Worklet: Enterprise Firefox policies onto windows devices

  • 14 September 2020
  • 0 replies
  • 64 views
M
Userlevel 4
Badge

Hi Guys, My security team was asking us to turn off DNS over HTTPS on our two browsers we support (firefox and chrome). On chrome its quite easy (drop a token that checks in with our enterprise gsuite) but for firefox, you need to drop a json file into the firefox directory.


Evaluation: We only want to drop this json file if the box has firefox installed but not the policies.json. So we exit 0 if either both are true, or firefox just doesnt exist.


$file = Test-Path 'C:\Program Files\Mozilla Firefox\distribution\policies.json' -PathType Leaf

$application = Test-Path 'C:\Program Files\Mozilla Firefox\firefox.exe' -PathType Leaf

if ($file -eq $true -And $application -eq $true)

    {exit 0}

if ($application -eq $false)

    {exit 0}

else 

    {exit 1}

Remediation:


Copy-Item .\policies.json -Destination "C:\ProgramData\amagent"

#########

#Copy over json before it gets to 64 bit powershell

$scriptblock = {

$software = "Mozilla Firefox";

$installed = (Get-ItemProperty HKLM:\Software\Microsoft\Windows\CurrentVersion\Uninstall\* | Where { $_.DisplayName -Match $software }) -ne $null

#########

#Check to see if Mozilla is even installed

Write-Output $installed

if(-Not $installed) {

    $exists = $false

    Write-Output "'$software' NOT is installed.";

} else {

    $exists = $true

    Write-Output "'$software' is installed."

}

#########

#If Mozilla is installed, create the correct folder

$folder = Test-Path 'C:\Program Files\Mozilla Firefox\distribution' -PathType Container

if ($folder -ne $true -and $exists -eq $true) 

    {New-Item -Path 'C:\Program Files\Mozilla Firefox' -Name "distribution" -ItemType "directory"

    Write-Output "Created Folder"

    $folder = Test-Path 'C:\Program Files\Mozilla Firefox\distribution' -PathType Container

    }

#########

#Still if Mozilla is installed, grab correct json file and plop into newly made directory

if ($folder -eq $true -and $exists -eq $true) 

    {cp 'C:\ProgramData\amagent\policies.json' 'C:\Program Files\Mozilla Firefox\distribution'

    echo "Created json file"

    del 'C:\ProgramData\amagent\policies.json'

    }

}

$returnCode = & "$env:SystemRoot\sysnative\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass -WindowStyle Hidden -NoProfile -NonInteractive -Command $scriptBlock

Also you’ll need to make a policies.json and upload it to the automox console for deployment. Heres the generator I used:

0 replies

Be the first to reply!

Reply


Terms & ConditionsCookie settings