This site will have limited functionality while we undergo maintenance to improve your experience. If an article doesn't solve your issue and you want to ask a question, we have our support community waiting to help you at @FirefoxSupport on Twitter and/r/firefox on Reddit.

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Building Firefox MSI with Root CAs, ntlm settings, and Add-ons disabled

  • 4 replies
  • 2 have this problem
  • 1 view
  • Last reply by jr_admin

more options

I need to build a Firefox MSI that has one Root CA automatically installed, some NTLM settings configured, and Add-ons disabled by default with users unable to turn it back on.

I know that Add-ons can be disabled with Firefox running in safe mode.  I know how to add the Root CAs and I believe I can change the NTLM settings while monitoring with EMCO (an MSI builder) without issue.  Otherwise I know that I can create a config file for the NTLM settings.

However, I am very stumped with how I would configure the Root CA to automatically be a trusted root. I am going to try monitoring while I add change all of these settings, but I am concerned that the package that I build will not be complete.

I am completely stumped about how to turn off Add-ons. If it is an about:config setting, is there a way to lock down about:config?

Thank you very much for the help guys, I'm always impressed at the level of intelligence found throughout the Mozilla forums.

I need to build a Firefox MSI that has one Root CA automatically installed, some NTLM settings configured, and Add-ons disabled by default with users unable to turn it back on. I know that Add-ons can be disabled with Firefox running in safe mode. I know how to add the Root CAs and I believe I can change the NTLM settings while monitoring with EMCO (an MSI builder) without issue. Otherwise I know that I can create a config file for the NTLM settings. However, I am very stumped with how I would configure the Root CA to automatically be a trusted root. I am going to try monitoring while I add change all of these settings, but I am concerned that the package that I build will not be complete. I am completely stumped about how to turn off Add-ons. If it is an about:config setting, is there a way to lock down about:config? Thank you very much for the help guys, I'm always impressed at the level of intelligence found throughout the Mozilla forums.

All Replies (4)

more options

hello, you can disable the possibility to install addons with the method described at http://kb.mozillazine.org/Locking_preferences and this line in the configuration file:

lockPref("xpinstall.enabled", false);
more options

Awesome. Thank you! Do you know how any way to automatically import a trusted certificate?

more options

Chosen Solution

more options

philipp, you've been an amazing help. Thank you so much.