Documente Academic
Documente Profesional
Documente Cultură
com
http://www.pcc-services.com/kixtart/firefox-lockdown.html
2. Create a new file called "mozilla.txt" and add any lockdown settings you want, an example is:
// lockPref("app.update.enabled", false); lockPref("network.proxy.type", 0); lockPref("browser.startup.page", 1); lockPref("browser.startup.homepage", "http://www.google.com/");
You can find more options to lockdown below, or you can browse the "about:config" page to find more settings to lockdown. 3. Now, you must "encode" the "mozilla.txt" file into a "mozilla.cfg" file. To do this use the application located here, or even easier is the online converter located at: http://www.alain.knaff.lu/%7Eaknaff/howto/MozillaCustomization/cgi/byteshf.cgi. 4. Finally, put the new "mozilla.cfg" file into the "Mozilla Firefox" directory. Now you are ready to deploy Firefox with the appropriate settings "Locked-Down". Note: If you do not wish to "byte-shift" the mozilla.cfg file, simply add the following to the greprefs\all.js file:
pref("general.config.obscure_value", 0);
Also, you may be able to store your mozilla.cfg file on a server with the following - although I haven't full tested it yet:
lockPref("autoadmin.global_config_url", "http://yourserver.companyname.com/mozilla.cfg");
8. Save the file 9. Re-Zip all the files back into a file called OMNI.JAR 10. Replace the original OMNI.JAR file with the new one 11. Drop your mozilla.cfg file in the root of Program Files\Mozilla Firefox 12. Launch Firefox and see your lockdowns work Again, I haven't fully test this yet and I am not sure if you have to use Winzip or if you could also use 7-zip. Thanks again Landon for the input! Here is a Youtube Video Showing Firefox 4 Lockdown
Also, if you want to disable the ability to access the "about:config" page you must copy this file into the "Mozilla Firefox\components\" directory. To lock down basic settings, here is a list of the settings available through the "Options" Dialog (Current with Firefox 2.0.0.6). Remember, there are quite a few more available through the "about:config" Firefox page, but these should get you started.
Main Tab
1 of 7
3/16/2012 3:06 PM
http://www.pcc-services.com/kixtart/firefox-lockdown.html
Where:
0 = "Show a blank page" 1 = "Show my home page" 3 = "Show my windows and tabs from last time"
System Defaults - Always check to see if Firefox is the default browser on startup:
lockPref("browser.shell.checkDefaultBrowser", false);
Tabs Tab
2 of 7
3/16/2012 3:06 PM
http://www.pcc-services.com/kixtart/firefox-lockdown.html
Content Tab
3 of 7
3/16/2012 3:06 PM
http://www.pcc-services.com/kixtart/firefox-lockdown.html
Note that exceptions are added to the hostperm.1 file in the user's Firefox profile. Load images automatically
lockPref("permissions.default.image", 2);
Where (1) is checked and (2) is unchecked. Note that exceptions are added to the hostperm.1 file in the user's Firefox profile. Enable JavaScript
lockPref("javascript.enabled", false);
Enable Java
lockPref("security.enable_java", false);
Fonts & Colors You could lock down these settings, but not recommended as each user utilizes their own preferences File Types The app that opens each type of file is written to the "mimeTypes.rdf" file in the user's profile. However, you can disable the apps "browser plugin" by adding something similar to the following, forcing the user to "save the file" to disk:
lockPref("plugin.disable_full_page_plugin_for_types", "audio/x-ms-wma,application/pdf");
Privacy Tab
Set "browser.history_expire_days" to "0" to disable History completely History - Remember what I enter in forms and the search bar
lockPref("browser.formfill.enable", false);
4 of 7
3/16/2012 3:06 PM
http://www.pcc-services.com/kixtart/firefox-lockdown.html
Where "0" is "they expire" - "1" is "ask me every time" - "2" is "I close Firefox" Cookies - Exceptions (disable the button)
lockPref("pref.privacy.disable_button.cookie_exceptions", false);
Note that Cookie exceptions are added to the hostperm.1 file in the user's Firefox profile. Private Data - Always clear my private data when I close Firefox
lockPref("privacy.sanitize.sanitizeOnShutdown", true);
Download History
lockPref("privacy.item.downloads", true);
Cache
lockPref("privacy.item.cache", true);
Cookies
lockPref("privacy.item.cookies", false);
Saved Passwords
lockPref("privacy.item.passwords", false);
Authenticated Sessions
lockPref("privacy.item.sessions", true);
Security Tab
5 of 7
3/16/2012 3:06 PM
http://www.pcc-services.com/kixtart/firefox-lockdown.html
Note that "Add-ons" exceptions are added to the hostperm.1 file in the user's Firefox profile. Tell me if the site I'm visiting is a suspected forgery
lockPref("browser.safebrowsing.enabled", true);
Note: To utilize "Google" to check for web forgeries the user must Accept an EULA. Passwords - Remember passwords for sites
lockPref("signon.rememberSignons", true);
Passwords - Use a master password The user must enter a master password when enabling, thus you cannot enforce this setting Passwords - Disable the "Show Passwords" Button
lockPref("pref.privacy.disable_button.view_passwords", true);
Advanced Tab
General - Accessibility - Always use the cursor keys to navigate within pages
lockPref("accessibility.browsewithcaret", true);
Where "0" is no spell checking and "1" is spell checking enabled Network - Connection - Configure how Firefox connects to the Internet
6 of 7
3/16/2012 3:06 PM
http://www.pcc-services.com/kixtart/firefox-lockdown.html
lockPref("network.proxy.type", 0);
Where "0" is "Direct connection to the Internet" "1" is "Manual proxy configuration" You must also set the following:
lockPref("network.proxy.http", "firewall.private.lan"); lockPref("network.proxy.http_port", 3128); lockPref("network.proxy.ssl", "firewall.private.lan"); lockPref("network.proxy.ssl_port", 3128); lockPref("network.proxy.ftp", "firewall.private.lan"); lockPref("network.proxy.ftp_port", 3128); lockPref("network.proxy.gopher", "firewall.private.lan"); lockPref("network.proxy.gopher_port", 3128); lockPref("network.proxy.socks", "firewall.private.lan"); lockPref("network.proxy.socks_port", 3128);
You can also list addresses that you do not want to use the proxy for:
lockPref("network.proxy.no_proxies_on", "localhost, 127.0.0.1, www.mozilla.com");
"2" is "Automatic proxy configuration URL" You can also set the following setting for the correct autoconfig URL
lockPref("network.proxy.autoconfig_url", "http://mysite.com/");
"4" is "Auto-Detect proxy settings for this network" Network - Cache - Size (Use up to _ MB of space for the cache)
lockPref("browser.cache.disk.capacity", 5000);
Where 5000 is 5MB, etc. Update - Automatically Check For Updates to: Firefox
lockPref("app.update.enabled", false);
Set to "0" will set to Automatically download and install the update and not check the "Warn me if this will disable any of my add-ons", Set to "1" will check both the Automatically download/install as well as the warn about disabling add-ons. Encryption - Protocols - Use SSL 3.0
lockPref("security.enable_ssl3", true);
7 of 7
3/16/2012 3:06 PM