I have not edit the MSI file for Firefox with Orca (I have used the tool with a couple other products). I would suggest using a preference that sets the home page and allow the employee to change it, in case they wish to do so. See https://support.mozilla.org/en-US/kb/customizing-firefox-using-autoconfig. I would also suggest setting up the policies.json to control other options through policy https://support.mozilla.org/en-US/products/firefox-enterprise/policies-customization-enterprise/policies-overview-enterprise. At a minimum you need to take out the support for DNS Over HTTPS via a policy!
It takes a little bit of reading to put everything together, but well worth it and you can begin adopting security controls and settings to help reduce the attack surface at your organization. I put off the work far too long because at first glance it looked too difficult, but once I sat down, read the web pages and made some notes it wasn't nearly that much work. Pretty well thought out options given how the software has changed over the years. There is sometimes overlap between a preference and policy. When you are done reading and configuring here is what you will have for x64 Firefox: * autoconfig.js goes into C:\Program Files\Mozilla Firefox\defaults\pref\ a. This tells Firefox what firefox.cfg file to use. * firefox.cfg goes into C:\Program Files\Mozilla Firefox\ a. This is the Firefox configuration file. I started with a CIS baseline for Firefox ESR that was very old and adjusted where it made sense. I highly recommend putting comments in the file with "//" at the start of the line. I used the CIS benchmark control number to keep my sanity. Preferences in here can be locked where employees cannot change them, default ones, etc. All of mine are locked since I focused on security items - we have a bias in the organization for IE because of internal web apps that have UNC links that don't work elsewhere (unless someone recodes the app). We try to keep our apps setup pretty generic, but you can go to down with this file and preferences. * policies.json goes into C:\Program Files\Mozilla Firefox\distribution\ a. This is the policies file and has more capabilities than using the GPO option. All manner of goodness can go in this file such as making sure the MenuBar is ALWAYS available, configuring servers you know need pop-ups to work, disabling evil third party cookies, but allow exceptions where you really need them, blocking evil extensions and only allowing those you have reviewed and approved, etc. I push out all of these files via Group Policy Preference so they end up on the Windows boxes (all that we have) in such a way that regular users cannot change, but if someone changed, we would overwrite at next enforcement. From: Enterprise <enterprise-boun...@mozilla.org> On Behalf Of Michael Tran via Enterprise Sent: Thursday, February 13, 2020 6:09 PM To: enterprise@mozilla.org Subject: Re: [Mozilla Enterprise] Deploy Firefox with MSI installers Hello folks, I'm trying to use the MSI installers to deploy Firefox through SCCM. Beside changing existing values for the PROPERTIES by using ORCA, is there a way to set HOME page in it? What about prevent Firefox to perform check the default browser? Thanks for any help. Michael Tran Information Systems Division - Service Desk Oregon Department of Fish and Wildlife michael.c.t...@state.or.us<mailto:michael.c.t...@state.or.us> (503)947-6347 [cid:image001.png@01D5E299.FCD615A0]
_______________________________________________ Enterprise mailing list Enterprise@mozilla.org https://mail.mozilla.org/listinfo/enterprise To unsubscribe from this list, please visit https://mail.mozilla.org/listinfo/enterprise or send an email to enterprise-requ...@mozilla.org with a subject of "unsubscribe"
