This site will have limited functionality while we undergo maintenance to improve your experience. If an article doesn't solve your issue and you want to ask a question, we have our support community waiting to help you at @FirefoxSupport on Twitter and/r/firefox on Reddit.

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

How to properly implement group policy ExtensionSettings control

  • 4 balasan
  • 2 ada masalah ini
  • 1 paparan
  • Balasan terakhir oleh Mike Kaply

more options

I've downloaded the latest admx files and tried pasting the sample JSON into the Computer section of the group policy. I used the JSON from https://github.com/mozilla/policy-templates/blob/9387163a9b1dd93500867fcb3b33598b6d559e89/README.md#extensionsettings

I think that sample is supposed to block all but 1 firefox extension, but it's still letting me install any extension. For this feature, I'm running Firefox 70.0 64-bit on Windows 10 How do I properly configure the group policy so that only approved extensions are allowed?

I've downloaded the latest admx files and tried pasting the sample JSON into the Computer section of the group policy. I used the JSON from https://github.com/mozilla/policy-templates/blob/9387163a9b1dd93500867fcb3b33598b6d559e89/README.md#extensionsettings I think that sample is supposed to block all but 1 firefox extension, but it's still letting me install any extension. For this feature, I'm running Firefox 70.0 64-bit on Windows 10 How do I properly configure the group policy so that only approved extensions are allowed?

Penyelesaian terpilih

You don't need the policies part of your JSON code. That is the main part of the code if you are using a policies.json file, but since you are using Group Policy instead, it's not needed and actually causes the code to stop working.

The same for the ExtensionsSettings part. Again, since we are using Group Policy, Firefox already knows the specific policy that you are referring to, so you don't need to specify it.

So the example code inserted into the Extension Management policy should be the following:

 {
      "*": {
            "blocked_install_message": "Custom error message.",
            "install_sources": ["https://addons.mozilla.org/"],
            "installation_mode": "blocked"
      },
      "uBlock0@raymondhill.net": {
            "installation_mode": "allowed",
            "install_url": "https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi"
      }
}

Hope this helps.

Baca jawapan ini dalam konteks 👍 1

All Replies (4)

more options

Agreed, what would be the actual syntax/data to put in the "Extension Management" setting in the GPO? I just want to block extensions on devices, it would be great if I could whitelist a few extensions as well.

more options

Glad to see that jhalder also wants the answer (means I'm not alone).

Just to clear up any possible misunderstanding, I pasted the following into the group policy "Extension Management" - but it doesn't seem to have any effect.

{

 "policies": {
   "ExtensionSettings": {
     "*": {
       "blocked_install_message": "Custom error message.",
       "install_sources": ["https://addons.mozilla.org/"],
       "installation_mode": "blocked"
     },
     "uBlock0@raymondhill.net": {
       "installation_mode": "allowed",
       "install_url": "https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi"
     }
   }
 }

}

more options

Penyelesaian Terpilih

You don't need the policies part of your JSON code. That is the main part of the code if you are using a policies.json file, but since you are using Group Policy instead, it's not needed and actually causes the code to stop working.

The same for the ExtensionsSettings part. Again, since we are using Group Policy, Firefox already knows the specific policy that you are referring to, so you don't need to specify it.

So the example code inserted into the Extension Management policy should be the following:

 {
      "*": {
            "blocked_install_message": "Custom error message.",
            "install_sources": ["https://addons.mozilla.org/"],
            "installation_mode": "blocked"
      },
      "uBlock0@raymondhill.net": {
            "installation_mode": "allowed",
            "install_url": "https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi"
      }
}

Hope this helps.

more options

I've updated the documentation to try to make this clearer. Sorry about that.