This site will have limited functionality while we undergo maintenance to improve your experience. If an article doesn't solve your issue and you want to ask a question, we have our support community waiting to help you at @FirefoxSupport on Twitter and/r/firefox on Reddit.

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

ADMX Help

more options

Hello,

I am reaching out to gain information on ADMX GPO policies. We are retiring Policy Pak which used to add all the policies and secure Firefox for Enterprise. What we noticed is that Policy Pak used the app set to apply these policies and we are noticing that native GPO's for the most part to match the Policy Pak policies is not as accurate for GPO's My ask here is there any Most Viable Product suggestions to apply Native GPO's for securing Firefox.

Hello, I am reaching out to gain information on ADMX GPO policies. We are retiring Policy Pak which used to add all the policies and secure Firefox for Enterprise. What we noticed is that Policy Pak used the app set to apply these policies and we are noticing that native GPO's for the most part to match the Policy Pak policies is not as accurate for GPO's My ask here is there any Most Viable Product suggestions to apply Native GPO's for securing Firefox.

All Replies (10)

more options

Hello,

Here some examples of policies that were applied but I do not see a corresponding GPO that can give us the same policy. Can you look into these so we can determine what Windows GPO's match?

Logins and Passwords - Show Alerts about passwords for breached websites browser.urlbar.shortcuts.history browser.safebrowsing.provider.google.advisoryURL layers.gpu-process.max_restarts

These are just examples, and we have plenty more. We are looking for help with a GPO that matches these few examples.

Helpful?

more options

You can use the Preferences policy to set these preferences:

https://mozilla.github.io/policy-templates/#preferences

Show Alerts about passwords for breached websites is the preference:

signon.management.page.breach-alerts.enabled

Helpful?

more options

Hello,

Here are more Policy Pak policies that do not seem to have a match in ADMX Help. Please advise as to where we can find the native GPO's for Windows.

TABS

  • Don't load tabs until selected
  • Confirm before loading multiple tabs
  • item Warn me when opening multiple tabs (might slow down Firefox)

UPDATES and DRM

  • Browsing - Use autoscrolling
  • Browsing - Recommend extensions as you browse

PRIVACY

  • Logins and Passwords - Show Alerts about passwords for breached websites
  • Address Bar - Open Tabs - Search Engines

SECURITY

  • HTTPS-Only Mode - Don't enable HTTPS-Only mode

EXTRAS

  • Disable "Show Update History" button
  • Disable "History-Exceptions" button
  • Disable "Show Cookies" button
  • Disable "saved Passwords" button
  • Disable "Security Passwords Exceptions" button

Helpful?

more options

We definitively don't have all the policies that PolicyPak offers. They have much granular control over everything.

Many of what you've specified require that you set prefs.

> Don't load tabs until selected > Confirm before loading multiple tabs > Warn me when opening multiple tabs (might slow down Firefox) I don't know what these are. We don't have this in standard Firefox preferences

UPDATES and DRM

> Browsing - Use autoscrolling Preference general.autoScroll > Browsing - Recommend extensions as you browse https://mozilla.github.io/policy-templates/#usermessaging

PRIVACY

> Logins and Passwords - Show Alerts about passwords for breached websites Preferences signon.management.page.breach-alerts.enabled > Address Bar - Open Tabs - Search Engines I don't know what this is referring to

SECURITY

> HTTPS-Only Mode - Don't enable HTTPS-Only mode https://mozilla.github.io/policy-templates/#httpsonlymode

> Disable "Show Update History" button Not available

> Disable "History-Exceptions" button I don't know what button this is.

> Disable "Show Cookies" button Not available

> Disable "saved Passwords" button

you can turn off the password Manager completely:

https://mozilla.github.io/policy-templates/#passwordmanagerenabled

> Disable "Security Passwords Exceptions" button

We don't have a way to disable that button

PolicyPak was focused on providing total control in Firefox, that was never our goal with Firefox policy.

Helpful?

more options

Hello,

Thanks for your response and we do understand that that Policy Pak is a lot more robust than a typical native GPO. What I would like to do is provide the settings with all the policy pak settings and if you have a link to provide the settings provide that to us or if not, we understand that it cannot be as robust as policy pak.

sanity-test. advanced-layers security. 0 CS P. enabled security. 0 CS P. timeoutM illiseconds. hard security. 0 CS P. timeoutM illiseconds. soft security. app_menu. recordE ventT elemetry security. bad_cert_domain_error. ur_fix_enabled security. certerrors. mitm. auto_enable_enterprise_roots security. certerrors. mitm. priming. enabled security. certerrors. mitm. priming. endpoint security. certerrors. permanent verride security. certerrors. recordE ventT elemetry security, csp. reporting, script-sample, max-length security. csp. truncate_blocked_uri_for_frame_navigations security.external_protocol_requires_permission security. identitypopup. recordE ventT elemetry security. insecure_connection_icon. enabled security. insecure_connection_icon. pbmode. enabled security. insecure_field_warning. ignore_local_ip_address security. intermediate_preloading_healer. timer_interval_ms security. osclientcerts. autoload security. osreauthenticator. password_last_changed_hi security. osreauthenticator. password_last_changed_lo security. pki. crlite_ct_merge_delay_seconds security. pki. crlite_mode security. pki. mitm_canary_issuer. enabled security. protectionspopup. recordE ventT elemetry security. remote_settings. crlite_filters. bucket security. remote_settings. crlite_filters. checked security. remote_settings. crlite_filters. collection security. remote_settings. crlite_filters. signer security. remote_settings. intermediates, bucket security. remote_settings. intermediates, checked security. remote_settings. intermediates, collection security. remote_settings. intermediates. downloads_per_poll security. remote_settings. intermediates, enabled security. remote_settings. intermediates. parallel_downloads security. remote_settings. intermediates, signer security. sandbox. gpu. level security. sandbox. plugin. tempD irS uffix security. sandbox. socket. process. level security, sandbox, socket. win32k-disable security. secure_connection_icon_color_gray security. signed_app_signatures. policy security. ssl3. rsa_aes_1 28_gcm_sha256 security. ssl3. rsa_aes_256_gcm_sha384 security. tls. enable_delegated_credentials security. tls. hello_downgrade_check security. warn_submit_secure_to_insecure security. xfocsp. errorR eporting. enabled Services and Signon services. blocklist. addons-mlbf. checked services. blocklist. addons. signer services. blocklist. gfx. Signer services. blocklist. plugins. signer services. common. log. logger. rest. request services. common. log. logger. rest. response services, common, log. logger, tokenserverclient services. common. uptake. sampleR ate services, settings. clock_skew_seconds services. settings. defaultbucket services. settings. last_etag services, settings. last_update_seconds services. settings. main. anti-tracking-url-decoration. lastchecl services. settings. main. cfr. last_check services. settings. main. doh-config. last_check services. settings. main. doh-providers. last_check services. settings. main. fxmonitor-breaches. last_check services, settings, main, hijack-blocklists. last_check services, settings, main, language-dictionaries. last_check services. settings. main. message-groups. last_check services. settings. main. nimbus-desktop-defaults. last_check services, settings, main, nimbus-desktop-experiments. last_che

Helpful?

more options

There is no reason to explicitly set all of the preferences you are setting.

If there are specific things you are trying to do, you can let me know, but many of those are internal preferences that have no reason to be set.

Helpful?

more options

Hello Mike,

Appreciate your help on this. would you be willing to give me your email address so I can send you a spreadsheet with all the settings that we may potentially need to add for firefox per our security, Thanks for your time.

Chris Weiderhold

Helpful?

more options

I sent my email via a direct message on SUMO.

Helpful?

more options

Hello Mike,

Can you tell me what SUMO is? I am not familiar.

Thanks

Helpful?

more options

Sorry, this is SUMO :)

If you click on your name in the upper right, you'll see an Inbox option.

Helpful?

Still et spørsmål

You must log in to your account to reply to posts. Please start a new question, if you do not have an account yet.