Help

Disable Extensions on Browsers

MPL
Contributor II

Posted on ‎12-21-2023 05:31 AM

Hello Jamf Nation,

 

Right now, the majority of our users are non-admins but are still able to install any extensions they want. We are looking for a way to only allow approved extensions and require an administrator to install any other for Firefox and Safari.

 

Google Chrome has a nice way to do it via sort of a "Self Service" method but it's proving to be a little more challenging for FireFox and Safari.

 

Does anyone have any thoughts or ideas on how this can be accomplished?

 

0 Kudos
Reply
4 REPLIES 4

mm2270
Legendary Contributor III

Posted on ‎12-21-2023 09:11 AM

https://chromeenterprise.google/policies/#BlockExternalExtensions

Chrome has a lot of options that can be managed. The link above is to their page that discusses controlling external extensions. Looks like you would need a profile using com.google.Chrome as the domain and using a key of BlockExternalExtensions with a value of true. Something like this maybe in plist form.

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
       <key>BlockExternalExtensions</key>
       <true/>
</dict>
</plist>

 I haven't tried this myself, so YMMV. But take a look at the link and test this out to see if it works for you.

Reply

mm2270
Legendary Contributor III
In response to mm2270

Posted on ‎12-21-2023 10:46 AM

And, of course, I messed up when I read your post. I see you want to do this for Firefox and Safari, not Chrome. Sorry about that!

I believe Safari has some options to disable extensions, but I'm honestly not sure regarding Firefox. Doing some searches pull up a few hits you can check out.

https://community.jamf.com/t5/jamf-pro/locking-down-safari-firefox-extensions/m-p/258762

 

Reply

AJPinto
Honored Contributor III

Posted on ‎12-21-2023 11:00 AM

Much like Google, Mozilla keeps enterprise documentation for managing Firefox. You should just need a Application & Custom Settings Configuration Profile with the correct XML to block installing extensions.

https://support.mozilla.org/en-US/kb/where-can-i-find-list-policies-firefox-enterprise

https://mozilla.github.io/policy-templates/

https://mozilla.github.io/policy-templates/#extensions

Reply

edamelio
New Contributor III

Posted on ‎01-05-2024 12:55 PM

All of the above are correct - I have it set that configuration profiles for the most common browsers / those available in self-service only allow certain pre-approved extensions. It is a royal pain to maintain the lists of allowed extensions but it is worth not having unknown extensions in the wild. You can also force install certain extensions i.e. if you have a corporate password manager or something like that. Along with disabling the built in one forces users to actually take advantage of the resource. 

0 Kudos
Reply