본 사이트는 여러분의 사용자 경험을 개선하기 위해 유지 보수를 진행하는 동안 기능이 제한됩니다. 도움말로 문제가 해결되지 않고 질문을 하고 싶다면 Twitter의 @FirefoxSupport 및 Reddit의 /r/firefox 채널을 활용하세요.

Mozilla 도움말 검색

고객 지원 사기를 피하세요. 저희는 여러분께 절대로 전화를 걸거나 문자를 보내거나 개인 정보를 공유하도록 요청하지 않습니다. "악용 사례 신고"옵션을 사용하여 의심스러운 활동을 신고해 주세요.

자세히 살펴보기

ADMX Help

  • 10 답장
  • 0 이 문제를 만남
  • 최종 답변자: Mike Kaply

more options

Hello,

I am reaching out to gain information on ADMX GPO policies. We are retiring Policy Pak which used to add all the policies and secure Firefox for Enterprise. What we noticed is that Policy Pak used the app set to apply these policies and we are noticing that native GPO's for the most part to match the Policy Pak policies is not as accurate for GPO's My ask here is there any Most Viable Product suggestions to apply Native GPO's for securing Firefox.

Hello, I am reaching out to gain information on ADMX GPO policies. We are retiring Policy Pak which used to add all the policies and secure Firefox for Enterprise. What we noticed is that Policy Pak used the app set to apply these policies and we are noticing that native GPO's for the most part to match the Policy Pak policies is not as accurate for GPO's My ask here is there any Most Viable Product suggestions to apply Native GPO's for securing Firefox.

모든 댓글 (10)

more options

Hello,

Here some examples of policies that were applied but I do not see a corresponding GPO that can give us the same policy. Can you look into these so we can determine what Windows GPO's match?

Logins and Passwords - Show Alerts about passwords for breached websites browser.urlbar.shortcuts.history browser.safebrowsing.provider.google.advisoryURL layers.gpu-process.max_restarts

These are just examples, and we have plenty more. We are looking for help with a GPO that matches these few examples.

도움이 되셨습니까?

more options

You can use the Preferences policy to set these preferences:

https://mozilla.github.io/policy-templates/#preferences

Show Alerts about passwords for breached websites is the preference:

signon.management.page.breach-alerts.enabled

도움이 되셨습니까?

more options

Hello,

Here are more Policy Pak policies that do not seem to have a match in ADMX Help. Please advise as to where we can find the native GPO's for Windows.

TABS

  • Don't load tabs until selected
  • Confirm before loading multiple tabs
  • item Warn me when opening multiple tabs (might slow down Firefox)

UPDATES and DRM

  • Browsing - Use autoscrolling
  • Browsing - Recommend extensions as you browse

PRIVACY

  • Logins and Passwords - Show Alerts about passwords for breached websites
  • Address Bar - Open Tabs - Search Engines

SECURITY

  • HTTPS-Only Mode - Don't enable HTTPS-Only mode

EXTRAS

  • Disable "Show Update History" button
  • Disable "History-Exceptions" button
  • Disable "Show Cookies" button
  • Disable "saved Passwords" button
  • Disable "Security Passwords Exceptions" button

도움이 되셨습니까?

more options

We definitively don't have all the policies that PolicyPak offers. They have much granular control over everything.

Many of what you've specified require that you set prefs.

> Don't load tabs until selected > Confirm before loading multiple tabs > Warn me when opening multiple tabs (might slow down Firefox) I don't know what these are. We don't have this in standard Firefox preferences

UPDATES and DRM

> Browsing - Use autoscrolling Preference general.autoScroll > Browsing - Recommend extensions as you browse https://mozilla.github.io/policy-templates/#usermessaging

PRIVACY

> Logins and Passwords - Show Alerts about passwords for breached websites Preferences signon.management.page.breach-alerts.enabled > Address Bar - Open Tabs - Search Engines I don't know what this is referring to

SECURITY

> HTTPS-Only Mode - Don't enable HTTPS-Only mode https://mozilla.github.io/policy-templates/#httpsonlymode

> Disable "Show Update History" button Not available

> Disable "History-Exceptions" button I don't know what button this is.

> Disable "Show Cookies" button Not available

> Disable "saved Passwords" button

you can turn off the password Manager completely:

https://mozilla.github.io/policy-templates/#passwordmanagerenabled

> Disable "Security Passwords Exceptions" button

We don't have a way to disable that button

PolicyPak was focused on providing total control in Firefox, that was never our goal with Firefox policy.

도움이 되셨습니까?

more options

Hello,

Thanks for your response and we do understand that that Policy Pak is a lot more robust than a typical native GPO. What I would like to do is provide the settings with all the policy pak settings and if you have a link to provide the settings provide that to us or if not, we understand that it cannot be as robust as policy pak.

sanity-test. advanced-layers security. 0 CS P. enabled security. 0 CS P. timeoutM illiseconds. hard security. 0 CS P. timeoutM illiseconds. soft security. app_menu. recordE ventT elemetry security. bad_cert_domain_error. ur_fix_enabled security. certerrors. mitm. auto_enable_enterprise_roots security. certerrors. mitm. priming. enabled security. certerrors. mitm. priming. endpoint security. certerrors. permanent verride security. certerrors. recordE ventT elemetry security, csp. reporting, script-sample, max-length security. csp. truncate_blocked_uri_for_frame_navigations security.external_protocol_requires_permission security. identitypopup. recordE ventT elemetry security. insecure_connection_icon. enabled security. insecure_connection_icon. pbmode. enabled security. insecure_field_warning. ignore_local_ip_address security. intermediate_preloading_healer. timer_interval_ms security. osclientcerts. autoload security. osreauthenticator. password_last_changed_hi security. osreauthenticator. password_last_changed_lo security. pki. crlite_ct_merge_delay_seconds security. pki. crlite_mode security. pki. mitm_canary_issuer. enabled security. protectionspopup. recordE ventT elemetry security. remote_settings. crlite_filters. bucket security. remote_settings. crlite_filters. checked security. remote_settings. crlite_filters. collection security. remote_settings. crlite_filters. signer security. remote_settings. intermediates, bucket security. remote_settings. intermediates, checked security. remote_settings. intermediates, collection security. remote_settings. intermediates. downloads_per_poll security. remote_settings. intermediates, enabled security. remote_settings. intermediates. parallel_downloads security. remote_settings. intermediates, signer security. sandbox. gpu. level security. sandbox. plugin. tempD irS uffix security. sandbox. socket. process. level security, sandbox, socket. win32k-disable security. secure_connection_icon_color_gray security. signed_app_signatures. policy security. ssl3. rsa_aes_1 28_gcm_sha256 security. ssl3. rsa_aes_256_gcm_sha384 security. tls. enable_delegated_credentials security. tls. hello_downgrade_check security. warn_submit_secure_to_insecure security. xfocsp. errorR eporting. enabled Services and Signon services. blocklist. addons-mlbf. checked services. blocklist. addons. signer services. blocklist. gfx. Signer services. blocklist. plugins. signer services. common. log. logger. rest. request services. common. log. logger. rest. response services, common, log. logger, tokenserverclient services. common. uptake. sampleR ate services, settings. clock_skew_seconds services. settings. defaultbucket services. settings. last_etag services, settings. last_update_seconds services. settings. main. anti-tracking-url-decoration. lastchecl services. settings. main. cfr. last_check services. settings. main. doh-config. last_check services. settings. main. doh-providers. last_check services. settings. main. fxmonitor-breaches. last_check services, settings, main, hijack-blocklists. last_check services, settings, main, language-dictionaries. last_check services. settings. main. message-groups. last_check services. settings. main. nimbus-desktop-defaults. last_check services, settings, main, nimbus-desktop-experiments. last_che

도움이 되셨습니까?

more options

There is no reason to explicitly set all of the preferences you are setting.

If there are specific things you are trying to do, you can let me know, but many of those are internal preferences that have no reason to be set.

도움이 되셨습니까?

more options

Hello Mike,

Appreciate your help on this. would you be willing to give me your email address so I can send you a spreadsheet with all the settings that we may potentially need to add for firefox per our security, Thanks for your time.

Chris Weiderhold

도움이 되셨습니까?

more options

I sent my email via a direct message on SUMO.

도움이 되셨습니까?

more options

Hello Mike,

Can you tell me what SUMO is? I am not familiar.

Thanks

도움이 되셨습니까?

more options

Sorry, this is SUMO :)

If you click on your name in the upper right, you'll see an Inbox option.

도움이 되셨습니까?

질문하기

글에 답글을 달기 위해서는 계정으로 로그인해야만 합니다. 계정이 아직 없다면 새로운 질문을 올려주세요.