How to integrate Firefox with Windows

Group Policy
Mozilla has shipped the support for Windows Group Policy Support. Firefox 60 is the next
Extended Support Release of Firefox browsers releases which replaces Firefox ESR 52.x.
Firefox ESR 52.x is the last official version of Firefox that will be supporting the old extensions
system. It is rather surprising that Mozilla made Firefox 60 the next ESR target instead of
Firefox 59.

Mozilla Firefox uses autoconfig files that support an automatic configuration system for Firefox
installations and hence this makes it compatible with the supported desktop platform. This is all
supported by a new Policy Engine in Firefox that reads data directly from the Registry. This
Registry is created by Group Policy Objects and applies the policies if they are found to be
absolutely valid.

Firefox with Windows Group Policy

In order to check all the policies, you need to view the policies using the Group Policy Editor.
To view these policies, open Group Policy Editor.

To do this, open Run and type in gpedit.msc and hit Enter.

Or just search for Edit Group Policy in Cortana search box and select the Entry to open the
Group Policy Editor.

Then navigate to this location:

Computer Configuration > Administrative Templates > Firefox and User Configuration >
Administrative Templates > Firefox

Then the following policy template files are added to the directories on Windows:

 Block About Addons – prevents access to about://addons to manage addons.

 Block About Config – prevents access to about://config.
 Block About Support – prevents access to the troubleshooting page about://support.
 Block Set Desktop Background – users cannot set the wallpaper of the desktop using
Firefox.
  Create Master Password – prevent the creation of a master password.
 Disable Update – block Firefox from updating.
 Disable Developer Tools – turn off the Developer Tools in the browser.
 Disable Firefox Accounts – prevent sign-in to accounts and syncing.
 Disable Firefox Screenshots – turn the Screenshots tool off.
 Disable Firefox Studies – turn participation in Firefox studies off.
 Disable Form History – prevent Firefox from remembering the form history.
 Disable Pocket – turn off Pocket in Firefox.
 Disable Private Browsing – block Private Browsing functionality.
 Display Bookmarks Toolbar – show the Bookmarks Toolbar by default.
 Display Menu Bar – show the Menu Bar by default.
 Don’t Check Default Browser – block checks for default browser.
 Homepage – set a homepage (or multiple), and optionally disallow the changing of those.
 Remember Passwords – allow or disallow the saving of passwords.
 Bookmarks – Set default bookmarks.
 Permissions: Addons – Allow addon installation on specified URLs.
 Permissions: Cookies – Set URLs to allow or block cookies on.
 Permissions: Flash – Set URLs to allow or block Flash on.
 Permissions: Popups – Allow popups on selected sites.

The Enterprise Policy Generator addon is available here. You can learn more about this new
feature of Firefox here.

This post will show yu how to configure Google Chrome using Group Policy.

Read next: How to disable add-on installation in Firefox using Group Policy.

Customizing Firefox Using Group Policy

(Windows)
(Redirected from Customizing Firefox Using Group Policy)
This article is for IT Admins who want to configure Firefox on their organization's computers.

On Windows, policy support is implemented using Group Policy. Firefox supports setting
policies via Active Directory as well as using Local Group Policy.

The ADMX templates for Firefox are available for download here:

https://github.com/mozilla/policy-templates/releases

ADMX templates should be added to the X:\Windows\PolicyDefinitions directory.

For the latest information on our policies and more details about specific policies is available in
the README on our GitHub repository:

https://github.com/mozilla/policy-templates/blob/master/README.md

Configure Google Chrome using Group

Policy in Windows 10
Google Chrome is the world’s most used web browser according to statistics. But the main thing
that gives the Internet Explorer an edge over it is the fact that it can be configured and calibrated
using Windows Group Policy Editor. This makes Internet Explorer particularly useful in the
Enterprise sector. These Group Policies help an Administrator configure their browser as per
their conditions.  But you can now use the Group Policy to configure Google Chrome as well.
We have already seen how to integrate Firefox with Windows Group Policy, now let us see how
to configure  Google Chrome via Group Policy.

Configure Chrome using Group Policy

You can start by getting the latest templates and documentation for Google Chrome in a ZIP
Archive from google.com. And after it is downloaded, extract its contents into a separate folder.

Now we have to add the template to the local computer

Type in gpedit.msc in the Search box and hit Enter. Once Group Policy Editor opens, navigate to
the following setting-

Computer Configuration > Administrative Templates

Right click on the right side panel and click on Add/Remove Templates… from the context
menu.

It will open a new window. Select Add and then navigate to the location where you extracted the
downloaded templates and documentation.
From the cluster of files inside the following location-

Windows/ADM/am/EN-US

Select the file named as chrome.adm.

Finally, click on Close in the Add/Remove Templates mini window.

Now, when you navigate to this following location, you will find all the Group Policy Editor
entries for Google Chrome-
Computer Configuration > Administrative Templates > Classic Administrative Templates
(ADM) > Google

Now using the Windows Group Policy Editor, you will able to configure Google Chrome
browser on your computer.

Hope this helps!

Policy Templates

To ease your policy setup, several policy templates can guide you easily through the
configurable options.

Templates can also be generated locally by building the policy_templates Chromium project.

Windows

There are two types of templates available, an ADM and an ADMX template. You will want to
verify what template type you can use on your network.

ZIP file of ADM/ADMX/JSON templates and documentation. Beta and Dev administrative templates

are also available for testing them before a stable release.

Google Update (auto-update) has its own templates as well, in ADM and ADMX forms.
The recommended way to configure policy on Windows is Group Policy Object (GPO),
however on machines that are joined to an Active Directory domain, policy settings may also be
stored in the registry under HKEY_LOCAL_MACHINE or HKEY_CURRENT_USER in the
following paths:

 Google Chrome: Software\Policies\Google\Chrome\

 Chromium: Software\Policies\Chromium\

Mac

Policies are defined on a Mac in a plist (property list) file. The latest plist template is
included in the Google Chrome/Chromium installer package. To find the plist:

1. Download Google Chrome

2. Open the bundle and find the Configuration folder
3. Open a file called com.google.Chrome.manifest. This is the latest plist template.
4. Review the plist template.
5. Use the template to create your own plist file.
6. Create your own plist file with appropriate policies based on the plist template. Use the
property list editor of your choice.
7. Use your system management tool to push the configuration file to client Macs.

To see an example of how to load this file into Profile Manager, see the Mac Quickstart guide. 
Note: Any other system management tool can be used instead of Profile Manager such as Jamf
or Puppet.

How to Configure Google Chrome via Group

Policies
According to statistics, the most popular browser nowadays is Google Chrome, but its position
in corporate networks is not so strong, and many administrators avoid using Google Chrome  in
the AD domain network because it is quite difficult to manage and update t from central location.
In this article we’ll get acquainted with the administrative templates (admx) of group policies,
provided by Google, that allow to manage Chrome settings from central location and make it
easier to deploy and use this browser in corporate networks. Also, we will show several typical
tasks of managing of the Google Chrome settings using GPO.

Contents:

 Importing Chrome Administrative Templates

 Typical Chrome settings in GPO
 Configuring Proxy Server and Home Page with Chrome GPO
 Automatic installation of Chrome extensions through GPO
Importing Chrome Administrative Templates
The administrative templates of the GPO for Google Chrome are deployed as follows:

 Download and unpack an archive with ADM/ADMX templates of Group Policies for
Google Chrome ( http://dl.google.com/dl/edgedl/chrome/policy/policy_templates.zip the
file size is about 13 MB).
 There are two types of group policy templates for Windows OS in the archive: ADM and
ADMX (the latter is supported in the OS since Windows Vista / 2008 and above).
 Copy the files of an administrative template to the directory where they are to be stored.
If you want group policy templates to be localized, don’t forget to copy the
corresponding template file.

Note. Local administrative GPO templates are stored in C:\Windows\PolicyDefinitions,

but if you are going to use policy templates for Chrome in the Active Directory domain
environment, you can save them to the folder of a certain policy (not the best option) or
to PolicyDefinitions directory in SYSVOL on the domain controller.

 Suppose, we are going to use the ADMX format of the GPO template and centralized
domain storage of policies. Copy chrome.admx file and localization directories to
\\woshub.loc\SYSVOL\woshub.loc\Policies\PolicyDefinitions

 Open the Group Policy Management Console (gpmc.msc) and edit any existing policy
(or create a new one). Make sure that a new Google folder containing two subsections:
Google Chrome and Google Chrome – Default Settings (users can override) appeared
 both in User and Computer sections of Policies -> Administrative Templates.

Tip. If you are not using the centralized GPO storage, you can add the GPO template for Google
Chrome manually. To do it, right-click Administrative Templates and select Add/Remove
Templates. In the next window specify the path to chrome.adm file. It is better to specify the
path in the UNC format, e. g., like this: \\woshub.loc\SYSVOL\woshub.loc\Policies\{60553A6F-
2549-4C9E-B522-D3CF668E56B4}\Adm\chrome.adm
So, we have copied GPO templates for Google Chrome browser. As we mentioned before, the
new GPO section contains two subsections: Google Chrome and Google Chrome – Default
Settings (users can override). The difference between them is that the settings of the latter
section of policies can be changed by users in the browser settings on their computers. The
settings of the first section are fixed and even the local administrator won’t be able to change
them in the browser.

These administrative templates contain about 260 of different manageable Google Chrome
settings. You can explore them yourself and configure the browser settings that are needed in
your environment.

It doesn’t make any sense to consider all of them, we’ll only demonstrate basic Chrome settings
that are often to be configured in the AD domain environment.

Typical Chrome settings in GPO

Among the useful Chrome settings that you should configure first, you can pay attention to the
following policies (note that the ${local_app_data} directory corresponds to the folder
%username%\AppData\Local, and ${roaming_app_data}  – to \%username
%\AppData\Roaming.

 Set disk cache directory – path to the Chrome disk cache (as a rule it is  “$
{local_app_data}\Google\Chrome\User Data”
 Set disk cache size – disk cache size (in bytes)
 Set Google Chrome Frame user data directory – Chrome directory with user
settings “${local_app_data}\Google\Chrome\User Data”
 Managed Bookmarks
  Disable Chrome auto-update: Allow Installation: Disable, Update Policy Override:
Enable and in the Policy field specify Updates Disable
 Add certain sites to trusted sites list – Policies HTTP Authentication -> Authentication
server whitelist

Configuring Proxy Server and Home Page with Chrome

GPO
Let’s configure a proxy server: we are interested in the following policy section Google Chrome
-> Proxy Server

 proxy server address: ProxyServer – 192.168.123.123:3128

 an exception list for proxy: ProxyBypassList – http://www.woshub.local,192.168.*,
*.corp.woshub.local

Locate a home page: Home page -> HomepageLocation – http://woshub.com/

Change the location of the download folder:

Set download directory: c:\temp\Downloads

It remains to link the policy to the desired container (OU) of Active Directory. Apply the group
policy to a client by running the command

gpupdate /force

Run the browser on the client and make sure that the GPO settings have been applied to its
settings (in this screenshot, a user can’t change the values that were set by the administrator).
To display all settings, set by the group policies directly in the Chrome, go to the address
Chrome://policy.

In the event that you prevented users from changing these Chrome settings, a message will
appear in the browser window: This setting is enforced by your administrator.
Tip. Although for the modern versions of Mozilla Firefox there are no ready Administrative
Templates, but you can manage the browser settings using special configuration files that were
copied with the help of Group Policy Preferences: How to Manage Firefox Settings using Group
Policy.

Automatic installation of Chrome extensions through GPO

With the help of these administrative templates, you can install certain Extensions of Google
Chrome for all domain users. To do this, you need to know the ID of the extension and the URL
from which the extension is updated.

The Google Chrome Extension ID can be found in the extension parameters in

chrome://extensions (developer mode must be enabled).

By ID, you need to find the extension folder in the user profile  C:\Users\%Username
%\AppData\Local\ Google\Chrome\User Data\Default\Extensions\{id_here}.

In the extension folder find and open the manifest.json file and copy the value of the
update_url. Most likely, you will see the following URL:
https://clients2.google.com/service/update2/crx.
Now, in the GPO editor console, go to the Computer Configuration -> Policies ->
Administrative Templates -> Google -> Google Chrome -> Extensions. Enable the policy
Configure the list of force-installed extensions.

Click the Show button and add a line for each extension that you want to install. Use the
following format:

{extension_id_here};https://clients2.google.com/service/update2/crx

After applying to the user’s computers, all specified Chrome extensions will be installed in silent
mode without interaction with the user.