X-Git-Url: https://git.p6c8.net/policy-templates.git/blobdiff_plain/f99b9590e9d199f36e90a64aef43c0145c6e7a51..cbf8658aa7fce2da28a638b6dfba5c9f0841dce1:/README.md diff --git a/README.md b/README.md index 8e09c21..4810f5c 100644 --- a/README.md +++ b/README.md @@ -6,8 +6,9 @@ Policies can be specified using the Group Policy templates on Windows (https://g | Policy Name | Description | --- | --- | -| **[`AppUpdateURL`](#AppUpdateURL)** | Change the URL for application update. -| **[`Authentication`](#Authentication)** | Configure sites that support integrated authentication. +| **[`AppAutoUpdate`](#appautoupdate)** | Enable or disable automatic application update. +| **[`AppUpdateURL`](#appupdateurl)** | Change the URL for application update. +| **[`Authentication`](#authentication)** | Configure sites that support integrated authentication. | **[`BlockAboutAddons`](#blockaboutaddons)** | Block access to the Add-ons Manager (about:addons). | **[`BlockAboutConfig`](#blockaboutconfig)** | Block access to about:config. | **[`BlockAboutProfiles`](#blockaboutprofiles)** | Block access to About Profiles (about:profiles). @@ -22,6 +23,7 @@ Policies can be specified using the Group Policy templates on Windows (https://g | **[`DisableMasterPasswordCreation`](#disablemasterpasswordcreation)** | Remove the master password functionality. | **[`DisableAppUpdate`](#disableappupdate)** | Turn off application updates. | **[`DisableBuiltinPDFViewer`](#disablebuiltinpdfviewer)** | Disable the built in PDF viewer. +| **[`DisableDefaultBrowserAgent`](#disabledefaultbrowseragent)** | Prevent the default browser agent from taking any actions (Windows only). | **[`DisableDeveloperTools`](#disabledevelopertools)** | Remove access to all developer tools. | **[`DisableFeedbackCommands`](#disablefeedbackcommands)** | Disable the menus for reporting sites. | **[`DisableFirefoxScreenshots`](#disablefirefoxscreenshots)** | Remove access to Firefox Screenshots. @@ -31,6 +33,7 @@ Policies can be specified using the Group Policy templates on Windows (https://g | **[`DisableFormHistory`](#disableformhistory)** | Turn off saving information on web forms and the search bar. | **[`DisablePocket`](#disablepocket)** | Remove Pocket in the Firefox UI. | **[`DisablePrivateBrowsing`](#disableprivatebrowsing)** | Remove access to private browsing. +| **[`DisablePasswordReveal`](#disablepasswordreveal)** | Do not allow passwords to be revealed in saved logins. | **[`DisableProfileImport`](#disableprofileimport)** | Disables the "Import data from another browser" option in the bookmarks window. | **[`DisableProfileRefresh`](#disableprofilerefresh)** | Disable the Refresh Firefox button on about:support and support.mozilla.org | **[`DisableSafeMode`](#disablesafemode)** | Disable safe mode within the browser. @@ -83,8 +86,42 @@ Policies can be specified using the Group Policy templates on Windows (https://g | **[`SSLVersionMax`](#sslversionmax)** | Set and lock the maximum version of TLS. | **[`SSLVersionMin`](#sslversionmin)** | Set and lock the minimum version of TLS. | **[`SupportMenu`](#supportmenu)** | Add a menuitem to the help menu for specifying support information. +| **[`UserMessaging`](#usermessaging)** | Don't show certain messages to the user. | **[`WebsiteFilter`](#websitefilter)** | Block websites from being visited. +### AppAutoUpdate + +Enable or disable **automatic** application update. + +If set to true, application updates are installed without user approval. + +If set to false, application updates are downloaded but the user can choose when to install the update. + +If you have disabled updates via DisableAppUpdate, this policy has no effect. + +**Compatibility:** Firefox 75, Firefox ESR 68.7\ +**CCK2 Equivalent:** N/A\ +**Preferences Affected:** app.update.auto + +#### Windows (GPO) +``` +Software\Policies\Mozilla\Firefox\AppAutoUpdate = 0x1 | 0x0 +``` +#### macOS +``` + + AppAutoUpdate + | + +``` +#### policies.json +``` +{ + "policies": { + "AppAutoUpdate": true | false + } +} +``` ### AppUpdateURL Change the URL for application update. @@ -136,6 +173,58 @@ Software\Policies\Mozilla\Firefox\Authentication\AllowProxies\SPNEGO = 0x1 | 0x0 Software\Policies\Mozilla\Firefox\Authentication\AllowProxies\NTLM = 0x1 | 0x0 Software\Policies\Mozilla\Firefox\Authentication\Locked = 0x1 | 0x0 ``` +#### Windows (Intune) +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Authentication/Authentication_SPNEGO +``` +Value (string): +``` + + + +``` +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Authentication/Authentication_Delegated +``` +Value (string): +``` + + + +``` +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Authentication/Authentication_NTLM +``` +Value (string): +``` + + + +``` +```OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Authentication/Authentication_AllowNonFQDN +``` +Value (string): +``` + + + + +``` +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Homepage/HomepageStartPage +``` +Value (string): +``` + + + +``` #### macOS ``` @@ -208,6 +297,15 @@ Block access to the Add-ons Manager (about:addons). ``` Software\Policies\Mozilla\Firefox\BlockAboutAddons = 0x1 | 0x0 ``` +#### Windows (Intune) +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/BlockAboutAddons +``` +Value (string): +``` + +``` #### macOS ``` @@ -235,6 +333,15 @@ Block access to about:config. ``` Software\Policies\Mozilla\Firefox\BlockAboutConfig = 0x1 | 0x0 ``` +#### Windows (Intune) +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/BlockAboutConfig +``` +Value (string): +``` + +``` #### macOS ``` @@ -262,6 +369,15 @@ Block access to About Profiles (about:profiles). ``` Software\Policies\Mozilla\Firefox\BlockAboutProfiles = 0x1 | 0x0 ``` +#### Windows (Intune) +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/BlockAboutProfiles +``` +Value (string): +``` + +``` #### macOS ``` @@ -289,6 +405,15 @@ Block access to Troubleshooting Information (about:support). ``` Software\Policies\Mozilla\Firefox\BlockAboutSupport = 0x1 | 0x0 ``` +#### Windows (Intune) +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/BlockAboutSupport +``` +Value (string): +``` + +``` #### macOS ``` @@ -653,6 +778,26 @@ Software\Policies\Mozilla\Firefox\DisableBuiltinPDFViewer = 0x1 | 0x0 } } ``` +### DisableDefaultBrowserAgent +Prevent the default browser agent from taking any actions. Only applicable to Windows; other platforms don’t have the agent. + +**Compatibility:** Firefox 75, Firefox ESR 68.7 (Windows only)\ +**CCK2 Equivalent:** N/A\ +**Preferences Affected:** N/A + +#### Windows (GPO) +``` +Software\Policies\Mozilla\Firefox\DisableDefaultBrowserAgent = 0x1 | 0x0 +``` + +#### policies.json +``` +{ + "policies": { + "DisableDefaultBrowserAgent": true | false + } +} +``` ### DisableDeveloperTools Remove access to all developer tools. @@ -1182,7 +1327,9 @@ Configure DNS over HTTPS. `Locked` prevents the user from changing DNS over HTTPS preferences. -**Compatibility:** Firefox 63, Firefox ESR 68\ +`ExcludedDomains` excludes domains from DNS over HTTPS. + +**Compatibility:** Firefox 63, Firefox ESR 68 (ExcludedDomains added in 75/68.7)\ **CCK2 Equivalent:** N/A\ **Preferences Affected:** `network.trr.mode`,`network.trr.uri` @@ -1191,6 +1338,7 @@ Configure DNS over HTTPS. Software\Policies\Mozilla\Firefox\DNSOverHTTPS\Enabled = 0x1 | 0x0 Software\Policies\Mozilla\Firefox\DNSOverHTTPS\ProviderURL = "URL_TO_ALTERNATE_PROVIDER" Software\Policies\Mozilla\Firefox\DNSOverHTTPS\Locked = 0x1 | 0x0 +Software\Policies\Mozilla\Firefox\DNSOverHTTPS\ExcludedDomains\1 = "example.com" ``` #### macOS ``` @@ -1203,6 +1351,10 @@ Software\Policies\Mozilla\Firefox\DNSOverHTTPS\Locked = 0x1 | 0x0 URL_TO_ALTERNATE_PROVIDER Locked | + ExcludedDomains + + example.com + ``` @@ -1213,7 +1365,8 @@ Software\Policies\Mozilla\Firefox\DNSOverHTTPS\Locked = 0x1 | 0x0 "DNSOverHTTPS": { "Enabled": true | false, "ProviderURL": "URL_TO_ALTERNATE_PROVIDER", - "Locked": true | false + "Locked": true | false, + "ExcludedDomains": ["example.com"] } } } @@ -1710,6 +1863,38 @@ Software\Policies\Mozilla\Firefox\Homepage\Additional\1 = "https://example.org" Software\Policies\Mozilla\Firefox\Homepage\Additional\2 = "https://example.edu" Software\Policies\Mozilla\Firefox\Homepage\StartPage = "none" | "homepage" | "previous-session" ``` +#### Windows (Intune) +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Homepage/HomepageURL +``` +Value (string): +``` + + + + +``` +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Homepage/HomepageAdditional +``` +Value (string): +``` + + + +``` +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Homepage/HomepageStartPage +``` +Value (string): +``` + + + +``` #### macOS ``` @@ -2256,7 +2441,7 @@ Set and lock certain preferences. | --- | --- | --- | --- | accessibility.force_disabled | integer | Firefox 70, Firefox ESR 68.2 | 0 |     If set to 1, platform accessibility is disabled. -| app.update.auto | boolean | Firefox 68, Firefox ESR 68 | true +| app.update.auto (Deprecated - Switch to AppAutoUpdate policy) | boolean | Firefox 68, Firefox ESR 68 | true |     If false, Firefox doesn't automatically install update. | browser.bookmarks.autoExportHTML | boolean | Firefox 70, Firefox ESR 68.2 | false |     If true, bookmarks are exported on shutdown. @@ -2558,6 +2743,8 @@ or } } ``` + + ### SanitizeOnShutdown (Selective) Clear data on shutdown. Choose from Cache, Cookies, Download History, Form & Search History, Browsing History, Active Logins, Site Preferences and Offline Website Data. @@ -2674,10 +2861,7 @@ Software\Policies\Mozilla\Firefox\SearchBar = "unified" | "separate" } } ``` - - - - + ### SearchEngines (This policy is only available on the ESR.) @@ -3020,6 +3204,58 @@ Software\Policies\Mozilla\Firefox\SupportMenu\AccessKey = "S" } } ``` +### UserMessaging + +Prevent installing search engines from webpages. + +`WhatsNew` Remove the "What's New" icon and menuitem. (Firefox 75 only) + +`ExtensionRecommendations` Don't recommend extensions. + +`FeatureRecommendations` Don't recommend browser features. + +`UrlbarInterventions` Don't offer Firefox specific suggestions in the URL bar. (Firefox 75 only) + +**Compatibility:** Firefox 75, Firefox ESR 68.7\ +**CCK2 Equivalent:** N/A\ +**Preferences Affected:** `browser.messaging-system.whatsNewPanel.enabled`,`browser.newtabpage.activity-stream.asrouter.userprefs.cfr.addons`,`browser.newtabpage.activity-stream.asrouter.userprefs.cfr.features` + +#### Windows (GPO) +``` +Software\Policies\Mozilla\Firefox\UserMessaging\WhatsNew = 0x1 | 0x0 +Software\Policies\Mozilla\Firefox\UserMessaging\ExtensionRecommendations = 0x1 | 0x0 +Software\Policies\Mozilla\Firefox\UserMessaging\FeatureRecommendations = 0x1 | 0x0 +Software\Policies\Mozilla\Firefox\UserMessaging\UrlbarInterventions = 0x1 | 0x0 +``` +#### macOS +``` + + UserMessaging + + WhatsNew + | + ExtensionRecommendations + | + FeatureRecommendations + | + UrlbarInterventions + | + + +``` +#### policies.json +``` +{ + "policies": { + "UserMessaging": { + "WhatsNew": true | false, + "ExtensionRecommendations": true | false, + "FeatureRecommendations": true | false, + "UrlbarInterventions": true | false + } + } +} +``` ### WebsiteFilter Block websites from being visited. The parameters take an array of Match Patterns, as documented in https://developer.mozilla.org/en-US/Add-ons/WebExtensions/Match_patterns. Only http/https addresses are supported at the moment. The arrays are limited to 1000 entries each. @@ -3029,8 +3265,8 @@ Block websites from being visited. The parameters take an array of Match Pattern #### Windows (GPO) ``` -Software\Policies\Mozilla\Firefox\WebsiteFilters\Block\1 = "" -Software\Policies\Mozilla\Firefox\WebsiteFilters\Exceptions\1 = "http://example.org/*" +Software\Policies\Mozilla\Firefox\WebsiteFilter\Block\1 = "" +Software\Policies\Mozilla\Firefox\WebsiteFilter\Exceptions\1 = "http://example.org/*" ``` #### macOS ```