Coexisting policies.json and GPO is high on my list and I am trying to get it in before the next major ESR.
Unfortunately the only other solution I have involves ignoring GPO completely in favor of policies.json and that doesn't help you. What is your timeline? Mike On Thu, Jan 21, 2021 at 2:05 PM Andrew J. Buehler <[email protected]> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA512 > > My organization is (still) in the process of preparing to migrate from > an older Firefox ESR to the current ESR, and is planning to migrate from > 32-bit Firefox to 64-bit Firefox in the process. This latter means that > we're hitting the "profile per install" transition which comes along > with the install-location change inherent to Windows' install-location > handling. (We are not going to override that and install the 64-bit > program under the 32-bit path.) We therefore need to tell Firefox to not > use profile-per-install, and continue with legacy profiles. > > > As I understand matters, the policy settings for disabling > profile-per-install in favor of legacy profiles do not work when > specified in policies.json; they only work when specified via Group > Policy or via the launch-time MOZ_LEGACY_PROFILES environment variable. > (At least on Windows, I haven't investigated other platforms recently > enough to recall.) > > For reasons which don't bear going into, I would prefer to handle as > much policy configuration as possible via policies.json, rather than via > Group Policy. > > I did all of my initial profiles- and policies-related testing with the > environment variable, for convenience, and got to a point where things > were working fine. I then switched to testing with the Registry entry > which corresponds to the Group Policy setting [1], and rather to my > surprise, all of the policy settings which I had been configuring > through policies.json were suddenly being ignored. > > After a bit of searching, I found [2], which points out that - as I had > just run into - when the Registry key where the Group Policies are to be > specified exists, policies.json is ignored. I don't recall seeing that > documented anywhere, but it's possible I just missed noticing it. > > > This seems to mean we can't use a combination of these approaches; it's > either all policies.json or all Group Policy. Unfortunately, that in > turn seems to mean that we have to A: find a way to deploy that > environment variable so that it's reliably in effect before the new > Firefox version gets launched, B: abandon the use of policies.json > entirely in favor of Group Policy, or C: abandon our hopes of retaining > our users' existing Firefox profiles. > > A would be relatively impractical, given the limitations of the various > methods (that I know of) for automatically deploying > environment-variable settings - most prominently, that none of them seem > to take effect before the next Windows logon, so we couldn't just push > out the environment variable alongside the Firefox install. The same > point would make it equally difficult to revert the setting later on. > > B would be undesirable for internal reasons, which - as I said - don't > bear going into (although I can summarize them if needed). > > C would be problematic; it's unlikely that the existing Firefox users > would be OK with their profiles disappearing from under their feet. > > Any suggestions for a way out of this tangle? > > > The ideal solution would of course be to dodge around the issue, by > avoiding the need for us to disable profile-per-install at all. I have a > few possible design arrangements in mind that would probably make that > viable, but lack the spoons to push for them in a filed bug unless I > could be confident that doing so would bear fruit, and in any case they > wouldn't make it into an ESR release in time for me to meet my > deployment time-frames. > > The next best solution would be for the "legacy profiles" policy setting > to work when specified via policies.json. However, if doing that were an > option, it would clearly have been done that way to begin with; since it > wasn't, I mention it only to be comprehensive. > > The third-best solution would probably be for it to be possible to > mix-and-match policies.json with Group Policy configuration. However, > given that it wasn't done that way to start out with, I rather doubt > that's going to happen at this point - and even if it does happen at > some point, the same "probably won't make it into the ESR in time" > applies. > > If anyone can suggest any other solutions, I'd be glad to hear them. > > > [1] HKLM\SOFTWARE\Policies\Mozilla\Firefox\LegacyProfiles REG_DWORD:1 > > [2] > > https://community.spiceworks.com/topic/2247157-firefox-ignoring-policies-json-when-registry-path-is-created > > - -- > Andrew J. Buehler > > -----BEGIN PGP SIGNATURE----- > > iQJJBAEBCgAzFiEEJCOqsZEc2qVC44pUBKk1jTQoMmsFAmAJ3pAVHHdhbmRlcmVy > QGZhc3RtYWlsLmZtAAoJEASpNY00KDJrEhEP/3yZODmmNkAIuYPqBodFsCxGngtb > Xv++JhqgctO8WuJ1XBT2j3IsWaTSYbHx05EIo6wSNTQaMJICE7TISh1Cw9xU/YXf > lShbyDLj3pLnQhnUg1lmQKkbMN4aCD18w9EwuqKkx9eGwrZ4DYNDpU5HLUjZ+ms+ > ICBpTfCTnNbCAsosUuy+lBEhyEageju6a4KDzhgCieTB3slf5bzryaqtQ9hcjW/W > 0Vz+wePs1uZEyPEpDYxI0vMtkTJliAGY0Bz1fkcxZ6IXsMPu01eXd55qwfuz8mNM > eJWo5a84gsBofdNeN0LwoxF5Af6Fs8cakyheQD25Ejiv98HKGnmZHbFbHDwj0y9h > H5Qcud+rLA9EQPbryEOqB658vhzLOtrd/MHILcrmHbD/4rFjeTddErThKk7mGMa6 > SoqJulmpjrGrumT+m4TKoiLJaa1kQvGhk5LzAD0bSHbiW/SmZ4XFUrmqnTO7+SlS > 1E/N8mh25WNOUH+MrfCzQ3z1LCZBinAHb42z0rfqhkAErSzZS0C9UP0q8SMJ9e0a > wMQ1v0idv4J+Sqp7lD/dJZ1GCsBvSU8xh0iDdWDKzL/kDTNaUSzgtlRaqg1OuLMB > oTTXxEX2nOsQYZYvbGByr7Qn+/jEh+tlqiRWf+jkGPD4yXa7ytAsu7SxKjM4wmCG > dYG1EAi+76/gq6He > =6Z4T > -----END PGP SIGNATURE----- > _______________________________________________ > Enterprise mailing list > [email protected] > https://mail.mozilla.org/listinfo/enterprise > > To unsubscribe from this list, please visit > https://mail.mozilla.org/listinfo/enterprise or send an email to > [email protected] with a subject of "unsubscribe" >
_______________________________________________ Enterprise mailing list [email protected] https://mail.mozilla.org/listinfo/enterprise To unsubscribe from this list, please visit https://mail.mozilla.org/listinfo/enterprise or send an email to [email protected] with a subject of "unsubscribe"
