Re: [Mozilla Enterprise] Firefox GPO Template

[Éric Périard]

Sweet for the heck of it I tried the yellow highlighted parameters and it works!

lockPref("app.update.auto", true);
lockPref("app.update.enabled", true);
lockPref("app.update.service.enabled", true);
lockPref("network.proxy.type", 4);
lockPref("extensions.autoDisableScopes", 0);
lockPref("datareporting.healthreport.service.enabled", false);
lockPref("toolkit.crashreporter.enabled", false);
lockPref("security.enterprise_roots.enabled", true);

pref("browser.startup.homepage","https://www.google.ca/";);
pref("browser.shell.checkDefaultBrowser", false);
pref("browser.startup.homepage_override.mstone", "ignore");
pref("browser.rights.3.shown", true);
pref("toolkit.telemetry.prompted", 2);
pref("toolkit.telemetry.rejected", true);
pref("pdfjs.disabled", true);
pref("plugins.notifyMissingFlash", false);
Components.classes["@mozilla.org/toolkit/crash-reporter;1"].getService(Components.interfaces.nsICrashReporter).submitReports
 = false;

From: Enterprise [mailto:enterprise-boun...@mozilla.org] On Behalf Of Éric 
Périard
Sent: Tuesday, July 04, 2017 2:24 PM
To: 'Dipen Narendra Kumar' <dipen.ku...@harmonic-capital.com>; 
enterprise@mozilla.org
Subject: Re: [Mozilla Enterprise] Firefox GPO Template

SWEET... This is exactly what I wanted to hear.

It was probably a discussion piece here a while ago but I haven't paid 
attention since my previous package was working.

I assume that value below can be changed with the mozilla.cfg?!

Eric

From: Dipen Narendra Kumar [mailto:dipen.ku...@harmonic-capital.com]
Sent: Tuesday, July 04, 2017 11:51 AM
To: Éric Périard 
<eric.peri...@ccirc-ccric.ca<mailto:eric.peri...@ccirc-ccric.ca>>; 
enterprise@mozilla.org<mailto:enterprise@mozilla.org>
Subject: RE: Firefox GPO Template

HI Eric,

Firefox now has the option to use the Windows Certificate Store.

To enable this functionality you need to set the following:

security.enterprise_roots.enabled  to true

We use the config file to lock down settings in Firefox and I no longer have to 
manually import each certificate into the Firefox certdb.

Mike wrote a blog entry for it: 
https://mike.kaply.com/2016/09/01/upcoming-changes-to-root-certificates-in-firefox-on-windows/

Cheers,

Dipen

From: Enterprise [mailto:enterprise-boun...@mozilla.org] On Behalf Of Éric 
Périard
Sent: 04 July 2017 16:43
To: enterprise@mozilla.org<mailto:enterprise@mozilla.org>
Subject: [Mozilla Enterprise] Firefox GPO Template

Hello community,

Opinions on the custom GPO adm template below...

I've recently pulled FF ESR from the network because of the annoyance it is to 
import a certificate (cert8) into each users profile.

I've been running ESR for about 2 years but I'm trying to minimize the backend 
script of my software deployments.

So essentially I looked up that GPO and it has a solution to grab the SSL cert 
database from a central location and import it into the default user profile 
AND existing users.

Has anyone experimented with that feature and made it work successfully?

Essentially my ORG does SSL inspection and we have our own network's 
certificate has a middleman before it gets out to check validity of the source 
and to do that we merge our CA into the FF cert8 db.

https://sourceforge.net/projects/firefoxadm/

thanks!


Éric S. Périard
Laboratory Administrator | Administrateur de laboratoire
Canadian Cyber Incident Response Centre | Centre canadien de réponse aux 
incidents cybernétiques
Public Safety Canada | Sécurité publique Canada
Telephone | Téléphone  1-613-991-3555
eric.peri...@canada.ca<mailto:eric.peri...@canada.ca> | 
eric.peri...@ccirc-ccric.ca<mailto:eric.peri...@ccirc-ccric.ca>
PublicSafety.gc.ca<https://www.publicsafety.gc.ca/cnt/ntnl-scrt/cbr-scrt/ccirc-ccric-en.aspx>|
 
SecuritePublique.gc.ca<https://www.publicsafety.gc.ca/cnt/ntnl-scrt/cbr-scrt/ccirc-ccric-fr.aspx>
Government of Canada | Gouvernement du Canada


________________________________
Past results are not necessarily indicative of future results. Commodity 
interest trading involves substantial risk of loss. This e-mail, and any 
attachment, is confidential and for the intended recipient(s) only, subject to 
important disclaimers and conditions available at 
http://www.harmonic-capital.com/disclaimer . This communication is not an offer 
(or solicitation of an offer) to buy or sell products or investment advisory 
services that may be mentioned. Harmonic Capital Partners LLP (Harmonic) is 
authorised and regulated by the Financial Conduct Authority. Harmonic is 
registered in England and Wales with company registration number OC303094, and 
registered office at 3 Lombard Street, London, EC3V 9AA, UK.

_______________________________________________
Enterprise mailing list
Enterprise@mozilla.org
https://mail.mozilla.org/listinfo/enterprise

To unsubscribe from this list, please visit 
https://mail.mozilla.org/listinfo/enterprise or send an email to 
enterprise-requ...@mozilla.org with a subject of "unsubscribe"