I’m a big fan of Munki (pronounced monkey, /ˈmʌŋki/, m ah nk ee, or Mung - KEY) an open-source project started by Walt Disney Animation Studios to deploy software and packages to Mac OS X and MacOS based clients. It is written mostly in Python, and it provides a nice way to enforce software installation and/or updates. And since it offers a Mac App Store like Client experience a lot of optional installations (e.g. self-service).
One of the things that I find very useful: You can use scripting as pre- and post-installation parts to customize everything. A few years ago (yep, I use this software for a while now) I started to build several packaged for others. Then the fist enterprise came along and asked me to help them out with an existing Munki installation, during that project, I created a lot of new packages and tweaked most of the existing ones.
Now, a couple of projects and years later, I found, that many still have issues creating packages with customization.
Here is my approach, and I try to stick with it whenever possible: Use packages that you can get from the Vendor, or the Project (if open Source). Even better: Establish an AutoPKG process and work with overrides!
Then use the power of shell scripts to tweak and customize. I’m a scripting guy! I know.
Here is an example for a script that heavily customize a Mozilla FireFox:
#!/usr/bin/env bash
# --------------------------------------------------------------------------------
# NAME: FireFox_Tweaks.sh
#
# SYNOPSIS: Mozilla FireFox ESR deployment customisation
#
# DESCRIPTION: Mozilla FireFox deployment customisation for Munki based
# Deployments/installation.
#
# NOTES: I use this with a Munki Deployment, but you might use with a local
# installation as well. Review my settings, before use it.
# Some settings are no (no longer) supported (legacy) or based on
# Windows, but I want to keep the files identical.
# I use this with the regular FireFox package, the developer edition,
## and the ESP (mainly) Release on a regular Munki deployment system.
#
# AUTHOR: Joerg Hochwald <[email protected]>
# LICENSE: BSD 3-clause "New" or "Revised" License
# https://opensource.org/licenses/BSD-3-Clause
#
# INSTALL: Paste this in the postinstall_script section of the package (PLIST)
# --------------------------------------------------------------------------------
# Check if we are root
if (( $EUID != 0 )); then
echo "Please run as root"
exit
fi
export LANG="en_US.UTF-8"
export LANGUAGE="en_US.UTF-8"
export LC_ALL="en_US.UTF-8"
# Create the local-settings.js file
/bin/cat <<EOF > /Applications/Firefox.app/Contents/Resources/defaults/pref/local-settings.js
pref("general.config.filename", "mozilla.cfg");
pref("general.config.obscure_value", 0);
EOF
# Create the mozilla.cfg that contains our custom preferences
/bin/cat <<EOF > /Applications/Firefox.app/Contents/Resources/mozilla.cfg
//
lockPref("browser.startup.homepage_override.mstone", "ignore");
lockPref("browser.shell.checkDefaultBrowser", false);
lockPref("app.update.enabled", false);
lockPref("app.update.auto", false);
lockPref("app.update.mode", 0);
lockPref("app.update.service.enabled", false);
lockPref("datareporting.healthreport.service.enabled", false);
lockPref("datareporting.healthreport.uploadEnabled", false);
lockPref("datareporting.policy.dataSubmissionEnabled", false);
lockPref("toolkit.crashreporter.enabled", false);
Components.classes["@mozilla.org/toolkit/crash-reporter;1"].getService(Components.interfaces.nsICrashReporter).submitReports = false;
pref("browser.rights.3.shown", true);
pref("plugins.notifyMissingFlash", false);
pref("browser.shell.shortcutFavicons",true);
pref("browser.urlbar.trimURLs", false);
pref("browser.startup.homepage_override.mstone","ignore");
pref("geo.enabled", false);
pref("geo.wifi.uri", "");
pref("dom.battery.enabled", false);
pref("dom.gamepad.enabled", false);
pref("media.video_stats.enabled", false);
defaultPref("browser.startup.homepage","data:text/plain,browser.startup.homepage=http://www.enatec.io");
defaultPref("security.enterprise_roots.enabled", true);
defaultPref("network.automatic-ntlm-auth.allow-proxies", true);
defaultPref("network.automatic-ntlm-auth.trusted-uris", "build.enatec.net,sso.enatec.net,outlook.enatec.net,*.enatec.net");
defaultPref("browser.startup.page", 1);
defaultPref("config.lockdown.disable_themes", true);
defaultPref("browser.download.manager.closeWhenDone", true);
defaultPref("dom.disable_open_during_load", true);
defaultPref("permissions.default.image", 1);
defaultPref("javascript.enabled", true);
defaultPref("pref.advanced.javascript.disable_button.advanced", false);
defaultPref("security.enable_java", true);
defaultPref("security.default_personal_cert", "Ask Every Time");
defaultPref("browser.download.manager.showWhenStarting", false);
defaultPref("browser.download.manager.closeWhenDone", true);
defaultPref("browser.download.useDownloadDir", true);
defaultPref("browser.download.folderList", 2);
defaultPref("browser.tabs.autoHide", false);
defaultPref("browser.tabs.loadInBackground", false);
defaultPref("browser.history_expire_days", 7);
defaultPref("browser.history_expire_days.mirror", 7);
defaultPref("privacy.sanitize.sanitizeOnShutdown", true);
defaultPref("privacy.item.cookies", false);
defaultPref("privacy.item.downloads", false);
defaultPref("privacy.item.formdata", false);
defaultPref("privacy.item.history", false);
defaultPref("privacy.item.cache", true);
defaultPref("privacy.item.sessions", true);
defaultPref("privacy.sanitize.promptOnSanitize", false);
defaultPref("browser.safebrowsing.enabled", true);
defaultPref("general.smoothScroll", true);
defaultPref("general.autoScroll", false);
defaultPref("privacy.item.cache", true);
defaultPref("privacy.item.sessions", true);
defaultPref("network.cookie.cookieBehavior", 3);
defaultPref("browser.search.countryCode", "DE");
defaultPref("browser.search.hiddenOneOffs", "Amazon.com,Twitter,Wikipedia (en)");
defaultPref("browser.search.region", "DE");
defaultPref("browser.link.open_newwindow", 2);
defaultPref("browser.newtabpage.enhanced", true);
defaultPref("browser.newtabpage.storageVersion", 1);
defaultPref("network.predictor.cleaned-up", true);
defaultPref("gfx.direct2d.disabled", true);
defaultPref("layers.acceleration.disabled", true);
defaultPref("browser.cache.disk_cache_ssl", false);
defaultPref("privacy.donottrackheader.enabled", true);
defaultPref("privacy.donottrackheader.value", 1);
defaultPref("security.dialog_enable_delay", 2000);
defaultPref("security.enable_ssl3", true);
defaultPref("security.enable.tls", true);
lockPref("breakpad.reportURL", "");
lockPref("browser.tabs.crashReporting.sendReport", false);
lockPref("datareporting.healthreport.documentServerURI", "");
lockPref("datareporting.healthreport.service.enabled", false);
lockPref("datareporting.healthreport.uploadEnabled", false);
lockPref("datareporting.policy.dataSubmissionEnabled", false);
lockPref("datareporting.policy.dataSubmissionEnabled.v2", false); // Firefox 43+ ?
lockPref("dom.ipc.plugins.flash.subprocess.crashreporter.enabled", false);
lockPref("dom.ipc.plugins.reportCrashURL", false);
lockPref("toolkit.telemetry.archive.enabled", false);
lockPref("toolkit.telemetry.cachedClientID", "");
lockPref("toolkit.telemetry.enabled", false);
lockPref("toolkit.telemetry.prompted", 2);
lockPref("toolkit.telemetry.rejected", true);
lockPref("toolkit.telemetry.server", "");
lockPref("toolkit.telemetry.unified", false);
lockPref("toolkit.telemetry.unifiedIsOptIn", true);
lockPref("toolkit.telemetry.optoutSample", false);
lockPref("identity.fxaccounts.auth.uri", "");
lockPref("identity.fxaccounts.remote.force_auth.uri", "");
lockPref("identity.fxaccounts.remote.signin.uri", "");
lockPref("identity.fxaccounts.remote.signup.uri", "");
lockPref("identity.fxaccounts.settings.uri", "");
lockPref("services.sync.autoconnect", false);
lockPref("services.sync.engine.addons", false);
lockPref("services.sync.engine.bookmarks", false);
lockPref("services.sync.engine.history", false);
lockPref("services.sync.engine.passwords", false);
lockPref("services.sync.engine.prefs", false);
lockPref("services.sync.engine.tabs", false);
lockPref("services.sync.serverURL", "");
lockPref("breakpad.reportURL", "");
lockPref("browser.tabs.crashReporting.sendReport", false);
lockPref("datareporting.healthreport.documentServerURI", "");
lockPref("datareporting.healthreport.service.enabled", false);
lockPref("datareporting.healthreport.uploadEnabled", false);
lockPref("datareporting.policy.dataSubmissionEnabled", false);
lockPref("datareporting.policy.dataSubmissionEnabled.v2", false); // Firefox 43+ ?
lockPref("dom.ipc.plugins.flash.subprocess.crashreporter.enabled", false);
lockPref("dom.ipc.plugins.reportCrashURL", false);
lockPref("toolkit.telemetry.archive.enabled", false);
lockPref("toolkit.telemetry.cachedClientID", "");
lockPref("toolkit.telemetry.enabled", false);
lockPref("toolkit.telemetry.prompted", 2);
lockPref("toolkit.telemetry.rejected", true);
lockPref("toolkit.telemetry.server", "");
lockPref("toolkit.telemetry.unified", false);
lockPref("toolkit.telemetry.unifiedIsOptIn", true);
lockPref("toolkit.telemetry.optoutSample", false);
lockPref("browser.safebrowsing.enabled", false);
lockPref("browser.safebrowsing.downloads.enabled", false);
lockPref("browser.safebrowsing.malware.enabled", false);
lockPref("browser.urlbar.filter.javascript", true);
lockPref("network.cookie.cookieBehavior", 1);
lockPref("plugin.state.flash", 2);
lockPref("browser.pocket.enabled", false);
lockPref("signon.expireMasterPassword", true);
lockPref("browser.cache.disk.capacity", 1024);
lockPref("browser.cache.disk.smart_size.enabled", false);
lockPref("browser.cache.disk.smart_size.first_run", false);
lockPref("browser.cache.disk.smart_size.use_old_max", false);
EOF
# Create override.ini to suppress fristrun wizzard (e.g. Import Data)
/bin/cat <<EOF > /Applications/Firefox.app/Contents/Resources/browser/override.ini
[XRE]
EnableProfileMigrator=false
EOF
# Create the Directory structure
/bin/mkdir -p /Applications/Firefox.app/Contents/Resources/browser/profile/chrome
# Create userChrome.css to remove several elements
/bin/cat <<EOF > /Applications/Firefox.app/Contents/Resources/browser/profile/chrome/userChrome.css
/* UserChrome.css for Mozilla Firefox */
/* Remove access to user interface elements that are not suitable for application virtualization */
/* Options - Advanced - General - System Defaults */
#systemDefaultsGroup { display: none !important; }
/* Options / Advanced / Update / Firefox updates group box */
#updateApp { display: none !important; }
/* Help - About - Check for Updates button */
#updateButton { display: none !important; }
EOF
There is also a Gist for that.
This should work with the regular Mozilla FireFox distribution, the FireFox Developer Edition, and the ESR Edition (my favorite).
Here is a PLIST File that should work with a plain Munki installation:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>_metadata</key>
<dict>
<key>created_by</key>
<string>macadmin</string>
<key>creation_date</key>
<date>2017-06-30T22:05:31Z</date>
<key>munki_version</key>
<string>3.0.2.3347</string>
<key>os_version</key>
<string>10.12.5</string>
</dict>
<key>autoremove</key>
<false/>
<key>catalogs</key>
<array>
<string>testing</string>
</array>
<key>category</key>
<string>Internet</string>
<key>description</key>
<string>Mozilla Firefox is a free and open source web browser.</string>
<key>developer</key>
<string>Mozilla</string>
<key>display_name</key>
<string>Mozilla Firefox</string>
<key>installer_item_hash</key>
<string>5ec2a1bac1059932399bdbbc9fb64fdd51f069db8768f2b52b080218eb019773</string>
<key>installer_item_location</key>
<string>apps/firefox/Firefox-54.0.1.dmg</string>
<key>installer_item_size</key>
<integer>58252</integer>
<key>installer_type</key>
<string>copy_from_dmg</string>
<key>installs</key>
<array>
<dict>
<key>CFBundleIdentifier</key>
<string>org.mozilla.firefox</string>
<key>CFBundleName</key>
<string>Firefox</string>
<key>CFBundleShortVersionString</key>
<string>54.0.1</string>
<key>CFBundleVersion</key>
<string>5417.6.28</string>
<key>minosversion</key>
<string>10.9.0</string>
<key>path</key>
<string>/Applications/Firefox.app</string>
<key>type</key>
<string>application</string>
<key>version_comparison_key</key>
<string>CFBundleShortVersionString</string>
</dict>
</array>
<key>items_to_copy</key>
<array>
<dict>
<key>destination_path</key>
<string>/Applications</string>
<key>source_item</key>
<string>Firefox.app</string>
</dict>
</array>
<key>minimum_os_version</key>
<string>10.9.0</string>
<key>name</key>
<string>Firefox</string>
<key>postinstall_script</key>
<string>#!/usr/bin/env bash
# --------------------------------------------------------------------------------
# NAME: FireFox_Tweaks.sh
# SYNOPSIS: Mozilla FireFox ESR deployment customisation
# DESCRIPTION: Mozilla FireFox deployment customisation for Munki based
# Deployments/installation.
# NOTES: I use this with a Munki Deployment, but you might use with a local
# installation as well. Review my settings, before use it.
# Some settings are no (no longer) supported (legacy) or based on
# Windows, but I want to keep the files identical.
# AUTHOR: Joerg Hochwald <joerg.hochwald@outlook.com>
# LICENSE: BSD 3-clause "New" or "Revised" License
# https://opensource.org/licenses/BSD-3-Clause
# --------------------------------------------------------------------------------
# Check if we are root
if (( $EUID != 0 )); then
echo "Please run as root"
exit
fi
export LANG="en_US.UTF-8"
export LANGUAGE="en_US.UTF-8"
export LC_ALL="en_US.UTF-8"
# Create the local-settings.js file
/bin/cat <<EOF > /Applications/Firefox.app/Contents/Resources/defaults/pref/local-settings.js
pref("general.config.filename", "mozilla.cfg");
pref("general.config.obscure_value", 0);
EOF
# Create the mozilla.cfg that contains our custom preferences
/bin/cat <<EOF > /Applications/Firefox.app/Contents/Resources/mozilla.cfg
//
lockPref("browser.startup.homepage_override.mstone", "ignore");
lockPref("browser.shell.checkDefaultBrowser", false);
lockPref("app.update.enabled", false);
lockPref("app.update.auto", false);
lockPref("app.update.mode", 0);
lockPref("app.update.service.enabled", false);
lockPref("datareporting.healthreport.service.enabled", false);
lockPref("datareporting.healthreport.uploadEnabled", false);
lockPref("datareporting.policy.dataSubmissionEnabled", false);
lockPref("toolkit.crashreporter.enabled", false);
Components.classes["@mozilla.org/toolkit/crash-reporter;1"].getService(Components.interfaces.nsICrashReporter).submitReports = false;
pref("browser.rights.3.shown", true);
pref("plugins.notifyMissingFlash", false);
pref("browser.shell.shortcutFavicons",true);
pref("browser.urlbar.trimURLs", false);
pref("browser.startup.homepage_override.mstone","ignore");
pref("geo.enabled", false);
pref("geo.wifi.uri", "");
pref("dom.battery.enabled", false);
pref("dom.gamepad.enabled", false);
pref("media.video_stats.enabled", false);
defaultPref("browser.startup.homepage","data:text/plain,browser.startup.homepage=http://www.enatec.io");
defaultPref("security.enterprise_roots.enabled", true);
defaultPref("network.automatic-ntlm-auth.allow-proxies", true);
defaultPref("network.automatic-ntlm-auth.trusted-uris", "build.enatec.net,sso.enatec.net,outlook.enatec.net,*.enatec.net");
defaultPref("browser.startup.page", 1);
defaultPref("config.lockdown.disable_themes", true);
defaultPref("browser.download.manager.closeWhenDone", true);
defaultPref("dom.disable_open_during_load", true);
defaultPref("permissions.default.image", 1);
defaultPref("javascript.enabled", true);
defaultPref("pref.advanced.javascript.disable_button.advanced", false);
defaultPref("security.enable_java", true);
defaultPref("security.default_personal_cert", "Ask Every Time");
defaultPref("browser.download.manager.showWhenStarting", false);
defaultPref("browser.download.manager.closeWhenDone", true);
defaultPref("browser.download.useDownloadDir", true);
defaultPref("browser.download.folderList", 2);
defaultPref("browser.tabs.autoHide", false);
defaultPref("browser.tabs.loadInBackground", false);
defaultPref("browser.history_expire_days", 7);
defaultPref("browser.history_expire_days.mirror", 7);
defaultPref("privacy.sanitize.sanitizeOnShutdown", true);
defaultPref("privacy.item.cookies", false);
defaultPref("privacy.item.downloads", false);
defaultPref("privacy.item.formdata", false);
defaultPref("privacy.item.history", false);
defaultPref("privacy.item.cache", true);
defaultPref("privacy.item.sessions", true);
defaultPref("privacy.sanitize.promptOnSanitize", false);
defaultPref("browser.safebrowsing.enabled", true);
defaultPref("general.smoothScroll", true);
defaultPref("general.autoScroll", false);
defaultPref("privacy.item.cache", true);
defaultPref("privacy.item.sessions", true);
defaultPref("network.cookie.cookieBehavior", 3);
defaultPref("browser.search.countryCode", "DE");
defaultPref("browser.search.hiddenOneOffs", "Amazon.com,Twitter,Wikipedia (en)");
defaultPref("browser.search.region", "DE");
defaultPref("browser.link.open_newwindow", 2);
defaultPref("browser.newtabpage.enhanced", true);
defaultPref("browser.newtabpage.storageVersion", 1);
defaultPref("network.predictor.cleaned-up", true);
defaultPref("gfx.direct2d.disabled", true);
defaultPref("layers.acceleration.disabled", true);
defaultPref("browser.cache.disk_cache_ssl", false);
defaultPref("privacy.donottrackheader.enabled", true);
defaultPref("privacy.donottrackheader.value", 1);
defaultPref("security.dialog_enable_delay", 2000);
defaultPref("security.enable_ssl3", true);
defaultPref("security.enable.tls", true);
lockPref("breakpad.reportURL", "");
lockPref("browser.tabs.crashReporting.sendReport", false);
lockPref("datareporting.healthreport.documentServerURI", "");
lockPref("datareporting.healthreport.service.enabled", false);
lockPref("datareporting.healthreport.uploadEnabled", false);
lockPref("datareporting.policy.dataSubmissionEnabled", false);
lockPref("datareporting.policy.dataSubmissionEnabled.v2", false); // Firefox 43+ ?
lockPref("dom.ipc.plugins.flash.subprocess.crashreporter.enabled", false);
lockPref("dom.ipc.plugins.reportCrashURL", false);
lockPref("toolkit.telemetry.archive.enabled", false);
lockPref("toolkit.telemetry.cachedClientID", "");
lockPref("toolkit.telemetry.enabled", false);
lockPref("toolkit.telemetry.prompted", 2);
lockPref("toolkit.telemetry.rejected", true);
lockPref("toolkit.telemetry.server", "");
lockPref("toolkit.telemetry.unified", false);
lockPref("toolkit.telemetry.unifiedIsOptIn", true);
lockPref("toolkit.telemetry.optoutSample", false);
lockPref("identity.fxaccounts.auth.uri", "");
lockPref("identity.fxaccounts.remote.force_auth.uri", "");
lockPref("identity.fxaccounts.remote.signin.uri", "");
lockPref("identity.fxaccounts.remote.signup.uri", "");
lockPref("identity.fxaccounts.settings.uri", "");
lockPref("services.sync.autoconnect", false);
lockPref("services.sync.engine.addons", false);
lockPref("services.sync.engine.bookmarks", false);
lockPref("services.sync.engine.history", false);
lockPref("services.sync.engine.passwords", false);
lockPref("services.sync.engine.prefs", false);
lockPref("services.sync.engine.tabs", false);
lockPref("services.sync.serverURL", "");
lockPref("breakpad.reportURL", "");
lockPref("browser.tabs.crashReporting.sendReport", false);
lockPref("datareporting.healthreport.documentServerURI", "");
lockPref("datareporting.healthreport.service.enabled", false);
lockPref("datareporting.healthreport.uploadEnabled", false);
lockPref("datareporting.policy.dataSubmissionEnabled", false);
lockPref("datareporting.policy.dataSubmissionEnabled.v2", false); // Firefox 43+ ?
lockPref("dom.ipc.plugins.flash.subprocess.crashreporter.enabled", false);
lockPref("dom.ipc.plugins.reportCrashURL", false);
lockPref("toolkit.telemetry.archive.enabled", false);
lockPref("toolkit.telemetry.cachedClientID", "");
lockPref("toolkit.telemetry.enabled", false);
lockPref("toolkit.telemetry.prompted", 2);
lockPref("toolkit.telemetry.rejected", true);
lockPref("toolkit.telemetry.server", "");
lockPref("toolkit.telemetry.unified", false);
lockPref("toolkit.telemetry.unifiedIsOptIn", true);
lockPref("toolkit.telemetry.optoutSample", false);
lockPref("browser.safebrowsing.enabled", false);
lockPref("browser.safebrowsing.downloads.enabled", false);
lockPref("browser.safebrowsing.malware.enabled", false);
lockPref("browser.urlbar.filter.javascript", true);
lockPref("network.cookie.cookieBehavior", 1);
lockPref("plugin.state.flash", 2);
lockPref("browser.pocket.enabled", false);
lockPref("signon.expireMasterPassword", true);
lockPref("browser.cache.disk.capacity", 1024);
lockPref("browser.cache.disk.smart_size.enabled", false);
lockPref("browser.cache.disk.smart_size.first_run", false);
lockPref("browser.cache.disk.smart_size.use_old_max", false);
EOF
# Create override.ini to suppress fristrun wizzard (e.g. Import Data)
/bin/cat <<EOF > /Applications/Firefox.app/Contents/Resources/browser/override.ini
[XRE]
EnableProfileMigrator=false
EOF
# Create the Directory structure
/bin/mkdir -p /Applications/Firefox.app/Contents/Resources/browser/profile/chrome
# Create userChrome.css to remove several elements
/bin/cat <<EOF > /Applications/Firefox.app/Contents/Resources/browser/profile/chrome/userChrome.css
/* UserChrome.css for Mozilla Firefox */
/* Remove access to user interface elements that are not suitable for application virtualization */
/* Options - Advanced - General - System Defaults */
#systemDefaultsGroup { display: none !important; }
/* Options / Advanced / Update / Firefox updates group box */
#updateApp { display: none !important; }
/* Help - About - Check for Updates button */
#updateButton { display: none !important; }
EOF</string>
<key>unattended_install</key>
<true/>
<key>unattended_uninstall</key>
<false/>
<key>uninstall_method</key>
<string>remove_copied_items</string>
<key>uninstallable</key>
<true/>
<key>version</key>
<string>54.0.1</string>
</dict>
</plist>
There is also a Gist for that.
Why am I writing about something that I do for such a long time? This Weekend a customer challenged me, with the following request: “We know you are a typical Server guy, could you help us to create a few packages?” (to explain that “Server guy”: I support them with Exchange and Windows Servers in general) Me: „Yep, sure! Why not“ Customer: „There is one thing: We use EMCO Remote Installer! And we talk about Windows.“
First, I was a skeptical, and my first idea was to call a friend (He is a crack when it comes to Windows packing and deployment, even if he uses another product). Then I started a bit of research, and soon I figured out: The EMCO Remote Installer supports PowerShell“! And here we go again, I’m a scripting guy and after a few hours, we had around 10 packages ready, without repacking any MSI! All because of the power that the Shell provides!
Here is the same as above, just for 64Bit Windows:
<#
.SYNOPSIS
Mozilla FireFox deployment customisation
.DESCRIPTION
Mozilla FireFox deployment customisation for 64bit Windows based installation.
This version supports 64Bit only. If you plan to use it with a 32Bit deployment, you will
need to tweak the Path (at least if the OS is 64Bit)
.EXAMPLE
PS C:\> .\FireFox_Tweaks.ps1
.NOTES
Usedd to deploy a streamlined Mozilla Firefox accross the Enterprise by using EMCO remote
Installer. It should work with all deployment tools that support PowerShell Script execution
as part of the deployment. A friend tested it with SCCM and it worked just fine.
#>
#requires -Version 2.0
$ENC = 'UTF8'
$SC = 'SilentlyContinue'
$targetDir = "$env:ProgramFiles\Mozilla Firefox\defaults\pref\"
$CFGTargetDir = "$env:ProgramFiles\Mozilla Firefox\"
$OverrideTargetDir = "$env:ProgramFiles\Mozilla Firefox\browser\"
$userChromeTargetDir = "$env:ProgramFiles\Mozilla Firefox\browser\profile\chrome\"
$CustomConfig = 'mozilla.cfg'
$CustomOverride = 'override.ini'
$AutoConfig = 'autoconfig.js'
$UserChromeCssName = 'userChrome.css'
if (Test-Path -Path $targetDir -ErrorAction $SC -WarningAction $SC)
{
$AutoCfg = ($targetDir + $AutoConfig)
$MozillaCfg = ($CFGTargetDir + $CustomConfig)
$OverrideIni = ($OverrideTargetDir + $CustomOverride)
$UserChromeCss = ($userChromeTargetDir + $UserChromeCssName)
#region CreateStructure
# Create the missing structure
if (-not (Test-Path -Path $userChromeTargetDir -ErrorAction $SC -WarningAction $SC))
{
$paramNewItem = @{
Path = $userChromeTargetDir
ItemType = 'directory'
Force = $true
Confirm = $false
ErrorAction = $SC
WarningAction = $SC
}
$null = (New-Item @paramNewItem)
}
#endregion CreateStructure
#region UserChromeCss
if (Test-Path -Path $UserChromeCss -ErrorAction $SC -WarningAction $SC)
{
$paramRemoveItem = @{
Force = $true
ErrorAction = $SC
WarningAction = $SC
Confirm = $false
}
$null = (Remove-Item $UserChromeCss @paramRemoveItem)
}
[string]$UserChromeCssContent = '/* UserChrome.css for Mozilla Firefox */
/* Remove access to user interface elements that are not suitable for application virtualization */
/* Options - Advanced - General - System Defaults */
#systemDefaultsGroup { display: none !important; }
/* Options / Advanced / Update / Firefox updates group box */
#updateApp { display: none !important; }
/* Help - About - Check for Updates button */
#updateButton { display: none !important; }
'
$paramSetContent = @{
Path = $UserChromeCss
Value = $UserChromeCssContent
Force = $true
Encoding = $ENC
ErrorAction = $SC
WarningAction = $SC
}
$null = (Set-Content @paramSetContent)
#endregion UserChromeCss
#region AutoCfg
if (Test-Path -Path $AutoCfg -ErrorAction $SC -WarningAction $SC)
{
$paramRemoveItem = @{
Force = $true
ErrorAction = $SC
WarningAction = $SC
Confirm = $false
}
$null = (Remove-Item $AutoCfg @paramRemoveItem)
}
[string]$AutoCfgContent = 'pref("general.config.filename", "mozilla.cfg");
pref("general.config.obscure_value", 0);
'
$paramSetContent = @{
Path = $AutoCfg
Value = $AutoCfgContent
Force = $true
Encoding = $ENC
ErrorAction = $SC
WarningAction = $SC
}
$null = (Set-Content @paramSetContent)
#endregion AutoCfg
#region MozillaCfg
if (Test-Path -Path $MozillaCfg -ErrorAction $SC -WarningAction $SC)
{
$paramRemoveItem = @{
Force = $true
ErrorAction = $SC
WarningAction = $SC
Confirm = $false
}
$null = (Remove-Item $MozillaCfg @paramRemoveItem)
}
[string]$TargetContent = '//
lockPref("browser.startup.homepage_override.mstone", "ignore");
lockPref("browser.shell.checkDefaultBrowser", false);
lockPref("app.update.enabled", false);
lockPref("app.update.auto", false);
lockPref("app.update.mode", 0);
lockPref("app.update.service.enabled", false);
lockPref("datareporting.healthreport.service.enabled", false);
lockPref("datareporting.healthreport.uploadEnabled", false);
lockPref("datareporting.policy.dataSubmissionEnabled", false);
lockPref("toolkit.crashreporter.enabled", false);
Components.classes["@mozilla.org/toolkit/crash-reporter;1"].getService(Components.interfaces.nsICrashReporter).submitReports = false;
pref("browser.rights.3.shown", true);
pref("plugins.notifyMissingFlash", false);
pref("browser.shell.shortcutFavicons",true);
pref("browser.urlbar.trimURLs", false);
pref("browser.startup.homepage_override.mstone","ignore");
pref("geo.enabled", false);
pref("geo.wifi.uri", "");
pref("dom.battery.enabled", false);
pref("dom.gamepad.enabled", false);
pref("media.video_stats.enabled", false);
defaultPref("browser.startup.homepage","data:text/plain,browser.startup.homepage=http://www.enatec.io");
defaultPref("security.enterprise_roots.enabled", true);
defaultPref("network.automatic-ntlm-auth.allow-proxies", true);
defaultPref("network.automatic-ntlm-auth.trusted-uris", "build.enatec.net,sso.enatec.net,outlook.enatec.net,*.enatec.net");
defaultPref("browser.startup.page", 1);
defaultPref("config.lockdown.disable_themes", true);
defaultPref("browser.download.manager.closeWhenDone", true);
defaultPref("dom.disable_open_during_load", true);
defaultPref("permissions.default.image", 1);
defaultPref("javascript.enabled", true);
defaultPref("pref.advanced.javascript.disable_button.advanced", false);
defaultPref("security.enable_java", true);
defaultPref("security.default_personal_cert", "Ask Every Time");
defaultPref("browser.download.manager.showWhenStarting", false);
defaultPref("browser.download.manager.closeWhenDone", true);
defaultPref("browser.download.useDownloadDir", true);
defaultPref("browser.download.folderList", 2);
defaultPref("browser.tabs.autoHide", false);
defaultPref("browser.tabs.loadInBackground", false);
defaultPref("browser.history_expire_days", 7);
defaultPref("browser.history_expire_days.mirror", 7);
defaultPref("privacy.sanitize.sanitizeOnShutdown", true);
defaultPref("privacy.item.cookies", false);
defaultPref("privacy.item.downloads", false);
defaultPref("privacy.item.formdata", false);
defaultPref("privacy.item.history", false);
defaultPref("privacy.item.cache", true);
defaultPref("privacy.item.sessions", true);
defaultPref("privacy.sanitize.promptOnSanitize", false);
defaultPref("browser.safebrowsing.enabled", true);
defaultPref("general.smoothScroll", true);
defaultPref("general.autoScroll", false);
defaultPref("privacy.item.cache", true);
defaultPref("privacy.item.sessions", true);
defaultPref("network.cookie.cookieBehavior", 3);
defaultPref("browser.search.countryCode", "DE");
defaultPref("browser.search.hiddenOneOffs", "Amazon.com,Twitter,Wikipedia (en)");
defaultPref("browser.search.region", "DE");
defaultPref("browser.link.open_newwindow", 2);
defaultPref("browser.newtabpage.enhanced", true);
defaultPref("browser.newtabpage.storageVersion", 1);
defaultPref("network.predictor.cleaned-up", true);
defaultPref("gfx.direct2d.disabled", true);
defaultPref("layers.acceleration.disabled", true);
defaultPref("browser.cache.disk_cache_ssl", false);
defaultPref("privacy.donottrackheader.enabled", true);
defaultPref("privacy.donottrackheader.value", 1);
defaultPref("security.dialog_enable_delay", 2000);
defaultPref("security.enable_ssl3", true);
defaultPref("security.enable.tls", true);
lockPref("breakpad.reportURL", "");
lockPref("browser.tabs.crashReporting.sendReport", false);
lockPref("datareporting.healthreport.documentServerURI", "");
lockPref("datareporting.healthreport.service.enabled", false);
lockPref("datareporting.healthreport.uploadEnabled", false);
lockPref("datareporting.policy.dataSubmissionEnabled", false);
lockPref("datareporting.policy.dataSubmissionEnabled.v2", false); // Firefox 43+ ?
lockPref("dom.ipc.plugins.flash.subprocess.crashreporter.enabled", false);
lockPref("dom.ipc.plugins.reportCrashURL", false);
lockPref("toolkit.telemetry.archive.enabled", false);
lockPref("toolkit.telemetry.cachedClientID", "");
lockPref("toolkit.telemetry.enabled", false);
lockPref("toolkit.telemetry.prompted", 2);
lockPref("toolkit.telemetry.rejected", true);
lockPref("toolkit.telemetry.server", "");
lockPref("toolkit.telemetry.unified", false);
lockPref("toolkit.telemetry.unifiedIsOptIn", true);
lockPref("toolkit.telemetry.optoutSample", false);
lockPref("identity.fxaccounts.auth.uri", "");
lockPref("identity.fxaccounts.remote.force_auth.uri", "");
lockPref("identity.fxaccounts.remote.signin.uri", "");
lockPref("identity.fxaccounts.remote.signup.uri", "");
lockPref("identity.fxaccounts.settings.uri", "");
lockPref("services.sync.autoconnect", false);
lockPref("services.sync.engine.addons", false);
lockPref("services.sync.engine.bookmarks", false);
lockPref("services.sync.engine.history", false);
lockPref("services.sync.engine.passwords", false);
lockPref("services.sync.engine.prefs", false);
lockPref("services.sync.engine.tabs", false);
lockPref("services.sync.serverURL", "");
lockPref("breakpad.reportURL", "");
lockPref("browser.tabs.crashReporting.sendReport", false);
lockPref("datareporting.healthreport.documentServerURI", "");
lockPref("datareporting.healthreport.service.enabled", false);
lockPref("datareporting.healthreport.uploadEnabled", false);
lockPref("datareporting.policy.dataSubmissionEnabled", false);
lockPref("datareporting.policy.dataSubmissionEnabled.v2", false); // Firefox 43+ ?
lockPref("dom.ipc.plugins.flash.subprocess.crashreporter.enabled", false);
lockPref("dom.ipc.plugins.reportCrashURL", false);
lockPref("toolkit.telemetry.archive.enabled", false);
lockPref("toolkit.telemetry.cachedClientID", "");
lockPref("toolkit.telemetry.enabled", false);
lockPref("toolkit.telemetry.prompted", 2);
lockPref("toolkit.telemetry.rejected", true);
lockPref("toolkit.telemetry.server", "");
lockPref("toolkit.telemetry.unified", false);
lockPref("toolkit.telemetry.unifiedIsOptIn", true);
lockPref("toolkit.telemetry.optoutSample", false);
lockPref("browser.safebrowsing.enabled", false);
lockPref("browser.safebrowsing.downloads.enabled", false);
lockPref("browser.safebrowsing.malware.enabled", false);
lockPref("browser.urlbar.filter.javascript", true);
lockPref("network.cookie.cookieBehavior", 1);
lockPref("plugin.state.flash", 2);
lockPref("browser.pocket.enabled", false);
lockPref("signon.expireMasterPassword", true);
lockPref("browser.cache.disk.capacity", 1024);
lockPref("browser.cache.disk.smart_size.enabled", false);
lockPref("browser.cache.disk.smart_size.first_run", false);
lockPref("browser.cache.disk.smart_size.use_old_max", false);
'
$paramSetContent = @{
Path = $MozillaCfg
Value = $TargetContent
Force = $true
Encoding = $ENC
ErrorAction = $SC
WarningAction = $SC
}
$null = (Set-Content @paramSetContent)
#endregion MozillaCfg
#region OverrideIni
if (Test-Path -Path $OverrideIni -ErrorAction $SC -WarningAction $SC)
{
$paramRemoveItem = @{
Force = $true
ErrorAction = $SC
WarningAction = $SC
Confirm = $false
}
$null = (Remove-Item $OverrideIni @paramRemoveItem)
}
[string]$TargetContent = '[XRE]
EnableProfileMigrator=false
'
$paramSetContent = @{
Path = $OverrideIni
Value = $TargetContent
Force = $true
Encoding = $ENC
ErrorAction = $SC
WarningAction = $SC
}
$null = (Set-Content @paramSetContent)
#endregion OverrideIni
}
There is also a Gist for that.
I’m still not so into Windows as a client and Windows packing and deployments are still not my favorite work, but thanks to my existing Munki experience and a lot of PowerShell scripting; I could help these guys. Even If I never heard of the tool they use before and a very limited knowledge with Windows software deployments.
And the customer now let me update all the Munki stuff and prepare everything for an upcoming OS Update (They will go straight to MacOS High Sierra, as soon as it is released).
You will find all the stuff above on GitHub. Use it, it’s Open Source (And the PowerShell Demo is Public Domain).