為了改善您的使用體驗,本網站正在進行維護,部分功能暫時無法使用。若本站的文件無法解決您的問題,想要向社群發問的話,請到 Twitter 上的 @FirefoxSupport 或 Reddit 上的 /r/firefox 發問,我們的社群成員將很快會回覆您的疑問。

搜尋 Mozilla 技術支援網站

防止技術支援詐騙。我們絕對不會要求您撥打電話或發送簡訊,或是提供個人資訊。請用「回報濫用」功能回報可疑的行為。

了解更多

ADMX Help

  • 10 回覆
  • 0 有這個問題
  • 54 次檢視
  • 最近回覆由 Mike Kaply

more options

Hello,

I am reaching out to gain information on ADMX GPO policies. We are retiring Policy Pak which used to add all the policies and secure Firefox for Enterprise. What we noticed is that Policy Pak used the app set to apply these policies and we are noticing that native GPO's for the most part to match the Policy Pak policies is not as accurate for GPO's My ask here is there any Most Viable Product suggestions to apply Native GPO's for securing Firefox.

Hello, I am reaching out to gain information on ADMX GPO policies. We are retiring Policy Pak which used to add all the policies and secure Firefox for Enterprise. What we noticed is that Policy Pak used the app set to apply these policies and we are noticing that native GPO's for the most part to match the Policy Pak policies is not as accurate for GPO's My ask here is there any Most Viable Product suggestions to apply Native GPO's for securing Firefox.

所有回覆 (10)

more options

Hello,

Here some examples of policies that were applied but I do not see a corresponding GPO that can give us the same policy. Can you look into these so we can determine what Windows GPO's match?

Logins and Passwords - Show Alerts about passwords for breached websites browser.urlbar.shortcuts.history browser.safebrowsing.provider.google.advisoryURL layers.gpu-process.max_restarts

These are just examples, and we have plenty more. We are looking for help with a GPO that matches these few examples.

有幫助嗎?

more options

You can use the Preferences policy to set these preferences:

https://mozilla.github.io/policy-templates/#preferences

Show Alerts about passwords for breached websites is the preference:

signon.management.page.breach-alerts.enabled

有幫助嗎?

more options

Hello,

Here are more Policy Pak policies that do not seem to have a match in ADMX Help. Please advise as to where we can find the native GPO's for Windows.

TABS

  • Don't load tabs until selected
  • Confirm before loading multiple tabs
  • item Warn me when opening multiple tabs (might slow down Firefox)

UPDATES and DRM

  • Browsing - Use autoscrolling
  • Browsing - Recommend extensions as you browse

PRIVACY

  • Logins and Passwords - Show Alerts about passwords for breached websites
  • Address Bar - Open Tabs - Search Engines

SECURITY

  • HTTPS-Only Mode - Don't enable HTTPS-Only mode

EXTRAS

  • Disable "Show Update History" button
  • Disable "History-Exceptions" button
  • Disable "Show Cookies" button
  • Disable "saved Passwords" button
  • Disable "Security Passwords Exceptions" button

有幫助嗎?

more options

We definitively don't have all the policies that PolicyPak offers. They have much granular control over everything.

Many of what you've specified require that you set prefs.

> Don't load tabs until selected > Confirm before loading multiple tabs > Warn me when opening multiple tabs (might slow down Firefox) I don't know what these are. We don't have this in standard Firefox preferences

UPDATES and DRM

> Browsing - Use autoscrolling Preference general.autoScroll > Browsing - Recommend extensions as you browse https://mozilla.github.io/policy-templates/#usermessaging

PRIVACY

> Logins and Passwords - Show Alerts about passwords for breached websites Preferences signon.management.page.breach-alerts.enabled > Address Bar - Open Tabs - Search Engines I don't know what this is referring to

SECURITY

> HTTPS-Only Mode - Don't enable HTTPS-Only mode https://mozilla.github.io/policy-templates/#httpsonlymode

> Disable "Show Update History" button Not available

> Disable "History-Exceptions" button I don't know what button this is.

> Disable "Show Cookies" button Not available

> Disable "saved Passwords" button

you can turn off the password Manager completely:

https://mozilla.github.io/policy-templates/#passwordmanagerenabled

> Disable "Security Passwords Exceptions" button

We don't have a way to disable that button

PolicyPak was focused on providing total control in Firefox, that was never our goal with Firefox policy.

有幫助嗎?

more options

Hello,

Thanks for your response and we do understand that that Policy Pak is a lot more robust than a typical native GPO. What I would like to do is provide the settings with all the policy pak settings and if you have a link to provide the settings provide that to us or if not, we understand that it cannot be as robust as policy pak.

sanity-test. advanced-layers security. 0 CS P. enabled security. 0 CS P. timeoutM illiseconds. hard security. 0 CS P. timeoutM illiseconds. soft security. app_menu. recordE ventT elemetry security. bad_cert_domain_error. ur_fix_enabled security. certerrors. mitm. auto_enable_enterprise_roots security. certerrors. mitm. priming. enabled security. certerrors. mitm. priming. endpoint security. certerrors. permanent verride security. certerrors. recordE ventT elemetry security, csp. reporting, script-sample, max-length security. csp. truncate_blocked_uri_for_frame_navigations security.external_protocol_requires_permission security. identitypopup. recordE ventT elemetry security. insecure_connection_icon. enabled security. insecure_connection_icon. pbmode. enabled security. insecure_field_warning. ignore_local_ip_address security. intermediate_preloading_healer. timer_interval_ms security. osclientcerts. autoload security. osreauthenticator. password_last_changed_hi security. osreauthenticator. password_last_changed_lo security. pki. crlite_ct_merge_delay_seconds security. pki. crlite_mode security. pki. mitm_canary_issuer. enabled security. protectionspopup. recordE ventT elemetry security. remote_settings. crlite_filters. bucket security. remote_settings. crlite_filters. checked security. remote_settings. crlite_filters. collection security. remote_settings. crlite_filters. signer security. remote_settings. intermediates, bucket security. remote_settings. intermediates, checked security. remote_settings. intermediates, collection security. remote_settings. intermediates. downloads_per_poll security. remote_settings. intermediates, enabled security. remote_settings. intermediates. parallel_downloads security. remote_settings. intermediates, signer security. sandbox. gpu. level security. sandbox. plugin. tempD irS uffix security. sandbox. socket. process. level security, sandbox, socket. win32k-disable security. secure_connection_icon_color_gray security. signed_app_signatures. policy security. ssl3. rsa_aes_1 28_gcm_sha256 security. ssl3. rsa_aes_256_gcm_sha384 security. tls. enable_delegated_credentials security. tls. hello_downgrade_check security. warn_submit_secure_to_insecure security. xfocsp. errorR eporting. enabled Services and Signon services. blocklist. addons-mlbf. checked services. blocklist. addons. signer services. blocklist. gfx. Signer services. blocklist. plugins. signer services. common. log. logger. rest. request services. common. log. logger. rest. response services, common, log. logger, tokenserverclient services. common. uptake. sampleR ate services, settings. clock_skew_seconds services. settings. defaultbucket services. settings. last_etag services, settings. last_update_seconds services. settings. main. anti-tracking-url-decoration. lastchecl services. settings. main. cfr. last_check services. settings. main. doh-config. last_check services. settings. main. doh-providers. last_check services. settings. main. fxmonitor-breaches. last_check services, settings, main, hijack-blocklists. last_check services, settings, main, language-dictionaries. last_check services. settings. main. message-groups. last_check services. settings. main. nimbus-desktop-defaults. last_check services, settings, main, nimbus-desktop-experiments. last_che

有幫助嗎?

more options

There is no reason to explicitly set all of the preferences you are setting.

If there are specific things you are trying to do, you can let me know, but many of those are internal preferences that have no reason to be set.

有幫助嗎?

more options

Hello Mike,

Appreciate your help on this. would you be willing to give me your email address so I can send you a spreadsheet with all the settings that we may potentially need to add for firefox per our security, Thanks for your time.

Chris Weiderhold

有幫助嗎?

more options

I sent my email via a direct message on SUMO.

有幫助嗎?

more options

Hello Mike,

Can you tell me what SUMO is? I am not familiar.

Thanks

有幫助嗎?

more options

Sorry, this is SUMO :)

If you click on your name in the upper right, you'll see an Inbox option.

有幫助嗎?

問個問題

如果您還沒有帳號,您必須先登入帳號 來回覆文章。還沒有帳號的話,只能發問新問題