2018-02-12 12:21:42 -07:00
# Unix SMB/CIFS implementation. Tests for smb manipulation
# Copyright (C) David Mulder <dmulder@suse.com> 2018
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
2021-01-22 10:09:55 -07:00
import os , grp , pwd
2018-10-11 13:47:22 +13:00
import errno
2018-02-12 12:21:42 -07:00
from samba import gpo , tests
2022-05-27 10:56:25 -06:00
from samba . gp . gpclass import register_gp_extension , list_gp_extensions , \
2018-10-11 13:47:22 +13:00
unregister_gp_extension , GPOStorage
2018-02-12 12:21:42 -07:00
from samba . param import LoadParm
2022-05-27 10:56:25 -06:00
from samba . gp . gpclass import check_refresh_gpo_list , check_safe_path , \
2018-08-30 10:25:45 -06:00
check_guid , parse_gpext_conf , atomic_write_conf , get_deleted_gpos_list
2018-08-29 17:28:58 -06:00
from subprocess import Popen , PIPE
2020-06-16 15:29:40 -06:00
from tempfile import NamedTemporaryFile , TemporaryDirectory
2022-05-27 10:56:25 -06:00
from samba . gp import gpclass
2021-07-20 11:13:21 -06:00
# Disable privilege dropping for testing
gpclass . drop_privileges = lambda _ , func , * args : func ( * args )
2022-05-27 10:56:25 -06:00
from samba . gp . gp_sec_ext import gp_krb_ext , gp_access_ext
from samba . gp . gp_scripts_ext import gp_scripts_ext , gp_user_scripts_ext
from samba . gp . gp_sudoers_ext import gp_sudoers_ext
from samba . gp . vgp_sudoers_ext import vgp_sudoers_ext
from samba . gp . vgp_symlink_ext import vgp_symlink_ext
from samba . gp . gpclass import gp_inf_ext
from samba . gp . gp_smb_conf_ext import gp_smb_conf_ext
from samba . gp . vgp_files_ext import vgp_files_ext
from samba . gp . vgp_openssh_ext import vgp_openssh_ext
from samba . gp . vgp_startup_scripts_ext import vgp_startup_scripts_ext
from samba . gp . vgp_motd_ext import vgp_motd_ext
from samba . gp . vgp_issue_ext import vgp_issue_ext
from samba . gp . vgp_access_ext import vgp_access_ext
from samba . gp . gp_gnome_settings_ext import gp_gnome_settings_ext
from samba . gp import gp_cert_auto_enroll_ext as cae
from samba . gp . gp_firefox_ext import gp_firefox_ext
from samba . gp . gp_chromium_ext import gp_chromium_ext
from samba . gp . gp_firewalld_ext import gp_firewalld_ext
2018-08-30 15:22:08 -06:00
from samba . credentials import Credentials
2022-05-27 10:56:25 -06:00
from samba . gp . gp_msgs_ext import gp_msgs_ext
from samba . gp . gp_centrify_sudoers_ext import gp_centrify_sudoers_ext
from samba . gp . gp_centrify_crontab_ext import gp_centrify_crontab_ext , \
gp_user_centrify_crontab_ext
2020-09-11 14:29:46 -06:00
from samba . common import get_bytes
2020-06-16 15:29:40 -06:00
from samba . dcerpc import preg
from samba . ndr import ndr_pack
2020-07-07 11:10:10 -06:00
import codecs
2018-07-25 15:24:35 -06:00
from shutil import copyfile
2020-11-03 13:14:34 -07:00
import xml . etree . ElementTree as etree
2021-01-29 13:34:50 -07:00
import hashlib
2021-05-18 15:35:24 +00:00
from samba . gp_parse . gp_pol import GPPolParser
from glob import glob
from configparser import ConfigParser
2022-05-27 10:56:25 -06:00
from samba . gp . gpclass import get_dc_hostname
2021-07-02 20:44:43 +00:00
from samba import Ldb
2022-04-12 12:27:41 -06:00
import ldb as _ldb
2021-07-02 20:44:43 +00:00
from samba . auth import system_session
2021-08-25 13:04:47 -06:00
import json
2021-10-12 12:54:09 -06:00
from shutil import which
2022-05-04 15:01:22 -06:00
import requests
from cryptography import x509
from cryptography . hazmat . primitives import hashes
from cryptography . hazmat . backends import default_backend
from cryptography . hazmat . primitives . asymmetric import rsa
from cryptography . hazmat . primitives . serialization import Encoding
from datetime import datetime , timedelta
def dummy_certificate ( ) :
name = x509 . Name ( [
x509 . NameAttribute ( x509 . NameOID . COMMON_NAME ,
os . environ . get ( ' SERVER ' ) )
] )
cons = x509 . BasicConstraints ( ca = True , path_length = 0 )
now = datetime . utcnow ( )
key = rsa . generate_private_key ( public_exponent = 65537 , key_size = 2048 ,
backend = default_backend ( ) )
cert = (
x509 . CertificateBuilder ( )
. subject_name ( name )
. issuer_name ( name )
. public_key ( key . public_key ( ) )
. serial_number ( 1000 )
. not_valid_before ( now )
. not_valid_after ( now + timedelta ( seconds = 300 ) )
. add_extension ( cons , False )
. sign ( key , hashes . SHA256 ( ) , default_backend ( ) )
)
return cert . public_bytes ( encoding = Encoding . DER )
# Dummy requests structure for Certificate Auto Enrollment
class dummy_requests ( object ) :
@staticmethod
def get ( url = None , params = None ) :
dummy = requests . Response ( )
dummy . _content = dummy_certificate ( )
dummy . headers = { ' Content-Type ' : ' application/x-x509-ca-cert ' }
return dummy
class exceptions ( object ) :
ConnectionError = Exception
cae . requests = dummy_requests
2018-02-12 12:21:42 -07:00
2018-12-14 09:50:02 +13:00
realm = os . environ . get ( ' REALM ' )
policies = realm + ' /POLICIES '
realm = realm . lower ( )
poldir = r ' \\ {0} \ sysvol \ {0} \ Policies ' . format ( realm )
# the first part of the base DN varies by testenv. Work it out from the realm
base_dn = ' DC= {0} ,DC=samba,DC=example,DC=com ' . format ( realm . split ( ' . ' ) [ 0 ] )
dspath = ' CN=Policies,CN=System, ' + base_dn
2018-02-12 12:21:42 -07:00
gpt_data = ' [General] \n Version= %d '
2021-05-18 15:35:24 +00:00
gnome_test_reg_pol = \
b """
< ? xml version = " 1.0 " encoding = " utf-8 " ? >
< PolFile num_entries = " 26 " signature = " PReg " version = " 1 " >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > GNOME Settings \Lock Down Settings < / Key >
< ValueName > Lock Down Enabled Extensions < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > GNOME Settings \Lock Down Settings < / Key >
< ValueName > Lock Down Specific Settings < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > GNOME Settings \Lock Down Settings < / Key >
< ValueName > Disable Printing < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > GNOME Settings \Lock Down Settings < / Key >
< ValueName > Disable File Saving < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > GNOME Settings \Lock Down Settings < / Key >
< ValueName > Disable Command - Line Access < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > GNOME Settings \Lock Down Settings < / Key >
< ValueName > Disallow Login Using a Fingerprint < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > GNOME Settings \Lock Down Settings < / Key >
< ValueName > Disable User Logout < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > GNOME Settings \Lock Down Settings < / Key >
< ValueName > Disable User Switching < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > GNOME Settings \Lock Down Settings < / Key >
< ValueName > Disable Repartitioning < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > GNOME Settings \Lock Down Settings < / Key >
< ValueName > Whitelisted Online Accounts < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > GNOME Settings \Lock Down Settings < / Key >
< ValueName > Compose Key < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > GNOME Settings \Lock Down Settings < / Key >
< ValueName > Dim Screen when User is Idle < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > GNOME Settings \Lock Down Settings < / Key >
< ValueName > Enabled Extensions < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > GNOME Settings \Lock Down Settings \Compose Key < / Key >
< ValueName > Key Name < / ValueName >
< Value > Right Alt < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > GNOME Settings \Lock Down Settings \Dim Screen when User is Idle < / Key >
< ValueName > Delay < / ValueName >
< Value > 300 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > GNOME Settings \Lock Down Settings \Dim Screen when User is Idle < / Key >
< ValueName > Dim Idle Brightness < / ValueName >
< Value > 30 < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > GNOME Settings \Lock Down Settings \Enabled Extensions < / Key >
< ValueName > * * delvals . < / ValueName >
< Value > < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > GNOME Settings \Lock Down Settings \Enabled Extensions < / Key >
< ValueName > myextension1 @myname.example.com < / ValueName >
< Value > myextension1 @myname.example.com < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > GNOME Settings \Lock Down Settings \Enabled Extensions < / Key >
< ValueName > myextension2 @myname.example.com < / ValueName >
< Value > myextension2 @myname.example.com < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > GNOME Settings \Lock Down Settings \Lock Down Specific Settings < / Key >
< ValueName > * * delvals . < / ValueName >
< Value > < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > GNOME Settings \Lock Down Settings \Lock Down Specific Settings < / Key >
< ValueName > / org / gnome / desktop / background / picture - uri < / ValueName >
< Value > / org / gnome / desktop / background / picture - uri < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > GNOME Settings \Lock Down Settings \Lock Down Specific Settings < / Key >
< ValueName > / org / gnome / desktop / background / picture - options < / ValueName >
< Value > / org / gnome / desktop / background / picture - options < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > GNOME Settings \Lock Down Settings \Lock Down Specific Settings < / Key >
< ValueName > / org / gnome / desktop / background / primary - color < / ValueName >
< Value > / org / gnome / desktop / background / primary - color < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > GNOME Settings \Lock Down Settings \Lock Down Specific Settings < / Key >
< ValueName > / org / gnome / desktop / background / secondary - color < / ValueName >
< Value > / org / gnome / desktop / background / secondary - color < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > GNOME Settings \Lock Down Settings \Whitelisted Online Accounts < / Key >
< ValueName > * * delvals . < / ValueName >
< Value > < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > GNOME Settings \Lock Down Settings \Whitelisted Online Accounts < / Key >
< ValueName > google < / ValueName >
< Value > google < / Value >
< / Entry >
< / PolFile >
"""
2021-07-02 20:44:43 +00:00
auto_enroll_reg_pol = \
b """
< ? xml version = " 1.0 " encoding = " utf-8 " ? >
< PolFile num_entries = " 3 " signature = " PReg " version = " 1 " >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \Policies \Microsoft \Cryptography \AutoEnrollment < / Key >
< ValueName > AEPolicy < / ValueName >
< Value > 7 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \Policies \Microsoft \Cryptography \AutoEnrollment < / Key >
< ValueName > OfflineExpirationPercent < / ValueName >
< Value > 10 < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Microsoft \Cryptography \AutoEnrollment < / Key >
< ValueName > OfflineExpirationStoreNames < / ValueName >
< Value > MY < / Value >
< / Entry >
< / PolFile >
"""
2022-04-12 12:27:41 -06:00
advanced_enroll_reg_pol = \
b """
< ? xml version = " 1.0 " encoding = " utf-8 " ? >
< PolFile num_entries = " 30 " signature = " PReg " version = " 1 " >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Microsoft \Cryptography < / Key >
< ValueName > * * DeleteKeys < / ValueName >
< Value > Software \Policies \Microsoft \Cryptography \PolicyServers < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \Policies \Microsoft \Cryptography \AutoEnrollment < / Key >
< ValueName > AEPolicy < / ValueName >
< Value > 7 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \Policies \Microsoft \Cryptography \AutoEnrollment < / Key >
< ValueName > OfflineExpirationPercent < / ValueName >
< Value > 25 < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Microsoft \Cryptography \AutoEnrollment < / Key >
< ValueName > OfflineExpirationStoreNames < / ValueName >
< Value > MY < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Microsoft \Cryptography \PolicyServers < / Key >
< ValueName / >
< Value > { 5 AD0BE6D - 3393 - 4940 - BFC3 - 6E19555 A8919 } < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \Policies \Microsoft \Cryptography \PolicyServers < / Key >
< ValueName > Flags < / ValueName >
< Value > 0 < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Microsoft \Cryptography \PolicyServers \\37 c9dc30f207f27f61a2f7c3aed598a6e2920b54 < / Key >
< ValueName > URL < / ValueName >
< Value > LDAP : < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Microsoft \Cryptography \PolicyServers \\37 c9dc30f207f27f61a2f7c3aed598a6e2920b54 < / Key >
< ValueName > PolicyID < / ValueName >
< Value > % s < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Microsoft \Cryptography \PolicyServers \\37 c9dc30f207f27f61a2f7c3aed598a6e2920b54 < / Key >
< ValueName > FriendlyName < / ValueName >
< Value > Example < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \Policies \Microsoft \Cryptography \PolicyServers \\37 c9dc30f207f27f61a2f7c3aed598a6e2920b54 < / Key >
< ValueName > Flags < / ValueName >
< Value > 16 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \Policies \Microsoft \Cryptography \PolicyServers \\37 c9dc30f207f27f61a2f7c3aed598a6e2920b54 < / Key >
< ValueName > AuthFlags < / ValueName >
< Value > 2 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \Policies \Microsoft \Cryptography \PolicyServers \\37 c9dc30f207f27f61a2f7c3aed598a6e2920b54 < / Key >
< ValueName > Cost < / ValueName >
< Value > 2147483645 < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Microsoft \Cryptography \PolicyServers \\144 bdbb8e4717c26e408f3c9a0cb8d6cfacbcbbe < / Key >
< ValueName > URL < / ValueName >
< Value > https : / / example2 . com / ADPolicyProvider_CEP_Certificate / service . svc / CEP < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Microsoft \Cryptography \PolicyServers \\144 bdbb8e4717c26e408f3c9a0cb8d6cfacbcbbe < / Key >
< ValueName > PolicyID < / ValueName >
< Value > % s < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Microsoft \Cryptography \PolicyServers \\144 bdbb8e4717c26e408f3c9a0cb8d6cfacbcbbe < / Key >
< ValueName > FriendlyName < / ValueName >
< Value > Example2 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \Policies \Microsoft \Cryptography \PolicyServers \\144 bdbb8e4717c26e408f3c9a0cb8d6cfacbcbbe < / Key >
< ValueName > Flags < / ValueName >
< Value > 16 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \Policies \Microsoft \Cryptography \PolicyServers \\144 bdbb8e4717c26e408f3c9a0cb8d6cfacbcbbe < / Key >
< ValueName > AuthFlags < / ValueName >
< Value > 8 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \Policies \Microsoft \Cryptography \PolicyServers \\144 bdbb8e4717c26e408f3c9a0cb8d6cfacbcbbe < / Key >
< ValueName > Cost < / ValueName >
< Value > 10 < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Microsoft \Cryptography \PolicyServers \\20 d46e856e9b9746c0b1265c328f126a7b3283a9 < / Key >
< ValueName > URL < / ValueName >
< Value > https : / / example0 . com / ADPolicyProvider_CEP_Kerberos / service . svc / CEP < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Microsoft \Cryptography \PolicyServers \\20 d46e856e9b9746c0b1265c328f126a7b3283a9 < / Key >
< ValueName > PolicyID < / ValueName >
< Value > % s < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Microsoft \Cryptography \PolicyServers \\20 d46e856e9b9746c0b1265c328f126a7b3283a9 < / Key >
< ValueName > FriendlyName < / ValueName >
< Value > Example0 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \Policies \Microsoft \Cryptography \PolicyServers \\20 d46e856e9b9746c0b1265c328f126a7b3283a9 < / Key >
< ValueName > Flags < / ValueName >
< Value > 16 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \Policies \Microsoft \Cryptography \PolicyServers \\20 d46e856e9b9746c0b1265c328f126a7b3283a9 < / Key >
< ValueName > AuthFlags < / ValueName >
< Value > 2 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \Policies \Microsoft \Cryptography \PolicyServers \\20 d46e856e9b9746c0b1265c328f126a7b3283a9 < / Key >
< ValueName > Cost < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Microsoft \Cryptography \PolicyServers \\855 b5246433a48402ac4f5c3427566df26ccc9ac < / Key >
< ValueName > URL < / ValueName >
< Value > https : / / example1 . com / ADPolicyProvider_CEP_Kerberos / service . svc / CEP < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Microsoft \Cryptography \PolicyServers \\855 b5246433a48402ac4f5c3427566df26ccc9ac < / Key >
< ValueName > PolicyID < / ValueName >
< Value > % s < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Microsoft \Cryptography \PolicyServers \\855 b5246433a48402ac4f5c3427566df26ccc9ac < / Key >
< ValueName > FriendlyName < / ValueName >
< Value > Example1 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \Policies \Microsoft \Cryptography \PolicyServers \\855 b5246433a48402ac4f5c3427566df26ccc9ac < / Key >
< ValueName > Flags < / ValueName >
< Value > 16 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \Policies \Microsoft \Cryptography \PolicyServers \\855 b5246433a48402ac4f5c3427566df26ccc9ac < / Key >
< ValueName > AuthFlags < / ValueName >
< Value > 2 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \Policies \Microsoft \Cryptography \PolicyServers \\855 b5246433a48402ac4f5c3427566df26ccc9ac < / Key >
< ValueName > Cost < / ValueName >
< Value > 1 < / Value >
< / Entry >
< / PolFile >
"""
2021-08-25 13:04:47 -06:00
firefox_reg_pol = \
b """
< ? xml version = " 1.0 " encoding = " utf-8 " ? >
< PolFile num_entries = " 241 " signature = " PReg " version = " 1 " >
< Entry type = " 7 " type_name = " REG_MULTI_SZ " >
< Key > Software \\Policies \\Mozilla \\Firefox < / Key >
< ValueName > ExtensionSettings < / ValueName >
< Value > { & quot ; * & quot ; : { & quot ; blocked_install_message & quot ; : & quot ; Custom error message . & quot ; , & quot ; install_sources & quot ; : [ & quot ; about : addons & quot ; , & quot ; https : / / addons . mozilla . org / & quot ; ] , & quot ; installation_mode & quot ; : & quot ; blocked & quot ; , & quot ; allowed_types & quot ; : [ & quot ; extension & quot ; ] } , & quot ; uBlock0 @raymondhill.net & quot ; : { & quot ; installation_mode & quot ; : & quot ; force_installed & quot ; , & quot ; install_url & quot ; : & quot ; https : / / addons . mozilla . org / firefox / downloads / latest / ublock - origin / latest . xpi & quot ; } , & quot ; https - everywhere @eff.org & quot ; : { & quot ; installation_mode & quot ; : & quot ; allowed & quot ; } } < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \\Policies \\Mozilla \\Firefox < / Key >
< ValueName > ExtensionUpdate < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \\Policies \\Mozilla \\Firefox < / Key >
< ValueName > SearchSuggestEnabled < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \\Policies \\Mozilla \\Firefox < / Key >
< ValueName > AppAutoUpdate < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \\Policies \\Mozilla \\Firefox < / Key >
< ValueName > AppUpdateURL < / ValueName >
< Value > https : / / yoursite . com < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \\Policies \\Mozilla \\Firefox < / Key >
< ValueName > BlockAboutAddons < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \\Policies \\Mozilla \\Firefox < / Key >
< ValueName > BlockAboutConfig < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \\Policies \\Mozilla \\Firefox < / Key >
< ValueName > BlockAboutProfiles < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \\Policies \\Mozilla \\Firefox < / Key >
< ValueName > BlockAboutSupport < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \\Policies \\Mozilla \\Firefox < / Key >
< ValueName > CaptivePortal < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 2 " type_name = " REG_EXPAND_SZ " >
< Key > Software \\Policies \\Mozilla \\Firefox < / Key >
< ValueName > DefaultDownloadDirectory < / ValueName >
< Value > $ { home } / Downloads < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \\Policies \\Mozilla \\Firefox < / Key >
< ValueName > DisableAppUpdate < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \\Policies \\Mozilla \\Firefox < / Key >
< ValueName > DisableBuiltinPDFViewer < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \\Policies \\Mozilla \\Firefox < / Key >
< ValueName > DisableDefaultBrowserAgent < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \\Policies \\Mozilla \\Firefox < / Key >
< ValueName > DisableDeveloperTools < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \\Policies \\Mozilla \\Firefox < / Key >
< ValueName > DisableFeedbackCommands < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \\Policies \\Mozilla \\Firefox < / Key >
< ValueName > DisableFirefoxAccounts < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \\Policies \\Mozilla \\Firefox < / Key >
< ValueName > DisableFirefoxScreenshots < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \\Policies \\Mozilla \\Firefox < / Key >
< ValueName > DisableFirefoxStudies < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \\Policies \\Mozilla \\Firefox < / Key >
< ValueName > DisableForgetButton < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \\Policies \\Mozilla \\Firefox < / Key >
< ValueName > DisableFormHistory < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \\Policies \\Mozilla \\Firefox < / Key >
< ValueName > DisableMasterPasswordCreation < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \\Policies \\Mozilla \\Firefox < / Key >
< ValueName > DisablePasswordReveal < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \\Policies \\Mozilla \\Firefox < / Key >
< ValueName > DisablePocket < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \\Policies \\Mozilla \\Firefox < / Key >
< ValueName > DisablePrivateBrowsing < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \\Policies \\Mozilla \\Firefox < / Key >
< ValueName > DisableProfileImport < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \\Policies \\Mozilla \\Firefox < / Key >
< ValueName > DisableProfileRefresh < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \\Policies \\Mozilla \\Firefox < / Key >
< ValueName > DisableSafeMode < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \\Policies \\Mozilla \\Firefox < / Key >
< ValueName > DisableSetDesktopBackground < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \\Policies \\Mozilla \\Firefox < / Key >
< ValueName > DisableSystemAddonUpdate < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \\Policies \\Mozilla \\Firefox < / Key >
< ValueName > DisableTelemetry < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \\Policies \\Mozilla \\Firefox < / Key >
< ValueName > DisplayBookmarksToolbar < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \\Policies \\Mozilla \\Firefox < / Key >
< ValueName > DisplayMenuBar < / ValueName >
< Value > default - on < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \\Policies \\Mozilla \\Firefox < / Key >
< ValueName > DontCheckDefaultBrowser < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 2 " type_name = " REG_EXPAND_SZ " >
< Key > Software \\Policies \\Mozilla \\Firefox < / Key >
< ValueName > DownloadDirectory < / ValueName >
< Value > $ { home } / Downloads < / Value >
< / Entry >
< Entry type = " 7 " type_name = " REG_MULTI_SZ " >
< Key > Software \\Policies \\Mozilla \\Firefox < / Key >
< ValueName > Handlers < / ValueName >
< Value > { & quot ; mimeTypes & quot ; : { & quot ; application / msword & quot ; : { & quot ; action & quot ; : & quot ; useSystemDefault & quot ; , & quot ; ask & quot ; : true } } , & quot ; schemes & quot ; : { & quot ; mailto & quot ; : { & quot ; action & quot ; : & quot ; useHelperApp & quot ; , & quot ; ask & quot ; : true , & quot ; handlers & quot ; : [ { & quot ; name & quot ; : & quot ; Gmail & quot ; , & quot ; uriTemplate & quot ; : & quot ; https : / / mail . google . com / mail / ? extsrc = mailto & amp ; url = % s & quot ; } ] } } , & quot ; extensions & quot ; : { & quot ; pdf & quot ; : { & quot ; action & quot ; : & quot ; useHelperApp & quot ; , & quot ; ask & quot ; : true , & quot ; handlers & quot ; : [ { & quot ; name & quot ; : & quot ; Adobe Acrobat & quot ; , & quot ; path & quot ; : & quot ; / usr / bin / acroread & quot ; } ] } } } < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \\Policies \\Mozilla \\Firefox < / Key >
< ValueName > HardwareAcceleration < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 7 " type_name = " REG_MULTI_SZ " >
< Key > Software \\Policies \\Mozilla \\Firefox < / Key >
< ValueName > ManagedBookmarks < / ValueName >
< Value > [ { & quot ; toplevel_name & quot ; : & quot ; My managed bookmarks folder & quot ; } , { & quot ; url & quot ; : & quot ; example . com & quot ; , & quot ; name & quot ; : & quot ; Example & quot ; } , { & quot ; name & quot ; : & quot ; Mozilla links & quot ; , & quot ; children & quot ; : [ { & quot ; url & quot ; : & quot ; https : / / mozilla . org & quot ; , & quot ; name & quot ; : & quot ; Mozilla . org & quot ; } , { & quot ; url & quot ; : & quot ; https : / / support . mozilla . org / & quot ; , & quot ; name & quot ; : & quot ; SUMO & quot ; } ] } ] < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \\Policies \\Mozilla \\Firefox < / Key >
< ValueName > NetworkPrediction < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \\Policies \\Mozilla \\Firefox < / Key >
< ValueName > NewTabPage < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \\Policies \\Mozilla \\Firefox < / Key >
< ValueName > NoDefaultBookmarks < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \\Policies \\Mozilla \\Firefox < / Key >
< ValueName > OfferToSaveLogins < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \\Policies \\Mozilla \\Firefox < / Key >
< ValueName > OfferToSaveLoginsDefault < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \\Policies \\Mozilla \\Firefox < / Key >
< ValueName > OverrideFirstRunPage < / ValueName >
< Value > http : / / example . org < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \\Policies \\Mozilla \\Firefox < / Key >
< ValueName > OverridePostUpdatePage < / ValueName >
< Value > http : / / example . org < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \\Policies \\Mozilla \\Firefox < / Key >
< ValueName > PasswordManagerEnabled < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 7 " type_name = " REG_MULTI_SZ " >
< Key > Software \\Policies \\Mozilla \\Firefox < / Key >
< ValueName > Preferences < / ValueName >
< Value > { & quot ; accessibility . force_disabled & quot ; : { & quot ; Value & quot ; : 1 , & quot ; Status & quot ; : & quot ; default & quot ; } , & quot ; browser . cache . disk . parent_directory & quot ; : { & quot ; Value & quot ; : & quot ; SOME_NATIVE_PATH & quot ; , & quot ; Status & quot ; : & quot ; user & quot ; } , & quot ; browser . tabs . warnOnClose & quot ; : { & quot ; Value & quot ; : false , & quot ; Status & quot ; : & quot ; locked & quot ; } } < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \\Policies \\Mozilla \\Firefox < / Key >
< ValueName > PrimaryPassword < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \\Policies \\Mozilla \\Firefox < / Key >
< ValueName > PromptForDownloadLocation < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \\Policies \\Mozilla \\Firefox \\RequestedLocales < / Key >
< ValueName > * * delvals . < / ValueName >
< Value > < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \\Policies \\Mozilla \\Firefox \\RequestedLocales < / Key >
< ValueName > 1 < / ValueName >
< Value > de < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \\Policies \\Mozilla \\Firefox \\RequestedLocales < / Key >
< ValueName > 2 < / ValueName >
< Value > en - US < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \\Policies \\Mozilla \\Firefox < / Key >
< ValueName > SSLVersionMax < / ValueName >
< Value > tls1 .3 < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \\Policies \\Mozilla \\Firefox < / Key >
< ValueName > SSLVersionMin < / ValueName >
< Value > tls1 .3 < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \\Policies \\Mozilla \\Firefox < / Key >
< ValueName > SearchBar < / ValueName >
< Value > unified < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \\Policies \\Mozilla \\Firefox \\Authentication < / Key >
< ValueName > Locked < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \\Policies \\Mozilla \\Firefox \\Authentication < / Key >
< ValueName > PrivateBrowsing < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \\Policies \\Mozilla \\Firefox \\Authentication \\AllowNonFQDN < / Key >
< ValueName > NTLM < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \\Policies \\Mozilla \\Firefox \\Authentication \\AllowNonFQDN < / Key >
< ValueName > SPNEGO < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \\Policies \\Mozilla \\Firefox \\Authentication \\AllowProxies < / Key >
< ValueName > NTLM < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \\Policies \\Mozilla \\Firefox \\Authentication \\AllowProxies < / Key >
< ValueName > SPNEGO < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \\Policies \\Mozilla \\Firefox \\Authentication \\Delegated < / Key >
< ValueName > * * delvals . < / ValueName >
< Value > < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \\Policies \\Mozilla \\Firefox \\Authentication \\Delegated < / Key >
< ValueName > 1 < / ValueName >
< Value > mydomain . com < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \\Policies \\Mozilla \\Firefox \\Authentication \\Delegated < / Key >
< ValueName > 1 < / ValueName >
< Value > https : / / myotherdomain . com < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \\Policies \\Mozilla \\Firefox \\Authentication \\NTLM < / Key >
< ValueName > * * delvals . < / ValueName >
< Value > < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \\Policies \\Mozilla \\Firefox \\Authentication \\NTLM < / Key >
< ValueName > 1 < / ValueName >
< Value > mydomain . com < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \\Policies \\Mozilla \\Firefox \\Authentication \\NTLM < / Key >
< ValueName > 1 < / ValueName >
< Value > https : / / myotherdomain . com < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \\Policies \\Mozilla \\Firefox \\Authentication \\SPNEGO < / Key >
< ValueName > * * delvals . < / ValueName >
< Value > < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \\Policies \\Mozilla \\Firefox \\Authentication \\SPNEGO < / Key >
< ValueName > 1 < / ValueName >
< Value > mydomain . com < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \\Policies \\Mozilla \\Firefox \\Authentication \\SPNEGO < / Key >
< ValueName > 1 < / ValueName >
< Value > https : / / myotherdomain . com < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \\Policies \\Mozilla \\Firefox \\Bookmarks \\1 < / Key >
< ValueName > Title < / ValueName >
< Value > Example < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \\Policies \\Mozilla \\Firefox \\Bookmarks \\1 < / Key >
< ValueName > URL < / ValueName >
< Value > https : / / example . com < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \\Policies \\Mozilla \\Firefox \\Bookmarks \\1 < / Key >
< ValueName > Favicon < / ValueName >
< Value > https : / / example . com / favicon . ico < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \\Policies \\Mozilla \\Firefox \\Bookmarks \\1 < / Key >
< ValueName > Placement < / ValueName >
< Value > menu < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \\Policies \\Mozilla \\Firefox \\Bookmarks \\1 < / Key >
< ValueName > Folder < / ValueName >
< Value > FolderName < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \\Policies \\Mozilla \\Firefox \\Bookmarks \\10 < / Key >
< ValueName > Title < / ValueName >
< Value > Samba < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \\Policies \\Mozilla \\Firefox \\Bookmarks \\10 < / Key >
< ValueName > URL < / ValueName >
< Value > www . samba . org < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \\Policies \\Mozilla \\Firefox \\Bookmarks \\10 < / Key >
< ValueName > Favicon < / ValueName >
< Value / >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \\Policies \\Mozilla \\Firefox \\Bookmarks \\10 < / Key >
< ValueName > Placement < / ValueName >
< Value > toolbar < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \\Policies \\Mozilla \\Firefox \\Bookmarks \\10 < / Key >
< ValueName > Folder < / ValueName >
< Value / >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \\Policies \\Mozilla \\Firefox \\Cookies < / Key >
< ValueName > AcceptThirdParty < / ValueName >
< Value > never < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \\Policies \\Mozilla \\Firefox \\Cookies < / Key >
< ValueName > Default < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \\Policies \\Mozilla \\Firefox \\Cookies < / Key >
< ValueName > ExpireAtSessionEnd < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \\Policies \\Mozilla \\Firefox \\Cookies < / Key >
< ValueName > Locked < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \\Policies \\Mozilla \\Firefox \\Cookies < / Key >
< ValueName > RejectTracker < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \\Policies \\Mozilla \\Firefox \\Cookies \\Allow < / Key >
< ValueName > * * delvals . < / ValueName >
< Value > < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \\Policies \\Mozilla \\Firefox \\Cookies \\Allow < / Key >
< ValueName > 1 < / ValueName >
< Value > http : / / example . org / < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \\Policies \\Mozilla \\Firefox \\Cookies \\AllowSession < / Key >
< ValueName > * * delvals . < / ValueName >
< Value > < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \\Policies \\Mozilla \\Firefox \\Cookies \\AllowSession < / Key >
< ValueName > 1 < / ValueName >
< Value > http : / / example . edu / < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \\Policies \\Mozilla \\Firefox \\Cookies \\Block < / Key >
< ValueName > * * delvals . < / ValueName >
< Value > < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \\Policies \\Mozilla \\Firefox \\Cookies \\Block < / Key >
< ValueName > 1 < / ValueName >
< Value > http : / / example . edu / < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \\Policies \\Mozilla \\Firefox \\DisabledCiphers < / Key >
< ValueName > TLS_DHE_RSA_WITH_AES_128_CBC_SHA < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \\Policies \\Mozilla \\Firefox \\DisabledCiphers < / Key >
< ValueName > TLS_DHE_RSA_WITH_AES_256_CBC_SHA < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \\Policies \\Mozilla \\Firefox \\DisabledCiphers < / Key >
< ValueName > TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \\Policies \\Mozilla \\Firefox \\DisabledCiphers < / Key >
< ValueName > TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \\Policies \\Mozilla \\Firefox \\DisabledCiphers < / Key >
< ValueName > TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \\Policies \\Mozilla \\Firefox \\DisabledCiphers < / Key >
< ValueName > TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \\Policies \\Mozilla \\Firefox \\DisabledCiphers < / Key >
< ValueName > TLS_RSA_WITH_3DES_EDE_CBC_SHA < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \\Policies \\Mozilla \\Firefox \\DisabledCiphers < / Key >
< ValueName > TLS_RSA_WITH_AES_128_CBC_SHA < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \\Policies \\Mozilla \\Firefox \\DisabledCiphers < / Key >
< ValueName > TLS_RSA_WITH_AES_128_GCM_SHA256 < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \\Policies \\Mozilla \\Firefox \\DisabledCiphers < / Key >
< ValueName > TLS_RSA_WITH_AES_256_CBC_SHA < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \\Policies \\Mozilla \\Firefox \\DisabledCiphers < / Key >
< ValueName > TLS_RSA_WITH_AES_256_GCM_SHA384 < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \\Policies \\Mozilla \\Firefox \\DisableSecurityBypass < / Key >
< ValueName > InvalidCertificate < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \\Policies \\Mozilla \\Firefox \\DisableSecurityBypass < / Key >
< ValueName > SafeBrowsing < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \\Policies \\Mozilla \\Firefox \\DNSOverHTTPS < / Key >
< ValueName > Enabled < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \\Policies \\Mozilla \\Firefox \\DNSOverHTTPS < / Key >
< ValueName > Locked < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \\Policies \\Mozilla \\Firefox \\DNSOverHTTPS < / Key >
< ValueName > ProviderURL < / ValueName >
< Value > URL_TO_ALTERNATE_PROVIDER < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \\Policies \\Mozilla \\Firefox \\DNSOverHTTPS \\ExcludedDomains < / Key >
< ValueName > * * delvals . < / ValueName >
< Value > < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \\Policies \\Mozilla \\Firefox \\DNSOverHTTPS \\ExcludedDomains < / Key >
< ValueName > 1 < / ValueName >
< Value > example . com < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \\Policies \\Mozilla \\Firefox \\EnableTrackingProtection < / Key >
< ValueName > Value < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \\Policies \\Mozilla \\Firefox \\EnableTrackingProtection < / Key >
< ValueName > Cryptomining < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \\Policies \\Mozilla \\Firefox \\EnableTrackingProtection < / Key >
< ValueName > Fingerprinting < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \\Policies \\Mozilla \\Firefox \\EnableTrackingProtection < / Key >
< ValueName > Locked < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \\Policies \\Mozilla \\Firefox \\EnableTrackingProtection \\Exceptions < / Key >
< ValueName > * * delvals . < / ValueName >
< Value > < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \\Policies \\Mozilla \\Firefox \\EnableTrackingProtection \\Exceptions < / Key >
< ValueName > 1 < / ValueName >
< Value > https : / / example . com < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \\Policies \\Mozilla \\Firefox \\EncryptedMediaExtensions < / Key >
< ValueName > Enabled < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \\Policies \\Mozilla \\Firefox \\EncryptedMediaExtensions < / Key >
< ValueName > Locked < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \\Policies \\Mozilla \\Firefox \\Extensions \\Install < / Key >
< ValueName > * * delvals . < / ValueName >
< Value > < / Value >
< / Entry >
< Entry type = " 2 " type_name = " REG_EXPAND_SZ " >
< Key > Software \\Policies \\Mozilla \\Firefox \\Extensions \\Install < / Key >
< ValueName > 1 < / ValueName >
< Value > https : / / addons . mozilla . org / firefox / downloads / somefile . xpi < / Value >
< / Entry >
< Entry type = " 2 " type_name = " REG_EXPAND_SZ " >
< Key > Software \\Policies \\Mozilla \\Firefox \\Extensions \\Install < / Key >
< ValueName > 2 < / ValueName >
< Value > / / path / to / xpi < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \\Policies \\Mozilla \\Firefox \\Extensions \\Locked < / Key >
< ValueName > * * delvals . < / ValueName >
< Value > < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \\Policies \\Mozilla \\Firefox \\Extensions \\Locked < / Key >
< ValueName > 1 < / ValueName >
< Value > addon_id @mozilla.org < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \\Policies \\Mozilla \\Firefox \\Extensions \\Uninstall < / Key >
< ValueName > * * delvals . < / ValueName >
< Value > < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \\Policies \\Mozilla \\Firefox \\Extensions \\Uninstall < / Key >
< ValueName > 1 < / ValueName >
< Value > bad_addon_id @mozilla.org < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \\Policies \\Mozilla \\Firefox \\FirefoxHome < / Key >
< ValueName > Search < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \\Policies \\Mozilla \\Firefox \\FirefoxHome < / Key >
< ValueName > TopSites < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \\Policies \\Mozilla \\Firefox \\FirefoxHome < / Key >
< ValueName > Highlights < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \\Policies \\Mozilla \\Firefox \\FirefoxHome < / Key >
< ValueName > Pocket < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \\Policies \\Mozilla \\Firefox \\FirefoxHome < / Key >
< ValueName > Snippets < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \\Policies \\Mozilla \\Firefox \\FirefoxHome < / Key >
< ValueName > Locked < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \\Policies \\Mozilla \\Firefox \\FlashPlugin < / Key >
< ValueName > Default < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \\Policies \\Mozilla \\Firefox \\FlashPlugin < / Key >
< ValueName > Locked < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \\Policies \\Mozilla \\Firefox \\FlashPlugin \\Allow < / Key >
< ValueName > * * delvals . < / ValueName >
< Value > < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \\Policies \\Mozilla \\Firefox \\FlashPlugin \\Allow < / Key >
< ValueName > 1 < / ValueName >
< Value > http : / / example . org / < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \\Policies \\Mozilla \\Firefox \\FlashPlugin \\Block < / Key >
< ValueName > * * delvals . < / ValueName >
< Value > < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \\Policies \\Mozilla \\Firefox \\FlashPlugin \\Block < / Key >
< ValueName > 1 < / ValueName >
< Value > http : / / example . edu / < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \\Policies \\Mozilla \\Firefox \\Homepage < / Key >
< ValueName > StartPage < / ValueName >
< Value > homepage < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \\Policies \\Mozilla \\Firefox \\Homepage < / Key >
< ValueName > URL < / ValueName >
< Value > http : / / example . com / < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \\Policies \\Mozilla \\Firefox \\Homepage < / Key >
< ValueName > Locked < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \\Policies \\Mozilla \\Firefox \\Homepage \\Additional < / Key >
< ValueName > * * delvals . < / ValueName >
< Value > < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \\Policies \\Mozilla \\Firefox \\Homepage \\Additional < / Key >
< ValueName > 1 < / ValueName >
< Value > http : / / example . org / < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \\Policies \\Mozilla \\Firefox \\Homepage \\Additional < / Key >
< ValueName > 2 < / ValueName >
< Value > http : / / example . edu / < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \\Policies \\Mozilla \\Firefox \\InstallAddonsPermission < / Key >
< ValueName > Default < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \\Policies \\Mozilla \\Firefox \\InstallAddonsPermission \\Allow < / Key >
< ValueName > * * delvals . < / ValueName >
< Value > < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \\Policies \\Mozilla \\Firefox \\InstallAddonsPermission \\Allow < / Key >
< ValueName > 1 < / ValueName >
< Value > http : / / example . org / < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \\Policies \\Mozilla \\Firefox \\InstallAddonsPermission \\Allow < / Key >
< ValueName > 2 < / ValueName >
< Value > http : / / example . edu / < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \\Policies \\Mozilla \\Firefox \\LocalFileLinks < / Key >
< ValueName > * * delvals . < / ValueName >
< Value > < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \\Policies \\Mozilla \\Firefox \\LocalFileLinks < / Key >
< ValueName > 1 < / ValueName >
< Value > http : / / example . org / < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \\Policies \\Mozilla \\Firefox \\LocalFileLinks < / Key >
< ValueName > 2 < / ValueName >
< Value > http : / / example . edu / < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \\Policies \\Mozilla \\Firefox \\PDFjs < / Key >
< ValueName > EnablePermissions < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \\Policies \\Mozilla \\Firefox \\PDFjs < / Key >
< ValueName > Enabled < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \\Policies \\Mozilla \\Firefox \\Permissions \\Autoplay < / Key >
< ValueName > Default < / ValueName >
< Value > block - audio < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \\Policies \\Mozilla \\Firefox \\Permissions \\Autoplay < / Key >
< ValueName > Locked < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \\Policies \\Mozilla \\Firefox \\Permissions \\Autoplay \\Allow < / Key >
< ValueName > * * delvals . < / ValueName >
< Value > < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \\Policies \\Mozilla \\Firefox \\Permissions \\Autoplay \\Allow < / Key >
< ValueName > 1 < / ValueName >
< Value > https : / / example . org < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \\Policies \\Mozilla \\Firefox \\Permissions \\Autoplay \\Block < / Key >
< ValueName > * * delvals . < / ValueName >
< Value > < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \\Policies \\Mozilla \\Firefox \\Permissions \\Autoplay \\Block < / Key >
< ValueName > 1 < / ValueName >
< Value > https : / / example . edu < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \\Policies \\Mozilla \\Firefox \\Permissions \\Camera < / Key >
< ValueName > BlockNewRequests < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \\Policies \\Mozilla \\Firefox \\Permissions \\Camera < / Key >
< ValueName > Locked < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \\Policies \\Mozilla \\Firefox \\Permissions \\Camera \\Allow < / Key >
< ValueName > * * delvals . < / ValueName >
< Value > < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \\Policies \\Mozilla \\Firefox \\Permissions \\Camera \\Allow < / Key >
< ValueName > 1 < / ValueName >
< Value > https : / / example . org < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \\Policies \\Mozilla \\Firefox \\Permissions \\Camera \\Allow < / Key >
< ValueName > 2 < / ValueName >
< Value > https : / / example . org : 1234 < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \\Policies \\Mozilla \\Firefox \\Permissions \\Camera \\Block < / Key >
< ValueName > * * delvals . < / ValueName >
< Value > < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \\Policies \\Mozilla \\Firefox \\Permissions \\Camera \\Block < / Key >
< ValueName > 1 < / ValueName >
< Value > https : / / example . edu < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \\Policies \\Mozilla \\Firefox \\Permissions \\Location < / Key >
< ValueName > BlockNewRequests < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \\Policies \\Mozilla \\Firefox \\Permissions \\Location < / Key >
< ValueName > Locked < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \\Policies \\Mozilla \\Firefox \\Permissions \\Location \\Allow < / Key >
< ValueName > * * delvals . < / ValueName >
< Value > < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \\Policies \\Mozilla \\Firefox \\Permissions \\Location \\Allow < / Key >
< ValueName > 1 < / ValueName >
< Value > https : / / example . org < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \\Policies \\Mozilla \\Firefox \\Permissions \\Location \\Block < / Key >
< ValueName > * * delvals . < / ValueName >
< Value > < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \\Policies \\Mozilla \\Firefox \\Permissions \\Location \\Block < / Key >
< ValueName > 1 < / ValueName >
< Value > https : / / example . edu < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \\Policies \\Mozilla \\Firefox \\Permissions \\Microphone < / Key >
< ValueName > BlockNewRequests < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \\Policies \\Mozilla \\Firefox \\Permissions \\Microphone < / Key >
< ValueName > Locked < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \\Policies \\Mozilla \\Firefox \\Permissions \\Microphone \\Allow < / Key >
< ValueName > * * delvals . < / ValueName >
< Value > < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \\Policies \\Mozilla \\Firefox \\Permissions \\Microphone \\Allow < / Key >
< ValueName > 1 < / ValueName >
< Value > https : / / example . org < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \\Policies \\Mozilla \\Firefox \\Permissions \\Microphone \\Block < / Key >
< ValueName > * * delvals . < / ValueName >
< Value > < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \\Policies \\Mozilla \\Firefox \\Permissions \\Microphone \\Block < / Key >
< ValueName > 1 < / ValueName >
< Value > https : / / example . edu < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \\Policies \\Mozilla \\Firefox \\Permissions \\Notifications < / Key >
< ValueName > BlockNewRequests < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \\Policies \\Mozilla \\Firefox \\Permissions \\Notifications < / Key >
< ValueName > Locked < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \\Policies \\Mozilla \\Firefox \\Permissions \\Notifications \\Allow < / Key >
< ValueName > * * delvals . < / ValueName >
< Value > < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \\Policies \\Mozilla \\Firefox \\Permissions \\Notifications \\Allow < / Key >
< ValueName > 1 < / ValueName >
< Value > https : / / example . org < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \\Policies \\Mozilla \\Firefox \\Permissions \\Notifications \\Block < / Key >
< ValueName > * * delvals . < / ValueName >
< Value > < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \\Policies \\Mozilla \\Firefox \\Permissions \\Notifications \\Block < / Key >
< ValueName > 1 < / ValueName >
< Value > https : / / example . edu < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \\Policies \\Mozilla \\Firefox \\Permissions \\VirtualReality < / Key >
< ValueName > BlockNewRequests < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \\Policies \\Mozilla \\Firefox \\Permissions \\VirtualReality < / Key >
< ValueName > Locked < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \\Policies \\Mozilla \\Firefox \\Permissions \\VirtualReality \\Allow < / Key >
< ValueName > * * delvals . < / ValueName >
< Value > < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \\Policies \\Mozilla \\Firefox \\Permissions \\VirtualReality \\Allow < / Key >
< ValueName > 1 < / ValueName >
< Value > https : / / example . org < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \\Policies \\Mozilla \\Firefox \\Permissions \\VirtualReality \\Block < / Key >
< ValueName > * * delvals . < / ValueName >
< Value > < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \\Policies \\Mozilla \\Firefox \\Permissions \\VirtualReality \\Block < / Key >
< ValueName > 1 < / ValueName >
< Value > https : / / example . edu < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \\Policies \\Mozilla \\Firefox \\PictureInPicture < / Key >
< ValueName > Enabled < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \\Policies \\Mozilla \\Firefox \\PictureInPicture < / Key >
< ValueName > Locked < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \\Policies \\Mozilla \\Firefox \\PopupBlocking < / Key >
< ValueName > Default < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \\Policies \\Mozilla \\Firefox \\PopupBlocking < / Key >
< ValueName > Locked < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \\Policies \\Mozilla \\Firefox \\PopupBlocking \\Allow < / Key >
< ValueName > * * delvals . < / ValueName >
< Value > < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \\Policies \\Mozilla \\Firefox \\PopupBlocking \\Allow < / Key >
< ValueName > 1 < / ValueName >
< Value > http : / / example . org / < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \\Policies \\Mozilla \\Firefox \\PopupBlocking \\Allow < / Key >
< ValueName > 2 < / ValueName >
< Value > http : / / example . edu / < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \\Policies \\Mozilla \\Firefox \\Proxy < / Key >
< ValueName > Locked < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \\Policies \\Mozilla \\Firefox \\Proxy < / Key >
< ValueName > Mode < / ValueName >
< Value > autoDetect < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \\Policies \\Mozilla \\Firefox \\Proxy < / Key >
< ValueName > HTTPProxy < / ValueName >
< Value > hostname < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \\Policies \\Mozilla \\Firefox \\Proxy < / Key >
< ValueName > UseHTTPProxyForAllProtocols < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \\Policies \\Mozilla \\Firefox \\Proxy < / Key >
< ValueName > SSLProxy < / ValueName >
< Value > hostname < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \\Policies \\Mozilla \\Firefox \\Proxy < / Key >
< ValueName > FTPProxy < / ValueName >
< Value > hostname < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \\Policies \\Mozilla \\Firefox \\Proxy < / Key >
< ValueName > SOCKSProxy < / ValueName >
< Value > hostname < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \\Policies \\Mozilla \\Firefox \\Proxy < / Key >
< ValueName > SOCKSVersion < / ValueName >
< Value > 5 < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \\Policies \\Mozilla \\Firefox \\Proxy < / Key >
< ValueName > Passthrough < / ValueName >
< Value > & lt ; local & gt ; < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \\Policies \\Mozilla \\Firefox \\Proxy < / Key >
< ValueName > AutoConfigURL < / ValueName >
< Value > URL_TO_AUTOCONFIG < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \\Policies \\Mozilla \\Firefox \\Proxy < / Key >
< ValueName > AutoLogin < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \\Policies \\Mozilla \\Firefox \\Proxy < / Key >
< ValueName > UseProxyForDNS < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \\Policies \\Mozilla \\Firefox < / Key >
< ValueName > SanitizeOnShutdown < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \\Policies \\Mozilla \\Firefox \\SearchEngines < / Key >
< ValueName > Default < / ValueName >
< Value > Google < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \\Policies \\Mozilla \\Firefox \\SearchEngines < / Key >
< ValueName > PreventInstalls < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \\Policies \\Mozilla \\Firefox \\SearchEngines \\Add \\1 < / Key >
< ValueName > Name < / ValueName >
< Value > Example1 < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \\Policies \\Mozilla \\Firefox \\SearchEngines \\Add \\1 < / Key >
< ValueName > URLTemplate < / ValueName >
< Value > https : / / www . example . org / q = { searchTerms } < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \\Policies \\Mozilla \\Firefox \\SearchEngines \\Add \\1 < / Key >
< ValueName > Method < / ValueName >
< Value > POST < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \\Policies \\Mozilla \\Firefox \\SearchEngines \\Add \\1 < / Key >
< ValueName > IconURL < / ValueName >
< Value > https : / / www . example . org / favicon . ico < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \\Policies \\Mozilla \\Firefox \\SearchEngines \\Add \\1 < / Key >
< ValueName > Alias < / ValueName >
< Value > example < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \\Policies \\Mozilla \\Firefox \\SearchEngines \\Add \\1 < / Key >
< ValueName > Description < / ValueName >
< Value > Description < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \\Policies \\Mozilla \\Firefox \\SearchEngines \\Add \\1 < / Key >
< ValueName > SuggestURLTemplate < / ValueName >
< Value > https : / / www . example . org / suggestions / q = { searchTerms } < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \\Policies \\Mozilla \\Firefox \\SearchEngines \\Add \\1 < / Key >
< ValueName > PostData < / ValueName >
< Value > name = value & amp ; q = { searchTerms } < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \\Policies \\Mozilla \\Firefox \\SearchEngines \\Remove < / Key >
< ValueName > * * delvals . < / ValueName >
< Value > < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \\Policies \\Mozilla \\Firefox \\SearchEngines \\Remove < / Key >
< ValueName > 1 < / ValueName >
< Value > Bing < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \\Policies \\Mozilla \\Firefox \\SupportMenu < / Key >
< ValueName > Title < / ValueName >
< Value > Support Menu < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \\Policies \\Mozilla \\Firefox \\SupportMenu < / Key >
< ValueName > URL < / ValueName >
< Value > http : / / example . com / support < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \\Policies \\Mozilla \\Firefox \\SupportMenu < / Key >
< ValueName > AccessKey < / ValueName >
< Value > S < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \\Policies \\Mozilla \\Firefox \\UserMessaging < / Key >
< ValueName > ExtensionRecommendations < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \\Policies \\Mozilla \\Firefox \\UserMessaging < / Key >
< ValueName > FeatureRecommendations < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \\Policies \\Mozilla \\Firefox \\UserMessaging < / Key >
< ValueName > WhatsNew < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \\Policies \\Mozilla \\Firefox \\UserMessaging < / Key >
< ValueName > UrlbarInterventions < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \\Policies \\Mozilla \\Firefox \\UserMessaging < / Key >
< ValueName > SkipOnboarding < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \\Policies \\Mozilla \\Firefox \\WebsiteFilter \\Block < / Key >
< ValueName > * * delvals . < / ValueName >
< Value > < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \\Policies \\Mozilla \\Firefox \\WebsiteFilter \\Block < / Key >
< ValueName > 1 < / ValueName >
< Value > & lt ; all_urls & gt ; < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \\Policies \\Mozilla \\Firefox \\WebsiteFilter \\Exceptions < / Key >
< ValueName > * * delvals . < / ValueName >
< Value > < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \\Policies \\Mozilla \\Firefox \\WebsiteFilter \\Exceptions < / Key >
< ValueName > 1 < / ValueName >
< Value > http : / / example . org / * < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \\Policies \\Mozilla \\Firefox < / Key >
< ValueName > AllowedDomainsForApps < / ValueName >
< Value > managedfirefox . com , example . com < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \\Policies \\Mozilla \\Firefox < / Key >
< ValueName > BackgroundAppUpdate < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \\Policies \\Mozilla \\Firefox \\Certificates < / Key >
< ValueName > ImportEnterpriseRoots < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \\Policies \\Mozilla \\Firefox \\Certificates \\Install < / Key >
< ValueName > * * delvals . < / ValueName >
< Value > < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \\Policies \\Mozilla \\Firefox \\Certificates \\Install < / Key >
< ValueName > 1 < / ValueName >
< Value > cert1 . der < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \\Policies \\Mozilla \\Firefox \\Certificates \\Install < / Key >
< ValueName > 2 < / ValueName >
< Value > / home / username / cert2 . pem < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \\Policies \\Mozilla \\Firefox \\SecurityDevices < / Key >
< ValueName > NAME_OF_DEVICE < / ValueName >
< Value > PATH_TO_LIBRARY_FOR_DEVICE < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \\Policies \\Mozilla \\Firefox < / Key >
< ValueName > ShowHomeButton < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 7 " type_name = " REG_MULTI_SZ " >
< Key > Software \\Policies \\Mozilla \\Firefox < / Key >
< ValueName > AutoLaunchProtocolsFromOrigins < / ValueName >
< Value > [ { & quot ; protocol & quot ; : & quot ; zoommtg & quot ; , & quot ; allowed_origins & quot ; : [ & quot ; https : / / somesite . zoom . us & quot ; ] } ] < / Value >
< / Entry >
< / PolFile >
"""
firefox_json_expected = \
"""
{
" policies " : {
" AppAutoUpdate " : true ,
" AllowedDomainsForApps " : " managedfirefox.com,example.com " ,
" AppUpdateURL " : " https://yoursite.com " ,
" Authentication " : {
" SPNEGO " : [
" mydomain.com " ,
" https://myotherdomain.com "
] ,
" Delegated " : [
" mydomain.com " ,
" https://myotherdomain.com "
] ,
" NTLM " : [
" mydomain.com " ,
" https://myotherdomain.com "
] ,
" AllowNonFQDN " : {
" SPNEGO " : true ,
" NTLM " : true
} ,
" AllowProxies " : {
" SPNEGO " : true ,
" NTLM " : true
} ,
" Locked " : true ,
" PrivateBrowsing " : true
} ,
" AutoLaunchProtocolsFromOrigins " : [
{
" protocol " : " zoommtg " ,
" allowed_origins " : [
" https://somesite.zoom.us "
]
}
] ,
" BackgroundAppUpdate " : true ,
" BlockAboutAddons " : true ,
" BlockAboutConfig " : true ,
" BlockAboutProfiles " : true ,
" BlockAboutSupport " : true ,
" Bookmarks " : [
{
" Title " : " Example " ,
" URL " : " https://example.com " ,
" Favicon " : " https://example.com/favicon.ico " ,
" Placement " : " menu " ,
" Folder " : " FolderName "
} ,
{
" Title " : " Samba " ,
" URL " : " www.samba.org " ,
" Favicon " : " " ,
" Placement " : " toolbar " ,
" Folder " : " "
}
] ,
" CaptivePortal " : true ,
" Certificates " : {
" ImportEnterpriseRoots " : true ,
" Install " : [
" cert1.der " ,
" /home/username/cert2.pem "
]
} ,
" Cookies " : {
" Allow " : [
" http://example.org/ "
] ,
" AllowSession " : [
" http://example.edu/ "
] ,
" Block " : [
" http://example.edu/ "
] ,
" Default " : true ,
" AcceptThirdParty " : " never " ,
" ExpireAtSessionEnd " : true ,
" RejectTracker " : true ,
" Locked " : true
} ,
" DisableSetDesktopBackground " : true ,
" DisableMasterPasswordCreation " : true ,
" DisableAppUpdate " : true ,
" DisableBuiltinPDFViewer " : true ,
" DisabledCiphers " : {
" TLS_DHE_RSA_WITH_AES_128_CBC_SHA " : true ,
" TLS_DHE_RSA_WITH_AES_256_CBC_SHA " : true ,
" TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA " : true ,
" TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA " : true ,
" TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 " : true ,
" TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 " : true ,
" TLS_RSA_WITH_AES_128_CBC_SHA " : true ,
" TLS_RSA_WITH_AES_256_CBC_SHA " : true ,
" TLS_RSA_WITH_3DES_EDE_CBC_SHA " : true ,
" TLS_RSA_WITH_AES_128_GCM_SHA256 " : true ,
" TLS_RSA_WITH_AES_256_GCM_SHA384 " : true
} ,
" DisableDefaultBrowserAgent " : true ,
" DisableDeveloperTools " : true ,
" DisableFeedbackCommands " : true ,
" DisableFirefoxScreenshots " : true ,
" DisableFirefoxAccounts " : true ,
" DisableFirefoxStudies " : true ,
" DisableForgetButton " : true ,
" DisableFormHistory " : true ,
" DisablePasswordReveal " : true ,
" DisablePocket " : true ,
" DisablePrivateBrowsing " : true ,
" DisableProfileImport " : true ,
" DisableProfileRefresh " : true ,
" DisableSafeMode " : true ,
" DisableSecurityBypass " : {
" InvalidCertificate " : true ,
" SafeBrowsing " : true
} ,
" DisableSystemAddonUpdate " : true ,
" DisableTelemetry " : true ,
" DisplayBookmarksToolbar " : true ,
" DisplayMenuBar " : " default-on " ,
" DNSOverHTTPS " : {
" Enabled " : true ,
" ProviderURL " : " URL_TO_ALTERNATE_PROVIDER " ,
" Locked " : true ,
" ExcludedDomains " : [
" example.com "
]
} ,
" DontCheckDefaultBrowser " : true ,
" EnableTrackingProtection " : {
" Value " : true ,
" Locked " : true ,
" Cryptomining " : true ,
" Fingerprinting " : true ,
" Exceptions " : [
" https://example.com "
]
} ,
" EncryptedMediaExtensions " : {
" Enabled " : true ,
" Locked " : true
} ,
" Extensions " : {
" Install " : [
" https://addons.mozilla.org/firefox/downloads/somefile.xpi " ,
" //path/to/xpi "
] ,
" Uninstall " : [
" bad_addon_id@mozilla.org "
] ,
" Locked " : [
" addon_id@mozilla.org "
]
} ,
" ExtensionSettings " : {
" * " : {
" blocked_install_message " : " Custom error message. " ,
" install_sources " : [
" about:addons " ,
" https://addons.mozilla.org/ "
] ,
" installation_mode " : " blocked " ,
" allowed_types " : [
" extension "
]
} ,
" uBlock0@raymondhill.net " : {
" installation_mode " : " force_installed " ,
" install_url " : " https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi "
} ,
" https-everywhere@eff.org " : {
" installation_mode " : " allowed "
}
} ,
" ExtensionUpdate " : true ,
" FlashPlugin " : {
" Allow " : [
" http://example.org/ "
] ,
" Block " : [
" http://example.edu/ "
] ,
" Default " : true ,
" Locked " : true
} ,
" Handlers " : {
" mimeTypes " : {
" application/msword " : {
" action " : " useSystemDefault " ,
" ask " : true
}
} ,
" schemes " : {
" mailto " : {
" action " : " useHelperApp " ,
" ask " : true ,
" handlers " : [
{
" name " : " Gmail " ,
" uriTemplate " : " https://mail.google.com/mail/?extsrc=mailto&url= %s "
}
]
}
} ,
" extensions " : {
" pdf " : {
" action " : " useHelperApp " ,
" ask " : true ,
" handlers " : [
{
" name " : " Adobe Acrobat " ,
" path " : " /usr/bin/acroread "
}
]
}
}
} ,
" FirefoxHome " : {
" Search " : true ,
" TopSites " : true ,
" Highlights " : true ,
" Pocket " : true ,
" Snippets " : true ,
" Locked " : true
} ,
" HardwareAcceleration " : true ,
" Homepage " : {
" URL " : " http://example.com/ " ,
" Locked " : true ,
" Additional " : [
" http://example.org/ " ,
" http://example.edu/ "
] ,
" StartPage " : " homepage "
} ,
" InstallAddonsPermission " : {
" Allow " : [
" http://example.org/ " ,
" http://example.edu/ "
] ,
" Default " : true
} ,
" LocalFileLinks " : [
" http://example.org/ " ,
" http://example.edu/ "
] ,
" ManagedBookmarks " : [
{
" toplevel_name " : " My managed bookmarks folder "
} ,
{
" url " : " example.com " ,
" name " : " Example "
} ,
{
" name " : " Mozilla links " ,
" children " : [
{
" url " : " https://mozilla.org " ,
" name " : " Mozilla.org "
} ,
{
" url " : " https://support.mozilla.org/ " ,
" name " : " SUMO "
}
]
}
] ,
" PrimaryPassword " : true ,
" NoDefaultBookmarks " : true ,
" OfferToSaveLogins " : true ,
" OfferToSaveLoginsDefault " : true ,
" OverrideFirstRunPage " : " http://example.org " ,
" OverridePostUpdatePage " : " http://example.org " ,
" PasswordManagerEnabled " : true ,
" PSFjs " : {
" Enabled " : true ,
" EnablePermissions " : true
} ,
" Permissions " : {
" Camera " : {
" Allow " : [
" https://example.org " ,
" https://example.org:1234 "
] ,
" Block " : [
" https://example.edu "
] ,
" BlockNewRequests " : true ,
" Locked " : true
} ,
" Microphone " : {
" Allow " : [
" https://example.org "
] ,
" Block " : [
" https://example.edu "
] ,
" BlockNewRequests " : true ,
" Locked " : true
} ,
" Location " : {
" Allow " : [
" https://example.org "
] ,
" Block " : [
" https://example.edu "
] ,
" BlockNewRequests " : true ,
" Locked " : true
} ,
" Notifications " : {
" Allow " : [
" https://example.org "
] ,
" Block " : [
" https://example.edu "
] ,
" BlockNewRequests " : true ,
" Locked " : true
} ,
" Autoplay " : {
" Allow " : [
" https://example.org "
] ,
" Block " : [
" https://example.edu "
] ,
" Default " : " block-audio " ,
" Locked " : true
} ,
" VirtualReality " : {
" Allow " : [
" https://example.org "
] ,
" Block " : [
" https://example.edu "
] ,
" BlockNewRequests " : true ,
" Locked " : true
}
} ,
" PictureInPicture " : {
" Enabled " : true ,
" Locked " : true
} ,
" PopupBlocking " : {
" Allow " : [
" http://example.org/ " ,
" http://example.edu/ "
] ,
" Default " : true ,
" Locked " : true
} ,
" Preferences " : {
" accessibility.force_disabled " : {
" Value " : 1 ,
" Status " : " default "
} ,
" browser.cache.disk.parent_directory " : {
" Value " : " SOME_NATIVE_PATH " ,
" Status " : " user "
} ,
" browser.tabs.warnOnClose " : {
" Value " : false ,
" Status " : " locked "
}
} ,
" PromptForDownloadLocation " : true ,
" Proxy " : {
" Mode " : " autoDetect " ,
" Locked " : true ,
" HTTPProxy " : " hostname " ,
" UseHTTPProxyForAllProtocols " : true ,
" SSLProxy " : " hostname " ,
" FTPProxy " : " hostname " ,
" SOCKSProxy " : " hostname " ,
" SOCKSVersion " : 5 ,
" Passthrough " : " <local> " ,
" AutoConfigURL " : " URL_TO_AUTOCONFIG " ,
" AutoLogin " : true ,
" UseProxyForDNS " : true
} ,
" SanitizeOnShutdown " : true ,
" SearchEngines " : {
" Add " : [
{
" Name " : " Example1 " ,
" URLTemplate " : " https://www.example.org/q= {searchTerms} " ,
" Method " : " POST " ,
" IconURL " : " https://www.example.org/favicon.ico " ,
" Alias " : " example " ,
" Description " : " Description " ,
" PostData " : " name=value&q= {searchTerms} " ,
" SuggestURLTemplate " : " https://www.example.org/suggestions/q= {searchTerms} "
}
] ,
" Remove " : [
" Bing "
] ,
" Default " : " Google " ,
" PreventInstalls " : true
} ,
" SearchSuggestEnabled " : true ,
" SecurityDevices " : {
" NAME_OF_DEVICE " : " PATH_TO_LIBRARY_FOR_DEVICE "
} ,
" ShowHomeButton " : true ,
" SSLVersionMax " : " tls1.3 " ,
" SSLVersionMin " : " tls1.3 " ,
" SupportMenu " : {
" Title " : " Support Menu " ,
" URL " : " http://example.com/support " ,
" AccessKey " : " S "
} ,
" UserMessaging " : {
" WhatsNew " : true ,
" ExtensionRecommendations " : true ,
" FeatureRecommendations " : true ,
" UrlbarInterventions " : true ,
" SkipOnboarding " : true
} ,
" WebsiteFilter " : {
" Block " : [
" <all_urls> "
] ,
" Exceptions " : [
" http://example.org/* "
]
} ,
" DefaultDownloadDirectory " : " $ {home} /Downloads " ,
" DownloadDirectory " : " $ {home} /Downloads " ,
" NetworkPrediction " : true ,
" NewTabPage " : true ,
" RequestedLocales " : [ " de " , " en-US " ] ,
" SearchBar " : " unified "
}
}
"""
2021-09-08 07:45:56 -06:00
chromium_reg_pol = \
b """
< ? xml version = " 1.0 " encoding = " utf-8 " ? >
2022-12-06 11:12:34 -07:00
< PolFile num_entries = " 418 " signature = " PReg " version = " 1 " >
2021-09-08 07:45:56 -06:00
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \Policies \Google \Chrome < / Key >
< ValueName > AbusiveExperienceInterventionEnforce < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \Policies \Google \Chrome < / Key >
< ValueName > AccessibilityImageLabelsEnabled < / ValueName >
< Value > 0 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \Policies \Google \Chrome < / Key >
< ValueName > AdditionalDnsQueryTypesEnabled < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \Policies \Google \Chrome < / Key >
< ValueName > AdsSettingForIntrusiveAdsSites < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \Policies \Google \Chrome < / Key >
< ValueName > AdvancedProtectionAllowed < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \Policies \Google \Chrome < / Key >
< ValueName > AllowCrossOriginAuthPrompt < / ValueName >
< Value > 0 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \Policies \Google \Chrome < / Key >
< ValueName > AllowDeletingBrowserHistory < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \Policies \Google \Chrome < / Key >
< ValueName > AllowDinosaurEasterEgg < / ValueName >
< Value > 0 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \Policies \Google \Chrome < / Key >
< ValueName > AllowFileSelectionDialogs < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \Policies \Google \Chrome < / Key >
< ValueName > AllowSyncXHRInPageDismissal < / ValueName >
< Value > 0 < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Google \Chrome < / Key >
< ValueName > AllowedDomainsForApps < / ValueName >
< Value > managedchrome . com , example . com < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \Policies \Google \Chrome < / Key >
< ValueName > AlternateErrorPagesEnabled < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Google \Chrome < / Key >
< ValueName > AlternativeBrowserPath < / ValueName >
< Value > $ { ie } < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \Policies \Google \Chrome < / Key >
< ValueName > AlwaysOpenPdfExternally < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \Policies \Google \Chrome < / Key >
< ValueName > AmbientAuthenticationInPrivateModesEnabled < / ValueName >
< Value > 0 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \Policies \Google \Chrome < / Key >
< ValueName > AppCacheForceEnabled < / ValueName >
< Value > 0 < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Google \Chrome < / Key >
< ValueName > ApplicationLocaleValue < / ValueName >
< Value > en < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \Policies \Google \Chrome < / Key >
< ValueName > AudioCaptureAllowed < / ValueName >
< Value > 0 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \Policies \Google \Chrome < / Key >
< ValueName > AudioProcessHighPriorityEnabled < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \Policies \Google \Chrome < / Key >
< ValueName > AudioSandboxEnabled < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Google \Chrome < / Key >
< ValueName > AuthNegotiateDelegateAllowlist < / ValueName >
< Value > foobar . example . com < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Google \Chrome < / Key >
< ValueName > AuthSchemes < / ValueName >
< Value > basic , digest , ntlm , negotiate < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Google \Chrome < / Key >
< ValueName > AuthServerAllowlist < / ValueName >
< Value > * . example . com , example . com < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Google \Chrome < / Key >
< ValueName > AutoLaunchProtocolsFromOrigins < / ValueName >
< Value > [ { & quot ; allowed_origins & quot ; : [ & quot ; example . com & quot ; , & quot ; http : / / www . example . com : 8080 & quot ; ] , & quot ; protocol & quot ; : & quot ; spotify & quot ; } , { & quot ; allowed_origins & quot ; : [ & quot ; https : / / example . com & quot ; , & quot ; https : / / . mail . example . com & quot ; ] , & quot ; protocol & quot ; : & quot ; teams & quot ; } , { & quot ; allowed_origins & quot ; : [ & quot ; * & quot ; ] , & quot ; protocol & quot ; : & quot ; outlook & quot ; } ] < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \Policies \Google \Chrome < / Key >
< ValueName > AutofillAddressEnabled < / ValueName >
< Value > 0 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \Policies \Google \Chrome < / Key >
< ValueName > AutofillCreditCardEnabled < / ValueName >
< Value > 0 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \Policies \Google \Chrome < / Key >
< ValueName > AutoplayAllowed < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \Policies \Google \Chrome < / Key >
< ValueName > BackgroundModeEnabled < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \Policies \Google \Chrome < / Key >
< ValueName > BasicAuthOverHttpEnabled < / ValueName >
< Value > 0 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \Policies \Google \Chrome < / Key >
< ValueName > BlockExternalExtensions < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \Policies \Google \Chrome < / Key >
< ValueName > BlockThirdPartyCookies < / ValueName >
< Value > 0 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \Policies \Google \Chrome < / Key >
< ValueName > BookmarkBarEnabled < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \Policies \Google \Chrome < / Key >
< ValueName > BrowserAddPersonEnabled < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \Policies \Google \Chrome < / Key >
< ValueName > BrowserGuestModeEnabled < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \Policies \Google \Chrome < / Key >
< ValueName > BrowserGuestModeEnforced < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \Policies \Google \Chrome < / Key >
< ValueName > BrowserLabsEnabled < / ValueName >
< Value > 0 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \Policies \Google \Chrome < / Key >
< ValueName > BrowserNetworkTimeQueriesEnabled < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \Policies \Google \Chrome < / Key >
< ValueName > BrowserSignin < / ValueName >
< Value > 2 < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Google \Chrome < / Key >
< ValueName > BrowserSwitcherChromePath < / ValueName >
< Value > $ { chrome } < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \Policies \Google \Chrome < / Key >
< ValueName > BrowserSwitcherDelay < / ValueName >
< Value > 10000 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \Policies \Google \Chrome < / Key >
< ValueName > BrowserSwitcherEnabled < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Google \Chrome < / Key >
< ValueName > BrowserSwitcherExternalGreylistUrl < / ValueName >
< Value > http : / / example . com / greylist . xml < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Google \Chrome < / Key >
< ValueName > BrowserSwitcherExternalSitelistUrl < / ValueName >
< Value > http : / / example . com / sitelist . xml < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \Policies \Google \Chrome < / Key >
< ValueName > BrowserSwitcherKeepLastChromeTab < / ValueName >
< Value > 0 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \Policies \Google \Chrome < / Key >
< ValueName > BrowserSwitcherUseIeSitelist < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Google \Chrome < / Key >
< ValueName > BrowserThemeColor < / ValueName >
< Value > #FFFFFF</Value>
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Google \Chrome < / Key >
< ValueName > BrowsingDataLifetime < / ValueName >
< Value > [ { & quot ; data_types & quot ; : [ & quot ; browsing_history & quot ; ] , & quot ; time_to_live_in_hours & quot ; : 24 } , { & quot ; data_types & quot ; : [ & quot ; password_signin & quot ; , & quot ; autofill & quot ; ] , & quot ; time_to_live_in_hours & quot ; : 12 } ] < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \Policies \Google \Chrome < / Key >
< ValueName > BuiltInDnsClientEnabled < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \Policies \Google \Chrome < / Key >
< ValueName > CECPQ2Enabled < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \Policies \Google \Chrome < / Key >
< ValueName > ChromeCleanupEnabled < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \Policies \Google \Chrome < / Key >
< ValueName > ChromeCleanupReportingEnabled < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \Policies \Google \Chrome < / Key >
< ValueName > ChromeVariations < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \Policies \Google \Chrome < / Key >
< ValueName > ClickToCallEnabled < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \Policies \Google \Chrome < / Key >
< ValueName > CloudManagementEnrollmentMandatory < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Google \Chrome < / Key >
< ValueName > CloudManagementEnrollmentToken < / ValueName >
< Value > 37185 d02 - e055 - 11e7 - 80 c1 - 9 a214cf093ae < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \Policies \Google \Chrome < / Key >
< ValueName > CloudPolicyOverridesPlatformPolicy < / ValueName >
< Value > 0 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \Policies \Google \Chrome < / Key >
< ValueName > CloudPrintProxyEnabled < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \Policies \Google \Chrome < / Key >
< ValueName > CloudPrintSubmitEnabled < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \Policies \Google \Chrome < / Key >
< ValueName > CloudUserPolicyMerge < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \Policies \Google \Chrome < / Key >
< ValueName > CommandLineFlagSecurityWarningsEnabled < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \Policies \Google \Chrome < / Key >
< ValueName > ComponentUpdatesEnabled < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \Policies \Google \Chrome < / Key >
< ValueName > DNSInterceptionChecksEnabled < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \Policies \Google \Chrome < / Key >
< ValueName > DefaultBrowserSettingEnabled < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \Policies \Google \Chrome < / Key >
< ValueName > DefaultCookiesSetting < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \Policies \Google \Chrome < / Key >
< ValueName > DefaultFileHandlingGuardSetting < / ValueName >
< Value > 2 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \Policies \Google \Chrome < / Key >
< ValueName > DefaultFileSystemReadGuardSetting < / ValueName >
< Value > 2 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \Policies \Google \Chrome < / Key >
< ValueName > DefaultFileSystemWriteGuardSetting < / ValueName >
< Value > 2 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \Policies \Google \Chrome < / Key >
< ValueName > DefaultGeolocationSetting < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \Policies \Google \Chrome < / Key >
< ValueName > DefaultImagesSetting < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \Policies \Google \Chrome < / Key >
< ValueName > DefaultInsecureContentSetting < / ValueName >
< Value > 2 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \Policies \Google \Chrome < / Key >
< ValueName > DefaultJavaScriptSetting < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \Policies \Google \Chrome < / Key >
< ValueName > DefaultNotificationsSetting < / ValueName >
< Value > 2 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \Policies \Google \Chrome < / Key >
< ValueName > DefaultPopupsSetting < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Google \Chrome < / Key >
< ValueName > DefaultPrinterSelection < / ValueName >
< Value > { & quot ; kind & quot ; : & quot ; cloud & quot ; , & quot ; idPattern & quot ; : & quot ; . * public & quot ; , & quot ; namePattern & quot ; : & quot ; . * Color & quot ; } < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \Policies \Google \Chrome < / Key >
< ValueName > DefaultSearchProviderContextMenuAccessAllowed < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \Policies \Google \Chrome < / Key >
< ValueName > DefaultSearchProviderEnabled < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Google \Chrome < / Key >
< ValueName > DefaultSearchProviderIconURL < / ValueName >
< Value > https : / / search . my . company / favicon . ico < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Google \Chrome < / Key >
< ValueName > DefaultSearchProviderImageURL < / ValueName >
< Value > https : / / search . my . company / searchbyimage / upload < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Google \Chrome < / Key >
< ValueName > DefaultSearchProviderImageURLPostParams < / ValueName >
< Value > content = { imageThumbnail } , url = { imageURL } , sbisrc = { SearchSource } < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Google \Chrome < / Key >
< ValueName > DefaultSearchProviderKeyword < / ValueName >
< Value > mis < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Google \Chrome < / Key >
< ValueName > DefaultSearchProviderName < / ValueName >
< Value > My Intranet Search < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Google \Chrome < / Key >
< ValueName > DefaultSearchProviderNewTabURL < / ValueName >
< Value > https : / / search . my . company / newtab < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Google \Chrome < / Key >
< ValueName > DefaultSearchProviderSearchURL < / ValueName >
< Value > https : / / search . my . company / search ? q = { searchTerms } < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Google \Chrome < / Key >
< ValueName > DefaultSearchProviderSearchURLPostParams < / ValueName >
< Value > q = { searchTerms } , ie = utf - 8 , oe = utf - 8 < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Google \Chrome < / Key >
< ValueName > DefaultSearchProviderSuggestURL < / ValueName >
< Value > https : / / search . my . company / suggest ? q = { searchTerms } < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Google \Chrome < / Key >
< ValueName > DefaultSearchProviderSuggestURLPostParams < / ValueName >
< Value > q = { searchTerms } , ie = utf - 8 , oe = utf - 8 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \Policies \Google \Chrome < / Key >
< ValueName > DefaultSensorsSetting < / ValueName >
< Value > 2 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \Policies \Google \Chrome < / Key >
< ValueName > DefaultSerialGuardSetting < / ValueName >
< Value > 2 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \Policies \Google \Chrome < / Key >
< ValueName > DefaultWebBluetoothGuardSetting < / ValueName >
< Value > 2 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \Policies \Google \Chrome < / Key >
< ValueName > DefaultWebUsbGuardSetting < / ValueName >
< Value > 2 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \Policies \Google \Chrome < / Key >
< ValueName > DeveloperToolsAvailability < / ValueName >
< Value > 2 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \Policies \Google \Chrome < / Key >
< ValueName > Disable3DAPIs < / ValueName >
< Value > 0 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \Policies \Google \Chrome < / Key >
< ValueName > DisableAuthNegotiateCnameLookup < / ValueName >
< Value > 0 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \Policies \Google \Chrome < / Key >
< ValueName > DisablePrintPreview < / ValueName >
< Value > 0 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \Policies \Google \Chrome < / Key >
< ValueName > DisableSafeBrowsingProceedAnyway < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \Policies \Google \Chrome < / Key >
< ValueName > DisableScreenshots < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Google \Chrome < / Key >
< ValueName > DiskCacheDir < / ValueName >
< Value > $ { user_home } / Chrome_cache < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \Policies \Google \Chrome < / Key >
< ValueName > DiskCacheSize < / ValueName >
< Value > 104857600 < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Google \Chrome < / Key >
< ValueName > DnsOverHttpsMode < / ValueName >
< Value > off < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Google \Chrome < / Key >
< ValueName > DnsOverHttpsTemplates < / ValueName >
< Value > https : / / dns . example . net / dns - query { ? dns } < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Google \Chrome < / Key >
< ValueName > DownloadDirectory < / ValueName >
< Value > / home / $ { user_name } / Downloads < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \Policies \Google \Chrome < / Key >
< ValueName > DownloadRestrictions < / ValueName >
< Value > 2 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \Policies \Google \Chrome < / Key >
< ValueName > EditBookmarksEnabled < / ValueName >
< Value > 0 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \Policies \Google \Chrome < / Key >
< ValueName > EnableAuthNegotiatePort < / ValueName >
< Value > 0 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \Policies \Google \Chrome < / Key >
< ValueName > EnableDeprecatedPrivetPrinting < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \Policies \Google \Chrome < / Key >
< ValueName > EnableMediaRouter < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \Policies \Google \Chrome < / Key >
< ValueName > EnableOnlineRevocationChecks < / ValueName >
< Value > 0 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \Policies \Google \Chrome < / Key >
< ValueName > EnterpriseHardwarePlatformAPIEnabled < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Google \Chrome < / Key >
< ValueName > ExtensionSettings < / ValueName >
< Value > { & quot ; * & quot ; : { & quot ; allowed_types & quot ; : [ & quot ; hosted_app & quot ; ] , & quot ; blocked_install_message & quot ; : & quot ; Custom error message . & quot ; , & quot ; blocked_permissions & quot ; : [ & quot ; downloads & quot ; , & quot ; bookmarks & quot ; ] , & quot ; install_sources & quot ; : [ & quot ; https : / / company - intranet / chromeapps & quot ; ] , & quot ; installation_mode & quot ; : & quot ; blocked & quot ; , & quot ; runtime_allowed_hosts & quot ; : [ & quot ; * : / / good . example . com & quot ; ] , & quot ; runtime_blocked_hosts & quot ; : [ & quot ; * : / / * . example . com & quot ; ] } , & quot ; abcdefghijklmnopabcdefghijklmnop & quot ; : { & quot ; blocked_permissions & quot ; : [ & quot ; history & quot ; ] , & quot ; installation_mode & quot ; : & quot ; allowed & quot ; , & quot ; minimum_version_required & quot ; : & quot ; 1.0 .1 & quot ; , & quot ; toolbar_pin & quot ; : & quot ; force_pinned & quot ; } , & quot ; bcdefghijklmnopabcdefghijklmnopa & quot ; : { & quot ; allowed_permissions & quot ; : [ & quot ; downloads & quot ; ] , & quot ; installation_mode & quot ; : & quot ; force_installed & quot ; , & quot ; runtime_allowed_hosts & quot ; : [ & quot ; * : / / good . example . com & quot ; ] , & quot ; runtime_blocked_hosts & quot ; : [ & quot ; * : / / * . example . com & quot ; ] , & quot ; update_url & quot ; : & quot ; https : / / example . com / update_url & quot ; } , & quot ; cdefghijklmnopabcdefghijklmnopab & quot ; : { & quot ; blocked_install_message & quot ; : & quot ; Custom error message . & quot ; , & quot ; installation_mode & quot ; : & quot ; blocked & quot ; } , & quot ; defghijklmnopabcdefghijklmnopabc , efghijklmnopabcdefghijklmnopabcd & quot ; : { & quot ; blocked_install_message & quot ; : & quot ; Custom error message . & quot ; , & quot ; installation_mode & quot ; : & quot ; blocked & quot ; } , & quot ; fghijklmnopabcdefghijklmnopabcde & quot ; : { & quot ; blocked_install_message & quot ; : & quot ; Custom removal message . & quot ; , & quot ; installation_mode & quot ; : & quot ; removed & quot ; } , & quot ; ghijklmnopabcdefghijklmnopabcdef & quot ; : { & quot ; installation_mode & quot ; : & quot ; force_installed & quot ; , & quot ; override_update_url & quot ; : true , & quot ; update_url & quot ; : & quot ; https : / / example . com / update_url & quot ; } , & quot ; update_url : https : / / www . example . com / update . xml & quot ; : { & quot ; allowed_permissions & quot ; : [ & quot ; downloads & quot ; ] , & quot ; blocked_permissions & quot ; : [ & quot ; wallpaper & quot ; ] , & quot ; installation_mode & quot ; : & quot ; allowed & quot ; } } < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \Policies \Google \Chrome < / Key >
< ValueName > ExternalProtocolDialogShowAlwaysOpenCheckbox < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \Policies \Google \Chrome < / Key >
< ValueName > FetchKeepaliveDurationSecondsOnShutdown < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \Policies \Google \Chrome < / Key >
< ValueName > ForceEphemeralProfiles < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \Policies \Google \Chrome < / Key >
< ValueName > ForceGoogleSafeSearch < / ValueName >
< Value > 0 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \Policies \Google \Chrome < / Key >
< ValueName > ForceYouTubeRestrict < / ValueName >
< Value > 0 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \Policies \Google \Chrome < / Key >
< ValueName > FullscreenAllowed < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \Policies \Google \Chrome < / Key >
< ValueName > GloballyScopeHTTPAuthCacheEnabled < / ValueName >
< Value > 0 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \Policies \Google \Chrome < / Key >
< ValueName > HardwareAccelerationModeEnabled < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \Policies \Google \Chrome < / Key >
< ValueName > HeadlessMode < / ValueName >
< Value > 2 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \Policies \Google \Chrome < / Key >
< ValueName > HideWebStoreIcon < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \Policies \Google \Chrome < / Key >
< ValueName > HomepageIsNewTabPage < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Google \Chrome < / Key >
< ValueName > HomepageLocation < / ValueName >
< Value > https : / / www . chromium . org < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \Policies \Google \Chrome < / Key >
< ValueName > ImportAutofillFormData < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \Policies \Google \Chrome < / Key >
< ValueName > ImportBookmarks < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \Policies \Google \Chrome < / Key >
< ValueName > ImportHistory < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \Policies \Google \Chrome < / Key >
< ValueName > ImportHomepage < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \Policies \Google \Chrome < / Key >
< ValueName > ImportSavedPasswords < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \Policies \Google \Chrome < / Key >
< ValueName > ImportSearchEngine < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \Policies \Google \Chrome < / Key >
< ValueName > IncognitoModeAvailability < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \Policies \Google \Chrome < / Key >
< ValueName > InsecureFormsWarningsEnabled < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \Policies \Google \Chrome < / Key >
< ValueName > InsecurePrivateNetworkRequestsAllowed < / ValueName >
< Value > 0 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \Policies \Google \Chrome < / Key >
< ValueName > IntensiveWakeUpThrottlingEnabled < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \Policies \Google \Chrome < / Key >
< ValueName > IntranetRedirectBehavior < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Google \Chrome < / Key >
< ValueName > IsolateOrigins < / ValueName >
< Value > https : / / example . com / , https : / / othersite . org / < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Google \Chrome < / Key >
< ValueName > ManagedBookmarks < / ValueName >
< Value > [ { & quot ; toplevel_name & quot ; : & quot ; My managed bookmarks folder & quot ; } , { & quot ; name & quot ; : & quot ; Google & quot ; , & quot ; url & quot ; : & quot ; google . com & quot ; } , { & quot ; name & quot ; : & quot ; Youtube & quot ; , & quot ; url & quot ; : & quot ; youtube . com & quot ; } , { & quot ; children & quot ; : [ { & quot ; name & quot ; : & quot ; Chromium & quot ; , & quot ; url & quot ; : & quot ; chromium . org & quot ; } , { & quot ; name & quot ; : & quot ; Chromium Developers & quot ; , & quot ; url & quot ; : & quot ; dev . chromium . org & quot ; } ] , & quot ; name & quot ; : & quot ; Chrome links & quot ; } ] < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Google \Chrome < / Key >
< ValueName > ManagedConfigurationPerOrigin < / ValueName >
< Value > [ { & quot ; managed_configuration_hash & quot ; : & quot ; asd891jedasd12ue9h & quot ; , & quot ; managed_configuration_url & quot ; : & quot ; https : / / gstatic . google . com / configuration . json & quot ; , & quot ; origin & quot ; : & quot ; https : / / www . google . com & quot ; } , { & quot ; managed_configuration_hash & quot ; : & quot ; djio12easd89u12aws & quot ; , & quot ; managed_configuration_url & quot ; : & quot ; https : / / gstatic . google . com / configuration2 . json & quot ; , & quot ; origin & quot ; : & quot ; https : / / www . example . com & quot ; } ] < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \Policies \Google \Chrome < / Key >
< ValueName > MaxConnectionsPerProxy < / ValueName >
< Value > 32 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \Policies \Google \Chrome < / Key >
< ValueName > MaxInvalidationFetchDelay < / ValueName >
< Value > 10000 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \Policies \Google \Chrome < / Key >
< ValueName > MediaRecommendationsEnabled < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \Policies \Google \Chrome < / Key >
< ValueName > MediaRouterCastAllowAllIPs < / ValueName >
< Value > 0 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \Policies \Google \Chrome < / Key >
< ValueName > MetricsReportingEnabled < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \Policies \Google \Chrome < / Key >
< ValueName > NTPCardsVisible < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \Policies \Google \Chrome < / Key >
< ValueName > NTPCustomBackgroundEnabled < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \Policies \Google \Chrome < / Key >
< ValueName > NativeMessagingUserLevelHosts < / ValueName >
< Value > 0 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \Policies \Google \Chrome < / Key >
< ValueName > NetworkPredictionOptions < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Google \Chrome < / Key >
< ValueName > NewTabPageLocation < / ValueName >
< Value > https : / / www . chromium . org < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \Policies \Google \Chrome < / Key >
< ValueName > PasswordLeakDetectionEnabled < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \Policies \Google \Chrome < / Key >
< ValueName > PasswordManagerEnabled < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Google \Chrome < / Key >
< ValueName > PasswordProtectionChangePasswordURL < / ValueName >
< Value > https : / / mydomain . com / change_password . html < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \Policies \Google \Chrome < / Key >
< ValueName > PasswordProtectionWarningTrigger < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \Policies \Google \Chrome < / Key >
< ValueName > PaymentMethodQueryEnabled < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \Policies \Google \Chrome < / Key >
< ValueName > PolicyAtomicGroupsEnabled < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \Policies \Google \Chrome < / Key >
< ValueName > PolicyRefreshRate < / ValueName >
< Value > 3600000 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \Policies \Google \Chrome < / Key >
< ValueName > PrintHeaderFooter < / ValueName >
< Value > 0 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \Policies \Google \Chrome < / Key >
< ValueName > PrintPreviewUseSystemDefaultPrinter < / ValueName >
< Value > 0 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \Policies \Google \Chrome < / Key >
< ValueName > PrintRasterizationMode < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Google \Chrome < / Key >
< ValueName > PrintingAllowedBackgroundGraphicsModes < / ValueName >
< Value > enabled < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Google \Chrome < / Key >
< ValueName > PrintingBackgroundGraphicsDefault < / ValueName >
< Value > enabled < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \Policies \Google \Chrome < / Key >
< ValueName > PrintingEnabled < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Google \Chrome < / Key >
< ValueName > PrintingPaperSizeDefault < / ValueName >
< Value > { & quot ; custom_size & quot ; : { & quot ; height & quot ; : 297000 , & quot ; width & quot ; : 210000 } , & quot ; name & quot ; : & quot ; custom & quot ; } < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \Policies \Google \Chrome < / Key >
< ValueName > ProfilePickerOnStartupAvailability < / ValueName >
< Value > 0 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \Policies \Google \Chrome < / Key >
< ValueName > PromotionalTabsEnabled < / ValueName >
< Value > 0 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \Policies \Google \Chrome < / Key >
< ValueName > PromptForDownloadLocation < / ValueName >
< Value > 0 < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Google \Chrome < / Key >
< ValueName > ProxySettings < / ValueName >
< Value > { & quot ; ProxyBypassList & quot ; : & quot ; https : / / www . example1 . com , https : / / www . example2 . com , https : / / internalsite / & quot ; , & quot ; ProxyMode & quot ; : & quot ; direct & quot ; , & quot ; ProxyPacUrl & quot ; : & quot ; https : / / internal . site / example . pac & quot ; , & quot ; ProxyServer & quot ; : & quot ; 123.123 .123 .123 : 8080 & quot ; , & quot ; ProxyServerMode & quot ; : 2 } < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \Policies \Google \Chrome < / Key >
< ValueName > QuicAllowed < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \Policies \Google \Chrome < / Key >
< ValueName > RelaunchNotification < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \Policies \Google \Chrome < / Key >
< ValueName > RelaunchNotificationPeriod < / ValueName >
< Value > 604800000 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \Policies \Google \Chrome < / Key >
< ValueName > RemoteAccessHostAllowClientPairing < / ValueName >
< Value > 0 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \Policies \Google \Chrome < / Key >
< ValueName > RemoteAccessHostAllowFileTransfer < / ValueName >
< Value > 0 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \Policies \Google \Chrome < / Key >
< ValueName > RemoteAccessHostAllowRelayedConnection < / ValueName >
< Value > 0 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \Policies \Google \Chrome < / Key >
< ValueName > RemoteAccessHostAllowRemoteAccessConnections < / ValueName >
< Value > 0 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \Policies \Google \Chrome < / Key >
< ValueName > RemoteAccessHostAllowUiAccessForRemoteAssistance < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \Policies \Google \Chrome < / Key >
< ValueName > RemoteAccessHostFirewallTraversal < / ValueName >
< Value > 0 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \Policies \Google \Chrome < / Key >
< ValueName > RemoteAccessHostMaximumSessionDurationMinutes < / ValueName >
< Value > 1200 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \Policies \Google \Chrome < / Key >
< ValueName > RemoteAccessHostRequireCurtain < / ValueName >
< Value > 0 < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Google \Chrome < / Key >
< ValueName > RemoteAccessHostUdpPortRange < / ValueName >
< Value > 12400 - 12409 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \Policies \Google \Chrome < / Key >
< ValueName > RendererCodeIntegrityEnabled < / ValueName >
< Value > 0 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \Policies \Google \Chrome < / Key >
< ValueName > RequireOnlineRevocationChecksForLocalAnchors < / ValueName >
< Value > 0 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \Policies \Google \Chrome < / Key >
< ValueName > RestoreOnStartup < / ValueName >
< Value > 4 < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Google \Chrome < / Key >
< ValueName > RestrictSigninToPattern < / ValueName >
< Value > . * @example \\. com < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Google \Chrome < / Key >
< ValueName > RoamingProfileLocation < / ValueName >
< Value > $ { roaming_app_data } \\chrome - profile < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \Policies \Google \Chrome < / Key >
< ValueName > RoamingProfileSupportEnabled < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \Policies \Google \Chrome < / Key >
< ValueName > SSLErrorOverrideAllowed < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Google \Chrome < / Key >
< ValueName > SSLVersionMin < / ValueName >
< Value > tls1 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \Policies \Google \Chrome < / Key >
< ValueName > SafeBrowsingExtendedReportingEnabled < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \Policies \Google \Chrome < / Key >
< ValueName > SafeBrowsingForTrustedSourcesEnabled < / ValueName >
< Value > 0 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \Policies \Google \Chrome < / Key >
< ValueName > SafeBrowsingProtectionLevel < / ValueName >
< Value > 2 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \Policies \Google \Chrome < / Key >
< ValueName > SafeSitesFilterBehavior < / ValueName >
< Value > 0 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \Policies \Google \Chrome < / Key >
< ValueName > SavingBrowserHistoryDisabled < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \Policies \Google \Chrome < / Key >
< ValueName > ScreenCaptureAllowed < / ValueName >
< Value > 0 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \Policies \Google \Chrome < / Key >
< ValueName > ScrollToTextFragmentEnabled < / ValueName >
< Value > 0 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \Policies \Google \Chrome < / Key >
< ValueName > SearchSuggestEnabled < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \Policies \Google \Chrome < / Key >
< ValueName > SharedArrayBufferUnrestrictedAccessAllowed < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \Policies \Google \Chrome < / Key >
< ValueName > SharedClipboardEnabled < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \Policies \Google \Chrome < / Key >
< ValueName > ShowAppsShortcutInBookmarkBar < / ValueName >
< Value > 0 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \Policies \Google \Chrome < / Key >
< ValueName > ShowCastIconInToolbar < / ValueName >
< Value > 0 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \Policies \Google \Chrome < / Key >
< ValueName > ShowFullUrlsInAddressBar < / ValueName >
< Value > 0 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \Policies \Google \Chrome < / Key >
< ValueName > ShowHomeButton < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \Policies \Google \Chrome < / Key >
< ValueName > SignedHTTPExchangeEnabled < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \Policies \Google \Chrome < / Key >
< ValueName > SigninInterceptionEnabled < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \Policies \Google \Chrome < / Key >
< ValueName > SitePerProcess < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \Policies \Google \Chrome < / Key >
< ValueName > SpellCheckServiceEnabled < / ValueName >
< Value > 0 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \Policies \Google \Chrome < / Key >
< ValueName > SpellcheckEnabled < / ValueName >
< Value > 0 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \Policies \Google \Chrome < / Key >
< ValueName > SuppressDifferentOriginSubframeDialogs < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \Policies \Google \Chrome < / Key >
< ValueName > SuppressUnsupportedOSWarning < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \Policies \Google \Chrome < / Key >
< ValueName > SyncDisabled < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \Policies \Google \Chrome < / Key >
< ValueName > TargetBlankImpliesNoOpener < / ValueName >
< Value > 0 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \Policies \Google \Chrome < / Key >
< ValueName > TaskManagerEndProcessEnabled < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \Policies \Google \Chrome < / Key >
< ValueName > ThirdPartyBlockingEnabled < / ValueName >
< Value > 0 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \Policies \Google \Chrome < / Key >
< ValueName > TotalMemoryLimitMb < / ValueName >
< Value > 2048 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \Policies \Google \Chrome < / Key >
< ValueName > TranslateEnabled < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \Policies \Google \Chrome < / Key >
< ValueName > TripleDESEnabled < / ValueName >
< Value > 0 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \Policies \Google \Chrome < / Key >
< ValueName > UrlKeyedAnonymizedDataCollectionEnabled < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \Policies \Google \Chrome < / Key >
< ValueName > UserAgentClientHintsEnabled < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Google \Chrome < / Key >
< ValueName > UserDataDir < / ValueName >
< Value > $ { users } / $ { user_name } / Chrome < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \Policies \Google \Chrome < / Key >
< ValueName > UserDataSnapshotRetentionLimit < / ValueName >
< Value > 3 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \Policies \Google \Chrome < / Key >
< ValueName > UserFeedbackAllowed < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \Policies \Google \Chrome < / Key >
< ValueName > VideoCaptureAllowed < / ValueName >
< Value > 0 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \Policies \Google \Chrome < / Key >
< ValueName > WPADQuickCheckEnabled < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Google \Chrome < / Key >
< ValueName > WebAppInstallForceList < / ValueName >
< Value > [ { & quot ; create_desktop_shortcut & quot ; : true , & quot ; default_launch_container & quot ; : & quot ; window & quot ; , & quot ; url & quot ; : & quot ; https : / / www . google . com / maps & quot ; } , { & quot ; default_launch_container & quot ; : & quot ; tab & quot ; , & quot ; url & quot ; : & quot ; https : / / docs . google . com & quot ; } , { & quot ; default_launch_container & quot ; : & quot ; window & quot ; , & quot ; fallback_app_name & quot ; : & quot ; Editor & quot ; , & quot ; url & quot ; : & quot ; https : / / docs . google . com / editor & quot ; } ] < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \Policies \Google \Chrome < / Key >
< ValueName > WebRtcAllowLegacyTLSProtocols < / ValueName >
< Value > 0 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \Policies \Google \Chrome < / Key >
< ValueName > WebRtcEventLogCollectionAllowed < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Google \Chrome < / Key >
< ValueName > WebRtcIPHandling < / ValueName >
< Value > default < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Google \Chrome < / Key >
< ValueName > WebRtcUdpPortRange < / ValueName >
< Value > 10000 - 11999 < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Google \Chrome < / Key >
< ValueName > WebUsbAllowDevicesForUrls < / ValueName >
< Value > [ { & quot ; devices & quot ; : [ { & quot ; product_id & quot ; : 5678 , & quot ; vendor_id & quot ; : 1234 } ] , & quot ; urls & quot ; : [ & quot ; https : / / google . com & quot ; ] } ] < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \Policies \Google \Chrome < / Key >
< ValueName > WindowOcclusionEnabled < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Google \Chrome \AlternativeBrowserParameters < / Key >
< ValueName > 1 < / ValueName >
< Value > - foreground < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Google \Chrome \AlternativeBrowserParameters < / Key >
< ValueName > 2 < / ValueName >
< Value > - new - window < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Google \Chrome \AlternativeBrowserParameters < / Key >
< ValueName > 3 < / ValueName >
< Value > $ { url } < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Google \Chrome \AlternativeBrowserParameters < / Key >
< ValueName > 4 < / ValueName >
< Value > - profile < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Google \Chrome \AlternativeBrowserParameters < / Key >
< ValueName > 5 < / ValueName >
< Value > % HOME % \\browser_profile < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Google \Chrome \AudioCaptureAllowedUrls < / Key >
< ValueName > 1 < / ValueName >
< Value > https : / / www . example . com / < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Google \Chrome \AudioCaptureAllowedUrls < / Key >
< ValueName > 2 < / ValueName >
< Value > https : / / [ * . ] example . edu / < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Google \Chrome \AutoOpenAllowedForURLs < / Key >
< ValueName > 1 < / ValueName >
< Value > example . com < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Google \Chrome \AutoOpenAllowedForURLs < / Key >
< ValueName > 2 < / ValueName >
< Value > https : / / ssl . server . com < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Google \Chrome \AutoOpenAllowedForURLs < / Key >
< ValueName > 3 < / ValueName >
< Value > hosting . com / good_path < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Google \Chrome \AutoOpenAllowedForURLs < / Key >
< ValueName > 4 < / ValueName >
< Value > https : / / server : 8080 / path < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Google \Chrome \AutoOpenAllowedForURLs < / Key >
< ValueName > 5 < / ValueName >
< Value > . exact . hostname . com < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Google \Chrome \AutoOpenFileTypes < / Key >
< ValueName > 1 < / ValueName >
< Value > exe < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Google \Chrome \AutoOpenFileTypes < / Key >
< ValueName > 2 < / ValueName >
< Value > txt < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Google \Chrome \AutoSelectCertificateForUrls < / Key >
< ValueName > 1 < / ValueName >
< Value > { & quot ; pattern & quot ; : & quot ; https : / / www . example . com & quot ; , & quot ; filter & quot ; : { & quot ; ISSUER & quot ; : { & quot ; CN & quot ; : & quot ; certificate issuer name & quot ; , & quot ; L & quot ; : & quot ; certificate issuer location & quot ; , & quot ; O & quot ; : & quot ; certificate issuer org & quot ; , & quot ; OU & quot ; : & quot ; certificate issuer org unit & quot ; } , & quot ; SUBJECT & quot ; : { & quot ; CN & quot ; : & quot ; certificate subject name & quot ; , & quot ; L & quot ; : & quot ; certificate subject location & quot ; , & quot ; O & quot ; : & quot ; certificate subject org & quot ; , & quot ; OU & quot ; : & quot ; certificate subject org unit & quot ; } } } < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Google \Chrome \AutoplayAllowlist < / Key >
< ValueName > 1 < / ValueName >
< Value > https : / / www . example . com < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Google \Chrome \AutoplayAllowlist < / Key >
< ValueName > 2 < / ValueName >
< Value > [ * . ] example . edu < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Google \Chrome \BrowserSwitcherChromeParameters < / Key >
< ValueName > 1 < / ValueName >
< Value > - - force - dark - mode < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Google \Chrome \BrowserSwitcherUrlGreylist < / Key >
< ValueName > 1 < / ValueName >
< Value > ie . com < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Google \Chrome \BrowserSwitcherUrlGreylist < / Key >
< ValueName > 2 < / ValueName >
< Value > ! open - in - chrome . ie . com < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Google \Chrome \BrowserSwitcherUrlGreylist < / Key >
< ValueName > 3 < / ValueName >
< Value > foobar . com / ie - only / < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Google \Chrome \BrowserSwitcherUrlList < / Key >
< ValueName > 1 < / ValueName >
< Value > ie . com < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Google \Chrome \BrowserSwitcherUrlList < / Key >
< ValueName > 2 < / ValueName >
< Value > ! open - in - chrome . ie . com < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Google \Chrome \BrowserSwitcherUrlList < / Key >
< ValueName > 3 < / ValueName >
< Value > foobar . com / ie - only / < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Google \Chrome \CertificateTransparencyEnforcementDisabledForCas < / Key >
< ValueName > 1 < / ValueName >
< Value > sha256 / AAAAAAAAAAAAAAAAAAAAAA == < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Google \Chrome \CertificateTransparencyEnforcementDisabledForCas < / Key >
< ValueName > 2 < / ValueName >
< Value > sha256 / / / / / / / / / / / / / / / / / / / / / / w == < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Google \Chrome \CertificateTransparencyEnforcementDisabledForLegacyCas < / Key >
< ValueName > 1 < / ValueName >
< Value > sha256 / AAAAAAAAAAAAAAAAAAAAAA == < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Google \Chrome \CertificateTransparencyEnforcementDisabledForLegacyCas < / Key >
< ValueName > 2 < / ValueName >
< Value > sha256 / / / / / / / / / / / / / / / / / / / / / / w == < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Google \Chrome \CertificateTransparencyEnforcementDisabledForUrls < / Key >
< ValueName > 1 < / ValueName >
< Value > example . com < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Google \Chrome \CertificateTransparencyEnforcementDisabledForUrls < / Key >
< ValueName > 2 < / ValueName >
< Value > . example . com < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Google \Chrome \ClearBrowsingDataOnExitList < / Key >
< ValueName > 1 < / ValueName >
< Value > browsing_history < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Google \Chrome \ClearBrowsingDataOnExitList < / Key >
< ValueName > 2 < / ValueName >
< Value > download_history < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Google \Chrome \ClearBrowsingDataOnExitList < / Key >
< ValueName > 3 < / ValueName >
< Value > cookies_and_other_site_data < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Google \Chrome \ClearBrowsingDataOnExitList < / Key >
< ValueName > 4 < / ValueName >
< Value > cached_images_and_files < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Google \Chrome \ClearBrowsingDataOnExitList < / Key >
< ValueName > 5 < / ValueName >
< Value > password_signin < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Google \Chrome \ClearBrowsingDataOnExitList < / Key >
< ValueName > 6 < / ValueName >
< Value > autofill < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Google \Chrome \ClearBrowsingDataOnExitList < / Key >
< ValueName > 7 < / ValueName >
< Value > site_settings < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Google \Chrome \ClearBrowsingDataOnExitList < / Key >
< ValueName > 8 < / ValueName >
< Value > hosted_app_data < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Google \Chrome \CookiesAllowedForUrls < / Key >
< ValueName > 1 < / ValueName >
< Value > https : / / www . example . com < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Google \Chrome \CookiesAllowedForUrls < / Key >
< ValueName > 2 < / ValueName >
< Value > [ * . ] example . edu < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Google \Chrome \CookiesBlockedForUrls < / Key >
< ValueName > 1 < / ValueName >
< Value > https : / / www . example . com < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Google \Chrome \CookiesBlockedForUrls < / Key >
< ValueName > 2 < / ValueName >
< Value > [ * . ] example . edu < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Google \Chrome \CookiesSessionOnlyForUrls < / Key >
< ValueName > 1 < / ValueName >
< Value > https : / / www . example . com < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Google \Chrome \CookiesSessionOnlyForUrls < / Key >
< ValueName > 2 < / ValueName >
< Value > [ * . ] example . edu < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Google \Chrome \DefaultSearchProviderAlternateURLs < / Key >
< ValueName > 1 < / ValueName >
< Value > https : / / search . my . company / suggest #q={searchTerms}</Value>
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Google \Chrome \DefaultSearchProviderAlternateURLs < / Key >
< ValueName > 2 < / ValueName >
< Value > https : / / search . my . company / suggest / search #q={searchTerms}</Value>
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Google \Chrome \DefaultSearchProviderEncodings < / Key >
< ValueName > 1 < / ValueName >
< Value > UTF - 8 < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Google \Chrome \DefaultSearchProviderEncodings < / Key >
< ValueName > 2 < / ValueName >
< Value > UTF - 16 < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Google \Chrome \DefaultSearchProviderEncodings < / Key >
< ValueName > 3 < / ValueName >
< Value > GB2312 < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Google \Chrome \DefaultSearchProviderEncodings < / Key >
< ValueName > 4 < / ValueName >
< Value > ISO - 8859 - 1 < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Google \Chrome \EnableExperimentalPolicies < / Key >
< ValueName > 1 < / ValueName >
< Value > ExtensionInstallAllowlist < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Google \Chrome \EnableExperimentalPolicies < / Key >
< ValueName > 2 < / ValueName >
< Value > ExtensionInstallBlocklist < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Google \Chrome \ExplicitlyAllowedNetworkPorts < / Key >
< ValueName > 1 < / ValueName >
< Value > 10080 < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Google \Chrome \ExtensionAllowedTypes < / Key >
< ValueName > 1 < / ValueName >
< Value > hosted_app < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Google \Chrome \ExtensionInstallAllowlist < / Key >
< ValueName > 1 < / ValueName >
< Value > extension_id1 < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Google \Chrome \ExtensionInstallAllowlist < / Key >
< ValueName > 2 < / ValueName >
< Value > extension_id2 < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Google \Chrome \ExtensionInstallBlocklist < / Key >
< ValueName > 1 < / ValueName >
< Value > extension_id1 < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Google \Chrome \ExtensionInstallBlocklist < / Key >
< ValueName > 2 < / ValueName >
< Value > extension_id2 < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Google \Chrome \ExtensionInstallForcelist < / Key >
< ValueName > 1 < / ValueName >
< Value > aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa ; https : / / clients2 . google . com / service / update2 / crx < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Google \Chrome \ExtensionInstallForcelist < / Key >
< ValueName > 2 < / ValueName >
< Value > abcdefghijklmnopabcdefghijklmnop < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Google \Chrome \ExtensionInstallSources < / Key >
< ValueName > 1 < / ValueName >
< Value > https : / / corp . mycompany . com / * < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Google \Chrome \FileHandlingAllowedForUrls < / Key >
< ValueName > 1 < / ValueName >
< Value > https : / / www . example . com < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Google \Chrome \FileHandlingAllowedForUrls < / Key >
< ValueName > 2 < / ValueName >
< Value > [ * . ] example . edu < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Google \Chrome \FileHandlingBlockedForUrls < / Key >
< ValueName > 1 < / ValueName >
< Value > https : / / www . example . com < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Google \Chrome \FileHandlingBlockedForUrls < / Key >
< ValueName > 2 < / ValueName >
< Value > [ * . ] example . edu < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Google \Chrome \FileSystemReadAskForUrls < / Key >
< ValueName > 1 < / ValueName >
< Value > https : / / www . example . com < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Google \Chrome \FileSystemReadAskForUrls < / Key >
< ValueName > 2 < / ValueName >
< Value > [ * . ] example . edu < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Google \Chrome \FileSystemReadBlockedForUrls < / Key >
< ValueName > 1 < / ValueName >
< Value > https : / / www . example . com < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Google \Chrome \FileSystemReadBlockedForUrls < / Key >
< ValueName > 2 < / ValueName >
< Value > [ * . ] example . edu < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Google \Chrome \FileSystemWriteAskForUrls < / Key >
< ValueName > 1 < / ValueName >
< Value > https : / / www . example . com < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Google \Chrome \FileSystemWriteAskForUrls < / Key >
< ValueName > 2 < / ValueName >
< Value > [ * . ] example . edu < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Google \Chrome \FileSystemWriteBlockedForUrls < / Key >
< ValueName > 1 < / ValueName >
< Value > https : / / www . example . com < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Google \Chrome \FileSystemWriteBlockedForUrls < / Key >
< ValueName > 2 < / ValueName >
< Value > [ * . ] example . edu < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Google \Chrome \ForcedLanguages < / Key >
< ValueName > 1 < / ValueName >
< Value > en - US < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Google \Chrome \HSTSPolicyBypassList < / Key >
< ValueName > 1 < / ValueName >
< Value > meet < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Google \Chrome \ImagesAllowedForUrls < / Key >
< ValueName > 1 < / ValueName >
< Value > https : / / www . example . com < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Google \Chrome \ImagesAllowedForUrls < / Key >
< ValueName > 2 < / ValueName >
< Value > [ * . ] example . edu < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Google \Chrome \ImagesBlockedForUrls < / Key >
< ValueName > 1 < / ValueName >
< Value > https : / / www . example . com < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Google \Chrome \ImagesBlockedForUrls < / Key >
< ValueName > 2 < / ValueName >
< Value > [ * . ] example . edu < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Google \Chrome \InsecureContentAllowedForUrls < / Key >
< ValueName > 1 < / ValueName >
< Value > https : / / www . example . com < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Google \Chrome \InsecureContentAllowedForUrls < / Key >
< ValueName > 2 < / ValueName >
< Value > [ * . ] example . edu < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Google \Chrome \InsecureContentBlockedForUrls < / Key >
< ValueName > 1 < / ValueName >
< Value > https : / / www . example . com < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Google \Chrome \InsecureContentBlockedForUrls < / Key >
< ValueName > 2 < / ValueName >
< Value > [ * . ] example . edu < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Google \Chrome \InsecurePrivateNetworkRequestsAllowedForUrls < / Key >
< ValueName > 1 < / ValueName >
< Value > http : / / www . example . com : 8080 < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Google \Chrome \InsecurePrivateNetworkRequestsAllowedForUrls < / Key >
< ValueName > 2 < / ValueName >
< Value > [ * . ] example . edu < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Google \Chrome \JavaScriptAllowedForUrls < / Key >
< ValueName > 1 < / ValueName >
< Value > https : / / www . example . com < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Google \Chrome \JavaScriptAllowedForUrls < / Key >
< ValueName > 2 < / ValueName >
< Value > [ * . ] example . edu < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Google \Chrome \JavaScriptBlockedForUrls < / Key >
< ValueName > 1 < / ValueName >
< Value > https : / / www . example . com < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Google \Chrome \JavaScriptBlockedForUrls < / Key >
< ValueName > 2 < / ValueName >
< Value > [ * . ] example . edu < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Google \Chrome \LegacySameSiteCookieBehaviorEnabledForDomainList < / Key >
< ValueName > 1 < / ValueName >
< Value > www . example . com < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Google \Chrome \LegacySameSiteCookieBehaviorEnabledForDomainList < / Key >
< ValueName > 2 < / ValueName >
< Value > [ * . ] example . edu < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Google \Chrome \LookalikeWarningAllowlistDomains < / Key >
< ValueName > 1 < / ValueName >
< Value > foo . example . com < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Google \Chrome \LookalikeWarningAllowlistDomains < / Key >
< ValueName > 2 < / ValueName >
< Value > example . org < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Google \Chrome \NativeMessagingAllowlist < / Key >
< ValueName > 1 < / ValueName >
< Value > com . native . messaging . host . name1 < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Google \Chrome \NativeMessagingAllowlist < / Key >
< ValueName > 2 < / ValueName >
< Value > com . native . messaging . host . name2 < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Google \Chrome \NativeMessagingBlocklist < / Key >
< ValueName > 1 < / ValueName >
< Value > com . native . messaging . host . name1 < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Google \Chrome \NativeMessagingBlocklist < / Key >
< ValueName > 2 < / ValueName >
< Value > com . native . messaging . host . name2 < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Google \Chrome \NotificationsAllowedForUrls < / Key >
< ValueName > 1 < / ValueName >
< Value > https : / / www . example . com < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Google \Chrome \NotificationsAllowedForUrls < / Key >
< ValueName > 2 < / ValueName >
< Value > [ * . ] example . edu < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Google \Chrome \NotificationsBlockedForUrls < / Key >
< ValueName > 1 < / ValueName >
< Value > https : / / www . example . com < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Google \Chrome \NotificationsBlockedForUrls < / Key >
< ValueName > 2 < / ValueName >
< Value > [ * . ] example . edu < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Google \Chrome \OverrideSecurityRestrictionsOnInsecureOrigin < / Key >
< ValueName > 1 < / ValueName >
< Value > http : / / testserver . example . com / < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Google \Chrome \OverrideSecurityRestrictionsOnInsecureOrigin < / Key >
< ValueName > 2 < / ValueName >
< Value > * . example . org < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Google \Chrome \PasswordProtectionLoginURLs < / Key >
< ValueName > 1 < / ValueName >
< Value > https : / / mydomain . com / login . html < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Google \Chrome \PasswordProtectionLoginURLs < / Key >
< ValueName > 2 < / ValueName >
< Value > https : / / login . mydomain . com < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Google \Chrome \PolicyDictionaryMultipleSourceMergeList < / Key >
< ValueName > 1 < / ValueName >
< Value > ExtensionSettings < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Google \Chrome \PolicyListMultipleSourceMergeList < / Key >
< ValueName > 1 < / ValueName >
< Value > ExtensionInstallAllowlist < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Google \Chrome \PolicyListMultipleSourceMergeList < / Key >
< ValueName > 2 < / ValueName >
< Value > ExtensionInstallBlocklist < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Google \Chrome \PopupsAllowedForUrls < / Key >
< ValueName > 1 < / ValueName >
< Value > https : / / www . example . com < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Google \Chrome \PopupsAllowedForUrls < / Key >
< ValueName > 2 < / ValueName >
< Value > [ * . ] example . edu < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Google \Chrome \PopupsBlockedForUrls < / Key >
< ValueName > 1 < / ValueName >
< Value > https : / / www . example . com < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Google \Chrome \PopupsBlockedForUrls < / Key >
< ValueName > 2 < / ValueName >
< Value > [ * . ] example . edu < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Google \Chrome \PrinterTypeDenyList < / Key >
< ValueName > 1 < / ValueName >
< Value > cloud < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Google \Chrome \PrinterTypeDenyList < / Key >
< ValueName > 2 < / ValueName >
< Value > privet < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Google \Chrome \RemoteAccessHostClientDomainList < / Key >
< ValueName > 1 < / ValueName >
< Value > my - awesome - domain . com < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Google \Chrome \RemoteAccessHostClientDomainList < / Key >
< ValueName > 2 < / ValueName >
< Value > my - auxiliary - domain . com < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Google \Chrome \RemoteAccessHostDomainList < / Key >
< ValueName > 1 < / ValueName >
< Value > my - awesome - domain . com < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Google \Chrome \RemoteAccessHostDomainList < / Key >
< ValueName > 2 < / ValueName >
< Value > my - auxiliary - domain . com < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Google \Chrome \RestoreOnStartupURLs < / Key >
< ValueName > 1 < / ValueName >
< Value > https : / / example . com < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Google \Chrome \RestoreOnStartupURLs < / Key >
< ValueName > 2 < / ValueName >
< Value > https : / / www . chromium . org < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Google \Chrome \SSLErrorOverrideAllowedForOrigins < / Key >
< ValueName > 1 < / ValueName >
< Value > https : / / www . example . com < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Google \Chrome \SSLErrorOverrideAllowedForOrigins < / Key >
< ValueName > 2 < / ValueName >
< Value > [ * . ] example . edu < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Google \Chrome \SafeBrowsingAllowlistDomains < / Key >
< ValueName > 1 < / ValueName >
< Value > mydomain . com < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Google \Chrome \SafeBrowsingAllowlistDomains < / Key >
< ValueName > 2 < / ValueName >
< Value > myuniversity . edu < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Google \Chrome \SecurityKeyPermitAttestation < / Key >
< ValueName > 1 < / ValueName >
< Value > https : / / example . com < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Google \Chrome \SensorsAllowedForUrls < / Key >
< ValueName > 1 < / ValueName >
< Value > https : / / www . example . com < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Google \Chrome \SensorsAllowedForUrls < / Key >
< ValueName > 2 < / ValueName >
< Value > [ * . ] example . edu < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Google \Chrome \SensorsBlockedForUrls < / Key >
< ValueName > 1 < / ValueName >
< Value > https : / / www . example . com < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Google \Chrome \SensorsBlockedForUrls < / Key >
< ValueName > 2 < / ValueName >
< Value > [ * . ] example . edu < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Google \Chrome \SerialAskForUrls < / Key >
< ValueName > 1 < / ValueName >
< Value > https : / / www . example . com < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Google \Chrome \SerialAskForUrls < / Key >
< ValueName > 2 < / ValueName >
< Value > [ * . ] example . edu < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Google \Chrome \SerialBlockedForUrls < / Key >
< ValueName > 1 < / ValueName >
< Value > https : / / www . example . com < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Google \Chrome \SerialBlockedForUrls < / Key >
< ValueName > 2 < / ValueName >
< Value > [ * . ] example . edu < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Google \Chrome \SpellcheckLanguage < / Key >
< ValueName > 1 < / ValueName >
< Value > fr < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Google \Chrome \SpellcheckLanguage < / Key >
< ValueName > 2 < / ValueName >
< Value > es < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Google \Chrome \SpellcheckLanguageBlocklist < / Key >
< ValueName > 1 < / ValueName >
< Value > fr < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Google \Chrome \SpellcheckLanguageBlocklist < / Key >
< ValueName > 2 < / ValueName >
< Value > es < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Google \Chrome \SyncTypesListDisabled < / Key >
< ValueName > 1 < / ValueName >
< Value > bookmarks < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Google \Chrome \URLAllowlist < / Key >
< ValueName > 1 < / ValueName >
< Value > example . com < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Google \Chrome \URLAllowlist < / Key >
< ValueName > 2 < / ValueName >
< Value > https : / / ssl . server . com < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Google \Chrome \URLAllowlist < / Key >
< ValueName > 3 < / ValueName >
< Value > hosting . com / good_path < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Google \Chrome \URLAllowlist < / Key >
< ValueName > 4 < / ValueName >
< Value > https : / / server : 8080 / path < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Google \Chrome \URLAllowlist < / Key >
< ValueName > 5 < / ValueName >
< Value > . exact . hostname . com < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Google \Chrome \URLBlocklist < / Key >
< ValueName > 1 < / ValueName >
< Value > example . com < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Google \Chrome \URLBlocklist < / Key >
< ValueName > 2 < / ValueName >
< Value > https : / / ssl . server . com < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Google \Chrome \URLBlocklist < / Key >
< ValueName > 3 < / ValueName >
< Value > hosting . com / bad_path < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Google \Chrome \URLBlocklist < / Key >
< ValueName > 4 < / ValueName >
< Value > https : / / server : 8080 / path < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Google \Chrome \URLBlocklist < / Key >
< ValueName > 5 < / ValueName >
< Value > . exact . hostname . com < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Google \Chrome \URLBlocklist < / Key >
< ValueName > 6 < / ValueName >
< Value > file : / / * < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Google \Chrome \URLBlocklist < / Key >
< ValueName > 7 < / ValueName >
< Value > custom_scheme : * < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Google \Chrome \URLBlocklist < / Key >
< ValueName > 8 < / ValueName >
< Value > * < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Google \Chrome \VideoCaptureAllowedUrls < / Key >
< ValueName > 1 < / ValueName >
< Value > https : / / www . example . com / < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Google \Chrome \VideoCaptureAllowedUrls < / Key >
< ValueName > 2 < / ValueName >
< Value > https : / / [ * . ] example . edu / < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Google \Chrome \WebRtcLocalIpsAllowedUrls < / Key >
< ValueName > 1 < / ValueName >
< Value > https : / / www . example . com < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Google \Chrome \WebRtcLocalIpsAllowedUrls < / Key >
< ValueName > 2 < / ValueName >
< Value > * example . com * < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Google \Chrome \WebUsbAskForUrls < / Key >
< ValueName > 1 < / ValueName >
< Value > https : / / www . example . com < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Google \Chrome \WebUsbAskForUrls < / Key >
< ValueName > 2 < / ValueName >
< Value > [ * . ] example . edu < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Google \Chrome \WebUsbBlockedForUrls < / Key >
< ValueName > 1 < / ValueName >
< Value > https : / / www . example . com < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Google \Chrome \WebUsbBlockedForUrls < / Key >
< ValueName > 2 < / ValueName >
< Value > [ * . ] example . edu < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \Policies \Google \Chrome \Recommended < / Key >
< ValueName > AlternateErrorPagesEnabled < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Google \Chrome \Recommended < / Key >
< ValueName > ApplicationLocaleValue < / ValueName >
< Value > en < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \Policies \Google \Chrome \Recommended < / Key >
< ValueName > AutofillAddressEnabled < / ValueName >
< Value > 0 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \Policies \Google \Chrome \Recommended < / Key >
< ValueName > AutofillCreditCardEnabled < / ValueName >
< Value > 0 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \Policies \Google \Chrome \Recommended < / Key >
< ValueName > BackgroundModeEnabled < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \Policies \Google \Chrome \Recommended < / Key >
< ValueName > BlockThirdPartyCookies < / ValueName >
< Value > 0 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \Policies \Google \Chrome \Recommended < / Key >
< ValueName > BookmarkBarEnabled < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Google \Chrome \Recommended < / Key >
< ValueName > DefaultDownloadDirectory < / ValueName >
< Value > / home / $ { user_name } / Downloads < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Google \Chrome \Recommended < / Key >
< ValueName > DownloadDirectory < / ValueName >
< Value > / home / $ { user_name } / Downloads < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \Policies \Google \Chrome \Recommended < / Key >
< ValueName > DownloadRestrictions < / ValueName >
< Value > 2 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \Policies \Google \Chrome \Recommended < / Key >
< ValueName > HomepageIsNewTabPage < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Google \Chrome \Recommended < / Key >
< ValueName > HomepageLocation < / ValueName >
< Value > https : / / www . chromium . org < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \Policies \Google \Chrome \Recommended < / Key >
< ValueName > ImportAutofillFormData < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \Policies \Google \Chrome \Recommended < / Key >
< ValueName > ImportBookmarks < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \Policies \Google \Chrome \Recommended < / Key >
< ValueName > ImportHistory < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \Policies \Google \Chrome \Recommended < / Key >
< ValueName > ImportSavedPasswords < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \Policies \Google \Chrome \Recommended < / Key >
< ValueName > ImportSearchEngine < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \Policies \Google \Chrome \Recommended < / Key >
< ValueName > MetricsReportingEnabled < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \Policies \Google \Chrome \Recommended < / Key >
< ValueName > NetworkPredictionOptions < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \Policies \Google \Chrome \Recommended < / Key >
< ValueName > PasswordLeakDetectionEnabled < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \Policies \Google \Chrome \Recommended < / Key >
< ValueName > PasswordManagerEnabled < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \Policies \Google \Chrome \Recommended < / Key >
< ValueName > PrintHeaderFooter < / ValueName >
< Value > 0 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \Policies \Google \Chrome \Recommended < / Key >
< ValueName > PrintPreviewUseSystemDefaultPrinter < / ValueName >
< Value > 0 < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Google \Chrome \Recommended < / Key >
< ValueName > RegisteredProtocolHandlers < / ValueName >
< Value > [ { & quot ; default & quot ; : true , & quot ; protocol & quot ; : & quot ; mailto & quot ; , & quot ; url & quot ; : & quot ; https : / / mail . google . com / mail / ? extsrc = mailto & amp ; url = % s & quot ; } ] < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \Policies \Google \Chrome \Recommended < / Key >
< ValueName > RestoreOnStartup < / ValueName >
< Value > 4 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \Policies \Google \Chrome \Recommended < / Key >
< ValueName > SafeBrowsingForTrustedSourcesEnabled < / ValueName >
< Value > 0 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \Policies \Google \Chrome \Recommended < / Key >
< ValueName > SafeBrowsingProtectionLevel < / ValueName >
< Value > 2 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \Policies \Google \Chrome \Recommended < / Key >
< ValueName > SearchSuggestEnabled < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \Policies \Google \Chrome \Recommended < / Key >
< ValueName > ShowFullUrlsInAddressBar < / ValueName >
< Value > 0 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \Policies \Google \Chrome \Recommended < / Key >
< ValueName > ShowHomeButton < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \Policies \Google \Chrome \Recommended < / Key >
< ValueName > SpellCheckServiceEnabled < / ValueName >
< Value > 0 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \Policies \Google \Chrome \Recommended < / Key >
< ValueName > TranslateEnabled < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Google \Chrome \Recommended \RestoreOnStartupURLs < / Key >
< ValueName > 1 < / ValueName >
< Value > https : / / example . com < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Google \Chrome \Recommended \RestoreOnStartupURLs < / Key >
< ValueName > 2 < / ValueName >
< Value > https : / / www . chromium . org < / Value >
< / Entry >
< / PolFile >
"""
chromium_json_expected_managed = \
b """
{
" FileSystemWriteAskForUrls " : [
" https://www.example.com " ,
" [*.]example.edu "
] ,
" InsecureContentBlockedForUrls " : [
" https://www.example.com " ,
" [*.]example.edu "
] ,
" DefaultSearchProviderImageURLPostParams " : " content= {imageThumbnail} ,url= {imageURL} ,sbisrc= {SearchSource} " ,
" BrowserAddPersonEnabled " : true ,
" DefaultSearchProviderImageURL " : " https://search.my.company/searchbyimage/upload " ,
" ShowHomeButton " : true ,
" ClearBrowsingDataOnExitList " : [
" browsing_history " ,
" download_history " ,
" cookies_and_other_site_data " ,
" cached_images_and_files " ,
" password_signin " ,
" autofill " ,
" site_settings " ,
" hosted_app_data "
] ,
" JavaScriptAllowedForUrls " : [
" https://www.example.com " ,
" [*.]example.edu "
] ,
" AmbientAuthenticationInPrivateModesEnabled " : 0 ,
" AllowFileSelectionDialogs " : true ,
" PrintingAllowedBackgroundGraphicsModes " : " enabled " ,
" DnsOverHttpsTemplates " : " https://dns.example.net/dns-query { ?dns} " ,
" ComponentUpdatesEnabled " : true ,
" RemoteAccessHostAllowRemoteAccessConnections " : false ,
" WindowOcclusionEnabled " : true ,
" PrintPreviewUseSystemDefaultPrinter " : false ,
" AutoLaunchProtocolsFromOrigins " : [
{
" allowed_origins " : [
" example.com " ,
" http://www.example.com:8080 "
] ,
" protocol " : " spotify "
} ,
{
" allowed_origins " : [
" https://example.com " ,
" https://.mail.example.com "
] ,
" protocol " : " teams "
} ,
{
" allowed_origins " : [
" * "
] ,
" protocol " : " outlook "
}
] ,
" ManagedConfigurationPerOrigin " : [
{
" origin " : " https://www.google.com " ,
" managed_configuration_hash " : " asd891jedasd12ue9h " ,
" managed_configuration_url " : " https://gstatic.google.com/configuration.json "
} ,
{
" origin " : " https://www.example.com " ,
" managed_configuration_hash " : " djio12easd89u12aws " ,
" managed_configuration_url " : " https://gstatic.google.com/configuration2.json "
}
] ,
" SyncTypesListDisabled " : [
" bookmarks "
] ,
" SecurityKeyPermitAttestation " : [
" https://example.com "
] ,
" DefaultSearchProviderSearchURL " : " https://search.my.company/search?q= {searchTerms} " ,
" MetricsReportingEnabled " : true ,
" MaxInvalidationFetchDelay " : 10000 ,
" AudioProcessHighPriorityEnabled " : true ,
" ExtensionInstallForcelist " : [
" aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa;https://clients2.google.com/service/update2/crx " ,
" abcdefghijklmnopabcdefghijklmnop "
] ,
" ExternalProtocolDialogShowAlwaysOpenCheckbox " : true ,
" CookiesBlockedForUrls " : [
" https://www.example.com " ,
" [*.]example.edu "
] ,
" BrowserSwitcherExternalSitelistUrl " : " http://example.com/sitelist.xml " ,
" AudioCaptureAllowedUrls " : [
" https://www.example.com/ " ,
" https://[*.]example.edu/ "
] ,
" NTPCustomBackgroundEnabled " : true ,
" BlockExternalExtensions " : true ,
" BrowserSwitcherChromeParameters " : [
" --force-dark-mode "
] ,
" SafeSitesFilterBehavior " : 0 ,
" EnableOnlineRevocationChecks " : false ,
" ImagesBlockedForUrls " : [
" https://www.example.com " ,
" [*.]example.edu "
] ,
" InsecureFormsWarningsEnabled " : true ,
" RelaunchNotificationPeriod " : 604800000 ,
" TotalMemoryLimitMb " : 2048 ,
" CloudManagementEnrollmentMandatory " : true ,
" ClickToCallEnabled " : true ,
" AppCacheForceEnabled " : false ,
" UrlKeyedAnonymizedDataCollectionEnabled " : true ,
" FullscreenAllowed " : true ,
" AuthSchemes " : " basic,digest,ntlm,negotiate " ,
" PasswordLeakDetectionEnabled " : true ,
" AuthServerAllowlist " : " *.example.com,example.com " ,
" AllowSyncXHRInPageDismissal " : false ,
" PasswordProtectionChangePasswordURL " : " https://mydomain.com/change_password.html " ,
" MaxConnectionsPerProxy " : 32 ,
" RemoteAccessHostMaximumSessionDurationMinutes " : 1200 ,
" RemoteAccessHostAllowFileTransfer " : false ,
" PrintRasterizationMode " : 1 ,
" CertificateTransparencyEnforcementDisabledForLegacyCas " : [
" sha256/AAAAAAAAAAAAAAAAAAAAAA== " ,
" sha256//////////////////////w== "
] ,
" DefaultWebBluetoothGuardSetting " : 2 ,
" AutoplayAllowed " : true ,
" BrowserSwitcherUrlList " : [
" ie.com " ,
" !open-in-chrome.ie.com " ,
" foobar.com/ie-only/ "
] ,
" CertificateTransparencyEnforcementDisabledForUrls " : [
" example.com " ,
" .example.com "
] ,
" SpellcheckLanguageBlocklist " : [
" fr " ,
" es "
] ,
" PrintHeaderFooter " : false ,
" ShowAppsShortcutInBookmarkBar " : false ,
" SerialAskForUrls " : [
" https://www.example.com " ,
" [*.]example.edu "
] ,
" ImagesAllowedForUrls " : [
" https://www.example.com " ,
" [*.]example.edu "
] ,
" ProfilePickerOnStartupAvailability " : 0 ,
" CommandLineFlagSecurityWarningsEnabled " : true ,
" QuicAllowed " : true ,
" IntensiveWakeUpThrottlingEnabled " : true ,
" WPADQuickCheckEnabled " : true ,
" SensorsAllowedForUrls " : [
" https://www.example.com " ,
" [*.]example.edu "
] ,
" NTPCardsVisible " : true ,
" DefaultSearchProviderAlternateURLs " : [
" https://search.my.company/suggest#q= {searchTerms} " ,
" https://search.my.company/suggest/search#q= {searchTerms} "
] ,
" DisableSafeBrowsingProceedAnyway " : true ,
" DefaultFileSystemWriteGuardSetting " : 2 ,
" DefaultSearchProviderSuggestURL " : " https://search.my.company/suggest?q= {searchTerms} " ,
" SSLErrorOverrideAllowed " : true ,
" CloudPrintProxyEnabled " : true ,
" BrowserSwitcherUrlGreylist " : [
" ie.com " ,
" !open-in-chrome.ie.com " ,
" foobar.com/ie-only/ "
] ,
" BrowserNetworkTimeQueriesEnabled " : true ,
" WebUsbAllowDevicesForUrls " : [
{
" urls " : [
" https://google.com "
] ,
" devices " : [
{
" vendor_id " : 1234 ,
" product_id " : 5678
}
]
}
] ,
" TaskManagerEndProcessEnabled " : true ,
" SuppressDifferentOriginSubframeDialogs " : true ,
" UserDataDir " : " $ {users} /$ {user_name} /Chrome " ,
" CookiesAllowedForUrls " : [
" https://www.example.com " ,
" [*.]example.edu "
] ,
" SuppressUnsupportedOSWarning " : true ,
" RequireOnlineRevocationChecksForLocalAnchors " : false ,
" BrowsingDataLifetime " : [
{
" data_types " : [
" browsing_history "
] ,
" time_to_live_in_hours " : 24
} ,
{
" data_types " : [
" password_signin " ,
" autofill "
] ,
" time_to_live_in_hours " : 12
}
] ,
" FileHandlingBlockedForUrls " : [
" https://www.example.com " ,
" [*.]example.edu "
] ,
" AudioCaptureAllowed " : false ,
" PromotionalTabsEnabled " : false ,
" ShowFullUrlsInAddressBar " : false ,
" EnableMediaRouter " : true ,
" BrowserSwitcherDelay " : 10000 ,
" AllowDinosaurEasterEgg " : false ,
" ImportSearchEngine " : true ,
" PrintingBackgroundGraphicsDefault " : " enabled " ,
" TripleDESEnabled " : false ,
" AutoplayAllowlist " : [
" https://www.example.com " ,
" [*.]example.edu "
] ,
" RemoteAccessHostUdpPortRange " : " 12400-12409 " ,
" DefaultSearchProviderIconURL " : " https://search.my.company/favicon.ico " ,
" BrowserSwitcherChromePath " : " $ {chrome} " ,
" InsecureContentAllowedForUrls " : [
" https://www.example.com " ,
" [*.]example.edu "
] ,
" DefaultSearchProviderSearchURLPostParams " : " q= {searchTerms} ,ie=utf-8,oe=utf-8 " ,
" ForceGoogleSafeSearch " : false ,
" UserFeedbackAllowed " : true ,
" ForceYouTubeRestrict " : 0 ,
" ApplicationLocaleValue " : " en " ,
" RoamingProfileSupportEnabled " : true ,
" AlternativeBrowserPath " : " $ {ie} " ,
" AlternativeBrowserParameters " : [
" -foreground " ,
" -new-window " ,
" $ {url} " ,
" -profile " ,
" % HOME % \\ \\ browser_profile "
] ,
" AdvancedProtectionAllowed " : true ,
" EditBookmarksEnabled " : false ,
" DefaultPrinterSelection " : " { \\ " kind \\" : \\ " cloud \\" , \\ " idPattern \\" : \\ " . * public \\" , \\ " namePattern \\" : \\ " . * Color \\" } " ,
" SSLVersionMin " : " tls1 " ,
" SharedArrayBufferUnrestrictedAccessAllowed " : true ,
" DefaultSerialGuardSetting " : 2 ,
" DefaultPopupsSetting " : 1 ,
" IntranetRedirectBehavior " : 1 ,
" RendererCodeIntegrityEnabled " : false ,
" BrowserGuestModeEnforced " : true ,
" HSTSPolicyBypassList " : [
" meet "
] ,
" DefaultWebUsbGuardSetting " : 2 ,
" CECPQ2Enabled " : true ,
" RemoteAccessHostDomainList " : [
" my-awesome-domain.com " ,
" my-auxiliary-domain.com "
] ,
" URLBlocklist " : [
" example.com " ,
" https://ssl.server.com " ,
" hosting.com/bad_path " ,
" https://server:8080/path " ,
" .exact.hostname.com " ,
" file://* " ,
" custom_scheme:* " ,
" * "
] ,
" IsolateOrigins " : " https://example.com/,https://othersite.org/ " ,
" ExtensionAllowedTypes " : [
" hosted_app "
] ,
" NativeMessagingBlocklist " : [
" com.native.messaging.host.name1 " ,
" com.native.messaging.host.name2 "
] ,
" ExtensionSettings " : {
" abcdefghijklmnopabcdefghijklmnop " : {
" blocked_permissions " : [
" history "
] ,
" minimum_version_required " : " 1.0.1 " ,
" toolbar_pin " : " force_pinned " ,
" installation_mode " : " allowed "
} ,
" bcdefghijklmnopabcdefghijklmnopa " : {
" runtime_blocked_hosts " : [
" *://*.example.com "
] ,
" allowed_permissions " : [
" downloads "
] ,
" update_url " : " https://example.com/update_url " ,
" runtime_allowed_hosts " : [
" *://good.example.com "
] ,
" installation_mode " : " force_installed "
} ,
" update_url:https://www.example.com/update.xml " : {
" allowed_permissions " : [
" downloads "
] ,
" blocked_permissions " : [
" wallpaper "
] ,
" installation_mode " : " allowed "
} ,
" cdefghijklmnopabcdefghijklmnopab " : {
" blocked_install_message " : " Custom error message. " ,
" installation_mode " : " blocked "
} ,
" * " : {
" blocked_permissions " : [
" downloads " ,
" bookmarks "
] ,
" installation_mode " : " blocked " ,
" runtime_blocked_hosts " : [
" *://*.example.com "
] ,
" blocked_install_message " : " Custom error message. " ,
" allowed_types " : [
" hosted_app "
] ,
" runtime_allowed_hosts " : [
" *://good.example.com "
] ,
" install_sources " : [
" https://company-intranet/chromeapps "
]
} ,
" defghijklmnopabcdefghijklmnopabc,efghijklmnopabcdefghijklmnopabcd " : {
" blocked_install_message " : " Custom error message. " ,
" installation_mode " : " blocked "
} ,
" fghijklmnopabcdefghijklmnopabcde " : {
" blocked_install_message " : " Custom removal message. " ,
" installation_mode " : " removed "
} ,
" ghijklmnopabcdefghijklmnopabcdef " : {
" update_url " : " https://example.com/update_url " ,
" override_update_url " : true ,
" installation_mode " : " force_installed "
}
} ,
" FileSystemReadAskForUrls " : [
" https://www.example.com " ,
" [*.]example.edu "
] ,
" SpellCheckServiceEnabled " : false ,
" ExtensionInstallSources " : [
" https://corp.mycompany.com/* "
] ,
" PrinterTypeDenyList " : [
" cloud " ,
" privet "
] ,
" SharedClipboardEnabled " : true ,
" BlockThirdPartyCookies " : false ,
" MediaRouterCastAllowAllIPs " : false ,
" DnsOverHttpsMode " : " off " ,
" SyncDisabled " : true ,
" LookalikeWarningAllowlistDomains " : [
" foo.example.com " ,
" example.org "
] ,
" UserDataSnapshotRetentionLimit " : 3 ,
" SafeBrowsingProtectionLevel " : 2 ,
" ScrollToTextFragmentEnabled " : false ,
" ImportBookmarks " : true ,
" DefaultBrowserSettingEnabled " : true ,
" DefaultSearchProviderEnabled " : true ,
" AdditionalDnsQueryTypesEnabled " : true ,
" PolicyRefreshRate " : 3600000 ,
" PrintingPaperSizeDefault " : {
" custom_size " : {
" width " : 210000 ,
" height " : 297000
} ,
" name " : " custom "
} ,
" RestoreOnStartup " : 4 ,
" PasswordProtectionWarningTrigger " : 1 ,
" ChromeCleanupEnabled " : true ,
" AbusiveExperienceInterventionEnforce " : true ,
" BasicAuthOverHttpEnabled " : false ,
" EnableAuthNegotiatePort " : false ,
" DefaultGeolocationSetting " : 1 ,
" PolicyDictionaryMultipleSourceMergeList " : [
" ExtensionSettings "
] ,
" AllowedDomainsForApps " : " managedchrome.com,example.com " ,
" DisableAuthNegotiateCnameLookup " : false ,
" IncognitoModeAvailability " : 1 ,
" ChromeVariations " : 1 ,
" DefaultSearchProviderNewTabURL " : " https://search.my.company/newtab " ,
" SavingBrowserHistoryDisabled " : true ,
" SpellcheckEnabled " : false ,
" FileSystemWriteBlockedForUrls " : [
" https://www.example.com " ,
" [*.]example.edu "
] ,
" BuiltInDnsClientEnabled " : true ,
" SSLErrorOverrideAllowedForOrigins " : [
" https://www.example.com " ,
" [*.]example.edu "
] ,
" WebRtcIPHandling " : " default " ,
" DefaultNotificationsSetting " : 2 ,
" PopupsAllowedForUrls " : [
" https://www.example.com " ,
" [*.]example.edu "
] ,
" TranslateEnabled " : true ,
" DefaultSearchProviderEncodings " : [
" UTF-8 " ,
" UTF-16 " ,
" GB2312 " ,
" ISO-8859-1 "
] ,
" DownloadRestrictions " : 2 ,
" PromptForDownloadLocation " : false ,
" DisablePrintPreview " : false ,
" NetworkPredictionOptions " : 1 ,
" FileSystemReadBlockedForUrls " : [
" https://www.example.com " ,
" [*.]example.edu "
] ,
" AutoOpenFileTypes " : [
" exe " ,
" txt "
] ,
" DownloadDirectory " : " /home/$ {user_name} /Downloads " ,
" ImportHomepage " : true ,
" GloballyScopeHTTPAuthCacheEnabled " : false ,
" CloudManagementEnrollmentToken " : " 37185d02-e055-11e7-80c1-9a214cf093ae " ,
" ThirdPartyBlockingEnabled " : false ,
" AdsSettingForIntrusiveAdsSites " : 1 ,
" FetchKeepaliveDurationSecondsOnShutdown " : 1 ,
" BookmarkBarEnabled " : true ,
" DisableScreenshots " : true ,
" AccessibilityImageLabelsEnabled " : false ,
" RemoteAccessHostAllowUiAccessForRemoteAssistance " : true ,
" PopupsBlockedForUrls " : [
" https://www.example.com " ,
" [*.]example.edu "
] ,
" DefaultFileSystemReadGuardSetting " : 2 ,
" BrowserSignin " : 2 ,
" WebRtcAllowLegacyTLSProtocols " : false ,
" PasswordManagerEnabled " : true ,
" SafeBrowsingExtendedReportingEnabled " : true ,
" CloudPolicyOverridesPlatformPolicy " : false ,
" InsecurePrivateNetworkRequestsAllowedForUrls " : [
" http://www.example.com:8080 " ,
" [*.]example.edu "
] ,
" RelaunchNotification " : 1 ,
" AlwaysOpenPdfExternally " : true ,
" DefaultFileHandlingGuardSetting " : 2 ,
" ForceEphemeralProfiles " : true ,
" PasswordProtectionLoginURLs " : [
" https://mydomain.com/login.html " ,
" https://login.mydomain.com "
] ,
" BrowserSwitcherExternalGreylistUrl " : " http://example.com/greylist.xml " ,
" BrowserGuestModeEnabled " : true ,
" MediaRecommendationsEnabled " : true ,
" WebRtcLocalIpsAllowedUrls " : [
" https://www.example.com " ,
" *example.com* "
] ,
" DeveloperToolsAvailability " : 2 ,
" DNSInterceptionChecksEnabled " : true ,
" DefaultSearchProviderContextMenuAccessAllowed " : true ,
" RemoteAccessHostRequireCurtain " : false ,
" PaymentMethodQueryEnabled " : true ,
" HomepageLocation " : " https://www.chromium.org " ,
" WebUsbAskForUrls " : [
" https://www.example.com " ,
" [*.]example.edu "
] ,
" RemoteAccessHostAllowClientPairing " : false ,
" ProxySettings " : {
" ProxyMode " : " direct " ,
" ProxyPacUrl " : " https://internal.site/example.pac " ,
" ProxyServer " : " 123.123.123.123:8080 " ,
" ProxyServerMode " : 2 ,
" ProxyBypassList " : " https://www.example1.com,https://www.example2.com,https://internalsite/ "
} ,
" AutofillCreditCardEnabled " : false ,
" FileHandlingAllowedForUrls " : [
" https://www.example.com " ,
" [*.]example.edu "
] ,
" ChromeCleanupReportingEnabled " : true ,
" AlternateErrorPagesEnabled " : true ,
" WebRtcEventLogCollectionAllowed " : true ,
" AutoSelectCertificateForUrls " : [
" { \\ " pattern \\" : \\ " https : / / www . example . com \\" , \\ " filter \\" : { \\ " ISSUER \\" : { \\ " CN \\" : \\ " certificate issuer name \\" , \\ " L \\" : \\ " certificate issuer location \\" , \\ " O \\" : \\ " certificate issuer org \\" , \\ " OU \\" : \\ " certificate issuer org unit \\" }, \\ " SUBJECT \\" : { \\ " CN \\" : \\ " certificate subject name \\" , \\ " L \\" : \\ " certificate subject location \\" , \\ " O \\" : \\ " certificate subject org \\" , \\ " OU \\" : \\ " certificate subject org unit \\" }}} "
] ,
" PolicyListMultipleSourceMergeList " : [
" ExtensionInstallAllowlist " ,
" ExtensionInstallBlocklist "
] ,
" CertificateTransparencyEnforcementDisabledForCas " : [
" sha256/AAAAAAAAAAAAAAAAAAAAAA== " ,
" sha256//////////////////////w== "
] ,
" CookiesSessionOnlyForUrls " : [
" https://www.example.com " ,
" [*.]example.edu "
] ,
" SitePerProcess " : true ,
" RemoteAccessHostFirewallTraversal " : false ,
" DefaultSearchProviderSuggestURLPostParams " : " q= {searchTerms} ,ie=utf-8,oe=utf-8 " ,
" BackgroundModeEnabled " : true ,
" DefaultJavaScriptSetting " : 1 ,
" ForcedLanguages " : [
" en-US "
] ,
" ManagedBookmarks " : [
{
" toplevel_name " : " My managed bookmarks folder "
} ,
{
" url " : " google.com " ,
" name " : " Google "
} ,
{
" url " : " youtube.com " ,
" name " : " Youtube "
} ,
{
" children " : [
{
" url " : " chromium.org " ,
" name " : " Chromium "
} ,
{
" url " : " dev.chromium.org " ,
" name " : " Chromium Developers "
}
] ,
" name " : " Chrome links "
}
] ,
" Disable3DAPIs " : false ,
" CloudPrintSubmitEnabled " : true ,
" DefaultCookiesSetting " : 1 ,
" ExtensionInstallBlocklist " : [
" extension_id1 " ,
" extension_id2 "
] ,
" URLAllowlist " : [
" example.com " ,
" https://ssl.server.com " ,
" hosting.com/good_path " ,
" https://server:8080/path " ,
" .exact.hostname.com "
] ,
" ExplicitlyAllowedNetworkPorts " : [
" 10080 "
] ,
" HomepageIsNewTabPage " : true ,
" SensorsBlockedForUrls " : [
" https://www.example.com " ,
" [*.]example.edu "
] ,
" BrowserLabsEnabled " : false ,
" NotificationsAllowedForUrls " : [
" https://www.example.com " ,
" [*.]example.edu "
] ,
" NativeMessagingUserLevelHosts " : false ,
" AuthNegotiateDelegateAllowlist " : " foobar.example.com " ,
" CloudUserPolicyMerge " : true ,
" OverrideSecurityRestrictionsOnInsecureOrigin " : [
" http://testserver.example.com/ " ,
" *.example.org "
] ,
" HideWebStoreIcon " : true ,
" SafeBrowsingForTrustedSourcesEnabled " : false ,
" NewTabPageLocation " : " https://www.chromium.org " ,
" DiskCacheSize " : 104857600 ,
" BrowserSwitcherUseIeSitelist " : true ,
" WebRtcUdpPortRange " : " 10000-11999 " ,
" EnterpriseHardwarePlatformAPIEnabled " : true ,
" AutoOpenAllowedForURLs " : [
" example.com " ,
" https://ssl.server.com " ,
" hosting.com/good_path " ,
" https://server:8080/path " ,
" .exact.hostname.com "
] ,
" NativeMessagingAllowlist " : [
" com.native.messaging.host.name1 " ,
" com.native.messaging.host.name2 "
] ,
" DefaultSearchProviderName " : " My Intranet Search " ,
" JavaScriptBlockedForUrls " : [
" https://www.example.com " ,
" [*.]example.edu "
] ,
" EnableExperimentalPolicies " : [
" ExtensionInstallAllowlist " ,
" ExtensionInstallBlocklist "
] ,
" SafeBrowsingAllowlistDomains " : [
" mydomain.com " ,
" myuniversity.edu "
] ,
" AutofillAddressEnabled " : false ,
" AllowCrossOriginAuthPrompt " : false ,
" SpellcheckLanguage " : [
" fr " ,
" es "
] ,
" VideoCaptureAllowed " : false ,
" ScreenCaptureAllowed " : false ,
" VideoCaptureAllowedUrls " : [
" https://www.example.com/ " ,
" https://[*.]example.edu/ "
] ,
" ImportHistory " : true ,
" ShowCastIconInToolbar " : false ,
" RestoreOnStartupURLs " : [
" https://example.com " ,
" https://www.chromium.org "
] ,
" LegacySameSiteCookieBehaviorEnabledForDomainList " : [
" www.example.com " ,
" [*.]example.edu "
] ,
" PrintingEnabled " : true ,
" ImportSavedPasswords " : true ,
" EnableDeprecatedPrivetPrinting " : true ,
" InsecurePrivateNetworkRequestsAllowed " : false ,
" HeadlessMode " : 2 ,
" PolicyAtomicGroupsEnabled " : true ,
" HardwareAccelerationModeEnabled " : true ,
" AllowDeletingBrowserHistory " : true ,
" DefaultSearchProviderKeyword " : " mis " ,
" ExtensionInstallAllowlist " : [
" extension_id1 " ,
" extension_id2 "
] ,
" WebAppInstallForceList " : [
{
" url " : " https://www.google.com/maps " ,
" create_desktop_shortcut " : true ,
" default_launch_container " : " window "
} ,
{
" url " : " https://docs.google.com " ,
" default_launch_container " : " tab "
} ,
{
" url " : " https://docs.google.com/editor " ,
" fallback_app_name " : " Editor " ,
" default_launch_container " : " window "
}
] ,
" DiskCacheDir " : " $ {user_home} /Chrome_cache " ,
" SignedHTTPExchangeEnabled " : true ,
" SearchSuggestEnabled " : true ,
" BrowserThemeColor " : " #FFFFFF " ,
" RestrictSigninToPattern " : " .*@example \\ \\ .com " ,
" DefaultInsecureContentSetting " : 2 ,
" DefaultSensorsSetting " : 2 ,
" AudioSandboxEnabled " : true ,
" RemoteAccessHostAllowRelayedConnection " : false ,
" RoamingProfileLocation " : " $ {roaming_app_data} \\ \\ chrome-profile " ,
" UserAgentClientHintsEnabled " : true ,
" TargetBlankImpliesNoOpener " : false ,
" BrowserSwitcherKeepLastChromeTab " : false ,
" RemoteAccessHostClientDomainList " : [
" my-awesome-domain.com " ,
" my-auxiliary-domain.com "
] ,
" NotificationsBlockedForUrls " : [
" https://www.example.com " ,
" [*.]example.edu "
] ,
" SerialBlockedForUrls " : [
" https://www.example.com " ,
" [*.]example.edu "
] ,
" DefaultImagesSetting " : 1 ,
" SigninInterceptionEnabled " : true ,
" WebUsbBlockedForUrls " : [
" https://www.example.com " ,
" [*.]example.edu "
] ,
" ImportAutofillFormData " : true ,
" BrowserSwitcherEnabled " : true
}
"""
chromium_json_expected_recommended = \
b """
{
" BackgroundModeEnabled " : true ,
" RestoreOnStartup " : 4 ,
" RegisteredProtocolHandlers " : [
{
" default " : true ,
" url " : " https://mail.google.com/mail/?extsrc=mailto&url= %s " ,
" protocol " : " mailto "
}
] ,
" ShowHomeButton " : true ,
" PrintHeaderFooter " : false ,
" SafeBrowsingForTrustedSourcesEnabled " : false ,
" ShowFullUrlsInAddressBar " : false ,
" MetricsReportingEnabled " : true ,
" SpellCheckServiceEnabled " : false ,
" ImportSearchEngine " : true ,
" DownloadRestrictions " : 2 ,
" NetworkPredictionOptions " : 1 ,
" DownloadDirectory " : " /home/$ {user_name} /Downloads " ,
" TranslateEnabled " : true ,
" AutofillAddressEnabled " : false ,
" BookmarkBarEnabled " : true ,
" PrintPreviewUseSystemDefaultPrinter " : false ,
" ApplicationLocaleValue " : " en " ,
" ImportHistory " : true ,
" RestoreOnStartupURLs " : [
" https://example.com " ,
" https://www.chromium.org "
] ,
" PasswordManagerEnabled " : true ,
" ImportSavedPasswords " : true ,
" DefaultDownloadDirectory " : " /home/$ {user_name} /Downloads " ,
" PasswordLeakDetectionEnabled " : true ,
" SearchSuggestEnabled " : true ,
" AlternateErrorPagesEnabled " : true ,
" HomepageIsNewTabPage " : true ,
" ImportAutofillFormData " : true ,
" BlockThirdPartyCookies " : false ,
" AutofillCreditCardEnabled " : false ,
" HomepageLocation " : " https://www.chromium.org " ,
" SafeBrowsingProtectionLevel " : 2 ,
" ImportBookmarks " : true
}
"""
2021-10-12 12:54:09 -06:00
firewalld_reg_pol = \
b """
< ? xml version = " 1.0 " encoding = " utf-8 " ? >
< PolFile num_entries = " 6 " signature = " PReg " version = " 1 " >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \Policies \Samba \Unix Settings \Firewalld < / Key >
< ValueName > Zones < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 4 " type_name = " REG_DWORD " >
< Key > Software \Policies \Samba \Unix Settings \Firewalld < / Key >
< ValueName > Rules < / ValueName >
< Value > 1 < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Samba \Unix Settings \Firewalld \Rules < / Key >
< ValueName > Rules < / ValueName >
< Value > { & quot ; work & quot ; : [ { & quot ; rule & quot ; : { & quot ; family & quot ; : & quot ; ipv4 & quot ; } , & quot ; source address & quot ; : & quot ; 172.25 .1 .7 & quot ; , & quot ; service name & quot ; : & quot ; ftp & quot ; , & quot ; reject & quot ; : { } } ] } < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Samba \Unix Settings \Firewalld \Zones < / Key >
< ValueName > * * delvals . < / ValueName >
< Value > < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Samba \Unix Settings \Firewalld \Zones < / Key >
< ValueName > work < / ValueName >
< Value > work < / Value >
< / Entry >
< Entry type = " 1 " type_name = " REG_SZ " >
< Key > Software \Policies \Samba \Unix Settings \Firewalld \Zones < / Key >
< ValueName > home < / ValueName >
< Value > home < / Value >
< / Entry >
< / PolFile >
"""
2018-08-29 17:28:58 -06:00
def days2rel_nttime ( val ) :
seconds = 60
minutes = 60
hours = 24
sam_add = 10000000
return - ( val * seconds * minutes * hours * sam_add )
2020-09-07 10:31:36 +02:00
def gpupdate ( lp , arg ) :
2018-08-29 17:28:58 -06:00
gpupdate = lp . get ( ' gpo update command ' )
2020-09-07 10:31:36 +02:00
gpupdate . append ( arg )
2018-08-29 17:28:58 -06:00
2020-09-07 10:31:36 +02:00
p = Popen ( gpupdate , stdout = PIPE , stderr = PIPE )
stdoutdata , stderrdata = p . communicate ( )
2022-12-08 15:15:15 -07:00
print ( stderrdata )
2020-09-07 10:31:36 +02:00
return p . returncode
2018-08-29 17:28:58 -06:00
2020-09-07 10:31:36 +02:00
def gpupdate_force ( lp ) :
return gpupdate ( lp , ' --force ' )
2018-08-29 17:28:58 -06:00
2020-09-07 10:31:36 +02:00
def gpupdate_unapply ( lp ) :
return gpupdate ( lp , ' --unapply ' )
2018-08-29 17:28:58 -06:00
2020-08-28 08:38:41 -06:00
def rsop ( lp ) :
2020-09-07 10:31:36 +02:00
return gpupdate ( lp , ' --rsop ' )
2020-08-28 08:38:41 -06:00
2018-08-29 17:28:58 -06:00
def stage_file ( path , data ) :
dirname = os . path . dirname ( path )
if not os . path . exists ( dirname ) :
try :
os . makedirs ( dirname )
except OSError as e :
if not ( e . errno == errno . EEXIST and os . path . isdir ( dirname ) ) :
return False
if os . path . exists ( path ) :
os . rename ( path , ' %s .bak ' % path )
with NamedTemporaryFile ( delete = False , dir = os . path . dirname ( path ) ) as f :
2018-11-06 19:55:22 +00:00
f . write ( get_bytes ( data ) )
2018-08-29 17:28:58 -06:00
os . rename ( f . name , path )
os . chmod ( path , 0o644 )
return True
def unstage_file ( path ) :
backup = ' %s .bak ' % path
if os . path . exists ( backup ) :
os . rename ( backup , path )
elif os . path . exists ( path ) :
os . remove ( path )
2018-07-30 18:20:39 +12:00
2018-02-12 12:21:42 -07:00
class GPOTests ( tests . TestCase ) :
def setUp ( self ) :
super ( GPOTests , self ) . setUp ( )
self . server = os . environ [ " SERVER " ]
2018-12-14 09:50:02 +13:00
self . dc_account = self . server . upper ( ) + ' $ '
2018-02-12 12:21:42 -07:00
self . lp = LoadParm ( )
self . lp . load_default ( )
self . creds = self . insta_creds ( template = self . get_credentials ( ) )
def tearDown ( self ) :
super ( GPOTests , self ) . tearDown ( )
2021-10-25 14:29:41 +02:00
def test_gpo_list ( self ) :
2018-02-12 12:21:42 -07:00
global poldir , dspath
ads = gpo . ADS_STRUCT ( self . server , self . lp , self . creds )
if ads . connect ( ) :
gpos = ads . get_gpo_list ( self . creds . get_username ( ) )
guid = ' { 31B2F340-016D-11D2-945F-00C04FB984F9} '
names = [ ' Local Policy ' , guid ]
file_sys_paths = [ None , ' %s \\ %s ' % ( poldir , guid ) ]
ds_paths = [ None , ' CN= %s , %s ' % ( guid , dspath ) ]
for i in range ( 0 , len ( gpos ) ) :
2020-02-07 11:02:38 +13:00
self . assertEqual ( gpos [ i ] . name , names [ i ] ,
2018-07-30 18:16:12 +12:00
' The gpo name did not match expected name %s ' % gpos [ i ] . name )
2020-02-07 11:02:38 +13:00
self . assertEqual ( gpos [ i ] . file_sys_path , file_sys_paths [ i ] ,
2018-07-30 18:16:12 +12:00
' file_sys_path did not match expected %s ' % gpos [ i ] . file_sys_path )
2020-02-07 11:02:38 +13:00
self . assertEqual ( gpos [ i ] . ds_path , ds_paths [ i ] ,
2018-07-30 18:16:12 +12:00
' ds_path did not match expected %s ' % gpos [ i ] . ds_path )
2018-02-12 12:21:42 -07:00
2021-10-25 14:29:41 +02:00
def test_gpo_ads_does_not_segfault ( self ) :
2018-04-13 12:29:05 +12:00
try :
ads = gpo . ADS_STRUCT ( self . server , 42 , self . creds )
except :
pass
2021-10-25 14:29:41 +02:00
def test_gpt_version ( self ) :
2018-02-12 12:21:42 -07:00
global gpt_data
2018-01-08 07:17:29 -07:00
local_path = self . lp . cache_path ( ' gpo_cache ' )
2018-02-12 12:21:42 -07:00
guid = ' { 31B2F340-016D-11D2-945F-00C04FB984F9} '
gpo_path = os . path . join ( local_path , policies , guid )
old_vers = gpo . gpo_get_sysvol_gpt_version ( gpo_path ) [ 1 ]
with open ( os . path . join ( gpo_path , ' GPT.INI ' ) , ' w ' ) as gpt :
gpt . write ( gpt_data % 42 )
2020-02-07 11:02:38 +13:00
self . assertEqual ( gpo . gpo_get_sysvol_gpt_version ( gpo_path ) [ 1 ] , 42 ,
2018-07-30 18:16:12 +12:00
' gpo_get_sysvol_gpt_version() did not return the expected version ' )
2018-02-12 12:21:42 -07:00
with open ( os . path . join ( gpo_path , ' GPT.INI ' ) , ' w ' ) as gpt :
gpt . write ( gpt_data % old_vers )
2020-02-07 11:02:38 +13:00
self . assertEqual ( gpo . gpo_get_sysvol_gpt_version ( gpo_path ) [ 1 ] , old_vers ,
2018-07-30 18:16:12 +12:00
' gpo_get_sysvol_gpt_version() did not return the expected version ' )
2018-02-12 12:21:42 -07:00
2021-10-25 14:29:41 +02:00
def test_check_refresh_gpo_list ( self ) :
2018-01-08 07:17:29 -07:00
cache = self . lp . cache_path ( ' gpo_cache ' )
ads = gpo . ADS_STRUCT ( self . server , self . lp , self . creds )
if ads . connect ( ) :
gpos = ads . get_gpo_list ( self . creds . get_username ( ) )
check_refresh_gpo_list ( self . server , self . lp , self . creds , gpos )
self . assertTrue ( os . path . exists ( cache ) ,
' GPO cache %s was not created ' % cache )
guid = ' { 31B2F340-016D-11D2-945F-00C04FB984F9} '
2018-12-14 09:50:02 +13:00
gpt_ini = os . path . join ( cache , policies ,
2018-01-08 07:17:29 -07:00
guid , ' GPT.INI ' )
self . assertTrue ( os . path . exists ( gpt_ini ) ,
' GPT.INI was not cached for %s ' % guid )
2021-10-25 14:29:41 +02:00
def test_check_refresh_gpo_list_malicious_paths ( self ) :
2018-01-08 07:17:29 -07:00
# the path cannot contain ..
path = ' /usr/local/samba/var/locks/sysvol/../../../../../../root/ '
self . assertRaises ( OSError , check_safe_path , path )
self . assertEqual ( check_safe_path ( ' /etc/passwd ' ) , ' etc/passwd ' )
self . assertEqual ( check_safe_path ( ' \\ \\ etc/ \\ passwd ' ) , ' etc/passwd ' )
# there should be no backslashes used to delineate paths
2018-12-14 09:50:02 +13:00
before = ' sysvol/ ' + realm + ' \\ Policies/ ' \
2018-01-08 07:17:29 -07:00
' { 31B2F340-016D-11D2-945F-00C04FB984F9} \\ GPT.INI '
2018-12-14 09:50:02 +13:00
after = realm + ' /Policies/ ' \
2018-01-08 07:17:29 -07:00
' { 31B2F340-016D-11D2-945F-00C04FB984F9}/GPT.INI '
result = check_safe_path ( before )
2020-02-07 11:02:38 +13:00
self . assertEqual ( result , after , ' check_safe_path() didn \' t '
2018-07-30 18:16:12 +12:00
' correctly convert \\ to / ' )
2018-01-08 07:17:29 -07:00
2021-10-25 14:29:41 +02:00
def test_check_safe_path_typesafe_name ( self ) :
2021-03-09 12:30:14 -07:00
path = ' \\ \\ toady.suse.de \\ SysVol \\ toady.suse.de \\ Policies \\ ' \
' { 31B2F340-016D-11D2-945F-00C04FB984F9} \\ GPT.INI '
expected_path = ' toady.suse.de/Policies/ ' \
' { 31B2F340-016D-11D2-945F-00C04FB984F9}/GPT.INI '
result = check_safe_path ( path )
self . assertEqual ( result , expected_path ,
' check_safe_path unable to detect variable case sysvol components ' )
2021-10-25 14:29:41 +02:00
def test_gpt_ext_register ( self ) :
2018-07-11 17:09:26 +12:00
this_path = os . path . dirname ( os . path . realpath ( __file__ ) )
samba_path = os . path . realpath ( os . path . join ( this_path , ' ../../../ ' ) )
2022-05-27 10:56:25 -06:00
ext_path = os . path . join ( samba_path , ' python/samba/gp/gp_sec_ext.py ' )
2018-07-11 17:09:26 +12:00
ext_guid = ' { 827D319E-6EAC-11D2-A4EA-00C04F79F83A} '
2020-07-08 14:48:45 -06:00
ret = register_gp_extension ( ext_guid , ' gp_access_ext ' , ext_path ,
2018-07-11 17:09:26 +12:00
smb_conf = self . lp . configfile ,
machine = True , user = False )
self . assertTrue ( ret , ' Failed to register a gp ext ' )
gp_exts = list_gp_extensions ( self . lp . configfile )
self . assertTrue ( ext_guid in gp_exts . keys ( ) ,
2018-07-30 18:16:12 +12:00
' Failed to list gp exts ' )
2020-02-07 11:02:38 +13:00
self . assertEqual ( gp_exts [ ext_guid ] [ ' DllName ' ] , ext_path ,
2018-07-30 18:16:12 +12:00
' Failed to list gp exts ' )
2018-07-11 17:09:26 +12:00
unregister_gp_extension ( ext_guid )
gp_exts = list_gp_extensions ( self . lp . configfile )
self . assertTrue ( ext_guid not in gp_exts . keys ( ) ,
2018-07-30 18:16:12 +12:00
' Failed to unregister gp exts ' )
2018-07-11 17:09:26 +12:00
self . assertTrue ( check_guid ( ext_guid ) , ' Failed to parse valid guid ' )
self . assertFalse ( check_guid ( ' AAAAAABBBBBBBCCC ' ) , ' Parsed invalid guid ' )
lp , parser = parse_gpext_conf ( self . lp . configfile )
self . assertTrue ( lp and parser , ' parse_gpext_conf() invalid return ' )
parser . add_section ( ' test_section ' )
parser . set ( ' test_section ' , ' test_var ' , ext_guid )
atomic_write_conf ( lp , parser )
lp , parser = parse_gpext_conf ( self . lp . configfile )
self . assertTrue ( ' test_section ' in parser . sections ( ) ,
2018-07-30 18:16:12 +12:00
' test_section not found in gpext.conf ' )
2020-02-07 11:02:38 +13:00
self . assertEqual ( parser . get ( ' test_section ' , ' test_var ' ) , ext_guid ,
2018-07-30 18:16:12 +12:00
' Failed to find test variable in gpext.conf ' )
2018-07-11 17:09:26 +12:00
parser . remove_section ( ' test_section ' )
atomic_write_conf ( lp , parser )
2018-08-29 17:28:58 -06:00
2021-10-25 14:29:41 +02:00
def test_gp_log_get_applied ( self ) :
2018-08-29 17:28:58 -06:00
local_path = self . lp . get ( ' path ' , ' sysvol ' )
guids = [ ' { 31B2F340-016D-11D2-945F-00C04FB984F9} ' ,
' { 6AC1786C-016F-11D2-945F-00C04FB984F9} ' ]
2018-12-14 09:50:02 +13:00
gpofile = ' %s / ' + realm + ' /Policies/ %s /MACHINE/Microsoft/ ' \
2018-08-29 17:28:58 -06:00
' Windows NT/SecEdit/GptTmpl.inf '
stage = ' [System Access] \n MinimumPasswordAge = 998 \n '
cache_dir = self . lp . get ( ' cache directory ' )
store = GPOStorage ( os . path . join ( cache_dir , ' gpo.tdb ' ) )
for guid in guids :
gpttmpl = gpofile % ( local_path , guid )
ret = stage_file ( gpttmpl , stage )
self . assertTrue ( ret , ' Could not create the target %s ' % gpttmpl )
ret = gpupdate_force ( self . lp )
2020-02-07 11:02:38 +13:00
self . assertEqual ( ret , 0 , ' gpupdate force failed ' )
2018-08-29 17:28:58 -06:00
2018-12-14 09:50:02 +13:00
gp_db = store . get_gplog ( self . dc_account )
2018-08-29 17:28:58 -06:00
applied_guids = gp_db . get_applied_guids ( )
2020-02-07 11:02:38 +13:00
self . assertEqual ( len ( applied_guids ) , 2 , ' The guids were not found ' )
2018-08-29 17:28:58 -06:00
self . assertIn ( guids [ 0 ] , applied_guids ,
' %s not in applied guids ' % guids [ 0 ] )
self . assertIn ( guids [ 1 ] , applied_guids ,
' %s not in applied guids ' % guids [ 1 ] )
applied_settings = gp_db . get_applied_settings ( applied_guids )
for policy in applied_settings :
self . assertIn ( ' System Access ' , policy [ 1 ] ,
' System Access policies not set ' )
self . assertIn ( ' minPwdAge ' , policy [ 1 ] [ ' System Access ' ] ,
' minPwdAge policy not set ' )
if policy [ 0 ] == guids [ 0 ] :
self . assertEqual ( int ( policy [ 1 ] [ ' System Access ' ] [ ' minPwdAge ' ] ) ,
days2rel_nttime ( 1 ) ,
' minPwdAge policy not set ' )
elif policy [ 0 ] == guids [ 1 ] :
self . assertEqual ( int ( policy [ 1 ] [ ' System Access ' ] [ ' minPwdAge ' ] ) ,
days2rel_nttime ( 998 ) ,
' minPwdAge policy not set ' )
2018-08-30 10:25:45 -06:00
ads = gpo . ADS_STRUCT ( self . server , self . lp , self . creds )
if ads . connect ( ) :
2018-12-14 09:50:02 +13:00
gpos = ads . get_gpo_list ( self . dc_account )
2018-08-30 10:25:45 -06:00
del_gpos = get_deleted_gpos_list ( gp_db , gpos [ : - 1 ] )
self . assertEqual ( len ( del_gpos ) , 1 , ' Returned delete gpos is incorrect ' )
self . assertEqual ( guids [ - 1 ] , del_gpos [ 0 ] [ 0 ] ,
' GUID for delete gpo is incorrect ' )
self . assertIn ( ' System Access ' , del_gpos [ 0 ] [ 1 ] ,
' System Access policies not set for removal ' )
self . assertIn ( ' minPwdAge ' , del_gpos [ 0 ] [ 1 ] [ ' System Access ' ] ,
' minPwdAge policy not set for removal ' )
2018-08-29 17:28:58 -06:00
for guid in guids :
gpttmpl = gpofile % ( local_path , guid )
unstage_file ( gpttmpl )
ret = gpupdate_unapply ( self . lp )
2020-02-07 11:02:38 +13:00
self . assertEqual ( ret , 0 , ' gpupdate unapply failed ' )
2018-08-30 15:22:08 -06:00
2021-10-25 14:29:41 +02:00
def test_process_group_policy ( self ) :
2018-08-30 15:22:08 -06:00
local_path = self . lp . cache_path ( ' gpo_cache ' )
guids = [ ' { 31B2F340-016D-11D2-945F-00C04FB984F9} ' ,
' { 6AC1786C-016F-11D2-945F-00C04FB984F9} ' ]
2018-12-14 09:50:02 +13:00
gpofile = ' %s / ' + policies + ' / %s /MACHINE/MICROSOFT/ ' \
2018-08-30 15:22:08 -06:00
' WINDOWS NT/SECEDIT/GPTTMPL.INF '
cache_dir = self . lp . get ( ' cache directory ' )
store = GPOStorage ( os . path . join ( cache_dir , ' gpo.tdb ' ) )
machine_creds = Credentials ( )
machine_creds . guess ( self . lp )
machine_creds . set_machine_account ( )
# Initialize the group policy extension
2022-03-02 02:23:51 -07:00
ext = gp_krb_ext ( self . lp , machine_creds ,
2021-07-20 09:13:06 -06:00
machine_creds . get_username ( ) , store )
2018-08-30 15:22:08 -06:00
ads = gpo . ADS_STRUCT ( self . server , self . lp , machine_creds )
if ads . connect ( ) :
gpos = ads . get_gpo_list ( machine_creds . get_username ( ) )
2022-11-11 10:04:44 -07:00
# Include MaxClockSkew to ensure we don't fail on a key we ignore
stage = ' [Kerberos Policy] \n MaxTicketAge = %d \n MaxClockSkew = 5 '
2018-08-30 15:22:08 -06:00
opts = [ 100 , 200 ]
for i in range ( 0 , 2 ) :
gpttmpl = gpofile % ( local_path , guids [ i ] )
ret = stage_file ( gpttmpl , stage % opts [ i ] )
self . assertTrue ( ret , ' Could not create the target %s ' % gpttmpl )
# Process all gpos
ext . process_group_policy ( [ ] , gpos )
ret = store . get_int ( ' kdc:user_ticket_lifetime ' )
self . assertEqual ( ret , opts [ 1 ] , ' Higher priority policy was not set ' )
# Remove policy
gp_db = store . get_gplog ( machine_creds . get_username ( ) )
del_gpos = get_deleted_gpos_list ( gp_db , [ ] )
ext . process_group_policy ( del_gpos , [ ] )
ret = store . get_int ( ' kdc:user_ticket_lifetime ' )
self . assertEqual ( ret , None , ' MaxTicketAge should not have applied ' )
# Process just the first gpo
ext . process_group_policy ( [ ] , gpos [ : - 1 ] )
ret = store . get_int ( ' kdc:user_ticket_lifetime ' )
self . assertEqual ( ret , opts [ 0 ] , ' Lower priority policy was not set ' )
# Remove policy
ext . process_group_policy ( del_gpos , [ ] )
for guid in guids :
gpttmpl = gpofile % ( local_path , guid )
unstage_file ( gpttmpl )
2020-06-16 15:29:40 -06:00
2021-10-25 14:29:41 +02:00
def test_gp_scripts ( self ) :
2020-06-16 15:29:40 -06:00
local_path = self . lp . cache_path ( ' gpo_cache ' )
guid = ' { 31B2F340-016D-11D2-945F-00C04FB984F9} '
reg_pol = os . path . join ( local_path , policies , guid ,
' MACHINE/REGISTRY.POL ' )
cache_dir = self . lp . get ( ' cache directory ' )
store = GPOStorage ( os . path . join ( cache_dir , ' gpo.tdb ' ) )
machine_creds = Credentials ( )
machine_creds . guess ( self . lp )
machine_creds . set_machine_account ( )
# Initialize the group policy extension
2022-03-02 02:23:51 -07:00
ext = gp_scripts_ext ( self . lp , machine_creds ,
2021-07-20 09:13:06 -06:00
machine_creds . get_username ( ) , store )
2020-06-16 15:29:40 -06:00
ads = gpo . ADS_STRUCT ( self . server , self . lp , machine_creds )
if ads . connect ( ) :
gpos = ads . get_gpo_list ( machine_creds . get_username ( ) )
2020-06-25 14:15:18 -06:00
reg_key = b ' Software \\ Policies \\ Samba \\ Unix Settings '
sections = { b ' %s \\ Daily Scripts ' % reg_key : ' .cron.daily ' ,
2020-06-25 15:03:03 -06:00
b ' %s \\ Monthly Scripts ' % reg_key : ' .cron.monthly ' ,
2020-06-25 15:23:35 -06:00
b ' %s \\ Weekly Scripts ' % reg_key : ' .cron.weekly ' ,
2020-06-25 14:15:18 -06:00
b ' %s \\ Hourly Scripts ' % reg_key : ' .cron.hourly ' }
for keyname in sections . keys ( ) :
# Stage the Registry.pol file with test data
stage = preg . file ( )
e = preg . entry ( )
e . keyname = keyname
e . valuename = b ' Software \\ Policies \\ Samba \\ Unix Settings '
e . type = 1
e . data = b ' echo hello world '
stage . num_entries = 1
stage . entries = [ e ]
ret = stage_file ( reg_pol , ndr_pack ( stage ) )
self . assertTrue ( ret , ' Could not create the target %s ' % reg_pol )
# Process all gpos, with temp output directory
with TemporaryDirectory ( sections [ keyname ] ) as dname :
ext . process_group_policy ( [ ] , gpos , dname )
scripts = os . listdir ( dname )
self . assertEquals ( len ( scripts ) , 1 ,
' The %s script was not created ' % keyname . decode ( ) )
out , _ = Popen ( [ os . path . join ( dname , scripts [ 0 ] ) ] , stdout = PIPE ) . communicate ( )
self . assertIn ( b ' hello world ' , out ,
' %s script execution failed ' % keyname . decode ( ) )
2022-12-09 10:31:49 -07:00
# Check that a call to gpupdate --rsop also succeeds
ret = rsop ( self . lp )
self . assertEquals ( ret , 0 , ' gpupdate --rsop failed! ' )
2020-08-07 13:58:34 -06:00
# Remove policy
gp_db = store . get_gplog ( machine_creds . get_username ( ) )
del_gpos = get_deleted_gpos_list ( gp_db , [ ] )
ext . process_group_policy ( del_gpos , [ ] )
self . assertEquals ( len ( os . listdir ( dname ) ) , 0 ,
' Unapply failed to cleanup scripts ' )
2020-06-25 14:15:18 -06:00
# Unstage the Registry.pol file
unstage_file ( reg_pol )
2020-06-26 12:37:11 -06:00
2021-10-25 14:29:41 +02:00
def test_gp_sudoers ( self ) :
2020-06-26 12:37:11 -06:00
local_path = self . lp . cache_path ( ' gpo_cache ' )
guid = ' { 31B2F340-016D-11D2-945F-00C04FB984F9} '
reg_pol = os . path . join ( local_path , policies , guid ,
' MACHINE/REGISTRY.POL ' )
cache_dir = self . lp . get ( ' cache directory ' )
store = GPOStorage ( os . path . join ( cache_dir , ' gpo.tdb ' ) )
machine_creds = Credentials ( )
machine_creds . guess ( self . lp )
machine_creds . set_machine_account ( )
# Initialize the group policy extension
2022-03-02 02:23:51 -07:00
ext = gp_sudoers_ext ( self . lp , machine_creds ,
2021-07-20 09:13:06 -06:00
machine_creds . get_username ( ) , store )
2020-06-26 12:37:11 -06:00
ads = gpo . ADS_STRUCT ( self . server , self . lp , machine_creds )
if ads . connect ( ) :
gpos = ads . get_gpo_list ( machine_creds . get_username ( ) )
# Stage the Registry.pol file with test data
stage = preg . file ( )
e = preg . entry ( )
e . keyname = b ' Software \\ Policies \\ Samba \\ Unix Settings \\ Sudo Rights '
e . valuename = b ' Software \\ Policies \\ Samba \\ Unix Settings '
e . type = 1
e . data = b ' fakeu ALL=(ALL) NOPASSWD: ALL '
stage . num_entries = 1
stage . entries = [ e ]
ret = stage_file ( reg_pol , ndr_pack ( stage ) )
self . assertTrue ( ret , ' Could not create the target %s ' % reg_pol )
# Process all gpos, with temp output directory
with TemporaryDirectory ( ) as dname :
ext . process_group_policy ( [ ] , gpos , dname )
sudoers = os . listdir ( dname )
self . assertEquals ( len ( sudoers ) , 1 , ' The sudoer file was not created ' )
self . assertIn ( e . data ,
open ( os . path . join ( dname , sudoers [ 0 ] ) , ' r ' ) . read ( ) ,
' The sudoers entry was not applied ' )
2022-12-09 10:31:49 -07:00
# Check that a call to gpupdate --rsop also succeeds
ret = rsop ( self . lp )
self . assertEquals ( ret , 0 , ' gpupdate --rsop failed! ' )
2020-08-07 13:59:32 -06:00
# Remove policy
gp_db = store . get_gplog ( machine_creds . get_username ( ) )
del_gpos = get_deleted_gpos_list ( gp_db , [ ] )
ext . process_group_policy ( del_gpos , [ ] )
self . assertEquals ( len ( os . listdir ( dname ) ) , 0 ,
' Unapply failed to cleanup scripts ' )
2020-06-26 12:37:11 -06:00
# Unstage the Registry.pol file
unstage_file ( reg_pol )
2020-07-07 11:10:10 -06:00
2021-10-25 14:29:41 +02:00
def test_vgp_sudoers ( self ) :
2020-11-03 13:14:34 -07:00
local_path = self . lp . cache_path ( ' gpo_cache ' )
guid = ' { 31B2F340-016D-11D2-945F-00C04FB984F9} '
manifest = os . path . join ( local_path , policies , guid , ' MACHINE ' ,
' VGP/VTLA/SUDO/SUDOERSCONFIGURATION/MANIFEST.XML ' )
cache_dir = self . lp . get ( ' cache directory ' )
store = GPOStorage ( os . path . join ( cache_dir , ' gpo.tdb ' ) )
machine_creds = Credentials ( )
machine_creds . guess ( self . lp )
machine_creds . set_machine_account ( )
# Initialize the group policy extension
2022-03-02 02:23:51 -07:00
ext = vgp_sudoers_ext ( self . lp , machine_creds ,
2021-07-20 09:13:06 -06:00
machine_creds . get_username ( ) , store )
2020-11-03 13:14:34 -07:00
ads = gpo . ADS_STRUCT ( self . server , self . lp , machine_creds )
if ads . connect ( ) :
gpos = ads . get_gpo_list ( machine_creds . get_username ( ) )
# Stage the manifest.xml file with test data
stage = etree . Element ( ' vgppolicy ' )
policysetting = etree . Element ( ' policysetting ' )
stage . append ( policysetting )
version = etree . Element ( ' version ' )
version . text = ' 1 '
policysetting . append ( version )
data = etree . Element ( ' data ' )
sudoers_entry = etree . Element ( ' sudoers_entry ' )
command = etree . Element ( ' command ' )
command . text = ' ALL '
sudoers_entry . append ( command )
user = etree . Element ( ' user ' )
user . text = ' ALL '
sudoers_entry . append ( user )
principal_list = etree . Element ( ' listelement ' )
principal = etree . Element ( ' principal ' )
principal . text = ' fakeu '
principal . attrib [ ' type ' ] = ' user '
2020-12-21 16:47:51 -07:00
group = etree . Element ( ' principal ' )
group . text = ' fakeg '
group . attrib [ ' type ' ] = ' group '
2020-11-03 13:14:34 -07:00
principal_list . append ( principal )
2020-12-21 16:47:51 -07:00
principal_list . append ( group )
2020-11-03 13:14:34 -07:00
sudoers_entry . append ( principal_list )
data . append ( sudoers_entry )
2021-02-26 14:01:48 -07:00
# Ensure an empty principal doesn't cause a crash
sudoers_entry = etree . SubElement ( data , ' sudoers_entry ' )
command = etree . SubElement ( sudoers_entry , ' command ' )
command . text = ' ALL '
user = etree . SubElement ( sudoers_entry , ' user ' )
user . text = ' ALL '
# Ensure having dispersed principals still works
sudoers_entry = etree . SubElement ( data , ' sudoers_entry ' )
command = etree . SubElement ( sudoers_entry , ' command ' )
command . text = ' ALL '
user = etree . SubElement ( sudoers_entry , ' user ' )
user . text = ' ALL '
listelement = etree . SubElement ( sudoers_entry , ' listelement ' )
principal = etree . SubElement ( listelement , ' principal ' )
principal . text = ' fakeu2 '
principal . attrib [ ' type ' ] = ' user '
listelement = etree . SubElement ( sudoers_entry , ' listelement ' )
group = etree . SubElement ( listelement , ' principal ' )
group . text = ' fakeg2 '
group . attrib [ ' type ' ] = ' group '
2020-11-03 13:14:34 -07:00
policysetting . append ( data )
ret = stage_file ( manifest , etree . tostring ( stage ) )
self . assertTrue ( ret , ' Could not create the target %s ' % manifest )
# Process all gpos, with temp output directory
2020-12-21 16:47:51 -07:00
data = ' fakeu,fakeg % ALL=(ALL) NOPASSWD: ALL '
2021-02-26 14:01:48 -07:00
data2 = ' fakeu2,fakeg2 % ALL=(ALL) NOPASSWD: ALL '
data_no_principal = ' ALL ALL=(ALL) NOPASSWD: ALL '
2020-11-03 13:14:34 -07:00
with TemporaryDirectory ( ) as dname :
ext . process_group_policy ( [ ] , gpos , dname )
sudoers = os . listdir ( dname )
2021-02-26 14:01:48 -07:00
self . assertEquals ( len ( sudoers ) , 3 , ' The sudoer file was not created ' )
output = open ( os . path . join ( dname , sudoers [ 0 ] ) , ' r ' ) . read ( ) + \
open ( os . path . join ( dname , sudoers [ 1 ] ) , ' r ' ) . read ( ) + \
open ( os . path . join ( dname , sudoers [ 2 ] ) , ' r ' ) . read ( )
self . assertIn ( data , output ,
' The sudoers entry was not applied ' )
self . assertIn ( data2 , output ,
' The sudoers entry was not applied ' )
self . assertIn ( data_no_principal , output ,
2020-11-03 13:14:34 -07:00
' The sudoers entry was not applied ' )
2022-12-09 10:31:49 -07:00
# Check that a call to gpupdate --rsop also succeeds
ret = rsop ( self . lp )
self . assertEquals ( ret , 0 , ' gpupdate --rsop failed! ' )
2020-11-03 13:14:34 -07:00
# Remove policy
gp_db = store . get_gplog ( machine_creds . get_username ( ) )
del_gpos = get_deleted_gpos_list ( gp_db , [ ] )
ext . process_group_policy ( del_gpos , [ ] )
self . assertEquals ( len ( os . listdir ( dname ) ) , 0 ,
' Unapply failed to cleanup scripts ' )
# Unstage the Registry.pol file
unstage_file ( manifest )
2021-10-25 14:29:41 +02:00
def test_gp_inf_ext_utf ( self ) :
2020-07-07 11:10:10 -06:00
cache_dir = self . lp . get ( ' cache directory ' )
store = GPOStorage ( os . path . join ( cache_dir , ' gpo.tdb ' ) )
machine_creds = Credentials ( )
machine_creds . guess ( self . lp )
machine_creds . set_machine_account ( )
2022-03-02 02:23:51 -07:00
ext = gp_inf_ext ( self . lp , machine_creds ,
2021-07-20 09:13:06 -06:00
machine_creds . get_username ( ) , store )
2020-07-07 11:10:10 -06:00
test_data = ' [Kerberos Policy] \n MaxTicketAge = 99 \n '
with NamedTemporaryFile ( ) as f :
with codecs . open ( f . name , ' w ' , ' utf-16 ' ) as w :
w . write ( test_data )
try :
inf_conf = ext . read ( f . name )
except UnicodeDecodeError :
self . fail ( ' Failed to parse utf-16 ' )
self . assertIn ( ' Kerberos Policy ' , inf_conf . keys ( ) ,
' Kerberos Policy was not read from the file ' )
self . assertEquals ( inf_conf . get ( ' Kerberos Policy ' , ' MaxTicketAge ' ) ,
' 99 ' , ' MaxTicketAge was not read from the file ' )
with NamedTemporaryFile ( ) as f :
with codecs . open ( f . name , ' w ' , ' utf-8 ' ) as w :
w . write ( test_data )
inf_conf = ext . read ( f . name )
self . assertIn ( ' Kerberos Policy ' , inf_conf . keys ( ) ,
' Kerberos Policy was not read from the file ' )
self . assertEquals ( inf_conf . get ( ' Kerberos Policy ' , ' MaxTicketAge ' ) ,
' 99 ' , ' MaxTicketAge was not read from the file ' )
2020-07-07 10:35:25 -06:00
2021-10-25 14:29:41 +02:00
def test_rsop ( self ) :
2020-07-07 10:35:25 -06:00
cache_dir = self . lp . get ( ' cache directory ' )
local_path = self . lp . cache_path ( ' gpo_cache ' )
store = GPOStorage ( os . path . join ( cache_dir , ' gpo.tdb ' ) )
machine_creds = Credentials ( )
machine_creds . guess ( self . lp )
machine_creds . set_machine_account ( )
ads = gpo . ADS_STRUCT ( self . server , self . lp , machine_creds )
if ads . connect ( ) :
gpos = ads . get_gpo_list ( machine_creds . get_username ( ) )
gp_extensions = [ ]
2020-08-06 17:25:47 -06:00
gp_extensions . append ( gp_krb_ext )
gp_extensions . append ( gp_scripts_ext )
gp_extensions . append ( gp_sudoers_ext )
2020-08-19 13:02:48 -06:00
gp_extensions . append ( gp_smb_conf_ext )
2020-08-19 11:25:57 -06:00
gp_extensions . append ( gp_msgs_ext )
2020-07-07 10:35:25 -06:00
# Create registry stage data
reg_pol = os . path . join ( local_path , policies , ' %s /MACHINE/REGISTRY.POL ' )
reg_stage = preg . file ( )
e = preg . entry ( )
e . keyname = b ' Software \\ Policies \\ Samba \\ Unix Settings \\ Daily Scripts '
e . valuename = b ' Software \\ Policies \\ Samba \\ Unix Settings '
e . type = 1
e . data = b ' echo hello world '
2020-08-06 14:53:02 -06:00
e2 = preg . entry ( )
e2 . keyname = b ' Software \\ Policies \\ Samba \\ Unix Settings \\ Sudo Rights '
e2 . valuename = b ' Software \\ Policies \\ Samba \\ Unix Settings '
e2 . type = 1
e2 . data = b ' fakeu ALL=(ALL) NOPASSWD: ALL '
2020-08-19 13:02:48 -06:00
e3 = preg . entry ( )
e3 . keyname = ' Software \\ Policies \\ Samba \\ smb_conf \\ apply group policies '
e3 . type = 4
e3 . data = 1
e3 . valuename = ' apply group policies '
2020-08-19 11:25:57 -06:00
e4 = preg . entry ( )
e4 . keyname = b ' Software \\ Policies \\ Samba \\ Unix Settings \\ Messages '
e4 . valuename = b ' issue '
e4 . type = 1
e4 . data = b ' Welcome to \\ s \\ r \\ l '
reg_stage . num_entries = 4
reg_stage . entries = [ e , e2 , e3 , e4 ]
2020-07-07 10:35:25 -06:00
# Create krb stage date
gpofile = os . path . join ( local_path , policies , ' %s /MACHINE/MICROSOFT/ ' \
' WINDOWS NT/SECEDIT/GPTTMPL.INF ' )
2021-02-09 12:58:49 -07:00
krb_stage = ' [Kerberos Policy] \n MaxTicketAge = 99 \n ' \
' [System Access] \n MinimumPasswordAge = 998 \n '
2020-07-07 10:35:25 -06:00
for g in [ g for g in gpos if g . file_sys_path ] :
ret = stage_file ( gpofile % g . name , krb_stage )
self . assertTrue ( ret , ' Could not create the target %s ' %
( gpofile % g . name ) )
ret = stage_file ( reg_pol % g . name , ndr_pack ( reg_stage ) )
self . assertTrue ( ret , ' Could not create the target %s ' %
( reg_pol % g . name ) )
for ext in gp_extensions :
2022-03-02 02:23:51 -07:00
ext = ext ( self . lp , machine_creds ,
2021-07-20 09:13:06 -06:00
machine_creds . get_username ( ) , store )
2020-07-07 10:35:25 -06:00
ret = ext . rsop ( g )
self . assertEquals ( len ( ret . keys ( ) ) , 1 ,
' A single policy should have been displayed ' )
# Check the Security Extension
2020-06-26 15:34:02 -06:00
if type ( ext ) == gp_krb_ext :
2020-07-07 10:35:25 -06:00
self . assertIn ( ' Kerberos Policy ' , ret . keys ( ) ,
' Kerberos Policy not found ' )
self . assertIn ( ' MaxTicketAge ' , ret [ ' Kerberos Policy ' ] ,
' MaxTicketAge setting not found ' )
self . assertEquals ( ret [ ' Kerberos Policy ' ] [ ' MaxTicketAge ' ] , ' 99 ' ,
' MaxTicketAge was not set to 99 ' )
# Check the Scripts Extension
elif type ( ext ) == gp_scripts_ext :
self . assertIn ( ' Daily Scripts ' , ret . keys ( ) ,
' Daily Scripts not found ' )
self . assertIn ( ' echo hello world ' , ret [ ' Daily Scripts ' ] ,
' Daily script was not created ' )
2020-08-06 14:53:02 -06:00
# Check the Sudoers Extension
elif type ( ext ) == gp_sudoers_ext :
self . assertIn ( ' Sudo Rights ' , ret . keys ( ) ,
' Sudoers not found ' )
self . assertIn ( ' fakeu ALL=(ALL) NOPASSWD: ALL ' ,
ret [ ' Sudo Rights ' ] ,
' Sudoers policy not created ' )
2020-08-19 13:02:48 -06:00
# Check the smb.conf Extension
elif type ( ext ) == gp_smb_conf_ext :
self . assertIn ( ' smb.conf ' , ret . keys ( ) ,
' apply group policies was not applied ' )
self . assertIn ( e3 . valuename , ret [ ' smb.conf ' ] ,
' apply group policies was not applied ' )
self . assertEquals ( ret [ ' smb.conf ' ] [ e3 . valuename ] , e3 . data ,
' apply group policies was not set ' )
2020-08-19 11:25:57 -06:00
# Check the Messages Extension
elif type ( ext ) == gp_msgs_ext :
self . assertIn ( ' /etc/issue ' , ret ,
' Login Prompt Message not applied ' )
self . assertEquals ( ret [ ' /etc/issue ' ] , e4 . data ,
' Login Prompt Message not set ' )
2022-12-09 10:31:49 -07:00
# Check that a call to gpupdate --rsop also succeeds
ret = rsop ( self . lp )
self . assertEquals ( ret , 0 , ' gpupdate --rsop failed! ' )
2020-07-07 10:35:25 -06:00
unstage_file ( gpofile % g . name )
unstage_file ( reg_pol % g . name )
2020-08-06 15:41:13 -06:00
2021-10-25 14:29:41 +02:00
def test_gp_unapply ( self ) :
2020-08-06 15:41:13 -06:00
cache_dir = self . lp . get ( ' cache directory ' )
local_path = self . lp . cache_path ( ' gpo_cache ' )
guid = ' { 31B2F340-016D-11D2-945F-00C04FB984F9} '
store = GPOStorage ( os . path . join ( cache_dir , ' gpo.tdb ' ) )
machine_creds = Credentials ( )
machine_creds . guess ( self . lp )
machine_creds . set_machine_account ( )
ads = gpo . ADS_STRUCT ( self . server , self . lp , machine_creds )
if ads . connect ( ) :
gpos = ads . get_gpo_list ( machine_creds . get_username ( ) )
gp_extensions = [ ]
2020-08-06 17:25:47 -06:00
gp_extensions . append ( gp_krb_ext )
gp_extensions . append ( gp_scripts_ext )
gp_extensions . append ( gp_sudoers_ext )
2020-08-06 15:41:13 -06:00
# Create registry stage data
reg_pol = os . path . join ( local_path , policies , ' %s /MACHINE/REGISTRY.POL ' )
reg_stage = preg . file ( )
e = preg . entry ( )
e . keyname = b ' Software \\ Policies \\ Samba \\ Unix Settings \\ Daily Scripts '
e . valuename = b ' Software \\ Policies \\ Samba \\ Unix Settings '
e . type = 1
e . data = b ' echo hello world '
e2 = preg . entry ( )
e2 . keyname = b ' Software \\ Policies \\ Samba \\ Unix Settings \\ Sudo Rights '
e2 . valuename = b ' Software \\ Policies \\ Samba \\ Unix Settings '
e2 . type = 1
e2 . data = b ' fakeu ALL=(ALL) NOPASSWD: ALL '
reg_stage . num_entries = 2
reg_stage . entries = [ e , e2 ]
# Create krb stage date
gpofile = os . path . join ( local_path , policies , ' %s /MACHINE/MICROSOFT/ ' \
' WINDOWS NT/SECEDIT/GPTTMPL.INF ' )
krb_stage = ' [Kerberos Policy] \n MaxTicketAge = 99 \n '
ret = stage_file ( gpofile % guid , krb_stage )
self . assertTrue ( ret , ' Could not create the target %s ' %
( gpofile % guid ) )
ret = stage_file ( reg_pol % guid , ndr_pack ( reg_stage ) )
self . assertTrue ( ret , ' Could not create the target %s ' %
( reg_pol % guid ) )
# Process all gpos, with temp output directory
remove = [ ]
with TemporaryDirectory ( ) as dname :
for ext in gp_extensions :
2022-03-02 02:23:51 -07:00
ext = ext ( self . lp , machine_creds ,
2021-07-20 09:13:06 -06:00
machine_creds . get_username ( ) , store )
2020-08-06 15:41:13 -06:00
if type ( ext ) == gp_krb_ext :
ext . process_group_policy ( [ ] , gpos )
ret = store . get_int ( ' kdc:user_ticket_lifetime ' )
self . assertEqual ( ret , 99 , ' Kerberos policy was not set ' )
elif type ( ext ) in [ gp_scripts_ext , gp_sudoers_ext ] :
ext . process_group_policy ( [ ] , gpos , dname )
gp_db = store . get_gplog ( machine_creds . get_username ( ) )
applied_settings = gp_db . get_applied_settings ( [ guid ] )
for _ , fname in applied_settings [ - 1 ] [ - 1 ] [ str ( ext ) ] . items ( ) :
2022-11-29 14:01:13 -07:00
fname = fname . split ( ' : ' ) [ - 1 ]
2020-08-06 15:41:13 -06:00
self . assertIn ( dname , fname ,
' Test file not created in tmp dir ' )
self . assertTrue ( os . path . exists ( fname ) ,
' Test file not created ' )
remove . append ( fname )
# Unapply policy, and ensure policies are removed
gpupdate_unapply ( self . lp )
for fname in remove :
self . assertFalse ( os . path . exists ( fname ) ,
' Unapply did not remove test file ' )
ret = store . get_int ( ' kdc:user_ticket_lifetime ' )
self . assertNotEqual ( ret , 99 , ' Kerberos policy was not unapplied ' )
unstage_file ( gpofile % guid )
unstage_file ( reg_pol % guid )
2018-07-25 15:24:35 -06:00
2021-10-25 14:29:41 +02:00
def test_smb_conf_ext ( self ) :
2018-07-25 15:24:35 -06:00
local_path = self . lp . cache_path ( ' gpo_cache ' )
guid = ' { 31B2F340-016D-11D2-945F-00C04FB984F9} '
reg_pol = os . path . join ( local_path , policies , guid ,
' MACHINE/REGISTRY.POL ' )
cache_dir = self . lp . get ( ' cache directory ' )
store = GPOStorage ( os . path . join ( cache_dir , ' gpo.tdb ' ) )
machine_creds = Credentials ( )
machine_creds . guess ( self . lp )
machine_creds . set_machine_account ( )
ads = gpo . ADS_STRUCT ( self . server , self . lp , machine_creds )
if ads . connect ( ) :
gpos = ads . get_gpo_list ( machine_creds . get_username ( ) )
entries = [ ]
e = preg . entry ( )
e . keyname = ' Software \\ Policies \\ Samba \\ smb_conf \\ template homedir '
e . type = 1
e . data = ' /home/samba/ % D/ % U '
e . valuename = ' template homedir '
entries . append ( e )
e = preg . entry ( )
e . keyname = ' Software \\ Policies \\ Samba \\ smb_conf \\ apply group policies '
e . type = 4
e . data = 1
e . valuename = ' apply group policies '
entries . append ( e )
e = preg . entry ( )
e . keyname = ' Software \\ Policies \\ Samba \\ smb_conf \\ ldap timeout '
e . type = 4
e . data = 9999
e . valuename = ' ldap timeout '
entries . append ( e )
stage = preg . file ( )
stage . num_entries = len ( entries )
stage . entries = entries
ret = stage_file ( reg_pol , ndr_pack ( stage ) )
self . assertTrue ( ret , ' Failed to create the Registry.pol file ' )
with NamedTemporaryFile ( suffix = ' _smb.conf ' ) as f :
copyfile ( self . lp . configfile , f . name )
lp = LoadParm ( f . name )
# Initialize the group policy extension
2022-03-02 02:23:51 -07:00
ext = gp_smb_conf_ext ( lp , machine_creds ,
2021-07-20 09:13:06 -06:00
machine_creds . get_username ( ) , store )
2018-07-25 15:24:35 -06:00
ext . process_group_policy ( [ ] , gpos )
lp = LoadParm ( f . name )
template_homedir = lp . get ( ' template homedir ' )
self . assertEquals ( template_homedir , ' /home/samba/ % D/ % U ' ,
' template homedir was not applied ' )
apply_group_policies = lp . get ( ' apply group policies ' )
self . assertTrue ( apply_group_policies ,
' apply group policies was not applied ' )
ldap_timeout = lp . get ( ' ldap timeout ' )
self . assertEquals ( ldap_timeout , 9999 , ' ldap timeout was not applied ' )
2022-12-09 10:31:49 -07:00
# Check that a call to gpupdate --rsop also succeeds
ret = rsop ( self . lp )
self . assertEquals ( ret , 0 , ' gpupdate --rsop failed! ' )
2018-07-25 15:24:35 -06:00
# Remove policy
gp_db = store . get_gplog ( machine_creds . get_username ( ) )
del_gpos = get_deleted_gpos_list ( gp_db , [ ] )
ext . process_group_policy ( del_gpos , [ ] )
lp = LoadParm ( f . name )
template_homedir = lp . get ( ' template homedir ' )
self . assertEquals ( template_homedir , self . lp . get ( ' template homedir ' ) ,
' template homedir was not unapplied ' )
apply_group_policies = lp . get ( ' apply group policies ' )
self . assertEquals ( apply_group_policies , self . lp . get ( ' apply group policies ' ) ,
' apply group policies was not unapplied ' )
ldap_timeout = lp . get ( ' ldap timeout ' )
self . assertEquals ( ldap_timeout , self . lp . get ( ' ldap timeout ' ) ,
' ldap timeout was not unapplied ' )
# Unstage the Registry.pol file
unstage_file ( reg_pol )
2020-07-09 08:39:41 -06:00
2021-10-25 14:29:41 +02:00
def test_gp_motd ( self ) :
2020-07-09 08:39:41 -06:00
local_path = self . lp . cache_path ( ' gpo_cache ' )
guid = ' { 31B2F340-016D-11D2-945F-00C04FB984F9} '
reg_pol = os . path . join ( local_path , policies , guid ,
' MACHINE/REGISTRY.POL ' )
cache_dir = self . lp . get ( ' cache directory ' )
store = GPOStorage ( os . path . join ( cache_dir , ' gpo.tdb ' ) )
machine_creds = Credentials ( )
machine_creds . guess ( self . lp )
machine_creds . set_machine_account ( )
# Initialize the group policy extension
2022-03-02 02:23:51 -07:00
ext = gp_msgs_ext ( self . lp , machine_creds ,
2021-07-20 09:13:06 -06:00
machine_creds . get_username ( ) , store )
2020-07-09 08:39:41 -06:00
ads = gpo . ADS_STRUCT ( self . server , self . lp , machine_creds )
if ads . connect ( ) :
gpos = ads . get_gpo_list ( machine_creds . get_username ( ) )
# Stage the Registry.pol file with test data
stage = preg . file ( )
2020-07-09 09:53:34 -06:00
e1 = preg . entry ( )
e1 . keyname = b ' Software \\ Policies \\ Samba \\ Unix Settings \\ Messages '
e1 . valuename = b ' motd '
e1 . type = 1
e1 . data = b ' Have a lot of fun! '
stage . num_entries = 2
e2 = preg . entry ( )
e2 . keyname = b ' Software \\ Policies \\ Samba \\ Unix Settings \\ Messages '
e2 . valuename = b ' issue '
e2 . type = 1
e2 . data = b ' Welcome to \\ s \\ r \\ l '
stage . entries = [ e1 , e2 ]
2020-07-09 08:39:41 -06:00
ret = stage_file ( reg_pol , ndr_pack ( stage ) )
self . assertTrue ( ret , ' Could not create the target %s ' % reg_pol )
# Process all gpos, with temp output directory
with TemporaryDirectory ( ) as dname :
ext . process_group_policy ( [ ] , gpos , dname )
motd_file = os . path . join ( dname , ' motd ' )
self . assertTrue ( os . path . exists ( motd_file ) ,
' Message of the day file not created ' )
data = open ( motd_file , ' r ' ) . read ( )
2020-07-09 09:53:34 -06:00
self . assertEquals ( data , e1 . data , ' Message of the day not applied ' )
issue_file = os . path . join ( dname , ' issue ' )
self . assertTrue ( os . path . exists ( issue_file ) ,
' Login Prompt Message file not created ' )
data = open ( issue_file , ' r ' ) . read ( )
self . assertEquals ( data , e2 . data , ' Login Prompt Message not applied ' )
2020-07-09 08:39:41 -06:00
2022-12-09 10:31:49 -07:00
# Check that a call to gpupdate --rsop also succeeds
ret = rsop ( self . lp )
self . assertEquals ( ret , 0 , ' gpupdate --rsop failed! ' )
2020-07-09 08:39:41 -06:00
# Unapply policy, and ensure the test files are removed
gp_db = store . get_gplog ( machine_creds . get_username ( ) )
del_gpos = get_deleted_gpos_list ( gp_db , [ ] )
ext . process_group_policy ( del_gpos , [ ] , dname )
data = open ( motd_file , ' r ' ) . read ( )
self . assertFalse ( data , ' Message of the day file not removed ' )
2020-07-09 09:53:34 -06:00
data = open ( issue_file , ' r ' ) . read ( )
self . assertFalse ( data , ' Login Prompt Message file not removed ' )
2020-07-09 08:39:41 -06:00
# Unstage the Registry.pol file
unstage_file ( reg_pol )
2021-01-21 06:51:43 -07:00
2021-10-25 14:29:41 +02:00
def test_vgp_symlink ( self ) :
2021-01-21 06:51:43 -07:00
local_path = self . lp . cache_path ( ' gpo_cache ' )
guid = ' { 31B2F340-016D-11D2-945F-00C04FB984F9} '
manifest = os . path . join ( local_path , policies , guid , ' MACHINE ' ,
' VGP/VTLA/UNIX/SYMLINK/MANIFEST.XML ' )
cache_dir = self . lp . get ( ' cache directory ' )
store = GPOStorage ( os . path . join ( cache_dir , ' gpo.tdb ' ) )
machine_creds = Credentials ( )
machine_creds . guess ( self . lp )
machine_creds . set_machine_account ( )
# Initialize the group policy extension
2022-03-02 02:23:51 -07:00
ext = vgp_symlink_ext ( self . lp , machine_creds ,
2021-07-20 09:13:06 -06:00
machine_creds . get_username ( ) , store )
2021-01-21 06:51:43 -07:00
ads = gpo . ADS_STRUCT ( self . server , self . lp , machine_creds )
if ads . connect ( ) :
gpos = ads . get_gpo_list ( machine_creds . get_username ( ) )
with TemporaryDirectory ( ) as dname :
test_source = os . path . join ( dname , ' test.source ' )
test_target = os . path . join ( dname , ' test.target ' )
# Stage the manifest.xml file with test data
stage = etree . Element ( ' vgppolicy ' )
policysetting = etree . Element ( ' policysetting ' )
stage . append ( policysetting )
version = etree . Element ( ' version ' )
version . text = ' 1 '
policysetting . append ( version )
data = etree . Element ( ' data ' )
file_properties = etree . Element ( ' file_properties ' )
source = etree . Element ( ' source ' )
source . text = test_source
file_properties . append ( source )
target = etree . Element ( ' target ' )
target . text = test_target
file_properties . append ( target )
data . append ( file_properties )
policysetting . append ( data )
ret = stage_file ( manifest , etree . tostring ( stage ) )
self . assertTrue ( ret , ' Could not create the target %s ' % manifest )
# Create test source
test_source_data = ' hello world! '
with open ( test_source , ' w ' ) as w :
w . write ( test_source_data )
# Process all gpos, with temp output directory
ext . process_group_policy ( [ ] , gpos )
self . assertTrue ( os . path . exists ( test_target ) ,
' The test symlink was not created ' )
self . assertTrue ( os . path . islink ( test_target ) ,
' The test file is not a symlink ' )
self . assertIn ( test_source_data , open ( test_target , ' r ' ) . read ( ) ,
' Reading from symlink does not produce source data ' )
# Unapply the policy, ensure removal
gp_db = store . get_gplog ( machine_creds . get_username ( ) )
del_gpos = get_deleted_gpos_list ( gp_db , [ ] )
ext . process_group_policy ( del_gpos , [ ] )
self . assertFalse ( os . path . exists ( test_target ) ,
' The test symlink was not delete ' )
# Verify RSOP
ret = ext . rsop ( [ g for g in gpos if g . name == guid ] [ 0 ] )
self . assertIn ( ' ln -s %s %s ' % ( test_source , test_target ) ,
list ( ret . values ( ) ) [ 0 ] )
2022-12-09 10:31:49 -07:00
# Check that a call to gpupdate --rsop also succeeds
ret = rsop ( self . lp )
self . assertEquals ( ret , 0 , ' gpupdate --rsop failed! ' )
2021-01-21 06:51:43 -07:00
# Unstage the manifest.xml file
unstage_file ( manifest )
2021-01-22 10:09:55 -07:00
2021-10-25 14:29:41 +02:00
def test_vgp_files ( self ) :
2021-01-22 10:09:55 -07:00
local_path = self . lp . cache_path ( ' gpo_cache ' )
guid = ' { 31B2F340-016D-11D2-945F-00C04FB984F9} '
manifest = os . path . join ( local_path , policies , guid , ' MACHINE ' ,
' VGP/VTLA/UNIX/FILES/MANIFEST.XML ' )
source_file = os . path . join ( os . path . dirname ( manifest ) , ' TEST.SOURCE ' )
source_data = ' #!/bin/sh \n echo hello world '
ret = stage_file ( source_file , source_data )
self . assertTrue ( ret , ' Could not create the target %s ' % source_file )
cache_dir = self . lp . get ( ' cache directory ' )
store = GPOStorage ( os . path . join ( cache_dir , ' gpo.tdb ' ) )
machine_creds = Credentials ( )
machine_creds . guess ( self . lp )
machine_creds . set_machine_account ( )
# Initialize the group policy extension
2022-03-02 02:23:51 -07:00
ext = vgp_files_ext ( self . lp , machine_creds ,
2021-07-20 09:13:06 -06:00
machine_creds . get_username ( ) , store )
2021-01-22 10:09:55 -07:00
ads = gpo . ADS_STRUCT ( self . server , self . lp , machine_creds )
if ads . connect ( ) :
gpos = ads . get_gpo_list ( machine_creds . get_username ( ) )
# Stage the manifest.xml file with test data
with TemporaryDirectory ( ) as dname :
stage = etree . Element ( ' vgppolicy ' )
policysetting = etree . Element ( ' policysetting ' )
stage . append ( policysetting )
version = etree . Element ( ' version ' )
version . text = ' 1 '
policysetting . append ( version )
data = etree . Element ( ' data ' )
file_properties = etree . SubElement ( data , ' file_properties ' )
source = etree . SubElement ( file_properties , ' source ' )
source . text = os . path . basename ( source_file ) . lower ( )
target = etree . SubElement ( file_properties , ' target ' )
target . text = os . path . join ( dname , ' test.target ' )
user = etree . SubElement ( file_properties , ' user ' )
user . text = pwd . getpwuid ( os . getuid ( ) ) . pw_name
group = etree . SubElement ( file_properties , ' group ' )
group . text = grp . getgrgid ( os . getgid ( ) ) . gr_name
# Request permissions of 755
permissions = etree . SubElement ( file_properties , ' permissions ' )
permissions . set ( ' type ' , ' user ' )
etree . SubElement ( permissions , ' read ' )
etree . SubElement ( permissions , ' write ' )
etree . SubElement ( permissions , ' execute ' )
permissions = etree . SubElement ( file_properties , ' permissions ' )
permissions . set ( ' type ' , ' group ' )
etree . SubElement ( permissions , ' read ' )
etree . SubElement ( permissions , ' execute ' )
permissions = etree . SubElement ( file_properties , ' permissions ' )
permissions . set ( ' type ' , ' other ' )
etree . SubElement ( permissions , ' read ' )
etree . SubElement ( permissions , ' execute ' )
policysetting . append ( data )
ret = stage_file ( manifest , etree . tostring ( stage ) )
self . assertTrue ( ret , ' Could not create the target %s ' % manifest )
# Process all gpos, with temp output directory
ext . process_group_policy ( [ ] , gpos )
self . assertTrue ( os . path . exists ( target . text ) ,
' The target file does not exist ' )
self . assertEquals ( os . stat ( target . text ) . st_mode & 0o777 , 0o755 ,
' The target file permissions are incorrect ' )
self . assertEquals ( open ( target . text ) . read ( ) , source_data ,
' The target file contents are incorrect ' )
# Remove policy
gp_db = store . get_gplog ( machine_creds . get_username ( ) )
del_gpos = get_deleted_gpos_list ( gp_db , [ ] )
ext . process_group_policy ( del_gpos , [ ] )
self . assertFalse ( os . path . exists ( target . text ) ,
' The target file was not removed ' )
# Test rsop
g = [ g for g in gpos if g . name == guid ] [ 0 ]
ret = ext . rsop ( g )
self . assertIn ( target . text , list ( ret . values ( ) ) [ 0 ] [ 0 ] ,
' The target file was not listed by rsop ' )
self . assertIn ( ' -rwxr-xr-x ' , list ( ret . values ( ) ) [ 0 ] [ 0 ] ,
' The target permissions were not listed by rsop ' )
2022-12-09 10:31:49 -07:00
# Check that a call to gpupdate --rsop also succeeds
ret = rsop ( self . lp )
self . assertEquals ( ret , 0 , ' gpupdate --rsop failed! ' )
2021-01-22 10:09:55 -07:00
# Unstage the manifest and source files
unstage_file ( manifest )
unstage_file ( source_file )
2020-11-04 10:24:26 -07:00
2021-10-25 14:29:41 +02:00
def test_vgp_openssh ( self ) :
2020-11-04 10:24:26 -07:00
local_path = self . lp . cache_path ( ' gpo_cache ' )
guid = ' { 31B2F340-016D-11D2-945F-00C04FB984F9} '
manifest = os . path . join ( local_path , policies , guid , ' MACHINE ' ,
' VGP/VTLA/SSHCFG/SSHD/MANIFEST.XML ' )
cache_dir = self . lp . get ( ' cache directory ' )
store = GPOStorage ( os . path . join ( cache_dir , ' gpo.tdb ' ) )
machine_creds = Credentials ( )
machine_creds . guess ( self . lp )
machine_creds . set_machine_account ( )
# Initialize the group policy extension
2022-03-02 02:23:51 -07:00
ext = vgp_openssh_ext ( self . lp , machine_creds ,
2021-07-20 09:13:06 -06:00
machine_creds . get_username ( ) , store )
2020-11-04 10:24:26 -07:00
ads = gpo . ADS_STRUCT ( self . server , self . lp , machine_creds )
if ads . connect ( ) :
gpos = ads . get_gpo_list ( machine_creds . get_username ( ) )
# Stage the manifest.xml file with test data
stage = etree . Element ( ' vgppolicy ' )
policysetting = etree . Element ( ' policysetting ' )
stage . append ( policysetting )
version = etree . Element ( ' version ' )
version . text = ' 1 '
policysetting . append ( version )
data = etree . Element ( ' data ' )
configfile = etree . Element ( ' configfile ' )
configsection = etree . Element ( ' configsection ' )
sectionname = etree . Element ( ' sectionname ' )
configsection . append ( sectionname )
kvpair = etree . Element ( ' keyvaluepair ' )
key = etree . Element ( ' key ' )
key . text = ' AddressFamily '
kvpair . append ( key )
value = etree . Element ( ' value ' )
value . text = ' inet6 '
kvpair . append ( value )
configsection . append ( kvpair )
configfile . append ( configsection )
data . append ( configfile )
policysetting . append ( data )
ret = stage_file ( manifest , etree . tostring ( stage ) )
self . assertTrue ( ret , ' Could not create the target %s ' % manifest )
# Process all gpos, with temp output directory
data = ' AddressFamily inet6 '
with TemporaryDirectory ( ) as dname :
ext . process_group_policy ( [ ] , gpos , dname )
conf = os . listdir ( dname )
self . assertEquals ( len ( conf ) , 1 , ' The conf file was not created ' )
gp_cfg = os . path . join ( dname , conf [ 0 ] )
self . assertIn ( data , open ( gp_cfg , ' r ' ) . read ( ) ,
' The sshd_config entry was not applied ' )
2022-12-09 10:31:49 -07:00
# Check that a call to gpupdate --rsop also succeeds
ret = rsop ( self . lp )
self . assertEquals ( ret , 0 , ' gpupdate --rsop failed! ' )
2020-11-04 10:24:26 -07:00
# Remove policy
gp_db = store . get_gplog ( machine_creds . get_username ( ) )
del_gpos = get_deleted_gpos_list ( gp_db , [ ] )
ext . process_group_policy ( del_gpos , [ ] , dname )
self . assertFalse ( os . path . exists ( gp_cfg ) ,
' Unapply failed to cleanup config ' )
# Unstage the Registry.pol file
unstage_file ( manifest )
2021-01-29 13:34:50 -07:00
2021-10-25 14:29:41 +02:00
def test_vgp_startup_scripts ( self ) :
2021-01-29 13:34:50 -07:00
local_path = self . lp . cache_path ( ' gpo_cache ' )
guid = ' { 31B2F340-016D-11D2-945F-00C04FB984F9} '
manifest = os . path . join ( local_path , policies , guid , ' MACHINE ' ,
' VGP/VTLA/UNIX/SCRIPTS/STARTUP/MANIFEST.XML ' )
test_script = os . path . join ( os . path . dirname ( manifest ) , ' TEST.SH ' )
test_data = ' #!/bin/sh \n echo $@ hello world '
ret = stage_file ( test_script , test_data )
self . assertTrue ( ret , ' Could not create the target %s ' % test_script )
cache_dir = self . lp . get ( ' cache directory ' )
store = GPOStorage ( os . path . join ( cache_dir , ' gpo.tdb ' ) )
machine_creds = Credentials ( )
machine_creds . guess ( self . lp )
machine_creds . set_machine_account ( )
# Initialize the group policy extension
2022-03-02 02:23:51 -07:00
ext = vgp_startup_scripts_ext ( self . lp , machine_creds ,
2021-07-20 09:13:06 -06:00
machine_creds . get_username ( ) , store )
2021-01-29 13:34:50 -07:00
ads = gpo . ADS_STRUCT ( self . server , self . lp , machine_creds )
if ads . connect ( ) :
gpos = ads . get_gpo_list ( machine_creds . get_username ( ) )
# Stage the manifest.xml file with test data
stage = etree . Element ( ' vgppolicy ' )
policysetting = etree . SubElement ( stage , ' policysetting ' )
version = etree . SubElement ( policysetting , ' version ' )
version . text = ' 1 '
data = etree . SubElement ( policysetting , ' data ' )
listelement = etree . SubElement ( data , ' listelement ' )
script = etree . SubElement ( listelement , ' script ' )
script . text = os . path . basename ( test_script ) . lower ( )
parameters = etree . SubElement ( listelement , ' parameters ' )
parameters . text = ' -n '
hash = etree . SubElement ( listelement , ' hash ' )
hash . text = \
hashlib . md5 ( open ( test_script , ' rb ' ) . read ( ) ) . hexdigest ( ) . upper ( )
run_as = etree . SubElement ( listelement , ' run_as ' )
run_as . text = ' root '
ret = stage_file ( manifest , etree . tostring ( stage ) )
self . assertTrue ( ret , ' Could not create the target %s ' % manifest )
# Process all gpos, with temp output directory
with TemporaryDirectory ( ) as dname :
ext . process_group_policy ( [ ] , gpos , dname )
files = os . listdir ( dname )
self . assertEquals ( len ( files ) , 1 ,
' The target script was not created ' )
entry = ' @reboot %s %s %s ' % ( run_as . text , test_script ,
parameters . text )
self . assertIn ( entry ,
open ( os . path . join ( dname , files [ 0 ] ) , ' r ' ) . read ( ) ,
' The test entry was not found ' )
# Remove policy
gp_db = store . get_gplog ( machine_creds . get_username ( ) )
del_gpos = get_deleted_gpos_list ( gp_db , [ ] )
ext . process_group_policy ( del_gpos , [ ] )
files = os . listdir ( dname )
self . assertEquals ( len ( files ) , 0 ,
' The target script was not removed ' )
# Test rsop
g = [ g for g in gpos if g . name == guid ] [ 0 ]
ret = ext . rsop ( g )
self . assertIn ( entry , list ( ret . values ( ) ) [ 0 ] [ 0 ] ,
' The target entry was not listed by rsop ' )
2022-12-09 10:31:49 -07:00
# Check that a call to gpupdate --rsop also succeeds
ret = rsop ( self . lp )
self . assertEquals ( ret , 0 , ' gpupdate --rsop failed! ' )
2021-01-29 13:34:50 -07:00
# Unstage the manifest.xml and script files
unstage_file ( manifest )
# Stage the manifest.xml file for run once scripts
etree . SubElement ( listelement , ' run_once ' )
run_as . text = pwd . getpwuid ( os . getuid ( ) ) . pw_name
ret = stage_file ( manifest , etree . tostring ( stage ) )
self . assertTrue ( ret , ' Could not create the target %s ' % manifest )
# Process all gpos, with temp output directory
# A run once script will be executed immediately,
# instead of creating a cron job
with TemporaryDirectory ( ) as dname :
test_file = ' %s /TESTING.txt ' % dname
test_data = ' #!/bin/sh \n touch %s ' % test_file
ret = stage_file ( test_script , test_data )
self . assertTrue ( ret , ' Could not create the target %s ' % test_script )
ext . process_group_policy ( [ ] , gpos , dname )
files = os . listdir ( dname )
self . assertEquals ( len ( files ) , 1 ,
' The test file was not created ' )
self . assertEquals ( files [ 0 ] , os . path . basename ( test_file ) ,
' The test file was not created ' )
# Unlink the test file and ensure that processing
# policy again does not recreate it.
os . unlink ( test_file )
ext . process_group_policy ( [ ] , gpos , dname )
files = os . listdir ( dname )
self . assertEquals ( len ( files ) , 0 ,
' The test file should not have been created ' )
# Remove policy
gp_db = store . get_gplog ( machine_creds . get_username ( ) )
del_gpos = get_deleted_gpos_list ( gp_db , [ ] )
ext . process_group_policy ( del_gpos , [ ] )
# Test rsop
entry = ' Run once as: %s ` %s %s ` ' % ( run_as . text , test_script ,
parameters . text )
g = [ g for g in gpos if g . name == guid ] [ 0 ]
ret = ext . rsop ( g )
self . assertIn ( entry , list ( ret . values ( ) ) [ 0 ] [ 0 ] ,
' The target entry was not listed by rsop ' )
2022-12-09 10:31:49 -07:00
# Check that a call to gpupdate --rsop also succeeds
ret = rsop ( self . lp )
self . assertEquals ( ret , 0 , ' gpupdate --rsop failed! ' )
2022-10-24 16:49:21 -06:00
# Unstage the manifest.xml and script files
unstage_file ( manifest )
# Stage the manifest.xml file for a script without parameters
stage = etree . Element ( ' vgppolicy ' )
policysetting = etree . SubElement ( stage , ' policysetting ' )
version = etree . SubElement ( policysetting , ' version ' )
version . text = ' 1 '
data = etree . SubElement ( policysetting , ' data ' )
listelement = etree . SubElement ( data , ' listelement ' )
script = etree . SubElement ( listelement , ' script ' )
script . text = os . path . basename ( test_script ) . lower ( )
hash = etree . SubElement ( listelement , ' hash ' )
hash . text = \
hashlib . md5 ( open ( test_script , ' rb ' ) . read ( ) ) . hexdigest ( ) . upper ( )
run_as = etree . SubElement ( listelement , ' run_as ' )
run_as . text = ' root '
ret = stage_file ( manifest , etree . tostring ( stage ) )
self . assertTrue ( ret , ' Could not create the target %s ' % manifest )
# Process all gpos, with temp output directory
with TemporaryDirectory ( ) as dname :
try :
ext . process_group_policy ( [ ] , gpos , dname )
except Exception as e :
self . fail ( str ( e ) )
files = os . listdir ( dname )
self . assertEquals ( len ( files ) , 1 ,
' The target script was not created ' )
entry = ' @reboot %s %s ' % ( run_as . text , test_script )
self . assertIn ( entry ,
open ( os . path . join ( dname , files [ 0 ] ) , ' r ' ) . read ( ) ,
' The test entry was not found ' )
# Remove policy
gp_db = store . get_gplog ( machine_creds . get_username ( ) )
del_gpos = get_deleted_gpos_list ( gp_db , [ ] )
ext . process_group_policy ( del_gpos , [ ] )
files = os . listdir ( dname )
self . assertEquals ( len ( files ) , 0 ,
' The target script was not removed ' )
# Test rsop
g = [ g for g in gpos if g . name == guid ] [ 0 ]
ret = ext . rsop ( g )
self . assertIn ( entry , list ( ret . values ( ) ) [ 0 ] [ 0 ] ,
' The target entry was not listed by rsop ' )
2022-12-09 10:31:49 -07:00
# Check that a call to gpupdate --rsop also succeeds
ret = rsop ( self . lp )
self . assertEquals ( ret , 0 , ' gpupdate --rsop failed! ' )
2021-01-29 13:34:50 -07:00
# Unstage the manifest.xml and script files
unstage_file ( manifest )
unstage_file ( test_script )
2021-02-17 13:24:55 -07:00
2021-10-25 14:29:41 +02:00
def test_vgp_motd ( self ) :
2021-02-17 13:24:55 -07:00
local_path = self . lp . cache_path ( ' gpo_cache ' )
guid = ' { 31B2F340-016D-11D2-945F-00C04FB984F9} '
manifest = os . path . join ( local_path , policies , guid , ' MACHINE ' ,
' VGP/VTLA/UNIX/MOTD/MANIFEST.XML ' )
cache_dir = self . lp . get ( ' cache directory ' )
store = GPOStorage ( os . path . join ( cache_dir , ' gpo.tdb ' ) )
machine_creds = Credentials ( )
machine_creds . guess ( self . lp )
machine_creds . set_machine_account ( )
# Initialize the group policy extension
2022-03-02 02:23:51 -07:00
ext = vgp_motd_ext ( self . lp , machine_creds ,
2021-07-20 09:13:06 -06:00
machine_creds . get_username ( ) , store )
2021-02-17 13:24:55 -07:00
ads = gpo . ADS_STRUCT ( self . server , self . lp , machine_creds )
if ads . connect ( ) :
gpos = ads . get_gpo_list ( machine_creds . get_username ( ) )
# Stage the manifest.xml file with test data
stage = etree . Element ( ' vgppolicy ' )
policysetting = etree . SubElement ( stage , ' policysetting ' )
version = etree . SubElement ( policysetting , ' version ' )
version . text = ' 1 '
data = etree . SubElement ( policysetting , ' data ' )
filename = etree . SubElement ( data , ' filename ' )
filename . text = ' motd '
text = etree . SubElement ( data , ' text ' )
text . text = ' This is the message of the day '
ret = stage_file ( manifest , etree . tostring ( stage ) )
self . assertTrue ( ret , ' Could not create the target %s ' % manifest )
# Process all gpos, with temp output directory
with NamedTemporaryFile ( ) as f :
ext . process_group_policy ( [ ] , gpos , f . name )
self . assertEquals ( open ( f . name , ' r ' ) . read ( ) , text . text ,
' The motd was not applied ' )
2022-12-09 10:31:49 -07:00
# Check that a call to gpupdate --rsop also succeeds
ret = rsop ( self . lp )
self . assertEquals ( ret , 0 , ' gpupdate --rsop failed! ' )
2021-02-17 13:24:55 -07:00
# Remove policy
gp_db = store . get_gplog ( machine_creds . get_username ( ) )
del_gpos = get_deleted_gpos_list ( gp_db , [ ] )
ext . process_group_policy ( del_gpos , [ ] , f . name )
2023-01-19 08:37:03 +13:00
self . assertNotEqual ( open ( f . name , ' r ' ) . read ( ) , text . text ,
' The motd was not unapplied ' )
2021-02-17 13:24:55 -07:00
# Unstage the Registry.pol file
unstage_file ( manifest )
2021-02-19 09:45:38 -07:00
2021-10-25 14:29:41 +02:00
def test_vgp_issue ( self ) :
2021-02-19 09:45:38 -07:00
local_path = self . lp . cache_path ( ' gpo_cache ' )
guid = ' { 31B2F340-016D-11D2-945F-00C04FB984F9} '
manifest = os . path . join ( local_path , policies , guid , ' MACHINE ' ,
' VGP/VTLA/UNIX/ISSUE/MANIFEST.XML ' )
cache_dir = self . lp . get ( ' cache directory ' )
store = GPOStorage ( os . path . join ( cache_dir , ' gpo.tdb ' ) )
machine_creds = Credentials ( )
machine_creds . guess ( self . lp )
machine_creds . set_machine_account ( )
# Initialize the group policy extension
2022-03-02 02:23:51 -07:00
ext = vgp_issue_ext ( self . lp , machine_creds ,
2021-07-20 09:13:06 -06:00
machine_creds . get_username ( ) , store )
2021-02-19 09:45:38 -07:00
ads = gpo . ADS_STRUCT ( self . server , self . lp , machine_creds )
if ads . connect ( ) :
gpos = ads . get_gpo_list ( machine_creds . get_username ( ) )
# Stage the manifest.xml file with test data
stage = etree . Element ( ' vgppolicy ' )
policysetting = etree . SubElement ( stage , ' policysetting ' )
version = etree . SubElement ( policysetting , ' version ' )
version . text = ' 1 '
data = etree . SubElement ( policysetting , ' data ' )
filename = etree . SubElement ( data , ' filename ' )
filename . text = ' issue '
text = etree . SubElement ( data , ' text ' )
text . text = ' Welcome to Samba! '
ret = stage_file ( manifest , etree . tostring ( stage ) )
self . assertTrue ( ret , ' Could not create the target %s ' % manifest )
# Process all gpos, with temp output directory
with NamedTemporaryFile ( ) as f :
ext . process_group_policy ( [ ] , gpos , f . name )
self . assertEquals ( open ( f . name , ' r ' ) . read ( ) , text . text ,
' The issue was not applied ' )
2022-12-09 10:31:49 -07:00
# Check that a call to gpupdate --rsop also succeeds
ret = rsop ( self . lp )
self . assertEquals ( ret , 0 , ' gpupdate --rsop failed! ' )
2021-02-19 09:45:38 -07:00
# Remove policy
gp_db = store . get_gplog ( machine_creds . get_username ( ) )
del_gpos = get_deleted_gpos_list ( gp_db , [ ] )
ext . process_group_policy ( del_gpos , [ ] , f . name )
2023-01-19 08:37:03 +13:00
self . assertNotEqual ( open ( f . name , ' r ' ) . read ( ) , text . text ,
' The issue was not unapplied ' )
2021-02-19 09:45:38 -07:00
# Unstage the manifest.xml file
unstage_file ( manifest )
2021-02-22 15:01:04 -07:00
2021-10-25 14:29:41 +02:00
def test_vgp_access ( self ) :
2021-02-22 15:01:04 -07:00
local_path = self . lp . cache_path ( ' gpo_cache ' )
guid = ' { 31B2F340-016D-11D2-945F-00C04FB984F9} '
allow = os . path . join ( local_path , policies , guid , ' MACHINE ' ,
' VGP/VTLA/VAS/HOSTACCESSCONTROL/ALLOW/MANIFEST.XML ' )
deny = os . path . join ( local_path , policies , guid , ' MACHINE ' ,
' VGP/VTLA/VAS/HOSTACCESSCONTROL/DENY/MANIFEST.XML ' )
cache_dir = self . lp . get ( ' cache directory ' )
store = GPOStorage ( os . path . join ( cache_dir , ' gpo.tdb ' ) )
machine_creds = Credentials ( )
machine_creds . guess ( self . lp )
machine_creds . set_machine_account ( )
# Initialize the group policy extension
2022-03-02 02:23:51 -07:00
ext = vgp_access_ext ( self . lp , machine_creds ,
2021-07-20 09:13:06 -06:00
machine_creds . get_username ( ) , store )
2021-02-22 15:01:04 -07:00
ads = gpo . ADS_STRUCT ( self . server , self . lp , machine_creds )
if ads . connect ( ) :
gpos = ads . get_gpo_list ( machine_creds . get_username ( ) )
# Stage the manifest.xml allow file
stage = etree . Element ( ' vgppolicy ' )
policysetting = etree . SubElement ( stage , ' policysetting ' )
version = etree . SubElement ( policysetting , ' version ' )
version . text = ' 2 '
apply_mode = etree . SubElement ( policysetting , ' apply_mode ' )
apply_mode . text = ' merge '
data = etree . SubElement ( policysetting , ' data ' )
# Add an allowed user
listelement = etree . SubElement ( data , ' listelement ' )
otype = etree . SubElement ( listelement , ' type ' )
otype . text = ' USER '
entry = etree . SubElement ( listelement , ' entry ' )
entry . text = ' goodguy@ %s ' % realm
adobject = etree . SubElement ( listelement , ' adobject ' )
name = etree . SubElement ( adobject , ' name ' )
name . text = ' goodguy '
domain = etree . SubElement ( adobject , ' domain ' )
domain . text = realm
otype = etree . SubElement ( adobject , ' type ' )
otype . text = ' user '
# Add an allowed group
groupattr = etree . SubElement ( data , ' groupattr ' )
groupattr . text = ' samAccountName '
listelement = etree . SubElement ( data , ' listelement ' )
otype = etree . SubElement ( listelement , ' type ' )
otype . text = ' GROUP '
entry = etree . SubElement ( listelement , ' entry ' )
entry . text = ' %s \\ goodguys ' % realm
dn = etree . SubElement ( listelement , ' dn ' )
dn . text = ' CN=goodguys,CN=Users, %s ' % base_dn
adobject = etree . SubElement ( listelement , ' adobject ' )
name = etree . SubElement ( adobject , ' name ' )
name . text = ' goodguys '
domain = etree . SubElement ( adobject , ' domain ' )
domain . text = realm
otype = etree . SubElement ( adobject , ' type ' )
otype . text = ' group '
ret = stage_file ( allow , etree . tostring ( stage ) )
self . assertTrue ( ret , ' Could not create the target %s ' % allow )
# Stage the manifest.xml deny file
stage = etree . Element ( ' vgppolicy ' )
policysetting = etree . SubElement ( stage , ' policysetting ' )
version = etree . SubElement ( policysetting , ' version ' )
version . text = ' 2 '
apply_mode = etree . SubElement ( policysetting , ' apply_mode ' )
apply_mode . text = ' merge '
data = etree . SubElement ( policysetting , ' data ' )
# Add a denied user
listelement = etree . SubElement ( data , ' listelement ' )
otype = etree . SubElement ( listelement , ' type ' )
otype . text = ' USER '
entry = etree . SubElement ( listelement , ' entry ' )
entry . text = ' badguy@ %s ' % realm
adobject = etree . SubElement ( listelement , ' adobject ' )
name = etree . SubElement ( adobject , ' name ' )
name . text = ' badguy '
domain = etree . SubElement ( adobject , ' domain ' )
domain . text = realm
otype = etree . SubElement ( adobject , ' type ' )
otype . text = ' user '
# Add a denied group
groupattr = etree . SubElement ( data , ' groupattr ' )
groupattr . text = ' samAccountName '
listelement = etree . SubElement ( data , ' listelement ' )
otype = etree . SubElement ( listelement , ' type ' )
otype . text = ' GROUP '
entry = etree . SubElement ( listelement , ' entry ' )
entry . text = ' %s \\ badguys ' % realm
dn = etree . SubElement ( listelement , ' dn ' )
dn . text = ' CN=badguys,CN=Users, %s ' % base_dn
adobject = etree . SubElement ( listelement , ' adobject ' )
name = etree . SubElement ( adobject , ' name ' )
name . text = ' badguys '
domain = etree . SubElement ( adobject , ' domain ' )
domain . text = realm
otype = etree . SubElement ( adobject , ' type ' )
otype . text = ' group '
ret = stage_file ( deny , etree . tostring ( stage ) )
self . assertTrue ( ret , ' Could not create the target %s ' % deny )
# Process all gpos, with temp output directory
with TemporaryDirectory ( ) as dname :
ext . process_group_policy ( [ ] , gpos , dname )
conf = os . listdir ( dname )
2022-11-18 11:42:15 -07:00
# There will be 2 files, the policy file and the deny file
self . assertEquals ( len ( conf ) , 2 , ' The conf file was not created ' )
# Ignore the DENY_ALL conf file
gp_cfg = os . path . join ( dname ,
[ c for c in conf if ' _gp_DENY_ALL.conf ' not in c ] [ 0 ] )
2021-02-22 15:01:04 -07:00
# Check the access config for the correct access.conf entries
print ( ' Config file %s found ' % gp_cfg )
data = open ( gp_cfg , ' r ' ) . read ( )
self . assertIn ( ' +: %s \\ goodguy:ALL ' % realm , data )
self . assertIn ( ' +: %s \\ goodguys:ALL ' % realm , data )
self . assertIn ( ' -: %s \\ badguy:ALL ' % realm , data )
self . assertIn ( ' -: %s \\ badguys:ALL ' % realm , data )
2022-12-09 10:31:49 -07:00
# Check that a call to gpupdate --rsop also succeeds
ret = rsop ( self . lp )
self . assertEquals ( ret , 0 , ' gpupdate --rsop failed! ' )
2021-02-22 15:01:04 -07:00
# Remove policy
gp_db = store . get_gplog ( machine_creds . get_username ( ) )
del_gpos = get_deleted_gpos_list ( gp_db , [ ] )
ext . process_group_policy ( del_gpos , [ ] , dname )
self . assertFalse ( os . path . exists ( gp_cfg ) ,
' Unapply failed to cleanup config ' )
# Unstage the manifest.pol files
unstage_file ( allow )
unstage_file ( deny )
2021-05-18 15:35:24 +00:00
2021-10-25 14:29:41 +02:00
def test_gnome_settings ( self ) :
2021-05-18 15:35:24 +00:00
local_path = self . lp . cache_path ( ' gpo_cache ' )
guid = ' { 31B2F340-016D-11D2-945F-00C04FB984F9} '
reg_pol = os . path . join ( local_path , policies , guid ,
' MACHINE/REGISTRY.POL ' )
cache_dir = self . lp . get ( ' cache directory ' )
store = GPOStorage ( os . path . join ( cache_dir , ' gpo.tdb ' ) )
machine_creds = Credentials ( )
machine_creds . guess ( self . lp )
machine_creds . set_machine_account ( )
# Initialize the group policy extension
2022-03-02 02:23:51 -07:00
ext = gp_gnome_settings_ext ( self . lp , machine_creds ,
2021-07-20 09:13:06 -06:00
machine_creds . get_username ( ) , store )
2021-05-18 15:35:24 +00:00
ads = gpo . ADS_STRUCT ( self . server , self . lp , machine_creds )
if ads . connect ( ) :
gpos = ads . get_gpo_list ( machine_creds . get_username ( ) )
# Stage the Registry.pol file with test data
parser = GPPolParser ( )
parser . load_xml ( etree . fromstring ( gnome_test_reg_pol . strip ( ) ) )
ret = stage_file ( reg_pol , ndr_pack ( parser . pol_file ) )
self . assertTrue ( ret , ' Could not create the target %s ' % reg_pol )
with TemporaryDirectory ( ) as dname :
ext . process_group_policy ( [ ] , gpos , dname )
local_db = os . path . join ( dname , ' etc/dconf/db/local.d ' )
self . assertTrue ( os . path . isdir ( local_db ) ,
' Local db dir not created ' )
def db_check ( name , data , count = 1 ) :
db = glob ( os . path . join ( local_db , ' *- %s ' % name ) )
self . assertEquals ( len ( db ) , count , ' %s not created ' % name )
file_contents = ConfigParser ( )
file_contents . read ( db )
for key in data . keys ( ) :
self . assertTrue ( file_contents . has_section ( key ) ,
' Section %s not found ' % key )
options = data [ key ]
for k , v in options . items ( ) :
v_content = file_contents . get ( key , k )
self . assertEqual ( v_content , v ,
' %s : %s != %s ' % ( key , v_content , v ) )
def del_db_check ( name ) :
db = glob ( os . path . join ( local_db , ' *- %s ' % name ) )
self . assertEquals ( len ( db ) , 0 , ' %s not deleted ' % name )
locks = os . path . join ( local_db , ' locks ' )
self . assertTrue ( os . path . isdir ( local_db ) , ' Locks dir not created ' )
def lock_check ( name , items , count = 1 ) :
lock = glob ( os . path . join ( locks , ' * %s ' % name ) )
self . assertEquals ( len ( lock ) , count ,
' %s lock not created ' % name )
file_contents = [ ]
for i in range ( count ) :
file_contents . extend ( open ( lock [ i ] , ' r ' ) . read ( ) . split ( ' \n ' ) )
for data in items :
self . assertIn ( data , file_contents ,
' %s lock not created ' % data )
def del_lock_check ( name ) :
lock = glob ( os . path . join ( locks , ' * %s ' % name ) )
self . assertEquals ( len ( lock ) , 0 , ' %s lock not deleted ' % name )
# Check the user profile
user_profile = os . path . join ( dname , ' etc/dconf/profile/user ' )
self . assertTrue ( os . path . exists ( user_profile ) ,
' User profile not created ' )
# Enable the compose key
data = { ' org/gnome/desktop/input-sources ' :
{ ' xkb-options ' : ' [ \' compose:ralt \' ] ' }
}
db_check ( ' input-sources ' , data )
items = [ ' /org/gnome/desktop/input-sources/xkb-options ' ]
lock_check ( ' input-sources ' , items )
# Dim screen when user is idle
data = { ' org/gnome/settings-daemon/plugins/power ' :
{ ' idle-dim ' : ' true ' ,
' idle-brightness ' : ' 30 '
}
}
db_check ( ' power ' , data )
data = { ' org/gnome/desktop/session ' :
{ ' idle-delay ' : ' uint32 300 ' }
}
db_check ( ' session ' , data )
items = [ ' /org/gnome/settings-daemon/plugins/power/idle-dim ' ,
' /org/gnome/settings-daemon/plugins/power/idle-brightness ' ,
' /org/gnome/desktop/session/idle-delay ' ]
lock_check ( ' power-saving ' , items )
# Lock down specific settings
bg_locks = [ ' /org/gnome/desktop/background/picture-uri ' ,
' /org/gnome/desktop/background/picture-options ' ,
' /org/gnome/desktop/background/primary-color ' ,
' /org/gnome/desktop/background/secondary-color ' ]
lock_check ( ' group-policy ' , bg_locks )
# Lock down enabled extensions
data = { ' org/gnome/shell ' :
{ ' enabled-extensions ' :
' [ \' myextension1@myname.example.com \' , \' myextension2@myname.example.com \' ] ' ,
' development-tools ' : ' false ' }
}
db_check ( ' extensions ' , data )
items = [ ' /org/gnome/shell/enabled-extensions ' ,
' /org/gnome/shell/development-tools ' ]
lock_check ( ' extensions ' , items )
# Disallow login using a fingerprint
data = { ' org/gnome/login-screen ' :
{ ' enable-fingerprint-authentication ' : ' false ' }
}
db_check ( ' fingerprintreader ' , data )
items = [ ' /org/gnome/login-screen/enable-fingerprint-authentication ' ]
lock_check ( ' fingerprintreader ' , items )
# Disable user logout and user switching
data = { ' org/gnome/desktop/lockdown ' :
{ ' disable-log-out ' : ' true ' ,
' disable-user-switching ' : ' true ' }
}
db_check ( ' logout ' , data , 2 )
items = [ ' /org/gnome/desktop/lockdown/disable-log-out ' ,
' /org/gnome/desktop/lockdown/disable-user-switching ' ]
lock_check ( ' logout ' , items , 2 )
# Disable repartitioning
actions = os . path . join ( dname , ' etc/share/polkit-1/actions ' )
udisk2 = glob ( os . path . join ( actions ,
' org.freedesktop.[u|U][d|D]isks2.policy ' ) )
self . assertEquals ( len ( udisk2 ) , 1 , ' udisk2 policy not created ' )
udisk2_tree = etree . fromstring ( open ( udisk2 [ 0 ] , ' r ' ) . read ( ) )
actions = udisk2_tree . findall ( ' action ' )
md = ' org.freedesktop.udisks2.modify-device '
action = [ a for a in actions if a . attrib [ ' id ' ] == md ]
self . assertEquals ( len ( action ) , 1 , ' modify-device not found ' )
defaults = action [ 0 ] . find ( ' defaults ' )
self . assertTrue ( defaults is not None ,
' modify-device defaults not found ' )
allow_any = defaults . find ( ' allow_any ' ) . text
self . assertEquals ( allow_any , ' no ' ,
' modify-device allow_any not set to no ' )
allow_inactive = defaults . find ( ' allow_inactive ' ) . text
self . assertEquals ( allow_inactive , ' no ' ,
' modify-device allow_inactive not set to no ' )
allow_active = defaults . find ( ' allow_active ' ) . text
self . assertEquals ( allow_active , ' yes ' ,
' modify-device allow_active not set to yes ' )
# Disable printing
data = { ' org/gnome/desktop/lockdown ' :
{ ' disable-printing ' : ' true ' }
}
db_check ( ' printing ' , data )
items = [ ' /org/gnome/desktop/lockdown/disable-printing ' ]
lock_check ( ' printing ' , items )
# Disable file saving
data = { ' org/gnome/desktop/lockdown ' :
{ ' disable-save-to-disk ' : ' true ' }
}
db_check ( ' filesaving ' , data )
items = [ ' /org/gnome/desktop/lockdown/disable-save-to-disk ' ]
lock_check ( ' filesaving ' , items )
# Disable command-line access
data = { ' org/gnome/desktop/lockdown ' :
{ ' disable-command-line ' : ' true ' }
}
db_check ( ' cmdline ' , data )
items = [ ' /org/gnome/desktop/lockdown/disable-command-line ' ]
lock_check ( ' cmdline ' , items )
# Allow or disallow online accounts
data = { ' org/gnome/online-accounts ' :
{ ' whitelisted-providers ' : ' [ \' google \' ] ' }
}
db_check ( ' goa ' , data )
items = [ ' /org/gnome/online-accounts/whitelisted-providers ' ]
lock_check ( ' goa ' , items )
# Verify RSOP does not fail
ext . rsop ( [ g for g in gpos if g . name == guid ] [ 0 ] )
2022-12-09 10:31:49 -07:00
# Check that a call to gpupdate --rsop also succeeds
ret = rsop ( self . lp )
self . assertEquals ( ret , 0 , ' gpupdate --rsop failed! ' )
2021-05-18 15:35:24 +00:00
# Remove policy
gp_db = store . get_gplog ( machine_creds . get_username ( ) )
del_gpos = get_deleted_gpos_list ( gp_db , [ ] )
ext . process_group_policy ( del_gpos , [ ] , dname )
del_db_check ( ' input-sources ' )
del_lock_check ( ' input-sources ' )
del_db_check ( ' power ' )
del_db_check ( ' session ' )
del_lock_check ( ' power-saving ' )
del_lock_check ( ' group-policy ' )
del_db_check ( ' extensions ' )
del_lock_check ( ' extensions ' )
del_db_check ( ' fingerprintreader ' )
del_lock_check ( ' fingerprintreader ' )
del_db_check ( ' logout ' )
del_lock_check ( ' logout ' )
actions = os . path . join ( dname , ' etc/share/polkit-1/actions ' )
udisk2 = glob ( os . path . join ( actions ,
' org.freedesktop.[u|U][d|D]isks2.policy ' ) )
self . assertEquals ( len ( udisk2 ) , 0 , ' udisk2 policy not deleted ' )
del_db_check ( ' printing ' )
del_lock_check ( ' printing ' )
del_db_check ( ' filesaving ' )
del_lock_check ( ' filesaving ' )
del_db_check ( ' cmdline ' )
del_lock_check ( ' cmdline ' )
del_db_check ( ' goa ' )
del_lock_check ( ' goa ' )
# Unstage the Registry.pol file
unstage_file ( reg_pol )
2021-07-02 20:44:43 +00:00
2021-10-25 14:29:41 +02:00
def test_gp_cert_auto_enroll_ext ( self ) :
2021-07-02 20:44:43 +00:00
local_path = self . lp . cache_path ( ' gpo_cache ' )
guid = ' { 31B2F340-016D-11D2-945F-00C04FB984F9} '
reg_pol = os . path . join ( local_path , policies , guid ,
' MACHINE/REGISTRY.POL ' )
cache_dir = self . lp . get ( ' cache directory ' )
store = GPOStorage ( os . path . join ( cache_dir , ' gpo.tdb ' ) )
machine_creds = Credentials ( )
machine_creds . guess ( self . lp )
machine_creds . set_machine_account ( )
# Initialize the group policy extension
2022-05-04 15:01:22 -06:00
ext = cae . gp_cert_auto_enroll_ext ( self . lp , machine_creds ,
machine_creds . get_username ( ) , store )
2021-07-02 20:44:43 +00:00
ads = gpo . ADS_STRUCT ( self . server , self . lp , machine_creds )
if ads . connect ( ) :
gpos = ads . get_gpo_list ( machine_creds . get_username ( ) )
# Stage the Registry.pol file with test data
parser = GPPolParser ( )
parser . load_xml ( etree . fromstring ( auto_enroll_reg_pol . strip ( ) ) )
ret = stage_file ( reg_pol , ndr_pack ( parser . pol_file ) )
self . assertTrue ( ret , ' Could not create the target %s ' % reg_pol )
# Write the dummy CA entry, Enrollment Services, and Templates Entries
admin_creds = Credentials ( )
admin_creds . set_username ( os . environ . get ( ' DC_USERNAME ' ) )
admin_creds . set_password ( os . environ . get ( ' DC_PASSWORD ' ) )
admin_creds . set_realm ( os . environ . get ( ' REALM ' ) )
hostname = get_dc_hostname ( machine_creds , self . lp )
url = ' ldap:// %s ' % hostname
ldb = Ldb ( url = url , session_info = system_session ( ) ,
lp = self . lp , credentials = admin_creds )
# Write the dummy CA
confdn = ' CN=Public Key Services,CN=Services,CN=Configuration, %s ' % base_dn
ca_cn = ' %s -CA ' % hostname . replace ( ' . ' , ' - ' )
certa_dn = ' CN= %s ,CN=Certification Authorities, %s ' % ( ca_cn , confdn )
ldb . add ( { ' dn ' : certa_dn ,
' objectClass ' : ' certificationAuthority ' ,
' authorityRevocationList ' : [ ' XXX ' ] ,
' cACertificate ' : ' XXX ' ,
' certificateRevocationList ' : [ ' XXX ' ] ,
} )
# Write the dummy pKIEnrollmentService
enroll_dn = ' CN= %s ,CN=Enrollment Services, %s ' % ( ca_cn , confdn )
ldb . add ( { ' dn ' : enroll_dn ,
' objectClass ' : ' pKIEnrollmentService ' ,
' cACertificate ' : ' XXXX ' ,
' certificateTemplates ' : [ ' Machine ' ] ,
' dNSHostName ' : hostname ,
} )
# Write the dummy pKICertificateTemplate
template_dn = ' CN=Machine,CN=Certificate Templates, %s ' % confdn
ldb . add ( { ' dn ' : template_dn ,
' objectClass ' : ' pKICertificateTemplate ' ,
} )
with TemporaryDirectory ( ) as dname :
ext . process_group_policy ( [ ] , gpos , dname , dname )
ca_crt = os . path . join ( dname , ' %s .crt ' % ca_cn )
self . assertTrue ( os . path . exists ( ca_crt ) ,
' Root CA certificate was not requested ' )
machine_crt = os . path . join ( dname , ' %s .Machine.crt ' % ca_cn )
self . assertTrue ( os . path . exists ( machine_crt ) ,
' Machine certificate was not requested ' )
machine_key = os . path . join ( dname , ' %s .Machine.key ' % ca_cn )
self . assertTrue ( os . path . exists ( machine_crt ) ,
' Machine key was not generated ' )
# Verify RSOP does not fail
ext . rsop ( [ g for g in gpos if g . name == guid ] [ 0 ] )
2022-12-09 10:31:49 -07:00
# Check that a call to gpupdate --rsop also succeeds
ret = rsop ( self . lp )
self . assertEquals ( ret , 0 , ' gpupdate --rsop failed! ' )
2021-07-02 20:44:43 +00:00
# Remove policy
gp_db = store . get_gplog ( machine_creds . get_username ( ) )
del_gpos = get_deleted_gpos_list ( gp_db , [ ] )
ext . process_group_policy ( del_gpos , [ ] , dname )
self . assertFalse ( os . path . exists ( ca_crt ) ,
' Root CA certificate was not removed ' )
self . assertFalse ( os . path . exists ( machine_crt ) ,
' Machine certificate was not removed ' )
self . assertFalse ( os . path . exists ( machine_crt ) ,
' Machine key was not removed ' )
out , _ = Popen ( [ ' getcert ' , ' list-cas ' ] , stdout = PIPE ) . communicate ( )
self . assertNotIn ( get_bytes ( ca_cn ) , out , ' CA was not removed ' )
out , _ = Popen ( [ ' getcert ' , ' list ' ] , stdout = PIPE ) . communicate ( )
self . assertNotIn ( b ' Machine ' , out ,
' Machine certificate not removed ' )
# Remove the dummy CA, pKIEnrollmentService, and pKICertificateTemplate
ldb . delete ( certa_dn )
ldb . delete ( enroll_dn )
ldb . delete ( template_dn )
# Unstage the Registry.pol file
unstage_file ( reg_pol )
2021-07-20 11:13:21 -06:00
2021-10-25 14:29:41 +02:00
def test_gp_user_scripts_ext ( self ) :
2021-07-20 11:13:21 -06:00
local_path = self . lp . cache_path ( ' gpo_cache ' )
guid = ' { 31B2F340-016D-11D2-945F-00C04FB984F9} '
reg_pol = os . path . join ( local_path , policies , guid ,
' USER/REGISTRY.POL ' )
cache_dir = self . lp . get ( ' cache directory ' )
store = GPOStorage ( os . path . join ( cache_dir , ' gpo.tdb ' ) )
machine_creds = Credentials ( )
machine_creds . guess ( self . lp )
machine_creds . set_machine_account ( )
# Initialize the group policy extension
2022-03-02 02:23:51 -07:00
ext = gp_user_scripts_ext ( self . lp , machine_creds ,
2021-07-20 11:13:21 -06:00
os . environ . get ( ' DC_USERNAME ' ) , store )
ads = gpo . ADS_STRUCT ( self . server , self . lp , machine_creds )
if ads . connect ( ) :
gpos = ads . get_gpo_list ( machine_creds . get_username ( ) )
reg_key = b ' Software \\ Policies \\ Samba \\ Unix Settings '
sections = { b ' %s \\ Daily Scripts ' % reg_key : b ' @daily ' ,
b ' %s \\ Monthly Scripts ' % reg_key : b ' @monthly ' ,
b ' %s \\ Weekly Scripts ' % reg_key : b ' @weekly ' ,
b ' %s \\ Hourly Scripts ' % reg_key : b ' @hourly ' }
for keyname in sections . keys ( ) :
# Stage the Registry.pol file with test data
stage = preg . file ( )
e = preg . entry ( )
e . keyname = keyname
e . valuename = b ' Software \\ Policies \\ Samba \\ Unix Settings '
e . type = 1
e . data = b ' echo hello world '
stage . num_entries = 1
stage . entries = [ e ]
ret = stage_file ( reg_pol , ndr_pack ( stage ) )
self . assertTrue ( ret , ' Could not create the target %s ' % reg_pol )
# Process all gpos, intentionally skipping the privilege drop
ext . process_group_policy ( [ ] , gpos )
# Dump the fake crontab setup for testing
p = Popen ( [ ' crontab ' , ' -l ' ] , stdout = PIPE )
crontab , _ = p . communicate ( )
entry = b ' %s %s ' % ( sections [ keyname ] , e . data . encode ( ) )
self . assertIn ( entry , crontab ,
' The crontab entry was not installed ' )
2022-12-09 10:31:49 -07:00
# Check that a call to gpupdate --rsop also succeeds
ret = rsop ( self . lp )
self . assertEquals ( ret , 0 , ' gpupdate --rsop failed! ' )
2021-07-20 11:13:21 -06:00
# Remove policy
gp_db = store . get_gplog ( os . environ . get ( ' DC_USERNAME ' ) )
del_gpos = get_deleted_gpos_list ( gp_db , [ ] )
ext . process_group_policy ( del_gpos , [ ] )
# Dump the fake crontab setup for testing
p = Popen ( [ ' crontab ' , ' -l ' ] , stdout = PIPE )
crontab , _ = p . communicate ( )
self . assertNotIn ( entry , crontab ,
' Unapply failed to cleanup crontab entry ' )
# Unstage the Registry.pol file
unstage_file ( reg_pol )
2021-08-25 13:04:47 -06:00
2021-10-25 14:29:41 +02:00
def test_gp_firefox_ext ( self ) :
2021-08-25 13:04:47 -06:00
local_path = self . lp . cache_path ( ' gpo_cache ' )
guid = ' { 31B2F340-016D-11D2-945F-00C04FB984F9} '
reg_pol = os . path . join ( local_path , policies , guid ,
' MACHINE/REGISTRY.POL ' )
cache_dir = self . lp . get ( ' cache directory ' )
store = GPOStorage ( os . path . join ( cache_dir , ' gpo.tdb ' ) )
machine_creds = Credentials ( )
machine_creds . guess ( self . lp )
machine_creds . set_machine_account ( )
# Initialize the group policy extension
2022-03-02 02:23:51 -07:00
ext = gp_firefox_ext ( self . lp , machine_creds ,
2021-08-25 13:04:47 -06:00
machine_creds . get_username ( ) , store )
ads = gpo . ADS_STRUCT ( self . server , self . lp , machine_creds )
if ads . connect ( ) :
gpos = ads . get_gpo_list ( machine_creds . get_username ( ) )
# Stage the Registry.pol file with test data
parser = GPPolParser ( )
parser . load_xml ( etree . fromstring ( firefox_reg_pol . strip ( ) ) )
ret = stage_file ( reg_pol , ndr_pack ( parser . pol_file ) )
self . assertTrue ( ret , ' Could not create the target %s ' % reg_pol )
with TemporaryDirectory ( ) as dname :
ext . process_group_policy ( [ ] , gpos , dname )
policies_file = os . path . join ( dname , ' policies.json ' )
with open ( policies_file , ' r ' ) as r :
policy_data = json . load ( r )
expected_policy_data = json . loads ( firefox_json_expected )
self . assertIn ( ' policies ' , policy_data , ' Policies were not applied ' )
self . assertEqual ( expected_policy_data [ ' policies ' ] . keys ( ) ,
policy_data [ ' policies ' ] . keys ( ) ,
' Firefox policies are missing ' )
for name in expected_policy_data [ ' policies ' ] . keys ( ) :
self . assertEqual ( expected_policy_data [ ' policies ' ] [ name ] ,
policy_data [ ' policies ' ] [ name ] ,
' Policies were not applied ' )
# Verify RSOP does not fail
ext . rsop ( [ g for g in gpos if g . name == guid ] [ 0 ] )
2022-12-09 10:31:49 -07:00
# Check that a call to gpupdate --rsop also succeeds
ret = rsop ( self . lp )
self . assertEquals ( ret , 0 , ' gpupdate --rsop failed! ' )
2021-08-25 13:04:47 -06:00
# Unapply the policy
gp_db = store . get_gplog ( machine_creds . get_username ( ) )
del_gpos = get_deleted_gpos_list ( gp_db , [ ] )
ext . process_group_policy ( del_gpos , [ ] , dname )
if os . path . exists ( policies_file ) :
data = json . load ( open ( policies_file , ' r ' ) )
if ' policies ' in data . keys ( ) :
self . assertEqual ( len ( data [ ' policies ' ] . keys ( ) ) , 0 ,
' The policy was not unapplied ' )
# Unstage the Registry.pol file
unstage_file ( reg_pol )
2021-09-08 07:45:56 -06:00
2021-10-25 14:29:41 +02:00
def test_gp_chromium_ext ( self ) :
2021-09-08 07:45:56 -06:00
local_path = self . lp . cache_path ( ' gpo_cache ' )
guid = ' { 31B2F340-016D-11D2-945F-00C04FB984F9} '
reg_pol = os . path . join ( local_path , policies , guid ,
' MACHINE/REGISTRY.POL ' )
cache_dir = self . lp . get ( ' cache directory ' )
store = GPOStorage ( os . path . join ( cache_dir , ' gpo.tdb ' ) )
machine_creds = Credentials ( )
machine_creds . guess ( self . lp )
machine_creds . set_machine_account ( )
# Initialize the group policy extension
2022-03-02 02:23:51 -07:00
ext = gp_chromium_ext ( self . lp , machine_creds ,
2021-09-08 07:45:56 -06:00
machine_creds . get_username ( ) , store )
ads = gpo . ADS_STRUCT ( self . server , self . lp , machine_creds )
if ads . connect ( ) :
gpos = ads . get_gpo_list ( machine_creds . get_username ( ) )
# Stage the Registry.pol file with test data
parser = GPPolParser ( )
parser . load_xml ( etree . fromstring ( chromium_reg_pol . strip ( ) ) )
ret = stage_file ( reg_pol , ndr_pack ( parser . pol_file ) )
self . assertTrue ( ret , ' Could not create the target %s ' % reg_pol )
with TemporaryDirectory ( ) as dname :
ext . process_group_policy ( [ ] , gpos , dname )
2022-12-06 11:12:34 -07:00
managed = os . path . join ( dname , ' managed ' )
managed_files = os . listdir ( managed )
self . assertEquals ( len ( managed_files ) , 1 ,
' Chromium policies are missing ' )
2022-12-07 10:17:38 -07:00
managed_file = os . path . join ( managed , managed_files [ 0 ] )
with open ( managed_file , ' r ' ) as r :
2021-09-08 07:45:56 -06:00
managed_data = json . load ( r )
2022-12-06 11:12:34 -07:00
recommended = os . path . join ( dname , ' recommended ' )
recommended_files = os . listdir ( recommended )
self . assertEquals ( len ( recommended_files ) , 1 ,
' Chromium policies are missing ' )
2022-12-07 10:17:38 -07:00
recommended_file = os . path . join ( recommended , recommended_files [ 0 ] )
with open ( recommended_file , ' r ' ) as r :
2021-09-08 07:45:56 -06:00
recommended_data = json . load ( r )
expected_managed_data = json . loads ( chromium_json_expected_managed )
expected_recommended_data = \
json . loads ( chromium_json_expected_recommended )
2022-12-06 11:12:34 -07:00
self . maxDiff = None
self . assertEqual ( sorted ( expected_managed_data . keys ( ) ) ,
sorted ( managed_data . keys ( ) ) ,
2021-09-08 07:45:56 -06:00
' Chromium policies are missing ' )
for name in expected_managed_data . keys ( ) :
self . assertEqual ( expected_managed_data [ name ] ,
managed_data [ name ] ,
' Policies were not applied ' )
self . assertEqual ( expected_recommended_data . keys ( ) ,
recommended_data . keys ( ) ,
' Chromium policies are missing ' )
for name in expected_recommended_data . keys ( ) :
self . assertEqual ( expected_recommended_data [ name ] ,
recommended_data [ name ] ,
' Policies were not applied ' )
2022-12-07 10:17:38 -07:00
# Ensure modifying the policy does not generate extra policy files
unstage_file ( reg_pol )
# Change a managed entry:
parser . pol_file . entries [ 0 ] . data = 0
# Change a recommended entry:
parser . pol_file . entries [ - 1 ] . data = b ' https://google.com '
ret = stage_file ( reg_pol , ndr_pack ( parser . pol_file ) )
self . assertTrue ( ret , ' Could not create the target %s ' % reg_pol )
ext . process_group_policy ( [ ] , gpos , dname )
managed_files = os . listdir ( managed )
self . assertEquals ( len ( managed_files ) , 1 ,
' Number of Chromium policies is incorrect ' )
omanaged_file = managed_file
managed_file = os . path . join ( managed , managed_files [ 0 ] )
2023-01-19 08:37:03 +13:00
self . assertNotEqual ( omanaged_file , managed_file ,
' The managed Chromium file did not change ' )
2022-12-07 10:17:38 -07:00
recommended_files = os . listdir ( recommended )
self . assertEquals ( len ( recommended_files ) , 1 ,
' Number of Chromium policies is incorrect ' )
orecommended_file = recommended_file
recommended_file = os . path . join ( recommended , recommended_files [ 0 ] )
2023-01-19 08:37:03 +13:00
self . assertNotEqual ( orecommended_file , recommended_file ,
' The recommended Chromium file did not change ' )
2022-12-07 10:17:38 -07:00
2021-09-08 07:45:56 -06:00
# Verify RSOP does not fail
ext . rsop ( [ g for g in gpos if g . name == guid ] [ 0 ] )
2022-12-09 10:31:49 -07:00
# Check that a call to gpupdate --rsop also succeeds
ret = rsop ( self . lp )
self . assertEquals ( ret , 0 , ' gpupdate --rsop failed! ' )
2021-09-08 07:45:56 -06:00
# Unapply the policy
gp_db = store . get_gplog ( machine_creds . get_username ( ) )
del_gpos = get_deleted_gpos_list ( gp_db , [ ] )
ext . process_group_policy ( del_gpos , [ ] , dname )
2022-12-06 11:12:34 -07:00
managed = os . path . join ( managed , managed_files [ 0 ] )
2021-09-08 07:45:56 -06:00
if os . path . exists ( managed ) :
data = json . load ( open ( managed , ' r ' ) )
self . assertEqual ( len ( data . keys ( ) ) , 0 ,
' The policy was not unapplied ' )
2022-12-06 11:12:34 -07:00
recommended = os . path . join ( recommended , recommended_files [ 0 ] )
2021-09-08 07:45:56 -06:00
if os . path . exists ( recommended ) :
data = json . load ( open ( recommended , ' r ' ) )
self . assertEqual ( len ( data . keys ( ) ) , 0 ,
' The policy was not unapplied ' )
# Unstage the Registry.pol file
unstage_file ( reg_pol )
2021-10-12 12:54:09 -06:00
def test_gp_firewalld_ext ( self ) :
local_path = self . lp . cache_path ( ' gpo_cache ' )
guid = ' { 31B2F340-016D-11D2-945F-00C04FB984F9} '
reg_pol = os . path . join ( local_path , policies , guid ,
' MACHINE/REGISTRY.POL ' )
cache_dir = self . lp . get ( ' cache directory ' )
store = GPOStorage ( os . path . join ( cache_dir , ' gpo.tdb ' ) )
machine_creds = Credentials ( )
machine_creds . guess ( self . lp )
machine_creds . set_machine_account ( )
# Initialize the group policy extension
2022-03-02 02:23:51 -07:00
ext = gp_firewalld_ext ( self . lp , machine_creds ,
2021-10-12 12:54:09 -06:00
machine_creds . get_username ( ) , store )
ads = gpo . ADS_STRUCT ( self . server , self . lp , machine_creds )
if ads . connect ( ) :
gpos = ads . get_gpo_list ( machine_creds . get_username ( ) )
# Stage the Registry.pol file with test data
parser = GPPolParser ( )
parser . load_xml ( etree . fromstring ( firewalld_reg_pol . strip ( ) ) )
ret = stage_file ( reg_pol , ndr_pack ( parser . pol_file ) )
self . assertTrue ( ret , ' Could not create the target %s ' % reg_pol )
ext . process_group_policy ( [ ] , gpos )
# Check that the policy was applied
firewall_cmd = which ( ' firewall-cmd ' )
cmd = [ firewall_cmd , ' --get-zones ' ]
p = Popen ( cmd , stdout = PIPE , stderr = PIPE )
out , err = p . communicate ( )
self . assertIn ( b ' work ' , out , ' Failed to apply zones ' )
self . assertIn ( b ' home ' , out , ' Failed to apply zones ' )
cmd = [ firewall_cmd , ' --zone=work ' , ' --list-interfaces ' ]
p = Popen ( cmd , stdout = PIPE , stderr = PIPE )
out , err = p . communicate ( )
self . assertIn ( b ' eth0 ' , out , ' Failed to set interface on zone ' )
cmd = [ firewall_cmd , ' --zone=home ' , ' --list-interfaces ' ]
p = Popen ( cmd , stdout = PIPE , stderr = PIPE )
out , err = p . communicate ( )
self . assertIn ( b ' eth0 ' , out , ' Failed to set interface on zone ' )
cmd = [ firewall_cmd , ' --zone=work ' , ' --list-rich-rules ' ]
p = Popen ( cmd , stdout = PIPE , stderr = PIPE )
out , err = p . communicate ( )
rule = b ' rule family=ipv4 source address=172.25.1.7 ' + \
b ' service name=ftp reject '
self . assertEquals ( rule , out . strip ( ) , ' Failed to set rich rule ' )
# Verify RSOP does not fail
ext . rsop ( [ g for g in gpos if g . name == guid ] [ 0 ] )
2022-12-09 10:31:49 -07:00
# Check that a call to gpupdate --rsop also succeeds
ret = rsop ( self . lp )
self . assertEquals ( ret , 0 , ' gpupdate --rsop failed! ' )
2021-10-12 12:54:09 -06:00
# Unapply the policy
gp_db = store . get_gplog ( machine_creds . get_username ( ) )
del_gpos = get_deleted_gpos_list ( gp_db , [ ] )
ext . process_group_policy ( del_gpos , [ ] )
# Check that the policy was unapplied
cmd = [ firewall_cmd , ' --get-zones ' ]
p = Popen ( cmd , stdout = PIPE , stderr = PIPE )
out , err = p . communicate ( )
self . assertNotIn ( b ' work ' , out , ' Failed to unapply zones ' )
self . assertNotIn ( b ' home ' , out , ' Failed to unapply zones ' )
# Unstage the Registry.pol file
unstage_file ( reg_pol )
2022-04-12 12:27:41 -06:00
def test_advanced_gp_cert_auto_enroll_ext ( self ) :
local_path = self . lp . cache_path ( ' gpo_cache ' )
guid = ' { 31B2F340-016D-11D2-945F-00C04FB984F9} '
reg_pol = os . path . join ( local_path , policies , guid ,
' MACHINE/REGISTRY.POL ' )
cache_dir = self . lp . get ( ' cache directory ' )
store = GPOStorage ( os . path . join ( cache_dir , ' gpo.tdb ' ) )
machine_creds = Credentials ( )
machine_creds . guess ( self . lp )
machine_creds . set_machine_account ( )
# Initialize the group policy extension
2022-05-04 15:01:22 -06:00
ext = cae . gp_cert_auto_enroll_ext ( self . lp , machine_creds ,
machine_creds . get_username ( ) , store )
2022-04-12 12:27:41 -06:00
ads = gpo . ADS_STRUCT ( self . server , self . lp , machine_creds )
if ads . connect ( ) :
gpos = ads . get_gpo_list ( machine_creds . get_username ( ) )
admin_creds = Credentials ( )
admin_creds . set_username ( os . environ . get ( ' DC_USERNAME ' ) )
admin_creds . set_password ( os . environ . get ( ' DC_PASSWORD ' ) )
admin_creds . set_realm ( os . environ . get ( ' REALM ' ) )
hostname = get_dc_hostname ( machine_creds , self . lp )
url = ' ldap:// %s ' % hostname
ldb = Ldb ( url = url , session_info = system_session ( ) ,
lp = self . lp , credentials = admin_creds )
# Stage the Registry.pol file with test data
res = ldb . search ( ' ' , _ldb . SCOPE_BASE , ' (objectClass=*) ' ,
[ ' rootDomainNamingContext ' ] )
self . assertTrue ( len ( res ) == 1 , ' rootDomainNamingContext not found ' )
res2 = ldb . search ( res [ 0 ] [ ' rootDomainNamingContext ' ] [ 0 ] ,
_ldb . SCOPE_BASE , ' (objectClass=*) ' , [ ' objectGUID ' ] )
self . assertTrue ( len ( res2 ) == 1 , ' objectGUID not found ' )
objectGUID = b ' { %s } ' % \
2022-05-04 15:01:22 -06:00
cae . octet_string_to_objectGUID ( res2 [ 0 ] [ ' objectGUID ' ] [ 0 ] ) . upper ( ) . encode ( )
2022-04-12 12:27:41 -06:00
parser = GPPolParser ( )
parser . load_xml ( etree . fromstring ( advanced_enroll_reg_pol . strip ( ) % \
( objectGUID , objectGUID , objectGUID , objectGUID ) ) )
ret = stage_file ( reg_pol , ndr_pack ( parser . pol_file ) )
self . assertTrue ( ret , ' Could not create the target %s ' % reg_pol )
# Write the dummy CA entry
confdn = ' CN=Public Key Services,CN=Services,CN=Configuration, %s ' % base_dn
ca_cn = ' %s -CA ' % hostname . replace ( ' . ' , ' - ' )
certa_dn = ' CN= %s ,CN=Certification Authorities, %s ' % ( ca_cn , confdn )
ldb . add ( { ' dn ' : certa_dn ,
' objectClass ' : ' certificationAuthority ' ,
' authorityRevocationList ' : [ ' XXX ' ] ,
' cACertificate ' : ' XXX ' ,
' certificateRevocationList ' : [ ' XXX ' ] ,
} )
# Write the dummy pKIEnrollmentService
enroll_dn = ' CN= %s ,CN=Enrollment Services, %s ' % ( ca_cn , confdn )
ldb . add ( { ' dn ' : enroll_dn ,
' objectClass ' : ' pKIEnrollmentService ' ,
' cACertificate ' : ' XXXX ' ,
' certificateTemplates ' : [ ' Machine ' ] ,
' dNSHostName ' : hostname ,
} )
# Write the dummy pKICertificateTemplate
template_dn = ' CN=Machine,CN=Certificate Templates, %s ' % confdn
ldb . add ( { ' dn ' : template_dn ,
' objectClass ' : ' pKICertificateTemplate ' ,
} )
with TemporaryDirectory ( ) as dname :
ext . process_group_policy ( [ ] , gpos , dname , dname )
ca_list = [ ca_cn , ' example0-com-CA ' , ' example1-com-CA ' ,
' example2-com-CA ' ]
for ca in ca_list :
ca_crt = os . path . join ( dname , ' %s .crt ' % ca )
self . assertTrue ( os . path . exists ( ca_crt ) ,
' Root CA certificate was not requested ' )
machine_crt = os . path . join ( dname , ' %s .Machine.crt ' % ca )
self . assertTrue ( os . path . exists ( machine_crt ) ,
' Machine certificate was not requested ' )
machine_key = os . path . join ( dname , ' %s .Machine.key ' % ca )
self . assertTrue ( os . path . exists ( machine_crt ) ,
' Machine key was not generated ' )
# Verify RSOP does not fail
ext . rsop ( [ g for g in gpos if g . name == guid ] [ 0 ] )
2022-12-09 10:31:49 -07:00
# Check that a call to gpupdate --rsop also succeeds
ret = rsop ( self . lp )
self . assertEquals ( ret , 0 , ' gpupdate --rsop failed! ' )
2022-04-12 12:27:41 -06:00
# Remove policy
gp_db = store . get_gplog ( machine_creds . get_username ( ) )
del_gpos = get_deleted_gpos_list ( gp_db , [ ] )
ext . process_group_policy ( del_gpos , [ ] , dname )
self . assertFalse ( os . path . exists ( ca_crt ) ,
' Root CA certificate was not removed ' )
self . assertFalse ( os . path . exists ( machine_crt ) ,
' Machine certificate was not removed ' )
self . assertFalse ( os . path . exists ( machine_crt ) ,
' Machine key was not removed ' )
out , _ = Popen ( [ ' getcert ' , ' list-cas ' ] , stdout = PIPE ) . communicate ( )
for ca in ca_list :
self . assertNotIn ( get_bytes ( ca ) , out , ' CA was not removed ' )
out , _ = Popen ( [ ' getcert ' , ' list ' ] , stdout = PIPE ) . communicate ( )
self . assertNotIn ( b ' Machine ' , out ,
' Machine certificate not removed ' )
# Remove the dummy CA, pKIEnrollmentService, and pKICertificateTemplate
ldb . delete ( certa_dn )
ldb . delete ( enroll_dn )
ldb . delete ( template_dn )
# Unstage the Registry.pol file
unstage_file ( reg_pol )
2022-04-29 09:14:10 -06:00
def test_gp_centrify_sudoers_ext ( self ) :
local_path = self . lp . cache_path ( ' gpo_cache ' )
guid = ' { 31B2F340-016D-11D2-945F-00C04FB984F9} '
reg_pol = os . path . join ( local_path , policies , guid ,
' MACHINE/REGISTRY.POL ' )
cache_dir = self . lp . get ( ' cache directory ' )
store = GPOStorage ( os . path . join ( cache_dir , ' gpo.tdb ' ) )
machine_creds = Credentials ( )
machine_creds . guess ( self . lp )
machine_creds . set_machine_account ( )
# Initialize the group policy extension
ext = gp_centrify_sudoers_ext ( self . lp , machine_creds ,
machine_creds . get_username ( ) , store )
ads = gpo . ADS_STRUCT ( self . server , self . lp , machine_creds )
if ads . connect ( ) :
gpos = ads . get_gpo_list ( machine_creds . get_username ( ) )
# Stage the Registry.pol file with test data
stage = preg . file ( )
e1 = preg . entry ( )
e1 . keyname = b ' Software \\ Policies \\ Centrify \\ UnixSettings '
e1 . valuename = b ' sudo.enabled '
e1 . type = 4
e1 . data = 1
e2 = preg . entry ( )
e2 . keyname = b ' Software \\ Policies \\ Centrify \\ UnixSettings \\ SuDo '
e2 . valuename = b ' 1 '
e2 . type = 1
e2 . data = b ' fakeu ALL=(ALL) NOPASSWD: ALL '
stage . num_entries = 2
stage . entries = [ e1 , e2 ]
ret = stage_file ( reg_pol , ndr_pack ( stage ) )
self . assertTrue ( ret , ' Could not create the target %s ' % reg_pol )
# Process all gpos, with temp output directory
with TemporaryDirectory ( ) as dname :
ext . process_group_policy ( [ ] , gpos , dname )
sudoers = os . listdir ( dname )
self . assertEquals ( len ( sudoers ) , 1 , ' The sudoer file was not created ' )
2022-12-07 09:49:53 -07:00
sudoers_file = os . path . join ( dname , sudoers [ 0 ] )
self . assertIn ( e2 . data , open ( sudoers_file , ' r ' ) . read ( ) ,
2022-04-29 09:14:10 -06:00
' The sudoers entry was not applied ' )
2022-12-07 09:49:53 -07:00
# Remove the sudoers file, and make sure a re-apply puts it back
os . unlink ( sudoers_file )
ext . process_group_policy ( [ ] , gpos , dname )
sudoers = os . listdir ( dname )
self . assertEquals ( len ( sudoers ) , 1 ,
' The sudoer file was not recreated ' )
sudoers_file = os . path . join ( dname , sudoers [ 0 ] )
self . assertIn ( e2 . data , open ( sudoers_file , ' r ' ) . read ( ) ,
' The sudoers entry was not reapplied ' )
2022-12-09 10:31:49 -07:00
# Check that a call to gpupdate --rsop also succeeds
ret = rsop ( self . lp )
self . assertEquals ( ret , 0 , ' gpupdate --rsop failed! ' )
2022-04-29 09:14:10 -06:00
# Remove policy
gp_db = store . get_gplog ( machine_creds . get_username ( ) )
del_gpos = get_deleted_gpos_list ( gp_db , [ ] )
ext . process_group_policy ( del_gpos , [ ] )
self . assertEquals ( len ( os . listdir ( dname ) ) , 0 ,
' Unapply failed to cleanup scripts ' )
# Unstage the Registry.pol file
unstage_file ( reg_pol )
2022-04-29 14:40:41 -06:00
def test_gp_centrify_crontab_ext ( self ) :
local_path = self . lp . cache_path ( ' gpo_cache ' )
guid = ' { 31B2F340-016D-11D2-945F-00C04FB984F9} '
reg_pol = os . path . join ( local_path , policies , guid ,
' MACHINE/REGISTRY.POL ' )
cache_dir = self . lp . get ( ' cache directory ' )
store = GPOStorage ( os . path . join ( cache_dir , ' gpo.tdb ' ) )
machine_creds = Credentials ( )
machine_creds . guess ( self . lp )
machine_creds . set_machine_account ( )
# Initialize the group policy extension
ext = gp_centrify_crontab_ext ( self . lp , machine_creds ,
machine_creds . get_username ( ) , store )
ads = gpo . ADS_STRUCT ( self . server , self . lp , machine_creds )
if ads . connect ( ) :
gpos = ads . get_gpo_list ( machine_creds . get_username ( ) )
# Stage the Registry.pol file with test data
stage = preg . file ( )
e = preg . entry ( )
e . keyname = \
b ' Software \\ Policies \\ Centrify \\ UnixSettings \\ CrontabEntries '
e . valuename = b ' Command1 '
e . type = 1
e . data = b ' 17 * * * * root echo hello world '
stage . num_entries = 1
stage . entries = [ e ]
ret = stage_file ( reg_pol , ndr_pack ( stage ) )
self . assertTrue ( ret , ' Could not create the target %s ' % reg_pol )
# Process all gpos, with temp output directory
with TemporaryDirectory ( ) as dname :
ext . process_group_policy ( [ ] , gpos , dname )
cron_entries = os . listdir ( dname )
self . assertEquals ( len ( cron_entries ) , 1 , ' Cron entry not created ' )
fname = os . path . join ( dname , cron_entries [ 0 ] )
data = open ( fname , ' rb ' ) . read ( )
self . assertIn ( get_bytes ( e . data ) , data , ' Cron entry is missing ' )
2022-12-09 10:31:49 -07:00
# Check that a call to gpupdate --rsop also succeeds
ret = rsop ( self . lp )
self . assertEquals ( ret , 0 , ' gpupdate --rsop failed! ' )
2022-04-29 14:40:41 -06:00
# Remove policy
gp_db = store . get_gplog ( machine_creds . get_username ( ) )
del_gpos = get_deleted_gpos_list ( gp_db , [ ] )
ext . process_group_policy ( del_gpos , [ ] )
self . assertEquals ( len ( os . listdir ( dname ) ) , 0 ,
' Unapply failed to cleanup script ' )
# Unstage the Registry.pol file
unstage_file ( reg_pol )
def test_gp_user_centrify_crontab_ext ( self ) :
local_path = self . lp . cache_path ( ' gpo_cache ' )
guid = ' { 31B2F340-016D-11D2-945F-00C04FB984F9} '
reg_pol = os . path . join ( local_path , policies , guid ,
' USER/REGISTRY.POL ' )
cache_dir = self . lp . get ( ' cache directory ' )
store = GPOStorage ( os . path . join ( cache_dir , ' gpo.tdb ' ) )
machine_creds = Credentials ( )
machine_creds . guess ( self . lp )
machine_creds . set_machine_account ( )
# Initialize the group policy extension
ext = gp_user_centrify_crontab_ext ( self . lp , machine_creds ,
os . environ . get ( ' DC_USERNAME ' ) ,
store )
ads = gpo . ADS_STRUCT ( self . server , self . lp , machine_creds )
if ads . connect ( ) :
gpos = ads . get_gpo_list ( machine_creds . get_username ( ) )
# Stage the Registry.pol file with test data
stage = preg . file ( )
e = preg . entry ( )
e . keyname = \
b ' Software \\ Policies \\ Centrify \\ UnixSettings \\ CrontabEntries '
e . valuename = b ' Command1 '
e . type = 1
e . data = b ' 17 * * * * echo hello world '
stage . num_entries = 1
stage . entries = [ e ]
ret = stage_file ( reg_pol , ndr_pack ( stage ) )
self . assertTrue ( ret , ' Could not create the target %s ' % reg_pol )
# Process all gpos, intentionally skipping the privilege drop
ext . process_group_policy ( [ ] , gpos )
# Dump the fake crontab setup for testing
p = Popen ( [ ' crontab ' , ' -l ' ] , stdout = PIPE )
crontab , _ = p . communicate ( )
self . assertIn ( get_bytes ( e . data ) , crontab ,
' The crontab entry was not installed ' )
2022-12-09 10:31:49 -07:00
# Check that a call to gpupdate --rsop also succeeds
ret = rsop ( self . lp )
self . assertEquals ( ret , 0 , ' gpupdate --rsop failed! ' )
2022-04-29 14:40:41 -06:00
# Remove policy
gp_db = store . get_gplog ( os . environ . get ( ' DC_USERNAME ' ) )
del_gpos = get_deleted_gpos_list ( gp_db , [ ] )
ext . process_group_policy ( del_gpos , [ ] )
# Dump the fake crontab setup for testing
p = Popen ( [ ' crontab ' , ' -l ' ] , stdout = PIPE )
crontab , _ = p . communicate ( )
self . assertNotIn ( get_bytes ( e . data ) , crontab ,
' Unapply failed to cleanup crontab entry ' )
# Unstage the Registry.pol file
unstage_file ( reg_pol )