Firefox ESR v60.x Policy Configuration with JSON

kavankumar_josh
New Contributor III
New Contributor III

Has anyone prepared complete Firefox (/ESR) Customisation like CCK2 do with 'policies.json' ?

https://support.mozilla.org/en-US/kb/customizing-firefox-using-policiesjson

While I am working on this, I referred below URL and found many customisations:
https://github.com/mozilla/policy-templates/blob/master/README.md

Policy Schema: Important Help https://dxr.mozilla.org/mozilla-central/source/browser/components/enterprisepolicies/schemas/policies-schema.json

Though getting the Network and Proxy configuration, creates confusion here.
https://developer.mozilla.org/en-US/docs/Mozilla/Integrated_authentication

I also need help with Certificate import with this method, we have some custom certificates to be imported.

Sample of policies.json file I am working on:

{

"policies":

{

"BlockAboutConfig": false,

"BlockAboutProfiles": true,

"DisableAppUpdate": true,

"OverridePostUpdatePage": true,

"DisableFirefoxAccounts": true,

"DisablePrivateBrowsing": true,

"DisableMasterPasswordCreation": true,

"OfferToSaveLogins": false,

"DontCheckDefaultBrowser": true,

"DisableTelemetry": true,

"DisableFeedbackCommands": true,

}

}

15 REPLIES 15

el2493
Contributor III

Does the "autoconfig.js and mozilla.cfg" method still work (https://developer.mozilla.org/en-US/docs/Mozilla/Firefox/Enterprise_deployment_before_60#Choose_a_Fi...)? I know the page now says that it's for versions prior to 60, but the link on that page for instructions post-60 redirects to a generic support.mozilla.org page, and seaching on that page brings up https://support.mozilla.org/en-US/kb/deploying-firefox-customizations-macos, which mentions both JSON and the autoconfig/mozilla method.

el2493
Contributor III

(I'm asking because I've been using autoconfig.js/mozilla.cfg for a long time, and it's worked out really well for me).

cbrewer
Valued Contributor II

Unfortunately the certificates policy is Windows only right now.

Just_Jack
Contributor

Your policies.json file looks fine.
Our push was a two step.
First we create a .PKG and a policy to push Firefox ESR v60.
Then we create a .PKG of the JSON file.
/Applications/Firefox.app/Contents/Resources/distribution/policies.json
Create a smart group that lists all Macs that have Firefox ESR v60.
Create a policy to push the JSON .PKG scoped to the ESR smart group.
Key points:
1. Make sure Firefox ESR v60 is installed first
2. If Firefox ESR v60 is updated you'll need to push the created JSON policy out again.
I'm sure someone can create a cleaner script for this, but this is working for us.

kavankumar_josh
New Contributor III
New Contributor III

@el2493 Thank you so much for routing me to second article where I found a way to quarantine Firefox for making customisations. Even I am using the autoconfig.js/mozilla.cfg and it works till version older than v60.x.

As with v60.x and later they changed it to policies.json (possibly to make it uniform over cross platform)

Have you tried autoconfig.js/mozilla.cfg for Firefox ESR v60.x or later?

kavankumar_josh
New Contributor III
New Contributor III

cbrewer Thank you about the response on Certificate.

kavankumar_josh
New Contributor III
New Contributor III

@JSilin Thanks.

Our plan is almost similar to yours.

kavankumar_josh
New Contributor III
New Contributor III

@el2493 Tagging you in conversation correctly.

el2493
Contributor III

@kavankumar.joshi I tested on 60.1.0 last week (we're using the ESR) and the restrictions were still working with autoconfig.js/mozilla.cfg.

kavankumar_josh
New Contributor III
New Contributor III

@el2493 Mine is not supporting with v60.1.0;

I tried these 2 methods:

  1. Tried importing CCK2 on v60.1.0 to create new config file but the extension is not supported.
  2. Prepared autoconfig.js and cck2.cfg with CCK2 added on v52.x; then tried importing same to below locations:

>>> Firefox.app/Contents/Resources/defaults/pref/autoconfig.js
>>> Firefox.app/Contents/Resources/CCK2.cfg
>>> Firefox.app/Contents/Resources/CCK2 (For supported files)

What workflow does it happen to work with you?

el2493
Contributor III

@kavankumar.joshi for me it's the instructions I'd linked to above. I'm not using CCK2, so I just created:

  1. A custom autoconfig.js file (in /Applications/Firefox.app/Contents/Resources/defaults/pref
  2. A custom mozilla.cfg file (in /Applications/Firefox.app/Contents/Resources

In both cases I just copied and pasted the examples on the website and then made changes as necessary. For a few months I was using Composer to create packages where the .app and the custom files were already in place, then recently I started just using an unaltered FirefoxESR installer and then having a separate package to customize it. The custom package copies the files to /Library/Application Support/Firefox/Autoconfig/ and then uses a postinstall script to move them to the correct locations and change ownership/permissions. I can't remember exactly why I did it that way, but I think I either ran into some issue trying to put them directly into the .app or read about someone else having an issue doing that.

el2493
Contributor III

And just because it tripped me up for a while, if your autoconfig.js file is the same or similar to the one I linked to, make sure that it's not missing any semicolons (I learned that the hard way when I left off the 2nd semicolon).

kavankumar_josh
New Contributor III
New Contributor III

@el2493 I'll try it out today and let you know how it goes.

Thank you.

kavankumar_josh
New Contributor III
New Contributor III

One of my colleague found this https://addons.mozilla.org/en-US/firefox/addon/enterprise-policy-generator/
Really helpful.

cgiordano
Contributor

Old thread, but I found this because of the new DNS-over-HTTPS settings that they are soon going to enable by default.

I wanted to point out that starting with Firefox 60 and later config profiles are now supported. Their GitHub repo is really great and lists out every key and what the state names are.

Hope that helps if you're still struggling with this or would like to revamp from the JSON file to the config profile.