I'm not sure what we would be doing to affect this. I just did a quick check with machine and user policies on Chrome, and policies aren't combined/appended, machine replaces user.
I'm not sure how this should work with OUs. If anyone has any ideas about this, I would appreciate it. Mike On Thu, Aug 8, 2019 at 7:48 AM Valtori OTTK Elinkaaripalvelut < [email protected]> wrote: > Hello > > Have anyone noticed that if two GPOs have for example NTLM list , only > list of last processed GPO applies? > > Makes managing in OU level bit hard. Top level GPO settings have to be > copied to sub level GPO settings, if customer wants own trust and every sub > level GPO have to be updated if top level GPO is updated. Not familiar with > ADMX-files but at least Internet Explorer Site-to-zone settings are > appending. > > Thanks > - Miika Sorvisto > > -----Alkuperäinen viesti----- > Lähettäjä: Enterprise <[email protected]> Puolesta > [email protected] > Lähetetty: keskiviikko 7. elokuuta 2019 15.00 > Vastaanottaja: [email protected] > Aihe: Enterprise Digest, Vol 98, Issue 5 > > To unsubscribe via the web interface, visit > https://mail.mozilla.org/listinfo/enterprise > or, via email, send a message with a subject or body of 'unsubscribe' > to > [email protected] > > Send Enterprise mailing list submissions to > [email protected] > > You can reach the person managing the list at > [email protected] > > When replying, please edit your Subject line so it is more specific than > "Re: Contents of Enterprise digest..." > > > Today's Topics: > > 1. Re: Inquiry: Firefox error using policy to pull from windows > certificate store (Mike Kaply) > 2. Firefox ignores update configuration (Sirko P?hlmann) > > > ---------------------------------------------------------------------- > > Message: 1 > Date: Tue, 6 Aug 2019 16:16:39 -0500 > From: Mike Kaply <[email protected]> > To: "Hoang (US), Victor T" <[email protected]> > Cc: "[email protected]" <[email protected]> > Subject: Re: [Mozilla Enterprise] Inquiry: Firefox error using policy > to pull from windows certificate store > Message-ID: > < > cahueozdnewwqs+n1bs7cmubom+1tf0+rdly_krszv1hjptu...@mail.gmail.com> > Content-Type: text/plain; charset="utf-8" > > On Fri, Aug 2, 2019 at 5:46 PM Hoang (US), Victor T < > [email protected]> wrote: > > > I forgot to show an example of what I will be trying. > > > > > > > > { > > > > "policies": { > > > > "Certificates": { > > > > "Install": ["C:\\Program Files (x86)\\Mozilla > > Firefox\\cck2\\resources\\certs\\ cert1.cer", "C:\\Program Files > > (x86)\\Mozilla Firefox\\cck2\\resources\\certs\\cert2.cer", > > Firefox\\cck2\\resources\\certs\\cert3.cer", "C:\\Program Files > > (x86)\\Mozilla Firefox\\cck2\\resources\\certs\\cert4.crt"] > > > > } > > > > } > > > > } > > > > > > > > Something like that? (I?m currently just testing so I?m installing > > from a directory in which cck still exists where my certificates are > > stored locally on the device. I will change it once I can get the > > certs installed the first time) > > > > Yes, that should work. > > > > > > > Also, once I save this in the json file, I?m guessing it will create > > the directories for me? E.g.: > > > > %USERPROFILE%\AppData\Local\Mozilla\Certificates > > > > %USERPROFILE%\AppData\Roaming\Mozilla\Certificates > > > > Nope, you'll need to create the Certificates subdir > > > > > > > Will it need to be a fresh install of firefox, or can I just use my > > currently existing one and it will be created on start up? > > > > Doesn't need to be a fresh install. If the policy is updates, it will add > the new certs/ > > > > > > > Thanks again, > > > > Victor > > > > *From:* Hoang (US), Victor T > > *Sent:* Friday, August 2, 2019 3:39 PM > > *To:* 'Mike Kaply' <[email protected]> > > *Cc:* [email protected] > > *Subject:* RE: [Mozilla Enterprise] Inquiry: Firefox error using > > policy to pull from windows certificate store > > > > > > > > I?m giving tinker with this and will get back with my findings. Silly me. > > Thanks! > > > > > > > > *From:* Mike Kaply <[email protected]> > > *Sent:* Friday, August 2, 2019 2:30 PM > > *To:* Hoang (US), Victor T <[email protected]> > > *Cc:* [email protected] > > *Subject:* Re: [Mozilla Enterprise] Inquiry: Firefox error using > > policy to pull from windows certificate store > > > > > > > > It should just be about putting them in the right location and setting > > the > > Certificates->Install policy (if they aren't being imported from the > > Certificates->window > > store). > > > > > > > > See: > > > > > > > > > > https://github.com/mozilla/policy-templates/blob/master/README.md#cert > > ificates--install > > > > > > > > Are these client certificates? > > > > > > > > Mike Kaply > > > > > > > > On Fri, Aug 2, 2019 at 4:18 PM Hoang (US), Victor T < > > [email protected]> wrote: > > > > Hello, > > > > > > > > My name is Victor. I was wondering if anyone could share any > > experience/expertise/solutions with switching over to policy for > > managing certificates to pull from the windows store. I?m running into > > some issues even after following some of the guides about how to try > > and pull from my organizations windows store locations from > > > https://support.mozilla.org/en-US/kb/setting-certificate-authorities-firefox > . > > It seems like the instructions might be a little broad/high level so I > > could be missing some things. Following the guide, I have > > security.enterprise_roots.enabled set to true and checked the windows > > store certificate location in regedit.exe and mmc and they seem to > > already exist (perhaps not in the right directory?). I asked someone > > in my organization and they mentioned that all the stores can be found > > on the console root (Local Computer) under trusted root certification > Authorities ? > > Certificates and it all seems to be there as well. > > > > > > > > My question: > > > > ? It seems like firefox checks > > HKLM\SOFTWARE\Microsoft\SystemCertificates according to the support page. > > I?m using regedit.exe to navigate to the directory, but I don?t see > > any sort of ?Import? option for the certificates I want to embed. I?m > > wondering how I can add my certificates into the location required by > > firefox? This is what I speculate to be the culprit. > > > > > > > > Background: > > > > ? Switching from FF 60.8 ESR cck2 over to FF 68.0.1 ESR with > > policy.json > > > > ? Able to do majority of things such as setting up proxy, > > changing home page, and Trusted Devices installed (for CSSI Library > > badge authentication, etc) > > > > ? Unable to have certificates be read from the windows store via > > policy unless I manually add them to the Certificate Manager in firefox. > > (Secure Connection Failed: SSL_ERROR_HANDSHAKE_FAILURE_ALERT) > > > > Thanks all, > > Victor Hoang > > > > > > > > _______________________________________________ > > Enterprise mailing list > > [email protected] > > https://mail.mozilla.org/listinfo/enterprise > > > > To unsubscribe from this list, please visit > > https://mail.mozilla.org/listinfo/enterprise or send an email to > > [email protected] with a subject of "unsubscribe" > > > > > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: < > http://mail.mozilla.org/pipermail/enterprise/attachments/20190806/4ac9f9e6/attachment-0001.html > > > > ------------------------------ > > Message: 2 > Date: Wed, 7 Aug 2019 09:14:21 +0200 > From: Sirko P?hlmann <[email protected]> > To: [email protected] > Subject: [Mozilla Enterprise] Firefox ignores update configuration > Message-ID: <[email protected]> > Content-Type: text/plain; charset=windows-1252; format=flowed > > Hello, > > We use Firefox with central software distribution, each new version is > distributed to the clients via WSUS. Automatic or manual updates have been > disabled for years. > In the past, we used a central file to configure the presets. Since > version 60.x we use the new GPOs. Actual we use .exe file, but we want to > change to .msi I now found that Firefox ignores the update configuration on > the clients. The clients updated to version 68.0.1 on their own. > > The GPO is set and applied: > Computerconfiguration /MOZILLA/FIREFOX/UPDATE DISABLE : ACTIVE The clients > tell me... HELP/About Firefox: "Updates deactivated by? > system administrator". > When I check the settings on the clients...: > Settings/General/Firefox-Updates is specified: "Updates deactivated by > your system administrator", the button for manual update search is grayed. > > Policiy Definitions are from 07/2019. > > Why was Firefox able to update from 60.8.1 to 68.x? > > regards, > > S. Poehlmann > > > -- > Dipl.-Ing.(FH) Sirko Poehlmann > > Tel: 03641 3667 43 Fax: 03641 3667 77 > GMBU e.V. - Fachsektion Photonik und Sensorik > Felsbachstra?e 7 D- 07745 Jena > [email protected] www.gmbu.de > > DSGVO - http://www.gmbu.de/cms/de/datenschutz > > > ------------------------------ > > Subject: Digest Footer > > _______________________________________________ > Enterprise mailing list > [email protected] > https://mail.mozilla.org/listinfo/enterprise > > To unsubscribe from this list, please visit > https://mail.mozilla.org/listinfo/enterprise or send an email to > [email protected] with a subject of "unsubscribe" > > > > ------------------------------ > > End of Enterprise Digest, Vol 98, Issue 5 > ***************************************** > _______________________________________________ > Enterprise mailing list > [email protected] > https://mail.mozilla.org/listinfo/enterprise > > To unsubscribe from this list, please visit > https://mail.mozilla.org/listinfo/enterprise or send an email to > [email protected] with a subject of "unsubscribe" >
_______________________________________________ Enterprise mailing list [email protected] https://mail.mozilla.org/listinfo/enterprise To unsubscribe from this list, please visit https://mail.mozilla.org/listinfo/enterprise or send an email to [email protected] with a subject of "unsubscribe"
