Hi everybody and a happy new year.
Attached you find the configuration we are doing for our Firefox ESR deployment.
In addition to this configuration file, we also set the profile directory and
name by calling "firefox.exe" with the "-profile" option.
We do this, because we also deploy a specific "secmod.db" (Smart Card support)
and "cert8.db" (add certificates to the Firefox store) file in this profile. It
also helps our Helpdesk to have the same profile directory for all users.
My wish is that all these settings (including certificates deployment) would be
included in the new Policy Engine.
Best regards,
[cid:image001.gif@01D3854F.577D33D0]
André NANQUETTE
IT-Infrastructure Services
50, avenue J.F. Kennedy
L-2951 Luxembourg
Tel: (+352) 4242 6257
andre.nanque...@bgl.lu<mailto:andre.nanque...@bgl.lu>
http://www.bgl.lu<http://www.bgl.lu/>
[icône représentant un arbre et symbolisant la nature]Do not print this
document unless it is necessary, consider the environment
============================================
Internet communications are not secure and therefore BGL BNP Paribas does not
accept legal responsibility for the contents of this message. The information
contained in this e-mail is confidential and may be legally privileged. It is
intended solely for the addressee. If you are not the intended recipient, any
disclosure, copying, distribution or any action taken or omitted to be taken in
reliance on it, is prohibited and may be unlawful. Nothing in the message is
capable or intended to create any legally binding obligations on either party
and it is not intended to provide legal advice.
============================================
// Set the cache location
var
envUN=Components.classes["@mozilla.org/process/environment;1"].getService(Components.interfaces.nsIEnvironment).get('USERNAME');
var
envUD=Components.classes["@mozilla.org/process/environment;1"].getService(Components.interfaces.nsIEnvironment).get('USERDNSDOMAIN');
var
envCN=Components.classes["@mozilla.org/process/environment;1"].getService(Components.interfaces.nsIEnvironment).get('COMPUTERNAME');
var CompName=envCN.toUpperCase();
lockPref("browser.cache.disk.parent_directory", "C:\\Users\\" + envUN +
"\\AppData\\Local\\Mozilla\\Firefox");
lockPref("browser.cache.offline.parent_directory", "C:\\Users\\" + envUN +
"\\AppData\\Local\\Mozilla\\Firefox");
// = GENERAL =
// == Startup ==
// Force uncheck of "Always check if Firefox is your default browser"
lockPref("browser.shell.checkDefaultBrowser", false);
// Disable button "Make Default"
lockPref("pref.general.disable_button.default_browser", true);
// Default set "When Firefox starts:" to "Show my home page"
defaultPref("browser.startup.page", 1);
// Lock the "Home Page:" URL
lockPref("browser.startup.homepage", "Homepage URL");
// Disable button "Use Current Page"
lockPref("pref.browser.homepage.disable_button.current_page", true);
// Disable button "Use Bookmark..."
lockPref("pref.browser.homepage.disable_button.bookmark_page", true);
// Disable button "Restore to Default"
lockPref("pref.browser.homepage.disable_button.restore_default", true);
// == Downloads ==
// Default set to "Always ask me where to save files"
defaultPref("browser.download.useDownloadDir", false);
// = APPLICATIONS =
// Disable the internal (Mozilla Firefox) PDF viewer
defaultPref("pdfjs.disabled", true);
// = PRIVACY =
// == Tracking ==
// Force check of "Use Tracking Protection in Private Windows"
lockPref("privacy.trackingprotection.pbmode.enabled", true);
// manage your Do Not Track settings -> Force check of "Always apply Do Not
Track"
lockPref("privacy.donottrackheader.enabled", true);
// Force general enabeling of tracking protection
lockPref("privacy.trackingprotection.enabled", true);
// Avoid showing of tracking protection introduction to the user
defaultPref("privacy.trackingprotection.introCount", 20);
// = SECURITY =
// == General ==
// Force check of "Warn me when sites try to install add-ons"
lockPref("xpinstall.whitelist.required", true);
// Force general disabling of Add-On installations
lockPref("xpinstall.enabled", false);
// Force check of "Block dangerous and deceptive content"
lockPref("browser.safebrowsing.phishing.enabled", true);
// Force check of "Block dangerous downloads"
lockPref("browser.safebrowsing.downloads.enabled", true);
// Force check of "Warn me about unwanted and uncommon software"
lockPref("browser.safebrowsing.downloads.remote.block_potentially_unwanted",
true);
lockPref("browser.safebrowsing.downloads.remote.block_uncommon", true);
// Force "Enable the plugin stability blocking (no override or UI)"
lockPref("browser.safebrowsing.blockedURIs.enabled", true);
// Force protection against dangerous downloads
lockPref("browser.safebrowsing.downloads.remote.block_dangerous", true);
lockPref("browser.safebrowsing.downloads.remote.block_dangerous_host", true);
// Force "Enable malware protection (includes unwanted as well)"
lockPref("browser.safebrowsing.malware.enabled", true);
// == Logins ==
// Force uncheck of "Remember logins for sites"
lockPref("signon.rememberSignons", false);
// Disable button "Saved Logins..."
lockPref("pref.privacy.disable_button.view_passwords", true);
// Other security related settings
// Static TLS insecure fallback whitelist
lockPref("security.tls.insecure_fallback_hosts", "URL1, URL2, URL3");
// = ADVANCED =
// == General ==
// === Accessibility ===
// Force uncheck of "Warn me when websites try to redirect or reload the page"
lockPref("accessibility.blockautorefresh", false);
// === Browsing ===
// -> Begin: Specific for virtual machines <-
// Default uncheck of "Use autoscrolling"
defaultPref("general.autoScroll", false);
// Default uncheck of "Use smooth scrolling"
defaultPref("general.smoothScroll", false);
// Force uncheck of "Use hardware acceleration when available"
lockPref("gfx.direct2d.disabled", true);
lockPref("layers.acceleration.disabled", true);
// -> End: Specific for virtual machines <-
// Default uncheck of "Check my spelling as I type"
defaultPref("layout.spellcheckDefault", 0);
// == Data Choices ==
// Force uncheck of "Enable Firefox Health Report"
lockPref("datareporting.healthreport.uploadEnabled", false);
// Force uncheck of "Share additional data (i.e., Telemetry)"
lockPref("toolkit.telemetry.enabled", false);
// Force uncheck of "Allow Firefox to send backlogged crash reports on your
behalf"
lockPref("browser.crashReports.unsubmittedCheck.autoSubmit", false);
// Disable other datareporting related settings
lockPref("browser.crashReports.unsubmittedCheck.enabled", false);
lockPref("browser.tabs.crashReporting.emailMe", false);
lockPref("browser.tabs.crashReporting.includeURL", false);
lockPref("browser.tabs.crashReporting.requestEmail", false);
lockPref("browser.tabs.crashReporting.sendReport", false);
lockPref("datareporting.policy.dataSubmissionEnabled", false);
lockPref("toolkit.telemetry.archive.enabled", false);
lockPref("toolkit.telemetry.reportingpolicy.firstRun", false);
// == Network ==
// === Connection -> Settings... ===
// Force select of "Use system proxy settings"
lockPref("network.proxy.type", 5);
// Force check of "Do not prompt for authentication if password is saved"
lockPref("signon.autologin.proxy", true);
// Force check of "Proxy DNS when using SOCKS v5"
lockPref("network.proxy.socks_remote_dns", true);
// Other internal network related settings
// Allow automatic authentication via NTLM
lockPref("network.automatic-ntlm-auth.trusted-uris", "URL1, URL2, URL3, URL4,
URL5");
lockPref("network.negotiate-auth.delegation-uris", "URL1, URL2, URL3");
lockPref("network.negotiate-auth.trusted-uris", "URL1, URL2, URL3, URL4, URL5");
lockPref("network.ntlm.send-lm-response", true);
// Avoid some unnecessary or unwanted network communications
lockPref("network.dns.disablePrefetch", true);
// Speed up page loading
lockPref("network.dns.get-ttl", false);
// === Offline Web Content and User Data ===
// Force check of "Tell me when a website asks to store data for offline use"
lockPref("browser.offline-apps.notify", true);
// == Update ==
// === Firefox updates: ===
// Force select of "Never check for updates (not recommended: security risk)"
lockPref("app.update.auto", false);
lockPref("app.update.enabled", false);
// Disable button "Show Update History"
lockPref("app.update.disable_button.showUpdateHistory", true);
// Disable other Firefox update related settings
lockPref("app.update.badge", false);
lockPref("app.update.checkInstallTime", false);
lockPref("app.update.log", false);
lockPref("app.update.service.enabled", false);
lockPref("app.update.silent", false);
lockPref("app.update.staging.enabled", false);
// == Certificates ==
// === Requests ===
// Force "When a server requests my personal certificate:" to "Ask me every
time"
lockPref("security.default_personal_cert", "Ask Every Time");
// Force check of "Query OCSP responder servers to confirm the current validity
of certificates"
lockPref("security.OCSP.enabled", 1);
// Force the disabling of "When an OCSP server connection fails, treat the
certificate as invalid"
lockPref("security.OCSP.require", false);
// Settings related to the Add-ons (Extensions and Plugins) and experiments
// Disable experiments
lockPref("experiments.enabled", false);
// Disable Add-ons blocklist
lockPref("extensions.blocklist.enabled", false);
// Disable Mozilla Pocket
lockPref("extensions.pocket.enabled", false);
// Disable extensions updates
lockPref("extensions.update.autoUpdateDefault", false);
lockPref("extensions.update.enabled", false);
// Some fine tuning for the first start of (a new version of) Firefox
// Don't show 'know your rights' on first run
lockPref("browser.rights.3.shown", true);
// Don't show WhatsNew on first run after every update
lockPref("browser.startup.homepage_override.mstone","ignore");
// Clear URLs
lockPref("app.feedback.baseURL", "");
lockPref("app.support.baseURL", "");
lockPref("app.support.e10sAccessibilityUrl", "");
lockPref("app.update.url", "");
lockPref("app.update.url.details", "");
lockPref("app.update.url.manual", "");
lockPref("breakpad.reportURL", "");
lockPref("browser.aboutHomeSnippets.updateUrl", "");
lockPref("browser.contentHandlers.types.0.uri", "");
lockPref("browser.customizemode.tip0.learnMoreUrl", "");
lockPref("browser.dictionaries.download.url", "");
lockPref("browser.geolocation.warning.infoURL", "");
lockPref("browser.newtabpage.directory.ping", "");
lockPref("browser.newtabpage.directory.source", "");
lockPref("browser.search.geoip.url", "");
lockPref("browser.search.geoSpecificDefaults.url", "");
lockPref("browser.search.searchEnginesURL", "");
lockPref("browser.selfsupport.url", "");
lockPref("browser.uitour.readerViewTrigger", "");
lockPref("browser.uitour.themeOrigin", "");
lockPref("browser.uitour.url", "");
lockPref("captivedetect.canonicalURL", "");
lockPref("datareporting.healthreport.about.reportUrl", "");
lockPref("datareporting.healthreport.infoURL", "");
lockPref("datareporting.policy.firstRunURL", "");
lockPref("devtools.devedition.promo.url", "");
lockPref("devtools.devices.url", "");
lockPref("devtools.gcli.imgurUploadURL", "");
lockPref("devtools.gcli.jquerySrc", "");
lockPref("devtools.gcli.lodashSrc", "");
lockPref("devtools.gcli.underscoreSrc", "");
lockPref("devtools.webide.adaptersAddonURL", "");
lockPref("devtools.webide.adbAddonURL", "");
lockPref("devtools.webide.addonsURL", "");
lockPref("devtools.webide.simulatorAddonsURL", "");
lockPref("devtools.webide.templatesURL", "");
lockPref("dom.push.serverURL", "");
lockPref("experiments.manifest.uri", "");
lockPref("extensions.blocklist.detailsURL", "");
lockPref("extensions.blocklist.itemURL", "");
lockPref("extensions.blocklist.url", "");
lockPref("extensions.getAddons.get.url", "");
lockPref("extensions.getAddons.getWithPerformance.url", "");
lockPref("extensions.getAddons.link.url", "");
lockPref("extensions.getAddons.recommended.url", "");
lockPref("extensions.getAddons.search.browseURL", "");
lockPref("extensions.getAddons.search.url", "");
lockPref("extensions.pocket.api", "");
lockPref("extensions.pocket.site", "");
lockPref("extensions.systemAddon.update.url", "");
lockPref("extensions.update.background.url", "");
lockPref("extensions.update.url", "");
lockPref("extensions.webextensions.base-content-security-policy", "");
lockPref("extensions.webservice.discoverURL", "");
lockPref("gecko.handlerService.schemes.irc.0.uriTemplate", "");
lockPref("gecko.handlerService.schemes.ircs.0.uriTemplate", "");
lockPref("gecko.handlerService.schemes.mailto.0.uriTemplate", "");
lockPref("gecko.handlerService.schemes.mailto.1.uriTemplate", "");
lockPref("gecko.handlerService.schemes.webcal.0.uriTemplate", "");
lockPref("geo.wifi.uri", "");
lockPref("identity.fxaccounts.auth.uri", "");
lockPref("identity.fxaccounts.remote.force_auth.uri", "");
lockPref("identity.fxaccounts.remote.oauth.uri", "");
lockPref("identity.fxaccounts.remote.profile.uri", "");
lockPref("identity.fxaccounts.remote.signin.uri", "");
lockPref("identity.fxaccounts.remote.signup.uri", "");
lockPref("identity.fxaccounts.remote.webchannel.uri", "");
lockPref("identity.fxaccounts.settings.uri", "");
lockPref("identity.mobilepromo.android", "");
lockPref("identity.mobilepromo.ios", "");
lockPref("identity.sync.tokenserver.uri", "");
lockPref("lightweightThemes.getMoreURL", "");
lockPref("lightweightThemes.recommendedThemes", "");
lockPref("media.getusermedia.screensharing.allowed_domains", "");
lockPref("media.gmp-manager.certs.1.commonName", "");
lockPref("media.gmp-manager.certs.2.commonName", "");
lockPref("media.gmp-manager.url", "");
lockPref("privacy.trackingprotection.introURL", "");
lockPref("security.ssl.errorReporting.url", "");
lockPref("services.settings.server", "");
lockPref("services.sync.addons.trustedSourceHostnames", "");
lockPref("services.sync.engine.tabs.filteredUrls", "");
lockPref("services.sync.fxa.privacyURL", "");
lockPref("services.sync.fxa.termsURL", "");
lockPref("services.sync.jpake.serverURL", "");
lockPref("services.sync.privacyURL", "");
lockPref("services.sync.serverURL", "");
lockPref("services.sync.statusURL", "");
lockPref("services.sync.syncKeyHelpURL", "");
lockPref("services.sync.termsURL", "");
lockPref("social.directories", "");
lockPref("social.shareDirectory", "");
lockPref("social.whitelist", "");
lockPref("startup.homepage_override_url", "");
lockPref("startup.homepage_welcome_url", "");
lockPref("startup.homepage_welcome_url.additional", "");
lockPref("toolkit.crashreporter.infoURL", "");
lockPref("toolkit.telemetry.infoURL", "");
lockPref("toolkit.telemetry.server", "");
lockPref("wap.UAProf.url", "");
lockPref("webchannel.allowObject.urlWhitelist", "");
lockPref("webextensions.storage.sync.serverURL", "");
lockPref("xpinstall.signatures.devInfoURL", "");
_______________________________________________
Enterprise mailing list
Enterprise@mozilla.org
https://mail.mozilla.org/listinfo/enterprise
To unsubscribe from this list, please visit
https://mail.mozilla.org/listinfo/enterprise or send an email to
enterprise-requ...@mozilla.org with a subject of "unsubscribe"
