Firefox 13 question

Would you like to see silent automatic updates when it is introduced with FF 13 either

Enabled
9
56%
Disabled
7
44%
 
Total votes: 16

Rick-PS
Posts:17
Joined:Tue Dec 20, 2011 5:08 am
Re: Firefox 13 question

Post by Rick-PS » Tue Jun 19, 2012 6:06 am

jpa wrote:Got it. Third and final option for those who can't wait for DraconPern to fulfill this request (which may never come.) Add a modified mozilla.cfg file to the deploy using a transform.

Put the following code into a text file named addmozcfg.vbs (very slightly modified from original located here)

Code: Select all

Option Explicit

Const MY_CONFIG = "mozilla.cfg"
Const CAB_FILE = "mozillacfg.cab"
Const MSI = "Firefox-13.0-en-US.msi"

Dim filesys : Set filesys=CreateObject("Scripting.FileSystemObject")

If filesys.FileExists("temp.tmp") Then filesys.DeleteFile("temp.tmp")
filesys.CopyFile MSI, "temp.tmp"

Dim installer, database, database2, view
Set installer = CreateObject("WindowsInstaller.Installer")
Set database = installer.OpenDatabase ("temp.tmp", 1)
Set database2 = installer.OpenDatabase (MSI, 1)

If Not filesys.FileExists(MY_CONFIG) Then WScript.Quit 2 ' No config file, abort!

Dim objFile, size, result, seq, objCab

' MakeCab object has been depreciated so we fallback to makecab.exe for with Windows 7
On Error Resume Next ' Disable error handling, for a moment
Set objCab = CreateObject("MakeCab.MakeCab.1") 
On Error Goto 0  ' Turn error handling back on

If IsObject(objCab) Then ' Object creation successful - use XP method   
    objCab.CreateCab CAB_FILE, False, False, False
    objCab.AddFile MY_CONFIG, filesys.GetFileName(MY_CONFIG)
    objCab.CloseCab
    Set objCab = Nothing
Else ' object creation failed - try Windows 7 method
    Dim WshShell, oExec
    Set WshShell = CreateObject("WScript.Shell")
    Set oExec = WshShell.Exec("makecab " & filesys.GetFileName(MY_CONFIG) & " " & CAB_FILE)
End If

Set objFile = filesys.GetFile(MY_CONFIG)
size = objFile.Size

Set view = database.OpenView ("SELECT LastSequence FROM Media WHERE DiskId = 1")
view.Execute
Set result = view.Fetch
seq = result.StringData(1) + 1 ' Sequence for new configuration file

Set view = database.OpenView ("INSERT INTO Media (DiskId, LastSequence, Cabinet) VALUES ('2', '" & seq & "', '" & CAB_FILE & "')")
view.Execute

Set view = database.OpenView ("UPDATE File SET FileSize = " & size & ", Sequence = " & seq & ", FileName = 'mozilla.cfg' WHERE File = '" & MY_CONFIG & "'")
view.Execute

database.GenerateTransform database2, "CustomConfig.mst"
database.CreateTransformSummaryInfo database2, "CustomConfig.mst", 0, 0
'filesys.DeleteFile("temp.tmp")

Set view = nothing
Set installer = nothing
Set database = nothing
Set database2 = nothing
Set filesys = Nothing
WScript.Quit 0
Create a custom mozilla.cfg with the following suggested contents:

Code: Select all

//
try {
lockPref("app.update.enabled", true);
lockPref("app.update.autoUpdateEnabled", true);
lockPref("extensions.update.enabled", true);
lockPref("extensions.update.autoUpdateEnabled", true);
lockPref("extensions.shownSelectionUI", true);
lockPref("extensions.autoDisableScopes", 0);
lockPref("browser.rights.3.shown", true);
lockPref("toolkit.telemetry.prompted", 2);
lockPref("toolkit.telemetry.rejected", true);
lockPref("toolkit.telemetry.enabled", false);
} catch(e) {
displayError("lockedPref", e);
}
Start a cmd prompt in the directory with the FF MSI, custom mozilla.cfg and modmozcfg.vbs files.
Run the following at the cmd prompt: "cscript modmozcfg.vbs"
You should get two new files: mozillacfg.cab and CustomConfig.mst (and temp.tmp which you can delete)
Make sure your install location contains the FF MSI, CustomConfig.mst and mozillacfg.cab files.
Install with GPO making sure to add the CustomConfig.mst to the Modifications tab
Or install with "msiexec /I FM<ver>.msi TRANSFORMS=CustomConfig.mst
Awesome, I'll give this a go and report back. Many thanks for the work that you have put into this.

Rick-PS
Posts:17
Joined:Tue Dec 20, 2011 5:08 am

Re: Firefox 13 question

Post by Rick-PS » Tue Jun 19, 2012 10:35 am

Hi there,

The above didn't seem to work. I was expecting that I would be updated to 13.0.1, is there some kind of delay on when the software updates itself?

User avatar
DraconPern
Site Admin
Posts:1218
Joined:Thu Oct 30, 2003 11:47 pm
Location:Texas
Contact:

Re: Firefox 13 question

Post by DraconPern » Tue Jun 19, 2012 1:25 pm

I really need to test out what the effects of turning this on will be. Especially on the interaction between the MSI installer system and firefox's auto update. I think though for most of my users, people are pushing the MSI through some managed system like SCCM. The auto update kind of is in the middle where you are no longer in control of what gets installed...
FrontMotion Lead Developer

jpa
Posts:122
Joined:Fri May 01, 2009 5:06 pm

Re: Firefox 13 question

Post by jpa » Tue Jun 19, 2012 3:10 pm

Rick-PS wrote:is there some kind of delay on when the software updates itself?
Yes? Go to Help -> About and it should update automatically rather than saying updates are managed by the Administrator.

Make sure to check the mozilla.cfg file in the Firefox install directory has the proper entries. I think the default app.update.interval is 86400 seconds which would mean it probably only checks once a day. I don't know the logic behind when it decides to check the first time.

I also don't know if the update service stuff gets installed by the MSI. Need to test.

jpa
Posts:122
Joined:Fri May 01, 2009 5:06 pm

Re: Firefox 13 question

Post by jpa » Tue Jun 19, 2012 6:08 pm

Tested a bit and I think you're out of luck. My changes will enable app update by a user with admin privileges but the FM MSI doesn't install the update service to keep Firefox automatically up to date. I should have expected this.

Rick-PS
Posts:17
Joined:Tue Dec 20, 2011 5:08 am

Re: Firefox 13 question

Post by Rick-PS » Wed Jun 20, 2012 4:55 am

DraconPern wrote:I really need to test out what the effects of turning this on will be. Especially on the interaction between the MSI installer system and firefox's auto update. I think though for most of my users, people are pushing the MSI through some managed system like SCCM. The auto update kind of is in the middle where you are no longer in control of what gets installed...
Unfortunately, in a company of less than 25 employees, with only one server that does everything, SCCM is way out of our budgetry league.
Also, we don't really care about the manageability, but more about keeping software patched and up to date as we're a web design firm.
The issue currently is that the users can't update most auto updated software, as they often require admin privileges to do so.
So I deploy via MSI currently for ease of deployment, but would prefer that it updated itself, to save some of the burden upon me of updating the GPO, but also so that we get any security updates though more quickly than we do waiting for new MSIs to be published here.
jpa wrote:Tested a bit and I think you're out of luck. My changes will enable app update by a user with admin privileges but the FM MSI doesn't install the update service to keep Firefox automatically up to date. I should have expected this.
Yeah, the updates started coming through today. Bit of a pain now as we're getting UAC boxes, doh!

User avatar
DraconPern
Site Admin
Posts:1218
Joined:Thu Oct 30, 2003 11:47 pm
Location:Texas
Contact:

Re: Firefox 13 question

Post by DraconPern » Wed Jun 20, 2012 5:09 am

Hummm an interesting thought would be.. for the MSI install to download and run the updated MSI. That might be a possiblity. I'll have to check, but I think that may be possible.
FrontMotion Lead Developer

m0gely
Posts:11
Joined:Thu Sep 18, 2008 4:26 pm

Re: Firefox 13 question

Post by m0gely » Fri Jun 22, 2012 3:17 pm

FYI, I don't know when this happened, but FF is like Chrome now in that it does not require admin rights to install. It detects a limited user account and if so, installs in the user's profile where it has write access rather than %programfiles%. So unless your environment is fairly locked down, limited users can install FF. I don't know if this will have any influence on the this thread, just a FYI.

User avatar
DraconPern
Site Admin
Posts:1218
Joined:Thu Oct 30, 2003 11:47 pm
Location:Texas
Contact:

Re: Firefox 13 question

Post by DraconPern » Fri Jun 22, 2012 11:14 pm

Hum.. recent versions also have an update service.
FrontMotion Lead Developer

Rick-PS
Posts:17
Joined:Tue Dec 20, 2011 5:08 am

Re: Firefox 13 question

Post by Rick-PS » Mon Jun 25, 2012 3:59 am

m0gely wrote:FYI, I don't know when this happened, but FF is like Chrome now in that it does not require admin rights to install. It detects a limited user account and if so, installs in the user's profile where it has write access rather than %programfiles%. So unless your environment is fairly locked down, limited users can install FF. I don't know if this will have any influence on the this thread, just a FYI.
Hmmm, this would require my users to have to go and download an the package. It's not a bad option, just that I'd rather get it onto the machines so that all users have access to the same software. I'll give it some thought though. Our only other issue then would be profile space as I limit this to 500MB currently; we're using roaming profiles.

MonkeyBoy
Posts:73
Joined:Wed Oct 05, 2011 2:37 pm

Re: Firefox 13 question

Post by MonkeyBoy » Thu Jun 28, 2012 4:14 pm

My concern about auto-updating would be if the auto-updater changed the installed application's unique ID.

Firefox 13, like all applications, is installed with a unique ID, which is what group policy checks to see if the application has already been installed. When the auto-update service goes from 13 to 14, does it change the unique ID? 13 isn't installed anymore, 14 is, and 14 should have a different unique ID than 13, because it's a different program. Now reboot the system a couple times. Group policy is going to run and see that that the unique id isn't present on the system anymore and attempt to install 13 all over again.

As for allowing users to install programs into their user folder, there's a very simple way to prevent this from working. Simply only allow executables to be run from %windir% and %programfiles% (or subdirs within either one). The user can't install software because they can't run an executable off their desktop. If they had managed to install unapproved software into their user folder before the policy was put in place the software won't run. And, best of all, malware that copies itself to %temp% or anywhere else inside their user folder can't run either.

Basically, if you want a limited user to be limited for security/stability purposes, you may as well make them limited.

Post Reply