Classification: UNCLASSIFIED Good morning Mike and Victor,
Just to clarify, here’s the situation. I manage a VDI infra, essentially I’m migrating users from System 1.0 to System 2.0. On system 1.0, I had a Firefox ESR that’s about 6 months old when initially installed and when the user loads the browser for the first time they can update it to the latest ESR because we allow the self-update. Now here’s the catch 22, I’m using Microsoft’s USMT profile backup tools to export the user’s profile to a .MIG and then I import. Now once the user’s profile is migrated to System 2.0, by default when they log into the new machine SCCM offers that older version of Firefox that’s about 6 months old so they install it and of course as soon as they user tries to load it detects the profile as incompatible because FF hasn’t had the chance to update yet. So essentially the situation is that a NEW profile is loaded into an OLD FF…. I’ve tried the MOZ_LEGACY_PROFILES through both USER and SYSTEM GPO’s and the behavior remained the same, the newer profile couldn’t load into the old temporary FF. So would MOZ_ALLOW_DOWNGRADE actually allow me to load a new profile onto an old FF temporarily while it updates? Or basically with those two, it would work….. BUT the users would have to rebuild their profile using the static profile moving forward instead of the randomly generating string one? Eric From: Hoang (US), Victor T <[email protected]> Sent: July 1, 2020 2:58 PM To: Mike Kaply <[email protected]>; Periard, Eric <[email protected]> Cc: [email protected] Subject: RE: [EXTERNAL] Re: [Mozilla Enterprise] Error with using system proxy settings (when changing from using "automatic proxy configuration URL" by default via policies.json) EXTERNAL EMAIL – USE CAUTION / COURRIEL EXTERNE – FAITES PREUVE DE PRUDENCE Hey Eric, I also had this problem in the past and its basically what Mike pointed out. I mostly saw this for folks coming from 60 to 68 ESR. To resolve this, I created 2 environment variables in windows. One called MOZ_ALLOW_DOWNGRADE and another called MOZ_LEGACY_PROFILES. For the Value field of each variable, I set it to 1. This should allow you to downgrade and use the same profile for all users. I automate that process via my own scripts and deploy through SCCM. Also keep in mind when a user uninstalls Firefox from control panel, it does not remove these system variables (and they will need to be an administrator), so I recommend that you have an internal process to remove these variables when they try to uninstall the browser for the cleanest practice. Easy way to check incase the individual does not have admin rights is by opening up cmd and typing: set. That should show if the variable still exists (or not). Victor From: Enterprise <[email protected]<mailto:[email protected]>> On Behalf Of Mike Kaply Sent: Wednesday, July 1, 2020 11:47 AM To: Periard, Eric <[email protected]<mailto:[email protected]>> Cc: [email protected]<mailto:[email protected]> Subject: [EXTERNAL] Re: [Mozilla Enterprise] Error with using system proxy settings (when changing from using "automatic proxy configuration URL" by default via policies.json) This message was sent from outside of Boeing. Please do not click links or open attachments unless you recognize the sender and know that the content is safe. You can read more about this here: https://support.mozilla.org/en-US/kb/understanding-depth-profile-installation<https://can01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsupport.mozilla.org%2Fen-US%2Fkb%2Funderstanding-depth-profile-installation&data=02%7C01%7CEric.Periard%40cyber.gc.ca%7C0d385fe7aba049d0706f08d81df0ad75%7Cda9cbe40ec1e4997afb317d87574571a%7C0%7C0%7C637292266831055030&sdata=dE9hUg6kuVIZUNGiHAJTsaGgnomZ1bzk%2FHjiKiHJuI0%3D&reserved=0> But specifically at the end: " The downgrade blocking can be bypassed by setting the environment variable MOZ_ALLOW_DOWNGRADE or by passing the --allow-downgrade command line argument when running Firefox." Hopefully this should accomplish what you need. Alternatively if it is a problem with the new Firefox being installed in a different directory, you can use the MOZ_LEGACY_PROFILES environment variable or the LegacyProfiles policy - https://github.com/mozilla/policy-templates/blob/master/README.md#legacyprofiles<https://can01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fmozilla%2Fpolicy-templates%2Fblob%2Fmaster%2FREADME.md%23legacyprofiles&data=02%7C01%7CEric.Periard%40cyber.gc.ca%7C0d385fe7aba049d0706f08d81df0ad75%7Cda9cbe40ec1e4997afb317d87574571a%7C0%7C0%7C637292266831065024&sdata=umHVpT9L4ldFTb2ZzvXbLEAlSP3n9EMgq5Bdk1FhTRw%3D&reserved=0> Mike On Wed, Jul 1, 2020 at 12:04 PM Periard, Eric <[email protected]<mailto:[email protected]>> wrote: Classification: UNCLASSIFIED Hello, Here’s an interesting situation: We’ve recently created a USMT Windows User Profile Backup and Restore package via SCCM and that works fine, however there’s a catch 22 with firefox…. Usually I keep a baseline version of the package via the Software Center and the users can update the browser via the ABOUT menu. However if a windows profile is restored to a new system (with AppData) and then firefox is installed from the Software Center, of course it’s old and it sees the newer profile as incompatible. so far the only solution I got is to go ahead and update the baseline version of my Firefox package. So here’s my questions: 1. Is it possible somehow to load a new profile onto an old Firefox? 2. Is it possible to force Firefox to look for updates as soon as someone tries to open it? 3. If 2. is possible, would it fetch the update before prompting the user to create a new profile? Please advise, this seems to be a none-issue with Chrome post-user mig. Thanks Eric _______________________________________________ Enterprise mailing list [email protected]<mailto:[email protected]> https://mail.mozilla.org/listinfo/enterprise<https://can01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fmail.mozilla.org%2Flistinfo%2Fenterprise&data=02%7C01%7CEric.Periard%40cyber.gc.ca%7C0d385fe7aba049d0706f08d81df0ad75%7Cda9cbe40ec1e4997afb317d87574571a%7C0%7C0%7C637292266831065024&sdata=L%2FTuAGq1zc3RCuJ6SD3ddMed9XidjfGdJkcC8%2B3Ijh8%3D&reserved=0> To unsubscribe from this list, please visit https://mail.mozilla.org/listinfo/enterprise<https://can01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fmail.mozilla.org%2Flistinfo%2Fenterprise&data=02%7C01%7CEric.Periard%40cyber.gc.ca%7C0d385fe7aba049d0706f08d81df0ad75%7Cda9cbe40ec1e4997afb317d87574571a%7C0%7C0%7C637292266831075021&sdata=0olcoMr49SdT7cCiMAGX6kJz41W38hGGUUU8cmWYZ%2FA%3D&reserved=0> or send an email to [email protected]<mailto:[email protected]> with a subject of "unsubscribe"
_______________________________________________ Enterprise mailing list [email protected] https://mail.mozilla.org/listinfo/enterprise To unsubscribe from this list, please visit https://mail.mozilla.org/listinfo/enterprise or send an email to [email protected] with a subject of "unsubscribe"
