Release 0.5.9.3

May 14, 2009

This release was going to be a small “tidying up” release, adding those last few features I could find in the interface.

Then, suddenly in a 24 hour period, 2 separate enterprising admins/developers contacted me with features they have written and passed me the code.  From that, 0.5.9.3 went from being a small update to potentially the biggest new feature-adding update to date!  So a massive thank you to Nathan Przybyszewski and Florian Baenziger for their contributions.  Its much, much appreciated.

Changelog is the following:

–  Added:  Ability to control more Tab Behaviour settings
–  Added:  Ability to control history settings
–  Added:  Ability to control Private Data settings
–  Added:  Ability to control advanced Browsing and Spelling settings
–  Added:  Ability to delete private data cookies
–  Added:  Ability to delete private data offline websites
–  Added:  Ability to delete private data passwords
–  Added:  Ability to control SSL domain icon
–  Added:  Ability to control download directory
–  Added:  Ability to replace certificates for all user profiles
–  Added:  Ability to suppress post-update Firefox start page

First 4 were ones I wrote, next 6 were Florian’s and last one was Nathan’s.  I realise there is a potential duplication between some of the Private Data code written by myself and Florian (great minds think alike…!) but I’ve left those in at the moment until I decide (or get feedback from users) which is the better way of framing these features.

Which brings me onto another thing – that ADM template now has so many features, it is getting mighty messy.  This is now getting to be important.  It seems to me that the best way forward would be to group settings in folders, but have yet to come up with a design there.  Once I do, I will post it here for feedback before committing into a release.  At the same time, I will try and produce an ADMX template for the settings (like most, we are actively looking at Windows 7 for deployment sometime in 2010).

Mainly for 0.5.9.4, I want to write in some sort of backup/restore code.  The problem with the current settings format is that it tattoos these pref files in Firefox.  Instead of trying to unwind the code each time at logoff/shutdown, it seems easier to me to just backup the entire file and restore it on reboot.  I still need to get to grips with the exact hows on this but will blog later on it.

Anyway, thanks again to Florian and Nathan for their contributions.  I should probably write a developers guide to FirefoxADM at some point but as they’ve proved its quite easy to figure out what does what!

0.5.9.3 is up on Sourceforge now.

Release 0.5.9.2.1

April 8, 2009

OK, these version strings are getting silly length!  Many thanks to Craig who picked up on a bug in one of 0.5.9.2’s template.  This was a quick update just to solve that bug.

More news on 0.5.9.3 and beyond soon.

FirefoxADM 0.5.9.2

March 26, 2009

Ok, this is a little embarrassing in that this announcement is a month late, as the release got caught up in my planning of my holiday to Australia (which was fabulous!).

Anyway, 0.5.9.2 is now up on sourceforge.  With this release, all existing functions where it makes sense for them to have it, now have the possibility of setting either a Locked or Default value.  The few that do not are simply because I couldn’t see why you would want to have them as Default values.  However, if anyone feels they should be, let me know and I’ll add those in.

With 0.5.9.3, in development, I will be going through Firefox 3.0 and 3.1/3.5 to see what new features I can add.  No promise on when I can release that.

In 0.5.9.4 I will be adding in some important new features, including backing up and restoring of the various Firefox JS files that get quite radically altered by this new iteration of FirefoxADM.  I also, possibly in 0.5.9.4, want to add in some functionality to allow existing ADMXPI Administrative Templates to work with FirefoxADM.

Also, would like to say a massive thank you to everyone who has contacted me recently, some really kind messages and a few support calls which I hope I have been able to help out with.  On we go…

Back to 0.4 (Briefly)

January 27, 2009

I have gone back to the 0.4 releases and added a new release (actually 2 new releases!).

I mentioned in a previous post and also have had comments that there is a bit of a major bug with FirefoxADM 0.4 at the moment.  If you use the login script to set a homepage for a user, you find they also get the “first use” Firefox Welcome page each time they log in.

The bug here simply put was that the script wasn’t precise enough in what it checked.  The problem is that when you set a homepage (browser.startup.homepage in Firefox preference terms), it first needed to remove that preference from the prefs file.  It does this by scanning the file for browser.startup.homepage and removes the line it is on.  Where it gets rotten in Denmark is that if you happen to have another preference which contains the name of the preference you wish to remove in it, such as the one that checks the version and decides if it should show you the first use page, browser.startup.homepage_override.mstone, then it removes it as well.  Stupid bug that I can’t believe has managed to get through to now.

The fix is that it now checks for the preference with quotation marks at each end, making the search more specified.

Anyway, you can download the new version 0.4.0.2 from http://sourceforge.net/projects/firefoxadm/

This was previously fixed in 0.5.9.1, and I promise an update on that line of releases soon enough.

Towards 0.5.9.2

November 9, 2008

I know this blog has been a bit quiet for a while, so I thought I’d give you a quick update on where things are at.

First of all, many, many thanks to everyone who has downloaded and tried the latest version of FirefoxADM and has given me feedback, and suggestions for new features.

I had hoped that I would have progressed further and quicker with the development but unfortunately, I’m stuck in a nightmare project at work which has taken much of my time.

The goal for 0.5.9.2 is to have the new default/locked functionality available for all settings in the Computer Configuration section.  Then, I will start to draw up a list of new features based on feedback.  I also need to implement a backup/restore scheme for the Firefox JS settings files because the new FirefoxADM modifies a lot more files than the old one, in order to make defaults work properly.  More information on all this when 0.5.9.2 is ready for release.

Release 0.5.9.1

September 19, 2008

This has now been added to Sourceforge.  These are released under a different package, firefoxadm_dev.  I must reiterate that this is an early development version.  Do NOT use in a live environment.

The version numbering is slightly changed.  There was a FirefoxADM 0.5, but this was modifications I made for the University of Edinburgh environment.  The next target for release is 0.6 (or FirefoxADM Release 6, as I shall be calling it).  All dev build up to that will be 0.5.9.*.  Any post 0.6 fixes will obviously be 0.6.0.*.

This release is a Proof of Concept for the items I talked about in the previous post.  It also includes a few fixes.  Full changelog:

CHANGES IN 0.5.9.1 – The Road to FirefoxADM Release 6

-  Fixed:  Weakness in way FirefoxADM overrides preferences meant similar named preferences would be removed (if setting homepage, browser.startup.homepage, would remove first-run pref, browser.startup.homepage_override.mstone)
-  Fixed:  Logout script was not handling removal of homepage from prefs.js properly
-  Added:  Ability to determine what type of page you get at startup (homepage, about:blank or from previous session)
-  Added:  Ability to control whether Firefox is allowed to automatically update its Search Engines
-  Added:  Ability to set Java to locked or default value
-  Added:  Ability to set JavaScript to locked or default value
-  Added:  Ability to set Default Browser to locked or default value
-  Added:  Ability to set XPI Installation allowed/disallowed as locked or default value
-  Added:  Shutdown tidyup of "extensions.update.autoUpdateEnabled" value

 

First fix is to a problem I’ve seen before but never put my finger on what was causing it.  It took a comment on this blog for me to recognise the problem.  Thanks, user “realtime”.

Probably the most useful of the default prefs done in this version is the ability to set a default homepage.  Just a warning for this.  I will need to implement an extra set of processes to restore settings to original values, so if you set a default homepage and then take the machine out of the group policy, it will continue to have a homepage set to whatever you set it to.  This is the same with all the default prefs.

Anyway, go to the project page on Sourceforge and give it a try and let me have some feedback, either as a comment here or drop an email to mark dot sammons(at)ed dot ac dot uk

Better Settings, Real Defaults

September 19, 2008

The way FirefoxADM has worked up to now, it is based on the notion that Computer Configuration is Locked Settings and User Configuration are Default Settings.

Unfortunately, a real weakness with FirefoxADM was that the Default Settings simply didn’t work properly – they weren’t real defaults, but would overwrite any personally set values with a value which was then changeable.  The way real defaults should work is if you set a default homepage and the user has a user_pref it should use their user_pref and ignore the default you set.

Also, I wanted to move away from the usage of User Configuration.  It is more difficult to keep track of I find especially with the use of Loopback processing widespread.  Therefore, I want to take as many settings as possible and expose them solely through the Computer Configuration ADM template.  How will this look?  Here is the new ADM template for controlling Java:

For a lot of the settings, there will be 2 settings:  Preference State and how you would like the preference to be handled.

Preference State will be Default or Locked:

And in this case, you can choose to have the settings Allowed or Disallowed:

So, for this particular preference, you have 4 possible enabled states:

Locked/Allowed

Locked/Disallowed

Default/Allowed

Default/Disallowed

Pulling the Dust Covers Off FirefoxADM

September 19, 2008

Well, I’ve been threatening to do this for a while but I’ve decided to resurrect my seeming forgotten project, FirefoxADM.

First of all:  why?  Well, a lot of that is connected to why I stopped updating it.  The last version I released, 0.4, contained the vast majority of settings that I, and people who contacted me, seemed to need to implement Group Policy control in the enterprise.  I had no desire, or especially time, to keep adding more and more obscure settings that ultimately no one would ever use.  There was also another couple of angles to it:  firstly, at the time, I wanted to see if there was any way I could make the Group Policy Add-on (ADM XPI) I wrote a more flexible solution.  Unfortunately, that one has never really flew for a few reasons that I will come back to in another post.  Secondly, there seemed to be growing a movement of people interested in creating a Mozilla-backed enterprise solution.  Now, to be utterly honest, extremely little has happened on that front in the past 3 years.  That is not the fault of anyone involved in that process, I should add, but all of that is for another post too.

I am restarting FirefoxADM because there are a number of new things that I want out of it, some new features and some changes to the way it works.  There are also a number of new preferences that have come into play in the past 3 years.

I’m also hugely delighted at the sheer amount of people who contact me from across the globe who are using FirefoxADM in their environment.  That really gave me the biggest urge to start this up again, so onwards and upwards.  Any requests?

FirefoxADM and Firefox 3

February 22, 2008

I think it is best I am completely open while I investigate this further, and to forewarn users of FirefoxADM that they may need to investigate another method of preference locking when they are considering deploying Firefox 3.

A couple of days ago, I tried Firefox 3 Beta 3 with a normal install of FirefoxADM and, to date, I have not been able to get it to work at all – either setting default preferences or locking preferences.  This is obviously a bit of a blow.

I feel that this could be connected to a bug in the Firefox code, as I have been unable to get locking working in any form (such as using the traditional method).

Its very early in the process of investigating this but if anyone has tried Firefox 3 and FirefoxADM and has any other experiences, please let me know.

I’ll post any updates to this here as well as in a new blog entry.

UPDATE (29/5/08):  Oh THANK GOODNESS…  https://bugzilla.mozilla.org/show_bug.cgi?id=427927 was the bug and it is fixed.  FirefoxADM and Firefox 3 like each other again!  Thanks to wzzrd for his comment

Control Thunderbird In The Enterprise

January 25, 2008

Back when I was actively coding FirefoxADM, one question I would get quite often was:  “when are we going to see ThunderbirdADM?”.

My answer was that I really wanted to do this, to allow users to be able to control both Firefox and Enterprise as either their main or alternative browser and email clients.  Unfortunately, I didn’t really get round to it due to the unwieldy way I built FirefoxADM.

So let’s look at it now…

Controlling Thunderbird actually works in exactly the same way as the way that was the basis for FirefoxADM.  The big problem is, because things have been moved around, some functionality changed, it wasn’t always obvious how this was done.  Now, from this point, I am going to talk in a Windows context.  However, as far as I can tell, this should work on all platforms.

First things first:  install Thunderbird and run it for the first time.  To follow some of the prefs, it is better if you use a cleanly built machine, but if you are doing this on your machine, with your own settings in play, be careful!  If you are using it for the first time, set it up as you would want to see it in your enterprise environment if Thunderbird was freshly installed.  The overall aim of this exercise is to take a large number of these preferences you just set up and apply them to users.  You want some to be locked, some to be default and you want them in there automagically when the user first uses Thunderbird.

Navigate to where Thunderbird is installed.  This will usually be C:\Program Files\Mozilla Thunderbird.  The way the enterprise management works in Thunderbird goes all the way back to Netscape.  There was a hidden preference in Netscape called “general.config.filename”.  This preference set the location of a central configuration file.  By default, this file was a ROT 13 file.  ROT is a very simplistic byte shifting encryption.  For example, the word “MARK” would be “NBSL” at ROT 1, “OCTM” at ROT 2 and therefore “ZNEX” at ROT 13.  Fortunately, there is another setting, “general.config.obscure_value” which allows you to set the ROT value.  I prefer ROT 0!  Where do we put this?  Inside the greprefs directory in Mozilla Thunderbird’s installation directory, create a file.  Call it “adm.js“.  Now, let’s put these two settings in there, and call the configuration file tbirdadm.cfg (from the filename, you can see where I’m going with this!):

pref(“general.config.obscure_value”, 0);
pref(“general.config.filename”, “tbirdadm.cfg”);

We now want to get all those settings you made.  Go to your Application Data directory (for Vista users, that’s in C:\Users\<username>\AppData\Roaming, XP/2000 is in C:\Documents and Settings\<username>\Application Data).  There should be a folder there called Thunderbird.  Go in there, into the Profiles directory that is below that and you should see a directory called, well, something.  Its a random name.  Inside that folder you see your profile.  The file we are interested in is prefs.js.  Open it and you will see it looks something like this:

And here you have the settings you really want to push out to your users.  You now have to choose which settings to use.  This is the really tricky part.  There will be a LOT of trial and error at this stage – finding all the right settings can be a pain.  One gotcha with the prefs.js file is it only includes preferences where the user has preference values that are different to those Thunderbird has as default.  If you have a fresh profile as I said earlier, I suggest copy from this file all the preferences that start “user_pref(“mail…”.  Now, in the C:\Program Files\Mozilla Thunderbird directory, create a file called “tbirdadm.cfg”.  Paste all the settings you had in there.  Now, replace all the “user_pref” in that file with “lockPref” (ie.  Edit, Replace) and close the file.

Time to test!  Rename the entire Thunderbird directory from the Application Data directory to Thunderbird.bak.  Fire up Thunderbird.  You are now a first time user using Thunderbird.  Hopefully, Thunderbird will now be using your managed preferences and will automatically have configured Thunderbird to act as you want it to for a first time user.  What’s more, all the settings will be locked from being changed:

Do not be despondent if, when you loaded Thunderbird up, you got an error, or no accounts were set up.  Close Thunderbird, delete the Thunderbird directory, go into the Thunderbird.bak directory and have another look at that prefs.js file.  You might also find that some values seem not locked.  Thunderbird is a tricksy application in that way.  Sometimes, settings aren’t locked or you find there are workarounds.  For example, in that screenshot above, if someone ticks and unticks that Attach this signature box, it unlocks the box.  The problem is, that tick box is not locked, because it never appeared in the prefs.js as unticked is default.  So, you tick the box, close Thunderbird, go to the prefs.js file and find this value:  user_pref(“mail.identity.id1.attach_signature”, true);.  Therefore, you just add:  lockPref(“mail.identity.id1.attach_signature”, false);  to the tbirdadm.cfg file file.  There are plenty more of these to find!

Once you have all that working, you have one last major problem which is, some of the settings are configured to you.  For example, in mine, many of them use my username.  You now have to genericise the settings.  Fortunately, you can use getenv to get Environment Variables.  This is useful because you can change a line like:

lockPref(“mail.identity.id1.draft_folder”, “imap://msammons@mailserver.com/Drafts”);

to

lockPref(“mail.identity.id1.draft_folder”, “imap://” + getenv(“username”) + “@mailserver.com/Drafts”);

Not all settings are going to be as easy as that to make generic.  Some may even require some user interaction.  Some may require some more programming in the tbirdadm.js file (remember, this is effectively inside Thunderbird, so any javascript code you put in there, Thunderbird will try to execute…).  For instance, their email address and full name may not be things you can set generically and will have to teach users to set themselves (although I think it is the case that in those two examples Thunderbird will demand these are set when you first try to send an email).

I said earlier that you might want to set default settings as opposed to locked ones.  Simple:  find the setting in tbirdadm.cfg and change lockPref to defaultPref.

This is a bit of a wordy skip through the process but its really quite a simple process really.