Customizing FireFox for the Enterprise

At my current job and even past jobs there has always been the discussion regarding “default browser” for the users, in most cases IE always won these discussions as most websites support IE by default and are designed to work well with, plus the tight integration and control provided by Windows and Group Policy were a “win” from the IT side of things as well. The problem……the WEB has changed dramatically. We have “web-ized” many of our business apps. in order to get away from the needs of “fat clients” and offer “any-time, any-where” accessibility on any device (basic BYOD/mobility concept).

What we noticed though is now the likes of Chrome, Firefox, Safari and others are now offering better performance than IE in many of these Web 2.0+ type web apps.

We have long ditched Exchange in favor of VMWare’s Zimbra which is a complete web-based interface. In extensive testing with IE8 and IE9 many of our users noticed severe slowdowns and we noticed excessive resource utilization in our Citrix farm. After switching to FireFox for Zimbra there has been a noticeable improvement in resource utilization and end-user experience.  Some interesting testing was done by Zimbra on this exact issue with around the same result, IE performed last in most cases, while Chrome, Firefox and others were at the top: http://blog.zimbra.com/blog/archives/tag/browser-wars

So great, FireFox fixed all the issues and the world was wonderful, right? Well not quite. As most IT folks know, having many of the “consumer” features of the product is less than desirable (update notifications, advanced settings, welcome wizards, etc.) in an enterprise environment. With the need to have FireFox’s performance in our enterprise, came the need to customize FireFox to remove some of these items and also assist our end-users in having a good experience. Below are some of my notes on what we have done in our environment to customize FireFox. NOTE: Many of these items were learned after extensive testing or research, unfortunately, Mozilla has not really put a “HIGH” priority on making IT/enterprise friendly solutions available, although the situation has definitely gotten better over the years. Most of these items you will need to test between versions as Mozilla frequently discontinues certain commands or adds other ones. These are currently working as of FireFox 20.0.1 which is our production code level on our Citrix environment.

Initial Install
Create a firefox.ini file with the following contents:

[Install]
;InstallDirectoryName=Mozilla Firefox
;InstallDirectoryPath=c:\firefox\
;StartMenuDirectoryName=Mozilla Firefox
MaintenanceService=false
QuickLaunchShortcut=false
DesktopShortcut=false
StartMenuShortcuts=false

Once this file is created you need to put it in the same directory as the firefox.exe installer and run the following command to install:

setup.exe /INI=<full path to configuration ini file

Post-Setup

Next you can create an override.ini file containing the following:

[XRE]
EnableProfileMigrator=false
[/align]

Once the file is created it will need to be put in %PROGRAMFILES%\Mozilla Firefox\ or %PROGRAMFILES(x86)%\Mozilla Firefox\ depending on 32/64 bit version of OS. This will disable the welcome/first-run wizard that runs.

Next create a local-settings.js file containing the following:

pref(“general.config.obscure_value”, 0);
pref(“general.config.filename”, “mozilla.cfg”);

This step allows you to create a mozilla.cfg file in the root Mozilla Firefox directory that can contain a whole host of configurable options. This file needs to be placed in %PROGRAMFILES(x86)%\Mozilla Firefox\defaults\pref\

If you would like to customize menu/toolbar options/layouts you can also optionally create a userChrome.css file and place it in %PROGRAMFILES(x86)%\Mozilla Firefox\defaults\profile\Chrome\

Here is an example of ours that removes some unwanted toolbars/layouts:
menu {
display: none !important;
}

#nav-bar {
display: none !important;
}

#nav-bar:hover,
#nav-bar:focus,
#nav-bar:active {
display: none !important;
}

#navigator-toolbox > #nav-bar {
display: none !important;
}

#navigator-toolbox > #nav-bar {
display: none !important;
}

#appmenu-button-container {
display: none !important;
}

The last and final step is to write your mozilla.cfg file and place it in the root of Mozilla Firefox which should be C:\Program Files (x86)\Mozilla Firefox.  There are many different ways to customize this, easiest is typing about:config in the Firefox address bar, click the I’ll be careful I promise button and begin exploring the many different options. To lock the preferences so they can’t be changed you designate the lockpref option for each in the file. If you need more help with this I’d highly recommend paying a visit to Mozillazine at http://kb.mozillazine.org/Category:Configuration

You can also get the name of the object and do a search on mozillazine of its name to get more information about the command and what variables/options you can set. For reference here is our mozilla.cfg config, with many useful options. Many of these disable automatic update, plugin update check, etc. We mitigate the risks of disabling some of these security items via other hardware/software methods in our enterprise so your mileage may vary.

//
try {
lockPref(“app.update.auto”, false);
lockPref(“app.update.enabled”, false);
lockPref(“app.update.service.enabled”, false);
lockPref(“browser.bookmarks.restore_default_bookmarks”, false);
lockPref(“browser.history_expire_days”, 365);
lockPref(“browser.history_expire_days.mirror”, 365);
lockPref(“browser.cache.disk.enable”, false);
lockPref(“browser.cache.offline.enable”, false);
lockPref(“browser.cache.memory.enable”, false);
lockPref(“browser.shell.checkDefaultBrowser”, false);
lockPref(“browser.download.manager.showWhenStarting”, true);
lockPref(“browser.download.manager.closeWhenDone”, false);
lockPref(“browser.download.useDownloadDir”, false);
lockPref(“browser.migration.version”, 6);
lockPref(“browser.offline-apps.notify”, false);
lockPref(“browser.places.smartBookmarksVersion”, 4);
lockPref(“browser.preferences.advanced.selectedTabIndex”, 3);
lockPref(“browser.rights.3.shown”, true);
lockPref(“browser.safebrowsing.malware.enabled”, false);
lockPref(“browser.safebrowsing.enabled”, false);
lockPref(“browser.search.update”, false);
lockPref(“browser.sessionhistory.max_total_viewers”, 0);
lockPref(“browser.shell.checkDefaultBrowser”, false);
lockPref(“browser.startup.homepage”, “URL Here”);
lockPref(“browser.startup.homepage_override.mstone”, “ignore”);
lockPref(“browser.startup.page”, 1);
lockPref(“browser.tabs.warnOnClose”, false);
lockPref(“browser.tabs.warnOnOpen”, false);
lockPref(“dom.disable_open_during_load”, false);
lockPref(“dom.event.contextmenu.enabled”, true);
lockPref(“extensions.blocklist.enabled”, false);
lockPref(“extensions.update.enabled”, false);
lockPref(“intl.charsetmenu.browser.cache”, “UTF-8”);
lockPref(“javascript.enabled”, true);
lockPref(“layout.spellcheckDefault”, 1);
lockPref(“network.automatic-ntlm-auth.trusted-uris”, “URL Here”);
lockPref(“network.cookie.cookieBehavior”, 0);
lockPref(“network.cookie.lifetimePolicy”, 0);
lockPref(“network.proxy.type”, 0);
lockPref(“permissions.default.image”, 1);
lockPref(“places.history.expiration.transient_current_max_pages”, 73738);
lockPref(“plugins.update.notifyUser”, false);
lockPref(“plugins.update.url”, “”);
lockPref(“plugins.hide_infobar_for_missing_plugin”, true);
lockPref(“plugins.hide_infobar_for_outdated_plugin”, true);
lockPref(“pref.advanced.javascript.disable_button.advanced”, true);
lockPref(“privacy.item.downloads”, true);
lockPref(“config.lockdown.disable_themes”, true);
lockPref(“config.lockdown.disable_extensions”, true);
lockPref(“security.enable_java”, true);
lockPref(“security.warn_entering_secure”, false);
lockPref(“security.warn_entering_weak”, false);
lockPref(“security.warn_leaving_secure”, false);
lockPref(“security.warn_submit_insecure”, false);
lockPref(“security.warn_viewing_mixed”, false);
lockPref(“services.sync.autoconnect”, false);
lockPref(“signon.rememberSignons”, true);
lockPref(“toolkit.telemetry.enabled”, false);
lockPref(“toolkit.telemetry.prompted”, 2);
lockPref(“toolkit.telemetry.rejected”, true);
} catch(e) {
displayError(“lockedPref”, e);
}

That is just a snippit of the many commands available to be used in this file to help control FireFox’s behavior.

Side note: for those living in a roaming profile world, be careful of the roaming firefox profile data, there are a couple files such as the urlclassifier and places which can grow quite large and thus dramatically increase your profile size. In our above mozilla.cfg file we have disabled the site checking (urlclassifier) and limited the history (places) to reduce these files to a low size. Just something to be aware of!

Yes FireFox does not have the “smooth integration” of Windows and Group Policy but IS configurable for the enterprise. In reality once these scripts are built it is very easy to mass deploy. Some of these items though should be done BEFORE being deployed to a user’s profile especially the files that live in the defaults/profiles section as they get copied to the user’s profile at first use. Without forcibly changing the profile name it is quite a challenge to later add these files via scripts as there is not a common file path to use as Firefox by default creates a random profile folder name.

Yes there is now a FireFox ADM here: http://sourceforge.net/projects/firefoxadm/
Personally though I do not like adding unsupported/3rd party products into my group policies, your mileage may vary though. Obviously this is just “raw beginning” to getting Firefox in your enterprise, if you haven’t thought of it yet there are still a host of other questions your organization will need to answer: how do we handle user settings, history and bookmarks? Will we set FireFox as OS Default Browser or allow the user to choose? Etc.

We have been using these scripts/setup for the past 6+ months in production and have had good success from a management/IT perspective and our end users are able to enjoy the security, productivity and performance enhancements that FireFox brings to the table versus IE.

Advertisements

Author: Travis Kensil

Director of IT. Husband and father. Michigan beachbum.

3 thoughts on “Customizing FireFox for the Enterprise”

  1. I’m not sure if you’ve heard of Front Motion Firefox CE. It’s been around for a long time and allows you to apply GPO to Firefox.

  2. Excellent Writeup, i have spent entire day trying to find the path where these files should go and getting the local-profile issue sorted in our Citrix environment. Thank you.

    One thing i’m trying to work out is how to change the windows size so that when users open the browser it doesn’t open in full screen??

    1. Have you checked the properties of the firefox shortcut, is that set to run maximized in the Run option?

      You might also check the profile for corruption, occasionally I have seen this impact ability to save user-level settings such as window placements, etc.

      Also sometimes a particular script may be modifying this behavior, you can go into Advanced Settings and there is an option to “Move or resize existing windows” option in the Javascript settings.

      Hope that helps.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s