X-Git-Url: https://git.p6c8.net/policy-templates.git/blobdiff_plain/d36a0b2aa65790f58871c47d2830e67c53737498..10994ad4dd35d60d01114e0db206de01dfc6a320:/README.md
diff --git a/README.md b/README.md
index 2be59fc..e0af1d4 100644
--- a/README.md
+++ b/README.md
@@ -2,7 +2,11 @@
**You should use the [officially released versions](https://github.com/mozilla/policy-templates/releases) if you are deploying changes.**
-Policies can be specified using the [Group Policy templates on Windows](https://github.com/mozilla/policy-templates/tree/master/windows), [Intune on Windows](https://support.mozilla.org/kb/managing-firefox-intune), [configuration profiles on macOS](https://github.com/mozilla/policy-templates/tree/master/mac), or by creating a file called `policies.json`. On Windows, create a directory called `distribution` where the EXE is located and place the file there. On Mac, the file goes into `Firefox.app/Contents/Resources/distribution`. On Linux, the file goes into `firefox/distribution`, where `firefox` is the installation directory for firefox, which varies by distribution or you can specify system-wide policy by placing the file in `/etc/firefox/policies`.
+Official policy documentation has been moved to https://mozilla.github.io/policy-templates/.
+
+I'm maintaining things in the README.md until we can update links in Firefox.
+
+Firefox policies can be specified using the [Group Policy templates on Windows](https://github.com/mozilla/policy-templates/tree/master/windows), [Intune on Windows](https://support.mozilla.org/kb/managing-firefox-intune), [configuration profiles on macOS](https://github.com/mozilla/policy-templates/tree/master/mac), or by creating a file called `policies.json`. On Windows, create a directory called `distribution` where the EXE is located and place the file there. On Mac, the file goes into `Firefox.app/Contents/Resources/distribution`. On Linux, the file goes into `firefox/distribution`, where `firefox` is the installation directory for firefox, which varies by distribution or you can specify system-wide policy by placing the file in `/etc/firefox/policies`.
Unfortunately, JSON files do not support comments, but you can add extra entries to the JSON to use as comments. You will see an error in about:policies, but the policies will still work properly. For example:
@@ -36,6 +40,7 @@ Unfortunately, JSON files do not support comments, but you can add extra entries
| **[`Certificates`](#certificates)** |
| **[`Certificates -> ImportEnterpriseRoots`](#certificates--importenterpriseroots)** | Trust certificates that have been added to the operating system certificate store by a user or administrator.
| **[`Certificates -> Install`](#certificates--install)** | Install certificates into the Firefox certificate store.
+| **[`Containers`](#containers)** | Set policies related to [containers](https://addons.mozilla.org/firefox/addon/multi-account-containers/).
| **[`Cookies`](#cookies)** | Configure cookie preferences.
| **[`DefaultDownloadDirectory`](#defaultdownloaddirectory)** | Set the default download directory.
| **[`DisableAppUpdate`](#disableappupdate)** | Turn off application updates.
@@ -76,7 +81,6 @@ Unfortunately, JSON files do not support comments, but you can add extra entries
| **[`ExtensionSettings`](#extensionsettings)** | Manage all aspects of extensions.
| **[`ExtensionUpdate`](#extensionupdate)** | Control extension updates.
| **[`FirefoxHome`](#firefoxhome)** | Customize the Firefox Home page.
-| **[`FlashPlugin (Deprecated)`](#flashplugin-deprecated)** | Configure the default Flash plugin policy as well as origins for which Flash is allowed.
| **[`GoToIntranetSiteForSingleWordEntryInAddressBar`](#gotointranetsiteforsinglewordentryinaddressbar)** | Force direct intranet site navigation instead of searching when typing single word entries in the address bar.
| **[`Handlers`](#handlers)** | Configure default application handlers.
| **[`HardwareAcceleration`](#hardwareacceleration)** | Control hardware acceleration.
@@ -1000,6 +1004,91 @@ Value (string):
}
}
```
+### Containers
+Set policies related to [containers](https://addons.mozilla.org/firefox/addon/multi-account-containers/).
+
+Currently you can set the initial set of containers.
+
+For each container, you can specify the name, icon, and color.
+
+| Name | Description |
+| --- | --- |
+| `name`| Name of container
+| `icon` | Can be `fingerprint`, `briefcase`, `dollar`, `cart`, `vacation`, `gift`, `food`, `fruit`, `pet`, `tree`, `chill`, `circle`, `fence`
+| `color` | Can be `blue`, `turquoise`, `green`, `yellow`, `orange`, `red`, `pink`, `purple`, `toolbar`
+
+**Compatibility:** Firefox 113\
+**CCK2 Equivalent:** N/A\
+**Preferences Affected:** N/A
+
+#### Windows (GPO)
+Software\Policies\Mozilla\Firefox\Containers (REG_MULTI_SZ) =
+```
+{
+ "Default": [
+ {
+ "name": "My container",
+ "icon": "pet",
+ "color": "turquoise"
+ }
+ ]
+}
+```
+#### Windows (Intune)
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/Containers
+```
+Value (string):
+```
+
+
+```
+#### macOS
+```
+
+ Default
+
+ Containers
+
+
+ name
+ My container
+ icon
+ pet
+ color
+ turquoise
+
+
+
+
+```
+#### policies.json
+```
+{
+ "policies": {
+ "Containers": {
+ "Default": [
+ {
+ "name": "My container",
+ "icon": "pet",
+ "color": "turquoise"
+ }
+ ]
+ }
+ }
+}
+```
### Cookies
Configure cookie preferences.
@@ -1014,7 +1103,7 @@ Configure cookie preferences.
`BehaviorPrivateBrowsing` sets the default behavior for cookies in private browsing based on the values below.
| Value | Description
-| --- | ---
+| --- | --- |
| accept | Accept all cookies
| reject-foreign | Reject third party cookies
| reject | Reject all cookies
@@ -2958,87 +3047,6 @@ Value (string):
}
}
```
-### FlashPlugin (Deprecated)
-Configure the default Flash plugin policy as well as origins for which Flash is allowed.
-
-`Allow` is a list of origins where Flash are allowed.
-
-`Block` is a list of origins where Flash is not allowed.
-
-`Default` determines whether or not Flash is allowed by default.
-
-`Locked` prevents the user from changing Flash preferences.
-
-**Compatibility:** Firefox 60, Firefox ESR 60\
-**CCK2 Equivalent:** `permissions.plugin`\
-**Preferences Affected:** `plugin.state.flash`
-
-#### Windows (GPO)
-```
-Software\Policies\Mozilla\Firefox\FlashPlugin\Allow\1 = "https://example.org"
-Software\Policies\Mozilla\Firefox\FlashPlugin\Block\1 = "https://example.edu"
-Software\Policies\Mozilla\Firefox\FlashPlugin\Default = 0x1 | 0x0
-Software\Policies\Mozilla\Firefox\FlashPlugin\Locked = 0x1 | 0x0
-```
-#### Windows (Intune)
-OMA-URI:
-```
-./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Flash/FlashPlugin_Allow
-```
-Value (string):
-```
-
-
-```
-OMA-URI:
-```
-./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Flash/FlashPlugin_Locked
-```
-Value (string):
-```
- or
-```
-OMA-URI:
-```
-./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Flash/FlashPlugin_Default
-```
-Value (string):
-```
- or
-```
-#### macOS
-```
-
- FlashPlugin
-
- Allow
-
- http://example.org
-
- Block
-
- http://example.edu
-
- Default
- |
- Locked
- |
-
-
-```
-#### policies.json
-```
-{
- "policies": {
- "FlashPlugin": {
- "Allow": ["http://example.org/"],
- "Block": ["http://example.edu/"],
- "Default": true | false,
- "Locked": true | false
- }
- }
-}
-```
### GoToIntranetSiteForSingleWordEntryInAddressBar
Whether to always go through the DNS server before sending a single word search string to a search engine.
@@ -4598,20 +4606,27 @@ widget.
xpinstall.signatures.required (Firefox ESR 102.10, Firefox ESR only)
```
as well as the following security preferences:
+
| Preference | Type | Default
-| --- | --- | ---
+| --- | --- | --- |
| security.default_personal_cert | string | Ask Every Time
| If set to Select Automatically, Firefox automatically chooses the default personal certificate.
| security.insecure_connection_text.enabled | bool | false
| If set to true, adds the words "Not Secure" for insecure sites.
| security.insecure_connection_text.pbmode.enabled | bool | false
| If set to true, adds the words "Not Secure" for insecure sites in private browsing.
-| security.insecure_field_warning.contextual.enabled | bool | true
-| If set to false, remove the warning for inscure login fields.
| security.mixed_content.block_active_content | boolean | true
| If false, mixed active content (HTTP and HTTPS) is not blocked.
| security.osclientcerts.autoload | boolean | false
| If true, client certificates are loaded from the operating system certificate store.
+| security.OCSP.enabled | integer | 1
+| If 0, do not fetch OCSP. If 1, fetch OCSP for DV and EV certificates. If 2, fetch OCSP only for EV certificates
+| security.OCSP.require | boolean | false
+| If true, if an OCSP request times out, the connection fails.
+| security.osclientcerts.assume_rsa_pss_support | boolean | true
+| If false, we don't assume an RSA key can do RSA-PSS (Firefox 114, Firefox ESR 102.12).
+| security.ssl.enable_ocsp_stapling | boolean | true
+| If false, OCSP stapling is not enabled.
| security.ssl.errorReporting.enabled | boolean | true
| If false, SSL errors cannot be sent to Mozilla.
| security.tls.enable_0rtt_data | boolean | true
@@ -4622,7 +4637,6 @@ as well as the following security preferences:
| If true, browser will accept TLS 1.0. and TLS 1.1 (Firefox 86, Firefox 78.8).
| security.warn_submit_secure_to_insecure | boolean | true
| If false, no warning is shown when submitting a form from https to http.
-
Using the preference as the key, set the `Value` to the corresponding preference value.
@@ -4746,7 +4760,7 @@ Set and lock certain preferences.
**Preferences Affected:** See below
| Preference | Type | Compatibility | Default
-| --- | --- | --- | ---
+| --- | --- | --- | --- |
| accessibility.force_disabled | integer | Firefox 70, Firefox ESR 68.2 | 0
| If set to 1, platform accessibility is disabled.
| app.update.auto (Deprecated - Switch to AppAutoUpdate policy) | boolean | Firefox 68, Firefox ESR 68 | true
@@ -4849,6 +4863,7 @@ disabled
| If false, the Alt key doesn't show the menubar on Windows.
| widget.content.gtk-theme-override | string | Firefox 72, Firefox ESR 68.4 (Linux only) | N/A
| If set, overrides the GTK theme for widgets.
+
#### Windows (GPO)
```
Software\Policies\Mozilla\Firefox\Preferences\boolean_preference_name = 0x1 | 0x0
@@ -5728,6 +5743,68 @@ Value (string):
```
### SecurityDevices
+Add or delete PKCS #11 modules.
+
+**Compatibility:** Firefox 114, Firefox ESR 112.12\
+**CCK2 Equivalent:** N/A\
+**Preferences Affected:** N/A
+
+#### Windows (GPO)
+```
+Software\Policies\Mozilla\Firefox\SecurityDevices\Add\NAME_OF_DEVICE_TO_ADD = PATH_TO_LIBRARY_FOR_DEVICE
+Software\Policies\Mozilla\Firefox\SecurityDevices\Remove\1 = NAME_OF_DEVICE_TO_REMOVE
+```
+#### Windows (Intune)
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/SecurityDevices/SecurityDevices_Add
+```
+Value (string):
+```
+
+
+```
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/SecurityDevices/SecurityDevices_Delete
+```
+Value (string):
+```
+
+
+```
+#### macOS
+```
+
+ SecurityDevices
+
+ Add
+
+ NAME_OF_DEVICE_TO_ADD
+ PATH_TO_LIBRARY_FOR_DEVICE
+
+ Delete
+
+ NAME_OF_DEVICE_TO_DELETE
+
+
+
+```
+#### policies.json
+```
+{
+ "policies": {
+ "SecurityDevices": {
+ "Add": {
+ "NAME_OF_DEVICE_TO_ADD": "PATH_TO_LIBRARY_FOR_DEVICE"
+ },
+ "Delete": ["NAME_OF_DEVICE_TO_DELETE"]
+ }
+ }
+}
+```
+### SecurityDevices (Deprecated)
+
Install PKCS #11 modules.
**Compatibility:** Firefox 64, Firefox ESR 60.4\
@@ -5758,7 +5835,6 @@ Value (string):
```
-
#### policies.json
```
{
@@ -5983,6 +6059,8 @@ Prevent Firefox from messaging the user in certain situations.
`MoreFromMozilla` If false, don't show the "More from Mozilla" section in Preferences. (Firefox 98)
+`Locked` prevents the user from changing user messaging preferences.
+
**Compatibility:** Firefox 75, Firefox ESR 68.7\
**CCK2 Equivalent:** N/A\
**Preferences Affected:** `browser.messaging-system.whatsNewPanel.enabled`, `browser.newtabpage.activity-stream.asrouter.userprefs.cfr.addons`, `browser.newtabpage.activity-stream.asrouter.userprefs.cfr.features`, `browser.aboutwelcome.enabled`, `browser.preferences.moreFromMozilla`
@@ -5995,6 +6073,7 @@ Software\Policies\Mozilla\Firefox\UserMessaging\FeatureRecommendations = 0x1 | 0
Software\Policies\Mozilla\Firefox\UserMessaging\UrlbarInterventions = 0x1 | 0x0
Software\Policies\Mozilla\Firefox\UserMessaging\SkipOnboarding = 0x1 | 0x0
Software\Policies\Mozilla\Firefox\UserMessaging\MoreFromMozilla = 0x1 | 0x0
+Software\Policies\Mozilla\Firefox\UserMessaging\Locked = 0x1 | 0x0
```
#### Windows (Intune)
OMA-URI:
@@ -6005,6 +6084,7 @@ OMA-URI:
./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~UserMessaging/UserMessaging_UrlbarInterventions
./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~UserMessaging/UserMessaging_SkipOnboarding
./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~UserMessaging/UserMessaging_MoreFromMozilla
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~UserMessaging/UserMessaging_Locked
```
Value (string):
```
@@ -6027,6 +6107,8 @@ Value (string):
|
MoreFromMozilla
|
+ Locked
+ |
```
@@ -6040,7 +6122,8 @@ Value (string):
"FeatureRecommendations": true | false,
"UrlbarInterventions": true | false,
"SkipOnboarding": true | false,
- "MoreFromMozilla": true | false
+ "MoreFromMozilla": true | false,
+ "Locked": true | false
}
}
}
@@ -6175,3 +6258,4 @@ Value (string):
}
}
```
+