6

I would like to enable NTLM for a specific intranet site. For that I need to configure the following parameter:

network.automatic-ntlm-auth.trusted-uris to add x.xyz.com

How can I achieve this via group policy for Firefox Users?

I've come across this script (below) but unsure if this is the best solution

https://www.felixrr.pro/wp-content/uploads/2012/05/FirefoxSSO.txt

clhy
  • 6,283
  • 8
  • 34
  • 66
user2284685
  • 63
  • 1
  • 1
  • 3

1 Answers1

5

Start with the Enterprise deployment article.

First write the following to \Program Files\Mozilla Firefox\defaults\prefs\autoconfig.js:

pref("general.config.filename", "mozilla.cfg.js");
pref("general.config.obscure_value", 0);

Then put your actual settings in \Program Files\Mozilla Firefox\mozilla.cfg.js:

// the first line must be a comment
pref("network.negotiate-auth.trusted-uris", "domain.test");
pref("network.automatic-ntlm-auth.trusted-uris", "domain.test");

In the second file you can use defaultPref(key, value), clearPref(key), pref(key, value), or lockPref(key, value); the last three will override user settings.

It's possible to make Firefox download the configuration over HTTPS, but this doesn't give many advantages over plain Group Policy; it can be useful though where AD is not available:

lockPref("autoadmin.global_config_url", "https://example.com/firefox/lockdown.js");

The 3rd-level .js file works the same way as the 2nd-level one.

eel ghEEz
  • 308
  • 2
  • 7
u1686_grawity
  • 426,297
  • 64
  • 894
  • 966
  • To be picky, the path should be `\Program Files\Mozilla Firefox\defaults\pref\autoconfig.js`. Specifically `prefs` should be `pref` – Corey Ogburn Jan 12 '17 at 22:03
  • Quoting "Integrated Authentication" in MDN https://developer.mozilla.org/en-US/docs/Mozilla/Integrated_authentication , "site-list is a comma-separated list of URL prefixes or domains of the form: site-list = "mydomain.com, https://myotherdomain.com". Wildcards did not work for me but domains without schemas did. – eel ghEEz Jun 30 '17 at 18:24