Managing Mozilla Firefox via GPO

Ideology

I think it’s not me who wondered: “How to manage Mozilla Firefox using group policies?”
Having spent more than one hour searching for a more or less intelligible answer, I found only ways that create a group policy based on editing the registry. On the official website there is an addon for Mozilla , but it is again for editing the registry.
The problem is that the latest version of Firefox does not store its settings in the registry . At the time of this writing, the version of Firefox 26.0 was used.
Firefox stores all its data in % APPDATA% of the Windows user.
Thus, all the described methods for editing the registry are reduced to zero.

Of course, you can write an elementary batch file, which would be on a schedule for us, or when the user logs in, he copies the necessary files to the right place.
There is another snag. If you look at the path to the profile of Mozilla Firefox, then it looks like: % APPDATA% \ Mozilla \ Firefox \ Profiles \ s08qd9to.default \
Do you have it like that?
Yes, the last directory has a random look.

Problematics

There are several ways to solve this problem:

• Put the Firefox profile blank into the Default user profile template.
• Make all users the latest Firefix profile directory the same.
• Create an external handler that computes the existing Firefox profile.

Editing the Default user template will bear fruit only when making new users. Yes, and it should be done on every computer. What if there are a lot of users and they already use Firefox? Again, you need to approach each computer and make some changes. Therefore, I am more inclined to the variant with the handler.
')

Implementation

With the help of what to write a handler, the case of everyone personally. Having no experience in Delphi programming, I will build it on it.
The task: prepare the configuration files, determine the path to the Mozilla Firefox profile and put these files there.

Preparing configuration files is easy; all you need to do is configure Mozilla Firefox to fit the settings you need under any account on any computer. After that, we need to take the files we need and place on the share.
In general, we are interested in the files: prefs.js - the general settings of Mozilla Firefox, and mimeTypes.rdf - the settings for the connection of applications with the types opened in Mozilla Firefox.

Now we go to the handler.
The first step is to determine the correct path to the profile of Mozilla Firefox. In the % APPDATA% \ Mozilla \ Firefox directory there is a profiles.ini file in which the catalog with a random name is described.
Then we copy the prepared parameter files to the Mozilla Firefox profile.

Writing files necessary for copying in the executable file is not good. It is better to create a configuration file in which we will write the names of the files to be copied. It remains to add access checking of files and directories, as well as insert work logging points.

The result is an easy-to-use program that we put into executable scripts when the user logs in.



The archive with the source code and the compiled file lies on file sharing.rf .

The configuration file is:
=============================
[LOG]
logdir = \\ XXX.XXX.XXX.XXX \ folder
logname = UpdateFirefox.log
[FILES]
file1 = prefs.js
file2 = mimeTypes.rdf
============================
logdir - network folder in which the program operation log will be recorded. If not specified, then C: will be used as the destination. Do not forget to check the availability of the network directory, including at the NTFS stream level.
logname is the name of the log file. If not specified, UpdateFirefox.log will be used .
fileX - you can specify any number of files to copy. One note: the order of numbering does not violate and do not use empty values.

Identified problems

Starting in Windows Vista, User Account Control (UAC) has been introduced. When trying to use a console application, UAC blocked the execution of the application before entering the Administrator password. I could not find where you can add this application to trusted ones, and it does not make sense to sign it, so I went in a simpler way and designed it as a VCL application. After that, all questions with UAC were removed.