Enterprise Policy Generator is a new add-on for the Firefox web browser by Sören Hentzschel to create cross-platform policy files for Firefox. Designed for use in Enterprise and business environments, policy generator can be installed and used by any Firefox user or system administrator.
Mozilla launched the Enterprise Policy Engine in Firefox 60 and Firefox 60 ESR. While that included Firefox Group Policy Support for supported versions of Windows, it also meant that administrators and users could create configuration files for deployment.
The core advantage of the Enterprise Policy Engine is that it is cross-platform whereas the Group Policy option is only available for Windows devices.
Enterprise Policy Generator
Enterprise Policy Generator is not the official successor of CCK2 Wizard, a Firefox add-on that organizations used in the past for deployment of Firefox. CCK2 Wizard is not compatible with Firefox 57 or newer. While not the official successor, it is fair to say that it shares the core feature set with the popular but now incompatible extension.
Enterprise Policy Generator supports all policies that Mozilla added to Firefox 60. Sören plans to update the extension when new policies get released and add version information to each policy as well so that it is clear which Firefox version individual policies require.
Usage is simple: You may use the shortcut Shift-F10 to open the policy generation page or click on the extension’s icon in the Firefox toolbar to do so.
The extension lists all policies sorted into groups for easier recognition and reveals whether a policy is available for regular versions of Firefox and Firefox ESR, or only extended support releases of the web browser.
Just check the box in front of a policy to include it in the configuration file or leave a box unchecked to keep the default Firefox status of the feature or setting.
Some policies require additional data while others are simple enable/disable preferences. If you select “install, uninstall or lock extensions”, for example, you are asked to specify add-in installation paths, extensions IDs for the removal or locking of add-ons.
Some fields require text input while others come as menus that you select options from.
If there is one thing to criticize here, it is that there is no indication whether a policy requires additional input or not before you select it. Granted, it is not a big deal and it is clear for the majority whether additional input is required or not.
Here is what you can use the extension for right now:
- Block access to the add-ons manager (about:addons)
- Block access to the browser configuration (about:config)
- Block access to the in-content profile manager (about:profiles)
- Block access to the troubleshooting information page (about:support)
- Disable the private browsing mode
- Disable the form and search bar history
- Disable the built-in PDF viewer (pdf.js)
- Disable the built-in screenshot tool (Firefox Screenshots)
- Disable the built-in developer tools
- Disable the integration of Pocket, a service by Mozilla
- Disable Firefox Account based services like Firefox Sync
- Disable the master password feature
- Disable the feature to set an image as desktop background
- Disable the “Forget” toolbar button which can be used to forget the last browsing history
- Disable the “Import data from another browser” menu item in the library
- Disable the “Refresh Firefox” button in about:support
- Disable the ability to restart Firefox with add-ons disabled (safe mode)
- Disable the menu items “Submit Feedback” and “Report Deceptive Site” in the help menu
- Show the menu bar by default
- Show the bookmarks toolbar by default
- Set the homepage (works only in Firefox ESR)
- Whether the search bar is unified or separate (works only in Firefox ESR)
- Modifies the list of search engines built into Firefox (works only in Firefox ESR)
- Don’t create the default bookmarks bundled with Firefox, including the smart bookmarks (most visited, recent tags). Note: this policy is only effective if used before the first run of the profile
- Create default bookmarks
- Allow websites to install add-ons
- Install, uninstall or lock extensions
- Blocks websites from being visited. You can use “<all_urls>” for blocking all URLs. See info link for all valid entries, but only HTTPS and HTTP are supported. (works only in Firefox ESR)
- Configure proxy access to the internet
- Sites that support integrated authentication (works only in Firefox ESR)
- Allow or deny websites to set cookies
- Clear all browser data on shutdown
- Enable or disable tracking protection
- Allow or deny Flash plugin usage
- Prevent certain security warnings from being bypassed
- Read certificates from the Windows certificate store (Windows only)
- Prevent Firefox from updating (works only in Firefox ESR)
- Prevent Firefox from installing and updating system add-ons (works only in Firefox ESR)
Prevent Firefox from sending technical and interaction data to Mozilla (telemetry) (works only in Firefox ESR)
- Prevent Firefox from installing and running studies (SHIELD studies)
- Allow or deny pop-up usage
- Allow or forbid Firefox to offer to remember saved logins and passwords
- Don’t check if Firefox is the default browser at startup
- Override the first run page. Set this policy to blank if you want to disable the first run page. (works only in Firefox ESR)
- Override the post-update “What’s New” page. Set this policy to blank if you want to disable the post-update page. (works only in Firefox ESR)
The descriptions are sufficient to understand what individual policies do. Some policies include “more information” links which lead to Mozilla’s Developer Network site.
Instructions for deployment
Click on the generate policies button once you have selected the policies from the available list. The extension displays the JSON structure of the policy file; you may copy the data and create the policies.json file by yourself or click on “download policies.json to download the file instead to the local system.
It is necessary to create a folder called distribution in the Firefox program folder (not profile folder) on the system and place the policies.json file instead.
The selected policies are applied automatically on start of the Firefox browser. Since the policies file is placed in the program folder, it applies automatically to all Firefox profiles.
Administrators can create policy files manually but Enterprise Policy Generator makes the whole process more comfortable and easier.
One downside of the current version is that policy configurations are not saved which means that you can’t update existing configurations but need to start anew each time you need to update the policies file.
Sören plans to add save and load options to the extension at a later point in time which takes care of that then.
You may add individual policies manually to existing files in the meantime.
Enterprise Policy Generator is a useful extension for Firefox. While it may appeal to administrators the most, Firefox home users may use it as well to configure the browser regardless of whether they do so on a single system or home network.