- Configuration Items in Configuration Manager (SCCM, MECM) - Mon, Aug 22 2022
- Create and read SCVMM custom properties with PowerShell and the VMM Console - Mon, Apr 18 2022
- Prevent ransomware attacks on network shares with File Server Resource Manager (FSRM) - Mon, Mar 7 2022
With so many web browsers available for use today, Mozilla Firefox remains the top choice for many enterprise users because of its security, stability, and speed. In this article, I will be going over the steps for configuring, packaging, and deploying the latest version of Mozilla Firefox.
Step 1 – Download the latest version of Firefox.
I recommend you use the Extended Support Release (ESR) package, as it is intended for large groups and organizations that need to mass deploy Firefox in a desktop environment. This version is also more stable and secure than the regular version of Firefox, which is intended for personal use.
Step 2 – Create a new folder to place the installer, scripts, and extensions. For this guide, I will be saving all the necessary files to the following location:
\\SCS-CFGMGR-MP\SWSTORE\Software\Installed\Mozilla Firefox\V45
Step 3 – Open Notepad and create a new text document called "override.ini." Copy and paste the information below. When you are done, save the file to the source folder you just created.
[XRE] EnableProfileMigrator=false
Step 4 – Open Notepad and create a second text document called "local-settings.js." Copy and paste the information below. When you are done, save the file to the source folder you just created.
pref("general.config.filename", "mozilla.cfg");
pref("general.config.obscure_value", 0);
Step 5 – Open Notepad and create a third text file called "mozilla.cfg." Copy and paste the information below.
Note the strings that may be used in this file can be found by opening Firefox on a reference computer and navigating to "about:config." You can choose to add or remove strings from this file as you wish. Be careful when doing this because Firefox will not launch if the mozilla.cfg file is corrupt or invalid. In addition, note that placing "lockPref" in front of a string will lock the settings from being changed by any user, while "pref" will simply make your custom setting the default setting when Firefox is launched. When you are done, save the file to the source folder you just created.
// WKS Mozilla Firefox Lockdown
// Disable updater
lockPref("app.update.enabled", false);
// Make absolutely sure it is really off
lockPref("app.update.auto", false);
lockPref("app.update.mode", 0);
lockPref("app.update.service.enabled", false);
// Disable Add-ons compatibility checking
clearPref("extensions.lastAppVersion");
// Don't show 'know your rights' on first run
pref("browser.rights.3.shown", true);
// Don't show WhatsNew on first run after every update
pref("browser.startup.homepage_override.mstone","ignore");
// Don't show Windows 10 splash screen on first run
pref("browser.usedOnWindows10", true);
// Set default homepage
lockPref("browser.startup.homepage","https://www.google.com");
// Disable the internal PDF viewer
lockPref("pdfjs.disabled", true);
// Disable the flash to javascript converter
lockPref("shumway.disabled", true);
// Don't ask to install the Flash plugin
pref("plugins.notifyMissingFlash", false);
// Disable plugin checking
lockPref("plugins.hide_infobar_for_outdated_plugin", true);
clearPref("plugins.update.url");
// Disable health reporter
lockPref("datareporting.healthreport.service.enabled", false);
// Disable all data upload (Telemetry and FHR)
lockPref("datareporting.policy.dataSubmissionEnabled", false);
// Disable crash reporter
lockPref("toolkit.crashreporter.enabled", false);
Components.classes["@mozilla.org/toolkit/crash-reporter;1"].getService(Components.interfaces.nsICrashReporter).submitReports = false;
// Disable default browser check
lockPref("browser.shell.checkDefaultBrowser", false);
// Delete history on exit
lockPref("browser.history_expire_days", 0);
lockPref("browser.history_expire_days.mirror", 0);
lockPref("browser.formfill.enable", false);
lockPref("browser.download.manager.retention", 0);
lockPref("network.cookie.cookieBehavior", 0);
lockPref("network.cookie.lifetimePolicy", 2);
// Disable password manager
lockPref("signon.rememberSignons", false);
lockPref("pref.privacy.disable_button.view_passwords", true);
// Disable themes
lockPref("config.lockdown.disable_themes", true);
// Enable Java Plugin
lockPref("security.enable_java", true);
// Automatically enable extensions
lockPref("extensions.autoDisableScopes", 0);
Step 6 – Create a new folder inside the source folder you created earlier called "~Extensions."
For this guide, I will be using OneNote Web Clipper 3.2.8 as the extension I want to include with my deployment. To obtain this extension, install and launch the OneNote Web Clipper add-on in Firefox on a reference computer. Navigate to C:\Users\%USERNAME%\AppData\Roaming\Mozilla\Firefox\Profiles\*.default\extensions\, and copy the extension Clipper@OneNote.com.xpi file to the "~Extensions" folder you just created. This process may vary for some extensions.
Step 7 – Open Notepad and create a fourth text file called "Install.bat." Copy and paste the information below.
Note that the fifth line, which copies the extension, uses the name that is specific to the extension used in this example. You will need to change this text to match the extension that you’d like to include with your installation.
"%~dp0setup.exe" -ms if exist "C:\Program Files\Mozilla Firefox\" copy /Y "%~dp0override.ini" "C:\Program Files\Mozilla Firefox\browser\" if exist "C:\Program Files\Mozilla Firefox\" copy /Y "%~dp0mozilla.cfg" "C:\Program Files\Mozilla Firefox\" if exist "C:\Program Files\Mozilla Firefox\" copy /Y "%~dp0local-settings.js" "C:\Program Files\Mozilla Firefox\defaults\pref" if exist "C:\Program Files\Mozilla Firefox\" copy /Y "%~dp0~Extensions\ Clipper@OneNote.com.xpi" "C:\Program Files\Mozilla Firefox\browser\extensions"
When you are done, save the file to the source folder you just created. We are now ready to deploy the application with SCCM.
Step 8 – Open the System Center Configuration Manager console. Click on the "Software Library" tab to expand Application Management and click on the "Applications" applet.
Find and open the "Create Application Wizard" in the Ribbon above. When the wizard launches, choose "Manually specify the application information," and click Next. Enter any information you think is necessary, and click Next again.
Create Application Wizard
Configure application information
Step 9 – When asked to specify settings for this deployment type, choose "Script Installer," and click Next. Enter a name for the deployment type (I usually use "Install"), and choose a language; I will select English (United States).
Specify deployment type
Click Next. On the next screen, specify the content location, installation program, and uninstall program (optional). I will not be specifying an uninstall program, as this application should not be uninstalled in my environment and will be advertised to workstations as a required advertisement. Note that I selected "install.bat" instead of "setup.exe" for the installation program.
Specify content delivery
On the next page, we are going to specify how the Configuration Manager will detect whether the workstation needs Mozilla Firefox installed. Click "Add Clause," and leave the default settings. Configure the other settings as follows:
Type: Folder
Path: C:\Program Files\
File or Folder Name: Mozilla Firefox
Click OK, and click Next.
Create application deployment rule
Step 10 – Now we are going to specify the user experience settings for this application—essentially how the application will install on the computer. Configure the settings as follows:
Installation behavior: Install for System
Logon requirement: Whether or not a user is logged on
Installation program visibility: Hidden
You can leave the defaults for maximum allowed run time and estimated installation time, if you wish. However, I am going to set the maximum allowed time to run at 15 minutes and the estimated installation time to 15 minutes. There’s no reason this application should take longer than 15 minutes to install. Since I am not going to specify any requirements and Mozilla Firefox has no dependencies, I am going to click Next for the last few screens. At the end, I will be shown a summary of my configuration. Click Next to finish creating the application and exit the Create Application Wizard.
Summary page
Step 11 – Now it’s time to distribute and deploy Mozilla Firefox. Right-click on the Mozilla Firefox application, and select "Deploy."
Deploy application
Choose the Device Collection to which you’d like to deploy the application, and click Next.
Push to collection
Step 12 – Specify the Distribution Point(s) or Distribution Point Group to which you’d like to distribute the application, and click Next.
Step 13 – Specify the type of deployment you’d like to advertise, and click Next. In this example, we will set the deployment type to be a Required advertisement.
Specify type of advertisement
Step 14 – Leave the scheduled deployment deadline as-is, and click Next.
Step 15 – Specify the user experience by determining whether you’d like the end-user to be notified that the application has been made available. In this example, I am going to opt to hide notifications in Software Center.
Leave the option under handling Windows Embedded devices as-is, and click Next.
Hide in Software Center
Step 16– For now, I am going to leave the alert settings alone. Click Next.
On the confirmation page, click Next one more time to finish and close the Deployment Wizard.
Step 17 – Wait a few minutes, and logon to one of the workstations in the Device Collection to which you deployed Firefox earlier.
Mozilla Firefox should now be installed. When you launch it for the first time, it will launch without any unnecessary prompts or welcome pages, and will automatically enable the OneNote Web Clipper extension.
Subscribe to 4sysops newsletter!
Firefox is installed and configured
Hi
Just been reviewing my own Firefox deployment (using MDT) and have just twinged on one major issue as to why it was not working. Firefox is now 64 bit, so the x86 program files dir should be;
“C:\Program Files\Mozilla Firefox”
still testing the rest, but this is important (obviously!)
Dan
Hi Daniel,
I updated my guide accordingly and it should now reflect the process of packaging and deploying the 64-bit version of Firefox.
–Alex
Hello. Great step by step, but I would like to add that you forgot to mention that either the downloaded exe needs to be renamed or the install.bat needs to be edited. Since “%~dp0setup.exe” –ms is referring to filename “setup.exe”, the downloaded file would need to be renamed as setup.exe, or the line needs to be renamed to match the installer. For example, as of today, the latest downloaded file is “Firefox Setup 45.7.0esr.exe”, so the line would need to say “%~dp0Firefox Setup 45.7.0esr.exe” –ms.
That’s a good point, Larry. Thanks for the tip!
–Alex
You’re welcome! Also, love the mozilla.cfg example since everything I would want to disable for my environment has already been done… no default browser check, no first run crap, no saved passwords or history, no auto updates, no telemetry, no import bookmarks (I think? Need to check that one) etc… just change the homepage and done!
Yes! There is a way to import bookmarks into Firefox but I believe it requires copying a bookmarks.html file over, which would have to be added to the batch script. You can also set the download the directory in the Mozilla.cfg file using the following snippet:
// Set download directory
lockPref(“browser.download.manager.showWhenStarting”, true);
lockPref(“browser.download.manager.closeWhenDone”, true);
lockPref(“browser.download.useDownloadDir”, true);
lockPref(“browser.download.dir”, “S:\\Windows”);
lockPref(“browser.download.downloadDir”, “S:\\Windows”);
lockPref(“browser.download.folderList”, 2);
In this case, S:\ is a mapped network drive and “Windows” is a folder all students use to store files in our Windows environment.
In testing this further, I discovered the bat file does not work as intended. The first line triggers the Firefox installation but does not wait for it to finish. It then immediately executes the rest of the lines which fail because the folder does not yet exist, at least on a fresh install. It would probably work if upgrading an existing version. Also, I do not see the purpose of having the if statements at all since it would simply attempt to copy the file and fail?
Here is a working version of the mozilla.bat (without the if conditions or extensions copy and using the filename as downloaded). The empty double quotes in the first line provide a blank window title and must be present:
start /wait “” “%~dp0Firefox Setup 45.7.0esr.x64.exe” -ms
copy /Y “%~dp0override.ini” “C:\Program Files\Mozilla Firefox\browser\”
copy /Y “%~dp0mozilla.cfg” “C:\Program Files\Mozilla Firefox\”
copy /Y “%~dp0local-settings.js” “C:\Program Files\Mozilla Firefox\defaults\pref”
If the batch script is triggering the Firefox install but not waiting for it to finish, then something might be wrong with the command being run, as that only occurs when there is an error in the command or the switches being used. A batch file runs commands synchronously, so in theory it will wait until after the process (in this case the Firefox installer) ends before it runs the next commands. Try simplifying the file name to something like FirefoxSetupX64.exe.
Also, it’s actually never a good idea to have two files with the same name (mozilla.cfg and mozilla.bat) in the same folder as that makes things confusing, especially if you don’t have the “Hide extensions for known file types” checkbox enabled.
FYI my version of the install.bat is called mozilla.bat since having a server with dozens of install.bat files is a bad idea, even if they are in separate folders.
The command setup.exe -ms is installing Firefox but after that i am unable to Lunch the Firefox. I am installing 46.0 ESR. Something needs to be added to the command line ?
Able to lunch the Firefox after installing by double-click on setup.exe
This script works for me when running manually. Has any see that when putting it in a SCCM 2012 R2 Deployment Package that it hangs and eventually fails?
If the package is hanging and failing, check the ccmexec log file. The deployed package either is not downloading the source files to the machine (maybe the CCM cache is full?) or is failing to start the script that installs and locksdown Firefox.
Thank you Alex. I got it to push on machines without firefox already installed. The items I am seeing now is “Failed to read the configuration file.” Has anyone ran into this one?
Awesome information. Occasionally I have systems that seem to pause during the update process and the next time the user attempts to open the program they get the XULRunner Error: Platform version 52.2.0 is not compatible with Min version >=52.1.1 Max version <=52.1.1.
Have you encountered this error and if so how were you able to avoid having it happen when you update systems?
Since this is the ESR (Extended Service Release) of Firefox, I update it once a year when I build my workstation image, unless there is a major bug or security problem. In that case, I add an uninstall function to my application and deploy it as an uninstall request.
Worked perfectly, thanks.One question on the config decisions, as opposed to functional.Why have you turned off Auto-Update?
Having applications update on their own without any testing our quality control goes against best practices. I’ve seen Microsoft push out automatic updates that cause serious issues with their products and services. I do not want to take the chance of that happening on a web browser popular with end-users such as Mozilla Firefox. It’s just not my cup of tea.
Thanks for that, was just curious as it’s the delayed ESR.
Is there a way to write into the script to install a shortcut to all users desktop?
When i am opening Firefox it says “failed to load configuration file. please contact your system administrator”
Any body know this.
Thanks, this works extremely well! Question; do you have a step by step for Chrome?
not working with firefox 60.6.1 ESR.
extensions are not installed
hi !
i'm sorry to digging so deeply in this but i try to use the script :
start /wait "" "%~dp0Firefox Setup 68.6.1.esr.exe" -ms
copy /Y "%~dp0override.ini" "C:\Program Files\Mozilla Firefox\browser\"
copy /Y "%~dp0mozilla.cfg" "C:\Program Files\Mozilla Firefox\"
copy /Y "%~dp0local-settings.js" "C:\Program Files\Mozilla Firefox\defaults\pref"
the installation of firefox is ok BUT, the second part with the file isn't ok.
when i copy manually in the good repertory it's all good, but the script don't copy them…
somebody as the issue and find a way to patch it 🙂 ?
thanks a lot
Hello,
I have followed the instructions and it works for the most part except, the Install.bat file. It's not copying anything from the installation folder to the Mozilla firefox folder. As a result none of my preferences are showing up on firefox after installation. However, they work if I manually put those preference files in the Firefox folder. I would really appreciate if someone can help me on this.