Back
Featured image of post Mozilla FireFox deployment on MacOS and Windows

Mozilla FireFox deployment on MacOS and Windows

I’m a big fan of Munki (pronounced monkey, /ˈmʌŋki/, m ah nk ee, or Mung - KEY) an open-source project started by Walt Disney Animation Studios to deploy software and packages to Mac OS X and MacOS based clients. It is written mostly in Python, and it provides a nice way to enforce software installation and/or updates. And since it offers a Mac App Store like Client experience a lot of optional installations (e.g. self-service).

One of the things that I find very useful: You can use scripting as pre- and post-installation parts to customize everything. A few years ago (yep, I use this software for a while now) I started to build several packaged for others. Then the fist enterprise came along and asked me to help them out with an existing Munki installation, during that project, I created a lot of new packages and tweaked most of the existing ones.

Now, a couple of projects and years later, I found, that many still have issues creating packages with customization.

Here is my approach, and I try to stick with it whenever possible: Use packages that you can get from the Vendor, or the Project (if open Source). Even better: Establish an AutoPKG process and work with overrides!

Then use the power of shell scripts to tweak and customize. I’m a scripting guy! I know.

Here is an example for a script that heavily customize a Mozilla FireFox:

#!/usr/bin/env bash

# --------------------------------------------------------------------------------
# NAME:        FireFox_Tweaks.sh
#
# SYNOPSIS:    Mozilla FireFox ESR deployment customisation
#
# DESCRIPTION: Mozilla FireFox deployment customisation for Munki based
#              Deployments/installation.
#
# NOTES:       I use this with a Munki Deployment, but you might use with a local
#              installation as well. Review my settings, before use it.
#              Some settings are no (no longer) supported (legacy) or based on
#              Windows, but I want to keep the files identical.
#              I use this with the regular FireFox package, the developer edition,
##             and the ESP (mainly) Release on a regular Munki deployment system.
#
# AUTHOR:      Joerg Hochwald <joerg.hochwald@outlook.com>
# LICENSE:     BSD 3-clause "New" or "Revised" License
#              https://opensource.org/licenses/BSD-3-Clause
#
# INSTALL:     Paste this in the postinstall_script section of the package (PLIST)
# --------------------------------------------------------------------------------

# Check if we are root
if (( $EUID != 0 )); then
    echo "Please run as root"
    exit
fi

export LANG="en_US.UTF-8"
export LANGUAGE="en_US.UTF-8"
export LC_ALL="en_US.UTF-8"

# Create the local-settings.js file
/bin/cat <<EOF > /Applications/Firefox.app/Contents/Resources/defaults/pref/local-settings.js
pref("general.config.filename", "mozilla.cfg");
pref("general.config.obscure_value", 0);
EOF

# Create the mozilla.cfg that contains our custom preferences
/bin/cat <<EOF > /Applications/Firefox.app/Contents/Resources/mozilla.cfg
//
lockPref("browser.startup.homepage_override.mstone", "ignore");
lockPref("browser.shell.checkDefaultBrowser", false);
lockPref("app.update.enabled", false);
lockPref("app.update.auto", false);
lockPref("app.update.mode", 0);
lockPref("app.update.service.enabled", false);
lockPref("datareporting.healthreport.service.enabled", false);
lockPref("datareporting.healthreport.uploadEnabled", false);
lockPref("datareporting.policy.dataSubmissionEnabled", false);
lockPref("toolkit.crashreporter.enabled", false);
Components.classes["@mozilla.org/toolkit/crash-reporter;1"].getService(Components.interfaces.nsICrashReporter).submitReports = false;
pref("browser.rights.3.shown", true);
pref("plugins.notifyMissingFlash", false);
pref("browser.shell.shortcutFavicons",true);
pref("browser.urlbar.trimURLs", false);
pref("browser.startup.homepage_override.mstone","ignore");
pref("geo.enabled", false);
pref("geo.wifi.uri", "");
pref("dom.battery.enabled", false);
pref("dom.gamepad.enabled", false);
pref("media.video_stats.enabled", false);
defaultPref("browser.startup.homepage","data:text/plain,browser.startup.homepage=http://www.enatec.io");
defaultPref("security.enterprise_roots.enabled", true);
defaultPref("network.automatic-ntlm-auth.allow-proxies", true);
defaultPref("network.automatic-ntlm-auth.trusted-uris", "build.enatec.net,sso.enatec.net,outlook.enatec.net,*.enatec.net");
defaultPref("browser.startup.page", 1);
defaultPref("config.lockdown.disable_themes", true);
defaultPref("browser.download.manager.closeWhenDone", true);
defaultPref("dom.disable_open_during_load", true);
defaultPref("permissions.default.image", 1);
defaultPref("javascript.enabled", true);
defaultPref("pref.advanced.javascript.disable_button.advanced", false);
defaultPref("security.enable_java", true);
defaultPref("security.default_personal_cert", "Ask Every Time");
defaultPref("browser.download.manager.showWhenStarting", false);
defaultPref("browser.download.manager.closeWhenDone", true);
defaultPref("browser.download.useDownloadDir", true);
defaultPref("browser.download.folderList", 2);
defaultPref("browser.tabs.autoHide", false);
defaultPref("browser.tabs.loadInBackground", false);
defaultPref("browser.history_expire_days", 7);
defaultPref("browser.history_expire_days.mirror", 7);
defaultPref("privacy.sanitize.sanitizeOnShutdown", true);
defaultPref("privacy.item.cookies", false);
defaultPref("privacy.item.downloads", false);
defaultPref("privacy.item.formdata", false);
defaultPref("privacy.item.history", false);
defaultPref("privacy.item.cache", true);
defaultPref("privacy.item.sessions", true);
defaultPref("privacy.sanitize.promptOnSanitize", false);
defaultPref("browser.safebrowsing.enabled", true);
defaultPref("general.smoothScroll", true);
defaultPref("general.autoScroll", false);
defaultPref("privacy.item.cache", true);
defaultPref("privacy.item.sessions", true);
defaultPref("network.cookie.cookieBehavior", 3);
defaultPref("browser.search.countryCode", "DE");
defaultPref("browser.search.hiddenOneOffs", "Amazon.com,Twitter,Wikipedia (en)");
defaultPref("browser.search.region", "DE");
defaultPref("browser.link.open_newwindow", 2);
defaultPref("browser.newtabpage.enhanced", true);
defaultPref("browser.newtabpage.storageVersion", 1);
defaultPref("network.predictor.cleaned-up", true);
defaultPref("gfx.direct2d.disabled", true);
defaultPref("layers.acceleration.disabled", true);
defaultPref("browser.cache.disk_cache_ssl", false);
defaultPref("privacy.donottrackheader.enabled", true);
defaultPref("privacy.donottrackheader.value", 1);
defaultPref("security.dialog_enable_delay", 2000);
defaultPref("security.enable_ssl3", true);
defaultPref("security.enable.tls", true);
lockPref("breakpad.reportURL", "");
lockPref("browser.tabs.crashReporting.sendReport", false);
lockPref("datareporting.healthreport.documentServerURI", "");
lockPref("datareporting.healthreport.service.enabled", false);
lockPref("datareporting.healthreport.uploadEnabled", false);
lockPref("datareporting.policy.dataSubmissionEnabled", false);
lockPref("datareporting.policy.dataSubmissionEnabled.v2", false); //      Firefox 43+ ?
lockPref("dom.ipc.plugins.flash.subprocess.crashreporter.enabled", false);
lockPref("dom.ipc.plugins.reportCrashURL", false);
lockPref("toolkit.telemetry.archive.enabled", false);
lockPref("toolkit.telemetry.cachedClientID", "");
lockPref("toolkit.telemetry.enabled", false);
lockPref("toolkit.telemetry.prompted", 2);
lockPref("toolkit.telemetry.rejected", true);
lockPref("toolkit.telemetry.server", "");
lockPref("toolkit.telemetry.unified", false);
lockPref("toolkit.telemetry.unifiedIsOptIn", true);
lockPref("toolkit.telemetry.optoutSample", false);
lockPref("identity.fxaccounts.auth.uri", "");
lockPref("identity.fxaccounts.remote.force_auth.uri", "");
lockPref("identity.fxaccounts.remote.signin.uri", "");
lockPref("identity.fxaccounts.remote.signup.uri", "");
lockPref("identity.fxaccounts.settings.uri", "");
lockPref("services.sync.autoconnect", false);
lockPref("services.sync.engine.addons", false);
lockPref("services.sync.engine.bookmarks", false);
lockPref("services.sync.engine.history", false);
lockPref("services.sync.engine.passwords", false);
lockPref("services.sync.engine.prefs", false);
lockPref("services.sync.engine.tabs", false);
lockPref("services.sync.serverURL", "");
lockPref("breakpad.reportURL", "");
lockPref("browser.tabs.crashReporting.sendReport", false);
lockPref("datareporting.healthreport.documentServerURI", "");
lockPref("datareporting.healthreport.service.enabled", false);
lockPref("datareporting.healthreport.uploadEnabled", false);
lockPref("datareporting.policy.dataSubmissionEnabled", false);
lockPref("datareporting.policy.dataSubmissionEnabled.v2", false); //      Firefox 43+ ?
lockPref("dom.ipc.plugins.flash.subprocess.crashreporter.enabled", false);
lockPref("dom.ipc.plugins.reportCrashURL", false);
lockPref("toolkit.telemetry.archive.enabled", false);
lockPref("toolkit.telemetry.cachedClientID", "");
lockPref("toolkit.telemetry.enabled", false);
lockPref("toolkit.telemetry.prompted", 2);
lockPref("toolkit.telemetry.rejected", true);
lockPref("toolkit.telemetry.server", "");
lockPref("toolkit.telemetry.unified", false);
lockPref("toolkit.telemetry.unifiedIsOptIn", true);
lockPref("toolkit.telemetry.optoutSample", false);
lockPref("browser.safebrowsing.enabled", false);
lockPref("browser.safebrowsing.downloads.enabled", false);
lockPref("browser.safebrowsing.malware.enabled", false);
lockPref("browser.urlbar.filter.javascript", true);
lockPref("network.cookie.cookieBehavior", 1);
lockPref("plugin.state.flash", 2);
lockPref("browser.pocket.enabled", false);
lockPref("signon.expireMasterPassword", true);
lockPref("browser.cache.disk.capacity", 1024);
lockPref("browser.cache.disk.smart_size.enabled", false);
lockPref("browser.cache.disk.smart_size.first_run", false);
lockPref("browser.cache.disk.smart_size.use_old_max", false);
EOF

# Create override.ini to suppress fristrun wizzard (e.g. Import Data)
/bin/cat <<EOF > /Applications/Firefox.app/Contents/Resources/browser/override.ini
[XRE]
EnableProfileMigrator=false
EOF

# Create the Directory structure
/bin/mkdir -p /Applications/Firefox.app/Contents/Resources/browser/profile/chrome

# Create userChrome.css to remove several elements
/bin/cat <<EOF >  /Applications/Firefox.app/Contents/Resources/browser/profile/chrome/userChrome.css

/* UserChrome.css for Mozilla Firefox */
/* Remove access to user interface elements that are not suitable for application virtualization */

/* Options - Advanced - General - System Defaults */
#systemDefaultsGroup { display: none !important; }

/* Options / Advanced / Update / Firefox updates group box */
#updateApp  { display: none !important; }

/* Help - About - Check for Updates button */
#updateButton { display: none !important; }
EOF

There is also a Gist for that.

This should work with the regular Mozilla FireFox distribution, the FireFox Developer Edition, and the ESR Edition (my favorite).

Here is a PLIST File that should work with a plain Munki installation:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>_metadata</key>
    <dict>
        <key>created_by</key>
        <string>macadmin</string>
        <key>creation_date</key>
        <date>2017-06-30T22:05:31Z</date>
        <key>munki_version</key>
        <string>3.0.2.3347</string>
        <key>os_version</key>
        <string>10.12.5</string>
    </dict>
    <key>autoremove</key>
    <false/>
    <key>catalogs</key>
    <array>
        <string>testing</string>
    </array>
    <key>category</key>
    <string>Internet</string>
    <key>description</key>
    <string>Mozilla Firefox is a free and open source web browser.</string>
    <key>developer</key>
    <string>Mozilla</string>
    <key>display_name</key>
    <string>Mozilla Firefox</string>
    <key>installer_item_hash</key>
    <string>5ec2a1bac1059932399bdbbc9fb64fdd51f069db8768f2b52b080218eb019773</string>
    <key>installer_item_location</key>
    <string>apps/firefox/Firefox-54.0.1.dmg</string>
    <key>installer_item_size</key>
    <integer>58252</integer>
    <key>installer_type</key>
    <string>copy_from_dmg</string>
    <key>installs</key>
    <array>
        <dict>
            <key>CFBundleIdentifier</key>
            <string>org.mozilla.firefox</string>
            <key>CFBundleName</key>
            <string>Firefox</string>
            <key>CFBundleShortVersionString</key>
            <string>54.0.1</string>
            <key>CFBundleVersion</key>
            <string>5417.6.28</string>
            <key>minosversion</key>
            <string>10.9.0</string>
            <key>path</key>
            <string>/Applications/Firefox.app</string>
            <key>type</key>
            <string>application</string>
            <key>version_comparison_key</key>
            <string>CFBundleShortVersionString</string>
        </dict>
    </array>
    <key>items_to_copy</key>
    <array>
        <dict>
            <key>destination_path</key>
            <string>/Applications</string>
            <key>source_item</key>
            <string>Firefox.app</string>
        </dict>
    </array>
    <key>minimum_os_version</key>
    <string>10.9.0</string>
    <key>name</key>
    <string>Firefox</string>
    <key>postinstall_script</key>
    <string>#!/usr/bin/env bash

# --------------------------------------------------------------------------------
# NAME:        FireFox_Tweaks.sh
# SYNOPSIS:    Mozilla FireFox ESR deployment customisation
# DESCRIPTION: Mozilla FireFox deployment customisation for Munki based
#              Deployments/installation.
# NOTES:       I use this with a Munki Deployment, but you might use with a local
#              installation as well. Review my settings, before use it.
#              Some settings are no (no longer) supported (legacy) or based on
#              Windows, but I want to keep the files identical.
# AUTHOR:      Joerg Hochwald <joerg.hochwald@outlook.com>
# LICENSE:     BSD 3-clause "New" or "Revised" License
#              https://opensource.org/licenses/BSD-3-Clause
# --------------------------------------------------------------------------------

# Check if we are root
if (( $EUID != 0 )); then
    echo "Please run as root"
    exit
fi

export LANG="en_US.UTF-8"
export LANGUAGE="en_US.UTF-8"
export LC_ALL="en_US.UTF-8"

# Create the local-settings.js file
/bin/cat <<EOF > /Applications/Firefox.app/Contents/Resources/defaults/pref/local-settings.js
pref("general.config.filename", "mozilla.cfg");
pref("general.config.obscure_value", 0);
EOF

# Create the mozilla.cfg that contains our custom preferences
/bin/cat <<EOF > /Applications/Firefox.app/Contents/Resources/mozilla.cfg
//
lockPref("browser.startup.homepage_override.mstone", "ignore");
lockPref("browser.shell.checkDefaultBrowser", false);
lockPref("app.update.enabled", false);
lockPref("app.update.auto", false);
lockPref("app.update.mode", 0);
lockPref("app.update.service.enabled", false);
lockPref("datareporting.healthreport.service.enabled", false);
lockPref("datareporting.healthreport.uploadEnabled", false);
lockPref("datareporting.policy.dataSubmissionEnabled", false);
lockPref("toolkit.crashreporter.enabled", false);
Components.classes["@mozilla.org/toolkit/crash-reporter;1"].getService(Components.interfaces.nsICrashReporter).submitReports = false;
pref("browser.rights.3.shown", true);
pref("plugins.notifyMissingFlash", false);
pref("browser.shell.shortcutFavicons",true);
pref("browser.urlbar.trimURLs", false);
pref("browser.startup.homepage_override.mstone","ignore");
pref("geo.enabled", false);
pref("geo.wifi.uri", "");
pref("dom.battery.enabled", false);
pref("dom.gamepad.enabled", false);
pref("media.video_stats.enabled", false);
defaultPref("browser.startup.homepage","data:text/plain,browser.startup.homepage=http://www.enatec.io");
defaultPref("security.enterprise_roots.enabled", true);
defaultPref("network.automatic-ntlm-auth.allow-proxies", true);
defaultPref("network.automatic-ntlm-auth.trusted-uris", "build.enatec.net,sso.enatec.net,outlook.enatec.net,*.enatec.net");
defaultPref("browser.startup.page", 1);
defaultPref("config.lockdown.disable_themes", true);
defaultPref("browser.download.manager.closeWhenDone", true);
defaultPref("dom.disable_open_during_load", true);
defaultPref("permissions.default.image", 1);
defaultPref("javascript.enabled", true);
defaultPref("pref.advanced.javascript.disable_button.advanced", false);
defaultPref("security.enable_java", true);
defaultPref("security.default_personal_cert", "Ask Every Time");
defaultPref("browser.download.manager.showWhenStarting", false);
defaultPref("browser.download.manager.closeWhenDone", true);
defaultPref("browser.download.useDownloadDir", true);
defaultPref("browser.download.folderList", 2);
defaultPref("browser.tabs.autoHide", false);
defaultPref("browser.tabs.loadInBackground", false);
defaultPref("browser.history_expire_days", 7);
defaultPref("browser.history_expire_days.mirror", 7);
defaultPref("privacy.sanitize.sanitizeOnShutdown", true);
defaultPref("privacy.item.cookies", false);
defaultPref("privacy.item.downloads", false);
defaultPref("privacy.item.formdata", false);
defaultPref("privacy.item.history", false);
defaultPref("privacy.item.cache", true);
defaultPref("privacy.item.sessions", true);
defaultPref("privacy.sanitize.promptOnSanitize", false);
defaultPref("browser.safebrowsing.enabled", true);
defaultPref("general.smoothScroll", true);
defaultPref("general.autoScroll", false);
defaultPref("privacy.item.cache", true);
defaultPref("privacy.item.sessions", true);
defaultPref("network.cookie.cookieBehavior", 3);
defaultPref("browser.search.countryCode", "DE");
defaultPref("browser.search.hiddenOneOffs", "Amazon.com,Twitter,Wikipedia (en)");
defaultPref("browser.search.region", "DE");
defaultPref("browser.link.open_newwindow", 2);
defaultPref("browser.newtabpage.enhanced", true);
defaultPref("browser.newtabpage.storageVersion", 1);
defaultPref("network.predictor.cleaned-up", true);
defaultPref("gfx.direct2d.disabled", true);
defaultPref("layers.acceleration.disabled", true);
defaultPref("browser.cache.disk_cache_ssl", false);
defaultPref("privacy.donottrackheader.enabled", true);
defaultPref("privacy.donottrackheader.value", 1);
defaultPref("security.dialog_enable_delay", 2000);
defaultPref("security.enable_ssl3", true);
defaultPref("security.enable.tls", true);
lockPref("breakpad.reportURL", "");
lockPref("browser.tabs.crashReporting.sendReport", false);
lockPref("datareporting.healthreport.documentServerURI", "");
lockPref("datareporting.healthreport.service.enabled", false);
lockPref("datareporting.healthreport.uploadEnabled", false);
lockPref("datareporting.policy.dataSubmissionEnabled", false);
lockPref("datareporting.policy.dataSubmissionEnabled.v2", false); //      Firefox 43+ ?
lockPref("dom.ipc.plugins.flash.subprocess.crashreporter.enabled", false);
lockPref("dom.ipc.plugins.reportCrashURL", false);
lockPref("toolkit.telemetry.archive.enabled", false);
lockPref("toolkit.telemetry.cachedClientID", "");
lockPref("toolkit.telemetry.enabled", false);
lockPref("toolkit.telemetry.prompted", 2);
lockPref("toolkit.telemetry.rejected", true);
lockPref("toolkit.telemetry.server", "");
lockPref("toolkit.telemetry.unified", false);
lockPref("toolkit.telemetry.unifiedIsOptIn", true);
lockPref("toolkit.telemetry.optoutSample", false);
lockPref("identity.fxaccounts.auth.uri", "");
lockPref("identity.fxaccounts.remote.force_auth.uri", "");
lockPref("identity.fxaccounts.remote.signin.uri", "");
lockPref("identity.fxaccounts.remote.signup.uri", "");
lockPref("identity.fxaccounts.settings.uri", "");
lockPref("services.sync.autoconnect", false);
lockPref("services.sync.engine.addons", false);
lockPref("services.sync.engine.bookmarks", false);
lockPref("services.sync.engine.history", false);
lockPref("services.sync.engine.passwords", false);
lockPref("services.sync.engine.prefs", false);
lockPref("services.sync.engine.tabs", false);
lockPref("services.sync.serverURL", "");
lockPref("breakpad.reportURL", "");
lockPref("browser.tabs.crashReporting.sendReport", false);
lockPref("datareporting.healthreport.documentServerURI", "");
lockPref("datareporting.healthreport.service.enabled", false);
lockPref("datareporting.healthreport.uploadEnabled", false);
lockPref("datareporting.policy.dataSubmissionEnabled", false);
lockPref("datareporting.policy.dataSubmissionEnabled.v2", false); //      Firefox 43+ ?
lockPref("dom.ipc.plugins.flash.subprocess.crashreporter.enabled", false);
lockPref("dom.ipc.plugins.reportCrashURL", false);
lockPref("toolkit.telemetry.archive.enabled", false);
lockPref("toolkit.telemetry.cachedClientID", "");
lockPref("toolkit.telemetry.enabled", false);
lockPref("toolkit.telemetry.prompted", 2);
lockPref("toolkit.telemetry.rejected", true);
lockPref("toolkit.telemetry.server", "");
lockPref("toolkit.telemetry.unified", false);
lockPref("toolkit.telemetry.unifiedIsOptIn", true);
lockPref("toolkit.telemetry.optoutSample", false);
lockPref("browser.safebrowsing.enabled", false);
lockPref("browser.safebrowsing.downloads.enabled", false);
lockPref("browser.safebrowsing.malware.enabled", false);
lockPref("browser.urlbar.filter.javascript", true);
lockPref("network.cookie.cookieBehavior", 1);
lockPref("plugin.state.flash", 2);
lockPref("browser.pocket.enabled", false);
lockPref("signon.expireMasterPassword", true);
lockPref("browser.cache.disk.capacity", 1024);
lockPref("browser.cache.disk.smart_size.enabled", false);
lockPref("browser.cache.disk.smart_size.first_run", false);
lockPref("browser.cache.disk.smart_size.use_old_max", false);
EOF

# Create override.ini to suppress fristrun wizzard (e.g. Import Data)
/bin/cat <<EOF > /Applications/Firefox.app/Contents/Resources/browser/override.ini
[XRE]
EnableProfileMigrator=false
EOF

# Create the Directory structure
/bin/mkdir -p /Applications/Firefox.app/Contents/Resources/browser/profile/chrome

# Create userChrome.css to remove several elements
/bin/cat <<EOF >  /Applications/Firefox.app/Contents/Resources/browser/profile/chrome/userChrome.css

/* UserChrome.css for Mozilla Firefox */
/* Remove access to user interface elements that are not suitable for application virtualization */

/* Options - Advanced - General - System Defaults */
#systemDefaultsGroup { display: none !important; }

/* Options / Advanced / Update / Firefox updates group box */
#updateApp  { display: none !important; }

/* Help - About - Check for Updates button */
#updateButton { display: none !important; }
EOF</string>
    <key>unattended_install</key>
    <true/>
    <key>unattended_uninstall</key>
    <false/>
    <key>uninstall_method</key>
    <string>remove_copied_items</string>
    <key>uninstallable</key>
    <true/>
    <key>version</key>
    <string>54.0.1</string>
</dict>
</plist>

There is also a Gist for that.

Why am I writing about something that I do for such a long time? This Weekend a customer challenged me, with the following request: “We know you are a typical Server guy, could you help us to create a few packages?” (to explain that “Server guy”: I support them with Exchange and Windows Servers in general) Me: „Yep, sure! Why not“ Customer: „There is one thing: We use EMCO Remote Installer! And we talk about Windows.

First, I was a skeptical, and my first idea was to call a friend (He is a crack when it comes to Windows packing and deployment, even if he uses another product). Then I started a bit of research, and soon I figured out: The EMCO Remote Installer supports PowerShell“! And here we go again, I’m a scripting guy and after a few hours, we had around 10 packages ready, without repacking any MSI! All because of the power that the Shell provides!

Here is the same as above, just for 64Bit Windows:

<#
   .SYNOPSIS
       Mozilla FireFox deployment customisation

   .DESCRIPTION
       Mozilla FireFox deployment customisation for 64bit Windows based installation.
       This version supports 64Bit only. If you plan to use it with a 32Bit deployment, you will
       need to tweak the Path (at least if the OS is 64Bit)

   .EXAMPLE
       PS C:\> .\FireFox_Tweaks.ps1

   .NOTES
       Usedd to deploy a streamlined Mozilla Firefox accross the Enterprise by using EMCO remote
       Installer. It should work with all deployment tools that support PowerShell Script execution
       as part of the deployment. A friend tested it with SCCM and it worked just fine.
#>
#requires -Version 2.0

$ENC = 'UTF8'
$SC = 'SilentlyContinue'

$targetDir = "$env:ProgramFiles\Mozilla Firefox\defaults\pref\"
$CFGTargetDir = "$env:ProgramFiles\Mozilla Firefox\"
$OverrideTargetDir = "$env:ProgramFiles\Mozilla Firefox\browser\"
$userChromeTargetDir = "$env:ProgramFiles\Mozilla Firefox\browser\profile\chrome\"

$CustomConfig = 'mozilla.cfg'
$CustomOverride = 'override.ini'
$AutoConfig = 'autoconfig.js'
$UserChromeCssName = 'userChrome.css'

if (Test-Path -Path $targetDir -ErrorAction $SC -WarningAction $SC)
{
	$AutoCfg = ($targetDir + $AutoConfig)
	$MozillaCfg = ($CFGTargetDir + $CustomConfig)
	$OverrideIni = ($OverrideTargetDir + $CustomOverride)
	$UserChromeCss = ($userChromeTargetDir + $UserChromeCssName)

	#region CreateStructure
	# Create the missing structure
	if (-not (Test-Path -Path $userChromeTargetDir -ErrorAction $SC -WarningAction $SC))
	{
		$paramNewItem = @{
			Path			  = $userChromeTargetDir
			ItemType	     = 'directory'
			Force		     = $true
			Confirm		  = $false
			ErrorAction   = $SC
			WarningAction = $SC
		}

		$null = (New-Item @paramNewItem)
	}
	#endregion CreateStructure

	#region UserChromeCss
	if (Test-Path -Path $UserChromeCss -ErrorAction $SC -WarningAction $SC)
	{
		$paramRemoveItem = @{
			Force		     = $true
			ErrorAction   = $SC
			WarningAction = $SC
			Confirm		  = $false
		}
		$null = (Remove-Item $UserChromeCss @paramRemoveItem)
	}

	[string]$UserChromeCssContent = '/* UserChrome.css for Mozilla Firefox */
/* Remove access to user interface elements that are not suitable for application virtualization */

/* Options - Advanced - General - System Defaults */
#systemDefaultsGroup { display: none !important; }

/* Options / Advanced / Update / Firefox updates group box */
#updateApp  { display: none !important; }

/* Help - About - Check for Updates button */
#updateButton { display: none !important; }
'

	$paramSetContent = @{
		Path			  = $UserChromeCss
		Value		     = $UserChromeCssContent
		Force		     = $true
		Encoding	     = $ENC
		ErrorAction   = $SC
		WarningAction = $SC
	}
	$null = (Set-Content @paramSetContent)
	#endregion UserChromeCss

	#region AutoCfg
	if (Test-Path -Path $AutoCfg -ErrorAction $SC -WarningAction $SC)
	{
		$paramRemoveItem = @{
			Force		     = $true
			ErrorAction   = $SC
			WarningAction = $SC
			Confirm		  = $false
		}
		$null = (Remove-Item $AutoCfg @paramRemoveItem)
	}

	[string]$AutoCfgContent = 'pref("general.config.filename", "mozilla.cfg");
pref("general.config.obscure_value", 0);
'

	$paramSetContent = @{
		Path			  = $AutoCfg
		Value		     = $AutoCfgContent
		Force		     = $true
		Encoding	     = $ENC
		ErrorAction   = $SC
		WarningAction = $SC
	}
	$null = (Set-Content @paramSetContent)
	#endregion AutoCfg

	#region MozillaCfg
	if (Test-Path -Path $MozillaCfg -ErrorAction $SC -WarningAction $SC)
	{
		$paramRemoveItem = @{
			Force		     = $true
			ErrorAction   = $SC
			WarningAction = $SC
			Confirm		  = $false
		}
		$null = (Remove-Item $MozillaCfg @paramRemoveItem)
	}

	[string]$TargetContent = '//
lockPref("browser.startup.homepage_override.mstone", "ignore");
lockPref("browser.shell.checkDefaultBrowser", false);
lockPref("app.update.enabled", false);
lockPref("app.update.auto", false);
lockPref("app.update.mode", 0);
lockPref("app.update.service.enabled", false);
lockPref("datareporting.healthreport.service.enabled", false);
lockPref("datareporting.healthreport.uploadEnabled", false);
lockPref("datareporting.policy.dataSubmissionEnabled", false);
lockPref("toolkit.crashreporter.enabled", false);

Components.classes["@mozilla.org/toolkit/crash-reporter;1"].getService(Components.interfaces.nsICrashReporter).submitReports = false;

pref("browser.rights.3.shown", true);
pref("plugins.notifyMissingFlash", false);
pref("browser.shell.shortcutFavicons",true);
pref("browser.urlbar.trimURLs", false);
pref("browser.startup.homepage_override.mstone","ignore");
pref("geo.enabled", false);
pref("geo.wifi.uri", "");
pref("dom.battery.enabled", false);
pref("dom.gamepad.enabled", false);
pref("media.video_stats.enabled", false);

defaultPref("browser.startup.homepage","data:text/plain,browser.startup.homepage=http://www.enatec.io");
defaultPref("security.enterprise_roots.enabled", true);
defaultPref("network.automatic-ntlm-auth.allow-proxies", true);
defaultPref("network.automatic-ntlm-auth.trusted-uris", "build.enatec.net,sso.enatec.net,outlook.enatec.net,*.enatec.net");
defaultPref("browser.startup.page", 1);
defaultPref("config.lockdown.disable_themes", true);
defaultPref("browser.download.manager.closeWhenDone", true);
defaultPref("dom.disable_open_during_load", true);
defaultPref("permissions.default.image", 1);
defaultPref("javascript.enabled", true);
defaultPref("pref.advanced.javascript.disable_button.advanced", false);
defaultPref("security.enable_java", true);
defaultPref("security.default_personal_cert", "Ask Every Time");

defaultPref("browser.download.manager.showWhenStarting", false);
defaultPref("browser.download.manager.closeWhenDone", true);
defaultPref("browser.download.useDownloadDir", true);
defaultPref("browser.download.folderList", 2);
defaultPref("browser.tabs.autoHide", false);
defaultPref("browser.tabs.loadInBackground", false);
defaultPref("browser.history_expire_days", 7);
defaultPref("browser.history_expire_days.mirror", 7);

defaultPref("privacy.sanitize.sanitizeOnShutdown", true);
defaultPref("privacy.item.cookies", false);
defaultPref("privacy.item.downloads", false);
defaultPref("privacy.item.formdata", false);
defaultPref("privacy.item.history", false);
defaultPref("privacy.item.cache", true);
defaultPref("privacy.item.sessions", true);
defaultPref("privacy.sanitize.promptOnSanitize", false);

defaultPref("browser.safebrowsing.enabled", true);
defaultPref("general.smoothScroll", true);
defaultPref("general.autoScroll", false);

defaultPref("privacy.item.cache", true);
defaultPref("privacy.item.sessions", true);

defaultPref("network.cookie.cookieBehavior", 3);

defaultPref("browser.search.countryCode", "DE");
defaultPref("browser.search.hiddenOneOffs", "Amazon.com,Twitter,Wikipedia (en)");
defaultPref("browser.search.region", "DE");

defaultPref("browser.link.open_newwindow", 2);
defaultPref("browser.newtabpage.enhanced", true);
defaultPref("browser.newtabpage.storageVersion", 1);

defaultPref("network.predictor.cleaned-up", true);
defaultPref("gfx.direct2d.disabled", true);
defaultPref("layers.acceleration.disabled", true);

defaultPref("browser.cache.disk_cache_ssl", false);
defaultPref("privacy.donottrackheader.enabled", true);
defaultPref("privacy.donottrackheader.value", 1);
defaultPref("security.dialog_enable_delay", 2000);
defaultPref("security.enable_ssl3", true);
defaultPref("security.enable.tls", true);

lockPref("breakpad.reportURL", "");
lockPref("browser.tabs.crashReporting.sendReport", false);
lockPref("datareporting.healthreport.documentServerURI", "");
lockPref("datareporting.healthreport.service.enabled", false);
lockPref("datareporting.healthreport.uploadEnabled", false);
lockPref("datareporting.policy.dataSubmissionEnabled", false);
lockPref("datareporting.policy.dataSubmissionEnabled.v2", false); //      Firefox 43+ ?
lockPref("dom.ipc.plugins.flash.subprocess.crashreporter.enabled", false);
lockPref("dom.ipc.plugins.reportCrashURL", false);
lockPref("toolkit.telemetry.archive.enabled", false);
lockPref("toolkit.telemetry.cachedClientID", "");
lockPref("toolkit.telemetry.enabled", false);
lockPref("toolkit.telemetry.prompted", 2);
lockPref("toolkit.telemetry.rejected", true);
lockPref("toolkit.telemetry.server", "");
lockPref("toolkit.telemetry.unified", false);
lockPref("toolkit.telemetry.unifiedIsOptIn", true);
lockPref("toolkit.telemetry.optoutSample", false);

lockPref("identity.fxaccounts.auth.uri", "");
lockPref("identity.fxaccounts.remote.force_auth.uri", "");
lockPref("identity.fxaccounts.remote.signin.uri", "");
lockPref("identity.fxaccounts.remote.signup.uri", "");
lockPref("identity.fxaccounts.settings.uri", "");
lockPref("services.sync.autoconnect", false);
lockPref("services.sync.engine.addons", false);
lockPref("services.sync.engine.bookmarks", false);
lockPref("services.sync.engine.history", false);
lockPref("services.sync.engine.passwords", false);
lockPref("services.sync.engine.prefs", false);
lockPref("services.sync.engine.tabs", false);
lockPref("services.sync.serverURL", "");

lockPref("breakpad.reportURL", "");
lockPref("browser.tabs.crashReporting.sendReport", false);
lockPref("datareporting.healthreport.documentServerURI", "");
lockPref("datareporting.healthreport.service.enabled", false);
lockPref("datareporting.healthreport.uploadEnabled", false);
lockPref("datareporting.policy.dataSubmissionEnabled", false);
lockPref("datareporting.policy.dataSubmissionEnabled.v2", false); //      Firefox 43+ ?
lockPref("dom.ipc.plugins.flash.subprocess.crashreporter.enabled", false);
lockPref("dom.ipc.plugins.reportCrashURL", false);
lockPref("toolkit.telemetry.archive.enabled", false);
lockPref("toolkit.telemetry.cachedClientID", "");
lockPref("toolkit.telemetry.enabled", false);
lockPref("toolkit.telemetry.prompted", 2);
lockPref("toolkit.telemetry.rejected", true);
lockPref("toolkit.telemetry.server", "");
lockPref("toolkit.telemetry.unified", false);
lockPref("toolkit.telemetry.unifiedIsOptIn", true);
lockPref("toolkit.telemetry.optoutSample", false);

lockPref("browser.safebrowsing.enabled", false);
lockPref("browser.safebrowsing.downloads.enabled", false);
lockPref("browser.safebrowsing.malware.enabled", false);

lockPref("browser.urlbar.filter.javascript", true);

lockPref("network.cookie.cookieBehavior", 1);

lockPref("plugin.state.flash", 2);

lockPref("browser.pocket.enabled", false);

lockPref("signon.expireMasterPassword", true);

lockPref("browser.cache.disk.capacity", 1024);
lockPref("browser.cache.disk.smart_size.enabled", false);
lockPref("browser.cache.disk.smart_size.first_run", false);
lockPref("browser.cache.disk.smart_size.use_old_max", false);


'

	$paramSetContent = @{
		Path			  = $MozillaCfg
		Value		     = $TargetContent
		Force		     = $true
		Encoding	     = $ENC
		ErrorAction   = $SC
		WarningAction = $SC
	}
	$null = (Set-Content @paramSetContent)
	#endregion MozillaCfg

	#region OverrideIni
	if (Test-Path -Path $OverrideIni -ErrorAction $SC -WarningAction $SC)
	{
		$paramRemoveItem = @{
			Force		     = $true
			ErrorAction   = $SC
			WarningAction = $SC
			Confirm		  = $false
		}
		$null = (Remove-Item $OverrideIni @paramRemoveItem)
	}

	[string]$TargetContent = '[XRE]
EnableProfileMigrator=false
'

	$paramSetContent = @{
		Path			  = $OverrideIni
		Value		     = $TargetContent
		Force		     = $true
		Encoding	     = $ENC
		ErrorAction   = $SC
		WarningAction = $SC
	}
	$null = (Set-Content @paramSetContent)
	#endregion OverrideIni
}

There is also a Gist for that.

I’m still not so into Windows as a client and Windows packing and deployments are still not my favorite work, but thanks to my existing Munki experience and a lot of PowerShell scripting; I could help these guys. Even If I never heard of the tool they use before and a very limited knowledge with Windows software deployments.

And the customer now let me update all the Munki stuff and prepare everything for an upcoming OS Update (They will go straight to MacOS High Sierra, as soon as it is released).

You will find all the stuff above on GitHub. Use it, it’s Open Source (And the PowerShell Demo is Public Domain).