Simply put we are looking for a way to disable the ability to save passwords in the major three browsers (Safari, Firefox, Chrome). Through all of our searching we're unable to find which preference files, or settings we can push out via Jamf to disable this. It seems the modern versions of the browsers make this complicated. Ideally if it was a package we could deploy via a policy that would be perfect, especially if the users themselves couldn't go and manually enabled this option later. Also if it was something we had to run say, once per day, we are probably open to doing that as well. Just seeing if anyone has any ideas or methods they are using.
+11The way I've handled this in the past comes in a few diffrent forms.
For Safari:
On an admin system setup the Safari Prefs exactly how I wanted them to be. Then copy the com.Apple.Safari plist from (User Library Prefs) to my desktop. Open it in your favorite text editor and remove any settings you may not want or need. Lastly I would import that into a JAMF Config Profile as a custom setting. (Note: I believe in Mojave the Safari settings are now stored in a db file so this may only work in OSs below 10.14.x)
For Firefox:
Use the CCK2 extension, package up the resulting files using composer and deploy the package to a smart group for systems with Firefox installed
For Google Chrome:
Use Google Chrome Managed Prefrences which in turn would also become a a JAMF config profile.
+13Thanks a ton for the info @ShaunRMiller83 Chrome is now going to be locked down and we're working on the other two.
+2You can disable Safari autofill in configuration profiles. Under restrictions there is an Allow Safari AutoFill checkbox.
Please excuse the rant, but I'm curious as to the reasoning behind this? This just sounds like bad news to me. Preventing users from using the built-in password management features will likely force users into bad habits (e.g. using simple, easy to guess password and re-using passwords at multiple sites). Teaching and enforcing good password habits would seem to be a better approach. Might this be a technical solution to a non-technical problem?
Just my $0.02.
Thanks @Nate1981 if this works; I will test it out.
@jcarr .... I would agree in that if you were not providing an alternative to good habits with passwords this would be a bad idea BUT if you were building an enterprise password management solution this is a much needed step to assist in enforcing new habits.
+10ShaunRMiller83 wrote:
The way I've handled this in the past comes in a few diffrent forms.
For Safari:
On an admin system setup the Safari Prefs exactly how I wanted them to be. Then copy the com.Apple.Safari plist from (User Library Prefs) to my desktop. Open it in your favorite text editor and remove any settings you may not want or need. Lastly I would import that into a JAMF Config Profile as a custom setting. (Note: I believe in Mojave the Safari settings are now stored in a db file so this may only work in OSs below 10.14.x)
For Firefox:
Use the CCK2 extension, package up the resulting files using composer and deploy the package to a smart group for systems with Firefox installed
For Google Chrome:
Use Google Chrome Managed Prefrences which in turn would also become a a JAMF config profile.
This post was mentioned in another question where there was a question about more detail, namely https://community.jamf.com/t5/jamf-pro/disable-chrome-auto-fill-and-saving-for-passwords-and-credit/td-p/247662 referencing
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>PasswordManagerEnabled</key>
<false />
</dict>
</plist>
+2gabester wrote:
This post was mentioned in another question where there was a question about more detail, namely https://community.jamf.com/t5/jamf-pro/disable-chrome-auto-fill-and-saving-for-passwords-and-credit/td-p/247662 referencing
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>PasswordManagerEnabled</key>
<false />
</dict>
</plist>
hello, once it blocks do you know how to delete the passwords already saved in Chrome?
+1robin79 wrote:
hello, once it blocks do you know how to delete the passwords already saved in Chrome?
If you add this to your chrome config profile you can set it to remove password data every 12h. Can also be done on Chrome exit. Note that you need to have the SyncDisabled option set to true before automatic deletion will work.
<key>BrowsingDataLifetime</key>
<array>
<dict>
<key>data_types</key>
<array>
<string>password_signin</string>
<string>autofill</string>
</array>
<key>time_to_live_in_hours</key>
<integer>12</integer>
<key>SyncDisabled</key>
<true />
<key>PasswordManagerEnabled</key>
<false />
</dict>
</array>
+4gabester wrote:
This post was mentioned in another question where there was a question about more detail, namely https://community.jamf.com/t5/jamf-pro/disable-chrome-auto-fill-and-saving-for-passwords-and-credit/td-p/247662 referencing
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>PasswordManagerEnabled</key>
<false />
</dict>
</plist>
gabester hello is it possible that you can create a step by step on this? appreciate the assistance
+4mforeman1 wrote:
gabester hello is it possible that you can create a step by step on this? appreciate the assistance
Hello- did you get a step by step on this? Config profile to NOT save passwords in Chrome and to delete all saved passwords? Thanks!
+1gabester wrote:
This post was mentioned in another question where there was a question about more detail, namely https://community.jamf.com/t5/jamf-pro/disable-chrome-auto-fill-and-saving-for-passwords-and-credit/td-p/247662 referencing
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>PasswordManagerEnabled</key>
<false />
</dict>
</plist>
Can have same setting for Firefox browser as well as?
+1medmason wrote:
If you add this to your chrome config profile you can set it to remove password data every 12h. Can also be done on Chrome exit. Note that you need to have the SyncDisabled option set to true before automatic deletion will work.
<key>BrowsingDataLifetime</key>
<array>
<dict>
<key>data_types</key>
<array>
<string>password_signin</string>
<string>autofill</string>
</array>
<key>time_to_live_in_hours</key>
<integer>12</integer>
<key>SyncDisabled</key>
<true />
<key>PasswordManagerEnabled</key>
<false />
</dict>
</array>
if have any configuration file for firefox?
Reply
Most helpful members this week
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.