开源软件名称: mozilla/policy-templates开源软件地址: https://github.com/mozilla/policy-templates开源编程语言:
HTML
100.0%
开源软件介绍: These policies are in active development and so might contain changes that do not work with current versions of Firefox.
You should use the officially released versions if you are deploying changes.
Policies can be specified using the Group Policy templates on Windows , Intune on Windows , configuration profiles on macOS , or by creating a file called policies.json
. On Windows, create a directory called distribution
where the EXE is located and place the file there. On Mac, the file goes into Firefox.app/Contents/Resources/distribution
. On Linux, the file goes into firefox/distribution
, where firefox
is the installation directory for firefox, which varies by distribution or you can specify system-wide policy by placing the file in /etc/firefox/policies
.
3rdparty
Allow WebExtensions to configure policy. For more information, see Adding policy support to your extension .
For GPO and Intune, the extension developer should provide an ADMX file.
Compatibility: Firefox 68
CCK2 Equivalent: N/A
Preferences Affected: N/A
macOS
<dict>
<key>3rdparty</key>
<dict>
<key>Extensions</key>
<dict>
<key>[email protected] </key>
<dict>
<key>adminSettings</key>
<dict>
<key>selectedFilterLists</key>
<array>
<string>ublock-privacy</string>
<string>ublock-badware</string>
<string>ublock-filters</string>
<string>user-filters</string>
</array>
</dict>
</dict>
</dict>
</dict>
</dict>
policies.json
{
"policies": {
"3rdparty": {
"Extensions": {
"[email protected] ": {
"adminSettings": {
"selectedFilterLists": [
"ublock-privacy",
"ublock-badware",
"ublock-filters",
"user-filters"
]
}
}
}
}
}
}
AllowedDomainsForApps
Define domains allowed to access Google Workspace.
This policy is based on the Chrome policy of the same name.
If this policy is enabled, users can only access Google Workspace using accounts from the specified domains. If you want to allow Gmail, you can add consumer_accounts
to the list.
Compatibility: Firefox 89, Firefox ESR 78.11
CCK2 Equivalent: N/A
Preferences Affected: N/A
Windows (GPO)
Software\Policies\Mozilla\Firefox\AllowedDomainsForApps = "managedfirefox.com,example.com"
Windows (Intune)
OMA-URI:
./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/AllowedDomainsForApps
Value (string):
<enabled/>
<data id="AllowedDomainsForApps" value="managedfirefox.com,example.com"/>
macOS
<dict>
<key>AllowedDomainsForApps</key>
<string>managedfirefox.com,example.com</string>
</dict>
policies.json
{
"policies": {
"AllowedDomainsForApps": "managedfirefox.com,example.com"
}
}
AppAutoUpdate
Enable or disable automatic application update.
If set to true, application updates are installed without user approval within Firefox. The operating system might still require approval.
If set to false, application updates are downloaded but the user can choose when to install the update.
If you have disabled updates via DisableAppUpdate
, this policy has no effect.
Compatibility: Firefox 75, Firefox ESR 68.7
CCK2 Equivalent: N/A
Preferences Affected: app.update.auto
Windows (GPO)
Software\Policies\Mozilla\Firefox\AppAutoUpdate = 0x1 | 0x0
Windows (Intune)
OMA-URI:
./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/AppAutoUpdate
Value (string):
<enabled/> or <disabled/>
macOS
<dict>
<key>AppAutoUpdate</key>
<true/> | <false/>
</dict>
policies.json
{
"policies": {
"AppAutoUpdate": true | false
}
}
AppUpdateURL
Change the URL for application update if you are providing Firefox updates from a custom update server.
Compatibility: Firefox 62, Firefox ESR 60.2
CCK2 Equivalent: N/A
Preferences Affected: app.update.url
Windows (GPO)
Software\Policies\Mozilla\Firefox\AppUpdateURL = "https://yoursite.com"
Windows (Intune)
OMA-URI:
./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/AppUpdateURL
Value (string):
<enabled/>
<data id="AppUpdateURL" value="https://yoursite.com"/>
macOS
<dict>
<key>AppUpdateURL</key>
<string>https://yoursite.com</string>
</dict>
policies.json
{
"policies": {
"AppUpdateURL": "https://yoursite.com"
}
}
Authentication
Configure sites that support integrated authentication.
See Integrated authentication for more information.
PrivateBrowsing
enables integrated authentication in private browsing.
Compatibility: Firefox 60, Firefox ESR 60 (AllowNonFQDN added in 62/60.2, AllowProxies added in 70/68.2, Locked added in 71/68.3, PrivateBrowsing added in 77/68.9)
CCK2 Equivalent: N/A
Preferences Affected: network.negotiate-auth.trusted-uris
,network.negotiate-auth.delegation-uris
,network.automatic-ntlm-auth.trusted-uris
,network.automatic-ntlm-auth.allow-non-fqdn
,network.negotiate-auth.allow-non-fqdn
,network.automatic-ntlm-auth.allow-proxies
,network.negotiate-auth.allow-proxies
,network.auth.private-browsing-sso
Windows (GPO)
Software\Policies\Mozilla\Firefox\Authentication\SPNEGO\1 = "mydomain.com"
Software\Policies\Mozilla\Firefox\Authentication\SPNEGO\2 = "https://myotherdomain.com"
Software\Policies\Mozilla\Firefox\Authentication\Delegated\1 = "mydomain.com"
Software\Policies\Mozilla\Firefox\Authentication\Delegated\2 = "https://myotherdomain.com"
Software\Policies\Mozilla\Firefox\Authentication\NTLM\1 = "mydomain.com"
Software\Policies\Mozilla\Firefox\Authentication\NTLM\2 = "https://myotherdomain.com"
Software\Policies\Mozilla\Firefox\Authentication\AllowNonFQDN\SPNEGO = 0x1 | 0x0
Software\Policies\Mozilla\Firefox\Authentication\AllowNonFQDN\NTLM = 0x1 | 0x0
Software\Policies\Mozilla\Firefox\Authentication\AllowProxies\SPNEGO = 0x1 | 0x0
Software\Policies\Mozilla\Firefox\Authentication\AllowProxies\NTLM = 0x1 | 0x0
Software\Policies\Mozilla\Firefox\Authentication\Locked = 0x1 | 0x0
Software\Policies\Mozilla\Firefox\Authentication\PrivateBrowsing = 0x1 | 0x0
Windows (Intune)
OMA-URI:
./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Authentication/Authentication_SPNEGO
Value (string):
<enabled/>
<data id="Authentication" value="1mydomain2https://myotherdomain.com"/>
OMA-URI:
./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Authentication/Authentication_Delegated
Value (string):
<enabled/>
<data id="Authentication" value="1mydomain2https://myotherdomain.com"/>
OMA-URI:
./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Authentication/Authentication_NTLM
Value (string):
<enabled/>
<data id="Authentication" value="1mydomain2https://myotherdomain.com"/>
OMA-URI:
./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Authentication/Authentication_AllowNonFQDN
Value (string):
<enabled/>
<data id="Authentication_AllowNonFQDN_NTLM" value="true | false"/>
<data id="Authentication_AllowNonFQDN_SPNEGO" value="true | false"/>
OMA-URI:
./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Authentication/Authentication_Locked
Value (string):
<enabled/> or <disabled/>
OMA-URI:
./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Authentication/Authentication_PrivateBrowsing
Value (string):
<enabled/> or <disabled/>
macOS
<dict>
<key>Authentication</key>
<dict>
<key>SPNEGO</key>
<array>
<string>mydomain.com</string>
<string>https://myotherdomain.com</string>
</array>
<key>Delegated</key>
<array>
<string>mydomain.com</string>
<string>https://myotherdomain.com</string>
</array>
<key>NTLM</key>
<array>
<string>mydomain.com</string>
<string>https://myotherdomain.com</string>
</array>
<key>AllowNonFQDN</key>
<dict>
<key>SPNEGO</key>
<true/> | <false/>
<key>NTLM</key>
<true/> | <false/>
</dict>
<key>AllowProxies</key>
<dict>
<key>SPNEGO</key>
<true/> | <false/>
<key>NTLM</key>
<true/> | <false/>
</dict>
<key>Locked</key>
<true/> | <false/>
<key>PrivateBrowsing</key>
<true/> | <false/>
</dict>
</dict>
policies.json
{
"policies": {
"Authentication": {
"SPNEGO": ["mydomain.com", "https://myotherdomain.com"],
"Delegated": ["mydomain.com", "https://myotherdomain.com"],
"NTLM": ["mydomain.com", "https://myotherdomain.com"],
"AllowNonFQDN": {
"SPNEGO": true | false,
"NTLM": true | false
},
"AllowProxies": {
"SPNEGO": true | false,
"NTLM": true | false
},
"Locked": true | false,
"PrivateBrowsing": true | false
}
}
}
AutoLaunchProtocolsFromOrigins
Define a list of external protocols that can be used from listed origins without prompting the user. The origin is the scheme plus the hostname.
The syntax of this policy is exactly the same as the Chrome AutoLaunchProtocolsFromOrigins policy except that you can only use valid origins (not just hostnames). This also means that you cannot specify an asterisk for all origins.
The schema is:
{
"items": {
"properties": {
"allowed_origins": {
"items": {
"type": "string"
},
"type": "array"
},
"protocol": {
"type": "string"
}
},
"required": [
"protocol",
"allowed_origins"
],
"type": "object"
},
"type": "array"
}
Compatibility: Firefox 90, Firefox ESR 78.12
CCK2 Equivalent: N/A
Preferences Affected: N/A
Windows (GPO)
Software\Policies\Mozilla\Firefox\AutoLaunchProtocolsFromOrigins (REG_MULTI_SZ) =
[
{
"protocol": "zoommtg",
"allowed_origins": [
"https://somesite.zoom.us"
]
}
]
Windows (Intune)
OMA-URI:
./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/AutoLaunchProtocolsFromOrigins
Value (string):
<enabled/>
<data id="JSON" value='
[
{
"protocol": "zoommtg",
"allowed_origins": [
"https://somesite.zoom.us"
]
}
]'/>
macOS
<dict>
<key>AutoLaunchProtocolsFromOrigins</key>
<array>
<dict>
<key>protocol</key>
<string>zoommtg</string>
<key>allowed_origins</key>
<array>
<string>https://somesite.zoom.us</string>
</array>
</dict>
</array>
</dict>
policies.json
{
"policies": {
"AutoLaunchProtocolsFromOrigins": [{
"protocol": "zoommtg",
"allowed_origins": [
"https://somesite.zoom.us"
]
}]
}
}
BackgroundAppUpdate
Enable or disable automatic application update in the background , when the application is not running.
If set to true, application updates may be installed (without user approval) in the background, even when the application is not running. The operating system might still require approval.
If set to false, the application will not try to install updates when the application is not running.
If you have disabled updates via DisableAppUpdate
or disabled automatic updates via AppAutoUpdate
, this policy has no effect.
Compatibility: Firefox 90 (Windows only)
CCK2 Equivalent: N/A
Preferences Affected: app.update.background.enabled
Windows (GPO)
Software\Policies\Mozilla\Firefox\BackgroundAppUpdate = 0x1 | 0x0
请发表评论