### Windows (GPO) +Software\Policies\Mozilla\Firefox\Handlers (REG_MULTI_SZ) = +``` +[ + { + "file_extension": "jnlp", + "domains": ["example.com"] + } +] +``` +#### Windows (Intune) +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/ExemptDomainFileTypePairsFromFileTypeDownloadWarnings +``` +Value (string): +``` + + +``` +#### macOS +``` + + ExemptDomainFileTypePairsFromFileTypeDownloadWarnings + + + file_extension + jnlp + domains + + example.com + + + + +``` +#### policies.json +``` +{ + "policies": { + "ExemptDomainFileTypePairsFromFileTypeDownloadWarnings": [{ + "file_extension": "jnlp", + "domains": ["example.com"] + }] + } +} +``` ### Extensions Control the installation, uninstallation and locking of extensions. @@ -3770,6 +3891,50 @@ Value (string): } } ``` +### PasswordManagerExceptions +Prevent Firefox from saving passwords for specific sites. + +The sites are specified as a list of origins. + +**Compatibility:** Firefox 101\ +**CCK2 Equivalent:** N/A\ +**Preferences Affected:** N/A + +#### Windows (GPO) +``` +Software\Policies\Mozilla\Firefox\PasswordManagerExceptions\1 = "https://example.org" +Software\Policies\Mozilla\Firefox\PasswordManagerExceptions\2 = "https://example.edu" +``` +#### Windows (Intune) +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/PasswordManagerExceptions +``` +Value (string): +``` + + +``` +#### macOS +``` + + PasswordManagerExceptions + + https://example.org + https://example.edu + + +``` +#### policies.json +``` +{ + "policies": { + "PasswordManagerExceptions": ["https://example.org", + "https://example.edu"] + } +} +``` + ### PDFjs Disable or configure PDF.js, the built-in PDF viewer. @@ -4288,13 +4453,14 @@ Using the preference as the key, set the `Value` to the corresponding preference `Status` can be "default", "locked", "user" or "clear" -Default preferences can be modified by the user. +* `"default"`: Read/Write: Settings appear as default even if factory default differs. +* `"locked"`: Read-Only: Settings appear as default even if factory default differs. +* `"user"`: Read/Write: Settings appear as changed if it differs from factory default. +* `"clear"`: Read/Write: `Value` has no effect. Resets to factory defaults on each startup. -If a value is locked, it is also set as the default. +`"user"` preferences persist across invocations of Firefox. It is the equivalent of a user setting the preference. They are most useful when a preference is needed very early in startup so it can't be set as default by policy. An example of this is ```toolkit.legacyUserProfileCustomizations.stylesheets```. -User preferences persist across invocations of Firefox. It is the equivalent of a user setting the preference. They are most useful when a preference is needed very early in startup so it can't be set as default by policy. An example of this is ```toolkit.legacyUserProfileCustomizations.stylesheets```. - -User preferences persist even if the policy is removed, so if you need to remove them, you should use the clear policy. +`"user"` preferences persist even if the policy is removed, so if you need to remove them, you should use the clear policy. See the examples below for more detail. @@ -5514,9 +5680,11 @@ Prevent Firefox from messaging the user in certain situations. `SkipOnboarding` If true, don't show onboarding messages on the new tab page. +`MoreFromMozilla` If false, don't show the "More from Mozilla" section in Preferences. (Firefox 98) + **Compatibility:** Firefox 75, Firefox ESR 68.7\ **CCK2 Equivalent:** N/A\ -**Preferences Affected:** `browser.messaging-system.whatsNewPanel.enabled`, `browser.newtabpage.activity-stream.asrouter.userprefs.cfr.addons`, `browser.newtabpage.activity-stream.asrouter.userprefs.cfr.features`, `browser.aboutwelcome.enabled` +**Preferences Affected:** `browser.messaging-system.whatsNewPanel.enabled`, `browser.newtabpage.activity-stream.asrouter.userprefs.cfr.addons`, `browser.newtabpage.activity-stream.asrouter.userprefs.cfr.features`, `browser.aboutwelcome.enabled`, `browser.preferences.moreFromMozilla` #### Windows (GPO) ``` @@ -5525,6 +5693,7 @@ Software\Policies\Mozilla\Firefox\UserMessaging\ExtensionRecommendations = 0x1 | Software\Policies\Mozilla\Firefox\UserMessaging\FeatureRecommendations = 0x1 | 0x0 Software\Policies\Mozilla\Firefox\UserMessaging\UrlbarInterventions = 0x1 | 0x0 Software\Policies\Mozilla\Firefox\UserMessaging\SkipOnboarding = 0x1 | 0x0 +Software\Policies\Mozilla\Firefox\UserMessaging\MoreFromMozilla = 0x1 | 0x0 ``` #### Windows (Intune) OMA-URI: @@ -5534,6 +5703,7 @@ OMA-URI: ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~UserMessaging/UserMessaging_FeatureRecommendations ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~UserMessaging/UserMessaging_UrlbarInterventions ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~UserMessaging/UserMessaging_SkipOnboarding +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~UserMessaging/UserMessaging_MoreFromMozilla ``` Value (string): ``` @@ -5554,6 +5724,8 @@ Value (string): | SkipOnboarding | + MoreFromMozilla + | ``` @@ -5565,12 +5737,48 @@ Value (string): "WhatsNew": true | false, "ExtensionRecommendations": true | false, "FeatureRecommendations": true | false, - "UrlbarInterventions": true | false - "SkipOnboarding": true | false + "UrlbarInterventions": true | false, + "SkipOnboarding": true | false, + "MoreFromMozilla": true | false } } } ``` +### UseSystemPrintDialog +Use the system print dialog instead of the print preview window. + +**Compatibility:** Firefox 102\ +**CCK2 Equivalent:** N/A\ +**Preferences Affected:** `print.prefer_system_dialog` + +#### Windows (GPO) +``` +Software\Policies\Mozilla\Firefox\UseSystemPrintDialog = 0x1 | 0x0 +``` +#### Windows (Intune) +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/UseSystemPrintDialog +``` +Value (string): +``` + or +``` +#### macOS +``` + + UseSystemPrintDialog + | + +``` +#### policies.json +``` +{ + "policies": { + "UseSystemPrintDialog": true | false + } +} +``` ### WebsiteFilter Block websites from being visited. The parameters take an array of Match Patterns, as documented in https://developer.mozilla.org/en-US/Add-ons/WebExtensions/Match_patterns. The arrays are limited to 1000 entries each.