X-Git-Url: https://git.p6c8.net/policy-templates.git/blobdiff_plain/ee73f22b582747da4cf67a932dfd0f56ddccef8d..0a6e4e23d360c287757663d83aa41f3f933201a8:/README.md?ds=inline diff --git a/README.md b/README.md index 48cc56b..d143a3f 100644 --- a/README.md +++ b/README.md @@ -6,8 +6,9 @@ Policies can be specified using the Group Policy templates on Windows (https://g | Policy Name | Description | --- | --- | -| **[`AppUpdateURL`](#AppUpdateURL)** | Change the URL for application update. -| **[`Authentication`](#Authentication)** | Configure sites that support integrated authentication. +| **[`AppAutoUpdate`](#appautoupdate)** | Enable or disable automatic application update. +| **[`AppUpdateURL`](#appupdateurl)** | Change the URL for application update. +| **[`Authentication`](#authentication)** | Configure sites that support integrated authentication. | **[`BlockAboutAddons`](#blockaboutaddons)** | Block access to the Add-ons Manager (about:addons). | **[`BlockAboutConfig`](#blockaboutconfig)** | Block access to about:config. | **[`BlockAboutProfiles`](#blockaboutprofiles)** | Block access to About Profiles (about:profiles). @@ -22,6 +23,7 @@ Policies can be specified using the Group Policy templates on Windows (https://g | **[`DisableMasterPasswordCreation`](#disablemasterpasswordcreation)** | Remove the master password functionality. | **[`DisableAppUpdate`](#disableappupdate)** | Turn off application updates. | **[`DisableBuiltinPDFViewer`](#disablebuiltinpdfviewer)** | Disable the built in PDF viewer. +| **[`DisableDefaultBrowserAgent`](#disabledefaultbrowseragent)** | Prevent the default browser agent from taking any actions (Windows only). | **[`DisableDeveloperTools`](#disabledevelopertools)** | Remove access to all developer tools. | **[`DisableFeedbackCommands`](#disablefeedbackcommands)** | Disable the menus for reporting sites. | **[`DisableFirefoxScreenshots`](#disablefirefoxscreenshots)** | Remove access to Firefox Screenshots. @@ -31,6 +33,7 @@ Policies can be specified using the Group Policy templates on Windows (https://g | **[`DisableFormHistory`](#disableformhistory)** | Turn off saving information on web forms and the search bar. | **[`DisablePocket`](#disablepocket)** | Remove Pocket in the Firefox UI. | **[`DisablePrivateBrowsing`](#disableprivatebrowsing)** | Remove access to private browsing. +| **[`DisablePasswordReveal`](#disablepasswordreveal)** | Do not allow passwords to be revealed in saved logins. | **[`DisableProfileImport`](#disableprofileimport)** | Disables the "Import data from another browser" option in the bookmarks window. | **[`DisableProfileRefresh`](#disableprofilerefresh)** | Disable the Refresh Firefox button on about:support and support.mozilla.org | **[`DisableSafeMode`](#disablesafemode)** | Disable safe mode within the browser. @@ -83,8 +86,42 @@ Policies can be specified using the Group Policy templates on Windows (https://g | **[`SSLVersionMax`](#sslversionmax)** | Set and lock the maximum version of TLS. | **[`SSLVersionMin`](#sslversionmin)** | Set and lock the minimum version of TLS. | **[`SupportMenu`](#supportmenu)** | Add a menuitem to the help menu for specifying support information. +| **[`UserMessaging`](#usermessaging)** | Don't show certain messages to the user. | **[`WebsiteFilter`](#websitefilter)** | Block websites from being visited. +### AppAutoUpdate + +Enable or disable **automatic** application update. + +If set to true, application updates are installed without user approval. + +If set to false, application updates are downloaded but the user can choose when to install the update. + +If you have disabled updates via DisableAppUpdate, this policy has no effect. + +**Compatibility:** Firefox 75, Firefox ESR 68.7\ +**CCK2 Equivalent:** N/A\ +**Preferences Affected:** app.update.auto + +#### Windows (GPO) +``` +Software\Policies\Mozilla\Firefox\AppAutoUpdate = 0x1 | 0x0 +``` +#### macOS +``` + + AppAutoUpdate + | + +``` +#### policies.json +``` +{ + "policies": { + "AppAutoUpdate": true | false + } +} +``` ### AppUpdateURL Change the URL for application update. @@ -653,6 +690,26 @@ Software\Policies\Mozilla\Firefox\DisableBuiltinPDFViewer = 0x1 | 0x0 } } ``` +### DisableDefaultBrowserAgent +Prevent the default browser agent from taking any actions. Only applicable to Windows; other platforms don’t have the agent. + +**Compatibility:** Firefox 75, Firefox ESR 68.7 (Windows only)\ +**CCK2 Equivalent:** N/A\ +**Preferences Affected:** N/A + +#### Windows (GPO) +``` +Software\Policies\Mozilla\Firefox\DisableDefaultBrowserAgent = 0x1 | 0x0 +``` + +#### policies.json +``` +{ + "policies": { + "DisableDefaultBrowserAgent": true | false + } +} +``` ### DisableDeveloperTools Remove access to all developer tools. @@ -1182,7 +1239,9 @@ Configure DNS over HTTPS. `Locked` prevents the user from changing DNS over HTTPS preferences. -**Compatibility:** Firefox 63, Firefox ESR 68\ +`ExcludedDomains` excludes domains from DNS over HTTPS. + +**Compatibility:** Firefox 63, Firefox ESR 68 (ExcludedDomains added in 75/68.7)\ **CCK2 Equivalent:** N/A\ **Preferences Affected:** `network.trr.mode`,`network.trr.uri` @@ -1191,6 +1250,7 @@ Configure DNS over HTTPS. Software\Policies\Mozilla\Firefox\DNSOverHTTPS\Enabled = 0x1 | 0x0 Software\Policies\Mozilla\Firefox\DNSOverHTTPS\ProviderURL = "URL_TO_ALTERNATE_PROVIDER" Software\Policies\Mozilla\Firefox\DNSOverHTTPS\Locked = 0x1 | 0x0 +Software\Policies\Mozilla\Firefox\DNSOverHTTPS\ExcludedDomains\1 = "example.com" ``` #### macOS ``` @@ -1203,6 +1263,10 @@ Software\Policies\Mozilla\Firefox\DNSOverHTTPS\Locked = 0x1 | 0x0 URL_TO_ALTERNATE_PROVIDER Locked | + ExcludedDomains + + example.com + ``` @@ -1213,7 +1277,8 @@ Software\Policies\Mozilla\Firefox\DNSOverHTTPS\Locked = 0x1 | 0x0 "DNSOverHTTPS": { "Enabled": true | false, "ProviderURL": "URL_TO_ALTERNATE_PROVIDER", - "Locked": true | false + "Locked": true | false, + "ExcludedDomains": ["example.com"] } } } @@ -2256,7 +2321,7 @@ Set and lock certain preferences. | --- | --- | --- | --- | accessibility.force_disabled | integer | Firefox 70, Firefox ESR 68.2 | 0 |     If set to 1, platform accessibility is disabled. -| app.update.auto | boolean | Firefox 68, Firefox ESR 68 | true +| app.update.auto (Deprecated - Switch to AppAutoUpdate policy) | boolean | Firefox 68, Firefox ESR 68 | true |     If false, Firefox doesn't automatically install update. | browser.bookmarks.autoExportHTML | boolean | Firefox 70, Firefox ESR 68.2 | false |     If true, bookmarks are exported on shutdown. @@ -2343,7 +2408,7 @@ disabled |     If set to Select Automatically, Firefox automatically chooses the default personal certificate. | security.mixed_content.block_active_content | boolean | Firefox 70, Firefox ESR 68.2 | true |     If false, mixed active content (HTTP and HTTPS) is not blocked. -| security.osclientcerts.autoload | boolean | Firefox 72, Firefox ESR 68.4 (Windows only) | false +| security.osclientcerts.autoload | boolean | Firefox 72 (Windows), Firefox 75 (macOS) | false |     If true, client certificates are loaded from the operating system certificate store. | security.ssl.errorReporting.enabled | boolean | Firefox 68, Firefox ESR 68 | true |     If false, SSL errors cannot be sent to Mozilla. @@ -2558,6 +2623,8 @@ or } } ``` + + ### SanitizeOnShutdown (Selective) Clear data on shutdown. Choose from Cache, Cookies, Download History, Form & Search History, Browsing History, Active Logins, Site Preferences and Offline Website Data. @@ -2674,10 +2741,7 @@ Software\Policies\Mozilla\Firefox\SearchBar = "unified" | "separate" } } ``` - - - - + ### SearchEngines (This policy is only available on the ESR.) @@ -3020,6 +3084,58 @@ Software\Policies\Mozilla\Firefox\SupportMenu\AccessKey = "S" } } ``` +### UserMessaging + +Prevent installing search engines from webpages. + +`WhatsNew` Remove the "What's New" icon and menuitem. (Firefox 75 only) + +`ExtensionRecommendations` Don't recommend extensions. + +`FeatureRecommendations` Don't recommend browser features. + +`UrlbarInterventions` Don't offer Firefox specific suggestions in the URL bar. (Firefox 75 only) + +**Compatibility:** Firefox 75, Firefox ESR 68.7\ +**CCK2 Equivalent:** N/A\ +**Preferences Affected:** `browser.messaging-system.whatsNewPanel.enabled`,`browser.newtabpage.activity-stream.asrouter.userprefs.cfr.addons`,`browser.newtabpage.activity-stream.asrouter.userprefs.cfr.features` + +#### Windows (GPO) +``` +Software\Policies\Mozilla\Firefox\UserMessaging\WhatsNew = 0x1 | 0x0 +Software\Policies\Mozilla\Firefox\UserMessaging\ExtensionRecommendations = 0x1 | 0x0 +Software\Policies\Mozilla\Firefox\UserMessaging\FeatureRecommendations = 0x1 | 0x0 +Software\Policies\Mozilla\Firefox\UserMessaging\UrlbarInterventions = 0x1 | 0x0 +``` +#### macOS +``` + + UserMessaging + + WhatsNew + | + ExtensionRecommendations + | + FeatureRecommendations + | + UrlbarInterventions + | + + +``` +#### policies.json +``` +{ + "policies": { + "UserMessaging": { + "WhatsNew": true | false, + "ExtensionRecommendations": true | false, + "FeatureRecommendations": true | false, + "UrlbarInterventions": true | false + } + } +} +``` ### WebsiteFilter Block websites from being visited. The parameters take an array of Match Patterns, as documented in https://developer.mozilla.org/en-US/Add-ons/WebExtensions/Match_patterns. Only http/https addresses are supported at the moment. The arrays are limited to 1000 entries each.