X-Git-Url: https://git.p6c8.net/policy-templates.git/blobdiff_plain/d73a023a5777302c00cf56f7cb98476b99a11fca..9c03ecc5722863ab71d515942f49364138b5f968:/README.md?ds=inline
diff --git a/README.md b/README.md
index d31a81a..57532bc 100644
--- a/README.md
+++ b/README.md
@@ -19,8 +19,6 @@ Policies can be specified using the [Group Policy templates on Windows](https://
| **[`Certificates -> ImportEnterpriseRoots`](#certificates--importenterpriseroots)** | Trust certificates that have been added to the operating system certificate store by a user or administrator.
| **[`Certificates -> Install`](#certificates--install)** | Install certificates into the Firefox certificate store.
| **[`Cookies`](#cookies)** | Configure cookie preferences.
-| **[`DisableSetDesktopBackground`](#disablesetdesktopbackground)** | Remove the "Set As Desktop Background..." menuitem when right clicking on an image.
-| **[`DisableMasterPasswordCreation`](#disablemasterpasswordcreation)** | Remove the master password functionality.
| **[`DisableAppUpdate`](#disableappupdate)** | Turn off application updates.
| **[`DisableBuiltinPDFViewer`](#disablebuiltinpdfviewer)** | Disable the built in PDF viewer.
| **[`DisabledCiphers`](#disabledciphers)** | Disable ciphers.
@@ -32,6 +30,7 @@ Policies can be specified using the [Group Policy templates on Windows](https://
| **[`DisableFirefoxStudies`](#disablefirefoxstudies)** | Disable Firefox studies (Shield).
| **[`DisableForgetButton`](#disableforgetbutton)** | Disable the "Forget" button.
| **[`DisableFormHistory`](#disableformhistory)** | Turn off saving information on web forms and the search bar.
+| **[`DisableMasterPasswordCreation`](#disablemasterpasswordcreation)** | Remove the master password functionality.
| **[`DisablePasswordReveal`](#disablepasswordreveal)** | Do not allow passwords to be revealed in saved logins.
| **[`DisablePocket`](#disablepocket)** | Remove Pocket in the Firefox UI.
| **[`DisablePrivateBrowsing`](#disableprivatebrowsing)** | Remove access to private browsing.
@@ -39,6 +38,7 @@ Policies can be specified using the [Group Policy templates on Windows](https://
| **[`DisableProfileRefresh`](#disableprofilerefresh)** | Disable the Refresh Firefox button on about:support and support.mozilla.org
| **[`DisableSafeMode`](#disablesafemode)** | Disable safe mode within the browser.
| **[`DisableSecurityBypass`](#disablesecuritybypass)** | Prevent the user from bypassing security in certain cases.
+| **[`DisableSetDesktopBackground`](#disablesetdesktopbackground)** | Remove the "Set As Desktop Background..." menuitem when right clicking on an image.
| **[`DisableSystemAddonUpdate`](#disablesystemaddonupdate)** | Prevent system add-ons from being installed or update.
| **[`DisableTelemetry`](#disabletelemetry)** | DisableTelemetry
| **[`DisplayBookmarksToolbar`](#displaybookmarkstoolbar)** | Set the initial state of the bookmarks toolbar.
@@ -62,7 +62,7 @@ Policies can be specified using the [Group Policy templates on Windows](https://
| **[`InstallAddonsPermission`](#installaddonspermission)** | Configure the default extension install policy as well as origins for extension installs are allowed.
| **[`LegacyProfiles`](#legacyprofiles)** | Disable the feature enforcing a separate profile for each installation.
| **[`LocalFileLinks`](#localfilelinks)** | Enable linking to local files by origin.
-| **[`MasterPassword`](#masterpassword)** | Require or prevent using a master password.
+| **[`PrimaryPassword`](#primarypassword)** | Require or prevent using a primary (formerly master) password.
| **[`NetworkPrediction`](#networkprediction)** | Enable or disable network prediction (DNS prefetching).
| **[`NewTabPage`](#newtabpage)** | Enable or disable the New Tab page.
| **[`NoDefaultBookmarks`](#nodefaultbookmarks)** | Disable the creation of default bookmarks.
@@ -569,6 +569,8 @@ Value (string):
Trust certificates that have been added to the operating system certificate store by a user or administrator.
+Note: This policy only works on Windows and macOS. For Linux discussion, see [bug 1600509](https://bugzilla.mozilla.org/show_bug.cgi?id=1600509).
+
See https://support.mozilla.org/kb/setting-certificate-authorities-firefox for more detail.
**Compatibility:** Firefox 60, Firefox ESR 60 (macOS support in Firefox 63, Firefox ESR 68)\
@@ -678,6 +680,8 @@ Configure cookie preferences.
`Allow` is a list of origins (not domains) where cookies are always allowed. You must include http or https.
+`AllowSession` is a list of origins (not domains) where cookies are only allowed for the current session. You must include http or https.
+
`Block` is a list of origins (not domains) where cookies are always blocked. You must include http or https.
`Default` determines whether cookies are accepted at all.
@@ -690,13 +694,14 @@ Configure cookie preferences.
`Locked` prevents the user from changing cookie preferences.
-**Compatibility:** Firefox 60, Firefox ESR 60 (RejectTracker was added in Firefox 63)\
+**Compatibility:** Firefox 60, Firefox ESR 60 (RejectTracker added in Firefox 63, AllowSession added in Firefox 79/78.1)\
**CCK2 Equivalent:** N/A\
**Preferences Affected:** `network.cookie.cookieBehavior`,`network.cookie.lifetimePolicy`
#### Windows (GPO)
```
Software\Policies\Mozilla\Firefox\Cookies\Allow\1 = "https://example.com"
+Software\Policies\Mozilla\Firefox\Cookies\AllowSession\1 = "https://example.edu"
Software\Policies\Mozilla\Firefox\Cookies\Block\1 = "https://example.org"
Software\Policies\Mozilla\Firefox\Cookies\Default = 0x1 | 0x0
Software\Policies\Mozilla\Firefox\Cookies\AcceptThirdParty = "always" | "never" | "from-visited"
@@ -716,6 +721,15 @@ Value (string):
```
OMA-URI:
```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Cookies/Cookies_AllowSession
+```
+Value (string):
+```
+
+
+```
+OMA-URI:
+```
./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Cookies/Cookies_Block
```
Value (string):
@@ -773,6 +787,10 @@ Value (string):
http://example.com
+ AllowSession
+
+ http://example.edu
+
Block
http://example.org
@@ -796,6 +814,7 @@ Value (string):
"policies": {
"Cookies": {
"Allow": ["http://example.org/"],
+ "AllowSession": ["http://example.edu/"],
"Block": ["http://example.edu/"],
"Default": true | false,
"AcceptThirdParty": "always" | "never" | "from-visited",
@@ -844,6 +863,10 @@ Value (string):
### DisableMasterPasswordCreation
Remove the master password functionality.
+If this value is true, it works the same as setting [`PrimaryPassword`](#primarypassword) to false and removes the primary password functionality.
+
+If both DisableMasterPasswordCreation and PrimaryPassword are used, DisableMasterPasswordCreation takes precedent.
+
**Compatibility:** Firefox 60, Firefox ESR 60\
**CCK2 Equivalent:** `noMasterPassword`\
**Preferences Affected:** N/A
@@ -2002,15 +2025,43 @@ Software\Policies\Mozilla\Firefox\EnableTrackingProtection\Exceptions\1 = "https
#### Windows (Intune)
OMA-URI:
```
-./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/TrackingProtection
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~TrackingProtection/A_TrackingProtection_Value
```
Value (string):
```
-
-
-
-
-
+ or
+```
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~TrackingProtection/B_TrackingProtection_Cryptomining
+```
+Value (string):
+```
+ or
+```
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~TrackingProtection/C_TrackingProtection_Fingerprinting
+```
+Value (string):
+```
+ or
+```
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~TrackingProtection/D_TrackingProtection_Exceptions
+```
+Value (string):
+```
+
+```
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~TrackingProtection/E_TrackingProtection_Locked
+```
+Value (string):
+```
+ or
```
#### macOS
```
@@ -2127,6 +2178,34 @@ Software\Policies\Mozilla\Firefox\Extensions\Install\2 = "//path/to/xpi"
Software\Policies\Mozilla\Firefox\Extensions\Uninstall\1 = "bad_addon_id@mozilla.org"
Software\Policies\Mozilla\Firefox\Extensions\Locked\1 = "addon_id@mozilla.org"
```
+#### Windows (Intune)
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Extensions/Extensions_Install
+```
+Value (string):
+```
+
+
+```
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Extensions/Extensions_Uninstall
+```
+Value (string):
+```
+
+
+```
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Extensions/Extensions_Locked
+```
+Value (string):
+```
+
+
+```
#### macOS
```
@@ -2300,7 +2379,7 @@ Software\Policies\Mozilla\Firefox\ExtensionUpdate = 0x1 | 0x0
#### Windows (Intune)
OMA-URI:
```
-./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/ExtensionUpdate
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Extensions/ExtensionUpdate
```
Value (string):
```
@@ -2427,7 +2506,7 @@ Within each handler type, you specify the given mimeType/extension/scheme as a k
#### Windows (GPO)
```
-Software\Policies\Mozilla\Firefox\ExtensionSettings (REG_MULTI_SZ) =
+Software\Policies\Mozilla\Firefox\Handlers (REG_MULTI_SZ) =
{
"mimeTypes": {
"application/msword": {
@@ -2479,7 +2558,7 @@ Value (string):
"ask": true | false,
"handlers": [{
"name": "Gmail",
- "uriTemplate": "https://mail.google.com/mail/?extsrc=mailto&url=%s"
+ "uriTemplate": "https://mail.google.com/mail/?extsrc=mailto&url=%s"
}]
}
},
@@ -2555,30 +2634,34 @@ Value (string):
#### policies.json
```
{
- "mimeTypes": {
- "application/msword": {
- "action": "useSystemDefault",
- "ask": false
- }
- },
- "schemes": {
- "mailto": {
- "action": "useHelperApp",
- "ask": true | false,
- "handlers": [{
- "name": "Gmail",
- "uriTemplate": "https://mail.google.com/mail/?extsrc=mailto&url=%s"
- }]
- }
- },
- "extensions": {
- "pdf": {
- "action": "useHelperApp",
- "ask": true | false,
- "handlers": [{
- "name": "Adobe Acrobat",
- "path": "/usr/bin/acroread"
- }]
+ "policies": {
+ "Handlers": {
+ "mimeTypes": {
+ "application/msword": {
+ "action": "useSystemDefault",
+ "ask": false
+ }
+ },
+ "schemes": {
+ "mailto": {
+ "action": "useHelperApp",
+ "ask": true | false,
+ "handlers": [{
+ "name": "Gmail",
+ "uriTemplate": "https://mail.google.com/mail/?extsrc=mailto&url=%s"
+ }]
+ }
+ },
+ "extensions": {
+ "pdf": {
+ "action": "useHelperApp",
+ "ask": true | false,
+ "handlers": [{
+ "name": "Adobe Acrobat",
+ "path": "/usr/bin/acroread"
+ }]
+ }
+ }
}
}
}
@@ -2903,23 +2986,25 @@ Value (string):
}
}
```
-### MasterPassword
-Require or prevent using a master password.
+### PrimaryPassword
+Require or prevent using a primary (formerly master) password.
-If this value is true, a master password is required. If this values is false, it works the same as `DisableMasterPasswordCreation` and removes the master password functionality.
+If this value is true, a primary password is required. If this value is false, it works the same as if [`DisableMasterPasswordCreation`](#disablemasterpasswordcreation) was true and removes the primary password functionality.
-**Compatibility:** Firefox 78, Firefox ESR 78\
+If both DisableMasterPasswordCreation and PrimaryPassword are used, DisableMasterPasswordCreation takes precedent.
+
+**Compatibility:** Firefox 79, Firefox ESR 78.1\
**CCK2 Equivalent:** `noMasterPassword`\
**Preferences Affected:** N/A
#### Windows (GPO)
```
-Software\Policies\Mozilla\Firefox\MasterPassword = 0x1 | 0x0
+Software\Policies\Mozilla\Firefox\PrimaryPassword = 0x1 | 0x0
```
#### Windows (Intune)
OMA-URI:
```
-./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/MasterPassword
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/PrimaryPassword
```
Value (string):
```
@@ -2928,7 +3013,7 @@ Value (string):
#### macOS
```
- MasterPassword
+ PrimaryPassword
|
```
@@ -2936,7 +3021,7 @@ Value (string):
```
{
"policies": {
- "MasterPassword": true | false
+ "PrimaryPassword": true | false
}
}
```
@@ -3271,7 +3356,7 @@ Value (string):
}
```
### Permissions
-Set permissions associated with camera, microphone, location, notifications, and autoplay. Because these are origins, not domains, entries with unique ports must be specified separately. See examples below.
+Set permissions associated with camera, microphone, location, notifications, autoplay, and virtual reality. Because these are origins, not domains, entries with unique ports must be specified separately. See examples below.
`Allow` is a list of origins where the feature is allowed.
@@ -3283,9 +3368,9 @@ Set permissions associated with camera, microphone, location, notifications, and
`Default` specifies the default value for Autoplay. block-audio-video is not supported on Firefox ESR 68.
-**Compatibility:** Firefox 62, Firefox ESR 60.2 (Autoplay added in Firefox 74, Firefox ESR 68.6, Autoplay Default/Locked added in Firefox 76, Firefox ESR 68.8)\
+**Compatibility:** Firefox 62, Firefox ESR 60.2 (Autoplay added in Firefox 74, Firefox ESR 68.6, Autoplay Default/Locked added in Firefox 76, Firefox ESR 68.8, VirtualReality added in Firefox 80, Firefox ESR 78.2)\
**CCK2 Equivalent:** N/A\
-**Preferences Affected:** `permissions.default.camera`,`permissions.default.microphone`,`permissions.default.geo`,`permissions.default.desktop-notification`,`media.autoplay.default`
+**Preferences Affected:** `permissions.default.camera`,`permissions.default.microphone`,`permissions.default.geo`,`permissions.default.desktop-notification`,`media.autoplay.default`.`permissions.default.xr`
#### Windows (GPO)
```
@@ -3310,6 +3395,10 @@ Software\Policies\Mozilla\Firefox\Permissions\Autoplay\Allow\1 = "https://exampl
Software\Policies\Mozilla\Firefox\Permissions\Autoplay\Block\1 = "https://example.edu"
Software\Policies\Mozilla\Firefox\Permissions\Autoplay\Default = "allow-audio-video" | "block-audio" | "block-audio-video"
Software\Policies\Mozilla\Firefox\Permissions\Autoplay\Locked = 0x1 | 0x0
+Software\Policies\Mozilla\Firefox\Permissions\VirtualReality\Allow\1 = "https://example.org"
+Software\Policies\Mozilla\Firefox\Permissions\VirtualReality\Block\1 = "https://example.edu"
+Software\Policies\Mozilla\Firefox\Permissions\VirtualReality\BlockNewRequests = 0x1 | 0x0
+Software\Policies\Mozilla\Firefox\Permissions\VirtualReality\Locked = 0x1 | 0x0
```
#### Windows (Intune)
OMA-URI:
@@ -3388,6 +3477,40 @@ Value (string):
```
or
```
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Notifications/VirtualReality_Allow
+```
+Value (string):
+```
+
+
+```
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Notifications/VirtualReality_Block
+```
+Value (string):
+```
+
+
+```
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Notifications/VirtualReality_BlockNewRequests
+```
+Value (string):
+```
+ or
+```
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Notifications/VirtualReality_Locked
+```
+Value (string):
+```
+ or
+```
#### macOS
```
@@ -3706,7 +3829,10 @@ Set and lock certain preferences.
| If false, the Widevine plugin is not downloaded.
| media.peerconnection.enabled | boolean | Firefox 72, Firefox ESR 68.4 | true
| If false, WebRTC is disabled
-| media.peerconnection.ice.obfuscate_host_addresses.whitelist | string | Firefox 72, Firefox ESR 68.4 | N/A
+| media.peerconnection.ice.obfuscate_host_addresses.whitelist (Deprecated) | string | Firefox 72, Firefox ESR 68.4 | N/A
+| If set, a list of domains for which mDNS hostname obfuscation is
+disabled
+| media.peerconnection.ice.obfuscate_host_addresses.blocklist | string | Firefox 79, Firefox ESR 78.1 | N/A
| If set, a list of domains for which mDNS hostname obfuscation is
disabled
| network.dns.disableIPv6 | boolean | Firefox 68, Firefox ESR 68 | false
@@ -3745,6 +3871,15 @@ Value (string):
```
or
```
+OMA-URI: (periods are replaced by underscores)
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Preferences/string_preference_name
+```
+Value (string):
+```
+
+
+```
#### macOS
```
@@ -3837,7 +3972,7 @@ To specify ports, append them to the hostnames with a colon (:).
#### Windows (GPO)
```
-Software\Policies\Mozilla\Firefox\Proxy\Mode = "none", "system", "manual", "autoDetect", "autoConfig"
+Software\Policies\Mozilla\Firefox\Proxy\Mode = "none" | "system" | "manual" | "autoDetect" | "autoConfig"
Software\Policies\Mozilla\Firefox\Proxy\Locked = 0x1 | 0x0
Software\Policies\Mozilla\Firefox\=Proxy\HTTPProxy = https://httpproxy.example.com
Software\Policies\Mozilla\Firefox\Proxy\UseHTTPProxyForAllProtocols = 0x1 | 0x0
@@ -3908,7 +4043,7 @@ Value (string):
{
"policies": {
"Proxy": {
- "Mode": "none", "system", "manual", "autoDetect", "autoConfig",
+ "Mode": "none" | "system" | "manual" | "autoDetect" | "autoConfig",
"Locked": true | false,
"HTTPProxy": "hostname",
"UseHTTPProxyForAllProtocols": true | false,
@@ -4379,7 +4514,7 @@ Software\Policies\Mozilla\Firefox\SearchSuggestEnabled = 0x1 | 0x0
#### Windows (Intune)
OMA-URI:
```
-./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/SearchSuggestEnabled
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Search/SearchSuggestEnabled
```
Value (string):
```
@@ -4572,11 +4707,11 @@ Value (string):
```
### UserMessaging
-Prevent installing search engines from webpages.
+Prevent Firefox from messaging the user in certain situations.
`WhatsNew` Remove the "What's New" icon and menuitem. (Firefox 75 only)
-`ExtensionRecommendations` Don't recommend extensions.
+`ExtensionRecommendations` Don't recommend extensions while the user is visiting web pages.
`FeatureRecommendations` Don't recommend browser features.