Manage Firefox via Group Policy - Easy Method
You would think that Firefox by now would have some sort of "official" way to manage their browser and start making inroads into the corporate market, given all the hatred of IE about vulnerabilities and standards.
But they haven't.
I found a few methods, one promising one was www.frontmotion.com, but it is rebranded. A few other nasty hacks that didn't feel right.
So, here is my solution:
- Create a group policy object
- Per User
- Login Script
- Create a batch file containing the following and point your policy to run the batch file:
if exist "%APPDATA%\Mozilla\Firefox" for /D %%F in ("%APPDATA%\Mozilla\Firefox\Profiles\*") do copy /y \\*domain_name*\netlogon\user.js %%F
Replace with YOUR domain name, no * *.
This checks to see if Firefox is installed, if it is, copy a file named user.js (will create in next step) to Firefox's profile directory. Why the fancy copy command? Because Firefox creates a random profile folder in the user's application directory.
- Create a file named "user.js" and put it in your domain netlogon share (\\*domain_name*
\netlogon)
The contents of this file is what controls the settings of firefox, here is an example of my settings:
user_pref("network.automatic-ntlm-auth.trusted-uris", "webfilter1,webfilter2");
user_pref("browser.search.defaulturl","http://www.google.com/");
user_pref("browser.startup.homepage","http://www.google.com");
user_pref("update_notifications.provider.0.frequency",30);
user_pref("security.warn_viewing_mixed",false);
user_pref("browser.shell.checkDefaultBrowser",false);
user_pref("profile.confirm_automigration",false);
user_pref("startup.homepage_welcome_url", "");
user_pref("browser.search.update", false);
user_pref("app.update.enabled", false);
user_pref("extensions.update.enabled", false);
I am not explaining all the settings here, you can find more info about user.js file here: http://kb.mozillazine.org/User.js_file
Basically, any setting in Firefox's about:config, you can add using the format above, one per line.
So here is how it works.
User logs in, user.js is copied to their computer, Firefox loads, reads it preferences from prefs.js then reads user.js and settings in the user.js file override the prefs.js file.
Why not just edit the prefs.js file? Because Firefox will restore prefs.js on close, over-writing your file.
Full Disclaimer: This method was developed by a buddy I work with.
Thanks for the script. Worked great in Win7, but needed a bit of tweaking to work in XP - specifically the following lines need to be in quotes, otherwise the copy command will return (or at least in my case) a syntax error:
ReplyDelete"\\*domain_name*\netlogon\user.js" "%%F"
This works perfectly, I cannot thank you enough for publishing this. I really didn't want to install a plugin etc, so this script was a perfect solution for me.
ReplyDeleteMany thanks
Is it possible to do this using the built in File Replace feature in group policy? I have tried but the random *.default folder is causing me issues. Any Ideas?
ReplyDeleteThis is what we found to work for both Windows 7 and XP clients:
ReplyDeleteif exist "%APPDATA%\Mozilla\Firefox" for /D %%F in ("%APPDATA%\Mozilla\Firefox\Profiles\*") do copy /y "\\*domain_name*\netlogon\user.js" "%%F"
Excellent suggestions!