1 # Unix SMB/CIFS implementation. Tests for smb manipulation
2 # Copyright (C) David Mulder <dmulder@suse.com> 2018
4 # This program is free software; you can redistribute it and/or modify
5 # it under the terms of the GNU General Public License as published by
6 # the Free Software Foundation; either version 3 of the License, or
7 # (at your option) any later version.
9 # This program is distributed in the hope that it will be useful,
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 # GNU General Public License for more details.
14 # You should have received a copy of the GNU General Public License
15 # along with this program. If not, see <http://www.gnu.org/licenses/>.
19 from samba import gpo, tests
20 from samba.gp.gpclass import register_gp_extension, list_gp_extensions, \
21 unregister_gp_extension, GPOStorage, get_gpo_list
22 from samba.param import LoadParm
23 from samba.gp.gpclass import check_refresh_gpo_list, check_safe_path, \
24 check_guid, parse_gpext_conf, atomic_write_conf, get_deleted_gpos_list
25 from subprocess import Popen, PIPE
26 from tempfile import NamedTemporaryFile, TemporaryDirectory
27 from samba.gp import gpclass
28 # Disable privilege dropping for testing
29 gpclass.drop_privileges = lambda _, func, *args : func(*args)
30 from samba.gp.gp_sec_ext import gp_krb_ext, gp_access_ext
31 from samba.gp.gp_scripts_ext import gp_scripts_ext, gp_user_scripts_ext
32 from samba.gp.gp_sudoers_ext import gp_sudoers_ext
33 from samba.gp.vgp_sudoers_ext import vgp_sudoers_ext
34 from samba.gp.vgp_symlink_ext import vgp_symlink_ext
35 from samba.gp.gpclass import gp_inf_ext
36 from samba.gp.gp_smb_conf_ext import gp_smb_conf_ext
37 from samba.gp.vgp_files_ext import vgp_files_ext
38 from samba.gp.vgp_openssh_ext import vgp_openssh_ext
39 from samba.gp.vgp_startup_scripts_ext import vgp_startup_scripts_ext
40 from samba.gp.vgp_motd_ext import vgp_motd_ext
41 from samba.gp.vgp_issue_ext import vgp_issue_ext
42 from samba.gp.vgp_access_ext import vgp_access_ext
43 from samba.gp.gp_gnome_settings_ext import gp_gnome_settings_ext
44 from samba.gp import gp_cert_auto_enroll_ext as cae
45 from samba.gp.gp_firefox_ext import gp_firefox_ext
46 from samba.gp.gp_chromium_ext import gp_chromium_ext
47 from samba.gp.gp_firewalld_ext import gp_firewalld_ext
48 from samba.credentials import Credentials
49 from samba.gp.gp_msgs_ext import gp_msgs_ext
50 from samba.gp.gp_centrify_sudoers_ext import gp_centrify_sudoers_ext
51 from samba.gp.gp_centrify_crontab_ext import gp_centrify_crontab_ext, \
52 gp_user_centrify_crontab_ext
53 from samba.common import get_bytes
54 from samba.dcerpc import preg
55 from samba.ndr import ndr_pack
57 from shutil import copyfile
58 import xml.etree.ElementTree as etree
60 from samba.gp_parse.gp_pol import GPPolParser
62 from configparser import ConfigParser
63 from samba.gp.gpclass import get_dc_hostname
66 from samba.auth import system_session
68 from shutil import which
70 from cryptography import x509
71 from cryptography.hazmat.primitives import hashes
72 from cryptography.hazmat.backends import default_backend
73 from cryptography.hazmat.primitives.asymmetric import rsa
74 from cryptography.hazmat.primitives.serialization import Encoding
75 from datetime import datetime, timedelta
76 from samba.samba3 import param as s3param
78 def dummy_certificate():
80 x509.NameAttribute(x509.NameOID.COMMON_NAME,
81 os.environ.get('SERVER'))
83 cons = x509.BasicConstraints(ca=True, path_length=0)
84 now = datetime.utcnow()
86 key = rsa.generate_private_key(public_exponent=65537, key_size=2048,
87 backend=default_backend())
90 x509.CertificateBuilder()
93 .public_key(key.public_key())
95 .not_valid_before(now)
96 .not_valid_after(now + timedelta(seconds=300))
97 .add_extension(cons, False)
98 .sign(key, hashes.SHA256(), default_backend())
101 return cert.public_bytes(encoding=Encoding.DER)
103 # Dummy requests structure for Certificate Auto Enrollment
104 class dummy_requests(object):
106 def get(url=None, params=None):
107 dummy = requests.Response()
108 dummy._content = dummy_certificate()
109 dummy.headers = {'Content-Type': 'application/x-x509-ca-cert'}
112 class exceptions(object):
113 ConnectionError = Exception
114 cae.requests = dummy_requests
116 realm = os.environ.get('REALM')
117 policies = realm + '/POLICIES'
118 realm = realm.lower()
119 poldir = r'\\{0}\sysvol\{0}\Policies'.format(realm)
120 # the first part of the base DN varies by testenv. Work it out from the realm
121 base_dn = 'DC={0},DC=samba,DC=example,DC=com'.format(realm.split('.')[0])
122 dspath = 'CN=Policies,CN=System,' + base_dn
123 gpt_data = '[General]\nVersion=%d'
125 gnome_test_reg_pol = \
127 <?xml version="1.0" encoding="utf-8"?>
128 <PolFile num_entries="26" signature="PReg" version="1">
129 <Entry type="4" type_name="REG_DWORD">
130 <Key>GNOME Settings\Lock Down Settings</Key>
131 <ValueName>Lock Down Enabled Extensions</ValueName>
134 <Entry type="4" type_name="REG_DWORD">
135 <Key>GNOME Settings\Lock Down Settings</Key>
136 <ValueName>Lock Down Specific Settings</ValueName>
139 <Entry type="4" type_name="REG_DWORD">
140 <Key>GNOME Settings\Lock Down Settings</Key>
141 <ValueName>Disable Printing</ValueName>
144 <Entry type="4" type_name="REG_DWORD">
145 <Key>GNOME Settings\Lock Down Settings</Key>
146 <ValueName>Disable File Saving</ValueName>
149 <Entry type="4" type_name="REG_DWORD">
150 <Key>GNOME Settings\Lock Down Settings</Key>
151 <ValueName>Disable Command-Line Access</ValueName>
154 <Entry type="4" type_name="REG_DWORD">
155 <Key>GNOME Settings\Lock Down Settings</Key>
156 <ValueName>Disallow Login Using a Fingerprint</ValueName>
159 <Entry type="4" type_name="REG_DWORD">
160 <Key>GNOME Settings\Lock Down Settings</Key>
161 <ValueName>Disable User Logout</ValueName>
164 <Entry type="4" type_name="REG_DWORD">
165 <Key>GNOME Settings\Lock Down Settings</Key>
166 <ValueName>Disable User Switching</ValueName>
169 <Entry type="4" type_name="REG_DWORD">
170 <Key>GNOME Settings\Lock Down Settings</Key>
171 <ValueName>Disable Repartitioning</ValueName>
174 <Entry type="4" type_name="REG_DWORD">
175 <Key>GNOME Settings\Lock Down Settings</Key>
176 <ValueName>Whitelisted Online Accounts</ValueName>
179 <Entry type="4" type_name="REG_DWORD">
180 <Key>GNOME Settings\Lock Down Settings</Key>
181 <ValueName>Compose Key</ValueName>
184 <Entry type="4" type_name="REG_DWORD">
185 <Key>GNOME Settings\Lock Down Settings</Key>
186 <ValueName>Dim Screen when User is Idle</ValueName>
189 <Entry type="4" type_name="REG_DWORD">
190 <Key>GNOME Settings\Lock Down Settings</Key>
191 <ValueName>Enabled Extensions</ValueName>
194 <Entry type="1" type_name="REG_SZ">
195 <Key>GNOME Settings\Lock Down Settings\Compose Key</Key>
196 <ValueName>Key Name</ValueName>
197 <Value>Right Alt</Value>
199 <Entry type="4" type_name="REG_DWORD">
200 <Key>GNOME Settings\Lock Down Settings\Dim Screen when User is Idle</Key>
201 <ValueName>Delay</ValueName>
204 <Entry type="4" type_name="REG_DWORD">
205 <Key>GNOME Settings\Lock Down Settings\Dim Screen when User is Idle</Key>
206 <ValueName>Dim Idle Brightness</ValueName>
209 <Entry type="1" type_name="REG_SZ">
210 <Key>GNOME Settings\Lock Down Settings\Enabled Extensions</Key>
211 <ValueName>**delvals.</ValueName>
214 <Entry type="1" type_name="REG_SZ">
215 <Key>GNOME Settings\Lock Down Settings\Enabled Extensions</Key>
216 <ValueName>myextension1@myname.example.com</ValueName>
217 <Value>myextension1@myname.example.com</Value>
219 <Entry type="1" type_name="REG_SZ">
220 <Key>GNOME Settings\Lock Down Settings\Enabled Extensions</Key>
221 <ValueName>myextension2@myname.example.com</ValueName>
222 <Value>myextension2@myname.example.com</Value>
224 <Entry type="1" type_name="REG_SZ">
225 <Key>GNOME Settings\Lock Down Settings\Lock Down Specific Settings</Key>
226 <ValueName>**delvals.</ValueName>
229 <Entry type="1" type_name="REG_SZ">
230 <Key>GNOME Settings\Lock Down Settings\Lock Down Specific Settings</Key>
231 <ValueName>/org/gnome/desktop/background/picture-uri</ValueName>
232 <Value>/org/gnome/desktop/background/picture-uri</Value>
234 <Entry type="1" type_name="REG_SZ">
235 <Key>GNOME Settings\Lock Down Settings\Lock Down Specific Settings</Key>
236 <ValueName>/org/gnome/desktop/background/picture-options</ValueName>
237 <Value>/org/gnome/desktop/background/picture-options</Value>
239 <Entry type="1" type_name="REG_SZ">
240 <Key>GNOME Settings\Lock Down Settings\Lock Down Specific Settings</Key>
241 <ValueName>/org/gnome/desktop/background/primary-color</ValueName>
242 <Value>/org/gnome/desktop/background/primary-color</Value>
244 <Entry type="1" type_name="REG_SZ">
245 <Key>GNOME Settings\Lock Down Settings\Lock Down Specific Settings</Key>
246 <ValueName>/org/gnome/desktop/background/secondary-color</ValueName>
247 <Value>/org/gnome/desktop/background/secondary-color</Value>
249 <Entry type="1" type_name="REG_SZ">
250 <Key>GNOME Settings\Lock Down Settings\Whitelisted Online Accounts</Key>
251 <ValueName>**delvals.</ValueName>
254 <Entry type="1" type_name="REG_SZ">
255 <Key>GNOME Settings\Lock Down Settings\Whitelisted Online Accounts</Key>
256 <ValueName>google</ValueName>
257 <Value>google</Value>
262 auto_enroll_reg_pol = \
264 <?xml version="1.0" encoding="utf-8"?>
265 <PolFile num_entries="3" signature="PReg" version="1">
266 <Entry type="4" type_name="REG_DWORD">
267 <Key>Software\Policies\Microsoft\Cryptography\AutoEnrollment</Key>
268 <ValueName>AEPolicy</ValueName>
271 <Entry type="4" type_name="REG_DWORD">
272 <Key>Software\Policies\Microsoft\Cryptography\AutoEnrollment</Key>
273 <ValueName>OfflineExpirationPercent</ValueName>
276 <Entry type="1" type_name="REG_SZ">
277 <Key>Software\Policies\Microsoft\Cryptography\AutoEnrollment</Key>
278 <ValueName>OfflineExpirationStoreNames</ValueName>
284 advanced_enroll_reg_pol = \
286 <?xml version="1.0" encoding="utf-8"?>
287 <PolFile num_entries="30" signature="PReg" version="1">
288 <Entry type="1" type_name="REG_SZ">
289 <Key>Software\Policies\Microsoft\Cryptography</Key>
290 <ValueName>**DeleteKeys</ValueName>
291 <Value>Software\Policies\Microsoft\Cryptography\PolicyServers</Value>
293 <Entry type="4" type_name="REG_DWORD">
294 <Key>Software\Policies\Microsoft\Cryptography\AutoEnrollment</Key>
295 <ValueName>AEPolicy</ValueName>
298 <Entry type="4" type_name="REG_DWORD">
299 <Key>Software\Policies\Microsoft\Cryptography\AutoEnrollment</Key>
300 <ValueName>OfflineExpirationPercent</ValueName>
303 <Entry type="1" type_name="REG_SZ">
304 <Key>Software\Policies\Microsoft\Cryptography\AutoEnrollment</Key>
305 <ValueName>OfflineExpirationStoreNames</ValueName>
308 <Entry type="1" type_name="REG_SZ">
309 <Key>Software\Policies\Microsoft\Cryptography\PolicyServers</Key>
311 <Value>{5AD0BE6D-3393-4940-BFC3-6E19555A8919}</Value>
313 <Entry type="4" type_name="REG_DWORD">
314 <Key>Software\Policies\Microsoft\Cryptography\PolicyServers</Key>
315 <ValueName>Flags</ValueName>
318 <Entry type="1" type_name="REG_SZ">
319 <Key>Software\Policies\Microsoft\Cryptography\PolicyServers\\37c9dc30f207f27f61a2f7c3aed598a6e2920b54</Key>
320 <ValueName>URL</ValueName>
323 <Entry type="1" type_name="REG_SZ">
324 <Key>Software\Policies\Microsoft\Cryptography\PolicyServers\\37c9dc30f207f27f61a2f7c3aed598a6e2920b54</Key>
325 <ValueName>PolicyID</ValueName>
328 <Entry type="1" type_name="REG_SZ">
329 <Key>Software\Policies\Microsoft\Cryptography\PolicyServers\\37c9dc30f207f27f61a2f7c3aed598a6e2920b54</Key>
330 <ValueName>FriendlyName</ValueName>
331 <Value>Example</Value>
333 <Entry type="4" type_name="REG_DWORD">
334 <Key>Software\Policies\Microsoft\Cryptography\PolicyServers\\37c9dc30f207f27f61a2f7c3aed598a6e2920b54</Key>
335 <ValueName>Flags</ValueName>
338 <Entry type="4" type_name="REG_DWORD">
339 <Key>Software\Policies\Microsoft\Cryptography\PolicyServers\\37c9dc30f207f27f61a2f7c3aed598a6e2920b54</Key>
340 <ValueName>AuthFlags</ValueName>
343 <Entry type="4" type_name="REG_DWORD">
344 <Key>Software\Policies\Microsoft\Cryptography\PolicyServers\\37c9dc30f207f27f61a2f7c3aed598a6e2920b54</Key>
345 <ValueName>Cost</ValueName>
346 <Value>2147483645</Value>
348 <Entry type="1" type_name="REG_SZ">
349 <Key>Software\Policies\Microsoft\Cryptography\PolicyServers\\144bdbb8e4717c26e408f3c9a0cb8d6cfacbcbbe</Key>
350 <ValueName>URL</ValueName>
351 <Value>https://example2.com/ADPolicyProvider_CEP_Certificate/service.svc/CEP</Value>
353 <Entry type="1" type_name="REG_SZ">
354 <Key>Software\Policies\Microsoft\Cryptography\PolicyServers\\144bdbb8e4717c26e408f3c9a0cb8d6cfacbcbbe</Key>
355 <ValueName>PolicyID</ValueName>
358 <Entry type="1" type_name="REG_SZ">
359 <Key>Software\Policies\Microsoft\Cryptography\PolicyServers\\144bdbb8e4717c26e408f3c9a0cb8d6cfacbcbbe</Key>
360 <ValueName>FriendlyName</ValueName>
361 <Value>Example2</Value>
363 <Entry type="4" type_name="REG_DWORD">
364 <Key>Software\Policies\Microsoft\Cryptography\PolicyServers\\144bdbb8e4717c26e408f3c9a0cb8d6cfacbcbbe</Key>
365 <ValueName>Flags</ValueName>
368 <Entry type="4" type_name="REG_DWORD">
369 <Key>Software\Policies\Microsoft\Cryptography\PolicyServers\\144bdbb8e4717c26e408f3c9a0cb8d6cfacbcbbe</Key>
370 <ValueName>AuthFlags</ValueName>
373 <Entry type="4" type_name="REG_DWORD">
374 <Key>Software\Policies\Microsoft\Cryptography\PolicyServers\\144bdbb8e4717c26e408f3c9a0cb8d6cfacbcbbe</Key>
375 <ValueName>Cost</ValueName>
378 <Entry type="1" type_name="REG_SZ">
379 <Key>Software\Policies\Microsoft\Cryptography\PolicyServers\\20d46e856e9b9746c0b1265c328f126a7b3283a9</Key>
380 <ValueName>URL</ValueName>
381 <Value>https://example0.com/ADPolicyProvider_CEP_Kerberos/service.svc/CEP</Value>
383 <Entry type="1" type_name="REG_SZ">
384 <Key>Software\Policies\Microsoft\Cryptography\PolicyServers\\20d46e856e9b9746c0b1265c328f126a7b3283a9</Key>
385 <ValueName>PolicyID</ValueName>
388 <Entry type="1" type_name="REG_SZ">
389 <Key>Software\Policies\Microsoft\Cryptography\PolicyServers\\20d46e856e9b9746c0b1265c328f126a7b3283a9</Key>
390 <ValueName>FriendlyName</ValueName>
391 <Value>Example0</Value>
393 <Entry type="4" type_name="REG_DWORD">
394 <Key>Software\Policies\Microsoft\Cryptography\PolicyServers\\20d46e856e9b9746c0b1265c328f126a7b3283a9</Key>
395 <ValueName>Flags</ValueName>
398 <Entry type="4" type_name="REG_DWORD">
399 <Key>Software\Policies\Microsoft\Cryptography\PolicyServers\\20d46e856e9b9746c0b1265c328f126a7b3283a9</Key>
400 <ValueName>AuthFlags</ValueName>
403 <Entry type="4" type_name="REG_DWORD">
404 <Key>Software\Policies\Microsoft\Cryptography\PolicyServers\\20d46e856e9b9746c0b1265c328f126a7b3283a9</Key>
405 <ValueName>Cost</ValueName>
408 <Entry type="1" type_name="REG_SZ">
409 <Key>Software\Policies\Microsoft\Cryptography\PolicyServers\\855b5246433a48402ac4f5c3427566df26ccc9ac</Key>
410 <ValueName>URL</ValueName>
411 <Value>https://example1.com/ADPolicyProvider_CEP_Kerberos/service.svc/CEP</Value>
413 <Entry type="1" type_name="REG_SZ">
414 <Key>Software\Policies\Microsoft\Cryptography\PolicyServers\\855b5246433a48402ac4f5c3427566df26ccc9ac</Key>
415 <ValueName>PolicyID</ValueName>
418 <Entry type="1" type_name="REG_SZ">
419 <Key>Software\Policies\Microsoft\Cryptography\PolicyServers\\855b5246433a48402ac4f5c3427566df26ccc9ac</Key>
420 <ValueName>FriendlyName</ValueName>
421 <Value>Example1</Value>
423 <Entry type="4" type_name="REG_DWORD">
424 <Key>Software\Policies\Microsoft\Cryptography\PolicyServers\\855b5246433a48402ac4f5c3427566df26ccc9ac</Key>
425 <ValueName>Flags</ValueName>
428 <Entry type="4" type_name="REG_DWORD">
429 <Key>Software\Policies\Microsoft\Cryptography\PolicyServers\\855b5246433a48402ac4f5c3427566df26ccc9ac</Key>
430 <ValueName>AuthFlags</ValueName>
433 <Entry type="4" type_name="REG_DWORD">
434 <Key>Software\Policies\Microsoft\Cryptography\PolicyServers\\855b5246433a48402ac4f5c3427566df26ccc9ac</Key>
435 <ValueName>Cost</ValueName>
443 <?xml version="1.0" encoding="utf-8"?>
444 <PolFile num_entries="241" signature="PReg" version="1">
445 <Entry type="7" type_name="REG_MULTI_SZ">
446 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
447 <ValueName>ExtensionSettings</ValueName>
448 <Value>{ "*": { "blocked_install_message": "Custom error message.", "install_sources": ["about:addons","https://addons.mozilla.org/"], "installation_mode": "blocked", "allowed_types": ["extension"] }, "uBlock0@raymondhill.net": { "installation_mode": "force_installed", "install_url": "https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi" }, "https-everywhere@eff.org": { "installation_mode": "allowed" } }</Value>
450 <Entry type="4" type_name="REG_DWORD">
451 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
452 <ValueName>ExtensionUpdate</ValueName>
455 <Entry type="4" type_name="REG_DWORD">
456 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
457 <ValueName>SearchSuggestEnabled</ValueName>
460 <Entry type="4" type_name="REG_DWORD">
461 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
462 <ValueName>AppAutoUpdate</ValueName>
465 <Entry type="1" type_name="REG_SZ">
466 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
467 <ValueName>AppUpdateURL</ValueName>
468 <Value>https://yoursite.com</Value>
470 <Entry type="4" type_name="REG_DWORD">
471 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
472 <ValueName>BlockAboutAddons</ValueName>
475 <Entry type="4" type_name="REG_DWORD">
476 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
477 <ValueName>BlockAboutConfig</ValueName>
480 <Entry type="4" type_name="REG_DWORD">
481 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
482 <ValueName>BlockAboutProfiles</ValueName>
485 <Entry type="4" type_name="REG_DWORD">
486 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
487 <ValueName>BlockAboutSupport</ValueName>
490 <Entry type="4" type_name="REG_DWORD">
491 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
492 <ValueName>CaptivePortal</ValueName>
495 <Entry type="2" type_name="REG_EXPAND_SZ">
496 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
497 <ValueName>DefaultDownloadDirectory</ValueName>
498 <Value>${home}/Downloads</Value>
500 <Entry type="4" type_name="REG_DWORD">
501 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
502 <ValueName>DisableAppUpdate</ValueName>
505 <Entry type="4" type_name="REG_DWORD">
506 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
507 <ValueName>DisableBuiltinPDFViewer</ValueName>
510 <Entry type="4" type_name="REG_DWORD">
511 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
512 <ValueName>DisableDefaultBrowserAgent</ValueName>
515 <Entry type="4" type_name="REG_DWORD">
516 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
517 <ValueName>DisableDeveloperTools</ValueName>
520 <Entry type="4" type_name="REG_DWORD">
521 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
522 <ValueName>DisableFeedbackCommands</ValueName>
525 <Entry type="4" type_name="REG_DWORD">
526 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
527 <ValueName>DisableFirefoxAccounts</ValueName>
530 <Entry type="4" type_name="REG_DWORD">
531 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
532 <ValueName>DisableFirefoxScreenshots</ValueName>
535 <Entry type="4" type_name="REG_DWORD">
536 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
537 <ValueName>DisableFirefoxStudies</ValueName>
540 <Entry type="4" type_name="REG_DWORD">
541 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
542 <ValueName>DisableForgetButton</ValueName>
545 <Entry type="4" type_name="REG_DWORD">
546 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
547 <ValueName>DisableFormHistory</ValueName>
550 <Entry type="4" type_name="REG_DWORD">
551 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
552 <ValueName>DisableMasterPasswordCreation</ValueName>
555 <Entry type="4" type_name="REG_DWORD">
556 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
557 <ValueName>DisablePasswordReveal</ValueName>
560 <Entry type="4" type_name="REG_DWORD">
561 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
562 <ValueName>DisablePocket</ValueName>
565 <Entry type="4" type_name="REG_DWORD">
566 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
567 <ValueName>DisablePrivateBrowsing</ValueName>
570 <Entry type="4" type_name="REG_DWORD">
571 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
572 <ValueName>DisableProfileImport</ValueName>
575 <Entry type="4" type_name="REG_DWORD">
576 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
577 <ValueName>DisableProfileRefresh</ValueName>
580 <Entry type="4" type_name="REG_DWORD">
581 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
582 <ValueName>DisableSafeMode</ValueName>
585 <Entry type="4" type_name="REG_DWORD">
586 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
587 <ValueName>DisableSetDesktopBackground</ValueName>
590 <Entry type="4" type_name="REG_DWORD">
591 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
592 <ValueName>DisableSystemAddonUpdate</ValueName>
595 <Entry type="4" type_name="REG_DWORD">
596 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
597 <ValueName>DisableTelemetry</ValueName>
600 <Entry type="4" type_name="REG_DWORD">
601 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
602 <ValueName>DisplayBookmarksToolbar</ValueName>
605 <Entry type="1" type_name="REG_SZ">
606 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
607 <ValueName>DisplayMenuBar</ValueName>
608 <Value>default-on</Value>
610 <Entry type="4" type_name="REG_DWORD">
611 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
612 <ValueName>DontCheckDefaultBrowser</ValueName>
615 <Entry type="2" type_name="REG_EXPAND_SZ">
616 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
617 <ValueName>DownloadDirectory</ValueName>
618 <Value>${home}/Downloads</Value>
620 <Entry type="7" type_name="REG_MULTI_SZ">
621 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
622 <ValueName>Handlers</ValueName>
623 <Value>{ "mimeTypes": { "application/msword": { "action": "useSystemDefault", "ask": true } }, "schemes": { "mailto": { "action": "useHelperApp", "ask": true, "handlers": [{ "name": "Gmail", "uriTemplate": "https://mail.google.com/mail/?extsrc=mailto&url=%s" }] } }, "extensions": { "pdf": { "action": "useHelperApp", "ask": true, "handlers": [{ "name": "Adobe Acrobat", "path": "/usr/bin/acroread" }] } } }</Value>
625 <Entry type="4" type_name="REG_DWORD">
626 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
627 <ValueName>HardwareAcceleration</ValueName>
630 <Entry type="7" type_name="REG_MULTI_SZ">
631 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
632 <ValueName>ManagedBookmarks</ValueName>
633 <Value>[ { "toplevel_name": "My managed bookmarks folder" }, { "url": "example.com", "name": "Example" }, { "name": "Mozilla links", "children": [ { "url": "https://mozilla.org", "name": "Mozilla.org" }, { "url": "https://support.mozilla.org/", "name": "SUMO" } ] } ]</Value>
635 <Entry type="4" type_name="REG_DWORD">
636 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
637 <ValueName>NetworkPrediction</ValueName>
640 <Entry type="4" type_name="REG_DWORD">
641 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
642 <ValueName>NewTabPage</ValueName>
645 <Entry type="4" type_name="REG_DWORD">
646 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
647 <ValueName>NoDefaultBookmarks</ValueName>
650 <Entry type="4" type_name="REG_DWORD">
651 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
652 <ValueName>OfferToSaveLogins</ValueName>
655 <Entry type="4" type_name="REG_DWORD">
656 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
657 <ValueName>OfferToSaveLoginsDefault</ValueName>
660 <Entry type="1" type_name="REG_SZ">
661 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
662 <ValueName>OverrideFirstRunPage</ValueName>
663 <Value>http://example.org</Value>
665 <Entry type="1" type_name="REG_SZ">
666 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
667 <ValueName>OverridePostUpdatePage</ValueName>
668 <Value>http://example.org</Value>
670 <Entry type="4" type_name="REG_DWORD">
671 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
672 <ValueName>PasswordManagerEnabled</ValueName>
675 <Entry type="7" type_name="REG_MULTI_SZ">
676 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
677 <ValueName>Preferences</ValueName>
678 <Value>{ "accessibility.force_disabled": { "Value": 1, "Status": "default" }, "browser.cache.disk.parent_directory": { "Value": "SOME_NATIVE_PATH", "Status": "user" }, "browser.tabs.warnOnClose": { "Value": false, "Status": "locked" } }</Value>
680 <Entry type="4" type_name="REG_DWORD">
681 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
682 <ValueName>PrimaryPassword</ValueName>
685 <Entry type="4" type_name="REG_DWORD">
686 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
687 <ValueName>PromptForDownloadLocation</ValueName>
690 <Entry type="1" type_name="REG_SZ">
691 <Key>Software\\Policies\\Mozilla\\Firefox\\RequestedLocales</Key>
692 <ValueName>**delvals.</ValueName>
695 <Entry type="1" type_name="REG_SZ">
696 <Key>Software\\Policies\\Mozilla\\Firefox\\RequestedLocales</Key>
697 <ValueName>1</ValueName>
700 <Entry type="1" type_name="REG_SZ">
701 <Key>Software\\Policies\\Mozilla\\Firefox\\RequestedLocales</Key>
702 <ValueName>2</ValueName>
705 <Entry type="1" type_name="REG_SZ">
706 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
707 <ValueName>SSLVersionMax</ValueName>
708 <Value>tls1.3</Value>
710 <Entry type="1" type_name="REG_SZ">
711 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
712 <ValueName>SSLVersionMin</ValueName>
713 <Value>tls1.3</Value>
715 <Entry type="1" type_name="REG_SZ">
716 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
717 <ValueName>SearchBar</ValueName>
718 <Value>unified</Value>
720 <Entry type="4" type_name="REG_DWORD">
721 <Key>Software\\Policies\\Mozilla\\Firefox\\Authentication</Key>
722 <ValueName>Locked</ValueName>
725 <Entry type="4" type_name="REG_DWORD">
726 <Key>Software\\Policies\\Mozilla\\Firefox\\Authentication</Key>
727 <ValueName>PrivateBrowsing</ValueName>
730 <Entry type="4" type_name="REG_DWORD">
731 <Key>Software\\Policies\\Mozilla\\Firefox\\Authentication\\AllowNonFQDN</Key>
732 <ValueName>NTLM</ValueName>
735 <Entry type="4" type_name="REG_DWORD">
736 <Key>Software\\Policies\\Mozilla\\Firefox\\Authentication\\AllowNonFQDN</Key>
737 <ValueName>SPNEGO</ValueName>
740 <Entry type="4" type_name="REG_DWORD">
741 <Key>Software\\Policies\\Mozilla\\Firefox\\Authentication\\AllowProxies</Key>
742 <ValueName>NTLM</ValueName>
745 <Entry type="4" type_name="REG_DWORD">
746 <Key>Software\\Policies\\Mozilla\\Firefox\\Authentication\\AllowProxies</Key>
747 <ValueName>SPNEGO</ValueName>
750 <Entry type="1" type_name="REG_SZ">
751 <Key>Software\\Policies\\Mozilla\\Firefox\\Authentication\\Delegated</Key>
752 <ValueName>**delvals.</ValueName>
755 <Entry type="1" type_name="REG_SZ">
756 <Key>Software\\Policies\\Mozilla\\Firefox\\Authentication\\Delegated</Key>
757 <ValueName>1</ValueName>
758 <Value>mydomain.com</Value>
760 <Entry type="1" type_name="REG_SZ">
761 <Key>Software\\Policies\\Mozilla\\Firefox\\Authentication\\Delegated</Key>
762 <ValueName>1</ValueName>
763 <Value>https://myotherdomain.com</Value>
765 <Entry type="1" type_name="REG_SZ">
766 <Key>Software\\Policies\\Mozilla\\Firefox\\Authentication\\NTLM</Key>
767 <ValueName>**delvals.</ValueName>
770 <Entry type="1" type_name="REG_SZ">
771 <Key>Software\\Policies\\Mozilla\\Firefox\\Authentication\\NTLM</Key>
772 <ValueName>1</ValueName>
773 <Value>mydomain.com</Value>
775 <Entry type="1" type_name="REG_SZ">
776 <Key>Software\\Policies\\Mozilla\\Firefox\\Authentication\\NTLM</Key>
777 <ValueName>1</ValueName>
778 <Value>https://myotherdomain.com</Value>
780 <Entry type="1" type_name="REG_SZ">
781 <Key>Software\\Policies\\Mozilla\\Firefox\\Authentication\\SPNEGO</Key>
782 <ValueName>**delvals.</ValueName>
785 <Entry type="1" type_name="REG_SZ">
786 <Key>Software\\Policies\\Mozilla\\Firefox\\Authentication\\SPNEGO</Key>
787 <ValueName>1</ValueName>
788 <Value>mydomain.com</Value>
790 <Entry type="1" type_name="REG_SZ">
791 <Key>Software\\Policies\\Mozilla\\Firefox\\Authentication\\SPNEGO</Key>
792 <ValueName>1</ValueName>
793 <Value>https://myotherdomain.com</Value>
795 <Entry type="1" type_name="REG_SZ">
796 <Key>Software\\Policies\\Mozilla\\Firefox\\Bookmarks\\1</Key>
797 <ValueName>Title</ValueName>
798 <Value>Example</Value>
800 <Entry type="1" type_name="REG_SZ">
801 <Key>Software\\Policies\\Mozilla\\Firefox\\Bookmarks\\1</Key>
802 <ValueName>URL</ValueName>
803 <Value>https://example.com</Value>
805 <Entry type="1" type_name="REG_SZ">
806 <Key>Software\\Policies\\Mozilla\\Firefox\\Bookmarks\\1</Key>
807 <ValueName>Favicon</ValueName>
808 <Value>https://example.com/favicon.ico</Value>
810 <Entry type="1" type_name="REG_SZ">
811 <Key>Software\\Policies\\Mozilla\\Firefox\\Bookmarks\\1</Key>
812 <ValueName>Placement</ValueName>
815 <Entry type="1" type_name="REG_SZ">
816 <Key>Software\\Policies\\Mozilla\\Firefox\\Bookmarks\\1</Key>
817 <ValueName>Folder</ValueName>
818 <Value>FolderName</Value>
820 <Entry type="1" type_name="REG_SZ">
821 <Key>Software\\Policies\\Mozilla\\Firefox\\Bookmarks\\10</Key>
822 <ValueName>Title</ValueName>
825 <Entry type="1" type_name="REG_SZ">
826 <Key>Software\\Policies\\Mozilla\\Firefox\\Bookmarks\\10</Key>
827 <ValueName>URL</ValueName>
828 <Value>www.samba.org</Value>
830 <Entry type="1" type_name="REG_SZ">
831 <Key>Software\\Policies\\Mozilla\\Firefox\\Bookmarks\\10</Key>
832 <ValueName>Favicon</ValueName>
835 <Entry type="1" type_name="REG_SZ">
836 <Key>Software\\Policies\\Mozilla\\Firefox\\Bookmarks\\10</Key>
837 <ValueName>Placement</ValueName>
838 <Value>toolbar</Value>
840 <Entry type="1" type_name="REG_SZ">
841 <Key>Software\\Policies\\Mozilla\\Firefox\\Bookmarks\\10</Key>
842 <ValueName>Folder</ValueName>
845 <Entry type="1" type_name="REG_SZ">
846 <Key>Software\\Policies\\Mozilla\\Firefox\\Cookies</Key>
847 <ValueName>AcceptThirdParty</ValueName>
850 <Entry type="4" type_name="REG_DWORD">
851 <Key>Software\\Policies\\Mozilla\\Firefox\\Cookies</Key>
852 <ValueName>Default</ValueName>
855 <Entry type="4" type_name="REG_DWORD">
856 <Key>Software\\Policies\\Mozilla\\Firefox\\Cookies</Key>
857 <ValueName>ExpireAtSessionEnd</ValueName>
860 <Entry type="4" type_name="REG_DWORD">
861 <Key>Software\\Policies\\Mozilla\\Firefox\\Cookies</Key>
862 <ValueName>Locked</ValueName>
865 <Entry type="4" type_name="REG_DWORD">
866 <Key>Software\\Policies\\Mozilla\\Firefox\\Cookies</Key>
867 <ValueName>RejectTracker</ValueName>
870 <Entry type="1" type_name="REG_SZ">
871 <Key>Software\\Policies\\Mozilla\\Firefox\\Cookies\\Allow</Key>
872 <ValueName>**delvals.</ValueName>
875 <Entry type="1" type_name="REG_SZ">
876 <Key>Software\\Policies\\Mozilla\\Firefox\\Cookies\\Allow</Key>
877 <ValueName>1</ValueName>
878 <Value>http://example.org/</Value>
880 <Entry type="1" type_name="REG_SZ">
881 <Key>Software\\Policies\\Mozilla\\Firefox\\Cookies\\AllowSession</Key>
882 <ValueName>**delvals.</ValueName>
885 <Entry type="1" type_name="REG_SZ">
886 <Key>Software\\Policies\\Mozilla\\Firefox\\Cookies\\AllowSession</Key>
887 <ValueName>1</ValueName>
888 <Value>http://example.edu/</Value>
890 <Entry type="1" type_name="REG_SZ">
891 <Key>Software\\Policies\\Mozilla\\Firefox\\Cookies\\Block</Key>
892 <ValueName>**delvals.</ValueName>
895 <Entry type="1" type_name="REG_SZ">
896 <Key>Software\\Policies\\Mozilla\\Firefox\\Cookies\\Block</Key>
897 <ValueName>1</ValueName>
898 <Value>http://example.edu/</Value>
900 <Entry type="4" type_name="REG_DWORD">
901 <Key>Software\\Policies\\Mozilla\\Firefox\\DisabledCiphers</Key>
902 <ValueName>TLS_DHE_RSA_WITH_AES_128_CBC_SHA</ValueName>
905 <Entry type="4" type_name="REG_DWORD">
906 <Key>Software\\Policies\\Mozilla\\Firefox\\DisabledCiphers</Key>
907 <ValueName>TLS_DHE_RSA_WITH_AES_256_CBC_SHA</ValueName>
910 <Entry type="4" type_name="REG_DWORD">
911 <Key>Software\\Policies\\Mozilla\\Firefox\\DisabledCiphers</Key>
912 <ValueName>TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256</ValueName>
915 <Entry type="4" type_name="REG_DWORD">
916 <Key>Software\\Policies\\Mozilla\\Firefox\\DisabledCiphers</Key>
917 <ValueName>TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA</ValueName>
920 <Entry type="4" type_name="REG_DWORD">
921 <Key>Software\\Policies\\Mozilla\\Firefox\\DisabledCiphers</Key>
922 <ValueName>TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256</ValueName>
925 <Entry type="4" type_name="REG_DWORD">
926 <Key>Software\\Policies\\Mozilla\\Firefox\\DisabledCiphers</Key>
927 <ValueName>TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA</ValueName>
930 <Entry type="4" type_name="REG_DWORD">
931 <Key>Software\\Policies\\Mozilla\\Firefox\\DisabledCiphers</Key>
932 <ValueName>TLS_RSA_WITH_3DES_EDE_CBC_SHA</ValueName>
935 <Entry type="4" type_name="REG_DWORD">
936 <Key>Software\\Policies\\Mozilla\\Firefox\\DisabledCiphers</Key>
937 <ValueName>TLS_RSA_WITH_AES_128_CBC_SHA</ValueName>
940 <Entry type="4" type_name="REG_DWORD">
941 <Key>Software\\Policies\\Mozilla\\Firefox\\DisabledCiphers</Key>
942 <ValueName>TLS_RSA_WITH_AES_128_GCM_SHA256</ValueName>
945 <Entry type="4" type_name="REG_DWORD">
946 <Key>Software\\Policies\\Mozilla\\Firefox\\DisabledCiphers</Key>
947 <ValueName>TLS_RSA_WITH_AES_256_CBC_SHA</ValueName>
950 <Entry type="4" type_name="REG_DWORD">
951 <Key>Software\\Policies\\Mozilla\\Firefox\\DisabledCiphers</Key>
952 <ValueName>TLS_RSA_WITH_AES_256_GCM_SHA384</ValueName>
955 <Entry type="4" type_name="REG_DWORD">
956 <Key>Software\\Policies\\Mozilla\\Firefox\\DisableSecurityBypass</Key>
957 <ValueName>InvalidCertificate</ValueName>
960 <Entry type="4" type_name="REG_DWORD">
961 <Key>Software\\Policies\\Mozilla\\Firefox\\DisableSecurityBypass</Key>
962 <ValueName>SafeBrowsing</ValueName>
965 <Entry type="4" type_name="REG_DWORD">
966 <Key>Software\\Policies\\Mozilla\\Firefox\\DNSOverHTTPS</Key>
967 <ValueName>Enabled</ValueName>
970 <Entry type="4" type_name="REG_DWORD">
971 <Key>Software\\Policies\\Mozilla\\Firefox\\DNSOverHTTPS</Key>
972 <ValueName>Locked</ValueName>
975 <Entry type="1" type_name="REG_SZ">
976 <Key>Software\\Policies\\Mozilla\\Firefox\\DNSOverHTTPS</Key>
977 <ValueName>ProviderURL</ValueName>
978 <Value>URL_TO_ALTERNATE_PROVIDER</Value>
980 <Entry type="1" type_name="REG_SZ">
981 <Key>Software\\Policies\\Mozilla\\Firefox\\DNSOverHTTPS\\ExcludedDomains</Key>
982 <ValueName>**delvals.</ValueName>
985 <Entry type="1" type_name="REG_SZ">
986 <Key>Software\\Policies\\Mozilla\\Firefox\\DNSOverHTTPS\\ExcludedDomains</Key>
987 <ValueName>1</ValueName>
988 <Value>example.com</Value>
990 <Entry type="4" type_name="REG_DWORD">
991 <Key>Software\\Policies\\Mozilla\\Firefox\\EnableTrackingProtection</Key>
992 <ValueName>Value</ValueName>
995 <Entry type="4" type_name="REG_DWORD">
996 <Key>Software\\Policies\\Mozilla\\Firefox\\EnableTrackingProtection</Key>
997 <ValueName>Cryptomining</ValueName>
1000 <Entry type="4" type_name="REG_DWORD">
1001 <Key>Software\\Policies\\Mozilla\\Firefox\\EnableTrackingProtection</Key>
1002 <ValueName>Fingerprinting</ValueName>
1005 <Entry type="4" type_name="REG_DWORD">
1006 <Key>Software\\Policies\\Mozilla\\Firefox\\EnableTrackingProtection</Key>
1007 <ValueName>Locked</ValueName>
1010 <Entry type="1" type_name="REG_SZ">
1011 <Key>Software\\Policies\\Mozilla\\Firefox\\EnableTrackingProtection\\Exceptions</Key>
1012 <ValueName>**delvals.</ValueName>
1015 <Entry type="1" type_name="REG_SZ">
1016 <Key>Software\\Policies\\Mozilla\\Firefox\\EnableTrackingProtection\\Exceptions</Key>
1017 <ValueName>1</ValueName>
1018 <Value>https://example.com</Value>
1020 <Entry type="4" type_name="REG_DWORD">
1021 <Key>Software\\Policies\\Mozilla\\Firefox\\EncryptedMediaExtensions</Key>
1022 <ValueName>Enabled</ValueName>
1025 <Entry type="4" type_name="REG_DWORD">
1026 <Key>Software\\Policies\\Mozilla\\Firefox\\EncryptedMediaExtensions</Key>
1027 <ValueName>Locked</ValueName>
1030 <Entry type="1" type_name="REG_SZ">
1031 <Key>Software\\Policies\\Mozilla\\Firefox\\Extensions\\Install</Key>
1032 <ValueName>**delvals.</ValueName>
1035 <Entry type="2" type_name="REG_EXPAND_SZ">
1036 <Key>Software\\Policies\\Mozilla\\Firefox\\Extensions\\Install</Key>
1037 <ValueName>1</ValueName>
1038 <Value>https://addons.mozilla.org/firefox/downloads/somefile.xpi</Value>
1040 <Entry type="2" type_name="REG_EXPAND_SZ">
1041 <Key>Software\\Policies\\Mozilla\\Firefox\\Extensions\\Install</Key>
1042 <ValueName>2</ValueName>
1043 <Value>//path/to/xpi</Value>
1045 <Entry type="1" type_name="REG_SZ">
1046 <Key>Software\\Policies\\Mozilla\\Firefox\\Extensions\\Locked</Key>
1047 <ValueName>**delvals.</ValueName>
1050 <Entry type="1" type_name="REG_SZ">
1051 <Key>Software\\Policies\\Mozilla\\Firefox\\Extensions\\Locked</Key>
1052 <ValueName>1</ValueName>
1053 <Value>addon_id@mozilla.org</Value>
1055 <Entry type="1" type_name="REG_SZ">
1056 <Key>Software\\Policies\\Mozilla\\Firefox\\Extensions\\Uninstall</Key>
1057 <ValueName>**delvals.</ValueName>
1060 <Entry type="1" type_name="REG_SZ">
1061 <Key>Software\\Policies\\Mozilla\\Firefox\\Extensions\\Uninstall</Key>
1062 <ValueName>1</ValueName>
1063 <Value>bad_addon_id@mozilla.org</Value>
1065 <Entry type="4" type_name="REG_DWORD">
1066 <Key>Software\\Policies\\Mozilla\\Firefox\\FirefoxHome</Key>
1067 <ValueName>Search</ValueName>
1070 <Entry type="4" type_name="REG_DWORD">
1071 <Key>Software\\Policies\\Mozilla\\Firefox\\FirefoxHome</Key>
1072 <ValueName>TopSites</ValueName>
1075 <Entry type="4" type_name="REG_DWORD">
1076 <Key>Software\\Policies\\Mozilla\\Firefox\\FirefoxHome</Key>
1077 <ValueName>Highlights</ValueName>
1080 <Entry type="4" type_name="REG_DWORD">
1081 <Key>Software\\Policies\\Mozilla\\Firefox\\FirefoxHome</Key>
1082 <ValueName>Pocket</ValueName>
1085 <Entry type="4" type_name="REG_DWORD">
1086 <Key>Software\\Policies\\Mozilla\\Firefox\\FirefoxHome</Key>
1087 <ValueName>Snippets</ValueName>
1090 <Entry type="4" type_name="REG_DWORD">
1091 <Key>Software\\Policies\\Mozilla\\Firefox\\FirefoxHome</Key>
1092 <ValueName>Locked</ValueName>
1095 <Entry type="4" type_name="REG_DWORD">
1096 <Key>Software\\Policies\\Mozilla\\Firefox\\FlashPlugin</Key>
1097 <ValueName>Default</ValueName>
1100 <Entry type="4" type_name="REG_DWORD">
1101 <Key>Software\\Policies\\Mozilla\\Firefox\\FlashPlugin</Key>
1102 <ValueName>Locked</ValueName>
1105 <Entry type="1" type_name="REG_SZ">
1106 <Key>Software\\Policies\\Mozilla\\Firefox\\FlashPlugin\\Allow</Key>
1107 <ValueName>**delvals.</ValueName>
1110 <Entry type="1" type_name="REG_SZ">
1111 <Key>Software\\Policies\\Mozilla\\Firefox\\FlashPlugin\\Allow</Key>
1112 <ValueName>1</ValueName>
1113 <Value>http://example.org/</Value>
1115 <Entry type="1" type_name="REG_SZ">
1116 <Key>Software\\Policies\\Mozilla\\Firefox\\FlashPlugin\\Block</Key>
1117 <ValueName>**delvals.</ValueName>
1120 <Entry type="1" type_name="REG_SZ">
1121 <Key>Software\\Policies\\Mozilla\\Firefox\\FlashPlugin\\Block</Key>
1122 <ValueName>1</ValueName>
1123 <Value>http://example.edu/</Value>
1125 <Entry type="1" type_name="REG_SZ">
1126 <Key>Software\\Policies\\Mozilla\\Firefox\\Homepage</Key>
1127 <ValueName>StartPage</ValueName>
1128 <Value>homepage</Value>
1130 <Entry type="1" type_name="REG_SZ">
1131 <Key>Software\\Policies\\Mozilla\\Firefox\\Homepage</Key>
1132 <ValueName>URL</ValueName>
1133 <Value>http://example.com/</Value>
1135 <Entry type="4" type_name="REG_DWORD">
1136 <Key>Software\\Policies\\Mozilla\\Firefox\\Homepage</Key>
1137 <ValueName>Locked</ValueName>
1140 <Entry type="1" type_name="REG_SZ">
1141 <Key>Software\\Policies\\Mozilla\\Firefox\\Homepage\\Additional</Key>
1142 <ValueName>**delvals.</ValueName>
1145 <Entry type="1" type_name="REG_SZ">
1146 <Key>Software\\Policies\\Mozilla\\Firefox\\Homepage\\Additional</Key>
1147 <ValueName>1</ValueName>
1148 <Value>http://example.org/</Value>
1150 <Entry type="1" type_name="REG_SZ">
1151 <Key>Software\\Policies\\Mozilla\\Firefox\\Homepage\\Additional</Key>
1152 <ValueName>2</ValueName>
1153 <Value>http://example.edu/</Value>
1155 <Entry type="4" type_name="REG_DWORD">
1156 <Key>Software\\Policies\\Mozilla\\Firefox\\InstallAddonsPermission</Key>
1157 <ValueName>Default</ValueName>
1160 <Entry type="1" type_name="REG_SZ">
1161 <Key>Software\\Policies\\Mozilla\\Firefox\\InstallAddonsPermission\\Allow</Key>
1162 <ValueName>**delvals.</ValueName>
1165 <Entry type="1" type_name="REG_SZ">
1166 <Key>Software\\Policies\\Mozilla\\Firefox\\InstallAddonsPermission\\Allow</Key>
1167 <ValueName>1</ValueName>
1168 <Value>http://example.org/</Value>
1170 <Entry type="1" type_name="REG_SZ">
1171 <Key>Software\\Policies\\Mozilla\\Firefox\\InstallAddonsPermission\\Allow</Key>
1172 <ValueName>2</ValueName>
1173 <Value>http://example.edu/</Value>
1175 <Entry type="1" type_name="REG_SZ">
1176 <Key>Software\\Policies\\Mozilla\\Firefox\\LocalFileLinks</Key>
1177 <ValueName>**delvals.</ValueName>
1180 <Entry type="1" type_name="REG_SZ">
1181 <Key>Software\\Policies\\Mozilla\\Firefox\\LocalFileLinks</Key>
1182 <ValueName>1</ValueName>
1183 <Value>http://example.org/</Value>
1185 <Entry type="1" type_name="REG_SZ">
1186 <Key>Software\\Policies\\Mozilla\\Firefox\\LocalFileLinks</Key>
1187 <ValueName>2</ValueName>
1188 <Value>http://example.edu/</Value>
1190 <Entry type="4" type_name="REG_DWORD">
1191 <Key>Software\\Policies\\Mozilla\\Firefox\\PDFjs</Key>
1192 <ValueName>EnablePermissions</ValueName>
1195 <Entry type="4" type_name="REG_DWORD">
1196 <Key>Software\\Policies\\Mozilla\\Firefox\\PDFjs</Key>
1197 <ValueName>Enabled</ValueName>
1200 <Entry type="1" type_name="REG_SZ">
1201 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Autoplay</Key>
1202 <ValueName>Default</ValueName>
1203 <Value>block-audio</Value>
1205 <Entry type="4" type_name="REG_DWORD">
1206 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Autoplay</Key>
1207 <ValueName>Locked</ValueName>
1210 <Entry type="1" type_name="REG_SZ">
1211 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Autoplay\\Allow</Key>
1212 <ValueName>**delvals.</ValueName>
1215 <Entry type="1" type_name="REG_SZ">
1216 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Autoplay\\Allow</Key>
1217 <ValueName>1</ValueName>
1218 <Value>https://example.org</Value>
1220 <Entry type="1" type_name="REG_SZ">
1221 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Autoplay\\Block</Key>
1222 <ValueName>**delvals.</ValueName>
1225 <Entry type="1" type_name="REG_SZ">
1226 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Autoplay\\Block</Key>
1227 <ValueName>1</ValueName>
1228 <Value>https://example.edu</Value>
1230 <Entry type="4" type_name="REG_DWORD">
1231 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Camera</Key>
1232 <ValueName>BlockNewRequests</ValueName>
1235 <Entry type="4" type_name="REG_DWORD">
1236 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Camera</Key>
1237 <ValueName>Locked</ValueName>
1240 <Entry type="1" type_name="REG_SZ">
1241 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Camera\\Allow</Key>
1242 <ValueName>**delvals.</ValueName>
1245 <Entry type="1" type_name="REG_SZ">
1246 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Camera\\Allow</Key>
1247 <ValueName>1</ValueName>
1248 <Value>https://example.org</Value>
1250 <Entry type="1" type_name="REG_SZ">
1251 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Camera\\Allow</Key>
1252 <ValueName>2</ValueName>
1253 <Value>https://example.org:1234</Value>
1255 <Entry type="1" type_name="REG_SZ">
1256 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Camera\\Block</Key>
1257 <ValueName>**delvals.</ValueName>
1260 <Entry type="1" type_name="REG_SZ">
1261 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Camera\\Block</Key>
1262 <ValueName>1</ValueName>
1263 <Value>https://example.edu</Value>
1265 <Entry type="4" type_name="REG_DWORD">
1266 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Location</Key>
1267 <ValueName>BlockNewRequests</ValueName>
1270 <Entry type="4" type_name="REG_DWORD">
1271 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Location</Key>
1272 <ValueName>Locked</ValueName>
1275 <Entry type="1" type_name="REG_SZ">
1276 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Location\\Allow</Key>
1277 <ValueName>**delvals.</ValueName>
1280 <Entry type="1" type_name="REG_SZ">
1281 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Location\\Allow</Key>
1282 <ValueName>1</ValueName>
1283 <Value>https://example.org</Value>
1285 <Entry type="1" type_name="REG_SZ">
1286 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Location\\Block</Key>
1287 <ValueName>**delvals.</ValueName>
1290 <Entry type="1" type_name="REG_SZ">
1291 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Location\\Block</Key>
1292 <ValueName>1</ValueName>
1293 <Value>https://example.edu</Value>
1295 <Entry type="4" type_name="REG_DWORD">
1296 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Microphone</Key>
1297 <ValueName>BlockNewRequests</ValueName>
1300 <Entry type="4" type_name="REG_DWORD">
1301 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Microphone</Key>
1302 <ValueName>Locked</ValueName>
1305 <Entry type="1" type_name="REG_SZ">
1306 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Microphone\\Allow</Key>
1307 <ValueName>**delvals.</ValueName>
1310 <Entry type="1" type_name="REG_SZ">
1311 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Microphone\\Allow</Key>
1312 <ValueName>1</ValueName>
1313 <Value>https://example.org</Value>
1315 <Entry type="1" type_name="REG_SZ">
1316 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Microphone\\Block</Key>
1317 <ValueName>**delvals.</ValueName>
1320 <Entry type="1" type_name="REG_SZ">
1321 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Microphone\\Block</Key>
1322 <ValueName>1</ValueName>
1323 <Value>https://example.edu</Value>
1325 <Entry type="4" type_name="REG_DWORD">
1326 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Notifications</Key>
1327 <ValueName>BlockNewRequests</ValueName>
1330 <Entry type="4" type_name="REG_DWORD">
1331 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Notifications</Key>
1332 <ValueName>Locked</ValueName>
1335 <Entry type="1" type_name="REG_SZ">
1336 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Notifications\\Allow</Key>
1337 <ValueName>**delvals.</ValueName>
1340 <Entry type="1" type_name="REG_SZ">
1341 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Notifications\\Allow</Key>
1342 <ValueName>1</ValueName>
1343 <Value>https://example.org</Value>
1345 <Entry type="1" type_name="REG_SZ">
1346 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Notifications\\Block</Key>
1347 <ValueName>**delvals.</ValueName>
1350 <Entry type="1" type_name="REG_SZ">
1351 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Notifications\\Block</Key>
1352 <ValueName>1</ValueName>
1353 <Value>https://example.edu</Value>
1355 <Entry type="4" type_name="REG_DWORD">
1356 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\VirtualReality</Key>
1357 <ValueName>BlockNewRequests</ValueName>
1360 <Entry type="4" type_name="REG_DWORD">
1361 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\VirtualReality</Key>
1362 <ValueName>Locked</ValueName>
1365 <Entry type="1" type_name="REG_SZ">
1366 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\VirtualReality\\Allow</Key>
1367 <ValueName>**delvals.</ValueName>
1370 <Entry type="1" type_name="REG_SZ">
1371 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\VirtualReality\\Allow</Key>
1372 <ValueName>1</ValueName>
1373 <Value>https://example.org</Value>
1375 <Entry type="1" type_name="REG_SZ">
1376 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\VirtualReality\\Block</Key>
1377 <ValueName>**delvals.</ValueName>
1380 <Entry type="1" type_name="REG_SZ">
1381 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\VirtualReality\\Block</Key>
1382 <ValueName>1</ValueName>
1383 <Value>https://example.edu</Value>
1385 <Entry type="4" type_name="REG_DWORD">
1386 <Key>Software\\Policies\\Mozilla\\Firefox\\PictureInPicture</Key>
1387 <ValueName>Enabled</ValueName>
1390 <Entry type="4" type_name="REG_DWORD">
1391 <Key>Software\\Policies\\Mozilla\\Firefox\\PictureInPicture</Key>
1392 <ValueName>Locked</ValueName>
1395 <Entry type="4" type_name="REG_DWORD">
1396 <Key>Software\\Policies\\Mozilla\\Firefox\\PopupBlocking</Key>
1397 <ValueName>Default</ValueName>
1400 <Entry type="4" type_name="REG_DWORD">
1401 <Key>Software\\Policies\\Mozilla\\Firefox\\PopupBlocking</Key>
1402 <ValueName>Locked</ValueName>
1405 <Entry type="1" type_name="REG_SZ">
1406 <Key>Software\\Policies\\Mozilla\\Firefox\\PopupBlocking\\Allow</Key>
1407 <ValueName>**delvals.</ValueName>
1410 <Entry type="1" type_name="REG_SZ">
1411 <Key>Software\\Policies\\Mozilla\\Firefox\\PopupBlocking\\Allow</Key>
1412 <ValueName>1</ValueName>
1413 <Value>http://example.org/</Value>
1415 <Entry type="1" type_name="REG_SZ">
1416 <Key>Software\\Policies\\Mozilla\\Firefox\\PopupBlocking\\Allow</Key>
1417 <ValueName>2</ValueName>
1418 <Value>http://example.edu/</Value>
1420 <Entry type="4" type_name="REG_DWORD">
1421 <Key>Software\\Policies\\Mozilla\\Firefox\\Proxy</Key>
1422 <ValueName>Locked</ValueName>
1425 <Entry type="1" type_name="REG_SZ">
1426 <Key>Software\\Policies\\Mozilla\\Firefox\\Proxy</Key>
1427 <ValueName>Mode</ValueName>
1428 <Value>autoDetect</Value>
1430 <Entry type="1" type_name="REG_SZ">
1431 <Key>Software\\Policies\\Mozilla\\Firefox\\Proxy</Key>
1432 <ValueName>HTTPProxy</ValueName>
1433 <Value>hostname</Value>
1435 <Entry type="4" type_name="REG_DWORD">
1436 <Key>Software\\Policies\\Mozilla\\Firefox\\Proxy</Key>
1437 <ValueName>UseHTTPProxyForAllProtocols</ValueName>
1440 <Entry type="1" type_name="REG_SZ">
1441 <Key>Software\\Policies\\Mozilla\\Firefox\\Proxy</Key>
1442 <ValueName>SSLProxy</ValueName>
1443 <Value>hostname</Value>
1445 <Entry type="1" type_name="REG_SZ">
1446 <Key>Software\\Policies\\Mozilla\\Firefox\\Proxy</Key>
1447 <ValueName>FTPProxy</ValueName>
1448 <Value>hostname</Value>
1450 <Entry type="1" type_name="REG_SZ">
1451 <Key>Software\\Policies\\Mozilla\\Firefox\\Proxy</Key>
1452 <ValueName>SOCKSProxy</ValueName>
1453 <Value>hostname</Value>
1455 <Entry type="4" type_name="REG_DWORD">
1456 <Key>Software\\Policies\\Mozilla\\Firefox\\Proxy</Key>
1457 <ValueName>SOCKSVersion</ValueName>
1460 <Entry type="1" type_name="REG_SZ">
1461 <Key>Software\\Policies\\Mozilla\\Firefox\\Proxy</Key>
1462 <ValueName>Passthrough</ValueName>
1463 <Value><local></Value>
1465 <Entry type="1" type_name="REG_SZ">
1466 <Key>Software\\Policies\\Mozilla\\Firefox\\Proxy</Key>
1467 <ValueName>AutoConfigURL</ValueName>
1468 <Value>URL_TO_AUTOCONFIG</Value>
1470 <Entry type="4" type_name="REG_DWORD">
1471 <Key>Software\\Policies\\Mozilla\\Firefox\\Proxy</Key>
1472 <ValueName>AutoLogin</ValueName>
1475 <Entry type="4" type_name="REG_DWORD">
1476 <Key>Software\\Policies\\Mozilla\\Firefox\\Proxy</Key>
1477 <ValueName>UseProxyForDNS</ValueName>
1480 <Entry type="4" type_name="REG_DWORD">
1481 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
1482 <ValueName>SanitizeOnShutdown</ValueName>
1485 <Entry type="1" type_name="REG_SZ">
1486 <Key>Software\\Policies\\Mozilla\\Firefox\\SearchEngines</Key>
1487 <ValueName>Default</ValueName>
1488 <Value>Google</Value>
1490 <Entry type="4" type_name="REG_DWORD">
1491 <Key>Software\\Policies\\Mozilla\\Firefox\\SearchEngines</Key>
1492 <ValueName>PreventInstalls</ValueName>
1495 <Entry type="1" type_name="REG_SZ">
1496 <Key>Software\\Policies\\Mozilla\\Firefox\\SearchEngines\\Add\\1</Key>
1497 <ValueName>Name</ValueName>
1498 <Value>Example1</Value>
1500 <Entry type="1" type_name="REG_SZ">
1501 <Key>Software\\Policies\\Mozilla\\Firefox\\SearchEngines\\Add\\1</Key>
1502 <ValueName>URLTemplate</ValueName>
1503 <Value>https://www.example.org/q={searchTerms}</Value>
1505 <Entry type="1" type_name="REG_SZ">
1506 <Key>Software\\Policies\\Mozilla\\Firefox\\SearchEngines\\Add\\1</Key>
1507 <ValueName>Method</ValueName>
1510 <Entry type="1" type_name="REG_SZ">
1511 <Key>Software\\Policies\\Mozilla\\Firefox\\SearchEngines\\Add\\1</Key>
1512 <ValueName>IconURL</ValueName>
1513 <Value>https://www.example.org/favicon.ico</Value>
1515 <Entry type="1" type_name="REG_SZ">
1516 <Key>Software\\Policies\\Mozilla\\Firefox\\SearchEngines\\Add\\1</Key>
1517 <ValueName>Alias</ValueName>
1518 <Value>example</Value>
1520 <Entry type="1" type_name="REG_SZ">
1521 <Key>Software\\Policies\\Mozilla\\Firefox\\SearchEngines\\Add\\1</Key>
1522 <ValueName>Description</ValueName>
1523 <Value>Description</Value>
1525 <Entry type="1" type_name="REG_SZ">
1526 <Key>Software\\Policies\\Mozilla\\Firefox\\SearchEngines\\Add\\1</Key>
1527 <ValueName>SuggestURLTemplate</ValueName>
1528 <Value>https://www.example.org/suggestions/q={searchTerms}</Value>
1530 <Entry type="1" type_name="REG_SZ">
1531 <Key>Software\\Policies\\Mozilla\\Firefox\\SearchEngines\\Add\\1</Key>
1532 <ValueName>PostData</ValueName>
1533 <Value>name=value&q={searchTerms}</Value>
1535 <Entry type="1" type_name="REG_SZ">
1536 <Key>Software\\Policies\\Mozilla\\Firefox\\SearchEngines\\Remove</Key>
1537 <ValueName>**delvals.</ValueName>
1540 <Entry type="1" type_name="REG_SZ">
1541 <Key>Software\\Policies\\Mozilla\\Firefox\\SearchEngines\\Remove</Key>
1542 <ValueName>1</ValueName>
1545 <Entry type="1" type_name="REG_SZ">
1546 <Key>Software\\Policies\\Mozilla\\Firefox\\SupportMenu</Key>
1547 <ValueName>Title</ValueName>
1548 <Value>Support Menu</Value>
1550 <Entry type="1" type_name="REG_SZ">
1551 <Key>Software\\Policies\\Mozilla\\Firefox\\SupportMenu</Key>
1552 <ValueName>URL</ValueName>
1553 <Value>http://example.com/support</Value>
1555 <Entry type="1" type_name="REG_SZ">
1556 <Key>Software\\Policies\\Mozilla\\Firefox\\SupportMenu</Key>
1557 <ValueName>AccessKey</ValueName>
1560 <Entry type="4" type_name="REG_DWORD">
1561 <Key>Software\\Policies\\Mozilla\\Firefox\\UserMessaging</Key>
1562 <ValueName>ExtensionRecommendations</ValueName>
1565 <Entry type="4" type_name="REG_DWORD">
1566 <Key>Software\\Policies\\Mozilla\\Firefox\\UserMessaging</Key>
1567 <ValueName>FeatureRecommendations</ValueName>
1570 <Entry type="4" type_name="REG_DWORD">
1571 <Key>Software\\Policies\\Mozilla\\Firefox\\UserMessaging</Key>
1572 <ValueName>WhatsNew</ValueName>
1575 <Entry type="4" type_name="REG_DWORD">
1576 <Key>Software\\Policies\\Mozilla\\Firefox\\UserMessaging</Key>
1577 <ValueName>UrlbarInterventions</ValueName>
1580 <Entry type="4" type_name="REG_DWORD">
1581 <Key>Software\\Policies\\Mozilla\\Firefox\\UserMessaging</Key>
1582 <ValueName>SkipOnboarding</ValueName>
1585 <Entry type="1" type_name="REG_SZ">
1586 <Key>Software\\Policies\\Mozilla\\Firefox\\WebsiteFilter\\Block</Key>
1587 <ValueName>**delvals.</ValueName>
1590 <Entry type="1" type_name="REG_SZ">
1591 <Key>Software\\Policies\\Mozilla\\Firefox\\WebsiteFilter\\Block</Key>
1592 <ValueName>1</ValueName>
1593 <Value><all_urls></Value>
1595 <Entry type="1" type_name="REG_SZ">
1596 <Key>Software\\Policies\\Mozilla\\Firefox\\WebsiteFilter\\Exceptions</Key>
1597 <ValueName>**delvals.</ValueName>
1600 <Entry type="1" type_name="REG_SZ">
1601 <Key>Software\\Policies\\Mozilla\\Firefox\\WebsiteFilter\\Exceptions</Key>
1602 <ValueName>1</ValueName>
1603 <Value>http://example.org/*</Value>
1605 <Entry type="1" type_name="REG_SZ">
1606 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
1607 <ValueName>AllowedDomainsForApps</ValueName>
1608 <Value>managedfirefox.com,example.com</Value>
1610 <Entry type="4" type_name="REG_DWORD">
1611 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
1612 <ValueName>BackgroundAppUpdate</ValueName>
1615 <Entry type="4" type_name="REG_DWORD">
1616 <Key>Software\\Policies\\Mozilla\\Firefox\\Certificates</Key>
1617 <ValueName>ImportEnterpriseRoots</ValueName>
1620 <Entry type="1" type_name="REG_SZ">
1621 <Key>Software\\Policies\\Mozilla\\Firefox\\Certificates\\Install</Key>
1622 <ValueName>**delvals.</ValueName>
1625 <Entry type="1" type_name="REG_SZ">
1626 <Key>Software\\Policies\\Mozilla\\Firefox\\Certificates\\Install</Key>
1627 <ValueName>1</ValueName>
1628 <Value>cert1.der</Value>
1630 <Entry type="1" type_name="REG_SZ">
1631 <Key>Software\\Policies\\Mozilla\\Firefox\\Certificates\\Install</Key>
1632 <ValueName>2</ValueName>
1633 <Value>/home/username/cert2.pem</Value>
1635 <Entry type="1" type_name="REG_SZ">
1636 <Key>Software\\Policies\\Mozilla\\Firefox\\SecurityDevices</Key>
1637 <ValueName>NAME_OF_DEVICE</ValueName>
1638 <Value>PATH_TO_LIBRARY_FOR_DEVICE</Value>
1640 <Entry type="4" type_name="REG_DWORD">
1641 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
1642 <ValueName>ShowHomeButton</ValueName>
1645 <Entry type="7" type_name="REG_MULTI_SZ">
1646 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
1647 <ValueName>AutoLaunchProtocolsFromOrigins</ValueName>
1648 <Value>[{"protocol": "zoommtg", "allowed_origins": ["https://somesite.zoom.us"]}]</Value>
1653 firefox_json_expected = \
1657 "AppAutoUpdate": true,
1658 "AllowedDomainsForApps": "managedfirefox.com,example.com",
1659 "AppUpdateURL": "https://yoursite.com",
1663 "https://myotherdomain.com"
1667 "https://myotherdomain.com"
1671 "https://myotherdomain.com"
1682 "PrivateBrowsing": true
1684 "AutoLaunchProtocolsFromOrigins": [
1686 "protocol": "zoommtg",
1687 "allowed_origins": [
1688 "https://somesite.zoom.us"
1692 "BackgroundAppUpdate": true,
1693 "BlockAboutAddons": true,
1694 "BlockAboutConfig": true,
1695 "BlockAboutProfiles": true,
1696 "BlockAboutSupport": true,
1700 "URL": "https://example.com",
1701 "Favicon": "https://example.com/favicon.ico",
1702 "Placement": "menu",
1703 "Folder": "FolderName"
1707 "URL": "www.samba.org",
1709 "Placement": "toolbar",
1713 "CaptivePortal": true,
1715 "ImportEnterpriseRoots": true,
1718 "/home/username/cert2.pem"
1723 "http://example.org/"
1726 "http://example.edu/"
1729 "http://example.edu/"
1732 "AcceptThirdParty": "never",
1733 "ExpireAtSessionEnd": true,
1734 "RejectTracker": true,
1737 "DisableSetDesktopBackground": true,
1738 "DisableMasterPasswordCreation": true,
1739 "DisableAppUpdate": true,
1740 "DisableBuiltinPDFViewer": true,
1741 "DisabledCiphers": {
1742 "TLS_DHE_RSA_WITH_AES_128_CBC_SHA": true,
1743 "TLS_DHE_RSA_WITH_AES_256_CBC_SHA": true,
1744 "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA": true,
1745 "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA": true,
1746 "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256": true,
1747 "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256": true,
1748 "TLS_RSA_WITH_AES_128_CBC_SHA": true,
1749 "TLS_RSA_WITH_AES_256_CBC_SHA": true,
1750 "TLS_RSA_WITH_3DES_EDE_CBC_SHA": true,
1751 "TLS_RSA_WITH_AES_128_GCM_SHA256": true,
1752 "TLS_RSA_WITH_AES_256_GCM_SHA384": true
1754 "DisableDefaultBrowserAgent": true,
1755 "DisableDeveloperTools": true,
1756 "DisableFeedbackCommands": true,
1757 "DisableFirefoxScreenshots": true,
1758 "DisableFirefoxAccounts": true,
1759 "DisableFirefoxStudies": true,
1760 "DisableForgetButton": true,
1761 "DisableFormHistory": true,
1762 "DisablePasswordReveal": true,
1763 "DisablePocket": true,
1764 "DisablePrivateBrowsing": true,
1765 "DisableProfileImport": true,
1766 "DisableProfileRefresh": true,
1767 "DisableSafeMode": true,
1768 "DisableSecurityBypass": {
1769 "InvalidCertificate": true,
1770 "SafeBrowsing": true
1772 "DisableSystemAddonUpdate": true,
1773 "DisableTelemetry": true,
1774 "DisplayBookmarksToolbar": true,
1775 "DisplayMenuBar": "default-on",
1778 "ProviderURL": "URL_TO_ALTERNATE_PROVIDER",
1780 "ExcludedDomains": [
1784 "DontCheckDefaultBrowser": true,
1785 "EnableTrackingProtection": {
1788 "Cryptomining": true,
1789 "Fingerprinting": true,
1791 "https://example.com"
1794 "EncryptedMediaExtensions": {
1800 "https://addons.mozilla.org/firefox/downloads/somefile.xpi",
1804 "bad_addon_id@mozilla.org"
1807 "addon_id@mozilla.org"
1810 "ExtensionSettings": {
1812 "blocked_install_message": "Custom error message.",
1813 "install_sources": [
1815 "https://addons.mozilla.org/"
1817 "installation_mode": "blocked",
1822 "uBlock0@raymondhill.net": {
1823 "installation_mode": "force_installed",
1824 "install_url": "https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi"
1826 "https-everywhere@eff.org": {
1827 "installation_mode": "allowed"
1830 "ExtensionUpdate": true,
1833 "http://example.org/"
1836 "http://example.edu/"
1843 "application/msword": {
1844 "action": "useSystemDefault",
1850 "action": "useHelperApp",
1855 "uriTemplate": "https://mail.google.com/mail/?extsrc=mailto&url=%s"
1862 "action": "useHelperApp",
1866 "name": "Adobe Acrobat",
1867 "path": "/usr/bin/acroread"
1881 "HardwareAcceleration": true,
1883 "URL": "http://example.com/",
1886 "http://example.org/",
1887 "http://example.edu/"
1889 "StartPage": "homepage"
1891 "InstallAddonsPermission": {
1893 "http://example.org/",
1894 "http://example.edu/"
1899 "http://example.org/",
1900 "http://example.edu/"
1902 "ManagedBookmarks": [
1904 "toplevel_name": "My managed bookmarks folder"
1907 "url": "example.com",
1911 "name": "Mozilla links",
1914 "url": "https://mozilla.org",
1915 "name": "Mozilla.org"
1918 "url": "https://support.mozilla.org/",
1924 "PrimaryPassword": true,
1925 "NoDefaultBookmarks": true,
1926 "OfferToSaveLogins": true,
1927 "OfferToSaveLoginsDefault": true,
1928 "OverrideFirstRunPage": "http://example.org",
1929 "OverridePostUpdatePage": "http://example.org",
1930 "PasswordManagerEnabled": true,
1933 "EnablePermissions": true
1938 "https://example.org",
1939 "https://example.org:1234"
1942 "https://example.edu"
1944 "BlockNewRequests": true,
1949 "https://example.org"
1952 "https://example.edu"
1954 "BlockNewRequests": true,
1959 "https://example.org"
1962 "https://example.edu"
1964 "BlockNewRequests": true,
1969 "https://example.org"
1972 "https://example.edu"
1974 "BlockNewRequests": true,
1979 "https://example.org"
1982 "https://example.edu"
1984 "Default": "block-audio",
1989 "https://example.org"
1992 "https://example.edu"
1994 "BlockNewRequests": true,
1998 "PictureInPicture": {
2004 "http://example.org/",
2005 "http://example.edu/"
2011 "accessibility.force_disabled": {
2015 "browser.cache.disk.parent_directory": {
2016 "Value": "SOME_NATIVE_PATH",
2019 "browser.tabs.warnOnClose": {
2024 "PromptForDownloadLocation": true,
2026 "Mode": "autoDetect",
2028 "HTTPProxy": "hostname",
2029 "UseHTTPProxyForAllProtocols": true,
2030 "SSLProxy": "hostname",
2031 "FTPProxy": "hostname",
2032 "SOCKSProxy": "hostname",
2034 "Passthrough": "<local>",
2035 "AutoConfigURL": "URL_TO_AUTOCONFIG",
2037 "UseProxyForDNS": true
2039 "SanitizeOnShutdown": true,
2044 "URLTemplate": "https://www.example.org/q={searchTerms}",
2046 "IconURL": "https://www.example.org/favicon.ico",
2048 "Description": "Description",
2049 "PostData": "name=value&q={searchTerms}",
2050 "SuggestURLTemplate": "https://www.example.org/suggestions/q={searchTerms}"
2056 "Default": "Google",
2057 "PreventInstalls": true
2059 "SearchSuggestEnabled": true,
2060 "SecurityDevices": {
2061 "NAME_OF_DEVICE": "PATH_TO_LIBRARY_FOR_DEVICE"
2063 "ShowHomeButton": true,
2064 "SSLVersionMax": "tls1.3",
2065 "SSLVersionMin": "tls1.3",
2067 "Title": "Support Menu",
2068 "URL": "http://example.com/support",
2073 "ExtensionRecommendations": true,
2074 "FeatureRecommendations": true,
2075 "UrlbarInterventions": true,
2076 "SkipOnboarding": true
2083 "http://example.org/*"
2086 "DefaultDownloadDirectory": "${home}/Downloads",
2087 "DownloadDirectory": "${home}/Downloads",
2088 "NetworkPrediction": true,
2090 "RequestedLocales": ["de", "en-US"],
2091 "SearchBar": "unified"
2096 chromium_reg_pol = \
2098 <?xml version="1.0" encoding="utf-8"?>
2099 <PolFile num_entries="418" signature="PReg" version="1">
2100 <Entry type="4" type_name="REG_DWORD">
2101 <Key>Software\Policies\Google\Chrome</Key>
2102 <ValueName>AbusiveExperienceInterventionEnforce</ValueName>
2105 <Entry type="4" type_name="REG_DWORD">
2106 <Key>Software\Policies\Google\Chrome</Key>
2107 <ValueName>AccessibilityImageLabelsEnabled</ValueName>
2110 <Entry type="4" type_name="REG_DWORD">
2111 <Key>Software\Policies\Google\Chrome</Key>
2112 <ValueName>AdditionalDnsQueryTypesEnabled</ValueName>
2115 <Entry type="4" type_name="REG_DWORD">
2116 <Key>Software\Policies\Google\Chrome</Key>
2117 <ValueName>AdsSettingForIntrusiveAdsSites</ValueName>
2120 <Entry type="4" type_name="REG_DWORD">
2121 <Key>Software\Policies\Google\Chrome</Key>
2122 <ValueName>AdvancedProtectionAllowed</ValueName>
2125 <Entry type="4" type_name="REG_DWORD">
2126 <Key>Software\Policies\Google\Chrome</Key>
2127 <ValueName>AllowCrossOriginAuthPrompt</ValueName>
2130 <Entry type="4" type_name="REG_DWORD">
2131 <Key>Software\Policies\Google\Chrome</Key>
2132 <ValueName>AllowDeletingBrowserHistory</ValueName>
2135 <Entry type="4" type_name="REG_DWORD">
2136 <Key>Software\Policies\Google\Chrome</Key>
2137 <ValueName>AllowDinosaurEasterEgg</ValueName>
2140 <Entry type="4" type_name="REG_DWORD">
2141 <Key>Software\Policies\Google\Chrome</Key>
2142 <ValueName>AllowFileSelectionDialogs</ValueName>
2145 <Entry type="4" type_name="REG_DWORD">
2146 <Key>Software\Policies\Google\Chrome</Key>
2147 <ValueName>AllowSyncXHRInPageDismissal</ValueName>
2150 <Entry type="1" type_name="REG_SZ">
2151 <Key>Software\Policies\Google\Chrome</Key>
2152 <ValueName>AllowedDomainsForApps</ValueName>
2153 <Value>managedchrome.com,example.com</Value>
2155 <Entry type="4" type_name="REG_DWORD">
2156 <Key>Software\Policies\Google\Chrome</Key>
2157 <ValueName>AlternateErrorPagesEnabled</ValueName>
2160 <Entry type="1" type_name="REG_SZ">
2161 <Key>Software\Policies\Google\Chrome</Key>
2162 <ValueName>AlternativeBrowserPath</ValueName>
2163 <Value>${ie}</Value>
2165 <Entry type="4" type_name="REG_DWORD">
2166 <Key>Software\Policies\Google\Chrome</Key>
2167 <ValueName>AlwaysOpenPdfExternally</ValueName>
2170 <Entry type="4" type_name="REG_DWORD">
2171 <Key>Software\Policies\Google\Chrome</Key>
2172 <ValueName>AmbientAuthenticationInPrivateModesEnabled</ValueName>
2175 <Entry type="4" type_name="REG_DWORD">
2176 <Key>Software\Policies\Google\Chrome</Key>
2177 <ValueName>AppCacheForceEnabled</ValueName>
2180 <Entry type="1" type_name="REG_SZ">
2181 <Key>Software\Policies\Google\Chrome</Key>
2182 <ValueName>ApplicationLocaleValue</ValueName>
2185 <Entry type="4" type_name="REG_DWORD">
2186 <Key>Software\Policies\Google\Chrome</Key>
2187 <ValueName>AudioCaptureAllowed</ValueName>
2190 <Entry type="4" type_name="REG_DWORD">
2191 <Key>Software\Policies\Google\Chrome</Key>
2192 <ValueName>AudioProcessHighPriorityEnabled</ValueName>
2195 <Entry type="4" type_name="REG_DWORD">
2196 <Key>Software\Policies\Google\Chrome</Key>
2197 <ValueName>AudioSandboxEnabled</ValueName>
2200 <Entry type="1" type_name="REG_SZ">
2201 <Key>Software\Policies\Google\Chrome</Key>
2202 <ValueName>AuthNegotiateDelegateAllowlist</ValueName>
2203 <Value>foobar.example.com</Value>
2205 <Entry type="1" type_name="REG_SZ">
2206 <Key>Software\Policies\Google\Chrome</Key>
2207 <ValueName>AuthSchemes</ValueName>
2208 <Value>basic,digest,ntlm,negotiate</Value>
2210 <Entry type="1" type_name="REG_SZ">
2211 <Key>Software\Policies\Google\Chrome</Key>
2212 <ValueName>AuthServerAllowlist</ValueName>
2213 <Value>*.example.com,example.com</Value>
2215 <Entry type="1" type_name="REG_SZ">
2216 <Key>Software\Policies\Google\Chrome</Key>
2217 <ValueName>AutoLaunchProtocolsFromOrigins</ValueName>
2218 <Value>[{"allowed_origins": ["example.com", "http://www.example.com:8080"], "protocol": "spotify"}, {"allowed_origins": ["https://example.com", "https://.mail.example.com"], "protocol": "teams"}, {"allowed_origins": ["*"], "protocol": "outlook"}]</Value>
2220 <Entry type="4" type_name="REG_DWORD">
2221 <Key>Software\Policies\Google\Chrome</Key>
2222 <ValueName>AutofillAddressEnabled</ValueName>
2225 <Entry type="4" type_name="REG_DWORD">
2226 <Key>Software\Policies\Google\Chrome</Key>
2227 <ValueName>AutofillCreditCardEnabled</ValueName>
2230 <Entry type="4" type_name="REG_DWORD">
2231 <Key>Software\Policies\Google\Chrome</Key>
2232 <ValueName>AutoplayAllowed</ValueName>
2235 <Entry type="4" type_name="REG_DWORD">
2236 <Key>Software\Policies\Google\Chrome</Key>
2237 <ValueName>BackgroundModeEnabled</ValueName>
2240 <Entry type="4" type_name="REG_DWORD">
2241 <Key>Software\Policies\Google\Chrome</Key>
2242 <ValueName>BasicAuthOverHttpEnabled</ValueName>
2245 <Entry type="4" type_name="REG_DWORD">
2246 <Key>Software\Policies\Google\Chrome</Key>
2247 <ValueName>BlockExternalExtensions</ValueName>
2250 <Entry type="4" type_name="REG_DWORD">
2251 <Key>Software\Policies\Google\Chrome</Key>
2252 <ValueName>BlockThirdPartyCookies</ValueName>
2255 <Entry type="4" type_name="REG_DWORD">
2256 <Key>Software\Policies\Google\Chrome</Key>
2257 <ValueName>BookmarkBarEnabled</ValueName>
2260 <Entry type="4" type_name="REG_DWORD">
2261 <Key>Software\Policies\Google\Chrome</Key>
2262 <ValueName>BrowserAddPersonEnabled</ValueName>
2265 <Entry type="4" type_name="REG_DWORD">
2266 <Key>Software\Policies\Google\Chrome</Key>
2267 <ValueName>BrowserGuestModeEnabled</ValueName>
2270 <Entry type="4" type_name="REG_DWORD">
2271 <Key>Software\Policies\Google\Chrome</Key>
2272 <ValueName>BrowserGuestModeEnforced</ValueName>
2275 <Entry type="4" type_name="REG_DWORD">
2276 <Key>Software\Policies\Google\Chrome</Key>
2277 <ValueName>BrowserLabsEnabled</ValueName>
2280 <Entry type="4" type_name="REG_DWORD">
2281 <Key>Software\Policies\Google\Chrome</Key>
2282 <ValueName>BrowserNetworkTimeQueriesEnabled</ValueName>
2285 <Entry type="4" type_name="REG_DWORD">
2286 <Key>Software\Policies\Google\Chrome</Key>
2287 <ValueName>BrowserSignin</ValueName>
2290 <Entry type="1" type_name="REG_SZ">
2291 <Key>Software\Policies\Google\Chrome</Key>
2292 <ValueName>BrowserSwitcherChromePath</ValueName>
2293 <Value>${chrome}</Value>
2295 <Entry type="4" type_name="REG_DWORD">
2296 <Key>Software\Policies\Google\Chrome</Key>
2297 <ValueName>BrowserSwitcherDelay</ValueName>
2298 <Value>10000</Value>
2300 <Entry type="4" type_name="REG_DWORD">
2301 <Key>Software\Policies\Google\Chrome</Key>
2302 <ValueName>BrowserSwitcherEnabled</ValueName>
2305 <Entry type="1" type_name="REG_SZ">
2306 <Key>Software\Policies\Google\Chrome</Key>
2307 <ValueName>BrowserSwitcherExternalGreylistUrl</ValueName>
2308 <Value>http://example.com/greylist.xml</Value>
2310 <Entry type="1" type_name="REG_SZ">
2311 <Key>Software\Policies\Google\Chrome</Key>
2312 <ValueName>BrowserSwitcherExternalSitelistUrl</ValueName>
2313 <Value>http://example.com/sitelist.xml</Value>
2315 <Entry type="4" type_name="REG_DWORD">
2316 <Key>Software\Policies\Google\Chrome</Key>
2317 <ValueName>BrowserSwitcherKeepLastChromeTab</ValueName>
2320 <Entry type="4" type_name="REG_DWORD">
2321 <Key>Software\Policies\Google\Chrome</Key>
2322 <ValueName>BrowserSwitcherUseIeSitelist</ValueName>
2325 <Entry type="1" type_name="REG_SZ">
2326 <Key>Software\Policies\Google\Chrome</Key>
2327 <ValueName>BrowserThemeColor</ValueName>
2328 <Value>#FFFFFF</Value>
2330 <Entry type="1" type_name="REG_SZ">
2331 <Key>Software\Policies\Google\Chrome</Key>
2332 <ValueName>BrowsingDataLifetime</ValueName>
2333 <Value>[{"data_types": ["browsing_history"], "time_to_live_in_hours": 24}, {"data_types": ["password_signin", "autofill"], "time_to_live_in_hours": 12}]</Value>
2335 <Entry type="4" type_name="REG_DWORD">
2336 <Key>Software\Policies\Google\Chrome</Key>
2337 <ValueName>BuiltInDnsClientEnabled</ValueName>
2340 <Entry type="4" type_name="REG_DWORD">
2341 <Key>Software\Policies\Google\Chrome</Key>
2342 <ValueName>CECPQ2Enabled</ValueName>
2345 <Entry type="4" type_name="REG_DWORD">
2346 <Key>Software\Policies\Google\Chrome</Key>
2347 <ValueName>ChromeCleanupEnabled</ValueName>
2350 <Entry type="4" type_name="REG_DWORD">
2351 <Key>Software\Policies\Google\Chrome</Key>
2352 <ValueName>ChromeCleanupReportingEnabled</ValueName>
2355 <Entry type="4" type_name="REG_DWORD">
2356 <Key>Software\Policies\Google\Chrome</Key>
2357 <ValueName>ChromeVariations</ValueName>
2360 <Entry type="4" type_name="REG_DWORD">
2361 <Key>Software\Policies\Google\Chrome</Key>
2362 <ValueName>ClickToCallEnabled</ValueName>
2365 <Entry type="4" type_name="REG_DWORD">
2366 <Key>Software\Policies\Google\Chrome</Key>
2367 <ValueName>CloudManagementEnrollmentMandatory</ValueName>
2370 <Entry type="1" type_name="REG_SZ">
2371 <Key>Software\Policies\Google\Chrome</Key>
2372 <ValueName>CloudManagementEnrollmentToken</ValueName>
2373 <Value>37185d02-e055-11e7-80c1-9a214cf093ae</Value>
2375 <Entry type="4" type_name="REG_DWORD">
2376 <Key>Software\Policies\Google\Chrome</Key>
2377 <ValueName>CloudPolicyOverridesPlatformPolicy</ValueName>
2380 <Entry type="4" type_name="REG_DWORD">
2381 <Key>Software\Policies\Google\Chrome</Key>
2382 <ValueName>CloudPrintProxyEnabled</ValueName>
2385 <Entry type="4" type_name="REG_DWORD">
2386 <Key>Software\Policies\Google\Chrome</Key>
2387 <ValueName>CloudPrintSubmitEnabled</ValueName>
2390 <Entry type="4" type_name="REG_DWORD">
2391 <Key>Software\Policies\Google\Chrome</Key>
2392 <ValueName>CloudUserPolicyMerge</ValueName>
2395 <Entry type="4" type_name="REG_DWORD">
2396 <Key>Software\Policies\Google\Chrome</Key>
2397 <ValueName>CommandLineFlagSecurityWarningsEnabled</ValueName>
2400 <Entry type="4" type_name="REG_DWORD">
2401 <Key>Software\Policies\Google\Chrome</Key>
2402 <ValueName>ComponentUpdatesEnabled</ValueName>
2405 <Entry type="4" type_name="REG_DWORD">
2406 <Key>Software\Policies\Google\Chrome</Key>
2407 <ValueName>DNSInterceptionChecksEnabled</ValueName>
2410 <Entry type="4" type_name="REG_DWORD">
2411 <Key>Software\Policies\Google\Chrome</Key>
2412 <ValueName>DefaultBrowserSettingEnabled</ValueName>
2415 <Entry type="4" type_name="REG_DWORD">
2416 <Key>Software\Policies\Google\Chrome</Key>
2417 <ValueName>DefaultCookiesSetting</ValueName>
2420 <Entry type="4" type_name="REG_DWORD">
2421 <Key>Software\Policies\Google\Chrome</Key>
2422 <ValueName>DefaultFileHandlingGuardSetting</ValueName>
2425 <Entry type="4" type_name="REG_DWORD">
2426 <Key>Software\Policies\Google\Chrome</Key>
2427 <ValueName>DefaultFileSystemReadGuardSetting</ValueName>
2430 <Entry type="4" type_name="REG_DWORD">
2431 <Key>Software\Policies\Google\Chrome</Key>
2432 <ValueName>DefaultFileSystemWriteGuardSetting</ValueName>
2435 <Entry type="4" type_name="REG_DWORD">
2436 <Key>Software\Policies\Google\Chrome</Key>
2437 <ValueName>DefaultGeolocationSetting</ValueName>
2440 <Entry type="4" type_name="REG_DWORD">
2441 <Key>Software\Policies\Google\Chrome</Key>
2442 <ValueName>DefaultImagesSetting</ValueName>
2445 <Entry type="4" type_name="REG_DWORD">
2446 <Key>Software\Policies\Google\Chrome</Key>
2447 <ValueName>DefaultInsecureContentSetting</ValueName>
2450 <Entry type="4" type_name="REG_DWORD">
2451 <Key>Software\Policies\Google\Chrome</Key>
2452 <ValueName>DefaultJavaScriptSetting</ValueName>
2455 <Entry type="4" type_name="REG_DWORD">
2456 <Key>Software\Policies\Google\Chrome</Key>
2457 <ValueName>DefaultNotificationsSetting</ValueName>
2460 <Entry type="4" type_name="REG_DWORD">
2461 <Key>Software\Policies\Google\Chrome</Key>
2462 <ValueName>DefaultPopupsSetting</ValueName>
2465 <Entry type="1" type_name="REG_SZ">
2466 <Key>Software\Policies\Google\Chrome</Key>
2467 <ValueName>DefaultPrinterSelection</ValueName>
2468 <Value>{ "kind": "cloud", "idPattern": ".*public", "namePattern": ".*Color" }</Value>
2470 <Entry type="4" type_name="REG_DWORD">
2471 <Key>Software\Policies\Google\Chrome</Key>
2472 <ValueName>DefaultSearchProviderContextMenuAccessAllowed</ValueName>
2475 <Entry type="4" type_name="REG_DWORD">
2476 <Key>Software\Policies\Google\Chrome</Key>
2477 <ValueName>DefaultSearchProviderEnabled</ValueName>
2480 <Entry type="1" type_name="REG_SZ">
2481 <Key>Software\Policies\Google\Chrome</Key>
2482 <ValueName>DefaultSearchProviderIconURL</ValueName>
2483 <Value>https://search.my.company/favicon.ico</Value>
2485 <Entry type="1" type_name="REG_SZ">
2486 <Key>Software\Policies\Google\Chrome</Key>
2487 <ValueName>DefaultSearchProviderImageURL</ValueName>
2488 <Value>https://search.my.company/searchbyimage/upload</Value>
2490 <Entry type="1" type_name="REG_SZ">
2491 <Key>Software\Policies\Google\Chrome</Key>
2492 <ValueName>DefaultSearchProviderImageURLPostParams</ValueName>
2493 <Value>content={imageThumbnail},url={imageURL},sbisrc={SearchSource}</Value>
2495 <Entry type="1" type_name="REG_SZ">
2496 <Key>Software\Policies\Google\Chrome</Key>
2497 <ValueName>DefaultSearchProviderKeyword</ValueName>
2500 <Entry type="1" type_name="REG_SZ">
2501 <Key>Software\Policies\Google\Chrome</Key>
2502 <ValueName>DefaultSearchProviderName</ValueName>
2503 <Value>My Intranet Search</Value>
2505 <Entry type="1" type_name="REG_SZ">
2506 <Key>Software\Policies\Google\Chrome</Key>
2507 <ValueName>DefaultSearchProviderNewTabURL</ValueName>
2508 <Value>https://search.my.company/newtab</Value>
2510 <Entry type="1" type_name="REG_SZ">
2511 <Key>Software\Policies\Google\Chrome</Key>
2512 <ValueName>DefaultSearchProviderSearchURL</ValueName>
2513 <Value>https://search.my.company/search?q={searchTerms}</Value>
2515 <Entry type="1" type_name="REG_SZ">
2516 <Key>Software\Policies\Google\Chrome</Key>
2517 <ValueName>DefaultSearchProviderSearchURLPostParams</ValueName>
2518 <Value>q={searchTerms},ie=utf-8,oe=utf-8</Value>
2520 <Entry type="1" type_name="REG_SZ">
2521 <Key>Software\Policies\Google\Chrome</Key>
2522 <ValueName>DefaultSearchProviderSuggestURL</ValueName>
2523 <Value>https://search.my.company/suggest?q={searchTerms}</Value>
2525 <Entry type="1" type_name="REG_SZ">
2526 <Key>Software\Policies\Google\Chrome</Key>
2527 <ValueName>DefaultSearchProviderSuggestURLPostParams</ValueName>
2528 <Value>q={searchTerms},ie=utf-8,oe=utf-8</Value>
2530 <Entry type="4" type_name="REG_DWORD">
2531 <Key>Software\Policies\Google\Chrome</Key>
2532 <ValueName>DefaultSensorsSetting</ValueName>
2535 <Entry type="4" type_name="REG_DWORD">
2536 <Key>Software\Policies\Google\Chrome</Key>
2537 <ValueName>DefaultSerialGuardSetting</ValueName>
2540 <Entry type="4" type_name="REG_DWORD">
2541 <Key>Software\Policies\Google\Chrome</Key>
2542 <ValueName>DefaultWebBluetoothGuardSetting</ValueName>
2545 <Entry type="4" type_name="REG_DWORD">
2546 <Key>Software\Policies\Google\Chrome</Key>
2547 <ValueName>DefaultWebUsbGuardSetting</ValueName>
2550 <Entry type="4" type_name="REG_DWORD">
2551 <Key>Software\Policies\Google\Chrome</Key>
2552 <ValueName>DeveloperToolsAvailability</ValueName>
2555 <Entry type="4" type_name="REG_DWORD">
2556 <Key>Software\Policies\Google\Chrome</Key>
2557 <ValueName>Disable3DAPIs</ValueName>
2560 <Entry type="4" type_name="REG_DWORD">
2561 <Key>Software\Policies\Google\Chrome</Key>
2562 <ValueName>DisableAuthNegotiateCnameLookup</ValueName>
2565 <Entry type="4" type_name="REG_DWORD">
2566 <Key>Software\Policies\Google\Chrome</Key>
2567 <ValueName>DisablePrintPreview</ValueName>
2570 <Entry type="4" type_name="REG_DWORD">
2571 <Key>Software\Policies\Google\Chrome</Key>
2572 <ValueName>DisableSafeBrowsingProceedAnyway</ValueName>
2575 <Entry type="4" type_name="REG_DWORD">
2576 <Key>Software\Policies\Google\Chrome</Key>
2577 <ValueName>DisableScreenshots</ValueName>
2580 <Entry type="1" type_name="REG_SZ">
2581 <Key>Software\Policies\Google\Chrome</Key>
2582 <ValueName>DiskCacheDir</ValueName>
2583 <Value>${user_home}/Chrome_cache</Value>
2585 <Entry type="4" type_name="REG_DWORD">
2586 <Key>Software\Policies\Google\Chrome</Key>
2587 <ValueName>DiskCacheSize</ValueName>
2588 <Value>104857600</Value>
2590 <Entry type="1" type_name="REG_SZ">
2591 <Key>Software\Policies\Google\Chrome</Key>
2592 <ValueName>DnsOverHttpsMode</ValueName>
2595 <Entry type="1" type_name="REG_SZ">
2596 <Key>Software\Policies\Google\Chrome</Key>
2597 <ValueName>DnsOverHttpsTemplates</ValueName>
2598 <Value>https://dns.example.net/dns-query{?dns}</Value>
2600 <Entry type="1" type_name="REG_SZ">
2601 <Key>Software\Policies\Google\Chrome</Key>
2602 <ValueName>DownloadDirectory</ValueName>
2603 <Value>/home/${user_name}/Downloads</Value>
2605 <Entry type="4" type_name="REG_DWORD">
2606 <Key>Software\Policies\Google\Chrome</Key>
2607 <ValueName>DownloadRestrictions</ValueName>
2610 <Entry type="4" type_name="REG_DWORD">
2611 <Key>Software\Policies\Google\Chrome</Key>
2612 <ValueName>EditBookmarksEnabled</ValueName>
2615 <Entry type="4" type_name="REG_DWORD">
2616 <Key>Software\Policies\Google\Chrome</Key>
2617 <ValueName>EnableAuthNegotiatePort</ValueName>
2620 <Entry type="4" type_name="REG_DWORD">
2621 <Key>Software\Policies\Google\Chrome</Key>
2622 <ValueName>EnableDeprecatedPrivetPrinting</ValueName>
2625 <Entry type="4" type_name="REG_DWORD">
2626 <Key>Software\Policies\Google\Chrome</Key>
2627 <ValueName>EnableMediaRouter</ValueName>
2630 <Entry type="4" type_name="REG_DWORD">
2631 <Key>Software\Policies\Google\Chrome</Key>
2632 <ValueName>EnableOnlineRevocationChecks</ValueName>
2635 <Entry type="4" type_name="REG_DWORD">
2636 <Key>Software\Policies\Google\Chrome</Key>
2637 <ValueName>EnterpriseHardwarePlatformAPIEnabled</ValueName>
2640 <Entry type="1" type_name="REG_SZ">
2641 <Key>Software\Policies\Google\Chrome</Key>
2642 <ValueName>ExtensionSettings</ValueName>
2643 <Value>{"*": {"allowed_types": ["hosted_app"], "blocked_install_message": "Custom error message.", "blocked_permissions": ["downloads", "bookmarks"], "install_sources": ["https://company-intranet/chromeapps"], "installation_mode": "blocked", "runtime_allowed_hosts": ["*://good.example.com"], "runtime_blocked_hosts": ["*://*.example.com"]}, "abcdefghijklmnopabcdefghijklmnop": {"blocked_permissions": ["history"], "installation_mode": "allowed", "minimum_version_required": "1.0.1", "toolbar_pin": "force_pinned"}, "bcdefghijklmnopabcdefghijklmnopa": {"allowed_permissions": ["downloads"], "installation_mode": "force_installed", "runtime_allowed_hosts": ["*://good.example.com"], "runtime_blocked_hosts": ["*://*.example.com"], "update_url": "https://example.com/update_url"}, "cdefghijklmnopabcdefghijklmnopab": {"blocked_install_message": "Custom error message.", "installation_mode": "blocked"}, "defghijklmnopabcdefghijklmnopabc,efghijklmnopabcdefghijklmnopabcd": {"blocked_install_message": "Custom error message.", "installation_mode": "blocked"}, "fghijklmnopabcdefghijklmnopabcde": {"blocked_install_message": "Custom removal message.", "installation_mode": "removed"}, "ghijklmnopabcdefghijklmnopabcdef": {"installation_mode": "force_installed", "override_update_url": true, "update_url": "https://example.com/update_url"}, "update_url:https://www.example.com/update.xml": {"allowed_permissions": ["downloads"], "blocked_permissions": ["wallpaper"], "installation_mode": "allowed"}}</Value>
2645 <Entry type="4" type_name="REG_DWORD">
2646 <Key>Software\Policies\Google\Chrome</Key>
2647 <ValueName>ExternalProtocolDialogShowAlwaysOpenCheckbox</ValueName>
2650 <Entry type="4" type_name="REG_DWORD">
2651 <Key>Software\Policies\Google\Chrome</Key>
2652 <ValueName>FetchKeepaliveDurationSecondsOnShutdown</ValueName>
2655 <Entry type="4" type_name="REG_DWORD">
2656 <Key>Software\Policies\Google\Chrome</Key>
2657 <ValueName>ForceEphemeralProfiles</ValueName>
2660 <Entry type="4" type_name="REG_DWORD">
2661 <Key>Software\Policies\Google\Chrome</Key>
2662 <ValueName>ForceGoogleSafeSearch</ValueName>
2665 <Entry type="4" type_name="REG_DWORD">
2666 <Key>Software\Policies\Google\Chrome</Key>
2667 <ValueName>ForceYouTubeRestrict</ValueName>
2670 <Entry type="4" type_name="REG_DWORD">
2671 <Key>Software\Policies\Google\Chrome</Key>
2672 <ValueName>FullscreenAllowed</ValueName>
2675 <Entry type="4" type_name="REG_DWORD">
2676 <Key>Software\Policies\Google\Chrome</Key>
2677 <ValueName>GloballyScopeHTTPAuthCacheEnabled</ValueName>
2680 <Entry type="4" type_name="REG_DWORD">
2681 <Key>Software\Policies\Google\Chrome</Key>
2682 <ValueName>HardwareAccelerationModeEnabled</ValueName>
2685 <Entry type="4" type_name="REG_DWORD">
2686 <Key>Software\Policies\Google\Chrome</Key>
2687 <ValueName>HeadlessMode</ValueName>
2690 <Entry type="4" type_name="REG_DWORD">
2691 <Key>Software\Policies\Google\Chrome</Key>
2692 <ValueName>HideWebStoreIcon</ValueName>
2695 <Entry type="4" type_name="REG_DWORD">
2696 <Key>Software\Policies\Google\Chrome</Key>
2697 <ValueName>HomepageIsNewTabPage</ValueName>
2700 <Entry type="1" type_name="REG_SZ">
2701 <Key>Software\Policies\Google\Chrome</Key>
2702 <ValueName>HomepageLocation</ValueName>
2703 <Value>https://www.chromium.org</Value>
2705 <Entry type="4" type_name="REG_DWORD">
2706 <Key>Software\Policies\Google\Chrome</Key>
2707 <ValueName>ImportAutofillFormData</ValueName>
2710 <Entry type="4" type_name="REG_DWORD">
2711 <Key>Software\Policies\Google\Chrome</Key>
2712 <ValueName>ImportBookmarks</ValueName>
2715 <Entry type="4" type_name="REG_DWORD">
2716 <Key>Software\Policies\Google\Chrome</Key>
2717 <ValueName>ImportHistory</ValueName>
2720 <Entry type="4" type_name="REG_DWORD">
2721 <Key>Software\Policies\Google\Chrome</Key>
2722 <ValueName>ImportHomepage</ValueName>
2725 <Entry type="4" type_name="REG_DWORD">
2726 <Key>Software\Policies\Google\Chrome</Key>
2727 <ValueName>ImportSavedPasswords</ValueName>
2730 <Entry type="4" type_name="REG_DWORD">
2731 <Key>Software\Policies\Google\Chrome</Key>
2732 <ValueName>ImportSearchEngine</ValueName>
2735 <Entry type="4" type_name="REG_DWORD">
2736 <Key>Software\Policies\Google\Chrome</Key>
2737 <ValueName>IncognitoModeAvailability</ValueName>
2740 <Entry type="4" type_name="REG_DWORD">
2741 <Key>Software\Policies\Google\Chrome</Key>
2742 <ValueName>InsecureFormsWarningsEnabled</ValueName>
2745 <Entry type="4" type_name="REG_DWORD">
2746 <Key>Software\Policies\Google\Chrome</Key>
2747 <ValueName>InsecurePrivateNetworkRequestsAllowed</ValueName>
2750 <Entry type="4" type_name="REG_DWORD">
2751 <Key>Software\Policies\Google\Chrome</Key>
2752 <ValueName>IntensiveWakeUpThrottlingEnabled</ValueName>
2755 <Entry type="4" type_name="REG_DWORD">
2756 <Key>Software\Policies\Google\Chrome</Key>
2757 <ValueName>IntranetRedirectBehavior</ValueName>
2760 <Entry type="1" type_name="REG_SZ">
2761 <Key>Software\Policies\Google\Chrome</Key>
2762 <ValueName>IsolateOrigins</ValueName>
2763 <Value>https://example.com/,https://othersite.org/</Value>
2765 <Entry type="1" type_name="REG_SZ">
2766 <Key>Software\Policies\Google\Chrome</Key>
2767 <ValueName>ManagedBookmarks</ValueName>
2768 <Value>[{"toplevel_name": "My managed bookmarks folder"}, {"name": "Google", "url": "google.com"}, {"name": "Youtube", "url": "youtube.com"}, {"children": [{"name": "Chromium", "url": "chromium.org"}, {"name": "Chromium Developers", "url": "dev.chromium.org"}], "name": "Chrome links"}]</Value>
2770 <Entry type="1" type_name="REG_SZ">
2771 <Key>Software\Policies\Google\Chrome</Key>
2772 <ValueName>ManagedConfigurationPerOrigin</ValueName>
2773 <Value>[{"managed_configuration_hash": "asd891jedasd12ue9h", "managed_configuration_url": "https://gstatic.google.com/configuration.json", "origin": "https://www.google.com"}, {"managed_configuration_hash": "djio12easd89u12aws", "managed_configuration_url": "https://gstatic.google.com/configuration2.json", "origin": "https://www.example.com"}]</Value>
2775 <Entry type="4" type_name="REG_DWORD">
2776 <Key>Software\Policies\Google\Chrome</Key>
2777 <ValueName>MaxConnectionsPerProxy</ValueName>
2780 <Entry type="4" type_name="REG_DWORD">
2781 <Key>Software\Policies\Google\Chrome</Key>
2782 <ValueName>MaxInvalidationFetchDelay</ValueName>
2783 <Value>10000</Value>
2785 <Entry type="4" type_name="REG_DWORD">
2786 <Key>Software\Policies\Google\Chrome</Key>
2787 <ValueName>MediaRecommendationsEnabled</ValueName>
2790 <Entry type="4" type_name="REG_DWORD">
2791 <Key>Software\Policies\Google\Chrome</Key>
2792 <ValueName>MediaRouterCastAllowAllIPs</ValueName>
2795 <Entry type="4" type_name="REG_DWORD">
2796 <Key>Software\Policies\Google\Chrome</Key>
2797 <ValueName>MetricsReportingEnabled</ValueName>
2800 <Entry type="4" type_name="REG_DWORD">
2801 <Key>Software\Policies\Google\Chrome</Key>
2802 <ValueName>NTPCardsVisible</ValueName>
2805 <Entry type="4" type_name="REG_DWORD">
2806 <Key>Software\Policies\Google\Chrome</Key>
2807 <ValueName>NTPCustomBackgroundEnabled</ValueName>
2810 <Entry type="4" type_name="REG_DWORD">
2811 <Key>Software\Policies\Google\Chrome</Key>
2812 <ValueName>NativeMessagingUserLevelHosts</ValueName>
2815 <Entry type="4" type_name="REG_DWORD">
2816 <Key>Software\Policies\Google\Chrome</Key>
2817 <ValueName>NetworkPredictionOptions</ValueName>
2820 <Entry type="1" type_name="REG_SZ">
2821 <Key>Software\Policies\Google\Chrome</Key>
2822 <ValueName>NewTabPageLocation</ValueName>
2823 <Value>https://www.chromium.org</Value>
2825 <Entry type="4" type_name="REG_DWORD">
2826 <Key>Software\Policies\Google\Chrome</Key>
2827 <ValueName>PasswordLeakDetectionEnabled</ValueName>
2830 <Entry type="4" type_name="REG_DWORD">
2831 <Key>Software\Policies\Google\Chrome</Key>
2832 <ValueName>PasswordManagerEnabled</ValueName>
2835 <Entry type="1" type_name="REG_SZ">
2836 <Key>Software\Policies\Google\Chrome</Key>
2837 <ValueName>PasswordProtectionChangePasswordURL</ValueName>
2838 <Value>https://mydomain.com/change_password.html</Value>
2840 <Entry type="4" type_name="REG_DWORD">
2841 <Key>Software\Policies\Google\Chrome</Key>
2842 <ValueName>PasswordProtectionWarningTrigger</ValueName>
2845 <Entry type="4" type_name="REG_DWORD">
2846 <Key>Software\Policies\Google\Chrome</Key>
2847 <ValueName>PaymentMethodQueryEnabled</ValueName>
2850 <Entry type="4" type_name="REG_DWORD">
2851 <Key>Software\Policies\Google\Chrome</Key>
2852 <ValueName>PolicyAtomicGroupsEnabled</ValueName>
2855 <Entry type="4" type_name="REG_DWORD">
2856 <Key>Software\Policies\Google\Chrome</Key>
2857 <ValueName>PolicyRefreshRate</ValueName>
2858 <Value>3600000</Value>
2860 <Entry type="4" type_name="REG_DWORD">
2861 <Key>Software\Policies\Google\Chrome</Key>
2862 <ValueName>PrintHeaderFooter</ValueName>
2865 <Entry type="4" type_name="REG_DWORD">
2866 <Key>Software\Policies\Google\Chrome</Key>
2867 <ValueName>PrintPreviewUseSystemDefaultPrinter</ValueName>
2870 <Entry type="4" type_name="REG_DWORD">
2871 <Key>Software\Policies\Google\Chrome</Key>
2872 <ValueName>PrintRasterizationMode</ValueName>
2875 <Entry type="1" type_name="REG_SZ">
2876 <Key>Software\Policies\Google\Chrome</Key>
2877 <ValueName>PrintingAllowedBackgroundGraphicsModes</ValueName>
2878 <Value>enabled</Value>
2880 <Entry type="1" type_name="REG_SZ">
2881 <Key>Software\Policies\Google\Chrome</Key>
2882 <ValueName>PrintingBackgroundGraphicsDefault</ValueName>
2883 <Value>enabled</Value>
2885 <Entry type="4" type_name="REG_DWORD">
2886 <Key>Software\Policies\Google\Chrome</Key>
2887 <ValueName>PrintingEnabled</ValueName>
2890 <Entry type="1" type_name="REG_SZ">
2891 <Key>Software\Policies\Google\Chrome</Key>
2892 <ValueName>PrintingPaperSizeDefault</ValueName>
2893 <Value>{"custom_size": {"height": 297000, "width": 210000}, "name": "custom"}</Value>
2895 <Entry type="4" type_name="REG_DWORD">
2896 <Key>Software\Policies\Google\Chrome</Key>
2897 <ValueName>ProfilePickerOnStartupAvailability</ValueName>
2900 <Entry type="4" type_name="REG_DWORD">
2901 <Key>Software\Policies\Google\Chrome</Key>
2902 <ValueName>PromotionalTabsEnabled</ValueName>
2905 <Entry type="4" type_name="REG_DWORD">
2906 <Key>Software\Policies\Google\Chrome</Key>
2907 <ValueName>PromptForDownloadLocation</ValueName>
2910 <Entry type="1" type_name="REG_SZ">
2911 <Key>Software\Policies\Google\Chrome</Key>
2912 <ValueName>ProxySettings</ValueName>
2913 <Value>{"ProxyBypassList": "https://www.example1.com,https://www.example2.com,https://internalsite/", "ProxyMode": "direct", "ProxyPacUrl": "https://internal.site/example.pac", "ProxyServer": "123.123.123.123:8080", "ProxyServerMode": 2}</Value>
2915 <Entry type="4" type_name="REG_DWORD">
2916 <Key>Software\Policies\Google\Chrome</Key>
2917 <ValueName>QuicAllowed</ValueName>
2920 <Entry type="4" type_name="REG_DWORD">
2921 <Key>Software\Policies\Google\Chrome</Key>
2922 <ValueName>RelaunchNotification</ValueName>
2925 <Entry type="4" type_name="REG_DWORD">
2926 <Key>Software\Policies\Google\Chrome</Key>
2927 <ValueName>RelaunchNotificationPeriod</ValueName>
2928 <Value>604800000</Value>
2930 <Entry type="4" type_name="REG_DWORD">
2931 <Key>Software\Policies\Google\Chrome</Key>
2932 <ValueName>RemoteAccessHostAllowClientPairing</ValueName>
2935 <Entry type="4" type_name="REG_DWORD">
2936 <Key>Software\Policies\Google\Chrome</Key>
2937 <ValueName>RemoteAccessHostAllowFileTransfer</ValueName>
2940 <Entry type="4" type_name="REG_DWORD">
2941 <Key>Software\Policies\Google\Chrome</Key>
2942 <ValueName>RemoteAccessHostAllowRelayedConnection</ValueName>
2945 <Entry type="4" type_name="REG_DWORD">
2946 <Key>Software\Policies\Google\Chrome</Key>
2947 <ValueName>RemoteAccessHostAllowRemoteAccessConnections</ValueName>
2950 <Entry type="4" type_name="REG_DWORD">
2951 <Key>Software\Policies\Google\Chrome</Key>
2952 <ValueName>RemoteAccessHostAllowUiAccessForRemoteAssistance</ValueName>
2955 <Entry type="4" type_name="REG_DWORD">
2956 <Key>Software\Policies\Google\Chrome</Key>
2957 <ValueName>RemoteAccessHostFirewallTraversal</ValueName>
2960 <Entry type="4" type_name="REG_DWORD">
2961 <Key>Software\Policies\Google\Chrome</Key>
2962 <ValueName>RemoteAccessHostMaximumSessionDurationMinutes</ValueName>
2965 <Entry type="4" type_name="REG_DWORD">
2966 <Key>Software\Policies\Google\Chrome</Key>
2967 <ValueName>RemoteAccessHostRequireCurtain</ValueName>
2970 <Entry type="1" type_name="REG_SZ">
2971 <Key>Software\Policies\Google\Chrome</Key>
2972 <ValueName>RemoteAccessHostUdpPortRange</ValueName>
2973 <Value>12400-12409</Value>
2975 <Entry type="4" type_name="REG_DWORD">
2976 <Key>Software\Policies\Google\Chrome</Key>
2977 <ValueName>RendererCodeIntegrityEnabled</ValueName>
2980 <Entry type="4" type_name="REG_DWORD">
2981 <Key>Software\Policies\Google\Chrome</Key>
2982 <ValueName>RequireOnlineRevocationChecksForLocalAnchors</ValueName>
2985 <Entry type="4" type_name="REG_DWORD">
2986 <Key>Software\Policies\Google\Chrome</Key>
2987 <ValueName>RestoreOnStartup</ValueName>
2990 <Entry type="1" type_name="REG_SZ">
2991 <Key>Software\Policies\Google\Chrome</Key>
2992 <ValueName>RestrictSigninToPattern</ValueName>
2993 <Value>.*@example\\.com</Value>
2995 <Entry type="1" type_name="REG_SZ">
2996 <Key>Software\Policies\Google\Chrome</Key>
2997 <ValueName>RoamingProfileLocation</ValueName>
2998 <Value>${roaming_app_data}\\chrome-profile</Value>
3000 <Entry type="4" type_name="REG_DWORD">
3001 <Key>Software\Policies\Google\Chrome</Key>
3002 <ValueName>RoamingProfileSupportEnabled</ValueName>
3005 <Entry type="4" type_name="REG_DWORD">
3006 <Key>Software\Policies\Google\Chrome</Key>
3007 <ValueName>SSLErrorOverrideAllowed</ValueName>
3010 <Entry type="1" type_name="REG_SZ">
3011 <Key>Software\Policies\Google\Chrome</Key>
3012 <ValueName>SSLVersionMin</ValueName>
3015 <Entry type="4" type_name="REG_DWORD">
3016 <Key>Software\Policies\Google\Chrome</Key>
3017 <ValueName>SafeBrowsingExtendedReportingEnabled</ValueName>
3020 <Entry type="4" type_name="REG_DWORD">
3021 <Key>Software\Policies\Google\Chrome</Key>
3022 <ValueName>SafeBrowsingForTrustedSourcesEnabled</ValueName>
3025 <Entry type="4" type_name="REG_DWORD">
3026 <Key>Software\Policies\Google\Chrome</Key>
3027 <ValueName>SafeBrowsingProtectionLevel</ValueName>
3030 <Entry type="4" type_name="REG_DWORD">
3031 <Key>Software\Policies\Google\Chrome</Key>
3032 <ValueName>SafeSitesFilterBehavior</ValueName>
3035 <Entry type="4" type_name="REG_DWORD">
3036 <Key>Software\Policies\Google\Chrome</Key>
3037 <ValueName>SavingBrowserHistoryDisabled</ValueName>
3040 <Entry type="4" type_name="REG_DWORD">
3041 <Key>Software\Policies\Google\Chrome</Key>
3042 <ValueName>ScreenCaptureAllowed</ValueName>
3045 <Entry type="4" type_name="REG_DWORD">
3046 <Key>Software\Policies\Google\Chrome</Key>
3047 <ValueName>ScrollToTextFragmentEnabled</ValueName>
3050 <Entry type="4" type_name="REG_DWORD">
3051 <Key>Software\Policies\Google\Chrome</Key>
3052 <ValueName>SearchSuggestEnabled</ValueName>
3055 <Entry type="4" type_name="REG_DWORD">
3056 <Key>Software\Policies\Google\Chrome</Key>
3057 <ValueName>SharedArrayBufferUnrestrictedAccessAllowed</ValueName>
3060 <Entry type="4" type_name="REG_DWORD">
3061 <Key>Software\Policies\Google\Chrome</Key>
3062 <ValueName>SharedClipboardEnabled</ValueName>
3065 <Entry type="4" type_name="REG_DWORD">
3066 <Key>Software\Policies\Google\Chrome</Key>
3067 <ValueName>ShowAppsShortcutInBookmarkBar</ValueName>
3070 <Entry type="4" type_name="REG_DWORD">
3071 <Key>Software\Policies\Google\Chrome</Key>
3072 <ValueName>ShowCastIconInToolbar</ValueName>
3075 <Entry type="4" type_name="REG_DWORD">
3076 <Key>Software\Policies\Google\Chrome</Key>
3077 <ValueName>ShowFullUrlsInAddressBar</ValueName>
3080 <Entry type="4" type_name="REG_DWORD">
3081 <Key>Software\Policies\Google\Chrome</Key>
3082 <ValueName>ShowHomeButton</ValueName>
3085 <Entry type="4" type_name="REG_DWORD">
3086 <Key>Software\Policies\Google\Chrome</Key>
3087 <ValueName>SignedHTTPExchangeEnabled</ValueName>
3090 <Entry type="4" type_name="REG_DWORD">
3091 <Key>Software\Policies\Google\Chrome</Key>
3092 <ValueName>SigninInterceptionEnabled</ValueName>
3095 <Entry type="4" type_name="REG_DWORD">
3096 <Key>Software\Policies\Google\Chrome</Key>
3097 <ValueName>SitePerProcess</ValueName>
3100 <Entry type="4" type_name="REG_DWORD">
3101 <Key>Software\Policies\Google\Chrome</Key>
3102 <ValueName>SpellCheckServiceEnabled</ValueName>
3105 <Entry type="4" type_name="REG_DWORD">
3106 <Key>Software\Policies\Google\Chrome</Key>
3107 <ValueName>SpellcheckEnabled</ValueName>
3110 <Entry type="4" type_name="REG_DWORD">
3111 <Key>Software\Policies\Google\Chrome</Key>
3112 <ValueName>SuppressDifferentOriginSubframeDialogs</ValueName>
3115 <Entry type="4" type_name="REG_DWORD">
3116 <Key>Software\Policies\Google\Chrome</Key>
3117 <ValueName>SuppressUnsupportedOSWarning</ValueName>
3120 <Entry type="4" type_name="REG_DWORD">
3121 <Key>Software\Policies\Google\Chrome</Key>
3122 <ValueName>SyncDisabled</ValueName>
3125 <Entry type="4" type_name="REG_DWORD">
3126 <Key>Software\Policies\Google\Chrome</Key>
3127 <ValueName>TargetBlankImpliesNoOpener</ValueName>
3130 <Entry type="4" type_name="REG_DWORD">
3131 <Key>Software\Policies\Google\Chrome</Key>
3132 <ValueName>TaskManagerEndProcessEnabled</ValueName>
3135 <Entry type="4" type_name="REG_DWORD">
3136 <Key>Software\Policies\Google\Chrome</Key>
3137 <ValueName>ThirdPartyBlockingEnabled</ValueName>
3140 <Entry type="4" type_name="REG_DWORD">
3141 <Key>Software\Policies\Google\Chrome</Key>
3142 <ValueName>TotalMemoryLimitMb</ValueName>
3145 <Entry type="4" type_name="REG_DWORD">
3146 <Key>Software\Policies\Google\Chrome</Key>
3147 <ValueName>TranslateEnabled</ValueName>
3150 <Entry type="4" type_name="REG_DWORD">
3151 <Key>Software\Policies\Google\Chrome</Key>
3152 <ValueName>TripleDESEnabled</ValueName>
3155 <Entry type="4" type_name="REG_DWORD">
3156 <Key>Software\Policies\Google\Chrome</Key>
3157 <ValueName>UrlKeyedAnonymizedDataCollectionEnabled</ValueName>
3160 <Entry type="4" type_name="REG_DWORD">
3161 <Key>Software\Policies\Google\Chrome</Key>
3162 <ValueName>UserAgentClientHintsEnabled</ValueName>
3165 <Entry type="1" type_name="REG_SZ">
3166 <Key>Software\Policies\Google\Chrome</Key>
3167 <ValueName>UserDataDir</ValueName>
3168 <Value>${users}/${user_name}/Chrome</Value>
3170 <Entry type="4" type_name="REG_DWORD">
3171 <Key>Software\Policies\Google\Chrome</Key>
3172 <ValueName>UserDataSnapshotRetentionLimit</ValueName>
3175 <Entry type="4" type_name="REG_DWORD">
3176 <Key>Software\Policies\Google\Chrome</Key>
3177 <ValueName>UserFeedbackAllowed</ValueName>
3180 <Entry type="4" type_name="REG_DWORD">
3181 <Key>Software\Policies\Google\Chrome</Key>
3182 <ValueName>VideoCaptureAllowed</ValueName>
3185 <Entry type="4" type_name="REG_DWORD">
3186 <Key>Software\Policies\Google\Chrome</Key>
3187 <ValueName>WPADQuickCheckEnabled</ValueName>
3190 <Entry type="1" type_name="REG_SZ">
3191 <Key>Software\Policies\Google\Chrome</Key>
3192 <ValueName>WebAppInstallForceList</ValueName>
3193 <Value>[{"create_desktop_shortcut": true, "default_launch_container": "window", "url": "https://www.google.com/maps"}, {"default_launch_container": "tab", "url": "https://docs.google.com"}, {"default_launch_container": "window", "fallback_app_name": "Editor", "url": "https://docs.google.com/editor"}]</Value>
3195 <Entry type="4" type_name="REG_DWORD">
3196 <Key>Software\Policies\Google\Chrome</Key>
3197 <ValueName>WebRtcAllowLegacyTLSProtocols</ValueName>
3200 <Entry type="4" type_name="REG_DWORD">
3201 <Key>Software\Policies\Google\Chrome</Key>
3202 <ValueName>WebRtcEventLogCollectionAllowed</ValueName>
3205 <Entry type="1" type_name="REG_SZ">
3206 <Key>Software\Policies\Google\Chrome</Key>
3207 <ValueName>WebRtcIPHandling</ValueName>
3208 <Value>default</Value>
3210 <Entry type="1" type_name="REG_SZ">
3211 <Key>Software\Policies\Google\Chrome</Key>
3212 <ValueName>WebRtcUdpPortRange</ValueName>
3213 <Value>10000-11999</Value>
3215 <Entry type="1" type_name="REG_SZ">
3216 <Key>Software\Policies\Google\Chrome</Key>
3217 <ValueName>WebUsbAllowDevicesForUrls</ValueName>
3218 <Value>[{"devices": [{"product_id": 5678, "vendor_id": 1234}], "urls": ["https://google.com"]}]</Value>
3220 <Entry type="4" type_name="REG_DWORD">
3221 <Key>Software\Policies\Google\Chrome</Key>
3222 <ValueName>WindowOcclusionEnabled</ValueName>
3225 <Entry type="1" type_name="REG_SZ">
3226 <Key>Software\Policies\Google\Chrome\AlternativeBrowserParameters</Key>
3227 <ValueName>1</ValueName>
3228 <Value>-foreground</Value>
3230 <Entry type="1" type_name="REG_SZ">
3231 <Key>Software\Policies\Google\Chrome\AlternativeBrowserParameters</Key>
3232 <ValueName>2</ValueName>
3233 <Value>-new-window</Value>
3235 <Entry type="1" type_name="REG_SZ">
3236 <Key>Software\Policies\Google\Chrome\AlternativeBrowserParameters</Key>
3237 <ValueName>3</ValueName>
3238 <Value>${url}</Value>
3240 <Entry type="1" type_name="REG_SZ">
3241 <Key>Software\Policies\Google\Chrome\AlternativeBrowserParameters</Key>
3242 <ValueName>4</ValueName>
3243 <Value>-profile</Value>
3245 <Entry type="1" type_name="REG_SZ">
3246 <Key>Software\Policies\Google\Chrome\AlternativeBrowserParameters</Key>
3247 <ValueName>5</ValueName>
3248 <Value>%HOME%\\browser_profile</Value>
3250 <Entry type="1" type_name="REG_SZ">
3251 <Key>Software\Policies\Google\Chrome\AudioCaptureAllowedUrls</Key>
3252 <ValueName>1</ValueName>
3253 <Value>https://www.example.com/</Value>
3255 <Entry type="1" type_name="REG_SZ">
3256 <Key>Software\Policies\Google\Chrome\AudioCaptureAllowedUrls</Key>
3257 <ValueName>2</ValueName>
3258 <Value>https://[*.]example.edu/</Value>
3260 <Entry type="1" type_name="REG_SZ">
3261 <Key>Software\Policies\Google\Chrome\AutoOpenAllowedForURLs</Key>
3262 <ValueName>1</ValueName>
3263 <Value>example.com</Value>
3265 <Entry type="1" type_name="REG_SZ">
3266 <Key>Software\Policies\Google\Chrome\AutoOpenAllowedForURLs</Key>
3267 <ValueName>2</ValueName>
3268 <Value>https://ssl.server.com</Value>
3270 <Entry type="1" type_name="REG_SZ">
3271 <Key>Software\Policies\Google\Chrome\AutoOpenAllowedForURLs</Key>
3272 <ValueName>3</ValueName>
3273 <Value>hosting.com/good_path</Value>
3275 <Entry type="1" type_name="REG_SZ">
3276 <Key>Software\Policies\Google\Chrome\AutoOpenAllowedForURLs</Key>
3277 <ValueName>4</ValueName>
3278 <Value>https://server:8080/path</Value>
3280 <Entry type="1" type_name="REG_SZ">
3281 <Key>Software\Policies\Google\Chrome\AutoOpenAllowedForURLs</Key>
3282 <ValueName>5</ValueName>
3283 <Value>.exact.hostname.com</Value>
3285 <Entry type="1" type_name="REG_SZ">
3286 <Key>Software\Policies\Google\Chrome\AutoOpenFileTypes</Key>
3287 <ValueName>1</ValueName>
3290 <Entry type="1" type_name="REG_SZ">
3291 <Key>Software\Policies\Google\Chrome\AutoOpenFileTypes</Key>
3292 <ValueName>2</ValueName>
3295 <Entry type="1" type_name="REG_SZ">
3296 <Key>Software\Policies\Google\Chrome\AutoSelectCertificateForUrls</Key>
3297 <ValueName>1</ValueName>
3298 <Value>{"pattern":"https://www.example.com","filter":{"ISSUER":{"CN":"certificate issuer name", "L": "certificate issuer location", "O": "certificate issuer org", "OU": "certificate issuer org unit"}, "SUBJECT":{"CN":"certificate subject name", "L": "certificate subject location", "O": "certificate subject org", "OU": "certificate subject org unit"}}}</Value>
3300 <Entry type="1" type_name="REG_SZ">
3301 <Key>Software\Policies\Google\Chrome\AutoplayAllowlist</Key>
3302 <ValueName>1</ValueName>
3303 <Value>https://www.example.com</Value>
3305 <Entry type="1" type_name="REG_SZ">
3306 <Key>Software\Policies\Google\Chrome\AutoplayAllowlist</Key>
3307 <ValueName>2</ValueName>
3308 <Value>[*.]example.edu</Value>
3310 <Entry type="1" type_name="REG_SZ">
3311 <Key>Software\Policies\Google\Chrome\BrowserSwitcherChromeParameters</Key>
3312 <ValueName>1</ValueName>
3313 <Value>--force-dark-mode</Value>
3315 <Entry type="1" type_name="REG_SZ">
3316 <Key>Software\Policies\Google\Chrome\BrowserSwitcherUrlGreylist</Key>
3317 <ValueName>1</ValueName>
3318 <Value>ie.com</Value>
3320 <Entry type="1" type_name="REG_SZ">
3321 <Key>Software\Policies\Google\Chrome\BrowserSwitcherUrlGreylist</Key>
3322 <ValueName>2</ValueName>
3323 <Value>!open-in-chrome.ie.com</Value>
3325 <Entry type="1" type_name="REG_SZ">
3326 <Key>Software\Policies\Google\Chrome\BrowserSwitcherUrlGreylist</Key>
3327 <ValueName>3</ValueName>
3328 <Value>foobar.com/ie-only/</Value>
3330 <Entry type="1" type_name="REG_SZ">
3331 <Key>Software\Policies\Google\Chrome\BrowserSwitcherUrlList</Key>
3332 <ValueName>1</ValueName>
3333 <Value>ie.com</Value>
3335 <Entry type="1" type_name="REG_SZ">
3336 <Key>Software\Policies\Google\Chrome\BrowserSwitcherUrlList</Key>
3337 <ValueName>2</ValueName>
3338 <Value>!open-in-chrome.ie.com</Value>
3340 <Entry type="1" type_name="REG_SZ">
3341 <Key>Software\Policies\Google\Chrome\BrowserSwitcherUrlList</Key>
3342 <ValueName>3</ValueName>
3343 <Value>foobar.com/ie-only/</Value>
3345 <Entry type="1" type_name="REG_SZ">
3346 <Key>Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForCas</Key>
3347 <ValueName>1</ValueName>
3348 <Value>sha256/AAAAAAAAAAAAAAAAAAAAAA==</Value>
3350 <Entry type="1" type_name="REG_SZ">
3351 <Key>Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForCas</Key>
3352 <ValueName>2</ValueName>
3353 <Value>sha256//////////////////////w==</Value>
3355 <Entry type="1" type_name="REG_SZ">
3356 <Key>Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForLegacyCas</Key>
3357 <ValueName>1</ValueName>
3358 <Value>sha256/AAAAAAAAAAAAAAAAAAAAAA==</Value>
3360 <Entry type="1" type_name="REG_SZ">
3361 <Key>Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForLegacyCas</Key>
3362 <ValueName>2</ValueName>
3363 <Value>sha256//////////////////////w==</Value>
3365 <Entry type="1" type_name="REG_SZ">
3366 <Key>Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls</Key>
3367 <ValueName>1</ValueName>
3368 <Value>example.com</Value>
3370 <Entry type="1" type_name="REG_SZ">
3371 <Key>Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls</Key>
3372 <ValueName>2</ValueName>
3373 <Value>.example.com</Value>
3375 <Entry type="1" type_name="REG_SZ">
3376 <Key>Software\Policies\Google\Chrome\ClearBrowsingDataOnExitList</Key>
3377 <ValueName>1</ValueName>
3378 <Value>browsing_history</Value>
3380 <Entry type="1" type_name="REG_SZ">
3381 <Key>Software\Policies\Google\Chrome\ClearBrowsingDataOnExitList</Key>
3382 <ValueName>2</ValueName>
3383 <Value>download_history</Value>
3385 <Entry type="1" type_name="REG_SZ">
3386 <Key>Software\Policies\Google\Chrome\ClearBrowsingDataOnExitList</Key>
3387 <ValueName>3</ValueName>
3388 <Value>cookies_and_other_site_data</Value>
3390 <Entry type="1" type_name="REG_SZ">
3391 <Key>Software\Policies\Google\Chrome\ClearBrowsingDataOnExitList</Key>
3392 <ValueName>4</ValueName>
3393 <Value>cached_images_and_files</Value>
3395 <Entry type="1" type_name="REG_SZ">
3396 <Key>Software\Policies\Google\Chrome\ClearBrowsingDataOnExitList</Key>
3397 <ValueName>5</ValueName>
3398 <Value>password_signin</Value>
3400 <Entry type="1" type_name="REG_SZ">
3401 <Key>Software\Policies\Google\Chrome\ClearBrowsingDataOnExitList</Key>
3402 <ValueName>6</ValueName>
3403 <Value>autofill</Value>
3405 <Entry type="1" type_name="REG_SZ">
3406 <Key>Software\Policies\Google\Chrome\ClearBrowsingDataOnExitList</Key>
3407 <ValueName>7</ValueName>
3408 <Value>site_settings</Value>
3410 <Entry type="1" type_name="REG_SZ">
3411 <Key>Software\Policies\Google\Chrome\ClearBrowsingDataOnExitList</Key>
3412 <ValueName>8</ValueName>
3413 <Value>hosted_app_data</Value>
3415 <Entry type="1" type_name="REG_SZ">
3416 <Key>Software\Policies\Google\Chrome\CookiesAllowedForUrls</Key>
3417 <ValueName>1</ValueName>
3418 <Value>https://www.example.com</Value>
3420 <Entry type="1" type_name="REG_SZ">
3421 <Key>Software\Policies\Google\Chrome\CookiesAllowedForUrls</Key>
3422 <ValueName>2</ValueName>
3423 <Value>[*.]example.edu</Value>
3425 <Entry type="1" type_name="REG_SZ">
3426 <Key>Software\Policies\Google\Chrome\CookiesBlockedForUrls</Key>
3427 <ValueName>1</ValueName>
3428 <Value>https://www.example.com</Value>
3430 <Entry type="1" type_name="REG_SZ">
3431 <Key>Software\Policies\Google\Chrome\CookiesBlockedForUrls</Key>
3432 <ValueName>2</ValueName>
3433 <Value>[*.]example.edu</Value>
3435 <Entry type="1" type_name="REG_SZ">
3436 <Key>Software\Policies\Google\Chrome\CookiesSessionOnlyForUrls</Key>
3437 <ValueName>1</ValueName>
3438 <Value>https://www.example.com</Value>
3440 <Entry type="1" type_name="REG_SZ">
3441 <Key>Software\Policies\Google\Chrome\CookiesSessionOnlyForUrls</Key>
3442 <ValueName>2</ValueName>
3443 <Value>[*.]example.edu</Value>
3445 <Entry type="1" type_name="REG_SZ">
3446 <Key>Software\Policies\Google\Chrome\DefaultSearchProviderAlternateURLs</Key>
3447 <ValueName>1</ValueName>
3448 <Value>https://search.my.company/suggest#q={searchTerms}</Value>
3450 <Entry type="1" type_name="REG_SZ">
3451 <Key>Software\Policies\Google\Chrome\DefaultSearchProviderAlternateURLs</Key>
3452 <ValueName>2</ValueName>
3453 <Value>https://search.my.company/suggest/search#q={searchTerms}</Value>
3455 <Entry type="1" type_name="REG_SZ">
3456 <Key>Software\Policies\Google\Chrome\DefaultSearchProviderEncodings</Key>
3457 <ValueName>1</ValueName>
3458 <Value>UTF-8</Value>
3460 <Entry type="1" type_name="REG_SZ">
3461 <Key>Software\Policies\Google\Chrome\DefaultSearchProviderEncodings</Key>
3462 <ValueName>2</ValueName>
3463 <Value>UTF-16</Value>
3465 <Entry type="1" type_name="REG_SZ">
3466 <Key>Software\Policies\Google\Chrome\DefaultSearchProviderEncodings</Key>
3467 <ValueName>3</ValueName>
3468 <Value>GB2312</Value>
3470 <Entry type="1" type_name="REG_SZ">
3471 <Key>Software\Policies\Google\Chrome\DefaultSearchProviderEncodings</Key>
3472 <ValueName>4</ValueName>
3473 <Value>ISO-8859-1</Value>
3475 <Entry type="1" type_name="REG_SZ">
3476 <Key>Software\Policies\Google\Chrome\EnableExperimentalPolicies</Key>
3477 <ValueName>1</ValueName>
3478 <Value>ExtensionInstallAllowlist</Value>
3480 <Entry type="1" type_name="REG_SZ">
3481 <Key>Software\Policies\Google\Chrome\EnableExperimentalPolicies</Key>
3482 <ValueName>2</ValueName>
3483 <Value>ExtensionInstallBlocklist</Value>
3485 <Entry type="1" type_name="REG_SZ">
3486 <Key>Software\Policies\Google\Chrome\ExplicitlyAllowedNetworkPorts</Key>
3487 <ValueName>1</ValueName>
3488 <Value>10080</Value>
3490 <Entry type="1" type_name="REG_SZ">
3491 <Key>Software\Policies\Google\Chrome\ExtensionAllowedTypes</Key>
3492 <ValueName>1</ValueName>
3493 <Value>hosted_app</Value>
3495 <Entry type="1" type_name="REG_SZ">
3496 <Key>Software\Policies\Google\Chrome\ExtensionInstallAllowlist</Key>
3497 <ValueName>1</ValueName>
3498 <Value>extension_id1</Value>
3500 <Entry type="1" type_name="REG_SZ">
3501 <Key>Software\Policies\Google\Chrome\ExtensionInstallAllowlist</Key>
3502 <ValueName>2</ValueName>
3503 <Value>extension_id2</Value>
3505 <Entry type="1" type_name="REG_SZ">
3506 <Key>Software\Policies\Google\Chrome\ExtensionInstallBlocklist</Key>
3507 <ValueName>1</ValueName>
3508 <Value>extension_id1</Value>
3510 <Entry type="1" type_name="REG_SZ">
3511 <Key>Software\Policies\Google\Chrome\ExtensionInstallBlocklist</Key>
3512 <ValueName>2</ValueName>
3513 <Value>extension_id2</Value>
3515 <Entry type="1" type_name="REG_SZ">
3516 <Key>Software\Policies\Google\Chrome\ExtensionInstallForcelist</Key>
3517 <ValueName>1</ValueName>
3518 <Value>aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa;https://clients2.google.com/service/update2/crx</Value>
3520 <Entry type="1" type_name="REG_SZ">
3521 <Key>Software\Policies\Google\Chrome\ExtensionInstallForcelist</Key>
3522 <ValueName>2</ValueName>
3523 <Value>abcdefghijklmnopabcdefghijklmnop</Value>
3525 <Entry type="1" type_name="REG_SZ">
3526 <Key>Software\Policies\Google\Chrome\ExtensionInstallSources</Key>
3527 <ValueName>1</ValueName>
3528 <Value>https://corp.mycompany.com/*</Value>
3530 <Entry type="1" type_name="REG_SZ">
3531 <Key>Software\Policies\Google\Chrome\FileHandlingAllowedForUrls</Key>
3532 <ValueName>1</ValueName>
3533 <Value>https://www.example.com</Value>
3535 <Entry type="1" type_name="REG_SZ">
3536 <Key>Software\Policies\Google\Chrome\FileHandlingAllowedForUrls</Key>
3537 <ValueName>2</ValueName>
3538 <Value>[*.]example.edu</Value>
3540 <Entry type="1" type_name="REG_SZ">
3541 <Key>Software\Policies\Google\Chrome\FileHandlingBlockedForUrls</Key>
3542 <ValueName>1</ValueName>
3543 <Value>https://www.example.com</Value>
3545 <Entry type="1" type_name="REG_SZ">
3546 <Key>Software\Policies\Google\Chrome\FileHandlingBlockedForUrls</Key>
3547 <ValueName>2</ValueName>
3548 <Value>[*.]example.edu</Value>
3550 <Entry type="1" type_name="REG_SZ">
3551 <Key>Software\Policies\Google\Chrome\FileSystemReadAskForUrls</Key>
3552 <ValueName>1</ValueName>
3553 <Value>https://www.example.com</Value>
3555 <Entry type="1" type_name="REG_SZ">
3556 <Key>Software\Policies\Google\Chrome\FileSystemReadAskForUrls</Key>
3557 <ValueName>2</ValueName>
3558 <Value>[*.]example.edu</Value>
3560 <Entry type="1" type_name="REG_SZ">
3561 <Key>Software\Policies\Google\Chrome\FileSystemReadBlockedForUrls</Key>
3562 <ValueName>1</ValueName>
3563 <Value>https://www.example.com</Value>
3565 <Entry type="1" type_name="REG_SZ">
3566 <Key>Software\Policies\Google\Chrome\FileSystemReadBlockedForUrls</Key>
3567 <ValueName>2</ValueName>
3568 <Value>[*.]example.edu</Value>
3570 <Entry type="1" type_name="REG_SZ">
3571 <Key>Software\Policies\Google\Chrome\FileSystemWriteAskForUrls</Key>
3572 <ValueName>1</ValueName>
3573 <Value>https://www.example.com</Value>
3575 <Entry type="1" type_name="REG_SZ">
3576 <Key>Software\Policies\Google\Chrome\FileSystemWriteAskForUrls</Key>
3577 <ValueName>2</ValueName>
3578 <Value>[*.]example.edu</Value>
3580 <Entry type="1" type_name="REG_SZ">
3581 <Key>Software\Policies\Google\Chrome\FileSystemWriteBlockedForUrls</Key>
3582 <ValueName>1</ValueName>
3583 <Value>https://www.example.com</Value>
3585 <Entry type="1" type_name="REG_SZ">
3586 <Key>Software\Policies\Google\Chrome\FileSystemWriteBlockedForUrls</Key>
3587 <ValueName>2</ValueName>
3588 <Value>[*.]example.edu</Value>
3590 <Entry type="1" type_name="REG_SZ">
3591 <Key>Software\Policies\Google\Chrome\ForcedLanguages</Key>
3592 <ValueName>1</ValueName>
3593 <Value>en-US</Value>
3595 <Entry type="1" type_name="REG_SZ">
3596 <Key>Software\Policies\Google\Chrome\HSTSPolicyBypassList</Key>
3597 <ValueName>1</ValueName>
3600 <Entry type="1" type_name="REG_SZ">
3601 <Key>Software\Policies\Google\Chrome\ImagesAllowedForUrls</Key>
3602 <ValueName>1</ValueName>
3603 <Value>https://www.example.com</Value>
3605 <Entry type="1" type_name="REG_SZ">
3606 <Key>Software\Policies\Google\Chrome\ImagesAllowedForUrls</Key>
3607 <ValueName>2</ValueName>
3608 <Value>[*.]example.edu</Value>
3610 <Entry type="1" type_name="REG_SZ">
3611 <Key>Software\Policies\Google\Chrome\ImagesBlockedForUrls</Key>
3612 <ValueName>1</ValueName>
3613 <Value>https://www.example.com</Value>
3615 <Entry type="1" type_name="REG_SZ">
3616 <Key>Software\Policies\Google\Chrome\ImagesBlockedForUrls</Key>
3617 <ValueName>2</ValueName>
3618 <Value>[*.]example.edu</Value>
3620 <Entry type="1" type_name="REG_SZ">
3621 <Key>Software\Policies\Google\Chrome\InsecureContentAllowedForUrls</Key>
3622 <ValueName>1</ValueName>
3623 <Value>https://www.example.com</Value>
3625 <Entry type="1" type_name="REG_SZ">
3626 <Key>Software\Policies\Google\Chrome\InsecureContentAllowedForUrls</Key>
3627 <ValueName>2</ValueName>
3628 <Value>[*.]example.edu</Value>
3630 <Entry type="1" type_name="REG_SZ">
3631 <Key>Software\Policies\Google\Chrome\InsecureContentBlockedForUrls</Key>
3632 <ValueName>1</ValueName>
3633 <Value>https://www.example.com</Value>
3635 <Entry type="1" type_name="REG_SZ">
3636 <Key>Software\Policies\Google\Chrome\InsecureContentBlockedForUrls</Key>
3637 <ValueName>2</ValueName>
3638 <Value>[*.]example.edu</Value>
3640 <Entry type="1" type_name="REG_SZ">
3641 <Key>Software\Policies\Google\Chrome\InsecurePrivateNetworkRequestsAllowedForUrls</Key>
3642 <ValueName>1</ValueName>
3643 <Value>http://www.example.com:8080</Value>
3645 <Entry type="1" type_name="REG_SZ">
3646 <Key>Software\Policies\Google\Chrome\InsecurePrivateNetworkRequestsAllowedForUrls</Key>
3647 <ValueName>2</ValueName>
3648 <Value>[*.]example.edu</Value>
3650 <Entry type="1" type_name="REG_SZ">
3651 <Key>Software\Policies\Google\Chrome\JavaScriptAllowedForUrls</Key>
3652 <ValueName>1</ValueName>
3653 <Value>https://www.example.com</Value>
3655 <Entry type="1" type_name="REG_SZ">
3656 <Key>Software\Policies\Google\Chrome\JavaScriptAllowedForUrls</Key>
3657 <ValueName>2</ValueName>
3658 <Value>[*.]example.edu</Value>
3660 <Entry type="1" type_name="REG_SZ">
3661 <Key>Software\Policies\Google\Chrome\JavaScriptBlockedForUrls</Key>
3662 <ValueName>1</ValueName>
3663 <Value>https://www.example.com</Value>
3665 <Entry type="1" type_name="REG_SZ">
3666 <Key>Software\Policies\Google\Chrome\JavaScriptBlockedForUrls</Key>
3667 <ValueName>2</ValueName>
3668 <Value>[*.]example.edu</Value>
3670 <Entry type="1" type_name="REG_SZ">
3671 <Key>Software\Policies\Google\Chrome\LegacySameSiteCookieBehaviorEnabledForDomainList</Key>
3672 <ValueName>1</ValueName>
3673 <Value>www.example.com</Value>
3675 <Entry type="1" type_name="REG_SZ">
3676 <Key>Software\Policies\Google\Chrome\LegacySameSiteCookieBehaviorEnabledForDomainList</Key>
3677 <ValueName>2</ValueName>
3678 <Value>[*.]example.edu</Value>
3680 <Entry type="1" type_name="REG_SZ">
3681 <Key>Software\Policies\Google\Chrome\LookalikeWarningAllowlistDomains</Key>
3682 <ValueName>1</ValueName>
3683 <Value>foo.example.com</Value>
3685 <Entry type="1" type_name="REG_SZ">
3686 <Key>Software\Policies\Google\Chrome\LookalikeWarningAllowlistDomains</Key>
3687 <ValueName>2</ValueName>
3688 <Value>example.org</Value>
3690 <Entry type="1" type_name="REG_SZ">
3691 <Key>Software\Policies\Google\Chrome\NativeMessagingAllowlist</Key>
3692 <ValueName>1</ValueName>
3693 <Value>com.native.messaging.host.name1</Value>
3695 <Entry type="1" type_name="REG_SZ">
3696 <Key>Software\Policies\Google\Chrome\NativeMessagingAllowlist</Key>
3697 <ValueName>2</ValueName>
3698 <Value>com.native.messaging.host.name2</Value>
3700 <Entry type="1" type_name="REG_SZ">
3701 <Key>Software\Policies\Google\Chrome\NativeMessagingBlocklist</Key>
3702 <ValueName>1</ValueName>
3703 <Value>com.native.messaging.host.name1</Value>
3705 <Entry type="1" type_name="REG_SZ">
3706 <Key>Software\Policies\Google\Chrome\NativeMessagingBlocklist</Key>
3707 <ValueName>2</ValueName>
3708 <Value>com.native.messaging.host.name2</Value>
3710 <Entry type="1" type_name="REG_SZ">
3711 <Key>Software\Policies\Google\Chrome\NotificationsAllowedForUrls</Key>
3712 <ValueName>1</ValueName>
3713 <Value>https://www.example.com</Value>
3715 <Entry type="1" type_name="REG_SZ">
3716 <Key>Software\Policies\Google\Chrome\NotificationsAllowedForUrls</Key>
3717 <ValueName>2</ValueName>
3718 <Value>[*.]example.edu</Value>
3720 <Entry type="1" type_name="REG_SZ">
3721 <Key>Software\Policies\Google\Chrome\NotificationsBlockedForUrls</Key>
3722 <ValueName>1</ValueName>
3723 <Value>https://www.example.com</Value>
3725 <Entry type="1" type_name="REG_SZ">
3726 <Key>Software\Policies\Google\Chrome\NotificationsBlockedForUrls</Key>
3727 <ValueName>2</ValueName>
3728 <Value>[*.]example.edu</Value>
3730 <Entry type="1" type_name="REG_SZ">
3731 <Key>Software\Policies\Google\Chrome\OverrideSecurityRestrictionsOnInsecureOrigin</Key>
3732 <ValueName>1</ValueName>
3733 <Value>http://testserver.example.com/</Value>
3735 <Entry type="1" type_name="REG_SZ">
3736 <Key>Software\Policies\Google\Chrome\OverrideSecurityRestrictionsOnInsecureOrigin</Key>
3737 <ValueName>2</ValueName>
3738 <Value>*.example.org</Value>
3740 <Entry type="1" type_name="REG_SZ">
3741 <Key>Software\Policies\Google\Chrome\PasswordProtectionLoginURLs</Key>
3742 <ValueName>1</ValueName>
3743 <Value>https://mydomain.com/login.html</Value>
3745 <Entry type="1" type_name="REG_SZ">
3746 <Key>Software\Policies\Google\Chrome\PasswordProtectionLoginURLs</Key>
3747 <ValueName>2</ValueName>
3748 <Value>https://login.mydomain.com</Value>
3750 <Entry type="1" type_name="REG_SZ">
3751 <Key>Software\Policies\Google\Chrome\PolicyDictionaryMultipleSourceMergeList</Key>
3752 <ValueName>1</ValueName>
3753 <Value>ExtensionSettings</Value>
3755 <Entry type="1" type_name="REG_SZ">
3756 <Key>Software\Policies\Google\Chrome\PolicyListMultipleSourceMergeList</Key>
3757 <ValueName>1</ValueName>
3758 <Value>ExtensionInstallAllowlist</Value>
3760 <Entry type="1" type_name="REG_SZ">
3761 <Key>Software\Policies\Google\Chrome\PolicyListMultipleSourceMergeList</Key>
3762 <ValueName>2</ValueName>
3763 <Value>ExtensionInstallBlocklist</Value>
3765 <Entry type="1" type_name="REG_SZ">
3766 <Key>Software\Policies\Google\Chrome\PopupsAllowedForUrls</Key>
3767 <ValueName>1</ValueName>
3768 <Value>https://www.example.com</Value>
3770 <Entry type="1" type_name="REG_SZ">
3771 <Key>Software\Policies\Google\Chrome\PopupsAllowedForUrls</Key>
3772 <ValueName>2</ValueName>
3773 <Value>[*.]example.edu</Value>
3775 <Entry type="1" type_name="REG_SZ">
3776 <Key>Software\Policies\Google\Chrome\PopupsBlockedForUrls</Key>
3777 <ValueName>1</ValueName>
3778 <Value>https://www.example.com</Value>
3780 <Entry type="1" type_name="REG_SZ">
3781 <Key>Software\Policies\Google\Chrome\PopupsBlockedForUrls</Key>
3782 <ValueName>2</ValueName>
3783 <Value>[*.]example.edu</Value>
3785 <Entry type="1" type_name="REG_SZ">
3786 <Key>Software\Policies\Google\Chrome\PrinterTypeDenyList</Key>
3787 <ValueName>1</ValueName>
3788 <Value>cloud</Value>
3790 <Entry type="1" type_name="REG_SZ">
3791 <Key>Software\Policies\Google\Chrome\PrinterTypeDenyList</Key>
3792 <ValueName>2</ValueName>
3793 <Value>privet</Value>
3795 <Entry type="1" type_name="REG_SZ">
3796 <Key>Software\Policies\Google\Chrome\RemoteAccessHostClientDomainList</Key>
3797 <ValueName>1</ValueName>
3798 <Value>my-awesome-domain.com</Value>
3800 <Entry type="1" type_name="REG_SZ">
3801 <Key>Software\Policies\Google\Chrome\RemoteAccessHostClientDomainList</Key>
3802 <ValueName>2</ValueName>
3803 <Value>my-auxiliary-domain.com</Value>
3805 <Entry type="1" type_name="REG_SZ">
3806 <Key>Software\Policies\Google\Chrome\RemoteAccessHostDomainList</Key>
3807 <ValueName>1</ValueName>
3808 <Value>my-awesome-domain.com</Value>
3810 <Entry type="1" type_name="REG_SZ">
3811 <Key>Software\Policies\Google\Chrome\RemoteAccessHostDomainList</Key>
3812 <ValueName>2</ValueName>
3813 <Value>my-auxiliary-domain.com</Value>
3815 <Entry type="1" type_name="REG_SZ">
3816 <Key>Software\Policies\Google\Chrome\RestoreOnStartupURLs</Key>
3817 <ValueName>1</ValueName>
3818 <Value>https://example.com</Value>
3820 <Entry type="1" type_name="REG_SZ">
3821 <Key>Software\Policies\Google\Chrome\RestoreOnStartupURLs</Key>
3822 <ValueName>2</ValueName>
3823 <Value>https://www.chromium.org</Value>
3825 <Entry type="1" type_name="REG_SZ">
3826 <Key>Software\Policies\Google\Chrome\SSLErrorOverrideAllowedForOrigins</Key>
3827 <ValueName>1</ValueName>
3828 <Value>https://www.example.com</Value>
3830 <Entry type="1" type_name="REG_SZ">
3831 <Key>Software\Policies\Google\Chrome\SSLErrorOverrideAllowedForOrigins</Key>
3832 <ValueName>2</ValueName>
3833 <Value>[*.]example.edu</Value>
3835 <Entry type="1" type_name="REG_SZ">
3836 <Key>Software\Policies\Google\Chrome\SafeBrowsingAllowlistDomains</Key>
3837 <ValueName>1</ValueName>
3838 <Value>mydomain.com</Value>
3840 <Entry type="1" type_name="REG_SZ">
3841 <Key>Software\Policies\Google\Chrome\SafeBrowsingAllowlistDomains</Key>
3842 <ValueName>2</ValueName>
3843 <Value>myuniversity.edu</Value>
3845 <Entry type="1" type_name="REG_SZ">
3846 <Key>Software\Policies\Google\Chrome\SecurityKeyPermitAttestation</Key>
3847 <ValueName>1</ValueName>
3848 <Value>https://example.com</Value>
3850 <Entry type="1" type_name="REG_SZ">
3851 <Key>Software\Policies\Google\Chrome\SensorsAllowedForUrls</Key>
3852 <ValueName>1</ValueName>
3853 <Value>https://www.example.com</Value>
3855 <Entry type="1" type_name="REG_SZ">
3856 <Key>Software\Policies\Google\Chrome\SensorsAllowedForUrls</Key>
3857 <ValueName>2</ValueName>
3858 <Value>[*.]example.edu</Value>
3860 <Entry type="1" type_name="REG_SZ">
3861 <Key>Software\Policies\Google\Chrome\SensorsBlockedForUrls</Key>
3862 <ValueName>1</ValueName>
3863 <Value>https://www.example.com</Value>
3865 <Entry type="1" type_name="REG_SZ">
3866 <Key>Software\Policies\Google\Chrome\SensorsBlockedForUrls</Key>
3867 <ValueName>2</ValueName>
3868 <Value>[*.]example.edu</Value>
3870 <Entry type="1" type_name="REG_SZ">
3871 <Key>Software\Policies\Google\Chrome\SerialAskForUrls</Key>
3872 <ValueName>1</ValueName>
3873 <Value>https://www.example.com</Value>
3875 <Entry type="1" type_name="REG_SZ">
3876 <Key>Software\Policies\Google\Chrome\SerialAskForUrls</Key>
3877 <ValueName>2</ValueName>
3878 <Value>[*.]example.edu</Value>
3880 <Entry type="1" type_name="REG_SZ">
3881 <Key>Software\Policies\Google\Chrome\SerialBlockedForUrls</Key>
3882 <ValueName>1</ValueName>
3883 <Value>https://www.example.com</Value>
3885 <Entry type="1" type_name="REG_SZ">
3886 <Key>Software\Policies\Google\Chrome\SerialBlockedForUrls</Key>
3887 <ValueName>2</ValueName>
3888 <Value>[*.]example.edu</Value>
3890 <Entry type="1" type_name="REG_SZ">
3891 <Key>Software\Policies\Google\Chrome\SpellcheckLanguage</Key>
3892 <ValueName>1</ValueName>
3895 <Entry type="1" type_name="REG_SZ">
3896 <Key>Software\Policies\Google\Chrome\SpellcheckLanguage</Key>
3897 <ValueName>2</ValueName>
3900 <Entry type="1" type_name="REG_SZ">
3901 <Key>Software\Policies\Google\Chrome\SpellcheckLanguageBlocklist</Key>
3902 <ValueName>1</ValueName>
3905 <Entry type="1" type_name="REG_SZ">
3906 <Key>Software\Policies\Google\Chrome\SpellcheckLanguageBlocklist</Key>
3907 <ValueName>2</ValueName>
3910 <Entry type="1" type_name="REG_SZ">
3911 <Key>Software\Policies\Google\Chrome\SyncTypesListDisabled</Key>
3912 <ValueName>1</ValueName>
3913 <Value>bookmarks</Value>
3915 <Entry type="1" type_name="REG_SZ">
3916 <Key>Software\Policies\Google\Chrome\URLAllowlist</Key>
3917 <ValueName>1</ValueName>
3918 <Value>example.com</Value>
3920 <Entry type="1" type_name="REG_SZ">
3921 <Key>Software\Policies\Google\Chrome\URLAllowlist</Key>
3922 <ValueName>2</ValueName>
3923 <Value>https://ssl.server.com</Value>
3925 <Entry type="1" type_name="REG_SZ">
3926 <Key>Software\Policies\Google\Chrome\URLAllowlist</Key>
3927 <ValueName>3</ValueName>
3928 <Value>hosting.com/good_path</Value>
3930 <Entry type="1" type_name="REG_SZ">
3931 <Key>Software\Policies\Google\Chrome\URLAllowlist</Key>
3932 <ValueName>4</ValueName>
3933 <Value>https://server:8080/path</Value>
3935 <Entry type="1" type_name="REG_SZ">
3936 <Key>Software\Policies\Google\Chrome\URLAllowlist</Key>
3937 <ValueName>5</ValueName>
3938 <Value>.exact.hostname.com</Value>
3940 <Entry type="1" type_name="REG_SZ">
3941 <Key>Software\Policies\Google\Chrome\URLBlocklist</Key>
3942 <ValueName>1</ValueName>
3943 <Value>example.com</Value>
3945 <Entry type="1" type_name="REG_SZ">
3946 <Key>Software\Policies\Google\Chrome\URLBlocklist</Key>
3947 <ValueName>2</ValueName>
3948 <Value>https://ssl.server.com</Value>
3950 <Entry type="1" type_name="REG_SZ">
3951 <Key>Software\Policies\Google\Chrome\URLBlocklist</Key>
3952 <ValueName>3</ValueName>
3953 <Value>hosting.com/bad_path</Value>
3955 <Entry type="1" type_name="REG_SZ">
3956 <Key>Software\Policies\Google\Chrome\URLBlocklist</Key>
3957 <ValueName>4</ValueName>
3958 <Value>https://server:8080/path</Value>
3960 <Entry type="1" type_name="REG_SZ">
3961 <Key>Software\Policies\Google\Chrome\URLBlocklist</Key>
3962 <ValueName>5</ValueName>
3963 <Value>.exact.hostname.com</Value>
3965 <Entry type="1" type_name="REG_SZ">
3966 <Key>Software\Policies\Google\Chrome\URLBlocklist</Key>
3967 <ValueName>6</ValueName>
3968 <Value>file://*</Value>
3970 <Entry type="1" type_name="REG_SZ">
3971 <Key>Software\Policies\Google\Chrome\URLBlocklist</Key>
3972 <ValueName>7</ValueName>
3973 <Value>custom_scheme:*</Value>
3975 <Entry type="1" type_name="REG_SZ">
3976 <Key>Software\Policies\Google\Chrome\URLBlocklist</Key>
3977 <ValueName>8</ValueName>
3980 <Entry type="1" type_name="REG_SZ">
3981 <Key>Software\Policies\Google\Chrome\VideoCaptureAllowedUrls</Key>
3982 <ValueName>1</ValueName>
3983 <Value>https://www.example.com/</Value>
3985 <Entry type="1" type_name="REG_SZ">
3986 <Key>Software\Policies\Google\Chrome\VideoCaptureAllowedUrls</Key>
3987 <ValueName>2</ValueName>
3988 <Value>https://[*.]example.edu/</Value>
3990 <Entry type="1" type_name="REG_SZ">
3991 <Key>Software\Policies\Google\Chrome\WebRtcLocalIpsAllowedUrls</Key>
3992 <ValueName>1</ValueName>
3993 <Value>https://www.example.com</Value>
3995 <Entry type="1" type_name="REG_SZ">
3996 <Key>Software\Policies\Google\Chrome\WebRtcLocalIpsAllowedUrls</Key>
3997 <ValueName>2</ValueName>
3998 <Value>*example.com*</Value>
4000 <Entry type="1" type_name="REG_SZ">
4001 <Key>Software\Policies\Google\Chrome\WebUsbAskForUrls</Key>
4002 <ValueName>1</ValueName>
4003 <Value>https://www.example.com</Value>
4005 <Entry type="1" type_name="REG_SZ">
4006 <Key>Software\Policies\Google\Chrome\WebUsbAskForUrls</Key>
4007 <ValueName>2</ValueName>
4008 <Value>[*.]example.edu</Value>
4010 <Entry type="1" type_name="REG_SZ">
4011 <Key>Software\Policies\Google\Chrome\WebUsbBlockedForUrls</Key>
4012 <ValueName>1</ValueName>
4013 <Value>https://www.example.com</Value>
4015 <Entry type="1" type_name="REG_SZ">
4016 <Key>Software\Policies\Google\Chrome\WebUsbBlockedForUrls</Key>
4017 <ValueName>2</ValueName>
4018 <Value>[*.]example.edu</Value>
4020 <Entry type="4" type_name="REG_DWORD">
4021 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4022 <ValueName>AlternateErrorPagesEnabled</ValueName>
4025 <Entry type="1" type_name="REG_SZ">
4026 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4027 <ValueName>ApplicationLocaleValue</ValueName>
4030 <Entry type="4" type_name="REG_DWORD">
4031 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4032 <ValueName>AutofillAddressEnabled</ValueName>
4035 <Entry type="4" type_name="REG_DWORD">
4036 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4037 <ValueName>AutofillCreditCardEnabled</ValueName>
4040 <Entry type="4" type_name="REG_DWORD">
4041 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4042 <ValueName>BackgroundModeEnabled</ValueName>
4045 <Entry type="4" type_name="REG_DWORD">
4046 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4047 <ValueName>BlockThirdPartyCookies</ValueName>
4050 <Entry type="4" type_name="REG_DWORD">
4051 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4052 <ValueName>BookmarkBarEnabled</ValueName>
4055 <Entry type="1" type_name="REG_SZ">
4056 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4057 <ValueName>DefaultDownloadDirectory</ValueName>
4058 <Value>/home/${user_name}/Downloads</Value>
4060 <Entry type="1" type_name="REG_SZ">
4061 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4062 <ValueName>DownloadDirectory</ValueName>
4063 <Value>/home/${user_name}/Downloads</Value>
4065 <Entry type="4" type_name="REG_DWORD">
4066 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4067 <ValueName>DownloadRestrictions</ValueName>
4070 <Entry type="4" type_name="REG_DWORD">
4071 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4072 <ValueName>HomepageIsNewTabPage</ValueName>
4075 <Entry type="1" type_name="REG_SZ">
4076 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4077 <ValueName>HomepageLocation</ValueName>
4078 <Value>https://www.chromium.org</Value>
4080 <Entry type="4" type_name="REG_DWORD">
4081 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4082 <ValueName>ImportAutofillFormData</ValueName>
4085 <Entry type="4" type_name="REG_DWORD">
4086 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4087 <ValueName>ImportBookmarks</ValueName>
4090 <Entry type="4" type_name="REG_DWORD">
4091 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4092 <ValueName>ImportHistory</ValueName>
4095 <Entry type="4" type_name="REG_DWORD">
4096 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4097 <ValueName>ImportSavedPasswords</ValueName>
4100 <Entry type="4" type_name="REG_DWORD">
4101 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4102 <ValueName>ImportSearchEngine</ValueName>
4105 <Entry type="4" type_name="REG_DWORD">
4106 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4107 <ValueName>MetricsReportingEnabled</ValueName>
4110 <Entry type="4" type_name="REG_DWORD">
4111 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4112 <ValueName>NetworkPredictionOptions</ValueName>
4115 <Entry type="4" type_name="REG_DWORD">
4116 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4117 <ValueName>PasswordLeakDetectionEnabled</ValueName>
4120 <Entry type="4" type_name="REG_DWORD">
4121 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4122 <ValueName>PasswordManagerEnabled</ValueName>
4125 <Entry type="4" type_name="REG_DWORD">
4126 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4127 <ValueName>PrintHeaderFooter</ValueName>
4130 <Entry type="4" type_name="REG_DWORD">
4131 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4132 <ValueName>PrintPreviewUseSystemDefaultPrinter</ValueName>
4135 <Entry type="1" type_name="REG_SZ">
4136 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4137 <ValueName>RegisteredProtocolHandlers</ValueName>
4138 <Value>[{"default": true, "protocol": "mailto", "url": "https://mail.google.com/mail/?extsrc=mailto&url=%s"}]</Value>
4140 <Entry type="4" type_name="REG_DWORD">
4141 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4142 <ValueName>RestoreOnStartup</ValueName>
4145 <Entry type="4" type_name="REG_DWORD">
4146 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4147 <ValueName>SafeBrowsingForTrustedSourcesEnabled</ValueName>
4150 <Entry type="4" type_name="REG_DWORD">
4151 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4152 <ValueName>SafeBrowsingProtectionLevel</ValueName>
4155 <Entry type="4" type_name="REG_DWORD">
4156 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4157 <ValueName>SearchSuggestEnabled</ValueName>
4160 <Entry type="4" type_name="REG_DWORD">
4161 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4162 <ValueName>ShowFullUrlsInAddressBar</ValueName>
4165 <Entry type="4" type_name="REG_DWORD">
4166 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4167 <ValueName>ShowHomeButton</ValueName>
4170 <Entry type="4" type_name="REG_DWORD">
4171 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4172 <ValueName>SpellCheckServiceEnabled</ValueName>
4175 <Entry type="4" type_name="REG_DWORD">
4176 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4177 <ValueName>TranslateEnabled</ValueName>
4180 <Entry type="1" type_name="REG_SZ">
4181 <Key>Software\Policies\Google\Chrome\Recommended\RestoreOnStartupURLs</Key>
4182 <ValueName>1</ValueName>
4183 <Value>https://example.com</Value>
4185 <Entry type="1" type_name="REG_SZ">
4186 <Key>Software\Policies\Google\Chrome\Recommended\RestoreOnStartupURLs</Key>
4187 <ValueName>2</ValueName>
4188 <Value>https://www.chromium.org</Value>
4193 chromium_json_expected_managed = \
4196 "FileSystemWriteAskForUrls": [
4197 "https://www.example.com",
4200 "InsecureContentBlockedForUrls": [
4201 "https://www.example.com",
4204 "DefaultSearchProviderImageURLPostParams": "content={imageThumbnail},url={imageURL},sbisrc={SearchSource}",
4205 "BrowserAddPersonEnabled": true,
4206 "DefaultSearchProviderImageURL": "https://search.my.company/searchbyimage/upload",
4207 "ShowHomeButton": true,
4208 "ClearBrowsingDataOnExitList": [
4211 "cookies_and_other_site_data",
4212 "cached_images_and_files",
4218 "JavaScriptAllowedForUrls": [
4219 "https://www.example.com",
4222 "AmbientAuthenticationInPrivateModesEnabled": 0,
4223 "AllowFileSelectionDialogs": true,
4224 "PrintingAllowedBackgroundGraphicsModes": "enabled",
4225 "DnsOverHttpsTemplates": "https://dns.example.net/dns-query{?dns}",
4226 "ComponentUpdatesEnabled": true,
4227 "RemoteAccessHostAllowRemoteAccessConnections": false,
4228 "WindowOcclusionEnabled": true,
4229 "PrintPreviewUseSystemDefaultPrinter": false,
4230 "AutoLaunchProtocolsFromOrigins": [
4232 "allowed_origins": [
4234 "http://www.example.com:8080"
4236 "protocol": "spotify"
4239 "allowed_origins": [
4240 "https://example.com",
4241 "https://.mail.example.com"
4246 "allowed_origins": [
4249 "protocol": "outlook"
4252 "ManagedConfigurationPerOrigin": [
4254 "origin": "https://www.google.com",
4255 "managed_configuration_hash": "asd891jedasd12ue9h",
4256 "managed_configuration_url": "https://gstatic.google.com/configuration.json"
4259 "origin": "https://www.example.com",
4260 "managed_configuration_hash": "djio12easd89u12aws",
4261 "managed_configuration_url": "https://gstatic.google.com/configuration2.json"
4264 "SyncTypesListDisabled": [
4267 "SecurityKeyPermitAttestation": [
4268 "https://example.com"
4270 "DefaultSearchProviderSearchURL": "https://search.my.company/search?q={searchTerms}",
4271 "MetricsReportingEnabled": true,
4272 "MaxInvalidationFetchDelay": 10000,
4273 "AudioProcessHighPriorityEnabled": true,
4274 "ExtensionInstallForcelist": [
4275 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa;https://clients2.google.com/service/update2/crx",
4276 "abcdefghijklmnopabcdefghijklmnop"
4278 "ExternalProtocolDialogShowAlwaysOpenCheckbox": true,
4279 "CookiesBlockedForUrls": [
4280 "https://www.example.com",
4283 "BrowserSwitcherExternalSitelistUrl": "http://example.com/sitelist.xml",
4284 "AudioCaptureAllowedUrls": [
4285 "https://www.example.com/",
4286 "https://[*.]example.edu/"
4288 "NTPCustomBackgroundEnabled": true,
4289 "BlockExternalExtensions": true,
4290 "BrowserSwitcherChromeParameters": [
4293 "SafeSitesFilterBehavior": 0,
4294 "EnableOnlineRevocationChecks": false,
4295 "ImagesBlockedForUrls": [
4296 "https://www.example.com",
4299 "InsecureFormsWarningsEnabled": true,
4300 "RelaunchNotificationPeriod": 604800000,
4301 "TotalMemoryLimitMb": 2048,
4302 "CloudManagementEnrollmentMandatory": true,
4303 "ClickToCallEnabled": true,
4304 "AppCacheForceEnabled": false,
4305 "UrlKeyedAnonymizedDataCollectionEnabled": true,
4306 "FullscreenAllowed": true,
4307 "AuthSchemes": "basic,digest,ntlm,negotiate",
4308 "PasswordLeakDetectionEnabled": true,
4309 "AuthServerAllowlist": "*.example.com,example.com",
4310 "AllowSyncXHRInPageDismissal": false,
4311 "PasswordProtectionChangePasswordURL": "https://mydomain.com/change_password.html",
4312 "MaxConnectionsPerProxy": 32,
4313 "RemoteAccessHostMaximumSessionDurationMinutes": 1200,
4314 "RemoteAccessHostAllowFileTransfer": false,
4315 "PrintRasterizationMode": 1,
4316 "CertificateTransparencyEnforcementDisabledForLegacyCas": [
4317 "sha256/AAAAAAAAAAAAAAAAAAAAAA==",
4318 "sha256//////////////////////w=="
4320 "DefaultWebBluetoothGuardSetting": 2,
4321 "AutoplayAllowed": true,
4322 "BrowserSwitcherUrlList": [
4324 "!open-in-chrome.ie.com",
4325 "foobar.com/ie-only/"
4327 "CertificateTransparencyEnforcementDisabledForUrls": [
4331 "SpellcheckLanguageBlocklist": [
4335 "PrintHeaderFooter": false,
4336 "ShowAppsShortcutInBookmarkBar": false,
4337 "SerialAskForUrls": [
4338 "https://www.example.com",
4341 "ImagesAllowedForUrls": [
4342 "https://www.example.com",
4345 "ProfilePickerOnStartupAvailability": 0,
4346 "CommandLineFlagSecurityWarningsEnabled": true,
4347 "QuicAllowed": true,
4348 "IntensiveWakeUpThrottlingEnabled": true,
4349 "WPADQuickCheckEnabled": true,
4350 "SensorsAllowedForUrls": [
4351 "https://www.example.com",
4354 "NTPCardsVisible": true,
4355 "DefaultSearchProviderAlternateURLs": [
4356 "https://search.my.company/suggest#q={searchTerms}",
4357 "https://search.my.company/suggest/search#q={searchTerms}"
4359 "DisableSafeBrowsingProceedAnyway": true,
4360 "DefaultFileSystemWriteGuardSetting": 2,
4361 "DefaultSearchProviderSuggestURL": "https://search.my.company/suggest?q={searchTerms}",
4362 "SSLErrorOverrideAllowed": true,
4363 "CloudPrintProxyEnabled": true,
4364 "BrowserSwitcherUrlGreylist": [
4366 "!open-in-chrome.ie.com",
4367 "foobar.com/ie-only/"
4369 "BrowserNetworkTimeQueriesEnabled": true,
4370 "WebUsbAllowDevicesForUrls": [
4373 "https://google.com"
4383 "TaskManagerEndProcessEnabled": true,
4384 "SuppressDifferentOriginSubframeDialogs": true,
4385 "UserDataDir": "${users}/${user_name}/Chrome",
4386 "CookiesAllowedForUrls": [
4387 "https://www.example.com",
4390 "SuppressUnsupportedOSWarning": true,
4391 "RequireOnlineRevocationChecksForLocalAnchors": false,
4392 "BrowsingDataLifetime": [
4397 "time_to_live_in_hours": 24
4404 "time_to_live_in_hours": 12
4407 "FileHandlingBlockedForUrls": [
4408 "https://www.example.com",
4411 "AudioCaptureAllowed": false,
4412 "PromotionalTabsEnabled": false,
4413 "ShowFullUrlsInAddressBar": false,
4414 "EnableMediaRouter": true,
4415 "BrowserSwitcherDelay": 10000,
4416 "AllowDinosaurEasterEgg": false,
4417 "ImportSearchEngine": true,
4418 "PrintingBackgroundGraphicsDefault": "enabled",
4419 "TripleDESEnabled": false,
4420 "AutoplayAllowlist": [
4421 "https://www.example.com",
4424 "RemoteAccessHostUdpPortRange": "12400-12409",
4425 "DefaultSearchProviderIconURL": "https://search.my.company/favicon.ico",
4426 "BrowserSwitcherChromePath": "${chrome}",
4427 "InsecureContentAllowedForUrls": [
4428 "https://www.example.com",
4431 "DefaultSearchProviderSearchURLPostParams": "q={searchTerms},ie=utf-8,oe=utf-8",
4432 "ForceGoogleSafeSearch": false,
4433 "UserFeedbackAllowed": true,
4434 "ForceYouTubeRestrict": 0,
4435 "ApplicationLocaleValue": "en",
4436 "RoamingProfileSupportEnabled": true,
4437 "AlternativeBrowserPath": "${ie}",
4438 "AlternativeBrowserParameters": [
4443 "%HOME%\\\\browser_profile"
4445 "AdvancedProtectionAllowed": true,
4446 "EditBookmarksEnabled": false,
4447 "DefaultPrinterSelection": "{ \\"kind\\": \\"cloud\\", \\"idPattern\\": \\".*public\\", \\"namePattern\\": \\".*Color\\" }",
4448 "SSLVersionMin": "tls1",
4449 "SharedArrayBufferUnrestrictedAccessAllowed": true,
4450 "DefaultSerialGuardSetting": 2,
4451 "DefaultPopupsSetting": 1,
4452 "IntranetRedirectBehavior": 1,
4453 "RendererCodeIntegrityEnabled": false,
4454 "BrowserGuestModeEnforced": true,
4455 "HSTSPolicyBypassList": [
4458 "DefaultWebUsbGuardSetting": 2,
4459 "CECPQ2Enabled": true,
4460 "RemoteAccessHostDomainList": [
4461 "my-awesome-domain.com",
4462 "my-auxiliary-domain.com"
4466 "https://ssl.server.com",
4467 "hosting.com/bad_path",
4468 "https://server:8080/path",
4469 ".exact.hostname.com",
4474 "IsolateOrigins": "https://example.com/,https://othersite.org/",
4475 "ExtensionAllowedTypes": [
4478 "NativeMessagingBlocklist": [
4479 "com.native.messaging.host.name1",
4480 "com.native.messaging.host.name2"
4482 "ExtensionSettings": {
4483 "abcdefghijklmnopabcdefghijklmnop": {
4484 "blocked_permissions": [
4487 "minimum_version_required": "1.0.1",
4488 "toolbar_pin": "force_pinned",
4489 "installation_mode": "allowed"
4491 "bcdefghijklmnopabcdefghijklmnopa": {
4492 "runtime_blocked_hosts": [
4495 "allowed_permissions": [
4498 "update_url": "https://example.com/update_url",
4499 "runtime_allowed_hosts": [
4500 "*://good.example.com"
4502 "installation_mode": "force_installed"
4504 "update_url:https://www.example.com/update.xml": {
4505 "allowed_permissions": [
4508 "blocked_permissions": [
4511 "installation_mode": "allowed"
4513 "cdefghijklmnopabcdefghijklmnopab": {
4514 "blocked_install_message": "Custom error message.",
4515 "installation_mode": "blocked"
4518 "blocked_permissions": [
4522 "installation_mode": "blocked",
4523 "runtime_blocked_hosts": [
4526 "blocked_install_message": "Custom error message.",
4530 "runtime_allowed_hosts": [
4531 "*://good.example.com"
4533 "install_sources": [
4534 "https://company-intranet/chromeapps"
4537 "defghijklmnopabcdefghijklmnopabc,efghijklmnopabcdefghijklmnopabcd": {
4538 "blocked_install_message": "Custom error message.",
4539 "installation_mode": "blocked"
4541 "fghijklmnopabcdefghijklmnopabcde": {
4542 "blocked_install_message": "Custom removal message.",
4543 "installation_mode": "removed"
4545 "ghijklmnopabcdefghijklmnopabcdef": {
4546 "update_url": "https://example.com/update_url",
4547 "override_update_url": true,
4548 "installation_mode": "force_installed"
4551 "FileSystemReadAskForUrls": [
4552 "https://www.example.com",
4555 "SpellCheckServiceEnabled": false,
4556 "ExtensionInstallSources": [
4557 "https://corp.mycompany.com/*"
4559 "PrinterTypeDenyList": [
4563 "SharedClipboardEnabled": true,
4564 "BlockThirdPartyCookies": false,
4565 "MediaRouterCastAllowAllIPs": false,
4566 "DnsOverHttpsMode": "off",
4567 "SyncDisabled": true,
4568 "LookalikeWarningAllowlistDomains": [
4572 "UserDataSnapshotRetentionLimit": 3,
4573 "SafeBrowsingProtectionLevel": 2,
4574 "ScrollToTextFragmentEnabled": false,
4575 "ImportBookmarks": true,
4576 "DefaultBrowserSettingEnabled": true,
4577 "DefaultSearchProviderEnabled": true,
4578 "AdditionalDnsQueryTypesEnabled": true,
4579 "PolicyRefreshRate": 3600000,
4580 "PrintingPaperSizeDefault": {
4587 "RestoreOnStartup": 4,
4588 "PasswordProtectionWarningTrigger": 1,
4589 "ChromeCleanupEnabled": true,
4590 "AbusiveExperienceInterventionEnforce": true,
4591 "BasicAuthOverHttpEnabled": false,
4592 "EnableAuthNegotiatePort": false,
4593 "DefaultGeolocationSetting": 1,
4594 "PolicyDictionaryMultipleSourceMergeList": [
4597 "AllowedDomainsForApps": "managedchrome.com,example.com",
4598 "DisableAuthNegotiateCnameLookup": false,
4599 "IncognitoModeAvailability": 1,
4600 "ChromeVariations": 1,
4601 "DefaultSearchProviderNewTabURL": "https://search.my.company/newtab",
4602 "SavingBrowserHistoryDisabled": true,
4603 "SpellcheckEnabled": false,
4604 "FileSystemWriteBlockedForUrls": [
4605 "https://www.example.com",
4608 "BuiltInDnsClientEnabled": true,
4609 "SSLErrorOverrideAllowedForOrigins": [
4610 "https://www.example.com",
4613 "WebRtcIPHandling": "default",
4614 "DefaultNotificationsSetting": 2,
4615 "PopupsAllowedForUrls": [
4616 "https://www.example.com",
4619 "TranslateEnabled": true,
4620 "DefaultSearchProviderEncodings": [
4626 "DownloadRestrictions": 2,
4627 "PromptForDownloadLocation": false,
4628 "DisablePrintPreview": false,
4629 "NetworkPredictionOptions": 1,
4630 "FileSystemReadBlockedForUrls": [
4631 "https://www.example.com",
4634 "AutoOpenFileTypes": [
4638 "DownloadDirectory": "/home/${user_name}/Downloads",
4639 "ImportHomepage": true,
4640 "GloballyScopeHTTPAuthCacheEnabled": false,
4641 "CloudManagementEnrollmentToken": "37185d02-e055-11e7-80c1-9a214cf093ae",
4642 "ThirdPartyBlockingEnabled": false,
4643 "AdsSettingForIntrusiveAdsSites": 1,
4644 "FetchKeepaliveDurationSecondsOnShutdown": 1,
4645 "BookmarkBarEnabled": true,
4646 "DisableScreenshots": true,
4647 "AccessibilityImageLabelsEnabled": false,
4648 "RemoteAccessHostAllowUiAccessForRemoteAssistance": true,
4649 "PopupsBlockedForUrls": [
4650 "https://www.example.com",
4653 "DefaultFileSystemReadGuardSetting": 2,
4655 "WebRtcAllowLegacyTLSProtocols": false,
4656 "PasswordManagerEnabled": true,
4657 "SafeBrowsingExtendedReportingEnabled": true,
4658 "CloudPolicyOverridesPlatformPolicy": false,
4659 "InsecurePrivateNetworkRequestsAllowedForUrls": [
4660 "http://www.example.com:8080",
4663 "RelaunchNotification": 1,
4664 "AlwaysOpenPdfExternally": true,
4665 "DefaultFileHandlingGuardSetting": 2,
4666 "ForceEphemeralProfiles": true,
4667 "PasswordProtectionLoginURLs": [
4668 "https://mydomain.com/login.html",
4669 "https://login.mydomain.com"
4671 "BrowserSwitcherExternalGreylistUrl": "http://example.com/greylist.xml",
4672 "BrowserGuestModeEnabled": true,
4673 "MediaRecommendationsEnabled": true,
4674 "WebRtcLocalIpsAllowedUrls": [
4675 "https://www.example.com",
4678 "DeveloperToolsAvailability": 2,
4679 "DNSInterceptionChecksEnabled": true,
4680 "DefaultSearchProviderContextMenuAccessAllowed": true,
4681 "RemoteAccessHostRequireCurtain": false,
4682 "PaymentMethodQueryEnabled": true,
4683 "HomepageLocation": "https://www.chromium.org",
4684 "WebUsbAskForUrls": [
4685 "https://www.example.com",
4688 "RemoteAccessHostAllowClientPairing": false,
4690 "ProxyMode": "direct",
4691 "ProxyPacUrl": "https://internal.site/example.pac",
4692 "ProxyServer": "123.123.123.123:8080",
4693 "ProxyServerMode": 2,
4694 "ProxyBypassList": "https://www.example1.com,https://www.example2.com,https://internalsite/"
4696 "AutofillCreditCardEnabled": false,
4697 "FileHandlingAllowedForUrls": [
4698 "https://www.example.com",
4701 "ChromeCleanupReportingEnabled": true,
4702 "AlternateErrorPagesEnabled": true,
4703 "WebRtcEventLogCollectionAllowed": true,
4704 "AutoSelectCertificateForUrls": [
4705 "{\\"pattern\\":\\"https://www.example.com\\",\\"filter\\":{\\"ISSUER\\":{\\"CN\\":\\"certificate issuer name\\", \\"L\\": \\"certificate issuer location\\", \\"O\\": \\"certificate issuer org\\", \\"OU\\": \\"certificate issuer org unit\\"}, \\"SUBJECT\\":{\\"CN\\":\\"certificate subject name\\", \\"L\\": \\"certificate subject location\\", \\"O\\": \\"certificate subject org\\", \\"OU\\": \\"certificate subject org unit\\"}}}"
4707 "PolicyListMultipleSourceMergeList": [
4708 "ExtensionInstallAllowlist",
4709 "ExtensionInstallBlocklist"
4711 "CertificateTransparencyEnforcementDisabledForCas": [
4712 "sha256/AAAAAAAAAAAAAAAAAAAAAA==",
4713 "sha256//////////////////////w=="
4715 "CookiesSessionOnlyForUrls": [
4716 "https://www.example.com",
4719 "SitePerProcess": true,
4720 "RemoteAccessHostFirewallTraversal": false,
4721 "DefaultSearchProviderSuggestURLPostParams": "q={searchTerms},ie=utf-8,oe=utf-8",
4722 "BackgroundModeEnabled": true,
4723 "DefaultJavaScriptSetting": 1,
4724 "ForcedLanguages": [
4727 "ManagedBookmarks": [
4729 "toplevel_name": "My managed bookmarks folder"
4732 "url": "google.com",
4736 "url": "youtube.com",
4742 "url": "chromium.org",
4746 "url": "dev.chromium.org",
4747 "name": "Chromium Developers"
4750 "name": "Chrome links"
4753 "Disable3DAPIs": false,
4754 "CloudPrintSubmitEnabled": true,
4755 "DefaultCookiesSetting": 1,
4756 "ExtensionInstallBlocklist": [
4762 "https://ssl.server.com",
4763 "hosting.com/good_path",
4764 "https://server:8080/path",
4765 ".exact.hostname.com"
4767 "ExplicitlyAllowedNetworkPorts": [
4770 "HomepageIsNewTabPage": true,
4771 "SensorsBlockedForUrls": [
4772 "https://www.example.com",
4775 "BrowserLabsEnabled": false,
4776 "NotificationsAllowedForUrls": [
4777 "https://www.example.com",
4780 "NativeMessagingUserLevelHosts": false,
4781 "AuthNegotiateDelegateAllowlist": "foobar.example.com",
4782 "CloudUserPolicyMerge": true,
4783 "OverrideSecurityRestrictionsOnInsecureOrigin": [
4784 "http://testserver.example.com/",
4787 "HideWebStoreIcon": true,
4788 "SafeBrowsingForTrustedSourcesEnabled": false,
4789 "NewTabPageLocation": "https://www.chromium.org",
4790 "DiskCacheSize": 104857600,
4791 "BrowserSwitcherUseIeSitelist": true,
4792 "WebRtcUdpPortRange": "10000-11999",
4793 "EnterpriseHardwarePlatformAPIEnabled": true,
4794 "AutoOpenAllowedForURLs": [
4796 "https://ssl.server.com",
4797 "hosting.com/good_path",
4798 "https://server:8080/path",
4799 ".exact.hostname.com"
4801 "NativeMessagingAllowlist": [
4802 "com.native.messaging.host.name1",
4803 "com.native.messaging.host.name2"
4805 "DefaultSearchProviderName": "My Intranet Search",
4806 "JavaScriptBlockedForUrls": [
4807 "https://www.example.com",
4810 "EnableExperimentalPolicies": [
4811 "ExtensionInstallAllowlist",
4812 "ExtensionInstallBlocklist"
4814 "SafeBrowsingAllowlistDomains": [
4818 "AutofillAddressEnabled": false,
4819 "AllowCrossOriginAuthPrompt": false,
4820 "SpellcheckLanguage": [
4824 "VideoCaptureAllowed": false,
4825 "ScreenCaptureAllowed": false,
4826 "VideoCaptureAllowedUrls": [
4827 "https://www.example.com/",
4828 "https://[*.]example.edu/"
4830 "ImportHistory": true,
4831 "ShowCastIconInToolbar": false,
4832 "RestoreOnStartupURLs": [
4833 "https://example.com",
4834 "https://www.chromium.org"
4836 "LegacySameSiteCookieBehaviorEnabledForDomainList": [
4840 "PrintingEnabled": true,
4841 "ImportSavedPasswords": true,
4842 "EnableDeprecatedPrivetPrinting": true,
4843 "InsecurePrivateNetworkRequestsAllowed": false,
4845 "PolicyAtomicGroupsEnabled": true,
4846 "HardwareAccelerationModeEnabled": true,
4847 "AllowDeletingBrowserHistory": true,
4848 "DefaultSearchProviderKeyword": "mis",
4849 "ExtensionInstallAllowlist": [
4853 "WebAppInstallForceList": [
4855 "url": "https://www.google.com/maps",
4856 "create_desktop_shortcut": true,
4857 "default_launch_container": "window"
4860 "url": "https://docs.google.com",
4861 "default_launch_container": "tab"
4864 "url": "https://docs.google.com/editor",
4865 "fallback_app_name": "Editor",
4866 "default_launch_container": "window"
4869 "DiskCacheDir": "${user_home}/Chrome_cache",
4870 "SignedHTTPExchangeEnabled": true,
4871 "SearchSuggestEnabled": true,
4872 "BrowserThemeColor": "#FFFFFF",
4873 "RestrictSigninToPattern": ".*@example\\\\.com",
4874 "DefaultInsecureContentSetting": 2,
4875 "DefaultSensorsSetting": 2,
4876 "AudioSandboxEnabled": true,
4877 "RemoteAccessHostAllowRelayedConnection": false,
4878 "RoamingProfileLocation": "${roaming_app_data}\\\\chrome-profile",
4879 "UserAgentClientHintsEnabled": true,
4880 "TargetBlankImpliesNoOpener": false,
4881 "BrowserSwitcherKeepLastChromeTab": false,
4882 "RemoteAccessHostClientDomainList": [
4883 "my-awesome-domain.com",
4884 "my-auxiliary-domain.com"
4886 "NotificationsBlockedForUrls": [
4887 "https://www.example.com",
4890 "SerialBlockedForUrls": [
4891 "https://www.example.com",
4894 "DefaultImagesSetting": 1,
4895 "SigninInterceptionEnabled": true,
4896 "WebUsbBlockedForUrls": [
4897 "https://www.example.com",
4900 "ImportAutofillFormData": true,
4901 "BrowserSwitcherEnabled": true
4905 chromium_json_expected_recommended = \
4908 "BackgroundModeEnabled": true,
4909 "RestoreOnStartup": 4,
4910 "RegisteredProtocolHandlers": [
4913 "url": "https://mail.google.com/mail/?extsrc=mailto&url=%s",
4914 "protocol": "mailto"
4917 "ShowHomeButton": true,
4918 "PrintHeaderFooter": false,
4919 "SafeBrowsingForTrustedSourcesEnabled": false,
4920 "ShowFullUrlsInAddressBar": false,
4921 "MetricsReportingEnabled": true,
4922 "SpellCheckServiceEnabled": false,
4923 "ImportSearchEngine": true,
4924 "DownloadRestrictions": 2,
4925 "NetworkPredictionOptions": 1,
4926 "DownloadDirectory": "/home/${user_name}/Downloads",
4927 "TranslateEnabled": true,
4928 "AutofillAddressEnabled": false,
4929 "BookmarkBarEnabled": true,
4930 "PrintPreviewUseSystemDefaultPrinter": false,
4931 "ApplicationLocaleValue": "en",
4932 "ImportHistory": true,
4933 "RestoreOnStartupURLs": [
4934 "https://example.com",
4935 "https://www.chromium.org"
4937 "PasswordManagerEnabled": true,
4938 "ImportSavedPasswords": true,
4939 "DefaultDownloadDirectory": "/home/${user_name}/Downloads",
4940 "PasswordLeakDetectionEnabled": true,
4941 "SearchSuggestEnabled": true,
4942 "AlternateErrorPagesEnabled": true,
4943 "HomepageIsNewTabPage": true,
4944 "ImportAutofillFormData": true,
4945 "BlockThirdPartyCookies": false,
4946 "AutofillCreditCardEnabled": false,
4947 "HomepageLocation": "https://www.chromium.org",
4948 "SafeBrowsingProtectionLevel": 2,
4949 "ImportBookmarks": true
4953 firewalld_reg_pol = \
4955 <?xml version="1.0" encoding="utf-8"?>
4956 <PolFile num_entries="6" signature="PReg" version="1">
4957 <Entry type="4" type_name="REG_DWORD">
4958 <Key>Software\Policies\Samba\Unix Settings\Firewalld</Key>
4959 <ValueName>Zones</ValueName>
4962 <Entry type="4" type_name="REG_DWORD">
4963 <Key>Software\Policies\Samba\Unix Settings\Firewalld</Key>
4964 <ValueName>Rules</ValueName>
4967 <Entry type="1" type_name="REG_SZ">
4968 <Key>Software\Policies\Samba\Unix Settings\Firewalld\Rules</Key>
4969 <ValueName>Rules</ValueName>
4970 <Value>{"work": [{"rule": {"family": "ipv4"}, "source address": "172.25.1.7", "service name": "ftp", "reject": {}}]}</Value>
4972 <Entry type="1" type_name="REG_SZ">
4973 <Key>Software\Policies\Samba\Unix Settings\Firewalld\Zones</Key>
4974 <ValueName>**delvals.</ValueName>
4977 <Entry type="1" type_name="REG_SZ">
4978 <Key>Software\Policies\Samba\Unix Settings\Firewalld\Zones</Key>
4979 <ValueName>work</ValueName>
4982 <Entry type="1" type_name="REG_SZ">
4983 <Key>Software\Policies\Samba\Unix Settings\Firewalld\Zones</Key>
4984 <ValueName>home</ValueName>
4990 def days2rel_nttime(val):
4995 return -(val * seconds * minutes * hours * sam_add)
4997 def gpupdate(lp, arg):
4998 gpupdate = lp.get('gpo update command')
4999 gpupdate.append(arg)
5001 p = Popen(gpupdate, stdout=PIPE, stderr=PIPE)
5002 stdoutdata, stderrdata = p.communicate()
5006 def gpupdate_force(lp):
5007 return gpupdate(lp, '--force')
5009 def gpupdate_unapply(lp):
5010 return gpupdate(lp, '--unapply')
5013 return gpupdate(lp, '--rsop')
5015 def stage_file(path, data):
5016 dirname = os.path.dirname(path)
5017 if not os.path.exists(dirname):
5019 os.makedirs(dirname)
5020 except OSError as e:
5021 if not (e.errno == errno.EEXIST and os.path.isdir(dirname)):
5023 if os.path.exists(path):
5024 os.rename(path, '%s.bak' % path)
5025 with NamedTemporaryFile(delete=False, dir=os.path.dirname(path)) as f:
5026 f.write(get_bytes(data))
5027 os.rename(f.name, path)
5028 os.chmod(path, 0o644)
5031 def unstage_file(path):
5032 backup = '%s.bak' % path
5033 if os.path.exists(backup):
5034 os.rename(backup, path)
5035 elif os.path.exists(path):
5038 class GPOTests(tests.TestCase):
5040 super(GPOTests, self).setUp()
5041 self.server = os.environ["SERVER"]
5042 self.dc_account = self.server.upper() + '$'
5043 self.lp = s3param.get_context()
5044 self.lp.load_default()
5045 self.creds = self.insta_creds(template=self.get_credentials())
5048 super(GPOTests, self).tearDown()
5050 def test_gpo_list(self):
5051 global poldir, dspath
5052 gpos = get_gpo_list(self.server, self.creds, self.lp,
5053 self.creds.get_username())
5054 guid = '{31B2F340-016D-11D2-945F-00C04FB984F9}'
5055 names = ['Local Policy', guid]
5056 file_sys_paths = [None, '%s\\%s' % (poldir, guid)]
5057 ds_paths = [None, 'CN=%s,%s' % (guid, dspath)]
5058 for i in range(0, len(gpos)):
5059 self.assertEqual(gpos[i].name, names[i],
5060 'The gpo name did not match expected name %s' % gpos[i].name)
5061 self.assertEqual(gpos[i].file_sys_path, file_sys_paths[i],
5062 'file_sys_path did not match expected %s' % gpos[i].file_sys_path)
5063 self.assertEqual(gpos[i].ds_path, ds_paths[i],
5064 'ds_path did not match expected %s' % gpos[i].ds_path)
5066 def test_gpt_version(self):
5068 local_path = self.lp.cache_path('gpo_cache')
5069 guid = '{31B2F340-016D-11D2-945F-00C04FB984F9}'
5070 gpo_path = os.path.join(local_path, policies, guid)
5071 old_vers = gpo.gpo_get_sysvol_gpt_version(gpo_path)[1]
5073 with open(os.path.join(gpo_path, 'GPT.INI'), 'w') as gpt:
5074 gpt.write(gpt_data % 42)
5075 self.assertEqual(gpo.gpo_get_sysvol_gpt_version(gpo_path)[1], 42,
5076 'gpo_get_sysvol_gpt_version() did not return the expected version')
5078 with open(os.path.join(gpo_path, 'GPT.INI'), 'w') as gpt:
5079 gpt.write(gpt_data % old_vers)
5080 self.assertEqual(gpo.gpo_get_sysvol_gpt_version(gpo_path)[1], old_vers,
5081 'gpo_get_sysvol_gpt_version() did not return the expected version')
5083 def test_check_refresh_gpo_list(self):
5084 cache = self.lp.cache_path('gpo_cache')
5085 gpos = get_gpo_list(self.server, self.creds, self.lp,
5086 self.creds.get_username())
5087 check_refresh_gpo_list(self.server, self.lp, self.creds, gpos)
5089 self.assertTrue(os.path.exists(cache),
5090 'GPO cache %s was not created' % cache)
5092 guid = '{31B2F340-016D-11D2-945F-00C04FB984F9}'
5093 gpt_ini = os.path.join(cache, policies,
5095 self.assertTrue(os.path.exists(gpt_ini),
5096 'GPT.INI was not cached for %s' % guid)
5098 def test_check_refresh_gpo_list_malicious_paths(self):
5099 # the path cannot contain ..
5100 path = '/usr/local/samba/var/locks/sysvol/../../../../../../root/'
5101 self.assertRaises(OSError, check_safe_path, path)
5103 self.assertEqual(check_safe_path('/etc/passwd'), 'etc/passwd')
5104 self.assertEqual(check_safe_path('\\\\etc/\\passwd'), 'etc/passwd')
5106 # there should be no backslashes used to delineate paths
5107 before = 'sysvol/' + realm + '\\Policies/' \
5108 '{31B2F340-016D-11D2-945F-00C04FB984F9}\\GPT.INI'
5109 after = realm + '/Policies/' \
5110 '{31B2F340-016D-11D2-945F-00C04FB984F9}/GPT.INI'
5111 result = check_safe_path(before)
5112 self.assertEqual(result, after, 'check_safe_path() didn\'t'
5113 ' correctly convert \\ to /')
5115 def test_check_safe_path_typesafe_name(self):
5116 path = '\\\\toady.suse.de\\SysVol\\toady.suse.de\\Policies\\' \
5117 '{31B2F340-016D-11D2-945F-00C04FB984F9}\\GPT.INI'
5118 expected_path = 'toady.suse.de/Policies/' \
5119 '{31B2F340-016D-11D2-945F-00C04FB984F9}/GPT.INI'
5121 result = check_safe_path(path)
5122 self.assertEqual(result, expected_path,
5123 'check_safe_path unable to detect variable case sysvol components')
5125 def test_gpt_ext_register(self):
5126 this_path = os.path.dirname(os.path.realpath(__file__))
5127 samba_path = os.path.realpath(os.path.join(this_path, '../../../'))
5128 ext_path = os.path.join(samba_path, 'python/samba/gp/gp_sec_ext.py')
5129 ext_guid = '{827D319E-6EAC-11D2-A4EA-00C04F79F83A}'
5130 ret = register_gp_extension(ext_guid, 'gp_access_ext', ext_path,
5131 smb_conf=self.lp.configfile,
5132 machine=True, user=False)
5133 self.assertTrue(ret, 'Failed to register a gp ext')
5134 gp_exts = list_gp_extensions(self.lp.configfile)
5135 self.assertTrue(ext_guid in gp_exts.keys(),
5136 'Failed to list gp exts')
5137 self.assertEqual(gp_exts[ext_guid]['DllName'], ext_path,
5138 'Failed to list gp exts')
5140 unregister_gp_extension(ext_guid)
5141 gp_exts = list_gp_extensions(self.lp.configfile)
5142 self.assertTrue(ext_guid not in gp_exts.keys(),
5143 'Failed to unregister gp exts')
5145 self.assertTrue(check_guid(ext_guid), 'Failed to parse valid guid')
5146 self.assertFalse(check_guid('AAAAAABBBBBBBCCC'), 'Parsed invalid guid')
5148 lp, parser = parse_gpext_conf(self.lp.configfile)
5149 self.assertTrue(lp and parser, 'parse_gpext_conf() invalid return')
5150 parser.add_section('test_section')
5151 parser.set('test_section', 'test_var', ext_guid)
5152 atomic_write_conf(lp, parser)
5154 lp, parser = parse_gpext_conf(self.lp.configfile)
5155 self.assertTrue('test_section' in parser.sections(),
5156 'test_section not found in gpext.conf')
5157 self.assertEqual(parser.get('test_section', 'test_var'), ext_guid,
5158 'Failed to find test variable in gpext.conf')
5159 parser.remove_section('test_section')
5160 atomic_write_conf(lp, parser)
5162 def test_gp_log_get_applied(self):
5163 local_path = self.lp.get('path', 'sysvol')
5164 guids = ['{31B2F340-016D-11D2-945F-00C04FB984F9}',
5165 '{6AC1786C-016F-11D2-945F-00C04FB984F9}']
5166 gpofile = '%s/' + realm + '/Policies/%s/MACHINE/Microsoft/' \
5167 'Windows NT/SecEdit/GptTmpl.inf'
5168 stage = '[System Access]\nMinimumPasswordAge = 998\n'
5169 cache_dir = self.lp.get('cache directory')
5170 store = GPOStorage(os.path.join(cache_dir, 'gpo.tdb'))
5172 gpttmpl = gpofile % (local_path, guid)
5173 ret = stage_file(gpttmpl, stage)
5174 self.assertTrue(ret, 'Could not create the target %s' % gpttmpl)
5176 ret = gpupdate_force(self.lp)
5177 self.assertEqual(ret, 0, 'gpupdate force failed')
5179 gp_db = store.get_gplog(self.dc_account)
5181 applied_guids = gp_db.get_applied_guids()
5182 self.assertEqual(len(applied_guids), 2, 'The guids were not found')
5183 self.assertIn(guids[0], applied_guids,
5184 '%s not in applied guids' % guids[0])
5185 self.assertIn(guids[1], applied_guids,
5186 '%s not in applied guids' % guids[1])
5188 applied_settings = gp_db.get_applied_settings(applied_guids)
5189 for policy in applied_settings:
5190 self.assertIn('System Access', policy[1],
5191 'System Access policies not set')
5192 self.assertIn('minPwdAge', policy[1]['System Access'],
5193 'minPwdAge policy not set')
5194 if policy[0] == guids[0]:
5195 self.assertEqual(int(policy[1]['System Access']['minPwdAge']),
5197 'minPwdAge policy not set')
5198 elif policy[0] == guids[1]:
5199 self.assertEqual(int(policy[1]['System Access']['minPwdAge']),
5200 days2rel_nttime(998),
5201 'minPwdAge policy not set')
5203 gpos = get_gpo_list(self.server, self.creds, self.lp,
5205 del_gpos = get_deleted_gpos_list(gp_db, gpos[:-1])
5206 self.assertEqual(len(del_gpos), 1, 'Returned delete gpos is incorrect')
5207 self.assertEqual(guids[-1], del_gpos[0][0],
5208 'GUID for delete gpo is incorrect')
5209 self.assertIn('System Access', del_gpos[0][1],
5210 'System Access policies not set for removal')
5211 self.assertIn('minPwdAge', del_gpos[0][1]['System Access'],
5212 'minPwdAge policy not set for removal')
5215 gpttmpl = gpofile % (local_path, guid)
5216 unstage_file(gpttmpl)
5218 ret = gpupdate_unapply(self.lp)
5219 self.assertEqual(ret, 0, 'gpupdate unapply failed')
5221 def test_process_group_policy(self):
5222 local_path = self.lp.cache_path('gpo_cache')
5223 guids = ['{31B2F340-016D-11D2-945F-00C04FB984F9}',
5224 '{6AC1786C-016F-11D2-945F-00C04FB984F9}']
5225 gpofile = '%s/' + policies + '/%s/MACHINE/MICROSOFT/' \
5226 'WINDOWS NT/SECEDIT/GPTTMPL.INF'
5227 cache_dir = self.lp.get('cache directory')
5228 store = GPOStorage(os.path.join(cache_dir, 'gpo.tdb'))
5230 machine_creds = Credentials()
5231 machine_creds.guess(self.lp)
5232 machine_creds.set_machine_account()
5234 # Initialize the group policy extension
5235 ext = gp_krb_ext(self.lp, machine_creds,
5236 machine_creds.get_username(), store)
5238 gpos = get_gpo_list(self.server, machine_creds, self.lp,
5239 machine_creds.get_username())
5241 # Include MaxClockSkew to ensure we don't fail on a key we ignore
5242 stage = '[Kerberos Policy]\nMaxTicketAge = %d\nMaxClockSkew = 5'
5244 for i in range(0, 2):
5245 gpttmpl = gpofile % (local_path, guids[i])
5246 ret = stage_file(gpttmpl, stage % opts[i])
5247 self.assertTrue(ret, 'Could not create the target %s' % gpttmpl)
5250 ext.process_group_policy([], gpos)
5252 ret = store.get_int('kdc:user_ticket_lifetime')
5253 self.assertEqual(ret, opts[1], 'Higher priority policy was not set')
5256 gp_db = store.get_gplog(machine_creds.get_username())
5257 del_gpos = get_deleted_gpos_list(gp_db, [])
5258 ext.process_group_policy(del_gpos, [])
5260 ret = store.get_int('kdc:user_ticket_lifetime')
5261 self.assertEqual(ret, None, 'MaxTicketAge should not have applied')
5263 # Process just the first gpo
5264 ext.process_group_policy([], gpos[:-1])
5266 ret = store.get_int('kdc:user_ticket_lifetime')
5267 self.assertEqual(ret, opts[0], 'Lower priority policy was not set')
5270 ext.process_group_policy(del_gpos, [])
5273 gpttmpl = gpofile % (local_path, guid)
5274 unstage_file(gpttmpl)
5276 def test_gp_scripts(self):
5277 local_path = self.lp.cache_path('gpo_cache')
5278 guid = '{31B2F340-016D-11D2-945F-00C04FB984F9}'
5279 reg_pol = os.path.join(local_path, policies, guid,
5280 'MACHINE/REGISTRY.POL')
5281 cache_dir = self.lp.get('cache directory')
5282 store = GPOStorage(os.path.join(cache_dir, 'gpo.tdb'))
5284 machine_creds = Credentials()
5285 machine_creds.guess(self.lp)
5286 machine_creds.set_machine_account()
5288 # Initialize the group policy extension
5289 ext = gp_scripts_ext(self.lp, machine_creds,
5290 machine_creds.get_username(), store)
5292 gpos = get_gpo_list(self.server, machine_creds, self.lp,
5293 machine_creds.get_username())
5295 reg_key = b'Software\\Policies\\Samba\\Unix Settings'
5296 sections = { b'%s\\Daily Scripts' % reg_key : '.cron.daily',
5297 b'%s\\Monthly Scripts' % reg_key : '.cron.monthly',
5298 b'%s\\Weekly Scripts' % reg_key : '.cron.weekly',
5299 b'%s\\Hourly Scripts' % reg_key : '.cron.hourly' }
5300 for keyname in sections.keys():
5301 # Stage the Registry.pol file with test data
5305 e.valuename = b'Software\\Policies\\Samba\\Unix Settings'
5307 e.data = b'echo hello world'
5308 stage.num_entries = 1
5310 ret = stage_file(reg_pol, ndr_pack(stage))
5311 self.assertTrue(ret, 'Could not create the target %s' % reg_pol)
5313 # Process all gpos, with temp output directory
5314 with TemporaryDirectory(sections[keyname]) as dname:
5315 ext.process_group_policy([], gpos, dname)
5316 scripts = os.listdir(dname)
5317 self.assertEqual(len(scripts), 1,
5318 'The %s script was not created' % keyname.decode())
5319 out, _ = Popen([os.path.join(dname, scripts[0])], stdout=PIPE).communicate()
5320 self.assertIn(b'hello world', out,
5321 '%s script execution failed' % keyname.decode())
5323 # Check that a call to gpupdate --rsop also succeeds
5325 self.assertEqual(ret, 0, 'gpupdate --rsop failed!')
5328 gp_db = store.get_gplog(machine_creds.get_username())
5329 del_gpos = get_deleted_gpos_list(gp_db, [])
5330 ext.process_group_policy(del_gpos, [])
5331 self.assertEqual(len(os.listdir(dname)), 0,
5332 'Unapply failed to cleanup scripts')
5334 # Unstage the Registry.pol file
5335 unstage_file(reg_pol)
5337 def test_gp_sudoers(self):
5338 local_path = self.lp.cache_path('gpo_cache')
5339 guid = '{31B2F340-016D-11D2-945F-00C04FB984F9}'
5340 reg_pol = os.path.join(local_path, policies, guid,
5341 'MACHINE/REGISTRY.POL')
5342 cache_dir = self.lp.get('cache directory')
5343 store = GPOStorage(os.path.join(cache_dir, 'gpo.tdb'))
5345 machine_creds = Credentials()
5346 machine_creds.guess(self.lp)
5347 machine_creds.set_machine_account()
5349 # Initialize the group policy extension
5350 ext = gp_sudoers_ext(self.lp, machine_creds,
5351 machine_creds.get_username(), store)
5353 gpos = get_gpo_list(self.server, machine_creds, self.lp,
5354 machine_creds.get_username())
5356 # Stage the Registry.pol file with test data
5359 e.keyname = b'Software\\Policies\\Samba\\Unix Settings\\Sudo Rights'
5360 e.valuename = b'Software\\Policies\\Samba\\Unix Settings'
5362 e.data = b'fakeu ALL=(ALL) NOPASSWD: ALL'
5363 stage.num_entries = 1
5365 ret = stage_file(reg_pol, ndr_pack(stage))
5366 self.assertTrue(ret, 'Could not create the target %s' % reg_pol)
5368 # Process all gpos, with temp output directory
5369 with TemporaryDirectory() as dname:
5370 ext.process_group_policy([], gpos, dname)
5371 sudoers = os.listdir(dname)
5372 self.assertEqual(len(sudoers), 1, 'The sudoer file was not created')
5373 self.assertIn(e.data,
5374 open(os.path.join(dname, sudoers[0]), 'r').read(),
5375 'The sudoers entry was not applied')
5377 # Check that a call to gpupdate --rsop also succeeds
5379 self.assertEqual(ret, 0, 'gpupdate --rsop failed!')
5382 gp_db = store.get_gplog(machine_creds.get_username())
5383 del_gpos = get_deleted_gpos_list(gp_db, [])
5384 ext.process_group_policy(del_gpos, [])
5385 self.assertEqual(len(os.listdir(dname)), 0,
5386 'Unapply failed to cleanup scripts')
5388 # Unstage the Registry.pol file
5389 unstage_file(reg_pol)
5391 def test_vgp_sudoers(self):
5392 local_path = self.lp.cache_path('gpo_cache')
5393 guid = '{31B2F340-016D-11D2-945F-00C04FB984F9}'
5394 manifest = os.path.join(local_path, policies, guid, 'MACHINE',
5395 'VGP/VTLA/SUDO/SUDOERSCONFIGURATION/MANIFEST.XML')
5396 cache_dir = self.lp.get('cache directory')
5397 store = GPOStorage(os.path.join(cache_dir, 'gpo.tdb'))
5399 machine_creds = Credentials()
5400 machine_creds.guess(self.lp)
5401 machine_creds.set_machine_account()
5403 # Initialize the group policy extension
5404 ext = vgp_sudoers_ext(self.lp, machine_creds,
5405 machine_creds.get_username(), store)
5407 gpos = get_gpo_list(self.server, machine_creds, self.lp,
5408 machine_creds.get_username())
5410 # Stage the manifest.xml file with test data
5411 stage = etree.Element('vgppolicy')
5412 policysetting = etree.Element('policysetting')
5413 stage.append(policysetting)
5414 version = etree.Element('version')
5416 policysetting.append(version)
5417 data = etree.Element('data')
5418 sudoers_entry = etree.Element('sudoers_entry')
5419 command = etree.Element('command')
5420 command.text = 'ALL'
5421 sudoers_entry.append(command)
5422 user = etree.Element('user')
5424 sudoers_entry.append(user)
5425 principal_list = etree.Element('listelement')
5426 principal = etree.Element('principal')
5427 principal.text = 'fakeu'
5428 principal.attrib['type'] = 'user'
5429 group = etree.Element('principal')
5430 group.text = 'fakeg'
5431 group.attrib['type'] = 'group'
5432 principal_list.append(principal)
5433 principal_list.append(group)
5434 sudoers_entry.append(principal_list)
5435 data.append(sudoers_entry)
5436 # Ensure an empty principal doesn't cause a crash
5437 sudoers_entry = etree.SubElement(data, 'sudoers_entry')
5438 command = etree.SubElement(sudoers_entry, 'command')
5439 command.text = 'ALL'
5440 user = etree.SubElement(sudoers_entry, 'user')
5442 # Ensure having dispersed principals still works
5443 sudoers_entry = etree.SubElement(data, 'sudoers_entry')
5444 command = etree.SubElement(sudoers_entry, 'command')
5445 command.text = 'ALL'
5446 user = etree.SubElement(sudoers_entry, 'user')
5448 listelement = etree.SubElement(sudoers_entry, 'listelement')
5449 principal = etree.SubElement(listelement, 'principal')
5450 principal.text = 'fakeu2'
5451 principal.attrib['type'] = 'user'
5452 listelement = etree.SubElement(sudoers_entry, 'listelement')
5453 group = etree.SubElement(listelement, 'principal')
5454 group.text = 'fakeg2'
5455 group.attrib['type'] = 'group'
5456 policysetting.append(data)
5457 ret = stage_file(manifest, etree.tostring(stage))
5458 self.assertTrue(ret, 'Could not create the target %s' % manifest)
5460 # Process all gpos, with temp output directory
5461 data = 'fakeu,fakeg% ALL=(ALL) NOPASSWD: ALL'
5462 data2 = 'fakeu2,fakeg2% ALL=(ALL) NOPASSWD: ALL'
5463 data_no_principal = 'ALL ALL=(ALL) NOPASSWD: ALL'
5464 with TemporaryDirectory() as dname:
5465 ext.process_group_policy([], gpos, dname)
5466 sudoers = os.listdir(dname)
5467 self.assertEqual(len(sudoers), 3, 'The sudoer file was not created')
5468 output = open(os.path.join(dname, sudoers[0]), 'r').read() + \
5469 open(os.path.join(dname, sudoers[1]), 'r').read() + \
5470 open(os.path.join(dname, sudoers[2]), 'r').read()
5471 self.assertIn(data, output,
5472 'The sudoers entry was not applied')
5473 self.assertIn(data2, output,
5474 'The sudoers entry was not applied')
5475 self.assertIn(data_no_principal, output,
5476 'The sudoers entry was not applied')
5478 # Check that a call to gpupdate --rsop also succeeds
5480 self.assertEqual(ret, 0, 'gpupdate --rsop failed!')
5483 gp_db = store.get_gplog(machine_creds.get_username())
5484 del_gpos = get_deleted_gpos_list(gp_db, [])
5485 ext.process_group_policy(del_gpos, [])
5486 self.assertEqual(len(os.listdir(dname)), 0,
5487 'Unapply failed to cleanup scripts')
5489 # Unstage the Registry.pol file
5490 unstage_file(manifest)
5492 def test_gp_inf_ext_utf(self):
5493 cache_dir = self.lp.get('cache directory')
5494 store = GPOStorage(os.path.join(cache_dir, 'gpo.tdb'))
5496 machine_creds = Credentials()
5497 machine_creds.guess(self.lp)
5498 machine_creds.set_machine_account()
5500 ext = gp_inf_ext(self.lp, machine_creds,
5501 machine_creds.get_username(), store)
5502 test_data = '[Kerberos Policy]\nMaxTicketAge = 99\n'
5504 with NamedTemporaryFile() as f:
5505 with codecs.open(f.name, 'w', 'utf-16') as w:
5508 inf_conf = ext.read(f.name)
5509 except UnicodeDecodeError:
5510 self.fail('Failed to parse utf-16')
5511 self.assertIn('Kerberos Policy', inf_conf.keys(),
5512 'Kerberos Policy was not read from the file')
5513 self.assertEqual(inf_conf.get('Kerberos Policy', 'MaxTicketAge'),
5514 '99', 'MaxTicketAge was not read from the file')
5516 with NamedTemporaryFile() as f:
5517 with codecs.open(f.name, 'w', 'utf-8') as w:
5519 inf_conf = ext.read(f.name)
5520 self.assertIn('Kerberos Policy', inf_conf.keys(),
5521 'Kerberos Policy was not read from the file')
5522 self.assertEqual(inf_conf.get('Kerberos Policy', 'MaxTicketAge'),
5523 '99', 'MaxTicketAge was not read from the file')
5525 def test_rsop(self):
5526 cache_dir = self.lp.get('cache directory')
5527 local_path = self.lp.cache_path('gpo_cache')
5528 store = GPOStorage(os.path.join(cache_dir, 'gpo.tdb'))
5530 machine_creds = Credentials()
5531 machine_creds.guess(self.lp)
5532 machine_creds.set_machine_account()
5534 gpos = get_gpo_list(self.server, machine_creds, self.lp,
5535 machine_creds.get_username())
5538 gp_extensions.append(gp_krb_ext)
5539 gp_extensions.append(gp_scripts_ext)
5540 gp_extensions.append(gp_sudoers_ext)
5541 gp_extensions.append(gp_smb_conf_ext)
5542 gp_extensions.append(gp_msgs_ext)
5544 # Create registry stage data
5545 reg_pol = os.path.join(local_path, policies, '%s/MACHINE/REGISTRY.POL')
5546 reg_stage = preg.file()
5548 e.keyname = b'Software\\Policies\\Samba\\Unix Settings\\Daily Scripts'
5549 e.valuename = b'Software\\Policies\\Samba\\Unix Settings'
5551 e.data = b'echo hello world'
5553 e2.keyname = b'Software\\Policies\\Samba\\Unix Settings\\Sudo Rights'
5554 e2.valuename = b'Software\\Policies\\Samba\\Unix Settings'
5556 e2.data = b'fakeu ALL=(ALL) NOPASSWD: ALL'
5558 e3.keyname = 'Software\\Policies\\Samba\\smb_conf\\apply group policies'
5561 e3.valuename = 'apply group policies'
5563 e4.keyname = b'Software\\Policies\\Samba\\Unix Settings\\Messages'
5564 e4.valuename = b'issue'
5566 e4.data = b'Welcome to \\s \\r \\l'
5567 reg_stage.num_entries = 4
5568 reg_stage.entries = [e, e2, e3, e4]
5570 # Create krb stage date
5571 gpofile = os.path.join(local_path, policies, '%s/MACHINE/MICROSOFT/' \
5572 'WINDOWS NT/SECEDIT/GPTTMPL.INF')
5573 krb_stage = '[Kerberos Policy]\nMaxTicketAge = 99\n' \
5574 '[System Access]\nMinimumPasswordAge = 998\n'
5576 for g in [g for g in gpos if g.file_sys_path]:
5577 ret = stage_file(gpofile % g.name, krb_stage)
5578 self.assertTrue(ret, 'Could not create the target %s' %
5580 ret = stage_file(reg_pol % g.name, ndr_pack(reg_stage))
5581 self.assertTrue(ret, 'Could not create the target %s' %
5583 for ext in gp_extensions:
5584 ext = ext(self.lp, machine_creds,
5585 machine_creds.get_username(), store)
5587 self.assertEqual(len(ret.keys()), 1,
5588 'A single policy should have been displayed')
5590 # Check the Security Extension
5591 if type(ext) == gp_krb_ext:
5592 self.assertIn('Kerberos Policy', ret.keys(),
5593 'Kerberos Policy not found')
5594 self.assertIn('MaxTicketAge', ret['Kerberos Policy'],
5595 'MaxTicketAge setting not found')
5596 self.assertEqual(ret['Kerberos Policy']['MaxTicketAge'], '99',
5597 'MaxTicketAge was not set to 99')
5598 # Check the Scripts Extension
5599 elif type(ext) == gp_scripts_ext:
5600 self.assertIn('Daily Scripts', ret.keys(),
5601 'Daily Scripts not found')
5602 self.assertIn('echo hello world', ret['Daily Scripts'],
5603 'Daily script was not created')
5604 # Check the Sudoers Extension
5605 elif type(ext) == gp_sudoers_ext:
5606 self.assertIn('Sudo Rights', ret.keys(),
5607 'Sudoers not found')
5608 self.assertIn('fakeu ALL=(ALL) NOPASSWD: ALL',
5610 'Sudoers policy not created')
5611 # Check the smb.conf Extension
5612 elif type(ext) == gp_smb_conf_ext:
5613 self.assertIn('smb.conf', ret.keys(),
5614 'apply group policies was not applied')
5615 self.assertIn(e3.valuename, ret['smb.conf'],
5616 'apply group policies was not applied')
5617 self.assertEqual(ret['smb.conf'][e3.valuename], e3.data,
5618 'apply group policies was not set')
5619 # Check the Messages Extension
5620 elif type(ext) == gp_msgs_ext:
5621 self.assertIn('/etc/issue', ret,
5622 'Login Prompt Message not applied')
5623 self.assertEqual(ret['/etc/issue'], e4.data,
5624 'Login Prompt Message not set')
5626 # Check that a call to gpupdate --rsop also succeeds
5628 self.assertEqual(ret, 0, 'gpupdate --rsop failed!')
5630 unstage_file(gpofile % g.name)
5631 unstage_file(reg_pol % g.name)
5633 def test_gp_unapply(self):
5634 cache_dir = self.lp.get('cache directory')
5635 local_path = self.lp.cache_path('gpo_cache')
5636 guid = '{31B2F340-016D-11D2-945F-00C04FB984F9}'
5637 store = GPOStorage(os.path.join(cache_dir, 'gpo.tdb'))
5639 machine_creds = Credentials()
5640 machine_creds.guess(self.lp)
5641 machine_creds.set_machine_account()
5643 gpos = get_gpo_list(self.server, machine_creds, self.lp,
5644 machine_creds.get_username())
5647 gp_extensions.append(gp_krb_ext)
5648 gp_extensions.append(gp_scripts_ext)
5649 gp_extensions.append(gp_sudoers_ext)
5651 # Create registry stage data
5652 reg_pol = os.path.join(local_path, policies, '%s/MACHINE/REGISTRY.POL')
5653 reg_stage = preg.file()
5655 e.keyname = b'Software\\Policies\\Samba\\Unix Settings\\Daily Scripts'
5656 e.valuename = b'Software\\Policies\\Samba\\Unix Settings'
5658 e.data = b'echo hello world'
5660 e2.keyname = b'Software\\Policies\\Samba\\Unix Settings\\Sudo Rights'
5661 e2.valuename = b'Software\\Policies\\Samba\\Unix Settings'
5663 e2.data = b'fakeu ALL=(ALL) NOPASSWD: ALL'
5664 reg_stage.num_entries = 2
5665 reg_stage.entries = [e, e2]
5667 # Create krb stage date
5668 gpofile = os.path.join(local_path, policies, '%s/MACHINE/MICROSOFT/' \
5669 'WINDOWS NT/SECEDIT/GPTTMPL.INF')
5670 krb_stage = '[Kerberos Policy]\nMaxTicketAge = 99\n'
5672 ret = stage_file(gpofile % guid, krb_stage)
5673 self.assertTrue(ret, 'Could not create the target %s' %
5675 ret = stage_file(reg_pol % guid, ndr_pack(reg_stage))
5676 self.assertTrue(ret, 'Could not create the target %s' %
5679 # Process all gpos, with temp output directory
5681 with TemporaryDirectory() as dname:
5682 for ext in gp_extensions:
5683 ext = ext(self.lp, machine_creds,
5684 machine_creds.get_username(), store)
5685 if type(ext) == gp_krb_ext:
5686 ext.process_group_policy([], gpos)
5687 ret = store.get_int('kdc:user_ticket_lifetime')
5688 self.assertEqual(ret, 99, 'Kerberos policy was not set')
5689 elif type(ext) in [gp_scripts_ext, gp_sudoers_ext]:
5690 ext.process_group_policy([], gpos, dname)
5691 gp_db = store.get_gplog(machine_creds.get_username())
5692 applied_settings = gp_db.get_applied_settings([guid])
5693 for _, fname in applied_settings[-1][-1][str(ext)].items():
5694 fname = fname.split(':')[-1]
5695 self.assertIn(dname, fname,
5696 'Test file not created in tmp dir')
5697 self.assertTrue(os.path.exists(fname),
5698 'Test file not created')
5699 remove.append(fname)
5701 # Unapply policy, and ensure policies are removed
5702 gpupdate_unapply(self.lp)
5704 for fname in remove:
5705 self.assertFalse(os.path.exists(fname),
5706 'Unapply did not remove test file')
5707 ret = store.get_int('kdc:user_ticket_lifetime')
5708 self.assertNotEqual(ret, 99, 'Kerberos policy was not unapplied')
5710 unstage_file(gpofile % guid)
5711 unstage_file(reg_pol % guid)
5713 def test_smb_conf_ext(self):
5714 local_path = self.lp.cache_path('gpo_cache')
5715 guid = '{31B2F340-016D-11D2-945F-00C04FB984F9}'
5716 reg_pol = os.path.join(local_path, policies, guid,
5717 'MACHINE/REGISTRY.POL')
5718 cache_dir = self.lp.get('cache directory')
5719 store = GPOStorage(os.path.join(cache_dir, 'gpo.tdb'))
5721 machine_creds = Credentials()
5722 machine_creds.guess(self.lp)
5723 machine_creds.set_machine_account()
5725 gpos = get_gpo_list(self.server, machine_creds, self.lp,
5726 machine_creds.get_username())
5730 e.keyname = 'Software\\Policies\\Samba\\smb_conf\\template homedir'
5732 e.data = '/home/samba/%D/%U'
5733 e.valuename = 'template homedir'
5736 e.keyname = 'Software\\Policies\\Samba\\smb_conf\\apply group policies'
5739 e.valuename = 'apply group policies'
5742 e.keyname = 'Software\\Policies\\Samba\\smb_conf\\ldap timeout'
5745 e.valuename = 'ldap timeout'
5748 stage.num_entries = len(entries)
5749 stage.entries = entries
5751 ret = stage_file(reg_pol, ndr_pack(stage))
5752 self.assertTrue(ret, 'Failed to create the Registry.pol file')
5754 with NamedTemporaryFile(suffix='_smb.conf') as f:
5755 copyfile(self.lp.configfile, f.name)
5756 lp = LoadParm(f.name)
5758 # Initialize the group policy extension
5759 ext = gp_smb_conf_ext(lp, machine_creds,
5760 machine_creds.get_username(), store)
5761 ext.process_group_policy([], gpos)
5762 lp = LoadParm(f.name)
5764 template_homedir = lp.get('template homedir')
5765 self.assertEqual(template_homedir, '/home/samba/%D/%U',
5766 'template homedir was not applied')
5767 apply_group_policies = lp.get('apply group policies')
5768 self.assertTrue(apply_group_policies,
5769 'apply group policies was not applied')
5770 ldap_timeout = lp.get('ldap timeout')
5771 self.assertEqual(ldap_timeout, 9999, 'ldap timeout was not applied')
5773 # Check that a call to gpupdate --rsop also succeeds
5775 self.assertEqual(ret, 0, 'gpupdate --rsop failed!')
5778 gp_db = store.get_gplog(machine_creds.get_username())
5779 del_gpos = get_deleted_gpos_list(gp_db, [])
5780 ext.process_group_policy(del_gpos, [])
5782 lp = LoadParm(f.name)
5784 template_homedir = lp.get('template homedir')
5785 self.assertEqual(template_homedir, self.lp.get('template homedir'),
5786 'template homedir was not unapplied')
5787 apply_group_policies = lp.get('apply group policies')
5788 self.assertEqual(apply_group_policies, self.lp.get('apply group policies'),
5789 'apply group policies was not unapplied')
5790 ldap_timeout = lp.get('ldap timeout')
5791 self.assertEqual(ldap_timeout, self.lp.get('ldap timeout'),
5792 'ldap timeout was not unapplied')
5794 # Unstage the Registry.pol file
5795 unstage_file(reg_pol)
5797 def test_gp_motd(self):
5798 local_path = self.lp.cache_path('gpo_cache')
5799 guid = '{31B2F340-016D-11D2-945F-00C04FB984F9}'
5800 reg_pol = os.path.join(local_path, policies, guid,
5801 'MACHINE/REGISTRY.POL')
5802 cache_dir = self.lp.get('cache directory')
5803 store = GPOStorage(os.path.join(cache_dir, 'gpo.tdb'))
5805 machine_creds = Credentials()
5806 machine_creds.guess(self.lp)
5807 machine_creds.set_machine_account()
5809 # Initialize the group policy extension
5810 ext = gp_msgs_ext(self.lp, machine_creds,
5811 machine_creds.get_username(), store)
5813 gpos = get_gpo_list(self.server, machine_creds, self.lp,
5814 machine_creds.get_username())
5816 # Stage the Registry.pol file with test data
5819 e1.keyname = b'Software\\Policies\\Samba\\Unix Settings\\Messages'
5820 e1.valuename = b'motd'
5822 e1.data = b'Have a lot of fun!'
5823 stage.num_entries = 2
5825 e2.keyname = b'Software\\Policies\\Samba\\Unix Settings\\Messages'
5826 e2.valuename = b'issue'
5828 e2.data = b'Welcome to \\s \\r \\l'
5829 stage.entries = [e1, e2]
5830 ret = stage_file(reg_pol, ndr_pack(stage))
5831 self.assertTrue(ret, 'Could not create the target %s' % reg_pol)
5833 # Process all gpos, with temp output directory
5834 with TemporaryDirectory() as dname:
5835 ext.process_group_policy([], gpos, dname)
5836 motd_file = os.path.join(dname, 'motd')
5837 self.assertTrue(os.path.exists(motd_file),
5838 'Message of the day file not created')
5839 data = open(motd_file, 'r').read()
5840 self.assertEqual(data, e1.data, 'Message of the day not applied')
5841 issue_file = os.path.join(dname, 'issue')
5842 self.assertTrue(os.path.exists(issue_file),
5843 'Login Prompt Message file not created')
5844 data = open(issue_file, 'r').read()
5845 self.assertEqual(data, e2.data, 'Login Prompt Message not applied')
5847 # Check that a call to gpupdate --rsop also succeeds
5849 self.assertEqual(ret, 0, 'gpupdate --rsop failed!')
5851 # Unapply policy, and ensure the test files are removed
5852 gp_db = store.get_gplog(machine_creds.get_username())
5853 del_gpos = get_deleted_gpos_list(gp_db, [])
5854 ext.process_group_policy(del_gpos, [], dname)
5855 data = open(motd_file, 'r').read()
5856 self.assertFalse(data, 'Message of the day file not removed')
5857 data = open(issue_file, 'r').read()
5858 self.assertFalse(data, 'Login Prompt Message file not removed')
5860 # Unstage the Registry.pol file
5861 unstage_file(reg_pol)
5863 def test_vgp_symlink(self):
5864 local_path = self.lp.cache_path('gpo_cache')
5865 guid = '{31B2F340-016D-11D2-945F-00C04FB984F9}'
5866 manifest = os.path.join(local_path, policies, guid, 'MACHINE',
5867 'VGP/VTLA/UNIX/SYMLINK/MANIFEST.XML')
5868 cache_dir = self.lp.get('cache directory')
5869 store = GPOStorage(os.path.join(cache_dir, 'gpo.tdb'))
5871 machine_creds = Credentials()
5872 machine_creds.guess(self.lp)
5873 machine_creds.set_machine_account()
5875 # Initialize the group policy extension
5876 ext = vgp_symlink_ext(self.lp, machine_creds,
5877 machine_creds.get_username(), store)
5879 gpos = get_gpo_list(self.server, machine_creds, self.lp,
5880 machine_creds.get_username())
5882 with TemporaryDirectory() as dname:
5883 test_source = os.path.join(dname, 'test.source')
5884 test_target = os.path.join(dname, 'test.target')
5886 # Stage the manifest.xml file with test data
5887 stage = etree.Element('vgppolicy')
5888 policysetting = etree.Element('policysetting')
5889 stage.append(policysetting)
5890 version = etree.Element('version')
5892 policysetting.append(version)
5893 data = etree.Element('data')
5894 file_properties = etree.Element('file_properties')
5895 source = etree.Element('source')
5896 source.text = test_source
5897 file_properties.append(source)
5898 target = etree.Element('target')
5899 target.text = test_target
5900 file_properties.append(target)
5901 data.append(file_properties)
5902 policysetting.append(data)
5903 ret = stage_file(manifest, etree.tostring(stage))
5904 self.assertTrue(ret, 'Could not create the target %s' % manifest)
5906 # Create test source
5907 test_source_data = 'hello world!'
5908 with open(test_source, 'w') as w:
5909 w.write(test_source_data)
5911 # Process all gpos, with temp output directory
5912 ext.process_group_policy([], gpos)
5913 self.assertTrue(os.path.exists(test_target),
5914 'The test symlink was not created')
5915 self.assertTrue(os.path.islink(test_target),
5916 'The test file is not a symlink')
5917 self.assertIn(test_source_data, open(test_target, 'r').read(),
5918 'Reading from symlink does not produce source data')
5920 # Unapply the policy, ensure removal
5921 gp_db = store.get_gplog(machine_creds.get_username())
5922 del_gpos = get_deleted_gpos_list(gp_db, [])
5923 ext.process_group_policy(del_gpos, [])
5924 self.assertFalse(os.path.exists(test_target),
5925 'The test symlink was not delete')
5928 ret = ext.rsop([g for g in gpos if g.name == guid][0])
5929 self.assertIn('ln -s %s %s' % (test_source, test_target),
5930 list(ret.values())[0])
5932 # Check that a call to gpupdate --rsop also succeeds
5934 self.assertEqual(ret, 0, 'gpupdate --rsop failed!')
5936 # Unstage the manifest.xml file
5937 unstage_file(manifest)
5939 def test_vgp_files(self):
5940 local_path = self.lp.cache_path('gpo_cache')
5941 guid = '{31B2F340-016D-11D2-945F-00C04FB984F9}'
5942 manifest = os.path.join(local_path, policies, guid, 'MACHINE',
5943 'VGP/VTLA/UNIX/FILES/MANIFEST.XML')
5944 source_file = os.path.join(os.path.dirname(manifest), 'TEST.SOURCE')
5945 source_data = '#!/bin/sh\necho hello world'
5946 ret = stage_file(source_file, source_data)
5947 self.assertTrue(ret, 'Could not create the target %s' % source_file)
5948 cache_dir = self.lp.get('cache directory')
5949 store = GPOStorage(os.path.join(cache_dir, 'gpo.tdb'))
5951 machine_creds = Credentials()
5952 machine_creds.guess(self.lp)
5953 machine_creds.set_machine_account()
5955 # Initialize the group policy extension
5956 ext = vgp_files_ext(self.lp, machine_creds,
5957 machine_creds.get_username(), store)
5959 gpos = get_gpo_list(self.server, machine_creds, self.lp,
5960 machine_creds.get_username())
5962 # Stage the manifest.xml file with test data
5963 with TemporaryDirectory() as dname:
5964 stage = etree.Element('vgppolicy')
5965 policysetting = etree.Element('policysetting')
5966 stage.append(policysetting)
5967 version = etree.Element('version')
5969 policysetting.append(version)
5970 data = etree.Element('data')
5971 file_properties = etree.SubElement(data, 'file_properties')
5972 source = etree.SubElement(file_properties, 'source')
5973 source.text = os.path.basename(source_file).lower()
5974 target = etree.SubElement(file_properties, 'target')
5975 target.text = os.path.join(dname, 'test.target')
5976 user = etree.SubElement(file_properties, 'user')
5977 user.text = pwd.getpwuid(os.getuid()).pw_name
5978 group = etree.SubElement(file_properties, 'group')
5979 group.text = grp.getgrgid(os.getgid()).gr_name
5980 # Request permissions of 755
5981 permissions = etree.SubElement(file_properties, 'permissions')
5982 permissions.set('type', 'user')
5983 etree.SubElement(permissions, 'read')
5984 etree.SubElement(permissions, 'write')
5985 etree.SubElement(permissions, 'execute')
5986 permissions = etree.SubElement(file_properties, 'permissions')
5987 permissions.set('type', 'group')
5988 etree.SubElement(permissions, 'read')
5989 etree.SubElement(permissions, 'execute')
5990 permissions = etree.SubElement(file_properties, 'permissions')
5991 permissions.set('type', 'other')
5992 etree.SubElement(permissions, 'read')
5993 etree.SubElement(permissions, 'execute')
5994 policysetting.append(data)
5995 ret = stage_file(manifest, etree.tostring(stage))
5996 self.assertTrue(ret, 'Could not create the target %s' % manifest)
5998 # Process all gpos, with temp output directory
5999 ext.process_group_policy([], gpos)
6000 self.assertTrue(os.path.exists(target.text),
6001 'The target file does not exist')
6002 self.assertEqual(os.stat(target.text).st_mode & 0o777, 0o755,
6003 'The target file permissions are incorrect')
6004 self.assertEqual(open(target.text).read(), source_data,
6005 'The target file contents are incorrect')
6008 gp_db = store.get_gplog(machine_creds.get_username())
6009 del_gpos = get_deleted_gpos_list(gp_db, [])
6010 ext.process_group_policy(del_gpos, [])
6011 self.assertFalse(os.path.exists(target.text),
6012 'The target file was not removed')
6015 g = [g for g in gpos if g.name == guid][0]
6017 self.assertIn(target.text, list(ret.values())[0][0],
6018 'The target file was not listed by rsop')
6019 self.assertIn('-rwxr-xr-x', list(ret.values())[0][0],
6020 'The target permissions were not listed by rsop')
6022 # Check that a call to gpupdate --rsop also succeeds
6024 self.assertEqual(ret, 0, 'gpupdate --rsop failed!')
6026 # Unstage the manifest and source files
6027 unstage_file(manifest)
6028 unstage_file(source_file)
6030 def test_vgp_openssh(self):
6031 local_path = self.lp.cache_path('gpo_cache')
6032 guid = '{31B2F340-016D-11D2-945F-00C04FB984F9}'
6033 manifest = os.path.join(local_path, policies, guid, 'MACHINE',
6034 'VGP/VTLA/SSHCFG/SSHD/MANIFEST.XML')
6035 cache_dir = self.lp.get('cache directory')
6036 store = GPOStorage(os.path.join(cache_dir, 'gpo.tdb'))
6038 machine_creds = Credentials()
6039 machine_creds.guess(self.lp)
6040 machine_creds.set_machine_account()
6042 # Initialize the group policy extension
6043 ext = vgp_openssh_ext(self.lp, machine_creds,
6044 machine_creds.get_username(), store)
6046 gpos = get_gpo_list(self.server, machine_creds, self.lp,
6047 machine_creds.get_username())
6049 # Stage the manifest.xml file with test data
6050 stage = etree.Element('vgppolicy')
6051 policysetting = etree.Element('policysetting')
6052 stage.append(policysetting)
6053 version = etree.Element('version')
6055 policysetting.append(version)
6056 data = etree.Element('data')
6057 configfile = etree.Element('configfile')
6058 configsection = etree.Element('configsection')
6059 sectionname = etree.Element('sectionname')
6060 configsection.append(sectionname)
6061 kvpair = etree.Element('keyvaluepair')
6062 key = etree.Element('key')
6063 key.text = 'AddressFamily'
6065 value = etree.Element('value')
6066 value.text = 'inet6'
6067 kvpair.append(value)
6068 configsection.append(kvpair)
6069 configfile.append(configsection)
6070 data.append(configfile)
6071 policysetting.append(data)
6072 ret = stage_file(manifest, etree.tostring(stage))
6073 self.assertTrue(ret, 'Could not create the target %s' % manifest)
6075 # Process all gpos, with temp output directory
6076 data = 'AddressFamily inet6'
6077 with TemporaryDirectory() as dname:
6078 ext.process_group_policy([], gpos, dname)
6079 conf = os.listdir(dname)
6080 self.assertEqual(len(conf), 1, 'The conf file was not created')
6081 gp_cfg = os.path.join(dname, conf[0])
6082 self.assertIn(data, open(gp_cfg, 'r').read(),
6083 'The sshd_config entry was not applied')
6085 # Check that a call to gpupdate --rsop also succeeds
6087 self.assertEqual(ret, 0, 'gpupdate --rsop failed!')
6090 gp_db = store.get_gplog(machine_creds.get_username())
6091 del_gpos = get_deleted_gpos_list(gp_db, [])
6092 ext.process_group_policy(del_gpos, [], dname)
6093 self.assertFalse(os.path.exists(gp_cfg),
6094 'Unapply failed to cleanup config')
6096 # Unstage the Registry.pol file
6097 unstage_file(manifest)
6099 def test_vgp_startup_scripts(self):
6100 local_path = self.lp.cache_path('gpo_cache')
6101 guid = '{31B2F340-016D-11D2-945F-00C04FB984F9}'
6102 manifest = os.path.join(local_path, policies, guid, 'MACHINE',
6103 'VGP/VTLA/UNIX/SCRIPTS/STARTUP/MANIFEST.XML')
6104 test_script = os.path.join(os.path.dirname(manifest), 'TEST.SH')
6105 test_data = '#!/bin/sh\necho $@ hello world'
6106 ret = stage_file(test_script, test_data)
6107 self.assertTrue(ret, 'Could not create the target %s' % test_script)
6108 cache_dir = self.lp.get('cache directory')
6109 store = GPOStorage(os.path.join(cache_dir, 'gpo.tdb'))
6111 machine_creds = Credentials()
6112 machine_creds.guess(self.lp)
6113 machine_creds.set_machine_account()
6115 # Initialize the group policy extension
6116 ext = vgp_startup_scripts_ext(self.lp, machine_creds,
6117 machine_creds.get_username(), store)
6119 gpos = get_gpo_list(self.server, machine_creds, self.lp,
6120 machine_creds.get_username())
6122 # Stage the manifest.xml file with test data
6123 stage = etree.Element('vgppolicy')
6124 policysetting = etree.SubElement(stage, 'policysetting')
6125 version = etree.SubElement(policysetting, 'version')
6127 data = etree.SubElement(policysetting, 'data')
6128 listelement = etree.SubElement(data, 'listelement')
6129 script = etree.SubElement(listelement, 'script')
6130 script.text = os.path.basename(test_script).lower()
6131 parameters = etree.SubElement(listelement, 'parameters')
6132 parameters.text = '-n'
6133 hash = etree.SubElement(listelement, 'hash')
6135 hashlib.md5(open(test_script, 'rb').read()).hexdigest().upper()
6136 run_as = etree.SubElement(listelement, 'run_as')
6137 run_as.text = 'root'
6138 ret = stage_file(manifest, etree.tostring(stage))
6139 self.assertTrue(ret, 'Could not create the target %s' % manifest)
6141 # Process all gpos, with temp output directory
6142 with TemporaryDirectory() as dname:
6143 ext.process_group_policy([], gpos, dname)
6144 files = os.listdir(dname)
6145 self.assertEqual(len(files), 1,
6146 'The target script was not created')
6147 entry = '@reboot %s %s %s' % (run_as.text, test_script,
6149 self.assertIn(entry,
6150 open(os.path.join(dname, files[0]), 'r').read(),
6151 'The test entry was not found')
6154 gp_db = store.get_gplog(machine_creds.get_username())
6155 del_gpos = get_deleted_gpos_list(gp_db, [])
6156 ext.process_group_policy(del_gpos, [])
6157 files = os.listdir(dname)
6158 self.assertEqual(len(files), 0,
6159 'The target script was not removed')
6162 g = [g for g in gpos if g.name == guid][0]
6164 self.assertIn(entry, list(ret.values())[0][0],
6165 'The target entry was not listed by rsop')
6167 # Check that a call to gpupdate --rsop also succeeds
6169 self.assertEqual(ret, 0, 'gpupdate --rsop failed!')
6171 # Unstage the manifest.xml and script files
6172 unstage_file(manifest)
6174 # Stage the manifest.xml file for run once scripts
6175 etree.SubElement(listelement, 'run_once')
6176 run_as.text = pwd.getpwuid(os.getuid()).pw_name
6177 ret = stage_file(manifest, etree.tostring(stage))
6178 self.assertTrue(ret, 'Could not create the target %s' % manifest)
6180 # Process all gpos, with temp output directory
6181 # A run once script will be executed immediately,
6182 # instead of creating a cron job
6183 with TemporaryDirectory() as dname:
6184 test_file = '%s/TESTING.txt' % dname
6185 test_data = '#!/bin/sh\ntouch %s' % test_file
6186 ret = stage_file(test_script, test_data)
6187 self.assertTrue(ret, 'Could not create the target %s' % test_script)
6189 ext.process_group_policy([], gpos, dname)
6190 files = os.listdir(dname)
6191 self.assertEqual(len(files), 1,
6192 'The test file was not created')
6193 self.assertEqual(files[0], os.path.basename(test_file),
6194 'The test file was not created')
6196 # Unlink the test file and ensure that processing
6197 # policy again does not recreate it.
6198 os.unlink(test_file)
6199 ext.process_group_policy([], gpos, dname)
6200 files = os.listdir(dname)
6201 self.assertEqual(len(files), 0,
6202 'The test file should not have been created')
6205 gp_db = store.get_gplog(machine_creds.get_username())
6206 del_gpos = get_deleted_gpos_list(gp_db, [])
6207 ext.process_group_policy(del_gpos, [])
6210 entry = 'Run once as: %s `%s %s`' % (run_as.text, test_script,
6212 g = [g for g in gpos if g.name == guid][0]
6214 self.assertIn(entry, list(ret.values())[0][0],
6215 'The target entry was not listed by rsop')
6217 # Check that a call to gpupdate --rsop also succeeds
6219 self.assertEqual(ret, 0, 'gpupdate --rsop failed!')
6221 # Unstage the manifest.xml and script files
6222 unstage_file(manifest)
6224 # Stage the manifest.xml file for a script without parameters
6225 stage = etree.Element('vgppolicy')
6226 policysetting = etree.SubElement(stage, 'policysetting')
6227 version = etree.SubElement(policysetting, 'version')
6229 data = etree.SubElement(policysetting, 'data')
6230 listelement = etree.SubElement(data, 'listelement')
6231 script = etree.SubElement(listelement, 'script')
6232 script.text = os.path.basename(test_script).lower()
6233 hash = etree.SubElement(listelement, 'hash')
6235 hashlib.md5(open(test_script, 'rb').read()).hexdigest().upper()
6236 run_as = etree.SubElement(listelement, 'run_as')
6237 run_as.text = 'root'
6238 ret = stage_file(manifest, etree.tostring(stage))
6239 self.assertTrue(ret, 'Could not create the target %s' % manifest)
6241 # Process all gpos, with temp output directory
6242 with TemporaryDirectory() as dname:
6244 ext.process_group_policy([], gpos, dname)
6245 except Exception as e:
6247 files = os.listdir(dname)
6248 self.assertEqual(len(files), 1,
6249 'The target script was not created')
6250 entry = '@reboot %s %s' % (run_as.text, test_script)
6251 self.assertIn(entry,
6252 open(os.path.join(dname, files[0]), 'r').read(),
6253 'The test entry was not found')
6256 gp_db = store.get_gplog(machine_creds.get_username())
6257 del_gpos = get_deleted_gpos_list(gp_db, [])
6258 ext.process_group_policy(del_gpos, [])
6259 files = os.listdir(dname)
6260 self.assertEqual(len(files), 0,
6261 'The target script was not removed')
6264 g = [g for g in gpos if g.name == guid][0]
6266 self.assertIn(entry, list(ret.values())[0][0],
6267 'The target entry was not listed by rsop')
6269 # Check that a call to gpupdate --rsop also succeeds
6271 self.assertEqual(ret, 0, 'gpupdate --rsop failed!')
6273 # Unstage the manifest.xml and script files
6274 unstage_file(manifest)
6275 unstage_file(test_script)
6277 def test_vgp_motd(self):
6278 local_path = self.lp.cache_path('gpo_cache')
6279 guid = '{31B2F340-016D-11D2-945F-00C04FB984F9}'
6280 manifest = os.path.join(local_path, policies, guid, 'MACHINE',
6281 'VGP/VTLA/UNIX/MOTD/MANIFEST.XML')
6282 cache_dir = self.lp.get('cache directory')
6283 store = GPOStorage(os.path.join(cache_dir, 'gpo.tdb'))
6285 machine_creds = Credentials()
6286 machine_creds.guess(self.lp)
6287 machine_creds.set_machine_account()
6289 # Initialize the group policy extension
6290 ext = vgp_motd_ext(self.lp, machine_creds,
6291 machine_creds.get_username(), store)
6293 gpos = get_gpo_list(self.server, machine_creds, self.lp,
6294 machine_creds.get_username())
6296 # Stage the manifest.xml file with test data
6297 stage = etree.Element('vgppolicy')
6298 policysetting = etree.SubElement(stage, 'policysetting')
6299 version = etree.SubElement(policysetting, 'version')
6301 data = etree.SubElement(policysetting, 'data')
6302 filename = etree.SubElement(data, 'filename')
6303 filename.text = 'motd'
6304 text = etree.SubElement(data, 'text')
6305 text.text = 'This is the message of the day'
6306 ret = stage_file(manifest, etree.tostring(stage))
6307 self.assertTrue(ret, 'Could not create the target %s' % manifest)
6309 # Process all gpos, with temp output directory
6310 with NamedTemporaryFile() as f:
6311 ext.process_group_policy([], gpos, f.name)
6312 self.assertEqual(open(f.name, 'r').read(), text.text,
6313 'The motd was not applied')
6315 # Check that a call to gpupdate --rsop also succeeds
6317 self.assertEqual(ret, 0, 'gpupdate --rsop failed!')
6320 gp_db = store.get_gplog(machine_creds.get_username())
6321 del_gpos = get_deleted_gpos_list(gp_db, [])
6322 ext.process_group_policy(del_gpos, [], f.name)
6323 self.assertNotEqual(open(f.name, 'r').read(), text.text,
6324 'The motd was not unapplied')
6326 # Unstage the Registry.pol file
6327 unstage_file(manifest)
6329 def test_vgp_issue(self):
6330 local_path = self.lp.cache_path('gpo_cache')
6331 guid = '{31B2F340-016D-11D2-945F-00C04FB984F9}'
6332 manifest = os.path.join(local_path, policies, guid, 'MACHINE',
6333 'VGP/VTLA/UNIX/ISSUE/MANIFEST.XML')
6334 cache_dir = self.lp.get('cache directory')
6335 store = GPOStorage(os.path.join(cache_dir, 'gpo.tdb'))
6337 machine_creds = Credentials()
6338 machine_creds.guess(self.lp)
6339 machine_creds.set_machine_account()
6341 # Initialize the group policy extension
6342 ext = vgp_issue_ext(self.lp, machine_creds,
6343 machine_creds.get_username(), store)
6345 gpos = get_gpo_list(self.server, machine_creds, self.lp,
6346 machine_creds.get_username())
6348 # Stage the manifest.xml file with test data
6349 stage = etree.Element('vgppolicy')
6350 policysetting = etree.SubElement(stage, 'policysetting')
6351 version = etree.SubElement(policysetting, 'version')
6353 data = etree.SubElement(policysetting, 'data')
6354 filename = etree.SubElement(data, 'filename')
6355 filename.text = 'issue'
6356 text = etree.SubElement(data, 'text')
6357 text.text = 'Welcome to Samba!'
6358 ret = stage_file(manifest, etree.tostring(stage))
6359 self.assertTrue(ret, 'Could not create the target %s' % manifest)
6361 # Process all gpos, with temp output directory
6362 with NamedTemporaryFile() as f:
6363 ext.process_group_policy([], gpos, f.name)
6364 self.assertEqual(open(f.name, 'r').read(), text.text,
6365 'The issue was not applied')
6367 # Check that a call to gpupdate --rsop also succeeds
6369 self.assertEqual(ret, 0, 'gpupdate --rsop failed!')
6372 gp_db = store.get_gplog(machine_creds.get_username())
6373 del_gpos = get_deleted_gpos_list(gp_db, [])
6374 ext.process_group_policy(del_gpos, [], f.name)
6375 self.assertNotEqual(open(f.name, 'r').read(), text.text,
6376 'The issue was not unapplied')
6378 # Unstage the manifest.xml file
6379 unstage_file(manifest)
6381 def test_vgp_access(self):
6382 local_path = self.lp.cache_path('gpo_cache')
6383 guid = '{31B2F340-016D-11D2-945F-00C04FB984F9}'
6384 allow = os.path.join(local_path, policies, guid, 'MACHINE',
6385 'VGP/VTLA/VAS/HOSTACCESSCONTROL/ALLOW/MANIFEST.XML')
6386 deny = os.path.join(local_path, policies, guid, 'MACHINE',
6387 'VGP/VTLA/VAS/HOSTACCESSCONTROL/DENY/MANIFEST.XML')
6388 cache_dir = self.lp.get('cache directory')
6389 store = GPOStorage(os.path.join(cache_dir, 'gpo.tdb'))
6391 machine_creds = Credentials()
6392 machine_creds.guess(self.lp)
6393 machine_creds.set_machine_account()
6395 # Initialize the group policy extension
6396 winbind_sep = self.lp.get('winbind separator')
6397 self.addCleanup(self.lp.set, 'winbind separator', winbind_sep)
6398 self.lp.set('winbind separator', '+')
6399 ext = vgp_access_ext(self.lp, machine_creds,
6400 machine_creds.get_username(), store)
6402 gpos = get_gpo_list(self.server, machine_creds, self.lp,
6403 machine_creds.get_username())
6405 # Stage the manifest.xml allow file
6406 stage = etree.Element('vgppolicy')
6407 policysetting = etree.SubElement(stage, 'policysetting')
6408 version = etree.SubElement(policysetting, 'version')
6410 apply_mode = etree.SubElement(policysetting, 'apply_mode')
6411 apply_mode.text = 'merge'
6412 data = etree.SubElement(policysetting, 'data')
6413 # Add an allowed user
6414 listelement = etree.SubElement(data, 'listelement')
6415 otype = etree.SubElement(listelement, 'type')
6417 entry = etree.SubElement(listelement, 'entry')
6418 entry.text = 'goodguy@%s' % realm
6419 adobject = etree.SubElement(listelement, 'adobject')
6420 name = etree.SubElement(adobject, 'name')
6421 name.text = 'goodguy'
6422 domain = etree.SubElement(adobject, 'domain')
6424 otype = etree.SubElement(adobject, 'type')
6426 # Add an allowed group
6427 groupattr = etree.SubElement(data, 'groupattr')
6428 groupattr.text = 'samAccountName'
6429 listelement = etree.SubElement(data, 'listelement')
6430 otype = etree.SubElement(listelement, 'type')
6431 otype.text = 'GROUP'
6432 entry = etree.SubElement(listelement, 'entry')
6433 entry.text = '%s\\goodguys' % realm
6434 dn = etree.SubElement(listelement, 'dn')
6435 dn.text = 'CN=goodguys,CN=Users,%s' % base_dn
6436 adobject = etree.SubElement(listelement, 'adobject')
6437 name = etree.SubElement(adobject, 'name')
6438 name.text = 'goodguys'
6439 domain = etree.SubElement(adobject, 'domain')
6441 otype = etree.SubElement(adobject, 'type')
6442 otype.text = 'group'
6443 ret = stage_file(allow, etree.tostring(stage))
6444 self.assertTrue(ret, 'Could not create the target %s' % allow)
6446 # Stage the manifest.xml deny file
6447 stage = etree.Element('vgppolicy')
6448 policysetting = etree.SubElement(stage, 'policysetting')
6449 version = etree.SubElement(policysetting, 'version')
6451 apply_mode = etree.SubElement(policysetting, 'apply_mode')
6452 apply_mode.text = 'merge'
6453 data = etree.SubElement(policysetting, 'data')
6455 listelement = etree.SubElement(data, 'listelement')
6456 otype = etree.SubElement(listelement, 'type')
6458 entry = etree.SubElement(listelement, 'entry')
6459 entry.text = 'badguy@%s' % realm
6460 adobject = etree.SubElement(listelement, 'adobject')
6461 name = etree.SubElement(adobject, 'name')
6462 name.text = 'badguy'
6463 domain = etree.SubElement(adobject, 'domain')
6465 otype = etree.SubElement(adobject, 'type')
6467 # Add a denied group
6468 groupattr = etree.SubElement(data, 'groupattr')
6469 groupattr.text = 'samAccountName'
6470 listelement = etree.SubElement(data, 'listelement')
6471 otype = etree.SubElement(listelement, 'type')
6472 otype.text = 'GROUP'
6473 entry = etree.SubElement(listelement, 'entry')
6474 entry.text = '%s\\badguys' % realm
6475 dn = etree.SubElement(listelement, 'dn')
6476 dn.text = 'CN=badguys,CN=Users,%s' % base_dn
6477 adobject = etree.SubElement(listelement, 'adobject')
6478 name = etree.SubElement(adobject, 'name')
6479 name.text = 'badguys'
6480 domain = etree.SubElement(adobject, 'domain')
6482 otype = etree.SubElement(adobject, 'type')
6483 otype.text = 'group'
6484 ret = stage_file(deny, etree.tostring(stage))
6485 self.assertTrue(ret, 'Could not create the target %s' % deny)
6487 # Process all gpos, with temp output directory
6488 with TemporaryDirectory() as dname:
6489 ext.process_group_policy([], gpos, dname)
6490 conf = os.listdir(dname)
6491 # There will be 2 files, the policy file and the deny file
6492 self.assertEqual(len(conf), 2, 'The conf file was not created')
6493 # Ignore the DENY_ALL conf file
6494 gp_cfg = os.path.join(dname,
6495 [c for c in conf if '_gp_DENY_ALL.conf' not in c][0])
6497 # Check the access config for the correct access.conf entries
6498 print('Config file %s found' % gp_cfg)
6499 data = open(gp_cfg, 'r').read()
6500 self.assertIn('+:%s+goodguy:ALL' % realm, data)
6501 self.assertIn('+:%s+goodguys:ALL' % realm, data)
6502 self.assertIn('-:%s+badguy:ALL' % realm, data)
6503 self.assertIn('-:%s+badguys:ALL' % realm, data)
6505 # Check that a call to gpupdate --rsop also succeeds
6507 self.assertEqual(ret, 0, 'gpupdate --rsop failed!')
6510 gp_db = store.get_gplog(machine_creds.get_username())
6511 del_gpos = get_deleted_gpos_list(gp_db, [])
6512 ext.process_group_policy(del_gpos, [], dname)
6513 self.assertFalse(os.path.exists(gp_cfg),
6514 'Unapply failed to cleanup config')
6516 # Unstage the manifest.pol files
6520 def test_gnome_settings(self):
6521 local_path = self.lp.cache_path('gpo_cache')
6522 guid = '{31B2F340-016D-11D2-945F-00C04FB984F9}'
6523 reg_pol = os.path.join(local_path, policies, guid,
6524 'MACHINE/REGISTRY.POL')
6525 cache_dir = self.lp.get('cache directory')
6526 store = GPOStorage(os.path.join(cache_dir, 'gpo.tdb'))
6528 machine_creds = Credentials()
6529 machine_creds.guess(self.lp)
6530 machine_creds.set_machine_account()
6532 # Initialize the group policy extension
6533 ext = gp_gnome_settings_ext(self.lp, machine_creds,
6534 machine_creds.get_username(), store)
6536 gpos = get_gpo_list(self.server, machine_creds, self.lp,
6537 machine_creds.get_username())
6539 # Stage the Registry.pol file with test data
6540 parser = GPPolParser()
6541 parser.load_xml(etree.fromstring(gnome_test_reg_pol.strip()))
6542 ret = stage_file(reg_pol, ndr_pack(parser.pol_file))
6543 self.assertTrue(ret, 'Could not create the target %s' % reg_pol)
6545 with TemporaryDirectory() as dname:
6546 ext.process_group_policy([], gpos, dname)
6548 local_db = os.path.join(dname, 'etc/dconf/db/local.d')
6549 self.assertTrue(os.path.isdir(local_db),
6550 'Local db dir not created')
6551 def db_check(name, data, count=1):
6552 db = glob(os.path.join(local_db, '*-%s' % name))
6553 self.assertEqual(len(db), count, '%s not created' % name)
6554 file_contents = ConfigParser()
6555 file_contents.read(db)
6556 for key in data.keys():
6557 self.assertTrue(file_contents.has_section(key),
6558 'Section %s not found' % key)
6560 for k, v in options.items():
6561 v_content = file_contents.get(key, k)
6562 self.assertEqual(v_content, v,
6563 '%s: %s != %s' % (key, v_content, v))
6565 def del_db_check(name):
6566 db = glob(os.path.join(local_db, '*-%s' % name))
6567 self.assertEqual(len(db), 0, '%s not deleted' % name)
6569 locks = os.path.join(local_db, 'locks')
6570 self.assertTrue(os.path.isdir(local_db), 'Locks dir not created')
6571 def lock_check(name, items, count=1):
6572 lock = glob(os.path.join(locks, '*%s' % name))
6573 self.assertEqual(len(lock), count,
6574 '%s lock not created' % name)
6576 for i in range(count):
6577 file_contents.extend(open(lock[i], 'r').read().split('\n'))
6579 self.assertIn(data, file_contents,
6580 '%s lock not created' % data)
6582 def del_lock_check(name):
6583 lock = glob(os.path.join(locks, '*%s' % name))
6584 self.assertEqual(len(lock), 0, '%s lock not deleted' % name)
6586 # Check the user profile
6587 user_profile = os.path.join(dname, 'etc/dconf/profile/user')
6588 self.assertTrue(os.path.exists(user_profile),
6589 'User profile not created')
6591 # Enable the compose key
6592 data = { 'org/gnome/desktop/input-sources':
6593 { 'xkb-options': '[\'compose:ralt\']' }
6595 db_check('input-sources', data)
6596 items = ['/org/gnome/desktop/input-sources/xkb-options']
6597 lock_check('input-sources', items)
6599 # Dim screen when user is idle
6600 data = { 'org/gnome/settings-daemon/plugins/power':
6601 { 'idle-dim': 'true',
6602 'idle-brightness': '30'
6605 db_check('power', data)
6606 data = { 'org/gnome/desktop/session':
6607 { 'idle-delay': 'uint32 300' }
6609 db_check('session', data)
6610 items = ['/org/gnome/settings-daemon/plugins/power/idle-dim',
6611 '/org/gnome/settings-daemon/plugins/power/idle-brightness',
6612 '/org/gnome/desktop/session/idle-delay']
6613 lock_check('power-saving', items)
6615 # Lock down specific settings
6616 bg_locks = ['/org/gnome/desktop/background/picture-uri',
6617 '/org/gnome/desktop/background/picture-options',
6618 '/org/gnome/desktop/background/primary-color',
6619 '/org/gnome/desktop/background/secondary-color']
6620 lock_check('group-policy', bg_locks)
6622 # Lock down enabled extensions
6623 data = { 'org/gnome/shell':
6624 { 'enabled-extensions':
6625 '[\'myextension1@myname.example.com\', \'myextension2@myname.example.com\']',
6626 'development-tools': 'false' }
6628 db_check('extensions', data)
6629 items = [ '/org/gnome/shell/enabled-extensions',
6630 '/org/gnome/shell/development-tools' ]
6631 lock_check('extensions', items)
6633 # Disallow login using a fingerprint
6634 data = { 'org/gnome/login-screen':
6635 { 'enable-fingerprint-authentication': 'false' }
6637 db_check('fingerprintreader', data)
6638 items = ['/org/gnome/login-screen/enable-fingerprint-authentication']
6639 lock_check('fingerprintreader', items)
6641 # Disable user logout and user switching
6642 data = { 'org/gnome/desktop/lockdown':
6643 { 'disable-log-out': 'true',
6644 'disable-user-switching': 'true' }
6646 db_check('logout', data, 2)
6647 items = ['/org/gnome/desktop/lockdown/disable-log-out',
6648 '/org/gnome/desktop/lockdown/disable-user-switching']
6649 lock_check('logout', items, 2)
6651 # Disable repartitioning
6652 actions = os.path.join(dname, 'etc/share/polkit-1/actions')
6653 udisk2 = glob(os.path.join(actions,
6654 'org.freedesktop.[u|U][d|D]isks2.policy'))
6655 self.assertEqual(len(udisk2), 1, 'udisk2 policy not created')
6656 udisk2_tree = etree.fromstring(open(udisk2[0], 'r').read())
6657 actions = udisk2_tree.findall('action')
6658 md = 'org.freedesktop.udisks2.modify-device'
6659 action = [a for a in actions if a.attrib['id'] == md]
6660 self.assertEqual(len(action), 1, 'modify-device not found')
6661 defaults = action[0].find('defaults')
6662 self.assertTrue(defaults is not None,
6663 'modify-device defaults not found')
6664 allow_any = defaults.find('allow_any').text
6665 self.assertEqual(allow_any, 'no',
6666 'modify-device allow_any not set to no')
6667 allow_inactive = defaults.find('allow_inactive').text
6668 self.assertEqual(allow_inactive, 'no',
6669 'modify-device allow_inactive not set to no')
6670 allow_active = defaults.find('allow_active').text
6671 self.assertEqual(allow_active, 'yes',
6672 'modify-device allow_active not set to yes')
6675 data = { 'org/gnome/desktop/lockdown':
6676 { 'disable-printing': 'true' }
6678 db_check('printing', data)
6679 items = ['/org/gnome/desktop/lockdown/disable-printing']
6680 lock_check('printing', items)
6682 # Disable file saving
6683 data = { 'org/gnome/desktop/lockdown':
6684 { 'disable-save-to-disk': 'true' }
6686 db_check('filesaving', data)
6687 items = ['/org/gnome/desktop/lockdown/disable-save-to-disk']
6688 lock_check('filesaving', items)
6690 # Disable command-line access
6691 data = { 'org/gnome/desktop/lockdown':
6692 { 'disable-command-line': 'true' }
6694 db_check('cmdline', data)
6695 items = ['/org/gnome/desktop/lockdown/disable-command-line']
6696 lock_check('cmdline', items)
6698 # Allow or disallow online accounts
6699 data = { 'org/gnome/online-accounts':
6700 { 'whitelisted-providers': '[\'google\']' }
6702 db_check('goa', data)
6703 items = ['/org/gnome/online-accounts/whitelisted-providers']
6704 lock_check('goa', items)
6706 # Verify RSOP does not fail
6707 ext.rsop([g for g in gpos if g.name == guid][0])
6709 # Check that a call to gpupdate --rsop also succeeds
6711 self.assertEqual(ret, 0, 'gpupdate --rsop failed!')
6714 gp_db = store.get_gplog(machine_creds.get_username())
6715 del_gpos = get_deleted_gpos_list(gp_db, [])
6716 ext.process_group_policy(del_gpos, [], dname)
6717 del_db_check('input-sources')
6718 del_lock_check('input-sources')
6719 del_db_check('power')
6720 del_db_check('session')
6721 del_lock_check('power-saving')
6722 del_lock_check('group-policy')
6723 del_db_check('extensions')
6724 del_lock_check('extensions')
6725 del_db_check('fingerprintreader')
6726 del_lock_check('fingerprintreader')
6727 del_db_check('logout')
6728 del_lock_check('logout')
6729 actions = os.path.join(dname, 'etc/share/polkit-1/actions')
6730 udisk2 = glob(os.path.join(actions,
6731 'org.freedesktop.[u|U][d|D]isks2.policy'))
6732 self.assertEqual(len(udisk2), 0, 'udisk2 policy not deleted')
6733 del_db_check('printing')
6734 del_lock_check('printing')
6735 del_db_check('filesaving')
6736 del_lock_check('filesaving')
6737 del_db_check('cmdline')
6738 del_lock_check('cmdline')
6740 del_lock_check('goa')
6742 # Unstage the Registry.pol file
6743 unstage_file(reg_pol)
6745 def test_gp_cert_auto_enroll_ext(self):
6746 local_path = self.lp.cache_path('gpo_cache')
6747 guid = '{31B2F340-016D-11D2-945F-00C04FB984F9}'
6748 reg_pol = os.path.join(local_path, policies, guid,
6749 'MACHINE/REGISTRY.POL')
6750 cache_dir = self.lp.get('cache directory')
6751 store = GPOStorage(os.path.join(cache_dir, 'gpo.tdb'))
6753 machine_creds = Credentials()
6754 machine_creds.guess(self.lp)
6755 machine_creds.set_machine_account()
6757 # Initialize the group policy extension
6758 ext = cae.gp_cert_auto_enroll_ext(self.lp, machine_creds,
6759 machine_creds.get_username(), store)
6761 gpos = get_gpo_list(self.server, machine_creds, self.lp,
6762 machine_creds.get_username())
6764 # Stage the Registry.pol file with test data
6765 parser = GPPolParser()
6766 parser.load_xml(etree.fromstring(auto_enroll_reg_pol.strip()))
6767 ret = stage_file(reg_pol, ndr_pack(parser.pol_file))
6768 self.assertTrue(ret, 'Could not create the target %s' % reg_pol)
6770 # Write the dummy CA entry, Enrollment Services, and Templates Entries
6771 admin_creds = Credentials()
6772 admin_creds.set_username(os.environ.get('DC_USERNAME'))
6773 admin_creds.set_password(os.environ.get('DC_PASSWORD'))
6774 admin_creds.set_realm(os.environ.get('REALM'))
6775 hostname = get_dc_hostname(machine_creds, self.lp)
6776 url = 'ldap://%s' % hostname
6777 ldb = Ldb(url=url, session_info=system_session(),
6778 lp=self.lp, credentials=admin_creds)
6779 # Write the dummy CA
6780 confdn = 'CN=Public Key Services,CN=Services,CN=Configuration,%s' % base_dn
6781 ca_cn = '%s-CA' % hostname.replace('.', '-')
6782 certa_dn = 'CN=%s,CN=Certification Authorities,%s' % (ca_cn, confdn)
6783 ldb.add({'dn': certa_dn,
6784 'objectClass': 'certificationAuthority',
6785 'authorityRevocationList': ['XXX'],
6786 'cACertificate': 'XXX',
6787 'certificateRevocationList': ['XXX'],
6789 # Write the dummy pKIEnrollmentService
6790 enroll_dn = 'CN=%s,CN=Enrollment Services,%s' % (ca_cn, confdn)
6791 ldb.add({'dn': enroll_dn,
6792 'objectClass': 'pKIEnrollmentService',
6793 'cACertificate': 'XXXX',
6794 'certificateTemplates': ['Machine'],
6795 'dNSHostName': hostname,
6797 # Write the dummy pKICertificateTemplate
6798 template_dn = 'CN=Machine,CN=Certificate Templates,%s' % confdn
6799 ldb.add({'dn': template_dn,
6800 'objectClass': 'pKICertificateTemplate',
6803 with TemporaryDirectory() as dname:
6804 ext.process_group_policy([], gpos, dname, dname)
6805 ca_crt = os.path.join(dname, '%s.crt' % ca_cn)
6806 self.assertTrue(os.path.exists(ca_crt),
6807 'Root CA certificate was not requested')
6808 machine_crt = os.path.join(dname, '%s.Machine.crt' % ca_cn)
6809 self.assertTrue(os.path.exists(machine_crt),
6810 'Machine certificate was not requested')
6811 machine_key = os.path.join(dname, '%s.Machine.key' % ca_cn)
6812 self.assertTrue(os.path.exists(machine_crt),
6813 'Machine key was not generated')
6815 # Verify RSOP does not fail
6816 ext.rsop([g for g in gpos if g.name == guid][0])
6818 # Check that a call to gpupdate --rsop also succeeds
6820 self.assertEqual(ret, 0, 'gpupdate --rsop failed!')
6823 gp_db = store.get_gplog(machine_creds.get_username())
6824 del_gpos = get_deleted_gpos_list(gp_db, [])
6825 ext.process_group_policy(del_gpos, [], dname)
6826 self.assertFalse(os.path.exists(ca_crt),
6827 'Root CA certificate was not removed')
6828 self.assertFalse(os.path.exists(machine_crt),
6829 'Machine certificate was not removed')
6830 self.assertFalse(os.path.exists(machine_crt),
6831 'Machine key was not removed')
6832 out, _ = Popen(['getcert', 'list-cas'], stdout=PIPE).communicate()
6833 self.assertNotIn(get_bytes(ca_cn), out, 'CA was not removed')
6834 out, _ = Popen(['getcert', 'list'], stdout=PIPE).communicate()
6835 self.assertNotIn(b'Machine', out,
6836 'Machine certificate not removed')
6838 # Remove the dummy CA, pKIEnrollmentService, and pKICertificateTemplate
6839 ldb.delete(certa_dn)
6840 ldb.delete(enroll_dn)
6841 ldb.delete(template_dn)
6843 # Unstage the Registry.pol file
6844 unstage_file(reg_pol)
6846 def test_gp_user_scripts_ext(self):
6847 local_path = self.lp.cache_path('gpo_cache')
6848 guid = '{31B2F340-016D-11D2-945F-00C04FB984F9}'
6849 reg_pol = os.path.join(local_path, policies, guid,
6850 'USER/REGISTRY.POL')
6851 cache_dir = self.lp.get('cache directory')
6852 store = GPOStorage(os.path.join(cache_dir, 'gpo.tdb'))
6854 machine_creds = Credentials()
6855 machine_creds.guess(self.lp)
6856 machine_creds.set_machine_account()
6858 # Initialize the group policy extension
6859 ext = gp_user_scripts_ext(self.lp, machine_creds,
6860 os.environ.get('DC_USERNAME'), store)
6862 gpos = get_gpo_list(self.server, machine_creds, self.lp,
6863 machine_creds.get_username())
6865 reg_key = b'Software\\Policies\\Samba\\Unix Settings'
6866 sections = { b'%s\\Daily Scripts' % reg_key : b'@daily',
6867 b'%s\\Monthly Scripts' % reg_key : b'@monthly',
6868 b'%s\\Weekly Scripts' % reg_key : b'@weekly',
6869 b'%s\\Hourly Scripts' % reg_key : b'@hourly' }
6870 for keyname in sections.keys():
6871 # Stage the Registry.pol file with test data
6875 e.valuename = b'Software\\Policies\\Samba\\Unix Settings'
6877 e.data = b'echo hello world'
6878 stage.num_entries = 1
6880 ret = stage_file(reg_pol, ndr_pack(stage))
6881 self.assertTrue(ret, 'Could not create the target %s' % reg_pol)
6883 # Process all gpos, intentionally skipping the privilege drop
6884 ext.process_group_policy([], gpos)
6885 # Dump the fake crontab setup for testing
6886 p = Popen(['crontab', '-l'], stdout=PIPE)
6887 crontab, _ = p.communicate()
6888 entry = b'%s %s' % (sections[keyname], e.data.encode())
6889 self.assertIn(entry, crontab,
6890 'The crontab entry was not installed')
6892 # Check that a call to gpupdate --rsop also succeeds
6894 self.assertEqual(ret, 0, 'gpupdate --rsop failed!')
6897 gp_db = store.get_gplog(os.environ.get('DC_USERNAME'))
6898 del_gpos = get_deleted_gpos_list(gp_db, [])
6899 ext.process_group_policy(del_gpos, [])
6900 # Dump the fake crontab setup for testing
6901 p = Popen(['crontab', '-l'], stdout=PIPE)
6902 crontab, _ = p.communicate()
6903 self.assertNotIn(entry, crontab,
6904 'Unapply failed to cleanup crontab entry')
6906 # Unstage the Registry.pol file
6907 unstage_file(reg_pol)
6909 def test_gp_firefox_ext(self):
6910 local_path = self.lp.cache_path('gpo_cache')
6911 guid = '{31B2F340-016D-11D2-945F-00C04FB984F9}'
6912 reg_pol = os.path.join(local_path, policies, guid,
6913 'MACHINE/REGISTRY.POL')
6914 cache_dir = self.lp.get('cache directory')
6915 store = GPOStorage(os.path.join(cache_dir, 'gpo.tdb'))
6917 machine_creds = Credentials()
6918 machine_creds.guess(self.lp)
6919 machine_creds.set_machine_account()
6921 # Initialize the group policy extension
6922 ext = gp_firefox_ext(self.lp, machine_creds,
6923 machine_creds.get_username(), store)
6925 gpos = get_gpo_list(self.server, machine_creds, self.lp,
6926 machine_creds.get_username())
6928 # Stage the Registry.pol file with test data
6929 parser = GPPolParser()
6930 parser.load_xml(etree.fromstring(firefox_reg_pol.strip()))
6931 ret = stage_file(reg_pol, ndr_pack(parser.pol_file))
6932 self.assertTrue(ret, 'Could not create the target %s' % reg_pol)
6934 with TemporaryDirectory() as dname:
6935 ext.process_group_policy([], gpos, dname)
6936 policies_file = os.path.join(dname, 'policies.json')
6937 with open(policies_file, 'r') as r:
6938 policy_data = json.load(r)
6939 expected_policy_data = json.loads(firefox_json_expected)
6940 self.assertIn('policies', policy_data, 'Policies were not applied')
6941 self.assertEqual(expected_policy_data['policies'].keys(),
6942 policy_data['policies'].keys(),
6943 'Firefox policies are missing')
6944 for name in expected_policy_data['policies'].keys():
6945 self.assertEqual(expected_policy_data['policies'][name],
6946 policy_data['policies'][name],
6947 'Policies were not applied')
6949 # Verify RSOP does not fail
6950 ext.rsop([g for g in gpos if g.name == guid][0])
6952 # Check that a call to gpupdate --rsop also succeeds
6954 self.assertEqual(ret, 0, 'gpupdate --rsop failed!')
6956 # Unapply the policy
6957 gp_db = store.get_gplog(machine_creds.get_username())
6958 del_gpos = get_deleted_gpos_list(gp_db, [])
6959 ext.process_group_policy(del_gpos, [], dname)
6960 if os.path.exists(policies_file):
6961 data = json.load(open(policies_file, 'r'))
6962 if 'policies' in data.keys():
6963 self.assertEqual(len(data['policies'].keys()), 0,
6964 'The policy was not unapplied')
6966 # Unstage the Registry.pol file
6967 unstage_file(reg_pol)
6969 def test_gp_chromium_ext(self):
6970 local_path = self.lp.cache_path('gpo_cache')
6971 guid = '{31B2F340-016D-11D2-945F-00C04FB984F9}'
6972 reg_pol = os.path.join(local_path, policies, guid,
6973 'MACHINE/REGISTRY.POL')
6974 cache_dir = self.lp.get('cache directory')
6975 store = GPOStorage(os.path.join(cache_dir, 'gpo.tdb'))
6977 machine_creds = Credentials()
6978 machine_creds.guess(self.lp)
6979 machine_creds.set_machine_account()
6981 # Initialize the group policy extension
6982 ext = gp_chromium_ext(self.lp, machine_creds,
6983 machine_creds.get_username(), store)
6985 gpos = get_gpo_list(self.server, machine_creds, self.lp,
6986 machine_creds.get_username())
6988 # Stage the Registry.pol file with test data
6989 parser = GPPolParser()
6990 parser.load_xml(etree.fromstring(chromium_reg_pol.strip()))
6991 ret = stage_file(reg_pol, ndr_pack(parser.pol_file))
6992 self.assertTrue(ret, 'Could not create the target %s' % reg_pol)
6994 with TemporaryDirectory() as dname:
6995 ext.process_group_policy([], gpos, dname)
6996 managed = os.path.join(dname, 'managed')
6997 managed_files = os.listdir(managed)
6998 self.assertEqual(len(managed_files), 1,
6999 'Chromium policies are missing')
7000 managed_file = os.path.join(managed, managed_files[0])
7001 with open(managed_file, 'r') as r:
7002 managed_data = json.load(r)
7003 recommended = os.path.join(dname, 'recommended')
7004 recommended_files = os.listdir(recommended)
7005 self.assertEqual(len(recommended_files), 1,
7006 'Chromium policies are missing')
7007 recommended_file = os.path.join(recommended, recommended_files[0])
7008 with open(recommended_file, 'r') as r:
7009 recommended_data = json.load(r)
7010 expected_managed_data = json.loads(chromium_json_expected_managed)
7011 expected_recommended_data = \
7012 json.loads(chromium_json_expected_recommended)
7014 self.assertEqual(sorted(expected_managed_data.keys()),
7015 sorted(managed_data.keys()),
7016 'Chromium policies are missing')
7017 for name in expected_managed_data.keys():
7018 self.assertEqual(expected_managed_data[name],
7020 'Policies were not applied')
7021 self.assertEqual(expected_recommended_data.keys(),
7022 recommended_data.keys(),
7023 'Chromium policies are missing')
7024 for name in expected_recommended_data.keys():
7025 self.assertEqual(expected_recommended_data[name],
7026 recommended_data[name],
7027 'Policies were not applied')
7029 # Ensure modifying the policy does not generate extra policy files
7030 unstage_file(reg_pol)
7031 # Change a managed entry:
7032 parser.pol_file.entries[0].data = 0
7033 # Change a recommended entry:
7034 parser.pol_file.entries[-1].data = b'https://google.com'
7035 ret = stage_file(reg_pol, ndr_pack(parser.pol_file))
7036 self.assertTrue(ret, 'Could not create the target %s' % reg_pol)
7038 ext.process_group_policy([], gpos, dname)
7039 managed_files = os.listdir(managed)
7040 self.assertEqual(len(managed_files), 1,
7041 'Number of Chromium policies is incorrect')
7042 omanaged_file = managed_file
7043 managed_file = os.path.join(managed, managed_files[0])
7044 self.assertNotEqual(omanaged_file, managed_file,
7045 'The managed Chromium file did not change')
7047 recommended_files = os.listdir(recommended)
7048 self.assertEqual(len(recommended_files), 1,
7049 'Number of Chromium policies is incorrect')
7050 orecommended_file = recommended_file
7051 recommended_file = os.path.join(recommended, recommended_files[0])
7052 self.assertNotEqual(orecommended_file, recommended_file,
7053 'The recommended Chromium file did not change')
7055 # Verify RSOP does not fail
7056 ext.rsop([g for g in gpos if g.name == guid][0])
7058 # Check that a call to gpupdate --rsop also succeeds
7060 self.assertEqual(ret, 0, 'gpupdate --rsop failed!')
7062 # Unapply the policy
7063 gp_db = store.get_gplog(machine_creds.get_username())
7064 del_gpos = get_deleted_gpos_list(gp_db, [])
7065 ext.process_group_policy(del_gpos, [], dname)
7066 managed = os.path.join(managed, managed_files[0])
7067 if os.path.exists(managed):
7068 data = json.load(open(managed, 'r'))
7069 self.assertEqual(len(data.keys()), 0,
7070 'The policy was not unapplied')
7071 recommended = os.path.join(recommended, recommended_files[0])
7072 if os.path.exists(recommended):
7073 data = json.load(open(recommended, 'r'))
7074 self.assertEqual(len(data.keys()), 0,
7075 'The policy was not unapplied')
7077 # Unstage the Registry.pol file
7078 unstage_file(reg_pol)
7080 def test_gp_firewalld_ext(self):
7081 local_path = self.lp.cache_path('gpo_cache')
7082 guid = '{31B2F340-016D-11D2-945F-00C04FB984F9}'
7083 reg_pol = os.path.join(local_path, policies, guid,
7084 'MACHINE/REGISTRY.POL')
7085 cache_dir = self.lp.get('cache directory')
7086 store = GPOStorage(os.path.join(cache_dir, 'gpo.tdb'))
7088 machine_creds = Credentials()
7089 machine_creds.guess(self.lp)
7090 machine_creds.set_machine_account()
7092 # Initialize the group policy extension
7093 ext = gp_firewalld_ext(self.lp, machine_creds,
7094 machine_creds.get_username(), store)
7096 gpos = get_gpo_list(self.server, machine_creds, self.lp,
7097 machine_creds.get_username())
7099 # Stage the Registry.pol file with test data
7100 parser = GPPolParser()
7101 parser.load_xml(etree.fromstring(firewalld_reg_pol.strip()))
7102 ret = stage_file(reg_pol, ndr_pack(parser.pol_file))
7103 self.assertTrue(ret, 'Could not create the target %s' % reg_pol)
7105 ext.process_group_policy([], gpos)
7107 # Check that the policy was applied
7108 firewall_cmd = which('firewall-cmd')
7109 cmd = [firewall_cmd, '--get-zones']
7110 p = Popen(cmd, stdout=PIPE, stderr=PIPE)
7111 out, err = p.communicate()
7112 self.assertIn(b'work', out, 'Failed to apply zones')
7113 self.assertIn(b'home', out, 'Failed to apply zones')
7115 cmd = [firewall_cmd, '--zone=work', '--list-interfaces']
7116 p = Popen(cmd, stdout=PIPE, stderr=PIPE)
7117 out, err = p.communicate()
7118 self.assertIn(b'eth0', out, 'Failed to set interface on zone')
7120 cmd = [firewall_cmd, '--zone=home', '--list-interfaces']
7121 p = Popen(cmd, stdout=PIPE, stderr=PIPE)
7122 out, err = p.communicate()
7123 self.assertIn(b'eth0', out, 'Failed to set interface on zone')
7125 cmd = [firewall_cmd, '--zone=work', '--list-rich-rules']
7126 p = Popen(cmd, stdout=PIPE, stderr=PIPE)
7127 out, err = p.communicate()
7128 rule = b'rule family=ipv4 source address=172.25.1.7 ' + \
7129 b'service name=ftp reject'
7130 self.assertEqual(rule, out.strip(), 'Failed to set rich rule')
7132 # Verify RSOP does not fail
7133 ext.rsop([g for g in gpos if g.name == guid][0])
7135 # Check that a call to gpupdate --rsop also succeeds
7137 self.assertEqual(ret, 0, 'gpupdate --rsop failed!')
7139 # Unapply the policy
7140 gp_db = store.get_gplog(machine_creds.get_username())
7141 del_gpos = get_deleted_gpos_list(gp_db, [])
7142 ext.process_group_policy(del_gpos, [])
7144 # Check that the policy was unapplied
7145 cmd = [firewall_cmd, '--get-zones']
7146 p = Popen(cmd, stdout=PIPE, stderr=PIPE)
7147 out, err = p.communicate()
7148 self.assertNotIn(b'work', out, 'Failed to unapply zones')
7149 self.assertNotIn(b'home', out, 'Failed to unapply zones')
7151 # Unstage the Registry.pol file
7152 unstage_file(reg_pol)
7154 def test_advanced_gp_cert_auto_enroll_ext(self):
7155 local_path = self.lp.cache_path('gpo_cache')
7156 guid = '{31B2F340-016D-11D2-945F-00C04FB984F9}'
7157 reg_pol = os.path.join(local_path, policies, guid,
7158 'MACHINE/REGISTRY.POL')
7159 cache_dir = self.lp.get('cache directory')
7160 store = GPOStorage(os.path.join(cache_dir, 'gpo.tdb'))
7162 machine_creds = Credentials()
7163 machine_creds.guess(self.lp)
7164 machine_creds.set_machine_account()
7166 # Initialize the group policy extension
7167 ext = cae.gp_cert_auto_enroll_ext(self.lp, machine_creds,
7168 machine_creds.get_username(), store)
7170 gpos = get_gpo_list(self.server, machine_creds, self.lp,
7171 machine_creds.get_username())
7173 admin_creds = Credentials()
7174 admin_creds.set_username(os.environ.get('DC_USERNAME'))
7175 admin_creds.set_password(os.environ.get('DC_PASSWORD'))
7176 admin_creds.set_realm(os.environ.get('REALM'))
7177 hostname = get_dc_hostname(machine_creds, self.lp)
7178 url = 'ldap://%s' % hostname
7179 ldb = Ldb(url=url, session_info=system_session(),
7180 lp=self.lp, credentials=admin_creds)
7182 # Stage the Registry.pol file with test data
7183 res = ldb.search('', _ldb.SCOPE_BASE, '(objectClass=*)',
7184 ['rootDomainNamingContext'])
7185 self.assertTrue(len(res) == 1, 'rootDomainNamingContext not found')
7186 res2 = ldb.search(res[0]['rootDomainNamingContext'][0],
7187 _ldb.SCOPE_BASE, '(objectClass=*)', ['objectGUID'])
7188 self.assertTrue(len(res2) == 1, 'objectGUID not found')
7189 objectGUID = b'{%s}' % \
7190 cae.octet_string_to_objectGUID(res2[0]['objectGUID'][0]).upper().encode()
7191 parser = GPPolParser()
7192 parser.load_xml(etree.fromstring(advanced_enroll_reg_pol.strip() % \
7193 (objectGUID, objectGUID, objectGUID, objectGUID)))
7194 ret = stage_file(reg_pol, ndr_pack(parser.pol_file))
7195 self.assertTrue(ret, 'Could not create the target %s' % reg_pol)
7197 # Write the dummy CA entry
7198 confdn = 'CN=Public Key Services,CN=Services,CN=Configuration,%s' % base_dn
7199 ca_cn = '%s-CA' % hostname.replace('.', '-')
7200 certa_dn = 'CN=%s,CN=Certification Authorities,%s' % (ca_cn, confdn)
7201 ldb.add({'dn': certa_dn,
7202 'objectClass': 'certificationAuthority',
7203 'authorityRevocationList': ['XXX'],
7204 'cACertificate': 'XXX',
7205 'certificateRevocationList': ['XXX'],
7207 # Write the dummy pKIEnrollmentService
7208 enroll_dn = 'CN=%s,CN=Enrollment Services,%s' % (ca_cn, confdn)
7209 ldb.add({'dn': enroll_dn,
7210 'objectClass': 'pKIEnrollmentService',
7211 'cACertificate': 'XXXX',
7212 'certificateTemplates': ['Machine'],
7213 'dNSHostName': hostname,
7215 # Write the dummy pKICertificateTemplate
7216 template_dn = 'CN=Machine,CN=Certificate Templates,%s' % confdn
7217 ldb.add({'dn': template_dn,
7218 'objectClass': 'pKICertificateTemplate',
7221 with TemporaryDirectory() as dname:
7222 ext.process_group_policy([], gpos, dname, dname)
7223 ca_list = [ca_cn, 'example0-com-CA', 'example1-com-CA',
7226 ca_crt = os.path.join(dname, '%s.crt' % ca)
7227 self.assertTrue(os.path.exists(ca_crt),
7228 'Root CA certificate was not requested')
7229 machine_crt = os.path.join(dname, '%s.Machine.crt' % ca)
7230 self.assertTrue(os.path.exists(machine_crt),
7231 'Machine certificate was not requested')
7232 machine_key = os.path.join(dname, '%s.Machine.key' % ca)
7233 self.assertTrue(os.path.exists(machine_crt),
7234 'Machine key was not generated')
7236 # Verify RSOP does not fail
7237 ext.rsop([g for g in gpos if g.name == guid][0])
7239 # Check that a call to gpupdate --rsop also succeeds
7241 self.assertEqual(ret, 0, 'gpupdate --rsop failed!')
7244 gp_db = store.get_gplog(machine_creds.get_username())
7245 del_gpos = get_deleted_gpos_list(gp_db, [])
7246 ext.process_group_policy(del_gpos, [], dname)
7247 self.assertFalse(os.path.exists(ca_crt),
7248 'Root CA certificate was not removed')
7249 self.assertFalse(os.path.exists(machine_crt),
7250 'Machine certificate was not removed')
7251 self.assertFalse(os.path.exists(machine_crt),
7252 'Machine key was not removed')
7253 out, _ = Popen(['getcert', 'list-cas'], stdout=PIPE).communicate()
7255 self.assertNotIn(get_bytes(ca), out, 'CA was not removed')
7256 out, _ = Popen(['getcert', 'list'], stdout=PIPE).communicate()
7257 self.assertNotIn(b'Machine', out,
7258 'Machine certificate not removed')
7260 # Remove the dummy CA, pKIEnrollmentService, and pKICertificateTemplate
7261 ldb.delete(certa_dn)
7262 ldb.delete(enroll_dn)
7263 ldb.delete(template_dn)
7265 # Unstage the Registry.pol file
7266 unstage_file(reg_pol)
7268 def test_gp_centrify_sudoers_ext(self):
7269 local_path = self.lp.cache_path('gpo_cache')
7270 guid = '{31B2F340-016D-11D2-945F-00C04FB984F9}'
7271 reg_pol = os.path.join(local_path, policies, guid,
7272 'MACHINE/REGISTRY.POL')
7273 cache_dir = self.lp.get('cache directory')
7274 store = GPOStorage(os.path.join(cache_dir, 'gpo.tdb'))
7276 machine_creds = Credentials()
7277 machine_creds.guess(self.lp)
7278 machine_creds.set_machine_account()
7280 # Initialize the group policy extension
7281 ext = gp_centrify_sudoers_ext(self.lp, machine_creds,
7282 machine_creds.get_username(), store)
7284 gpos = get_gpo_list(self.server, machine_creds, self.lp,
7285 machine_creds.get_username())
7287 # Stage the Registry.pol file with test data
7290 e1.keyname = b'Software\\Policies\\Centrify\\UnixSettings'
7291 e1.valuename = b'sudo.enabled'
7295 e2.keyname = b'Software\\Policies\\Centrify\\UnixSettings\\SuDo'
7298 e2.data = b'fakeu ALL=(ALL) NOPASSWD: ALL'
7299 stage.num_entries = 2
7300 stage.entries = [e1, e2]
7301 ret = stage_file(reg_pol, ndr_pack(stage))
7302 self.assertTrue(ret, 'Could not create the target %s' % reg_pol)
7304 # Process all gpos, with temp output directory
7305 with TemporaryDirectory() as dname:
7306 ext.process_group_policy([], gpos, dname)
7307 sudoers = os.listdir(dname)
7308 self.assertEqual(len(sudoers), 1, 'The sudoer file was not created')
7309 sudoers_file = os.path.join(dname, sudoers[0])
7310 self.assertIn(e2.data, open(sudoers_file, 'r').read(),
7311 'The sudoers entry was not applied')
7313 # Remove the sudoers file, and make sure a re-apply puts it back
7314 os.unlink(sudoers_file)
7315 ext.process_group_policy([], gpos, dname)
7316 sudoers = os.listdir(dname)
7317 self.assertEqual(len(sudoers), 1,
7318 'The sudoer file was not recreated')
7319 sudoers_file = os.path.join(dname, sudoers[0])
7320 self.assertIn(e2.data, open(sudoers_file, 'r').read(),
7321 'The sudoers entry was not reapplied')
7323 # Check that a call to gpupdate --rsop also succeeds
7325 self.assertEqual(ret, 0, 'gpupdate --rsop failed!')
7328 gp_db = store.get_gplog(machine_creds.get_username())
7329 del_gpos = get_deleted_gpos_list(gp_db, [])
7330 ext.process_group_policy(del_gpos, [])
7331 self.assertEqual(len(os.listdir(dname)), 0,
7332 'Unapply failed to cleanup scripts')
7334 # Unstage the Registry.pol file
7335 unstage_file(reg_pol)
7337 def test_gp_centrify_crontab_ext(self):
7338 local_path = self.lp.cache_path('gpo_cache')
7339 guid = '{31B2F340-016D-11D2-945F-00C04FB984F9}'
7340 reg_pol = os.path.join(local_path, policies, guid,
7341 'MACHINE/REGISTRY.POL')
7342 cache_dir = self.lp.get('cache directory')
7343 store = GPOStorage(os.path.join(cache_dir, 'gpo.tdb'))
7345 machine_creds = Credentials()
7346 machine_creds.guess(self.lp)
7347 machine_creds.set_machine_account()
7349 # Initialize the group policy extension
7350 ext = gp_centrify_crontab_ext(self.lp, machine_creds,
7351 machine_creds.get_username(), store)
7353 gpos = get_gpo_list(self.server, machine_creds, self.lp,
7354 machine_creds.get_username())
7356 # Stage the Registry.pol file with test data
7360 b'Software\\Policies\\Centrify\\UnixSettings\\CrontabEntries'
7361 e.valuename = b'Command1'
7363 e.data = b'17 * * * * root echo hello world'
7364 stage.num_entries = 1
7366 ret = stage_file(reg_pol, ndr_pack(stage))
7367 self.assertTrue(ret, 'Could not create the target %s' % reg_pol)
7369 # Process all gpos, with temp output directory
7370 with TemporaryDirectory() as dname:
7371 ext.process_group_policy([], gpos, dname)
7372 cron_entries = os.listdir(dname)
7373 self.assertEqual(len(cron_entries), 1, 'Cron entry not created')
7374 fname = os.path.join(dname, cron_entries[0])
7375 data = open(fname, 'rb').read()
7376 self.assertIn(get_bytes(e.data), data, 'Cron entry is missing')
7378 # Check that a call to gpupdate --rsop also succeeds
7380 self.assertEqual(ret, 0, 'gpupdate --rsop failed!')
7383 gp_db = store.get_gplog(machine_creds.get_username())
7384 del_gpos = get_deleted_gpos_list(gp_db, [])
7385 ext.process_group_policy(del_gpos, [])
7386 self.assertEqual(len(os.listdir(dname)), 0,
7387 'Unapply failed to cleanup script')
7389 # Unstage the Registry.pol file
7390 unstage_file(reg_pol)
7392 def test_gp_user_centrify_crontab_ext(self):
7393 local_path = self.lp.cache_path('gpo_cache')
7394 guid = '{31B2F340-016D-11D2-945F-00C04FB984F9}'
7395 reg_pol = os.path.join(local_path, policies, guid,
7396 'USER/REGISTRY.POL')
7397 cache_dir = self.lp.get('cache directory')
7398 store = GPOStorage(os.path.join(cache_dir, 'gpo.tdb'))
7400 machine_creds = Credentials()
7401 machine_creds.guess(self.lp)
7402 machine_creds.set_machine_account()
7404 # Initialize the group policy extension
7405 ext = gp_user_centrify_crontab_ext(self.lp, machine_creds,
7406 os.environ.get('DC_USERNAME'),
7409 gpos = get_gpo_list(self.server, machine_creds, self.lp,
7410 machine_creds.get_username())
7412 # Stage the Registry.pol file with test data
7416 b'Software\\Policies\\Centrify\\UnixSettings\\CrontabEntries'
7417 e.valuename = b'Command1'
7419 e.data = b'17 * * * * echo hello world'
7420 stage.num_entries = 1
7422 ret = stage_file(reg_pol, ndr_pack(stage))
7423 self.assertTrue(ret, 'Could not create the target %s' % reg_pol)
7425 # Process all gpos, intentionally skipping the privilege drop
7426 ext.process_group_policy([], gpos)
7427 # Dump the fake crontab setup for testing
7428 p = Popen(['crontab', '-l'], stdout=PIPE)
7429 crontab, _ = p.communicate()
7430 self.assertIn(get_bytes(e.data), crontab,
7431 'The crontab entry was not installed')
7433 # Check that a call to gpupdate --rsop also succeeds
7435 self.assertEqual(ret, 0, 'gpupdate --rsop failed!')
7438 gp_db = store.get_gplog(os.environ.get('DC_USERNAME'))
7439 del_gpos = get_deleted_gpos_list(gp_db, [])
7440 ext.process_group_policy(del_gpos, [])
7441 # Dump the fake crontab setup for testing
7442 p = Popen(['crontab', '-l'], stdout=PIPE)
7443 crontab, _ = p.communicate()
7444 self.assertNotIn(get_bytes(e.data), crontab,
7445 'Unapply failed to cleanup crontab entry')
7447 # Unstage the Registry.pol file
7448 unstage_file(reg_pol)
git.samba.org / janger / samba-autobuild-v4-19-test / .git / blob