Classification: UNCLASSIFIED Hey Alex,
Interesting, but deployment wise, SCCM has legs in every segment of the network. End-user desktops are whitelisted to update from the web using the Firefox maintenance app, however the PAW's are segmented because they are for administration. So PAWs DO get the updated, however only when I change the base version of the deployment package for Firefox on SCCM. The way is works is that I deploy a base version to every desktops and the detection is done on a "Greater or Equal..." basis, so desktops are allowed to updated themselves and SCCM doesn't attempt to reinstall it. But since PAWs don't access the web, they're stuck until I deploy a new base version. Essentially, I'm trying to update one less package manually by building an offline solution for everyone. Éric Périard Laboratory Administrator | Administrateur du laboratoire Canadian Centre for Cyber Security | Centre canadien pour la cybersécurité Telephone | Téléphone: 613-991-3555 Email | Courriel: [email protected]<mailto:[email protected]> Website | Site Web: https://www.cyber.gc.ca/ Government of Canada | Gouvernement du Canada [cid:[email protected]] NOTICE: This message and accompanying attachments contain information that is intended only for the use of the individual or entity to which it is addressed. Any dissemination, distribution, copying or action taken in reliance on the contents of this communication by anyone other than the intended recipient is strictly prohibited. If you have received this communication in error, please notify the sender immediately at the above address and delete the e-mail. AVIS : Le présent message et toutes les pièces jointes qui l'accompagnent contiennent de l'information destinée uniquement à la personne ou à l'entité à laquelle elle est adressée. Toute diffusion, distribution ou copie de son contenu par une autre personne que son destinataire est strictement interdite. Si vous avez reçu ce message par erreur, veuillez informer immédiatement l'expéditeur à l'adresse ci-dessus puis l'effacer. From: Alexandre GAUVRIT <[email protected]> Sent: Wednesday, July 31, 2019 10:57 AM To: Éric Périard <[email protected]>; [email protected] Subject: Re: [Mozilla Enterprise] Firefox ESR Offline Patching solution. Hi, There is also an Open-Source alternative to SCCM which can fulfill your need, it's WAPT Deployment software. The store provides pre-made Firefox and Firefox ESR packages : https://store.wapt.fr/store/?search=Firefox&sort=popular If your scope of endpoint is out of SCCM scope, it can be a good solution Alexandre Le 29/07/2019 à 17:47, Éric Périard a écrit : Classification: UNCLASSIFIED // Public Greetings colleagues, I work in a border-line paranoid secure environment where we make use of air-gapped PAW (Privileged Access Workstations) to administer the network. The issue is well... it's air-gapped, meaning there's no access to the internet at all from those workstations and everything is tightly controlled. Also to deploy the updates, I use SCCM. For end-user systems we whitelist the access so browsers can update themselves however that's not possible for the PAW's. So I've got a few questions: 1. Is there a GPO or some kind of solution to redirect where Firefox ESR fetches it's update? (Without trying to spoof URLs which I'm sure change often) 2. Where would I get the update patches instead of the entire installer EXE? 3. Is above possible at all? Thank you as always.... Éric Périard Laboratory Administrator | Administrateur du laboratoire Canadian Centre for Cyber Security | Centre canadien pour la cybersécurité Email | Courriel: [email protected]<mailto:[email protected]> Website | Site Web: https://www.cyber.gc.ca/ Government of Canada | Gouvernement du Canada [cid:[email protected]] NOTICE: This message and accompanying attachments contain information that is intended only for the use of the individual or entity to which it is addressed. Any dissemination, distribution, copying or action taken in reliance on the contents of this communication by anyone other than the intended recipient is strictly prohibited. If you have received this communication in error, please notify the sender immediately at the above address and delete the e-mail. AVIS : Le présent message et toutes les pièces jointes qui l'accompagnent contiennent de l'information destinée uniquement à la personne ou à l'entité à laquelle elle est adressée. Toute diffusion, distribution ou copie de son contenu par une autre personne que son destinataire est strictement interdite. Si vous avez reçu ce message par erreur, veuillez informer immédiatement l'expéditeur à l'adresse ci-dessus puis l'effacer. _______________________________________________ Enterprise mailing list [email protected]<mailto:[email protected]> https://mail.mozilla.org/listinfo/enterprise To unsubscribe from this list, please visit https://mail.mozilla.org/listinfo/enterprise or send an email to [email protected]<mailto:[email protected]> with a subject of "unsubscribe" -- Alexandre GAUVRIT, administrateur systèmes et réseaux / RSSI / DPO Tranquil IT 12 avenue Jules Verne (Bât. A) 44230 Saint Sébastien sur Loire (FRANCE) tel: +33 (0) 240 975 755 Retrouvez-nous sur les réseaux : [twitter]<https://twitter.com/TRANQUIL_IT> [linkedin] <https://www.linkedin.com/company/3108003/> [youtube] <https://www.youtube.com/channel/UCl45FZItnoOlXsaWUa3UrTw> ________________________________ [Tranquil IT]<https://tranquil.it>
_______________________________________________ Enterprise mailing list [email protected] https://mail.mozilla.org/listinfo/enterprise To unsubscribe from this list, please visit https://mail.mozilla.org/listinfo/enterprise or send an email to [email protected] with a subject of "unsubscribe"
