Closed Bug 1525847 Opened 5 years ago Closed 5 years ago

General Group Policy Support: Re-Design existing technic from ESR 60 and up

Categories

(Firefox :: Enterprise Policies, defect)

Product:
Firefox
Component:
Enterprise Policies
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED WONTFIX

People

(Reporter: mark, Unassigned)

Details

Attachments

(1 file)

mozilla.cfg
152.23 KB, text/x-csrc
Details
Attached file mozilla.cfg

User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36

Steps to reproduce:

See:
https://bugzilla.mozilla.org/show_bug.cgi?id=267888
https://bugzilla.mozilla.org/show_bug.cgi?id=1513532

Actually there are a lot of settings missing, when comparing mozilla.cfg and ADMX (Policy) I would suggest to change the way of handling ADMx/Registry Settings

Actual results:

Firefox is not fully controlled by GPO. Admins do not want to change technic for one single product. If all others MS, IE, Chrome, Office etc are controlled by GPO, you do not want to deal with mozilla.cfg. Learn and deploy a new and single App solution

Expected results:

You did too much effort in re-designing Registry Entries. I think, thats the reason, why you did not translate the whole mozilla.cfg into Registry.
Make it easier, create the same identical registry entries like you have inside mozilla.cfg

e.g. instead of :
Software\Policies\Mozilla\Firefox\Camera\Permissions\Block
make it like this:
Software\Policies\Mozilla\Firefox\camera.control.face_detection.enabled

by the way, thats the way frontmotion did it. Frontmotion can be fully controled by GPO. Their solution on https://bugzilla.mozilla.org/show_bug.cgi?id=1513532 is:
They simply used "browser.search.suggest.enabled"

At this moment I would like to recommend FF ESR to customers, but the solution is Frontmotion oder Chrome. Frontmotion is somehow FF, but users and customers are complaining about the name and the color of the icon :-) They want FF, but decide against it.

I you have technical/designing problems with policies vs. preferences in registry, feel free to ask.

I was a Microsoft MVP in Group Policy from 2006 to 2018 and this is one of the reasons, why it would love to have it done by GPO ;-)

Take a look at mozilla.adm from frontmotion and a mozilla.cfg from LibreFox which is a sample of the "most wanted to control settings" by GPO.

Component: Untriaged → Enterprise Policies

I don't want to expose preferences for a number of reasons.

  1. Most people don't even know why they change specific preferences. They've been doing it for years and just copy what someone did before. A lot of the preferences aren't even in Firefox anymore.

  2. It mean that Firefox doesn't have the ability to change internal preference names/implementations because we've tied the policy to the name of the preference.

  3. There are entirely too many preferences to cover them all via policy (and most are unnecessary).

I'd much rather understand the what people are changing via policy and why they are changing them and give them proper policies (the same way that every other product on Windows works).

We did ourselves a disservice by exposing all these preferences from day one. I don't want to continue down that path.

Take a look at mozilla.adm from frontmotion and a mozilla.cfg from LibreFox which is a sample of the "most wanted to control settings" by GPO.

frontmotion exposed EVERY preference. This was the wrong way to do this.

The reality is that on Chrome, people have a a very limited number of things they can control and that's just life. The only reason we're getting all these suggestions on Firefox is precisely because we allowed it in the past.

Also note that using Autoconfig for setting preferences will always be there for the obscure things that people want to set.

Ok, thank you for clarifying some things. I am running Chrome at most of my customers, because of GPO, so I am not familiar with the mozilla.cfg in it´s whole functionality in settings.

I got your problem, that there are a lot of deprecated/legacy settings inside, that probably should not be changed or could do damage. But, there is no difference if the damage happens via GPO or .cfg. If the damage happen via GPO you get the benefit in having a roleback/delete automatically.

To me it is much more effort, if you translate existing settings, specially, if they are still valid, into a complete new naming system. The problem of "too much work" is because you nned to run a parser and translater from one to the other.

Frontmotion (??), Chrome (about 250 policies), IE (1600+ policies) simply decided to put everything inside. Which was easy, because they did not change the name and setting aswell. They just added .\policies and changed the path from which the setting is acceptet/prefered.

Specially Chrome did one step further, they created an additional path within .\policies to have "Deployment/Run once" settings, that are used, but can be overruled by User ...

Getting back to my whishlist:
Make it easy: Stay with the existing naming of values, do not create new ones. Then it would be much less work to fill up the possibilities in GPO rules. But please provide ALL(!) settings that you would like ot support in .cfg as GPO aswell. Do not work by "waiting for request of iusers". Only a few people will send request. The other customers, that do not report but missing festure, you will simply loose, by this behavior.

"Too much work" is not an argument, think abou 1.600+ policies on IE ... they did the job to be enterprise ready, nit because they wanted.

Just my 2 cents.
Mark

I am adding support for some arbitrary preferences, but we won't be providing all settings.

There's no reason for most people to set 90% of our preferences.

Status: UNCONFIRMED → RESOLVED
Closed: 5 years ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: