X-Git-Url: https://git.p6c8.net/policy-templates.git/blobdiff_plain/cc7920b05caeb7a80597e9de6daaf82dafa3c3a3..8bd4f068db442aa6c79fc4d2c44b4a7b289b9a78:/README.md?ds=inline diff --git a/README.md b/README.md index 4382301..8148a25 100644 --- a/README.md +++ b/README.md @@ -53,13 +53,16 @@ Policies can be specified using the Group Policy templates on Windows (https://g | **[`HardwareAcceleration`](#hardwareacceleration)** | Control hardware acceleration. | **[`Homepage`](#homepage)** | Configure the default homepage and how Firefox starts. | **[`InstallAddonsPermission`](#installaddonspermission)** | Configure the default extension install policy as well as origins for extension installs are allowed. +| **[`LegacyProfiles`](#legacyprofiles)** | Disable the feature enforcing a separate profile for each installation. | **[`LocalFileLinks`](#localfilelinks)** | Enable linking to local files by origin. | **[`NetworkPrediction`](#networkprediction)** | Enable or disable network prediction (DNS prefetching). | **[`NewTabPage`](#newtabpage)** | Enable or disable the New Tab page. | **[`NoDefaultBookmarks`](#nodefaultbookmarks)** | Disable the creation of default bookmarks. | **[`OfferToSaveLogins`](#offertosavelogins)** | Control whether or not Firefox offers to save passwords. +| **[`OfferToSaveLoginsDefault`](#offertosaveloginsdefault)** | Set the default value for whether or not Firefox offers to save passwords. | **[`OverrideFirstRunPage`](#overridefirstrunpage)** | Override the first run page. | **[`OverridePostUpdatePage`](#overridepostupdatepage)** | Override the upgrade page. +| **[`PasswordManagerEnabled`](#passwordmanagerenabled)** | Remove (some) access to the password manager. | **[`Permissions`](#permissions)** | Set permissions associated with camera, microphone, location, and notifications. | **[`PopupBlocking`](#popupblocking)** | Configure the default pop-up window policy as well as origins for which pop-up windows are allowed. | **[`Preferences`](#preferences)** | Set and lock some preferences. @@ -114,9 +117,9 @@ Configure sites that support integrated authentication. See https://developer.mozilla.org/en-US/docs/Mozilla/Integrated_authentication for more information. -**Compatibility:** Firefox 60, Firefox ESR 60 (AllowNonFQDN added in 62/60.2)\ +**Compatibility:** Firefox 60, Firefox ESR 60 (AllowNonFQDN added in 62/60.2, AllowProxies added in 70/68.2)\ **CCK2 Equivalent:** N/A\ -**Preferences Affected:** `network.negotiate-auth.trusted-uris`, `network.negotiate-auth.delegation-uris`, `network.automatic-ntlm-auth.trusted-uris`, `network.automatic-ntlm-auth.allow-non-fqdn`, `network.negotiate-auth.allow-non-fqdn` +**Preferences Affected:** `network.negotiate-auth.trusted-uris`,`network.negotiate-auth.delegation-uris`,`network.automatic-ntlm-auth.trusted-uris`,`network.automatic-ntlm-auth.allow-non-fqdn`,`network.negotiate-auth.allow-non-fqdn`,`network.automatic-ntlm-auth.allow-proxies`,`network.negotiate-auth.allow-proxies` #### Windows ``` @@ -128,6 +131,8 @@ Software\Policies\Mozilla\Firefox\Authentication\NTLM\1 = "mydomain.com" Software\Policies\Mozilla\Firefox\Authentication\NTLM\2 = "https://myotherdomain.com" Software\Policies\Mozilla\Firefox\Authentication\AllowNonFQDN\SPNEGO = 0x1 | 0x0 Software\Policies\Mozilla\Firefox\Authentication\AllowNonFQDN\NTLM = 0x1 | 0x0 +Software\Policies\Mozilla\Firefox\Authentication\AllowProxies\SPNEGO = 0x1 | 0x0 +Software\Policies\Mozilla\Firefox\Authentication\AllowProxies\NTLM = 0x1 | 0x0 ``` #### macOS ``` @@ -156,6 +161,13 @@ Software\Policies\Mozilla\Firefox\Authentication\AllowNonFQDN\NTLM = 0x1 | 0x0 NTLM | + AllowProxies + + SPNEGO + | + NTLM + | + ``` @@ -170,6 +182,10 @@ Software\Policies\Mozilla\Firefox\Authentication\AllowNonFQDN\NTLM = 0x1 | 0x0 "AllowNonFQDN": { "SPNEGO": true | false, "NTLM": true | false + }, + "AllowProxies": { + "SPNEGO": true | false, + "NTLM": true | false } } } @@ -1239,14 +1255,20 @@ If `Value` is set to false, tracking protection is disabled and locked in both t If `Value` is set to true, tracking protection is enabled by default in both the regular browser and private browsing and the `Locked` value determines whether or not a user can change it. -**Compatibility:** Firefox 60, Firefox ESR 60\ +If `Cryptomining` is set to true, cryptomining scripts on websites are blocked. + +If `Fingerprinting` is set to true, fingerprinting scripts on websites are blocked. + +**Compatibility:** Firefox 60, Firefox ESR 60 (Cryptomining and Fingerprinting added in 70/68.2)\ **CCK2 Equivalent:** `dontCheckDefaultBrowser`\ -**Preferences Affected:** `privacy.trackingprotection.enabled`,`privacy.trackingprotection.pbmode.enabled` +**Preferences Affected:** `privacy.trackingprotection.enabled`,`privacy.trackingprotection.pbmode.enabled`,`privacy.trackingprotection.cryptomining.enabled`,`privacy.trackingprotection.fingerprinting.enabled` #### Windows ``` Software\Policies\Mozilla\Firefox\EnableTrackingProtection\Value = 0x1 | 0x0 Software\Policies\Mozilla\Firefox\EnableTrackingProtection\Locked = 0x1 | 0x0 +Software\Policies\Mozilla\Firefox\EnableTrackingProtection\Cryptomining = 0x1 | 0x0 +Software\Policies\Mozilla\Firefox\EnableTrackingProtection\Fingerprinting = 0x1 | 0x0 ``` #### macOS ``` @@ -1255,9 +1277,12 @@ Software\Policies\Mozilla\Firefox\EnableTrackingProtection\Locked = 0x1 | 0x0 Value | - | + + | + + | ``` @@ -1267,7 +1292,9 @@ Software\Policies\Mozilla\Firefox\EnableTrackingProtection\Locked = 0x1 | 0x0 "policies": { "EnableTrackingProtection": { "Value": [true, false], - "Locked": [true, false] + "Locked": [true, false], + "Cryptomining": [true, false], + "Fingerprinting": [true, false] } } ``` @@ -1367,7 +1394,7 @@ The configuration for each extension is another dictionary that can contain the #### Windows ``` -Software\Policies\Mozilla\Firefox\ExtensionSettings = '{"*": {"installation_mode": "blocked"}}' +Software\Policies\Mozilla\Firefox\ExtensionSettings (REG_MULTI_SZ) = '{"*": {"installation_mode": "blocked"}}' ``` #### macOS ``` @@ -1671,6 +1698,23 @@ Software\Policies\Mozilla\Firefox\InstallAddonsPermission\Default = 0x1 | 0x0 } } ``` +### LegacyProfiles +Disable the feature enforcing a separate profile for each installation. + +If this policy set to true, Firefox will not try to create different profiles for installations of Firefox in different directories. This is the equivalent of the MOZ_LEGACY_PROFILES environment variable. + +If this policy set to false, Firefox will create a new profile for each unique installation of Firefox. + +This policy only work on Windows via GPO (not policies.json). + +**Compatibility:** Firefox 70, Firefox ESR 68.2 (Windows only, GPO only)\ +**CCK2 Equivalent:** N/A\ +**Preferences Affected:** N/A + +#### Windows +``` +Software\Policies\Mozilla\Firefox\LegacyProfiles = = 0x1 | 0x0 +``` ### LocalFileLinks Enable linking to local files by origin. @@ -1806,6 +1850,32 @@ Software\Policies\Mozilla\Firefox\OfferToSaveLogins = 0x1 | 0x0 } } ``` +### OfferToSaveLoginsDefault +Sets the default value of signon.rememberSignons without locking it. + +**Compatibility:** Firefox 70, Firefox ESR 60.2\ +**CCK2 Equivalent:** `dontRememberPasswords`\ +**Preferences Affected:** `signon.rememberSignons` + +#### Windows +``` +Software\Policies\Mozilla\Firefox\OfferToSaveLoginsDefault = 0x1 | 0x0 +``` +#### macOS +``` + + OfferToSaveLoginsDefault + | + +``` +#### JSON +``` +{ + "policies": { + "OfferToSaveLoginsDefault": true | false + } +} +``` ### OverrideFirstRunPage Override the first run page. If the value is blank, no first run page is displayed. @@ -1856,6 +1926,32 @@ Software\Policies\Mozilla\Firefox\OverridePostUpdatePage = "http://example.org" "OverridePostUpdatePage": "http://example.org" } ``` +### PasswordManagerEnabled +Remove access to the password manager via preferences and blocks about:logins on Firefox 70. + +**Compatibility:** Firefox 70, Firefox ESR 60.2\ +**CCK2 Equivalent:** N/A\ +**Preferences Affected:** `prefs.privacy.disable_button.view_passwords` + +#### Windows +``` +Software\Policies\Mozilla\Firefox\PasswordManagerEnabled = 0x1 | 0x0 +``` +#### macOS +``` + + PasswordManagerEnabled + | + +``` +#### JSON +``` +{ + "policies": { + "PasswordManagerEnabled": true | false + } +} +``` ### Permissions Set permissions associated with camera, microphone, location, and notifications @@ -2048,32 +2144,88 @@ Set and lock certain preferences. **CCK2 Equivalent:** `preferences`\ **Preferences Affected:** See below -| Preference | Type | Compatibility -| --- | --- | --- -| app.update.auto | boolean | Firefox 68, Firefox 68 ESR -| browser.cache.disk.enable | boolean | Firefox 68, Firefox 68 ESR -| browser.cache.disk.parent_directory | string | Firefox 68, Firefox 68 ESR -| browser.fixup.dns_first_for_single_words | boolean | Firefox 68, Firefox 68 ESR -| browser.search.update | boolean | Firefox 68, Firefox 68 ESR -| browser.tabs.warnOnClose | boolean | Firefox 68, Firefox 68 ESR -| browser.urlbar.suggest.bookmark | boolean | Firefox 68, Firefox 68 ESR -| browser.urlbar.suggest.history | boolean | Firefox 68, Firefox 68 ESR -| browser.urlbar.suggest.openpage | boolean | Firefox 68, Firefox 68 ESR -| datareporting.policy.dataSubmissionPolicyBypassNotification | boolean | Firefox 68, Firefox 68 ESR -| dom.disable_window_flip | boolean | Firefox 68, Firefox 68 ESR -| dom.disable_window_move_resize | boolean | Firefox 68, Firefox 68 ESR -| dom.event.contextmenu.enabled | boolean | Firefox 68, Firefox 68 ESR -| dom.keyboardevent.keypress.hack.dispatch_non_printable_keys.addl | string | Firefox 68, Firefox 68 ESR -| dom.keyboardevent.keypress.hack.use_legacy_keycode_and_charcode.addl | string | Firefox 68, Firefox 68 ESR -| extensions.getAddons.showPane | boolean | Firefox 68, Firefox 68 ESR -| media.gmp-gmpopenh264.enabled | boolean | Firefox 68, Firefox 68 ESR -| media.gmp-widevinecdm.enabled | boolean | Firefox 68, Firefox 68 ESR -| network.dns.disableIPv6 | boolean | Firefox 68, Firefox 68 ESR -| network.IDN_show_punycode | boolean | Firefox 68, Firefox 68 ESR -| places.history.enabled | boolean | Firefox 68, Firefox 68 ESR -| security.default_personal_cert | string | Firefox 68, Firefox 68 ESR -| security.ssl.errorReporting.enabled | boolean | Firefox 68, Firefox 68 ESR -| ui.key.menuAccessKeyFocuses | boolean | Firefox 68, Firefox 68 ESR +| Preference | Type | Compatibility | Default +| --- | --- | --- | --- +| accessibility.force_disabled | integer | Firefox 70, Firefox ESR 6.2 | 0 +|     If set to 1, platform accessibility is disabled. +| app.update.auto | boolean | Firefox 68, Firefox ESR 68 | true +|     If false, Firefox doesn't automatically install update. +| browser.bookmarks.autoExportHTML | boolean | Firefox 70, Firefox ESR 6.2 | false +|     If true, bookmarks are exported on shutdown. +| browser.bookmarks.file | string | Firefox 70, Firefox ESR 6.2 | N/A +|     If set, the name of the file where bookmarks are exported and imported. +| browser.bookmarks.restore_default_bookmarks | string | Firefox 70, Firefox ESR 6.2 | N/A +|     If true, bookmarks are restored to their defaults. +| browser.cache.disk.enable | boolean | Firefox 68, Firefox ESR 68 | true +|     If false, don't store cache on the hard drive. +| browser.cache.disk.parent_directory | string | Firefox 68, Firefox ESR 68 | Profile temporary directory +|     If set, changes the location of the disk cache. +| browser.fixup.dns_first_for_single_words | boolean | Firefox 68, Firefox ESR 68 | false +|     If true, single words are sent to DNS, not directly to search. +| browser.places.importBookmarksHTML | string | Firefox 70, Firefox ESR 6.2 +|     If true, bookmarks are always imported on startup. +| browser.safebrowsing.phishing.enabled | string | Firefox 70, Firefox ESR 6.2 | true +|     If false, phishing protection is not enabled (Not recommended) +| browser.safebrowsing.malware.enabled | string | Firefox 70, Firefox ESR 6.2 | true +|     IF false, malware protection is not enabled (Not recommended) +| browser.search.update | boolean | Firefox 68, Firefox ESR 68 | true +|     If false, updates for search engines are not checked. +| browser.slowStartup.notificationDisabled | string | Firefox 70, Firefox ESR 6.2 | false +|     If true, a notification isn't shown if startup is slow. +| browser.tabs.warnOnClose | boolean | Firefox 68, Firefox ESR 68 | true +|     If false, there is no warning when the browser is closed. +| browser.taskbar.previews.enable | string | Firefox 70, Firefox ESR 6.2 (Windows only) | false +|     If true, tab previews are shown in the Windows taskbar. +| browser.urlbar.suggest.bookmark | boolean | Firefox 68, Firefox ESR 68 | true +|     If false, bookmarks aren't suggested when typing in the URL bar. +| browser.urlbar.suggest.history | boolean | Firefox 68, Firefox ESR 68 | true +|     If false, history isn't suggested when typing in the URL bar. +| browser.urlbar.suggest.openpage | boolean | Firefox 68, Firefox ESR 68 | true +|     If false, open tabs aren't suggested when typing in the URL bar. +| datareporting.policy.dataSubmissionPolicyBypassNotification | boolean | Firefox 68, Firefox ESR 68 | false +|     If true, don't show the privacy policy tab on first run. +| dom.allow_scripts_to_close_windows | string | Firefox 70, Firefox ESR 6.2 | false +|     If false, web page can close windows. +| dom.disable_window_flip | boolean | Firefox 68, Firefox ESR 68 | true +|     If false, web pages can focus and activate windows. +| dom.disable_window_move_resize | boolean | Firefox 68, Firefox ESR 68 | false +|     If true, web pages can't move or resize windows. +| dom.event.contextmenu.enabled | boolean | Firefox 68, Firefox ESR 68 | true +|     If false, web pages can't override context menus. +| dom.keyboardevent.keypress.hack.dispatch_non_printable_keys.addl | string | Firefox 68, Firefox ESR 68 | N/A +|     See https://support.mozilla.org/en-US/kb/dom-events-changes-introduced-firefox-66 +| dom.keyboardevent.keypress.hack.use_legacy_keycode_and_charcode.addl | string | Firefox 68, Firefox ESR 68 | N/A +|     See https://support.mozilla.org/en-US/kb/dom-events-changes-introduced-firefox-66 +| extensions.blocklist.enabled | string | Firefox 70, Firefox ESR 6.2 | true +|     If false, the extensions blocklist is not used (Not recommended) +| extensions.getAddons.showPane | boolean | Firefox 68, Firefox ESR 68 | N/A +|     If false, the Recommendations tab is not displayed in the Add-ons Manager. +| geo.enabled | string | Firefox 70, Firefox ESR 6.2 | true +|     If false, the geolocation API is disabled. | Language dependent +| intl.accept_languages | string | Firefox 70, Firefox ESR 6.2 +|     If set, preferred language for web pages. +| media.eme.enabled | string | Firefox 70, Firefox ESR 6.2 | true +|     If false, Encrypted Media Extensions are not enabled. +| media.gmp-gmpopenh264.enabled | boolean | Firefox 68, Firefox ESR 68 | true +|     If false, the OpenH264 plugin is not downloaded. +| media.gmp-widevinecdm.enabled | boolean | Firefox 68, Firefox ESR 68 | true +|     If false, the Widevine plugin is not downloaded. +| network.dns.disableIPv6 | boolean | Firefox 68, Firefox ESR 68 | false +|     If true, IPv6 DNS lokoups are disabled. +| network.IDN_show_punycode | boolean | Firefox 68, Firefox ESR 68 | false +|     If true, display the punycode version of internationalized domain names. +| places.history.enabled | boolean | Firefox 68, Firefox ESR 68 | true +|     If false, history is not enabled. +| print.save_print_settings | string | Firefox 70, Firefox ESR 6.2 | true +|     If false, print settings are not saved between jobs. +| security.default_personal_cert | string | Firefox 68, Firefox ESR 68 | Ask Every Time +|     If set to Select Automatically, Firefox automatically chooses the default personal certificate. +| security.mixed_content.block_active_content | string | Firefox 70, Firefox ESR 6.2 | true +|     If false, mixed active content (HTTP and HTTPS) is not blocked. +| security.ssl.errorReporting.enabled | boolean | Firefox 68, Firefox ESR 68 | true +|     If false, SSL errors cannot be sent to Mozilla. +| ui.key.menuAccessKeyFocuses | boolean | Firefox 68, Firefox ESR 68 | true +|     If false, the Alt key doesn't show the menubar on Windows. #### Windows ``` Software\Policies\Mozilla\Firefox\Preferences\boolean_preference_name = 0x1 | 0x0 @@ -2707,6 +2859,7 @@ Add a menuitem to the help menu for specifying support information. ``` Software\Policies\Mozilla\Firefox\SupportMenu\Title = "Support Menu" Software\Policies\Mozilla\Firefox\SupportMenu\URL = "http://example.com/support" +Software\Policies\Mozilla\Firefox\SupportMenu\AccessKey = "S" ``` #### macOS ```