Controlling Firefox Through Active Directory

Firefox is a great browser. But it is being widely avoided by corporations, since it is difficult to manage Firefox through a corporate-wide security policy, like IE through Active Directory.

FrontMotion has published FrontMotion Firefox Community Edition - a Firefox with the ability to lockdown settings through Active Directory using Administrative Templates. The concept is interesting, but how well does it work?

Here is a review of the FrontMotion solution for Firefox and Active Directory Integration

The Test
FrontMotion has prepared an MSI package of Firefox, with several modifications to enable group policy integration, as well as the administrative templates for Firefox.
Download the administrative templates (firefox.adm and mozilla.adm) and add them to your Group Policy Editor.


You get the following configuration parameters in the Group Policy - Administrative Templates for both under user and computer configuration can configure the following elements in the Firefox Section

  • General Settings - centraly configure and enforce Home Page setting for the Firefox users/computers
  • Enable Automatic Image Resizing - self-explanatory
  • Disable Firefox Default Browser Check - self-explanatory
  • Cache - setting cache size and path
  • Set Default Download Location - downloads path setting
  • Proxy Settings - centrally configure and enforce proxy setting for the Firefox users/computers
  • Disable XPI Installs - block installing of Moziila extensions
A configured policy is presented on the following image.


Upon testing, we installed the Firefox Community Edition and applied the configured policy.


When we ran Firefox and tried to change the proxy, we were unable to, as can be seen on the image below.


It can be confirmed that the overall Active Directory Group policy functions well. However, the number of configurable parameters for Firefox is very small, especially compared to the flexibility provided by Microsoft for Internet Explorer

Conclusion
Integrating Firefox into Active Directory is a great progress. But the current level of the solution makes it more of a curiosity, since it will change it's functionality with every new build from FrontMotion. If Active Directory integration is merged into the main Firefox development track and properly developed, for instance for Firefox 3.2, it will be a great step for Mozilla against Microsoft.
Once corporations are confident that Active Directory support is properly adopted into the generic Firefox and is there to stay, I know a lot of administrators that will happily phase out Internet Explorer for Firefox.

Talkback and comments are most welcome

Related posts
TrueCrypt Full Disk Encryption Review

4 comments:

Aice Nice Concepts said...

very detailed information of FF (^_^) thank you for this post this reminds me that there are things IE works better than FF

Bozidar Spirovski said...

Actually, IE in itself is not better in any category. What is better is the integration of IE into the corporate infrastracture management (Active Directory) which is used by most companies.
I assume that Mozilla hasn't gotten around to it yet, but once they integrate the Firefox into AD, it will be a killer for IE

Nishadha said...

This is some great information , when ever I ask our IT team why we are not using FF the reason given is corporate security , maybe this can change there minds

Short said...

This post does not emphasize security of Firefox. It merely analyzes the possibility of integration of Firefox into corporate management system like AD

Designed by Posicionamiento Web