Professional Documents
Culture Documents
How To Integrate Firefox With Windows Group Policy
How To Integrate Firefox With Windows Group Policy
Group Policy
Mozilla has shipped the support for Windows Group Policy Support. Firefox 60 is the next
Extended Support Release of Firefox browsers releases which replaces Firefox ESR 52.x.
Firefox ESR 52.x is the last official version of Firefox that will be supporting the old extensions
system. It is rather surprising that Mozilla made Firefox 60 the next ESR target instead of
Firefox 59.
Mozilla Firefox uses autoconfig files that support an automatic configuration system for Firefox
installations and hence this makes it compatible with the supported desktop platform. This is all
supported by a new Policy Engine in Firefox that reads data directly from the Registry. This
Registry is created by Group Policy Objects and applies the policies if they are found to be
absolutely valid.
Or just search for Edit Group Policy in Cortana search box and select the Entry to open the
Group Policy Editor.
Computer Configuration > Administrative Templates > Firefox and User Configuration >
Administrative Templates > Firefox
Then the following policy template files are added to the directories on Windows:
The Enterprise Policy Generator addon is available here. You can learn more about this new
feature of Firefox here.
This post will show yu how to configure Google Chrome using Group Policy.
Read next: How to disable add-on installation in Firefox using Group Policy.
On Windows, policy support is implemented using Group Policy. Firefox supports setting
policies via Active Directory as well as using Local Group Policy.
The ADMX templates for Firefox are available for download here:
https://github.com/mozilla/policy-templates/releases
https://github.com/mozilla/policy-templates/blob/master/README.md
Type in gpedit.msc in the Search box and hit Enter. Once Group Policy Editor opens, navigate to
the following setting-
Right click on the right side panel and click on Add/Remove Templates… from the context
menu.
It will open a new window. Select Add and then navigate to the location where you extracted the
downloaded templates and documentation.
From the cluster of files inside the following location-
Windows/ADM/am/EN-US
Now, when you navigate to this following location, you will find all the Group Policy Editor
entries for Google Chrome-
Computer Configuration > Administrative Templates > Classic Administrative Templates
(ADM) > Google
Now using the Windows Group Policy Editor, you will able to configure Google Chrome
browser on your computer.
Policy Templates
To ease your policy setup, several policy templates can guide you easily through the
configurable options.
Templates can also be generated locally by building the policy_templates Chromium project.
Windows
There are two types of templates available, an ADM and an ADMX template. You will want to
verify what template type you can use on your network.
Google Update (auto-update) has its own templates as well, in ADM and ADMX forms.
The recommended way to configure policy on Windows is Group Policy Object (GPO),
however on machines that are joined to an Active Directory domain, policy settings may also be
stored in the registry under HKEY_LOCAL_MACHINE or HKEY_CURRENT_USER in the
following paths:
Mac
Policies are defined on a Mac in a plist (property list) file. The latest plist template is
included in the Google Chrome/Chromium installer package. To find the plist:
To see an example of how to load this file into Profile Manager, see the Mac Quickstart guide.
Note: Any other system management tool can be used instead of Profile Manager such as Jamf
or Puppet.
Contents:
Download and unpack an archive with ADM/ADMX templates of Group Policies for
Google Chrome ( http://dl.google.com/dl/edgedl/chrome/policy/policy_templates.zip the
file size is about 13 MB).
There are two types of group policy templates for Windows OS in the archive: ADM and
ADMX (the latter is supported in the OS since Windows Vista / 2008 and above).
Copy the files of an administrative template to the directory where they are to be stored.
If you want group policy templates to be localized, don’t forget to copy the
corresponding template file.
Suppose, we are going to use the ADMX format of the GPO template and centralized
domain storage of policies. Copy chrome.admx file and localization directories to
\\woshub.loc\SYSVOL\woshub.loc\Policies\PolicyDefinitions
Open the Group Policy Management Console (gpmc.msc) and edit any existing policy
(or create a new one). Make sure that a new Google folder containing two subsections:
Google Chrome and Google Chrome – Default Settings (users can override) appeared
both in User and Computer sections of Policies -> Administrative Templates.
Tip. If you are not using the centralized GPO storage, you can add the GPO template for Google
Chrome manually. To do it, right-click Administrative Templates and select Add/Remove
Templates. In the next window specify the path to chrome.adm file. It is better to specify the
path in the UNC format, e. g., like this: \\woshub.loc\SYSVOL\woshub.loc\Policies\{60553A6F-
2549-4C9E-B522-D3CF668E56B4}\Adm\chrome.adm
So, we have copied GPO templates for Google Chrome browser. As we mentioned before, the
new GPO section contains two subsections: Google Chrome and Google Chrome – Default
Settings (users can override). The difference between them is that the settings of the latter
section of policies can be changed by users in the browser settings on their computers. The
settings of the first section are fixed and even the local administrator won’t be able to change
them in the browser.
These administrative templates contain about 260 of different manageable Google Chrome
settings. You can explore them yourself and configure the browser settings that are needed in
your environment.
It doesn’t make any sense to consider all of them, we’ll only demonstrate basic Chrome settings
that are often to be configured in the AD domain environment.
Set disk cache directory – path to the Chrome disk cache (as a rule it is “$
{local_app_data}\Google\Chrome\User Data”
Set disk cache size – disk cache size (in bytes)
Set Google Chrome Frame user data directory – Chrome directory with user
settings “${local_app_data}\Google\Chrome\User Data”
Managed Bookmarks
Disable Chrome auto-update: Allow Installation: Disable, Update Policy Override:
Enable and in the Policy field specify Updates Disable
Add certain sites to trusted sites list – Policies HTTP Authentication -> Authentication
server whitelist
It remains to link the policy to the desired container (OU) of Active Directory. Apply the group
policy to a client by running the command
gpupdate /force
Run the browser on the client and make sure that the GPO settings have been applied to its
settings (in this screenshot, a user can’t change the values that were set by the administrator).
To display all settings, set by the group policies directly in the Chrome, go to the address
Chrome://policy.
In the event that you prevented users from changing these Chrome settings, a message will
appear in the browser window: This setting is enforced by your administrator.
Tip. Although for the modern versions of Mozilla Firefox there are no ready Administrative
Templates, but you can manage the browser settings using special configuration files that were
copied with the help of Group Policy Preferences: How to Manage Firefox Settings using Group
Policy.
By ID, you need to find the extension folder in the user profile C:\Users\%Username
%\AppData\Local\ Google\Chrome\User Data\Default\Extensions\{id_here}.
In the extension folder find and open the manifest.json file and copy the value of the
update_url. Most likely, you will see the following URL:
https://clients2.google.com/service/update2/crx.
Now, in the GPO editor console, go to the Computer Configuration -> Policies ->
Administrative Templates -> Google -> Google Chrome -> Extensions. Enable the policy
Configure the list of force-installed extensions.
Click the Show button and add a line for each extension that you want to install. Use the
following format:
{extension_id_here};https://clients2.google.com/service/update2/crx
After applying to the user’s computers, all specified Chrome extensions will be installed in silent
mode without interaction with the user.