Close

March 15, 2013

Prepare Mozilla Firefox for Enterprise Deployment and Virtualization

I’ve previously written articles on virtualizing Mozilla Firefox, but with Firefox releases more regular these days and the release of App-V 5, it makes sense to split details on configuring Firefox for an enterprise deployment and virtualizing Firefox into separate articles.

Whilst this article will cover some recommendations for configuring a Firefox deployment in an enterprise that can be used when virtualizing Firefox with various solutions, including App-V.

Features to control in an enterprise

There are a number of features that might be considered for disabling or configuring in an enterprise environment where users generally won’t have administrative rights and IT may want to control the default user experience.

FirefoxDefaultLaunch

These might include:

  • Import Wizard – Firefox starts a wizard on first run that imports settings from other browsers. You may want to remove this wizard to simplify the startup of Firefox
  • Automatic updates for Firefox – Options / Advanced / Update / Firefox updates. Firefox updates should be delivered via new App-V packages. Updates for Add-ons and Search Engines should be OK as these are written to the user profile
  • Mozilla Maintenance ServiceFirefox installs an updater service that allows updating Firefox automatically, whilst avoiding UAC prompts. This service should be disabled or not installed in a controlled environment including under application virtualization
  • Default browser check – Options / Advanced / General – Always check to see if Firefox is the default browser on startup. Under App-V 4,x, once Firefox is isolated from the OS, the user won’t be able to make it the default browser (this will work under App-V 5)
  • The ‘Welcome to Firefox’ tab, the ‘Know your rights’ and ‘Improve Firefox’ notifications

There is a way to control many of these settings through Group Policy, but if we get these right at install time, there’s no need for the overhead of GPOs. I will cover using a few of these customisations to ensure these features are disabled for any new Firefox profile.

Locking down and controlling Firefox options

Firefox can be configured with defaults for any new profile and locked down so that it will contain your required configuration options. Mozilla has made it easy to deploy custom default settings and preferences – by adding some specific files at install time (assuming the default install location):

  • %ProgramFiles%\Mozilla Firefox\browser\defaults\preferences\local-settings.js
  • %ProgramFiles%\Mozilla Firefox\Mozilla.cfg
  • %ProgramFiles%\Mozilla Firefox\browser\override.ini
  • %ProgramFiles%\Mozilla Firefox\browser\defaults\profile\chrome\userChrome.css

Firefox itself and any new user profile will be configured with desired preferences and locked down. You can find more detailed documentation on these features in the following articles:

To enforce user settings we can leverage the ability to lock Firefox preferences and use UserChrome.css to remove the associated user interface elements.

Local-settings.js

Local-settings.js is used to tell Firefox to read Mozilla.cfg for some configuration items. Add the following lines to local-settings.js:

pref("general.config.obscure_value", 0);
pref("general.config.filename", "mozilla.cfg");

Mozilla.cfg

Here’s is where we can lock specified Firefox preferences. In the listing below, we’ve disabled the auto-update feature, the ‘Welcome to Firefox’ tab, the ‘Know your rights’ and ‘Improve Firefox’ notifications. The last (highlighted) line will disable the ability to set the browser as default.

This is useful where you would like to restrict this functionality and is applicable to App-V 4.x environments where attempting to set a virtualized Firefox as default won’t work. Under App-V 5, remove this line so that users can set Firefox as the default browser if they wish.

lockPref("app.update.auto", false);
lockPref("app.update.enabled", false);
lockPref("app.update.service.enabled", false);
lockPref("toolkit.telemetry.prompted", true);
lockPref("browser.rights.override", true);
lockPref("browser.startup.homepage_override.mstone", "ignore");
lockPref("browser.shell.checkDefaultBrowser", false);

Override.ini

To disable the browser Import Wizard on first run, place the following lines into override.ini

[XRE]
EnableProfileMigrator=false

userChrome.css

Mozilla has made it a fairly straight forward process to remove browser user interface elements using userChrome.css. Where browser functionality has been disabled, we can remove the corresponding UI to avoid user confusion. Enter the following lines into userChrome.css; however remove the highlighted line if you would like users to be able to set Firefox as the default browser:

/* UserChrome.css for Mozilla Firefox */
/* Remove access to user interface elements that aren't suitable for application virtualization */

/* Options - Advanced - General - System Defaults */
#systemDefaultsGroup { display: none !important; }

/* Options / Advanced / Update / Firefox updates group box */
#updateApp  { display: none !important; }

/* Help - About - Check for Updates button */
#updateButton { display: none !important; }

Installing Firefox

Download the Firefox installer in your target language from the Mozilla site. For most deployments the installer won’t require modification and installation can be automated by passing an INI file with setup configuration details to the installer. This enables you to control setup and set options such as preventing the desktop shortcut from being added, or control the target directory that Firefox is installed to (useful when virtualizing).

An installation script for Firefox should perform the following tasks:

For an example script that will automate the install and configuration of Firefox using the recommendations outlined in this article, see the script below. Note the highlighted line, where I can change the target installation directory for Firefox:

@ECHO OFF
SET SOURCE=%~dp0
SET SOURCE=%SOURCE:~0,-1%
SET INSTALLPATH=%ProgramFiles%\Mozilla Firefox

REM Create the Firefox answer file
ECHO [Install] > %SOURCE%\Firefox.ini
REM    InstallDirectoryName=Firefox >> "%SOURCE%\Firefox.ini"
ECHO InstallDirectoryPath=%INSTALLPATH% >> "%SOURCE%\Firefox.ini"
ECHO QuickLaunchShortcut=false >> "%SOURCE%\Firefox.ini"
ECHO DesktopShortcut=false >> "%SOURCE%\Firefox.ini"
ECHO StartMenuShortcuts=true >> "%SOURCE%\Firefox.ini"
ECHO MaintenanceService=false >> "%SOURCE%\Firefox.ini"

REM Install Firefox
START /WAIT "Firefox" /D "%SOURCE%" "FirefoxSetup21.exe" /INI="%SOURCE%\Firefox.ini"

REM Configure Firefox profile defaults and preferences locking
IF NOT EXIST "%INSTALLPATH%\browser\defaults\profile\chrome" MD "%INSTALLPATH%\browser\defaults\profile\chrome"
COPY /Y %SOURCE%\userChrome.css "%INSTALLPATH%\browser\defaults\profile\chrome\userChrome.css"
IF NOT EXIST "%INSTALLPATH%\browser\defaults\preferences" MD "%INSTALLPATH%\browser\defaults\preferences"
COPY /Y %SOURCE%\local-settings.js "%INSTALLPATH%\browser\defaults\preferences\local-settings.js"
COPY /Y %SOURCE%\Mozilla.cfg "%INSTALLPATH%\Mozilla.cfg"
COPY /Y %SOURCE%\override.ini "%INSTALLPATH%\browser\override.ini"

REM Disable the Mozilla Maintenance Service to prevent updates (in the event the service is installed)
sc config MozillaMaintenance start= disabled

If the installation has been configured correctly, Firefox should start and not display the Import Wizard or any of the other prompts and start-up tabs. Additionally, if you navigate to about:config, a number of preferences should be listed as locked:

FirefoxSettings

To make it easier, I’ve included the configuration files and the installation script listed above in a single ZIP file that you can download here:

Mozilla Firefox Enterprise Install and Configure Scripts Mozilla Firefox Enterprise Install and Configure Scripts

Finally

The approach outlined in this article should provide you with a deployment of Firefox that can be used in an enterprise where control of the browser is required. I’ve only covered a few of the things that are possible when customising the installation and if you dig a little deeper you can come up with a setup to suit your own environment.

This is also a key approach to use when virtualising Firefox. Controlling the browser options and automating the installation will assist in producing better application virtualization packages.

Further Reading

Here’s some other articles from around the tubes that cover this topic and are also useful references: