Firefox is a great browser. But it is being widely avoided by corporations, since it is difficult to manage Firefox through a corporate-wide security policy, like IE through Active Directory.
FrontMotion has published FrontMotion Firefox Community Edition - a Firefox with the ability to lockdown settings through Active Directory using Administrative Templates. The concept is interesting, but how well does it work?
Here is a review of the FrontMotion solution for Firefox and Active Directory Integration
FrontMotion has prepared an MSI package of Firefox, with several modifications to enable group policy integration, as well as the administrative templates for Firefox.
Download the administrative templates (firefox.adm and mozilla.adm) and add them to your Group Policy Editor.
You get the following configuration parameters in the Group Policy - Administrative Templates for both under user and computer configuration can configure the following elements in the Firefox Section
- General Settings - centraly configure and enforce Home Page setting for the Firefox users/computers
- Enable Automatic Image Resizing - self-explanatory
- Disable Firefox Default Browser Check - self-explanatory
- Cache - setting cache size and path
- Set Default Download Location - downloads path setting
- Proxy Settings - centrally configure and enforce proxy setting for the Firefox users/computers
- Disable XPI Installs - block installing of Moziila extensions
Upon testing, we installed the Firefox Community Edition and applied the configured policy.
When we ran Firefox and tried to change the proxy, we were unable to, as can be seen on the image below.
It can be confirmed that the overall Active Directory Group policy functions well. However, the number of configurable parameters for Firefox is very small, especially compared to the flexibility provided by Microsoft for Internet Explorer
Integrating Firefox into Active Directory is a great progress. But the current level of the solution makes it more of a curiosity, since it will change it's functionality with every new build from FrontMotion. If Active Directory integration is merged into the main Firefox development track and properly developed, for instance for Firefox 3.2, it will be a great step for Mozilla against Microsoft.
Once corporations are confident that Active Directory support is properly adopted into the generic Firefox and is there to stay, I know a lot of administrators that will happily phase out Internet Explorer for Firefox.
Talkback and comments are most welcome
TrueCrypt Full Disk Encryption Review