You want to implement extension whitelisting in Firefox using the Group Policy setting
Administrative Templates/Mozilla/Firefox/Extensions/Extension Management?
You may have already made an inventory of which browser extensions are in use, maybe using my script here:
Discover installed and potentially malicious browser extensions
You may also have vetted the list, so that only those extensions, that you excplitly have approved are allowed.
More on that here.
Now it’s time for implementation in Group Policy.
The Group Policy setting Extension Management requires you to define the extension settings in JSON format.
With a long list of approved extensions, typing this information manually is errorprone and tiresome.
This simple PowerShell script will help you generate the JSON data for you.
Prerequisite: You need a CSV file with a list of approved extensions by ID.
If you have used my extension discovery script, you can use the $extensions data, where WebStore is “Mozilla” and then of course remove unwanted extensions from the list before saving to CSV.
The CSV should have information like this:
ID
@contain-facebook
ciscowebexstart1@cisco.com
uBlock0@raymondhill.net
(You can have other columns with data in the CSV. The script will just use the “ID”-column.)
Edit the $cSVFilePath and $blockedInstallMessage variables, before you run the script.
#requires -version 5
<#
.SYNOPSIS
Creates an extension whitelist policy in JSON format to be used by Firefox Group Policy
.DESCRIPTION
Group Policy Administrative Templates/Mozilla/Firefox/Extensions/Extension Management
allows you to insert JSON formatted data, that defines the extension settings for Firefox.
To create an extension whitelisting policy, "*" needs to be blocked, and only explicitly
allowed extension Ids are allowed.
This script imports the explicitly allowed extension Ids from a CSV file and then creates
the needed JSON data to be used in the GPO.
.INPUTS
$cSVFilePath = "<Path to CSV file>"
$blockedInstallMessage = "<Your message to end users, appended to Firefox standard message, when add-on install is blocked>"
.OUTPUTS
Outputs Firefox extension settings in JSON format to be copy/pasted into Extension Management GP setting
.NOTES
Version: 1.0
Author: Martin Jeppesen, https://www.avantia.dk
Creation Date: 2022-09-27
Purpose/Change: Initial script development
#>
#----------------------------------------------------------[Declarations]----------------------------------------------------------
$cSVFilePath = "<Path to CSV file>"
$blockedInstallMessage = "<Your message to end users, appended to Firefox standard message, when add-on install is blocked>"
#Creation of the object containing the whitelist data
$firefoxExtensionWhitelist = @{}
#Creation of object containing data to define an extension as allowed
$firefoxInstAllowed = [PSCustomObject]@{ "installation_mode" = "allowed" }
#Creation of object to define * as blacklisted
$firefoxNameOfBlockAll = "*"
$firefoxBlockAll = [PSCustomObject]@{ "blocked_install_message" = $blockedInstallMessage; "installation_mode" = "blocked" }
$firefoxExtensionWhitelist.Add($firefoxNameOfBlockAll,$firefoxBlockAll)
#-----------------------------------------------------------[Execution]------------------------------------------------------------
$firefoxAllowedExtensionIds = Import-Csv $cSVFilePath
Foreach ($firefoxExtension in $firefoxAllowedExtensionIds)
{
$extensionId = $firefoxExtension.ID
$firefoxExtensionWhitelist.Add($extensionId,$firefoxInstAllowed)
}
$firefoxExtensionWhitelist | ConvertTo-Json