security.enterprise_roots.enabled

Post Reply
sconsulting
Posts:5
Joined:Tue Jul 14, 2015 2:29 am
security.enterprise_roots.enabled

Post by sconsulting » Wed Nov 23, 2016 9:09 am

Hello there!

Are there any new admx templates available where I can configure this new setting (available since V49):
security.enterprise_roots.enabled

As described here
https://wiki.mozilla.org/CA:AddRootToFirefox

Thanks a lot!

NSheld
Posts:13
Joined:Thu Feb 16, 2012 5:08 am
Contact:

Re: security.enterprise_roots.enabled

Post by NSheld » Mon Nov 28, 2016 10:35 am

Great request.

Any news on the above?

Regards
http://anthemia.co.uk

http://nicksheldon.co.uk

MHX
Posts:32
Joined:Thu Oct 06, 2011 1:55 am

Re: security.enterprise_roots.enabled

Post by MHX » Mon Nov 28, 2016 12:48 pm

As with other newer settings that I like to configure by GPO that are missing in the ADMX template file because it is too old, I just added it myself.
But this time, it does not work.

My assumption is that it might be because Mozilla decided to hide this option in about:config (see https://bug98304.bugzilla.mozilla.org/s ... id=1298883) and that GPO settings in FirefoxCE can only be applied if they are visible. I do not know if that is true, just my guess.

If it is true, we need to wait till Firefox 53. :(

MHX
Posts:32
Joined:Thu Oct 06, 2011 1:55 am

Re: security.enterprise_roots.enabled

Post by MHX » Tue Mar 14, 2017 3:49 am

The option has been made visible in about:config earlier now for Firefox 52 instead of 53.
So, we can test it soon when FirefoxCE 52 will be available.

For those who want to add it to GPO template, you need to add the following lines in ADMX:

Code: Select all

<policy name="SECURITY_ENTERPRISE_ROOTS_ENABLED" class="Machine" displayName="$(string.SECURITY_ENTERPRISE_ROOTS_ENABLED)" explainText="$(string.SECURITY_ENTERPRISE_ROOTS_ENABLED)" key="Software\Policies\Mozilla\lockPref" valueName="security.enterprise_roots.enabled">
<parentCategory ref="SECURITY_CATEGORY" />
<supportedOn ref="windows:SUPPORTED_ProductOnly" />
<enabledValue><decimal value="1" /></enabledValue>
<disabledValue><decimal value="0" /></disabledValue>
</policy>
And this line in ADML:

Code: Select all

    <string id="SECURITY_ENTERPRISE_ROOTS_ENABLED">security.enterprise_roots.enabled</string>

Next-Energy
Posts:4
Joined:Tue Dec 15, 2015 3:38 am

Re: security.enterprise_roots.enabled

Post by Next-Energy » Thu Mar 23, 2017 7:35 am

@MHX
Your GPO addition works just fine, thank you very much. :)

Post Reply