The Firefox Enterprise Policies

Mozilla has integrated this new feature in Firefox version 60. It is meant to help enterprise admins, who deploy Firefox as software package to computers in their organization.

The Enterprise Policy feature provides two new ways to configure Firefox (besides the old autoconfig aka mozilla.cfg):

  • A config file named policies.json
  • Windows Group Policy Objects (GPO)

Interactions:

  • If Autoconfig and either variant of policies are used, policies win.
  • If any policies are set with GPO, the json file is ignored.

Requirements:

  • Firefox version 60 or later.
  • In Windows some options require Firefox ESR or domain-joined PCs.
    (It is currently unclear how Firefox detects the domain membership, and whether it must be an Active Directory domain)

Howto use the admx templates

  1. Copy firefox.admx to C:\Windows\PolicyDefinitions
  2. Copy firefox.adml to C:\Windows\PolicyDefinitions\en-US
  3. Run gpedit.msc or RSAT (Remote Server Administration Tools).

Howto use create the json file

The currently supported policies are listed here. New policies are added with every version, and so far all new policies are available both in the latest RR (Rapid Release), and in the latest ESR (Extended Service Release).

Multiple policies must be separated with commas. Multiple options to one policy must be placed in curly brackets, and separated with commas.

A Generator addon was published (german). More info.

The json file must be placed in a subdirectory named distribution in the program directory. In Windows the path will be something like
C:\Program Files\Mozilla Firefox\distribution\policies.json
This directory does usually not yet exist, you must create it.

Sample file:

{
 "policies": {
    "DisableAppUpdate": true,
    "DisableBuiltinPDFViewer": true,
    "DisableFirefoxAccounts": true,
    "DisableFirefoxStudies": true,
    "DisablePocket": true,
    "DisableProfileRefresh": true,
    "DisableTelemetry": true,
    "DontCheckDefaultBrowser": true,
    "EnableTrackingProtection": { "Value": true, "Locked": false },
    "Proxy": { "Mode": "none", "Locked": false },
    "SearchBar": "separate"
  }
}

Errors in the file are reported on the page "about:policies", but this feature needs at least Firefox version 63. This is the typical way how Mozilla develops new feature: publish it long before its ready.

Howto not document a new feature

My quest to find a web page which describes this new feature led to this rant:

The new Wiki page (specifically made to document this new feature)
https://wiki.mozilla.org/Firefox/EnterprisePolicies

only points to
https://developer.mozilla.org/Firefox/Enterprise_deployment

which only points to
https://support.mozilla.org/products/firefox-enterprise

which points to different places, amongst them
https://support.mozilla.org/products/firefox-enterprise/policies-enterprise

which only points to
https://support.mozilla.org/kb/customizing-firefox-using-policiesjson

which contains a tiny bit of information, and points to a readme on github
https://github.com/mozilla/policy-templates/blob/master/README.md

And there the first sentence is the only one that says what this is all about.

Hey Mozilla, I'm not impressed!

There are of course a lot of things missing in that sentence. For example that this is supposed to replace autoconfig. And that in Windows several of these options only work if either the ESR version is used, or the configured PCs are members of a Windows Domain. Also how do the two methods relate to each other, and to autoconfig: which does take precedence?

Lets hope that eventually Mozilla will write some decent documentation for this new feature.

P.S. No, I'm not gonna read the source to extract the required infos from there.


Changelog:

  • 2018-09-17 corrected directory, add interactions, add sample
  • 2018-05-31 cleanup
  • 2018-05-30 add howto use the admx templates, and links to generator and source.
  • 2018-05-25 new

Impressum