• 设为首页
  • 点击收藏
  • 手机版
    手机扫一扫访问
    迪恩网络手机版
  • 关注官方公众号
    微信扫一扫关注
    迪恩网络公众号
登陆 注册
描述文字

mozilla/policy-templates: Policy Templates for Firefox

原作者: [db:作者] 来自: 网络 收藏 邀请

开源软件名称:

mozilla/policy-templates

开源软件地址:

https://github.com/mozilla/policy-templates

开源编程语言:

HTML 100.0%

开源软件介绍:

These policies are in active development and so might contain changes that do not work with current versions of Firefox.

You should use the officially released versions if you are deploying changes.

Policies can be specified using the Group Policy templates on Windows, Intune on Windows, configuration profiles on macOS, or by creating a file called policies.json. On Windows, create a directory called distribution where the EXE is located and place the file there. On Mac, the file goes into Firefox.app/Contents/Resources/distribution. On Linux, the file goes into firefox/distribution, where firefox is the installation directory for firefox, which varies by distribution or you can specify system-wide policy by placing the file in /etc/firefox/policies.

Policy Name Description
3rdparty Set policies that WebExtensions can access via chrome.storage.managed.
AllowedDomainsForApps Define domains allowed to access Google Workspace.
AppAutoUpdate Enable or disable automatic application update.
AppUpdateURL Change the URL for application update.
Authentication Configure sites that support integrated authentication.
AutoLaunchProtocolsFromOrigins Define a list of external protocols that can be used from listed origins without prompting the user.
BackgroundAppUpdate Enable or disable the background updater (Windows only).
BlockAboutAddons Block access to the Add-ons Manager (about:addons).
BlockAboutConfig Block access to about:config.
BlockAboutProfiles Block access to About Profiles (about:profiles).
BlockAboutSupport Block access to Troubleshooting Information (about:support).
Bookmarks Add bookmarks in either the bookmarks toolbar or menu.
CaptivePortal Enable or disable the detection of captive portals.
Certificates
Certificates -> ImportEnterpriseRoots Trust certificates that have been added to the operating system certificate store by a user or administrator.
Certificates -> Install Install certificates into the Firefox certificate store.
Cookies Configure cookie preferences.
DefaultDownloadDirectory Set the default download directory.
DisableAppUpdate Turn off application updates.
DisableBuiltinPDFViewer Disable the built in PDF viewer.
DisabledCiphers Disable ciphers.
DisableDefaultBrowserAgent Prevent the default browser agent from taking any actions (Windows only).
DisableDeveloperTools Remove access to all developer tools.
DisableFeedbackCommands Disable the menus for reporting sites.
DisableFirefoxAccounts Disable Firefox Accounts integration (Sync).
DisableFirefoxScreenshots Remove access to Firefox Screenshots.
DisableFirefoxStudies Disable Firefox studies (Shield).
DisableForgetButton Disable the "Forget" button.
DisableFormHistory Turn off saving information on web forms and the search bar.
DisableMasterPasswordCreation Remove the master password functionality.
DisablePasswordReveal Do not allow passwords to be revealed in saved logins.
DisablePocket Remove Pocket in the Firefox UI.
DisablePrivateBrowsing Remove access to private browsing.
DisableProfileImport Disables the "Import data from another browser" option in the bookmarks window.
DisableProfileRefresh Disable the Refresh Firefox button on about:support and support.mozilla.org
DisableSafeMode Disable safe mode within the browser.
DisableSecurityBypass Prevent the user from bypassing security in certain cases.
DisableSetDesktopBackground Remove the "Set As Desktop Background..." menuitem when right clicking on an image.
DisableSystemAddonUpdate Prevent system add-ons from being installed or updated.
DisableTelemetry DisableTelemetry
DisplayBookmarksToolbar Set the initial state of the bookmarks toolbar.
DisplayMenuBar Set the state of the menubar.
DisplayMenuBar (Deprecated) Set the initial state of the menubar.
DNSOverHTTPS Configure DNS over HTTPS.
DontCheckDefaultBrowser Don't check if Firefox is the default browser at startup.
DownloadDirectory Set and lock the download directory.
EnableTrackingProtection Configure tracking protection.
EncryptedMediaExtensions Enable or disable Encrypted Media Extensions and optionally lock it.
EnterprisePoliciesEnabled Enable policy support on macOS.
Extensions Control the installation, uninstallation and locking of extensions.
ExtensionSettings Manage all aspects of extensions.
ExtensionUpdate Control extension updates.
FirefoxHome Customize the Firefox Home page.
FlashPlugin (Deprecated) Configure the default Flash plugin policy as well as origins for which Flash is allowed.
Handlers Configure default application handlers.
HardwareAcceleration Control hardware acceleration.
Homepage Configure the default homepage and how Firefox starts.
InstallAddonsPermission Configure the default extension install policy as well as origins for extension installs are allowed.
LegacyProfiles Disable the feature enforcing a separate profile for each installation.
LegacySameSiteCookieBehaviorEnabled Enable default legacy SameSite cookie behavior setting.
LegacySameSiteCookieBehaviorEnabledForDomainList Revert to legacy SameSite behavior for cookies on specified sites.
LocalFileLinks Enable linking to local files by origin.
ManagedBookmarks Configures a list of bookmarks managed by an administrator that cannot be changed by the user.
ManualAppUpdateOnly Allow manual updates only and do not notify the user about updates..
NetworkPrediction Enable or disable network prediction (DNS prefetching).
NewTabPage Enable or disable the New Tab page.
NoDefaultBookmarks Disable the creation of default bookmarks.
OfferToSaveLogins Control whether or not Firefox offers to save passwords.
OfferToSaveLoginsDefault Set the default value for whether or not Firefox offers to save passwords.
OverrideFirstRunPage Override the first run page.
OverridePostUpdatePage Override the upgrade page.
PasswordManagerEnabled Remove (some) access to the password manager.
PDFjs Disable or configure PDF.js, the built-in PDF viewer.
Permissions Set permissions associated with camera, microphone, location, and notifications.
PictureInPicture Enable or disable Picture-in-Picture.
PopupBlocking Configure the default pop-up window policy as well as origins for which pop-up windows are allowed.
Preferences Set and lock preferences.
Preferences (Deprecated) Set and lock some preferences.
PrimaryPassword Require or prevent using a primary (formerly master) password.
PromptForDownloadLocation Ask where to save each file before downloading.
Proxy Configure proxy settings.
RequestedLocales Set the the list of requested locales for the application in order of preference.
SanitizeOnShutdown (All) Clear all data on shutdown.
SanitizeOnShutdown (Selective) Clear data on shutdown.
SearchBar Set whether or not search bar is displayed.
SearchEngines
SearchEngines -> Add Add new search engines.
SearchEngines -> Default Set the default search engine.
SearchEngines -> PreventInstalls Prevent installing search engines from webpages.
SearchEngines -> Remove Hide built-in search engines.
SearchSuggestEnabled Enable search suggestions.
SecurityDevices Install PKCS #11 modules.
ShowHomeButton Show the home button on the toolbar.
SSLVersionMax Set and lock the maximum version of TLS.
SSLVersionMin Set and lock the minimum version of TLS.
SupportMenu Add a menuitem to the help menu for specifying support information.
UserMessaging Don't show certain messages to the user.
WebsiteFilter Block websites from being visited.
WindowsSSO Allow Windows single sign-on for Microsoft, work, and school accounts.

3rdparty

Allow WebExtensions to configure policy. For more information, see Adding policy support to your extension.

For GPO and Intune, the extension developer should provide an ADMX file.

Compatibility: Firefox 68
CCK2 Equivalent: N/A
Preferences Affected: N/A

macOS

<dict>
  <key>3rdparty</key>
  <dict>
    <key>Extensions</key>
    <dict>
      <key>[email protected]</key>
      <dict>
        <key>adminSettings</key>
        <dict>
          <key>selectedFilterLists</key>
          <array>
            <string>ublock-privacy</string>
            <string>ublock-badware</string>
            <string>ublock-filters</string>
            <string>user-filters</string>
          </array>
        </dict>
      </dict>
    </dict>
  </dict>
</dict>

policies.json

{
  "policies": {
    "3rdparty": {
      "Extensions": {
        "[email protected]": {
          "adminSettings": {
            "selectedFilterLists": [
              "ublock-privacy",
              "ublock-badware",
              "ublock-filters",
              "user-filters"
            ]
          }
        }
      }
    }
  }
}

AllowedDomainsForApps

Define domains allowed to access Google Workspace.

This policy is based on the Chrome policy of the same name.

If this policy is enabled, users can only access Google Workspace using accounts from the specified domains. If you want to allow Gmail, you can add consumer_accounts to the list.

Compatibility: Firefox 89, Firefox ESR 78.11
CCK2 Equivalent: N/A
Preferences Affected: N/A

Windows (GPO)

Software\Policies\Mozilla\Firefox\AllowedDomainsForApps = "managedfirefox.com,example.com"

Windows (Intune)

OMA-URI:

./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/AllowedDomainsForApps

Value (string):

<enabled/>
<data id="AllowedDomainsForApps" value="managedfirefox.com,example.com"/>

macOS

<dict>
  <key>AllowedDomainsForApps</key>
  <string>managedfirefox.com,example.com</string>
</dict>

policies.json

{
  "policies": {
    "AllowedDomainsForApps": "managedfirefox.com,example.com"
  }
}

AppAutoUpdate

Enable or disable automatic application update.

If set to true, application updates are installed without user approval within Firefox. The operating system might still require approval.

If set to false, application updates are downloaded but the user can choose when to install the update.

If you have disabled updates via DisableAppUpdate, this policy has no effect.

Compatibility: Firefox 75, Firefox ESR 68.7
CCK2 Equivalent: N/A
Preferences Affected: app.update.auto

Windows (GPO)

Software\Policies\Mozilla\Firefox\AppAutoUpdate = 0x1 | 0x0

Windows (Intune)

OMA-URI:

./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/AppAutoUpdate

Value (string):

<enabled/> or <disabled/>

macOS

<dict>
  <key>AppAutoUpdate</key>
  <true/> | <false/>
</dict>

policies.json

{
  "policies": {
    "AppAutoUpdate": true | false
  }
}

AppUpdateURL

Change the URL for application update if you are providing Firefox updates from a custom update server.

Compatibility: Firefox 62, Firefox ESR 60.2
CCK2 Equivalent: N/A
Preferences Affected: app.update.url

Windows (GPO)

Software\Policies\Mozilla\Firefox\AppUpdateURL = "https://yoursite.com"

Windows (Intune)

OMA-URI:

./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/AppUpdateURL

Value (string):

<enabled/>
<data id="AppUpdateURL" value="https://yoursite.com"/>

macOS

<dict>
  <key>AppUpdateURL</key>
  <string>https://yoursite.com</string>
</dict>

policies.json

{
  "policies": {
    "AppUpdateURL": "https://yoursite.com"
  }
}

Authentication

Configure sites that support integrated authentication.

See Integrated authentication for more information.

PrivateBrowsing enables integrated authentication in private browsing.

Compatibility: Firefox 60, Firefox ESR 60 (AllowNonFQDN added in 62/60.2, AllowProxies added in 70/68.2, Locked added in 71/68.3, PrivateBrowsing added in 77/68.9)
CCK2 Equivalent: N/A
Preferences Affected: network.negotiate-auth.trusted-uris,network.negotiate-auth.delegation-uris,network.automatic-ntlm-auth.trusted-uris,network.automatic-ntlm-auth.allow-non-fqdn,network.negotiate-auth.allow-non-fqdn,network.automatic-ntlm-auth.allow-proxies,network.negotiate-auth.allow-proxies,network.auth.private-browsing-sso

Windows (GPO)

Software\Policies\Mozilla\Firefox\Authentication\SPNEGO\1 = "mydomain.com"
Software\Policies\Mozilla\Firefox\Authentication\SPNEGO\2 = "https://myotherdomain.com"
Software\Policies\Mozilla\Firefox\Authentication\Delegated\1 = "mydomain.com"
Software\Policies\Mozilla\Firefox\Authentication\Delegated\2 = "https://myotherdomain.com"
Software\Policies\Mozilla\Firefox\Authentication\NTLM\1 = "mydomain.com"
Software\Policies\Mozilla\Firefox\Authentication\NTLM\2 = "https://myotherdomain.com"
Software\Policies\Mozilla\Firefox\Authentication\AllowNonFQDN\SPNEGO = 0x1 | 0x0
Software\Policies\Mozilla\Firefox\Authentication\AllowNonFQDN\NTLM = 0x1 | 0x0
Software\Policies\Mozilla\Firefox\Authentication\AllowProxies\SPNEGO = 0x1 | 0x0
Software\Policies\Mozilla\Firefox\Authentication\AllowProxies\NTLM = 0x1 | 0x0
Software\Policies\Mozilla\Firefox\Authentication\Locked = 0x1 | 0x0
Software\Policies\Mozilla\Firefox\Authentication\PrivateBrowsing = 0x1 | 0x0

Windows (Intune)

OMA-URI:

./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Authentication/Authentication_SPNEGO

Value (string):

<enabled/>
<data id="Authentication" value="1&#xF000;mydomain&#xF000;2&#xF000;https://myotherdomain.com"/>

OMA-URI:

./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Authentication/Authentication_Delegated

Value (string):

<enabled/>
<data id="Authentication" value="1&#xF000;mydomain&#xF000;2&#xF000;https://myotherdomain.com"/>

OMA-URI:

./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Authentication/Authentication_NTLM

Value (string):

<enabled/>
<data id="Authentication" value="1&#xF000;mydomain&#xF000;2&#xF000;https://myotherdomain.com"/>

OMA-URI:

./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Authentication/Authentication_AllowNonFQDN

Value (string):

<enabled/>
<data id="Authentication_AllowNonFQDN_NTLM" value="true | false"/>
<data id="Authentication_AllowNonFQDN_SPNEGO" value="true | false"/>

OMA-URI:

./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Authentication/Authentication_Locked

Value (string):

<enabled/> or <disabled/>

OMA-URI:

./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Authentication/Authentication_PrivateBrowsing

Value (string):

<enabled/> or <disabled/>

macOS

<dict>
  <key>Authentication</key>
  <dict>
    <key>SPNEGO</key>
    <array>
      <string>mydomain.com</string>
      <string>https://myotherdomain.com</string>
    </array>
    <key>Delegated</key>
    <array>
      <string>mydomain.com</string>
      <string>https://myotherdomain.com</string>
    </array>
    <key>NTLM</key>
    <array>
      <string>mydomain.com</string>
      <string>https://myotherdomain.com</string>
    </array>
    <key>AllowNonFQDN</key>
      <dict>
      <key>SPNEGO</key>
      <true/> | <false/>
      <key>NTLM</key>
      <true/> | <false/>
    </dict>
    <key>AllowProxies</key>
      <dict>
      <key>SPNEGO</key>
      <true/> | <false/>
      <key>NTLM</key>
      <true/> | <false/>
    </dict>
    <key>Locked</key>
    <true/> | <false/>
    <key>PrivateBrowsing</key>
    <true/> | <false/>
  </dict>
</dict>

policies.json

{
  "policies": {
    "Authentication": {
      "SPNEGO": ["mydomain.com", "https://myotherdomain.com"],
      "Delegated": ["mydomain.com", "https://myotherdomain.com"],
      "NTLM": ["mydomain.com", "https://myotherdomain.com"],
      "AllowNonFQDN": {
        "SPNEGO": true | false,
        "NTLM": true | false
      },
      "AllowProxies": {
        "SPNEGO": true | false,
        "NTLM": true | false
      },
      "Locked": true | false,
      "PrivateBrowsing": true | false
    }
  }
}

AutoLaunchProtocolsFromOrigins

Define a list of external protocols that can be used from listed origins without prompting the user. The origin is the scheme plus the hostname.

The syntax of this policy is exactly the same as the Chrome AutoLaunchProtocolsFromOrigins policy except that you can only use valid origins (not just hostnames). This also means that you cannot specify an asterisk for all origins.

The schema is:

{
 "items": {
  "properties": {
   "allowed_origins": {
    "items": {
     "type": "string"
    },
    "type": "array"
   },
   "protocol": {
    "type": "string"
   }
  },
  "required": [
   "protocol",
   "allowed_origins"
  ],
  "type": "object"
 },
 "type": "array"
}

Compatibility: Firefox 90, Firefox ESR 78.12
CCK2 Equivalent: N/A
Preferences Affected: N/A

Windows (GPO)

Software\Policies\Mozilla\Firefox\AutoLaunchProtocolsFromOrigins (REG_MULTI_SZ) =

[
  {
    "protocol": "zoommtg",
    "allowed_origins": [
      "https://somesite.zoom.us"
    ]
  }
]

Windows (Intune)

OMA-URI:

./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/AutoLaunchProtocolsFromOrigins

Value (string):

<enabled/>
<data id="JSON" value='
[
  {
    "protocol": "zoommtg",
    "allowed_origins": [
      "https://somesite.zoom.us"
    ]
  }
]'/>

macOS

<dict>
  <key>AutoLaunchProtocolsFromOrigins</key>
  <array>
    <dict>
      <key>protocol</key>
      <string>zoommtg</string>
      <key>allowed_origins</key>
      <array>
        <string>https://somesite.zoom.us</string>
      </array>
    </dict>
  </array>
</dict>

policies.json

{
  "policies": {
    "AutoLaunchProtocolsFromOrigins": [{
      "protocol": "zoommtg",
      "allowed_origins": [
        "https://somesite.zoom.us"
      ]
    }]
  }
}

BackgroundAppUpdate

Enable or disable automatic application update in the background, when the application is not running.

If set to true, application updates may be installed (without user approval) in the background, even when the application is not running. The operating system might still require approval.

If set to false, the application will not try to install updates when the application is not running.

If you have disabled updates via DisableAppUpdate or disabled automatic updates via AppAutoUpdate, this policy has no effect.

Compatibility: Firefox 90 (Windows only)
CCK2 Equivalent: N/A
Preferences Affected: app.update.background.enabled

Windows (GPO)

Software\Policies\Mozilla\Firefox\BackgroundAppUpdate = 0x1 | 0x0


鲜花
握手
雷人
路过
鸡蛋
该文章已有0人参与评论

请发表评论

全部评论

专题导读
More+
上一篇:
gnome-integration-team/firefox-gnome: GNOME 3 theme for Firefox (previously know ...发布时间:2022-05-13
下一篇:
paulrouget/firefox.html: Firefox.html is an experiment: trying to re-implement t ...发布时间:2022-05-13
热门推荐
More+
热门话题
More+
阅读排行榜

扫描微信二维码

查看手机版网站

随时了解更新最新资讯

139-2527-9053

在线客服(服务时间 9:00~18:00)

在线QQ客服
地址:深圳市南山区西丽大学城创智工业园
电邮:jeky_zhao#qq.com
移动电话:139-2527-9053

Powered by 互联科技 X3.4© 2001-2213 极客世界.|Sitemap