[Mozilla Enterprise] Policies (w/GPO) feedback and questions

Ariel P ariel.p at hostdime.com
Tue Jun 26 17:21:59 UTC 2018 

On 2018-06-26 12:50, Daniel Frey wrote:
> On 06/25/18 19:12, Mike Kaply wrote:
>>      3. Most importantly, I can't find a way to redirect the bookmarks. We
>>      map a user share and I've redirected IE to put their favorites/bookmarks
>>      there so that they are captured during the backup. From reading online
>>      you can manually set up a new profile location which would include the
>>      bookmarks and other bits in the profile, but it would be more ideal to
>>      map it to their home directory/drive via GPO. Assuming, of course, this
>>      doesn't lead to cache information being stored on our server.
>>
>>
>> Unfortunately this is a capability that Firefox doesn't support anymore.
>>
>> I'm trying to figure out if there is some clever way to do it.
>>
>> Mike
>>   
> I've been meddling with this today. I found out that adding a directory
> symlink (mklink /d) of %appdata%\Mozilla to our mapped home drive on the
> server works. Firefox creates the profile on the home drive with no
> issues and I don't see any side effects from browsing this morning.
> Looks like the cache data is not stored there, so that's great.
>
> The issue I found is that gpsvc does not have create symlink permissions
> on the local workstations. So using a GPO to run a script to create
> these links on the first logon does not work. It looks like you can
> grant this permission to users if need be though GPO, but it doesn't
> appear gpsvc inherits the permission.
>
> So the gpsvc permission model would have to be modified on our
> workstations manually (as I see no way to do this centrally.) While kind
> of a stop-gap solution I guess it could work in our organization as we
> have only about 150 machines... I could modify them one at a time then
> deploy Firefox after that's been done.
>
> I find it interesting that you can create a new profile in
> about:profiles and specify a location, but there's no way to set the
> location of the default profiles.
>
> Dan

Dan,

The "%APPDATA%\Mozilla\Firefox\profiles.ini" file can be modified via 
GPO to point to somewhere in your mapped drive.

For example, this would work:

[General]
StartWithLastProfile=1

[Profile0]
Name=RemoteProfile
IsRelative=0
Path=\\yoyodyne.local\fileshare\USER\fxprofile
Default=1

You could leverage the use of GPO variables in the Path line as well, if 
you deploy it as individual INI file preferences rather than a single file.
As long as the directory exists (even if it's empty), it'll work.
If the directory is empty, Firefox will deploy the default profile into it.

You'd still need a means to ensure that if a local profile exists for a 
given user, it is migrated to the network share, unless you don't care 
about potential data loss.

-- 
Ariel P
HostDime.com, Inc.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.mozilla.org/pipermail/enterprise/attachments/20180626/3de860f6/attachment-0002.html>

More information about the Enterprise mailing list