Locking Firefox preferences

You can use a preferences file to configure the security.enterprise_roots.enabled setting in order to enable the Windows certificate store.

To do so, create the following files:

  • The 'webtitan.cfg' file must be placed in the root of the Firefox directory. For example:
    C:\Program Files\Mozilla Firefox\webtitan.cfg
  • The 'local-settings.js' file must be placed in the \defaults\pref sub-directory. For example:
    C:\Program Files\Mozilla Firefox\defaults\pref\local-settings.js

The contents of local-settings.js should be as follows:

pref("general.config.obscure_value", 0);  pref("general.config.filename", "webtitan.cfg");

The contents of the webtitan.cfg file should be as follows:

lockPref("security.enterprise_roots.enabled", true);

NOTE:  If creating the above files manually, they must be ANSI encoded.


Distributing Firefox preferences files via Group Policy

Group Policy can be used to distribute the above files.  Note, this process requires that Firefox is installed to the default location on the client computers.

  1. Add the files 'webtitan.cfg' and and 'local-settings.js' to a network share.  Ensure that the share has read permissions for 'Domain Computers'.
  2. Create/Edit a group policy in Group Policy Management.
  3. Edit the settings in 'Computer Configuration > Preferences > Windows Settings > Files'.
  4. Right-click and select 'New File'.
  5. Point the 'Source File' to webtitan.cfg on the network share.
  6. Point the 'Destination' file to be C:\Program Files\Mozilla Firefox\webtitan.cfg and 'Apply'.
  7. Repeat the above step to copy the same file to C:\Program Files (x86)\Mozilla Firefox\webtitan.cfg.
  8. Repeat these steps to copy 'local-settings.js' to C:\Program Files\Mozilla Firefox\defaults\pref\local-settings.js.
  9. Repeat these steps to copy 'local-settings.js' to C:\Program Files (x86)\Mozilla Firefox\defaults\pref\local-settings.js.