Group Policy Block Extensions
Hello. I have trying to test a GPO this week that will lock down the use of extensions. In summary we are shifting to a complete "deny all/allow by exception format".
As a reference I have been using the below article as my source on how to set this up. https://github.com/mozilla/policy-templates#extensionsettings
After reading through the article the base example they have works flawlessly. I have put this base example below.
{
"*": {
"blocked_install_message": "Custom error message.",
"install_sources": ["https://yourwebsite.com/*"],
"installation_mode": "blocked",
"allowed_types": ["extension"]
},
"uBlock0@raymondhill.net": {
"installation_mode": "force_installed",
"install_url": "https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi"
},
"https-everywhere@eff.org": {
"installation_mode": "allowed"
}
}
The minute I try to change it though the whole thing breaks. For context, I have tried adding 1 password as a forced installed add in, and also try placing it below under allowed. See my example below of the one where I am putting it is allowed. Any idea of what I am doing wrong?
{
"*": {
"blocked_install_message": "Custom error message.",
"install_sources": ["https://yourwebsite.com/*"],
"installation_mode": "blocked",
"allowed_types": ["extension"]
},
"uBlock0@raymondhill.net": {
"installation_mode": "force_installed",
"install_url": "https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi"
},
"*": {
"installation_mode": "force_installed",
"install_url": "https://addons.mozilla.org/firefox/downloads/latest/1password-x-password-manager/latest.xpi"
}
}
Všechny odpovědi (1)
You have two instances of "*". For the second instance, you need to know the ID of that addon.
It's {d634138d-c276-4fc8-924b-40a0ea21d284}
I was able to get that using an addon I built to query IDs:
https://github.com/mkaply/queryamoid/releases
In your "*" section, you can remove install_sources and allowed_types.
install_sources is only needed if you want to allow extensions from another locations. and allowed_types is only needed if you aren't blocking addons and want to allow other things.