Help

Locking Down Firefox

Not applicable

Posted on ‎02-15-2011 02:26 PM

Does anyone have any experience in locking down Firefox preferences??
Working in a school district, we have a lot of VERY clever youngsters, and
it would be helpful if I could set certain preferences, and then lock them
down, or even password-protect them. I can set the Master Password, but
this only helps with saving passwords or retrieving stored passwords.
Nothing else.

Anyone have any ideas other than un-installing Firefox (that is on the
table)??

Thanks.

Russell Shehan MCTS, ACTC
Operations Technician
Hartland-Lakeside School District
Office: 262-369-6736
Cell: 262-949-2439
http://www.hartlake.org

0 Kudos
11 REPLIES 11

tlarkin
Honored Contributor

Posted on ‎02-15-2011 03:08 PM

Russell,

I went down this road before, it is nearly futile. I had some extensions I used to lock down firefox. Things like Public Fox, and well now it has been long enough I forget the others, but public fox allowed you to really restrict fireox and password protected all the preferences. The problem is, firefox is completely self contained, so there is no way to really apply this add on globally.

All a user needs to do is delete their profile in the ~/Library/Application Support folder to bypass the password. Unless you modify the user template so they get that preference every time, though I am not sure if you can hard code that in firefox. Further more you can from the command line open up a profile manager and import a profile with some fancy scripting.

In the end, I found the total cost of ownership of managing firefox too high. I don't have time to waste all week tweaking and scripting FF packaging every time it updates to write up a new package.

Even global installs of extensions are a pain. The only way it works for me is if I do the old archaic install everything and build the monolith image. If you use package based deployment, which I do it seems very difficult. Firefox developers may one day follow Apple standards on their app and you can edit preferences and a managed environment.

If you get it to work let me know please

-Tom

?xml version="1.0" encoding="UTF-8"?>

0 Kudos

quade
New Contributor

Posted on ‎02-15-2011 03:51 PM

There is actually a fairly easy way to manage Firefox settings that is
independent from the individual user. You can modify the configuration
files inside of the Firefox.app bundle so that anytime a user launches the
application it can supersede (or populate) the settings in their
~/Library/Application Support/Firefox profile.

The best write up on this topic is from Greg Neagle at <http://managingosx.wordpress.com/2010/01/11/firefox-default-settings-revisited/>

We've used this method for both Firefox and SeaMonkey on Mac OS X and
Windows for a few years in our district. It's a great method because we
don't have to maintain a stock profile folder at all. The user's local
Firefox profile is created based upon the settings in the app's
configuration. You can even specify the starting point for bookmarks this
way. If you use "lockPref", the user won't even be able to change the
setting at all. We use this for proxy settings, updates, etc. Practically every setting can be preset. If you have more detailed
questions on specific settings or setup, let me know. I'd be glad to
help, share our config file, etc. I suggest checking out Greg's post
first, though. It's where I learned everything about this method (and he
includes links to Mozilla for more reference).

0 Kudos

Not applicable

Posted on ‎02-15-2011 04:00 PM

Has anybody used this?

https://addons.mozilla.org/en-US/firefox/addon/cck/

We are looking into using here.

-Matt

0 Kudos

donmontalvo
Esteemed Contributor III

Posted on ‎02-15-2011 06:54 PM

Hi Russell,

Someone sent me these links a while back, but we ended up taking the position that we don't support Firefox, so never had a chance to get my feet wet. Hope it helps...

http://www.stanford.edu/dept/its/projects/desktop/dcm/dcm_firefox_dll_specs.pdf
http://www.mactech.com/articles/mactech/Vol.24/24.12/2412MacEnterprise/index.html

Thanks,
Don

--
https://donmontalvo.com
0 Kudos

talkingmoose
Moderator
Moderator

Posted on ‎02-15-2011 08:21 PM

Yes, I'm using it here. Works very well. Easy to configure the most common
On 2/15/11 6:00 PM, "Matthew Butch" <matt at pennmanor.net> wrote:
preferences such as homepage, proxy, etc. Easy to configure anything in
about:config. Easy to deploy and the settings are nicely kept separate
from the Firefox.app package itself. MacTech magazine had a how-to a few
issues back

I highly recommend it for the price, which is free..

--

William Smith
Technical Analyst
Merrill Communications LLC
(651) 632-1492

0 Kudos

jarednichols
Honored Contributor

Posted on ‎02-16-2011 06:01 AM

We also use this to create customized Firefox packages for Windows and Mac.

j
-- Jared F. Nichols
Desktop Engineer, Client Services
Information Services Department
MIT Lincoln Laboratory
244 Wood Street
Lexington, Massachusetts 02420
781.981.5436

0 Kudos

tlarkin
Honored Contributor

Posted on ‎02-16-2011 09:09 AM

The problem I had was trying to deploy add ons, with certain settings to all users. So I just stopped trying. I will maybe revisit this with Neagle's article there. I had read that before, and I cannot remember what aspect would not work for me, but something didn't work. I found out at the time it wasn't really that plausible to do what I was trying to do.

When I get time I will look at repacking firefox.

thanks,

tom

0 Kudos

rmanly
Contributor III

Posted on ‎02-24-2011 09:34 AM

I used the approach of modifying the Application bundle as well. Here
is what I have done. This internal wiki article shows the locations of
the files on both Mac OS and Windows and we have customized both.

***

Firefox Customizations
Here are the customizations I made to Firefox.

  1. I added the following lines to the all.js file located here:

/Applications/Firefox.app/Contents/MacOS/greprefs/all.js
C:Program FilesMozilla Firefoxgreprefsall.js

EDIT: 05/17/2010 When saving from Notepad be sure that the encoding
format is Unicode. If it defaults to UTF-8 Firefox will fail to launch

// glenbrook225.org additions
pref("general.config.obscure_value", 0);
pref("general.config.filename", "firefox_AA.cfg");

The all.js file is read top down and lower commands take precedence
over higher commands. Therefore we make the above change at the end of
the file. If you search around online for information about
customizing Firefox you will find many sites that say, "The file must
be encoded, and renamed. The encoding is a simple “byte-shifting” with
an offset of 13." The second line above, "…obscure_value", 0);"
removes the need to do the ROT-13 offset. The third line simply
specifies a secondary config file for it to parse.

  1. This second config file is a plain text file that is used to lockdown settings:

/Applications/Firefox.app/Contents/MacOS/firefox_AA.cfg
C:Program FilesMozilla Firefoxfirefox_AA.cfg

// application updates
lockPref("app.update.enabled", false);
lockPref("app.update.auto", false);
lockPref("extensions.update.enabled", false);
lockPref("browser.search.update", false);

// Default browser check
pref("browser.shell.checkDefaultBrowser", false);

This is fairly easy to comprehend we turn off the ability for someone
to go to the Help menu and do a "Check for Updates…". We also turn off
auto updates, search engine updates, and extension updates. The last
line disables Firefox checking to see if it is the default browser.

EDIT: added the following

// Get rid of Welcome tab
pref("browser.startup.homepage_override.mstone", "ignore");

EDIT (08/20/10):

Added the following for student machines at the suggestion of Rast.

// Download Directory
lockPref("browser.download.useDownloadDir", true);
lockPref("browser.download.dir", "~/Desktop");
lockPref("browser.download.folderList", 2);

  1. To set http://www.glenbrook225.org as the default homepage we edit the following:

/Applications/Firefox.app/Contents/MacOS/browserconfig.properties
C:Program FilesMozilla Firefoxrowserconfig.properties

browser.startup.homepage=http://www.glenbrook225.org
browser.startup.homepage_reset=http://www.glenbrook225.org

  1. The last change is turning off the import wizard to get bookmarks etc. from IE or Safari et al. on first run. Create the file:

/Applications/Firefox.app/Contents/MacOS/override.ini
C:Program FilesMozilla Firefoxoverride.ini

[XRE]
EnableProfileMigrator=false

REFERENCES:

http://managingosx.wordpress.com/2008/08/18/firefox-default-settings/
http://mit.edu/~firefox/www/maintainers/autoconfig.html
http://gemal.dk/mozilla/files.html

[0-0]: http://www.pcc-services.com/kixtart/firefox-lockdown.html
"Firefox Lockdown Information - pcc-services.com"
[0-1]: http://www.pcc-services.com/kixtart/scripts/disableAboutConfig.js
"http://www.pcc-services.com/kixtart/scripts/disableAboutConfig.js"
[0-2]: http://managingosx.wordpress.com/2008/08/18/firefox-default-settings/
"Firefox default settings « Managing OS X"
[0-3]: http://1laptop1student.blogspot.com/2008/06/locking-down-firefox-in-mac.html
"1 Laptop : 1 Student: Locking Down Firefox in Mac"

***

Good luck!

Ryan M. Manly
Glenbrook High Schools

0 Kudos

Babybingle
New Contributor

Posted on ‎01-21-2013 12:08 PM

Well thanks for keeping this on the first page of google.... When Russ says "we have a lot of VERY clever youngsters"
he is talking about my friends, and anyone with a brain would check google to bypass your security... I win, try again!

-Former NSMS Student

0 Kudos

Babybingle
New Contributor

Posted on ‎01-21-2013 12:08 PM

Well thanks for keeping this on the first page of google.... When Russ says "we have a lot of VERY clever youngsters"
he is talking about my friends, and anyone with a brain would check google to bypass your security... I win, try again!

-Former NSMS Student

0 Kudos

DBrowning
Valued Contributor II

Posted on ‎08-25-2015 04:42 AM

I have created these two files and placed them where they say to. i still can't get this working properly. Does anyone know if in the newer versions of FF the files need to be in a different location or a different format?

here is the config file i'm creating:

// disable application updates
pref("app.update.enabled", false);

// make absolutely sure it is really off
lockPref("app.update.auto", false);
lockPref("app.update.mode", 0);
lockPref("app.update.service.enabled", false);

// disables the 'know your rights' button from displaying on first run
pref("browser.rights.3.shown", true);

// Don't show WhatsNew on first run after every update
pref("browser.startup.homepage_override.mstone","ignore");

// Disable crash reporter
lockPref("toolkit.crashreporter.enabled", false);
Components.classes["@mozilla.org/toolkit/crash-reporter;1"].getService(Components.interfaces.nsICrashReporter).submitReports = false;

// disables the request to send performance data from displaying
pref("toolkit.telemetry.prompted", 2);
pref("toolkit.telemetry.rejected", true);

//Lock down show passwords lockPref("privacy.item.passwords", false);
lockPref("signon.rememberSignons", false);
lockPref("pref.privacy.disable_button.view_passwords", true);

0 Kudos