Use WetDog to lock down both Mozilla and Firefox (1 and 2) using Group Policy Objects in Active Directory. Easy to install and use.
The project summary and downloads can be found here: http://sourceforge.net/projects/wetdog
Installation
Copy the wetdog.adm or wetdogadv.adm (advanced) template file to the windows\inf directory on your domain controller
Create a Group Policy and add the template file to Administrative Templates under User Configuration
Copy the wetdog.exe executable to the netlogon share on your domain controller
Include wetdog.exe in your login script
Wetdog.exe Command Line Parameters
| Parameter | Description |
|---|---|
| /? | Help |
| /v | Verbose mode - display all error messages |
| /nf | Don't bother searching for Firefox |
| /nm | Don't bother searching for Mozilla |
| /call:filename | Specify alternative location for config file |
| /r:minutes | Specify polling interval in minutes of alternative config file |
| /xl | don't write to the local configuration files |
| /xa | don't write to the alternative configuration file |
Examples
Including wetdog.exe with no parameters in your login script will allow the program to interpret policies that you have set and apply them to Firefox or Mozilla. This is the simplest way to use WetDog and works well if you don’t mind users having write access to the local wetdog.cfg, all.js (Firefox), or browser-prefs.js (Mozilla Browser) files.
Running WetDog on a terminal server:First of all log in to the server as an administrative user and run the following from the command line:
wetdog /call:H:\local.cfg
This will write changes to the local configuration files so that Firefox or Mozilla pick up the preferences from the policies that you have set by looking in the user's home directory (assuming H: drive - local.cfg can be replaced by any filename).
The users do not need write access to the local configuration files. All you need to do now is add the following to the login script of the users who log on to the terminal server:
wetdog /call:H:\local.cfg /xl
The /xl parameter instructs WetDog not to write to the local configuration files - we don't have to because they have already been set as the administrative user.
The steps above could also be replicated on all computers in your organisation – everyone’s remote configuration file could be put on their local home directory. One thing to note is that this ‘remote’ configuration file is not encrypted.
Running WetDog with Auto Refresh:WetDog can be configured in such a way to just use the Group Policy Editor (or Active Directory Users and Computers) as a graphical user interface that allows you to set preferences that are automatically updated at regular intervals by Firefox or Mozilla.
Implementing the method below will mean that user Group Policies are ignored and instead the preferences are written to a location by the administrator and those preferences are read at regular intervals by Firefox or Mozilla.
You can set WetDog to instruct Firefox or Mozilla to poll the remote configuration files at regular intervals – automatically including new preferences without the need for users to shut down the browser or log off and back on again.
For instance, most users would have read only access to the ‘auto refresh.cfg’ file specified below. The following entry would be placed by the administrator in their login scripts:
wetdog /call:“s:\mozilla settings\auto refresh.cfg” /r:3 /xa
The /r:3 parameter specifies a refresh interval of 3 minutes. The /xa parameter specifies that WetDog should not attempt to write to the remote configuration file.
The administrative user (who is the only user in the organisation that is required to have the group policy applied when he/she logs on) can then run the following commands on a computer manually when a policy change has been implemented by the site administrator:
SECEDIT /REFRESHPOLICY USER_POLICY /ENFORCE (Windows 2000 Pro) or
GPUPDATE /FORCE (Windows XP)
And then:
wetdog /call:”s:\mozilla settings\auto refresh.cfg”
The administrative user must have write access to the ‘auto refresh.cfg’ file. Now all browsers will have the new preference applied automatically within 3 minutes. Note that the drive, path, and filename are just examples. If you have spaces in your filename or path then please remember to include everything within quotes.
Creating Your Own Policies
The wetdog.adm or wetdogadv.adm template files can be edited in order to add new policies. In Firefox enter about:config to list all preferences currently set. Most of these preferences can be controlled by adding them to one of the WetDog template files as policies. Explanations on a lot of the preferences can be found here: kb.mozillazine.org/About:config_entries
The following rules apply when editing the wetdog.adm and wetdogadv.adm templates:
VALUENAME is the case sensitive Preference Name in FireFox (e.g. "browser.shell.checkDefaultBrowser")
Prefixing the minus symbol to a VALUENAME will set that preference to pref instead of lockPref. This will allow the Firefox user to change the preference setting during a session - e.g. VALUENAME "-network.proxy.type".
String preferences in FireFox = EXPANDABLETEXT or by prefixing the VALUENAME preference with the percentage symbol. The percentage symbol must come before the minus prefix e.g. "%-browser.download.dir"
Environmental variables such as %USERPROFILE% can be included in EXPANDABLETEXT String preferences or VALUENAME preferences with the percentage symbol prefix
Integer preferences in FireFox = TEXT/EDITTEXT
Boolean preferences in FireFox = TEXT values (true or false)
CLASS must be User
KEYNAME must be "Software\Policies\WetDog"
Some preferences do not 'grey out' in Firefox but the preferences are in fact locked.
Notes
The wetdogadv.adm template file is still in early development and was derived from the mozilla.adm v1.4 (GPL) template
downloaded from the FrontMotion Community Edition website.
The user logging on must have write access to the local wetdog.cfg unless
the xl parameter is used.
©2005-2006 Dion Liddell. Released under the GNU GPL.
This page last updated 26 October 2006.
