On Tue, May 8, 2018 at 11:53 AM, Joel Baltazor <[email protected]> wrote:
> May I be the first (and hopefully not only!) to say "please don't require > a machine to be domain-joined". We've attempted to manage Chrome a few > times, but since our machines are not Domain-joined many of the policies > options are ignored, making it just about impossible to manage Chrome. > Please don't do the same thing in Firefox. > > Our Windows machines are centrally managed and in some cases we do set > local Group Policy (often just by tweaking the relevant registry entries), > but we don't have AD or Domain-joined machines. Please don't exclude us > from being able to manage Firefox just because we don't have AD (or > domain-joined machines). > > I realize that this discussion is about RR and not ESR, but I'd hate to > see the code for an RR "domain-joined" match end up in ESR and prevent > places like mine from managing Firefox. > I can promise you that won't happen. The only place where we would have a domain joined requirement is on Rapid Release. Mike > > Thanks, > Joel > > > > > On 5/8/2018 9:36 AM, Mike Kaply wrote: > > On Tue, May 8, 2018 at 5:20 AM, Robert Marcano <[email protected]> > wrote: > >> On 05/08/2018 03:54 AM, Wolfgang Rosenauer wrote: >> >>> Hi, >>> >>> I'm wondering if there are any differences between upcoming Firefox 60 >>> and 60esr releases in code or in configuration? >>> >> >> Some policies are exclusive to ESR. I personally do not like that, but >> there are reasons Mozilla want to avoid regular users to be locked by the >> usage of those settings. >> > > The problem is that because those policies are simply registry entries, > any application can simply set them. Google originally worked around this > by using Active Directory specific APIs instead of the registry, but > eventually gave up and moved back to registry. They now only allow certain > policies on Windows if connected to an Active Directory server. > > >> >> Note: I find the locking of the settings too easy to bypass by malware >> (even if autoconfig is removed in the future), just unpack the onmi.ja and >> update the JSON definition of the policies and ready, those policies are >> available for non ESR builds (IIRC omni.ja is not signed in any way and not >> checked at load time) >> > > The difference is that a change like that would be immediately corrected > on the next update to Firefox, whereas laying down policies or autoconfig > persist across Firefox updates. Obviously we can't protect against > everything, but we can certainly try our best. > > >> >> I hope the github issue about allowing all policies on non ESR build when >> the machine is on a domain is implemented, and I wish for, all Linux >> machines (settings policies implementation for Linux requires root) > > > That's certainly the plan. The main reason I didn't turn on all policies > for Linux and Mac is that I wanted to have a Windows solution ready as > well. The way it will work eventually is that for Rapid Release, all > policies will work if you are either Mac, Linux or Windows connected to an > Active Directory server. I just need to write the code to detect an Active > Directory server. > > Anyone that needs to use Local Group Policy will have to use ESR. > > Mike > > > >> >> >> >>> >>> Thanks, >>> Wolfgang >>> _______________________________________________ >>> Enterprise mailing list >>> [email protected] >>> https://mail.mozilla.org/listinfo/enterprise >>> >>> To unsubscribe from this list, please visit >>> https://mail.mozilla.org/listinfo/enterprise or send an email to >>> [email protected] with a subject of "unsubscribe" >>> >>> >> _______________________________________________ >> Enterprise mailing list >> [email protected] >> https://mail.mozilla.org/listinfo/enterprise >> >> To unsubscribe from this list, please visit >> https://mail.mozilla.org/listinfo/enterprise or send an email to >> [email protected] with a subject of "unsubscribe" >> > > > > _______________________________________________ > Enterprise mailing > [email protected]https://mail.mozilla.org/listinfo/enterprise > > To unsubscribe from this list, please visit > https://mail.mozilla.org/listinfo/enterprise or send an email to > [email protected] with a subject of "unsubscribe" > > >
_______________________________________________ Enterprise mailing list [email protected] https://mail.mozilla.org/listinfo/enterprise To unsubscribe from this list, please visit https://mail.mozilla.org/listinfo/enterprise or send an email to [email protected] with a subject of "unsubscribe"
