본 사이트는 여러분의 사용자 경험을 개선하기 위해 유지 보수를 진행하는 동안 기능이 제한됩니다. 도움말로 문제가 해결되지 않고 질문을 하고 싶다면 Twitter의 @FirefoxSupport 및 Reddit의 /r/firefox 채널을 활용하세요.

Mozilla 도움말 검색

고객 지원 사기를 피하세요. 저희는 여러분께 절대로 전화를 걸거나 문자를 보내거나 개인 정보를 공유하도록 요청하지 않습니다. "악용 사례 신고"옵션을 사용하여 의심스러운 활동을 신고해 주세요.

자세히 살펴보기

Enterprise Policies deployed despite no Group Policy being configured

  • 5 답장
  • 1 이 문제를 만남
  • 339 보기
  • 최종 답변자: Damon

more options

Our organisation made Group Policy changes today clients relating to disabling Windows Hello on Windows 10. These seem to have had unintended effects on Firefox. Note we do not implement any Firefox specific *.admx — these Firefox Enterprise Policies seem to have been activated by some other means.

The Firefox Enterprise policies are:

  • DisableFirefoxAccounts true
  • PasswordManagerEnabled false
  • OfferToSaveLogins false
  • OfferToSaveLoginsDefault false

Upon reporting the side-effect, we rolled-back most of the Group Policy changes, only maintaining the following remnants:

Computer Policy\Administrative Templates\System/Logon

  • Turn on convenience PIN sign-in

Computer Policy\Administrative Templates\Windows Components/Biometrics

  • Allow domain users to log on using biometrics
  • Allow the use of biometrics
  • Allow users to log on using biometrics

Computer Policy\Administrative Templates\Windows Components/Windows Hello for Business

  • Use biometrics

However, even with only those Group Policies being implemented, the following 2 Firefox Enterprise Policies remain active:

  • OfferToSaveLogins false
  • OfferToSaveLoginsDefault false

Are the above interactions between Windows Group Policy and Firefox documented or known?

Our organisation made Group Policy changes today clients relating to disabling Windows Hello on Windows 10. These seem to have had unintended effects on Firefox. Note we '''do not''' implement any Firefox specific *.admx — these Firefox Enterprise Policies seem to have been activated by some other means. The Firefox Enterprise policies are: * ''DisableFirefoxAccounts'' true * ''PasswordManagerEnabled'' false * ''OfferToSaveLogins'' false * ''OfferToSaveLoginsDefault'' false Upon reporting the side-effect, we rolled-back most of the Group Policy changes, only maintaining the following remnants: '''Computer Policy\Administrative Templates\System/Logon''' * Turn on convenience PIN sign-in '''Computer Policy\Administrative Templates\Windows Components/Biometrics''' * Allow domain users to log on using biometrics * Allow the use of biometrics * Allow users to log on using biometrics '''Computer Policy\Administrative Templates\Windows Components/Windows Hello for Business''' * Use biometrics However, even with only those Group Policies being implemented, the following 2 Firefox Enterprise Policies remain active: * ''OfferToSaveLogins'' false * ''OfferToSaveLoginsDefault'' false Are the above interactions between Windows Group Policy and Firefox documented or known?

선택된 해결법

You can inspect the Mozilla and Firefox keys with the Windows Registry Editor in HKEY_LOCAL_MACHINE and in HKEY_CURRENT_USER with the Windows Registry Editor to see whether GPO policy rules are active.

  • HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Mozilla\Firefox\
  • HKEY_CURRENT_USER\SOFTWARE\Policies\Mozilla\Firefox\

Note that the mere presence of the "Mozilla\Firefox\" key is sufficient to make Firefox display this notification, so if you have the Firefox key then remove it and only leave the Mozilla key or remove this key as well if it is empty.

  • HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Mozilla\Firefox\ =>
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Mozilla\
문맥에 따라 이 답변을 읽어주세요 👍 0

모든 댓글 (5)

more options

Also, the following behaviour within Firefox not consistent with the Firefox Enterprise Policies outlined above has changed. When I load a page for which a username and password exists in the Password Manager, the uername and password fields are not filled in by Firefox. I can go into Password Manager and manually copy and paste the values into the form, but they won't autofill.

Autofill logins and passwords is checked in about:preferences#privacy

This is looking like a bug to me. Should I post to Bugzilla?

more options

Can you use "Fill Login" and "Fill Password" in the right-click context menu ? Are these users using the Primary Password ?

Autofill normally only works if there is only one login saved for this origin.

As a test you can temporarily set signon.debug = true and check the Browser Console for login related messages.

You can check the about:policies#active page to see whether policies are active (63+).

more options
  1. Fill Login from the right-click context menu works, and automatically fills in the password without needing to select Fill Password. [Actually, I didn't know this feature exists at all, so thank you :-) I can work with the browser using this, although it remains a change from the previous and expected behaviour.]
  2. Nothing on the console when enabling signon.debug = true when loading a site where I have only one logon, either before or after using Fill Login from the right-click context menu.
  3. Output from about:policies#active is attached. Given the output, I checked Resultant Set of Policy on my Windows 10 client and noted it indeed had these 2 configured to Disabled in Group Policy, contrary to what I believed had been configured. So I reconfigured these to Not configured in Group Policy, ran gpupdate.exe /force, checked gpresult.exe to confirm they were reset, but still no change in about:policies#active To experiment, I reconfigured these to Enabled in Group Policy, ran gpupdate.exe /force, checked output of gpresult.exe had changed. But still no change in about:policies#active.

Output of gpresult.exe with the 2 policies set to 'Enabled' and 'Not configured' attached — no Mozilla/Firefox node in the 'Not configured' example since there was no Group Policy configured at all for Firefox.

Perhaps my colleague did set the 2 policies originally, but I can't explain how the change I'm making now to Group Policy isn't being picked up by Firefox. I must be missing something! What is it?

글쓴이 Damon 수정일시

more options

선택된 해결법

You can inspect the Mozilla and Firefox keys with the Windows Registry Editor in HKEY_LOCAL_MACHINE and in HKEY_CURRENT_USER with the Windows Registry Editor to see whether GPO policy rules are active.

  • HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Mozilla\Firefox\
  • HKEY_CURRENT_USER\SOFTWARE\Policies\Mozilla\Firefox\

Note that the mere presence of the "Mozilla\Firefox\" key is sufficient to make Firefox display this notification, so if you have the Firefox key then remove it and only leave the Mozilla key or remove this key as well if it is empty.

  • HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Mozilla\Firefox\ =>
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Mozilla\
more options

I feel like a dill. Group Policies were being applied to both Computer and User, I had only checked the User. I am grateful for your assistance.