Hi Peter, Maybe this is a longer workaround, but have you considered creating user security groups for this policy? You would have to create separate security groups for your standard users and developers, but this would allow you to scope the policy object to the standard user group. The biggest hurdle with this option is making sure the standard group is part of your automated user provisioning/security group management processes.
Alternatively, your developers could manually adjust the about:config settings when testing Firefox. In my experience, group policy will only enforce settings with a refresh, which defaults to 60-90 minutes. (Though your organization might have customized this; more details here - https://msdn.microsoft.com/en-us/library/ms813077.aspx). Are your developers able to access about:config on the browser, or do you have that section blocked as part of policy? This isn't an ideal solution, but could be used in a pinch. Hopefully this helps lead you to a possible solution. I'll be curious to see what you ultimately do for this. -Ryan Sheldon From: Enterprise <[email protected]> On Behalf Of Peter Schlierf Sent: Wednesday, October 31, 2018 11:27 To: [email protected] Subject: [Mozilla Enterprise] Firefox 60 ESR GPO Settings idea for developer Hello Enterprise-Group Maybe some of you have an idea, how to handle developers in our Firefox GPO Environment. Following problem: Since we use FF60 ESR, we also implemented the GPO feature in our company with 120.000 Clients and use much of the policies. Also settings for network.negotiate-auth.trusted-uris network.negotiate-auth.delegation-uris network.automatic-ntlm-auth.trusted-uris we set within GPO: [cid:[email protected]] Due to that fact this settings are locked preferences on the client. This is fine for most of our users, but some developers want to change here settings for troubleshooting and testing purposes. Does anyone have an idea how to have a workaround for this, without putting those users in different domain containers? Are there some addons or short cuts possible to disable NTLM/Kerberos settings on the start or load of a page? Thanks for your ideas. Best regards, Peter Schlierf
_______________________________________________ Enterprise mailing list [email protected] https://mail.mozilla.org/listinfo/enterprise To unsubscribe from this list, please visit https://mail.mozilla.org/listinfo/enterprise or send an email to [email protected] with a subject of "unsubscribe"
