DisableAppUpdate in policies.json doesn't work
I am trying to implement a policies.json file in 32-bit Firefox 78.6.1 ESR on Windows 10 Pro 64-bit. With Firefox not running, I have created a distribution folder as follows:
C:\Program Files(x86)\Mozilla Firefox\distribution
The folder contains a policies.json file with the following script:
{
"policies": { "DisableAppUpdate": true }
}
There are no Registry settings concerning this on my computer. Although the computer is joined to a domain, there are no Firefox GPOs in place.
When I run Firefox I do not get any error messages. about:support indicates that the Enterprise policies are active. about:policies only lists a certificate policy; DisableAppUpdate does not appear there. in the Options menu I see "Your browser is being managed by your organization" at the top, but in the Firefox Updates section I still have the two items:
Automatically install updates (recommended) Check for updates but let you choose to install them
The second option is checked.
After creating the policies.json file I expected to see nothing in the Firefox Updates section except a message stating updates have been disabled, and I expected to see DisableAppUpdates listed in about:policies.
What am I doing wrong?
Thanks.
Toutes les réponses (4)
If there is a certificate policy listed, but nothing is present in policies.json then it is likely that there are still GPO rules active.
Did you check GPO on bot HKLM and HKCU ?
You can inspect the Mozilla and Firefox keys with the Windows Registry Editor in HKEY_LOCAL_MACHINE and in HKEY_CURRENT_USER with the Windows Registry Editor to see whether GPO policy rules are active.
- HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Mozilla\Firefox\
- HKEY_CURRENT_USER\SOFTWARE\Policies\Mozilla\Firefox\
Note that the mere presence of the "Mozilla\Firefox\" key is sufficient to make Firefox display this notification, so if you have the Firefox key then remove it and only leave the Mozilla key or remove this key as well if it is empty.
- HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Mozilla\Firefox\ =>
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Mozilla\
Thank you.
HKCU\Software\Policies contains no Mozilla node so we're good there.
HKLM\Software\Policies\Mozilla\Firefox\ contains an \Extensions node and a \NativeMessagingHosts node. The latter is essentially empty but the former contains entries for Foxit PhantomPDF. I am concerned about deleting nodes that contain keys. What happens to those extensions if I remove \Firefox\Extensions? (I also have the New Tab Homepage extension but it doesn't seem to have registry key in that location. I don't know what other users for whom I want to implement this may have installed however.)
You can leave that node.
I'm curious where that certificate policy is coming from if it doesn't come from the registry and your policies.json file doesn't contain it.
You did make sure that policies.json doesn't have a hidden .txt file extension (policies.json.txt) ?
The policy in about:policies is:
Certificates ImportEnterpriseRoots true
I thought that was something that came with setting Enterprise Polices to Active (which I did not do; it was already set that way) and was required in order for the policies.json file to work. It's not in my policies.json file.
I don't see any GPOs referencing Mozilla or Firefox on the domain controller--and I didn't expect to because I have never installed an admx for Firefox there.
What else can I try?
Thanks.