Customize Mozilla Thunderbird in a corporate Windows environment

We will follow the principle: The less you need to configure the user, the less likely that it will break something. I think the user will manage to enter his password.

You need to configure:

Configuration file for connecting to the server.
Directory of contacts from LDAP.
Signature of employee in a letter in accordance with corporate standards.

We have at the moment:

Installed Thunderbird mail client on workstations using group policy.
Mail to biz.mail.ru (maybe another)
Users in AD with a login like i.ivanov@domain.cn

Installing Thunderbird with GPO

We will not download .msi files from third-party developers, I do not trust repackaged programs, especially since Thunderbird can install silently from the command line. We will take advantage of this advantage, and in order not to reinstall it every time when loading the system we will check the keys in the registry.
Download Thunderbird from the site and throw in a ball (the rights should be readable by all PCs in the domain)
Script itself

set VERSION=52.7.0 set SHARE="" if %PROCESSOR_ARCHITECTURE% == x86 ( set REGISTRY_KEY_NAME="HKLM\SOFTWARE\Mozilla\Mozilla Thunderbird" ) else ( set REGISTRY_KEY_NAME="HKLM\SOFTWARE\Wow6432Node\Mozilla\Mozilla Thunderbird" ) reg query %REGISTRY_KEY_NAME% /v CurrentVersion | find "%VERSION% (ru)" if ERRORLEVEL 1 "\\%SHARE%\Thunderbird Setup %VERSION%.exe" -ms

It is necessary to change the first variables. Version and folder.
The version corresponds to the file name, at the time of this writing, the current version is 52.7.0.
Thunderbird Setup 52.7.0.exe File Name

Save to the same folder, call InstallMozillaThunderbird.bat and add it to the GPO at the start of the script at system startup.

PS The same method can be installed and Mozilla Firefox.

Configure Thunderbird at startup.

When you first start, Thunderbird generates a folder like 123.default in the% appdata% \ Thunderbird \ Profiles \ folder, and in the% appdata% \ Thunderbird \ profiles.ini file creates a link to this folder.

Therefore, we will create these settings earlier when the user logs on.

We go into group policies and create a policy.
User configuration => Settings => Windows configuration => INI files.

Create 5 keys

The path to the file	Section Name	Property name	Property value
% AppData% \ Thunderbird \ profiles.ini	Profile0	Default	one
% AppData% \ Thunderbird \ profiles.ini	Profile0	IsRelative	one
% AppData% \ Thunderbird \ profiles.ini	Profile0	Name	% username%
% AppData% \ Thunderbird \ profiles.ini	Profile0	Path	Profiles /% username% .default
% AppData% \ Thunderbird \ profiles.ini	General	StartWLastProfile	one

The profiles.ini file is configured, it remains to create the Profiles /% username% .default folder and fill it with configuration files.

The prefs.js file is responsible for setting up Thunderbird.
We will generate it with our own data for accessing IMAP, as well as to LDAP via KerberOS.

I started by writing PowerShell which we insert into the GPO when the user logs in. It is important for us to run it as a user who logged in.

User Configuration => Policies => Windows Configuration => Scripts (Log In / Out) => Log In => PowerShell Scripts

start.ps1

 $profiledir = "$env:APPDATA\Thunderbird\Profiles\$env:UserName.default" md $profiledir #   . powershell "\\domain.cn\NETLOGON\soft\new_prefs.ps1" #

new_prefs.ps1

 #    (  ) $UserName = $env:username $Filter = "(&(objectCategory=User)(samAccountName=$UserName))" $Searcher = New-Object System.DirectoryServices.DirectorySearcher $Searcher.Filter = $Filter $ADUserPath = $Searcher.FindOne() $ADUser = $ADUserPath.GetDirectoryEntry() $ADDisplayName = $ADUser.DisplayName ############################################################################################################################ $domain="mail.ru" #  $imap="imap.mail.ru" #imap  $dc="dc1.domain.cn" #  $bdn="CN=Users,DC=domain,DC=cn" #Base DN $file="$env:appdata\Thunderbird\Profiles\$env:username.default\prefs.js" echo '#######################' | out-file $file -encoding UTF8 echo 'user_pref("ldap_2.autoComplete.directoryServer", "ldap_2.servers.company");' | out-file $file -encoding UTF8 -Append echo 'user_pref("ldap_2.autoComplete.useDirectory", true);' | out-file $file -encoding UTF8 -Append echo 'user_pref("ldap_2.servers.company.auth.dn", "");' | out-file $file -encoding UTF8 -Append echo 'user_pref("ldap_2.servers.company.auth.saslmech", "GSSAPI");' | out-file $file -encoding UTF8 -Append echo 'user_pref("ldap_2.servers.company.description", "company");' | out-file $file -encoding UTF8 -Append echo 'user_pref("ldap_2.servers.company.filename", "ldap.mab");' | out-file $file -encoding UTF8 -Append echo 'user_pref("ldap_2.servers.company.maxHits", 100);' | out-file $file -encoding UTF8 -Append $id1 = echo 'user_pref("ldap_2.servers.company.uri", "ldap://' $id2 = echo $dc/$bdn'??sub?(objectclass=*)");' echo $id1$id2 | out-file $file -encoding UTF8 -Append echo 'user_pref("mail.ab_remote_content.migrated", 1);' | out-file $file -encoding UTF8 -Append echo 'user_pref("mail.account.account1.identities", "id1");' | out-file $file -encoding UTF8 -Append echo 'user_pref("mail.account.account1.server", "server1");' | out-file $file -encoding UTF8 -Append echo 'user_pref("mail.account.account2.server", "server2");' | out-file $file -encoding UTF8 -Append echo 'user_pref("mail.account.lastKey", 2);' | out-file $file -encoding UTF8 -Append echo 'user_pref("mail.accountmanager.accounts", "account1,account2");' | out-file $file -encoding UTF8 -Append echo 'user_pref("mail.accountmanager.defaultaccount", "account1");' | out-file $file -encoding UTF8 -Append echo 'user_pref("mail.accountmanager.localfoldersserver", "server2");' | out-file $file -encoding UTF8 -Append echo 'user_pref("mail.append_preconfig_smtpservers.version", 2);' | out-file $file -encoding UTF8 -Append echo 'user_pref("mail.attachment.store.version", 1);' | out-file $file -encoding UTF8 -Append echo 'user_pref("mail.default_charsets.migrated", 1);' | out-file $file -encoding UTF8 -Append echo 'user_pref("mail.folder.views.version", 1);' | out-file $file -encoding UTF8 -Append echo 'user_pref("mail.font.windows.version", 2);' | out-file $file -encoding UTF8 -Append $id1 = echo 'user_pref("mail.identity.id1.draft_folder", "imap://' $id2 = echo $env:username%40$domain@$imap/Drafts'");' echo $id1$id2 | out-file $file -encoding UTF8 -Append echo 'user_pref("mail.identity.id1.attach_signature", true);' | out-file $file -encoding UTF8 -Append echo 'user_pref("mail.identity.id1.drafts_folder_picker_mode", "0");' | out-file $file -encoding UTF8 -Append $id1 = echo 'user_pref("mail.identity.id1.fcc_folder", "imap://' $id2 = echo $env:username%40$domain@$imap/Sent'");' echo $id1$id2 | out-file $file -encoding UTF8 -Append echo 'user_pref("mail.identity.id1.fcc_folder_picker_mode", "0");' | out-file $file -encoding UTF8 -Append $id1 = echo 'user_pref("mail.identity.id1.fullName", "' $id2 = echo $ADDisplayName'");' echo $id1$id2 | out-file $file -encoding UTF8 -Append echo 'user_pref("mail.identity.id1.htmlSigFormat", true);' | out-file $file -encoding UTF8 -Append echo 'user_pref("mail.identity.id1.reply_on_top", 1);' | out-file $file -encoding UTF8 -Append $id1 = echo 'user_pref("mail.identity.id1.sig_file", "C:\\Users\\' $id2 = echo $env:username\\AppData\\Roaming\\Thunderbird\\Profiles\\$env:username.default\\signature.htm'");' echo $id1$id2 | out-file $file -encoding UTF8 -Append echo 'user_pref("mail.identity.id1.sig_file-rel", "[ProfD]signature.htm");' | out-file $file -encoding UTF8 -Append echo 'user_pref("mail.identity.id1.sign_mail", false);' | out-file $file -encoding UTF8 -Append echo 'user_pref("mail.identity.id1.smtpServer", "smtp1");' | out-file $file -encoding UTF8 -Append $id1 = echo 'user_pref("mail.identity.id1.stationery_folder", "imap://' $id2 = echo $env:username%40$domain@$imap/Templates'");' echo $id1$id2 | out-file $file -encoding UTF8 -Append echo 'user_pref("mail.identity.id1.tmpl_folder_picker_mode", "0");' | out-file $file -encoding UTF8 -Append $id1 = echo 'user_pref("mail.identity.id1.useremail", "' $id2 = echo $env:username@$domain'");' echo $id1$id2 | out-file $file -encoding UTF8 -Append echo 'user_pref("mail.identity.id1.valid", true);' | out-file $file -encoding UTF8 -Append echo 'user_pref("mail.openMessageBehavior.version", 1);' | out-file $file -encoding UTF8 -Append echo 'user_pref("mail.rights.version", 1);' | out-file $file -encoding UTF8 -Append $id1 = echo 'user_pref("mail.root.imap", "C:\\Users\\' $id2 = echo $env:username\\AppData\\Roaming\\Thunderbird\\Profiles\\$env:username.default\\ImapMail'");' echo $id1$id2 | out-file $file -encoding UTF8 -Append echo 'user_pref("mail.root.imap-rel", "[ProfD]ImapMail");' | out-file $file -encoding UTF8 -Append $id1 = echo 'user_pref("mail.root.none", "C:\\Users\\' $id2 = echo $env:username\\AppData\\Roaming\\Thunderbird\\Profiles\\$env:username.default\\Mail'");' echo $id1$id2 | out-file $file -encoding UTF8 -Append echo 'user_pref("mail.root.none-rel", "[ProfD]Mail");' | out-file $file -encoding UTF8 -Append echo 'user_pref("mail.server.server1.cacheCapa.acl", false);' | out-file $file -encoding UTF8 -Append echo 'user_pref("mail.server.server1.cacheCapa.quota", false);' | out-file $file -encoding UTF8 -Append echo 'user_pref("mail.server.server1.canChangeStoreType", true);' | out-file $file -encoding UTF8 -Append echo 'user_pref("mail.server.server1.check_new_mail", true);' | out-file $file -encoding UTF8 -Append $id1 = echo 'user_pref("mail.server.server1.directory", "C:\\Users\\' $id2 = echo $env:username\\AppData\\Roaming\\Thunderbird\\Profiles\\$env:username.default\\ImapMail\\$imap'");' echo $id1$id2 | out-file $file -encoding UTF8 -Append $id1 = echo 'user_pref("mail.server.server1.directory-rel", "[ProfD]ImapMail/' $id2 = echo $imap'");' echo $id1$id2 | out-file $file -encoding UTF8 -Append $id1 = echo 'user_pref("mail.server.server1.hostname", "' $id2 = echo $imap'");' echo $id1$id2 | out-file $file -encoding UTF8 -Append echo 'user_pref("mail.server.server1.login_at_startup", true);' | out-file $file -encoding UTF8 -Append echo 'user_pref("mail.server.server1.max_cached_connections", 5);' | out-file $file -encoding UTF8 -Append $id1 = echo 'user_pref("mail.server.server1.name", "' $id2 = echo $env:username@$domain'");' echo $id1$id2 | out-file $file -encoding UTF8 -Append echo 'user_pref("mail.server.server1.port", 993);' | out-file $file -encoding UTF8 -Append echo 'user_pref("mail.server.server1.socketType", 3);' | out-file $file -encoding UTF8 -Append $id1 = echo 'user_pref("mail.server.server1.spamActionTargetAccount", "imap://' $id2 = echo $env:username%40$domain@$imap'");' echo $id1$id2 | out-file $file -encoding UTF8 -Append echo 'user_pref("mail.server.server1.storeContractID", "@mozilla.org/msgstore/berkeleystore;1");' | out-file $file -encoding UTF8 -Append echo 'user_pref("mail.server.server1.type", "imap");' | out-file $file -encoding UTF8 -Append $id1 = echo 'user_pref("mail.server.server1.userName", "' $id2 = echo $env:username@$domain'");' echo $id1$id2 | out-file $file -encoding UTF8 -Append $id1 = echo 'user_pref("mail.server.server2.directory", "C:\\Users\\' $id2 = echo $env:username\\AppData\\Roaming\\Thunderbird\\Profiles\\$env:username.default\\Mail\\Local Folders'");' echo $id1$id2 | out-file $file -encoding UTF8 -Append echo 'user_pref("mail.server.server2.directory-rel", "[ProfD]Mail/Local Folders");' | out-file $file -encoding UTF8 -Append echo 'user_pref("mail.server.server2.hostname", "Local Folders");' | out-file $file -encoding UTF8 -Append echo 'user_pref("mail.server.server2.name", " ");' | out-file $file -encoding UTF8 -Append echo 'user_pref("mail.server.server2.storeContractID", "@mozilla.org/msgstore/berkeleystore;1");' | out-file $file -encoding UTF8 -Append echo 'user_pref("mail.server.server2.type", "none");' | out-file $file -encoding UTF8 -Append echo 'user_pref("mail.server.server2.userName", "nobody");' | out-file $file -encoding UTF8 -Append echo 'user_pref("mail.smtpserver.smtp1.authMethod", 3);' | out-file $file -encoding UTF8 -Append echo 'user_pref("mail.smtpserver.smtp1.description", "mail.ru");' | out-file $file -encoding UTF8 -Append echo 'user_pref("mail.smtpserver.smtp1.hostname", "smtp.mail.ru");' | out-file $file -encoding UTF8 -Append echo 'user_pref("mail.smtpserver.smtp1.port", 465);' | out-file $file -encoding UTF8 -Append echo 'user_pref("mail.smtpserver.smtp1.try_ssl", 3);' | out-file $file -encoding UTF8 -Append $id1 = echo 'user_pref("mail.smtpserver.smtp1.username", "' $id2 = echo $env:username@$domain'");' echo $id1$id2 | out-file $file -encoding UTF8 -Append echo 'user_pref("mail.smtpservers", "smtp1");' | out-file $file -encoding UTF8 -Append echo 'user_pref("mail.spam.version", 1);' | out-file $file -encoding UTF8 -Append echo 'user_pref("mail.taskbar.lastgroupid", "8216C80C92C4E828");' | out-file $file -encoding UTF8 -Append echo 'user_pref("mail.ui-rdf.version", 15);' | out-file $file -encoding UTF8 -Append echo 'user_pref("mail.winsearch.firstRunDone", true);' | out-file $file -encoding UTF8 -Append

Now when you start Thunderbird will only be asked for a password from the mail.
The script definitely works with imap server imap.mail.ru. I have not tried it with others, it may be necessary to finish it.

You may have noticed when generating prefs.js, we indicated that the signature should be taken from the file signature.htm which is located in the same folder as prefs.js. We will now make a signature.

Customize your email signature.

To create a beautiful signature, we need some kind of service where we can generate a signature and based on it we will make a signature for our users.
I used the service mailsig (dot) ru (not advertising)
You can also make a signature on the same HTML, but I was too lazy.

At the output we get the code

Add one more line to start.ps1

 powershell "\\domain.cn\NETLOGON\soft\signature.ps1" #

Of course, it would be possible to fit everything at once into one file, unfortunately I love when everything is in its place. And it's easier to understand when the file is called the same as the file it creates.

signature.ps1

 #     AD $UserName = $env:username $Filter = "(&(objectCategory=User)(samAccountName=$UserName))" $Searcher = New-Object System.DirectoryServices.DirectorySearcher $Searcher.Filter = $Filter $ADUserPath = $Searcher.FindOne() $ADUser = $ADUserPath.GetDirectoryEntry() $ADDisplayName = $ADUser.DisplayName $ADEmailAddress = $ADUser.mail $ADInfo = $ADUser.otherMailbox $ADTitle = $ADUser.title $ADTelePhoneNumber = $ADUser.TelephoneNumber $ADipPhone = $ADUser.ipPhone $ADOffice = $ADUser.physicalDeliveryOfficeName #  $ADompany = $ADUser.company $ADOffice = $ADUser.physicalDeliveryOfficeName ############################################################################################################ $Site="http://mail.ru" $Logo="http://mail.ru/logo.png" #85*85px $Banner="http://mail.ru/banner.png" #440*58px !            (  ) $BannerSite="http://mail.ru/" #      . $Tel="84951234567" $Fax="84951234567" $Address=". ,   . 3" $signature = "$env:appdata\Thunderbird\Profiles\$env:username.default\signature.htm" #    $html = '<table border="0" cellpadding="0" cellspacing="0" style="margin:0;padding:0;width:440px;"><tr><td style="font-size:14px;line-height:16px;font-weight:bold;"><span style="font-family:Verdana,Geneva,sans-serif;font-size:14px;line-height:16px;font-weight:bold;color:#333333;font-weight:bold;">'+$ADDisplayName+'</span></td></tr><tr><td style="font-size:12px;line-height:14px;"><span style="font-family:Verdana,Geneva,sans-serif;font-size:12px;line-height:14px;color:#333333;">'+$ADTitle+'</span></td></tr><tr><td style="height:7px;line-height:7px;"></td></tr><tr><td><table border="0" cellpadding="0" cellspacing="0" style="margin:0;padding:0;width:440px;border-top-style:solid;border-top-width:2px;border-bottom-style:solid;border-bottom-width:2px;border-color:#1b5cbd"><tr><td colspan="3" style="height:8px;line-height:8px;"></td></tr><tr><td style="width:100px;min-height:85px;vertical-align:middle;border-right-style:solid;border-right-width:1px;border-right-color:#333333"><a href="'+$Site+'" target="_blank"><img src="'+$Logo+'" width="85" height="85" border="0" style="display:block;" nosend="1" alt=""/></a></td><td style="width: 15px;"></td><td style="width:325px;vertical-align:top;"><table border="0" cellpadding="0" cellspacing="0" style="margin:0;padding:0;width:325px;border:0 none;"><tr><td style="font-size:12px;line-height:14px;"><span style="font-family:Verdana,Geneva,sans-serif;font-size:12px;line-height:14px;color:#333333;font-weight: bold;">.: </span><a href="tel:'+$ADTelePhoneNumber+'" style="font-family:Verdana,Geneva,sans-serif;color:#333333 !important;text-decoration:none !important;font-size:12px;line-height:14px;"><span style="font-family:Verdana,Geneva,sans-serif;font-size:12px;line-height:14px;color:#333333;">'+$ADTelePhoneNumber+'</span></a></td></tr><tr><td style="font-size:12px;line-height:14px;"><span style="font-family:Verdana,Geneva,sans-serif;font-size:12px;line-height:14px;color:#333333;font-weight: bold;">Email: </span><a href="mailto:'+$ADEmailAddress+'" style="font-family:Verdana,Geneva,sans-serif;font-size:12px;line-height:14px;color:#1b5cbd !important;text-decoration:none !important;outline:none;"><span style="font-family:Verdana,Geneva,sans-serif;font-size:12px;line-height:14px;color:#1b5cbd !important;">'+$ADEmailAddress+'</span></a></td></tr><tr><td style="height:4px;line-height:4px;"></td></tr><tr><td style="font-size:12px;line-height:14px;"><span style="font-family:Verdana,Geneva,sans-serif;font-size:12px;line-height:14px;color:#333333;font-weight: bold;">'+$ADompany+'</span></td></tr><tr><td style="font-family:Verdana,Geneva,sans-serif;font-size:12px;line-height:14px;"><span style="font-family:Verdana,Geneva,sans-serif;font-size:12px;line-height:14px;color:#333333;">: </span><a href="tel:'+$Tel+'" style="font-family:Verdana,Geneva,sans-serif;color:#333333 !important;text-decoration:none !important;font-size:12px;line-height:14px;"><span style="font-family:Verdana,Geneva,sans-serif;font-size:12px;line-height:14px;color:#333333;">'+$Tel+'</span></a><span style="font-family:Verdana,Geneva,sans-serif;font-size:12px;line-height:14px;color:#333333;"> / </span><span style="font-family:Verdana,Geneva,sans-serif;font-size:12px;line-height:14px;color:#333333;">: '+$Fax+'</span></td></tr><tr><td style="font-family:Verdana,Geneva,sans-serif;font-size:12px;line-height:14px;"><a href="https://yandex.ru/maps/?text='+$Address+'&l=map" style="font-family:Verdana,Geneva,sans-serif;color:#333333 !important;text-decoration:none !important;font-size:12px;line-height:14px;"><span style="font-family:Verdana,Geneva,sans-serif;font-size:12px;line-height:14px;color:#333333;">'+$Address+'  '+$ADOffice+'</span></a></td></tr><tr><td style="font-family:Verdana,Geneva,sans-serif;font-size:12px;line-height:14px;"><a href="'+$Site+'" style="font-family:Verdana,Geneva,sans-serif;font-size:12px;line-height:14px;color:#0043a6 !important;text-decoration:none !important;outline:none;"><span style="font-family:Verdana,Geneva,sans-serif;font-size:12px;line-height:14px;color:#0043a6 !important;text-decoration:none !important;outline:none;">'+$Site+'</span></a></td></tr></table></td></tr><tr><td colspan="3" style="height:8px;line-height:8px;"></td></tr></table></td></tr><tr><td style="height:5px;line-height:5px;"> </td></tr><tr><td><a target="_blank" href="'+$BannerSite+'" style="display:block;width:440px;height:58px;"><img src="'+$Banner+'" width="440" height="58" alt="" border="0" nosend="1"/></a></td></tr><tr style="height: 4px;"><td style="height: 4px;line-height: 4px;"></td></tr><tr><td style="font-size: 10px;line-height: 11px;"></td></tr></table><span style="font-family:Verdana,Geneva,sans-serif;color:#000000;font-size: 10px;line-height: 11px;">        ,   .      ,        -,  .      ,  , ,           .      , ,                   .</br></br>The information contained in this communication is intended solely for the use of the individual or entity to whom it is addressed and others authorized to receive it. It may contain confidential or legally privileged information. The contents may not be disclosed or used by anyone other than the addressee. If you are not the intended recipient(s), any use, disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it is prohibited and may be unlawful. If you have received this communication in error please notify us immediately by responding to this email and then delete the e-mail and all attachments and any copies thereof.</span>' echo $html | out-file $signature -encoding UTF8

We should have 3 files.
start.ps1 - We launch it when a user logs on.
new_prefs.ps1 - Creates prefs.js in the Thunderbird folder.
signature.ps1 - Creates a signature in the mail.

Depending on your security settings, PowerShell scripts may not run. If you see an error that the script does not have a digital signature, please read this manual to solve the problem.

Source: https://habr.com/ru/post/352384/

All Articles

Customize Mozilla Thunderbird in a corporate Windows environment

You need to configure:

We have at the moment:

Configure Thunderbird at startup.

Customize your email signature.

More articles: