• News
• GNU/Linux
• Droid
• Windows
• Misc
• Downloads
• Personal
• About

Web Search

Site Search

Independent Representative
Ultimate Health and Wellness starts with the 90 Essential Nutrients Are You Getting Yours?
	Beyond Tangy Tangerine Majestic Earth Beyond Tangy Tangerine powder $69.25*
	Bone Builders Formula Bone Building Formula contains calcium, which, with regular exercise and a healthy diet, helps teen and young adult women maintain good bone health and may reduce the risk of osteoporosis later in life. $30.75*
	Daily 180 Ultimate Daily has a formulation that is so complete and convenient it contains a full days supply of vitamins, minerals and antioxidants. $56.40*
	Osteo-Mag Magnesium, a major mineral essential to life, is involved in more than 300 enzyme systems in the human body. $39.30*
*prices in USD & subject to change Join the Youngevity Team

Firefox Lockdown Information

This page shows how to easily lock-down Mozilla Firefox's Settings before you deploy the app with my Deployment Utility. These instructions are based on Chris LLias's Blog entry about Locking Down Firefox.

1. Edit the file "Mozilla Firefox\greprefs\all.js" and add the following to the end of it:

pref("general.config.filename", "mozilla.cfg");

2. Create a new file called "mozilla.txt" and add any lockdown settings you want, an example is:

//
lockPref("app.update.enabled", false);
lockPref("network.proxy.type", 0);
lockPref("browser.startup.page", 1);
lockPref("browser.startup.homepage", "http://www.google.com/");

You can find more options to lockdown below, or you can browse the "about:config" page to find more settings to lockdown.

3. Now, you must "encode" the "mozilla.txt" file into a "mozilla.cfg" file. To do this use the application located here, or even easier is the online converter located at:
   http://www.alain.knaff.lu/%7Eaknaff/howto/MozillaCustomization/cgi/byteshf.cgi.
4. Finally, put the new "mozilla.cfg" file into the "Mozilla Firefox" directory. Now you are ready to deploy Firefox with the appropriate settings "Locked-Down".

Note: If you do not wish to "byte-shift" the mozilla.cfg file, simply add the following to the greprefs\all.js file:

pref("general.config.obscure_value", 0); 

Also, you may be able to store your mozilla.cfg file on a server with the following - although I haven't full tested it yet:

lockPref("autoadmin.global_config_url", "http://yourserver.companyname.com/mozilla.cfg"); 

Update for Mozilla Firefox 4

I received these instructions from Landon Veitch (Thank You!!), which since I haven't had time to test these, I will post the email in it's entirety.

Mike,

I know that Firefox 4 was just released but I wanted to write you to inform you that I figured out how to apply your locks to the new changes in Firefox 4. This way you can keep your customers up to date. I did this on a Vista and 7 machine so I know this works for these installs.

ENSURE YOU HAVE WINZIP

1. Install Firefox 4 (using standard defaults)
2. Navigate to C:\Program Files\Mozilla Firefox
3. Right click the OMNI.JAR file and open with Winzip
4. Extract all files to a folder somewhere on the PC
5. Go to that extraction folder and you will see the files in their applicable folder structure.
6. Navigate to the defaults\profile\firefox.js
7. Add the following line to the end of that file:

\\MOZILLA FIREFOX LOCKDOWN
pref("general.config.filename", "mozilla.cfg");

8. Save the file
9. Re-Zip all the files back into a file called OMNI.JAR
10. Replace the original OMNI.JAR file with the new one
11. Drop your mozilla.cfg file in the root of Program Files\Mozilla Firefox
12. Launch Firefox and see your lockdowns work

Again, I haven't fully test this yet and I am not sure if you have to use Winzip or if you could also use 7-zip.

Thanks again Landon for the input!

Here is a Youtube Video Showing Firefox 4 Lockdown

Firefox Lockdown Settings

There are many ways to find various settings you can lock down within firefox. The most thorough way is to simply browse through the "about:config" page within Firefox. A few settings not readily apparent is the ability to disable extensions and themes, you can do this by setting the following:

lockPref("config.lockdown.disable_extensions", true);
lockPref("config.lockdown.disable_themes", true);

Also, if you want to disable the ability to access the "about:config" page you must copy this file into the "Mozilla Firefox\components\" directory.

To lock down basic settings, here is a list of the settings available through the "Options" Dialog (Current with Firefox 2.0.0.6). Remember, there are quite a few more available through the "about:config" Firefox page, but these should get you started.

Main Tab

• Startup - "When Firefox Starts:"

lockPref("browser.startup.page", 0);

Where:

0 = "Show a blank page"
1 = "Show my home page"
3 = "Show my windows and tabs from last time"

• Startup - "Home Page"

lockPref("browser.startup.homepage", "http://www.google.com/");

• Downloads - "Show the Downloads window when downloading a file"

lockPref("browser.download.manager.showWhenStarting", false);

• Downloads - "Close it when all downloads are finished"

lockPref("browser.download.manager.closeWhenDone", true);

• Downloads - "Save files to:" (All must be set)

lockPref("browser.download.useDownloadDir", true);
lockPref("browser.download.dir", "C:\\Downloads");
lockPref("browser.download.downloadDir", "C:\\Downloads");
lockPref("browser.download.folderList", 2);

• Downloads - "Always ask me where to save files"

lockPref("browser.download.useDownloadDir", false);

• System Defaults - Always check to see if Firefox is the default browser on startup:

lockPref("browser.shell.checkDefaultBrowser", false);

Tabs Tab

• New pages should be opened in: a new window

lockPref("browser.link.open_external", 2);
lockPref("browser.link.open_newwindow", 2);

• New pages should be opened in: a new tab

lockPref("browser.link.open_external", 1);
lockPref("browser.link.open_newwindow", 1);

• Warn me when closing multiple tabs

lockPref("browser.tabs.warnOnClose", false);

• Warn me when opening multiple tabs might slow down Firefox

lockPref("browser.tabs.warnOnOpen", false);

• Always show the tab bar

lockPref("browser.tabs.autoHide", false);

• When I open a link in a new tab, switch to it immediately

lockPref("browser.tabs.loadInBackground", false);

Content Tab

• Block pop-up windows

lockPref("dom.disable_open_during_load", false);

Note that exceptions are added to the hostperm.1 file in the user's Firefox profile.

• Load images automatically

lockPref("permissions.default.image", 2);

Where (1) is checked and (2) is unchecked.

Note that exceptions are added to the hostperm.1 file in the user's Firefox profile.

• Enable JavaScript

lockPref("javascript.enabled", false);

Advanced JavaScript Settings

• To disable the Advanced button

lockPref("pref.advanced.javascript.disable_button.advanced", true);

• Move or resize existing windows

lockPref("dom.disable_window_move_resize", true);

• Raise or lower windows

lockPref("dom.disable_window_flip", false);

• Disable or replace context menus

lockPref("dom.event.contextmenu.enabled", false);

• Hide the status bar

lockPref("dom.disable_window_open_feature.status", false);

• Change status bar text

lockPref("dom.disable_window_status_change", false);

• Enable Java

lockPref("security.enable_java", false);

• Fonts & Colors

You could lock down these settings, but not recommended as each user utilizes their own preferences

• File Types

The app that opens each type of file is written to the "mimeTypes.rdf" file in the user's profile. However, you can disable the apps "browser plugin" by adding something similar to the following, forcing the user to "save the file" to disk:

lockPref("plugin.disable_full_page_plugin_for_types", "audio/x-ms-wma,application/pdf");

Privacy Tab

• History - Remember visted pages for the last _ days

lockPref("browser.history_expire_days", 4);
lockPref("browser.history_expire_days.mirror", 4);

Set "browser.history_expire_days" to "0" to disable History completely

• History - Remember what I enter in forms and the search bar

lockPref("browser.formfill.enable", false);

• History - Remember what I've Downloaded

lockPref("browser.download.manager.retention", 0);

Set to "2" to enable

• Cookies - Accept cookies from sites

lockPref("network.cookie.cookieBehavior", 2);

Where "0" is enabled, "2" is disable cookies

• Cookies - Keep until:

lockPref("network.cookie.lifetimePolicy", 2);

Where "0" is "they expire" - "1" is "ask me every time" - "2" is "I close Firefox"

• Cookies - Exceptions (disable the button)

lockPref("pref.privacy.disable_button.cookie_exceptions", false);

Note that Cookie exceptions are added to the hostperm.1 file in the user's Firefox profile.

• Private Data - Always clear my private data when I close Firefox

lockPref("privacy.sanitize.sanitizeOnShutdown", true);

Clear Private Data Settings

• Browsing History

lockPref("privacy.item.history", true);

• Download History

lockPref("privacy.item.downloads", true);

• Saved Form Information

lockPref("privacy.item.formdata", true);

• Cache

lockPref("privacy.item.cache", true);

• Cookies

lockPref("privacy.item.cookies", false);

• Saved Passwords

lockPref("privacy.item.passwords", false);

• Authenticated Sessions

lockPref("privacy.item.sessions", true);

• Private Data - Ask me before clearing private data

lockPref("privacy.sanitize.promptOnSanitize", false);

Security Tab

• Warn me when sites try to install add-ons

lockPref("xpinstall.whitelist.required", true);

Note that "Add-ons" exceptions are added to the hostperm.1 file in the user's Firefox profile.

• Tell me if the site I'm visiting is a suspected forgery

lockPref("browser.safebrowsing.enabled", true);

Note: To utilize "Google" to check for web forgeries the user must Accept an EULA.

• Passwords - Remember passwords for sites

lockPref("signon.rememberSignons", true);

• Passwords - Use a master password

The user must enter a master password when enabling, thus you cannot enforce this setting

• Passwords - Disable the "Show Passwords" Button

lockPref("pref.privacy.disable_button.view_passwords", true);

• Warning Messages
• I am about to view an encrypted page

lockPref("security.warn_entering_secure", false);

• I am about to view a page that uses low-grade encryption

lockPref("security.warn_entering_weak", false);

• I leave an encrypted page for one that isn't encrypted

lockPref("security.warn_leaving_secure", false);

• I submit information that's not encrypted

lockPref("security.warn_submit_insecure", false);

• I am about to view an encrypted page that contains some unencrypted information

lockPref("security.warn_viewing_mixed", false);

Advanced Tab

• General - Accessibility - Always use the cursor keys to navigate within pages

lockPref("accessibility.browsewithcaret", true);

• General - Accessibility - Search for text when I start typing

lockPref("accessibility.typeaheadfind", true);

• General - Browsing - Use autoscrolling

lockPref("general.autoScroll", false);

• General - Browsing - Use smooth scrolling

lockPref("general.smoothScroll", true);

• General - Browsing - Check my spelling as I type

lockPref("layout.spellcheckDefault", 1);

Where "0" is no spell checking and "1" is spell checking enabled

• Network - Connection - Configure how Firefox connects to the Internet

lockPref("network.proxy.type", 0);

Where

• "0" is "Direct connection to the Internet"
• "1" is "Manual proxy configuration"

You must also set the following:

lockPref("network.proxy.http", "firewall.private.lan");
lockPref("network.proxy.http_port", 3128);
lockPref("network.proxy.ssl", "firewall.private.lan");
lockPref("network.proxy.ssl_port", 3128);
lockPref("network.proxy.ftp", "firewall.private.lan");
lockPref("network.proxy.ftp_port", 3128);
lockPref("network.proxy.gopher", "firewall.private.lan");
lockPref("network.proxy.gopher_port", 3128);
lockPref("network.proxy.socks", "firewall.private.lan");
lockPref("network.proxy.socks_port", 3128);

You can also list addresses that you do not want to use the proxy for:

lockPref("network.proxy.no_proxies_on", "localhost, 127.0.0.1, www.mozilla.com");

• "2" is "Automatic proxy configuration URL"

You can also set the following setting for the correct autoconfig URL

lockPref("network.proxy.autoconfig_url", "http://mysite.com/");

• "4" is "Auto-Detect proxy settings for this network"
• Network - Cache - Size (Use up to _ MB of space for the cache)

lockPref("browser.cache.disk.capacity", 5000);

Where 5000 is 5MB, etc.

• Update - Automatically Check For Updates to: Firefox

lockPref("app.update.enabled", false);

• Update - Automatically Check For Updates to: Installed Add-ons

lockPref("extensions.update.enabled", true);

• Update - Automatically Check For Updates to: Search Engines

lockPref("browser.search.update", true);

• Update - When Updates to Firefox are found:

lockPref("app.update.auto", false);

Will set the checkbox to "Ask me what I want to do, While

lockPref("app.update.mode", 0);

Set to "0" will set to Automatically download and install the update and not check the "Warn me if this will disable any of my add-ons", Set to "1" will check both the Automatically download/install as well as the warn about disabling add-ons.

• Encryption - Protocols - Use SSL 3.0

lockPref("security.enable_ssl3", true);

• Encryption - Protocols - Use TLS 1.0

lockPref("security.enable_tls", true);

• Encryption - Certificates - When a web site requires a certificate

lockPref("security.default_personal_cert", "Ask Every Time");