I’m a big fan of Munki (pronounced monkey, /ˈmʌŋki/, m ah nk ee, or Mung – KEY) an open-source project started by Walt Disney Animation Studios to deploy software and packages to Mac OS X and MacOS based clients. It is written mostly in Python, and it provides a nice way to enforce software installation and/or updates. And since it offers a Mac App Store like Client experience a lot of optional installations (e.g. self-service).

One of the things that I find very useful: You can use scripting as pre- and post-installation parts to customize everything. A few years ago (yep, I use this software for a while now) I started to build several packaged for others. Then the fist enterprise came along and asked me to help them out with an existing Munki installation, during that project, I created a lot of new packages and tweaked most of the existing ones.

Now, a couple of projects and years later, I found, that many still have issues creating packages with customization.

Here is my approach, and I try to stick with it whenever possible: Use packages that you can get from the Vendor, or the Project (if open Source). Even better: Establish an AutoPKG process and work with overrides!

Then use the power of shell scripts to tweak and customize. I’m a scripting guy! I know.

Here is an example for a script that heavily customize a Mozilla FireFox:

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
#!/usr/bin/env bash

# --------------------------------------------------------------------------------
# NAME:        FireFox_Tweaks.sh
#
# SYNOPSIS:    Mozilla FireFox ESR deployment customisation
#
# DESCRIPTION: Mozilla FireFox deployment customisation for Munki based
#              Deployments/installation.
#
# NOTES:       I use this with a Munki Deployment, but you might use with a local
#              installation as well. Review my settings, before use it.
#              Some settings are no (no longer) supported (legacy) or based on
#              Windows, but I want to keep the files identical.
#              I use this with the regular FireFox package, the developer edition,
##             and the ESP (mainly) Release on a regular Munki deployment system.
#
# AUTHOR:      Joerg Hochwald <[email protected]>
# LICENSE:     BSD 3-clause "New" or "Revised" License
#              https://opensource.org/licenses/BSD-3-Clause
#
# INSTALL:     Paste this in the postinstall_script section of the package (PLIST)
# --------------------------------------------------------------------------------

# Check if we are root
if (( $EUID != 0 )); then
	echo "Please run as root"
	exit
fi

export LANG="en_US.UTF-8"
export LANGUAGE="en_US.UTF-8"
export LC_ALL="en_US.UTF-8"

# Create the local-settings.js file
/bin/cat <<EOF > /Applications/Firefox.app/Contents/Resources/defaults/pref/local-settings.js
pref("general.config.filename", "mozilla.cfg");
pref("general.config.obscure_value", 0);
EOF

# Create the mozilla.cfg that contains our custom preferences
/bin/cat <<EOF > /Applications/Firefox.app/Contents/Resources/mozilla.cfg
//
lockPref("browser.startup.homepage_override.mstone", "ignore");
lockPref("browser.shell.checkDefaultBrowser", false);
lockPref("app.update.enabled", false);
lockPref("app.update.auto", false);
lockPref("app.update.mode", 0);
lockPref("app.update.service.enabled", false);
lockPref("datareporting.healthreport.service.enabled", false);
lockPref("datareporting.healthreport.uploadEnabled", false);
lockPref("datareporting.policy.dataSubmissionEnabled", false);
lockPref("toolkit.crashreporter.enabled", false);
Components.classes["@mozilla.org/toolkit/crash-reporter;1"].getService(Components.interfaces.nsICrashReporter).submitReports = false;
pref("browser.rights.3.shown", true);
pref("plugins.notifyMissingFlash", false);
pref("browser.shell.shortcutFavicons",true);
pref("browser.urlbar.trimURLs", false);
pref("browser.startup.homepage_override.mstone","ignore");
pref("geo.enabled", false);
pref("geo.wifi.uri", "");
pref("dom.battery.enabled", false);
pref("dom.gamepad.enabled", false);
pref("media.video_stats.enabled", false);
defaultPref("browser.startup.homepage","data:text/plain,browser.startup.homepage=http://www.enatec.io");
defaultPref("security.enterprise_roots.enabled", true);
defaultPref("network.automatic-ntlm-auth.allow-proxies", true);
defaultPref("network.automatic-ntlm-auth.trusted-uris", "build.enatec.net,sso.enatec.net,outlook.enatec.net,*.enatec.net");
defaultPref("browser.startup.page", 1);
defaultPref("config.lockdown.disable_themes", true);
defaultPref("browser.download.manager.closeWhenDone", true);
defaultPref("dom.disable_open_during_load", true);
defaultPref("permissions.default.image", 1);
defaultPref("javascript.enabled", true);
defaultPref("pref.advanced.javascript.disable_button.advanced", false);
defaultPref("security.enable_java", true);
defaultPref("security.default_personal_cert", "Ask Every Time");
defaultPref("browser.download.manager.showWhenStarting", false);
defaultPref("browser.download.manager.closeWhenDone", true);
defaultPref("browser.download.useDownloadDir", true);
defaultPref("browser.download.folderList", 2);
defaultPref("browser.tabs.autoHide", false);
defaultPref("browser.tabs.loadInBackground", false);
defaultPref("browser.history_expire_days", 7);
defaultPref("browser.history_expire_days.mirror", 7);
defaultPref("privacy.sanitize.sanitizeOnShutdown", true);
defaultPref("privacy.item.cookies", false);
defaultPref("privacy.item.downloads", false);
defaultPref("privacy.item.formdata", false);
defaultPref("privacy.item.history", false);
defaultPref("privacy.item.cache", true);
defaultPref("privacy.item.sessions", true);
defaultPref("privacy.sanitize.promptOnSanitize", false);
defaultPref("browser.safebrowsing.enabled", true);
defaultPref("general.smoothScroll", true);
defaultPref("general.autoScroll", false);
defaultPref("privacy.item.cache", true);
defaultPref("privacy.item.sessions", true);
defaultPref("network.cookie.cookieBehavior", 3);
defaultPref("browser.search.countryCode", "DE");
defaultPref("browser.search.hiddenOneOffs", "Amazon.com,Twitter,Wikipedia (en)");
defaultPref("browser.search.region", "DE");
defaultPref("browser.link.open_newwindow", 2);
defaultPref("browser.newtabpage.enhanced", true);
defaultPref("browser.newtabpage.storageVersion", 1);
defaultPref("network.predictor.cleaned-up", true);
defaultPref("gfx.direct2d.disabled", true);
defaultPref("layers.acceleration.disabled", true);
defaultPref("browser.cache.disk_cache_ssl", false);
defaultPref("privacy.donottrackheader.enabled", true);
defaultPref("privacy.donottrackheader.value", 1);
defaultPref("security.dialog_enable_delay", 2000);
defaultPref("security.enable_ssl3", true);
defaultPref("security.enable.tls", true);
lockPref("breakpad.reportURL", "");
lockPref("browser.tabs.crashReporting.sendReport", false);
lockPref("datareporting.healthreport.documentServerURI", "");
lockPref("datareporting.healthreport.service.enabled", false);
lockPref("datareporting.healthreport.uploadEnabled", false);
lockPref("datareporting.policy.dataSubmissionEnabled", false);
lockPref("datareporting.policy.dataSubmissionEnabled.v2", false); //      Firefox 43+ ?
lockPref("dom.ipc.plugins.flash.subprocess.crashreporter.enabled", false);
lockPref("dom.ipc.plugins.reportCrashURL", false);
lockPref("toolkit.telemetry.archive.enabled", false);
lockPref("toolkit.telemetry.cachedClientID", "");
lockPref("toolkit.telemetry.enabled", false);
lockPref("toolkit.telemetry.prompted", 2);
lockPref("toolkit.telemetry.rejected", true);
lockPref("toolkit.telemetry.server", "");
lockPref("toolkit.telemetry.unified", false);
lockPref("toolkit.telemetry.unifiedIsOptIn", true);
lockPref("toolkit.telemetry.optoutSample", false);
lockPref("identity.fxaccounts.auth.uri", "");
lockPref("identity.fxaccounts.remote.force_auth.uri", "");
lockPref("identity.fxaccounts.remote.signin.uri", "");
lockPref("identity.fxaccounts.remote.signup.uri", "");
lockPref("identity.fxaccounts.settings.uri", "");
lockPref("services.sync.autoconnect", false);
lockPref("services.sync.engine.addons", false);
lockPref("services.sync.engine.bookmarks", false);
lockPref("services.sync.engine.history", false);
lockPref("services.sync.engine.passwords", false);
lockPref("services.sync.engine.prefs", false);
lockPref("services.sync.engine.tabs", false);
lockPref("services.sync.serverURL", "");
lockPref("breakpad.reportURL", "");
lockPref("browser.tabs.crashReporting.sendReport", false);
lockPref("datareporting.healthreport.documentServerURI", "");
lockPref("datareporting.healthreport.service.enabled", false);
lockPref("datareporting.healthreport.uploadEnabled", false);
lockPref("datareporting.policy.dataSubmissionEnabled", false);
lockPref("datareporting.policy.dataSubmissionEnabled.v2", false); //      Firefox 43+ ?
lockPref("dom.ipc.plugins.flash.subprocess.crashreporter.enabled", false);
lockPref("dom.ipc.plugins.reportCrashURL", false);
lockPref("toolkit.telemetry.archive.enabled", false);
lockPref("toolkit.telemetry.cachedClientID", "");
lockPref("toolkit.telemetry.enabled", false);
lockPref("toolkit.telemetry.prompted", 2);
lockPref("toolkit.telemetry.rejected", true);
lockPref("toolkit.telemetry.server", "");
lockPref("toolkit.telemetry.unified", false);
lockPref("toolkit.telemetry.unifiedIsOptIn", true);
lockPref("toolkit.telemetry.optoutSample", false);
lockPref("browser.safebrowsing.enabled", false);
lockPref("browser.safebrowsing.downloads.enabled", false);
lockPref("browser.safebrowsing.malware.enabled", false);
lockPref("browser.urlbar.filter.javascript", true);
lockPref("network.cookie.cookieBehavior", 1);
lockPref("plugin.state.flash", 2);
lockPref("browser.pocket.enabled", false);
lockPref("signon.expireMasterPassword", true);
lockPref("browser.cache.disk.capacity", 1024);
lockPref("browser.cache.disk.smart_size.enabled", false);
lockPref("browser.cache.disk.smart_size.first_run", false);
lockPref("browser.cache.disk.smart_size.use_old_max", false);
EOF

# Create override.ini to suppress fristrun wizzard (e.g. Import Data)
/bin/cat <<EOF > /Applications/Firefox.app/Contents/Resources/browser/override.ini
[XRE]
EnableProfileMigrator=false
EOF

# Create the Directory structure
/bin/mkdir -p /Applications/Firefox.app/Contents/Resources/browser/profile/chrome

# Create userChrome.css to remove several elements
/bin/cat <<EOF >  /Applications/Firefox.app/Contents/Resources/browser/profile/chrome/userChrome.css

/* UserChrome.css for Mozilla Firefox */
/* Remove access to user interface elements that are not suitable for application virtualization */

/* Options - Advanced - General - System Defaults */
#systemDefaultsGroup { display: none !important; }

/* Options / Advanced / Update / Firefox updates group box */
#updateApp  { display: none !important; }

/* Help - About - Check for Updates button */
#updateButton { display: none !important; }
EOF

There is also a Gist for that.

This should work with the regular Mozilla FireFox distribution, the FireFox Developer Edition, and the ESR Edition (my favorite).

Here is a PLIST File that should work with a plain Munki installation:

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
	<key>_metadata</key>
	<dict>
		<key>created_by</key>
		<string>macadmin</string>
		<key>creation_date</key>
		<date>2017-06-30T22:05:31Z</date>
		<key>munki_version</key>
		<string>3.0.2.3347</string>
		<key>os_version</key>
		<string>10.12.5</string>
	</dict>
	<key>autoremove</key>
	<false/>
	<key>catalogs</key>
	<array>
		<string>testing</string>
	</array>
	<key>category</key>
	<string>Internet</string>
	<key>description</key>
	<string>Mozilla Firefox is a free and open source web browser.</string>
	<key>developer</key>
	<string>Mozilla</string>
	<key>display_name</key>
	<string>Mozilla Firefox</string>
	<key>installer_item_hash</key>
	<string>5ec2a1bac1059932399bdbbc9fb64fdd51f069db8768f2b52b080218eb019773</string>
	<key>installer_item_location</key>
	<string>apps/firefox/Firefox-54.0.1.dmg</string>
	<key>installer_item_size</key>
	<integer>58252</integer>
	<key>installer_type</key>
	<string>copy_from_dmg</string>
	<key>installs</key>
	<array>
		<dict>
			<key>CFBundleIdentifier</key>
			<string>org.mozilla.firefox</string>
			<key>CFBundleName</key>
			<string>Firefox</string>
			<key>CFBundleShortVersionString</key>
			<string>54.0.1</string>
			<key>CFBundleVersion</key>
			<string>5417.6.28</string>
			<key>minosversion</key>
			<string>10.9.0</string>
			<key>path</key>
			<string>/Applications/Firefox.app</string>
			<key>type</key>
			<string>application</string>
			<key>version_comparison_key</key>
			<string>CFBundleShortVersionString</string>
		</dict>
	</array>
	<key>items_to_copy</key>
	<array>
		<dict>
			<key>destination_path</key>
			<string>/Applications</string>
			<key>source_item</key>
			<string>Firefox.app</string>
		</dict>
	</array>
	<key>minimum_os_version</key>
	<string>10.9.0</string>
	<key>name</key>
	<string>Firefox</string>
	<key>postinstall_script</key>
	<string>#!/usr/bin/env bash

# --------------------------------------------------------------------------------
# NAME:        FireFox_Tweaks.sh
# SYNOPSIS:    Mozilla FireFox ESR deployment customisation
# DESCRIPTION: Mozilla FireFox deployment customisation for Munki based
#              Deployments/installation.
# NOTES:       I use this with a Munki Deployment, but you might use with a local
#              installation as well. Review my settings, before use it.
#              Some settings are no (no longer) supported (legacy) or based on
#              Windows, but I want to keep the files identical.
# AUTHOR:      Joerg Hochwald &lt;[email protected]&gt;
# LICENSE:     BSD 3-clause "New" or "Revised" License
#              https://opensource.org/licenses/BSD-3-Clause
# --------------------------------------------------------------------------------

# Check if we are root
if (( $EUID != 0 )); then
	echo "Please run as root"
	exit
fi

export LANG="en_US.UTF-8"
export LANGUAGE="en_US.UTF-8"
export LC_ALL="en_US.UTF-8"

# Create the local-settings.js file
/bin/cat &lt;&lt;EOF &gt; /Applications/Firefox.app/Contents/Resources/defaults/pref/local-settings.js
pref("general.config.filename", "mozilla.cfg");
pref("general.config.obscure_value", 0);
EOF

# Create the mozilla.cfg that contains our custom preferences
/bin/cat &lt;&lt;EOF &gt; /Applications/Firefox.app/Contents/Resources/mozilla.cfg
//
lockPref("browser.startup.homepage_override.mstone", "ignore");
lockPref("browser.shell.checkDefaultBrowser", false);
lockPref("app.update.enabled", false);
lockPref("app.update.auto", false);
lockPref("app.update.mode", 0);
lockPref("app.update.service.enabled", false);
lockPref("datareporting.healthreport.service.enabled", false);
lockPref("datareporting.healthreport.uploadEnabled", false);
lockPref("datareporting.policy.dataSubmissionEnabled", false);
lockPref("toolkit.crashreporter.enabled", false);
Components.classes["@mozilla.org/toolkit/crash-reporter;1"].getService(Components.interfaces.nsICrashReporter).submitReports = false;
pref("browser.rights.3.shown", true);
pref("plugins.notifyMissingFlash", false);
pref("browser.shell.shortcutFavicons",true);
pref("browser.urlbar.trimURLs", false);
pref("browser.startup.homepage_override.mstone","ignore");
pref("geo.enabled", false);
pref("geo.wifi.uri", "");
pref("dom.battery.enabled", false);
pref("dom.gamepad.enabled", false);
pref("media.video_stats.enabled", false);
defaultPref("browser.startup.homepage","data:text/plain,browser.startup.homepage=http://www.enatec.io");
defaultPref("security.enterprise_roots.enabled", true);
defaultPref("network.automatic-ntlm-auth.allow-proxies", true);
defaultPref("network.automatic-ntlm-auth.trusted-uris", "build.enatec.net,sso.enatec.net,outlook.enatec.net,*.enatec.net");
defaultPref("browser.startup.page", 1);
defaultPref("config.lockdown.disable_themes", true);
defaultPref("browser.download.manager.closeWhenDone", true);
defaultPref("dom.disable_open_during_load", true);
defaultPref("permissions.default.image", 1);
defaultPref("javascript.enabled", true);
defaultPref("pref.advanced.javascript.disable_button.advanced", false);
defaultPref("security.enable_java", true);
defaultPref("security.default_personal_cert", "Ask Every Time");
defaultPref("browser.download.manager.showWhenStarting", false);
defaultPref("browser.download.manager.closeWhenDone", true);
defaultPref("browser.download.useDownloadDir", true);
defaultPref("browser.download.folderList", 2);
defaultPref("browser.tabs.autoHide", false);
defaultPref("browser.tabs.loadInBackground", false);
defaultPref("browser.history_expire_days", 7);
defaultPref("browser.history_expire_days.mirror", 7);
defaultPref("privacy.sanitize.sanitizeOnShutdown", true);
defaultPref("privacy.item.cookies", false);
defaultPref("privacy.item.downloads", false);
defaultPref("privacy.item.formdata", false);
defaultPref("privacy.item.history", false);
defaultPref("privacy.item.cache", true);
defaultPref("privacy.item.sessions", true);
defaultPref("privacy.sanitize.promptOnSanitize", false);
defaultPref("browser.safebrowsing.enabled", true);
defaultPref("general.smoothScroll", true);
defaultPref("general.autoScroll", false);
defaultPref("privacy.item.cache", true);
defaultPref("privacy.item.sessions", true);
defaultPref("network.cookie.cookieBehavior", 3);
defaultPref("browser.search.countryCode", "DE");
defaultPref("browser.search.hiddenOneOffs", "Amazon.com,Twitter,Wikipedia (en)");
defaultPref("browser.search.region", "DE");
defaultPref("browser.link.open_newwindow", 2);
defaultPref("browser.newtabpage.enhanced", true);
defaultPref("browser.newtabpage.storageVersion", 1);
defaultPref("network.predictor.cleaned-up", true);
defaultPref("gfx.direct2d.disabled", true);
defaultPref("layers.acceleration.disabled", true);
defaultPref("browser.cache.disk_cache_ssl", false);
defaultPref("privacy.donottrackheader.enabled", true);
defaultPref("privacy.donottrackheader.value", 1);
defaultPref("security.dialog_enable_delay", 2000);
defaultPref("security.enable_ssl3", true);
defaultPref("security.enable.tls", true);
lockPref("breakpad.reportURL", "");
lockPref("browser.tabs.crashReporting.sendReport", false);
lockPref("datareporting.healthreport.documentServerURI", "");
lockPref("datareporting.healthreport.service.enabled", false);
lockPref("datareporting.healthreport.uploadEnabled", false);
lockPref("datareporting.policy.dataSubmissionEnabled", false);
lockPref("datareporting.policy.dataSubmissionEnabled.v2", false); //      Firefox 43+ ?
lockPref("dom.ipc.plugins.flash.subprocess.crashreporter.enabled", false);
lockPref("dom.ipc.plugins.reportCrashURL", false);
lockPref("toolkit.telemetry.archive.enabled", false);
lockPref("toolkit.telemetry.cachedClientID", "");
lockPref("toolkit.telemetry.enabled", false);
lockPref("toolkit.telemetry.prompted", 2);
lockPref("toolkit.telemetry.rejected", true);
lockPref("toolkit.telemetry.server", "");
lockPref("toolkit.telemetry.unified", false);
lockPref("toolkit.telemetry.unifiedIsOptIn", true);
lockPref("toolkit.telemetry.optoutSample", false);
lockPref("identity.fxaccounts.auth.uri", "");
lockPref("identity.fxaccounts.remote.force_auth.uri", "");
lockPref("identity.fxaccounts.remote.signin.uri", "");
lockPref("identity.fxaccounts.remote.signup.uri", "");
lockPref("identity.fxaccounts.settings.uri", "");
lockPref("services.sync.autoconnect", false);
lockPref("services.sync.engine.addons", false);
lockPref("services.sync.engine.bookmarks", false);
lockPref("services.sync.engine.history", false);
lockPref("services.sync.engine.passwords", false);
lockPref("services.sync.engine.prefs", false);
lockPref("services.sync.engine.tabs", false);
lockPref("services.sync.serverURL", "");
lockPref("breakpad.reportURL", "");
lockPref("browser.tabs.crashReporting.sendReport", false);
lockPref("datareporting.healthreport.documentServerURI", "");
lockPref("datareporting.healthreport.service.enabled", false);
lockPref("datareporting.healthreport.uploadEnabled", false);
lockPref("datareporting.policy.dataSubmissionEnabled", false);
lockPref("datareporting.policy.dataSubmissionEnabled.v2", false); //      Firefox 43+ ?
lockPref("dom.ipc.plugins.flash.subprocess.crashreporter.enabled", false);
lockPref("dom.ipc.plugins.reportCrashURL", false);
lockPref("toolkit.telemetry.archive.enabled", false);
lockPref("toolkit.telemetry.cachedClientID", "");
lockPref("toolkit.telemetry.enabled", false);
lockPref("toolkit.telemetry.prompted", 2);
lockPref("toolkit.telemetry.rejected", true);
lockPref("toolkit.telemetry.server", "");
lockPref("toolkit.telemetry.unified", false);
lockPref("toolkit.telemetry.unifiedIsOptIn", true);
lockPref("toolkit.telemetry.optoutSample", false);
lockPref("browser.safebrowsing.enabled", false);
lockPref("browser.safebrowsing.downloads.enabled", false);
lockPref("browser.safebrowsing.malware.enabled", false);
lockPref("browser.urlbar.filter.javascript", true);
lockPref("network.cookie.cookieBehavior", 1);
lockPref("plugin.state.flash", 2);
lockPref("browser.pocket.enabled", false);
lockPref("signon.expireMasterPassword", true);
lockPref("browser.cache.disk.capacity", 1024);
lockPref("browser.cache.disk.smart_size.enabled", false);
lockPref("browser.cache.disk.smart_size.first_run", false);
lockPref("browser.cache.disk.smart_size.use_old_max", false);
EOF

# Create override.ini to suppress fristrun wizzard (e.g. Import Data)
/bin/cat &lt;&lt;EOF &gt; /Applications/Firefox.app/Contents/Resources/browser/override.ini
[XRE]
EnableProfileMigrator=false
EOF

# Create the Directory structure
/bin/mkdir -p /Applications/Firefox.app/Contents/Resources/browser/profile/chrome

# Create userChrome.css to remove several elements
/bin/cat &lt;&lt;EOF &gt;  /Applications/Firefox.app/Contents/Resources/browser/profile/chrome/userChrome.css

/* UserChrome.css for Mozilla Firefox */
/* Remove access to user interface elements that are not suitable for application virtualization */

/* Options - Advanced - General - System Defaults */
#systemDefaultsGroup { display: none !important; }

/* Options / Advanced / Update / Firefox updates group box */
#updateApp  { display: none !important; }

/* Help - About - Check for Updates button */
#updateButton { display: none !important; }
EOF</string>
	<key>unattended_install</key>
	<true/>
	<key>unattended_uninstall</key>
	<false/>
	<key>uninstall_method</key>
	<string>remove_copied_items</string>
	<key>uninstallable</key>
	<true/>
	<key>version</key>
	<string>54.0.1</string>
</dict>
</plist>

There is also a Gist for that.

Why am I writing about something that I do for such a long time?
This Weekend a customer challenged me, with the following request: “We know you are a typical Server guy, could you help us to create a few packages?” (to explain that “Server guy”: I support them with Exchange and Windows Servers in general)
Me: „Yep, sure! Why not
Customer: „There is one thing: We use EMCO Remote Installer! And we talk about Windows.

First, I was a skeptical, and my first idea was to call a friend (He is a crack when it comes to Windows packing and deployment, even if he uses another product).
Then I started a bit of research, and soon I figured out: The EMCO Remote Installer supports PowerShell“!
And here we go again, I’m a scripting guy and after a few hours, we had around 10 packages ready, without repacking any MSI! All because of the power that the Shell provides!

Here is the same as above, just for 64Bit Windows:

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
<#
	.SYNOPSIS
		Mozilla FireFox deployment customisation
	
	.DESCRIPTION
		Mozilla FireFox deployment customisation for 64bit Windows based installation.
		This version supports 64Bit only. If you plan to use it with a 32Bit deployment, you will
		need to tweak the Path (at least if the OS is 64Bit)
	
	.EXAMPLE
		PS C:\> .\FireFox_Tweaks.ps1
	
	.NOTES
		Usedd to deploy a streamlined Mozilla Firefox accross the Enterprise by using EMCO remote
		Installer. It should work with all deployment tools that support PowerShell Script execution
		as part of the deployment. A friend tested it with SCCM and it worked just fine.
#>
#requires -Version 2.0

$ENC = 'UTF8'
$SC = 'SilentlyContinue'

$targetDir = "$env:ProgramFiles\Mozilla Firefox\defaults\pref\"
$CFGTargetDir = "$env:ProgramFiles\Mozilla Firefox\"
$OverrideTargetDir = "$env:ProgramFiles\Mozilla Firefox\browser\"
$userChromeTargetDir = "$env:ProgramFiles\Mozilla Firefox\browser\profile\chrome\"

$CustomConfig = 'mozilla.cfg'
$CustomOverride = 'override.ini'
$AutoConfig = 'autoconfig.js'
$UserChromeCssName = 'userChrome.css'

If (Test-Path -Path $targetDir -ErrorAction $SC -WarningAction $SC)
{
	$AutoCfg = ($targetDir + $AutoConfig)
	$MozillaCfg = ($CFGTargetDir + $CustomConfig)
	$OverrideIni = ($OverrideTargetDir + $CustomOverride)
	$UserChromeCss = ($userChromeTargetDir + $UserChromeCssName)

	#region CreateStructure
	# Create the missing structure
	If (-not (Test-Path -Path $userChromeTargetDir -ErrorAction $SC -WarningAction $SC))
	{
		$paramNewItem = @{
			Path          = $userChromeTargetDir
			ItemType      = 'directory'
			Force         = $true
			Confirm       = $false
			ErrorAction   = $SC
			WarningAction = $SC
		}

		$null = (New-Item @paramNewItem)
	}
	#endregion CreateStructure

	#region UserChromeCss
	If (Test-Path -Path $UserChromeCss -ErrorAction $SC -WarningAction $SC)
	{
		$paramRemoveItem = @{
			Force         = $true
			ErrorAction   = $SC
			WarningAction = $SC
			Confirm       = $false
		}
		$null = (Remove-Item $UserChromeCss @paramRemoveItem)
	}

	[string]$UserChromeCssContent = '/* UserChrome.css for Mozilla Firefox */
/* Remove access to user interface elements that are not suitable for application virtualization */
 
/* Options - Advanced - General - System Defaults */
#systemDefaultsGroup { display: none !important; }
 
/* Options / Advanced / Update / Firefox updates group box */
#updateApp  { display: none !important; }
 
/* Help - About - Check for Updates button */
#updateButton { display: none !important; }
'

	$paramSetContent = @{
		Path          = $UserChromeCss
		Value         = $UserChromeCssContent
		Force         = $true
		Encoding      = $ENC
		ErrorAction   = $SC
		WarningAction = $SC
	}
	$null = (Set-Content @paramSetContent)
	#endregion UserChromeCss

	#region AutoCfg
	If (Test-Path -Path $AutoCfg -ErrorAction $SC -WarningAction $SC)
	{
		$paramRemoveItem = @{
			Force         = $true
			ErrorAction   = $SC
			WarningAction = $SC
			Confirm       = $false
		}
		$null = (Remove-Item $AutoCfg @paramRemoveItem)
	}

	[string]$AutoCfgContent = 'pref("general.config.filename", "mozilla.cfg");
pref("general.config.obscure_value", 0);
'

	$paramSetContent = @{
		Path          = $AutoCfg
		Value         = $AutoCfgContent
		Force         = $true
		Encoding      = $ENC
		ErrorAction   = $SC
		WarningAction = $SC
	}
	$null = (Set-Content @paramSetContent)
	#endregion AutoCfg

	#region MozillaCfg
	If (Test-Path -Path $MozillaCfg -ErrorAction $SC -WarningAction $SC)
	{
		$paramRemoveItem = @{
			Force         = $true
			ErrorAction   = $SC
			WarningAction = $SC
			Confirm       = $false
		}
		$null = (Remove-Item $MozillaCfg @paramRemoveItem)
	}

	[string]$TargetContent = '//
lockPref("browser.startup.homepage_override.mstone", "ignore");
lockPref("browser.shell.checkDefaultBrowser", false);
lockPref("app.update.enabled", false);
lockPref("app.update.auto", false);
lockPref("app.update.mode", 0);
lockPref("app.update.service.enabled", false);
lockPref("datareporting.healthreport.service.enabled", false);
lockPref("datareporting.healthreport.uploadEnabled", false);
lockPref("datareporting.policy.dataSubmissionEnabled", false);
lockPref("toolkit.crashreporter.enabled", false);

Components.classes["@mozilla.org/toolkit/crash-reporter;1"].getService(Components.interfaces.nsICrashReporter).submitReports = false;

pref("browser.rights.3.shown", true);
pref("plugins.notifyMissingFlash", false);
pref("browser.shell.shortcutFavicons",true);
pref("browser.urlbar.trimURLs", false);
pref("browser.startup.homepage_override.mstone","ignore");
pref("geo.enabled", false);
pref("geo.wifi.uri", "");
pref("dom.battery.enabled", false);
pref("dom.gamepad.enabled", false);
pref("media.video_stats.enabled", false);

defaultPref("browser.startup.homepage","data:text/plain,browser.startup.homepage=http://www.enatec.io");
defaultPref("security.enterprise_roots.enabled", true);
defaultPref("network.automatic-ntlm-auth.allow-proxies", true);
defaultPref("network.automatic-ntlm-auth.trusted-uris", "build.enatec.net,sso.enatec.net,outlook.enatec.net,*.enatec.net");
defaultPref("browser.startup.page", 1);
defaultPref("config.lockdown.disable_themes", true);
defaultPref("browser.download.manager.closeWhenDone", true);
defaultPref("dom.disable_open_during_load", true);
defaultPref("permissions.default.image", 1);
defaultPref("javascript.enabled", true);
defaultPref("pref.advanced.javascript.disable_button.advanced", false);
defaultPref("security.enable_java", true);
defaultPref("security.default_personal_cert", "Ask Every Time");

defaultPref("browser.download.manager.showWhenStarting", false);
defaultPref("browser.download.manager.closeWhenDone", true);
defaultPref("browser.download.useDownloadDir", true);
defaultPref("browser.download.folderList", 2);
defaultPref("browser.tabs.autoHide", false);
defaultPref("browser.tabs.loadInBackground", false);
defaultPref("browser.history_expire_days", 7);
defaultPref("browser.history_expire_days.mirror", 7);

defaultPref("privacy.sanitize.sanitizeOnShutdown", true);
defaultPref("privacy.item.cookies", false);
defaultPref("privacy.item.downloads", false);
defaultPref("privacy.item.formdata", false);
defaultPref("privacy.item.history", false);
defaultPref("privacy.item.cache", true);
defaultPref("privacy.item.sessions", true);
defaultPref("privacy.sanitize.promptOnSanitize", false);

defaultPref("browser.safebrowsing.enabled", true);
defaultPref("general.smoothScroll", true);
defaultPref("general.autoScroll", false);

defaultPref("privacy.item.cache", true);
defaultPref("privacy.item.sessions", true);

defaultPref("network.cookie.cookieBehavior", 3);

defaultPref("browser.search.countryCode", "DE");
defaultPref("browser.search.hiddenOneOffs", "Amazon.com,Twitter,Wikipedia (en)");
defaultPref("browser.search.region", "DE");

defaultPref("browser.link.open_newwindow", 2);
defaultPref("browser.newtabpage.enhanced", true);
defaultPref("browser.newtabpage.storageVersion", 1);

defaultPref("network.predictor.cleaned-up", true);
defaultPref("gfx.direct2d.disabled", true);
defaultPref("layers.acceleration.disabled", true);

defaultPref("browser.cache.disk_cache_ssl", false);
defaultPref("privacy.donottrackheader.enabled", true);
defaultPref("privacy.donottrackheader.value", 1);
defaultPref("security.dialog_enable_delay", 2000);
defaultPref("security.enable_ssl3", true);
defaultPref("security.enable.tls", true);

lockPref("breakpad.reportURL", "");
lockPref("browser.tabs.crashReporting.sendReport", false);
lockPref("datareporting.healthreport.documentServerURI", "");
lockPref("datareporting.healthreport.service.enabled", false);
lockPref("datareporting.healthreport.uploadEnabled", false);
lockPref("datareporting.policy.dataSubmissionEnabled", false);
lockPref("datareporting.policy.dataSubmissionEnabled.v2", false); //      Firefox 43+ ?
lockPref("dom.ipc.plugins.flash.subprocess.crashreporter.enabled", false);
lockPref("dom.ipc.plugins.reportCrashURL", false);
lockPref("toolkit.telemetry.archive.enabled", false);
lockPref("toolkit.telemetry.cachedClientID", "");
lockPref("toolkit.telemetry.enabled", false);
lockPref("toolkit.telemetry.prompted", 2);
lockPref("toolkit.telemetry.rejected", true);
lockPref("toolkit.telemetry.server", "");
lockPref("toolkit.telemetry.unified", false);
lockPref("toolkit.telemetry.unifiedIsOptIn", true);
lockPref("toolkit.telemetry.optoutSample", false);

lockPref("identity.fxaccounts.auth.uri", "");
lockPref("identity.fxaccounts.remote.force_auth.uri", "");
lockPref("identity.fxaccounts.remote.signin.uri", "");
lockPref("identity.fxaccounts.remote.signup.uri", "");
lockPref("identity.fxaccounts.settings.uri", "");
lockPref("services.sync.autoconnect", false);
lockPref("services.sync.engine.addons", false);
lockPref("services.sync.engine.bookmarks", false);
lockPref("services.sync.engine.history", false);
lockPref("services.sync.engine.passwords", false);
lockPref("services.sync.engine.prefs", false);
lockPref("services.sync.engine.tabs", false);
lockPref("services.sync.serverURL", "");

lockPref("breakpad.reportURL", "");
lockPref("browser.tabs.crashReporting.sendReport", false);
lockPref("datareporting.healthreport.documentServerURI", "");
lockPref("datareporting.healthreport.service.enabled", false);
lockPref("datareporting.healthreport.uploadEnabled", false);
lockPref("datareporting.policy.dataSubmissionEnabled", false);
lockPref("datareporting.policy.dataSubmissionEnabled.v2", false); //      Firefox 43+ ?
lockPref("dom.ipc.plugins.flash.subprocess.crashreporter.enabled", false);
lockPref("dom.ipc.plugins.reportCrashURL", false);
lockPref("toolkit.telemetry.archive.enabled", false);
lockPref("toolkit.telemetry.cachedClientID", "");
lockPref("toolkit.telemetry.enabled", false);
lockPref("toolkit.telemetry.prompted", 2);
lockPref("toolkit.telemetry.rejected", true);
lockPref("toolkit.telemetry.server", "");
lockPref("toolkit.telemetry.unified", false);
lockPref("toolkit.telemetry.unifiedIsOptIn", true);
lockPref("toolkit.telemetry.optoutSample", false);

lockPref("browser.safebrowsing.enabled", false);
lockPref("browser.safebrowsing.downloads.enabled", false);
lockPref("browser.safebrowsing.malware.enabled", false);

lockPref("browser.urlbar.filter.javascript", true);

lockPref("network.cookie.cookieBehavior", 1);

lockPref("plugin.state.flash", 2);

lockPref("browser.pocket.enabled", false);

lockPref("signon.expireMasterPassword", true);

lockPref("browser.cache.disk.capacity", 1024);
lockPref("browser.cache.disk.smart_size.enabled", false);
lockPref("browser.cache.disk.smart_size.first_run", false);
lockPref("browser.cache.disk.smart_size.use_old_max", false);


'

	$paramSetContent = @{
		Path          = $MozillaCfg
		Value         = $TargetContent
		Force         = $true
		Encoding      = $ENC
		ErrorAction   = $SC
		WarningAction = $SC
	}
	$null = (Set-Content @paramSetContent)
	#endregion MozillaCfg

	#region OverrideIni
	If (Test-Path -Path $OverrideIni -ErrorAction $SC -WarningAction $SC)
	{
		$paramRemoveItem = @{
			Force         = $true
			ErrorAction   = $SC
			WarningAction = $SC
			Confirm       = $false
		}
		$null = (Remove-Item $OverrideIni @paramRemoveItem)
	}

	[string]$TargetContent = '[XRE]
EnableProfileMigrator=false
'

	$paramSetContent = @{
		Path          = $OverrideIni
		Value         = $TargetContent
		Force         = $true
		Encoding      = $ENC
		ErrorAction   = $SC
		WarningAction = $SC
	}
	$null = (Set-Content @paramSetContent)
	#endregion OverrideIni
}

There is also a Gist for that.

I’m still not so into Windows as a client and Windows packing and deployments are still not my favorite work, but thanks to my existing Munki experience and a lot of PowerShell scripting; I could help these guys. Even If I never heard of the tool they use before and a very limited knowledge with Windows software deployments.
And the customer now let me update all the Munki stuff and prepare everything for an upcoming OS Update (They will go straight to MacOS High Sierra, as soon as it is released).

You will find all the stuff above on GitHub. Use it, it’s Open Source (And the PowerShell Demo is Public Domain).