I have blocked adding extensions using a cfg file and that stops users adding extensions through the browser. However users can still add an extension by copying the XPI file from a pen drive and dropping it in to C:\users\USERNAME\appdata\roaming\mozilla\firefox\profiles\RANDOMFILENAME.default\extensions\. When firefox is started it prompts with 'Another program on your computer would like to modify firefox with the following add-on:' with a checkbox to allow installation. Is there any way of preventing this? This is the cfg file I am using pref("browser.rights.3.shown", true); pref("browser.startup.homepage", "http://url"); pref("network.automatic-ntlm-auth.trusted-uris", "queensbury.local"); lockPref("extensions.update.enabled", false); lockPref("extensions.getAddons.get.url","http://url"); lockPref("extensions.getAddons.getWithPerformance.url","http://url"); lockPref("extensions.getAddons.recommended.url","http://url"); lockPref("extensions.getAddons.search.browseURL","http://url"); lockPref("extensions.getAddons.search.url","http://url"); lockPref("extensions.webservice.discoverURL","http://url"); lockPref("xpinstall.enabled" ,false); lockPref("app.update.enabled", false); // make absolutely sure it is really off lockPref("app.update.auto", false); lockPref("app.update.mode", 0); lockPref("app.update.service.enabled", false); // Disable health reporter lockPref("datareporting.healthreport.service.enabled", false); // Disable all data upload (Telemetry and FHR) lockPref("datareporting.policy.dataSubmissionEnabled", false); // Disable crash reporter lockPref("toolkit.crashreporter.enabled", false); Components.classes["@mozilla.org/toolkit/crash-reporter;1"].getService(Components.interfaces.nsICrashReporter).submitReports = false;