Worklet: Enterprise Firefox policies onto windows devices

4 years ago
September 14, 2020
0 replies
73 views

Mrichards
Power User
58 replies

Hi Guys, My security team was asking us to turn off DNS over HTTPS on our two browsers we support (firefox and chrome). On chrome its quite easy (drop a token that checks in with our enterprise gsuite) but for firefox, you need to drop a json file into the firefox directory.

Evaluation: We only want to drop this json file if the box has firefox installed but not the policies.json. So we exit 0 if either both are true, or firefox just doesnt exist.

$file = Test-Path 'C:\Program Files\Mozilla Firefox\distribution\policies.json' -PathType Leaf
$application = Test-Path 'C:\Program Files\Mozilla Firefox\firefox.exe' -PathType Leaf
if ($file -eq $true -And $application -eq $true)
    {exit 0}
if ($application -eq $false)
    {exit 0}
else 
    {exit 1}

Remediation:

Copy-Item .\policies.json -Destination "C:\ProgramData\amagent"
#########
#Copy over json before it gets to 64 bit powershell
$scriptblock = {
$software = "Mozilla Firefox";
$installed = (Get-ItemProperty HKLM:\Software\Microsoft\Windows\CurrentVersion\Uninstall\* | Where { $_.DisplayName -Match $software }) -ne $null
#########
#Check to see if Mozilla is even installed
Write-Output $installed
if(-Not $installed) {
    $exists = $false
    Write-Output "'$software' NOT is installed.";
} else {
    $exists = $true
    Write-Output "'$software' is installed."
}
#########
#If Mozilla is installed, create the correct folder
$folder = Test-Path 'C:\Program Files\Mozilla Firefox\distribution' -PathType Container
if ($folder -ne $true -and $exists -eq $true) 
    {New-Item -Path 'C:\Program Files\Mozilla Firefox' -Name "distribution" -ItemType "directory"
    Write-Output "Created Folder"
    $folder = Test-Path 'C:\Program Files\Mozilla Firefox\distribution' -PathType Container
    }
#########
#Still if Mozilla is installed, grab correct json file and plop into newly made directory
if ($folder -eq $true -and $exists -eq $true) 
    {cp 'C:\ProgramData\amagent\policies.json' 'C:\Program Files\Mozilla Firefox\distribution'
    echo "Created json file"
    del 'C:\ProgramData\amagent\policies.json'
    }
}
$returnCode = & "$env:SystemRoot\sysnative\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass -WindowStyle Hidden -NoProfile -NonInteractive -Command $scriptBlock

Also you’ll need to make a policies.json and upload it to the automox console for deployment. Heres the generator I used:

Be the first to reply!

Reply

Cookie policy

We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

Cookie settings

We use 3 different kinds of cookies. You can choose which cookies you want to accept. We need basic cookies to make this site work, therefore these are the minimum you can select. Learn more about our cookies.

Basic
Functional

Normal
Functional + analytics

Complete
Functional + analytics + social media + embedded videos

Reply

Is Proxy for Mobile Necessary?

Bug with displaying of deprecated parameters (?)icon

React Native SDK v2

April Product Release Highlights

Amplitude in Hybrid mobile appicon

Sign up

Login to the community

Scanning file for viruses.

This file cannot be downloaded

Cookie policy

Cookie settings