1 # Unix SMB/CIFS implementation. Tests for smb manipulation
2 # Copyright (C) David Mulder <dmulder@suse.com> 2018
4 # This program is free software; you can redistribute it and/or modify
5 # it under the terms of the GNU General Public License as published by
6 # the Free Software Foundation; either version 3 of the License, or
7 # (at your option) any later version.
9 # This program is distributed in the hope that it will be useful,
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 # GNU General Public License for more details.
14 # You should have received a copy of the GNU General Public License
15 # along with this program. If not, see <http://www.gnu.org/licenses/>.
19 from samba import gpo, tests
20 from samba.gp.gpclass import register_gp_extension, list_gp_extensions, \
21 unregister_gp_extension, GPOStorage, get_gpo_list
22 from samba.param import LoadParm
23 from samba.gp.gpclass import check_refresh_gpo_list, check_safe_path, \
24 check_guid, parse_gpext_conf, atomic_write_conf, get_deleted_gpos_list
25 from subprocess import Popen, PIPE
26 from tempfile import NamedTemporaryFile, TemporaryDirectory
27 from samba.gp import gpclass
28 # Disable privilege dropping for testing
29 gpclass.drop_privileges = lambda _, func, *args : func(*args)
30 from samba.gp.gp_sec_ext import gp_krb_ext, gp_access_ext
31 from samba.gp.gp_scripts_ext import gp_scripts_ext, gp_user_scripts_ext
32 from samba.gp.gp_sudoers_ext import gp_sudoers_ext
33 from samba.gp.vgp_sudoers_ext import vgp_sudoers_ext
34 from samba.gp.vgp_symlink_ext import vgp_symlink_ext
35 from samba.gp.gpclass import gp_inf_ext
36 from samba.gp.gp_smb_conf_ext import gp_smb_conf_ext
37 from samba.gp.vgp_files_ext import vgp_files_ext
38 from samba.gp.vgp_openssh_ext import vgp_openssh_ext
39 from samba.gp.vgp_startup_scripts_ext import vgp_startup_scripts_ext
40 from samba.gp.vgp_motd_ext import vgp_motd_ext
41 from samba.gp.vgp_issue_ext import vgp_issue_ext
42 from samba.gp.vgp_access_ext import vgp_access_ext
43 from samba.gp.gp_gnome_settings_ext import gp_gnome_settings_ext
44 from samba.gp import gp_cert_auto_enroll_ext as cae
45 from samba.gp.gp_firefox_ext import gp_firefox_ext
46 from samba.gp.gp_chromium_ext import gp_chromium_ext
47 from samba.gp.gp_firewalld_ext import gp_firewalld_ext
48 from samba.credentials import Credentials
49 from samba.gp.gp_msgs_ext import gp_msgs_ext
50 from samba.gp.gp_centrify_sudoers_ext import gp_centrify_sudoers_ext
51 from samba.gp.gp_centrify_crontab_ext import gp_centrify_crontab_ext, \
52 gp_user_centrify_crontab_ext
53 from samba.common import get_bytes
54 from samba.dcerpc import preg
55 from samba.ndr import ndr_pack
57 from shutil import copyfile
58 import xml.etree.ElementTree as etree
60 from samba.gp_parse.gp_pol import GPPolParser
62 from configparser import ConfigParser
63 from samba.gp.gpclass import get_dc_hostname
66 from samba.auth import system_session
68 from shutil import which
70 from cryptography import x509
71 from cryptography.hazmat.primitives import hashes
72 from cryptography.hazmat.backends import default_backend
73 from cryptography.hazmat.primitives.asymmetric import rsa
74 from cryptography.hazmat.primitives.serialization import Encoding
75 from datetime import datetime, timedelta
76 from samba.samba3 import param as s3param
78 def dummy_certificate():
80 x509.NameAttribute(x509.NameOID.COMMON_NAME,
81 os.environ.get('SERVER'))
83 cons = x509.BasicConstraints(ca=True, path_length=0)
84 now = datetime.utcnow()
86 key = rsa.generate_private_key(public_exponent=65537, key_size=2048,
87 backend=default_backend())
90 x509.CertificateBuilder()
93 .public_key(key.public_key())
95 .not_valid_before(now)
96 .not_valid_after(now + timedelta(seconds=300))
97 .add_extension(cons, False)
98 .sign(key, hashes.SHA256(), default_backend())
101 return cert.public_bytes(encoding=Encoding.DER)
103 # Dummy requests structure for Certificate Auto Enrollment
104 class dummy_requests(object):
106 def get(url=None, params=None):
107 dummy = requests.Response()
108 dummy._content = dummy_certificate()
109 dummy.headers = {'Content-Type': 'application/x-x509-ca-cert'}
112 class exceptions(object):
113 ConnectionError = Exception
114 cae.requests = dummy_requests
116 realm = os.environ.get('REALM')
117 policies = realm + '/POLICIES'
118 realm = realm.lower()
119 poldir = r'\\{0}\sysvol\{0}\Policies'.format(realm)
120 # the first part of the base DN varies by testenv. Work it out from the realm
121 base_dn = 'DC={0},DC=samba,DC=example,DC=com'.format(realm.split('.')[0])
122 dspath = 'CN=Policies,CN=System,' + base_dn
123 gpt_data = '[General]\nVersion=%d'
125 gnome_test_reg_pol = \
127 <?xml version="1.0" encoding="utf-8"?>
128 <PolFile num_entries="26" signature="PReg" version="1">
129 <Entry type="4" type_name="REG_DWORD">
130 <Key>GNOME Settings\Lock Down Settings</Key>
131 <ValueName>Lock Down Enabled Extensions</ValueName>
134 <Entry type="4" type_name="REG_DWORD">
135 <Key>GNOME Settings\Lock Down Settings</Key>
136 <ValueName>Lock Down Specific Settings</ValueName>
139 <Entry type="4" type_name="REG_DWORD">
140 <Key>GNOME Settings\Lock Down Settings</Key>
141 <ValueName>Disable Printing</ValueName>
144 <Entry type="4" type_name="REG_DWORD">
145 <Key>GNOME Settings\Lock Down Settings</Key>
146 <ValueName>Disable File Saving</ValueName>
149 <Entry type="4" type_name="REG_DWORD">
150 <Key>GNOME Settings\Lock Down Settings</Key>
151 <ValueName>Disable Command-Line Access</ValueName>
154 <Entry type="4" type_name="REG_DWORD">
155 <Key>GNOME Settings\Lock Down Settings</Key>
156 <ValueName>Disallow Login Using a Fingerprint</ValueName>
159 <Entry type="4" type_name="REG_DWORD">
160 <Key>GNOME Settings\Lock Down Settings</Key>
161 <ValueName>Disable User Logout</ValueName>
164 <Entry type="4" type_name="REG_DWORD">
165 <Key>GNOME Settings\Lock Down Settings</Key>
166 <ValueName>Disable User Switching</ValueName>
169 <Entry type="4" type_name="REG_DWORD">
170 <Key>GNOME Settings\Lock Down Settings</Key>
171 <ValueName>Disable Repartitioning</ValueName>
174 <Entry type="4" type_name="REG_DWORD">
175 <Key>GNOME Settings\Lock Down Settings</Key>
176 <ValueName>Whitelisted Online Accounts</ValueName>
179 <Entry type="4" type_name="REG_DWORD">
180 <Key>GNOME Settings\Lock Down Settings</Key>
181 <ValueName>Compose Key</ValueName>
184 <Entry type="4" type_name="REG_DWORD">
185 <Key>GNOME Settings\Lock Down Settings</Key>
186 <ValueName>Dim Screen when User is Idle</ValueName>
189 <Entry type="4" type_name="REG_DWORD">
190 <Key>GNOME Settings\Lock Down Settings</Key>
191 <ValueName>Enabled Extensions</ValueName>
194 <Entry type="1" type_name="REG_SZ">
195 <Key>GNOME Settings\Lock Down Settings\Compose Key</Key>
196 <ValueName>Key Name</ValueName>
197 <Value>Right Alt</Value>
199 <Entry type="4" type_name="REG_DWORD">
200 <Key>GNOME Settings\Lock Down Settings\Dim Screen when User is Idle</Key>
201 <ValueName>Delay</ValueName>
204 <Entry type="4" type_name="REG_DWORD">
205 <Key>GNOME Settings\Lock Down Settings\Dim Screen when User is Idle</Key>
206 <ValueName>Dim Idle Brightness</ValueName>
209 <Entry type="1" type_name="REG_SZ">
210 <Key>GNOME Settings\Lock Down Settings\Enabled Extensions</Key>
211 <ValueName>**delvals.</ValueName>
214 <Entry type="1" type_name="REG_SZ">
215 <Key>GNOME Settings\Lock Down Settings\Enabled Extensions</Key>
216 <ValueName>myextension1@myname.example.com</ValueName>
217 <Value>myextension1@myname.example.com</Value>
219 <Entry type="1" type_name="REG_SZ">
220 <Key>GNOME Settings\Lock Down Settings\Enabled Extensions</Key>
221 <ValueName>myextension2@myname.example.com</ValueName>
222 <Value>myextension2@myname.example.com</Value>
224 <Entry type="1" type_name="REG_SZ">
225 <Key>GNOME Settings\Lock Down Settings\Lock Down Specific Settings</Key>
226 <ValueName>**delvals.</ValueName>
229 <Entry type="1" type_name="REG_SZ">
230 <Key>GNOME Settings\Lock Down Settings\Lock Down Specific Settings</Key>
231 <ValueName>/org/gnome/desktop/background/picture-uri</ValueName>
232 <Value>/org/gnome/desktop/background/picture-uri</Value>
234 <Entry type="1" type_name="REG_SZ">
235 <Key>GNOME Settings\Lock Down Settings\Lock Down Specific Settings</Key>
236 <ValueName>/org/gnome/desktop/background/picture-options</ValueName>
237 <Value>/org/gnome/desktop/background/picture-options</Value>
239 <Entry type="1" type_name="REG_SZ">
240 <Key>GNOME Settings\Lock Down Settings\Lock Down Specific Settings</Key>
241 <ValueName>/org/gnome/desktop/background/primary-color</ValueName>
242 <Value>/org/gnome/desktop/background/primary-color</Value>
244 <Entry type="1" type_name="REG_SZ">
245 <Key>GNOME Settings\Lock Down Settings\Lock Down Specific Settings</Key>
246 <ValueName>/org/gnome/desktop/background/secondary-color</ValueName>
247 <Value>/org/gnome/desktop/background/secondary-color</Value>
249 <Entry type="1" type_name="REG_SZ">
250 <Key>GNOME Settings\Lock Down Settings\Whitelisted Online Accounts</Key>
251 <ValueName>**delvals.</ValueName>
254 <Entry type="1" type_name="REG_SZ">
255 <Key>GNOME Settings\Lock Down Settings\Whitelisted Online Accounts</Key>
256 <ValueName>google</ValueName>
257 <Value>google</Value>
262 auto_enroll_reg_pol = \
264 <?xml version="1.0" encoding="utf-8"?>
265 <PolFile num_entries="3" signature="PReg" version="1">
266 <Entry type="4" type_name="REG_DWORD">
267 <Key>Software\Policies\Microsoft\Cryptography\AutoEnrollment</Key>
268 <ValueName>AEPolicy</ValueName>
271 <Entry type="4" type_name="REG_DWORD">
272 <Key>Software\Policies\Microsoft\Cryptography\AutoEnrollment</Key>
273 <ValueName>OfflineExpirationPercent</ValueName>
276 <Entry type="1" type_name="REG_SZ">
277 <Key>Software\Policies\Microsoft\Cryptography\AutoEnrollment</Key>
278 <ValueName>OfflineExpirationStoreNames</ValueName>
284 auto_enroll_unchecked_reg_pol = \
286 <?xml version="1.0" encoding="utf-8"?>
287 <PolFile num_entries="3" signature="PReg" version="1">
288 <Entry type="4" type_name="REG_DWORD">
289 <Key>Software\Policies\Microsoft\Cryptography\AutoEnrollment</Key>
290 <ValueName>AEPolicy</ValueName>
293 <Entry type="4" type_name="REG_DWORD">
294 <Key>Software\Policies\Microsoft\Cryptography\AutoEnrollment</Key>
295 <ValueName>OfflineExpirationPercent</ValueName>
298 <Entry type="1" type_name="REG_SZ">
299 <Key>Software\Policies\Microsoft\Cryptography\AutoEnrollment</Key>
300 <ValueName>OfflineExpirationStoreNames</ValueName>
306 advanced_enroll_reg_pol = \
308 <?xml version="1.0" encoding="utf-8"?>
309 <PolFile num_entries="30" signature="PReg" version="1">
310 <Entry type="1" type_name="REG_SZ">
311 <Key>Software\Policies\Microsoft\Cryptography</Key>
312 <ValueName>**DeleteKeys</ValueName>
313 <Value>Software\Policies\Microsoft\Cryptography\PolicyServers</Value>
315 <Entry type="4" type_name="REG_DWORD">
316 <Key>Software\Policies\Microsoft\Cryptography\AutoEnrollment</Key>
317 <ValueName>AEPolicy</ValueName>
320 <Entry type="4" type_name="REG_DWORD">
321 <Key>Software\Policies\Microsoft\Cryptography\AutoEnrollment</Key>
322 <ValueName>OfflineExpirationPercent</ValueName>
325 <Entry type="1" type_name="REG_SZ">
326 <Key>Software\Policies\Microsoft\Cryptography\AutoEnrollment</Key>
327 <ValueName>OfflineExpirationStoreNames</ValueName>
330 <Entry type="1" type_name="REG_SZ">
331 <Key>Software\Policies\Microsoft\Cryptography\PolicyServers</Key>
333 <Value>{5AD0BE6D-3393-4940-BFC3-6E19555A8919}</Value>
335 <Entry type="4" type_name="REG_DWORD">
336 <Key>Software\Policies\Microsoft\Cryptography\PolicyServers</Key>
337 <ValueName>Flags</ValueName>
340 <Entry type="1" type_name="REG_SZ">
341 <Key>Software\Policies\Microsoft\Cryptography\PolicyServers\37c9dc30f207f27f61a2f7c3aed598a6e2920b54</Key>
342 <ValueName>URL</ValueName>
345 <Entry type="1" type_name="REG_SZ">
346 <Key>Software\Policies\Microsoft\Cryptography\PolicyServers\37c9dc30f207f27f61a2f7c3aed598a6e2920b54</Key>
347 <ValueName>PolicyID</ValueName>
350 <Entry type="1" type_name="REG_SZ">
351 <Key>Software\Policies\Microsoft\Cryptography\PolicyServers\37c9dc30f207f27f61a2f7c3aed598a6e2920b54</Key>
352 <ValueName>FriendlyName</ValueName>
353 <Value>Example</Value>
355 <Entry type="4" type_name="REG_DWORD">
356 <Key>Software\Policies\Microsoft\Cryptography\PolicyServers\37c9dc30f207f27f61a2f7c3aed598a6e2920b54</Key>
357 <ValueName>Flags</ValueName>
360 <Entry type="4" type_name="REG_DWORD">
361 <Key>Software\Policies\Microsoft\Cryptography\PolicyServers\37c9dc30f207f27f61a2f7c3aed598a6e2920b54</Key>
362 <ValueName>AuthFlags</ValueName>
365 <Entry type="4" type_name="REG_DWORD">
366 <Key>Software\Policies\Microsoft\Cryptography\PolicyServers\37c9dc30f207f27f61a2f7c3aed598a6e2920b54</Key>
367 <ValueName>Cost</ValueName>
368 <Value>2147483645</Value>
370 <Entry type="1" type_name="REG_SZ">
371 <Key>Software\Policies\Microsoft\Cryptography\PolicyServers\144bdbb8e4717c26e408f3c9a0cb8d6cfacbcbbe</Key>
372 <ValueName>URL</ValueName>
373 <Value>https://example2.com/ADPolicyProvider_CEP_Certificate/service.svc/CEP</Value>
375 <Entry type="1" type_name="REG_SZ">
376 <Key>Software\Policies\Microsoft\Cryptography\PolicyServers\144bdbb8e4717c26e408f3c9a0cb8d6cfacbcbbe</Key>
377 <ValueName>PolicyID</ValueName>
380 <Entry type="1" type_name="REG_SZ">
381 <Key>Software\Policies\Microsoft\Cryptography\PolicyServers\144bdbb8e4717c26e408f3c9a0cb8d6cfacbcbbe</Key>
382 <ValueName>FriendlyName</ValueName>
383 <Value>Example2</Value>
385 <Entry type="4" type_name="REG_DWORD">
386 <Key>Software\Policies\Microsoft\Cryptography\PolicyServers\144bdbb8e4717c26e408f3c9a0cb8d6cfacbcbbe</Key>
387 <ValueName>Flags</ValueName>
390 <Entry type="4" type_name="REG_DWORD">
391 <Key>Software\Policies\Microsoft\Cryptography\PolicyServers\144bdbb8e4717c26e408f3c9a0cb8d6cfacbcbbe</Key>
392 <ValueName>AuthFlags</ValueName>
395 <Entry type="4" type_name="REG_DWORD">
396 <Key>Software\Policies\Microsoft\Cryptography\PolicyServers\144bdbb8e4717c26e408f3c9a0cb8d6cfacbcbbe</Key>
397 <ValueName>Cost</ValueName>
400 <Entry type="1" type_name="REG_SZ">
401 <Key>Software\Policies\Microsoft\Cryptography\PolicyServers\20d46e856e9b9746c0b1265c328f126a7b3283a9</Key>
402 <ValueName>URL</ValueName>
403 <Value>https://example0.com/ADPolicyProvider_CEP_Kerberos/service.svc/CEP</Value>
405 <Entry type="1" type_name="REG_SZ">
406 <Key>Software\Policies\Microsoft\Cryptography\PolicyServers\20d46e856e9b9746c0b1265c328f126a7b3283a9</Key>
407 <ValueName>PolicyID</ValueName>
410 <Entry type="1" type_name="REG_SZ">
411 <Key>Software\Policies\Microsoft\Cryptography\PolicyServers\20d46e856e9b9746c0b1265c328f126a7b3283a9</Key>
412 <ValueName>FriendlyName</ValueName>
413 <Value>Example0</Value>
415 <Entry type="4" type_name="REG_DWORD">
416 <Key>Software\Policies\Microsoft\Cryptography\PolicyServers\20d46e856e9b9746c0b1265c328f126a7b3283a9</Key>
417 <ValueName>Flags</ValueName>
420 <Entry type="4" type_name="REG_DWORD">
421 <Key>Software\Policies\Microsoft\Cryptography\PolicyServers\20d46e856e9b9746c0b1265c328f126a7b3283a9</Key>
422 <ValueName>AuthFlags</ValueName>
425 <Entry type="4" type_name="REG_DWORD">
426 <Key>Software\Policies\Microsoft\Cryptography\PolicyServers\20d46e856e9b9746c0b1265c328f126a7b3283a9</Key>
427 <ValueName>Cost</ValueName>
430 <Entry type="1" type_name="REG_SZ">
431 <Key>Software\Policies\Microsoft\Cryptography\PolicyServers\855b5246433a48402ac4f5c3427566df26ccc9ac</Key>
432 <ValueName>URL</ValueName>
433 <Value>https://example1.com/ADPolicyProvider_CEP_Kerberos/service.svc/CEP</Value>
435 <Entry type="1" type_name="REG_SZ">
436 <Key>Software\Policies\Microsoft\Cryptography\PolicyServers\855b5246433a48402ac4f5c3427566df26ccc9ac</Key>
437 <ValueName>PolicyID</ValueName>
440 <Entry type="1" type_name="REG_SZ">
441 <Key>Software\Policies\Microsoft\Cryptography\PolicyServers\855b5246433a48402ac4f5c3427566df26ccc9ac</Key>
442 <ValueName>FriendlyName</ValueName>
443 <Value>Example1</Value>
445 <Entry type="4" type_name="REG_DWORD">
446 <Key>Software\Policies\Microsoft\Cryptography\PolicyServers\855b5246433a48402ac4f5c3427566df26ccc9ac</Key>
447 <ValueName>Flags</ValueName>
450 <Entry type="4" type_name="REG_DWORD">
451 <Key>Software\Policies\Microsoft\Cryptography\PolicyServers\855b5246433a48402ac4f5c3427566df26ccc9ac</Key>
452 <ValueName>AuthFlags</ValueName>
455 <Entry type="4" type_name="REG_DWORD">
456 <Key>Software\Policies\Microsoft\Cryptography\PolicyServers\855b5246433a48402ac4f5c3427566df26ccc9ac</Key>
457 <ValueName>Cost</ValueName>
465 <?xml version="1.0" encoding="utf-8"?>
466 <PolFile num_entries="241" signature="PReg" version="1">
467 <Entry type="7" type_name="REG_MULTI_SZ">
468 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
469 <ValueName>ExtensionSettings</ValueName>
470 <Value>{ "*": { "blocked_install_message": "Custom error message.", "install_sources": ["about:addons","https://addons.mozilla.org/"], "installation_mode": "blocked", "allowed_types": ["extension"] }, "uBlock0@raymondhill.net": { "installation_mode": "force_installed", "install_url": "https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi" }, "https-everywhere@eff.org": { "installation_mode": "allowed" } }</Value>
472 <Entry type="4" type_name="REG_DWORD">
473 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
474 <ValueName>ExtensionUpdate</ValueName>
477 <Entry type="4" type_name="REG_DWORD">
478 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
479 <ValueName>SearchSuggestEnabled</ValueName>
482 <Entry type="4" type_name="REG_DWORD">
483 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
484 <ValueName>AppAutoUpdate</ValueName>
487 <Entry type="1" type_name="REG_SZ">
488 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
489 <ValueName>AppUpdateURL</ValueName>
490 <Value>https://yoursite.com</Value>
492 <Entry type="4" type_name="REG_DWORD">
493 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
494 <ValueName>BlockAboutAddons</ValueName>
497 <Entry type="4" type_name="REG_DWORD">
498 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
499 <ValueName>BlockAboutConfig</ValueName>
502 <Entry type="4" type_name="REG_DWORD">
503 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
504 <ValueName>BlockAboutProfiles</ValueName>
507 <Entry type="4" type_name="REG_DWORD">
508 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
509 <ValueName>BlockAboutSupport</ValueName>
512 <Entry type="4" type_name="REG_DWORD">
513 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
514 <ValueName>CaptivePortal</ValueName>
517 <Entry type="2" type_name="REG_EXPAND_SZ">
518 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
519 <ValueName>DefaultDownloadDirectory</ValueName>
520 <Value>${home}/Downloads</Value>
522 <Entry type="4" type_name="REG_DWORD">
523 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
524 <ValueName>DisableAppUpdate</ValueName>
527 <Entry type="4" type_name="REG_DWORD">
528 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
529 <ValueName>DisableBuiltinPDFViewer</ValueName>
532 <Entry type="4" type_name="REG_DWORD">
533 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
534 <ValueName>DisableDefaultBrowserAgent</ValueName>
537 <Entry type="4" type_name="REG_DWORD">
538 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
539 <ValueName>DisableDeveloperTools</ValueName>
542 <Entry type="4" type_name="REG_DWORD">
543 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
544 <ValueName>DisableFeedbackCommands</ValueName>
547 <Entry type="4" type_name="REG_DWORD">
548 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
549 <ValueName>DisableFirefoxAccounts</ValueName>
552 <Entry type="4" type_name="REG_DWORD">
553 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
554 <ValueName>DisableFirefoxScreenshots</ValueName>
557 <Entry type="4" type_name="REG_DWORD">
558 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
559 <ValueName>DisableFirefoxStudies</ValueName>
562 <Entry type="4" type_name="REG_DWORD">
563 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
564 <ValueName>DisableForgetButton</ValueName>
567 <Entry type="4" type_name="REG_DWORD">
568 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
569 <ValueName>DisableFormHistory</ValueName>
572 <Entry type="4" type_name="REG_DWORD">
573 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
574 <ValueName>DisableMasterPasswordCreation</ValueName>
577 <Entry type="4" type_name="REG_DWORD">
578 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
579 <ValueName>DisablePasswordReveal</ValueName>
582 <Entry type="4" type_name="REG_DWORD">
583 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
584 <ValueName>DisablePocket</ValueName>
587 <Entry type="4" type_name="REG_DWORD">
588 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
589 <ValueName>DisablePrivateBrowsing</ValueName>
592 <Entry type="4" type_name="REG_DWORD">
593 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
594 <ValueName>DisableProfileImport</ValueName>
597 <Entry type="4" type_name="REG_DWORD">
598 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
599 <ValueName>DisableProfileRefresh</ValueName>
602 <Entry type="4" type_name="REG_DWORD">
603 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
604 <ValueName>DisableSafeMode</ValueName>
607 <Entry type="4" type_name="REG_DWORD">
608 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
609 <ValueName>DisableSetDesktopBackground</ValueName>
612 <Entry type="4" type_name="REG_DWORD">
613 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
614 <ValueName>DisableSystemAddonUpdate</ValueName>
617 <Entry type="4" type_name="REG_DWORD">
618 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
619 <ValueName>DisableTelemetry</ValueName>
622 <Entry type="4" type_name="REG_DWORD">
623 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
624 <ValueName>DisplayBookmarksToolbar</ValueName>
627 <Entry type="1" type_name="REG_SZ">
628 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
629 <ValueName>DisplayMenuBar</ValueName>
630 <Value>default-on</Value>
632 <Entry type="4" type_name="REG_DWORD">
633 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
634 <ValueName>DontCheckDefaultBrowser</ValueName>
637 <Entry type="2" type_name="REG_EXPAND_SZ">
638 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
639 <ValueName>DownloadDirectory</ValueName>
640 <Value>${home}/Downloads</Value>
642 <Entry type="7" type_name="REG_MULTI_SZ">
643 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
644 <ValueName>Handlers</ValueName>
645 <Value>{ "mimeTypes": { "application/msword": { "action": "useSystemDefault", "ask": true } }, "schemes": { "mailto": { "action": "useHelperApp", "ask": true, "handlers": [{ "name": "Gmail", "uriTemplate": "https://mail.google.com/mail/?extsrc=mailto&url=%s" }] } }, "extensions": { "pdf": { "action": "useHelperApp", "ask": true, "handlers": [{ "name": "Adobe Acrobat", "path": "/usr/bin/acroread" }] } } }</Value>
647 <Entry type="4" type_name="REG_DWORD">
648 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
649 <ValueName>HardwareAcceleration</ValueName>
652 <Entry type="7" type_name="REG_MULTI_SZ">
653 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
654 <ValueName>ManagedBookmarks</ValueName>
655 <Value>[ { "toplevel_name": "My managed bookmarks folder" }, { "url": "example.com", "name": "Example" }, { "name": "Mozilla links", "children": [ { "url": "https://mozilla.org", "name": "Mozilla.org" }, { "url": "https://support.mozilla.org/", "name": "SUMO" } ] } ]</Value>
657 <Entry type="4" type_name="REG_DWORD">
658 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
659 <ValueName>NetworkPrediction</ValueName>
662 <Entry type="4" type_name="REG_DWORD">
663 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
664 <ValueName>NewTabPage</ValueName>
667 <Entry type="4" type_name="REG_DWORD">
668 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
669 <ValueName>NoDefaultBookmarks</ValueName>
672 <Entry type="4" type_name="REG_DWORD">
673 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
674 <ValueName>OfferToSaveLogins</ValueName>
677 <Entry type="4" type_name="REG_DWORD">
678 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
679 <ValueName>OfferToSaveLoginsDefault</ValueName>
682 <Entry type="1" type_name="REG_SZ">
683 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
684 <ValueName>OverrideFirstRunPage</ValueName>
685 <Value>http://example.org</Value>
687 <Entry type="1" type_name="REG_SZ">
688 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
689 <ValueName>OverridePostUpdatePage</ValueName>
690 <Value>http://example.org</Value>
692 <Entry type="4" type_name="REG_DWORD">
693 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
694 <ValueName>PasswordManagerEnabled</ValueName>
697 <Entry type="7" type_name="REG_MULTI_SZ">
698 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
699 <ValueName>Preferences</ValueName>
700 <Value>{ "accessibility.force_disabled": { "Value": 1, "Status": "default" }, "browser.cache.disk.parent_directory": { "Value": "SOME_NATIVE_PATH", "Status": "user" }, "browser.tabs.warnOnClose": { "Value": false, "Status": "locked" } }</Value>
702 <Entry type="4" type_name="REG_DWORD">
703 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
704 <ValueName>PrimaryPassword</ValueName>
707 <Entry type="4" type_name="REG_DWORD">
708 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
709 <ValueName>PromptForDownloadLocation</ValueName>
712 <Entry type="1" type_name="REG_SZ">
713 <Key>Software\\Policies\\Mozilla\\Firefox\\RequestedLocales</Key>
714 <ValueName>**delvals.</ValueName>
717 <Entry type="1" type_name="REG_SZ">
718 <Key>Software\\Policies\\Mozilla\\Firefox\\RequestedLocales</Key>
719 <ValueName>1</ValueName>
722 <Entry type="1" type_name="REG_SZ">
723 <Key>Software\\Policies\\Mozilla\\Firefox\\RequestedLocales</Key>
724 <ValueName>2</ValueName>
727 <Entry type="1" type_name="REG_SZ">
728 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
729 <ValueName>SSLVersionMax</ValueName>
730 <Value>tls1.3</Value>
732 <Entry type="1" type_name="REG_SZ">
733 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
734 <ValueName>SSLVersionMin</ValueName>
735 <Value>tls1.3</Value>
737 <Entry type="1" type_name="REG_SZ">
738 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
739 <ValueName>SearchBar</ValueName>
740 <Value>unified</Value>
742 <Entry type="4" type_name="REG_DWORD">
743 <Key>Software\\Policies\\Mozilla\\Firefox\\Authentication</Key>
744 <ValueName>Locked</ValueName>
747 <Entry type="4" type_name="REG_DWORD">
748 <Key>Software\\Policies\\Mozilla\\Firefox\\Authentication</Key>
749 <ValueName>PrivateBrowsing</ValueName>
752 <Entry type="4" type_name="REG_DWORD">
753 <Key>Software\\Policies\\Mozilla\\Firefox\\Authentication\\AllowNonFQDN</Key>
754 <ValueName>NTLM</ValueName>
757 <Entry type="4" type_name="REG_DWORD">
758 <Key>Software\\Policies\\Mozilla\\Firefox\\Authentication\\AllowNonFQDN</Key>
759 <ValueName>SPNEGO</ValueName>
762 <Entry type="4" type_name="REG_DWORD">
763 <Key>Software\\Policies\\Mozilla\\Firefox\\Authentication\\AllowProxies</Key>
764 <ValueName>NTLM</ValueName>
767 <Entry type="4" type_name="REG_DWORD">
768 <Key>Software\\Policies\\Mozilla\\Firefox\\Authentication\\AllowProxies</Key>
769 <ValueName>SPNEGO</ValueName>
772 <Entry type="1" type_name="REG_SZ">
773 <Key>Software\\Policies\\Mozilla\\Firefox\\Authentication\\Delegated</Key>
774 <ValueName>**delvals.</ValueName>
777 <Entry type="1" type_name="REG_SZ">
778 <Key>Software\\Policies\\Mozilla\\Firefox\\Authentication\\Delegated</Key>
779 <ValueName>1</ValueName>
780 <Value>mydomain.com</Value>
782 <Entry type="1" type_name="REG_SZ">
783 <Key>Software\\Policies\\Mozilla\\Firefox\\Authentication\\Delegated</Key>
784 <ValueName>1</ValueName>
785 <Value>https://myotherdomain.com</Value>
787 <Entry type="1" type_name="REG_SZ">
788 <Key>Software\\Policies\\Mozilla\\Firefox\\Authentication\\NTLM</Key>
789 <ValueName>**delvals.</ValueName>
792 <Entry type="1" type_name="REG_SZ">
793 <Key>Software\\Policies\\Mozilla\\Firefox\\Authentication\\NTLM</Key>
794 <ValueName>1</ValueName>
795 <Value>mydomain.com</Value>
797 <Entry type="1" type_name="REG_SZ">
798 <Key>Software\\Policies\\Mozilla\\Firefox\\Authentication\\NTLM</Key>
799 <ValueName>1</ValueName>
800 <Value>https://myotherdomain.com</Value>
802 <Entry type="1" type_name="REG_SZ">
803 <Key>Software\\Policies\\Mozilla\\Firefox\\Authentication\\SPNEGO</Key>
804 <ValueName>**delvals.</ValueName>
807 <Entry type="1" type_name="REG_SZ">
808 <Key>Software\\Policies\\Mozilla\\Firefox\\Authentication\\SPNEGO</Key>
809 <ValueName>1</ValueName>
810 <Value>mydomain.com</Value>
812 <Entry type="1" type_name="REG_SZ">
813 <Key>Software\\Policies\\Mozilla\\Firefox\\Authentication\\SPNEGO</Key>
814 <ValueName>1</ValueName>
815 <Value>https://myotherdomain.com</Value>
817 <Entry type="1" type_name="REG_SZ">
818 <Key>Software\\Policies\\Mozilla\\Firefox\\Bookmarks\\1</Key>
819 <ValueName>Title</ValueName>
820 <Value>Example</Value>
822 <Entry type="1" type_name="REG_SZ">
823 <Key>Software\\Policies\\Mozilla\\Firefox\\Bookmarks\\1</Key>
824 <ValueName>URL</ValueName>
825 <Value>https://example.com</Value>
827 <Entry type="1" type_name="REG_SZ">
828 <Key>Software\\Policies\\Mozilla\\Firefox\\Bookmarks\\1</Key>
829 <ValueName>Favicon</ValueName>
830 <Value>https://example.com/favicon.ico</Value>
832 <Entry type="1" type_name="REG_SZ">
833 <Key>Software\\Policies\\Mozilla\\Firefox\\Bookmarks\\1</Key>
834 <ValueName>Placement</ValueName>
837 <Entry type="1" type_name="REG_SZ">
838 <Key>Software\\Policies\\Mozilla\\Firefox\\Bookmarks\\1</Key>
839 <ValueName>Folder</ValueName>
840 <Value>FolderName</Value>
842 <Entry type="1" type_name="REG_SZ">
843 <Key>Software\\Policies\\Mozilla\\Firefox\\Bookmarks\\10</Key>
844 <ValueName>Title</ValueName>
847 <Entry type="1" type_name="REG_SZ">
848 <Key>Software\\Policies\\Mozilla\\Firefox\\Bookmarks\\10</Key>
849 <ValueName>URL</ValueName>
850 <Value>www.samba.org</Value>
852 <Entry type="1" type_name="REG_SZ">
853 <Key>Software\\Policies\\Mozilla\\Firefox\\Bookmarks\\10</Key>
854 <ValueName>Favicon</ValueName>
857 <Entry type="1" type_name="REG_SZ">
858 <Key>Software\\Policies\\Mozilla\\Firefox\\Bookmarks\\10</Key>
859 <ValueName>Placement</ValueName>
860 <Value>toolbar</Value>
862 <Entry type="1" type_name="REG_SZ">
863 <Key>Software\\Policies\\Mozilla\\Firefox\\Bookmarks\\10</Key>
864 <ValueName>Folder</ValueName>
867 <Entry type="1" type_name="REG_SZ">
868 <Key>Software\\Policies\\Mozilla\\Firefox\\Cookies</Key>
869 <ValueName>AcceptThirdParty</ValueName>
872 <Entry type="4" type_name="REG_DWORD">
873 <Key>Software\\Policies\\Mozilla\\Firefox\\Cookies</Key>
874 <ValueName>Default</ValueName>
877 <Entry type="4" type_name="REG_DWORD">
878 <Key>Software\\Policies\\Mozilla\\Firefox\\Cookies</Key>
879 <ValueName>ExpireAtSessionEnd</ValueName>
882 <Entry type="4" type_name="REG_DWORD">
883 <Key>Software\\Policies\\Mozilla\\Firefox\\Cookies</Key>
884 <ValueName>Locked</ValueName>
887 <Entry type="4" type_name="REG_DWORD">
888 <Key>Software\\Policies\\Mozilla\\Firefox\\Cookies</Key>
889 <ValueName>RejectTracker</ValueName>
892 <Entry type="1" type_name="REG_SZ">
893 <Key>Software\\Policies\\Mozilla\\Firefox\\Cookies\\Allow</Key>
894 <ValueName>**delvals.</ValueName>
897 <Entry type="1" type_name="REG_SZ">
898 <Key>Software\\Policies\\Mozilla\\Firefox\\Cookies\\Allow</Key>
899 <ValueName>1</ValueName>
900 <Value>http://example.org/</Value>
902 <Entry type="1" type_name="REG_SZ">
903 <Key>Software\\Policies\\Mozilla\\Firefox\\Cookies\\AllowSession</Key>
904 <ValueName>**delvals.</ValueName>
907 <Entry type="1" type_name="REG_SZ">
908 <Key>Software\\Policies\\Mozilla\\Firefox\\Cookies\\AllowSession</Key>
909 <ValueName>1</ValueName>
910 <Value>http://example.edu/</Value>
912 <Entry type="1" type_name="REG_SZ">
913 <Key>Software\\Policies\\Mozilla\\Firefox\\Cookies\\Block</Key>
914 <ValueName>**delvals.</ValueName>
917 <Entry type="1" type_name="REG_SZ">
918 <Key>Software\\Policies\\Mozilla\\Firefox\\Cookies\\Block</Key>
919 <ValueName>1</ValueName>
920 <Value>http://example.edu/</Value>
922 <Entry type="4" type_name="REG_DWORD">
923 <Key>Software\\Policies\\Mozilla\\Firefox\\DisabledCiphers</Key>
924 <ValueName>TLS_DHE_RSA_WITH_AES_128_CBC_SHA</ValueName>
927 <Entry type="4" type_name="REG_DWORD">
928 <Key>Software\\Policies\\Mozilla\\Firefox\\DisabledCiphers</Key>
929 <ValueName>TLS_DHE_RSA_WITH_AES_256_CBC_SHA</ValueName>
932 <Entry type="4" type_name="REG_DWORD">
933 <Key>Software\\Policies\\Mozilla\\Firefox\\DisabledCiphers</Key>
934 <ValueName>TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256</ValueName>
937 <Entry type="4" type_name="REG_DWORD">
938 <Key>Software\\Policies\\Mozilla\\Firefox\\DisabledCiphers</Key>
939 <ValueName>TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA</ValueName>
942 <Entry type="4" type_name="REG_DWORD">
943 <Key>Software\\Policies\\Mozilla\\Firefox\\DisabledCiphers</Key>
944 <ValueName>TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256</ValueName>
947 <Entry type="4" type_name="REG_DWORD">
948 <Key>Software\\Policies\\Mozilla\\Firefox\\DisabledCiphers</Key>
949 <ValueName>TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA</ValueName>
952 <Entry type="4" type_name="REG_DWORD">
953 <Key>Software\\Policies\\Mozilla\\Firefox\\DisabledCiphers</Key>
954 <ValueName>TLS_RSA_WITH_3DES_EDE_CBC_SHA</ValueName>
957 <Entry type="4" type_name="REG_DWORD">
958 <Key>Software\\Policies\\Mozilla\\Firefox\\DisabledCiphers</Key>
959 <ValueName>TLS_RSA_WITH_AES_128_CBC_SHA</ValueName>
962 <Entry type="4" type_name="REG_DWORD">
963 <Key>Software\\Policies\\Mozilla\\Firefox\\DisabledCiphers</Key>
964 <ValueName>TLS_RSA_WITH_AES_128_GCM_SHA256</ValueName>
967 <Entry type="4" type_name="REG_DWORD">
968 <Key>Software\\Policies\\Mozilla\\Firefox\\DisabledCiphers</Key>
969 <ValueName>TLS_RSA_WITH_AES_256_CBC_SHA</ValueName>
972 <Entry type="4" type_name="REG_DWORD">
973 <Key>Software\\Policies\\Mozilla\\Firefox\\DisabledCiphers</Key>
974 <ValueName>TLS_RSA_WITH_AES_256_GCM_SHA384</ValueName>
977 <Entry type="4" type_name="REG_DWORD">
978 <Key>Software\\Policies\\Mozilla\\Firefox\\DisableSecurityBypass</Key>
979 <ValueName>InvalidCertificate</ValueName>
982 <Entry type="4" type_name="REG_DWORD">
983 <Key>Software\\Policies\\Mozilla\\Firefox\\DisableSecurityBypass</Key>
984 <ValueName>SafeBrowsing</ValueName>
987 <Entry type="4" type_name="REG_DWORD">
988 <Key>Software\\Policies\\Mozilla\\Firefox\\DNSOverHTTPS</Key>
989 <ValueName>Enabled</ValueName>
992 <Entry type="4" type_name="REG_DWORD">
993 <Key>Software\\Policies\\Mozilla\\Firefox\\DNSOverHTTPS</Key>
994 <ValueName>Locked</ValueName>
997 <Entry type="1" type_name="REG_SZ">
998 <Key>Software\\Policies\\Mozilla\\Firefox\\DNSOverHTTPS</Key>
999 <ValueName>ProviderURL</ValueName>
1000 <Value>URL_TO_ALTERNATE_PROVIDER</Value>
1002 <Entry type="1" type_name="REG_SZ">
1003 <Key>Software\\Policies\\Mozilla\\Firefox\\DNSOverHTTPS\\ExcludedDomains</Key>
1004 <ValueName>**delvals.</ValueName>
1007 <Entry type="1" type_name="REG_SZ">
1008 <Key>Software\\Policies\\Mozilla\\Firefox\\DNSOverHTTPS\\ExcludedDomains</Key>
1009 <ValueName>1</ValueName>
1010 <Value>example.com</Value>
1012 <Entry type="4" type_name="REG_DWORD">
1013 <Key>Software\\Policies\\Mozilla\\Firefox\\EnableTrackingProtection</Key>
1014 <ValueName>Value</ValueName>
1017 <Entry type="4" type_name="REG_DWORD">
1018 <Key>Software\\Policies\\Mozilla\\Firefox\\EnableTrackingProtection</Key>
1019 <ValueName>Cryptomining</ValueName>
1022 <Entry type="4" type_name="REG_DWORD">
1023 <Key>Software\\Policies\\Mozilla\\Firefox\\EnableTrackingProtection</Key>
1024 <ValueName>Fingerprinting</ValueName>
1027 <Entry type="4" type_name="REG_DWORD">
1028 <Key>Software\\Policies\\Mozilla\\Firefox\\EnableTrackingProtection</Key>
1029 <ValueName>Locked</ValueName>
1032 <Entry type="1" type_name="REG_SZ">
1033 <Key>Software\\Policies\\Mozilla\\Firefox\\EnableTrackingProtection\\Exceptions</Key>
1034 <ValueName>**delvals.</ValueName>
1037 <Entry type="1" type_name="REG_SZ">
1038 <Key>Software\\Policies\\Mozilla\\Firefox\\EnableTrackingProtection\\Exceptions</Key>
1039 <ValueName>1</ValueName>
1040 <Value>https://example.com</Value>
1042 <Entry type="4" type_name="REG_DWORD">
1043 <Key>Software\\Policies\\Mozilla\\Firefox\\EncryptedMediaExtensions</Key>
1044 <ValueName>Enabled</ValueName>
1047 <Entry type="4" type_name="REG_DWORD">
1048 <Key>Software\\Policies\\Mozilla\\Firefox\\EncryptedMediaExtensions</Key>
1049 <ValueName>Locked</ValueName>
1052 <Entry type="1" type_name="REG_SZ">
1053 <Key>Software\\Policies\\Mozilla\\Firefox\\Extensions\\Install</Key>
1054 <ValueName>**delvals.</ValueName>
1057 <Entry type="2" type_name="REG_EXPAND_SZ">
1058 <Key>Software\\Policies\\Mozilla\\Firefox\\Extensions\\Install</Key>
1059 <ValueName>1</ValueName>
1060 <Value>https://addons.mozilla.org/firefox/downloads/somefile.xpi</Value>
1062 <Entry type="2" type_name="REG_EXPAND_SZ">
1063 <Key>Software\\Policies\\Mozilla\\Firefox\\Extensions\\Install</Key>
1064 <ValueName>2</ValueName>
1065 <Value>//path/to/xpi</Value>
1067 <Entry type="1" type_name="REG_SZ">
1068 <Key>Software\\Policies\\Mozilla\\Firefox\\Extensions\\Locked</Key>
1069 <ValueName>**delvals.</ValueName>
1072 <Entry type="1" type_name="REG_SZ">
1073 <Key>Software\\Policies\\Mozilla\\Firefox\\Extensions\\Locked</Key>
1074 <ValueName>1</ValueName>
1075 <Value>addon_id@mozilla.org</Value>
1077 <Entry type="1" type_name="REG_SZ">
1078 <Key>Software\\Policies\\Mozilla\\Firefox\\Extensions\\Uninstall</Key>
1079 <ValueName>**delvals.</ValueName>
1082 <Entry type="1" type_name="REG_SZ">
1083 <Key>Software\\Policies\\Mozilla\\Firefox\\Extensions\\Uninstall</Key>
1084 <ValueName>1</ValueName>
1085 <Value>bad_addon_id@mozilla.org</Value>
1087 <Entry type="4" type_name="REG_DWORD">
1088 <Key>Software\\Policies\\Mozilla\\Firefox\\FirefoxHome</Key>
1089 <ValueName>Search</ValueName>
1092 <Entry type="4" type_name="REG_DWORD">
1093 <Key>Software\\Policies\\Mozilla\\Firefox\\FirefoxHome</Key>
1094 <ValueName>TopSites</ValueName>
1097 <Entry type="4" type_name="REG_DWORD">
1098 <Key>Software\\Policies\\Mozilla\\Firefox\\FirefoxHome</Key>
1099 <ValueName>Highlights</ValueName>
1102 <Entry type="4" type_name="REG_DWORD">
1103 <Key>Software\\Policies\\Mozilla\\Firefox\\FirefoxHome</Key>
1104 <ValueName>Pocket</ValueName>
1107 <Entry type="4" type_name="REG_DWORD">
1108 <Key>Software\\Policies\\Mozilla\\Firefox\\FirefoxHome</Key>
1109 <ValueName>Snippets</ValueName>
1112 <Entry type="4" type_name="REG_DWORD">
1113 <Key>Software\\Policies\\Mozilla\\Firefox\\FirefoxHome</Key>
1114 <ValueName>Locked</ValueName>
1117 <Entry type="4" type_name="REG_DWORD">
1118 <Key>Software\\Policies\\Mozilla\\Firefox\\FlashPlugin</Key>
1119 <ValueName>Default</ValueName>
1122 <Entry type="4" type_name="REG_DWORD">
1123 <Key>Software\\Policies\\Mozilla\\Firefox\\FlashPlugin</Key>
1124 <ValueName>Locked</ValueName>
1127 <Entry type="1" type_name="REG_SZ">
1128 <Key>Software\\Policies\\Mozilla\\Firefox\\FlashPlugin\\Allow</Key>
1129 <ValueName>**delvals.</ValueName>
1132 <Entry type="1" type_name="REG_SZ">
1133 <Key>Software\\Policies\\Mozilla\\Firefox\\FlashPlugin\\Allow</Key>
1134 <ValueName>1</ValueName>
1135 <Value>http://example.org/</Value>
1137 <Entry type="1" type_name="REG_SZ">
1138 <Key>Software\\Policies\\Mozilla\\Firefox\\FlashPlugin\\Block</Key>
1139 <ValueName>**delvals.</ValueName>
1142 <Entry type="1" type_name="REG_SZ">
1143 <Key>Software\\Policies\\Mozilla\\Firefox\\FlashPlugin\\Block</Key>
1144 <ValueName>1</ValueName>
1145 <Value>http://example.edu/</Value>
1147 <Entry type="1" type_name="REG_SZ">
1148 <Key>Software\\Policies\\Mozilla\\Firefox\\Homepage</Key>
1149 <ValueName>StartPage</ValueName>
1150 <Value>homepage</Value>
1152 <Entry type="1" type_name="REG_SZ">
1153 <Key>Software\\Policies\\Mozilla\\Firefox\\Homepage</Key>
1154 <ValueName>URL</ValueName>
1155 <Value>http://example.com/</Value>
1157 <Entry type="4" type_name="REG_DWORD">
1158 <Key>Software\\Policies\\Mozilla\\Firefox\\Homepage</Key>
1159 <ValueName>Locked</ValueName>
1162 <Entry type="1" type_name="REG_SZ">
1163 <Key>Software\\Policies\\Mozilla\\Firefox\\Homepage\\Additional</Key>
1164 <ValueName>**delvals.</ValueName>
1167 <Entry type="1" type_name="REG_SZ">
1168 <Key>Software\\Policies\\Mozilla\\Firefox\\Homepage\\Additional</Key>
1169 <ValueName>1</ValueName>
1170 <Value>http://example.org/</Value>
1172 <Entry type="1" type_name="REG_SZ">
1173 <Key>Software\\Policies\\Mozilla\\Firefox\\Homepage\\Additional</Key>
1174 <ValueName>2</ValueName>
1175 <Value>http://example.edu/</Value>
1177 <Entry type="4" type_name="REG_DWORD">
1178 <Key>Software\\Policies\\Mozilla\\Firefox\\InstallAddonsPermission</Key>
1179 <ValueName>Default</ValueName>
1182 <Entry type="1" type_name="REG_SZ">
1183 <Key>Software\\Policies\\Mozilla\\Firefox\\InstallAddonsPermission\\Allow</Key>
1184 <ValueName>**delvals.</ValueName>
1187 <Entry type="1" type_name="REG_SZ">
1188 <Key>Software\\Policies\\Mozilla\\Firefox\\InstallAddonsPermission\\Allow</Key>
1189 <ValueName>1</ValueName>
1190 <Value>http://example.org/</Value>
1192 <Entry type="1" type_name="REG_SZ">
1193 <Key>Software\\Policies\\Mozilla\\Firefox\\InstallAddonsPermission\\Allow</Key>
1194 <ValueName>2</ValueName>
1195 <Value>http://example.edu/</Value>
1197 <Entry type="1" type_name="REG_SZ">
1198 <Key>Software\\Policies\\Mozilla\\Firefox\\LocalFileLinks</Key>
1199 <ValueName>**delvals.</ValueName>
1202 <Entry type="1" type_name="REG_SZ">
1203 <Key>Software\\Policies\\Mozilla\\Firefox\\LocalFileLinks</Key>
1204 <ValueName>1</ValueName>
1205 <Value>http://example.org/</Value>
1207 <Entry type="1" type_name="REG_SZ">
1208 <Key>Software\\Policies\\Mozilla\\Firefox\\LocalFileLinks</Key>
1209 <ValueName>2</ValueName>
1210 <Value>http://example.edu/</Value>
1212 <Entry type="4" type_name="REG_DWORD">
1213 <Key>Software\\Policies\\Mozilla\\Firefox\\PDFjs</Key>
1214 <ValueName>EnablePermissions</ValueName>
1217 <Entry type="4" type_name="REG_DWORD">
1218 <Key>Software\\Policies\\Mozilla\\Firefox\\PDFjs</Key>
1219 <ValueName>Enabled</ValueName>
1222 <Entry type="1" type_name="REG_SZ">
1223 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Autoplay</Key>
1224 <ValueName>Default</ValueName>
1225 <Value>block-audio</Value>
1227 <Entry type="4" type_name="REG_DWORD">
1228 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Autoplay</Key>
1229 <ValueName>Locked</ValueName>
1232 <Entry type="1" type_name="REG_SZ">
1233 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Autoplay\\Allow</Key>
1234 <ValueName>**delvals.</ValueName>
1237 <Entry type="1" type_name="REG_SZ">
1238 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Autoplay\\Allow</Key>
1239 <ValueName>1</ValueName>
1240 <Value>https://example.org</Value>
1242 <Entry type="1" type_name="REG_SZ">
1243 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Autoplay\\Block</Key>
1244 <ValueName>**delvals.</ValueName>
1247 <Entry type="1" type_name="REG_SZ">
1248 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Autoplay\\Block</Key>
1249 <ValueName>1</ValueName>
1250 <Value>https://example.edu</Value>
1252 <Entry type="4" type_name="REG_DWORD">
1253 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Camera</Key>
1254 <ValueName>BlockNewRequests</ValueName>
1257 <Entry type="4" type_name="REG_DWORD">
1258 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Camera</Key>
1259 <ValueName>Locked</ValueName>
1262 <Entry type="1" type_name="REG_SZ">
1263 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Camera\\Allow</Key>
1264 <ValueName>**delvals.</ValueName>
1267 <Entry type="1" type_name="REG_SZ">
1268 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Camera\\Allow</Key>
1269 <ValueName>1</ValueName>
1270 <Value>https://example.org</Value>
1272 <Entry type="1" type_name="REG_SZ">
1273 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Camera\\Allow</Key>
1274 <ValueName>2</ValueName>
1275 <Value>https://example.org:1234</Value>
1277 <Entry type="1" type_name="REG_SZ">
1278 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Camera\\Block</Key>
1279 <ValueName>**delvals.</ValueName>
1282 <Entry type="1" type_name="REG_SZ">
1283 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Camera\\Block</Key>
1284 <ValueName>1</ValueName>
1285 <Value>https://example.edu</Value>
1287 <Entry type="4" type_name="REG_DWORD">
1288 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Location</Key>
1289 <ValueName>BlockNewRequests</ValueName>
1292 <Entry type="4" type_name="REG_DWORD">
1293 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Location</Key>
1294 <ValueName>Locked</ValueName>
1297 <Entry type="1" type_name="REG_SZ">
1298 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Location\\Allow</Key>
1299 <ValueName>**delvals.</ValueName>
1302 <Entry type="1" type_name="REG_SZ">
1303 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Location\\Allow</Key>
1304 <ValueName>1</ValueName>
1305 <Value>https://example.org</Value>
1307 <Entry type="1" type_name="REG_SZ">
1308 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Location\\Block</Key>
1309 <ValueName>**delvals.</ValueName>
1312 <Entry type="1" type_name="REG_SZ">
1313 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Location\\Block</Key>
1314 <ValueName>1</ValueName>
1315 <Value>https://example.edu</Value>
1317 <Entry type="4" type_name="REG_DWORD">
1318 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Microphone</Key>
1319 <ValueName>BlockNewRequests</ValueName>
1322 <Entry type="4" type_name="REG_DWORD">
1323 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Microphone</Key>
1324 <ValueName>Locked</ValueName>
1327 <Entry type="1" type_name="REG_SZ">
1328 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Microphone\\Allow</Key>
1329 <ValueName>**delvals.</ValueName>
1332 <Entry type="1" type_name="REG_SZ">
1333 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Microphone\\Allow</Key>
1334 <ValueName>1</ValueName>
1335 <Value>https://example.org</Value>
1337 <Entry type="1" type_name="REG_SZ">
1338 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Microphone\\Block</Key>
1339 <ValueName>**delvals.</ValueName>
1342 <Entry type="1" type_name="REG_SZ">
1343 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Microphone\\Block</Key>
1344 <ValueName>1</ValueName>
1345 <Value>https://example.edu</Value>
1347 <Entry type="4" type_name="REG_DWORD">
1348 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Notifications</Key>
1349 <ValueName>BlockNewRequests</ValueName>
1352 <Entry type="4" type_name="REG_DWORD">
1353 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Notifications</Key>
1354 <ValueName>Locked</ValueName>
1357 <Entry type="1" type_name="REG_SZ">
1358 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Notifications\\Allow</Key>
1359 <ValueName>**delvals.</ValueName>
1362 <Entry type="1" type_name="REG_SZ">
1363 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Notifications\\Allow</Key>
1364 <ValueName>1</ValueName>
1365 <Value>https://example.org</Value>
1367 <Entry type="1" type_name="REG_SZ">
1368 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Notifications\\Block</Key>
1369 <ValueName>**delvals.</ValueName>
1372 <Entry type="1" type_name="REG_SZ">
1373 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Notifications\\Block</Key>
1374 <ValueName>1</ValueName>
1375 <Value>https://example.edu</Value>
1377 <Entry type="4" type_name="REG_DWORD">
1378 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\VirtualReality</Key>
1379 <ValueName>BlockNewRequests</ValueName>
1382 <Entry type="4" type_name="REG_DWORD">
1383 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\VirtualReality</Key>
1384 <ValueName>Locked</ValueName>
1387 <Entry type="1" type_name="REG_SZ">
1388 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\VirtualReality\\Allow</Key>
1389 <ValueName>**delvals.</ValueName>
1392 <Entry type="1" type_name="REG_SZ">
1393 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\VirtualReality\\Allow</Key>
1394 <ValueName>1</ValueName>
1395 <Value>https://example.org</Value>
1397 <Entry type="1" type_name="REG_SZ">
1398 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\VirtualReality\\Block</Key>
1399 <ValueName>**delvals.</ValueName>
1402 <Entry type="1" type_name="REG_SZ">
1403 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\VirtualReality\\Block</Key>
1404 <ValueName>1</ValueName>
1405 <Value>https://example.edu</Value>
1407 <Entry type="4" type_name="REG_DWORD">
1408 <Key>Software\\Policies\\Mozilla\\Firefox\\PictureInPicture</Key>
1409 <ValueName>Enabled</ValueName>
1412 <Entry type="4" type_name="REG_DWORD">
1413 <Key>Software\\Policies\\Mozilla\\Firefox\\PictureInPicture</Key>
1414 <ValueName>Locked</ValueName>
1417 <Entry type="4" type_name="REG_DWORD">
1418 <Key>Software\\Policies\\Mozilla\\Firefox\\PopupBlocking</Key>
1419 <ValueName>Default</ValueName>
1422 <Entry type="4" type_name="REG_DWORD">
1423 <Key>Software\\Policies\\Mozilla\\Firefox\\PopupBlocking</Key>
1424 <ValueName>Locked</ValueName>
1427 <Entry type="1" type_name="REG_SZ">
1428 <Key>Software\\Policies\\Mozilla\\Firefox\\PopupBlocking\\Allow</Key>
1429 <ValueName>**delvals.</ValueName>
1432 <Entry type="1" type_name="REG_SZ">
1433 <Key>Software\\Policies\\Mozilla\\Firefox\\PopupBlocking\\Allow</Key>
1434 <ValueName>1</ValueName>
1435 <Value>http://example.org/</Value>
1437 <Entry type="1" type_name="REG_SZ">
1438 <Key>Software\\Policies\\Mozilla\\Firefox\\PopupBlocking\\Allow</Key>
1439 <ValueName>2</ValueName>
1440 <Value>http://example.edu/</Value>
1442 <Entry type="4" type_name="REG_DWORD">
1443 <Key>Software\\Policies\\Mozilla\\Firefox\\Proxy</Key>
1444 <ValueName>Locked</ValueName>
1447 <Entry type="1" type_name="REG_SZ">
1448 <Key>Software\\Policies\\Mozilla\\Firefox\\Proxy</Key>
1449 <ValueName>Mode</ValueName>
1450 <Value>autoDetect</Value>
1452 <Entry type="1" type_name="REG_SZ">
1453 <Key>Software\\Policies\\Mozilla\\Firefox\\Proxy</Key>
1454 <ValueName>HTTPProxy</ValueName>
1455 <Value>hostname</Value>
1457 <Entry type="4" type_name="REG_DWORD">
1458 <Key>Software\\Policies\\Mozilla\\Firefox\\Proxy</Key>
1459 <ValueName>UseHTTPProxyForAllProtocols</ValueName>
1462 <Entry type="1" type_name="REG_SZ">
1463 <Key>Software\\Policies\\Mozilla\\Firefox\\Proxy</Key>
1464 <ValueName>SSLProxy</ValueName>
1465 <Value>hostname</Value>
1467 <Entry type="1" type_name="REG_SZ">
1468 <Key>Software\\Policies\\Mozilla\\Firefox\\Proxy</Key>
1469 <ValueName>FTPProxy</ValueName>
1470 <Value>hostname</Value>
1472 <Entry type="1" type_name="REG_SZ">
1473 <Key>Software\\Policies\\Mozilla\\Firefox\\Proxy</Key>
1474 <ValueName>SOCKSProxy</ValueName>
1475 <Value>hostname</Value>
1477 <Entry type="4" type_name="REG_DWORD">
1478 <Key>Software\\Policies\\Mozilla\\Firefox\\Proxy</Key>
1479 <ValueName>SOCKSVersion</ValueName>
1482 <Entry type="1" type_name="REG_SZ">
1483 <Key>Software\\Policies\\Mozilla\\Firefox\\Proxy</Key>
1484 <ValueName>Passthrough</ValueName>
1485 <Value><local></Value>
1487 <Entry type="1" type_name="REG_SZ">
1488 <Key>Software\\Policies\\Mozilla\\Firefox\\Proxy</Key>
1489 <ValueName>AutoConfigURL</ValueName>
1490 <Value>URL_TO_AUTOCONFIG</Value>
1492 <Entry type="4" type_name="REG_DWORD">
1493 <Key>Software\\Policies\\Mozilla\\Firefox\\Proxy</Key>
1494 <ValueName>AutoLogin</ValueName>
1497 <Entry type="4" type_name="REG_DWORD">
1498 <Key>Software\\Policies\\Mozilla\\Firefox\\Proxy</Key>
1499 <ValueName>UseProxyForDNS</ValueName>
1502 <Entry type="4" type_name="REG_DWORD">
1503 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
1504 <ValueName>SanitizeOnShutdown</ValueName>
1507 <Entry type="1" type_name="REG_SZ">
1508 <Key>Software\\Policies\\Mozilla\\Firefox\\SearchEngines</Key>
1509 <ValueName>Default</ValueName>
1510 <Value>Google</Value>
1512 <Entry type="4" type_name="REG_DWORD">
1513 <Key>Software\\Policies\\Mozilla\\Firefox\\SearchEngines</Key>
1514 <ValueName>PreventInstalls</ValueName>
1517 <Entry type="1" type_name="REG_SZ">
1518 <Key>Software\\Policies\\Mozilla\\Firefox\\SearchEngines\\Add\\1</Key>
1519 <ValueName>Name</ValueName>
1520 <Value>Example1</Value>
1522 <Entry type="1" type_name="REG_SZ">
1523 <Key>Software\\Policies\\Mozilla\\Firefox\\SearchEngines\\Add\\1</Key>
1524 <ValueName>URLTemplate</ValueName>
1525 <Value>https://www.example.org/q={searchTerms}</Value>
1527 <Entry type="1" type_name="REG_SZ">
1528 <Key>Software\\Policies\\Mozilla\\Firefox\\SearchEngines\\Add\\1</Key>
1529 <ValueName>Method</ValueName>
1532 <Entry type="1" type_name="REG_SZ">
1533 <Key>Software\\Policies\\Mozilla\\Firefox\\SearchEngines\\Add\\1</Key>
1534 <ValueName>IconURL</ValueName>
1535 <Value>https://www.example.org/favicon.ico</Value>
1537 <Entry type="1" type_name="REG_SZ">
1538 <Key>Software\\Policies\\Mozilla\\Firefox\\SearchEngines\\Add\\1</Key>
1539 <ValueName>Alias</ValueName>
1540 <Value>example</Value>
1542 <Entry type="1" type_name="REG_SZ">
1543 <Key>Software\\Policies\\Mozilla\\Firefox\\SearchEngines\\Add\\1</Key>
1544 <ValueName>Description</ValueName>
1545 <Value>Description</Value>
1547 <Entry type="1" type_name="REG_SZ">
1548 <Key>Software\\Policies\\Mozilla\\Firefox\\SearchEngines\\Add\\1</Key>
1549 <ValueName>SuggestURLTemplate</ValueName>
1550 <Value>https://www.example.org/suggestions/q={searchTerms}</Value>
1552 <Entry type="1" type_name="REG_SZ">
1553 <Key>Software\\Policies\\Mozilla\\Firefox\\SearchEngines\\Add\\1</Key>
1554 <ValueName>PostData</ValueName>
1555 <Value>name=value&q={searchTerms}</Value>
1557 <Entry type="1" type_name="REG_SZ">
1558 <Key>Software\\Policies\\Mozilla\\Firefox\\SearchEngines\\Remove</Key>
1559 <ValueName>**delvals.</ValueName>
1562 <Entry type="1" type_name="REG_SZ">
1563 <Key>Software\\Policies\\Mozilla\\Firefox\\SearchEngines\\Remove</Key>
1564 <ValueName>1</ValueName>
1567 <Entry type="1" type_name="REG_SZ">
1568 <Key>Software\\Policies\\Mozilla\\Firefox\\SupportMenu</Key>
1569 <ValueName>Title</ValueName>
1570 <Value>Support Menu</Value>
1572 <Entry type="1" type_name="REG_SZ">
1573 <Key>Software\\Policies\\Mozilla\\Firefox\\SupportMenu</Key>
1574 <ValueName>URL</ValueName>
1575 <Value>http://example.com/support</Value>
1577 <Entry type="1" type_name="REG_SZ">
1578 <Key>Software\\Policies\\Mozilla\\Firefox\\SupportMenu</Key>
1579 <ValueName>AccessKey</ValueName>
1582 <Entry type="4" type_name="REG_DWORD">
1583 <Key>Software\\Policies\\Mozilla\\Firefox\\UserMessaging</Key>
1584 <ValueName>ExtensionRecommendations</ValueName>
1587 <Entry type="4" type_name="REG_DWORD">
1588 <Key>Software\\Policies\\Mozilla\\Firefox\\UserMessaging</Key>
1589 <ValueName>FeatureRecommendations</ValueName>
1592 <Entry type="4" type_name="REG_DWORD">
1593 <Key>Software\\Policies\\Mozilla\\Firefox\\UserMessaging</Key>
1594 <ValueName>WhatsNew</ValueName>
1597 <Entry type="4" type_name="REG_DWORD">
1598 <Key>Software\\Policies\\Mozilla\\Firefox\\UserMessaging</Key>
1599 <ValueName>UrlbarInterventions</ValueName>
1602 <Entry type="4" type_name="REG_DWORD">
1603 <Key>Software\\Policies\\Mozilla\\Firefox\\UserMessaging</Key>
1604 <ValueName>SkipOnboarding</ValueName>
1607 <Entry type="1" type_name="REG_SZ">
1608 <Key>Software\\Policies\\Mozilla\\Firefox\\WebsiteFilter\\Block</Key>
1609 <ValueName>**delvals.</ValueName>
1612 <Entry type="1" type_name="REG_SZ">
1613 <Key>Software\\Policies\\Mozilla\\Firefox\\WebsiteFilter\\Block</Key>
1614 <ValueName>1</ValueName>
1615 <Value><all_urls></Value>
1617 <Entry type="1" type_name="REG_SZ">
1618 <Key>Software\\Policies\\Mozilla\\Firefox\\WebsiteFilter\\Exceptions</Key>
1619 <ValueName>**delvals.</ValueName>
1622 <Entry type="1" type_name="REG_SZ">
1623 <Key>Software\\Policies\\Mozilla\\Firefox\\WebsiteFilter\\Exceptions</Key>
1624 <ValueName>1</ValueName>
1625 <Value>http://example.org/*</Value>
1627 <Entry type="1" type_name="REG_SZ">
1628 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
1629 <ValueName>AllowedDomainsForApps</ValueName>
1630 <Value>managedfirefox.com,example.com</Value>
1632 <Entry type="4" type_name="REG_DWORD">
1633 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
1634 <ValueName>BackgroundAppUpdate</ValueName>
1637 <Entry type="4" type_name="REG_DWORD">
1638 <Key>Software\\Policies\\Mozilla\\Firefox\\Certificates</Key>
1639 <ValueName>ImportEnterpriseRoots</ValueName>
1642 <Entry type="1" type_name="REG_SZ">
1643 <Key>Software\\Policies\\Mozilla\\Firefox\\Certificates\\Install</Key>
1644 <ValueName>**delvals.</ValueName>
1647 <Entry type="1" type_name="REG_SZ">
1648 <Key>Software\\Policies\\Mozilla\\Firefox\\Certificates\\Install</Key>
1649 <ValueName>1</ValueName>
1650 <Value>cert1.der</Value>
1652 <Entry type="1" type_name="REG_SZ">
1653 <Key>Software\\Policies\\Mozilla\\Firefox\\Certificates\\Install</Key>
1654 <ValueName>2</ValueName>
1655 <Value>/home/username/cert2.pem</Value>
1657 <Entry type="1" type_name="REG_SZ">
1658 <Key>Software\\Policies\\Mozilla\\Firefox\\SecurityDevices</Key>
1659 <ValueName>NAME_OF_DEVICE</ValueName>
1660 <Value>PATH_TO_LIBRARY_FOR_DEVICE</Value>
1662 <Entry type="4" type_name="REG_DWORD">
1663 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
1664 <ValueName>ShowHomeButton</ValueName>
1667 <Entry type="7" type_name="REG_MULTI_SZ">
1668 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
1669 <ValueName>AutoLaunchProtocolsFromOrigins</ValueName>
1670 <Value>[{"protocol": "zoommtg", "allowed_origins": ["https://somesite.zoom.us"]}]</Value>
1675 firefox_json_expected = \
1679 "AppAutoUpdate": true,
1680 "AllowedDomainsForApps": "managedfirefox.com,example.com",
1681 "AppUpdateURL": "https://yoursite.com",
1685 "https://myotherdomain.com"
1689 "https://myotherdomain.com"
1693 "https://myotherdomain.com"
1704 "PrivateBrowsing": true
1706 "AutoLaunchProtocolsFromOrigins": [
1708 "protocol": "zoommtg",
1709 "allowed_origins": [
1710 "https://somesite.zoom.us"
1714 "BackgroundAppUpdate": true,
1715 "BlockAboutAddons": true,
1716 "BlockAboutConfig": true,
1717 "BlockAboutProfiles": true,
1718 "BlockAboutSupport": true,
1722 "URL": "https://example.com",
1723 "Favicon": "https://example.com/favicon.ico",
1724 "Placement": "menu",
1725 "Folder": "FolderName"
1729 "URL": "www.samba.org",
1731 "Placement": "toolbar",
1735 "CaptivePortal": true,
1737 "ImportEnterpriseRoots": true,
1740 "/home/username/cert2.pem"
1745 "http://example.org/"
1748 "http://example.edu/"
1751 "http://example.edu/"
1754 "AcceptThirdParty": "never",
1755 "ExpireAtSessionEnd": true,
1756 "RejectTracker": true,
1759 "DisableSetDesktopBackground": true,
1760 "DisableMasterPasswordCreation": true,
1761 "DisableAppUpdate": true,
1762 "DisableBuiltinPDFViewer": true,
1763 "DisabledCiphers": {
1764 "TLS_DHE_RSA_WITH_AES_128_CBC_SHA": true,
1765 "TLS_DHE_RSA_WITH_AES_256_CBC_SHA": true,
1766 "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA": true,
1767 "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA": true,
1768 "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256": true,
1769 "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256": true,
1770 "TLS_RSA_WITH_AES_128_CBC_SHA": true,
1771 "TLS_RSA_WITH_AES_256_CBC_SHA": true,
1772 "TLS_RSA_WITH_3DES_EDE_CBC_SHA": true,
1773 "TLS_RSA_WITH_AES_128_GCM_SHA256": true,
1774 "TLS_RSA_WITH_AES_256_GCM_SHA384": true
1776 "DisableDefaultBrowserAgent": true,
1777 "DisableDeveloperTools": true,
1778 "DisableFeedbackCommands": true,
1779 "DisableFirefoxScreenshots": true,
1780 "DisableFirefoxAccounts": true,
1781 "DisableFirefoxStudies": true,
1782 "DisableForgetButton": true,
1783 "DisableFormHistory": true,
1784 "DisablePasswordReveal": true,
1785 "DisablePocket": true,
1786 "DisablePrivateBrowsing": true,
1787 "DisableProfileImport": true,
1788 "DisableProfileRefresh": true,
1789 "DisableSafeMode": true,
1790 "DisableSecurityBypass": {
1791 "InvalidCertificate": true,
1792 "SafeBrowsing": true
1794 "DisableSystemAddonUpdate": true,
1795 "DisableTelemetry": true,
1796 "DisplayBookmarksToolbar": true,
1797 "DisplayMenuBar": "default-on",
1800 "ProviderURL": "URL_TO_ALTERNATE_PROVIDER",
1802 "ExcludedDomains": [
1806 "DontCheckDefaultBrowser": true,
1807 "EnableTrackingProtection": {
1810 "Cryptomining": true,
1811 "Fingerprinting": true,
1813 "https://example.com"
1816 "EncryptedMediaExtensions": {
1822 "https://addons.mozilla.org/firefox/downloads/somefile.xpi",
1826 "bad_addon_id@mozilla.org"
1829 "addon_id@mozilla.org"
1832 "ExtensionSettings": {
1834 "blocked_install_message": "Custom error message.",
1835 "install_sources": [
1837 "https://addons.mozilla.org/"
1839 "installation_mode": "blocked",
1844 "uBlock0@raymondhill.net": {
1845 "installation_mode": "force_installed",
1846 "install_url": "https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi"
1848 "https-everywhere@eff.org": {
1849 "installation_mode": "allowed"
1852 "ExtensionUpdate": true,
1855 "http://example.org/"
1858 "http://example.edu/"
1865 "application/msword": {
1866 "action": "useSystemDefault",
1872 "action": "useHelperApp",
1877 "uriTemplate": "https://mail.google.com/mail/?extsrc=mailto&url=%s"
1884 "action": "useHelperApp",
1888 "name": "Adobe Acrobat",
1889 "path": "/usr/bin/acroread"
1903 "HardwareAcceleration": true,
1905 "URL": "http://example.com/",
1908 "http://example.org/",
1909 "http://example.edu/"
1911 "StartPage": "homepage"
1913 "InstallAddonsPermission": {
1915 "http://example.org/",
1916 "http://example.edu/"
1921 "http://example.org/",
1922 "http://example.edu/"
1924 "ManagedBookmarks": [
1926 "toplevel_name": "My managed bookmarks folder"
1929 "url": "example.com",
1933 "name": "Mozilla links",
1936 "url": "https://mozilla.org",
1937 "name": "Mozilla.org"
1940 "url": "https://support.mozilla.org/",
1946 "PrimaryPassword": true,
1947 "NoDefaultBookmarks": true,
1948 "OfferToSaveLogins": true,
1949 "OfferToSaveLoginsDefault": true,
1950 "OverrideFirstRunPage": "http://example.org",
1951 "OverridePostUpdatePage": "http://example.org",
1952 "PasswordManagerEnabled": true,
1955 "EnablePermissions": true
1960 "https://example.org",
1961 "https://example.org:1234"
1964 "https://example.edu"
1966 "BlockNewRequests": true,
1971 "https://example.org"
1974 "https://example.edu"
1976 "BlockNewRequests": true,
1981 "https://example.org"
1984 "https://example.edu"
1986 "BlockNewRequests": true,
1991 "https://example.org"
1994 "https://example.edu"
1996 "BlockNewRequests": true,
2001 "https://example.org"
2004 "https://example.edu"
2006 "Default": "block-audio",
2011 "https://example.org"
2014 "https://example.edu"
2016 "BlockNewRequests": true,
2020 "PictureInPicture": {
2026 "http://example.org/",
2027 "http://example.edu/"
2033 "accessibility.force_disabled": {
2037 "browser.cache.disk.parent_directory": {
2038 "Value": "SOME_NATIVE_PATH",
2041 "browser.tabs.warnOnClose": {
2046 "PromptForDownloadLocation": true,
2048 "Mode": "autoDetect",
2050 "HTTPProxy": "hostname",
2051 "UseHTTPProxyForAllProtocols": true,
2052 "SSLProxy": "hostname",
2053 "FTPProxy": "hostname",
2054 "SOCKSProxy": "hostname",
2056 "Passthrough": "<local>",
2057 "AutoConfigURL": "URL_TO_AUTOCONFIG",
2059 "UseProxyForDNS": true
2061 "SanitizeOnShutdown": true,
2066 "URLTemplate": "https://www.example.org/q={searchTerms}",
2068 "IconURL": "https://www.example.org/favicon.ico",
2070 "Description": "Description",
2071 "PostData": "name=value&q={searchTerms}",
2072 "SuggestURLTemplate": "https://www.example.org/suggestions/q={searchTerms}"
2078 "Default": "Google",
2079 "PreventInstalls": true
2081 "SearchSuggestEnabled": true,
2082 "SecurityDevices": {
2083 "NAME_OF_DEVICE": "PATH_TO_LIBRARY_FOR_DEVICE"
2085 "ShowHomeButton": true,
2086 "SSLVersionMax": "tls1.3",
2087 "SSLVersionMin": "tls1.3",
2089 "Title": "Support Menu",
2090 "URL": "http://example.com/support",
2095 "ExtensionRecommendations": true,
2096 "FeatureRecommendations": true,
2097 "UrlbarInterventions": true,
2098 "SkipOnboarding": true
2105 "http://example.org/*"
2108 "DefaultDownloadDirectory": "${home}/Downloads",
2109 "DownloadDirectory": "${home}/Downloads",
2110 "NetworkPrediction": true,
2112 "RequestedLocales": ["de", "en-US"],
2113 "SearchBar": "unified"
2118 chromium_reg_pol = \
2120 <?xml version="1.0" encoding="utf-8"?>
2121 <PolFile num_entries="418" signature="PReg" version="1">
2122 <Entry type="4" type_name="REG_DWORD">
2123 <Key>Software\Policies\Google\Chrome</Key>
2124 <ValueName>AbusiveExperienceInterventionEnforce</ValueName>
2127 <Entry type="4" type_name="REG_DWORD">
2128 <Key>Software\Policies\Google\Chrome</Key>
2129 <ValueName>AccessibilityImageLabelsEnabled</ValueName>
2132 <Entry type="4" type_name="REG_DWORD">
2133 <Key>Software\Policies\Google\Chrome</Key>
2134 <ValueName>AdditionalDnsQueryTypesEnabled</ValueName>
2137 <Entry type="4" type_name="REG_DWORD">
2138 <Key>Software\Policies\Google\Chrome</Key>
2139 <ValueName>AdsSettingForIntrusiveAdsSites</ValueName>
2142 <Entry type="4" type_name="REG_DWORD">
2143 <Key>Software\Policies\Google\Chrome</Key>
2144 <ValueName>AdvancedProtectionAllowed</ValueName>
2147 <Entry type="4" type_name="REG_DWORD">
2148 <Key>Software\Policies\Google\Chrome</Key>
2149 <ValueName>AllowCrossOriginAuthPrompt</ValueName>
2152 <Entry type="4" type_name="REG_DWORD">
2153 <Key>Software\Policies\Google\Chrome</Key>
2154 <ValueName>AllowDeletingBrowserHistory</ValueName>
2157 <Entry type="4" type_name="REG_DWORD">
2158 <Key>Software\Policies\Google\Chrome</Key>
2159 <ValueName>AllowDinosaurEasterEgg</ValueName>
2162 <Entry type="4" type_name="REG_DWORD">
2163 <Key>Software\Policies\Google\Chrome</Key>
2164 <ValueName>AllowFileSelectionDialogs</ValueName>
2167 <Entry type="4" type_name="REG_DWORD">
2168 <Key>Software\Policies\Google\Chrome</Key>
2169 <ValueName>AllowSyncXHRInPageDismissal</ValueName>
2172 <Entry type="1" type_name="REG_SZ">
2173 <Key>Software\Policies\Google\Chrome</Key>
2174 <ValueName>AllowedDomainsForApps</ValueName>
2175 <Value>managedchrome.com,example.com</Value>
2177 <Entry type="4" type_name="REG_DWORD">
2178 <Key>Software\Policies\Google\Chrome</Key>
2179 <ValueName>AlternateErrorPagesEnabled</ValueName>
2182 <Entry type="1" type_name="REG_SZ">
2183 <Key>Software\Policies\Google\Chrome</Key>
2184 <ValueName>AlternativeBrowserPath</ValueName>
2185 <Value>${ie}</Value>
2187 <Entry type="4" type_name="REG_DWORD">
2188 <Key>Software\Policies\Google\Chrome</Key>
2189 <ValueName>AlwaysOpenPdfExternally</ValueName>
2192 <Entry type="4" type_name="REG_DWORD">
2193 <Key>Software\Policies\Google\Chrome</Key>
2194 <ValueName>AmbientAuthenticationInPrivateModesEnabled</ValueName>
2197 <Entry type="4" type_name="REG_DWORD">
2198 <Key>Software\Policies\Google\Chrome</Key>
2199 <ValueName>AppCacheForceEnabled</ValueName>
2202 <Entry type="1" type_name="REG_SZ">
2203 <Key>Software\Policies\Google\Chrome</Key>
2204 <ValueName>ApplicationLocaleValue</ValueName>
2207 <Entry type="4" type_name="REG_DWORD">
2208 <Key>Software\Policies\Google\Chrome</Key>
2209 <ValueName>AudioCaptureAllowed</ValueName>
2212 <Entry type="4" type_name="REG_DWORD">
2213 <Key>Software\Policies\Google\Chrome</Key>
2214 <ValueName>AudioProcessHighPriorityEnabled</ValueName>
2217 <Entry type="4" type_name="REG_DWORD">
2218 <Key>Software\Policies\Google\Chrome</Key>
2219 <ValueName>AudioSandboxEnabled</ValueName>
2222 <Entry type="1" type_name="REG_SZ">
2223 <Key>Software\Policies\Google\Chrome</Key>
2224 <ValueName>AuthNegotiateDelegateAllowlist</ValueName>
2225 <Value>foobar.example.com</Value>
2227 <Entry type="1" type_name="REG_SZ">
2228 <Key>Software\Policies\Google\Chrome</Key>
2229 <ValueName>AuthSchemes</ValueName>
2230 <Value>basic,digest,ntlm,negotiate</Value>
2232 <Entry type="1" type_name="REG_SZ">
2233 <Key>Software\Policies\Google\Chrome</Key>
2234 <ValueName>AuthServerAllowlist</ValueName>
2235 <Value>*.example.com,example.com</Value>
2237 <Entry type="1" type_name="REG_SZ">
2238 <Key>Software\Policies\Google\Chrome</Key>
2239 <ValueName>AutoLaunchProtocolsFromOrigins</ValueName>
2240 <Value>[{"allowed_origins": ["example.com", "http://www.example.com:8080"], "protocol": "spotify"}, {"allowed_origins": ["https://example.com", "https://.mail.example.com"], "protocol": "teams"}, {"allowed_origins": ["*"], "protocol": "outlook"}]</Value>
2242 <Entry type="4" type_name="REG_DWORD">
2243 <Key>Software\Policies\Google\Chrome</Key>
2244 <ValueName>AutofillAddressEnabled</ValueName>
2247 <Entry type="4" type_name="REG_DWORD">
2248 <Key>Software\Policies\Google\Chrome</Key>
2249 <ValueName>AutofillCreditCardEnabled</ValueName>
2252 <Entry type="4" type_name="REG_DWORD">
2253 <Key>Software\Policies\Google\Chrome</Key>
2254 <ValueName>AutoplayAllowed</ValueName>
2257 <Entry type="4" type_name="REG_DWORD">
2258 <Key>Software\Policies\Google\Chrome</Key>
2259 <ValueName>BackgroundModeEnabled</ValueName>
2262 <Entry type="4" type_name="REG_DWORD">
2263 <Key>Software\Policies\Google\Chrome</Key>
2264 <ValueName>BasicAuthOverHttpEnabled</ValueName>
2267 <Entry type="4" type_name="REG_DWORD">
2268 <Key>Software\Policies\Google\Chrome</Key>
2269 <ValueName>BlockExternalExtensions</ValueName>
2272 <Entry type="4" type_name="REG_DWORD">
2273 <Key>Software\Policies\Google\Chrome</Key>
2274 <ValueName>BlockThirdPartyCookies</ValueName>
2277 <Entry type="4" type_name="REG_DWORD">
2278 <Key>Software\Policies\Google\Chrome</Key>
2279 <ValueName>BookmarkBarEnabled</ValueName>
2282 <Entry type="4" type_name="REG_DWORD">
2283 <Key>Software\Policies\Google\Chrome</Key>
2284 <ValueName>BrowserAddPersonEnabled</ValueName>
2287 <Entry type="4" type_name="REG_DWORD">
2288 <Key>Software\Policies\Google\Chrome</Key>
2289 <ValueName>BrowserGuestModeEnabled</ValueName>
2292 <Entry type="4" type_name="REG_DWORD">
2293 <Key>Software\Policies\Google\Chrome</Key>
2294 <ValueName>BrowserGuestModeEnforced</ValueName>
2297 <Entry type="4" type_name="REG_DWORD">
2298 <Key>Software\Policies\Google\Chrome</Key>
2299 <ValueName>BrowserLabsEnabled</ValueName>
2302 <Entry type="4" type_name="REG_DWORD">
2303 <Key>Software\Policies\Google\Chrome</Key>
2304 <ValueName>BrowserNetworkTimeQueriesEnabled</ValueName>
2307 <Entry type="4" type_name="REG_DWORD">
2308 <Key>Software\Policies\Google\Chrome</Key>
2309 <ValueName>BrowserSignin</ValueName>
2312 <Entry type="1" type_name="REG_SZ">
2313 <Key>Software\Policies\Google\Chrome</Key>
2314 <ValueName>BrowserSwitcherChromePath</ValueName>
2315 <Value>${chrome}</Value>
2317 <Entry type="4" type_name="REG_DWORD">
2318 <Key>Software\Policies\Google\Chrome</Key>
2319 <ValueName>BrowserSwitcherDelay</ValueName>
2320 <Value>10000</Value>
2322 <Entry type="4" type_name="REG_DWORD">
2323 <Key>Software\Policies\Google\Chrome</Key>
2324 <ValueName>BrowserSwitcherEnabled</ValueName>
2327 <Entry type="1" type_name="REG_SZ">
2328 <Key>Software\Policies\Google\Chrome</Key>
2329 <ValueName>BrowserSwitcherExternalGreylistUrl</ValueName>
2330 <Value>http://example.com/greylist.xml</Value>
2332 <Entry type="1" type_name="REG_SZ">
2333 <Key>Software\Policies\Google\Chrome</Key>
2334 <ValueName>BrowserSwitcherExternalSitelistUrl</ValueName>
2335 <Value>http://example.com/sitelist.xml</Value>
2337 <Entry type="4" type_name="REG_DWORD">
2338 <Key>Software\Policies\Google\Chrome</Key>
2339 <ValueName>BrowserSwitcherKeepLastChromeTab</ValueName>
2342 <Entry type="4" type_name="REG_DWORD">
2343 <Key>Software\Policies\Google\Chrome</Key>
2344 <ValueName>BrowserSwitcherUseIeSitelist</ValueName>
2347 <Entry type="1" type_name="REG_SZ">
2348 <Key>Software\Policies\Google\Chrome</Key>
2349 <ValueName>BrowserThemeColor</ValueName>
2350 <Value>#FFFFFF</Value>
2352 <Entry type="1" type_name="REG_SZ">
2353 <Key>Software\Policies\Google\Chrome</Key>
2354 <ValueName>BrowsingDataLifetime</ValueName>
2355 <Value>[{"data_types": ["browsing_history"], "time_to_live_in_hours": 24}, {"data_types": ["password_signin", "autofill"], "time_to_live_in_hours": 12}]</Value>
2357 <Entry type="4" type_name="REG_DWORD">
2358 <Key>Software\Policies\Google\Chrome</Key>
2359 <ValueName>BuiltInDnsClientEnabled</ValueName>
2362 <Entry type="4" type_name="REG_DWORD">
2363 <Key>Software\Policies\Google\Chrome</Key>
2364 <ValueName>CECPQ2Enabled</ValueName>
2367 <Entry type="4" type_name="REG_DWORD">
2368 <Key>Software\Policies\Google\Chrome</Key>
2369 <ValueName>ChromeCleanupEnabled</ValueName>
2372 <Entry type="4" type_name="REG_DWORD">
2373 <Key>Software\Policies\Google\Chrome</Key>
2374 <ValueName>ChromeCleanupReportingEnabled</ValueName>
2377 <Entry type="4" type_name="REG_DWORD">
2378 <Key>Software\Policies\Google\Chrome</Key>
2379 <ValueName>ChromeVariations</ValueName>
2382 <Entry type="4" type_name="REG_DWORD">
2383 <Key>Software\Policies\Google\Chrome</Key>
2384 <ValueName>ClickToCallEnabled</ValueName>
2387 <Entry type="4" type_name="REG_DWORD">
2388 <Key>Software\Policies\Google\Chrome</Key>
2389 <ValueName>CloudManagementEnrollmentMandatory</ValueName>
2392 <Entry type="1" type_name="REG_SZ">
2393 <Key>Software\Policies\Google\Chrome</Key>
2394 <ValueName>CloudManagementEnrollmentToken</ValueName>
2395 <Value>37185d02-e055-11e7-80c1-9a214cf093ae</Value>
2397 <Entry type="4" type_name="REG_DWORD">
2398 <Key>Software\Policies\Google\Chrome</Key>
2399 <ValueName>CloudPolicyOverridesPlatformPolicy</ValueName>
2402 <Entry type="4" type_name="REG_DWORD">
2403 <Key>Software\Policies\Google\Chrome</Key>
2404 <ValueName>CloudPrintProxyEnabled</ValueName>
2407 <Entry type="4" type_name="REG_DWORD">
2408 <Key>Software\Policies\Google\Chrome</Key>
2409 <ValueName>CloudPrintSubmitEnabled</ValueName>
2412 <Entry type="4" type_name="REG_DWORD">
2413 <Key>Software\Policies\Google\Chrome</Key>
2414 <ValueName>CloudUserPolicyMerge</ValueName>
2417 <Entry type="4" type_name="REG_DWORD">
2418 <Key>Software\Policies\Google\Chrome</Key>
2419 <ValueName>CommandLineFlagSecurityWarningsEnabled</ValueName>
2422 <Entry type="4" type_name="REG_DWORD">
2423 <Key>Software\Policies\Google\Chrome</Key>
2424 <ValueName>ComponentUpdatesEnabled</ValueName>
2427 <Entry type="4" type_name="REG_DWORD">
2428 <Key>Software\Policies\Google\Chrome</Key>
2429 <ValueName>DNSInterceptionChecksEnabled</ValueName>
2432 <Entry type="4" type_name="REG_DWORD">
2433 <Key>Software\Policies\Google\Chrome</Key>
2434 <ValueName>DefaultBrowserSettingEnabled</ValueName>
2437 <Entry type="4" type_name="REG_DWORD">
2438 <Key>Software\Policies\Google\Chrome</Key>
2439 <ValueName>DefaultCookiesSetting</ValueName>
2442 <Entry type="4" type_name="REG_DWORD">
2443 <Key>Software\Policies\Google\Chrome</Key>
2444 <ValueName>DefaultFileHandlingGuardSetting</ValueName>
2447 <Entry type="4" type_name="REG_DWORD">
2448 <Key>Software\Policies\Google\Chrome</Key>
2449 <ValueName>DefaultFileSystemReadGuardSetting</ValueName>
2452 <Entry type="4" type_name="REG_DWORD">
2453 <Key>Software\Policies\Google\Chrome</Key>
2454 <ValueName>DefaultFileSystemWriteGuardSetting</ValueName>
2457 <Entry type="4" type_name="REG_DWORD">
2458 <Key>Software\Policies\Google\Chrome</Key>
2459 <ValueName>DefaultGeolocationSetting</ValueName>
2462 <Entry type="4" type_name="REG_DWORD">
2463 <Key>Software\Policies\Google\Chrome</Key>
2464 <ValueName>DefaultImagesSetting</ValueName>
2467 <Entry type="4" type_name="REG_DWORD">
2468 <Key>Software\Policies\Google\Chrome</Key>
2469 <ValueName>DefaultInsecureContentSetting</ValueName>
2472 <Entry type="4" type_name="REG_DWORD">
2473 <Key>Software\Policies\Google\Chrome</Key>
2474 <ValueName>DefaultJavaScriptSetting</ValueName>
2477 <Entry type="4" type_name="REG_DWORD">
2478 <Key>Software\Policies\Google\Chrome</Key>
2479 <ValueName>DefaultNotificationsSetting</ValueName>
2482 <Entry type="4" type_name="REG_DWORD">
2483 <Key>Software\Policies\Google\Chrome</Key>
2484 <ValueName>DefaultPopupsSetting</ValueName>
2487 <Entry type="1" type_name="REG_SZ">
2488 <Key>Software\Policies\Google\Chrome</Key>
2489 <ValueName>DefaultPrinterSelection</ValueName>
2490 <Value>{ "kind": "cloud", "idPattern": ".*public", "namePattern": ".*Color" }</Value>
2492 <Entry type="4" type_name="REG_DWORD">
2493 <Key>Software\Policies\Google\Chrome</Key>
2494 <ValueName>DefaultSearchProviderContextMenuAccessAllowed</ValueName>
2497 <Entry type="4" type_name="REG_DWORD">
2498 <Key>Software\Policies\Google\Chrome</Key>
2499 <ValueName>DefaultSearchProviderEnabled</ValueName>
2502 <Entry type="1" type_name="REG_SZ">
2503 <Key>Software\Policies\Google\Chrome</Key>
2504 <ValueName>DefaultSearchProviderIconURL</ValueName>
2505 <Value>https://search.my.company/favicon.ico</Value>
2507 <Entry type="1" type_name="REG_SZ">
2508 <Key>Software\Policies\Google\Chrome</Key>
2509 <ValueName>DefaultSearchProviderImageURL</ValueName>
2510 <Value>https://search.my.company/searchbyimage/upload</Value>
2512 <Entry type="1" type_name="REG_SZ">
2513 <Key>Software\Policies\Google\Chrome</Key>
2514 <ValueName>DefaultSearchProviderImageURLPostParams</ValueName>
2515 <Value>content={imageThumbnail},url={imageURL},sbisrc={SearchSource}</Value>
2517 <Entry type="1" type_name="REG_SZ">
2518 <Key>Software\Policies\Google\Chrome</Key>
2519 <ValueName>DefaultSearchProviderKeyword</ValueName>
2522 <Entry type="1" type_name="REG_SZ">
2523 <Key>Software\Policies\Google\Chrome</Key>
2524 <ValueName>DefaultSearchProviderName</ValueName>
2525 <Value>My Intranet Search</Value>
2527 <Entry type="1" type_name="REG_SZ">
2528 <Key>Software\Policies\Google\Chrome</Key>
2529 <ValueName>DefaultSearchProviderNewTabURL</ValueName>
2530 <Value>https://search.my.company/newtab</Value>
2532 <Entry type="1" type_name="REG_SZ">
2533 <Key>Software\Policies\Google\Chrome</Key>
2534 <ValueName>DefaultSearchProviderSearchURL</ValueName>
2535 <Value>https://search.my.company/search?q={searchTerms}</Value>
2537 <Entry type="1" type_name="REG_SZ">
2538 <Key>Software\Policies\Google\Chrome</Key>
2539 <ValueName>DefaultSearchProviderSearchURLPostParams</ValueName>
2540 <Value>q={searchTerms},ie=utf-8,oe=utf-8</Value>
2542 <Entry type="1" type_name="REG_SZ">
2543 <Key>Software\Policies\Google\Chrome</Key>
2544 <ValueName>DefaultSearchProviderSuggestURL</ValueName>
2545 <Value>https://search.my.company/suggest?q={searchTerms}</Value>
2547 <Entry type="1" type_name="REG_SZ">
2548 <Key>Software\Policies\Google\Chrome</Key>
2549 <ValueName>DefaultSearchProviderSuggestURLPostParams</ValueName>
2550 <Value>q={searchTerms},ie=utf-8,oe=utf-8</Value>
2552 <Entry type="4" type_name="REG_DWORD">
2553 <Key>Software\Policies\Google\Chrome</Key>
2554 <ValueName>DefaultSensorsSetting</ValueName>
2557 <Entry type="4" type_name="REG_DWORD">
2558 <Key>Software\Policies\Google\Chrome</Key>
2559 <ValueName>DefaultSerialGuardSetting</ValueName>
2562 <Entry type="4" type_name="REG_DWORD">
2563 <Key>Software\Policies\Google\Chrome</Key>
2564 <ValueName>DefaultWebBluetoothGuardSetting</ValueName>
2567 <Entry type="4" type_name="REG_DWORD">
2568 <Key>Software\Policies\Google\Chrome</Key>
2569 <ValueName>DefaultWebUsbGuardSetting</ValueName>
2572 <Entry type="4" type_name="REG_DWORD">
2573 <Key>Software\Policies\Google\Chrome</Key>
2574 <ValueName>DeveloperToolsAvailability</ValueName>
2577 <Entry type="4" type_name="REG_DWORD">
2578 <Key>Software\Policies\Google\Chrome</Key>
2579 <ValueName>Disable3DAPIs</ValueName>
2582 <Entry type="4" type_name="REG_DWORD">
2583 <Key>Software\Policies\Google\Chrome</Key>
2584 <ValueName>DisableAuthNegotiateCnameLookup</ValueName>
2587 <Entry type="4" type_name="REG_DWORD">
2588 <Key>Software\Policies\Google\Chrome</Key>
2589 <ValueName>DisablePrintPreview</ValueName>
2592 <Entry type="4" type_name="REG_DWORD">
2593 <Key>Software\Policies\Google\Chrome</Key>
2594 <ValueName>DisableSafeBrowsingProceedAnyway</ValueName>
2597 <Entry type="4" type_name="REG_DWORD">
2598 <Key>Software\Policies\Google\Chrome</Key>
2599 <ValueName>DisableScreenshots</ValueName>
2602 <Entry type="1" type_name="REG_SZ">
2603 <Key>Software\Policies\Google\Chrome</Key>
2604 <ValueName>DiskCacheDir</ValueName>
2605 <Value>${user_home}/Chrome_cache</Value>
2607 <Entry type="4" type_name="REG_DWORD">
2608 <Key>Software\Policies\Google\Chrome</Key>
2609 <ValueName>DiskCacheSize</ValueName>
2610 <Value>104857600</Value>
2612 <Entry type="1" type_name="REG_SZ">
2613 <Key>Software\Policies\Google\Chrome</Key>
2614 <ValueName>DnsOverHttpsMode</ValueName>
2617 <Entry type="1" type_name="REG_SZ">
2618 <Key>Software\Policies\Google\Chrome</Key>
2619 <ValueName>DnsOverHttpsTemplates</ValueName>
2620 <Value>https://dns.example.net/dns-query{?dns}</Value>
2622 <Entry type="1" type_name="REG_SZ">
2623 <Key>Software\Policies\Google\Chrome</Key>
2624 <ValueName>DownloadDirectory</ValueName>
2625 <Value>/home/${user_name}/Downloads</Value>
2627 <Entry type="4" type_name="REG_DWORD">
2628 <Key>Software\Policies\Google\Chrome</Key>
2629 <ValueName>DownloadRestrictions</ValueName>
2632 <Entry type="4" type_name="REG_DWORD">
2633 <Key>Software\Policies\Google\Chrome</Key>
2634 <ValueName>EditBookmarksEnabled</ValueName>
2637 <Entry type="4" type_name="REG_DWORD">
2638 <Key>Software\Policies\Google\Chrome</Key>
2639 <ValueName>EnableAuthNegotiatePort</ValueName>
2642 <Entry type="4" type_name="REG_DWORD">
2643 <Key>Software\Policies\Google\Chrome</Key>
2644 <ValueName>EnableDeprecatedPrivetPrinting</ValueName>
2647 <Entry type="4" type_name="REG_DWORD">
2648 <Key>Software\Policies\Google\Chrome</Key>
2649 <ValueName>EnableMediaRouter</ValueName>
2652 <Entry type="4" type_name="REG_DWORD">
2653 <Key>Software\Policies\Google\Chrome</Key>
2654 <ValueName>EnableOnlineRevocationChecks</ValueName>
2657 <Entry type="4" type_name="REG_DWORD">
2658 <Key>Software\Policies\Google\Chrome</Key>
2659 <ValueName>EnterpriseHardwarePlatformAPIEnabled</ValueName>
2662 <Entry type="1" type_name="REG_SZ">
2663 <Key>Software\Policies\Google\Chrome</Key>
2664 <ValueName>ExtensionSettings</ValueName>
2665 <Value>{"*": {"allowed_types": ["hosted_app"], "blocked_install_message": "Custom error message.", "blocked_permissions": ["downloads", "bookmarks"], "install_sources": ["https://company-intranet/chromeapps"], "installation_mode": "blocked", "runtime_allowed_hosts": ["*://good.example.com"], "runtime_blocked_hosts": ["*://*.example.com"]}, "abcdefghijklmnopabcdefghijklmnop": {"blocked_permissions": ["history"], "installation_mode": "allowed", "minimum_version_required": "1.0.1", "toolbar_pin": "force_pinned"}, "bcdefghijklmnopabcdefghijklmnopa": {"allowed_permissions": ["downloads"], "installation_mode": "force_installed", "runtime_allowed_hosts": ["*://good.example.com"], "runtime_blocked_hosts": ["*://*.example.com"], "update_url": "https://example.com/update_url"}, "cdefghijklmnopabcdefghijklmnopab": {"blocked_install_message": "Custom error message.", "installation_mode": "blocked"}, "defghijklmnopabcdefghijklmnopabc,efghijklmnopabcdefghijklmnopabcd": {"blocked_install_message": "Custom error message.", "installation_mode": "blocked"}, "fghijklmnopabcdefghijklmnopabcde": {"blocked_install_message": "Custom removal message.", "installation_mode": "removed"}, "ghijklmnopabcdefghijklmnopabcdef": {"installation_mode": "force_installed", "override_update_url": true, "update_url": "https://example.com/update_url"}, "update_url:https://www.example.com/update.xml": {"allowed_permissions": ["downloads"], "blocked_permissions": ["wallpaper"], "installation_mode": "allowed"}}</Value>
2667 <Entry type="4" type_name="REG_DWORD">
2668 <Key>Software\Policies\Google\Chrome</Key>
2669 <ValueName>ExternalProtocolDialogShowAlwaysOpenCheckbox</ValueName>
2672 <Entry type="4" type_name="REG_DWORD">
2673 <Key>Software\Policies\Google\Chrome</Key>
2674 <ValueName>FetchKeepaliveDurationSecondsOnShutdown</ValueName>
2677 <Entry type="4" type_name="REG_DWORD">
2678 <Key>Software\Policies\Google\Chrome</Key>
2679 <ValueName>ForceEphemeralProfiles</ValueName>
2682 <Entry type="4" type_name="REG_DWORD">
2683 <Key>Software\Policies\Google\Chrome</Key>
2684 <ValueName>ForceGoogleSafeSearch</ValueName>
2687 <Entry type="4" type_name="REG_DWORD">
2688 <Key>Software\Policies\Google\Chrome</Key>
2689 <ValueName>ForceYouTubeRestrict</ValueName>
2692 <Entry type="4" type_name="REG_DWORD">
2693 <Key>Software\Policies\Google\Chrome</Key>
2694 <ValueName>FullscreenAllowed</ValueName>
2697 <Entry type="4" type_name="REG_DWORD">
2698 <Key>Software\Policies\Google\Chrome</Key>
2699 <ValueName>GloballyScopeHTTPAuthCacheEnabled</ValueName>
2702 <Entry type="4" type_name="REG_DWORD">
2703 <Key>Software\Policies\Google\Chrome</Key>
2704 <ValueName>HardwareAccelerationModeEnabled</ValueName>
2707 <Entry type="4" type_name="REG_DWORD">
2708 <Key>Software\Policies\Google\Chrome</Key>
2709 <ValueName>HeadlessMode</ValueName>
2712 <Entry type="4" type_name="REG_DWORD">
2713 <Key>Software\Policies\Google\Chrome</Key>
2714 <ValueName>HideWebStoreIcon</ValueName>
2717 <Entry type="4" type_name="REG_DWORD">
2718 <Key>Software\Policies\Google\Chrome</Key>
2719 <ValueName>HomepageIsNewTabPage</ValueName>
2722 <Entry type="1" type_name="REG_SZ">
2723 <Key>Software\Policies\Google\Chrome</Key>
2724 <ValueName>HomepageLocation</ValueName>
2725 <Value>https://www.chromium.org</Value>
2727 <Entry type="4" type_name="REG_DWORD">
2728 <Key>Software\Policies\Google\Chrome</Key>
2729 <ValueName>ImportAutofillFormData</ValueName>
2732 <Entry type="4" type_name="REG_DWORD">
2733 <Key>Software\Policies\Google\Chrome</Key>
2734 <ValueName>ImportBookmarks</ValueName>
2737 <Entry type="4" type_name="REG_DWORD">
2738 <Key>Software\Policies\Google\Chrome</Key>
2739 <ValueName>ImportHistory</ValueName>
2742 <Entry type="4" type_name="REG_DWORD">
2743 <Key>Software\Policies\Google\Chrome</Key>
2744 <ValueName>ImportHomepage</ValueName>
2747 <Entry type="4" type_name="REG_DWORD">
2748 <Key>Software\Policies\Google\Chrome</Key>
2749 <ValueName>ImportSavedPasswords</ValueName>
2752 <Entry type="4" type_name="REG_DWORD">
2753 <Key>Software\Policies\Google\Chrome</Key>
2754 <ValueName>ImportSearchEngine</ValueName>
2757 <Entry type="4" type_name="REG_DWORD">
2758 <Key>Software\Policies\Google\Chrome</Key>
2759 <ValueName>IncognitoModeAvailability</ValueName>
2762 <Entry type="4" type_name="REG_DWORD">
2763 <Key>Software\Policies\Google\Chrome</Key>
2764 <ValueName>InsecureFormsWarningsEnabled</ValueName>
2767 <Entry type="4" type_name="REG_DWORD">
2768 <Key>Software\Policies\Google\Chrome</Key>
2769 <ValueName>InsecurePrivateNetworkRequestsAllowed</ValueName>
2772 <Entry type="4" type_name="REG_DWORD">
2773 <Key>Software\Policies\Google\Chrome</Key>
2774 <ValueName>IntensiveWakeUpThrottlingEnabled</ValueName>
2777 <Entry type="4" type_name="REG_DWORD">
2778 <Key>Software\Policies\Google\Chrome</Key>
2779 <ValueName>IntranetRedirectBehavior</ValueName>
2782 <Entry type="1" type_name="REG_SZ">
2783 <Key>Software\Policies\Google\Chrome</Key>
2784 <ValueName>IsolateOrigins</ValueName>
2785 <Value>https://example.com/,https://othersite.org/</Value>
2787 <Entry type="1" type_name="REG_SZ">
2788 <Key>Software\Policies\Google\Chrome</Key>
2789 <ValueName>ManagedBookmarks</ValueName>
2790 <Value>[{"toplevel_name": "My managed bookmarks folder"}, {"name": "Google", "url": "google.com"}, {"name": "Youtube", "url": "youtube.com"}, {"children": [{"name": "Chromium", "url": "chromium.org"}, {"name": "Chromium Developers", "url": "dev.chromium.org"}], "name": "Chrome links"}]</Value>
2792 <Entry type="1" type_name="REG_SZ">
2793 <Key>Software\Policies\Google\Chrome</Key>
2794 <ValueName>ManagedConfigurationPerOrigin</ValueName>
2795 <Value>[{"managed_configuration_hash": "asd891jedasd12ue9h", "managed_configuration_url": "https://gstatic.google.com/configuration.json", "origin": "https://www.google.com"}, {"managed_configuration_hash": "djio12easd89u12aws", "managed_configuration_url": "https://gstatic.google.com/configuration2.json", "origin": "https://www.example.com"}]</Value>
2797 <Entry type="4" type_name="REG_DWORD">
2798 <Key>Software\Policies\Google\Chrome</Key>
2799 <ValueName>MaxConnectionsPerProxy</ValueName>
2802 <Entry type="4" type_name="REG_DWORD">
2803 <Key>Software\Policies\Google\Chrome</Key>
2804 <ValueName>MaxInvalidationFetchDelay</ValueName>
2805 <Value>10000</Value>
2807 <Entry type="4" type_name="REG_DWORD">
2808 <Key>Software\Policies\Google\Chrome</Key>
2809 <ValueName>MediaRecommendationsEnabled</ValueName>
2812 <Entry type="4" type_name="REG_DWORD">
2813 <Key>Software\Policies\Google\Chrome</Key>
2814 <ValueName>MediaRouterCastAllowAllIPs</ValueName>
2817 <Entry type="4" type_name="REG_DWORD">
2818 <Key>Software\Policies\Google\Chrome</Key>
2819 <ValueName>MetricsReportingEnabled</ValueName>
2822 <Entry type="4" type_name="REG_DWORD">
2823 <Key>Software\Policies\Google\Chrome</Key>
2824 <ValueName>NTPCardsVisible</ValueName>
2827 <Entry type="4" type_name="REG_DWORD">
2828 <Key>Software\Policies\Google\Chrome</Key>
2829 <ValueName>NTPCustomBackgroundEnabled</ValueName>
2832 <Entry type="4" type_name="REG_DWORD">
2833 <Key>Software\Policies\Google\Chrome</Key>
2834 <ValueName>NativeMessagingUserLevelHosts</ValueName>
2837 <Entry type="4" type_name="REG_DWORD">
2838 <Key>Software\Policies\Google\Chrome</Key>
2839 <ValueName>NetworkPredictionOptions</ValueName>
2842 <Entry type="1" type_name="REG_SZ">
2843 <Key>Software\Policies\Google\Chrome</Key>
2844 <ValueName>NewTabPageLocation</ValueName>
2845 <Value>https://www.chromium.org</Value>
2847 <Entry type="4" type_name="REG_DWORD">
2848 <Key>Software\Policies\Google\Chrome</Key>
2849 <ValueName>PasswordLeakDetectionEnabled</ValueName>
2852 <Entry type="4" type_name="REG_DWORD">
2853 <Key>Software\Policies\Google\Chrome</Key>
2854 <ValueName>PasswordManagerEnabled</ValueName>
2857 <Entry type="1" type_name="REG_SZ">
2858 <Key>Software\Policies\Google\Chrome</Key>
2859 <ValueName>PasswordProtectionChangePasswordURL</ValueName>
2860 <Value>https://mydomain.com/change_password.html</Value>
2862 <Entry type="4" type_name="REG_DWORD">
2863 <Key>Software\Policies\Google\Chrome</Key>
2864 <ValueName>PasswordProtectionWarningTrigger</ValueName>
2867 <Entry type="4" type_name="REG_DWORD">
2868 <Key>Software\Policies\Google\Chrome</Key>
2869 <ValueName>PaymentMethodQueryEnabled</ValueName>
2872 <Entry type="4" type_name="REG_DWORD">
2873 <Key>Software\Policies\Google\Chrome</Key>
2874 <ValueName>PolicyAtomicGroupsEnabled</ValueName>
2877 <Entry type="4" type_name="REG_DWORD">
2878 <Key>Software\Policies\Google\Chrome</Key>
2879 <ValueName>PolicyRefreshRate</ValueName>
2880 <Value>3600000</Value>
2882 <Entry type="4" type_name="REG_DWORD">
2883 <Key>Software\Policies\Google\Chrome</Key>
2884 <ValueName>PrintHeaderFooter</ValueName>
2887 <Entry type="4" type_name="REG_DWORD">
2888 <Key>Software\Policies\Google\Chrome</Key>
2889 <ValueName>PrintPreviewUseSystemDefaultPrinter</ValueName>
2892 <Entry type="4" type_name="REG_DWORD">
2893 <Key>Software\Policies\Google\Chrome</Key>
2894 <ValueName>PrintRasterizationMode</ValueName>
2897 <Entry type="1" type_name="REG_SZ">
2898 <Key>Software\Policies\Google\Chrome</Key>
2899 <ValueName>PrintingAllowedBackgroundGraphicsModes</ValueName>
2900 <Value>enabled</Value>
2902 <Entry type="1" type_name="REG_SZ">
2903 <Key>Software\Policies\Google\Chrome</Key>
2904 <ValueName>PrintingBackgroundGraphicsDefault</ValueName>
2905 <Value>enabled</Value>
2907 <Entry type="4" type_name="REG_DWORD">
2908 <Key>Software\Policies\Google\Chrome</Key>
2909 <ValueName>PrintingEnabled</ValueName>
2912 <Entry type="1" type_name="REG_SZ">
2913 <Key>Software\Policies\Google\Chrome</Key>
2914 <ValueName>PrintingPaperSizeDefault</ValueName>
2915 <Value>{"custom_size": {"height": 297000, "width": 210000}, "name": "custom"}</Value>
2917 <Entry type="4" type_name="REG_DWORD">
2918 <Key>Software\Policies\Google\Chrome</Key>
2919 <ValueName>ProfilePickerOnStartupAvailability</ValueName>
2922 <Entry type="4" type_name="REG_DWORD">
2923 <Key>Software\Policies\Google\Chrome</Key>
2924 <ValueName>PromotionalTabsEnabled</ValueName>
2927 <Entry type="4" type_name="REG_DWORD">
2928 <Key>Software\Policies\Google\Chrome</Key>
2929 <ValueName>PromptForDownloadLocation</ValueName>
2932 <Entry type="1" type_name="REG_SZ">
2933 <Key>Software\Policies\Google\Chrome</Key>
2934 <ValueName>ProxySettings</ValueName>
2935 <Value>{"ProxyBypassList": "https://www.example1.com,https://www.example2.com,https://internalsite/", "ProxyMode": "direct", "ProxyPacUrl": "https://internal.site/example.pac", "ProxyServer": "123.123.123.123:8080", "ProxyServerMode": 2}</Value>
2937 <Entry type="4" type_name="REG_DWORD">
2938 <Key>Software\Policies\Google\Chrome</Key>
2939 <ValueName>QuicAllowed</ValueName>
2942 <Entry type="4" type_name="REG_DWORD">
2943 <Key>Software\Policies\Google\Chrome</Key>
2944 <ValueName>RelaunchNotification</ValueName>
2947 <Entry type="4" type_name="REG_DWORD">
2948 <Key>Software\Policies\Google\Chrome</Key>
2949 <ValueName>RelaunchNotificationPeriod</ValueName>
2950 <Value>604800000</Value>
2952 <Entry type="4" type_name="REG_DWORD">
2953 <Key>Software\Policies\Google\Chrome</Key>
2954 <ValueName>RemoteAccessHostAllowClientPairing</ValueName>
2957 <Entry type="4" type_name="REG_DWORD">
2958 <Key>Software\Policies\Google\Chrome</Key>
2959 <ValueName>RemoteAccessHostAllowFileTransfer</ValueName>
2962 <Entry type="4" type_name="REG_DWORD">
2963 <Key>Software\Policies\Google\Chrome</Key>
2964 <ValueName>RemoteAccessHostAllowRelayedConnection</ValueName>
2967 <Entry type="4" type_name="REG_DWORD">
2968 <Key>Software\Policies\Google\Chrome</Key>
2969 <ValueName>RemoteAccessHostAllowRemoteAccessConnections</ValueName>
2972 <Entry type="4" type_name="REG_DWORD">
2973 <Key>Software\Policies\Google\Chrome</Key>
2974 <ValueName>RemoteAccessHostAllowUiAccessForRemoteAssistance</ValueName>
2977 <Entry type="4" type_name="REG_DWORD">
2978 <Key>Software\Policies\Google\Chrome</Key>
2979 <ValueName>RemoteAccessHostFirewallTraversal</ValueName>
2982 <Entry type="4" type_name="REG_DWORD">
2983 <Key>Software\Policies\Google\Chrome</Key>
2984 <ValueName>RemoteAccessHostMaximumSessionDurationMinutes</ValueName>
2987 <Entry type="4" type_name="REG_DWORD">
2988 <Key>Software\Policies\Google\Chrome</Key>
2989 <ValueName>RemoteAccessHostRequireCurtain</ValueName>
2992 <Entry type="1" type_name="REG_SZ">
2993 <Key>Software\Policies\Google\Chrome</Key>
2994 <ValueName>RemoteAccessHostUdpPortRange</ValueName>
2995 <Value>12400-12409</Value>
2997 <Entry type="4" type_name="REG_DWORD">
2998 <Key>Software\Policies\Google\Chrome</Key>
2999 <ValueName>RendererCodeIntegrityEnabled</ValueName>
3002 <Entry type="4" type_name="REG_DWORD">
3003 <Key>Software\Policies\Google\Chrome</Key>
3004 <ValueName>RequireOnlineRevocationChecksForLocalAnchors</ValueName>
3007 <Entry type="4" type_name="REG_DWORD">
3008 <Key>Software\Policies\Google\Chrome</Key>
3009 <ValueName>RestoreOnStartup</ValueName>
3012 <Entry type="1" type_name="REG_SZ">
3013 <Key>Software\Policies\Google\Chrome</Key>
3014 <ValueName>RestrictSigninToPattern</ValueName>
3015 <Value>.*@example\.com</Value>
3017 <Entry type="1" type_name="REG_SZ">
3018 <Key>Software\Policies\Google\Chrome</Key>
3019 <ValueName>RoamingProfileLocation</ValueName>
3020 <Value>${roaming_app_data}\chrome-profile</Value>
3022 <Entry type="4" type_name="REG_DWORD">
3023 <Key>Software\Policies\Google\Chrome</Key>
3024 <ValueName>RoamingProfileSupportEnabled</ValueName>
3027 <Entry type="4" type_name="REG_DWORD">
3028 <Key>Software\Policies\Google\Chrome</Key>
3029 <ValueName>SSLErrorOverrideAllowed</ValueName>
3032 <Entry type="1" type_name="REG_SZ">
3033 <Key>Software\Policies\Google\Chrome</Key>
3034 <ValueName>SSLVersionMin</ValueName>
3037 <Entry type="4" type_name="REG_DWORD">
3038 <Key>Software\Policies\Google\Chrome</Key>
3039 <ValueName>SafeBrowsingExtendedReportingEnabled</ValueName>
3042 <Entry type="4" type_name="REG_DWORD">
3043 <Key>Software\Policies\Google\Chrome</Key>
3044 <ValueName>SafeBrowsingForTrustedSourcesEnabled</ValueName>
3047 <Entry type="4" type_name="REG_DWORD">
3048 <Key>Software\Policies\Google\Chrome</Key>
3049 <ValueName>SafeBrowsingProtectionLevel</ValueName>
3052 <Entry type="4" type_name="REG_DWORD">
3053 <Key>Software\Policies\Google\Chrome</Key>
3054 <ValueName>SafeSitesFilterBehavior</ValueName>
3057 <Entry type="4" type_name="REG_DWORD">
3058 <Key>Software\Policies\Google\Chrome</Key>
3059 <ValueName>SavingBrowserHistoryDisabled</ValueName>
3062 <Entry type="4" type_name="REG_DWORD">
3063 <Key>Software\Policies\Google\Chrome</Key>
3064 <ValueName>ScreenCaptureAllowed</ValueName>
3067 <Entry type="4" type_name="REG_DWORD">
3068 <Key>Software\Policies\Google\Chrome</Key>
3069 <ValueName>ScrollToTextFragmentEnabled</ValueName>
3072 <Entry type="4" type_name="REG_DWORD">
3073 <Key>Software\Policies\Google\Chrome</Key>
3074 <ValueName>SearchSuggestEnabled</ValueName>
3077 <Entry type="4" type_name="REG_DWORD">
3078 <Key>Software\Policies\Google\Chrome</Key>
3079 <ValueName>SharedArrayBufferUnrestrictedAccessAllowed</ValueName>
3082 <Entry type="4" type_name="REG_DWORD">
3083 <Key>Software\Policies\Google\Chrome</Key>
3084 <ValueName>SharedClipboardEnabled</ValueName>
3087 <Entry type="4" type_name="REG_DWORD">
3088 <Key>Software\Policies\Google\Chrome</Key>
3089 <ValueName>ShowAppsShortcutInBookmarkBar</ValueName>
3092 <Entry type="4" type_name="REG_DWORD">
3093 <Key>Software\Policies\Google\Chrome</Key>
3094 <ValueName>ShowCastIconInToolbar</ValueName>
3097 <Entry type="4" type_name="REG_DWORD">
3098 <Key>Software\Policies\Google\Chrome</Key>
3099 <ValueName>ShowFullUrlsInAddressBar</ValueName>
3102 <Entry type="4" type_name="REG_DWORD">
3103 <Key>Software\Policies\Google\Chrome</Key>
3104 <ValueName>ShowHomeButton</ValueName>
3107 <Entry type="4" type_name="REG_DWORD">
3108 <Key>Software\Policies\Google\Chrome</Key>
3109 <ValueName>SignedHTTPExchangeEnabled</ValueName>
3112 <Entry type="4" type_name="REG_DWORD">
3113 <Key>Software\Policies\Google\Chrome</Key>
3114 <ValueName>SigninInterceptionEnabled</ValueName>
3117 <Entry type="4" type_name="REG_DWORD">
3118 <Key>Software\Policies\Google\Chrome</Key>
3119 <ValueName>SitePerProcess</ValueName>
3122 <Entry type="4" type_name="REG_DWORD">
3123 <Key>Software\Policies\Google\Chrome</Key>
3124 <ValueName>SpellCheckServiceEnabled</ValueName>
3127 <Entry type="4" type_name="REG_DWORD">
3128 <Key>Software\Policies\Google\Chrome</Key>
3129 <ValueName>SpellcheckEnabled</ValueName>
3132 <Entry type="4" type_name="REG_DWORD">
3133 <Key>Software\Policies\Google\Chrome</Key>
3134 <ValueName>SuppressDifferentOriginSubframeDialogs</ValueName>
3137 <Entry type="4" type_name="REG_DWORD">
3138 <Key>Software\Policies\Google\Chrome</Key>
3139 <ValueName>SuppressUnsupportedOSWarning</ValueName>
3142 <Entry type="4" type_name="REG_DWORD">
3143 <Key>Software\Policies\Google\Chrome</Key>
3144 <ValueName>SyncDisabled</ValueName>
3147 <Entry type="4" type_name="REG_DWORD">
3148 <Key>Software\Policies\Google\Chrome</Key>
3149 <ValueName>TargetBlankImpliesNoOpener</ValueName>
3152 <Entry type="4" type_name="REG_DWORD">
3153 <Key>Software\Policies\Google\Chrome</Key>
3154 <ValueName>TaskManagerEndProcessEnabled</ValueName>
3157 <Entry type="4" type_name="REG_DWORD">
3158 <Key>Software\Policies\Google\Chrome</Key>
3159 <ValueName>ThirdPartyBlockingEnabled</ValueName>
3162 <Entry type="4" type_name="REG_DWORD">
3163 <Key>Software\Policies\Google\Chrome</Key>
3164 <ValueName>TotalMemoryLimitMb</ValueName>
3167 <Entry type="4" type_name="REG_DWORD">
3168 <Key>Software\Policies\Google\Chrome</Key>
3169 <ValueName>TranslateEnabled</ValueName>
3172 <Entry type="4" type_name="REG_DWORD">
3173 <Key>Software\Policies\Google\Chrome</Key>
3174 <ValueName>TripleDESEnabled</ValueName>
3177 <Entry type="4" type_name="REG_DWORD">
3178 <Key>Software\Policies\Google\Chrome</Key>
3179 <ValueName>UrlKeyedAnonymizedDataCollectionEnabled</ValueName>
3182 <Entry type="4" type_name="REG_DWORD">
3183 <Key>Software\Policies\Google\Chrome</Key>
3184 <ValueName>UserAgentClientHintsEnabled</ValueName>
3187 <Entry type="1" type_name="REG_SZ">
3188 <Key>Software\Policies\Google\Chrome</Key>
3189 <ValueName>UserDataDir</ValueName>
3190 <Value>${users}/${user_name}/Chrome</Value>
3192 <Entry type="4" type_name="REG_DWORD">
3193 <Key>Software\Policies\Google\Chrome</Key>
3194 <ValueName>UserDataSnapshotRetentionLimit</ValueName>
3197 <Entry type="4" type_name="REG_DWORD">
3198 <Key>Software\Policies\Google\Chrome</Key>
3199 <ValueName>UserFeedbackAllowed</ValueName>
3202 <Entry type="4" type_name="REG_DWORD">
3203 <Key>Software\Policies\Google\Chrome</Key>
3204 <ValueName>VideoCaptureAllowed</ValueName>
3207 <Entry type="4" type_name="REG_DWORD">
3208 <Key>Software\Policies\Google\Chrome</Key>
3209 <ValueName>WPADQuickCheckEnabled</ValueName>
3212 <Entry type="1" type_name="REG_SZ">
3213 <Key>Software\Policies\Google\Chrome</Key>
3214 <ValueName>WebAppInstallForceList</ValueName>
3215 <Value>[{"create_desktop_shortcut": true, "default_launch_container": "window", "url": "https://www.google.com/maps"}, {"default_launch_container": "tab", "url": "https://docs.google.com"}, {"default_launch_container": "window", "fallback_app_name": "Editor", "url": "https://docs.google.com/editor"}]</Value>
3217 <Entry type="4" type_name="REG_DWORD">
3218 <Key>Software\Policies\Google\Chrome</Key>
3219 <ValueName>WebRtcAllowLegacyTLSProtocols</ValueName>
3222 <Entry type="4" type_name="REG_DWORD">
3223 <Key>Software\Policies\Google\Chrome</Key>
3224 <ValueName>WebRtcEventLogCollectionAllowed</ValueName>
3227 <Entry type="1" type_name="REG_SZ">
3228 <Key>Software\Policies\Google\Chrome</Key>
3229 <ValueName>WebRtcIPHandling</ValueName>
3230 <Value>default</Value>
3232 <Entry type="1" type_name="REG_SZ">
3233 <Key>Software\Policies\Google\Chrome</Key>
3234 <ValueName>WebRtcUdpPortRange</ValueName>
3235 <Value>10000-11999</Value>
3237 <Entry type="1" type_name="REG_SZ">
3238 <Key>Software\Policies\Google\Chrome</Key>
3239 <ValueName>WebUsbAllowDevicesForUrls</ValueName>
3240 <Value>[{"devices": [{"product_id": 5678, "vendor_id": 1234}], "urls": ["https://google.com"]}]</Value>
3242 <Entry type="4" type_name="REG_DWORD">
3243 <Key>Software\Policies\Google\Chrome</Key>
3244 <ValueName>WindowOcclusionEnabled</ValueName>
3247 <Entry type="1" type_name="REG_SZ">
3248 <Key>Software\Policies\Google\Chrome\AlternativeBrowserParameters</Key>
3249 <ValueName>1</ValueName>
3250 <Value>-foreground</Value>
3252 <Entry type="1" type_name="REG_SZ">
3253 <Key>Software\Policies\Google\Chrome\AlternativeBrowserParameters</Key>
3254 <ValueName>2</ValueName>
3255 <Value>-new-window</Value>
3257 <Entry type="1" type_name="REG_SZ">
3258 <Key>Software\Policies\Google\Chrome\AlternativeBrowserParameters</Key>
3259 <ValueName>3</ValueName>
3260 <Value>${url}</Value>
3262 <Entry type="1" type_name="REG_SZ">
3263 <Key>Software\Policies\Google\Chrome\AlternativeBrowserParameters</Key>
3264 <ValueName>4</ValueName>
3265 <Value>-profile</Value>
3267 <Entry type="1" type_name="REG_SZ">
3268 <Key>Software\Policies\Google\Chrome\AlternativeBrowserParameters</Key>
3269 <ValueName>5</ValueName>
3270 <Value>%HOME%\browser_profile</Value>
3272 <Entry type="1" type_name="REG_SZ">
3273 <Key>Software\Policies\Google\Chrome\AudioCaptureAllowedUrls</Key>
3274 <ValueName>1</ValueName>
3275 <Value>https://www.example.com/</Value>
3277 <Entry type="1" type_name="REG_SZ">
3278 <Key>Software\Policies\Google\Chrome\AudioCaptureAllowedUrls</Key>
3279 <ValueName>2</ValueName>
3280 <Value>https://[*.]example.edu/</Value>
3282 <Entry type="1" type_name="REG_SZ">
3283 <Key>Software\Policies\Google\Chrome\AutoOpenAllowedForURLs</Key>
3284 <ValueName>1</ValueName>
3285 <Value>example.com</Value>
3287 <Entry type="1" type_name="REG_SZ">
3288 <Key>Software\Policies\Google\Chrome\AutoOpenAllowedForURLs</Key>
3289 <ValueName>2</ValueName>
3290 <Value>https://ssl.server.com</Value>
3292 <Entry type="1" type_name="REG_SZ">
3293 <Key>Software\Policies\Google\Chrome\AutoOpenAllowedForURLs</Key>
3294 <ValueName>3</ValueName>
3295 <Value>hosting.com/good_path</Value>
3297 <Entry type="1" type_name="REG_SZ">
3298 <Key>Software\Policies\Google\Chrome\AutoOpenAllowedForURLs</Key>
3299 <ValueName>4</ValueName>
3300 <Value>https://server:8080/path</Value>
3302 <Entry type="1" type_name="REG_SZ">
3303 <Key>Software\Policies\Google\Chrome\AutoOpenAllowedForURLs</Key>
3304 <ValueName>5</ValueName>
3305 <Value>.exact.hostname.com</Value>
3307 <Entry type="1" type_name="REG_SZ">
3308 <Key>Software\Policies\Google\Chrome\AutoOpenFileTypes</Key>
3309 <ValueName>1</ValueName>
3312 <Entry type="1" type_name="REG_SZ">
3313 <Key>Software\Policies\Google\Chrome\AutoOpenFileTypes</Key>
3314 <ValueName>2</ValueName>
3317 <Entry type="1" type_name="REG_SZ">
3318 <Key>Software\Policies\Google\Chrome\AutoSelectCertificateForUrls</Key>
3319 <ValueName>1</ValueName>
3320 <Value>{"pattern":"https://www.example.com","filter":{"ISSUER":{"CN":"certificate issuer name", "L": "certificate issuer location", "O": "certificate issuer org", "OU": "certificate issuer org unit"}, "SUBJECT":{"CN":"certificate subject name", "L": "certificate subject location", "O": "certificate subject org", "OU": "certificate subject org unit"}}}</Value>
3322 <Entry type="1" type_name="REG_SZ">
3323 <Key>Software\Policies\Google\Chrome\AutoplayAllowlist</Key>
3324 <ValueName>1</ValueName>
3325 <Value>https://www.example.com</Value>
3327 <Entry type="1" type_name="REG_SZ">
3328 <Key>Software\Policies\Google\Chrome\AutoplayAllowlist</Key>
3329 <ValueName>2</ValueName>
3330 <Value>[*.]example.edu</Value>
3332 <Entry type="1" type_name="REG_SZ">
3333 <Key>Software\Policies\Google\Chrome\BrowserSwitcherChromeParameters</Key>
3334 <ValueName>1</ValueName>
3335 <Value>--force-dark-mode</Value>
3337 <Entry type="1" type_name="REG_SZ">
3338 <Key>Software\Policies\Google\Chrome\BrowserSwitcherUrlGreylist</Key>
3339 <ValueName>1</ValueName>
3340 <Value>ie.com</Value>
3342 <Entry type="1" type_name="REG_SZ">
3343 <Key>Software\Policies\Google\Chrome\BrowserSwitcherUrlGreylist</Key>
3344 <ValueName>2</ValueName>
3345 <Value>!open-in-chrome.ie.com</Value>
3347 <Entry type="1" type_name="REG_SZ">
3348 <Key>Software\Policies\Google\Chrome\BrowserSwitcherUrlGreylist</Key>
3349 <ValueName>3</ValueName>
3350 <Value>foobar.com/ie-only/</Value>
3352 <Entry type="1" type_name="REG_SZ">
3353 <Key>Software\Policies\Google\Chrome\BrowserSwitcherUrlList</Key>
3354 <ValueName>1</ValueName>
3355 <Value>ie.com</Value>
3357 <Entry type="1" type_name="REG_SZ">
3358 <Key>Software\Policies\Google\Chrome\BrowserSwitcherUrlList</Key>
3359 <ValueName>2</ValueName>
3360 <Value>!open-in-chrome.ie.com</Value>
3362 <Entry type="1" type_name="REG_SZ">
3363 <Key>Software\Policies\Google\Chrome\BrowserSwitcherUrlList</Key>
3364 <ValueName>3</ValueName>
3365 <Value>foobar.com/ie-only/</Value>
3367 <Entry type="1" type_name="REG_SZ">
3368 <Key>Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForCas</Key>
3369 <ValueName>1</ValueName>
3370 <Value>sha256/AAAAAAAAAAAAAAAAAAAAAA==</Value>
3372 <Entry type="1" type_name="REG_SZ">
3373 <Key>Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForCas</Key>
3374 <ValueName>2</ValueName>
3375 <Value>sha256//////////////////////w==</Value>
3377 <Entry type="1" type_name="REG_SZ">
3378 <Key>Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForLegacyCas</Key>
3379 <ValueName>1</ValueName>
3380 <Value>sha256/AAAAAAAAAAAAAAAAAAAAAA==</Value>
3382 <Entry type="1" type_name="REG_SZ">
3383 <Key>Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForLegacyCas</Key>
3384 <ValueName>2</ValueName>
3385 <Value>sha256//////////////////////w==</Value>
3387 <Entry type="1" type_name="REG_SZ">
3388 <Key>Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls</Key>
3389 <ValueName>1</ValueName>
3390 <Value>example.com</Value>
3392 <Entry type="1" type_name="REG_SZ">
3393 <Key>Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls</Key>
3394 <ValueName>2</ValueName>
3395 <Value>.example.com</Value>
3397 <Entry type="1" type_name="REG_SZ">
3398 <Key>Software\Policies\Google\Chrome\ClearBrowsingDataOnExitList</Key>
3399 <ValueName>1</ValueName>
3400 <Value>browsing_history</Value>
3402 <Entry type="1" type_name="REG_SZ">
3403 <Key>Software\Policies\Google\Chrome\ClearBrowsingDataOnExitList</Key>
3404 <ValueName>2</ValueName>
3405 <Value>download_history</Value>
3407 <Entry type="1" type_name="REG_SZ">
3408 <Key>Software\Policies\Google\Chrome\ClearBrowsingDataOnExitList</Key>
3409 <ValueName>3</ValueName>
3410 <Value>cookies_and_other_site_data</Value>
3412 <Entry type="1" type_name="REG_SZ">
3413 <Key>Software\Policies\Google\Chrome\ClearBrowsingDataOnExitList</Key>
3414 <ValueName>4</ValueName>
3415 <Value>cached_images_and_files</Value>
3417 <Entry type="1" type_name="REG_SZ">
3418 <Key>Software\Policies\Google\Chrome\ClearBrowsingDataOnExitList</Key>
3419 <ValueName>5</ValueName>
3420 <Value>password_signin</Value>
3422 <Entry type="1" type_name="REG_SZ">
3423 <Key>Software\Policies\Google\Chrome\ClearBrowsingDataOnExitList</Key>
3424 <ValueName>6</ValueName>
3425 <Value>autofill</Value>
3427 <Entry type="1" type_name="REG_SZ">
3428 <Key>Software\Policies\Google\Chrome\ClearBrowsingDataOnExitList</Key>
3429 <ValueName>7</ValueName>
3430 <Value>site_settings</Value>
3432 <Entry type="1" type_name="REG_SZ">
3433 <Key>Software\Policies\Google\Chrome\ClearBrowsingDataOnExitList</Key>
3434 <ValueName>8</ValueName>
3435 <Value>hosted_app_data</Value>
3437 <Entry type="1" type_name="REG_SZ">
3438 <Key>Software\Policies\Google\Chrome\CookiesAllowedForUrls</Key>
3439 <ValueName>1</ValueName>
3440 <Value>https://www.example.com</Value>
3442 <Entry type="1" type_name="REG_SZ">
3443 <Key>Software\Policies\Google\Chrome\CookiesAllowedForUrls</Key>
3444 <ValueName>2</ValueName>
3445 <Value>[*.]example.edu</Value>
3447 <Entry type="1" type_name="REG_SZ">
3448 <Key>Software\Policies\Google\Chrome\CookiesBlockedForUrls</Key>
3449 <ValueName>1</ValueName>
3450 <Value>https://www.example.com</Value>
3452 <Entry type="1" type_name="REG_SZ">
3453 <Key>Software\Policies\Google\Chrome\CookiesBlockedForUrls</Key>
3454 <ValueName>2</ValueName>
3455 <Value>[*.]example.edu</Value>
3457 <Entry type="1" type_name="REG_SZ">
3458 <Key>Software\Policies\Google\Chrome\CookiesSessionOnlyForUrls</Key>
3459 <ValueName>1</ValueName>
3460 <Value>https://www.example.com</Value>
3462 <Entry type="1" type_name="REG_SZ">
3463 <Key>Software\Policies\Google\Chrome\CookiesSessionOnlyForUrls</Key>
3464 <ValueName>2</ValueName>
3465 <Value>[*.]example.edu</Value>
3467 <Entry type="1" type_name="REG_SZ">
3468 <Key>Software\Policies\Google\Chrome\DefaultSearchProviderAlternateURLs</Key>
3469 <ValueName>1</ValueName>
3470 <Value>https://search.my.company/suggest#q={searchTerms}</Value>
3472 <Entry type="1" type_name="REG_SZ">
3473 <Key>Software\Policies\Google\Chrome\DefaultSearchProviderAlternateURLs</Key>
3474 <ValueName>2</ValueName>
3475 <Value>https://search.my.company/suggest/search#q={searchTerms}</Value>
3477 <Entry type="1" type_name="REG_SZ">
3478 <Key>Software\Policies\Google\Chrome\DefaultSearchProviderEncodings</Key>
3479 <ValueName>1</ValueName>
3480 <Value>UTF-8</Value>
3482 <Entry type="1" type_name="REG_SZ">
3483 <Key>Software\Policies\Google\Chrome\DefaultSearchProviderEncodings</Key>
3484 <ValueName>2</ValueName>
3485 <Value>UTF-16</Value>
3487 <Entry type="1" type_name="REG_SZ">
3488 <Key>Software\Policies\Google\Chrome\DefaultSearchProviderEncodings</Key>
3489 <ValueName>3</ValueName>
3490 <Value>GB2312</Value>
3492 <Entry type="1" type_name="REG_SZ">
3493 <Key>Software\Policies\Google\Chrome\DefaultSearchProviderEncodings</Key>
3494 <ValueName>4</ValueName>
3495 <Value>ISO-8859-1</Value>
3497 <Entry type="1" type_name="REG_SZ">
3498 <Key>Software\Policies\Google\Chrome\EnableExperimentalPolicies</Key>
3499 <ValueName>1</ValueName>
3500 <Value>ExtensionInstallAllowlist</Value>
3502 <Entry type="1" type_name="REG_SZ">
3503 <Key>Software\Policies\Google\Chrome\EnableExperimentalPolicies</Key>
3504 <ValueName>2</ValueName>
3505 <Value>ExtensionInstallBlocklist</Value>
3507 <Entry type="1" type_name="REG_SZ">
3508 <Key>Software\Policies\Google\Chrome\ExplicitlyAllowedNetworkPorts</Key>
3509 <ValueName>1</ValueName>
3510 <Value>10080</Value>
3512 <Entry type="1" type_name="REG_SZ">
3513 <Key>Software\Policies\Google\Chrome\ExtensionAllowedTypes</Key>
3514 <ValueName>1</ValueName>
3515 <Value>hosted_app</Value>
3517 <Entry type="1" type_name="REG_SZ">
3518 <Key>Software\Policies\Google\Chrome\ExtensionInstallAllowlist</Key>
3519 <ValueName>1</ValueName>
3520 <Value>extension_id1</Value>
3522 <Entry type="1" type_name="REG_SZ">
3523 <Key>Software\Policies\Google\Chrome\ExtensionInstallAllowlist</Key>
3524 <ValueName>2</ValueName>
3525 <Value>extension_id2</Value>
3527 <Entry type="1" type_name="REG_SZ">
3528 <Key>Software\Policies\Google\Chrome\ExtensionInstallBlocklist</Key>
3529 <ValueName>1</ValueName>
3530 <Value>extension_id1</Value>
3532 <Entry type="1" type_name="REG_SZ">
3533 <Key>Software\Policies\Google\Chrome\ExtensionInstallBlocklist</Key>
3534 <ValueName>2</ValueName>
3535 <Value>extension_id2</Value>
3537 <Entry type="1" type_name="REG_SZ">
3538 <Key>Software\Policies\Google\Chrome\ExtensionInstallForcelist</Key>
3539 <ValueName>1</ValueName>
3540 <Value>aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa;https://clients2.google.com/service/update2/crx</Value>
3542 <Entry type="1" type_name="REG_SZ">
3543 <Key>Software\Policies\Google\Chrome\ExtensionInstallForcelist</Key>
3544 <ValueName>2</ValueName>
3545 <Value>abcdefghijklmnopabcdefghijklmnop</Value>
3547 <Entry type="1" type_name="REG_SZ">
3548 <Key>Software\Policies\Google\Chrome\ExtensionInstallSources</Key>
3549 <ValueName>1</ValueName>
3550 <Value>https://corp.mycompany.com/*</Value>
3552 <Entry type="1" type_name="REG_SZ">
3553 <Key>Software\Policies\Google\Chrome\FileHandlingAllowedForUrls</Key>
3554 <ValueName>1</ValueName>
3555 <Value>https://www.example.com</Value>
3557 <Entry type="1" type_name="REG_SZ">
3558 <Key>Software\Policies\Google\Chrome\FileHandlingAllowedForUrls</Key>
3559 <ValueName>2</ValueName>
3560 <Value>[*.]example.edu</Value>
3562 <Entry type="1" type_name="REG_SZ">
3563 <Key>Software\Policies\Google\Chrome\FileHandlingBlockedForUrls</Key>
3564 <ValueName>1</ValueName>
3565 <Value>https://www.example.com</Value>
3567 <Entry type="1" type_name="REG_SZ">
3568 <Key>Software\Policies\Google\Chrome\FileHandlingBlockedForUrls</Key>
3569 <ValueName>2</ValueName>
3570 <Value>[*.]example.edu</Value>
3572 <Entry type="1" type_name="REG_SZ">
3573 <Key>Software\Policies\Google\Chrome\FileSystemReadAskForUrls</Key>
3574 <ValueName>1</ValueName>
3575 <Value>https://www.example.com</Value>
3577 <Entry type="1" type_name="REG_SZ">
3578 <Key>Software\Policies\Google\Chrome\FileSystemReadAskForUrls</Key>
3579 <ValueName>2</ValueName>
3580 <Value>[*.]example.edu</Value>
3582 <Entry type="1" type_name="REG_SZ">
3583 <Key>Software\Policies\Google\Chrome\FileSystemReadBlockedForUrls</Key>
3584 <ValueName>1</ValueName>
3585 <Value>https://www.example.com</Value>
3587 <Entry type="1" type_name="REG_SZ">
3588 <Key>Software\Policies\Google\Chrome\FileSystemReadBlockedForUrls</Key>
3589 <ValueName>2</ValueName>
3590 <Value>[*.]example.edu</Value>
3592 <Entry type="1" type_name="REG_SZ">
3593 <Key>Software\Policies\Google\Chrome\FileSystemWriteAskForUrls</Key>
3594 <ValueName>1</ValueName>
3595 <Value>https://www.example.com</Value>
3597 <Entry type="1" type_name="REG_SZ">
3598 <Key>Software\Policies\Google\Chrome\FileSystemWriteAskForUrls</Key>
3599 <ValueName>2</ValueName>
3600 <Value>[*.]example.edu</Value>
3602 <Entry type="1" type_name="REG_SZ">
3603 <Key>Software\Policies\Google\Chrome\FileSystemWriteBlockedForUrls</Key>
3604 <ValueName>1</ValueName>
3605 <Value>https://www.example.com</Value>
3607 <Entry type="1" type_name="REG_SZ">
3608 <Key>Software\Policies\Google\Chrome\FileSystemWriteBlockedForUrls</Key>
3609 <ValueName>2</ValueName>
3610 <Value>[*.]example.edu</Value>
3612 <Entry type="1" type_name="REG_SZ">
3613 <Key>Software\Policies\Google\Chrome\ForcedLanguages</Key>
3614 <ValueName>1</ValueName>
3615 <Value>en-US</Value>
3617 <Entry type="1" type_name="REG_SZ">
3618 <Key>Software\Policies\Google\Chrome\HSTSPolicyBypassList</Key>
3619 <ValueName>1</ValueName>
3622 <Entry type="1" type_name="REG_SZ">
3623 <Key>Software\Policies\Google\Chrome\ImagesAllowedForUrls</Key>
3624 <ValueName>1</ValueName>
3625 <Value>https://www.example.com</Value>
3627 <Entry type="1" type_name="REG_SZ">
3628 <Key>Software\Policies\Google\Chrome\ImagesAllowedForUrls</Key>
3629 <ValueName>2</ValueName>
3630 <Value>[*.]example.edu</Value>
3632 <Entry type="1" type_name="REG_SZ">
3633 <Key>Software\Policies\Google\Chrome\ImagesBlockedForUrls</Key>
3634 <ValueName>1</ValueName>
3635 <Value>https://www.example.com</Value>
3637 <Entry type="1" type_name="REG_SZ">
3638 <Key>Software\Policies\Google\Chrome\ImagesBlockedForUrls</Key>
3639 <ValueName>2</ValueName>
3640 <Value>[*.]example.edu</Value>
3642 <Entry type="1" type_name="REG_SZ">
3643 <Key>Software\Policies\Google\Chrome\InsecureContentAllowedForUrls</Key>
3644 <ValueName>1</ValueName>
3645 <Value>https://www.example.com</Value>
3647 <Entry type="1" type_name="REG_SZ">
3648 <Key>Software\Policies\Google\Chrome\InsecureContentAllowedForUrls</Key>
3649 <ValueName>2</ValueName>
3650 <Value>[*.]example.edu</Value>
3652 <Entry type="1" type_name="REG_SZ">
3653 <Key>Software\Policies\Google\Chrome\InsecureContentBlockedForUrls</Key>
3654 <ValueName>1</ValueName>
3655 <Value>https://www.example.com</Value>
3657 <Entry type="1" type_name="REG_SZ">
3658 <Key>Software\Policies\Google\Chrome\InsecureContentBlockedForUrls</Key>
3659 <ValueName>2</ValueName>
3660 <Value>[*.]example.edu</Value>
3662 <Entry type="1" type_name="REG_SZ">
3663 <Key>Software\Policies\Google\Chrome\InsecurePrivateNetworkRequestsAllowedForUrls</Key>
3664 <ValueName>1</ValueName>
3665 <Value>http://www.example.com:8080</Value>
3667 <Entry type="1" type_name="REG_SZ">
3668 <Key>Software\Policies\Google\Chrome\InsecurePrivateNetworkRequestsAllowedForUrls</Key>
3669 <ValueName>2</ValueName>
3670 <Value>[*.]example.edu</Value>
3672 <Entry type="1" type_name="REG_SZ">
3673 <Key>Software\Policies\Google\Chrome\JavaScriptAllowedForUrls</Key>
3674 <ValueName>1</ValueName>
3675 <Value>https://www.example.com</Value>
3677 <Entry type="1" type_name="REG_SZ">
3678 <Key>Software\Policies\Google\Chrome\JavaScriptAllowedForUrls</Key>
3679 <ValueName>2</ValueName>
3680 <Value>[*.]example.edu</Value>
3682 <Entry type="1" type_name="REG_SZ">
3683 <Key>Software\Policies\Google\Chrome\JavaScriptBlockedForUrls</Key>
3684 <ValueName>1</ValueName>
3685 <Value>https://www.example.com</Value>
3687 <Entry type="1" type_name="REG_SZ">
3688 <Key>Software\Policies\Google\Chrome\JavaScriptBlockedForUrls</Key>
3689 <ValueName>2</ValueName>
3690 <Value>[*.]example.edu</Value>
3692 <Entry type="1" type_name="REG_SZ">
3693 <Key>Software\Policies\Google\Chrome\LegacySameSiteCookieBehaviorEnabledForDomainList</Key>
3694 <ValueName>1</ValueName>
3695 <Value>www.example.com</Value>
3697 <Entry type="1" type_name="REG_SZ">
3698 <Key>Software\Policies\Google\Chrome\LegacySameSiteCookieBehaviorEnabledForDomainList</Key>
3699 <ValueName>2</ValueName>
3700 <Value>[*.]example.edu</Value>
3702 <Entry type="1" type_name="REG_SZ">
3703 <Key>Software\Policies\Google\Chrome\LookalikeWarningAllowlistDomains</Key>
3704 <ValueName>1</ValueName>
3705 <Value>foo.example.com</Value>
3707 <Entry type="1" type_name="REG_SZ">
3708 <Key>Software\Policies\Google\Chrome\LookalikeWarningAllowlistDomains</Key>
3709 <ValueName>2</ValueName>
3710 <Value>example.org</Value>
3712 <Entry type="1" type_name="REG_SZ">
3713 <Key>Software\Policies\Google\Chrome\NativeMessagingAllowlist</Key>
3714 <ValueName>1</ValueName>
3715 <Value>com.native.messaging.host.name1</Value>
3717 <Entry type="1" type_name="REG_SZ">
3718 <Key>Software\Policies\Google\Chrome\NativeMessagingAllowlist</Key>
3719 <ValueName>2</ValueName>
3720 <Value>com.native.messaging.host.name2</Value>
3722 <Entry type="1" type_name="REG_SZ">
3723 <Key>Software\Policies\Google\Chrome\NativeMessagingBlocklist</Key>
3724 <ValueName>1</ValueName>
3725 <Value>com.native.messaging.host.name1</Value>
3727 <Entry type="1" type_name="REG_SZ">
3728 <Key>Software\Policies\Google\Chrome\NativeMessagingBlocklist</Key>
3729 <ValueName>2</ValueName>
3730 <Value>com.native.messaging.host.name2</Value>
3732 <Entry type="1" type_name="REG_SZ">
3733 <Key>Software\Policies\Google\Chrome\NotificationsAllowedForUrls</Key>
3734 <ValueName>1</ValueName>
3735 <Value>https://www.example.com</Value>
3737 <Entry type="1" type_name="REG_SZ">
3738 <Key>Software\Policies\Google\Chrome\NotificationsAllowedForUrls</Key>
3739 <ValueName>2</ValueName>
3740 <Value>[*.]example.edu</Value>
3742 <Entry type="1" type_name="REG_SZ">
3743 <Key>Software\Policies\Google\Chrome\NotificationsBlockedForUrls</Key>
3744 <ValueName>1</ValueName>
3745 <Value>https://www.example.com</Value>
3747 <Entry type="1" type_name="REG_SZ">
3748 <Key>Software\Policies\Google\Chrome\NotificationsBlockedForUrls</Key>
3749 <ValueName>2</ValueName>
3750 <Value>[*.]example.edu</Value>
3752 <Entry type="1" type_name="REG_SZ">
3753 <Key>Software\Policies\Google\Chrome\OverrideSecurityRestrictionsOnInsecureOrigin</Key>
3754 <ValueName>1</ValueName>
3755 <Value>http://testserver.example.com/</Value>
3757 <Entry type="1" type_name="REG_SZ">
3758 <Key>Software\Policies\Google\Chrome\OverrideSecurityRestrictionsOnInsecureOrigin</Key>
3759 <ValueName>2</ValueName>
3760 <Value>*.example.org</Value>
3762 <Entry type="1" type_name="REG_SZ">
3763 <Key>Software\Policies\Google\Chrome\PasswordProtectionLoginURLs</Key>
3764 <ValueName>1</ValueName>
3765 <Value>https://mydomain.com/login.html</Value>
3767 <Entry type="1" type_name="REG_SZ">
3768 <Key>Software\Policies\Google\Chrome\PasswordProtectionLoginURLs</Key>
3769 <ValueName>2</ValueName>
3770 <Value>https://login.mydomain.com</Value>
3772 <Entry type="1" type_name="REG_SZ">
3773 <Key>Software\Policies\Google\Chrome\PolicyDictionaryMultipleSourceMergeList</Key>
3774 <ValueName>1</ValueName>
3775 <Value>ExtensionSettings</Value>
3777 <Entry type="1" type_name="REG_SZ">
3778 <Key>Software\Policies\Google\Chrome\PolicyListMultipleSourceMergeList</Key>
3779 <ValueName>1</ValueName>
3780 <Value>ExtensionInstallAllowlist</Value>
3782 <Entry type="1" type_name="REG_SZ">
3783 <Key>Software\Policies\Google\Chrome\PolicyListMultipleSourceMergeList</Key>
3784 <ValueName>2</ValueName>
3785 <Value>ExtensionInstallBlocklist</Value>
3787 <Entry type="1" type_name="REG_SZ">
3788 <Key>Software\Policies\Google\Chrome\PopupsAllowedForUrls</Key>
3789 <ValueName>1</ValueName>
3790 <Value>https://www.example.com</Value>
3792 <Entry type="1" type_name="REG_SZ">
3793 <Key>Software\Policies\Google\Chrome\PopupsAllowedForUrls</Key>
3794 <ValueName>2</ValueName>
3795 <Value>[*.]example.edu</Value>
3797 <Entry type="1" type_name="REG_SZ">
3798 <Key>Software\Policies\Google\Chrome\PopupsBlockedForUrls</Key>
3799 <ValueName>1</ValueName>
3800 <Value>https://www.example.com</Value>
3802 <Entry type="1" type_name="REG_SZ">
3803 <Key>Software\Policies\Google\Chrome\PopupsBlockedForUrls</Key>
3804 <ValueName>2</ValueName>
3805 <Value>[*.]example.edu</Value>
3807 <Entry type="1" type_name="REG_SZ">
3808 <Key>Software\Policies\Google\Chrome\PrinterTypeDenyList</Key>
3809 <ValueName>1</ValueName>
3810 <Value>cloud</Value>
3812 <Entry type="1" type_name="REG_SZ">
3813 <Key>Software\Policies\Google\Chrome\PrinterTypeDenyList</Key>
3814 <ValueName>2</ValueName>
3815 <Value>privet</Value>
3817 <Entry type="1" type_name="REG_SZ">
3818 <Key>Software\Policies\Google\Chrome\RemoteAccessHostClientDomainList</Key>
3819 <ValueName>1</ValueName>
3820 <Value>my-awesome-domain.com</Value>
3822 <Entry type="1" type_name="REG_SZ">
3823 <Key>Software\Policies\Google\Chrome\RemoteAccessHostClientDomainList</Key>
3824 <ValueName>2</ValueName>
3825 <Value>my-auxiliary-domain.com</Value>
3827 <Entry type="1" type_name="REG_SZ">
3828 <Key>Software\Policies\Google\Chrome\RemoteAccessHostDomainList</Key>
3829 <ValueName>1</ValueName>
3830 <Value>my-awesome-domain.com</Value>
3832 <Entry type="1" type_name="REG_SZ">
3833 <Key>Software\Policies\Google\Chrome\RemoteAccessHostDomainList</Key>
3834 <ValueName>2</ValueName>
3835 <Value>my-auxiliary-domain.com</Value>
3837 <Entry type="1" type_name="REG_SZ">
3838 <Key>Software\Policies\Google\Chrome\RestoreOnStartupURLs</Key>
3839 <ValueName>1</ValueName>
3840 <Value>https://example.com</Value>
3842 <Entry type="1" type_name="REG_SZ">
3843 <Key>Software\Policies\Google\Chrome\RestoreOnStartupURLs</Key>
3844 <ValueName>2</ValueName>
3845 <Value>https://www.chromium.org</Value>
3847 <Entry type="1" type_name="REG_SZ">
3848 <Key>Software\Policies\Google\Chrome\SSLErrorOverrideAllowedForOrigins</Key>
3849 <ValueName>1</ValueName>
3850 <Value>https://www.example.com</Value>
3852 <Entry type="1" type_name="REG_SZ">
3853 <Key>Software\Policies\Google\Chrome\SSLErrorOverrideAllowedForOrigins</Key>
3854 <ValueName>2</ValueName>
3855 <Value>[*.]example.edu</Value>
3857 <Entry type="1" type_name="REG_SZ">
3858 <Key>Software\Policies\Google\Chrome\SafeBrowsingAllowlistDomains</Key>
3859 <ValueName>1</ValueName>
3860 <Value>mydomain.com</Value>
3862 <Entry type="1" type_name="REG_SZ">
3863 <Key>Software\Policies\Google\Chrome\SafeBrowsingAllowlistDomains</Key>
3864 <ValueName>2</ValueName>
3865 <Value>myuniversity.edu</Value>
3867 <Entry type="1" type_name="REG_SZ">
3868 <Key>Software\Policies\Google\Chrome\SecurityKeyPermitAttestation</Key>
3869 <ValueName>1</ValueName>
3870 <Value>https://example.com</Value>
3872 <Entry type="1" type_name="REG_SZ">
3873 <Key>Software\Policies\Google\Chrome\SensorsAllowedForUrls</Key>
3874 <ValueName>1</ValueName>
3875 <Value>https://www.example.com</Value>
3877 <Entry type="1" type_name="REG_SZ">
3878 <Key>Software\Policies\Google\Chrome\SensorsAllowedForUrls</Key>
3879 <ValueName>2</ValueName>
3880 <Value>[*.]example.edu</Value>
3882 <Entry type="1" type_name="REG_SZ">
3883 <Key>Software\Policies\Google\Chrome\SensorsBlockedForUrls</Key>
3884 <ValueName>1</ValueName>
3885 <Value>https://www.example.com</Value>
3887 <Entry type="1" type_name="REG_SZ">
3888 <Key>Software\Policies\Google\Chrome\SensorsBlockedForUrls</Key>
3889 <ValueName>2</ValueName>
3890 <Value>[*.]example.edu</Value>
3892 <Entry type="1" type_name="REG_SZ">
3893 <Key>Software\Policies\Google\Chrome\SerialAskForUrls</Key>
3894 <ValueName>1</ValueName>
3895 <Value>https://www.example.com</Value>
3897 <Entry type="1" type_name="REG_SZ">
3898 <Key>Software\Policies\Google\Chrome\SerialAskForUrls</Key>
3899 <ValueName>2</ValueName>
3900 <Value>[*.]example.edu</Value>
3902 <Entry type="1" type_name="REG_SZ">
3903 <Key>Software\Policies\Google\Chrome\SerialBlockedForUrls</Key>
3904 <ValueName>1</ValueName>
3905 <Value>https://www.example.com</Value>
3907 <Entry type="1" type_name="REG_SZ">
3908 <Key>Software\Policies\Google\Chrome\SerialBlockedForUrls</Key>
3909 <ValueName>2</ValueName>
3910 <Value>[*.]example.edu</Value>
3912 <Entry type="1" type_name="REG_SZ">
3913 <Key>Software\Policies\Google\Chrome\SpellcheckLanguage</Key>
3914 <ValueName>1</ValueName>
3917 <Entry type="1" type_name="REG_SZ">
3918 <Key>Software\Policies\Google\Chrome\SpellcheckLanguage</Key>
3919 <ValueName>2</ValueName>
3922 <Entry type="1" type_name="REG_SZ">
3923 <Key>Software\Policies\Google\Chrome\SpellcheckLanguageBlocklist</Key>
3924 <ValueName>1</ValueName>
3927 <Entry type="1" type_name="REG_SZ">
3928 <Key>Software\Policies\Google\Chrome\SpellcheckLanguageBlocklist</Key>
3929 <ValueName>2</ValueName>
3932 <Entry type="1" type_name="REG_SZ">
3933 <Key>Software\Policies\Google\Chrome\SyncTypesListDisabled</Key>
3934 <ValueName>1</ValueName>
3935 <Value>bookmarks</Value>
3937 <Entry type="1" type_name="REG_SZ">
3938 <Key>Software\Policies\Google\Chrome\URLAllowlist</Key>
3939 <ValueName>1</ValueName>
3940 <Value>example.com</Value>
3942 <Entry type="1" type_name="REG_SZ">
3943 <Key>Software\Policies\Google\Chrome\URLAllowlist</Key>
3944 <ValueName>2</ValueName>
3945 <Value>https://ssl.server.com</Value>
3947 <Entry type="1" type_name="REG_SZ">
3948 <Key>Software\Policies\Google\Chrome\URLAllowlist</Key>
3949 <ValueName>3</ValueName>
3950 <Value>hosting.com/good_path</Value>
3952 <Entry type="1" type_name="REG_SZ">
3953 <Key>Software\Policies\Google\Chrome\URLAllowlist</Key>
3954 <ValueName>4</ValueName>
3955 <Value>https://server:8080/path</Value>
3957 <Entry type="1" type_name="REG_SZ">
3958 <Key>Software\Policies\Google\Chrome\URLAllowlist</Key>
3959 <ValueName>5</ValueName>
3960 <Value>.exact.hostname.com</Value>
3962 <Entry type="1" type_name="REG_SZ">
3963 <Key>Software\Policies\Google\Chrome\URLBlocklist</Key>
3964 <ValueName>1</ValueName>
3965 <Value>example.com</Value>
3967 <Entry type="1" type_name="REG_SZ">
3968 <Key>Software\Policies\Google\Chrome\URLBlocklist</Key>
3969 <ValueName>2</ValueName>
3970 <Value>https://ssl.server.com</Value>
3972 <Entry type="1" type_name="REG_SZ">
3973 <Key>Software\Policies\Google\Chrome\URLBlocklist</Key>
3974 <ValueName>3</ValueName>
3975 <Value>hosting.com/bad_path</Value>
3977 <Entry type="1" type_name="REG_SZ">
3978 <Key>Software\Policies\Google\Chrome\URLBlocklist</Key>
3979 <ValueName>4</ValueName>
3980 <Value>https://server:8080/path</Value>
3982 <Entry type="1" type_name="REG_SZ">
3983 <Key>Software\Policies\Google\Chrome\URLBlocklist</Key>
3984 <ValueName>5</ValueName>
3985 <Value>.exact.hostname.com</Value>
3987 <Entry type="1" type_name="REG_SZ">
3988 <Key>Software\Policies\Google\Chrome\URLBlocklist</Key>
3989 <ValueName>6</ValueName>
3990 <Value>file://*</Value>
3992 <Entry type="1" type_name="REG_SZ">
3993 <Key>Software\Policies\Google\Chrome\URLBlocklist</Key>
3994 <ValueName>7</ValueName>
3995 <Value>custom_scheme:*</Value>
3997 <Entry type="1" type_name="REG_SZ">
3998 <Key>Software\Policies\Google\Chrome\URLBlocklist</Key>
3999 <ValueName>8</ValueName>
4002 <Entry type="1" type_name="REG_SZ">
4003 <Key>Software\Policies\Google\Chrome\VideoCaptureAllowedUrls</Key>
4004 <ValueName>1</ValueName>
4005 <Value>https://www.example.com/</Value>
4007 <Entry type="1" type_name="REG_SZ">
4008 <Key>Software\Policies\Google\Chrome\VideoCaptureAllowedUrls</Key>
4009 <ValueName>2</ValueName>
4010 <Value>https://[*.]example.edu/</Value>
4012 <Entry type="1" type_name="REG_SZ">
4013 <Key>Software\Policies\Google\Chrome\WebRtcLocalIpsAllowedUrls</Key>
4014 <ValueName>1</ValueName>
4015 <Value>https://www.example.com</Value>
4017 <Entry type="1" type_name="REG_SZ">
4018 <Key>Software\Policies\Google\Chrome\WebRtcLocalIpsAllowedUrls</Key>
4019 <ValueName>2</ValueName>
4020 <Value>*example.com*</Value>
4022 <Entry type="1" type_name="REG_SZ">
4023 <Key>Software\Policies\Google\Chrome\WebUsbAskForUrls</Key>
4024 <ValueName>1</ValueName>
4025 <Value>https://www.example.com</Value>
4027 <Entry type="1" type_name="REG_SZ">
4028 <Key>Software\Policies\Google\Chrome\WebUsbAskForUrls</Key>
4029 <ValueName>2</ValueName>
4030 <Value>[*.]example.edu</Value>
4032 <Entry type="1" type_name="REG_SZ">
4033 <Key>Software\Policies\Google\Chrome\WebUsbBlockedForUrls</Key>
4034 <ValueName>1</ValueName>
4035 <Value>https://www.example.com</Value>
4037 <Entry type="1" type_name="REG_SZ">
4038 <Key>Software\Policies\Google\Chrome\WebUsbBlockedForUrls</Key>
4039 <ValueName>2</ValueName>
4040 <Value>[*.]example.edu</Value>
4042 <Entry type="4" type_name="REG_DWORD">
4043 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4044 <ValueName>AlternateErrorPagesEnabled</ValueName>
4047 <Entry type="1" type_name="REG_SZ">
4048 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4049 <ValueName>ApplicationLocaleValue</ValueName>
4052 <Entry type="4" type_name="REG_DWORD">
4053 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4054 <ValueName>AutofillAddressEnabled</ValueName>
4057 <Entry type="4" type_name="REG_DWORD">
4058 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4059 <ValueName>AutofillCreditCardEnabled</ValueName>
4062 <Entry type="4" type_name="REG_DWORD">
4063 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4064 <ValueName>BackgroundModeEnabled</ValueName>
4067 <Entry type="4" type_name="REG_DWORD">
4068 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4069 <ValueName>BlockThirdPartyCookies</ValueName>
4072 <Entry type="4" type_name="REG_DWORD">
4073 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4074 <ValueName>BookmarkBarEnabled</ValueName>
4077 <Entry type="1" type_name="REG_SZ">
4078 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4079 <ValueName>DefaultDownloadDirectory</ValueName>
4080 <Value>/home/${user_name}/Downloads</Value>
4082 <Entry type="1" type_name="REG_SZ">
4083 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4084 <ValueName>DownloadDirectory</ValueName>
4085 <Value>/home/${user_name}/Downloads</Value>
4087 <Entry type="4" type_name="REG_DWORD">
4088 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4089 <ValueName>DownloadRestrictions</ValueName>
4092 <Entry type="4" type_name="REG_DWORD">
4093 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4094 <ValueName>HomepageIsNewTabPage</ValueName>
4097 <Entry type="1" type_name="REG_SZ">
4098 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4099 <ValueName>HomepageLocation</ValueName>
4100 <Value>https://www.chromium.org</Value>
4102 <Entry type="4" type_name="REG_DWORD">
4103 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4104 <ValueName>ImportAutofillFormData</ValueName>
4107 <Entry type="4" type_name="REG_DWORD">
4108 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4109 <ValueName>ImportBookmarks</ValueName>
4112 <Entry type="4" type_name="REG_DWORD">
4113 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4114 <ValueName>ImportHistory</ValueName>
4117 <Entry type="4" type_name="REG_DWORD">
4118 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4119 <ValueName>ImportSavedPasswords</ValueName>
4122 <Entry type="4" type_name="REG_DWORD">
4123 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4124 <ValueName>ImportSearchEngine</ValueName>
4127 <Entry type="4" type_name="REG_DWORD">
4128 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4129 <ValueName>MetricsReportingEnabled</ValueName>
4132 <Entry type="4" type_name="REG_DWORD">
4133 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4134 <ValueName>NetworkPredictionOptions</ValueName>
4137 <Entry type="4" type_name="REG_DWORD">
4138 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4139 <ValueName>PasswordLeakDetectionEnabled</ValueName>
4142 <Entry type="4" type_name="REG_DWORD">
4143 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4144 <ValueName>PasswordManagerEnabled</ValueName>
4147 <Entry type="4" type_name="REG_DWORD">
4148 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4149 <ValueName>PrintHeaderFooter</ValueName>
4152 <Entry type="4" type_name="REG_DWORD">
4153 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4154 <ValueName>PrintPreviewUseSystemDefaultPrinter</ValueName>
4157 <Entry type="1" type_name="REG_SZ">
4158 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4159 <ValueName>RegisteredProtocolHandlers</ValueName>
4160 <Value>[{"default": true, "protocol": "mailto", "url": "https://mail.google.com/mail/?extsrc=mailto&url=%s"}]</Value>
4162 <Entry type="4" type_name="REG_DWORD">
4163 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4164 <ValueName>RestoreOnStartup</ValueName>
4167 <Entry type="4" type_name="REG_DWORD">
4168 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4169 <ValueName>SafeBrowsingForTrustedSourcesEnabled</ValueName>
4172 <Entry type="4" type_name="REG_DWORD">
4173 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4174 <ValueName>SafeBrowsingProtectionLevel</ValueName>
4177 <Entry type="4" type_name="REG_DWORD">
4178 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4179 <ValueName>SearchSuggestEnabled</ValueName>
4182 <Entry type="4" type_name="REG_DWORD">
4183 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4184 <ValueName>ShowFullUrlsInAddressBar</ValueName>
4187 <Entry type="4" type_name="REG_DWORD">
4188 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4189 <ValueName>ShowHomeButton</ValueName>
4192 <Entry type="4" type_name="REG_DWORD">
4193 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4194 <ValueName>SpellCheckServiceEnabled</ValueName>
4197 <Entry type="4" type_name="REG_DWORD">
4198 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4199 <ValueName>TranslateEnabled</ValueName>
4202 <Entry type="1" type_name="REG_SZ">
4203 <Key>Software\Policies\Google\Chrome\Recommended\RestoreOnStartupURLs</Key>
4204 <ValueName>1</ValueName>
4205 <Value>https://example.com</Value>
4207 <Entry type="1" type_name="REG_SZ">
4208 <Key>Software\Policies\Google\Chrome\Recommended\RestoreOnStartupURLs</Key>
4209 <ValueName>2</ValueName>
4210 <Value>https://www.chromium.org</Value>
4215 chromium_json_expected_managed = \
4218 "FileSystemWriteAskForUrls": [
4219 "https://www.example.com",
4222 "InsecureContentBlockedForUrls": [
4223 "https://www.example.com",
4226 "DefaultSearchProviderImageURLPostParams": "content={imageThumbnail},url={imageURL},sbisrc={SearchSource}",
4227 "BrowserAddPersonEnabled": true,
4228 "DefaultSearchProviderImageURL": "https://search.my.company/searchbyimage/upload",
4229 "ShowHomeButton": true,
4230 "ClearBrowsingDataOnExitList": [
4233 "cookies_and_other_site_data",
4234 "cached_images_and_files",
4240 "JavaScriptAllowedForUrls": [
4241 "https://www.example.com",
4244 "AmbientAuthenticationInPrivateModesEnabled": 0,
4245 "AllowFileSelectionDialogs": true,
4246 "PrintingAllowedBackgroundGraphicsModes": "enabled",
4247 "DnsOverHttpsTemplates": "https://dns.example.net/dns-query{?dns}",
4248 "ComponentUpdatesEnabled": true,
4249 "RemoteAccessHostAllowRemoteAccessConnections": false,
4250 "WindowOcclusionEnabled": true,
4251 "PrintPreviewUseSystemDefaultPrinter": false,
4252 "AutoLaunchProtocolsFromOrigins": [
4254 "allowed_origins": [
4256 "http://www.example.com:8080"
4258 "protocol": "spotify"
4261 "allowed_origins": [
4262 "https://example.com",
4263 "https://.mail.example.com"
4268 "allowed_origins": [
4271 "protocol": "outlook"
4274 "ManagedConfigurationPerOrigin": [
4276 "origin": "https://www.google.com",
4277 "managed_configuration_hash": "asd891jedasd12ue9h",
4278 "managed_configuration_url": "https://gstatic.google.com/configuration.json"
4281 "origin": "https://www.example.com",
4282 "managed_configuration_hash": "djio12easd89u12aws",
4283 "managed_configuration_url": "https://gstatic.google.com/configuration2.json"
4286 "SyncTypesListDisabled": [
4289 "SecurityKeyPermitAttestation": [
4290 "https://example.com"
4292 "DefaultSearchProviderSearchURL": "https://search.my.company/search?q={searchTerms}",
4293 "MetricsReportingEnabled": true,
4294 "MaxInvalidationFetchDelay": 10000,
4295 "AudioProcessHighPriorityEnabled": true,
4296 "ExtensionInstallForcelist": [
4297 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa;https://clients2.google.com/service/update2/crx",
4298 "abcdefghijklmnopabcdefghijklmnop"
4300 "ExternalProtocolDialogShowAlwaysOpenCheckbox": true,
4301 "CookiesBlockedForUrls": [
4302 "https://www.example.com",
4305 "BrowserSwitcherExternalSitelistUrl": "http://example.com/sitelist.xml",
4306 "AudioCaptureAllowedUrls": [
4307 "https://www.example.com/",
4308 "https://[*.]example.edu/"
4310 "NTPCustomBackgroundEnabled": true,
4311 "BlockExternalExtensions": true,
4312 "BrowserSwitcherChromeParameters": [
4315 "SafeSitesFilterBehavior": 0,
4316 "EnableOnlineRevocationChecks": false,
4317 "ImagesBlockedForUrls": [
4318 "https://www.example.com",
4321 "InsecureFormsWarningsEnabled": true,
4322 "RelaunchNotificationPeriod": 604800000,
4323 "TotalMemoryLimitMb": 2048,
4324 "CloudManagementEnrollmentMandatory": true,
4325 "ClickToCallEnabled": true,
4326 "AppCacheForceEnabled": false,
4327 "UrlKeyedAnonymizedDataCollectionEnabled": true,
4328 "FullscreenAllowed": true,
4329 "AuthSchemes": "basic,digest,ntlm,negotiate",
4330 "PasswordLeakDetectionEnabled": true,
4331 "AuthServerAllowlist": "*.example.com,example.com",
4332 "AllowSyncXHRInPageDismissal": false,
4333 "PasswordProtectionChangePasswordURL": "https://mydomain.com/change_password.html",
4334 "MaxConnectionsPerProxy": 32,
4335 "RemoteAccessHostMaximumSessionDurationMinutes": 1200,
4336 "RemoteAccessHostAllowFileTransfer": false,
4337 "PrintRasterizationMode": 1,
4338 "CertificateTransparencyEnforcementDisabledForLegacyCas": [
4339 "sha256/AAAAAAAAAAAAAAAAAAAAAA==",
4340 "sha256//////////////////////w=="
4342 "DefaultWebBluetoothGuardSetting": 2,
4343 "AutoplayAllowed": true,
4344 "BrowserSwitcherUrlList": [
4346 "!open-in-chrome.ie.com",
4347 "foobar.com/ie-only/"
4349 "CertificateTransparencyEnforcementDisabledForUrls": [
4353 "SpellcheckLanguageBlocklist": [
4357 "PrintHeaderFooter": false,
4358 "ShowAppsShortcutInBookmarkBar": false,
4359 "SerialAskForUrls": [
4360 "https://www.example.com",
4363 "ImagesAllowedForUrls": [
4364 "https://www.example.com",
4367 "ProfilePickerOnStartupAvailability": 0,
4368 "CommandLineFlagSecurityWarningsEnabled": true,
4369 "QuicAllowed": true,
4370 "IntensiveWakeUpThrottlingEnabled": true,
4371 "WPADQuickCheckEnabled": true,
4372 "SensorsAllowedForUrls": [
4373 "https://www.example.com",
4376 "NTPCardsVisible": true,
4377 "DefaultSearchProviderAlternateURLs": [
4378 "https://search.my.company/suggest#q={searchTerms}",
4379 "https://search.my.company/suggest/search#q={searchTerms}"
4381 "DisableSafeBrowsingProceedAnyway": true,
4382 "DefaultFileSystemWriteGuardSetting": 2,
4383 "DefaultSearchProviderSuggestURL": "https://search.my.company/suggest?q={searchTerms}",
4384 "SSLErrorOverrideAllowed": true,
4385 "CloudPrintProxyEnabled": true,
4386 "BrowserSwitcherUrlGreylist": [
4388 "!open-in-chrome.ie.com",
4389 "foobar.com/ie-only/"
4391 "BrowserNetworkTimeQueriesEnabled": true,
4392 "WebUsbAllowDevicesForUrls": [
4395 "https://google.com"
4405 "TaskManagerEndProcessEnabled": true,
4406 "SuppressDifferentOriginSubframeDialogs": true,
4407 "UserDataDir": "${users}/${user_name}/Chrome",
4408 "CookiesAllowedForUrls": [
4409 "https://www.example.com",
4412 "SuppressUnsupportedOSWarning": true,
4413 "RequireOnlineRevocationChecksForLocalAnchors": false,
4414 "BrowsingDataLifetime": [
4419 "time_to_live_in_hours": 24
4426 "time_to_live_in_hours": 12
4429 "FileHandlingBlockedForUrls": [
4430 "https://www.example.com",
4433 "AudioCaptureAllowed": false,
4434 "PromotionalTabsEnabled": false,
4435 "ShowFullUrlsInAddressBar": false,
4436 "EnableMediaRouter": true,
4437 "BrowserSwitcherDelay": 10000,
4438 "AllowDinosaurEasterEgg": false,
4439 "ImportSearchEngine": true,
4440 "PrintingBackgroundGraphicsDefault": "enabled",
4441 "TripleDESEnabled": false,
4442 "AutoplayAllowlist": [
4443 "https://www.example.com",
4446 "RemoteAccessHostUdpPortRange": "12400-12409",
4447 "DefaultSearchProviderIconURL": "https://search.my.company/favicon.ico",
4448 "BrowserSwitcherChromePath": "${chrome}",
4449 "InsecureContentAllowedForUrls": [
4450 "https://www.example.com",
4453 "DefaultSearchProviderSearchURLPostParams": "q={searchTerms},ie=utf-8,oe=utf-8",
4454 "ForceGoogleSafeSearch": false,
4455 "UserFeedbackAllowed": true,
4456 "ForceYouTubeRestrict": 0,
4457 "ApplicationLocaleValue": "en",
4458 "RoamingProfileSupportEnabled": true,
4459 "AlternativeBrowserPath": "${ie}",
4460 "AlternativeBrowserParameters": [
4465 "%HOME%\\\\browser_profile"
4467 "AdvancedProtectionAllowed": true,
4468 "EditBookmarksEnabled": false,
4469 "DefaultPrinterSelection": "{ \\"kind\\": \\"cloud\\", \\"idPattern\\": \\".*public\\", \\"namePattern\\": \\".*Color\\" }",
4470 "SSLVersionMin": "tls1",
4471 "SharedArrayBufferUnrestrictedAccessAllowed": true,
4472 "DefaultSerialGuardSetting": 2,
4473 "DefaultPopupsSetting": 1,
4474 "IntranetRedirectBehavior": 1,
4475 "RendererCodeIntegrityEnabled": false,
4476 "BrowserGuestModeEnforced": true,
4477 "HSTSPolicyBypassList": [
4480 "DefaultWebUsbGuardSetting": 2,
4481 "CECPQ2Enabled": true,
4482 "RemoteAccessHostDomainList": [
4483 "my-awesome-domain.com",
4484 "my-auxiliary-domain.com"
4488 "https://ssl.server.com",
4489 "hosting.com/bad_path",
4490 "https://server:8080/path",
4491 ".exact.hostname.com",
4496 "IsolateOrigins": "https://example.com/,https://othersite.org/",
4497 "ExtensionAllowedTypes": [
4500 "NativeMessagingBlocklist": [
4501 "com.native.messaging.host.name1",
4502 "com.native.messaging.host.name2"
4504 "ExtensionSettings": {
4505 "abcdefghijklmnopabcdefghijklmnop": {
4506 "blocked_permissions": [
4509 "minimum_version_required": "1.0.1",
4510 "toolbar_pin": "force_pinned",
4511 "installation_mode": "allowed"
4513 "bcdefghijklmnopabcdefghijklmnopa": {
4514 "runtime_blocked_hosts": [
4517 "allowed_permissions": [
4520 "update_url": "https://example.com/update_url",
4521 "runtime_allowed_hosts": [
4522 "*://good.example.com"
4524 "installation_mode": "force_installed"
4526 "update_url:https://www.example.com/update.xml": {
4527 "allowed_permissions": [
4530 "blocked_permissions": [
4533 "installation_mode": "allowed"
4535 "cdefghijklmnopabcdefghijklmnopab": {
4536 "blocked_install_message": "Custom error message.",
4537 "installation_mode": "blocked"
4540 "blocked_permissions": [
4544 "installation_mode": "blocked",
4545 "runtime_blocked_hosts": [
4548 "blocked_install_message": "Custom error message.",
4552 "runtime_allowed_hosts": [
4553 "*://good.example.com"
4555 "install_sources": [
4556 "https://company-intranet/chromeapps"
4559 "defghijklmnopabcdefghijklmnopabc,efghijklmnopabcdefghijklmnopabcd": {
4560 "blocked_install_message": "Custom error message.",
4561 "installation_mode": "blocked"
4563 "fghijklmnopabcdefghijklmnopabcde": {
4564 "blocked_install_message": "Custom removal message.",
4565 "installation_mode": "removed"
4567 "ghijklmnopabcdefghijklmnopabcdef": {
4568 "update_url": "https://example.com/update_url",
4569 "override_update_url": true,
4570 "installation_mode": "force_installed"
4573 "FileSystemReadAskForUrls": [
4574 "https://www.example.com",
4577 "SpellCheckServiceEnabled": false,
4578 "ExtensionInstallSources": [
4579 "https://corp.mycompany.com/*"
4581 "PrinterTypeDenyList": [
4585 "SharedClipboardEnabled": true,
4586 "BlockThirdPartyCookies": false,
4587 "MediaRouterCastAllowAllIPs": false,
4588 "DnsOverHttpsMode": "off",
4589 "SyncDisabled": true,
4590 "LookalikeWarningAllowlistDomains": [
4594 "UserDataSnapshotRetentionLimit": 3,
4595 "SafeBrowsingProtectionLevel": 2,
4596 "ScrollToTextFragmentEnabled": false,
4597 "ImportBookmarks": true,
4598 "DefaultBrowserSettingEnabled": true,
4599 "DefaultSearchProviderEnabled": true,
4600 "AdditionalDnsQueryTypesEnabled": true,
4601 "PolicyRefreshRate": 3600000,
4602 "PrintingPaperSizeDefault": {
4609 "RestoreOnStartup": 4,
4610 "PasswordProtectionWarningTrigger": 1,
4611 "ChromeCleanupEnabled": true,
4612 "AbusiveExperienceInterventionEnforce": true,
4613 "BasicAuthOverHttpEnabled": false,
4614 "EnableAuthNegotiatePort": false,
4615 "DefaultGeolocationSetting": 1,
4616 "PolicyDictionaryMultipleSourceMergeList": [
4619 "AllowedDomainsForApps": "managedchrome.com,example.com",
4620 "DisableAuthNegotiateCnameLookup": false,
4621 "IncognitoModeAvailability": 1,
4622 "ChromeVariations": 1,
4623 "DefaultSearchProviderNewTabURL": "https://search.my.company/newtab",
4624 "SavingBrowserHistoryDisabled": true,
4625 "SpellcheckEnabled": false,
4626 "FileSystemWriteBlockedForUrls": [
4627 "https://www.example.com",
4630 "BuiltInDnsClientEnabled": true,
4631 "SSLErrorOverrideAllowedForOrigins": [
4632 "https://www.example.com",
4635 "WebRtcIPHandling": "default",
4636 "DefaultNotificationsSetting": 2,
4637 "PopupsAllowedForUrls": [
4638 "https://www.example.com",
4641 "TranslateEnabled": true,
4642 "DefaultSearchProviderEncodings": [
4648 "DownloadRestrictions": 2,
4649 "PromptForDownloadLocation": false,
4650 "DisablePrintPreview": false,
4651 "NetworkPredictionOptions": 1,
4652 "FileSystemReadBlockedForUrls": [
4653 "https://www.example.com",
4656 "AutoOpenFileTypes": [
4660 "DownloadDirectory": "/home/${user_name}/Downloads",
4661 "ImportHomepage": true,
4662 "GloballyScopeHTTPAuthCacheEnabled": false,
4663 "CloudManagementEnrollmentToken": "37185d02-e055-11e7-80c1-9a214cf093ae",
4664 "ThirdPartyBlockingEnabled": false,
4665 "AdsSettingForIntrusiveAdsSites": 1,
4666 "FetchKeepaliveDurationSecondsOnShutdown": 1,
4667 "BookmarkBarEnabled": true,
4668 "DisableScreenshots": true,
4669 "AccessibilityImageLabelsEnabled": false,
4670 "RemoteAccessHostAllowUiAccessForRemoteAssistance": true,
4671 "PopupsBlockedForUrls": [
4672 "https://www.example.com",
4675 "DefaultFileSystemReadGuardSetting": 2,
4677 "WebRtcAllowLegacyTLSProtocols": false,
4678 "PasswordManagerEnabled": true,
4679 "SafeBrowsingExtendedReportingEnabled": true,
4680 "CloudPolicyOverridesPlatformPolicy": false,
4681 "InsecurePrivateNetworkRequestsAllowedForUrls": [
4682 "http://www.example.com:8080",
4685 "RelaunchNotification": 1,
4686 "AlwaysOpenPdfExternally": true,
4687 "DefaultFileHandlingGuardSetting": 2,
4688 "ForceEphemeralProfiles": true,
4689 "PasswordProtectionLoginURLs": [
4690 "https://mydomain.com/login.html",
4691 "https://login.mydomain.com"
4693 "BrowserSwitcherExternalGreylistUrl": "http://example.com/greylist.xml",
4694 "BrowserGuestModeEnabled": true,
4695 "MediaRecommendationsEnabled": true,
4696 "WebRtcLocalIpsAllowedUrls": [
4697 "https://www.example.com",
4700 "DeveloperToolsAvailability": 2,
4701 "DNSInterceptionChecksEnabled": true,
4702 "DefaultSearchProviderContextMenuAccessAllowed": true,
4703 "RemoteAccessHostRequireCurtain": false,
4704 "PaymentMethodQueryEnabled": true,
4705 "HomepageLocation": "https://www.chromium.org",
4706 "WebUsbAskForUrls": [
4707 "https://www.example.com",
4710 "RemoteAccessHostAllowClientPairing": false,
4712 "ProxyMode": "direct",
4713 "ProxyPacUrl": "https://internal.site/example.pac",
4714 "ProxyServer": "123.123.123.123:8080",
4715 "ProxyServerMode": 2,
4716 "ProxyBypassList": "https://www.example1.com,https://www.example2.com,https://internalsite/"
4718 "AutofillCreditCardEnabled": false,
4719 "FileHandlingAllowedForUrls": [
4720 "https://www.example.com",
4723 "ChromeCleanupReportingEnabled": true,
4724 "AlternateErrorPagesEnabled": true,
4725 "WebRtcEventLogCollectionAllowed": true,
4726 "AutoSelectCertificateForUrls": [
4727 "{\\"pattern\\":\\"https://www.example.com\\",\\"filter\\":{\\"ISSUER\\":{\\"CN\\":\\"certificate issuer name\\", \\"L\\": \\"certificate issuer location\\", \\"O\\": \\"certificate issuer org\\", \\"OU\\": \\"certificate issuer org unit\\"}, \\"SUBJECT\\":{\\"CN\\":\\"certificate subject name\\", \\"L\\": \\"certificate subject location\\", \\"O\\": \\"certificate subject org\\", \\"OU\\": \\"certificate subject org unit\\"}}}"
4729 "PolicyListMultipleSourceMergeList": [
4730 "ExtensionInstallAllowlist",
4731 "ExtensionInstallBlocklist"
4733 "CertificateTransparencyEnforcementDisabledForCas": [
4734 "sha256/AAAAAAAAAAAAAAAAAAAAAA==",
4735 "sha256//////////////////////w=="
4737 "CookiesSessionOnlyForUrls": [
4738 "https://www.example.com",
4741 "SitePerProcess": true,
4742 "RemoteAccessHostFirewallTraversal": false,
4743 "DefaultSearchProviderSuggestURLPostParams": "q={searchTerms},ie=utf-8,oe=utf-8",
4744 "BackgroundModeEnabled": true,
4745 "DefaultJavaScriptSetting": 1,
4746 "ForcedLanguages": [
4749 "ManagedBookmarks": [
4751 "toplevel_name": "My managed bookmarks folder"
4754 "url": "google.com",
4758 "url": "youtube.com",
4764 "url": "chromium.org",
4768 "url": "dev.chromium.org",
4769 "name": "Chromium Developers"
4772 "name": "Chrome links"
4775 "Disable3DAPIs": false,
4776 "CloudPrintSubmitEnabled": true,
4777 "DefaultCookiesSetting": 1,
4778 "ExtensionInstallBlocklist": [
4784 "https://ssl.server.com",
4785 "hosting.com/good_path",
4786 "https://server:8080/path",
4787 ".exact.hostname.com"
4789 "ExplicitlyAllowedNetworkPorts": [
4792 "HomepageIsNewTabPage": true,
4793 "SensorsBlockedForUrls": [
4794 "https://www.example.com",
4797 "BrowserLabsEnabled": false,
4798 "NotificationsAllowedForUrls": [
4799 "https://www.example.com",
4802 "NativeMessagingUserLevelHosts": false,
4803 "AuthNegotiateDelegateAllowlist": "foobar.example.com",
4804 "CloudUserPolicyMerge": true,
4805 "OverrideSecurityRestrictionsOnInsecureOrigin": [
4806 "http://testserver.example.com/",
4809 "HideWebStoreIcon": true,
4810 "SafeBrowsingForTrustedSourcesEnabled": false,
4811 "NewTabPageLocation": "https://www.chromium.org",
4812 "DiskCacheSize": 104857600,
4813 "BrowserSwitcherUseIeSitelist": true,
4814 "WebRtcUdpPortRange": "10000-11999",
4815 "EnterpriseHardwarePlatformAPIEnabled": true,
4816 "AutoOpenAllowedForURLs": [
4818 "https://ssl.server.com",
4819 "hosting.com/good_path",
4820 "https://server:8080/path",
4821 ".exact.hostname.com"
4823 "NativeMessagingAllowlist": [
4824 "com.native.messaging.host.name1",
4825 "com.native.messaging.host.name2"
4827 "DefaultSearchProviderName": "My Intranet Search",
4828 "JavaScriptBlockedForUrls": [
4829 "https://www.example.com",
4832 "EnableExperimentalPolicies": [
4833 "ExtensionInstallAllowlist",
4834 "ExtensionInstallBlocklist"
4836 "SafeBrowsingAllowlistDomains": [
4840 "AutofillAddressEnabled": false,
4841 "AllowCrossOriginAuthPrompt": false,
4842 "SpellcheckLanguage": [
4846 "VideoCaptureAllowed": false,
4847 "ScreenCaptureAllowed": false,
4848 "VideoCaptureAllowedUrls": [
4849 "https://www.example.com/",
4850 "https://[*.]example.edu/"
4852 "ImportHistory": true,
4853 "ShowCastIconInToolbar": false,
4854 "RestoreOnStartupURLs": [
4855 "https://example.com",
4856 "https://www.chromium.org"
4858 "LegacySameSiteCookieBehaviorEnabledForDomainList": [
4862 "PrintingEnabled": true,
4863 "ImportSavedPasswords": true,
4864 "EnableDeprecatedPrivetPrinting": true,
4865 "InsecurePrivateNetworkRequestsAllowed": false,
4867 "PolicyAtomicGroupsEnabled": true,
4868 "HardwareAccelerationModeEnabled": true,
4869 "AllowDeletingBrowserHistory": true,
4870 "DefaultSearchProviderKeyword": "mis",
4871 "ExtensionInstallAllowlist": [
4875 "WebAppInstallForceList": [
4877 "url": "https://www.google.com/maps",
4878 "create_desktop_shortcut": true,
4879 "default_launch_container": "window"
4882 "url": "https://docs.google.com",
4883 "default_launch_container": "tab"
4886 "url": "https://docs.google.com/editor",
4887 "fallback_app_name": "Editor",
4888 "default_launch_container": "window"
4891 "DiskCacheDir": "${user_home}/Chrome_cache",
4892 "SignedHTTPExchangeEnabled": true,
4893 "SearchSuggestEnabled": true,
4894 "BrowserThemeColor": "#FFFFFF",
4895 "RestrictSigninToPattern": ".*@example\\\\.com",
4896 "DefaultInsecureContentSetting": 2,
4897 "DefaultSensorsSetting": 2,
4898 "AudioSandboxEnabled": true,
4899 "RemoteAccessHostAllowRelayedConnection": false,
4900 "RoamingProfileLocation": "${roaming_app_data}\\\\chrome-profile",
4901 "UserAgentClientHintsEnabled": true,
4902 "TargetBlankImpliesNoOpener": false,
4903 "BrowserSwitcherKeepLastChromeTab": false,
4904 "RemoteAccessHostClientDomainList": [
4905 "my-awesome-domain.com",
4906 "my-auxiliary-domain.com"
4908 "NotificationsBlockedForUrls": [
4909 "https://www.example.com",
4912 "SerialBlockedForUrls": [
4913 "https://www.example.com",
4916 "DefaultImagesSetting": 1,
4917 "SigninInterceptionEnabled": true,
4918 "WebUsbBlockedForUrls": [
4919 "https://www.example.com",
4922 "ImportAutofillFormData": true,
4923 "BrowserSwitcherEnabled": true
4927 chromium_json_expected_recommended = \
4930 "BackgroundModeEnabled": true,
4931 "RestoreOnStartup": 4,
4932 "RegisteredProtocolHandlers": [
4935 "url": "https://mail.google.com/mail/?extsrc=mailto&url=%s",
4936 "protocol": "mailto"
4939 "ShowHomeButton": true,
4940 "PrintHeaderFooter": false,
4941 "SafeBrowsingForTrustedSourcesEnabled": false,
4942 "ShowFullUrlsInAddressBar": false,
4943 "MetricsReportingEnabled": true,
4944 "SpellCheckServiceEnabled": false,
4945 "ImportSearchEngine": true,
4946 "DownloadRestrictions": 2,
4947 "NetworkPredictionOptions": 1,
4948 "DownloadDirectory": "/home/${user_name}/Downloads",
4949 "TranslateEnabled": true,
4950 "AutofillAddressEnabled": false,
4951 "BookmarkBarEnabled": true,
4952 "PrintPreviewUseSystemDefaultPrinter": false,
4953 "ApplicationLocaleValue": "en",
4954 "ImportHistory": true,
4955 "RestoreOnStartupURLs": [
4956 "https://example.com",
4957 "https://www.chromium.org"
4959 "PasswordManagerEnabled": true,
4960 "ImportSavedPasswords": true,
4961 "DefaultDownloadDirectory": "/home/${user_name}/Downloads",
4962 "PasswordLeakDetectionEnabled": true,
4963 "SearchSuggestEnabled": true,
4964 "AlternateErrorPagesEnabled": true,
4965 "HomepageIsNewTabPage": true,
4966 "ImportAutofillFormData": true,
4967 "BlockThirdPartyCookies": false,
4968 "AutofillCreditCardEnabled": false,
4969 "HomepageLocation": "https://www.chromium.org",
4970 "SafeBrowsingProtectionLevel": 2,
4971 "ImportBookmarks": true
4975 firewalld_reg_pol = \
4977 <?xml version="1.0" encoding="utf-8"?>
4978 <PolFile num_entries="6" signature="PReg" version="1">
4979 <Entry type="4" type_name="REG_DWORD">
4980 <Key>Software\Policies\Samba\Unix Settings\Firewalld</Key>
4981 <ValueName>Zones</ValueName>
4984 <Entry type="4" type_name="REG_DWORD">
4985 <Key>Software\Policies\Samba\Unix Settings\Firewalld</Key>
4986 <ValueName>Rules</ValueName>
4989 <Entry type="1" type_name="REG_SZ">
4990 <Key>Software\Policies\Samba\Unix Settings\Firewalld\Rules</Key>
4991 <ValueName>Rules</ValueName>
4992 <Value>{"work": [{"rule": {"family": "ipv4"}, "source address": "172.25.1.7", "service name": "ftp", "reject": {}}]}</Value>
4994 <Entry type="1" type_name="REG_SZ">
4995 <Key>Software\Policies\Samba\Unix Settings\Firewalld\Zones</Key>
4996 <ValueName>**delvals.</ValueName>
4999 <Entry type="1" type_name="REG_SZ">
5000 <Key>Software\Policies\Samba\Unix Settings\Firewalld\Zones</Key>
5001 <ValueName>work</ValueName>
5004 <Entry type="1" type_name="REG_SZ">
5005 <Key>Software\Policies\Samba\Unix Settings\Firewalld\Zones</Key>
5006 <ValueName>home</ValueName>
5012 def days2rel_nttime(val):
5017 return -(val * seconds * minutes * hours * sam_add)
5019 def gpupdate(lp, arg):
5020 gpupdate = lp.get('gpo update command')
5021 gpupdate.append(arg)
5023 p = Popen(gpupdate, stdout=PIPE, stderr=PIPE)
5024 stdoutdata, stderrdata = p.communicate()
5028 def gpupdate_force(lp):
5029 return gpupdate(lp, '--force')
5031 def gpupdate_unapply(lp):
5032 return gpupdate(lp, '--unapply')
5035 return gpupdate(lp, '--rsop')
5037 def stage_file(path, data):
5038 dirname = os.path.dirname(path)
5039 if not os.path.exists(dirname):
5041 os.makedirs(dirname)
5042 except OSError as e:
5043 if not (e.errno == errno.EEXIST and os.path.isdir(dirname)):
5045 if os.path.exists(path):
5046 os.rename(path, '%s.bak' % path)
5047 with NamedTemporaryFile(delete=False, dir=os.path.dirname(path)) as f:
5048 f.write(get_bytes(data))
5049 os.rename(f.name, path)
5050 os.chmod(path, 0o644)
5053 def unstage_file(path):
5054 backup = '%s.bak' % path
5055 if os.path.exists(backup):
5056 os.rename(backup, path)
5057 elif os.path.exists(path):
5060 class GPOTests(tests.TestCase):
5062 super(GPOTests, self).setUp()
5063 self.server = os.environ["SERVER"]
5064 self.dc_account = self.server.upper() + '$'
5065 self.lp = s3param.get_context()
5066 self.lp.load_default()
5067 self.creds = self.insta_creds(template=self.get_credentials())
5070 super(GPOTests, self).tearDown()
5072 def test_gpo_list(self):
5073 global poldir, dspath
5074 gpos = get_gpo_list(self.server, self.creds, self.lp,
5075 self.creds.get_username())
5076 guid = '{31B2F340-016D-11D2-945F-00C04FB984F9}'
5077 names = ['Local Policy', guid]
5078 file_sys_paths = [None, '%s\\%s' % (poldir, guid)]
5079 ds_paths = [None, 'CN=%s,%s' % (guid, dspath)]
5080 for i in range(0, len(gpos)):
5081 self.assertEqual(gpos[i].name, names[i],
5082 'The gpo name did not match expected name %s' % gpos[i].name)
5083 self.assertEqual(gpos[i].file_sys_path, file_sys_paths[i],
5084 'file_sys_path did not match expected %s' % gpos[i].file_sys_path)
5085 self.assertEqual(gpos[i].ds_path, ds_paths[i],
5086 'ds_path did not match expected %s' % gpos[i].ds_path)
5088 def test_gpt_version(self):
5090 local_path = self.lp.cache_path('gpo_cache')
5091 guid = '{31B2F340-016D-11D2-945F-00C04FB984F9}'
5092 gpo_path = os.path.join(local_path, policies, guid)
5093 old_vers = gpo.gpo_get_sysvol_gpt_version(gpo_path)[1]
5095 with open(os.path.join(gpo_path, 'GPT.INI'), 'w') as gpt:
5096 gpt.write(gpt_data % 42)
5097 self.assertEqual(gpo.gpo_get_sysvol_gpt_version(gpo_path)[1], 42,
5098 'gpo_get_sysvol_gpt_version() did not return the expected version')
5100 with open(os.path.join(gpo_path, 'GPT.INI'), 'w') as gpt:
5101 gpt.write(gpt_data % old_vers)
5102 self.assertEqual(gpo.gpo_get_sysvol_gpt_version(gpo_path)[1], old_vers,
5103 'gpo_get_sysvol_gpt_version() did not return the expected version')
5105 def test_check_refresh_gpo_list(self):
5106 cache = self.lp.cache_path('gpo_cache')
5107 gpos = get_gpo_list(self.server, self.creds, self.lp,
5108 self.creds.get_username())
5109 check_refresh_gpo_list(self.server, self.lp, self.creds, gpos)
5111 self.assertTrue(os.path.exists(cache),
5112 'GPO cache %s was not created' % cache)
5114 guid = '{31B2F340-016D-11D2-945F-00C04FB984F9}'
5115 gpt_ini = os.path.join(cache, policies,
5117 self.assertTrue(os.path.exists(gpt_ini),
5118 'GPT.INI was not cached for %s' % guid)
5120 def test_check_refresh_gpo_list_malicious_paths(self):
5121 # the path cannot contain ..
5122 path = '/usr/local/samba/var/locks/sysvol/../../../../../../root/'
5123 self.assertRaises(OSError, check_safe_path, path)
5125 self.assertEqual(check_safe_path('/etc/passwd'), 'etc/passwd')
5126 self.assertEqual(check_safe_path('\\\\etc/\\passwd'), 'etc/passwd')
5128 # there should be no backslashes used to delineate paths
5129 before = 'sysvol/' + realm + '\\Policies/' \
5130 '{31B2F340-016D-11D2-945F-00C04FB984F9}\\GPT.INI'
5131 after = realm + '/Policies/' \
5132 '{31B2F340-016D-11D2-945F-00C04FB984F9}/GPT.INI'
5133 result = check_safe_path(before)
5134 self.assertEqual(result, after, 'check_safe_path() didn\'t'
5135 ' correctly convert \\ to /')
5137 def test_check_safe_path_typesafe_name(self):
5138 path = '\\\\toady.suse.de\\SysVol\\toady.suse.de\\Policies\\' \
5139 '{31B2F340-016D-11D2-945F-00C04FB984F9}\\GPT.INI'
5140 expected_path = 'toady.suse.de/Policies/' \
5141 '{31B2F340-016D-11D2-945F-00C04FB984F9}/GPT.INI'
5143 result = check_safe_path(path)
5144 self.assertEqual(result, expected_path,
5145 'check_safe_path unable to detect variable case sysvol components')
5147 def test_gpt_ext_register(self):
5148 this_path = os.path.dirname(os.path.realpath(__file__))
5149 samba_path = os.path.realpath(os.path.join(this_path, '../../../'))
5150 ext_path = os.path.join(samba_path, 'python/samba/gp/gp_sec_ext.py')
5151 ext_guid = '{827D319E-6EAC-11D2-A4EA-00C04F79F83A}'
5152 ret = register_gp_extension(ext_guid, 'gp_access_ext', ext_path,
5153 smb_conf=self.lp.configfile,
5154 machine=True, user=False)
5155 self.assertTrue(ret, 'Failed to register a gp ext')
5156 gp_exts = list_gp_extensions(self.lp.configfile)
5157 self.assertTrue(ext_guid in gp_exts.keys(),
5158 'Failed to list gp exts')
5159 self.assertEqual(gp_exts[ext_guid]['DllName'], ext_path,
5160 'Failed to list gp exts')
5162 unregister_gp_extension(ext_guid)
5163 gp_exts = list_gp_extensions(self.lp.configfile)
5164 self.assertTrue(ext_guid not in gp_exts.keys(),
5165 'Failed to unregister gp exts')
5167 self.assertTrue(check_guid(ext_guid), 'Failed to parse valid guid')
5168 self.assertFalse(check_guid('AAAAAABBBBBBBCCC'), 'Parsed invalid guid')
5170 lp, parser = parse_gpext_conf(self.lp.configfile)
5171 self.assertTrue(lp and parser, 'parse_gpext_conf() invalid return')
5172 parser.add_section('test_section')
5173 parser.set('test_section', 'test_var', ext_guid)
5174 atomic_write_conf(lp, parser)
5176 lp, parser = parse_gpext_conf(self.lp.configfile)
5177 self.assertTrue('test_section' in parser.sections(),
5178 'test_section not found in gpext.conf')
5179 self.assertEqual(parser.get('test_section', 'test_var'), ext_guid,
5180 'Failed to find test variable in gpext.conf')
5181 parser.remove_section('test_section')
5182 atomic_write_conf(lp, parser)
5184 def test_gp_log_get_applied(self):
5185 local_path = self.lp.get('path', 'sysvol')
5186 guids = ['{31B2F340-016D-11D2-945F-00C04FB984F9}',
5187 '{6AC1786C-016F-11D2-945F-00C04FB984F9}']
5188 gpofile = '%s/' + realm + '/Policies/%s/MACHINE/Microsoft/' \
5189 'Windows NT/SecEdit/GptTmpl.inf'
5190 stage = '[System Access]\nMinimumPasswordAge = 998\n'
5191 cache_dir = self.lp.get('cache directory')
5192 store = GPOStorage(os.path.join(cache_dir, 'gpo.tdb'))
5194 gpttmpl = gpofile % (local_path, guid)
5195 ret = stage_file(gpttmpl, stage)
5196 self.assertTrue(ret, 'Could not create the target %s' % gpttmpl)
5198 ret = gpupdate_force(self.lp)
5199 self.assertEqual(ret, 0, 'gpupdate force failed')
5201 gp_db = store.get_gplog(self.dc_account)
5203 applied_guids = gp_db.get_applied_guids()
5204 self.assertEqual(len(applied_guids), 2, 'The guids were not found')
5205 self.assertIn(guids[0], applied_guids,
5206 '%s not in applied guids' % guids[0])
5207 self.assertIn(guids[1], applied_guids,
5208 '%s not in applied guids' % guids[1])
5210 applied_settings = gp_db.get_applied_settings(applied_guids)
5211 for policy in applied_settings:
5212 self.assertIn('System Access', policy[1],
5213 'System Access policies not set')
5214 self.assertIn('minPwdAge', policy[1]['System Access'],
5215 'minPwdAge policy not set')
5216 if policy[0] == guids[0]:
5217 self.assertEqual(int(policy[1]['System Access']['minPwdAge']),
5219 'minPwdAge policy not set')
5220 elif policy[0] == guids[1]:
5221 self.assertEqual(int(policy[1]['System Access']['minPwdAge']),
5222 days2rel_nttime(998),
5223 'minPwdAge policy not set')
5225 gpos = get_gpo_list(self.server, self.creds, self.lp,
5227 del_gpos = get_deleted_gpos_list(gp_db, gpos[:-1])
5228 self.assertEqual(len(del_gpos), 1, 'Returned delete gpos is incorrect')
5229 self.assertEqual(guids[-1], del_gpos[0][0],
5230 'GUID for delete gpo is incorrect')
5231 self.assertIn('System Access', del_gpos[0][1],
5232 'System Access policies not set for removal')
5233 self.assertIn('minPwdAge', del_gpos[0][1]['System Access'],
5234 'minPwdAge policy not set for removal')
5237 gpttmpl = gpofile % (local_path, guid)
5238 unstage_file(gpttmpl)
5240 ret = gpupdate_unapply(self.lp)
5241 self.assertEqual(ret, 0, 'gpupdate unapply failed')
5243 def test_process_group_policy(self):
5244 local_path = self.lp.cache_path('gpo_cache')
5245 guids = ['{31B2F340-016D-11D2-945F-00C04FB984F9}',
5246 '{6AC1786C-016F-11D2-945F-00C04FB984F9}']
5247 gpofile = '%s/' + policies + '/%s/MACHINE/MICROSOFT/' \
5248 'WINDOWS NT/SECEDIT/GPTTMPL.INF'
5249 cache_dir = self.lp.get('cache directory')
5250 store = GPOStorage(os.path.join(cache_dir, 'gpo.tdb'))
5252 machine_creds = Credentials()
5253 machine_creds.guess(self.lp)
5254 machine_creds.set_machine_account()
5256 # Initialize the group policy extension
5257 ext = gp_krb_ext(self.lp, machine_creds,
5258 machine_creds.get_username(), store)
5260 gpos = get_gpo_list(self.server, machine_creds, self.lp,
5261 machine_creds.get_username())
5263 # Include MaxClockSkew to ensure we don't fail on a key we ignore
5264 stage = '[Kerberos Policy]\nMaxTicketAge = %d\nMaxClockSkew = 5'
5266 for i in range(0, 2):
5267 gpttmpl = gpofile % (local_path, guids[i])
5268 ret = stage_file(gpttmpl, stage % opts[i])
5269 self.assertTrue(ret, 'Could not create the target %s' % gpttmpl)
5272 ext.process_group_policy([], gpos)
5274 ret = store.get_int('kdc:user_ticket_lifetime')
5275 self.assertEqual(ret, opts[1], 'Higher priority policy was not set')
5278 gp_db = store.get_gplog(machine_creds.get_username())
5279 del_gpos = get_deleted_gpos_list(gp_db, [])
5280 ext.process_group_policy(del_gpos, [])
5282 ret = store.get_int('kdc:user_ticket_lifetime')
5283 self.assertEqual(ret, None, 'MaxTicketAge should not have applied')
5285 # Process just the first gpo
5286 ext.process_group_policy([], gpos[:-1])
5288 ret = store.get_int('kdc:user_ticket_lifetime')
5289 self.assertEqual(ret, opts[0], 'Lower priority policy was not set')
5292 ext.process_group_policy(del_gpos, [])
5295 gpttmpl = gpofile % (local_path, guid)
5296 unstage_file(gpttmpl)
5298 def test_gp_scripts(self):
5299 local_path = self.lp.cache_path('gpo_cache')
5300 guid = '{31B2F340-016D-11D2-945F-00C04FB984F9}'
5301 reg_pol = os.path.join(local_path, policies, guid,
5302 'MACHINE/REGISTRY.POL')
5303 cache_dir = self.lp.get('cache directory')
5304 store = GPOStorage(os.path.join(cache_dir, 'gpo.tdb'))
5306 machine_creds = Credentials()
5307 machine_creds.guess(self.lp)
5308 machine_creds.set_machine_account()
5310 # Initialize the group policy extension
5311 ext = gp_scripts_ext(self.lp, machine_creds,
5312 machine_creds.get_username(), store)
5314 gpos = get_gpo_list(self.server, machine_creds, self.lp,
5315 machine_creds.get_username())
5317 reg_key = b'Software\\Policies\\Samba\\Unix Settings'
5318 sections = { b'%s\\Daily Scripts' % reg_key : '.cron.daily',
5319 b'%s\\Monthly Scripts' % reg_key : '.cron.monthly',
5320 b'%s\\Weekly Scripts' % reg_key : '.cron.weekly',
5321 b'%s\\Hourly Scripts' % reg_key : '.cron.hourly' }
5322 for keyname in sections.keys():
5323 # Stage the Registry.pol file with test data
5327 e.valuename = b'Software\\Policies\\Samba\\Unix Settings'
5329 e.data = b'echo hello world'
5330 stage.num_entries = 1
5332 ret = stage_file(reg_pol, ndr_pack(stage))
5333 self.assertTrue(ret, 'Could not create the target %s' % reg_pol)
5335 # Process all gpos, with temp output directory
5336 with TemporaryDirectory(sections[keyname]) as dname:
5337 ext.process_group_policy([], gpos, dname)
5338 scripts = os.listdir(dname)
5339 self.assertEqual(len(scripts), 1,
5340 'The %s script was not created' % keyname.decode())
5341 out, _ = Popen([os.path.join(dname, scripts[0])], stdout=PIPE).communicate()
5342 self.assertIn(b'hello world', out,
5343 '%s script execution failed' % keyname.decode())
5345 # Check that a call to gpupdate --rsop also succeeds
5347 self.assertEqual(ret, 0, 'gpupdate --rsop failed!')
5350 gp_db = store.get_gplog(machine_creds.get_username())
5351 del_gpos = get_deleted_gpos_list(gp_db, [])
5352 ext.process_group_policy(del_gpos, [])
5353 self.assertEqual(len(os.listdir(dname)), 0,
5354 'Unapply failed to cleanup scripts')
5356 # Unstage the Registry.pol file
5357 unstage_file(reg_pol)
5359 def test_gp_sudoers(self):
5360 local_path = self.lp.cache_path('gpo_cache')
5361 guid = '{31B2F340-016D-11D2-945F-00C04FB984F9}'
5362 reg_pol = os.path.join(local_path, policies, guid,
5363 'MACHINE/REGISTRY.POL')
5364 cache_dir = self.lp.get('cache directory')
5365 store = GPOStorage(os.path.join(cache_dir, 'gpo.tdb'))
5367 machine_creds = Credentials()
5368 machine_creds.guess(self.lp)
5369 machine_creds.set_machine_account()
5371 # Initialize the group policy extension
5372 ext = gp_sudoers_ext(self.lp, machine_creds,
5373 machine_creds.get_username(), store)
5375 gpos = get_gpo_list(self.server, machine_creds, self.lp,
5376 machine_creds.get_username())
5378 # Stage the Registry.pol file with test data
5381 e.keyname = b'Software\\Policies\\Samba\\Unix Settings\\Sudo Rights'
5382 e.valuename = b'Software\\Policies\\Samba\\Unix Settings'
5384 e.data = b'fakeu ALL=(ALL) NOPASSWD: ALL'
5385 stage.num_entries = 1
5387 ret = stage_file(reg_pol, ndr_pack(stage))
5388 self.assertTrue(ret, 'Could not create the target %s' % reg_pol)
5390 # Process all gpos, with temp output directory
5391 with TemporaryDirectory() as dname:
5392 ext.process_group_policy([], gpos, dname)
5393 sudoers = os.listdir(dname)
5394 self.assertEqual(len(sudoers), 1, 'The sudoer file was not created')
5395 self.assertIn(e.data,
5396 open(os.path.join(dname, sudoers[0]), 'r').read(),
5397 'The sudoers entry was not applied')
5399 # Check that a call to gpupdate --rsop also succeeds
5401 self.assertEqual(ret, 0, 'gpupdate --rsop failed!')
5404 gp_db = store.get_gplog(machine_creds.get_username())
5405 del_gpos = get_deleted_gpos_list(gp_db, [])
5406 ext.process_group_policy(del_gpos, [])
5407 self.assertEqual(len(os.listdir(dname)), 0,
5408 'Unapply failed to cleanup scripts')
5410 # Unstage the Registry.pol file
5411 unstage_file(reg_pol)
5413 def test_vgp_sudoers(self):
5414 local_path = self.lp.cache_path('gpo_cache')
5415 guid = '{31B2F340-016D-11D2-945F-00C04FB984F9}'
5416 manifest = os.path.join(local_path, policies, guid, 'MACHINE',
5417 'VGP/VTLA/SUDO/SUDOERSCONFIGURATION/MANIFEST.XML')
5418 cache_dir = self.lp.get('cache directory')
5419 store = GPOStorage(os.path.join(cache_dir, 'gpo.tdb'))
5421 machine_creds = Credentials()
5422 machine_creds.guess(self.lp)
5423 machine_creds.set_machine_account()
5425 # Initialize the group policy extension
5426 ext = vgp_sudoers_ext(self.lp, machine_creds,
5427 machine_creds.get_username(), store)
5429 gpos = get_gpo_list(self.server, machine_creds, self.lp,
5430 machine_creds.get_username())
5432 # Stage the manifest.xml file with test data
5433 stage = etree.Element('vgppolicy')
5434 policysetting = etree.Element('policysetting')
5435 stage.append(policysetting)
5436 version = etree.Element('version')
5438 policysetting.append(version)
5439 data = etree.Element('data')
5440 sudoers_entry = etree.Element('sudoers_entry')
5441 command = etree.Element('command')
5442 command.text = 'ALL'
5443 sudoers_entry.append(command)
5444 user = etree.Element('user')
5446 sudoers_entry.append(user)
5447 principal_list = etree.Element('listelement')
5448 principal = etree.Element('principal')
5449 principal.text = 'fakeu'
5450 principal.attrib['type'] = 'user'
5451 group = etree.Element('principal')
5452 group.text = 'fakeg'
5453 group.attrib['type'] = 'group'
5454 principal_list.append(principal)
5455 principal_list.append(group)
5456 sudoers_entry.append(principal_list)
5457 data.append(sudoers_entry)
5458 # Ensure an empty principal doesn't cause a crash
5459 sudoers_entry = etree.SubElement(data, 'sudoers_entry')
5460 command = etree.SubElement(sudoers_entry, 'command')
5461 command.text = 'ALL'
5462 user = etree.SubElement(sudoers_entry, 'user')
5464 # Ensure having dispersed principals still works
5465 sudoers_entry = etree.SubElement(data, 'sudoers_entry')
5466 command = etree.SubElement(sudoers_entry, 'command')
5467 command.text = 'ALL'
5468 user = etree.SubElement(sudoers_entry, 'user')
5470 listelement = etree.SubElement(sudoers_entry, 'listelement')
5471 principal = etree.SubElement(listelement, 'principal')
5472 principal.text = 'fakeu2'
5473 principal.attrib['type'] = 'user'
5474 listelement = etree.SubElement(sudoers_entry, 'listelement')
5475 group = etree.SubElement(listelement, 'principal')
5476 group.text = 'fakeg2'
5477 group.attrib['type'] = 'group'
5478 policysetting.append(data)
5479 ret = stage_file(manifest, etree.tostring(stage))
5480 self.assertTrue(ret, 'Could not create the target %s' % manifest)
5482 # Process all gpos, with temp output directory
5483 data = 'fakeu,fakeg% ALL=(ALL) NOPASSWD: ALL'
5484 data2 = 'fakeu2,fakeg2% ALL=(ALL) NOPASSWD: ALL'
5485 data_no_principal = 'ALL ALL=(ALL) NOPASSWD: ALL'
5486 with TemporaryDirectory() as dname:
5487 ext.process_group_policy([], gpos, dname)
5488 sudoers = os.listdir(dname)
5489 self.assertEqual(len(sudoers), 3, 'The sudoer file was not created')
5490 output = open(os.path.join(dname, sudoers[0]), 'r').read() + \
5491 open(os.path.join(dname, sudoers[1]), 'r').read() + \
5492 open(os.path.join(dname, sudoers[2]), 'r').read()
5493 self.assertIn(data, output,
5494 'The sudoers entry was not applied')
5495 self.assertIn(data2, output,
5496 'The sudoers entry was not applied')
5497 self.assertIn(data_no_principal, output,
5498 'The sudoers entry was not applied')
5500 # Check that a call to gpupdate --rsop also succeeds
5502 self.assertEqual(ret, 0, 'gpupdate --rsop failed!')
5505 gp_db = store.get_gplog(machine_creds.get_username())
5506 del_gpos = get_deleted_gpos_list(gp_db, [])
5507 ext.process_group_policy(del_gpos, [])
5508 self.assertEqual(len(os.listdir(dname)), 0,
5509 'Unapply failed to cleanup scripts')
5511 # Unstage the Registry.pol file
5512 unstage_file(manifest)
5514 def test_gp_inf_ext_utf(self):
5515 cache_dir = self.lp.get('cache directory')
5516 store = GPOStorage(os.path.join(cache_dir, 'gpo.tdb'))
5518 machine_creds = Credentials()
5519 machine_creds.guess(self.lp)
5520 machine_creds.set_machine_account()
5522 ext = gp_inf_ext(self.lp, machine_creds,
5523 machine_creds.get_username(), store)
5524 test_data = '[Kerberos Policy]\nMaxTicketAge = 99\n'
5526 with NamedTemporaryFile() as f:
5527 with codecs.open(f.name, 'w', 'utf-16') as w:
5530 inf_conf = ext.read(f.name)
5531 except UnicodeDecodeError:
5532 self.fail('Failed to parse utf-16')
5533 self.assertIn('Kerberos Policy', inf_conf.keys(),
5534 'Kerberos Policy was not read from the file')
5535 self.assertEqual(inf_conf.get('Kerberos Policy', 'MaxTicketAge'),
5536 '99', 'MaxTicketAge was not read from the file')
5538 with NamedTemporaryFile() as f:
5539 with codecs.open(f.name, 'w', 'utf-8') as w:
5541 inf_conf = ext.read(f.name)
5542 self.assertIn('Kerberos Policy', inf_conf.keys(),
5543 'Kerberos Policy was not read from the file')
5544 self.assertEqual(inf_conf.get('Kerberos Policy', 'MaxTicketAge'),
5545 '99', 'MaxTicketAge was not read from the file')
5547 def test_rsop(self):
5548 cache_dir = self.lp.get('cache directory')
5549 local_path = self.lp.cache_path('gpo_cache')
5550 store = GPOStorage(os.path.join(cache_dir, 'gpo.tdb'))
5552 machine_creds = Credentials()
5553 machine_creds.guess(self.lp)
5554 machine_creds.set_machine_account()
5556 gpos = get_gpo_list(self.server, machine_creds, self.lp,
5557 machine_creds.get_username())
5560 gp_extensions.append(gp_krb_ext)
5561 gp_extensions.append(gp_scripts_ext)
5562 gp_extensions.append(gp_sudoers_ext)
5563 gp_extensions.append(gp_smb_conf_ext)
5564 gp_extensions.append(gp_msgs_ext)
5566 # Create registry stage data
5567 reg_pol = os.path.join(local_path, policies, '%s/MACHINE/REGISTRY.POL')
5568 reg_stage = preg.file()
5570 e.keyname = b'Software\\Policies\\Samba\\Unix Settings\\Daily Scripts'
5571 e.valuename = b'Software\\Policies\\Samba\\Unix Settings'
5573 e.data = b'echo hello world'
5575 e2.keyname = b'Software\\Policies\\Samba\\Unix Settings\\Sudo Rights'
5576 e2.valuename = b'Software\\Policies\\Samba\\Unix Settings'
5578 e2.data = b'fakeu ALL=(ALL) NOPASSWD: ALL'
5580 e3.keyname = 'Software\\Policies\\Samba\\smb_conf\\apply group policies'
5583 e3.valuename = 'apply group policies'
5585 e4.keyname = b'Software\\Policies\\Samba\\Unix Settings\\Messages'
5586 e4.valuename = b'issue'
5588 e4.data = b'Welcome to \\s \\r \\l'
5589 reg_stage.num_entries = 4
5590 reg_stage.entries = [e, e2, e3, e4]
5592 # Create krb stage date
5593 gpofile = os.path.join(local_path, policies, '%s/MACHINE/MICROSOFT/' \
5594 'WINDOWS NT/SECEDIT/GPTTMPL.INF')
5595 krb_stage = '[Kerberos Policy]\nMaxTicketAge = 99\n' \
5596 '[System Access]\nMinimumPasswordAge = 998\n'
5598 for g in [g for g in gpos if g.file_sys_path]:
5599 ret = stage_file(gpofile % g.name, krb_stage)
5600 self.assertTrue(ret, 'Could not create the target %s' %
5602 ret = stage_file(reg_pol % g.name, ndr_pack(reg_stage))
5603 self.assertTrue(ret, 'Could not create the target %s' %
5605 for ext in gp_extensions:
5606 ext = ext(self.lp, machine_creds,
5607 machine_creds.get_username(), store)
5609 self.assertEqual(len(ret.keys()), 1,
5610 'A single policy should have been displayed')
5612 # Check the Security Extension
5613 if type(ext) == gp_krb_ext:
5614 self.assertIn('Kerberos Policy', ret.keys(),
5615 'Kerberos Policy not found')
5616 self.assertIn('MaxTicketAge', ret['Kerberos Policy'],
5617 'MaxTicketAge setting not found')
5618 self.assertEqual(ret['Kerberos Policy']['MaxTicketAge'], '99',
5619 'MaxTicketAge was not set to 99')
5620 # Check the Scripts Extension
5621 elif type(ext) == gp_scripts_ext:
5622 self.assertIn('Daily Scripts', ret.keys(),
5623 'Daily Scripts not found')
5624 self.assertIn('echo hello world', ret['Daily Scripts'],
5625 'Daily script was not created')
5626 # Check the Sudoers Extension
5627 elif type(ext) == gp_sudoers_ext:
5628 self.assertIn('Sudo Rights', ret.keys(),
5629 'Sudoers not found')
5630 self.assertIn('fakeu ALL=(ALL) NOPASSWD: ALL',
5632 'Sudoers policy not created')
5633 # Check the smb.conf Extension
5634 elif type(ext) == gp_smb_conf_ext:
5635 self.assertIn('smb.conf', ret.keys(),
5636 'apply group policies was not applied')
5637 self.assertIn(e3.valuename, ret['smb.conf'],
5638 'apply group policies was not applied')
5639 self.assertEqual(ret['smb.conf'][e3.valuename], e3.data,
5640 'apply group policies was not set')
5641 # Check the Messages Extension
5642 elif type(ext) == gp_msgs_ext:
5643 self.assertIn('/etc/issue', ret,
5644 'Login Prompt Message not applied')
5645 self.assertEqual(ret['/etc/issue'], e4.data,
5646 'Login Prompt Message not set')
5648 # Check that a call to gpupdate --rsop also succeeds
5650 self.assertEqual(ret, 0, 'gpupdate --rsop failed!')
5652 unstage_file(gpofile % g.name)
5653 unstage_file(reg_pol % g.name)
5655 def test_gp_unapply(self):
5656 cache_dir = self.lp.get('cache directory')
5657 local_path = self.lp.cache_path('gpo_cache')
5658 guid = '{31B2F340-016D-11D2-945F-00C04FB984F9}'
5659 store = GPOStorage(os.path.join(cache_dir, 'gpo.tdb'))
5661 machine_creds = Credentials()
5662 machine_creds.guess(self.lp)
5663 machine_creds.set_machine_account()
5665 gpos = get_gpo_list(self.server, machine_creds, self.lp,
5666 machine_creds.get_username())
5669 gp_extensions.append(gp_krb_ext)
5670 gp_extensions.append(gp_scripts_ext)
5671 gp_extensions.append(gp_sudoers_ext)
5673 # Create registry stage data
5674 reg_pol = os.path.join(local_path, policies, '%s/MACHINE/REGISTRY.POL')
5675 reg_stage = preg.file()
5677 e.keyname = b'Software\\Policies\\Samba\\Unix Settings\\Daily Scripts'
5678 e.valuename = b'Software\\Policies\\Samba\\Unix Settings'
5680 e.data = b'echo hello world'
5682 e2.keyname = b'Software\\Policies\\Samba\\Unix Settings\\Sudo Rights'
5683 e2.valuename = b'Software\\Policies\\Samba\\Unix Settings'
5685 e2.data = b'fakeu ALL=(ALL) NOPASSWD: ALL'
5686 reg_stage.num_entries = 2
5687 reg_stage.entries = [e, e2]
5689 # Create krb stage date
5690 gpofile = os.path.join(local_path, policies, '%s/MACHINE/MICROSOFT/' \
5691 'WINDOWS NT/SECEDIT/GPTTMPL.INF')
5692 krb_stage = '[Kerberos Policy]\nMaxTicketAge = 99\n'
5694 ret = stage_file(gpofile % guid, krb_stage)
5695 self.assertTrue(ret, 'Could not create the target %s' %
5697 ret = stage_file(reg_pol % guid, ndr_pack(reg_stage))
5698 self.assertTrue(ret, 'Could not create the target %s' %
5701 # Process all gpos, with temp output directory
5703 with TemporaryDirectory() as dname:
5704 for ext in gp_extensions:
5705 ext = ext(self.lp, machine_creds,
5706 machine_creds.get_username(), store)
5707 if type(ext) == gp_krb_ext:
5708 ext.process_group_policy([], gpos)
5709 ret = store.get_int('kdc:user_ticket_lifetime')
5710 self.assertEqual(ret, 99, 'Kerberos policy was not set')
5711 elif type(ext) in [gp_scripts_ext, gp_sudoers_ext]:
5712 ext.process_group_policy([], gpos, dname)
5713 gp_db = store.get_gplog(machine_creds.get_username())
5714 applied_settings = gp_db.get_applied_settings([guid])
5715 for _, fname in applied_settings[-1][-1][str(ext)].items():
5716 fname = fname.split(':')[-1]
5717 self.assertIn(dname, fname,
5718 'Test file not created in tmp dir')
5719 self.assertTrue(os.path.exists(fname),
5720 'Test file not created')
5721 remove.append(fname)
5723 # Unapply policy, and ensure policies are removed
5724 gpupdate_unapply(self.lp)
5726 for fname in remove:
5727 self.assertFalse(os.path.exists(fname),
5728 'Unapply did not remove test file')
5729 ret = store.get_int('kdc:user_ticket_lifetime')
5730 self.assertNotEqual(ret, 99, 'Kerberos policy was not unapplied')
5732 unstage_file(gpofile % guid)
5733 unstage_file(reg_pol % guid)
5735 def test_smb_conf_ext(self):
5736 local_path = self.lp.cache_path('gpo_cache')
5737 guid = '{31B2F340-016D-11D2-945F-00C04FB984F9}'
5738 reg_pol = os.path.join(local_path, policies, guid,
5739 'MACHINE/REGISTRY.POL')
5740 cache_dir = self.lp.get('cache directory')
5741 store = GPOStorage(os.path.join(cache_dir, 'gpo.tdb'))
5743 machine_creds = Credentials()
5744 machine_creds.guess(self.lp)
5745 machine_creds.set_machine_account()
5747 gpos = get_gpo_list(self.server, machine_creds, self.lp,
5748 machine_creds.get_username())
5752 e.keyname = 'Software\\Policies\\Samba\\smb_conf\\template homedir'
5754 e.data = '/home/samba/%D/%U'
5755 e.valuename = 'template homedir'
5758 e.keyname = 'Software\\Policies\\Samba\\smb_conf\\apply group policies'
5761 e.valuename = 'apply group policies'
5764 e.keyname = 'Software\\Policies\\Samba\\smb_conf\\ldap timeout'
5767 e.valuename = 'ldap timeout'
5770 stage.num_entries = len(entries)
5771 stage.entries = entries
5773 ret = stage_file(reg_pol, ndr_pack(stage))
5774 self.assertTrue(ret, 'Failed to create the Registry.pol file')
5776 with NamedTemporaryFile(suffix='_smb.conf') as f:
5777 copyfile(self.lp.configfile, f.name)
5778 lp = LoadParm(f.name)
5780 # Initialize the group policy extension
5781 ext = gp_smb_conf_ext(lp, machine_creds,
5782 machine_creds.get_username(), store)
5783 ext.process_group_policy([], gpos)
5784 lp = LoadParm(f.name)
5786 template_homedir = lp.get('template homedir')
5787 self.assertEqual(template_homedir, '/home/samba/%D/%U',
5788 'template homedir was not applied')
5789 apply_group_policies = lp.get('apply group policies')
5790 self.assertTrue(apply_group_policies,
5791 'apply group policies was not applied')
5792 ldap_timeout = lp.get('ldap timeout')
5793 self.assertEqual(ldap_timeout, 9999, 'ldap timeout was not applied')
5795 # Check that a call to gpupdate --rsop also succeeds
5797 self.assertEqual(ret, 0, 'gpupdate --rsop failed!')
5800 gp_db = store.get_gplog(machine_creds.get_username())
5801 del_gpos = get_deleted_gpos_list(gp_db, [])
5802 ext.process_group_policy(del_gpos, [])
5804 lp = LoadParm(f.name)
5806 template_homedir = lp.get('template homedir')
5807 self.assertEqual(template_homedir, self.lp.get('template homedir'),
5808 'template homedir was not unapplied')
5809 apply_group_policies = lp.get('apply group policies')
5810 self.assertEqual(apply_group_policies, self.lp.get('apply group policies'),
5811 'apply group policies was not unapplied')
5812 ldap_timeout = lp.get('ldap timeout')
5813 self.assertEqual(ldap_timeout, self.lp.get('ldap timeout'),
5814 'ldap timeout was not unapplied')
5816 # Unstage the Registry.pol file
5817 unstage_file(reg_pol)
5819 def test_gp_motd(self):
5820 local_path = self.lp.cache_path('gpo_cache')
5821 guid = '{31B2F340-016D-11D2-945F-00C04FB984F9}'
5822 reg_pol = os.path.join(local_path, policies, guid,
5823 'MACHINE/REGISTRY.POL')
5824 cache_dir = self.lp.get('cache directory')
5825 store = GPOStorage(os.path.join(cache_dir, 'gpo.tdb'))
5827 machine_creds = Credentials()
5828 machine_creds.guess(self.lp)
5829 machine_creds.set_machine_account()
5831 # Initialize the group policy extension
5832 ext = gp_msgs_ext(self.lp, machine_creds,
5833 machine_creds.get_username(), store)
5835 gpos = get_gpo_list(self.server, machine_creds, self.lp,
5836 machine_creds.get_username())
5838 # Stage the Registry.pol file with test data
5841 e1.keyname = b'Software\\Policies\\Samba\\Unix Settings\\Messages'
5842 e1.valuename = b'motd'
5844 e1.data = b'Have a lot of fun!'
5845 stage.num_entries = 2
5847 e2.keyname = b'Software\\Policies\\Samba\\Unix Settings\\Messages'
5848 e2.valuename = b'issue'
5850 e2.data = b'Welcome to \\s \\r \\l'
5851 stage.entries = [e1, e2]
5852 ret = stage_file(reg_pol, ndr_pack(stage))
5853 self.assertTrue(ret, 'Could not create the target %s' % reg_pol)
5855 # Process all gpos, with temp output directory
5856 with TemporaryDirectory() as dname:
5857 ext.process_group_policy([], gpos, dname)
5858 motd_file = os.path.join(dname, 'motd')
5859 self.assertTrue(os.path.exists(motd_file),
5860 'Message of the day file not created')
5861 data = open(motd_file, 'r').read()
5862 self.assertEqual(data, e1.data, 'Message of the day not applied')
5863 issue_file = os.path.join(dname, 'issue')
5864 self.assertTrue(os.path.exists(issue_file),
5865 'Login Prompt Message file not created')
5866 data = open(issue_file, 'r').read()
5867 self.assertEqual(data, e2.data, 'Login Prompt Message not applied')
5869 # Check that a call to gpupdate --rsop also succeeds
5871 self.assertEqual(ret, 0, 'gpupdate --rsop failed!')
5873 # Unapply policy, and ensure the test files are removed
5874 gp_db = store.get_gplog(machine_creds.get_username())
5875 del_gpos = get_deleted_gpos_list(gp_db, [])
5876 ext.process_group_policy(del_gpos, [], dname)
5877 data = open(motd_file, 'r').read()
5878 self.assertFalse(data, 'Message of the day file not removed')
5879 data = open(issue_file, 'r').read()
5880 self.assertFalse(data, 'Login Prompt Message file not removed')
5882 # Unstage the Registry.pol file
5883 unstage_file(reg_pol)
5885 def test_vgp_symlink(self):
5886 local_path = self.lp.cache_path('gpo_cache')
5887 guid = '{31B2F340-016D-11D2-945F-00C04FB984F9}'
5888 manifest = os.path.join(local_path, policies, guid, 'MACHINE',
5889 'VGP/VTLA/UNIX/SYMLINK/MANIFEST.XML')
5890 cache_dir = self.lp.get('cache directory')
5891 store = GPOStorage(os.path.join(cache_dir, 'gpo.tdb'))
5893 machine_creds = Credentials()
5894 machine_creds.guess(self.lp)
5895 machine_creds.set_machine_account()
5897 # Initialize the group policy extension
5898 ext = vgp_symlink_ext(self.lp, machine_creds,
5899 machine_creds.get_username(), store)
5901 gpos = get_gpo_list(self.server, machine_creds, self.lp,
5902 machine_creds.get_username())
5904 with TemporaryDirectory() as dname:
5905 test_source = os.path.join(dname, 'test.source')
5906 test_target = os.path.join(dname, 'test.target')
5908 # Stage the manifest.xml file with test data
5909 stage = etree.Element('vgppolicy')
5910 policysetting = etree.Element('policysetting')
5911 stage.append(policysetting)
5912 version = etree.Element('version')
5914 policysetting.append(version)
5915 data = etree.Element('data')
5916 file_properties = etree.Element('file_properties')
5917 source = etree.Element('source')
5918 source.text = test_source
5919 file_properties.append(source)
5920 target = etree.Element('target')
5921 target.text = test_target
5922 file_properties.append(target)
5923 data.append(file_properties)
5924 policysetting.append(data)
5925 ret = stage_file(manifest, etree.tostring(stage))
5926 self.assertTrue(ret, 'Could not create the target %s' % manifest)
5928 # Create test source
5929 test_source_data = 'hello world!'
5930 with open(test_source, 'w') as w:
5931 w.write(test_source_data)
5933 # Process all gpos, with temp output directory
5934 ext.process_group_policy([], gpos)
5935 self.assertTrue(os.path.exists(test_target),
5936 'The test symlink was not created')
5937 self.assertTrue(os.path.islink(test_target),
5938 'The test file is not a symlink')
5939 self.assertIn(test_source_data, open(test_target, 'r').read(),
5940 'Reading from symlink does not produce source data')
5942 # Unapply the policy, ensure removal
5943 gp_db = store.get_gplog(machine_creds.get_username())
5944 del_gpos = get_deleted_gpos_list(gp_db, [])
5945 ext.process_group_policy(del_gpos, [])
5946 self.assertFalse(os.path.exists(test_target),
5947 'The test symlink was not delete')
5950 ret = ext.rsop([g for g in gpos if g.name == guid][0])
5951 self.assertIn('ln -s %s %s' % (test_source, test_target),
5952 list(ret.values())[0])
5954 # Check that a call to gpupdate --rsop also succeeds
5956 self.assertEqual(ret, 0, 'gpupdate --rsop failed!')
5958 # Unstage the manifest.xml file
5959 unstage_file(manifest)
5961 def test_vgp_files(self):
5962 local_path = self.lp.cache_path('gpo_cache')
5963 guid = '{31B2F340-016D-11D2-945F-00C04FB984F9}'
5964 manifest = os.path.join(local_path, policies, guid, 'MACHINE',
5965 'VGP/VTLA/UNIX/FILES/MANIFEST.XML')
5966 source_file = os.path.join(os.path.dirname(manifest), 'TEST.SOURCE')
5967 source_data = '#!/bin/sh\necho hello world'
5968 ret = stage_file(source_file, source_data)
5969 self.assertTrue(ret, 'Could not create the target %s' % source_file)
5970 cache_dir = self.lp.get('cache directory')
5971 store = GPOStorage(os.path.join(cache_dir, 'gpo.tdb'))
5973 machine_creds = Credentials()
5974 machine_creds.guess(self.lp)
5975 machine_creds.set_machine_account()
5977 # Initialize the group policy extension
5978 ext = vgp_files_ext(self.lp, machine_creds,
5979 machine_creds.get_username(), store)
5981 gpos = get_gpo_list(self.server, machine_creds, self.lp,
5982 machine_creds.get_username())
5984 # Stage the manifest.xml file with test data
5985 with TemporaryDirectory() as dname:
5986 stage = etree.Element('vgppolicy')
5987 policysetting = etree.Element('policysetting')
5988 stage.append(policysetting)
5989 version = etree.Element('version')
5991 policysetting.append(version)
5992 data = etree.Element('data')
5993 file_properties = etree.SubElement(data, 'file_properties')
5994 source = etree.SubElement(file_properties, 'source')
5995 source.text = os.path.basename(source_file).lower()
5996 target = etree.SubElement(file_properties, 'target')
5997 target.text = os.path.join(dname, 'test.target')
5998 user = etree.SubElement(file_properties, 'user')
5999 user.text = pwd.getpwuid(os.getuid()).pw_name
6000 group = etree.SubElement(file_properties, 'group')
6001 group.text = grp.getgrgid(os.getgid()).gr_name
6002 # Request permissions of 755
6003 permissions = etree.SubElement(file_properties, 'permissions')
6004 permissions.set('type', 'user')
6005 etree.SubElement(permissions, 'read')
6006 etree.SubElement(permissions, 'write')
6007 etree.SubElement(permissions, 'execute')
6008 permissions = etree.SubElement(file_properties, 'permissions')
6009 permissions.set('type', 'group')
6010 etree.SubElement(permissions, 'read')
6011 etree.SubElement(permissions, 'execute')
6012 permissions = etree.SubElement(file_properties, 'permissions')
6013 permissions.set('type', 'other')
6014 etree.SubElement(permissions, 'read')
6015 etree.SubElement(permissions, 'execute')
6016 policysetting.append(data)
6017 ret = stage_file(manifest, etree.tostring(stage))
6018 self.assertTrue(ret, 'Could not create the target %s' % manifest)
6020 # Process all gpos, with temp output directory
6021 ext.process_group_policy([], gpos)
6022 self.assertTrue(os.path.exists(target.text),
6023 'The target file does not exist')
6024 self.assertEqual(os.stat(target.text).st_mode & 0o777, 0o755,
6025 'The target file permissions are incorrect')
6026 self.assertEqual(open(target.text).read(), source_data,
6027 'The target file contents are incorrect')
6030 gp_db = store.get_gplog(machine_creds.get_username())
6031 del_gpos = get_deleted_gpos_list(gp_db, [])
6032 ext.process_group_policy(del_gpos, [])
6033 self.assertFalse(os.path.exists(target.text),
6034 'The target file was not removed')
6037 g = [g for g in gpos if g.name == guid][0]
6039 self.assertIn(target.text, list(ret.values())[0][0],
6040 'The target file was not listed by rsop')
6041 self.assertIn('-rwxr-xr-x', list(ret.values())[0][0],
6042 'The target permissions were not listed by rsop')
6044 # Check that a call to gpupdate --rsop also succeeds
6046 self.assertEqual(ret, 0, 'gpupdate --rsop failed!')
6048 # Unstage the manifest and source files
6049 unstage_file(manifest)
6050 unstage_file(source_file)
6052 def test_vgp_openssh(self):
6053 local_path = self.lp.cache_path('gpo_cache')
6054 guid = '{31B2F340-016D-11D2-945F-00C04FB984F9}'
6055 manifest = os.path.join(local_path, policies, guid, 'MACHINE',
6056 'VGP/VTLA/SSHCFG/SSHD/MANIFEST.XML')
6057 cache_dir = self.lp.get('cache directory')
6058 store = GPOStorage(os.path.join(cache_dir, 'gpo.tdb'))
6060 machine_creds = Credentials()
6061 machine_creds.guess(self.lp)
6062 machine_creds.set_machine_account()
6064 # Initialize the group policy extension
6065 ext = vgp_openssh_ext(self.lp, machine_creds,
6066 machine_creds.get_username(), store)
6068 gpos = get_gpo_list(self.server, machine_creds, self.lp,
6069 machine_creds.get_username())
6071 # Stage the manifest.xml file with test data
6072 stage = etree.Element('vgppolicy')
6073 policysetting = etree.Element('policysetting')
6074 stage.append(policysetting)
6075 version = etree.Element('version')
6077 policysetting.append(version)
6078 data = etree.Element('data')
6079 configfile = etree.Element('configfile')
6080 configsection = etree.Element('configsection')
6081 sectionname = etree.Element('sectionname')
6082 configsection.append(sectionname)
6083 kvpair = etree.Element('keyvaluepair')
6084 key = etree.Element('key')
6085 key.text = 'AddressFamily'
6087 value = etree.Element('value')
6088 value.text = 'inet6'
6089 kvpair.append(value)
6090 configsection.append(kvpair)
6091 configfile.append(configsection)
6092 data.append(configfile)
6093 policysetting.append(data)
6094 ret = stage_file(manifest, etree.tostring(stage))
6095 self.assertTrue(ret, 'Could not create the target %s' % manifest)
6097 # Process all gpos, with temp output directory
6098 data = 'AddressFamily inet6'
6099 with TemporaryDirectory() as dname:
6100 ext.process_group_policy([], gpos, dname)
6101 conf = os.listdir(dname)
6102 self.assertEqual(len(conf), 1, 'The conf file was not created')
6103 gp_cfg = os.path.join(dname, conf[0])
6104 self.assertIn(data, open(gp_cfg, 'r').read(),
6105 'The sshd_config entry was not applied')
6107 # Check that a call to gpupdate --rsop also succeeds
6109 self.assertEqual(ret, 0, 'gpupdate --rsop failed!')
6112 gp_db = store.get_gplog(machine_creds.get_username())
6113 del_gpos = get_deleted_gpos_list(gp_db, [])
6114 ext.process_group_policy(del_gpos, [], dname)
6115 self.assertFalse(os.path.exists(gp_cfg),
6116 'Unapply failed to cleanup config')
6118 # Unstage the Registry.pol file
6119 unstage_file(manifest)
6121 def test_vgp_startup_scripts(self):
6122 local_path = self.lp.cache_path('gpo_cache')
6123 guid = '{31B2F340-016D-11D2-945F-00C04FB984F9}'
6124 manifest = os.path.join(local_path, policies, guid, 'MACHINE',
6125 'VGP/VTLA/UNIX/SCRIPTS/STARTUP/MANIFEST.XML')
6126 test_script = os.path.join(os.path.dirname(manifest), 'TEST.SH')
6127 test_data = '#!/bin/sh\necho $@ hello world'
6128 ret = stage_file(test_script, test_data)
6129 self.assertTrue(ret, 'Could not create the target %s' % test_script)
6130 cache_dir = self.lp.get('cache directory')
6131 store = GPOStorage(os.path.join(cache_dir, 'gpo.tdb'))
6133 machine_creds = Credentials()
6134 machine_creds.guess(self.lp)
6135 machine_creds.set_machine_account()
6137 # Initialize the group policy extension
6138 ext = vgp_startup_scripts_ext(self.lp, machine_creds,
6139 machine_creds.get_username(), store)
6141 gpos = get_gpo_list(self.server, machine_creds, self.lp,
6142 machine_creds.get_username())
6144 # Stage the manifest.xml file with test data
6145 stage = etree.Element('vgppolicy')
6146 policysetting = etree.SubElement(stage, 'policysetting')
6147 version = etree.SubElement(policysetting, 'version')
6149 data = etree.SubElement(policysetting, 'data')
6150 listelement = etree.SubElement(data, 'listelement')
6151 script = etree.SubElement(listelement, 'script')
6152 script.text = os.path.basename(test_script).lower()
6153 parameters = etree.SubElement(listelement, 'parameters')
6154 parameters.text = '-n'
6155 hash = etree.SubElement(listelement, 'hash')
6157 hashlib.md5(open(test_script, 'rb').read()).hexdigest().upper()
6158 run_as = etree.SubElement(listelement, 'run_as')
6159 run_as.text = 'root'
6160 ret = stage_file(manifest, etree.tostring(stage))
6161 self.assertTrue(ret, 'Could not create the target %s' % manifest)
6163 # Process all gpos, with temp output directory
6164 with TemporaryDirectory() as dname:
6165 ext.process_group_policy([], gpos, dname)
6166 files = os.listdir(dname)
6167 self.assertEqual(len(files), 1,
6168 'The target script was not created')
6169 entry = '@reboot %s %s %s' % (run_as.text, test_script,
6171 self.assertIn(entry,
6172 open(os.path.join(dname, files[0]), 'r').read(),
6173 'The test entry was not found')
6176 gp_db = store.get_gplog(machine_creds.get_username())
6177 del_gpos = get_deleted_gpos_list(gp_db, [])
6178 ext.process_group_policy(del_gpos, [])
6179 files = os.listdir(dname)
6180 self.assertEqual(len(files), 0,
6181 'The target script was not removed')
6184 g = [g for g in gpos if g.name == guid][0]
6186 self.assertIn(entry, list(ret.values())[0][0],
6187 'The target entry was not listed by rsop')
6189 # Check that a call to gpupdate --rsop also succeeds
6191 self.assertEqual(ret, 0, 'gpupdate --rsop failed!')
6193 # Unstage the manifest.xml and script files
6194 unstage_file(manifest)
6196 # Stage the manifest.xml file for run once scripts
6197 etree.SubElement(listelement, 'run_once')
6198 run_as.text = pwd.getpwuid(os.getuid()).pw_name
6199 ret = stage_file(manifest, etree.tostring(stage))
6200 self.assertTrue(ret, 'Could not create the target %s' % manifest)
6202 # Process all gpos, with temp output directory
6203 # A run once script will be executed immediately,
6204 # instead of creating a cron job
6205 with TemporaryDirectory() as dname:
6206 test_file = '%s/TESTING.txt' % dname
6207 test_data = '#!/bin/sh\ntouch %s' % test_file
6208 ret = stage_file(test_script, test_data)
6209 self.assertTrue(ret, 'Could not create the target %s' % test_script)
6211 ext.process_group_policy([], gpos, dname)
6212 files = os.listdir(dname)
6213 self.assertEqual(len(files), 1,
6214 'The test file was not created')
6215 self.assertEqual(files[0], os.path.basename(test_file),
6216 'The test file was not created')
6218 # Unlink the test file and ensure that processing
6219 # policy again does not recreate it.
6220 os.unlink(test_file)
6221 ext.process_group_policy([], gpos, dname)
6222 files = os.listdir(dname)
6223 self.assertEqual(len(files), 0,
6224 'The test file should not have been created')
6227 gp_db = store.get_gplog(machine_creds.get_username())
6228 del_gpos = get_deleted_gpos_list(gp_db, [])
6229 ext.process_group_policy(del_gpos, [])
6232 entry = 'Run once as: %s `%s %s`' % (run_as.text, test_script,
6234 g = [g for g in gpos if g.name == guid][0]
6236 self.assertIn(entry, list(ret.values())[0][0],
6237 'The target entry was not listed by rsop')
6239 # Check that a call to gpupdate --rsop also succeeds
6241 self.assertEqual(ret, 0, 'gpupdate --rsop failed!')
6243 # Unstage the manifest.xml and script files
6244 unstage_file(manifest)
6246 # Stage the manifest.xml file for a script without parameters
6247 stage = etree.Element('vgppolicy')
6248 policysetting = etree.SubElement(stage, 'policysetting')
6249 version = etree.SubElement(policysetting, 'version')
6251 data = etree.SubElement(policysetting, 'data')
6252 listelement = etree.SubElement(data, 'listelement')
6253 script = etree.SubElement(listelement, 'script')
6254 script.text = os.path.basename(test_script).lower()
6255 hash = etree.SubElement(listelement, 'hash')
6257 hashlib.md5(open(test_script, 'rb').read()).hexdigest().upper()
6258 run_as = etree.SubElement(listelement, 'run_as')
6259 run_as.text = 'root'
6260 ret = stage_file(manifest, etree.tostring(stage))
6261 self.assertTrue(ret, 'Could not create the target %s' % manifest)
6263 # Process all gpos, with temp output directory
6264 with TemporaryDirectory() as dname:
6266 ext.process_group_policy([], gpos, dname)
6267 except Exception as e:
6269 files = os.listdir(dname)
6270 self.assertEqual(len(files), 1,
6271 'The target script was not created')
6272 entry = '@reboot %s %s' % (run_as.text, test_script)
6273 self.assertIn(entry,
6274 open(os.path.join(dname, files[0]), 'r').read(),
6275 'The test entry was not found')
6278 gp_db = store.get_gplog(machine_creds.get_username())
6279 del_gpos = get_deleted_gpos_list(gp_db, [])
6280 ext.process_group_policy(del_gpos, [])
6281 files = os.listdir(dname)
6282 self.assertEqual(len(files), 0,
6283 'The target script was not removed')
6286 g = [g for g in gpos if g.name == guid][0]
6288 self.assertIn(entry, list(ret.values())[0][0],
6289 'The target entry was not listed by rsop')
6291 # Check that a call to gpupdate --rsop also succeeds
6293 self.assertEqual(ret, 0, 'gpupdate --rsop failed!')
6295 # Unstage the manifest.xml and script files
6296 unstage_file(manifest)
6297 unstage_file(test_script)
6299 def test_vgp_motd(self):
6300 local_path = self.lp.cache_path('gpo_cache')
6301 guid = '{31B2F340-016D-11D2-945F-00C04FB984F9}'
6302 manifest = os.path.join(local_path, policies, guid, 'MACHINE',
6303 'VGP/VTLA/UNIX/MOTD/MANIFEST.XML')
6304 cache_dir = self.lp.get('cache directory')
6305 store = GPOStorage(os.path.join(cache_dir, 'gpo.tdb'))
6307 machine_creds = Credentials()
6308 machine_creds.guess(self.lp)
6309 machine_creds.set_machine_account()
6311 # Initialize the group policy extension
6312 ext = vgp_motd_ext(self.lp, machine_creds,
6313 machine_creds.get_username(), store)
6315 gpos = get_gpo_list(self.server, machine_creds, self.lp,
6316 machine_creds.get_username())
6318 # Stage the manifest.xml file with test data
6319 stage = etree.Element('vgppolicy')
6320 policysetting = etree.SubElement(stage, 'policysetting')
6321 version = etree.SubElement(policysetting, 'version')
6323 data = etree.SubElement(policysetting, 'data')
6324 filename = etree.SubElement(data, 'filename')
6325 filename.text = 'motd'
6326 text = etree.SubElement(data, 'text')
6327 text.text = 'This is the message of the day'
6328 ret = stage_file(manifest, etree.tostring(stage))
6329 self.assertTrue(ret, 'Could not create the target %s' % manifest)
6331 # Process all gpos, with temp output directory
6332 with NamedTemporaryFile() as f:
6333 ext.process_group_policy([], gpos, f.name)
6334 self.assertEqual(open(f.name, 'r').read(), text.text,
6335 'The motd was not applied')
6337 # Check that a call to gpupdate --rsop also succeeds
6339 self.assertEqual(ret, 0, 'gpupdate --rsop failed!')
6342 gp_db = store.get_gplog(machine_creds.get_username())
6343 del_gpos = get_deleted_gpos_list(gp_db, [])
6344 ext.process_group_policy(del_gpos, [], f.name)
6345 self.assertNotEqual(open(f.name, 'r').read(), text.text,
6346 'The motd was not unapplied')
6348 # Unstage the Registry.pol file
6349 unstage_file(manifest)
6351 def test_vgp_issue(self):
6352 local_path = self.lp.cache_path('gpo_cache')
6353 guid = '{31B2F340-016D-11D2-945F-00C04FB984F9}'
6354 manifest = os.path.join(local_path, policies, guid, 'MACHINE',
6355 'VGP/VTLA/UNIX/ISSUE/MANIFEST.XML')
6356 cache_dir = self.lp.get('cache directory')
6357 store = GPOStorage(os.path.join(cache_dir, 'gpo.tdb'))
6359 machine_creds = Credentials()
6360 machine_creds.guess(self.lp)
6361 machine_creds.set_machine_account()
6363 # Initialize the group policy extension
6364 ext = vgp_issue_ext(self.lp, machine_creds,
6365 machine_creds.get_username(), store)
6367 gpos = get_gpo_list(self.server, machine_creds, self.lp,
6368 machine_creds.get_username())
6370 # Stage the manifest.xml file with test data
6371 stage = etree.Element('vgppolicy')
6372 policysetting = etree.SubElement(stage, 'policysetting')
6373 version = etree.SubElement(policysetting, 'version')
6375 data = etree.SubElement(policysetting, 'data')
6376 filename = etree.SubElement(data, 'filename')
6377 filename.text = 'issue'
6378 text = etree.SubElement(data, 'text')
6379 text.text = 'Welcome to Samba!'
6380 ret = stage_file(manifest, etree.tostring(stage))
6381 self.assertTrue(ret, 'Could not create the target %s' % manifest)
6383 # Process all gpos, with temp output directory
6384 with NamedTemporaryFile() as f:
6385 ext.process_group_policy([], gpos, f.name)
6386 self.assertEqual(open(f.name, 'r').read(), text.text,
6387 'The issue was not applied')
6389 # Check that a call to gpupdate --rsop also succeeds
6391 self.assertEqual(ret, 0, 'gpupdate --rsop failed!')
6394 gp_db = store.get_gplog(machine_creds.get_username())
6395 del_gpos = get_deleted_gpos_list(gp_db, [])
6396 ext.process_group_policy(del_gpos, [], f.name)
6397 self.assertNotEqual(open(f.name, 'r').read(), text.text,
6398 'The issue was not unapplied')
6400 # Unstage the manifest.xml file
6401 unstage_file(manifest)
6403 def test_vgp_access(self):
6404 local_path = self.lp.cache_path('gpo_cache')
6405 guid = '{31B2F340-016D-11D2-945F-00C04FB984F9}'
6406 allow = os.path.join(local_path, policies, guid, 'MACHINE',
6407 'VGP/VTLA/VAS/HOSTACCESSCONTROL/ALLOW/MANIFEST.XML')
6408 deny = os.path.join(local_path, policies, guid, 'MACHINE',
6409 'VGP/VTLA/VAS/HOSTACCESSCONTROL/DENY/MANIFEST.XML')
6410 cache_dir = self.lp.get('cache directory')
6411 store = GPOStorage(os.path.join(cache_dir, 'gpo.tdb'))
6413 machine_creds = Credentials()
6414 machine_creds.guess(self.lp)
6415 machine_creds.set_machine_account()
6417 # Initialize the group policy extension
6418 winbind_sep = self.lp.get('winbind separator')
6419 self.addCleanup(self.lp.set, 'winbind separator', winbind_sep)
6420 self.lp.set('winbind separator', '+')
6421 ext = vgp_access_ext(self.lp, machine_creds,
6422 machine_creds.get_username(), store)
6424 gpos = get_gpo_list(self.server, machine_creds, self.lp,
6425 machine_creds.get_username())
6427 # Stage the manifest.xml allow file
6428 stage = etree.Element('vgppolicy')
6429 policysetting = etree.SubElement(stage, 'policysetting')
6430 version = etree.SubElement(policysetting, 'version')
6432 apply_mode = etree.SubElement(policysetting, 'apply_mode')
6433 apply_mode.text = 'merge'
6434 data = etree.SubElement(policysetting, 'data')
6435 # Add an allowed user
6436 listelement = etree.SubElement(data, 'listelement')
6437 otype = etree.SubElement(listelement, 'type')
6439 entry = etree.SubElement(listelement, 'entry')
6440 entry.text = 'goodguy@%s' % realm
6441 adobject = etree.SubElement(listelement, 'adobject')
6442 name = etree.SubElement(adobject, 'name')
6443 name.text = 'goodguy'
6444 domain = etree.SubElement(adobject, 'domain')
6446 otype = etree.SubElement(adobject, 'type')
6448 # Add an allowed group
6449 groupattr = etree.SubElement(data, 'groupattr')
6450 groupattr.text = 'samAccountName'
6451 listelement = etree.SubElement(data, 'listelement')
6452 otype = etree.SubElement(listelement, 'type')
6453 otype.text = 'GROUP'
6454 entry = etree.SubElement(listelement, 'entry')
6455 entry.text = '%s\\goodguys' % realm
6456 dn = etree.SubElement(listelement, 'dn')
6457 dn.text = 'CN=goodguys,CN=Users,%s' % base_dn
6458 adobject = etree.SubElement(listelement, 'adobject')
6459 name = etree.SubElement(adobject, 'name')
6460 name.text = 'goodguys'
6461 domain = etree.SubElement(adobject, 'domain')
6463 otype = etree.SubElement(adobject, 'type')
6464 otype.text = 'group'
6465 ret = stage_file(allow, etree.tostring(stage))
6466 self.assertTrue(ret, 'Could not create the target %s' % allow)
6468 # Stage the manifest.xml deny file
6469 stage = etree.Element('vgppolicy')
6470 policysetting = etree.SubElement(stage, 'policysetting')
6471 version = etree.SubElement(policysetting, 'version')
6473 apply_mode = etree.SubElement(policysetting, 'apply_mode')
6474 apply_mode.text = 'merge'
6475 data = etree.SubElement(policysetting, 'data')
6477 listelement = etree.SubElement(data, 'listelement')
6478 otype = etree.SubElement(listelement, 'type')
6480 entry = etree.SubElement(listelement, 'entry')
6481 entry.text = 'badguy@%s' % realm
6482 adobject = etree.SubElement(listelement, 'adobject')
6483 name = etree.SubElement(adobject, 'name')
6484 name.text = 'badguy'
6485 domain = etree.SubElement(adobject, 'domain')
6487 otype = etree.SubElement(adobject, 'type')
6489 # Add a denied group
6490 groupattr = etree.SubElement(data, 'groupattr')
6491 groupattr.text = 'samAccountName'
6492 listelement = etree.SubElement(data, 'listelement')
6493 otype = etree.SubElement(listelement, 'type')
6494 otype.text = 'GROUP'
6495 entry = etree.SubElement(listelement, 'entry')
6496 entry.text = '%s\\badguys' % realm
6497 dn = etree.SubElement(listelement, 'dn')
6498 dn.text = 'CN=badguys,CN=Users,%s' % base_dn
6499 adobject = etree.SubElement(listelement, 'adobject')
6500 name = etree.SubElement(adobject, 'name')
6501 name.text = 'badguys'
6502 domain = etree.SubElement(adobject, 'domain')
6504 otype = etree.SubElement(adobject, 'type')
6505 otype.text = 'group'
6506 ret = stage_file(deny, etree.tostring(stage))
6507 self.assertTrue(ret, 'Could not create the target %s' % deny)
6509 # Process all gpos, with temp output directory
6510 with TemporaryDirectory() as dname:
6511 ext.process_group_policy([], gpos, dname)
6512 conf = os.listdir(dname)
6513 # There will be 2 files, the policy file and the deny file
6514 self.assertEqual(len(conf), 2, 'The conf file was not created')
6515 # Ignore the DENY_ALL conf file
6516 gp_cfg = os.path.join(dname,
6517 [c for c in conf if '_gp_DENY_ALL.conf' not in c][0])
6519 # Check the access config for the correct access.conf entries
6520 print('Config file %s found' % gp_cfg)
6521 data = open(gp_cfg, 'r').read()
6522 self.assertIn('+:%s+goodguy:ALL' % realm, data)
6523 self.assertIn('+:%s+goodguys:ALL' % realm, data)
6524 self.assertIn('-:%s+badguy:ALL' % realm, data)
6525 self.assertIn('-:%s+badguys:ALL' % realm, data)
6527 # Check that a call to gpupdate --rsop also succeeds
6529 self.assertEqual(ret, 0, 'gpupdate --rsop failed!')
6532 gp_db = store.get_gplog(machine_creds.get_username())
6533 del_gpos = get_deleted_gpos_list(gp_db, [])
6534 ext.process_group_policy(del_gpos, [], dname)
6535 self.assertFalse(os.path.exists(gp_cfg),
6536 'Unapply failed to cleanup config')
6538 # Unstage the manifest.pol files
6542 def test_gnome_settings(self):
6543 local_path = self.lp.cache_path('gpo_cache')
6544 guid = '{31B2F340-016D-11D2-945F-00C04FB984F9}'
6545 reg_pol = os.path.join(local_path, policies, guid,
6546 'MACHINE/REGISTRY.POL')
6547 cache_dir = self.lp.get('cache directory')
6548 store = GPOStorage(os.path.join(cache_dir, 'gpo.tdb'))
6550 machine_creds = Credentials()
6551 machine_creds.guess(self.lp)
6552 machine_creds.set_machine_account()
6554 # Initialize the group policy extension
6555 ext = gp_gnome_settings_ext(self.lp, machine_creds,
6556 machine_creds.get_username(), store)
6558 gpos = get_gpo_list(self.server, machine_creds, self.lp,
6559 machine_creds.get_username())
6561 # Stage the Registry.pol file with test data
6562 parser = GPPolParser()
6563 parser.load_xml(etree.fromstring(gnome_test_reg_pol.strip()))
6564 ret = stage_file(reg_pol, ndr_pack(parser.pol_file))
6565 self.assertTrue(ret, 'Could not create the target %s' % reg_pol)
6567 with TemporaryDirectory() as dname:
6568 ext.process_group_policy([], gpos, dname)
6570 local_db = os.path.join(dname, 'etc/dconf/db/local.d')
6571 self.assertTrue(os.path.isdir(local_db),
6572 'Local db dir not created')
6573 def db_check(name, data, count=1):
6574 db = glob(os.path.join(local_db, '*-%s' % name))
6575 self.assertEqual(len(db), count, '%s not created' % name)
6576 file_contents = ConfigParser()
6577 file_contents.read(db)
6578 for key in data.keys():
6579 self.assertTrue(file_contents.has_section(key),
6580 'Section %s not found' % key)
6582 for k, v in options.items():
6583 v_content = file_contents.get(key, k)
6584 self.assertEqual(v_content, v,
6585 '%s: %s != %s' % (key, v_content, v))
6587 def del_db_check(name):
6588 db = glob(os.path.join(local_db, '*-%s' % name))
6589 self.assertEqual(len(db), 0, '%s not deleted' % name)
6591 locks = os.path.join(local_db, 'locks')
6592 self.assertTrue(os.path.isdir(local_db), 'Locks dir not created')
6593 def lock_check(name, items, count=1):
6594 lock = glob(os.path.join(locks, '*%s' % name))
6595 self.assertEqual(len(lock), count,
6596 '%s lock not created' % name)
6598 for i in range(count):
6599 file_contents.extend(open(lock[i], 'r').read().split('\n'))
6601 self.assertIn(data, file_contents,
6602 '%s lock not created' % data)
6604 def del_lock_check(name):
6605 lock = glob(os.path.join(locks, '*%s' % name))
6606 self.assertEqual(len(lock), 0, '%s lock not deleted' % name)
6608 # Check the user profile
6609 user_profile = os.path.join(dname, 'etc/dconf/profile/user')
6610 self.assertTrue(os.path.exists(user_profile),
6611 'User profile not created')
6613 # Enable the compose key
6614 data = { 'org/gnome/desktop/input-sources':
6615 { 'xkb-options': '[\'compose:ralt\']' }
6617 db_check('input-sources', data)
6618 items = ['/org/gnome/desktop/input-sources/xkb-options']
6619 lock_check('input-sources', items)
6621 # Dim screen when user is idle
6622 data = { 'org/gnome/settings-daemon/plugins/power':
6623 { 'idle-dim': 'true',
6624 'idle-brightness': '30'
6627 db_check('power', data)
6628 data = { 'org/gnome/desktop/session':
6629 { 'idle-delay': 'uint32 300' }
6631 db_check('session', data)
6632 items = ['/org/gnome/settings-daemon/plugins/power/idle-dim',
6633 '/org/gnome/settings-daemon/plugins/power/idle-brightness',
6634 '/org/gnome/desktop/session/idle-delay']
6635 lock_check('power-saving', items)
6637 # Lock down specific settings
6638 bg_locks = ['/org/gnome/desktop/background/picture-uri',
6639 '/org/gnome/desktop/background/picture-options',
6640 '/org/gnome/desktop/background/primary-color',
6641 '/org/gnome/desktop/background/secondary-color']
6642 lock_check('group-policy', bg_locks)
6644 # Lock down enabled extensions
6645 data = { 'org/gnome/shell':
6646 { 'enabled-extensions':
6647 '[\'myextension1@myname.example.com\', \'myextension2@myname.example.com\']',
6648 'development-tools': 'false' }
6650 db_check('extensions', data)
6651 items = [ '/org/gnome/shell/enabled-extensions',
6652 '/org/gnome/shell/development-tools' ]
6653 lock_check('extensions', items)
6655 # Disallow login using a fingerprint
6656 data = { 'org/gnome/login-screen':
6657 { 'enable-fingerprint-authentication': 'false' }
6659 db_check('fingerprintreader', data)
6660 items = ['/org/gnome/login-screen/enable-fingerprint-authentication']
6661 lock_check('fingerprintreader', items)
6663 # Disable user logout and user switching
6664 data = { 'org/gnome/desktop/lockdown':
6665 { 'disable-log-out': 'true',
6666 'disable-user-switching': 'true' }
6668 db_check('logout', data, 2)
6669 items = ['/org/gnome/desktop/lockdown/disable-log-out',
6670 '/org/gnome/desktop/lockdown/disable-user-switching']
6671 lock_check('logout', items, 2)
6673 # Disable repartitioning
6674 actions = os.path.join(dname, 'etc/share/polkit-1/actions')
6675 udisk2 = glob(os.path.join(actions,
6676 'org.freedesktop.[u|U][d|D]isks2.policy'))
6677 self.assertEqual(len(udisk2), 1, 'udisk2 policy not created')
6678 udisk2_tree = etree.fromstring(open(udisk2[0], 'r').read())
6679 actions = udisk2_tree.findall('action')
6680 md = 'org.freedesktop.udisks2.modify-device'
6681 action = [a for a in actions if a.attrib['id'] == md]
6682 self.assertEqual(len(action), 1, 'modify-device not found')
6683 defaults = action[0].find('defaults')
6684 self.assertTrue(defaults is not None,
6685 'modify-device defaults not found')
6686 allow_any = defaults.find('allow_any').text
6687 self.assertEqual(allow_any, 'no',
6688 'modify-device allow_any not set to no')
6689 allow_inactive = defaults.find('allow_inactive').text
6690 self.assertEqual(allow_inactive, 'no',
6691 'modify-device allow_inactive not set to no')
6692 allow_active = defaults.find('allow_active').text
6693 self.assertEqual(allow_active, 'yes',
6694 'modify-device allow_active not set to yes')
6697 data = { 'org/gnome/desktop/lockdown':
6698 { 'disable-printing': 'true' }
6700 db_check('printing', data)
6701 items = ['/org/gnome/desktop/lockdown/disable-printing']
6702 lock_check('printing', items)
6704 # Disable file saving
6705 data = { 'org/gnome/desktop/lockdown':
6706 { 'disable-save-to-disk': 'true' }
6708 db_check('filesaving', data)
6709 items = ['/org/gnome/desktop/lockdown/disable-save-to-disk']
6710 lock_check('filesaving', items)
6712 # Disable command-line access
6713 data = { 'org/gnome/desktop/lockdown':
6714 { 'disable-command-line': 'true' }
6716 db_check('cmdline', data)
6717 items = ['/org/gnome/desktop/lockdown/disable-command-line']
6718 lock_check('cmdline', items)
6720 # Allow or disallow online accounts
6721 data = { 'org/gnome/online-accounts':
6722 { 'whitelisted-providers': '[\'google\']' }
6724 db_check('goa', data)
6725 items = ['/org/gnome/online-accounts/whitelisted-providers']
6726 lock_check('goa', items)
6728 # Verify RSOP does not fail
6729 ext.rsop([g for g in gpos if g.name == guid][0])
6731 # Check that a call to gpupdate --rsop also succeeds
6733 self.assertEqual(ret, 0, 'gpupdate --rsop failed!')
6736 gp_db = store.get_gplog(machine_creds.get_username())
6737 del_gpos = get_deleted_gpos_list(gp_db, [])
6738 ext.process_group_policy(del_gpos, [], dname)
6739 del_db_check('input-sources')
6740 del_lock_check('input-sources')
6741 del_db_check('power')
6742 del_db_check('session')
6743 del_lock_check('power-saving')
6744 del_lock_check('group-policy')
6745 del_db_check('extensions')
6746 del_lock_check('extensions')
6747 del_db_check('fingerprintreader')
6748 del_lock_check('fingerprintreader')
6749 del_db_check('logout')
6750 del_lock_check('logout')
6751 actions = os.path.join(dname, 'etc/share/polkit-1/actions')
6752 udisk2 = glob(os.path.join(actions,
6753 'org.freedesktop.[u|U][d|D]isks2.policy'))
6754 self.assertEqual(len(udisk2), 0, 'udisk2 policy not deleted')
6755 del_db_check('printing')
6756 del_lock_check('printing')
6757 del_db_check('filesaving')
6758 del_lock_check('filesaving')
6759 del_db_check('cmdline')
6760 del_lock_check('cmdline')
6762 del_lock_check('goa')
6764 # Unstage the Registry.pol file
6765 unstage_file(reg_pol)
6767 def test_gp_cert_auto_enroll_ext(self):
6768 local_path = self.lp.cache_path('gpo_cache')
6769 guid = '{31B2F340-016D-11D2-945F-00C04FB984F9}'
6770 reg_pol = os.path.join(local_path, policies, guid,
6771 'MACHINE/REGISTRY.POL')
6772 cache_dir = self.lp.get('cache directory')
6773 store = GPOStorage(os.path.join(cache_dir, 'gpo.tdb'))
6775 machine_creds = Credentials()
6776 machine_creds.guess(self.lp)
6777 machine_creds.set_machine_account()
6779 # Initialize the group policy extension
6780 ext = cae.gp_cert_auto_enroll_ext(self.lp, machine_creds,
6781 machine_creds.get_username(), store)
6783 gpos = get_gpo_list(self.server, machine_creds, self.lp,
6784 machine_creds.get_username())
6786 # Stage the Registry.pol file with test data
6787 parser = GPPolParser()
6788 parser.load_xml(etree.fromstring(auto_enroll_reg_pol.strip()))
6789 ret = stage_file(reg_pol, ndr_pack(parser.pol_file))
6790 self.assertTrue(ret, 'Could not create the target %s' % reg_pol)
6792 # Write the dummy CA entry, Enrollment Services, and Templates Entries
6793 admin_creds = Credentials()
6794 admin_creds.set_username(os.environ.get('DC_USERNAME'))
6795 admin_creds.set_password(os.environ.get('DC_PASSWORD'))
6796 admin_creds.set_realm(os.environ.get('REALM'))
6797 hostname = get_dc_hostname(machine_creds, self.lp)
6798 url = 'ldap://%s' % hostname
6799 ldb = Ldb(url=url, session_info=system_session(),
6800 lp=self.lp, credentials=admin_creds)
6801 # Write the dummy CA
6802 confdn = 'CN=Public Key Services,CN=Services,CN=Configuration,%s' % base_dn
6803 ca_cn = '%s-CA' % hostname.replace('.', '-')
6804 certa_dn = 'CN=%s,CN=Certification Authorities,%s' % (ca_cn, confdn)
6805 ldb.add({'dn': certa_dn,
6806 'objectClass': 'certificationAuthority',
6807 'authorityRevocationList': ['XXX'],
6808 'cACertificate': b'0\x82\x03u0\x82\x02]\xa0\x03\x02\x01\x02\x02\x10I',
6809 'certificateRevocationList': ['XXX'],
6811 # Write the dummy pKIEnrollmentService
6812 enroll_dn = 'CN=%s,CN=Enrollment Services,%s' % (ca_cn, confdn)
6813 ldb.add({'dn': enroll_dn,
6814 'objectClass': 'pKIEnrollmentService',
6815 'cACertificate': b'0\x82\x03u0\x82\x02]\xa0\x03\x02\x01\x02\x02\x10I',
6816 'certificateTemplates': ['Machine'],
6817 'dNSHostName': hostname,
6819 # Write the dummy pKICertificateTemplate
6820 template_dn = 'CN=Machine,CN=Certificate Templates,%s' % confdn
6821 ldb.add({'dn': template_dn,
6822 'objectClass': 'pKICertificateTemplate',
6825 with TemporaryDirectory() as dname:
6826 ext.process_group_policy([], gpos, dname, dname)
6827 ca_crt = os.path.join(dname, '%s.crt' % ca_cn)
6828 self.assertTrue(os.path.exists(ca_crt),
6829 'Root CA certificate was not requested')
6830 machine_crt = os.path.join(dname, '%s.Machine.crt' % ca_cn)
6831 self.assertTrue(os.path.exists(machine_crt),
6832 'Machine certificate was not requested')
6833 machine_key = os.path.join(dname, '%s.Machine.key' % ca_cn)
6834 self.assertTrue(os.path.exists(machine_crt),
6835 'Machine key was not generated')
6837 # Subsequent apply should react to new certificate templates
6838 os.environ['CEPCES_SUBMIT_SUPPORTED_TEMPLATES'] = 'Machine,Workstation'
6839 self.addCleanup(os.environ.pop, 'CEPCES_SUBMIT_SUPPORTED_TEMPLATES')
6840 ext.process_group_policy([], gpos, dname, dname)
6841 self.assertTrue(os.path.exists(ca_crt),
6842 'Root CA certificate was not requested')
6843 self.assertTrue(os.path.exists(machine_crt),
6844 'Machine certificate was not requested')
6845 self.assertTrue(os.path.exists(machine_crt),
6846 'Machine key was not generated')
6847 workstation_crt = os.path.join(dname, '%s.Workstation.crt' % ca_cn)
6848 self.assertTrue(os.path.exists(workstation_crt),
6849 'Workstation certificate was not requested')
6850 workstation_key = os.path.join(dname, '%s.Workstation.key' % ca_cn)
6851 self.assertTrue(os.path.exists(workstation_crt),
6852 'Workstation key was not generated')
6854 # Verify RSOP does not fail
6855 ext.rsop([g for g in gpos if g.name == guid][0])
6857 # Check that a call to gpupdate --rsop also succeeds
6859 self.assertEqual(ret, 0, 'gpupdate --rsop failed!')
6861 # Remove policy by staging pol file with auto-enroll unchecked
6862 parser.load_xml(etree.fromstring(auto_enroll_unchecked_reg_pol.strip()))
6863 ret = stage_file(reg_pol, ndr_pack(parser.pol_file))
6864 self.assertTrue(ret, 'Could not create the target %s' % reg_pol)
6865 ext.process_group_policy([], gpos, dname, dname)
6866 self.assertFalse(os.path.exists(ca_crt),
6867 'Root CA certificate was not removed')
6868 self.assertFalse(os.path.exists(machine_crt),
6869 'Machine certificate was not removed')
6870 self.assertFalse(os.path.exists(machine_crt),
6871 'Machine key was not removed')
6872 self.assertFalse(os.path.exists(workstation_crt),
6873 'Workstation certificate was not removed')
6874 self.assertFalse(os.path.exists(workstation_crt),
6875 'Workstation key was not removed')
6877 # Reapply policy by staging the enabled pol file
6878 parser.load_xml(etree.fromstring(auto_enroll_reg_pol.strip()))
6879 ret = stage_file(reg_pol, ndr_pack(parser.pol_file))
6880 self.assertTrue(ret, 'Could not create the target %s' % reg_pol)
6881 ext.process_group_policy([], gpos, dname, dname)
6882 self.assertTrue(os.path.exists(ca_crt),
6883 'Root CA certificate was not requested')
6884 self.assertTrue(os.path.exists(machine_crt),
6885 'Machine certificate was not requested')
6886 self.assertTrue(os.path.exists(machine_crt),
6887 'Machine key was not generated')
6888 self.assertTrue(os.path.exists(workstation_crt),
6889 'Workstation certificate was not requested')
6890 self.assertTrue(os.path.exists(workstation_crt),
6891 'Workstation key was not generated')
6894 gp_db = store.get_gplog(machine_creds.get_username())
6895 del_gpos = get_deleted_gpos_list(gp_db, [])
6896 ext.process_group_policy(del_gpos, [], dname)
6897 self.assertFalse(os.path.exists(ca_crt),
6898 'Root CA certificate was not removed')
6899 self.assertFalse(os.path.exists(machine_crt),
6900 'Machine certificate was not removed')
6901 self.assertFalse(os.path.exists(machine_crt),
6902 'Machine key was not removed')
6903 self.assertFalse(os.path.exists(workstation_crt),
6904 'Workstation certificate was not removed')
6905 self.assertFalse(os.path.exists(workstation_crt),
6906 'Workstation key was not removed')
6907 out, _ = Popen(['getcert', 'list-cas'], stdout=PIPE).communicate()
6908 self.assertNotIn(get_bytes(ca_cn), out, 'CA was not removed')
6909 out, _ = Popen(['getcert', 'list'], stdout=PIPE).communicate()
6910 self.assertNotIn(b'Machine', out,
6911 'Machine certificate not removed')
6912 self.assertNotIn(b'Workstation', out,
6913 'Workstation certificate not removed')
6915 # Remove the dummy CA, pKIEnrollmentService, and pKICertificateTemplate
6916 ldb.delete(certa_dn)
6917 ldb.delete(enroll_dn)
6918 ldb.delete(template_dn)
6920 # Unstage the Registry.pol file
6921 unstage_file(reg_pol)
6923 def test_gp_user_scripts_ext(self):
6924 local_path = self.lp.cache_path('gpo_cache')
6925 guid = '{31B2F340-016D-11D2-945F-00C04FB984F9}'
6926 reg_pol = os.path.join(local_path, policies, guid,
6927 'USER/REGISTRY.POL')
6928 cache_dir = self.lp.get('cache directory')
6929 store = GPOStorage(os.path.join(cache_dir, 'gpo.tdb'))
6931 machine_creds = Credentials()
6932 machine_creds.guess(self.lp)
6933 machine_creds.set_machine_account()
6935 # Initialize the group policy extension
6936 ext = gp_user_scripts_ext(self.lp, machine_creds,
6937 os.environ.get('DC_USERNAME'), store)
6939 gpos = get_gpo_list(self.server, machine_creds, self.lp,
6940 machine_creds.get_username())
6942 reg_key = b'Software\\Policies\\Samba\\Unix Settings'
6943 sections = { b'%s\\Daily Scripts' % reg_key : b'@daily',
6944 b'%s\\Monthly Scripts' % reg_key : b'@monthly',
6945 b'%s\\Weekly Scripts' % reg_key : b'@weekly',
6946 b'%s\\Hourly Scripts' % reg_key : b'@hourly' }
6947 for keyname in sections.keys():
6948 # Stage the Registry.pol file with test data
6952 e.valuename = b'Software\\Policies\\Samba\\Unix Settings'
6954 e.data = b'echo hello world'
6955 stage.num_entries = 1
6957 ret = stage_file(reg_pol, ndr_pack(stage))
6958 self.assertTrue(ret, 'Could not create the target %s' % reg_pol)
6960 # Process all gpos, intentionally skipping the privilege drop
6961 ext.process_group_policy([], gpos)
6962 # Dump the fake crontab setup for testing
6963 p = Popen(['crontab', '-l'], stdout=PIPE)
6964 crontab, _ = p.communicate()
6965 entry = b'%s %s' % (sections[keyname], e.data.encode())
6966 self.assertIn(entry, crontab,
6967 'The crontab entry was not installed')
6969 # Check that a call to gpupdate --rsop also succeeds
6971 self.assertEqual(ret, 0, 'gpupdate --rsop failed!')
6974 gp_db = store.get_gplog(os.environ.get('DC_USERNAME'))
6975 del_gpos = get_deleted_gpos_list(gp_db, [])
6976 ext.process_group_policy(del_gpos, [])
6977 # Dump the fake crontab setup for testing
6978 p = Popen(['crontab', '-l'], stdout=PIPE)
6979 crontab, _ = p.communicate()
6980 self.assertNotIn(entry, crontab,
6981 'Unapply failed to cleanup crontab entry')
6983 # Unstage the Registry.pol file
6984 unstage_file(reg_pol)
6986 def test_gp_firefox_ext(self):
6987 local_path = self.lp.cache_path('gpo_cache')
6988 guid = '{31B2F340-016D-11D2-945F-00C04FB984F9}'
6989 reg_pol = os.path.join(local_path, policies, guid,
6990 'MACHINE/REGISTRY.POL')
6991 cache_dir = self.lp.get('cache directory')
6992 store = GPOStorage(os.path.join(cache_dir, 'gpo.tdb'))
6994 machine_creds = Credentials()
6995 machine_creds.guess(self.lp)
6996 machine_creds.set_machine_account()
6998 # Initialize the group policy extension
6999 ext = gp_firefox_ext(self.lp, machine_creds,
7000 machine_creds.get_username(), store)
7002 gpos = get_gpo_list(self.server, machine_creds, self.lp,
7003 machine_creds.get_username())
7005 # Stage the Registry.pol file with test data
7006 parser = GPPolParser()
7007 parser.load_xml(etree.fromstring(firefox_reg_pol.strip()))
7008 ret = stage_file(reg_pol, ndr_pack(parser.pol_file))
7009 self.assertTrue(ret, 'Could not create the target %s' % reg_pol)
7011 with TemporaryDirectory() as dname:
7012 ext.process_group_policy([], gpos, dname)
7013 policies_file = os.path.join(dname, 'policies.json')
7014 with open(policies_file, 'r') as r:
7015 policy_data = json.load(r)
7016 expected_policy_data = json.loads(firefox_json_expected)
7017 self.assertIn('policies', policy_data, 'Policies were not applied')
7018 self.assertEqual(expected_policy_data['policies'].keys(),
7019 policy_data['policies'].keys(),
7020 'Firefox policies are missing')
7021 for name in expected_policy_data['policies'].keys():
7022 self.assertEqual(expected_policy_data['policies'][name],
7023 policy_data['policies'][name],
7024 'Policies were not applied')
7026 # Verify RSOP does not fail
7027 ext.rsop([g for g in gpos if g.name == guid][0])
7029 # Check that a call to gpupdate --rsop also succeeds
7031 self.assertEqual(ret, 0, 'gpupdate --rsop failed!')
7033 # Unapply the policy
7034 gp_db = store.get_gplog(machine_creds.get_username())
7035 del_gpos = get_deleted_gpos_list(gp_db, [])
7036 ext.process_group_policy(del_gpos, [], dname)
7037 if os.path.exists(policies_file):
7038 data = json.load(open(policies_file, 'r'))
7039 if 'policies' in data.keys():
7040 self.assertEqual(len(data['policies'].keys()), 0,
7041 'The policy was not unapplied')
7043 # Unstage the Registry.pol file
7044 unstage_file(reg_pol)
7046 def test_gp_chromium_ext(self):
7047 local_path = self.lp.cache_path('gpo_cache')
7048 guid = '{31B2F340-016D-11D2-945F-00C04FB984F9}'
7049 reg_pol = os.path.join(local_path, policies, guid,
7050 'MACHINE/REGISTRY.POL')
7051 cache_dir = self.lp.get('cache directory')
7052 store = GPOStorage(os.path.join(cache_dir, 'gpo.tdb'))
7054 machine_creds = Credentials()
7055 machine_creds.guess(self.lp)
7056 machine_creds.set_machine_account()
7058 # Initialize the group policy extension
7059 ext = gp_chromium_ext(self.lp, machine_creds,
7060 machine_creds.get_username(), store)
7062 gpos = get_gpo_list(self.server, machine_creds, self.lp,
7063 machine_creds.get_username())
7065 # Stage the Registry.pol file with test data
7066 parser = GPPolParser()
7067 parser.load_xml(etree.fromstring(chromium_reg_pol.strip()))
7068 ret = stage_file(reg_pol, ndr_pack(parser.pol_file))
7069 self.assertTrue(ret, 'Could not create the target %s' % reg_pol)
7071 with TemporaryDirectory() as dname:
7072 ext.process_group_policy([], gpos, dname)
7073 managed = os.path.join(dname, 'managed')
7074 managed_files = os.listdir(managed)
7075 self.assertEqual(len(managed_files), 1,
7076 'Chromium policies are missing')
7077 managed_file = os.path.join(managed, managed_files[0])
7078 with open(managed_file, 'r') as r:
7079 managed_data = json.load(r)
7080 recommended = os.path.join(dname, 'recommended')
7081 recommended_files = os.listdir(recommended)
7082 self.assertEqual(len(recommended_files), 1,
7083 'Chromium policies are missing')
7084 recommended_file = os.path.join(recommended, recommended_files[0])
7085 with open(recommended_file, 'r') as r:
7086 recommended_data = json.load(r)
7087 expected_managed_data = json.loads(chromium_json_expected_managed)
7088 expected_recommended_data = \
7089 json.loads(chromium_json_expected_recommended)
7091 self.assertEqual(sorted(expected_managed_data.keys()),
7092 sorted(managed_data.keys()),
7093 'Chromium policies are missing')
7094 for name in expected_managed_data.keys():
7095 self.assertEqual(expected_managed_data[name],
7097 'Policies were not applied')
7098 self.assertEqual(expected_recommended_data.keys(),
7099 recommended_data.keys(),
7100 'Chromium policies are missing')
7101 for name in expected_recommended_data.keys():
7102 self.assertEqual(expected_recommended_data[name],
7103 recommended_data[name],
7104 'Policies were not applied')
7106 # Ensure modifying the policy does not generate extra policy files
7107 unstage_file(reg_pol)
7108 # Change a managed entry:
7109 parser.pol_file.entries[0].data = 0
7110 # Change a recommended entry:
7111 parser.pol_file.entries[-1].data = b'https://google.com'
7112 ret = stage_file(reg_pol, ndr_pack(parser.pol_file))
7113 self.assertTrue(ret, 'Could not create the target %s' % reg_pol)
7115 ext.process_group_policy([], gpos, dname)
7116 managed_files = os.listdir(managed)
7117 self.assertEqual(len(managed_files), 1,
7118 'Number of Chromium policies is incorrect')
7119 omanaged_file = managed_file
7120 managed_file = os.path.join(managed, managed_files[0])
7121 self.assertNotEqual(omanaged_file, managed_file,
7122 'The managed Chromium file did not change')
7124 recommended_files = os.listdir(recommended)
7125 self.assertEqual(len(recommended_files), 1,
7126 'Number of Chromium policies is incorrect')
7127 orecommended_file = recommended_file
7128 recommended_file = os.path.join(recommended, recommended_files[0])
7129 self.assertNotEqual(orecommended_file, recommended_file,
7130 'The recommended Chromium file did not change')
7132 # Verify RSOP does not fail
7133 ext.rsop([g for g in gpos if g.name == guid][0])
7135 # Check that a call to gpupdate --rsop also succeeds
7137 self.assertEqual(ret, 0, 'gpupdate --rsop failed!')
7139 # Unapply the policy
7140 gp_db = store.get_gplog(machine_creds.get_username())
7141 del_gpos = get_deleted_gpos_list(gp_db, [])
7142 ext.process_group_policy(del_gpos, [], dname)
7143 managed = os.path.join(managed, managed_files[0])
7144 if os.path.exists(managed):
7145 data = json.load(open(managed, 'r'))
7146 self.assertEqual(len(data.keys()), 0,
7147 'The policy was not unapplied')
7148 recommended = os.path.join(recommended, recommended_files[0])
7149 if os.path.exists(recommended):
7150 data = json.load(open(recommended, 'r'))
7151 self.assertEqual(len(data.keys()), 0,
7152 'The policy was not unapplied')
7154 # Unstage the Registry.pol file
7155 unstage_file(reg_pol)
7157 def test_gp_firewalld_ext(self):
7158 local_path = self.lp.cache_path('gpo_cache')
7159 guid = '{31B2F340-016D-11D2-945F-00C04FB984F9}'
7160 reg_pol = os.path.join(local_path, policies, guid,
7161 'MACHINE/REGISTRY.POL')
7162 cache_dir = self.lp.get('cache directory')
7163 store = GPOStorage(os.path.join(cache_dir, 'gpo.tdb'))
7165 machine_creds = Credentials()
7166 machine_creds.guess(self.lp)
7167 machine_creds.set_machine_account()
7169 # Initialize the group policy extension
7170 ext = gp_firewalld_ext(self.lp, machine_creds,
7171 machine_creds.get_username(), store)
7173 gpos = get_gpo_list(self.server, machine_creds, self.lp,
7174 machine_creds.get_username())
7176 # Stage the Registry.pol file with test data
7177 parser = GPPolParser()
7178 parser.load_xml(etree.fromstring(firewalld_reg_pol.strip()))
7179 ret = stage_file(reg_pol, ndr_pack(parser.pol_file))
7180 self.assertTrue(ret, 'Could not create the target %s' % reg_pol)
7182 ext.process_group_policy([], gpos)
7184 # Check that the policy was applied
7185 firewall_cmd = which('firewall-cmd')
7186 cmd = [firewall_cmd, '--get-zones']
7187 p = Popen(cmd, stdout=PIPE, stderr=PIPE)
7188 out, err = p.communicate()
7189 self.assertIn(b'work', out, 'Failed to apply zones')
7190 self.assertIn(b'home', out, 'Failed to apply zones')
7192 cmd = [firewall_cmd, '--zone=work', '--list-interfaces']
7193 p = Popen(cmd, stdout=PIPE, stderr=PIPE)
7194 out, err = p.communicate()
7195 self.assertIn(b'eth0', out, 'Failed to set interface on zone')
7197 cmd = [firewall_cmd, '--zone=home', '--list-interfaces']
7198 p = Popen(cmd, stdout=PIPE, stderr=PIPE)
7199 out, err = p.communicate()
7200 self.assertIn(b'eth0', out, 'Failed to set interface on zone')
7202 cmd = [firewall_cmd, '--zone=work', '--list-rich-rules']
7203 p = Popen(cmd, stdout=PIPE, stderr=PIPE)
7204 out, err = p.communicate()
7205 rule = b'rule family=ipv4 source address=172.25.1.7 ' + \
7206 b'service name=ftp reject'
7207 self.assertEqual(rule, out.strip(), 'Failed to set rich rule')
7209 # Verify RSOP does not fail
7210 ext.rsop([g for g in gpos if g.name == guid][0])
7212 # Check that a call to gpupdate --rsop also succeeds
7214 self.assertEqual(ret, 0, 'gpupdate --rsop failed!')
7216 # Unapply the policy
7217 gp_db = store.get_gplog(machine_creds.get_username())
7218 del_gpos = get_deleted_gpos_list(gp_db, [])
7219 ext.process_group_policy(del_gpos, [])
7221 # Check that the policy was unapplied
7222 cmd = [firewall_cmd, '--get-zones']
7223 p = Popen(cmd, stdout=PIPE, stderr=PIPE)
7224 out, err = p.communicate()
7225 self.assertNotIn(b'work', out, 'Failed to unapply zones')
7226 self.assertNotIn(b'home', out, 'Failed to unapply zones')
7228 # Unstage the Registry.pol file
7229 unstage_file(reg_pol)
7231 def test_advanced_gp_cert_auto_enroll_ext(self):
7232 local_path = self.lp.cache_path('gpo_cache')
7233 guid = '{31B2F340-016D-11D2-945F-00C04FB984F9}'
7234 reg_pol = os.path.join(local_path, policies, guid,
7235 'MACHINE/REGISTRY.POL')
7236 cache_dir = self.lp.get('cache directory')
7237 store = GPOStorage(os.path.join(cache_dir, 'gpo.tdb'))
7239 machine_creds = Credentials()
7240 machine_creds.guess(self.lp)
7241 machine_creds.set_machine_account()
7243 # Initialize the group policy extension
7244 ext = cae.gp_cert_auto_enroll_ext(self.lp, machine_creds,
7245 machine_creds.get_username(), store)
7247 gpos = get_gpo_list(self.server, machine_creds, self.lp,
7248 machine_creds.get_username())
7250 admin_creds = Credentials()
7251 admin_creds.set_username(os.environ.get('DC_USERNAME'))
7252 admin_creds.set_password(os.environ.get('DC_PASSWORD'))
7253 admin_creds.set_realm(os.environ.get('REALM'))
7254 hostname = get_dc_hostname(machine_creds, self.lp)
7255 url = 'ldap://%s' % hostname
7256 ldb = Ldb(url=url, session_info=system_session(),
7257 lp=self.lp, credentials=admin_creds)
7259 # Stage the Registry.pol file with test data
7260 res = ldb.search('', _ldb.SCOPE_BASE, '(objectClass=*)',
7261 ['rootDomainNamingContext'])
7262 self.assertTrue(len(res) == 1, 'rootDomainNamingContext not found')
7263 res2 = ldb.search(res[0]['rootDomainNamingContext'][0],
7264 _ldb.SCOPE_BASE, '(objectClass=*)', ['objectGUID'])
7265 self.assertTrue(len(res2) == 1, 'objectGUID not found')
7266 objectGUID = b'{%s}' % \
7267 cae.octet_string_to_objectGUID(res2[0]['objectGUID'][0]).upper().encode()
7268 parser = GPPolParser()
7269 parser.load_xml(etree.fromstring(advanced_enroll_reg_pol.strip() % \
7270 (objectGUID, objectGUID, objectGUID, objectGUID)))
7271 ret = stage_file(reg_pol, ndr_pack(parser.pol_file))
7272 self.assertTrue(ret, 'Could not create the target %s' % reg_pol)
7274 # Write the dummy CA entry
7275 confdn = 'CN=Public Key Services,CN=Services,CN=Configuration,%s' % base_dn
7276 ca_cn = '%s-CA' % hostname.replace('.', '-')
7277 certa_dn = 'CN=%s,CN=Certification Authorities,%s' % (ca_cn, confdn)
7278 ldb.add({'dn': certa_dn,
7279 'objectClass': 'certificationAuthority',
7280 'authorityRevocationList': ['XXX'],
7281 'cACertificate': b'0\x82\x03u0\x82\x02]\xa0\x03\x02\x01\x02\x02\x10I',
7282 'certificateRevocationList': ['XXX'],
7284 # Write the dummy pKIEnrollmentService
7285 enroll_dn = 'CN=%s,CN=Enrollment Services,%s' % (ca_cn, confdn)
7286 ldb.add({'dn': enroll_dn,
7287 'objectClass': 'pKIEnrollmentService',
7288 'cACertificate': b'0\x82\x03u0\x82\x02]\xa0\x03\x02\x01\x02\x02\x10I',
7289 'certificateTemplates': ['Machine'],
7290 'dNSHostName': hostname,
7292 # Write the dummy pKICertificateTemplate
7293 template_dn = 'CN=Machine,CN=Certificate Templates,%s' % confdn
7294 ldb.add({'dn': template_dn,
7295 'objectClass': 'pKICertificateTemplate',
7298 with TemporaryDirectory() as dname:
7299 ext.process_group_policy([], gpos, dname, dname)
7300 ca_list = [ca_cn, 'example0-com-CA', 'example1-com-CA',
7303 ca_crt = os.path.join(dname, '%s.crt' % ca)
7304 self.assertTrue(os.path.exists(ca_crt),
7305 'Root CA certificate was not requested')
7306 machine_crt = os.path.join(dname, '%s.Machine.crt' % ca)
7307 self.assertTrue(os.path.exists(machine_crt),
7308 'Machine certificate was not requested')
7309 machine_key = os.path.join(dname, '%s.Machine.key' % ca)
7310 self.assertTrue(os.path.exists(machine_crt),
7311 'Machine key was not generated')
7313 # Subsequent apply should react to new certificate templates
7314 os.environ['CEPCES_SUBMIT_SUPPORTED_TEMPLATES'] = 'Machine,Workstation'
7315 self.addCleanup(os.environ.pop, 'CEPCES_SUBMIT_SUPPORTED_TEMPLATES')
7316 ext.process_group_policy([], gpos, dname, dname)
7318 self.assertTrue(os.path.exists(ca_crt),
7319 'Root CA certificate was not requested')
7320 self.assertTrue(os.path.exists(machine_crt),
7321 'Machine certificate was not requested')
7322 self.assertTrue(os.path.exists(machine_crt),
7323 'Machine key was not generated')
7325 workstation_crt = os.path.join(dname, '%s.Workstation.crt' % ca)
7326 self.assertTrue(os.path.exists(workstation_crt),
7327 'Workstation certificate was not requested')
7328 workstation_key = os.path.join(dname, '%s.Workstation.key' % ca)
7329 self.assertTrue(os.path.exists(workstation_crt),
7330 'Workstation key was not generated')
7332 # Verify RSOP does not fail
7333 ext.rsop([g for g in gpos if g.name == guid][0])
7335 # Check that a call to gpupdate --rsop also succeeds
7337 self.assertEqual(ret, 0, 'gpupdate --rsop failed!')
7340 gp_db = store.get_gplog(machine_creds.get_username())
7341 del_gpos = get_deleted_gpos_list(gp_db, [])
7342 ext.process_group_policy(del_gpos, [], dname)
7343 self.assertFalse(os.path.exists(ca_crt),
7344 'Root CA certificate was not removed')
7345 self.assertFalse(os.path.exists(machine_crt),
7346 'Machine certificate was not removed')
7347 self.assertFalse(os.path.exists(machine_crt),
7348 'Machine key was not removed')
7349 self.assertFalse(os.path.exists(workstation_crt),
7350 'Workstation certificate was not removed')
7351 self.assertFalse(os.path.exists(workstation_crt),
7352 'Workstation key was not removed')
7353 out, _ = Popen(['getcert', 'list-cas'], stdout=PIPE).communicate()
7355 self.assertNotIn(get_bytes(ca), out, 'CA was not removed')
7356 out, _ = Popen(['getcert', 'list'], stdout=PIPE).communicate()
7357 self.assertNotIn(b'Machine', out,
7358 'Machine certificate not removed')
7359 self.assertNotIn(b'Workstation', out,
7360 'Workstation certificate not removed')
7362 # Remove the dummy CA, pKIEnrollmentService, and pKICertificateTemplate
7363 ldb.delete(certa_dn)
7364 ldb.delete(enroll_dn)
7365 ldb.delete(template_dn)
7367 # Unstage the Registry.pol file
7368 unstage_file(reg_pol)
7370 def test_gp_centrify_sudoers_ext(self):
7371 local_path = self.lp.cache_path('gpo_cache')
7372 guid = '{31B2F340-016D-11D2-945F-00C04FB984F9}'
7373 reg_pol = os.path.join(local_path, policies, guid,
7374 'MACHINE/REGISTRY.POL')
7375 cache_dir = self.lp.get('cache directory')
7376 store = GPOStorage(os.path.join(cache_dir, 'gpo.tdb'))
7378 machine_creds = Credentials()
7379 machine_creds.guess(self.lp)
7380 machine_creds.set_machine_account()
7382 # Initialize the group policy extension
7383 ext = gp_centrify_sudoers_ext(self.lp, machine_creds,
7384 machine_creds.get_username(), store)
7386 gpos = get_gpo_list(self.server, machine_creds, self.lp,
7387 machine_creds.get_username())
7389 # Stage the Registry.pol file with test data
7392 e1.keyname = b'Software\\Policies\\Centrify\\UnixSettings'
7393 e1.valuename = b'sudo.enabled'
7397 e2.keyname = b'Software\\Policies\\Centrify\\UnixSettings\\SuDo'
7400 e2.data = b'fakeu ALL=(ALL) NOPASSWD: ALL'
7401 stage.num_entries = 2
7402 stage.entries = [e1, e2]
7403 ret = stage_file(reg_pol, ndr_pack(stage))
7404 self.assertTrue(ret, 'Could not create the target %s' % reg_pol)
7406 # Process all gpos, with temp output directory
7407 with TemporaryDirectory() as dname:
7408 ext.process_group_policy([], gpos, dname)
7409 sudoers = os.listdir(dname)
7410 self.assertEqual(len(sudoers), 1, 'The sudoer file was not created')
7411 sudoers_file = os.path.join(dname, sudoers[0])
7412 self.assertIn(e2.data, open(sudoers_file, 'r').read(),
7413 'The sudoers entry was not applied')
7415 # Remove the sudoers file, and make sure a re-apply puts it back
7416 os.unlink(sudoers_file)
7417 ext.process_group_policy([], gpos, dname)
7418 sudoers = os.listdir(dname)
7419 self.assertEqual(len(sudoers), 1,
7420 'The sudoer file was not recreated')
7421 sudoers_file = os.path.join(dname, sudoers[0])
7422 self.assertIn(e2.data, open(sudoers_file, 'r').read(),
7423 'The sudoers entry was not reapplied')
7425 # Check that a call to gpupdate --rsop also succeeds
7427 self.assertEqual(ret, 0, 'gpupdate --rsop failed!')
7430 gp_db = store.get_gplog(machine_creds.get_username())
7431 del_gpos = get_deleted_gpos_list(gp_db, [])
7432 ext.process_group_policy(del_gpos, [])
7433 self.assertEqual(len(os.listdir(dname)), 0,
7434 'Unapply failed to cleanup scripts')
7436 # Unstage the Registry.pol file
7437 unstage_file(reg_pol)
7439 def test_gp_centrify_crontab_ext(self):
7440 local_path = self.lp.cache_path('gpo_cache')
7441 guid = '{31B2F340-016D-11D2-945F-00C04FB984F9}'
7442 reg_pol = os.path.join(local_path, policies, guid,
7443 'MACHINE/REGISTRY.POL')
7444 cache_dir = self.lp.get('cache directory')
7445 store = GPOStorage(os.path.join(cache_dir, 'gpo.tdb'))
7447 machine_creds = Credentials()
7448 machine_creds.guess(self.lp)
7449 machine_creds.set_machine_account()
7451 # Initialize the group policy extension
7452 ext = gp_centrify_crontab_ext(self.lp, machine_creds,
7453 machine_creds.get_username(), store)
7455 gpos = get_gpo_list(self.server, machine_creds, self.lp,
7456 machine_creds.get_username())
7458 # Stage the Registry.pol file with test data
7462 b'Software\\Policies\\Centrify\\UnixSettings\\CrontabEntries'
7463 e.valuename = b'Command1'
7465 e.data = b'17 * * * * root echo hello world'
7466 stage.num_entries = 1
7468 ret = stage_file(reg_pol, ndr_pack(stage))
7469 self.assertTrue(ret, 'Could not create the target %s' % reg_pol)
7471 # Process all gpos, with temp output directory
7472 with TemporaryDirectory() as dname:
7473 ext.process_group_policy([], gpos, dname)
7474 cron_entries = os.listdir(dname)
7475 self.assertEqual(len(cron_entries), 1, 'Cron entry not created')
7476 fname = os.path.join(dname, cron_entries[0])
7477 data = open(fname, 'rb').read()
7478 self.assertIn(get_bytes(e.data), data, 'Cron entry is missing')
7480 # Check that a call to gpupdate --rsop also succeeds
7482 self.assertEqual(ret, 0, 'gpupdate --rsop failed!')
7485 gp_db = store.get_gplog(machine_creds.get_username())
7486 del_gpos = get_deleted_gpos_list(gp_db, [])
7487 ext.process_group_policy(del_gpos, [])
7488 self.assertEqual(len(os.listdir(dname)), 0,
7489 'Unapply failed to cleanup script')
7491 # Unstage the Registry.pol file
7492 unstage_file(reg_pol)
7494 def test_gp_user_centrify_crontab_ext(self):
7495 local_path = self.lp.cache_path('gpo_cache')
7496 guid = '{31B2F340-016D-11D2-945F-00C04FB984F9}'
7497 reg_pol = os.path.join(local_path, policies, guid,
7498 'USER/REGISTRY.POL')
7499 cache_dir = self.lp.get('cache directory')
7500 store = GPOStorage(os.path.join(cache_dir, 'gpo.tdb'))
7502 machine_creds = Credentials()
7503 machine_creds.guess(self.lp)
7504 machine_creds.set_machine_account()
7506 # Initialize the group policy extension
7507 ext = gp_user_centrify_crontab_ext(self.lp, machine_creds,
7508 os.environ.get('DC_USERNAME'),
7511 gpos = get_gpo_list(self.server, machine_creds, self.lp,
7512 machine_creds.get_username())
7514 # Stage the Registry.pol file with test data
7518 b'Software\\Policies\\Centrify\\UnixSettings\\CrontabEntries'
7519 e.valuename = b'Command1'
7521 e.data = b'17 * * * * echo hello world'
7522 stage.num_entries = 1
7524 ret = stage_file(reg_pol, ndr_pack(stage))
7525 self.assertTrue(ret, 'Could not create the target %s' % reg_pol)
7527 # Process all gpos, intentionally skipping the privilege drop
7528 ext.process_group_policy([], gpos)
7529 # Dump the fake crontab setup for testing
7530 p = Popen(['crontab', '-l'], stdout=PIPE)
7531 crontab, _ = p.communicate()
7532 self.assertIn(get_bytes(e.data), crontab,
7533 'The crontab entry was not installed')
7535 # Check that a call to gpupdate --rsop also succeeds
7537 self.assertEqual(ret, 0, 'gpupdate --rsop failed!')
7540 gp_db = store.get_gplog(os.environ.get('DC_USERNAME'))
7541 del_gpos = get_deleted_gpos_list(gp_db, [])
7542 ext.process_group_policy(del_gpos, [])
7543 # Dump the fake crontab setup for testing
7544 p = Popen(['crontab', '-l'], stdout=PIPE)
7545 crontab, _ = p.communicate()
7546 self.assertNotIn(get_bytes(e.data), crontab,
7547 'Unapply failed to cleanup crontab entry')
7549 # Unstage the Registry.pol file
7550 unstage_file(reg_pol)