X-Git-Url: https://git.p6c8.net/policy-templates.git/blobdiff_plain/b0fe7f4701daab8270560c52b8828f7985b8a032..a55a57c7b6748276b477861958b7a028ed9e3ab2:/README.md diff --git a/README.md b/README.md index e71e853..efde516 100644 --- a/README.md +++ b/README.md @@ -4,6 +4,19 @@ Policies can be specified using the [Group Policy templates on Windows](https://github.com/mozilla/policy-templates/tree/master/windows), [Intune on Windows](https://support.mozilla.org/kb/managing-firefox-intune), [configuration profiles on macOS](https://github.com/mozilla/policy-templates/tree/master/mac), or by creating a file called `policies.json`. On Windows, create a directory called `distribution` where the EXE is located and place the file there. On Mac, the file goes into `Firefox.app/Contents/Resources/distribution`. On Linux, the file goes into `firefox/distribution`, where `firefox` is the installation directory for firefox, which varies by distribution or you can specify system-wide policy by placing the file in `/etc/firefox/policies`. +Unfortunately, JSON files do not support comments, but you can add extra entries to the JSON to use as comments. You will see an error in about:policies, but the policies will still work properly. For example: + +``` +{ + "policies": { + "Authentication": { + "SPNEGO": ["mydomain.com", "https://myotherdomain.com"] + } + "Authentication_Comment": "These domains are required for us" + } +} +``` + | Policy Name | Description | --- | --- | | **[`3rdparty`](#3rdparty)** | Set policies that WebExtensions can access via chrome.storage.managed. @@ -47,6 +60,7 @@ Policies can be specified using the [Group Policy templates on Windows](https:// | **[`DisableSetDesktopBackground`](#disablesetdesktopbackground)** | Remove the "Set As Desktop Background..." menuitem when right clicking on an image. | **[`DisableSystemAddonUpdate`](#disablesystemaddonupdate)** | Prevent system add-ons from being installed or updated. | **[`DisableTelemetry`](#disabletelemetry)** | DisableTelemetry +| **[`DisableThirdPartyModuleBlocking`](#disablethirdpartymoduleblocking)** | Do not allow blocking third-party modules. | **[`DisplayBookmarksToolbar`](#displaybookmarkstoolbar)** | Set the initial state of the bookmarks toolbar. | **[`DisplayBookmarksToolbar (Deprecated)`](#displaybookmarkstoolbar-deprecated)** | Set the initial state of the bookmarks toolbar. | **[`DisplayMenuBar`](#displaymenubar)** | Set the state of the menubar. @@ -1210,6 +1224,7 @@ Value (string): { "policies": { "DefaultDownloadDirectory": "${home}/Downloads" + } } ``` #### policies.json (Windows) @@ -1217,6 +1232,7 @@ Value (string): { "policies": { "DefaultDownloadDirectory": "${home}\\Downloads" + } } ``` ### DisableAppUpdate @@ -2050,6 +2066,28 @@ Value (string): } } ``` +### DisableThirdPartyModuleBlocking +Do not allow blocking third-party modules from the `about:third-party` page. + +This policy only works on Windows through GPO (not policies.json). + +**Compatibility:** Firefox 110 (Windows only, GPO only)\ +**CCK2 Equivalent:** N/A\ +**Preferences Affected:** N/A + +#### Windows (GPO) +``` +Software\Policies\Mozilla\Firefox\DisableThirdPartyModuleBlocking = = 0x1 | 0x0 +``` +#### Windows (Intune) +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableThirdPartyModuleBlocking +``` +Value (string): +``` + or +``` ### DisplayBookmarksToolbar Set the initial state of the bookmarks toolbar. A user can still change how it is displayed. @@ -2088,7 +2126,7 @@ Value (string): ``` { "policies": { - "DisplayBookmarksToolbar": always | never | newtab + "DisplayBookmarksToolbar": "always" | "never" | "newtab" } } ``` @@ -2377,6 +2415,8 @@ If `Cryptomining` is set to true, cryptomining scripts on websites are blocked. If `Fingerprinting` is set to true, fingerprinting scripts on websites are blocked. +If `EmailTracking` is set to true, hidden email tracking pixels and scripts on websites are blocked. (Firefox 112) + `Exceptions` are origins for which tracking protection is not enabled. **Compatibility:** Firefox 60, Firefox ESR 60 (Cryptomining and Fingerprinting added in 70/68.2, Exceptions added in 73/68.5)\ @@ -4555,6 +4595,7 @@ spellchecker. (Firefox 84, Firefox ESR 78.6) toolkit.legacyUserProfileCustomizations.stylesheets (Firefox 95, Firefox ESR 91.4) ui. widget. +xpinstall.signatures.required (Firefox ESR 102.10, Firefox ESR only) ``` as well as the following security preferences: | Preference | Type | Default @@ -4565,12 +4606,16 @@ as well as the following security preferences: |     If set to true, adds the words "Not Secure" for insecure sites. | security.insecure_connection_text.pbmode.enabled | bool | false |     If set to true, adds the words "Not Secure" for insecure sites in private browsing. -| security.insecure_field_warning.contextual.enabled | bool | true -|     If set to false, remove the warning for inscure login fields. | security.mixed_content.block_active_content | boolean | true |     If false, mixed active content (HTTP and HTTPS) is not blocked. | security.osclientcerts.autoload | boolean | false |     If true, client certificates are loaded from the operating system certificate store. +| security.OCSP.enabled | integer | 1 +|     If 0, do not fetch OCSP. If 1, fetch OCSP for DV and EV certificates. If 2, fetch OCSP only for EV certificates +| security.OCSP.require | boolean | false +|      If true, if an OCSP request times out, the connection fails. +| security.ssl.enable_ocsp_stapling | boolean | true +|      If false, OCSP stapling is not enabled. | security.ssl.errorReporting.enabled | boolean | true |     If false, SSL errors cannot be sent to Mozilla. | security.tls.enable_0rtt_data | boolean | true @@ -4978,8 +5023,98 @@ Software\Policies\Mozilla\Firefox\Proxy\AutoLogin = 0x1 | 0x0 Software\Policies\Mozilla\Firefox\Proxy\UseProxyForDNS = 0x1 | 0x0 ``` #### Windows (Intune) +**Note** +These setttings were moved to a category to make them easier to configure via Intune. + OMA-URI: ``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~ProxySettings/Proxy_Locked +``` +Value (string): +``` + or +``` +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~ProxySettings/Proxy_ConnectionType +``` +Value (string): +``` + + +``` +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~ProxySettings/Proxy_HTTPProxy +``` +Value (string): +``` + + +``` +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~ProxySettings/Proxy_UseHTTPProxyForAllProtocols +``` +Value (string): +``` + or +``` +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~ProxySettings/Proxy_SSLProxy +``` +Value (string): +``` + + +``` +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~ProxySettings/Proxy_SOCKSProxy +``` +Value (string): +``` + + + +``` +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~ProxySettings/Proxy_AutoConfigURL +``` +Value (string): +``` + + +``` +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~ProxySettings/Proxy_Passthrough +``` +Value (string): +``` + + +``` +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~ProxySettings/Proxy_AutoLogin +``` +Value (string): +``` + or +``` +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~ProxySettings/Proxy_UseProxyForDNS +``` +Value (string): +``` + or +``` +OMA-URI (Old way): +``` ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/Proxy ``` Value (string): @@ -4987,11 +5122,11 @@ Value (string): - + - - - + + +