Locking Down Firefox

From Wiki

Jump to:navigation, search

This is a guide to Firefox lockdown using CCK and ADM templates

Install Firefox on a clean system as Administrator

Install the Plugins

  • Install all plugins & extentions (Shockware, Real, Quicktime, JAVA, Acrobat, Flash, IE TAB)
  • Note: IE needs a internet connection as JAVA need to download. Also some apps above need to be installed on the machine running firefox.
  • Check that all the plugins have installed by "about:plugins"
  • Install "FireFoxCCK.xpi" I created this with the CCK Wizzard "https://addons.mozilla.org/firefox/2553/"
    • Run through the wizzard and set things like proxy setting, set homepage, Once set, these are the lines added in "preferences" and the values. All these are set to "lock"
profile.confirm_automigration			false
profile.allow_automigration			true
network.proxy.autoconfig_url
network.proxy.type
app.update.enabled				false
browser.startup.homepage
browser.startup.page				1
startup.homepage_welcome_url			http://homepage
startup.homepage_override_url			http://homepage
browser.download.useDownloadDir		        false
browser.download.manager.showWhenStarting	false
browser.shell.checkDefaultBrowser		false
dom.disable_open_during_load			true
permissions.default.image			1
javascript.enabled				true
security.enable_java				true
browser.feeds.handler				ask
browser.history_expire_days			9
browser.formfill.enable				true
browser.download.manager.retention		0
network.cookie.cookieBehavior			0
network.cookie.lifetimePolicy			0
privacy.sanitize.sanitizeOnShutdown		false
privacy.sanitize.promptOnSanitize		true
pref.general.disable_button.default_browser	true
pref.privacy.disable_button.cookie_exceptions	true
pref.privacy.disable_button.view_cookies	true
pref.privacy.disable_button.view_passwords	true
signon.rememberSignons				true
xpinstall.whitelist.required			true
browser.safebrowsing.enabled			true
extensions.update.enabled			false
browser.search.update				false
browser.cache.disk.capacity			5000
signon.expireMasterPassword			false
xpinstall.dialog.confirm			
xpinstall.dialog.progress.chrome		
xpinstall.dialog.progress.skin			
signon.remeberSignons				false
signon.prefillForms				false
security.warn_entering_secure			false
security.warn_entering_secure.show_once		false
security.warn_entering_weak			false
security.warn_entering_weak.show_once		false
security.warn_leaving_secure			false
security.warn_leaving_secure.show_once		false
security.warn_submit_insecure			false
security.warn_submit_insecure.show_once		false
security.warn_viewing_mixed			false
security.warn_viewing_mixed.show_once		false
  • Copy the 2 directories in "c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\********.default\extentions" to "c:\Program files\Mozilla Firefox\extentions\" and delete the "talkback@mozilla.org" directory

Remove the Menu Items

  • Open "C:\Program Files\Mozilla Firefox\defaults\profile\chrome\userChrome-example.css" in a text editor
  • Add (at the end):
/* Remove the Edit and Help menus
   Id's for all toplevel menus:
   file-menu, edit-menu, view-menu, go-menu, bookmarks-menu, tools-menu, helpMenu */

helpMenu, tools-menu {    display: none !important; }
  • This will remove the "Help" and "Tool" menus.
  • Save the file
  • Rename this file to "userChrome.css"

Set the Default Profile

  • Delete the "Mozilla" directory in "c:\documents and settings\Administrator\Application Data"
  • Open Firefox, this should now load Firefox with the Help and Tools menus missing and also have the CCK applied and all the plugins installed.
  • copy everything in "c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\********.default\" to "C:\Program Files\Mozilla Firefox\defaults\profile\"
  • Select "Yes To All" to overwrite files.

Removing Search Engines

  • Open "c:\program files\mozilla firefox\searchplugins\
  • Delete the .xml for the engines you do not want eg. "eBay-en-GB.xml"

For Citrix

  • To stop Firefox from keep asking to import settings from IE each time a profile is created:
    • Create "Mozilla\Firefox\profiles\student.default" in the "\\server\path_to_def_profile$\termserv\application data\" directory
    • Copy everything from "C:\Program Files\Mozilla Firefox\defaults\profile\" to the "student.default" directory
  • Note this can also be done for the "default user" profile in XP instead of termserv.

Restricting Access to Local Drives

  • Open "c:\program files\mozilla firefox\chrome\browser.jar" in a zip program
  • Browse to "content\browser" and extract "browser.js"
  • Open "browser.js" in a text editor
    • Note Notepad loses the formating, so open "browser.js" in firefox, select all, copy to notepad. >right click on .jar file > open with 7zip

go to browser.js and drag it to the desktop. then drag the file from the desktop into firefox to edit (because notepad is crap and screws up the spacings). In firefox select all and copy the text into notepad, to retain the correct spacing. Edit the file and save the file in notepad as browser.js Now drag that file back into 7zip (the overwrite the browser.js) and click close.

  • Locate the line "var location = aLocation.spec;"
  • Add (below the above line):
if (location.match(/^file:/) || 
location.match(/^\//) || 
location.match(/^resource:/) ||
(!location.match(/^about:blank/) &&
location.match(/^about:/))) {
loadURI("about:blank");
}
  • Save "browser.js" and copy back into "browser.jar" in the zip program and save "browser.jar"
  • This should now load a blank page when you try to go to a "about:" page, try opening "file/ / /c/" and also "c:"

Deploying Firefox

  • You can just copy the firefox directory (c:\program files\mozilla firefox) to the machine you want to run it on and create a shortcut it.
  • Also set permissions on the "Mozilla Firefox" directory for students as allow "Read & Execute", "List Folder contents" and "Read" only

Useful Links