Firefox registry settings for User Homepage and User Proxy Config
Categories
(Firefox :: Enterprise Policies, enhancement)
Tracking
()
People
(Reporter: office, Unassigned)
Details
User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101 Firefox/102.0
Steps to reproduce:
I use logon and startup scripts to configure many settings for my client's computers. This includes Firefox configuration as well.
There are many advantages to using scripts rather than Group Policy.
I have recently moved to deploying Firefox configuration settings to the registry. Many years ago, I achieved this by deploying a user.js file per user group. In those days, Mozilla Firefox didn't really use any registry settings. While the user.js file worked well, I prefer to deploy directly to the registry to eliminate the need to copy files and create Firefox Profiles etc.
Most of the Firefox settings I have configured for the startup script (computer policy) and are applied to Hkey_Local_Machine\Software\Policies\Mozilla\Firefox....
Actual results:
This works perfectly for 95% of my configuration. However, I am still stuck with 3 settings that I need to deploy via the user.js file.
user_pref("network.proxy.autoconfig_url", "file://///ServerName/ShareName/UsergroupA.pac");
user_pref("browser.startup.homepage", "https://www.google.co.uk");
user_pref("browser.uiCustomization.state", "Printer, Home, Find show settings");
I have already logged a request for the ability to customise Toolbar to allow users to see the Home Button, Find, Printer icons on the toolbar.
https://bugzilla.mozilla.org/show_bug.cgi?id=1767018
I fully agree that using the browser.uiCustomization.state to enable these buttons is a terrible way to do this for all the reasons listed in the linked topic. However, currently there is no way to customise the toolbar via registry. I am raising this in this new topic request, as I would really like to get rid of this horrible hack that I am using to ensure that users get the home button etc. The home button is essential.
The other two settings, I have had to retain in the User.js file because I need these two settings to apply to the User Configuration, not the Computer Configuration. The homepage url and proxy pac file is user group specific.
Expected results:
There is a registry key to apply the homepage and proxy configuration for users, rather than computers. Unfortunately, the registry key HKEY_CURRENT_USER\Software\Policies is a protected Windows key - which means that login scripts cannot create subkeys or Values as only administrators have write privileges to this area.
I understand that Microsoft designed Windows 10/11 to protect the Policies Key in users - presumably to block against Cybercrime, malware and to prevent users from changing settings themselves! But not everyone uses Group Policy to apply settings. You can do so much more with scripts than Group Policy.
It is not desirable to have to create group policies for these two keys. At one client for example, I would have to create 5 group policies to apply the homepage to five different user groups. Using a script, I just simply do a If Ingroup A (do A), If Ingroup B (do B).
What is the official recommendation from Mozilla regarding configuring user homepages and user proxy settings, considering in the past (and still working), I can configure the homepage and proxy settings per user by deploying a user.js file. Is group policy the only official option now?
I would really like to completely eliminate the need for a user.js file as deploying settings to the registry is by far, much better than creating loads of little ini files everywhere!
I will raise a question on Microsoft's forums to ask if there is a way to exempt (trust) logon scripts from the write protect policies as Microsoft have obviously done this for group policies. But would be useful to see what Mozilla's position on this is.
Thank you.
Comment 1•2 years ago
|
||
The Bugbug bot thinks this bug should belong to the 'Firefox::Enterprise Policies' component, and is moving the bug to that component. Please correct in case you think the bot is wrong.
Comment 2•2 years ago
|
||
Opening this as an Enhancement so one of our devs can take a look.
Comment 3•2 years ago
|
||
Have you looked into using a policies.json file and putting it in the Firefox install? That's probably the easiest way for you.
Unfortunately allowing arbitrary registry locations would open us up to anyone modifying Firefox settings.
I agree that allowing arbitrary registry locations is not a good idea. Microsoft write protected those registry keys for a reason. It was very common in the past for a user's homepage, search engine etc to be hijacked by a malicious install. So I do actually support Microsoft's goal regarding this. I just find it surprising that Microsoft seem to have provided no official way for logon scripts to work in the same way as group policy works. Logon Scripts should by definition be a trusted source.
I will have a look at how the policies.json file will help in this case. But my understanding of the use of that file is that it would apply to computer, not user. I already use that file to deploy the certificates for our internet filtering system. However, that would be a good location to put the browser customisation state settings - until Mozilla develop a way to customize this by registry.
Thank you for reviewing this. I will update if I can get any further with Microsoft side of things regarding this, because it is obviously more of a Microsoft than Mozilla issue. I will have a look at the policies.json file now.
I have just had a look at the policies.js options. Unfortunately I don't think that I can get the proxy and homepage configured here as I need different settings for different users, which is not supported by the policies.js file.
However, on the website, listing all the policies.js settings, I discovered a setting to show the homepage button. So I have added this to my computer registry deployed settings as the registry option was listed as well. Upon review, it would be nice to have the Find button and the bookmarks button, but not essential. So I am happy to now remove the "browser.uiCustomization.state" preference because the home page button is really the only one that was essential and I am keen to remove this preference setting as it retains legacy settings that are no longer applicable.
I will update the other ticket to request a showbutton feature for Find and bookmarks, because it would be useful. But I will consider the third setting to be sorted now, leaving me with just the homepage and proxy server config to sort out. Thank you.
Comment 6•2 years ago
|
||
I don't see anything we can do on this bug. We aren't going to allow arbitrary registry policy...
I am happy to close this ticket. I do understand why Mozilla are using the Policies area of the registry as it is necessary to protect against homepage and proxy server hijacking. I see this more as an issue with Microsoft for not not allowing logon scripts to edit this section of the registry.
I have resolved the problem by continuing to use the user.js file, but just for the homepage and proxy pac file. All other settings that were in there have now been moved to the registry.
If and when Mozilla stops supporting the user.js functionality, I will at that point move to these two settings to group policy manager even though it is not as efficient to manage.
So I am happy to close this ticket, because it's not really a problem that Mozilla can resolve. Thank you.
Comment 8•2 years ago
|
||
Thanks. I don't see us dropping user.js support any time in the near future.
Another option would be to use Autoconfig and set different preferences based on username.
https://support.mozilla.org/en-US/kb/customizing-firefox-using-autoconfig
Description
•