[Mozilla Enterprise] Firefox 60 ESR GPO Settings idea for developer

Ryan Sheldon rsheldon at albrightstonebridge.com
Thu Nov 1 18:33:19 UTC 2018 

Hi Peter,

Maybe this is a longer workaround, but have you considered creating user security groups for this policy? You would have to create separate security groups for your standard users and developers, but this would allow you to scope the policy object to the standard user group. The biggest hurdle with this option is making sure the standard group is part of your automated user provisioning/security group management processes.

Alternatively, your developers could manually adjust the about:config settings when testing Firefox. In my experience, group policy will only enforce settings with a refresh, which defaults to 60-90 minutes. (Though your organization might have customized this; more details here - https://msdn.microsoft.com/en-us/library/ms813077.aspx). Are your developers able to access about:config on the browser, or do you have that section blocked as part of policy? This isn't an ideal solution, but could be used in a pinch.

Hopefully this helps lead you to a possible solution. I'll be curious to see what you ultimately do for this.

-Ryan Sheldon

From: Enterprise <enterprise-bounces at mozilla.org> On Behalf Of Peter Schlierf
Sent: Wednesday, October 31, 2018 11:27
To: enterprise at mozilla.org
Subject: [Mozilla Enterprise] Firefox 60 ESR GPO Settings idea for developer

Hello Enterprise-Group

Maybe some of you have an idea, how to handle developers in our Firefox GPO  Environment.

Following problem:
Since we use FF60 ESR, we also implemented the GPO feature in our company with 120.000 Clients and use much of the policies.
Also settings for
network.negotiate-auth.trusted-uris
network.negotiate-auth.delegation-uris
network.automatic-ntlm-auth.trusted-uris

we set within GPO:
[cid:image001.png at 01D471EE.DF08D480]

Due to that fact this settings are locked preferences on the client.
This is fine for most of our users, but some developers want to change here settings for troubleshooting and testing purposes.

Does anyone have an idea how to have a workaround for this, without putting those users in different domain containers?
Are there some addons or short cuts possible to disable NTLM/Kerberos settings on the start or load of a page?

Thanks for your ideas.

Best regards,

Peter Schlierf


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.mozilla.org/pipermail/enterprise/attachments/20181101/cbc8730c/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 11070 bytes
Desc: image001.png
URL: <http://mail.mozilla.org/pipermail/enterprise/attachments/20181101/cbc8730c/attachment.png>

More information about the Enterprise mailing list