Trang web này sẽ có chức năng hạn chế trong khi chúng tôi trải qua bảo trì để cải thiện trải nghiệm của bạn. Nếu một bài viết không giải quyết được vấn đề của bạn và bạn muốn đặt câu hỏi, chúng tôi có cộng đồng hỗ trợ của chúng tôi đang chờ để giúp bạn tại @FirefoxSupport trên Twitter và /r/firefox trên Reddit.

Tìm kiếm hỗ trợ

Tránh các lừa đảo về hỗ trợ. Chúng tôi sẽ không bao giờ yêu cầu bạn gọi hoặc nhắn tin đến số điện thoại hoặc chia sẻ thông tin cá nhân. Vui lòng báo cáo hoạt động đáng ngờ bằng cách sử dụng tùy chọn "Báo cáo lạm dụng".

Tìm hiểu thêm

Firefox 8.0.1 bypasses Windows software restriction policy and Windows UAC

  • 2 trả lời
  • 19 gặp vấn đề này
  • 12 lượt xem
  • Trả lời mới nhất được viết bởi MichaelSteele

more options

With the release of Firefox 8.0.1, Firefox bypasses Windows Software Restriction Policy (SRP).

With Firefox 8.0.0 - (and previous), Firefox conformed to the policy set forth in SRP.

In addition to the fact that Firefox completely ignores Windows SRP, Firefox also ignores Windows User Account Control. Standard, non-admin, accounts are able to install Firefox without administrative privileges. When the user executes the Firefox installer, Windows UAC prompts the user to elevate to install the program. If the user clicks "no" the Firefox installer continues past UAC and installs the program in the user's %appdata%\local folder instead of the %programfiles% (if the user were to elevate). Any other program would have ceased the installation if not elevated.

I haven't seen any other software ignore SRP and continue to run and/or bypass UAC and continue to install.

Please advise on what software policy needs to be in place to prevent Firefox from being installed and ran on my domain.

With the release of Firefox 8.0.1, Firefox bypasses Windows Software Restriction Policy (SRP). With Firefox 8.0.0 - (and previous), Firefox conformed to the policy set forth in SRP. In addition to the fact that Firefox completely ignores Windows SRP, Firefox also ignores Windows User Account Control. Standard, non-admin, accounts are able to install Firefox without administrative privileges. When the user executes the Firefox installer, Windows UAC prompts the user to elevate to install the program. If the user clicks "no" the Firefox installer continues past UAC and installs the program in the user's %appdata%\local folder instead of the %programfiles% (if the user were to elevate). Any other program would have ceased the installation if not elevated. I haven't seen any other software ignore SRP and continue to run and/or bypass UAC and continue to install. Please advise on what software policy needs to be in place to prevent Firefox from being installed and ran on my domain.

Được chỉnh sửa bởi johndball vào

Tất cả các câu trả lời (2)

more options

Alright, so I was testing some things in the lab. Firefox still ignores UAC elevation (this would solve the problem when it comes to installing the software) but now SRP is blocking Firefox... sometimes.

If I install Firefox then deploy an SRP with the HASH it will still open (even after the group policy for SRP has been applied to the comptuer).

If I install Firefox after the SRP is deployed Firefox gets denied by the SRP. This is both in the %programfiles% and %appdata%\local folders.

Any ideas on keeping Firefox from running past UAC?

more options

UAC prevents software from making system-wide changes without an administrator's consent. It's purpose isn't for IT staff to control which software may run, though most installers try to make their software available to all users on the computer.

Are you checking the hash of the installer instead of the executable? Firefox get's updated frequently enough that maintaining hashes will be a lot of work.

I haven't tried this, but perhaps populating user profile folders with a read-only path will cause the Firefox installer to fail. You'll also need to consider portable firefox