X-Git-Url: https://git.p6c8.net/policy-templates.git/blobdiff_plain/b10febf1ae7a153675b06088d6feac1e9f7d1f4f..3c85b145fec6af481d813785d814807cc3a3cb1a:/README.md?ds=sidebyside diff --git a/README.md b/README.md index 21ef1ad..34ffce1 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ **IMPORTANT**: This file is in active development along with the policies in Firefox. To get the policy information that corresponds to a specific release, go to https://github.com/mozilla/policy-templates/releases. -Policies can either be specified using the Group Policy templates or by creating a file called `policies.json`. On Windows, create a directory called `distribution` where the EXE is located and place the file there. On Mac, the file goes into `Firefox.app/Contents/Resources/distribution`. On Linux, the file goes into `firefox/distribution`, where `firefox` is the installation directory for firefox, which varies by distribution. +Policies can be specified using the Group Policy templates on Windows (https://github.com/mozilla/policy-templates/tree/master/windows), configuration profiles on macOS (https://github.com/mozilla/policy-templates/tree/master/mac), or by creating a file called `policies.json`. On Windows, create a directory called `distribution` where the EXE is located and place the file there. On Mac, the file goes into `Firefox.app/Contents/Resources/distribution`. On Linux, the file goes into `firefox/distribution`, where `firefox` is the installation directory for firefox, which varies by distribution. The content of the JSON file should look like this: ``` @@ -95,8 +95,30 @@ same folder name are grouped together. } } ``` +### CaptivePortal +This policy enables or disables captive portal support by setting and locking the preference `network.captive-portal-service.enabled`. +``` +{ + "policies": { + "CaptivePortal": [true|false] +} +``` ### Certificates -This policy can be used to install certificates or to read certificates from the system certificate store on Mac and Windows. Certificates can be located in the following locations: +This policy can be used to install certificates or to read certificates from the system certificate store on Mac and Windows. + +The ImportEnterpriseRoots key will cause Firefox to import 3rd party certificates that have been added by a user administrator from the system certificate store. +It does not import all certificates. These certificates will not display in the Firefox certificates manager. + +The Install Certificates key by default will search for certificates in the locations listed below. +Starting in Firefox 65 you can specify a fully qualified path including UNC. (See cert3.der and cert4.pem, in example). + +**Be advised if you wish to load a certificate from a UNC path you must use double backslashes.** +Example: \\\\SERVER\\CERTS\\CERT5.PEM + + +If Firefox does not find something at your fully qualified path, it will search the default directories. + +Certificates can be located in the following locations: - Windows - %USERPROFILE%\AppData\Local\Mozilla\Certificates - %USERPROFILE%\AppData\Roaming\Mozilla\Certificates @@ -107,15 +129,14 @@ This policy can be used to install certificates or to read certificates from the - /usr/lib/mozilla/certificates - /usr/lib64/mozilla/certificates - ~/.mozilla/certificates - -In Firefox 65, you can specify a fully qualified path. + ``` { "policies": { "Certificates": { "ImportEnterpriseRoots": true, - "Install": ["cert1.der", "cert2.pem"] + "Install": ["cert1.der", "cert2.pem", "%SYSTEMDRIVE%\\Company\\cert3.der", "/Library/Company/cert4.pem", "\\\\server\\certs\\cert.pem"] } } } @@ -384,6 +405,15 @@ For Uninstall and Locked, you specify extension IDs. "Uninstall": ["addon_id@mozilla.org"], "Locked": ["addon_id@mozilla.org"] } + } +} +``` +### ExtensionUpdate +This policy enables or disables extension updates by setting and locking the preference `extensions.update.enabled`. +``` +{ + "policies": { + "ExtensionUpdate": [true|false] } ``` ### HardwareAcceleration @@ -469,6 +499,14 @@ This policy sets the behavior of Flash on the specified domains, as well as the } } ``` +### NetworkPrediction +This policy enables or disables network prediction (DNS prefetching) by setting and locking the preferences `network.dns.disablePrefetch` and `network.dns.disablePrefetchFromHTTPS`. +``` +{ + "policies": { + "NetworkPrediction": [true|false] +} +``` ### OverrideFirstRunPage This policy allows you to override the first run page. If you leave the URL blank, the first run page will not be displayed. ``` @@ -618,3 +656,22 @@ This policy allows you to add PKCS #11 Modules } } ``` +### SSLVersionMin +This policy allows you to set the minimum TLS version. +``` +{ + "policies": { + "SSSLVersionMin": ["tls1", "tls1.1", "tls1.2",. "tls1.3"] + } +} + +``` +### SSLVersionMax +This policy allows you to set the maximum TLS version. +``` +{ + "policies": { + "SSSLVersionMax": ["tls1", "tls1.1", "tls1.2",. "tls1.3"] + } +} +```