This is a three-part article about internet browsers in multiuser environments like Citrix Server VDA or Remote Desktop Service (RDS). The articles explain how to deploy and configure the internet browsers to work smoothly in those kinds of environments. The most common browsers used by my customers are Microsoft Internet Explorer, Google Chrome, and Mozilla Firefox; therefore, a three-part article.

Please be aware that some things might change between browser versions and need to be checked with each version.
This is part three about Mozilla Firefox. 

 

Disclaimer
The article is about deployment and configuration of the browser in a multiuser environment and not if the browser is the best, fastest, coolest, etc.   

 

About Mozilla FireFox

Mozilla comes in an extra edition, the Extended Support Release (ESR), which has the same idea as Citrix Long Term Service Release (LTSR). The ESR version should be better tested and as a result, more stable; therefore, the ESR version is used in this article. Some of my customers use Firefox because they have build apps for it and, as is quite common, the person who developed those particular apps has left the company. Mozilla Firefox doesn't support group policies; there is only an unsupported community edition and it is not reliable for production environments. Firefox, as does Google Chrome, stores the user data within the user profile and it can grow to the point where the login time becomes painful. 

 

Deployment

The installation package comes in an executable with very limited options. Use -ms for a silent- and /INI for a silent installation with additional parameters. The main reason why you would want to use the INI option is to disable the maintenance service.

The command line to install Firefox is:
Start "Install FireFox" /wait "%CURRPATH%\Firefox Setup 45.6.0esr.exe" /INI="%CURRPATH%\ff_install.ini"

INI file content
[Install]
InstallDirectoryName=Mozilla Firefox
QuickLaunchShortcut=false
DesktopShortcut=true
StartMenuShortcuts=false
MaintenanceService=false

 

Configuration

The configuration is done by configuration files that need to be customized and copied to the right location. The files in question are autoconfig.js, mozilla.cfg, overwrite.ini, and profiles.ini. The autoconfig file basically just points to the mozilla.cfg. You can name the CFG file whatever you'd like, but it needs to be specified in the autoconfig file.

content autoconfig.js file
pref("general.config.filename", "mozilla.cfg");
pref("general.config.obscure_value", 0);12

 

 The mozilla.cfg is the main configuration file and here are some important settings:

  • // Disable GPU HW acceleration
    lockPref("layers.acceleration.disabled", true);
    lockPref("gfx.direct2d.disabled", true)
  • // Disable default browser check
    lockPref("browser.shell.checkDefaultBrowser", false);
  • // Disable updater
    lockPref("app.update.enabled", false);
  • // make absolutely sure it is really off
    lockPref("app.update.auto", false);
    lockPref("app.update.mode", 0);
    lockPref("app.update.service.enabled", false);
  • // Disable all data upload (Telemetry and FHR)
    lockPref("datareporting.policy.dataSubmissionEnabled", false);

 

Once the user starts Firefox a profile is created and by default in the user profile folder within AppData. As with Google Chrome, I suggest redirecting the folder to a network folder (like the user home drive) since you need the directory per user. Of course, this can have performance and other issues (network failure), but you have to decide between that or a very long login duration. So far, none of my customers have reported problems with redirecting the user data folder to the network.

NOTE: I absolutely DO NOT advise redirecting the entire AppData folder! This can cause many issues.

In order to change the default profile location, the profiles.ini files need to be changed or created for each user. This can easily be done through group policy "ini-files". Additionally, the folder for the new profile location must be created and also done by group policies but this time in "folders".

The content of the profiles.ini would be with H: as home drive and FireFoxProf as the new folder:

[General]
StartWithLastProfile=1
[Profile0]
Name=default
IsRelative=0
Path=H:\Windows\FireFoxProf
Default=1

An alternative is to start Firefox with a command line option to point to the user profile with -P <Path to Profile> and since it's from the shell you can use environment variables as %UserName% and any non-existing folder will be created.

To disable the Import Wizard, an overwrite.ini file needs to be copied into the Firefox target install location.

Content of overwrite.ini file
[XRE]
EnableProfileMigrator=false

After that, you are finally done.

 

Deployment Package

All required files for Mozilla Firefox deployment can be downloaded as a single package

deploy_firefox_en.zip

 

Summary

Of the three internet browsers, Mozilla Firefox requires a lot of configuration to get it working. Control is limited and simply not flexible compared to when group policies can be used. In my opinion, for any software that is to be a core application within organizations, Microsoft group policy support is a must have. In general, the installation package should be MSI and if not, have at least more than two options for installation. I'm also not a fan of applications that either store a lot of data in AppData or, even worse, in AppData\Local.

 


Add comment