Worklet: Enterprise Firefox policies onto windows devices

  • 14 September 2020
  • 0 replies
  • 63 views

Userlevel 4
Badge

Hi Guys, My security team was asking us to turn off DNS over HTTPS on our two browsers we support (firefox and chrome). On chrome its quite easy (drop a token that checks in with our enterprise gsuite) but for firefox, you need to drop a json file into the firefox directory.


Evaluation: We only want to drop this json file if the box has firefox installed but not the policies.json. So we exit 0 if either both are true, or firefox just doesnt exist.


$file = Test-Path 'C:\Program Files\Mozilla Firefox\distribution\policies.json' -PathType Leaf
$application = Test-Path 'C:\Program Files\Mozilla Firefox\firefox.exe' -PathType Leaf
if ($file -eq $true -And $application -eq $true)
{exit 0}
if ($application -eq $false)
{exit 0}
else
{exit 1}

Remediation:


Copy-Item .\policies.json -Destination "C:\ProgramData\amagent"
#########
#Copy over json before it gets to 64 bit powershell
$scriptblock = {
$software = "Mozilla Firefox";
$installed = (Get-ItemProperty HKLM:\Software\Microsoft\Windows\CurrentVersion\Uninstall\* | Where { $_.DisplayName -Match $software }) -ne $null
#########
#Check to see if Mozilla is even installed
Write-Output $installed
if(-Not $installed) {
$exists = $false
Write-Output "'$software' NOT is installed.";
} else {
$exists = $true
Write-Output "'$software' is installed."
}
#########
#If Mozilla is installed, create the correct folder
$folder = Test-Path 'C:\Program Files\Mozilla Firefox\distribution' -PathType Container
if ($folder -ne $true -and $exists -eq $true)
{New-Item -Path 'C:\Program Files\Mozilla Firefox' -Name "distribution" -ItemType "directory"
Write-Output "Created Folder"
$folder = Test-Path 'C:\Program Files\Mozilla Firefox\distribution' -PathType Container
}
#########
#Still if Mozilla is installed, grab correct json file and plop into newly made directory
if ($folder -eq $true -and $exists -eq $true)
{cp 'C:\ProgramData\amagent\policies.json' 'C:\Program Files\Mozilla Firefox\distribution'
echo "Created json file"
del 'C:\ProgramData\amagent\policies.json'
}
}
$returnCode = & "$env:SystemRoot\sysnative\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass -WindowStyle Hidden -NoProfile -NonInteractive -Command $scriptBlock

Also you’ll need to make a policies.json and upload it to the automox console for deployment. Heres the generator I used:


0 replies

Be the first to reply!

Reply