Page 1 of 1

security.enterprise_roots.enabled

Posted: Wed Nov 23, 2016 9:09 am
by sconsulting
Hello there!

Are there any new admx templates available where I can configure this new setting (available since V49):
security.enterprise_roots.enabled

As described here
https://wiki.mozilla.org/CA:AddRootToFirefox

Thanks a lot!

Re: security.enterprise_roots.enabled

Posted: Mon Nov 28, 2016 10:35 am
by NSheld
Great request.

Any news on the above?

Regards

Re: security.enterprise_roots.enabled

Posted: Mon Nov 28, 2016 12:48 pm
by MHX
As with other newer settings that I like to configure by GPO that are missing in the ADMX template file because it is too old, I just added it myself.
But this time, it does not work.

My assumption is that it might be because Mozilla decided to hide this option in about:config (see https://bug98304.bugzilla.mozilla.org/s ... id=1298883) and that GPO settings in FirefoxCE can only be applied if they are visible. I do not know if that is true, just my guess.

If it is true, we need to wait till Firefox 53. :(

Re: security.enterprise_roots.enabled

Posted: Tue Mar 14, 2017 3:49 am
by MHX
The option has been made visible in about:config earlier now for Firefox 52 instead of 53.
So, we can test it soon when FirefoxCE 52 will be available.

For those who want to add it to GPO template, you need to add the following lines in ADMX:

Code: Select all

<policy name="SECURITY_ENTERPRISE_ROOTS_ENABLED" class="Machine" displayName="$(string.SECURITY_ENTERPRISE_ROOTS_ENABLED)" explainText="$(string.SECURITY_ENTERPRISE_ROOTS_ENABLED)" key="Software\Policies\Mozilla\lockPref" valueName="security.enterprise_roots.enabled">
<parentCategory ref="SECURITY_CATEGORY" />
<supportedOn ref="windows:SUPPORTED_ProductOnly" />
<enabledValue><decimal value="1" /></enabledValue>
<disabledValue><decimal value="0" /></disabledValue>
</policy>
And this line in ADML:

Code: Select all

    <string id="SECURITY_ENTERPRISE_ROOTS_ENABLED">security.enterprise_roots.enabled</string>

Re: security.enterprise_roots.enabled

Posted: Thu Mar 23, 2017 7:35 am
by Next-Energy
@MHX
Your GPO addition works just fine, thank you very much. :)