Skip to main content

Hi Guys, My security team was asking us to turn off DNS over HTTPS on our two browsers we support (firefox and chrome). On chrome its quite easy (drop a token that checks in with our enterprise gsuite) but for firefox, you need to drop a json file into the firefox directory.



Evaluation: We only want to drop this json file if the box has firefox installed but not the policies.json. So we exit 0 if either both are true, or firefox just doesnt exist.



$file = Test-Path 'C:\Program Files\Mozilla Firefox\distribution\policies.json' -PathType Leaf


$application = Test-Path 'C:\Program Files\Mozilla Firefox\firefox.exe' -PathType Leaf


if ($file -eq $true -And $application -eq $true)


    {exit 0}


if ($application -eq $false)


    {exit 0}


else 


    {exit 1}


Remediation:



Copy-Item .\policies.json -Destination "C:\ProgramData\amagent"


#########


#Copy over json before it gets to 64 bit powershell


$scriptblock = {


$software = "Mozilla Firefox";


$installed = (Get-ItemProperty HKLM:\Software\Microsoft\Windows\CurrentVersion\Uninstall\* | Where { $_.DisplayName -Match $software }) -ne $null


#########


#Check to see if Mozilla is even installed


Write-Output $installed


if(-Not $installed) {


    $exists = $false


    Write-Output "'$software' NOT is installed.";


} else {


    $exists = $true


    Write-Output "'$software' is installed."


}


#########


#If Mozilla is installed, create the correct folder


$folder = Test-Path 'C:\Program Files\Mozilla Firefox\distribution' -PathType Container


if ($folder -ne $true -and $exists -eq $true) 


    {New-Item -Path 'C:\Program Files\Mozilla Firefox' -Name "distribution" -ItemType "directory"


    Write-Output "Created Folder"


    $folder = Test-Path 'C:\Program Files\Mozilla Firefox\distribution' -PathType Container


    }


#########


#Still if Mozilla is installed, grab correct json file and plop into newly made directory


if ($folder -eq $true -and $exists -eq $true) 


    {cp 'C:\ProgramData\amagent\policies.json' 'C:\Program Files\Mozilla Firefox\distribution'


    echo "Created json file"


    del 'C:\ProgramData\amagent\policies.json'


    }


}


$returnCode = & "$env:SystemRoot\sysnative\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass -WindowStyle Hidden -NoProfile -NonInteractive -Command $scriptBlock


Also you’ll need to make a policies.json and upload it to the automox console for deployment. Heres the generator I used:


Be the first to reply!

Reply


Terms & ConditionsCookie settings