First time post here,
We had a need to deploy a password manager and as part of that, disabling the built in password managers in Chrome, Firefox and Edge.
There are already options in the Chrome and Edge deployment but Firefox is a bit more barebones.
Instead we have made a general deployment task but optimally linking it to the installation would be best.
Our Script Param block is as follows:
param(
[Parameter(Position=0,Mandatory=$False,HelpMessage=@’
Disable Firefox Accounts integration (Sync).
‘@)]
[Boolean]$DisableFirefoxAccounts,
[Parameter(Position=1,Mandatory=$False,HelpMessage=@’
Control whether or not Firefox offers to save passwords.
‘@)]
[Boolean]$OfferToSaveLogins,
[Parameter(Position=2,Mandatory=$False,HelpMessage=@’
Sets the default value of signon.rememberSignons without locking it.
‘@)]
[Boolean]$OfferToSaveLoginsDefault,
[Parameter(Position=3,Mandatory=$False,HelpMessage=@’
Remove access to the password manager via preferences and blocks about:logins on Firefox 70.
'@)]
[Boolean]$PasswordManagerEnabled
)
Our configuration script is as follows:
#Define the registry path
$vendorPath = “HKLM:\Software\Policies\Mozilla”
$basePath = “HKLM:\Software\Policies\Mozilla\Firefox”
#Check if the vendor path exists
if (-not (Test-Path -Path $vendorPath)) {
#Create the registry path
New-Item -Path $vendorPath -Force | Out-Null
}
#Check if the base path exists
if (-not (Test-Path -Path $basePath)) {
#Create the registry path
New-Item -Path $basePath -Force | Out-Null
}
#Check if the parameter DisableFirefoxAccounts is not specified
#If unspecified, then delete the registry value
if ($DisableFirefoxAccounts -eq $null){
Remove-ItemProperty -Path $BasePath -Name “DisableFirefoxAccounts”
}
#If the parameter has any value other than null, convert it to an INT and create the DWORD
else{
Set-ItemProperty -Path $BasePath -Name “DisableFirefoxAccounts” -Value ([int]$DisableFirefoxAccounts)
}
#Check if the parameter OfferToSaveLogins is not specified
#If unspecified, then delete the registry value
if ($OfferToSaveLogins -eq $null){
Remove-ItemProperty -Path $BasePath -Name “OfferToSaveLogins”
}
#If the parameter has any value other than null, convert it to an INT and create the DWORD
else{
Set-ItemProperty -Path $BasePath -Name “OfferToSaveLogins” -Value ([int]$OfferToSaveLogins)
}
#Check if the parameter OfferToSaveLoginsDefault is not specified
#If unspecified, then delete the registry value
if ($OfferToSaveLoginsDefault -eq $null){
Remove-ItemProperty -Path $BasePath -Name “OfferToSaveLoginsDefault”
}
#If the parameter has any value other than null, convert it to an INT and create the DWORD
else{
Set-ItemProperty -Path $BasePath -Name “OfferToSaveLoginsDefault” -Value ([int]$OfferToSaveLoginsDefault)
}
#Check if the parameter PasswordManagerEnabled is not specified
#If unspecified, then delete the registry value
if ($PasswordManagerEnabled -eq $null){
Remove-ItemProperty -Path $BasePath -Name “PasswordManagerEnabled”
}
#If the parameter has any value other than null, convert it to an INT and create the DWORD
else{
Set-ItemProperty -Path $BasePath -Name “PasswordManagerEnabled” -Value ([int]$PasswordManagerEnabled)
}
Thanks for taking the time to look at this.