Skip to main content

Worklet: Enterprise Firefox policies onto windows devices

  • 14 September 2020
  • 0 replies
  • 68 views

Hi Guys, My security team was asking us to turn off DNS over HTTPS on our two browsers we support (firefox and chrome). On chrome its quite easy (drop a token that checks in with our enterprise gsuite) but for firefox, you need to drop a json file into the firefox directory.



Evaluation: We only want to drop this json file if the box has firefox installed but not the policies.json. So we exit 0 if either both are true, or firefox just doesnt exist.



$file = Test-Path 'C:\Program Files\Mozilla Firefox\distribution\policies.json' -PathType Leaf


$application = Test-Path 'C:\Program Files\Mozilla Firefox\firefox.exe' -PathType Leaf


if ($file -eq $true -And $application -eq $true)


    {exit 0}


if ($application -eq $false)


    {exit 0}


else 


    {exit 1}


Remediation:



Copy-Item .\policies.json -Destination "C:\ProgramData\amagent"


#########


#Copy over json before it gets to 64 bit powershell


$scriptblock = {


$software = "Mozilla Firefox";


$installed = (Get-ItemProperty HKLM:\Software\Microsoft\Windows\CurrentVersion\Uninstall\* | Where { $_.DisplayName -Match $software }) -ne $null


#########


#Check to see if Mozilla is even installed


Write-Output $installed


if(-Not $installed) {


    $exists = $false


    Write-Output "'$software' NOT is installed.";


} else {


    $exists = $true


    Write-Output "'$software' is installed."


}


#########


#If Mozilla is installed, create the correct folder


$folder = Test-Path 'C:\Program Files\Mozilla Firefox\distribution' -PathType Container


if ($folder -ne $true -and $exists -eq $true) 


    {New-Item -Path 'C:\Program Files\Mozilla Firefox' -Name "distribution" -ItemType "directory"


    Write-Output "Created Folder"


    $folder = Test-Path 'C:\Program Files\Mozilla Firefox\distribution' -PathType Container


    }


#########


#Still if Mozilla is installed, grab correct json file and plop into newly made directory


if ($folder -eq $true -and $exists -eq $true) 


    {cp 'C:\ProgramData\amagent\policies.json' 'C:\Program Files\Mozilla Firefox\distribution'


    echo "Created json file"


    del 'C:\ProgramData\amagent\policies.json'


    }


}


$returnCode = & "$env:SystemRoot\sysnative\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass -WindowStyle Hidden -NoProfile -NonInteractive -Command $scriptBlock


Also you’ll need to make a policies.json and upload it to the automox console for deployment. Heres the generator I used:


0 replies

Be the first to reply!

Reply


Terms & ConditionsCookie settings