Worklet: Enterprise Firefox policies onto windows devices

Forum|Forum|5 years ago
September 14, 2020
0 replies
79 views

Mrichards
Power User

Hi Guys, My security team was asking us to turn off DNS over HTTPS on our two browsers we support (firefox and chrome). On chrome its quite easy (drop a token that checks in with our enterprise gsuite) but for firefox, you need to drop a json file into the firefox directory.

Evaluation: We only want to drop this json file if the box has firefox installed but not the policies.json. So we exit 0 if either both are true, or firefox just doesnt exist.

$file = Test-Path 'C:\Program Files\Mozilla Firefox\distribution\policies.json' -PathType Leaf
$application = Test-Path 'C:\Program Files\Mozilla Firefox\firefox.exe' -PathType Leaf
if ($file -eq $true -And $application -eq $true)
    {exit 0}
if ($application -eq $false)
    {exit 0}
else 
    {exit 1}

Remediation:

Copy-Item .\policies.json -Destination "C:\ProgramData\amagent"
#########
#Copy over json before it gets to 64 bit powershell
$scriptblock = {
$software = "Mozilla Firefox";
$installed = (Get-ItemProperty HKLM:\Software\Microsoft\Windows\CurrentVersion\Uninstall\* | Where { $_.DisplayName -Match $software }) -ne $null
#########
#Check to see if Mozilla is even installed
Write-Output $installed
if(-Not $installed) {
    $exists = $false
    Write-Output "'$software' NOT is installed.";
} else {
    $exists = $true
    Write-Output "'$software' is installed."
}
#########
#If Mozilla is installed, create the correct folder
$folder = Test-Path 'C:\Program Files\Mozilla Firefox\distribution' -PathType Container
if ($folder -ne $true -and $exists -eq $true) 
    {New-Item -Path 'C:\Program Files\Mozilla Firefox' -Name "distribution" -ItemType "directory"
    Write-Output "Created Folder"
    $folder = Test-Path 'C:\Program Files\Mozilla Firefox\distribution' -PathType Container
    }
#########
#Still if Mozilla is installed, grab correct json file and plop into newly made directory
if ($folder -eq $true -and $exists -eq $true) 
    {cp 'C:\ProgramData\amagent\policies.json' 'C:\Program Files\Mozilla Firefox\distribution'
    echo "Created json file"
    del 'C:\ProgramData\amagent\policies.json'
    }
}
$returnCode = & "$env:SystemRoot\sysnative\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass -WindowStyle Hidden -NoProfile -NonInteractive -Command $scriptBlock

Also you’ll need to make a policies.json and upload it to the automox console for deployment. Heres the generator I used:

Sign up

Login to the community

Scanning file for viruses.

This file cannot be downloaded