X-Git-Url: https://git.p6c8.net/policy-templates.git/blobdiff_plain/be2fe5f606949f1244b7e9def410d5ee18216761..a2c63af36e3b9f0b99491d84126c84c5828ab136:/README.md?ds=inline diff --git a/README.md b/README.md index 4acb0f4..906d748 100644 --- a/README.md +++ b/README.md @@ -19,8 +19,6 @@ Policies can be specified using the [Group Policy templates on Windows](https:// | **[`Certificates -> ImportEnterpriseRoots`](#certificates--importenterpriseroots)** | Trust certificates that have been added to the operating system certificate store by a user or administrator. | **[`Certificates -> Install`](#certificates--install)** | Install certificates into the Firefox certificate store. | **[`Cookies`](#cookies)** | Configure cookie preferences. -| **[`DisableSetDesktopBackground`](#disablesetdesktopbackground)** | Remove the "Set As Desktop Background..." menuitem when right clicking on an image. -| **[`DisableMasterPasswordCreation`](#disablemasterpasswordcreation)** | Remove the master password functionality. | **[`DisableAppUpdate`](#disableappupdate)** | Turn off application updates. | **[`DisableBuiltinPDFViewer`](#disablebuiltinpdfviewer)** | Disable the built in PDF viewer. | **[`DisabledCiphers`](#disabledciphers)** | Disable ciphers. @@ -32,6 +30,7 @@ Policies can be specified using the [Group Policy templates on Windows](https:// | **[`DisableFirefoxStudies`](#disablefirefoxstudies)** | Disable Firefox studies (Shield). | **[`DisableForgetButton`](#disableforgetbutton)** | Disable the "Forget" button. | **[`DisableFormHistory`](#disableformhistory)** | Turn off saving information on web forms and the search bar. +| **[`DisableMasterPasswordCreation`](#disablemasterpasswordcreation)** | Remove the master password functionality. | **[`DisablePasswordReveal`](#disablepasswordreveal)** | Do not allow passwords to be revealed in saved logins. | **[`DisablePocket`](#disablepocket)** | Remove Pocket in the Firefox UI. | **[`DisablePrivateBrowsing`](#disableprivatebrowsing)** | Remove access to private browsing. @@ -39,6 +38,7 @@ Policies can be specified using the [Group Policy templates on Windows](https:// | **[`DisableProfileRefresh`](#disableprofilerefresh)** | Disable the Refresh Firefox button on about:support and support.mozilla.org | **[`DisableSafeMode`](#disablesafemode)** | Disable safe mode within the browser. | **[`DisableSecurityBypass`](#disablesecuritybypass)** | Prevent the user from bypassing security in certain cases. +| **[`DisableSetDesktopBackground`](#disablesetdesktopbackground)** | Remove the "Set As Desktop Background..." menuitem when right clicking on an image. | **[`DisableSystemAddonUpdate`](#disablesystemaddonupdate)** | Prevent system add-ons from being installed or update. | **[`DisableTelemetry`](#disabletelemetry)** | DisableTelemetry | **[`DisplayBookmarksToolbar`](#displaybookmarkstoolbar)** | Set the initial state of the bookmarks toolbar. @@ -62,6 +62,7 @@ Policies can be specified using the [Group Policy templates on Windows](https:// | **[`InstallAddonsPermission`](#installaddonspermission)** | Configure the default extension install policy as well as origins for extension installs are allowed. | **[`LegacyProfiles`](#legacyprofiles)** | Disable the feature enforcing a separate profile for each installation. | **[`LocalFileLinks`](#localfilelinks)** | Enable linking to local files by origin. +| **[`PrimaryPassword`](#primarypassword)** | Require or prevent using a primary (formerly master) password. | **[`NetworkPrediction`](#networkprediction)** | Enable or disable network prediction (DNS prefetching). | **[`NewTabPage`](#newtabpage)** | Enable or disable the New Tab page. | **[`NoDefaultBookmarks`](#nodefaultbookmarks)** | Disable the creation of default bookmarks. @@ -679,6 +680,8 @@ Configure cookie preferences. `Allow` is a list of origins (not domains) where cookies are always allowed. You must include http or https. +`AllowSession` is a list of origins (not domains) where cookies are only allowed for the current session. You must include http or https. + `Block` is a list of origins (not domains) where cookies are always blocked. You must include http or https. `Default` determines whether cookies are accepted at all. @@ -691,13 +694,14 @@ Configure cookie preferences. `Locked` prevents the user from changing cookie preferences. -**Compatibility:** Firefox 60, Firefox ESR 60 (RejectTracker was added in Firefox 63)\ +**Compatibility:** Firefox 60, Firefox ESR 60 (RejectTracker added in Firefox 63, AllowSession added in Firefox 79/78.1)\ **CCK2 Equivalent:** N/A\ **Preferences Affected:** `network.cookie.cookieBehavior`,`network.cookie.lifetimePolicy` #### Windows (GPO) ``` Software\Policies\Mozilla\Firefox\Cookies\Allow\1 = "https://example.com" +Software\Policies\Mozilla\Firefox\Cookies\AllowSession\1 = "https://example.edu" Software\Policies\Mozilla\Firefox\Cookies\Block\1 = "https://example.org" Software\Policies\Mozilla\Firefox\Cookies\Default = 0x1 | 0x0 Software\Policies\Mozilla\Firefox\Cookies\AcceptThirdParty = "always" | "never" | "from-visited" @@ -717,6 +721,15 @@ Value (string): ``` OMA-URI: ``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Cookies/Cookies_AllowSession +``` +Value (string): +``` + + +``` +OMA-URI: +``` ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Cookies/Cookies_Block ``` Value (string): @@ -774,6 +787,10 @@ Value (string): http://example.com + AllowSession + + http://example.edu + Block http://example.org @@ -797,6 +814,7 @@ Value (string): "policies": { "Cookies": { "Allow": ["http://example.org/"], + "AllowSession": ["http://example.edu/"], "Block": ["http://example.edu/"], "Default": true | false, "AcceptThirdParty": "always" | "never" | "from-visited", @@ -845,6 +863,10 @@ Value (string): ### DisableMasterPasswordCreation Remove the master password functionality. +If this value is true, it works the same as setting [`PrimaryPassword`](#primarypassword) to false and removes the primary password functionality. + +If both DisableMasterPasswordCreation and PrimaryPassword are used, DisableMasterPasswordCreation takes precedent. + **Compatibility:** Firefox 60, Firefox ESR 60\ **CCK2 Equivalent:** `noMasterPassword`\ **Preferences Affected:** N/A @@ -2003,15 +2025,43 @@ Software\Policies\Mozilla\Firefox\EnableTrackingProtection\Exceptions\1 = "https #### Windows (Intune) OMA-URI: ``` -./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/TrackingProtection +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~TrackingProtection/A_TrackingProtection_Value ``` Value (string): ``` - - - - - + or +``` +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~TrackingProtection/B_TrackingProtection_Cryptomining +``` +Value (string): +``` + or +``` +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~TrackingProtection/C_TrackingProtection_Fingerprinting +``` +Value (string): +``` + or +``` +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~TrackingProtection/D_TrackingProtection_Exceptions +``` +Value (string): +``` + +``` +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~TrackingProtection/E_TrackingProtection_Locked +``` +Value (string): +``` + or ``` #### macOS ``` @@ -2243,6 +2293,7 @@ Value (string): ``` + } +}'/> ``` #### macOS ``` @@ -2329,7 +2381,7 @@ Software\Policies\Mozilla\Firefox\ExtensionUpdate = 0x1 | 0x0 #### Windows (Intune) OMA-URI: ``` -./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/ExtensionUpdate +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Extensions/ExtensionUpdate ``` Value (string): ``` @@ -2456,7 +2508,7 @@ Within each handler type, you specify the given mimeType/extension/scheme as a k #### Windows (GPO) ``` -Software\Policies\Mozilla\Firefox\ExtensionSettings (REG_MULTI_SZ) = +Software\Policies\Mozilla\Firefox\Handlers (REG_MULTI_SZ) = { "mimeTypes": { "application/msword": { @@ -2584,30 +2636,34 @@ Value (string): #### policies.json ``` { - "mimeTypes": { - "application/msword": { - "action": "useSystemDefault", - "ask": false - } - }, - "schemes": { - "mailto": { - "action": "useHelperApp", - "ask": true | false, - "handlers": [{ - "name": "Gmail", - "uriTemplate": "https://mail.google.com/mail/?extsrc=mailto&url=%s" - }] - } - }, - "extensions": { - "pdf": { - "action": "useHelperApp", - "ask": true | false, - "handlers": [{ - "name": "Adobe Acrobat", - "path": "/usr/bin/acroread" - }] + "policies": { + "Handlers": { + "mimeTypes": { + "application/msword": { + "action": "useSystemDefault", + "ask": false + } + }, + "schemes": { + "mailto": { + "action": "useHelperApp", + "ask": true | false, + "handlers": [{ + "name": "Gmail", + "uriTemplate": "https://mail.google.com/mail/?extsrc=mailto&url=%s" + }] + } + }, + "extensions": { + "pdf": { + "action": "useHelperApp", + "ask": true | false, + "handlers": [{ + "name": "Adobe Acrobat", + "path": "/usr/bin/acroread" + }] + } + } } } } @@ -2932,6 +2988,45 @@ Value (string): } } ``` +### PrimaryPassword +Require or prevent using a primary (formerly master) password. + +If this value is true, a primary password is required. If this value is false, it works the same as if [`DisableMasterPasswordCreation`](#disablemasterpasswordcreation) was true and removes the primary password functionality. + +If both DisableMasterPasswordCreation and PrimaryPassword are used, DisableMasterPasswordCreation takes precedent. + +**Compatibility:** Firefox 79, Firefox ESR 78.1\ +**CCK2 Equivalent:** `noMasterPassword`\ +**Preferences Affected:** N/A + +#### Windows (GPO) +``` +Software\Policies\Mozilla\Firefox\PrimaryPassword = 0x1 | 0x0 +``` +#### Windows (Intune) +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/PrimaryPassword +``` +Value (string): +``` + or +``` +#### macOS +``` + + PrimaryPassword + | + +``` +#### policies.json +``` +{ + "policies": { + "PrimaryPassword": true | false + } +} +``` ### NetworkPrediction Enable or disable network prediction (DNS prefetching). @@ -3263,7 +3358,7 @@ Value (string): } ``` ### Permissions -Set permissions associated with camera, microphone, location, notifications, and autoplay. Because these are origins, not domains, entries with unique ports must be specified separately. See examples below. +Set permissions associated with camera, microphone, location, notifications, autoplay, and virtual reality. Because these are origins, not domains, entries with unique ports must be specified separately. See examples below. `Allow` is a list of origins where the feature is allowed. @@ -3275,9 +3370,9 @@ Set permissions associated with camera, microphone, location, notifications, and `Default` specifies the default value for Autoplay. block-audio-video is not supported on Firefox ESR 68. -**Compatibility:** Firefox 62, Firefox ESR 60.2 (Autoplay added in Firefox 74, Firefox ESR 68.6, Autoplay Default/Locked added in Firefox 76, Firefox ESR 68.8)\ +**Compatibility:** Firefox 62, Firefox ESR 60.2 (Autoplay added in Firefox 74, Firefox ESR 68.6, Autoplay Default/Locked added in Firefox 76, Firefox ESR 68.8, VirtualReality added in Firefox 80, Firefox ESR 78.2)\ **CCK2 Equivalent:** N/A\ -**Preferences Affected:** `permissions.default.camera`,`permissions.default.microphone`,`permissions.default.geo`,`permissions.default.desktop-notification`,`media.autoplay.default` +**Preferences Affected:** `permissions.default.camera`,`permissions.default.microphone`,`permissions.default.geo`,`permissions.default.desktop-notification`,`media.autoplay.default`.`permissions.default.xr` #### Windows (GPO) ``` @@ -3302,6 +3397,10 @@ Software\Policies\Mozilla\Firefox\Permissions\Autoplay\Allow\1 = "https://exampl Software\Policies\Mozilla\Firefox\Permissions\Autoplay\Block\1 = "https://example.edu" Software\Policies\Mozilla\Firefox\Permissions\Autoplay\Default = "allow-audio-video" | "block-audio" | "block-audio-video" Software\Policies\Mozilla\Firefox\Permissions\Autoplay\Locked = 0x1 | 0x0 +Software\Policies\Mozilla\Firefox\Permissions\VirtualReality\Allow\1 = "https://example.org" +Software\Policies\Mozilla\Firefox\Permissions\VirtualReality\Block\1 = "https://example.edu" +Software\Policies\Mozilla\Firefox\Permissions\VirtualReality\BlockNewRequests = 0x1 | 0x0 +Software\Policies\Mozilla\Firefox\Permissions\VirtualReality\Locked = 0x1 | 0x0 ``` #### Windows (Intune) OMA-URI: @@ -3380,6 +3479,40 @@ Value (string): ``` or ``` +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Notifications/VirtualReality_Allow +``` +Value (string): +``` + + +``` +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Notifications/VirtualReality_Block +``` +Value (string): +``` + + +``` +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Notifications/VirtualReality_BlockNewRequests +``` +Value (string): +``` + or +``` +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Notifications/VirtualReality_Locked +``` +Value (string): +``` + or +``` #### macOS ``` @@ -3698,7 +3831,10 @@ Set and lock certain preferences. |     If false, the Widevine plugin is not downloaded. | media.peerconnection.enabled | boolean | Firefox 72, Firefox ESR 68.4 | true |     If false, WebRTC is disabled -| media.peerconnection.ice.obfuscate_host_addresses.whitelist | string | Firefox 72, Firefox ESR 68.4 | N/A +| media.peerconnection.ice.obfuscate_host_addresses.whitelist (Deprecated) | string | Firefox 72, Firefox ESR 68.4 | N/A +|     If set, a list of domains for which mDNS hostname obfuscation is +disabled +| media.peerconnection.ice.obfuscate_host_addresses.blocklist | string | Firefox 79, Firefox ESR 78.1 | N/A |     If set, a list of domains for which mDNS hostname obfuscation is disabled | network.dns.disableIPv6 | boolean | Firefox 68, Firefox ESR 68 | false @@ -3838,7 +3974,7 @@ To specify ports, append them to the hostnames with a colon (:). #### Windows (GPO) ``` -Software\Policies\Mozilla\Firefox\Proxy\Mode = "none", "system", "manual", "autoDetect", "autoConfig" +Software\Policies\Mozilla\Firefox\Proxy\Mode = "none" | "system" | "manual" | "autoDetect" | "autoConfig" Software\Policies\Mozilla\Firefox\Proxy\Locked = 0x1 | 0x0 Software\Policies\Mozilla\Firefox\=Proxy\HTTPProxy = https://httpproxy.example.com Software\Policies\Mozilla\Firefox\Proxy\UseHTTPProxyForAllProtocols = 0x1 | 0x0 @@ -3909,7 +4045,7 @@ Value (string): { "policies": { "Proxy": { - "Mode": "none", "system", "manual", "autoDetect", "autoConfig", + "Mode": "none" | "system" | "manual" | "autoDetect" | "autoConfig", "Locked": true | false, "HTTPProxy": "hostname", "UseHTTPProxyForAllProtocols": true | false, @@ -4380,7 +4516,7 @@ Software\Policies\Mozilla\Firefox\SearchSuggestEnabled = 0x1 | 0x0 #### Windows (Intune) OMA-URI: ``` -./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/SearchSuggestEnabled +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Search/SearchSuggestEnabled ``` Value (string): ``` @@ -4573,11 +4709,11 @@ Value (string): ``` ### UserMessaging -Prevent installing search engines from webpages. +Prevent Firefox from messaging the user in certain situations. `WhatsNew` Remove the "What's New" icon and menuitem. (Firefox 75 only) -`ExtensionRecommendations` Don't recommend extensions. +`ExtensionRecommendations` Don't recommend extensions while the user is visiting web pages. `FeatureRecommendations` Don't recommend browser features.