X-Git-Url: https://git.p6c8.net/policy-templates.git/blobdiff_plain/b41d108e4dad11d1ecb31f866862d932835095f8..e6004dfe64fc363423d3960d73c7bb82e3e4d5bc:/docs/index.md
diff --git a/docs/index.md b/docs/index.md
index a8304cb..b3af8a1 100644
--- a/docs/index.md
+++ b/docs/index.md
@@ -71,6 +71,7 @@ Unfortunately, JSON files do not support comments, but you can add extra entries
| **[`ExtensionSettings`](#extensionsettings)** | Manage all aspects of extensions.
| **[`ExtensionUpdate`](#extensionupdate)** | Control extension updates.
| **[`FirefoxHome`](#firefoxhome)** | Customize the Firefox Home page.
+| **[`FirefoxSuggest`](#firefoxsuggest)** | Customize Firefox Suggest.
| **[`GoToIntranetSiteForSingleWordEntryInAddressBar`](#gotointranetsiteforsinglewordentryinaddressbar)** | Force direct intranet site navigation instead of searching when typing single word entries in the address bar.
| **[`Handlers`](#handlers)** | Configure default application handlers.
| **[`HardwareAcceleration`](#hardwareacceleration)** | Control hardware acceleration.
@@ -97,6 +98,7 @@ Unfortunately, JSON files do not support comments, but you can add extra entries
| **[`PopupBlocking`](#popupblocking)** | Configure the default pop-up window policy as well as origins for which pop-up windows are allowed.
| **[`Preferences`](#preferences)** | Set and lock preferences.
| **[`PrimaryPassword`](#primarypassword)** | Require or prevent using a primary (formerly master) password.
+| **[`PrintingEnabled`](#printingenabled)** | Enable or disable printing.
| **[`PromptForDownloadLocation`](#promptfordownloadlocation)** | Ask where to save each file before downloading.
| **[`Proxy`](#proxy)** | Configure proxy settings.
| **[`RequestedLocales`](#requestedlocales)** | Set the the list of requested locales for the application in order of preference.
@@ -585,6 +587,8 @@ If set to false, the application will not try to install updates when the applic
If you have disabled updates via `DisableAppUpdate` or disabled automatic updates via `AppAutoUpdate`, this policy has no effect.
+If you are having trouble getting the background task to run, verify your configuration with the ["Requirements to run" section in this support document](https://support.mozilla.org/en-US/kb/enable-background-updates-firefox-windows).
+
**Compatibility:** Firefox 90 (Windows only)\
**CCK2 Equivalent:** N/A\
**Preferences Affected:** `app.update.background.enabled`
@@ -1977,6 +1981,8 @@ Prevent the user from bypassing security in certain cases.
`SafeBrowsing` prevents selecting "ignore the risk" and visiting a harmful site anyway.
+These policies only affect what happens when an error is shown, they do not affect any settings in preferences.
+
**Compatibility:** Firefox 60, Firefox ESR 60\
**CCK2 Equivalent:** N/A\
**Preferences Affected:** `security.certerror.hideAddException`, `browser.safebrowsing.allowOverride`
@@ -2255,7 +2261,9 @@ Configure DNS over HTTPS.
`ExcludedDomains` excludes domains from DNS over HTTPS.
-**Compatibility:** Firefox 63, Firefox ESR 68 (ExcludedDomains added in 75/68.7)\
+`Fallback` determines whether or not Firefox will use your default DNS resolver if there is a problem with the secure DNS provider.
+
+**Compatibility:** Firefox 63, Firefox ESR 68 (ExcludedDomains added in 75/68.7) (Fallback added in 124)\
**CCK2 Equivalent:** N/A\
**Preferences Affected:** `network.trr.mode`, `network.trr.uri`
@@ -2265,6 +2273,7 @@ Software\Policies\Mozilla\Firefox\DNSOverHTTPS\Enabled = 0x1 | 0x0
Software\Policies\Mozilla\Firefox\DNSOverHTTPS\ProviderURL = "URL_TO_ALTERNATE_PROVIDER"
Software\Policies\Mozilla\Firefox\DNSOverHTTPS\Locked = 0x1 | 0x0
Software\Policies\Mozilla\Firefox\DNSOverHTTPS\ExcludedDomains\1 = "example.com"
+Software\Policies\Mozilla\Firefox\DNSOverHTTPS\Fallback = 0x1 | 0x0
```
#### Windows (Intune)
OMA-URI:
@@ -2301,6 +2310,14 @@ Value (string):
```
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~DNSOverHTTPS/DNSOverHTTPS_Fallback
+```
+Value (string):
+```
+ or
+```
#### macOS
```
@@ -2316,6 +2333,8 @@ Value (string):
example.com
+ Fallback
+ |
```
@@ -2327,7 +2346,8 @@ Value (string):
"Enabled": true | false,
"ProviderURL": "URL_TO_ALTERNATE_PROVIDER",
"Locked": true | false,
- "ExcludedDomains": ["example.com"]
+ "ExcludedDomains": ["example.com"],
+ "Fallback": true | false,
}
}
}
@@ -2648,7 +2668,9 @@ Value (string):
### Extensions
Control the installation, uninstallation and locking of extensions.
-While this policy is not technically deprecated, it is recommended that you use the **[`ExtensionSettings`](#extensionsettings)** policy. It has the same functionality and adds more. It does not support native paths, though, so you'll have to use file:/// URLs.
+We strongly recommend that you use the **[`ExtensionSettings`](#extensionsettings)** policy. It has the same functionality and adds more. It does not support native paths, though, so you'll have to use file:/// URLs.
+
+This method will be deprecated in the near future.
`Install` is a list of URLs or native paths for extensions to be installed.
@@ -2895,7 +2917,7 @@ Value (string):
### FirefoxHome
Customize the Firefox Home page.
-**Compatibility:** Firefox 68, Firefox ESR 68 (SponsoredTopSites and SponsoredPocket were added in Firefox 95, Firefox ESR 91.4)
+**Compatibility:** Firefox 68, Firefox ESR 68 (SponsoredTopSites and SponsoredPocket were added in Firefox 95, Firefox ESR 91.4, Snippets was deprecated in Firefox 122)
**CCK2 Equivalent:** N/A\
**Preferences Affected:** `browser.newtabpage.activity-stream.showSearch`, `browser.newtabpage.activity-stream.feeds.topsites`, `browser.newtabpage.activity-stream.feeds.section.highlights`, `browser.newtabpage.activity-stream.feeds.section.topstories`, `browser.newtabpage.activity-stream.feeds.snippets`, `browser.newtabpage.activity-stream.showSponsoredTopSites`, `browser.newtabpage.activity-stream.showSponsored`
@@ -2968,6 +2990,82 @@ Value (string):
}
}
```
+### FirefoxSuggest
+Customize Firefox Suggest (US only).
+
+**Compatibility:** Firefox 118, Firefox ESR 115.3.
+**CCK2 Equivalent:** N/A\
+**Preferences Affected:** `browser.urlbar.suggest.quicksuggest.nonsponsored`, `browser.urlbar.suggest.quicksuggest.sponsored`, `browser.urlbar.quicksuggest.dataCollection.enabled`
+
+#### Windows (GPO)
+```
+Software\Policies\Mozilla\Firefox\FirefoxSuggest\WebSuggestions = 0x1 | 0x0
+Software\Policies\Mozilla\Firefox\FirefoxSuggest\SponsoredSuggestions = 0x1 | 0x0
+Software\Policies\Mozilla\Firefox\FirefoxSuggest\ImproveSuggest = 0x1 | 0x0
+Software\Policies\Mozilla\Firefox\FirefoxSuggest\Locked = 0x1 | 0x0
+```
+#### Windows (Intune)
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~FirefoxSuggest/WebSuggestions
+```
+Value (string):
+```
+ or
+```
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~FirefoxSuggest/SponsoredSuggestions
+```
+Value (string):
+```
+ or
+```
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~FirefoxSuggest/ImproveSuggest
+```
+Value (string):
+```
+ or
+```
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~FirefoxSuggest/Locked
+```
+Value (string):
+```
+ or
+```
+#### macOS
+```
+
+ FirefoxSuggest
+
+ WebSuggestions
+ |
+ SponsoredSuggestions
+ |
+ ImproveSuggest
+ |
+ Locked
+ |
+
+
+```
+#### policies.json
+```
+{
+ "policies": {
+ "FirefoxSuggest": {
+ "WebSuggestions": true | false,
+ "SponsoredSuggestions": true | false,
+ "ImproveSuggest": true | false,
+ "Locked": true | false
+ }
+ }
+}
+```
### GoToIntranetSiteForSingleWordEntryInAddressBar
Whether to always go through the DNS server before sending a single word search string to a search engine.
@@ -4049,7 +4147,7 @@ Note: DisableBuiltinPDFViewer has not been deprecated. You can either continue t
**Compatibility:** Firefox 77, Firefox ESR 68.9\
**CCK2 Equivalent:** N/A\
-**Preferences Affected:** `pdfjs.diabled`, `pdfjs.enablePermissions`
+**Preferences Affected:** `pdfjs.disabled`, `pdfjs.enablePermissions`
#### Windows (GPO)
```
@@ -4501,7 +4599,8 @@ Previously you could only set and lock a subset of preferences. Starting with Fi
Preferences that start with the following prefixes are supported:
```
accessibility.
-app.update.* (Firefox 86, Firefox 78.8)
+alerts.* (Firefox 122, Firefox ESR 115.7)
+app.update.* (Firefox 86, Firefox ESR 78.8)
browser.
datareporting.policy.
dom.
@@ -4518,6 +4617,7 @@ media.
network.
pdfjs. (Firefox 84, Firefox ESR 78.6)
places.
+pref.
print.
signon. (Firefox 83, Firefox ESR 78.5)
spellchecker. (Firefox 84, Firefox ESR 78.6)
@@ -4525,6 +4625,7 @@ toolkit.legacyUserProfileCustomizations.stylesheets (Firefox 95, Firefox ESR 91.
ui.
widget.
xpinstall.signatures.required (Firefox ESR 102.10, Firefox ESR only)
+xpinstall.whitelist.required (Firefox 118, Firefox ESR 115.3)
```
as well as the following security preferences:
@@ -4532,6 +4633,10 @@ as well as the following security preferences:
| --- | --- | --- |
| security.default_personal_cert | string | Ask Every Time
| If set to Select Automatically, Firefox automatically chooses the default personal certificate.
+| security.disable_button.openCertManager | string | N/A
+| If set to true and locked, the View Certificates button in preferences is disabled (Firefox 121, Firefox ESR 115.6)
+| security.disable_button.openDeviceManager | string | N/A
+| If set to true and locked, the Security Devices button in preferences is disabled (Firefox 121, Firefox ESR 115.6)
| security.insecure_connection_text.enabled | bool | false
| If set to true, adds the words "Not Secure" for insecure sites.
| security.insecure_connection_text.pbmode.enabled | bool | false
@@ -4541,21 +4646,23 @@ as well as the following security preferences:
| security.osclientcerts.autoload | boolean | false
| If true, client certificates are loaded from the operating system certificate store.
| security.OCSP.enabled | integer | 1
-| If 0, do not fetch OCSP. If 1, fetch OCSP for DV and EV certificates. If 2, fetch OCSP only for EV certificates
+| If 0, do not fetch OCSP. If 1, fetch OCSP for DV and EV certificates. If 2, fetch OCSP only for EV certificates.
| security.OCSP.require | boolean | false
| If true, if an OCSP request times out, the connection fails.
| security.osclientcerts.assume_rsa_pss_support | boolean | true
-| If false, we don't assume an RSA key can do RSA-PSS (Firefox 114, Firefox ESR 102.12).
+| If false, we don't assume an RSA key can do RSA-PSS. (Firefox 114, Firefox ESR 102.12)
| security.ssl.enable_ocsp_stapling | boolean | true
| If false, OCSP stapling is not enabled.
| security.ssl.errorReporting.enabled | boolean | true
| If false, SSL errors cannot be sent to Mozilla.
+| security.ssl.require_safe_negotiation | boolean | false
+| If true, Firefox will only negotiate TLS connections with servers that indicate they support secure renegotiation. (Firefox 118, Firefox ESR 115.3)
| security.tls.enable_0rtt_data | boolean | true
-| If false, TLS early data is turned off (Firefox 93, Firefox 91.2, Firefox 78.15).
+| If false, TLS early data is turned off. (Firefox 93, Firefox 91.2, Firefox 78.15)
| security.tls.hello_downgrade_check | boolean | true
| If false, the TLS 1.3 downgrade check is disabled.
| security.tls.version.enable-deprecated | boolean | false
-| If true, browser will accept TLS 1.0. and TLS 1.1 (Firefox 86, Firefox 78.8).
+| If true, browser will accept TLS 1.0. and TLS 1.1. (Firefox 86, Firefox 78.8)
| security.warn_submit_secure_to_insecure | boolean | true
| If false, no warning is shown when submitting a form from https to http.
@@ -4572,6 +4679,8 @@ Using the preference as the key, set the `Value` to the corresponding preference
`"user"` preferences persist even if the policy is removed, so if you need to remove them, you should use the clear policy.
+You can also set the `Type` starting in Firefox 123 and Firefox ESR 115.8. It can be `number`, `boolean` or `string`. This is especially useful if you are seeing 0 or 1 values being converted to booleans when set as user preferences.
+
See the examples below for more detail.
IMPORTANT: Make sure you're only setting a particular preference using this mechanism and not some other way.
@@ -4587,7 +4696,9 @@ Software\Policies\Mozilla\Firefox\Preferences (REG_MULTI_SZ) =
{
"accessibility.force_disabled": {
"Value": 1,
- "Status": "default"
+ "Status": "default",
+ "Type": "number"
+
},
"browser.cache.disk.parent_directory": {
"Value": "SOME_NATIVE_PATH",
@@ -4611,7 +4722,8 @@ Value (string):
{
"accessibility.force_disabled": {
"Value": 1,
- "Status": "default"
+ "Status": "default",
+ "Type": "number"
},
"browser.cache.disk.parent_directory": {
"Value": "SOME_NATIVE_PATH",
@@ -4634,6 +4746,8 @@ Value (string):
1
Status
default
+ Type
+ number
browser.cache.disk.parent_directory
@@ -4660,6 +4774,7 @@ Value (string):
"accessibility.force_disabled": {
"Value": 1,
"Status": "default"
+ "Type": "number"
},
"browser.cache.disk.parent_directory": {
"Value": "SOME_NATIVE_PATH",
@@ -4712,6 +4827,41 @@ Value (string):
}
}
```
+### PrintingEnabled
+Enable or disable printing.
+
+**Compatibility:** Firefox 120, Firefox ESR 115.5\
+**CCK2 Equivalent:** N/A\
+**Preferences Affected:** `print.enabled`
+
+#### Windows (GPO)
+```
+Software\Policies\Mozilla\Firefox\PrintingEnabled = 0x1 | 0x0
+```
+#### Windows (Intune)
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/PrintingEnabled
+```
+Value (string):
+```
+ or
+```
+#### macOS
+```
+
+ PrintingEnabled
+ |
+
+```
+#### policies.json
+```
+{
+ "policies": {
+ "PrintingEnabled": true | false
+ }
+}
+```
### PromptForDownloadLocation
Ask where to save each file before downloading.
@@ -4785,7 +4935,7 @@ Unless you lock this policy, changes the user already has in place will take eff
```
Software\Policies\Mozilla\Firefox\Proxy\Mode = "none" | "system" | "manual" | "autoDetect" | "autoConfig"
Software\Policies\Mozilla\Firefox\Proxy\Locked = 0x1 | 0x0
-Software\Policies\Mozilla\Firefox\=Proxy\HTTPProxy = https://httpproxy.example.com
+Software\Policies\Mozilla\Firefox\Proxy\HTTPProxy = https://httpproxy.example.com
Software\Policies\Mozilla\Firefox\Proxy\UseHTTPProxyForAllProtocols = 0x1 | 0x0
Software\Policies\Mozilla\Firefox\Proxy\SSLProxy = https://sslproxy.example.com
Software\Policies\Mozilla\Firefox\Proxy\FTPProxy = https://ftpproxy.example.com