Home Forums OS X Server and Client Discussion Misc. Mass deploying managed Firefox

Viewing 13 posts - 1 through 13 (of 13 total)
  • Author
    Posts
  • January 5, 2010 at 2:37 pm #377750
    tlarkin
    Participant

    Well, this is yet another issue I am running into with Firefox. I work in K-12, which means by certain federal regulations I am required to filter the Internet usage of the students. I also work in a 1:1, so I have over 6,000 Macbooks and about 2,000+ Mac desktops. The problem is basically this with out writing a short novel to explain it:

    I need to lock down firefox so students cannot install add ons, clear history, and insert their own network/proxy settings into the app itself. Since Firefox is a complete self contained application and it ignores all system settings of OS X for it’s own this is an issue. There is an add on called public fox, which does work well, but an end user can just delete their profile information in their home directory and that protection is now gone. The second issue is, that if I push out the package to the end users with my copy of the files it works, but it doesn’t retain passwords. If I copy the add ons I added to lock it down and drill them into the actual application contents of Firefox they are there, but with out any of the settings I put. I also tried modifying the user template so when a user logs in they get those firefox settings but again they can still delete them.

    I am trying to avoid modifying the POSIX permissions for the files in question as I don’t want to have to maintain scripts for a permissions nightmare and if some IT staffer I work with decides to run “repair permissions” as a troubleshooting step it just undoes what I did.

    Basically, from what I have been reading up on, Firefox is a huge pain to mass deploy in a managed way so that the app itself is managed the way you want it.

    Any ideas, pointers, or has anyone here accomplished what I am trying?

    Thanks

    Tom

    January 6, 2010 at 6:41 pm #377754
    Greg Neagle
    Participant

    Here’s a start:

    Check out managingosx.wordpress.com and look for firefox-default-settings.
    I’d post the URL, but this forum keeps deleting my replies as spam.

    I’ve since changed my technique; instead of editing the existing /Applications/Firefox.app/Contents/MacOS/greprefs/all.js file, I instead add this file:

    /Applications/Firefox.app/Contents/MacOS/defaults/pref/local-settings.js

    Which looks like:

    // MyOrg additions
    pref(“general.config.obscure_value”, 0);
    pref(“general.config.filename”, “firefox_aa.cfg”);

    January 7, 2010 at 4:22 pm #377762
    tlarkin
    Participant

    You are referring to this link?

    [url]removed for spam….?[/url]

    So I have to hack the java part? How future proof is this? Lets say I want to update firefox, will I have to repack this every time?

    *EDIT*

    It seems that I cannot post the link either as it says I am posting spam

    January 7, 2010 at 4:28 pm #377763
    Greg Neagle
    Participant

    You’ll need to add to files each time you update Firefox:

    /Applications/Firefox.app/Contents/MacOS/defaults/pref/local-settings.js

    and

    /Applications/Firefox.app/Contents/MacOS/firefox_aa.cfg

    No hacking. This is a Mozilla-supported method for managing/enforcing preferences, and has worked since Firefox 1.x, (and the same concepts worked in Netscape) so I imagine this is as “future-proof” as anything is these days…

    -Greg

    January 7, 2010 at 4:30 pm #377764
    tlarkin
    Participant

    OK, so as I have read that article on that wordpress site, all I need to do is create my custom config, and then tell firefox to look at that config instead of the default one? Also, how do I manage and deploy the FF add ons that I want all my users to have?

    January 7, 2010 at 10:30 pm #377771
    Greg Neagle
    Participant

    [QUOTE][u]Quote by: tlarkin[/u][p]Also, how do I manage and deploy the FF add ons that I want all my users to have?[/p][/QUOTE]

    I don’t manage any add-ons, but I think you’d need to do a global extension install as described here:

    http://kb.mozillazine.org/Installing_extensions

    and then package up Firefox. And then do it again the next time Firefox is updated. And again. And again…

    January 8, 2010 at 6:29 pm #377776
    tlarkin
    Participant

    Where can I find more configurations for this? It looks like this is just CSS code that the jar files read? Also, do I need to install something extra for the command line stuff?

    January 8, 2010 at 8:32 pm #377778
    tlarkin
    Participant

    Some features from that link do not work….some do. It doesn’t work for what I want to do either. I think that this point I am going to deploy a non managed version and just say the heck with it.

    January 9, 2010 at 12:46 am #377781
    Greg Neagle
    Participant

    [QUOTE][u]Quote by: tlarkin[/u][p]Where can I find more configurations for this? It looks like this is just CSS code that the jar files read? Also, do I need to install something extra for the command line stuff?
    [/p][/QUOTE]

    These are JavaScript calls, not CSS. You don’t need to install anything extra.

    Since I can’t post links, search for Firefox lockPref.

    January 9, 2010 at 12:47 am #377782
    Greg Neagle
    Participant

    [QUOTE][u]Quote by: tlarkin[/u][p]Some features from that link do not work….some do. It doesn’t work for what I want to do either. I think that this point I am going to deploy a non managed version and just say the heck with it. [/p][/QUOTE]

    What’s not working for you?

    In case it wasn’t clear, Managing OS X is my blog, and I’ve been using those techniques successfully to manage Firefox here since 1.x.

    -Greg

    January 9, 2010 at 6:34 pm #377784
    tlarkin
    Participant

    The check default browser option does not work. I pushed the package out via casper, then logged in to a mobile account, and it took the home page settings to my custom set homepage but it does not do the default browser. I was also able to install add ons, which I did not enable either.

    What am I doing wrong here?

    January 9, 2010 at 9:03 pm #377785
    Greg Neagle
    Participant

    [QUOTE][u]Quote by: tlarkin[/u][p]The check default browser option does not work. [/p][/QUOTE]

    Do you want it to check, or not to check? My settings set it by default to not check, but allow the user to set it as default if they want.

    [quote][u]Quote by: tlarkin[/u][p]I pushed the package out via casper, then logged in to a mobile account, and it took the home page settings to my custom set homepage but it does not do the default browser. I was also able to install add ons, which I did not enable either.[/p]
    [/quote]

    My settings don’t attempt to prevent one from installing add-ons. What preference did you try to control that? I don’t see any preferences in about:config that look like they’d prevent the installation of add-ons.

    January 9, 2010 at 10:59 pm #377788
    tlarkin
    Participant

    I just went through the about:config file myself and did not see where you can disable the user from entering the preferences or installing add ons….However, there is an add on that does this called public fox.

    https://addons.mozilla.org/en-US/firefox/addon/3911

    So I guess I need to global install that add on, then deploy it….if it works that way. The problem is if a user deletes their ~/Library/Application Support/Firefox (or mozilla) folder they lose the management, so I was looking at other ways of deploying firefox.

  • Author
    Posts
Viewing 13 posts - 1 through 13 (of 13 total)
  • You must be logged in to reply to this topic.

Comments are closed

Copyright © 2025 AFP548. All Rights Reserved.