X-Git-Url: https://git.p6c8.net/policy-templates.git/blobdiff_plain/cc7920b05caeb7a80597e9de6daaf82dafa3c3a3..8bd4f068db442aa6c79fc4d2c44b4a7b289b9a78:/README.md?ds=inline
diff --git a/README.md b/README.md
index 4382301..8148a25 100644
--- a/README.md
+++ b/README.md
@@ -53,13 +53,16 @@ Policies can be specified using the Group Policy templates on Windows (https://g
| **[`HardwareAcceleration`](#hardwareacceleration)** | Control hardware acceleration.
| **[`Homepage`](#homepage)** | Configure the default homepage and how Firefox starts.
| **[`InstallAddonsPermission`](#installaddonspermission)** | Configure the default extension install policy as well as origins for extension installs are allowed.
+| **[`LegacyProfiles`](#legacyprofiles)** | Disable the feature enforcing a separate profile for each installation.
| **[`LocalFileLinks`](#localfilelinks)** | Enable linking to local files by origin.
| **[`NetworkPrediction`](#networkprediction)** | Enable or disable network prediction (DNS prefetching).
| **[`NewTabPage`](#newtabpage)** | Enable or disable the New Tab page.
| **[`NoDefaultBookmarks`](#nodefaultbookmarks)** | Disable the creation of default bookmarks.
| **[`OfferToSaveLogins`](#offertosavelogins)** | Control whether or not Firefox offers to save passwords.
+| **[`OfferToSaveLoginsDefault`](#offertosaveloginsdefault)** | Set the default value for whether or not Firefox offers to save passwords.
| **[`OverrideFirstRunPage`](#overridefirstrunpage)** | Override the first run page.
| **[`OverridePostUpdatePage`](#overridepostupdatepage)** | Override the upgrade page.
+| **[`PasswordManagerEnabled`](#passwordmanagerenabled)** | Remove (some) access to the password manager.
| **[`Permissions`](#permissions)** | Set permissions associated with camera, microphone, location, and notifications.
| **[`PopupBlocking`](#popupblocking)** | Configure the default pop-up window policy as well as origins for which pop-up windows are allowed.
| **[`Preferences`](#preferences)** | Set and lock some preferences.
@@ -114,9 +117,9 @@ Configure sites that support integrated authentication.
See https://developer.mozilla.org/en-US/docs/Mozilla/Integrated_authentication for more information.
-**Compatibility:** Firefox 60, Firefox ESR 60 (AllowNonFQDN added in 62/60.2)\
+**Compatibility:** Firefox 60, Firefox ESR 60 (AllowNonFQDN added in 62/60.2, AllowProxies added in 70/68.2)\
**CCK2 Equivalent:** N/A\
-**Preferences Affected:** `network.negotiate-auth.trusted-uris`, `network.negotiate-auth.delegation-uris`, `network.automatic-ntlm-auth.trusted-uris`, `network.automatic-ntlm-auth.allow-non-fqdn`, `network.negotiate-auth.allow-non-fqdn`
+**Preferences Affected:** `network.negotiate-auth.trusted-uris`,`network.negotiate-auth.delegation-uris`,`network.automatic-ntlm-auth.trusted-uris`,`network.automatic-ntlm-auth.allow-non-fqdn`,`network.negotiate-auth.allow-non-fqdn`,`network.automatic-ntlm-auth.allow-proxies`,`network.negotiate-auth.allow-proxies`
#### Windows
```
@@ -128,6 +131,8 @@ Software\Policies\Mozilla\Firefox\Authentication\NTLM\1 = "mydomain.com"
Software\Policies\Mozilla\Firefox\Authentication\NTLM\2 = "https://myotherdomain.com"
Software\Policies\Mozilla\Firefox\Authentication\AllowNonFQDN\SPNEGO = 0x1 | 0x0
Software\Policies\Mozilla\Firefox\Authentication\AllowNonFQDN\NTLM = 0x1 | 0x0
+Software\Policies\Mozilla\Firefox\Authentication\AllowProxies\SPNEGO = 0x1 | 0x0
+Software\Policies\Mozilla\Firefox\Authentication\AllowProxies\NTLM = 0x1 | 0x0
```
#### macOS
```
@@ -156,6 +161,13 @@ Software\Policies\Mozilla\Firefox\Authentication\AllowNonFQDN\NTLM = 0x1 | 0x0
NTLM
|
+ AllowProxies
+
+ SPNEGO
+ |
+ NTLM
+ |
+
```
@@ -170,6 +182,10 @@ Software\Policies\Mozilla\Firefox\Authentication\AllowNonFQDN\NTLM = 0x1 | 0x0
"AllowNonFQDN": {
"SPNEGO": true | false,
"NTLM": true | false
+ },
+ "AllowProxies": {
+ "SPNEGO": true | false,
+ "NTLM": true | false
}
}
}
@@ -1239,14 +1255,20 @@ If `Value` is set to false, tracking protection is disabled and locked in both t
If `Value` is set to true, tracking protection is enabled by default in both the regular browser and private browsing and the `Locked` value determines whether or not a user can change it.
-**Compatibility:** Firefox 60, Firefox ESR 60\
+If `Cryptomining` is set to true, cryptomining scripts on websites are blocked.
+
+If `Fingerprinting` is set to true, fingerprinting scripts on websites are blocked.
+
+**Compatibility:** Firefox 60, Firefox ESR 60 (Cryptomining and Fingerprinting added in 70/68.2)\
**CCK2 Equivalent:** `dontCheckDefaultBrowser`\
-**Preferences Affected:** `privacy.trackingprotection.enabled`,`privacy.trackingprotection.pbmode.enabled`
+**Preferences Affected:** `privacy.trackingprotection.enabled`,`privacy.trackingprotection.pbmode.enabled`,`privacy.trackingprotection.cryptomining.enabled`,`privacy.trackingprotection.fingerprinting.enabled`
#### Windows
```
Software\Policies\Mozilla\Firefox\EnableTrackingProtection\Value = 0x1 | 0x0
Software\Policies\Mozilla\Firefox\EnableTrackingProtection\Locked = 0x1 | 0x0
+Software\Policies\Mozilla\Firefox\EnableTrackingProtection\Cryptomining = 0x1 | 0x0
+Software\Policies\Mozilla\Firefox\EnableTrackingProtection\Fingerprinting = 0x1 | 0x0
```
#### macOS
```
@@ -1255,9 +1277,12 @@ Software\Policies\Mozilla\Firefox\EnableTrackingProtection\Locked = 0x1 | 0x0
Value
|
-
|
+
+ |
+
+ |
```
@@ -1267,7 +1292,9 @@ Software\Policies\Mozilla\Firefox\EnableTrackingProtection\Locked = 0x1 | 0x0
"policies": {
"EnableTrackingProtection": {
"Value": [true, false],
- "Locked": [true, false]
+ "Locked": [true, false],
+ "Cryptomining": [true, false],
+ "Fingerprinting": [true, false]
}
}
```
@@ -1367,7 +1394,7 @@ The configuration for each extension is another dictionary that can contain the
#### Windows
```
-Software\Policies\Mozilla\Firefox\ExtensionSettings = '{"*": {"installation_mode": "blocked"}}'
+Software\Policies\Mozilla\Firefox\ExtensionSettings (REG_MULTI_SZ) = '{"*": {"installation_mode": "blocked"}}'
```
#### macOS
```
@@ -1671,6 +1698,23 @@ Software\Policies\Mozilla\Firefox\InstallAddonsPermission\Default = 0x1 | 0x0
}
}
```
+### LegacyProfiles
+Disable the feature enforcing a separate profile for each installation.
+
+If this policy set to true, Firefox will not try to create different profiles for installations of Firefox in different directories. This is the equivalent of the MOZ_LEGACY_PROFILES environment variable.
+
+If this policy set to false, Firefox will create a new profile for each unique installation of Firefox.
+
+This policy only work on Windows via GPO (not policies.json).
+
+**Compatibility:** Firefox 70, Firefox ESR 68.2 (Windows only, GPO only)\
+**CCK2 Equivalent:** N/A\
+**Preferences Affected:** N/A
+
+#### Windows
+```
+Software\Policies\Mozilla\Firefox\LegacyProfiles = = 0x1 | 0x0
+```
### LocalFileLinks
Enable linking to local files by origin.
@@ -1806,6 +1850,32 @@ Software\Policies\Mozilla\Firefox\OfferToSaveLogins = 0x1 | 0x0
}
}
```
+### OfferToSaveLoginsDefault
+Sets the default value of signon.rememberSignons without locking it.
+
+**Compatibility:** Firefox 70, Firefox ESR 60.2\
+**CCK2 Equivalent:** `dontRememberPasswords`\
+**Preferences Affected:** `signon.rememberSignons`
+
+#### Windows
+```
+Software\Policies\Mozilla\Firefox\OfferToSaveLoginsDefault = 0x1 | 0x0
+```
+#### macOS
+```
+
+ OfferToSaveLoginsDefault
+ |
+
+```
+#### JSON
+```
+{
+ "policies": {
+ "OfferToSaveLoginsDefault": true | false
+ }
+}
+```
### OverrideFirstRunPage
Override the first run page. If the value is blank, no first run page is displayed.
@@ -1856,6 +1926,32 @@ Software\Policies\Mozilla\Firefox\OverridePostUpdatePage = "http://example.org"
"OverridePostUpdatePage": "http://example.org"
}
```
+### PasswordManagerEnabled
+Remove access to the password manager via preferences and blocks about:logins on Firefox 70.
+
+**Compatibility:** Firefox 70, Firefox ESR 60.2\
+**CCK2 Equivalent:** N/A\
+**Preferences Affected:** `prefs.privacy.disable_button.view_passwords`
+
+#### Windows
+```
+Software\Policies\Mozilla\Firefox\PasswordManagerEnabled = 0x1 | 0x0
+```
+#### macOS
+```
+
+ PasswordManagerEnabled
+ |
+
+```
+#### JSON
+```
+{
+ "policies": {
+ "PasswordManagerEnabled": true | false
+ }
+}
+```
### Permissions
Set permissions associated with camera, microphone, location, and notifications
@@ -2048,32 +2144,88 @@ Set and lock certain preferences.
**CCK2 Equivalent:** `preferences`\
**Preferences Affected:** See below
-| Preference | Type | Compatibility
-| --- | --- | ---
-| app.update.auto | boolean | Firefox 68, Firefox 68 ESR
-| browser.cache.disk.enable | boolean | Firefox 68, Firefox 68 ESR
-| browser.cache.disk.parent_directory | string | Firefox 68, Firefox 68 ESR
-| browser.fixup.dns_first_for_single_words | boolean | Firefox 68, Firefox 68 ESR
-| browser.search.update | boolean | Firefox 68, Firefox 68 ESR
-| browser.tabs.warnOnClose | boolean | Firefox 68, Firefox 68 ESR
-| browser.urlbar.suggest.bookmark | boolean | Firefox 68, Firefox 68 ESR
-| browser.urlbar.suggest.history | boolean | Firefox 68, Firefox 68 ESR
-| browser.urlbar.suggest.openpage | boolean | Firefox 68, Firefox 68 ESR
-| datareporting.policy.dataSubmissionPolicyBypassNotification | boolean | Firefox 68, Firefox 68 ESR
-| dom.disable_window_flip | boolean | Firefox 68, Firefox 68 ESR
-| dom.disable_window_move_resize | boolean | Firefox 68, Firefox 68 ESR
-| dom.event.contextmenu.enabled | boolean | Firefox 68, Firefox 68 ESR
-| dom.keyboardevent.keypress.hack.dispatch_non_printable_keys.addl | string | Firefox 68, Firefox 68 ESR
-| dom.keyboardevent.keypress.hack.use_legacy_keycode_and_charcode.addl | string | Firefox 68, Firefox 68 ESR
-| extensions.getAddons.showPane | boolean | Firefox 68, Firefox 68 ESR
-| media.gmp-gmpopenh264.enabled | boolean | Firefox 68, Firefox 68 ESR
-| media.gmp-widevinecdm.enabled | boolean | Firefox 68, Firefox 68 ESR
-| network.dns.disableIPv6 | boolean | Firefox 68, Firefox 68 ESR
-| network.IDN_show_punycode | boolean | Firefox 68, Firefox 68 ESR
-| places.history.enabled | boolean | Firefox 68, Firefox 68 ESR
-| security.default_personal_cert | string | Firefox 68, Firefox 68 ESR
-| security.ssl.errorReporting.enabled | boolean | Firefox 68, Firefox 68 ESR
-| ui.key.menuAccessKeyFocuses | boolean | Firefox 68, Firefox 68 ESR
+| Preference | Type | Compatibility | Default
+| --- | --- | --- | ---
+| accessibility.force_disabled | integer | Firefox 70, Firefox ESR 6.2 | 0
+| If set to 1, platform accessibility is disabled.
+| app.update.auto | boolean | Firefox 68, Firefox ESR 68 | true
+| If false, Firefox doesn't automatically install update.
+| browser.bookmarks.autoExportHTML | boolean | Firefox 70, Firefox ESR 6.2 | false
+| If true, bookmarks are exported on shutdown.
+| browser.bookmarks.file | string | Firefox 70, Firefox ESR 6.2 | N/A
+| If set, the name of the file where bookmarks are exported and imported.
+| browser.bookmarks.restore_default_bookmarks | string | Firefox 70, Firefox ESR 6.2 | N/A
+| If true, bookmarks are restored to their defaults.
+| browser.cache.disk.enable | boolean | Firefox 68, Firefox ESR 68 | true
+| If false, don't store cache on the hard drive.
+| browser.cache.disk.parent_directory | string | Firefox 68, Firefox ESR 68 | Profile temporary directory
+| If set, changes the location of the disk cache.
+| browser.fixup.dns_first_for_single_words | boolean | Firefox 68, Firefox ESR 68 | false
+| If true, single words are sent to DNS, not directly to search.
+| browser.places.importBookmarksHTML | string | Firefox 70, Firefox ESR 6.2
+| If true, bookmarks are always imported on startup.
+| browser.safebrowsing.phishing.enabled | string | Firefox 70, Firefox ESR 6.2 | true
+| If false, phishing protection is not enabled (Not recommended)
+| browser.safebrowsing.malware.enabled | string | Firefox 70, Firefox ESR 6.2 | true
+| IF false, malware protection is not enabled (Not recommended)
+| browser.search.update | boolean | Firefox 68, Firefox ESR 68 | true
+| If false, updates for search engines are not checked.
+| browser.slowStartup.notificationDisabled | string | Firefox 70, Firefox ESR 6.2 | false
+| If true, a notification isn't shown if startup is slow.
+| browser.tabs.warnOnClose | boolean | Firefox 68, Firefox ESR 68 | true
+| If false, there is no warning when the browser is closed.
+| browser.taskbar.previews.enable | string | Firefox 70, Firefox ESR 6.2 (Windows only) | false
+| If true, tab previews are shown in the Windows taskbar.
+| browser.urlbar.suggest.bookmark | boolean | Firefox 68, Firefox ESR 68 | true
+| If false, bookmarks aren't suggested when typing in the URL bar.
+| browser.urlbar.suggest.history | boolean | Firefox 68, Firefox ESR 68 | true
+| If false, history isn't suggested when typing in the URL bar.
+| browser.urlbar.suggest.openpage | boolean | Firefox 68, Firefox ESR 68 | true
+| If false, open tabs aren't suggested when typing in the URL bar.
+| datareporting.policy.dataSubmissionPolicyBypassNotification | boolean | Firefox 68, Firefox ESR 68 | false
+| If true, don't show the privacy policy tab on first run.
+| dom.allow_scripts_to_close_windows | string | Firefox 70, Firefox ESR 6.2 | false
+| If false, web page can close windows.
+| dom.disable_window_flip | boolean | Firefox 68, Firefox ESR 68 | true
+| If false, web pages can focus and activate windows.
+| dom.disable_window_move_resize | boolean | Firefox 68, Firefox ESR 68 | false
+| If true, web pages can't move or resize windows.
+| dom.event.contextmenu.enabled | boolean | Firefox 68, Firefox ESR 68 | true
+| If false, web pages can't override context menus.
+| dom.keyboardevent.keypress.hack.dispatch_non_printable_keys.addl | string | Firefox 68, Firefox ESR 68 | N/A
+| See https://support.mozilla.org/en-US/kb/dom-events-changes-introduced-firefox-66
+| dom.keyboardevent.keypress.hack.use_legacy_keycode_and_charcode.addl | string | Firefox 68, Firefox ESR 68 | N/A
+| See https://support.mozilla.org/en-US/kb/dom-events-changes-introduced-firefox-66
+| extensions.blocklist.enabled | string | Firefox 70, Firefox ESR 6.2 | true
+| If false, the extensions blocklist is not used (Not recommended)
+| extensions.getAddons.showPane | boolean | Firefox 68, Firefox ESR 68 | N/A
+| If false, the Recommendations tab is not displayed in the Add-ons Manager.
+| geo.enabled | string | Firefox 70, Firefox ESR 6.2 | true
+| If false, the geolocation API is disabled. | Language dependent
+| intl.accept_languages | string | Firefox 70, Firefox ESR 6.2
+| If set, preferred language for web pages.
+| media.eme.enabled | string | Firefox 70, Firefox ESR 6.2 | true
+| If false, Encrypted Media Extensions are not enabled.
+| media.gmp-gmpopenh264.enabled | boolean | Firefox 68, Firefox ESR 68 | true
+| If false, the OpenH264 plugin is not downloaded.
+| media.gmp-widevinecdm.enabled | boolean | Firefox 68, Firefox ESR 68 | true
+| If false, the Widevine plugin is not downloaded.
+| network.dns.disableIPv6 | boolean | Firefox 68, Firefox ESR 68 | false
+| If true, IPv6 DNS lokoups are disabled.
+| network.IDN_show_punycode | boolean | Firefox 68, Firefox ESR 68 | false
+| If true, display the punycode version of internationalized domain names.
+| places.history.enabled | boolean | Firefox 68, Firefox ESR 68 | true
+| If false, history is not enabled.
+| print.save_print_settings | string | Firefox 70, Firefox ESR 6.2 | true
+| If false, print settings are not saved between jobs.
+| security.default_personal_cert | string | Firefox 68, Firefox ESR 68 | Ask Every Time
+| If set to Select Automatically, Firefox automatically chooses the default personal certificate.
+| security.mixed_content.block_active_content | string | Firefox 70, Firefox ESR 6.2 | true
+| If false, mixed active content (HTTP and HTTPS) is not blocked.
+| security.ssl.errorReporting.enabled | boolean | Firefox 68, Firefox ESR 68 | true
+| If false, SSL errors cannot be sent to Mozilla.
+| ui.key.menuAccessKeyFocuses | boolean | Firefox 68, Firefox ESR 68 | true
+| If false, the Alt key doesn't show the menubar on Windows.
#### Windows
```
Software\Policies\Mozilla\Firefox\Preferences\boolean_preference_name = 0x1 | 0x0
@@ -2707,6 +2859,7 @@ Add a menuitem to the help menu for specifying support information.
```
Software\Policies\Mozilla\Firefox\SupportMenu\Title = "Support Menu"
Software\Policies\Mozilla\Firefox\SupportMenu\URL = "http://example.com/support"
+Software\Policies\Mozilla\Firefox\SupportMenu\AccessKey = "S"
```
#### macOS
```