1 # Unix SMB/CIFS implementation. Tests for smb manipulation
2 # Copyright (C) David Mulder <dmulder@suse.com> 2018
4 # This program is free software; you can redistribute it and/or modify
5 # it under the terms of the GNU General Public License as published by
6 # the Free Software Foundation; either version 3 of the License, or
7 # (at your option) any later version.
9 # This program is distributed in the hope that it will be useful,
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 # GNU General Public License for more details.
14 # You should have received a copy of the GNU General Public License
15 # along with this program. If not, see <http://www.gnu.org/licenses/>.
19 from samba
import gpo
, tests
20 from samba
.gp
.gpclass
import register_gp_extension
, list_gp_extensions
, \
21 unregister_gp_extension
, GPOStorage
, get_gpo_list
22 from samba
.param
import LoadParm
23 from samba
.gp
.gpclass
import check_refresh_gpo_list
, check_safe_path
, \
24 check_guid
, parse_gpext_conf
, atomic_write_conf
, get_deleted_gpos_list
25 from subprocess
import Popen
, PIPE
26 from tempfile
import NamedTemporaryFile
, TemporaryDirectory
27 from samba
.gp
import gpclass
28 # Disable privilege dropping for testing
29 gpclass
.drop_privileges
= lambda _
, func
, *args
: func(*args
)
30 from samba
.gp
.gp_sec_ext
import gp_krb_ext
, gp_access_ext
31 from samba
.gp
.gp_scripts_ext
import gp_scripts_ext
, gp_user_scripts_ext
32 from samba
.gp
.gp_sudoers_ext
import gp_sudoers_ext
33 from samba
.gp
.vgp_sudoers_ext
import vgp_sudoers_ext
34 from samba
.gp
.vgp_symlink_ext
import vgp_symlink_ext
35 from samba
.gp
.gpclass
import gp_inf_ext
36 from samba
.gp
.gp_smb_conf_ext
import gp_smb_conf_ext
37 from samba
.gp
.vgp_files_ext
import vgp_files_ext
38 from samba
.gp
.vgp_openssh_ext
import vgp_openssh_ext
39 from samba
.gp
.vgp_startup_scripts_ext
import vgp_startup_scripts_ext
40 from samba
.gp
.vgp_motd_ext
import vgp_motd_ext
41 from samba
.gp
.vgp_issue_ext
import vgp_issue_ext
42 from samba
.gp
.vgp_access_ext
import vgp_access_ext
43 from samba
.gp
.gp_gnome_settings_ext
import gp_gnome_settings_ext
44 from samba
.gp
import gp_cert_auto_enroll_ext
as cae
45 from samba
.gp
.gp_firefox_ext
import gp_firefox_ext
46 from samba
.gp
.gp_chromium_ext
import gp_chromium_ext
47 from samba
.gp
.gp_firewalld_ext
import gp_firewalld_ext
48 from samba
.credentials
import Credentials
49 from samba
.gp
.gp_msgs_ext
import gp_msgs_ext
50 from samba
.gp
.gp_centrify_sudoers_ext
import gp_centrify_sudoers_ext
51 from samba
.gp
.gp_centrify_crontab_ext
import gp_centrify_crontab_ext
, \
52 gp_user_centrify_crontab_ext
53 from samba
.common
import get_bytes
54 from samba
.dcerpc
import preg
55 from samba
.ndr
import ndr_pack
57 from shutil
import copyfile
58 import xml
.etree
.ElementTree
as etree
60 from samba
.gp_parse
.gp_pol
import GPPolParser
62 from configparser
import ConfigParser
63 from samba
.gp
.gpclass
import get_dc_hostname
66 from samba
.auth
import system_session
68 from shutil
import which
70 from cryptography
import x509
71 from cryptography
.hazmat
.primitives
import hashes
72 from cryptography
.hazmat
.backends
import default_backend
73 from cryptography
.hazmat
.primitives
.asymmetric
import rsa
74 from cryptography
.hazmat
.primitives
.serialization
import Encoding
75 from datetime
import datetime
, timedelta
76 from samba
.samba3
import param
as s3param
78 def dummy_certificate():
80 x509
.NameAttribute(x509
.NameOID
.COMMON_NAME
,
81 os
.environ
.get('SERVER'))
83 cons
= x509
.BasicConstraints(ca
=True, path_length
=0)
84 now
= datetime
.utcnow()
86 key
= rsa
.generate_private_key(public_exponent
=65537, key_size
=2048,
87 backend
=default_backend())
90 x509
.CertificateBuilder()
93 .public_key(key
.public_key())
95 .not_valid_before(now
)
96 .not_valid_after(now
+ timedelta(seconds
=300))
97 .add_extension(cons
, False)
98 .sign(key
, hashes
.SHA256(), default_backend())
101 return cert
.public_bytes(encoding
=Encoding
.DER
)
103 # Dummy requests structure for Certificate Auto Enrollment
104 class dummy_requests(object):
106 def get(url
=None, params
=None):
107 dummy
= requests
.Response()
108 dummy
._content
= dummy_certificate()
109 dummy
.headers
= {'Content-Type': 'application/x-x509-ca-cert'}
112 class exceptions(object):
113 ConnectionError
= Exception
114 cae
.requests
= dummy_requests
116 realm
= os
.environ
.get('REALM')
117 policies
= realm
+ '/POLICIES'
118 realm
= realm
.lower()
119 poldir
= r
'\\{0}\sysvol\{0}\Policies'.format(realm
)
120 # the first part of the base DN varies by testenv. Work it out from the realm
121 base_dn
= 'DC={0},DC=samba,DC=example,DC=com'.format(realm
.split('.')[0])
122 dspath
= 'CN=Policies,CN=System,' + base_dn
123 gpt_data
= '[General]\nVersion=%d'
125 gnome_test_reg_pol
= \
127 <?xml version="1.0" encoding="utf-8"?>
128 <PolFile num_entries="26" signature="PReg" version="1">
129 <Entry type="4" type_name="REG_DWORD">
130 <Key>GNOME Settings\Lock Down Settings</Key>
131 <ValueName>Lock Down Enabled Extensions</ValueName>
134 <Entry type="4" type_name="REG_DWORD">
135 <Key>GNOME Settings\Lock Down Settings</Key>
136 <ValueName>Lock Down Specific Settings</ValueName>
139 <Entry type="4" type_name="REG_DWORD">
140 <Key>GNOME Settings\Lock Down Settings</Key>
141 <ValueName>Disable Printing</ValueName>
144 <Entry type="4" type_name="REG_DWORD">
145 <Key>GNOME Settings\Lock Down Settings</Key>
146 <ValueName>Disable File Saving</ValueName>
149 <Entry type="4" type_name="REG_DWORD">
150 <Key>GNOME Settings\Lock Down Settings</Key>
151 <ValueName>Disable Command-Line Access</ValueName>
154 <Entry type="4" type_name="REG_DWORD">
155 <Key>GNOME Settings\Lock Down Settings</Key>
156 <ValueName>Disallow Login Using a Fingerprint</ValueName>
159 <Entry type="4" type_name="REG_DWORD">
160 <Key>GNOME Settings\Lock Down Settings</Key>
161 <ValueName>Disable User Logout</ValueName>
164 <Entry type="4" type_name="REG_DWORD">
165 <Key>GNOME Settings\Lock Down Settings</Key>
166 <ValueName>Disable User Switching</ValueName>
169 <Entry type="4" type_name="REG_DWORD">
170 <Key>GNOME Settings\Lock Down Settings</Key>
171 <ValueName>Disable Repartitioning</ValueName>
174 <Entry type="4" type_name="REG_DWORD">
175 <Key>GNOME Settings\Lock Down Settings</Key>
176 <ValueName>Whitelisted Online Accounts</ValueName>
179 <Entry type="4" type_name="REG_DWORD">
180 <Key>GNOME Settings\Lock Down Settings</Key>
181 <ValueName>Compose Key</ValueName>
184 <Entry type="4" type_name="REG_DWORD">
185 <Key>GNOME Settings\Lock Down Settings</Key>
186 <ValueName>Dim Screen when User is Idle</ValueName>
189 <Entry type="4" type_name="REG_DWORD">
190 <Key>GNOME Settings\Lock Down Settings</Key>
191 <ValueName>Enabled Extensions</ValueName>
194 <Entry type="1" type_name="REG_SZ">
195 <Key>GNOME Settings\Lock Down Settings\Compose Key</Key>
196 <ValueName>Key Name</ValueName>
197 <Value>Right Alt</Value>
199 <Entry type="4" type_name="REG_DWORD">
200 <Key>GNOME Settings\Lock Down Settings\Dim Screen when User is Idle</Key>
201 <ValueName>Delay</ValueName>
204 <Entry type="4" type_name="REG_DWORD">
205 <Key>GNOME Settings\Lock Down Settings\Dim Screen when User is Idle</Key>
206 <ValueName>Dim Idle Brightness</ValueName>
209 <Entry type="1" type_name="REG_SZ">
210 <Key>GNOME Settings\Lock Down Settings\Enabled Extensions</Key>
211 <ValueName>**delvals.</ValueName>
214 <Entry type="1" type_name="REG_SZ">
215 <Key>GNOME Settings\Lock Down Settings\Enabled Extensions</Key>
216 <ValueName>myextension1@myname.example.com</ValueName>
217 <Value>myextension1@myname.example.com</Value>
219 <Entry type="1" type_name="REG_SZ">
220 <Key>GNOME Settings\Lock Down Settings\Enabled Extensions</Key>
221 <ValueName>myextension2@myname.example.com</ValueName>
222 <Value>myextension2@myname.example.com</Value>
224 <Entry type="1" type_name="REG_SZ">
225 <Key>GNOME Settings\Lock Down Settings\Lock Down Specific Settings</Key>
226 <ValueName>**delvals.</ValueName>
229 <Entry type="1" type_name="REG_SZ">
230 <Key>GNOME Settings\Lock Down Settings\Lock Down Specific Settings</Key>
231 <ValueName>/org/gnome/desktop/background/picture-uri</ValueName>
232 <Value>/org/gnome/desktop/background/picture-uri</Value>
234 <Entry type="1" type_name="REG_SZ">
235 <Key>GNOME Settings\Lock Down Settings\Lock Down Specific Settings</Key>
236 <ValueName>/org/gnome/desktop/background/picture-options</ValueName>
237 <Value>/org/gnome/desktop/background/picture-options</Value>
239 <Entry type="1" type_name="REG_SZ">
240 <Key>GNOME Settings\Lock Down Settings\Lock Down Specific Settings</Key>
241 <ValueName>/org/gnome/desktop/background/primary-color</ValueName>
242 <Value>/org/gnome/desktop/background/primary-color</Value>
244 <Entry type="1" type_name="REG_SZ">
245 <Key>GNOME Settings\Lock Down Settings\Lock Down Specific Settings</Key>
246 <ValueName>/org/gnome/desktop/background/secondary-color</ValueName>
247 <Value>/org/gnome/desktop/background/secondary-color</Value>
249 <Entry type="1" type_name="REG_SZ">
250 <Key>GNOME Settings\Lock Down Settings\Whitelisted Online Accounts</Key>
251 <ValueName>**delvals.</ValueName>
254 <Entry type="1" type_name="REG_SZ">
255 <Key>GNOME Settings\Lock Down Settings\Whitelisted Online Accounts</Key>
256 <ValueName>google</ValueName>
257 <Value>google</Value>
262 auto_enroll_reg_pol
= \
264 <?xml version="1.0" encoding="utf-8"?>
265 <PolFile num_entries="3" signature="PReg" version="1">
266 <Entry type="4" type_name="REG_DWORD">
267 <Key>Software\Policies\Microsoft\Cryptography\AutoEnrollment</Key>
268 <ValueName>AEPolicy</ValueName>
271 <Entry type="4" type_name="REG_DWORD">
272 <Key>Software\Policies\Microsoft\Cryptography\AutoEnrollment</Key>
273 <ValueName>OfflineExpirationPercent</ValueName>
276 <Entry type="1" type_name="REG_SZ">
277 <Key>Software\Policies\Microsoft\Cryptography\AutoEnrollment</Key>
278 <ValueName>OfflineExpirationStoreNames</ValueName>
284 advanced_enroll_reg_pol
= \
286 <?xml version="1.0" encoding="utf-8"?>
287 <PolFile num_entries="30" signature="PReg" version="1">
288 <Entry type="1" type_name="REG_SZ">
289 <Key>Software\Policies\Microsoft\Cryptography</Key>
290 <ValueName>**DeleteKeys</ValueName>
291 <Value>Software\Policies\Microsoft\Cryptography\PolicyServers</Value>
293 <Entry type="4" type_name="REG_DWORD">
294 <Key>Software\Policies\Microsoft\Cryptography\AutoEnrollment</Key>
295 <ValueName>AEPolicy</ValueName>
298 <Entry type="4" type_name="REG_DWORD">
299 <Key>Software\Policies\Microsoft\Cryptography\AutoEnrollment</Key>
300 <ValueName>OfflineExpirationPercent</ValueName>
303 <Entry type="1" type_name="REG_SZ">
304 <Key>Software\Policies\Microsoft\Cryptography\AutoEnrollment</Key>
305 <ValueName>OfflineExpirationStoreNames</ValueName>
308 <Entry type="1" type_name="REG_SZ">
309 <Key>Software\Policies\Microsoft\Cryptography\PolicyServers</Key>
311 <Value>{5AD0BE6D-3393-4940-BFC3-6E19555A8919}</Value>
313 <Entry type="4" type_name="REG_DWORD">
314 <Key>Software\Policies\Microsoft\Cryptography\PolicyServers</Key>
315 <ValueName>Flags</ValueName>
318 <Entry type="1" type_name="REG_SZ">
319 <Key>Software\Policies\Microsoft\Cryptography\PolicyServers\\37c9dc30f207f27f61a2f7c3aed598a6e2920b54</Key>
320 <ValueName>URL</ValueName>
323 <Entry type="1" type_name="REG_SZ">
324 <Key>Software\Policies\Microsoft\Cryptography\PolicyServers\\37c9dc30f207f27f61a2f7c3aed598a6e2920b54</Key>
325 <ValueName>PolicyID</ValueName>
328 <Entry type="1" type_name="REG_SZ">
329 <Key>Software\Policies\Microsoft\Cryptography\PolicyServers\\37c9dc30f207f27f61a2f7c3aed598a6e2920b54</Key>
330 <ValueName>FriendlyName</ValueName>
331 <Value>Example</Value>
333 <Entry type="4" type_name="REG_DWORD">
334 <Key>Software\Policies\Microsoft\Cryptography\PolicyServers\\37c9dc30f207f27f61a2f7c3aed598a6e2920b54</Key>
335 <ValueName>Flags</ValueName>
338 <Entry type="4" type_name="REG_DWORD">
339 <Key>Software\Policies\Microsoft\Cryptography\PolicyServers\\37c9dc30f207f27f61a2f7c3aed598a6e2920b54</Key>
340 <ValueName>AuthFlags</ValueName>
343 <Entry type="4" type_name="REG_DWORD">
344 <Key>Software\Policies\Microsoft\Cryptography\PolicyServers\\37c9dc30f207f27f61a2f7c3aed598a6e2920b54</Key>
345 <ValueName>Cost</ValueName>
346 <Value>2147483645</Value>
348 <Entry type="1" type_name="REG_SZ">
349 <Key>Software\Policies\Microsoft\Cryptography\PolicyServers\\144bdbb8e4717c26e408f3c9a0cb8d6cfacbcbbe</Key>
350 <ValueName>URL</ValueName>
351 <Value>https://example2.com/ADPolicyProvider_CEP_Certificate/service.svc/CEP</Value>
353 <Entry type="1" type_name="REG_SZ">
354 <Key>Software\Policies\Microsoft\Cryptography\PolicyServers\\144bdbb8e4717c26e408f3c9a0cb8d6cfacbcbbe</Key>
355 <ValueName>PolicyID</ValueName>
358 <Entry type="1" type_name="REG_SZ">
359 <Key>Software\Policies\Microsoft\Cryptography\PolicyServers\\144bdbb8e4717c26e408f3c9a0cb8d6cfacbcbbe</Key>
360 <ValueName>FriendlyName</ValueName>
361 <Value>Example2</Value>
363 <Entry type="4" type_name="REG_DWORD">
364 <Key>Software\Policies\Microsoft\Cryptography\PolicyServers\\144bdbb8e4717c26e408f3c9a0cb8d6cfacbcbbe</Key>
365 <ValueName>Flags</ValueName>
368 <Entry type="4" type_name="REG_DWORD">
369 <Key>Software\Policies\Microsoft\Cryptography\PolicyServers\\144bdbb8e4717c26e408f3c9a0cb8d6cfacbcbbe</Key>
370 <ValueName>AuthFlags</ValueName>
373 <Entry type="4" type_name="REG_DWORD">
374 <Key>Software\Policies\Microsoft\Cryptography\PolicyServers\\144bdbb8e4717c26e408f3c9a0cb8d6cfacbcbbe</Key>
375 <ValueName>Cost</ValueName>
378 <Entry type="1" type_name="REG_SZ">
379 <Key>Software\Policies\Microsoft\Cryptography\PolicyServers\\20d46e856e9b9746c0b1265c328f126a7b3283a9</Key>
380 <ValueName>URL</ValueName>
381 <Value>https://example0.com/ADPolicyProvider_CEP_Kerberos/service.svc/CEP</Value>
383 <Entry type="1" type_name="REG_SZ">
384 <Key>Software\Policies\Microsoft\Cryptography\PolicyServers\\20d46e856e9b9746c0b1265c328f126a7b3283a9</Key>
385 <ValueName>PolicyID</ValueName>
388 <Entry type="1" type_name="REG_SZ">
389 <Key>Software\Policies\Microsoft\Cryptography\PolicyServers\\20d46e856e9b9746c0b1265c328f126a7b3283a9</Key>
390 <ValueName>FriendlyName</ValueName>
391 <Value>Example0</Value>
393 <Entry type="4" type_name="REG_DWORD">
394 <Key>Software\Policies\Microsoft\Cryptography\PolicyServers\\20d46e856e9b9746c0b1265c328f126a7b3283a9</Key>
395 <ValueName>Flags</ValueName>
398 <Entry type="4" type_name="REG_DWORD">
399 <Key>Software\Policies\Microsoft\Cryptography\PolicyServers\\20d46e856e9b9746c0b1265c328f126a7b3283a9</Key>
400 <ValueName>AuthFlags</ValueName>
403 <Entry type="4" type_name="REG_DWORD">
404 <Key>Software\Policies\Microsoft\Cryptography\PolicyServers\\20d46e856e9b9746c0b1265c328f126a7b3283a9</Key>
405 <ValueName>Cost</ValueName>
408 <Entry type="1" type_name="REG_SZ">
409 <Key>Software\Policies\Microsoft\Cryptography\PolicyServers\\855b5246433a48402ac4f5c3427566df26ccc9ac</Key>
410 <ValueName>URL</ValueName>
411 <Value>https://example1.com/ADPolicyProvider_CEP_Kerberos/service.svc/CEP</Value>
413 <Entry type="1" type_name="REG_SZ">
414 <Key>Software\Policies\Microsoft\Cryptography\PolicyServers\\855b5246433a48402ac4f5c3427566df26ccc9ac</Key>
415 <ValueName>PolicyID</ValueName>
418 <Entry type="1" type_name="REG_SZ">
419 <Key>Software\Policies\Microsoft\Cryptography\PolicyServers\\855b5246433a48402ac4f5c3427566df26ccc9ac</Key>
420 <ValueName>FriendlyName</ValueName>
421 <Value>Example1</Value>
423 <Entry type="4" type_name="REG_DWORD">
424 <Key>Software\Policies\Microsoft\Cryptography\PolicyServers\\855b5246433a48402ac4f5c3427566df26ccc9ac</Key>
425 <ValueName>Flags</ValueName>
428 <Entry type="4" type_name="REG_DWORD">
429 <Key>Software\Policies\Microsoft\Cryptography\PolicyServers\\855b5246433a48402ac4f5c3427566df26ccc9ac</Key>
430 <ValueName>AuthFlags</ValueName>
433 <Entry type="4" type_name="REG_DWORD">
434 <Key>Software\Policies\Microsoft\Cryptography\PolicyServers\\855b5246433a48402ac4f5c3427566df26ccc9ac</Key>
435 <ValueName>Cost</ValueName>
443 <?xml version="1.0" encoding="utf-8"?>
444 <PolFile num_entries="241" signature="PReg" version="1">
445 <Entry type="7" type_name="REG_MULTI_SZ">
446 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
447 <ValueName>ExtensionSettings</ValueName>
448 <Value>{ "*": { "blocked_install_message": "Custom error message.", "install_sources": ["about:addons","https://addons.mozilla.org/"], "installation_mode": "blocked", "allowed_types": ["extension"] }, "uBlock0@raymondhill.net": { "installation_mode": "force_installed", "install_url": "https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi" }, "https-everywhere@eff.org": { "installation_mode": "allowed" } }</Value>
450 <Entry type="4" type_name="REG_DWORD">
451 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
452 <ValueName>ExtensionUpdate</ValueName>
455 <Entry type="4" type_name="REG_DWORD">
456 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
457 <ValueName>SearchSuggestEnabled</ValueName>
460 <Entry type="4" type_name="REG_DWORD">
461 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
462 <ValueName>AppAutoUpdate</ValueName>
465 <Entry type="1" type_name="REG_SZ">
466 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
467 <ValueName>AppUpdateURL</ValueName>
468 <Value>https://yoursite.com</Value>
470 <Entry type="4" type_name="REG_DWORD">
471 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
472 <ValueName>BlockAboutAddons</ValueName>
475 <Entry type="4" type_name="REG_DWORD">
476 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
477 <ValueName>BlockAboutConfig</ValueName>
480 <Entry type="4" type_name="REG_DWORD">
481 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
482 <ValueName>BlockAboutProfiles</ValueName>
485 <Entry type="4" type_name="REG_DWORD">
486 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
487 <ValueName>BlockAboutSupport</ValueName>
490 <Entry type="4" type_name="REG_DWORD">
491 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
492 <ValueName>CaptivePortal</ValueName>
495 <Entry type="2" type_name="REG_EXPAND_SZ">
496 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
497 <ValueName>DefaultDownloadDirectory</ValueName>
498 <Value>${home}/Downloads</Value>
500 <Entry type="4" type_name="REG_DWORD">
501 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
502 <ValueName>DisableAppUpdate</ValueName>
505 <Entry type="4" type_name="REG_DWORD">
506 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
507 <ValueName>DisableBuiltinPDFViewer</ValueName>
510 <Entry type="4" type_name="REG_DWORD">
511 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
512 <ValueName>DisableDefaultBrowserAgent</ValueName>
515 <Entry type="4" type_name="REG_DWORD">
516 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
517 <ValueName>DisableDeveloperTools</ValueName>
520 <Entry type="4" type_name="REG_DWORD">
521 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
522 <ValueName>DisableFeedbackCommands</ValueName>
525 <Entry type="4" type_name="REG_DWORD">
526 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
527 <ValueName>DisableFirefoxAccounts</ValueName>
530 <Entry type="4" type_name="REG_DWORD">
531 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
532 <ValueName>DisableFirefoxScreenshots</ValueName>
535 <Entry type="4" type_name="REG_DWORD">
536 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
537 <ValueName>DisableFirefoxStudies</ValueName>
540 <Entry type="4" type_name="REG_DWORD">
541 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
542 <ValueName>DisableForgetButton</ValueName>
545 <Entry type="4" type_name="REG_DWORD">
546 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
547 <ValueName>DisableFormHistory</ValueName>
550 <Entry type="4" type_name="REG_DWORD">
551 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
552 <ValueName>DisableMasterPasswordCreation</ValueName>
555 <Entry type="4" type_name="REG_DWORD">
556 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
557 <ValueName>DisablePasswordReveal</ValueName>
560 <Entry type="4" type_name="REG_DWORD">
561 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
562 <ValueName>DisablePocket</ValueName>
565 <Entry type="4" type_name="REG_DWORD">
566 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
567 <ValueName>DisablePrivateBrowsing</ValueName>
570 <Entry type="4" type_name="REG_DWORD">
571 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
572 <ValueName>DisableProfileImport</ValueName>
575 <Entry type="4" type_name="REG_DWORD">
576 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
577 <ValueName>DisableProfileRefresh</ValueName>
580 <Entry type="4" type_name="REG_DWORD">
581 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
582 <ValueName>DisableSafeMode</ValueName>
585 <Entry type="4" type_name="REG_DWORD">
586 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
587 <ValueName>DisableSetDesktopBackground</ValueName>
590 <Entry type="4" type_name="REG_DWORD">
591 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
592 <ValueName>DisableSystemAddonUpdate</ValueName>
595 <Entry type="4" type_name="REG_DWORD">
596 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
597 <ValueName>DisableTelemetry</ValueName>
600 <Entry type="4" type_name="REG_DWORD">
601 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
602 <ValueName>DisplayBookmarksToolbar</ValueName>
605 <Entry type="1" type_name="REG_SZ">
606 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
607 <ValueName>DisplayMenuBar</ValueName>
608 <Value>default-on</Value>
610 <Entry type="4" type_name="REG_DWORD">
611 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
612 <ValueName>DontCheckDefaultBrowser</ValueName>
615 <Entry type="2" type_name="REG_EXPAND_SZ">
616 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
617 <ValueName>DownloadDirectory</ValueName>
618 <Value>${home}/Downloads</Value>
620 <Entry type="7" type_name="REG_MULTI_SZ">
621 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
622 <ValueName>Handlers</ValueName>
623 <Value>{ "mimeTypes": { "application/msword": { "action": "useSystemDefault", "ask": true } }, "schemes": { "mailto": { "action": "useHelperApp", "ask": true, "handlers": [{ "name": "Gmail", "uriTemplate": "https://mail.google.com/mail/?extsrc=mailto&url=%s" }] } }, "extensions": { "pdf": { "action": "useHelperApp", "ask": true, "handlers": [{ "name": "Adobe Acrobat", "path": "/usr/bin/acroread" }] } } }</Value>
625 <Entry type="4" type_name="REG_DWORD">
626 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
627 <ValueName>HardwareAcceleration</ValueName>
630 <Entry type="7" type_name="REG_MULTI_SZ">
631 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
632 <ValueName>ManagedBookmarks</ValueName>
633 <Value>[ { "toplevel_name": "My managed bookmarks folder" }, { "url": "example.com", "name": "Example" }, { "name": "Mozilla links", "children": [ { "url": "https://mozilla.org", "name": "Mozilla.org" }, { "url": "https://support.mozilla.org/", "name": "SUMO" } ] } ]</Value>
635 <Entry type="4" type_name="REG_DWORD">
636 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
637 <ValueName>NetworkPrediction</ValueName>
640 <Entry type="4" type_name="REG_DWORD">
641 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
642 <ValueName>NewTabPage</ValueName>
645 <Entry type="4" type_name="REG_DWORD">
646 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
647 <ValueName>NoDefaultBookmarks</ValueName>
650 <Entry type="4" type_name="REG_DWORD">
651 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
652 <ValueName>OfferToSaveLogins</ValueName>
655 <Entry type="4" type_name="REG_DWORD">
656 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
657 <ValueName>OfferToSaveLoginsDefault</ValueName>
660 <Entry type="1" type_name="REG_SZ">
661 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
662 <ValueName>OverrideFirstRunPage</ValueName>
663 <Value>http://example.org</Value>
665 <Entry type="1" type_name="REG_SZ">
666 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
667 <ValueName>OverridePostUpdatePage</ValueName>
668 <Value>http://example.org</Value>
670 <Entry type="4" type_name="REG_DWORD">
671 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
672 <ValueName>PasswordManagerEnabled</ValueName>
675 <Entry type="7" type_name="REG_MULTI_SZ">
676 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
677 <ValueName>Preferences</ValueName>
678 <Value>{ "accessibility.force_disabled": { "Value": 1, "Status": "default" }, "browser.cache.disk.parent_directory": { "Value": "SOME_NATIVE_PATH", "Status": "user" }, "browser.tabs.warnOnClose": { "Value": false, "Status": "locked" } }</Value>
680 <Entry type="4" type_name="REG_DWORD">
681 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
682 <ValueName>PrimaryPassword</ValueName>
685 <Entry type="4" type_name="REG_DWORD">
686 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
687 <ValueName>PromptForDownloadLocation</ValueName>
690 <Entry type="1" type_name="REG_SZ">
691 <Key>Software\\Policies\\Mozilla\\Firefox\\RequestedLocales</Key>
692 <ValueName>**delvals.</ValueName>
695 <Entry type="1" type_name="REG_SZ">
696 <Key>Software\\Policies\\Mozilla\\Firefox\\RequestedLocales</Key>
697 <ValueName>1</ValueName>
700 <Entry type="1" type_name="REG_SZ">
701 <Key>Software\\Policies\\Mozilla\\Firefox\\RequestedLocales</Key>
702 <ValueName>2</ValueName>
705 <Entry type="1" type_name="REG_SZ">
706 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
707 <ValueName>SSLVersionMax</ValueName>
708 <Value>tls1.3</Value>
710 <Entry type="1" type_name="REG_SZ">
711 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
712 <ValueName>SSLVersionMin</ValueName>
713 <Value>tls1.3</Value>
715 <Entry type="1" type_name="REG_SZ">
716 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
717 <ValueName>SearchBar</ValueName>
718 <Value>unified</Value>
720 <Entry type="4" type_name="REG_DWORD">
721 <Key>Software\\Policies\\Mozilla\\Firefox\\Authentication</Key>
722 <ValueName>Locked</ValueName>
725 <Entry type="4" type_name="REG_DWORD">
726 <Key>Software\\Policies\\Mozilla\\Firefox\\Authentication</Key>
727 <ValueName>PrivateBrowsing</ValueName>
730 <Entry type="4" type_name="REG_DWORD">
731 <Key>Software\\Policies\\Mozilla\\Firefox\\Authentication\\AllowNonFQDN</Key>
732 <ValueName>NTLM</ValueName>
735 <Entry type="4" type_name="REG_DWORD">
736 <Key>Software\\Policies\\Mozilla\\Firefox\\Authentication\\AllowNonFQDN</Key>
737 <ValueName>SPNEGO</ValueName>
740 <Entry type="4" type_name="REG_DWORD">
741 <Key>Software\\Policies\\Mozilla\\Firefox\\Authentication\\AllowProxies</Key>
742 <ValueName>NTLM</ValueName>
745 <Entry type="4" type_name="REG_DWORD">
746 <Key>Software\\Policies\\Mozilla\\Firefox\\Authentication\\AllowProxies</Key>
747 <ValueName>SPNEGO</ValueName>
750 <Entry type="1" type_name="REG_SZ">
751 <Key>Software\\Policies\\Mozilla\\Firefox\\Authentication\\Delegated</Key>
752 <ValueName>**delvals.</ValueName>
755 <Entry type="1" type_name="REG_SZ">
756 <Key>Software\\Policies\\Mozilla\\Firefox\\Authentication\\Delegated</Key>
757 <ValueName>1</ValueName>
758 <Value>mydomain.com</Value>
760 <Entry type="1" type_name="REG_SZ">
761 <Key>Software\\Policies\\Mozilla\\Firefox\\Authentication\\Delegated</Key>
762 <ValueName>1</ValueName>
763 <Value>https://myotherdomain.com</Value>
765 <Entry type="1" type_name="REG_SZ">
766 <Key>Software\\Policies\\Mozilla\\Firefox\\Authentication\\NTLM</Key>
767 <ValueName>**delvals.</ValueName>
770 <Entry type="1" type_name="REG_SZ">
771 <Key>Software\\Policies\\Mozilla\\Firefox\\Authentication\\NTLM</Key>
772 <ValueName>1</ValueName>
773 <Value>mydomain.com</Value>
775 <Entry type="1" type_name="REG_SZ">
776 <Key>Software\\Policies\\Mozilla\\Firefox\\Authentication\\NTLM</Key>
777 <ValueName>1</ValueName>
778 <Value>https://myotherdomain.com</Value>
780 <Entry type="1" type_name="REG_SZ">
781 <Key>Software\\Policies\\Mozilla\\Firefox\\Authentication\\SPNEGO</Key>
782 <ValueName>**delvals.</ValueName>
785 <Entry type="1" type_name="REG_SZ">
786 <Key>Software\\Policies\\Mozilla\\Firefox\\Authentication\\SPNEGO</Key>
787 <ValueName>1</ValueName>
788 <Value>mydomain.com</Value>
790 <Entry type="1" type_name="REG_SZ">
791 <Key>Software\\Policies\\Mozilla\\Firefox\\Authentication\\SPNEGO</Key>
792 <ValueName>1</ValueName>
793 <Value>https://myotherdomain.com</Value>
795 <Entry type="1" type_name="REG_SZ">
796 <Key>Software\\Policies\\Mozilla\\Firefox\\Bookmarks\\1</Key>
797 <ValueName>Title</ValueName>
798 <Value>Example</Value>
800 <Entry type="1" type_name="REG_SZ">
801 <Key>Software\\Policies\\Mozilla\\Firefox\\Bookmarks\\1</Key>
802 <ValueName>URL</ValueName>
803 <Value>https://example.com</Value>
805 <Entry type="1" type_name="REG_SZ">
806 <Key>Software\\Policies\\Mozilla\\Firefox\\Bookmarks\\1</Key>
807 <ValueName>Favicon</ValueName>
808 <Value>https://example.com/favicon.ico</Value>
810 <Entry type="1" type_name="REG_SZ">
811 <Key>Software\\Policies\\Mozilla\\Firefox\\Bookmarks\\1</Key>
812 <ValueName>Placement</ValueName>
815 <Entry type="1" type_name="REG_SZ">
816 <Key>Software\\Policies\\Mozilla\\Firefox\\Bookmarks\\1</Key>
817 <ValueName>Folder</ValueName>
818 <Value>FolderName</Value>
820 <Entry type="1" type_name="REG_SZ">
821 <Key>Software\\Policies\\Mozilla\\Firefox\\Bookmarks\\10</Key>
822 <ValueName>Title</ValueName>
825 <Entry type="1" type_name="REG_SZ">
826 <Key>Software\\Policies\\Mozilla\\Firefox\\Bookmarks\\10</Key>
827 <ValueName>URL</ValueName>
828 <Value>www.samba.org</Value>
830 <Entry type="1" type_name="REG_SZ">
831 <Key>Software\\Policies\\Mozilla\\Firefox\\Bookmarks\\10</Key>
832 <ValueName>Favicon</ValueName>
835 <Entry type="1" type_name="REG_SZ">
836 <Key>Software\\Policies\\Mozilla\\Firefox\\Bookmarks\\10</Key>
837 <ValueName>Placement</ValueName>
838 <Value>toolbar</Value>
840 <Entry type="1" type_name="REG_SZ">
841 <Key>Software\\Policies\\Mozilla\\Firefox\\Bookmarks\\10</Key>
842 <ValueName>Folder</ValueName>
845 <Entry type="1" type_name="REG_SZ">
846 <Key>Software\\Policies\\Mozilla\\Firefox\\Cookies</Key>
847 <ValueName>AcceptThirdParty</ValueName>
850 <Entry type="4" type_name="REG_DWORD">
851 <Key>Software\\Policies\\Mozilla\\Firefox\\Cookies</Key>
852 <ValueName>Default</ValueName>
855 <Entry type="4" type_name="REG_DWORD">
856 <Key>Software\\Policies\\Mozilla\\Firefox\\Cookies</Key>
857 <ValueName>ExpireAtSessionEnd</ValueName>
860 <Entry type="4" type_name="REG_DWORD">
861 <Key>Software\\Policies\\Mozilla\\Firefox\\Cookies</Key>
862 <ValueName>Locked</ValueName>
865 <Entry type="4" type_name="REG_DWORD">
866 <Key>Software\\Policies\\Mozilla\\Firefox\\Cookies</Key>
867 <ValueName>RejectTracker</ValueName>
870 <Entry type="1" type_name="REG_SZ">
871 <Key>Software\\Policies\\Mozilla\\Firefox\\Cookies\\Allow</Key>
872 <ValueName>**delvals.</ValueName>
875 <Entry type="1" type_name="REG_SZ">
876 <Key>Software\\Policies\\Mozilla\\Firefox\\Cookies\\Allow</Key>
877 <ValueName>1</ValueName>
878 <Value>http://example.org/</Value>
880 <Entry type="1" type_name="REG_SZ">
881 <Key>Software\\Policies\\Mozilla\\Firefox\\Cookies\\AllowSession</Key>
882 <ValueName>**delvals.</ValueName>
885 <Entry type="1" type_name="REG_SZ">
886 <Key>Software\\Policies\\Mozilla\\Firefox\\Cookies\\AllowSession</Key>
887 <ValueName>1</ValueName>
888 <Value>http://example.edu/</Value>
890 <Entry type="1" type_name="REG_SZ">
891 <Key>Software\\Policies\\Mozilla\\Firefox\\Cookies\\Block</Key>
892 <ValueName>**delvals.</ValueName>
895 <Entry type="1" type_name="REG_SZ">
896 <Key>Software\\Policies\\Mozilla\\Firefox\\Cookies\\Block</Key>
897 <ValueName>1</ValueName>
898 <Value>http://example.edu/</Value>
900 <Entry type="4" type_name="REG_DWORD">
901 <Key>Software\\Policies\\Mozilla\\Firefox\\DisabledCiphers</Key>
902 <ValueName>TLS_DHE_RSA_WITH_AES_128_CBC_SHA</ValueName>
905 <Entry type="4" type_name="REG_DWORD">
906 <Key>Software\\Policies\\Mozilla\\Firefox\\DisabledCiphers</Key>
907 <ValueName>TLS_DHE_RSA_WITH_AES_256_CBC_SHA</ValueName>
910 <Entry type="4" type_name="REG_DWORD">
911 <Key>Software\\Policies\\Mozilla\\Firefox\\DisabledCiphers</Key>
912 <ValueName>TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256</ValueName>
915 <Entry type="4" type_name="REG_DWORD">
916 <Key>Software\\Policies\\Mozilla\\Firefox\\DisabledCiphers</Key>
917 <ValueName>TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA</ValueName>
920 <Entry type="4" type_name="REG_DWORD">
921 <Key>Software\\Policies\\Mozilla\\Firefox\\DisabledCiphers</Key>
922 <ValueName>TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256</ValueName>
925 <Entry type="4" type_name="REG_DWORD">
926 <Key>Software\\Policies\\Mozilla\\Firefox\\DisabledCiphers</Key>
927 <ValueName>TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA</ValueName>
930 <Entry type="4" type_name="REG_DWORD">
931 <Key>Software\\Policies\\Mozilla\\Firefox\\DisabledCiphers</Key>
932 <ValueName>TLS_RSA_WITH_3DES_EDE_CBC_SHA</ValueName>
935 <Entry type="4" type_name="REG_DWORD">
936 <Key>Software\\Policies\\Mozilla\\Firefox\\DisabledCiphers</Key>
937 <ValueName>TLS_RSA_WITH_AES_128_CBC_SHA</ValueName>
940 <Entry type="4" type_name="REG_DWORD">
941 <Key>Software\\Policies\\Mozilla\\Firefox\\DisabledCiphers</Key>
942 <ValueName>TLS_RSA_WITH_AES_128_GCM_SHA256</ValueName>
945 <Entry type="4" type_name="REG_DWORD">
946 <Key>Software\\Policies\\Mozilla\\Firefox\\DisabledCiphers</Key>
947 <ValueName>TLS_RSA_WITH_AES_256_CBC_SHA</ValueName>
950 <Entry type="4" type_name="REG_DWORD">
951 <Key>Software\\Policies\\Mozilla\\Firefox\\DisabledCiphers</Key>
952 <ValueName>TLS_RSA_WITH_AES_256_GCM_SHA384</ValueName>
955 <Entry type="4" type_name="REG_DWORD">
956 <Key>Software\\Policies\\Mozilla\\Firefox\\DisableSecurityBypass</Key>
957 <ValueName>InvalidCertificate</ValueName>
960 <Entry type="4" type_name="REG_DWORD">
961 <Key>Software\\Policies\\Mozilla\\Firefox\\DisableSecurityBypass</Key>
962 <ValueName>SafeBrowsing</ValueName>
965 <Entry type="4" type_name="REG_DWORD">
966 <Key>Software\\Policies\\Mozilla\\Firefox\\DNSOverHTTPS</Key>
967 <ValueName>Enabled</ValueName>
970 <Entry type="4" type_name="REG_DWORD">
971 <Key>Software\\Policies\\Mozilla\\Firefox\\DNSOverHTTPS</Key>
972 <ValueName>Locked</ValueName>
975 <Entry type="1" type_name="REG_SZ">
976 <Key>Software\\Policies\\Mozilla\\Firefox\\DNSOverHTTPS</Key>
977 <ValueName>ProviderURL</ValueName>
978 <Value>URL_TO_ALTERNATE_PROVIDER</Value>
980 <Entry type="1" type_name="REG_SZ">
981 <Key>Software\\Policies\\Mozilla\\Firefox\\DNSOverHTTPS\\ExcludedDomains</Key>
982 <ValueName>**delvals.</ValueName>
985 <Entry type="1" type_name="REG_SZ">
986 <Key>Software\\Policies\\Mozilla\\Firefox\\DNSOverHTTPS\\ExcludedDomains</Key>
987 <ValueName>1</ValueName>
988 <Value>example.com</Value>
990 <Entry type="4" type_name="REG_DWORD">
991 <Key>Software\\Policies\\Mozilla\\Firefox\\EnableTrackingProtection</Key>
992 <ValueName>Value</ValueName>
995 <Entry type="4" type_name="REG_DWORD">
996 <Key>Software\\Policies\\Mozilla\\Firefox\\EnableTrackingProtection</Key>
997 <ValueName>Cryptomining</ValueName>
1000 <Entry type="4" type_name="REG_DWORD">
1001 <Key>Software\\Policies\\Mozilla\\Firefox\\EnableTrackingProtection</Key>
1002 <ValueName>Fingerprinting</ValueName>
1005 <Entry type="4" type_name="REG_DWORD">
1006 <Key>Software\\Policies\\Mozilla\\Firefox\\EnableTrackingProtection</Key>
1007 <ValueName>Locked</ValueName>
1010 <Entry type="1" type_name="REG_SZ">
1011 <Key>Software\\Policies\\Mozilla\\Firefox\\EnableTrackingProtection\\Exceptions</Key>
1012 <ValueName>**delvals.</ValueName>
1015 <Entry type="1" type_name="REG_SZ">
1016 <Key>Software\\Policies\\Mozilla\\Firefox\\EnableTrackingProtection\\Exceptions</Key>
1017 <ValueName>1</ValueName>
1018 <Value>https://example.com</Value>
1020 <Entry type="4" type_name="REG_DWORD">
1021 <Key>Software\\Policies\\Mozilla\\Firefox\\EncryptedMediaExtensions</Key>
1022 <ValueName>Enabled</ValueName>
1025 <Entry type="4" type_name="REG_DWORD">
1026 <Key>Software\\Policies\\Mozilla\\Firefox\\EncryptedMediaExtensions</Key>
1027 <ValueName>Locked</ValueName>
1030 <Entry type="1" type_name="REG_SZ">
1031 <Key>Software\\Policies\\Mozilla\\Firefox\\Extensions\\Install</Key>
1032 <ValueName>**delvals.</ValueName>
1035 <Entry type="2" type_name="REG_EXPAND_SZ">
1036 <Key>Software\\Policies\\Mozilla\\Firefox\\Extensions\\Install</Key>
1037 <ValueName>1</ValueName>
1038 <Value>https://addons.mozilla.org/firefox/downloads/somefile.xpi</Value>
1040 <Entry type="2" type_name="REG_EXPAND_SZ">
1041 <Key>Software\\Policies\\Mozilla\\Firefox\\Extensions\\Install</Key>
1042 <ValueName>2</ValueName>
1043 <Value>//path/to/xpi</Value>
1045 <Entry type="1" type_name="REG_SZ">
1046 <Key>Software\\Policies\\Mozilla\\Firefox\\Extensions\\Locked</Key>
1047 <ValueName>**delvals.</ValueName>
1050 <Entry type="1" type_name="REG_SZ">
1051 <Key>Software\\Policies\\Mozilla\\Firefox\\Extensions\\Locked</Key>
1052 <ValueName>1</ValueName>
1053 <Value>addon_id@mozilla.org</Value>
1055 <Entry type="1" type_name="REG_SZ">
1056 <Key>Software\\Policies\\Mozilla\\Firefox\\Extensions\\Uninstall</Key>
1057 <ValueName>**delvals.</ValueName>
1060 <Entry type="1" type_name="REG_SZ">
1061 <Key>Software\\Policies\\Mozilla\\Firefox\\Extensions\\Uninstall</Key>
1062 <ValueName>1</ValueName>
1063 <Value>bad_addon_id@mozilla.org</Value>
1065 <Entry type="4" type_name="REG_DWORD">
1066 <Key>Software\\Policies\\Mozilla\\Firefox\\FirefoxHome</Key>
1067 <ValueName>Search</ValueName>
1070 <Entry type="4" type_name="REG_DWORD">
1071 <Key>Software\\Policies\\Mozilla\\Firefox\\FirefoxHome</Key>
1072 <ValueName>TopSites</ValueName>
1075 <Entry type="4" type_name="REG_DWORD">
1076 <Key>Software\\Policies\\Mozilla\\Firefox\\FirefoxHome</Key>
1077 <ValueName>Highlights</ValueName>
1080 <Entry type="4" type_name="REG_DWORD">
1081 <Key>Software\\Policies\\Mozilla\\Firefox\\FirefoxHome</Key>
1082 <ValueName>Pocket</ValueName>
1085 <Entry type="4" type_name="REG_DWORD">
1086 <Key>Software\\Policies\\Mozilla\\Firefox\\FirefoxHome</Key>
1087 <ValueName>Snippets</ValueName>
1090 <Entry type="4" type_name="REG_DWORD">
1091 <Key>Software\\Policies\\Mozilla\\Firefox\\FirefoxHome</Key>
1092 <ValueName>Locked</ValueName>
1095 <Entry type="4" type_name="REG_DWORD">
1096 <Key>Software\\Policies\\Mozilla\\Firefox\\FlashPlugin</Key>
1097 <ValueName>Default</ValueName>
1100 <Entry type="4" type_name="REG_DWORD">
1101 <Key>Software\\Policies\\Mozilla\\Firefox\\FlashPlugin</Key>
1102 <ValueName>Locked</ValueName>
1105 <Entry type="1" type_name="REG_SZ">
1106 <Key>Software\\Policies\\Mozilla\\Firefox\\FlashPlugin\\Allow</Key>
1107 <ValueName>**delvals.</ValueName>
1110 <Entry type="1" type_name="REG_SZ">
1111 <Key>Software\\Policies\\Mozilla\\Firefox\\FlashPlugin\\Allow</Key>
1112 <ValueName>1</ValueName>
1113 <Value>http://example.org/</Value>
1115 <Entry type="1" type_name="REG_SZ">
1116 <Key>Software\\Policies\\Mozilla\\Firefox\\FlashPlugin\\Block</Key>
1117 <ValueName>**delvals.</ValueName>
1120 <Entry type="1" type_name="REG_SZ">
1121 <Key>Software\\Policies\\Mozilla\\Firefox\\FlashPlugin\\Block</Key>
1122 <ValueName>1</ValueName>
1123 <Value>http://example.edu/</Value>
1125 <Entry type="1" type_name="REG_SZ">
1126 <Key>Software\\Policies\\Mozilla\\Firefox\\Homepage</Key>
1127 <ValueName>StartPage</ValueName>
1128 <Value>homepage</Value>
1130 <Entry type="1" type_name="REG_SZ">
1131 <Key>Software\\Policies\\Mozilla\\Firefox\\Homepage</Key>
1132 <ValueName>URL</ValueName>
1133 <Value>http://example.com/</Value>
1135 <Entry type="4" type_name="REG_DWORD">
1136 <Key>Software\\Policies\\Mozilla\\Firefox\\Homepage</Key>
1137 <ValueName>Locked</ValueName>
1140 <Entry type="1" type_name="REG_SZ">
1141 <Key>Software\\Policies\\Mozilla\\Firefox\\Homepage\\Additional</Key>
1142 <ValueName>**delvals.</ValueName>
1145 <Entry type="1" type_name="REG_SZ">
1146 <Key>Software\\Policies\\Mozilla\\Firefox\\Homepage\\Additional</Key>
1147 <ValueName>1</ValueName>
1148 <Value>http://example.org/</Value>
1150 <Entry type="1" type_name="REG_SZ">
1151 <Key>Software\\Policies\\Mozilla\\Firefox\\Homepage\\Additional</Key>
1152 <ValueName>2</ValueName>
1153 <Value>http://example.edu/</Value>
1155 <Entry type="4" type_name="REG_DWORD">
1156 <Key>Software\\Policies\\Mozilla\\Firefox\\InstallAddonsPermission</Key>
1157 <ValueName>Default</ValueName>
1160 <Entry type="1" type_name="REG_SZ">
1161 <Key>Software\\Policies\\Mozilla\\Firefox\\InstallAddonsPermission\\Allow</Key>
1162 <ValueName>**delvals.</ValueName>
1165 <Entry type="1" type_name="REG_SZ">
1166 <Key>Software\\Policies\\Mozilla\\Firefox\\InstallAddonsPermission\\Allow</Key>
1167 <ValueName>1</ValueName>
1168 <Value>http://example.org/</Value>
1170 <Entry type="1" type_name="REG_SZ">
1171 <Key>Software\\Policies\\Mozilla\\Firefox\\InstallAddonsPermission\\Allow</Key>
1172 <ValueName>2</ValueName>
1173 <Value>http://example.edu/</Value>
1175 <Entry type="1" type_name="REG_SZ">
1176 <Key>Software\\Policies\\Mozilla\\Firefox\\LocalFileLinks</Key>
1177 <ValueName>**delvals.</ValueName>
1180 <Entry type="1" type_name="REG_SZ">
1181 <Key>Software\\Policies\\Mozilla\\Firefox\\LocalFileLinks</Key>
1182 <ValueName>1</ValueName>
1183 <Value>http://example.org/</Value>
1185 <Entry type="1" type_name="REG_SZ">
1186 <Key>Software\\Policies\\Mozilla\\Firefox\\LocalFileLinks</Key>
1187 <ValueName>2</ValueName>
1188 <Value>http://example.edu/</Value>
1190 <Entry type="4" type_name="REG_DWORD">
1191 <Key>Software\\Policies\\Mozilla\\Firefox\\PDFjs</Key>
1192 <ValueName>EnablePermissions</ValueName>
1195 <Entry type="4" type_name="REG_DWORD">
1196 <Key>Software\\Policies\\Mozilla\\Firefox\\PDFjs</Key>
1197 <ValueName>Enabled</ValueName>
1200 <Entry type="1" type_name="REG_SZ">
1201 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Autoplay</Key>
1202 <ValueName>Default</ValueName>
1203 <Value>block-audio</Value>
1205 <Entry type="4" type_name="REG_DWORD">
1206 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Autoplay</Key>
1207 <ValueName>Locked</ValueName>
1210 <Entry type="1" type_name="REG_SZ">
1211 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Autoplay\\Allow</Key>
1212 <ValueName>**delvals.</ValueName>
1215 <Entry type="1" type_name="REG_SZ">
1216 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Autoplay\\Allow</Key>
1217 <ValueName>1</ValueName>
1218 <Value>https://example.org</Value>
1220 <Entry type="1" type_name="REG_SZ">
1221 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Autoplay\\Block</Key>
1222 <ValueName>**delvals.</ValueName>
1225 <Entry type="1" type_name="REG_SZ">
1226 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Autoplay\\Block</Key>
1227 <ValueName>1</ValueName>
1228 <Value>https://example.edu</Value>
1230 <Entry type="4" type_name="REG_DWORD">
1231 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Camera</Key>
1232 <ValueName>BlockNewRequests</ValueName>
1235 <Entry type="4" type_name="REG_DWORD">
1236 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Camera</Key>
1237 <ValueName>Locked</ValueName>
1240 <Entry type="1" type_name="REG_SZ">
1241 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Camera\\Allow</Key>
1242 <ValueName>**delvals.</ValueName>
1245 <Entry type="1" type_name="REG_SZ">
1246 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Camera\\Allow</Key>
1247 <ValueName>1</ValueName>
1248 <Value>https://example.org</Value>
1250 <Entry type="1" type_name="REG_SZ">
1251 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Camera\\Allow</Key>
1252 <ValueName>2</ValueName>
1253 <Value>https://example.org:1234</Value>
1255 <Entry type="1" type_name="REG_SZ">
1256 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Camera\\Block</Key>
1257 <ValueName>**delvals.</ValueName>
1260 <Entry type="1" type_name="REG_SZ">
1261 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Camera\\Block</Key>
1262 <ValueName>1</ValueName>
1263 <Value>https://example.edu</Value>
1265 <Entry type="4" type_name="REG_DWORD">
1266 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Location</Key>
1267 <ValueName>BlockNewRequests</ValueName>
1270 <Entry type="4" type_name="REG_DWORD">
1271 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Location</Key>
1272 <ValueName>Locked</ValueName>
1275 <Entry type="1" type_name="REG_SZ">
1276 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Location\\Allow</Key>
1277 <ValueName>**delvals.</ValueName>
1280 <Entry type="1" type_name="REG_SZ">
1281 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Location\\Allow</Key>
1282 <ValueName>1</ValueName>
1283 <Value>https://example.org</Value>
1285 <Entry type="1" type_name="REG_SZ">
1286 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Location\\Block</Key>
1287 <ValueName>**delvals.</ValueName>
1290 <Entry type="1" type_name="REG_SZ">
1291 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Location\\Block</Key>
1292 <ValueName>1</ValueName>
1293 <Value>https://example.edu</Value>
1295 <Entry type="4" type_name="REG_DWORD">
1296 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Microphone</Key>
1297 <ValueName>BlockNewRequests</ValueName>
1300 <Entry type="4" type_name="REG_DWORD">
1301 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Microphone</Key>
1302 <ValueName>Locked</ValueName>
1305 <Entry type="1" type_name="REG_SZ">
1306 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Microphone\\Allow</Key>
1307 <ValueName>**delvals.</ValueName>
1310 <Entry type="1" type_name="REG_SZ">
1311 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Microphone\\Allow</Key>
1312 <ValueName>1</ValueName>
1313 <Value>https://example.org</Value>
1315 <Entry type="1" type_name="REG_SZ">
1316 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Microphone\\Block</Key>
1317 <ValueName>**delvals.</ValueName>
1320 <Entry type="1" type_name="REG_SZ">
1321 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Microphone\\Block</Key>
1322 <ValueName>1</ValueName>
1323 <Value>https://example.edu</Value>
1325 <Entry type="4" type_name="REG_DWORD">
1326 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Notifications</Key>
1327 <ValueName>BlockNewRequests</ValueName>
1330 <Entry type="4" type_name="REG_DWORD">
1331 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Notifications</Key>
1332 <ValueName>Locked</ValueName>
1335 <Entry type="1" type_name="REG_SZ">
1336 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Notifications\\Allow</Key>
1337 <ValueName>**delvals.</ValueName>
1340 <Entry type="1" type_name="REG_SZ">
1341 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Notifications\\Allow</Key>
1342 <ValueName>1</ValueName>
1343 <Value>https://example.org</Value>
1345 <Entry type="1" type_name="REG_SZ">
1346 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Notifications\\Block</Key>
1347 <ValueName>**delvals.</ValueName>
1350 <Entry type="1" type_name="REG_SZ">
1351 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Notifications\\Block</Key>
1352 <ValueName>1</ValueName>
1353 <Value>https://example.edu</Value>
1355 <Entry type="4" type_name="REG_DWORD">
1356 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\VirtualReality</Key>
1357 <ValueName>BlockNewRequests</ValueName>
1360 <Entry type="4" type_name="REG_DWORD">
1361 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\VirtualReality</Key>
1362 <ValueName>Locked</ValueName>
1365 <Entry type="1" type_name="REG_SZ">
1366 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\VirtualReality\\Allow</Key>
1367 <ValueName>**delvals.</ValueName>
1370 <Entry type="1" type_name="REG_SZ">
1371 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\VirtualReality\\Allow</Key>
1372 <ValueName>1</ValueName>
1373 <Value>https://example.org</Value>
1375 <Entry type="1" type_name="REG_SZ">
1376 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\VirtualReality\\Block</Key>
1377 <ValueName>**delvals.</ValueName>
1380 <Entry type="1" type_name="REG_SZ">
1381 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\VirtualReality\\Block</Key>
1382 <ValueName>1</ValueName>
1383 <Value>https://example.edu</Value>
1385 <Entry type="4" type_name="REG_DWORD">
1386 <Key>Software\\Policies\\Mozilla\\Firefox\\PictureInPicture</Key>
1387 <ValueName>Enabled</ValueName>
1390 <Entry type="4" type_name="REG_DWORD">
1391 <Key>Software\\Policies\\Mozilla\\Firefox\\PictureInPicture</Key>
1392 <ValueName>Locked</ValueName>
1395 <Entry type="4" type_name="REG_DWORD">
1396 <Key>Software\\Policies\\Mozilla\\Firefox\\PopupBlocking</Key>
1397 <ValueName>Default</ValueName>
1400 <Entry type="4" type_name="REG_DWORD">
1401 <Key>Software\\Policies\\Mozilla\\Firefox\\PopupBlocking</Key>
1402 <ValueName>Locked</ValueName>
1405 <Entry type="1" type_name="REG_SZ">
1406 <Key>Software\\Policies\\Mozilla\\Firefox\\PopupBlocking\\Allow</Key>
1407 <ValueName>**delvals.</ValueName>
1410 <Entry type="1" type_name="REG_SZ">
1411 <Key>Software\\Policies\\Mozilla\\Firefox\\PopupBlocking\\Allow</Key>
1412 <ValueName>1</ValueName>
1413 <Value>http://example.org/</Value>
1415 <Entry type="1" type_name="REG_SZ">
1416 <Key>Software\\Policies\\Mozilla\\Firefox\\PopupBlocking\\Allow</Key>
1417 <ValueName>2</ValueName>
1418 <Value>http://example.edu/</Value>
1420 <Entry type="4" type_name="REG_DWORD">
1421 <Key>Software\\Policies\\Mozilla\\Firefox\\Proxy</Key>
1422 <ValueName>Locked</ValueName>
1425 <Entry type="1" type_name="REG_SZ">
1426 <Key>Software\\Policies\\Mozilla\\Firefox\\Proxy</Key>
1427 <ValueName>Mode</ValueName>
1428 <Value>autoDetect</Value>
1430 <Entry type="1" type_name="REG_SZ">
1431 <Key>Software\\Policies\\Mozilla\\Firefox\\Proxy</Key>
1432 <ValueName>HTTPProxy</ValueName>
1433 <Value>hostname</Value>
1435 <Entry type="4" type_name="REG_DWORD">
1436 <Key>Software\\Policies\\Mozilla\\Firefox\\Proxy</Key>
1437 <ValueName>UseHTTPProxyForAllProtocols</ValueName>
1440 <Entry type="1" type_name="REG_SZ">
1441 <Key>Software\\Policies\\Mozilla\\Firefox\\Proxy</Key>
1442 <ValueName>SSLProxy</ValueName>
1443 <Value>hostname</Value>
1445 <Entry type="1" type_name="REG_SZ">
1446 <Key>Software\\Policies\\Mozilla\\Firefox\\Proxy</Key>
1447 <ValueName>FTPProxy</ValueName>
1448 <Value>hostname</Value>
1450 <Entry type="1" type_name="REG_SZ">
1451 <Key>Software\\Policies\\Mozilla\\Firefox\\Proxy</Key>
1452 <ValueName>SOCKSProxy</ValueName>
1453 <Value>hostname</Value>
1455 <Entry type="4" type_name="REG_DWORD">
1456 <Key>Software\\Policies\\Mozilla\\Firefox\\Proxy</Key>
1457 <ValueName>SOCKSVersion</ValueName>
1460 <Entry type="1" type_name="REG_SZ">
1461 <Key>Software\\Policies\\Mozilla\\Firefox\\Proxy</Key>
1462 <ValueName>Passthrough</ValueName>
1463 <Value><local></Value>
1465 <Entry type="1" type_name="REG_SZ">
1466 <Key>Software\\Policies\\Mozilla\\Firefox\\Proxy</Key>
1467 <ValueName>AutoConfigURL</ValueName>
1468 <Value>URL_TO_AUTOCONFIG</Value>
1470 <Entry type="4" type_name="REG_DWORD">
1471 <Key>Software\\Policies\\Mozilla\\Firefox\\Proxy</Key>
1472 <ValueName>AutoLogin</ValueName>
1475 <Entry type="4" type_name="REG_DWORD">
1476 <Key>Software\\Policies\\Mozilla\\Firefox\\Proxy</Key>
1477 <ValueName>UseProxyForDNS</ValueName>
1480 <Entry type="4" type_name="REG_DWORD">
1481 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
1482 <ValueName>SanitizeOnShutdown</ValueName>
1485 <Entry type="1" type_name="REG_SZ">
1486 <Key>Software\\Policies\\Mozilla\\Firefox\\SearchEngines</Key>
1487 <ValueName>Default</ValueName>
1488 <Value>Google</Value>
1490 <Entry type="4" type_name="REG_DWORD">
1491 <Key>Software\\Policies\\Mozilla\\Firefox\\SearchEngines</Key>
1492 <ValueName>PreventInstalls</ValueName>
1495 <Entry type="1" type_name="REG_SZ">
1496 <Key>Software\\Policies\\Mozilla\\Firefox\\SearchEngines\\Add\\1</Key>
1497 <ValueName>Name</ValueName>
1498 <Value>Example1</Value>
1500 <Entry type="1" type_name="REG_SZ">
1501 <Key>Software\\Policies\\Mozilla\\Firefox\\SearchEngines\\Add\\1</Key>
1502 <ValueName>URLTemplate</ValueName>
1503 <Value>https://www.example.org/q={searchTerms}</Value>
1505 <Entry type="1" type_name="REG_SZ">
1506 <Key>Software\\Policies\\Mozilla\\Firefox\\SearchEngines\\Add\\1</Key>
1507 <ValueName>Method</ValueName>
1510 <Entry type="1" type_name="REG_SZ">
1511 <Key>Software\\Policies\\Mozilla\\Firefox\\SearchEngines\\Add\\1</Key>
1512 <ValueName>IconURL</ValueName>
1513 <Value>https://www.example.org/favicon.ico</Value>
1515 <Entry type="1" type_name="REG_SZ">
1516 <Key>Software\\Policies\\Mozilla\\Firefox\\SearchEngines\\Add\\1</Key>
1517 <ValueName>Alias</ValueName>
1518 <Value>example</Value>
1520 <Entry type="1" type_name="REG_SZ">
1521 <Key>Software\\Policies\\Mozilla\\Firefox\\SearchEngines\\Add\\1</Key>
1522 <ValueName>Description</ValueName>
1523 <Value>Description</Value>
1525 <Entry type="1" type_name="REG_SZ">
1526 <Key>Software\\Policies\\Mozilla\\Firefox\\SearchEngines\\Add\\1</Key>
1527 <ValueName>SuggestURLTemplate</ValueName>
1528 <Value>https://www.example.org/suggestions/q={searchTerms}</Value>
1530 <Entry type="1" type_name="REG_SZ">
1531 <Key>Software\\Policies\\Mozilla\\Firefox\\SearchEngines\\Add\\1</Key>
1532 <ValueName>PostData</ValueName>
1533 <Value>name=value&q={searchTerms}</Value>
1535 <Entry type="1" type_name="REG_SZ">
1536 <Key>Software\\Policies\\Mozilla\\Firefox\\SearchEngines\\Remove</Key>
1537 <ValueName>**delvals.</ValueName>
1540 <Entry type="1" type_name="REG_SZ">
1541 <Key>Software\\Policies\\Mozilla\\Firefox\\SearchEngines\\Remove</Key>
1542 <ValueName>1</ValueName>
1545 <Entry type="1" type_name="REG_SZ">
1546 <Key>Software\\Policies\\Mozilla\\Firefox\\SupportMenu</Key>
1547 <ValueName>Title</ValueName>
1548 <Value>Support Menu</Value>
1550 <Entry type="1" type_name="REG_SZ">
1551 <Key>Software\\Policies\\Mozilla\\Firefox\\SupportMenu</Key>
1552 <ValueName>URL</ValueName>
1553 <Value>http://example.com/support</Value>
1555 <Entry type="1" type_name="REG_SZ">
1556 <Key>Software\\Policies\\Mozilla\\Firefox\\SupportMenu</Key>
1557 <ValueName>AccessKey</ValueName>
1560 <Entry type="4" type_name="REG_DWORD">
1561 <Key>Software\\Policies\\Mozilla\\Firefox\\UserMessaging</Key>
1562 <ValueName>ExtensionRecommendations</ValueName>
1565 <Entry type="4" type_name="REG_DWORD">
1566 <Key>Software\\Policies\\Mozilla\\Firefox\\UserMessaging</Key>
1567 <ValueName>FeatureRecommendations</ValueName>
1570 <Entry type="4" type_name="REG_DWORD">
1571 <Key>Software\\Policies\\Mozilla\\Firefox\\UserMessaging</Key>
1572 <ValueName>WhatsNew</ValueName>
1575 <Entry type="4" type_name="REG_DWORD">
1576 <Key>Software\\Policies\\Mozilla\\Firefox\\UserMessaging</Key>
1577 <ValueName>UrlbarInterventions</ValueName>
1580 <Entry type="4" type_name="REG_DWORD">
1581 <Key>Software\\Policies\\Mozilla\\Firefox\\UserMessaging</Key>
1582 <ValueName>SkipOnboarding</ValueName>
1585 <Entry type="1" type_name="REG_SZ">
1586 <Key>Software\\Policies\\Mozilla\\Firefox\\WebsiteFilter\\Block</Key>
1587 <ValueName>**delvals.</ValueName>
1590 <Entry type="1" type_name="REG_SZ">
1591 <Key>Software\\Policies\\Mozilla\\Firefox\\WebsiteFilter\\Block</Key>
1592 <ValueName>1</ValueName>
1593 <Value><all_urls></Value>
1595 <Entry type="1" type_name="REG_SZ">
1596 <Key>Software\\Policies\\Mozilla\\Firefox\\WebsiteFilter\\Exceptions</Key>
1597 <ValueName>**delvals.</ValueName>
1600 <Entry type="1" type_name="REG_SZ">
1601 <Key>Software\\Policies\\Mozilla\\Firefox\\WebsiteFilter\\Exceptions</Key>
1602 <ValueName>1</ValueName>
1603 <Value>http://example.org/*</Value>
1605 <Entry type="1" type_name="REG_SZ">
1606 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
1607 <ValueName>AllowedDomainsForApps</ValueName>
1608 <Value>managedfirefox.com,example.com</Value>
1610 <Entry type="4" type_name="REG_DWORD">
1611 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
1612 <ValueName>BackgroundAppUpdate</ValueName>
1615 <Entry type="4" type_name="REG_DWORD">
1616 <Key>Software\\Policies\\Mozilla\\Firefox\\Certificates</Key>
1617 <ValueName>ImportEnterpriseRoots</ValueName>
1620 <Entry type="1" type_name="REG_SZ">
1621 <Key>Software\\Policies\\Mozilla\\Firefox\\Certificates\\Install</Key>
1622 <ValueName>**delvals.</ValueName>
1625 <Entry type="1" type_name="REG_SZ">
1626 <Key>Software\\Policies\\Mozilla\\Firefox\\Certificates\\Install</Key>
1627 <ValueName>1</ValueName>
1628 <Value>cert1.der</Value>
1630 <Entry type="1" type_name="REG_SZ">
1631 <Key>Software\\Policies\\Mozilla\\Firefox\\Certificates\\Install</Key>
1632 <ValueName>2</ValueName>
1633 <Value>/home/username/cert2.pem</Value>
1635 <Entry type="1" type_name="REG_SZ">
1636 <Key>Software\\Policies\\Mozilla\\Firefox\\SecurityDevices</Key>
1637 <ValueName>NAME_OF_DEVICE</ValueName>
1638 <Value>PATH_TO_LIBRARY_FOR_DEVICE</Value>
1640 <Entry type="4" type_name="REG_DWORD">
1641 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
1642 <ValueName>ShowHomeButton</ValueName>
1645 <Entry type="7" type_name="REG_MULTI_SZ">
1646 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
1647 <ValueName>AutoLaunchProtocolsFromOrigins</ValueName>
1648 <Value>[{"protocol": "zoommtg", "allowed_origins": ["https://somesite.zoom.us"]}]</Value>
1653 firefox_json_expected
= \
1657 "AppAutoUpdate": true,
1658 "AllowedDomainsForApps": "managedfirefox.com,example.com",
1659 "AppUpdateURL": "https://yoursite.com",
1663 "https://myotherdomain.com"
1667 "https://myotherdomain.com"
1671 "https://myotherdomain.com"
1682 "PrivateBrowsing": true
1684 "AutoLaunchProtocolsFromOrigins": [
1686 "protocol": "zoommtg",
1687 "allowed_origins": [
1688 "https://somesite.zoom.us"
1692 "BackgroundAppUpdate": true,
1693 "BlockAboutAddons": true,
1694 "BlockAboutConfig": true,
1695 "BlockAboutProfiles": true,
1696 "BlockAboutSupport": true,
1700 "URL": "https://example.com",
1701 "Favicon": "https://example.com/favicon.ico",
1702 "Placement": "menu",
1703 "Folder": "FolderName"
1707 "URL": "www.samba.org",
1709 "Placement": "toolbar",
1713 "CaptivePortal": true,
1715 "ImportEnterpriseRoots": true,
1718 "/home/username/cert2.pem"
1723 "http://example.org/"
1726 "http://example.edu/"
1729 "http://example.edu/"
1732 "AcceptThirdParty": "never",
1733 "ExpireAtSessionEnd": true,
1734 "RejectTracker": true,
1737 "DisableSetDesktopBackground": true,
1738 "DisableMasterPasswordCreation": true,
1739 "DisableAppUpdate": true,
1740 "DisableBuiltinPDFViewer": true,
1741 "DisabledCiphers": {
1742 "TLS_DHE_RSA_WITH_AES_128_CBC_SHA": true,
1743 "TLS_DHE_RSA_WITH_AES_256_CBC_SHA": true,
1744 "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA": true,
1745 "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA": true,
1746 "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256": true,
1747 "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256": true,
1748 "TLS_RSA_WITH_AES_128_CBC_SHA": true,
1749 "TLS_RSA_WITH_AES_256_CBC_SHA": true,
1750 "TLS_RSA_WITH_3DES_EDE_CBC_SHA": true,
1751 "TLS_RSA_WITH_AES_128_GCM_SHA256": true,
1752 "TLS_RSA_WITH_AES_256_GCM_SHA384": true
1754 "DisableDefaultBrowserAgent": true,
1755 "DisableDeveloperTools": true,
1756 "DisableFeedbackCommands": true,
1757 "DisableFirefoxScreenshots": true,
1758 "DisableFirefoxAccounts": true,
1759 "DisableFirefoxStudies": true,
1760 "DisableForgetButton": true,
1761 "DisableFormHistory": true,
1762 "DisablePasswordReveal": true,
1763 "DisablePocket": true,
1764 "DisablePrivateBrowsing": true,
1765 "DisableProfileImport": true,
1766 "DisableProfileRefresh": true,
1767 "DisableSafeMode": true,
1768 "DisableSecurityBypass": {
1769 "InvalidCertificate": true,
1770 "SafeBrowsing": true
1772 "DisableSystemAddonUpdate": true,
1773 "DisableTelemetry": true,
1774 "DisplayBookmarksToolbar": true,
1775 "DisplayMenuBar": "default-on",
1778 "ProviderURL": "URL_TO_ALTERNATE_PROVIDER",
1780 "ExcludedDomains": [
1784 "DontCheckDefaultBrowser": true,
1785 "EnableTrackingProtection": {
1788 "Cryptomining": true,
1789 "Fingerprinting": true,
1791 "https://example.com"
1794 "EncryptedMediaExtensions": {
1800 "https://addons.mozilla.org/firefox/downloads/somefile.xpi",
1804 "bad_addon_id@mozilla.org"
1807 "addon_id@mozilla.org"
1810 "ExtensionSettings": {
1812 "blocked_install_message": "Custom error message.",
1813 "install_sources": [
1815 "https://addons.mozilla.org/"
1817 "installation_mode": "blocked",
1822 "uBlock0@raymondhill.net": {
1823 "installation_mode": "force_installed",
1824 "install_url": "https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi"
1826 "https-everywhere@eff.org": {
1827 "installation_mode": "allowed"
1830 "ExtensionUpdate": true,
1833 "http://example.org/"
1836 "http://example.edu/"
1843 "application/msword": {
1844 "action": "useSystemDefault",
1850 "action": "useHelperApp",
1855 "uriTemplate": "https://mail.google.com/mail/?extsrc=mailto&url=%s"
1862 "action": "useHelperApp",
1866 "name": "Adobe Acrobat",
1867 "path": "/usr/bin/acroread"
1881 "HardwareAcceleration": true,
1883 "URL": "http://example.com/",
1886 "http://example.org/",
1887 "http://example.edu/"
1889 "StartPage": "homepage"
1891 "InstallAddonsPermission": {
1893 "http://example.org/",
1894 "http://example.edu/"
1899 "http://example.org/",
1900 "http://example.edu/"
1902 "ManagedBookmarks": [
1904 "toplevel_name": "My managed bookmarks folder"
1907 "url": "example.com",
1911 "name": "Mozilla links",
1914 "url": "https://mozilla.org",
1915 "name": "Mozilla.org"
1918 "url": "https://support.mozilla.org/",
1924 "PrimaryPassword": true,
1925 "NoDefaultBookmarks": true,
1926 "OfferToSaveLogins": true,
1927 "OfferToSaveLoginsDefault": true,
1928 "OverrideFirstRunPage": "http://example.org",
1929 "OverridePostUpdatePage": "http://example.org",
1930 "PasswordManagerEnabled": true,
1933 "EnablePermissions": true
1938 "https://example.org",
1939 "https://example.org:1234"
1942 "https://example.edu"
1944 "BlockNewRequests": true,
1949 "https://example.org"
1952 "https://example.edu"
1954 "BlockNewRequests": true,
1959 "https://example.org"
1962 "https://example.edu"
1964 "BlockNewRequests": true,
1969 "https://example.org"
1972 "https://example.edu"
1974 "BlockNewRequests": true,
1979 "https://example.org"
1982 "https://example.edu"
1984 "Default": "block-audio",
1989 "https://example.org"
1992 "https://example.edu"
1994 "BlockNewRequests": true,
1998 "PictureInPicture": {
2004 "http://example.org/",
2005 "http://example.edu/"
2011 "accessibility.force_disabled": {
2015 "browser.cache.disk.parent_directory": {
2016 "Value": "SOME_NATIVE_PATH",
2019 "browser.tabs.warnOnClose": {
2024 "PromptForDownloadLocation": true,
2026 "Mode": "autoDetect",
2028 "HTTPProxy": "hostname",
2029 "UseHTTPProxyForAllProtocols": true,
2030 "SSLProxy": "hostname",
2031 "FTPProxy": "hostname",
2032 "SOCKSProxy": "hostname",
2034 "Passthrough": "<local>",
2035 "AutoConfigURL": "URL_TO_AUTOCONFIG",
2037 "UseProxyForDNS": true
2039 "SanitizeOnShutdown": true,
2044 "URLTemplate": "https://www.example.org/q={searchTerms}",
2046 "IconURL": "https://www.example.org/favicon.ico",
2048 "Description": "Description",
2049 "PostData": "name=value&q={searchTerms}",
2050 "SuggestURLTemplate": "https://www.example.org/suggestions/q={searchTerms}"
2056 "Default": "Google",
2057 "PreventInstalls": true
2059 "SearchSuggestEnabled": true,
2060 "SecurityDevices": {
2061 "NAME_OF_DEVICE": "PATH_TO_LIBRARY_FOR_DEVICE"
2063 "ShowHomeButton": true,
2064 "SSLVersionMax": "tls1.3",
2065 "SSLVersionMin": "tls1.3",
2067 "Title": "Support Menu",
2068 "URL": "http://example.com/support",
2073 "ExtensionRecommendations": true,
2074 "FeatureRecommendations": true,
2075 "UrlbarInterventions": true,
2076 "SkipOnboarding": true
2083 "http://example.org/*"
2086 "DefaultDownloadDirectory": "${home}/Downloads",
2087 "DownloadDirectory": "${home}/Downloads",
2088 "NetworkPrediction": true,
2090 "RequestedLocales": ["de", "en-US"],
2091 "SearchBar": "unified"
2096 chromium_reg_pol
= \
2098 <?xml version="1.0" encoding="utf-8"?>
2099 <PolFile num_entries="418" signature="PReg" version="1">
2100 <Entry type="4" type_name="REG_DWORD">
2101 <Key>Software\Policies\Google\Chrome</Key>
2102 <ValueName>AbusiveExperienceInterventionEnforce</ValueName>
2105 <Entry type="4" type_name="REG_DWORD">
2106 <Key>Software\Policies\Google\Chrome</Key>
2107 <ValueName>AccessibilityImageLabelsEnabled</ValueName>
2110 <Entry type="4" type_name="REG_DWORD">
2111 <Key>Software\Policies\Google\Chrome</Key>
2112 <ValueName>AdditionalDnsQueryTypesEnabled</ValueName>
2115 <Entry type="4" type_name="REG_DWORD">
2116 <Key>Software\Policies\Google\Chrome</Key>
2117 <ValueName>AdsSettingForIntrusiveAdsSites</ValueName>
2120 <Entry type="4" type_name="REG_DWORD">
2121 <Key>Software\Policies\Google\Chrome</Key>
2122 <ValueName>AdvancedProtectionAllowed</ValueName>
2125 <Entry type="4" type_name="REG_DWORD">
2126 <Key>Software\Policies\Google\Chrome</Key>
2127 <ValueName>AllowCrossOriginAuthPrompt</ValueName>
2130 <Entry type="4" type_name="REG_DWORD">
2131 <Key>Software\Policies\Google\Chrome</Key>
2132 <ValueName>AllowDeletingBrowserHistory</ValueName>
2135 <Entry type="4" type_name="REG_DWORD">
2136 <Key>Software\Policies\Google\Chrome</Key>
2137 <ValueName>AllowDinosaurEasterEgg</ValueName>
2140 <Entry type="4" type_name="REG_DWORD">
2141 <Key>Software\Policies\Google\Chrome</Key>
2142 <ValueName>AllowFileSelectionDialogs</ValueName>
2145 <Entry type="4" type_name="REG_DWORD">
2146 <Key>Software\Policies\Google\Chrome</Key>
2147 <ValueName>AllowSyncXHRInPageDismissal</ValueName>
2150 <Entry type="1" type_name="REG_SZ">
2151 <Key>Software\Policies\Google\Chrome</Key>
2152 <ValueName>AllowedDomainsForApps</ValueName>
2153 <Value>managedchrome.com,example.com</Value>
2155 <Entry type="4" type_name="REG_DWORD">
2156 <Key>Software\Policies\Google\Chrome</Key>
2157 <ValueName>AlternateErrorPagesEnabled</ValueName>
2160 <Entry type="1" type_name="REG_SZ">
2161 <Key>Software\Policies\Google\Chrome</Key>
2162 <ValueName>AlternativeBrowserPath</ValueName>
2163 <Value>${ie}</Value>
2165 <Entry type="4" type_name="REG_DWORD">
2166 <Key>Software\Policies\Google\Chrome</Key>
2167 <ValueName>AlwaysOpenPdfExternally</ValueName>
2170 <Entry type="4" type_name="REG_DWORD">
2171 <Key>Software\Policies\Google\Chrome</Key>
2172 <ValueName>AmbientAuthenticationInPrivateModesEnabled</ValueName>
2175 <Entry type="4" type_name="REG_DWORD">
2176 <Key>Software\Policies\Google\Chrome</Key>
2177 <ValueName>AppCacheForceEnabled</ValueName>
2180 <Entry type="1" type_name="REG_SZ">
2181 <Key>Software\Policies\Google\Chrome</Key>
2182 <ValueName>ApplicationLocaleValue</ValueName>
2185 <Entry type="4" type_name="REG_DWORD">
2186 <Key>Software\Policies\Google\Chrome</Key>
2187 <ValueName>AudioCaptureAllowed</ValueName>
2190 <Entry type="4" type_name="REG_DWORD">
2191 <Key>Software\Policies\Google\Chrome</Key>
2192 <ValueName>AudioProcessHighPriorityEnabled</ValueName>
2195 <Entry type="4" type_name="REG_DWORD">
2196 <Key>Software\Policies\Google\Chrome</Key>
2197 <ValueName>AudioSandboxEnabled</ValueName>
2200 <Entry type="1" type_name="REG_SZ">
2201 <Key>Software\Policies\Google\Chrome</Key>
2202 <ValueName>AuthNegotiateDelegateAllowlist</ValueName>
2203 <Value>foobar.example.com</Value>
2205 <Entry type="1" type_name="REG_SZ">
2206 <Key>Software\Policies\Google\Chrome</Key>
2207 <ValueName>AuthSchemes</ValueName>
2208 <Value>basic,digest,ntlm,negotiate</Value>
2210 <Entry type="1" type_name="REG_SZ">
2211 <Key>Software\Policies\Google\Chrome</Key>
2212 <ValueName>AuthServerAllowlist</ValueName>
2213 <Value>*.example.com,example.com</Value>
2215 <Entry type="1" type_name="REG_SZ">
2216 <Key>Software\Policies\Google\Chrome</Key>
2217 <ValueName>AutoLaunchProtocolsFromOrigins</ValueName>
2218 <Value>[{"allowed_origins": ["example.com", "http://www.example.com:8080"], "protocol": "spotify"}, {"allowed_origins": ["https://example.com", "https://.mail.example.com"], "protocol": "teams"}, {"allowed_origins": ["*"], "protocol": "outlook"}]</Value>
2220 <Entry type="4" type_name="REG_DWORD">
2221 <Key>Software\Policies\Google\Chrome</Key>
2222 <ValueName>AutofillAddressEnabled</ValueName>
2225 <Entry type="4" type_name="REG_DWORD">
2226 <Key>Software\Policies\Google\Chrome</Key>
2227 <ValueName>AutofillCreditCardEnabled</ValueName>
2230 <Entry type="4" type_name="REG_DWORD">
2231 <Key>Software\Policies\Google\Chrome</Key>
2232 <ValueName>AutoplayAllowed</ValueName>
2235 <Entry type="4" type_name="REG_DWORD">
2236 <Key>Software\Policies\Google\Chrome</Key>
2237 <ValueName>BackgroundModeEnabled</ValueName>
2240 <Entry type="4" type_name="REG_DWORD">
2241 <Key>Software\Policies\Google\Chrome</Key>
2242 <ValueName>BasicAuthOverHttpEnabled</ValueName>
2245 <Entry type="4" type_name="REG_DWORD">
2246 <Key>Software\Policies\Google\Chrome</Key>
2247 <ValueName>BlockExternalExtensions</ValueName>
2250 <Entry type="4" type_name="REG_DWORD">
2251 <Key>Software\Policies\Google\Chrome</Key>
2252 <ValueName>BlockThirdPartyCookies</ValueName>
2255 <Entry type="4" type_name="REG_DWORD">
2256 <Key>Software\Policies\Google\Chrome</Key>
2257 <ValueName>BookmarkBarEnabled</ValueName>
2260 <Entry type="4" type_name="REG_DWORD">
2261 <Key>Software\Policies\Google\Chrome</Key>
2262 <ValueName>BrowserAddPersonEnabled</ValueName>
2265 <Entry type="4" type_name="REG_DWORD">
2266 <Key>Software\Policies\Google\Chrome</Key>
2267 <ValueName>BrowserGuestModeEnabled</ValueName>
2270 <Entry type="4" type_name="REG_DWORD">
2271 <Key>Software\Policies\Google\Chrome</Key>
2272 <ValueName>BrowserGuestModeEnforced</ValueName>
2275 <Entry type="4" type_name="REG_DWORD">
2276 <Key>Software\Policies\Google\Chrome</Key>
2277 <ValueName>BrowserLabsEnabled</ValueName>
2280 <Entry type="4" type_name="REG_DWORD">
2281 <Key>Software\Policies\Google\Chrome</Key>
2282 <ValueName>BrowserNetworkTimeQueriesEnabled</ValueName>
2285 <Entry type="4" type_name="REG_DWORD">
2286 <Key>Software\Policies\Google\Chrome</Key>
2287 <ValueName>BrowserSignin</ValueName>
2290 <Entry type="1" type_name="REG_SZ">
2291 <Key>Software\Policies\Google\Chrome</Key>
2292 <ValueName>BrowserSwitcherChromePath</ValueName>
2293 <Value>${chrome}</Value>
2295 <Entry type="4" type_name="REG_DWORD">
2296 <Key>Software\Policies\Google\Chrome</Key>
2297 <ValueName>BrowserSwitcherDelay</ValueName>
2298 <Value>10000</Value>
2300 <Entry type="4" type_name="REG_DWORD">
2301 <Key>Software\Policies\Google\Chrome</Key>
2302 <ValueName>BrowserSwitcherEnabled</ValueName>
2305 <Entry type="1" type_name="REG_SZ">
2306 <Key>Software\Policies\Google\Chrome</Key>
2307 <ValueName>BrowserSwitcherExternalGreylistUrl</ValueName>
2308 <Value>http://example.com/greylist.xml</Value>
2310 <Entry type="1" type_name="REG_SZ">
2311 <Key>Software\Policies\Google\Chrome</Key>
2312 <ValueName>BrowserSwitcherExternalSitelistUrl</ValueName>
2313 <Value>http://example.com/sitelist.xml</Value>
2315 <Entry type="4" type_name="REG_DWORD">
2316 <Key>Software\Policies\Google\Chrome</Key>
2317 <ValueName>BrowserSwitcherKeepLastChromeTab</ValueName>
2320 <Entry type="4" type_name="REG_DWORD">
2321 <Key>Software\Policies\Google\Chrome</Key>
2322 <ValueName>BrowserSwitcherUseIeSitelist</ValueName>
2325 <Entry type="1" type_name="REG_SZ">
2326 <Key>Software\Policies\Google\Chrome</Key>
2327 <ValueName>BrowserThemeColor</ValueName>
2328 <Value>#FFFFFF</Value>
2330 <Entry type="1" type_name="REG_SZ">
2331 <Key>Software\Policies\Google\Chrome</Key>
2332 <ValueName>BrowsingDataLifetime</ValueName>
2333 <Value>[{"data_types": ["browsing_history"], "time_to_live_in_hours": 24}, {"data_types": ["password_signin", "autofill"], "time_to_live_in_hours": 12}]</Value>
2335 <Entry type="4" type_name="REG_DWORD">
2336 <Key>Software\Policies\Google\Chrome</Key>
2337 <ValueName>BuiltInDnsClientEnabled</ValueName>
2340 <Entry type="4" type_name="REG_DWORD">
2341 <Key>Software\Policies\Google\Chrome</Key>
2342 <ValueName>CECPQ2Enabled</ValueName>
2345 <Entry type="4" type_name="REG_DWORD">
2346 <Key>Software\Policies\Google\Chrome</Key>
2347 <ValueName>ChromeCleanupEnabled</ValueName>
2350 <Entry type="4" type_name="REG_DWORD">
2351 <Key>Software\Policies\Google\Chrome</Key>
2352 <ValueName>ChromeCleanupReportingEnabled</ValueName>
2355 <Entry type="4" type_name="REG_DWORD">
2356 <Key>Software\Policies\Google\Chrome</Key>
2357 <ValueName>ChromeVariations</ValueName>
2360 <Entry type="4" type_name="REG_DWORD">
2361 <Key>Software\Policies\Google\Chrome</Key>
2362 <ValueName>ClickToCallEnabled</ValueName>
2365 <Entry type="4" type_name="REG_DWORD">
2366 <Key>Software\Policies\Google\Chrome</Key>
2367 <ValueName>CloudManagementEnrollmentMandatory</ValueName>
2370 <Entry type="1" type_name="REG_SZ">
2371 <Key>Software\Policies\Google\Chrome</Key>
2372 <ValueName>CloudManagementEnrollmentToken</ValueName>
2373 <Value>37185d02-e055-11e7-80c1-9a214cf093ae</Value>
2375 <Entry type="4" type_name="REG_DWORD">
2376 <Key>Software\Policies\Google\Chrome</Key>
2377 <ValueName>CloudPolicyOverridesPlatformPolicy</ValueName>
2380 <Entry type="4" type_name="REG_DWORD">
2381 <Key>Software\Policies\Google\Chrome</Key>
2382 <ValueName>CloudPrintProxyEnabled</ValueName>
2385 <Entry type="4" type_name="REG_DWORD">
2386 <Key>Software\Policies\Google\Chrome</Key>
2387 <ValueName>CloudPrintSubmitEnabled</ValueName>
2390 <Entry type="4" type_name="REG_DWORD">
2391 <Key>Software\Policies\Google\Chrome</Key>
2392 <ValueName>CloudUserPolicyMerge</ValueName>
2395 <Entry type="4" type_name="REG_DWORD">
2396 <Key>Software\Policies\Google\Chrome</Key>
2397 <ValueName>CommandLineFlagSecurityWarningsEnabled</ValueName>
2400 <Entry type="4" type_name="REG_DWORD">
2401 <Key>Software\Policies\Google\Chrome</Key>
2402 <ValueName>ComponentUpdatesEnabled</ValueName>
2405 <Entry type="4" type_name="REG_DWORD">
2406 <Key>Software\Policies\Google\Chrome</Key>
2407 <ValueName>DNSInterceptionChecksEnabled</ValueName>
2410 <Entry type="4" type_name="REG_DWORD">
2411 <Key>Software\Policies\Google\Chrome</Key>
2412 <ValueName>DefaultBrowserSettingEnabled</ValueName>
2415 <Entry type="4" type_name="REG_DWORD">
2416 <Key>Software\Policies\Google\Chrome</Key>
2417 <ValueName>DefaultCookiesSetting</ValueName>
2420 <Entry type="4" type_name="REG_DWORD">
2421 <Key>Software\Policies\Google\Chrome</Key>
2422 <ValueName>DefaultFileHandlingGuardSetting</ValueName>
2425 <Entry type="4" type_name="REG_DWORD">
2426 <Key>Software\Policies\Google\Chrome</Key>
2427 <ValueName>DefaultFileSystemReadGuardSetting</ValueName>
2430 <Entry type="4" type_name="REG_DWORD">
2431 <Key>Software\Policies\Google\Chrome</Key>
2432 <ValueName>DefaultFileSystemWriteGuardSetting</ValueName>
2435 <Entry type="4" type_name="REG_DWORD">
2436 <Key>Software\Policies\Google\Chrome</Key>
2437 <ValueName>DefaultGeolocationSetting</ValueName>
2440 <Entry type="4" type_name="REG_DWORD">
2441 <Key>Software\Policies\Google\Chrome</Key>
2442 <ValueName>DefaultImagesSetting</ValueName>
2445 <Entry type="4" type_name="REG_DWORD">
2446 <Key>Software\Policies\Google\Chrome</Key>
2447 <ValueName>DefaultInsecureContentSetting</ValueName>
2450 <Entry type="4" type_name="REG_DWORD">
2451 <Key>Software\Policies\Google\Chrome</Key>
2452 <ValueName>DefaultJavaScriptSetting</ValueName>
2455 <Entry type="4" type_name="REG_DWORD">
2456 <Key>Software\Policies\Google\Chrome</Key>
2457 <ValueName>DefaultNotificationsSetting</ValueName>
2460 <Entry type="4" type_name="REG_DWORD">
2461 <Key>Software\Policies\Google\Chrome</Key>
2462 <ValueName>DefaultPopupsSetting</ValueName>
2465 <Entry type="1" type_name="REG_SZ">
2466 <Key>Software\Policies\Google\Chrome</Key>
2467 <ValueName>DefaultPrinterSelection</ValueName>
2468 <Value>{ "kind": "cloud", "idPattern": ".*public", "namePattern": ".*Color" }</Value>
2470 <Entry type="4" type_name="REG_DWORD">
2471 <Key>Software\Policies\Google\Chrome</Key>
2472 <ValueName>DefaultSearchProviderContextMenuAccessAllowed</ValueName>
2475 <Entry type="4" type_name="REG_DWORD">
2476 <Key>Software\Policies\Google\Chrome</Key>
2477 <ValueName>DefaultSearchProviderEnabled</ValueName>
2480 <Entry type="1" type_name="REG_SZ">
2481 <Key>Software\Policies\Google\Chrome</Key>
2482 <ValueName>DefaultSearchProviderIconURL</ValueName>
2483 <Value>https://search.my.company/favicon.ico</Value>
2485 <Entry type="1" type_name="REG_SZ">
2486 <Key>Software\Policies\Google\Chrome</Key>
2487 <ValueName>DefaultSearchProviderImageURL</ValueName>
2488 <Value>https://search.my.company/searchbyimage/upload</Value>
2490 <Entry type="1" type_name="REG_SZ">
2491 <Key>Software\Policies\Google\Chrome</Key>
2492 <ValueName>DefaultSearchProviderImageURLPostParams</ValueName>
2493 <Value>content={imageThumbnail},url={imageURL},sbisrc={SearchSource}</Value>
2495 <Entry type="1" type_name="REG_SZ">
2496 <Key>Software\Policies\Google\Chrome</Key>
2497 <ValueName>DefaultSearchProviderKeyword</ValueName>
2500 <Entry type="1" type_name="REG_SZ">
2501 <Key>Software\Policies\Google\Chrome</Key>
2502 <ValueName>DefaultSearchProviderName</ValueName>
2503 <Value>My Intranet Search</Value>
2505 <Entry type="1" type_name="REG_SZ">
2506 <Key>Software\Policies\Google\Chrome</Key>
2507 <ValueName>DefaultSearchProviderNewTabURL</ValueName>
2508 <Value>https://search.my.company/newtab</Value>
2510 <Entry type="1" type_name="REG_SZ">
2511 <Key>Software\Policies\Google\Chrome</Key>
2512 <ValueName>DefaultSearchProviderSearchURL</ValueName>
2513 <Value>https://search.my.company/search?q={searchTerms}</Value>
2515 <Entry type="1" type_name="REG_SZ">
2516 <Key>Software\Policies\Google\Chrome</Key>
2517 <ValueName>DefaultSearchProviderSearchURLPostParams</ValueName>
2518 <Value>q={searchTerms},ie=utf-8,oe=utf-8</Value>
2520 <Entry type="1" type_name="REG_SZ">
2521 <Key>Software\Policies\Google\Chrome</Key>
2522 <ValueName>DefaultSearchProviderSuggestURL</ValueName>
2523 <Value>https://search.my.company/suggest?q={searchTerms}</Value>
2525 <Entry type="1" type_name="REG_SZ">
2526 <Key>Software\Policies\Google\Chrome</Key>
2527 <ValueName>DefaultSearchProviderSuggestURLPostParams</ValueName>
2528 <Value>q={searchTerms},ie=utf-8,oe=utf-8</Value>
2530 <Entry type="4" type_name="REG_DWORD">
2531 <Key>Software\Policies\Google\Chrome</Key>
2532 <ValueName>DefaultSensorsSetting</ValueName>
2535 <Entry type="4" type_name="REG_DWORD">
2536 <Key>Software\Policies\Google\Chrome</Key>
2537 <ValueName>DefaultSerialGuardSetting</ValueName>
2540 <Entry type="4" type_name="REG_DWORD">
2541 <Key>Software\Policies\Google\Chrome</Key>
2542 <ValueName>DefaultWebBluetoothGuardSetting</ValueName>
2545 <Entry type="4" type_name="REG_DWORD">
2546 <Key>Software\Policies\Google\Chrome</Key>
2547 <ValueName>DefaultWebUsbGuardSetting</ValueName>
2550 <Entry type="4" type_name="REG_DWORD">
2551 <Key>Software\Policies\Google\Chrome</Key>
2552 <ValueName>DeveloperToolsAvailability</ValueName>
2555 <Entry type="4" type_name="REG_DWORD">
2556 <Key>Software\Policies\Google\Chrome</Key>
2557 <ValueName>Disable3DAPIs</ValueName>
2560 <Entry type="4" type_name="REG_DWORD">
2561 <Key>Software\Policies\Google\Chrome</Key>
2562 <ValueName>DisableAuthNegotiateCnameLookup</ValueName>
2565 <Entry type="4" type_name="REG_DWORD">
2566 <Key>Software\Policies\Google\Chrome</Key>
2567 <ValueName>DisablePrintPreview</ValueName>
2570 <Entry type="4" type_name="REG_DWORD">
2571 <Key>Software\Policies\Google\Chrome</Key>
2572 <ValueName>DisableSafeBrowsingProceedAnyway</ValueName>
2575 <Entry type="4" type_name="REG_DWORD">
2576 <Key>Software\Policies\Google\Chrome</Key>
2577 <ValueName>DisableScreenshots</ValueName>
2580 <Entry type="1" type_name="REG_SZ">
2581 <Key>Software\Policies\Google\Chrome</Key>
2582 <ValueName>DiskCacheDir</ValueName>
2583 <Value>${user_home}/Chrome_cache</Value>
2585 <Entry type="4" type_name="REG_DWORD">
2586 <Key>Software\Policies\Google\Chrome</Key>
2587 <ValueName>DiskCacheSize</ValueName>
2588 <Value>104857600</Value>
2590 <Entry type="1" type_name="REG_SZ">
2591 <Key>Software\Policies\Google\Chrome</Key>
2592 <ValueName>DnsOverHttpsMode</ValueName>
2595 <Entry type="1" type_name="REG_SZ">
2596 <Key>Software\Policies\Google\Chrome</Key>
2597 <ValueName>DnsOverHttpsTemplates</ValueName>
2598 <Value>https://dns.example.net/dns-query{?dns}</Value>
2600 <Entry type="1" type_name="REG_SZ">
2601 <Key>Software\Policies\Google\Chrome</Key>
2602 <ValueName>DownloadDirectory</ValueName>
2603 <Value>/home/${user_name}/Downloads</Value>
2605 <Entry type="4" type_name="REG_DWORD">
2606 <Key>Software\Policies\Google\Chrome</Key>
2607 <ValueName>DownloadRestrictions</ValueName>
2610 <Entry type="4" type_name="REG_DWORD">
2611 <Key>Software\Policies\Google\Chrome</Key>
2612 <ValueName>EditBookmarksEnabled</ValueName>
2615 <Entry type="4" type_name="REG_DWORD">
2616 <Key>Software\Policies\Google\Chrome</Key>
2617 <ValueName>EnableAuthNegotiatePort</ValueName>
2620 <Entry type="4" type_name="REG_DWORD">
2621 <Key>Software\Policies\Google\Chrome</Key>
2622 <ValueName>EnableDeprecatedPrivetPrinting</ValueName>
2625 <Entry type="4" type_name="REG_DWORD">
2626 <Key>Software\Policies\Google\Chrome</Key>
2627 <ValueName>EnableMediaRouter</ValueName>
2630 <Entry type="4" type_name="REG_DWORD">
2631 <Key>Software\Policies\Google\Chrome</Key>
2632 <ValueName>EnableOnlineRevocationChecks</ValueName>
2635 <Entry type="4" type_name="REG_DWORD">
2636 <Key>Software\Policies\Google\Chrome</Key>
2637 <ValueName>EnterpriseHardwarePlatformAPIEnabled</ValueName>
2640 <Entry type="1" type_name="REG_SZ">
2641 <Key>Software\Policies\Google\Chrome</Key>
2642 <ValueName>ExtensionSettings</ValueName>
2643 <Value>{"*": {"allowed_types": ["hosted_app"], "blocked_install_message": "Custom error message.", "blocked_permissions": ["downloads", "bookmarks"], "install_sources": ["https://company-intranet/chromeapps"], "installation_mode": "blocked", "runtime_allowed_hosts": ["*://good.example.com"], "runtime_blocked_hosts": ["*://*.example.com"]}, "abcdefghijklmnopabcdefghijklmnop": {"blocked_permissions": ["history"], "installation_mode": "allowed", "minimum_version_required": "1.0.1", "toolbar_pin": "force_pinned"}, "bcdefghijklmnopabcdefghijklmnopa": {"allowed_permissions": ["downloads"], "installation_mode": "force_installed", "runtime_allowed_hosts": ["*://good.example.com"], "runtime_blocked_hosts": ["*://*.example.com"], "update_url": "https://example.com/update_url"}, "cdefghijklmnopabcdefghijklmnopab": {"blocked_install_message": "Custom error message.", "installation_mode": "blocked"}, "defghijklmnopabcdefghijklmnopabc,efghijklmnopabcdefghijklmnopabcd": {"blocked_install_message": "Custom error message.", "installation_mode": "blocked"}, "fghijklmnopabcdefghijklmnopabcde": {"blocked_install_message": "Custom removal message.", "installation_mode": "removed"}, "ghijklmnopabcdefghijklmnopabcdef": {"installation_mode": "force_installed", "override_update_url": true, "update_url": "https://example.com/update_url"}, "update_url:https://www.example.com/update.xml": {"allowed_permissions": ["downloads"], "blocked_permissions": ["wallpaper"], "installation_mode": "allowed"}}</Value>
2645 <Entry type="4" type_name="REG_DWORD">
2646 <Key>Software\Policies\Google\Chrome</Key>
2647 <ValueName>ExternalProtocolDialogShowAlwaysOpenCheckbox</ValueName>
2650 <Entry type="4" type_name="REG_DWORD">
2651 <Key>Software\Policies\Google\Chrome</Key>
2652 <ValueName>FetchKeepaliveDurationSecondsOnShutdown</ValueName>
2655 <Entry type="4" type_name="REG_DWORD">
2656 <Key>Software\Policies\Google\Chrome</Key>
2657 <ValueName>ForceEphemeralProfiles</ValueName>
2660 <Entry type="4" type_name="REG_DWORD">
2661 <Key>Software\Policies\Google\Chrome</Key>
2662 <ValueName>ForceGoogleSafeSearch</ValueName>
2665 <Entry type="4" type_name="REG_DWORD">
2666 <Key>Software\Policies\Google\Chrome</Key>
2667 <ValueName>ForceYouTubeRestrict</ValueName>
2670 <Entry type="4" type_name="REG_DWORD">
2671 <Key>Software\Policies\Google\Chrome</Key>
2672 <ValueName>FullscreenAllowed</ValueName>
2675 <Entry type="4" type_name="REG_DWORD">
2676 <Key>Software\Policies\Google\Chrome</Key>
2677 <ValueName>GloballyScopeHTTPAuthCacheEnabled</ValueName>
2680 <Entry type="4" type_name="REG_DWORD">
2681 <Key>Software\Policies\Google\Chrome</Key>
2682 <ValueName>HardwareAccelerationModeEnabled</ValueName>
2685 <Entry type="4" type_name="REG_DWORD">
2686 <Key>Software\Policies\Google\Chrome</Key>
2687 <ValueName>HeadlessMode</ValueName>
2690 <Entry type="4" type_name="REG_DWORD">
2691 <Key>Software\Policies\Google\Chrome</Key>
2692 <ValueName>HideWebStoreIcon</ValueName>
2695 <Entry type="4" type_name="REG_DWORD">
2696 <Key>Software\Policies\Google\Chrome</Key>
2697 <ValueName>HomepageIsNewTabPage</ValueName>
2700 <Entry type="1" type_name="REG_SZ">
2701 <Key>Software\Policies\Google\Chrome</Key>
2702 <ValueName>HomepageLocation</ValueName>
2703 <Value>https://www.chromium.org</Value>
2705 <Entry type="4" type_name="REG_DWORD">
2706 <Key>Software\Policies\Google\Chrome</Key>
2707 <ValueName>ImportAutofillFormData</ValueName>
2710 <Entry type="4" type_name="REG_DWORD">
2711 <Key>Software\Policies\Google\Chrome</Key>
2712 <ValueName>ImportBookmarks</ValueName>
2715 <Entry type="4" type_name="REG_DWORD">
2716 <Key>Software\Policies\Google\Chrome</Key>
2717 <ValueName>ImportHistory</ValueName>
2720 <Entry type="4" type_name="REG_DWORD">
2721 <Key>Software\Policies\Google\Chrome</Key>
2722 <ValueName>ImportHomepage</ValueName>
2725 <Entry type="4" type_name="REG_DWORD">
2726 <Key>Software\Policies\Google\Chrome</Key>
2727 <ValueName>ImportSavedPasswords</ValueName>
2730 <Entry type="4" type_name="REG_DWORD">
2731 <Key>Software\Policies\Google\Chrome</Key>
2732 <ValueName>ImportSearchEngine</ValueName>
2735 <Entry type="4" type_name="REG_DWORD">
2736 <Key>Software\Policies\Google\Chrome</Key>
2737 <ValueName>IncognitoModeAvailability</ValueName>
2740 <Entry type="4" type_name="REG_DWORD">
2741 <Key>Software\Policies\Google\Chrome</Key>
2742 <ValueName>InsecureFormsWarningsEnabled</ValueName>
2745 <Entry type="4" type_name="REG_DWORD">
2746 <Key>Software\Policies\Google\Chrome</Key>
2747 <ValueName>InsecurePrivateNetworkRequestsAllowed</ValueName>
2750 <Entry type="4" type_name="REG_DWORD">
2751 <Key>Software\Policies\Google\Chrome</Key>
2752 <ValueName>IntensiveWakeUpThrottlingEnabled</ValueName>
2755 <Entry type="4" type_name="REG_DWORD">
2756 <Key>Software\Policies\Google\Chrome</Key>
2757 <ValueName>IntranetRedirectBehavior</ValueName>
2760 <Entry type="1" type_name="REG_SZ">
2761 <Key>Software\Policies\Google\Chrome</Key>
2762 <ValueName>IsolateOrigins</ValueName>
2763 <Value>https://example.com/,https://othersite.org/</Value>
2765 <Entry type="1" type_name="REG_SZ">
2766 <Key>Software\Policies\Google\Chrome</Key>
2767 <ValueName>ManagedBookmarks</ValueName>
2768 <Value>[{"toplevel_name": "My managed bookmarks folder"}, {"name": "Google", "url": "google.com"}, {"name": "Youtube", "url": "youtube.com"}, {"children": [{"name": "Chromium", "url": "chromium.org"}, {"name": "Chromium Developers", "url": "dev.chromium.org"}], "name": "Chrome links"}]</Value>
2770 <Entry type="1" type_name="REG_SZ">
2771 <Key>Software\Policies\Google\Chrome</Key>
2772 <ValueName>ManagedConfigurationPerOrigin</ValueName>
2773 <Value>[{"managed_configuration_hash": "asd891jedasd12ue9h", "managed_configuration_url": "https://gstatic.google.com/configuration.json", "origin": "https://www.google.com"}, {"managed_configuration_hash": "djio12easd89u12aws", "managed_configuration_url": "https://gstatic.google.com/configuration2.json", "origin": "https://www.example.com"}]</Value>
2775 <Entry type="4" type_name="REG_DWORD">
2776 <Key>Software\Policies\Google\Chrome</Key>
2777 <ValueName>MaxConnectionsPerProxy</ValueName>
2780 <Entry type="4" type_name="REG_DWORD">
2781 <Key>Software\Policies\Google\Chrome</Key>
2782 <ValueName>MaxInvalidationFetchDelay</ValueName>
2783 <Value>10000</Value>
2785 <Entry type="4" type_name="REG_DWORD">
2786 <Key>Software\Policies\Google\Chrome</Key>
2787 <ValueName>MediaRecommendationsEnabled</ValueName>
2790 <Entry type="4" type_name="REG_DWORD">
2791 <Key>Software\Policies\Google\Chrome</Key>
2792 <ValueName>MediaRouterCastAllowAllIPs</ValueName>
2795 <Entry type="4" type_name="REG_DWORD">
2796 <Key>Software\Policies\Google\Chrome</Key>
2797 <ValueName>MetricsReportingEnabled</ValueName>
2800 <Entry type="4" type_name="REG_DWORD">
2801 <Key>Software\Policies\Google\Chrome</Key>
2802 <ValueName>NTPCardsVisible</ValueName>
2805 <Entry type="4" type_name="REG_DWORD">
2806 <Key>Software\Policies\Google\Chrome</Key>
2807 <ValueName>NTPCustomBackgroundEnabled</ValueName>
2810 <Entry type="4" type_name="REG_DWORD">
2811 <Key>Software\Policies\Google\Chrome</Key>
2812 <ValueName>NativeMessagingUserLevelHosts</ValueName>
2815 <Entry type="4" type_name="REG_DWORD">
2816 <Key>Software\Policies\Google\Chrome</Key>
2817 <ValueName>NetworkPredictionOptions</ValueName>
2820 <Entry type="1" type_name="REG_SZ">
2821 <Key>Software\Policies\Google\Chrome</Key>
2822 <ValueName>NewTabPageLocation</ValueName>
2823 <Value>https://www.chromium.org</Value>
2825 <Entry type="4" type_name="REG_DWORD">
2826 <Key>Software\Policies\Google\Chrome</Key>
2827 <ValueName>PasswordLeakDetectionEnabled</ValueName>
2830 <Entry type="4" type_name="REG_DWORD">
2831 <Key>Software\Policies\Google\Chrome</Key>
2832 <ValueName>PasswordManagerEnabled</ValueName>
2835 <Entry type="1" type_name="REG_SZ">
2836 <Key>Software\Policies\Google\Chrome</Key>
2837 <ValueName>PasswordProtectionChangePasswordURL</ValueName>
2838 <Value>https://mydomain.com/change_password.html</Value>
2840 <Entry type="4" type_name="REG_DWORD">
2841 <Key>Software\Policies\Google\Chrome</Key>
2842 <ValueName>PasswordProtectionWarningTrigger</ValueName>
2845 <Entry type="4" type_name="REG_DWORD">
2846 <Key>Software\Policies\Google\Chrome</Key>
2847 <ValueName>PaymentMethodQueryEnabled</ValueName>
2850 <Entry type="4" type_name="REG_DWORD">
2851 <Key>Software\Policies\Google\Chrome</Key>
2852 <ValueName>PolicyAtomicGroupsEnabled</ValueName>
2855 <Entry type="4" type_name="REG_DWORD">
2856 <Key>Software\Policies\Google\Chrome</Key>
2857 <ValueName>PolicyRefreshRate</ValueName>
2858 <Value>3600000</Value>
2860 <Entry type="4" type_name="REG_DWORD">
2861 <Key>Software\Policies\Google\Chrome</Key>
2862 <ValueName>PrintHeaderFooter</ValueName>
2865 <Entry type="4" type_name="REG_DWORD">
2866 <Key>Software\Policies\Google\Chrome</Key>
2867 <ValueName>PrintPreviewUseSystemDefaultPrinter</ValueName>
2870 <Entry type="4" type_name="REG_DWORD">
2871 <Key>Software\Policies\Google\Chrome</Key>
2872 <ValueName>PrintRasterizationMode</ValueName>
2875 <Entry type="1" type_name="REG_SZ">
2876 <Key>Software\Policies\Google\Chrome</Key>
2877 <ValueName>PrintingAllowedBackgroundGraphicsModes</ValueName>
2878 <Value>enabled</Value>
2880 <Entry type="1" type_name="REG_SZ">
2881 <Key>Software\Policies\Google\Chrome</Key>
2882 <ValueName>PrintingBackgroundGraphicsDefault</ValueName>
2883 <Value>enabled</Value>
2885 <Entry type="4" type_name="REG_DWORD">
2886 <Key>Software\Policies\Google\Chrome</Key>
2887 <ValueName>PrintingEnabled</ValueName>
2890 <Entry type="1" type_name="REG_SZ">
2891 <Key>Software\Policies\Google\Chrome</Key>
2892 <ValueName>PrintingPaperSizeDefault</ValueName>
2893 <Value>{"custom_size": {"height": 297000, "width": 210000}, "name": "custom"}</Value>
2895 <Entry type="4" type_name="REG_DWORD">
2896 <Key>Software\Policies\Google\Chrome</Key>
2897 <ValueName>ProfilePickerOnStartupAvailability</ValueName>
2900 <Entry type="4" type_name="REG_DWORD">
2901 <Key>Software\Policies\Google\Chrome</Key>
2902 <ValueName>PromotionalTabsEnabled</ValueName>
2905 <Entry type="4" type_name="REG_DWORD">
2906 <Key>Software\Policies\Google\Chrome</Key>
2907 <ValueName>PromptForDownloadLocation</ValueName>
2910 <Entry type="1" type_name="REG_SZ">
2911 <Key>Software\Policies\Google\Chrome</Key>
2912 <ValueName>ProxySettings</ValueName>
2913 <Value>{"ProxyBypassList": "https://www.example1.com,https://www.example2.com,https://internalsite/", "ProxyMode": "direct", "ProxyPacUrl": "https://internal.site/example.pac", "ProxyServer": "123.123.123.123:8080", "ProxyServerMode": 2}</Value>
2915 <Entry type="4" type_name="REG_DWORD">
2916 <Key>Software\Policies\Google\Chrome</Key>
2917 <ValueName>QuicAllowed</ValueName>
2920 <Entry type="4" type_name="REG_DWORD">
2921 <Key>Software\Policies\Google\Chrome</Key>
2922 <ValueName>RelaunchNotification</ValueName>
2925 <Entry type="4" type_name="REG_DWORD">
2926 <Key>Software\Policies\Google\Chrome</Key>
2927 <ValueName>RelaunchNotificationPeriod</ValueName>
2928 <Value>604800000</Value>
2930 <Entry type="4" type_name="REG_DWORD">
2931 <Key>Software\Policies\Google\Chrome</Key>
2932 <ValueName>RemoteAccessHostAllowClientPairing</ValueName>
2935 <Entry type="4" type_name="REG_DWORD">
2936 <Key>Software\Policies\Google\Chrome</Key>
2937 <ValueName>RemoteAccessHostAllowFileTransfer</ValueName>
2940 <Entry type="4" type_name="REG_DWORD">
2941 <Key>Software\Policies\Google\Chrome</Key>
2942 <ValueName>RemoteAccessHostAllowRelayedConnection</ValueName>
2945 <Entry type="4" type_name="REG_DWORD">
2946 <Key>Software\Policies\Google\Chrome</Key>
2947 <ValueName>RemoteAccessHostAllowRemoteAccessConnections</ValueName>
2950 <Entry type="4" type_name="REG_DWORD">
2951 <Key>Software\Policies\Google\Chrome</Key>
2952 <ValueName>RemoteAccessHostAllowUiAccessForRemoteAssistance</ValueName>
2955 <Entry type="4" type_name="REG_DWORD">
2956 <Key>Software\Policies\Google\Chrome</Key>
2957 <ValueName>RemoteAccessHostFirewallTraversal</ValueName>
2960 <Entry type="4" type_name="REG_DWORD">
2961 <Key>Software\Policies\Google\Chrome</Key>
2962 <ValueName>RemoteAccessHostMaximumSessionDurationMinutes</ValueName>
2965 <Entry type="4" type_name="REG_DWORD">
2966 <Key>Software\Policies\Google\Chrome</Key>
2967 <ValueName>RemoteAccessHostRequireCurtain</ValueName>
2970 <Entry type="1" type_name="REG_SZ">
2971 <Key>Software\Policies\Google\Chrome</Key>
2972 <ValueName>RemoteAccessHostUdpPortRange</ValueName>
2973 <Value>12400-12409</Value>
2975 <Entry type="4" type_name="REG_DWORD">
2976 <Key>Software\Policies\Google\Chrome</Key>
2977 <ValueName>RendererCodeIntegrityEnabled</ValueName>
2980 <Entry type="4" type_name="REG_DWORD">
2981 <Key>Software\Policies\Google\Chrome</Key>
2982 <ValueName>RequireOnlineRevocationChecksForLocalAnchors</ValueName>
2985 <Entry type="4" type_name="REG_DWORD">
2986 <Key>Software\Policies\Google\Chrome</Key>
2987 <ValueName>RestoreOnStartup</ValueName>
2990 <Entry type="1" type_name="REG_SZ">
2991 <Key>Software\Policies\Google\Chrome</Key>
2992 <ValueName>RestrictSigninToPattern</ValueName>
2993 <Value>.*@example\\.com</Value>
2995 <Entry type="1" type_name="REG_SZ">
2996 <Key>Software\Policies\Google\Chrome</Key>
2997 <ValueName>RoamingProfileLocation</ValueName>
2998 <Value>${roaming_app_data}\\chrome-profile</Value>
3000 <Entry type="4" type_name="REG_DWORD">
3001 <Key>Software\Policies\Google\Chrome</Key>
3002 <ValueName>RoamingProfileSupportEnabled</ValueName>
3005 <Entry type="4" type_name="REG_DWORD">
3006 <Key>Software\Policies\Google\Chrome</Key>
3007 <ValueName>SSLErrorOverrideAllowed</ValueName>
3010 <Entry type="1" type_name="REG_SZ">
3011 <Key>Software\Policies\Google\Chrome</Key>
3012 <ValueName>SSLVersionMin</ValueName>
3015 <Entry type="4" type_name="REG_DWORD">
3016 <Key>Software\Policies\Google\Chrome</Key>
3017 <ValueName>SafeBrowsingExtendedReportingEnabled</ValueName>
3020 <Entry type="4" type_name="REG_DWORD">
3021 <Key>Software\Policies\Google\Chrome</Key>
3022 <ValueName>SafeBrowsingForTrustedSourcesEnabled</ValueName>
3025 <Entry type="4" type_name="REG_DWORD">
3026 <Key>Software\Policies\Google\Chrome</Key>
3027 <ValueName>SafeBrowsingProtectionLevel</ValueName>
3030 <Entry type="4" type_name="REG_DWORD">
3031 <Key>Software\Policies\Google\Chrome</Key>
3032 <ValueName>SafeSitesFilterBehavior</ValueName>
3035 <Entry type="4" type_name="REG_DWORD">
3036 <Key>Software\Policies\Google\Chrome</Key>
3037 <ValueName>SavingBrowserHistoryDisabled</ValueName>
3040 <Entry type="4" type_name="REG_DWORD">
3041 <Key>Software\Policies\Google\Chrome</Key>
3042 <ValueName>ScreenCaptureAllowed</ValueName>
3045 <Entry type="4" type_name="REG_DWORD">
3046 <Key>Software\Policies\Google\Chrome</Key>
3047 <ValueName>ScrollToTextFragmentEnabled</ValueName>
3050 <Entry type="4" type_name="REG_DWORD">
3051 <Key>Software\Policies\Google\Chrome</Key>
3052 <ValueName>SearchSuggestEnabled</ValueName>
3055 <Entry type="4" type_name="REG_DWORD">
3056 <Key>Software\Policies\Google\Chrome</Key>
3057 <ValueName>SharedArrayBufferUnrestrictedAccessAllowed</ValueName>
3060 <Entry type="4" type_name="REG_DWORD">
3061 <Key>Software\Policies\Google\Chrome</Key>
3062 <ValueName>SharedClipboardEnabled</ValueName>
3065 <Entry type="4" type_name="REG_DWORD">
3066 <Key>Software\Policies\Google\Chrome</Key>
3067 <ValueName>ShowAppsShortcutInBookmarkBar</ValueName>
3070 <Entry type="4" type_name="REG_DWORD">
3071 <Key>Software\Policies\Google\Chrome</Key>
3072 <ValueName>ShowCastIconInToolbar</ValueName>
3075 <Entry type="4" type_name="REG_DWORD">
3076 <Key>Software\Policies\Google\Chrome</Key>
3077 <ValueName>ShowFullUrlsInAddressBar</ValueName>
3080 <Entry type="4" type_name="REG_DWORD">
3081 <Key>Software\Policies\Google\Chrome</Key>
3082 <ValueName>ShowHomeButton</ValueName>
3085 <Entry type="4" type_name="REG_DWORD">
3086 <Key>Software\Policies\Google\Chrome</Key>
3087 <ValueName>SignedHTTPExchangeEnabled</ValueName>
3090 <Entry type="4" type_name="REG_DWORD">
3091 <Key>Software\Policies\Google\Chrome</Key>
3092 <ValueName>SigninInterceptionEnabled</ValueName>
3095 <Entry type="4" type_name="REG_DWORD">
3096 <Key>Software\Policies\Google\Chrome</Key>
3097 <ValueName>SitePerProcess</ValueName>
3100 <Entry type="4" type_name="REG_DWORD">
3101 <Key>Software\Policies\Google\Chrome</Key>
3102 <ValueName>SpellCheckServiceEnabled</ValueName>
3105 <Entry type="4" type_name="REG_DWORD">
3106 <Key>Software\Policies\Google\Chrome</Key>
3107 <ValueName>SpellcheckEnabled</ValueName>
3110 <Entry type="4" type_name="REG_DWORD">
3111 <Key>Software\Policies\Google\Chrome</Key>
3112 <ValueName>SuppressDifferentOriginSubframeDialogs</ValueName>
3115 <Entry type="4" type_name="REG_DWORD">
3116 <Key>Software\Policies\Google\Chrome</Key>
3117 <ValueName>SuppressUnsupportedOSWarning</ValueName>
3120 <Entry type="4" type_name="REG_DWORD">
3121 <Key>Software\Policies\Google\Chrome</Key>
3122 <ValueName>SyncDisabled</ValueName>
3125 <Entry type="4" type_name="REG_DWORD">
3126 <Key>Software\Policies\Google\Chrome</Key>
3127 <ValueName>TargetBlankImpliesNoOpener</ValueName>
3130 <Entry type="4" type_name="REG_DWORD">
3131 <Key>Software\Policies\Google\Chrome</Key>
3132 <ValueName>TaskManagerEndProcessEnabled</ValueName>
3135 <Entry type="4" type_name="REG_DWORD">
3136 <Key>Software\Policies\Google\Chrome</Key>
3137 <ValueName>ThirdPartyBlockingEnabled</ValueName>
3140 <Entry type="4" type_name="REG_DWORD">
3141 <Key>Software\Policies\Google\Chrome</Key>
3142 <ValueName>TotalMemoryLimitMb</ValueName>
3145 <Entry type="4" type_name="REG_DWORD">
3146 <Key>Software\Policies\Google\Chrome</Key>
3147 <ValueName>TranslateEnabled</ValueName>
3150 <Entry type="4" type_name="REG_DWORD">
3151 <Key>Software\Policies\Google\Chrome</Key>
3152 <ValueName>TripleDESEnabled</ValueName>
3155 <Entry type="4" type_name="REG_DWORD">
3156 <Key>Software\Policies\Google\Chrome</Key>
3157 <ValueName>UrlKeyedAnonymizedDataCollectionEnabled</ValueName>
3160 <Entry type="4" type_name="REG_DWORD">
3161 <Key>Software\Policies\Google\Chrome</Key>
3162 <ValueName>UserAgentClientHintsEnabled</ValueName>
3165 <Entry type="1" type_name="REG_SZ">
3166 <Key>Software\Policies\Google\Chrome</Key>
3167 <ValueName>UserDataDir</ValueName>
3168 <Value>${users}/${user_name}/Chrome</Value>
3170 <Entry type="4" type_name="REG_DWORD">
3171 <Key>Software\Policies\Google\Chrome</Key>
3172 <ValueName>UserDataSnapshotRetentionLimit</ValueName>
3175 <Entry type="4" type_name="REG_DWORD">
3176 <Key>Software\Policies\Google\Chrome</Key>
3177 <ValueName>UserFeedbackAllowed</ValueName>
3180 <Entry type="4" type_name="REG_DWORD">
3181 <Key>Software\Policies\Google\Chrome</Key>
3182 <ValueName>VideoCaptureAllowed</ValueName>
3185 <Entry type="4" type_name="REG_DWORD">
3186 <Key>Software\Policies\Google\Chrome</Key>
3187 <ValueName>WPADQuickCheckEnabled</ValueName>
3190 <Entry type="1" type_name="REG_SZ">
3191 <Key>Software\Policies\Google\Chrome</Key>
3192 <ValueName>WebAppInstallForceList</ValueName>
3193 <Value>[{"create_desktop_shortcut": true, "default_launch_container": "window", "url": "https://www.google.com/maps"}, {"default_launch_container": "tab", "url": "https://docs.google.com"}, {"default_launch_container": "window", "fallback_app_name": "Editor", "url": "https://docs.google.com/editor"}]</Value>
3195 <Entry type="4" type_name="REG_DWORD">
3196 <Key>Software\Policies\Google\Chrome</Key>
3197 <ValueName>WebRtcAllowLegacyTLSProtocols</ValueName>
3200 <Entry type="4" type_name="REG_DWORD">
3201 <Key>Software\Policies\Google\Chrome</Key>
3202 <ValueName>WebRtcEventLogCollectionAllowed</ValueName>
3205 <Entry type="1" type_name="REG_SZ">
3206 <Key>Software\Policies\Google\Chrome</Key>
3207 <ValueName>WebRtcIPHandling</ValueName>
3208 <Value>default</Value>
3210 <Entry type="1" type_name="REG_SZ">
3211 <Key>Software\Policies\Google\Chrome</Key>
3212 <ValueName>WebRtcUdpPortRange</ValueName>
3213 <Value>10000-11999</Value>
3215 <Entry type="1" type_name="REG_SZ">
3216 <Key>Software\Policies\Google\Chrome</Key>
3217 <ValueName>WebUsbAllowDevicesForUrls</ValueName>
3218 <Value>[{"devices": [{"product_id": 5678, "vendor_id": 1234}], "urls": ["https://google.com"]}]</Value>
3220 <Entry type="4" type_name="REG_DWORD">
3221 <Key>Software\Policies\Google\Chrome</Key>
3222 <ValueName>WindowOcclusionEnabled</ValueName>
3225 <Entry type="1" type_name="REG_SZ">
3226 <Key>Software\Policies\Google\Chrome\AlternativeBrowserParameters</Key>
3227 <ValueName>1</ValueName>
3228 <Value>-foreground</Value>
3230 <Entry type="1" type_name="REG_SZ">
3231 <Key>Software\Policies\Google\Chrome\AlternativeBrowserParameters</Key>
3232 <ValueName>2</ValueName>
3233 <Value>-new-window</Value>
3235 <Entry type="1" type_name="REG_SZ">
3236 <Key>Software\Policies\Google\Chrome\AlternativeBrowserParameters</Key>
3237 <ValueName>3</ValueName>
3238 <Value>${url}</Value>
3240 <Entry type="1" type_name="REG_SZ">
3241 <Key>Software\Policies\Google\Chrome\AlternativeBrowserParameters</Key>
3242 <ValueName>4</ValueName>
3243 <Value>-profile</Value>
3245 <Entry type="1" type_name="REG_SZ">
3246 <Key>Software\Policies\Google\Chrome\AlternativeBrowserParameters</Key>
3247 <ValueName>5</ValueName>
3248 <Value>%HOME%\\browser_profile</Value>
3250 <Entry type="1" type_name="REG_SZ">
3251 <Key>Software\Policies\Google\Chrome\AudioCaptureAllowedUrls</Key>
3252 <ValueName>1</ValueName>
3253 <Value>https://www.example.com/</Value>
3255 <Entry type="1" type_name="REG_SZ">
3256 <Key>Software\Policies\Google\Chrome\AudioCaptureAllowedUrls</Key>
3257 <ValueName>2</ValueName>
3258 <Value>https://[*.]example.edu/</Value>
3260 <Entry type="1" type_name="REG_SZ">
3261 <Key>Software\Policies\Google\Chrome\AutoOpenAllowedForURLs</Key>
3262 <ValueName>1</ValueName>
3263 <Value>example.com</Value>
3265 <Entry type="1" type_name="REG_SZ">
3266 <Key>Software\Policies\Google\Chrome\AutoOpenAllowedForURLs</Key>
3267 <ValueName>2</ValueName>
3268 <Value>https://ssl.server.com</Value>
3270 <Entry type="1" type_name="REG_SZ">
3271 <Key>Software\Policies\Google\Chrome\AutoOpenAllowedForURLs</Key>
3272 <ValueName>3</ValueName>
3273 <Value>hosting.com/good_path</Value>
3275 <Entry type="1" type_name="REG_SZ">
3276 <Key>Software\Policies\Google\Chrome\AutoOpenAllowedForURLs</Key>
3277 <ValueName>4</ValueName>
3278 <Value>https://server:8080/path</Value>
3280 <Entry type="1" type_name="REG_SZ">
3281 <Key>Software\Policies\Google\Chrome\AutoOpenAllowedForURLs</Key>
3282 <ValueName>5</ValueName>
3283 <Value>.exact.hostname.com</Value>
3285 <Entry type="1" type_name="REG_SZ">
3286 <Key>Software\Policies\Google\Chrome\AutoOpenFileTypes</Key>
3287 <ValueName>1</ValueName>
3290 <Entry type="1" type_name="REG_SZ">
3291 <Key>Software\Policies\Google\Chrome\AutoOpenFileTypes</Key>
3292 <ValueName>2</ValueName>
3295 <Entry type="1" type_name="REG_SZ">
3296 <Key>Software\Policies\Google\Chrome\AutoSelectCertificateForUrls</Key>
3297 <ValueName>1</ValueName>
3298 <Value>{"pattern":"https://www.example.com","filter":{"ISSUER":{"CN":"certificate issuer name", "L": "certificate issuer location", "O": "certificate issuer org", "OU": "certificate issuer org unit"}, "SUBJECT":{"CN":"certificate subject name", "L": "certificate subject location", "O": "certificate subject org", "OU": "certificate subject org unit"}}}</Value>
3300 <Entry type="1" type_name="REG_SZ">
3301 <Key>Software\Policies\Google\Chrome\AutoplayAllowlist</Key>
3302 <ValueName>1</ValueName>
3303 <Value>https://www.example.com</Value>
3305 <Entry type="1" type_name="REG_SZ">
3306 <Key>Software\Policies\Google\Chrome\AutoplayAllowlist</Key>
3307 <ValueName>2</ValueName>
3308 <Value>[*.]example.edu</Value>
3310 <Entry type="1" type_name="REG_SZ">
3311 <Key>Software\Policies\Google\Chrome\BrowserSwitcherChromeParameters</Key>
3312 <ValueName>1</ValueName>
3313 <Value>--force-dark-mode</Value>
3315 <Entry type="1" type_name="REG_SZ">
3316 <Key>Software\Policies\Google\Chrome\BrowserSwitcherUrlGreylist</Key>
3317 <ValueName>1</ValueName>
3318 <Value>ie.com</Value>
3320 <Entry type="1" type_name="REG_SZ">
3321 <Key>Software\Policies\Google\Chrome\BrowserSwitcherUrlGreylist</Key>
3322 <ValueName>2</ValueName>
3323 <Value>!open-in-chrome.ie.com</Value>
3325 <Entry type="1" type_name="REG_SZ">
3326 <Key>Software\Policies\Google\Chrome\BrowserSwitcherUrlGreylist</Key>
3327 <ValueName>3</ValueName>
3328 <Value>foobar.com/ie-only/</Value>
3330 <Entry type="1" type_name="REG_SZ">
3331 <Key>Software\Policies\Google\Chrome\BrowserSwitcherUrlList</Key>
3332 <ValueName>1</ValueName>
3333 <Value>ie.com</Value>
3335 <Entry type="1" type_name="REG_SZ">
3336 <Key>Software\Policies\Google\Chrome\BrowserSwitcherUrlList</Key>
3337 <ValueName>2</ValueName>
3338 <Value>!open-in-chrome.ie.com</Value>
3340 <Entry type="1" type_name="REG_SZ">
3341 <Key>Software\Policies\Google\Chrome\BrowserSwitcherUrlList</Key>
3342 <ValueName>3</ValueName>
3343 <Value>foobar.com/ie-only/</Value>
3345 <Entry type="1" type_name="REG_SZ">
3346 <Key>Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForCas</Key>
3347 <ValueName>1</ValueName>
3348 <Value>sha256/AAAAAAAAAAAAAAAAAAAAAA==</Value>
3350 <Entry type="1" type_name="REG_SZ">
3351 <Key>Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForCas</Key>
3352 <ValueName>2</ValueName>
3353 <Value>sha256//////////////////////w==</Value>
3355 <Entry type="1" type_name="REG_SZ">
3356 <Key>Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForLegacyCas</Key>
3357 <ValueName>1</ValueName>
3358 <Value>sha256/AAAAAAAAAAAAAAAAAAAAAA==</Value>
3360 <Entry type="1" type_name="REG_SZ">
3361 <Key>Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForLegacyCas</Key>
3362 <ValueName>2</ValueName>
3363 <Value>sha256//////////////////////w==</Value>
3365 <Entry type="1" type_name="REG_SZ">
3366 <Key>Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls</Key>
3367 <ValueName>1</ValueName>
3368 <Value>example.com</Value>
3370 <Entry type="1" type_name="REG_SZ">
3371 <Key>Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls</Key>
3372 <ValueName>2</ValueName>
3373 <Value>.example.com</Value>
3375 <Entry type="1" type_name="REG_SZ">
3376 <Key>Software\Policies\Google\Chrome\ClearBrowsingDataOnExitList</Key>
3377 <ValueName>1</ValueName>
3378 <Value>browsing_history</Value>
3380 <Entry type="1" type_name="REG_SZ">
3381 <Key>Software\Policies\Google\Chrome\ClearBrowsingDataOnExitList</Key>
3382 <ValueName>2</ValueName>
3383 <Value>download_history</Value>
3385 <Entry type="1" type_name="REG_SZ">
3386 <Key>Software\Policies\Google\Chrome\ClearBrowsingDataOnExitList</Key>
3387 <ValueName>3</ValueName>
3388 <Value>cookies_and_other_site_data</Value>
3390 <Entry type="1" type_name="REG_SZ">
3391 <Key>Software\Policies\Google\Chrome\ClearBrowsingDataOnExitList</Key>
3392 <ValueName>4</ValueName>
3393 <Value>cached_images_and_files</Value>
3395 <Entry type="1" type_name="REG_SZ">
3396 <Key>Software\Policies\Google\Chrome\ClearBrowsingDataOnExitList</Key>
3397 <ValueName>5</ValueName>
3398 <Value>password_signin</Value>
3400 <Entry type="1" type_name="REG_SZ">
3401 <Key>Software\Policies\Google\Chrome\ClearBrowsingDataOnExitList</Key>
3402 <ValueName>6</ValueName>
3403 <Value>autofill</Value>
3405 <Entry type="1" type_name="REG_SZ">
3406 <Key>Software\Policies\Google\Chrome\ClearBrowsingDataOnExitList</Key>
3407 <ValueName>7</ValueName>
3408 <Value>site_settings</Value>
3410 <Entry type="1" type_name="REG_SZ">
3411 <Key>Software\Policies\Google\Chrome\ClearBrowsingDataOnExitList</Key>
3412 <ValueName>8</ValueName>
3413 <Value>hosted_app_data</Value>
3415 <Entry type="1" type_name="REG_SZ">
3416 <Key>Software\Policies\Google\Chrome\CookiesAllowedForUrls</Key>
3417 <ValueName>1</ValueName>
3418 <Value>https://www.example.com</Value>
3420 <Entry type="1" type_name="REG_SZ">
3421 <Key>Software\Policies\Google\Chrome\CookiesAllowedForUrls</Key>
3422 <ValueName>2</ValueName>
3423 <Value>[*.]example.edu</Value>
3425 <Entry type="1" type_name="REG_SZ">
3426 <Key>Software\Policies\Google\Chrome\CookiesBlockedForUrls</Key>
3427 <ValueName>1</ValueName>
3428 <Value>https://www.example.com</Value>
3430 <Entry type="1" type_name="REG_SZ">
3431 <Key>Software\Policies\Google\Chrome\CookiesBlockedForUrls</Key>
3432 <ValueName>2</ValueName>
3433 <Value>[*.]example.edu</Value>
3435 <Entry type="1" type_name="REG_SZ">
3436 <Key>Software\Policies\Google\Chrome\CookiesSessionOnlyForUrls</Key>
3437 <ValueName>1</ValueName>
3438 <Value>https://www.example.com</Value>
3440 <Entry type="1" type_name="REG_SZ">
3441 <Key>Software\Policies\Google\Chrome\CookiesSessionOnlyForUrls</Key>
3442 <ValueName>2</ValueName>
3443 <Value>[*.]example.edu</Value>
3445 <Entry type="1" type_name="REG_SZ">
3446 <Key>Software\Policies\Google\Chrome\DefaultSearchProviderAlternateURLs</Key>
3447 <ValueName>1</ValueName>
3448 <Value>https://search.my.company/suggest#q={searchTerms}</Value>
3450 <Entry type="1" type_name="REG_SZ">
3451 <Key>Software\Policies\Google\Chrome\DefaultSearchProviderAlternateURLs</Key>
3452 <ValueName>2</ValueName>
3453 <Value>https://search.my.company/suggest/search#q={searchTerms}</Value>
3455 <Entry type="1" type_name="REG_SZ">
3456 <Key>Software\Policies\Google\Chrome\DefaultSearchProviderEncodings</Key>
3457 <ValueName>1</ValueName>
3458 <Value>UTF-8</Value>
3460 <Entry type="1" type_name="REG_SZ">
3461 <Key>Software\Policies\Google\Chrome\DefaultSearchProviderEncodings</Key>
3462 <ValueName>2</ValueName>
3463 <Value>UTF-16</Value>
3465 <Entry type="1" type_name="REG_SZ">
3466 <Key>Software\Policies\Google\Chrome\DefaultSearchProviderEncodings</Key>
3467 <ValueName>3</ValueName>
3468 <Value>GB2312</Value>
3470 <Entry type="1" type_name="REG_SZ">
3471 <Key>Software\Policies\Google\Chrome\DefaultSearchProviderEncodings</Key>
3472 <ValueName>4</ValueName>
3473 <Value>ISO-8859-1</Value>
3475 <Entry type="1" type_name="REG_SZ">
3476 <Key>Software\Policies\Google\Chrome\EnableExperimentalPolicies</Key>
3477 <ValueName>1</ValueName>
3478 <Value>ExtensionInstallAllowlist</Value>
3480 <Entry type="1" type_name="REG_SZ">
3481 <Key>Software\Policies\Google\Chrome\EnableExperimentalPolicies</Key>
3482 <ValueName>2</ValueName>
3483 <Value>ExtensionInstallBlocklist</Value>
3485 <Entry type="1" type_name="REG_SZ">
3486 <Key>Software\Policies\Google\Chrome\ExplicitlyAllowedNetworkPorts</Key>
3487 <ValueName>1</ValueName>
3488 <Value>10080</Value>
3490 <Entry type="1" type_name="REG_SZ">
3491 <Key>Software\Policies\Google\Chrome\ExtensionAllowedTypes</Key>
3492 <ValueName>1</ValueName>
3493 <Value>hosted_app</Value>
3495 <Entry type="1" type_name="REG_SZ">
3496 <Key>Software\Policies\Google\Chrome\ExtensionInstallAllowlist</Key>
3497 <ValueName>1</ValueName>
3498 <Value>extension_id1</Value>
3500 <Entry type="1" type_name="REG_SZ">
3501 <Key>Software\Policies\Google\Chrome\ExtensionInstallAllowlist</Key>
3502 <ValueName>2</ValueName>
3503 <Value>extension_id2</Value>
3505 <Entry type="1" type_name="REG_SZ">
3506 <Key>Software\Policies\Google\Chrome\ExtensionInstallBlocklist</Key>
3507 <ValueName>1</ValueName>
3508 <Value>extension_id1</Value>
3510 <Entry type="1" type_name="REG_SZ">
3511 <Key>Software\Policies\Google\Chrome\ExtensionInstallBlocklist</Key>
3512 <ValueName>2</ValueName>
3513 <Value>extension_id2</Value>
3515 <Entry type="1" type_name="REG_SZ">
3516 <Key>Software\Policies\Google\Chrome\ExtensionInstallForcelist</Key>
3517 <ValueName>1</ValueName>
3518 <Value>aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa;https://clients2.google.com/service/update2/crx</Value>
3520 <Entry type="1" type_name="REG_SZ">
3521 <Key>Software\Policies\Google\Chrome\ExtensionInstallForcelist</Key>
3522 <ValueName>2</ValueName>
3523 <Value>abcdefghijklmnopabcdefghijklmnop</Value>
3525 <Entry type="1" type_name="REG_SZ">
3526 <Key>Software\Policies\Google\Chrome\ExtensionInstallSources</Key>
3527 <ValueName>1</ValueName>
3528 <Value>https://corp.mycompany.com/*</Value>
3530 <Entry type="1" type_name="REG_SZ">
3531 <Key>Software\Policies\Google\Chrome\FileHandlingAllowedForUrls</Key>
3532 <ValueName>1</ValueName>
3533 <Value>https://www.example.com</Value>
3535 <Entry type="1" type_name="REG_SZ">
3536 <Key>Software\Policies\Google\Chrome\FileHandlingAllowedForUrls</Key>
3537 <ValueName>2</ValueName>
3538 <Value>[*.]example.edu</Value>
3540 <Entry type="1" type_name="REG_SZ">
3541 <Key>Software\Policies\Google\Chrome\FileHandlingBlockedForUrls</Key>
3542 <ValueName>1</ValueName>
3543 <Value>https://www.example.com</Value>
3545 <Entry type="1" type_name="REG_SZ">
3546 <Key>Software\Policies\Google\Chrome\FileHandlingBlockedForUrls</Key>
3547 <ValueName>2</ValueName>
3548 <Value>[*.]example.edu</Value>
3550 <Entry type="1" type_name="REG_SZ">
3551 <Key>Software\Policies\Google\Chrome\FileSystemReadAskForUrls</Key>
3552 <ValueName>1</ValueName>
3553 <Value>https://www.example.com</Value>
3555 <Entry type="1" type_name="REG_SZ">
3556 <Key>Software\Policies\Google\Chrome\FileSystemReadAskForUrls</Key>
3557 <ValueName>2</ValueName>
3558 <Value>[*.]example.edu</Value>
3560 <Entry type="1" type_name="REG_SZ">
3561 <Key>Software\Policies\Google\Chrome\FileSystemReadBlockedForUrls</Key>
3562 <ValueName>1</ValueName>
3563 <Value>https://www.example.com</Value>
3565 <Entry type="1" type_name="REG_SZ">
3566 <Key>Software\Policies\Google\Chrome\FileSystemReadBlockedForUrls</Key>
3567 <ValueName>2</ValueName>
3568 <Value>[*.]example.edu</Value>
3570 <Entry type="1" type_name="REG_SZ">
3571 <Key>Software\Policies\Google\Chrome\FileSystemWriteAskForUrls</Key>
3572 <ValueName>1</ValueName>
3573 <Value>https://www.example.com</Value>
3575 <Entry type="1" type_name="REG_SZ">
3576 <Key>Software\Policies\Google\Chrome\FileSystemWriteAskForUrls</Key>
3577 <ValueName>2</ValueName>
3578 <Value>[*.]example.edu</Value>
3580 <Entry type="1" type_name="REG_SZ">
3581 <Key>Software\Policies\Google\Chrome\FileSystemWriteBlockedForUrls</Key>
3582 <ValueName>1</ValueName>
3583 <Value>https://www.example.com</Value>
3585 <Entry type="1" type_name="REG_SZ">
3586 <Key>Software\Policies\Google\Chrome\FileSystemWriteBlockedForUrls</Key>
3587 <ValueName>2</ValueName>
3588 <Value>[*.]example.edu</Value>
3590 <Entry type="1" type_name="REG_SZ">
3591 <Key>Software\Policies\Google\Chrome\ForcedLanguages</Key>
3592 <ValueName>1</ValueName>
3593 <Value>en-US</Value>
3595 <Entry type="1" type_name="REG_SZ">
3596 <Key>Software\Policies\Google\Chrome\HSTSPolicyBypassList</Key>
3597 <ValueName>1</ValueName>
3600 <Entry type="1" type_name="REG_SZ">
3601 <Key>Software\Policies\Google\Chrome\ImagesAllowedForUrls</Key>
3602 <ValueName>1</ValueName>
3603 <Value>https://www.example.com</Value>
3605 <Entry type="1" type_name="REG_SZ">
3606 <Key>Software\Policies\Google\Chrome\ImagesAllowedForUrls</Key>
3607 <ValueName>2</ValueName>
3608 <Value>[*.]example.edu</Value>
3610 <Entry type="1" type_name="REG_SZ">
3611 <Key>Software\Policies\Google\Chrome\ImagesBlockedForUrls</Key>
3612 <ValueName>1</ValueName>
3613 <Value>https://www.example.com</Value>
3615 <Entry type="1" type_name="REG_SZ">
3616 <Key>Software\Policies\Google\Chrome\ImagesBlockedForUrls</Key>
3617 <ValueName>2</ValueName>
3618 <Value>[*.]example.edu</Value>
3620 <Entry type="1" type_name="REG_SZ">
3621 <Key>Software\Policies\Google\Chrome\InsecureContentAllowedForUrls</Key>
3622 <ValueName>1</ValueName>
3623 <Value>https://www.example.com</Value>
3625 <Entry type="1" type_name="REG_SZ">
3626 <Key>Software\Policies\Google\Chrome\InsecureContentAllowedForUrls</Key>
3627 <ValueName>2</ValueName>
3628 <Value>[*.]example.edu</Value>
3630 <Entry type="1" type_name="REG_SZ">
3631 <Key>Software\Policies\Google\Chrome\InsecureContentBlockedForUrls</Key>
3632 <ValueName>1</ValueName>
3633 <Value>https://www.example.com</Value>
3635 <Entry type="1" type_name="REG_SZ">
3636 <Key>Software\Policies\Google\Chrome\InsecureContentBlockedForUrls</Key>
3637 <ValueName>2</ValueName>
3638 <Value>[*.]example.edu</Value>
3640 <Entry type="1" type_name="REG_SZ">
3641 <Key>Software\Policies\Google\Chrome\InsecurePrivateNetworkRequestsAllowedForUrls</Key>
3642 <ValueName>1</ValueName>
3643 <Value>http://www.example.com:8080</Value>
3645 <Entry type="1" type_name="REG_SZ">
3646 <Key>Software\Policies\Google\Chrome\InsecurePrivateNetworkRequestsAllowedForUrls</Key>
3647 <ValueName>2</ValueName>
3648 <Value>[*.]example.edu</Value>
3650 <Entry type="1" type_name="REG_SZ">
3651 <Key>Software\Policies\Google\Chrome\JavaScriptAllowedForUrls</Key>
3652 <ValueName>1</ValueName>
3653 <Value>https://www.example.com</Value>
3655 <Entry type="1" type_name="REG_SZ">
3656 <Key>Software\Policies\Google\Chrome\JavaScriptAllowedForUrls</Key>
3657 <ValueName>2</ValueName>
3658 <Value>[*.]example.edu</Value>
3660 <Entry type="1" type_name="REG_SZ">
3661 <Key>Software\Policies\Google\Chrome\JavaScriptBlockedForUrls</Key>
3662 <ValueName>1</ValueName>
3663 <Value>https://www.example.com</Value>
3665 <Entry type="1" type_name="REG_SZ">
3666 <Key>Software\Policies\Google\Chrome\JavaScriptBlockedForUrls</Key>
3667 <ValueName>2</ValueName>
3668 <Value>[*.]example.edu</Value>
3670 <Entry type="1" type_name="REG_SZ">
3671 <Key>Software\Policies\Google\Chrome\LegacySameSiteCookieBehaviorEnabledForDomainList</Key>
3672 <ValueName>1</ValueName>
3673 <Value>www.example.com</Value>
3675 <Entry type="1" type_name="REG_SZ">
3676 <Key>Software\Policies\Google\Chrome\LegacySameSiteCookieBehaviorEnabledForDomainList</Key>
3677 <ValueName>2</ValueName>
3678 <Value>[*.]example.edu</Value>
3680 <Entry type="1" type_name="REG_SZ">
3681 <Key>Software\Policies\Google\Chrome\LookalikeWarningAllowlistDomains</Key>
3682 <ValueName>1</ValueName>
3683 <Value>foo.example.com</Value>
3685 <Entry type="1" type_name="REG_SZ">
3686 <Key>Software\Policies\Google\Chrome\LookalikeWarningAllowlistDomains</Key>
3687 <ValueName>2</ValueName>
3688 <Value>example.org</Value>
3690 <Entry type="1" type_name="REG_SZ">
3691 <Key>Software\Policies\Google\Chrome\NativeMessagingAllowlist</Key>
3692 <ValueName>1</ValueName>
3693 <Value>com.native.messaging.host.name1</Value>
3695 <Entry type="1" type_name="REG_SZ">
3696 <Key>Software\Policies\Google\Chrome\NativeMessagingAllowlist</Key>
3697 <ValueName>2</ValueName>
3698 <Value>com.native.messaging.host.name2</Value>
3700 <Entry type="1" type_name="REG_SZ">
3701 <Key>Software\Policies\Google\Chrome\NativeMessagingBlocklist</Key>
3702 <ValueName>1</ValueName>
3703 <Value>com.native.messaging.host.name1</Value>
3705 <Entry type="1" type_name="REG_SZ">
3706 <Key>Software\Policies\Google\Chrome\NativeMessagingBlocklist</Key>
3707 <ValueName>2</ValueName>
3708 <Value>com.native.messaging.host.name2</Value>
3710 <Entry type="1" type_name="REG_SZ">
3711 <Key>Software\Policies\Google\Chrome\NotificationsAllowedForUrls</Key>
3712 <ValueName>1</ValueName>
3713 <Value>https://www.example.com</Value>
3715 <Entry type="1" type_name="REG_SZ">
3716 <Key>Software\Policies\Google\Chrome\NotificationsAllowedForUrls</Key>
3717 <ValueName>2</ValueName>
3718 <Value>[*.]example.edu</Value>
3720 <Entry type="1" type_name="REG_SZ">
3721 <Key>Software\Policies\Google\Chrome\NotificationsBlockedForUrls</Key>
3722 <ValueName>1</ValueName>
3723 <Value>https://www.example.com</Value>
3725 <Entry type="1" type_name="REG_SZ">
3726 <Key>Software\Policies\Google\Chrome\NotificationsBlockedForUrls</Key>
3727 <ValueName>2</ValueName>
3728 <Value>[*.]example.edu</Value>
3730 <Entry type="1" type_name="REG_SZ">
3731 <Key>Software\Policies\Google\Chrome\OverrideSecurityRestrictionsOnInsecureOrigin</Key>
3732 <ValueName>1</ValueName>
3733 <Value>http://testserver.example.com/</Value>
3735 <Entry type="1" type_name="REG_SZ">
3736 <Key>Software\Policies\Google\Chrome\OverrideSecurityRestrictionsOnInsecureOrigin</Key>
3737 <ValueName>2</ValueName>
3738 <Value>*.example.org</Value>
3740 <Entry type="1" type_name="REG_SZ">
3741 <Key>Software\Policies\Google\Chrome\PasswordProtectionLoginURLs</Key>
3742 <ValueName>1</ValueName>
3743 <Value>https://mydomain.com/login.html</Value>
3745 <Entry type="1" type_name="REG_SZ">
3746 <Key>Software\Policies\Google\Chrome\PasswordProtectionLoginURLs</Key>
3747 <ValueName>2</ValueName>
3748 <Value>https://login.mydomain.com</Value>
3750 <Entry type="1" type_name="REG_SZ">
3751 <Key>Software\Policies\Google\Chrome\PolicyDictionaryMultipleSourceMergeList</Key>
3752 <ValueName>1</ValueName>
3753 <Value>ExtensionSettings</Value>
3755 <Entry type="1" type_name="REG_SZ">
3756 <Key>Software\Policies\Google\Chrome\PolicyListMultipleSourceMergeList</Key>
3757 <ValueName>1</ValueName>
3758 <Value>ExtensionInstallAllowlist</Value>
3760 <Entry type="1" type_name="REG_SZ">
3761 <Key>Software\Policies\Google\Chrome\PolicyListMultipleSourceMergeList</Key>
3762 <ValueName>2</ValueName>
3763 <Value>ExtensionInstallBlocklist</Value>
3765 <Entry type="1" type_name="REG_SZ">
3766 <Key>Software\Policies\Google\Chrome\PopupsAllowedForUrls</Key>
3767 <ValueName>1</ValueName>
3768 <Value>https://www.example.com</Value>
3770 <Entry type="1" type_name="REG_SZ">
3771 <Key>Software\Policies\Google\Chrome\PopupsAllowedForUrls</Key>
3772 <ValueName>2</ValueName>
3773 <Value>[*.]example.edu</Value>
3775 <Entry type="1" type_name="REG_SZ">
3776 <Key>Software\Policies\Google\Chrome\PopupsBlockedForUrls</Key>
3777 <ValueName>1</ValueName>
3778 <Value>https://www.example.com</Value>
3780 <Entry type="1" type_name="REG_SZ">
3781 <Key>Software\Policies\Google\Chrome\PopupsBlockedForUrls</Key>
3782 <ValueName>2</ValueName>
3783 <Value>[*.]example.edu</Value>
3785 <Entry type="1" type_name="REG_SZ">
3786 <Key>Software\Policies\Google\Chrome\PrinterTypeDenyList</Key>
3787 <ValueName>1</ValueName>
3788 <Value>cloud</Value>
3790 <Entry type="1" type_name="REG_SZ">
3791 <Key>Software\Policies\Google\Chrome\PrinterTypeDenyList</Key>
3792 <ValueName>2</ValueName>
3793 <Value>privet</Value>
3795 <Entry type="1" type_name="REG_SZ">
3796 <Key>Software\Policies\Google\Chrome\RemoteAccessHostClientDomainList</Key>
3797 <ValueName>1</ValueName>
3798 <Value>my-awesome-domain.com</Value>
3800 <Entry type="1" type_name="REG_SZ">
3801 <Key>Software\Policies\Google\Chrome\RemoteAccessHostClientDomainList</Key>
3802 <ValueName>2</ValueName>
3803 <Value>my-auxiliary-domain.com</Value>
3805 <Entry type="1" type_name="REG_SZ">
3806 <Key>Software\Policies\Google\Chrome\RemoteAccessHostDomainList</Key>
3807 <ValueName>1</ValueName>
3808 <Value>my-awesome-domain.com</Value>
3810 <Entry type="1" type_name="REG_SZ">
3811 <Key>Software\Policies\Google\Chrome\RemoteAccessHostDomainList</Key>
3812 <ValueName>2</ValueName>
3813 <Value>my-auxiliary-domain.com</Value>
3815 <Entry type="1" type_name="REG_SZ">
3816 <Key>Software\Policies\Google\Chrome\RestoreOnStartupURLs</Key>
3817 <ValueName>1</ValueName>
3818 <Value>https://example.com</Value>
3820 <Entry type="1" type_name="REG_SZ">
3821 <Key>Software\Policies\Google\Chrome\RestoreOnStartupURLs</Key>
3822 <ValueName>2</ValueName>
3823 <Value>https://www.chromium.org</Value>
3825 <Entry type="1" type_name="REG_SZ">
3826 <Key>Software\Policies\Google\Chrome\SSLErrorOverrideAllowedForOrigins</Key>
3827 <ValueName>1</ValueName>
3828 <Value>https://www.example.com</Value>
3830 <Entry type="1" type_name="REG_SZ">
3831 <Key>Software\Policies\Google\Chrome\SSLErrorOverrideAllowedForOrigins</Key>
3832 <ValueName>2</ValueName>
3833 <Value>[*.]example.edu</Value>
3835 <Entry type="1" type_name="REG_SZ">
3836 <Key>Software\Policies\Google\Chrome\SafeBrowsingAllowlistDomains</Key>
3837 <ValueName>1</ValueName>
3838 <Value>mydomain.com</Value>
3840 <Entry type="1" type_name="REG_SZ">
3841 <Key>Software\Policies\Google\Chrome\SafeBrowsingAllowlistDomains</Key>
3842 <ValueName>2</ValueName>
3843 <Value>myuniversity.edu</Value>
3845 <Entry type="1" type_name="REG_SZ">
3846 <Key>Software\Policies\Google\Chrome\SecurityKeyPermitAttestation</Key>
3847 <ValueName>1</ValueName>
3848 <Value>https://example.com</Value>
3850 <Entry type="1" type_name="REG_SZ">
3851 <Key>Software\Policies\Google\Chrome\SensorsAllowedForUrls</Key>
3852 <ValueName>1</ValueName>
3853 <Value>https://www.example.com</Value>
3855 <Entry type="1" type_name="REG_SZ">
3856 <Key>Software\Policies\Google\Chrome\SensorsAllowedForUrls</Key>
3857 <ValueName>2</ValueName>
3858 <Value>[*.]example.edu</Value>
3860 <Entry type="1" type_name="REG_SZ">
3861 <Key>Software\Policies\Google\Chrome\SensorsBlockedForUrls</Key>
3862 <ValueName>1</ValueName>
3863 <Value>https://www.example.com</Value>
3865 <Entry type="1" type_name="REG_SZ">
3866 <Key>Software\Policies\Google\Chrome\SensorsBlockedForUrls</Key>
3867 <ValueName>2</ValueName>
3868 <Value>[*.]example.edu</Value>
3870 <Entry type="1" type_name="REG_SZ">
3871 <Key>Software\Policies\Google\Chrome\SerialAskForUrls</Key>
3872 <ValueName>1</ValueName>
3873 <Value>https://www.example.com</Value>
3875 <Entry type="1" type_name="REG_SZ">
3876 <Key>Software\Policies\Google\Chrome\SerialAskForUrls</Key>
3877 <ValueName>2</ValueName>
3878 <Value>[*.]example.edu</Value>
3880 <Entry type="1" type_name="REG_SZ">
3881 <Key>Software\Policies\Google\Chrome\SerialBlockedForUrls</Key>
3882 <ValueName>1</ValueName>
3883 <Value>https://www.example.com</Value>
3885 <Entry type="1" type_name="REG_SZ">
3886 <Key>Software\Policies\Google\Chrome\SerialBlockedForUrls</Key>
3887 <ValueName>2</ValueName>
3888 <Value>[*.]example.edu</Value>
3890 <Entry type="1" type_name="REG_SZ">
3891 <Key>Software\Policies\Google\Chrome\SpellcheckLanguage</Key>
3892 <ValueName>1</ValueName>
3895 <Entry type="1" type_name="REG_SZ">
3896 <Key>Software\Policies\Google\Chrome\SpellcheckLanguage</Key>
3897 <ValueName>2</ValueName>
3900 <Entry type="1" type_name="REG_SZ">
3901 <Key>Software\Policies\Google\Chrome\SpellcheckLanguageBlocklist</Key>
3902 <ValueName>1</ValueName>
3905 <Entry type="1" type_name="REG_SZ">
3906 <Key>Software\Policies\Google\Chrome\SpellcheckLanguageBlocklist</Key>
3907 <ValueName>2</ValueName>
3910 <Entry type="1" type_name="REG_SZ">
3911 <Key>Software\Policies\Google\Chrome\SyncTypesListDisabled</Key>
3912 <ValueName>1</ValueName>
3913 <Value>bookmarks</Value>
3915 <Entry type="1" type_name="REG_SZ">
3916 <Key>Software\Policies\Google\Chrome\URLAllowlist</Key>
3917 <ValueName>1</ValueName>
3918 <Value>example.com</Value>
3920 <Entry type="1" type_name="REG_SZ">
3921 <Key>Software\Policies\Google\Chrome\URLAllowlist</Key>
3922 <ValueName>2</ValueName>
3923 <Value>https://ssl.server.com</Value>
3925 <Entry type="1" type_name="REG_SZ">
3926 <Key>Software\Policies\Google\Chrome\URLAllowlist</Key>
3927 <ValueName>3</ValueName>
3928 <Value>hosting.com/good_path</Value>
3930 <Entry type="1" type_name="REG_SZ">
3931 <Key>Software\Policies\Google\Chrome\URLAllowlist</Key>
3932 <ValueName>4</ValueName>
3933 <Value>https://server:8080/path</Value>
3935 <Entry type="1" type_name="REG_SZ">
3936 <Key>Software\Policies\Google\Chrome\URLAllowlist</Key>
3937 <ValueName>5</ValueName>
3938 <Value>.exact.hostname.com</Value>
3940 <Entry type="1" type_name="REG_SZ">
3941 <Key>Software\Policies\Google\Chrome\URLBlocklist</Key>
3942 <ValueName>1</ValueName>
3943 <Value>example.com</Value>
3945 <Entry type="1" type_name="REG_SZ">
3946 <Key>Software\Policies\Google\Chrome\URLBlocklist</Key>
3947 <ValueName>2</ValueName>
3948 <Value>https://ssl.server.com</Value>
3950 <Entry type="1" type_name="REG_SZ">
3951 <Key>Software\Policies\Google\Chrome\URLBlocklist</Key>
3952 <ValueName>3</ValueName>
3953 <Value>hosting.com/bad_path</Value>
3955 <Entry type="1" type_name="REG_SZ">
3956 <Key>Software\Policies\Google\Chrome\URLBlocklist</Key>
3957 <ValueName>4</ValueName>
3958 <Value>https://server:8080/path</Value>
3960 <Entry type="1" type_name="REG_SZ">
3961 <Key>Software\Policies\Google\Chrome\URLBlocklist</Key>
3962 <ValueName>5</ValueName>
3963 <Value>.exact.hostname.com</Value>
3965 <Entry type="1" type_name="REG_SZ">
3966 <Key>Software\Policies\Google\Chrome\URLBlocklist</Key>
3967 <ValueName>6</ValueName>
3968 <Value>file://*</Value>
3970 <Entry type="1" type_name="REG_SZ">
3971 <Key>Software\Policies\Google\Chrome\URLBlocklist</Key>
3972 <ValueName>7</ValueName>
3973 <Value>custom_scheme:*</Value>
3975 <Entry type="1" type_name="REG_SZ">
3976 <Key>Software\Policies\Google\Chrome\URLBlocklist</Key>
3977 <ValueName>8</ValueName>
3980 <Entry type="1" type_name="REG_SZ">
3981 <Key>Software\Policies\Google\Chrome\VideoCaptureAllowedUrls</Key>
3982 <ValueName>1</ValueName>
3983 <Value>https://www.example.com/</Value>
3985 <Entry type="1" type_name="REG_SZ">
3986 <Key>Software\Policies\Google\Chrome\VideoCaptureAllowedUrls</Key>
3987 <ValueName>2</ValueName>
3988 <Value>https://[*.]example.edu/</Value>
3990 <Entry type="1" type_name="REG_SZ">
3991 <Key>Software\Policies\Google\Chrome\WebRtcLocalIpsAllowedUrls</Key>
3992 <ValueName>1</ValueName>
3993 <Value>https://www.example.com</Value>
3995 <Entry type="1" type_name="REG_SZ">
3996 <Key>Software\Policies\Google\Chrome\WebRtcLocalIpsAllowedUrls</Key>
3997 <ValueName>2</ValueName>
3998 <Value>*example.com*</Value>
4000 <Entry type="1" type_name="REG_SZ">
4001 <Key>Software\Policies\Google\Chrome\WebUsbAskForUrls</Key>
4002 <ValueName>1</ValueName>
4003 <Value>https://www.example.com</Value>
4005 <Entry type="1" type_name="REG_SZ">
4006 <Key>Software\Policies\Google\Chrome\WebUsbAskForUrls</Key>
4007 <ValueName>2</ValueName>
4008 <Value>[*.]example.edu</Value>
4010 <Entry type="1" type_name="REG_SZ">
4011 <Key>Software\Policies\Google\Chrome\WebUsbBlockedForUrls</Key>
4012 <ValueName>1</ValueName>
4013 <Value>https://www.example.com</Value>
4015 <Entry type="1" type_name="REG_SZ">
4016 <Key>Software\Policies\Google\Chrome\WebUsbBlockedForUrls</Key>
4017 <ValueName>2</ValueName>
4018 <Value>[*.]example.edu</Value>
4020 <Entry type="4" type_name="REG_DWORD">
4021 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4022 <ValueName>AlternateErrorPagesEnabled</ValueName>
4025 <Entry type="1" type_name="REG_SZ">
4026 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4027 <ValueName>ApplicationLocaleValue</ValueName>
4030 <Entry type="4" type_name="REG_DWORD">
4031 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4032 <ValueName>AutofillAddressEnabled</ValueName>
4035 <Entry type="4" type_name="REG_DWORD">
4036 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4037 <ValueName>AutofillCreditCardEnabled</ValueName>
4040 <Entry type="4" type_name="REG_DWORD">
4041 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4042 <ValueName>BackgroundModeEnabled</ValueName>
4045 <Entry type="4" type_name="REG_DWORD">
4046 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4047 <ValueName>BlockThirdPartyCookies</ValueName>
4050 <Entry type="4" type_name="REG_DWORD">
4051 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4052 <ValueName>BookmarkBarEnabled</ValueName>
4055 <Entry type="1" type_name="REG_SZ">
4056 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4057 <ValueName>DefaultDownloadDirectory</ValueName>
4058 <Value>/home/${user_name}/Downloads</Value>
4060 <Entry type="1" type_name="REG_SZ">
4061 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4062 <ValueName>DownloadDirectory</ValueName>
4063 <Value>/home/${user_name}/Downloads</Value>
4065 <Entry type="4" type_name="REG_DWORD">
4066 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4067 <ValueName>DownloadRestrictions</ValueName>
4070 <Entry type="4" type_name="REG_DWORD">
4071 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4072 <ValueName>HomepageIsNewTabPage</ValueName>
4075 <Entry type="1" type_name="REG_SZ">
4076 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4077 <ValueName>HomepageLocation</ValueName>
4078 <Value>https://www.chromium.org</Value>
4080 <Entry type="4" type_name="REG_DWORD">
4081 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4082 <ValueName>ImportAutofillFormData</ValueName>
4085 <Entry type="4" type_name="REG_DWORD">
4086 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4087 <ValueName>ImportBookmarks</ValueName>
4090 <Entry type="4" type_name="REG_DWORD">
4091 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4092 <ValueName>ImportHistory</ValueName>
4095 <Entry type="4" type_name="REG_DWORD">
4096 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4097 <ValueName>ImportSavedPasswords</ValueName>
4100 <Entry type="4" type_name="REG_DWORD">
4101 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4102 <ValueName>ImportSearchEngine</ValueName>
4105 <Entry type="4" type_name="REG_DWORD">
4106 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4107 <ValueName>MetricsReportingEnabled</ValueName>
4110 <Entry type="4" type_name="REG_DWORD">
4111 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4112 <ValueName>NetworkPredictionOptions</ValueName>
4115 <Entry type="4" type_name="REG_DWORD">
4116 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4117 <ValueName>PasswordLeakDetectionEnabled</ValueName>
4120 <Entry type="4" type_name="REG_DWORD">
4121 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4122 <ValueName>PasswordManagerEnabled</ValueName>
4125 <Entry type="4" type_name="REG_DWORD">
4126 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4127 <ValueName>PrintHeaderFooter</ValueName>
4130 <Entry type="4" type_name="REG_DWORD">
4131 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4132 <ValueName>PrintPreviewUseSystemDefaultPrinter</ValueName>
4135 <Entry type="1" type_name="REG_SZ">
4136 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4137 <ValueName>RegisteredProtocolHandlers</ValueName>
4138 <Value>[{"default": true, "protocol": "mailto", "url": "https://mail.google.com/mail/?extsrc=mailto&url=%s"}]</Value>
4140 <Entry type="4" type_name="REG_DWORD">
4141 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4142 <ValueName>RestoreOnStartup</ValueName>
4145 <Entry type="4" type_name="REG_DWORD">
4146 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4147 <ValueName>SafeBrowsingForTrustedSourcesEnabled</ValueName>
4150 <Entry type="4" type_name="REG_DWORD">
4151 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4152 <ValueName>SafeBrowsingProtectionLevel</ValueName>
4155 <Entry type="4" type_name="REG_DWORD">
4156 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4157 <ValueName>SearchSuggestEnabled</ValueName>
4160 <Entry type="4" type_name="REG_DWORD">
4161 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4162 <ValueName>ShowFullUrlsInAddressBar</ValueName>
4165 <Entry type="4" type_name="REG_DWORD">
4166 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4167 <ValueName>ShowHomeButton</ValueName>
4170 <Entry type="4" type_name="REG_DWORD">
4171 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4172 <ValueName>SpellCheckServiceEnabled</ValueName>
4175 <Entry type="4" type_name="REG_DWORD">
4176 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4177 <ValueName>TranslateEnabled</ValueName>
4180 <Entry type="1" type_name="REG_SZ">
4181 <Key>Software\Policies\Google\Chrome\Recommended\RestoreOnStartupURLs</Key>
4182 <ValueName>1</ValueName>
4183 <Value>https://example.com</Value>
4185 <Entry type="1" type_name="REG_SZ">
4186 <Key>Software\Policies\Google\Chrome\Recommended\RestoreOnStartupURLs</Key>
4187 <ValueName>2</ValueName>
4188 <Value>https://www.chromium.org</Value>
4193 chromium_json_expected_managed
= \
4196 "FileSystemWriteAskForUrls": [
4197 "https://www.example.com",
4200 "InsecureContentBlockedForUrls": [
4201 "https://www.example.com",
4204 "DefaultSearchProviderImageURLPostParams": "content={imageThumbnail},url={imageURL},sbisrc={SearchSource}",
4205 "BrowserAddPersonEnabled": true,
4206 "DefaultSearchProviderImageURL": "https://search.my.company/searchbyimage/upload",
4207 "ShowHomeButton": true,
4208 "ClearBrowsingDataOnExitList": [
4211 "cookies_and_other_site_data",
4212 "cached_images_and_files",
4218 "JavaScriptAllowedForUrls": [
4219 "https://www.example.com",
4222 "AmbientAuthenticationInPrivateModesEnabled": 0,
4223 "AllowFileSelectionDialogs": true,
4224 "PrintingAllowedBackgroundGraphicsModes": "enabled",
4225 "DnsOverHttpsTemplates": "https://dns.example.net/dns-query{?dns}",
4226 "ComponentUpdatesEnabled": true,
4227 "RemoteAccessHostAllowRemoteAccessConnections": false,
4228 "WindowOcclusionEnabled": true,
4229 "PrintPreviewUseSystemDefaultPrinter": false,
4230 "AutoLaunchProtocolsFromOrigins": [
4232 "allowed_origins": [
4234 "http://www.example.com:8080"
4236 "protocol": "spotify"
4239 "allowed_origins": [
4240 "https://example.com",
4241 "https://.mail.example.com"
4246 "allowed_origins": [
4249 "protocol": "outlook"
4252 "ManagedConfigurationPerOrigin": [
4254 "origin": "https://www.google.com",
4255 "managed_configuration_hash": "asd891jedasd12ue9h",
4256 "managed_configuration_url": "https://gstatic.google.com/configuration.json"
4259 "origin": "https://www.example.com",
4260 "managed_configuration_hash": "djio12easd89u12aws",
4261 "managed_configuration_url": "https://gstatic.google.com/configuration2.json"
4264 "SyncTypesListDisabled": [
4267 "SecurityKeyPermitAttestation": [
4268 "https://example.com"
4270 "DefaultSearchProviderSearchURL": "https://search.my.company/search?q={searchTerms}",
4271 "MetricsReportingEnabled": true,
4272 "MaxInvalidationFetchDelay": 10000,
4273 "AudioProcessHighPriorityEnabled": true,
4274 "ExtensionInstallForcelist": [
4275 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa;https://clients2.google.com/service/update2/crx",
4276 "abcdefghijklmnopabcdefghijklmnop"
4278 "ExternalProtocolDialogShowAlwaysOpenCheckbox": true,
4279 "CookiesBlockedForUrls": [
4280 "https://www.example.com",
4283 "BrowserSwitcherExternalSitelistUrl": "http://example.com/sitelist.xml",
4284 "AudioCaptureAllowedUrls": [
4285 "https://www.example.com/",
4286 "https://[*.]example.edu/"
4288 "NTPCustomBackgroundEnabled": true,
4289 "BlockExternalExtensions": true,
4290 "BrowserSwitcherChromeParameters": [
4293 "SafeSitesFilterBehavior": 0,
4294 "EnableOnlineRevocationChecks": false,
4295 "ImagesBlockedForUrls": [
4296 "https://www.example.com",
4299 "InsecureFormsWarningsEnabled": true,
4300 "RelaunchNotificationPeriod": 604800000,
4301 "TotalMemoryLimitMb": 2048,
4302 "CloudManagementEnrollmentMandatory": true,
4303 "ClickToCallEnabled": true,
4304 "AppCacheForceEnabled": false,
4305 "UrlKeyedAnonymizedDataCollectionEnabled": true,
4306 "FullscreenAllowed": true,
4307 "AuthSchemes": "basic,digest,ntlm,negotiate",
4308 "PasswordLeakDetectionEnabled": true,
4309 "AuthServerAllowlist": "*.example.com,example.com",
4310 "AllowSyncXHRInPageDismissal": false,
4311 "PasswordProtectionChangePasswordURL": "https://mydomain.com/change_password.html",
4312 "MaxConnectionsPerProxy": 32,
4313 "RemoteAccessHostMaximumSessionDurationMinutes": 1200,
4314 "RemoteAccessHostAllowFileTransfer": false,
4315 "PrintRasterizationMode": 1,
4316 "CertificateTransparencyEnforcementDisabledForLegacyCas": [
4317 "sha256/AAAAAAAAAAAAAAAAAAAAAA==",
4318 "sha256//////////////////////w=="
4320 "DefaultWebBluetoothGuardSetting": 2,
4321 "AutoplayAllowed": true,
4322 "BrowserSwitcherUrlList": [
4324 "!open-in-chrome.ie.com",
4325 "foobar.com/ie-only/"
4327 "CertificateTransparencyEnforcementDisabledForUrls": [
4331 "SpellcheckLanguageBlocklist": [
4335 "PrintHeaderFooter": false,
4336 "ShowAppsShortcutInBookmarkBar": false,
4337 "SerialAskForUrls": [
4338 "https://www.example.com",
4341 "ImagesAllowedForUrls": [
4342 "https://www.example.com",
4345 "ProfilePickerOnStartupAvailability": 0,
4346 "CommandLineFlagSecurityWarningsEnabled": true,
4347 "QuicAllowed": true,
4348 "IntensiveWakeUpThrottlingEnabled": true,
4349 "WPADQuickCheckEnabled": true,
4350 "SensorsAllowedForUrls": [
4351 "https://www.example.com",
4354 "NTPCardsVisible": true,
4355 "DefaultSearchProviderAlternateURLs": [
4356 "https://search.my.company/suggest#q={searchTerms}",
4357 "https://search.my.company/suggest/search#q={searchTerms}"
4359 "DisableSafeBrowsingProceedAnyway": true,
4360 "DefaultFileSystemWriteGuardSetting": 2,
4361 "DefaultSearchProviderSuggestURL": "https://search.my.company/suggest?q={searchTerms}",
4362 "SSLErrorOverrideAllowed": true,
4363 "CloudPrintProxyEnabled": true,
4364 "BrowserSwitcherUrlGreylist": [
4366 "!open-in-chrome.ie.com",
4367 "foobar.com/ie-only/"
4369 "BrowserNetworkTimeQueriesEnabled": true,
4370 "WebUsbAllowDevicesForUrls": [
4373 "https://google.com"
4383 "TaskManagerEndProcessEnabled": true,
4384 "SuppressDifferentOriginSubframeDialogs": true,
4385 "UserDataDir": "${users}/${user_name}/Chrome",
4386 "CookiesAllowedForUrls": [
4387 "https://www.example.com",
4390 "SuppressUnsupportedOSWarning": true,
4391 "RequireOnlineRevocationChecksForLocalAnchors": false,
4392 "BrowsingDataLifetime": [
4397 "time_to_live_in_hours": 24
4404 "time_to_live_in_hours": 12
4407 "FileHandlingBlockedForUrls": [
4408 "https://www.example.com",
4411 "AudioCaptureAllowed": false,
4412 "PromotionalTabsEnabled": false,
4413 "ShowFullUrlsInAddressBar": false,
4414 "EnableMediaRouter": true,
4415 "BrowserSwitcherDelay": 10000,
4416 "AllowDinosaurEasterEgg": false,
4417 "ImportSearchEngine": true,
4418 "PrintingBackgroundGraphicsDefault": "enabled",
4419 "TripleDESEnabled": false,
4420 "AutoplayAllowlist": [
4421 "https://www.example.com",
4424 "RemoteAccessHostUdpPortRange": "12400-12409",
4425 "DefaultSearchProviderIconURL": "https://search.my.company/favicon.ico",
4426 "BrowserSwitcherChromePath": "${chrome}",
4427 "InsecureContentAllowedForUrls": [
4428 "https://www.example.com",
4431 "DefaultSearchProviderSearchURLPostParams": "q={searchTerms},ie=utf-8,oe=utf-8",
4432 "ForceGoogleSafeSearch": false,
4433 "UserFeedbackAllowed": true,
4434 "ForceYouTubeRestrict": 0,
4435 "ApplicationLocaleValue": "en",
4436 "RoamingProfileSupportEnabled": true,
4437 "AlternativeBrowserPath": "${ie}",
4438 "AlternativeBrowserParameters": [
4443 "%HOME%\\\\browser_profile"
4445 "AdvancedProtectionAllowed": true,
4446 "EditBookmarksEnabled": false,
4447 "DefaultPrinterSelection": "{ \\"kind\\": \\"cloud\\", \\"idPattern\\": \\".*public\\", \\"namePattern\\": \\".*Color\\" }",
4448 "SSLVersionMin": "tls1",
4449 "SharedArrayBufferUnrestrictedAccessAllowed": true,
4450 "DefaultSerialGuardSetting": 2,
4451 "DefaultPopupsSetting": 1,
4452 "IntranetRedirectBehavior": 1,
4453 "RendererCodeIntegrityEnabled": false,
4454 "BrowserGuestModeEnforced": true,
4455 "HSTSPolicyBypassList": [
4458 "DefaultWebUsbGuardSetting": 2,
4459 "CECPQ2Enabled": true,
4460 "RemoteAccessHostDomainList": [
4461 "my-awesome-domain.com",
4462 "my-auxiliary-domain.com"
4466 "https://ssl.server.com",
4467 "hosting.com/bad_path",
4468 "https://server:8080/path",
4469 ".exact.hostname.com",
4474 "IsolateOrigins": "https://example.com/,https://othersite.org/",
4475 "ExtensionAllowedTypes": [
4478 "NativeMessagingBlocklist": [
4479 "com.native.messaging.host.name1",
4480 "com.native.messaging.host.name2"
4482 "ExtensionSettings": {
4483 "abcdefghijklmnopabcdefghijklmnop": {
4484 "blocked_permissions": [
4487 "minimum_version_required": "1.0.1",
4488 "toolbar_pin": "force_pinned",
4489 "installation_mode": "allowed"
4491 "bcdefghijklmnopabcdefghijklmnopa": {
4492 "runtime_blocked_hosts": [
4495 "allowed_permissions": [
4498 "update_url": "https://example.com/update_url",
4499 "runtime_allowed_hosts": [
4500 "*://good.example.com"
4502 "installation_mode": "force_installed"
4504 "update_url:https://www.example.com/update.xml": {
4505 "allowed_permissions": [
4508 "blocked_permissions": [
4511 "installation_mode": "allowed"
4513 "cdefghijklmnopabcdefghijklmnopab": {
4514 "blocked_install_message": "Custom error message.",
4515 "installation_mode": "blocked"
4518 "blocked_permissions": [
4522 "installation_mode": "blocked",
4523 "runtime_blocked_hosts": [
4526 "blocked_install_message": "Custom error message.",
4530 "runtime_allowed_hosts": [
4531 "*://good.example.com"
4533 "install_sources": [
4534 "https://company-intranet/chromeapps"
4537 "defghijklmnopabcdefghijklmnopabc,efghijklmnopabcdefghijklmnopabcd": {
4538 "blocked_install_message": "Custom error message.",
4539 "installation_mode": "blocked"
4541 "fghijklmnopabcdefghijklmnopabcde": {
4542 "blocked_install_message": "Custom removal message.",
4543 "installation_mode": "removed"
4545 "ghijklmnopabcdefghijklmnopabcdef": {
4546 "update_url": "https://example.com/update_url",
4547 "override_update_url": true,
4548 "installation_mode": "force_installed"
4551 "FileSystemReadAskForUrls": [
4552 "https://www.example.com",
4555 "SpellCheckServiceEnabled": false,
4556 "ExtensionInstallSources": [
4557 "https://corp.mycompany.com/*"
4559 "PrinterTypeDenyList": [
4563 "SharedClipboardEnabled": true,
4564 "BlockThirdPartyCookies": false,
4565 "MediaRouterCastAllowAllIPs": false,
4566 "DnsOverHttpsMode": "off",
4567 "SyncDisabled": true,
4568 "LookalikeWarningAllowlistDomains": [
4572 "UserDataSnapshotRetentionLimit": 3,
4573 "SafeBrowsingProtectionLevel": 2,
4574 "ScrollToTextFragmentEnabled": false,
4575 "ImportBookmarks": true,
4576 "DefaultBrowserSettingEnabled": true,
4577 "DefaultSearchProviderEnabled": true,
4578 "AdditionalDnsQueryTypesEnabled": true,
4579 "PolicyRefreshRate": 3600000,
4580 "PrintingPaperSizeDefault": {
4587 "RestoreOnStartup": 4,
4588 "PasswordProtectionWarningTrigger": 1,
4589 "ChromeCleanupEnabled": true,
4590 "AbusiveExperienceInterventionEnforce": true,
4591 "BasicAuthOverHttpEnabled": false,
4592 "EnableAuthNegotiatePort": false,
4593 "DefaultGeolocationSetting": 1,
4594 "PolicyDictionaryMultipleSourceMergeList": [
4597 "AllowedDomainsForApps": "managedchrome.com,example.com",
4598 "DisableAuthNegotiateCnameLookup": false,
4599 "IncognitoModeAvailability": 1,
4600 "ChromeVariations": 1,
4601 "DefaultSearchProviderNewTabURL": "https://search.my.company/newtab",
4602 "SavingBrowserHistoryDisabled": true,
4603 "SpellcheckEnabled": false,
4604 "FileSystemWriteBlockedForUrls": [
4605 "https://www.example.com",
4608 "BuiltInDnsClientEnabled": true,
4609 "SSLErrorOverrideAllowedForOrigins": [
4610 "https://www.example.com",
4613 "WebRtcIPHandling": "default",
4614 "DefaultNotificationsSetting": 2,
4615 "PopupsAllowedForUrls": [
4616 "https://www.example.com",
4619 "TranslateEnabled": true,
4620 "DefaultSearchProviderEncodings": [
4626 "DownloadRestrictions": 2,
4627 "PromptForDownloadLocation": false,
4628 "DisablePrintPreview": false,
4629 "NetworkPredictionOptions": 1,
4630 "FileSystemReadBlockedForUrls": [
4631 "https://www.example.com",
4634 "AutoOpenFileTypes": [
4638 "DownloadDirectory": "/home/${user_name}/Downloads",
4639 "ImportHomepage": true,
4640 "GloballyScopeHTTPAuthCacheEnabled": false,
4641 "CloudManagementEnrollmentToken": "37185d02-e055-11e7-80c1-9a214cf093ae",
4642 "ThirdPartyBlockingEnabled": false,
4643 "AdsSettingForIntrusiveAdsSites": 1,
4644 "FetchKeepaliveDurationSecondsOnShutdown": 1,
4645 "BookmarkBarEnabled": true,
4646 "DisableScreenshots": true,
4647 "AccessibilityImageLabelsEnabled": false,
4648 "RemoteAccessHostAllowUiAccessForRemoteAssistance": true,
4649 "PopupsBlockedForUrls": [
4650 "https://www.example.com",
4653 "DefaultFileSystemReadGuardSetting": 2,
4655 "WebRtcAllowLegacyTLSProtocols": false,
4656 "PasswordManagerEnabled": true,
4657 "SafeBrowsingExtendedReportingEnabled": true,
4658 "CloudPolicyOverridesPlatformPolicy": false,
4659 "InsecurePrivateNetworkRequestsAllowedForUrls": [
4660 "http://www.example.com:8080",
4663 "RelaunchNotification": 1,
4664 "AlwaysOpenPdfExternally": true,
4665 "DefaultFileHandlingGuardSetting": 2,
4666 "ForceEphemeralProfiles": true,
4667 "PasswordProtectionLoginURLs": [
4668 "https://mydomain.com/login.html",
4669 "https://login.mydomain.com"
4671 "BrowserSwitcherExternalGreylistUrl": "http://example.com/greylist.xml",
4672 "BrowserGuestModeEnabled": true,
4673 "MediaRecommendationsEnabled": true,
4674 "WebRtcLocalIpsAllowedUrls": [
4675 "https://www.example.com",
4678 "DeveloperToolsAvailability": 2,
4679 "DNSInterceptionChecksEnabled": true,
4680 "DefaultSearchProviderContextMenuAccessAllowed": true,
4681 "RemoteAccessHostRequireCurtain": false,
4682 "PaymentMethodQueryEnabled": true,
4683 "HomepageLocation": "https://www.chromium.org",
4684 "WebUsbAskForUrls": [
4685 "https://www.example.com",
4688 "RemoteAccessHostAllowClientPairing": false,
4690 "ProxyMode": "direct",
4691 "ProxyPacUrl": "https://internal.site/example.pac",
4692 "ProxyServer": "123.123.123.123:8080",
4693 "ProxyServerMode": 2,
4694 "ProxyBypassList": "https://www.example1.com,https://www.example2.com,https://internalsite/"
4696 "AutofillCreditCardEnabled": false,
4697 "FileHandlingAllowedForUrls": [
4698 "https://www.example.com",
4701 "ChromeCleanupReportingEnabled": true,
4702 "AlternateErrorPagesEnabled": true,
4703 "WebRtcEventLogCollectionAllowed": true,
4704 "AutoSelectCertificateForUrls": [
4705 "{\\"pattern\\":\\"https://www.example.com\\",\\"filter\\":{\\"ISSUER\\":{\\"CN\\":\\"certificate issuer name\\", \\"L\\": \\"certificate issuer location\\", \\"O\\": \\"certificate issuer org\\", \\"OU\\": \\"certificate issuer org unit\\"}, \\"SUBJECT\\":{\\"CN\\":\\"certificate subject name\\", \\"L\\": \\"certificate subject location\\", \\"O\\": \\"certificate subject org\\", \\"OU\\": \\"certificate subject org unit\\"}}}"
4707 "PolicyListMultipleSourceMergeList": [
4708 "ExtensionInstallAllowlist",
4709 "ExtensionInstallBlocklist"
4711 "CertificateTransparencyEnforcementDisabledForCas": [
4712 "sha256/AAAAAAAAAAAAAAAAAAAAAA==",
4713 "sha256//////////////////////w=="
4715 "CookiesSessionOnlyForUrls": [
4716 "https://www.example.com",
4719 "SitePerProcess": true,
4720 "RemoteAccessHostFirewallTraversal": false,
4721 "DefaultSearchProviderSuggestURLPostParams": "q={searchTerms},ie=utf-8,oe=utf-8",
4722 "BackgroundModeEnabled": true,
4723 "DefaultJavaScriptSetting": 1,
4724 "ForcedLanguages": [
4727 "ManagedBookmarks": [
4729 "toplevel_name": "My managed bookmarks folder"
4732 "url": "google.com",
4736 "url": "youtube.com",
4742 "url": "chromium.org",
4746 "url": "dev.chromium.org",
4747 "name": "Chromium Developers"
4750 "name": "Chrome links"
4753 "Disable3DAPIs": false,
4754 "CloudPrintSubmitEnabled": true,
4755 "DefaultCookiesSetting": 1,
4756 "ExtensionInstallBlocklist": [
4762 "https://ssl.server.com",
4763 "hosting.com/good_path",
4764 "https://server:8080/path",
4765 ".exact.hostname.com"
4767 "ExplicitlyAllowedNetworkPorts": [
4770 "HomepageIsNewTabPage": true,
4771 "SensorsBlockedForUrls": [
4772 "https://www.example.com",
4775 "BrowserLabsEnabled": false,
4776 "NotificationsAllowedForUrls": [
4777 "https://www.example.com",
4780 "NativeMessagingUserLevelHosts": false,
4781 "AuthNegotiateDelegateAllowlist": "foobar.example.com",
4782 "CloudUserPolicyMerge": true,
4783 "OverrideSecurityRestrictionsOnInsecureOrigin": [
4784 "http://testserver.example.com/",
4787 "HideWebStoreIcon": true,
4788 "SafeBrowsingForTrustedSourcesEnabled": false,
4789 "NewTabPageLocation": "https://www.chromium.org",
4790 "DiskCacheSize": 104857600,
4791 "BrowserSwitcherUseIeSitelist": true,
4792 "WebRtcUdpPortRange": "10000-11999",
4793 "EnterpriseHardwarePlatformAPIEnabled": true,
4794 "AutoOpenAllowedForURLs": [
4796 "https://ssl.server.com",
4797 "hosting.com/good_path",
4798 "https://server:8080/path",
4799 ".exact.hostname.com"
4801 "NativeMessagingAllowlist": [
4802 "com.native.messaging.host.name1",
4803 "com.native.messaging.host.name2"
4805 "DefaultSearchProviderName": "My Intranet Search",
4806 "JavaScriptBlockedForUrls": [
4807 "https://www.example.com",
4810 "EnableExperimentalPolicies": [
4811 "ExtensionInstallAllowlist",
4812 "ExtensionInstallBlocklist"
4814 "SafeBrowsingAllowlistDomains": [
4818 "AutofillAddressEnabled": false,
4819 "AllowCrossOriginAuthPrompt": false,
4820 "SpellcheckLanguage": [
4824 "VideoCaptureAllowed": false,
4825 "ScreenCaptureAllowed": false,
4826 "VideoCaptureAllowedUrls": [
4827 "https://www.example.com/",
4828 "https://[*.]example.edu/"
4830 "ImportHistory": true,
4831 "ShowCastIconInToolbar": false,
4832 "RestoreOnStartupURLs": [
4833 "https://example.com",
4834 "https://www.chromium.org"
4836 "LegacySameSiteCookieBehaviorEnabledForDomainList": [
4840 "PrintingEnabled": true,
4841 "ImportSavedPasswords": true,
4842 "EnableDeprecatedPrivetPrinting": true,
4843 "InsecurePrivateNetworkRequestsAllowed": false,
4845 "PolicyAtomicGroupsEnabled": true,
4846 "HardwareAccelerationModeEnabled": true,
4847 "AllowDeletingBrowserHistory": true,
4848 "DefaultSearchProviderKeyword": "mis",
4849 "ExtensionInstallAllowlist": [
4853 "WebAppInstallForceList": [
4855 "url": "https://www.google.com/maps",
4856 "create_desktop_shortcut": true,
4857 "default_launch_container": "window"
4860 "url": "https://docs.google.com",
4861 "default_launch_container": "tab"
4864 "url": "https://docs.google.com/editor",
4865 "fallback_app_name": "Editor",
4866 "default_launch_container": "window"
4869 "DiskCacheDir": "${user_home}/Chrome_cache",
4870 "SignedHTTPExchangeEnabled": true,
4871 "SearchSuggestEnabled": true,
4872 "BrowserThemeColor": "#FFFFFF",
4873 "RestrictSigninToPattern": ".*@example\\\\.com",
4874 "DefaultInsecureContentSetting": 2,
4875 "DefaultSensorsSetting": 2,
4876 "AudioSandboxEnabled": true,
4877 "RemoteAccessHostAllowRelayedConnection": false,
4878 "RoamingProfileLocation": "${roaming_app_data}\\\\chrome-profile",
4879 "UserAgentClientHintsEnabled": true,
4880 "TargetBlankImpliesNoOpener": false,
4881 "BrowserSwitcherKeepLastChromeTab": false,
4882 "RemoteAccessHostClientDomainList": [
4883 "my-awesome-domain.com",
4884 "my-auxiliary-domain.com"
4886 "NotificationsBlockedForUrls": [
4887 "https://www.example.com",
4890 "SerialBlockedForUrls": [
4891 "https://www.example.com",
4894 "DefaultImagesSetting": 1,
4895 "SigninInterceptionEnabled": true,
4896 "WebUsbBlockedForUrls": [
4897 "https://www.example.com",
4900 "ImportAutofillFormData": true,
4901 "BrowserSwitcherEnabled": true
4905 chromium_json_expected_recommended
= \
4908 "BackgroundModeEnabled": true,
4909 "RestoreOnStartup": 4,
4910 "RegisteredProtocolHandlers": [
4913 "url": "https://mail.google.com/mail/?extsrc=mailto&url=%s",
4914 "protocol": "mailto"
4917 "ShowHomeButton": true,
4918 "PrintHeaderFooter": false,
4919 "SafeBrowsingForTrustedSourcesEnabled": false,
4920 "ShowFullUrlsInAddressBar": false,
4921 "MetricsReportingEnabled": true,
4922 "SpellCheckServiceEnabled": false,
4923 "ImportSearchEngine": true,
4924 "DownloadRestrictions": 2,
4925 "NetworkPredictionOptions": 1,
4926 "DownloadDirectory": "/home/${user_name}/Downloads",
4927 "TranslateEnabled": true,
4928 "AutofillAddressEnabled": false,
4929 "BookmarkBarEnabled": true,
4930 "PrintPreviewUseSystemDefaultPrinter": false,
4931 "ApplicationLocaleValue": "en",
4932 "ImportHistory": true,
4933 "RestoreOnStartupURLs": [
4934 "https://example.com",
4935 "https://www.chromium.org"
4937 "PasswordManagerEnabled": true,
4938 "ImportSavedPasswords": true,
4939 "DefaultDownloadDirectory": "/home/${user_name}/Downloads",
4940 "PasswordLeakDetectionEnabled": true,
4941 "SearchSuggestEnabled": true,
4942 "AlternateErrorPagesEnabled": true,
4943 "HomepageIsNewTabPage": true,
4944 "ImportAutofillFormData": true,
4945 "BlockThirdPartyCookies": false,
4946 "AutofillCreditCardEnabled": false,
4947 "HomepageLocation": "https://www.chromium.org",
4948 "SafeBrowsingProtectionLevel": 2,
4949 "ImportBookmarks": true
4953 firewalld_reg_pol
= \
4955 <?xml version="1.0" encoding="utf-8"?>
4956 <PolFile num_entries="6" signature="PReg" version="1">
4957 <Entry type="4" type_name="REG_DWORD">
4958 <Key>Software\Policies\Samba\Unix Settings\Firewalld</Key>
4959 <ValueName>Zones</ValueName>
4962 <Entry type="4" type_name="REG_DWORD">
4963 <Key>Software\Policies\Samba\Unix Settings\Firewalld</Key>
4964 <ValueName>Rules</ValueName>
4967 <Entry type="1" type_name="REG_SZ">
4968 <Key>Software\Policies\Samba\Unix Settings\Firewalld\Rules</Key>
4969 <ValueName>Rules</ValueName>
4970 <Value>{"work": [{"rule": {"family": "ipv4"}, "source address": "172.25.1.7", "service name": "ftp", "reject": {}}]}</Value>
4972 <Entry type="1" type_name="REG_SZ">
4973 <Key>Software\Policies\Samba\Unix Settings\Firewalld\Zones</Key>
4974 <ValueName>**delvals.</ValueName>
4977 <Entry type="1" type_name="REG_SZ">
4978 <Key>Software\Policies\Samba\Unix Settings\Firewalld\Zones</Key>
4979 <ValueName>work</ValueName>
4982 <Entry type="1" type_name="REG_SZ">
4983 <Key>Software\Policies\Samba\Unix Settings\Firewalld\Zones</Key>
4984 <ValueName>home</ValueName>
4990 def days2rel_nttime(val
):
4995 return -(val
* seconds
* minutes
* hours
* sam_add
)
4997 def gpupdate(lp
, arg
):
4998 gpupdate
= lp
.get('gpo update command')
4999 gpupdate
.append(arg
)
5001 p
= Popen(gpupdate
, stdout
=PIPE
, stderr
=PIPE
)
5002 stdoutdata
, stderrdata
= p
.communicate()
5006 def gpupdate_force(lp
):
5007 return gpupdate(lp
, '--force')
5009 def gpupdate_unapply(lp
):
5010 return gpupdate(lp
, '--unapply')
5013 return gpupdate(lp
, '--rsop')
5015 def stage_file(path
, data
):
5016 dirname
= os
.path
.dirname(path
)
5017 if not os
.path
.exists(dirname
):
5019 os
.makedirs(dirname
)
5020 except OSError as e
:
5021 if not (e
.errno
== errno
.EEXIST
and os
.path
.isdir(dirname
)):
5023 if os
.path
.exists(path
):
5024 os
.rename(path
, '%s.bak' % path
)
5025 with
NamedTemporaryFile(delete
=False, dir=os
.path
.dirname(path
)) as f
:
5026 f
.write(get_bytes(data
))
5027 os
.rename(f
.name
, path
)
5028 os
.chmod(path
, 0o644)
5031 def unstage_file(path
):
5032 backup
= '%s.bak' % path
5033 if os
.path
.exists(backup
):
5034 os
.rename(backup
, path
)
5035 elif os
.path
.exists(path
):
5038 class GPOTests(tests
.TestCase
):
5040 super(GPOTests
, self
).setUp()
5041 self
.server
= os
.environ
["SERVER"]
5042 self
.dc_account
= self
.server
.upper() + '$'
5043 self
.lp
= s3param
.get_context()
5044 self
.lp
.load_default()
5045 self
.creds
= self
.insta_creds(template
=self
.get_credentials())
5048 super(GPOTests
, self
).tearDown()
5050 def test_gpo_list(self
):
5051 global poldir
, dspath
5052 gpos
= get_gpo_list(self
.server
, self
.creds
, self
.lp
,
5053 self
.creds
.get_username())
5054 guid
= '{31B2F340-016D-11D2-945F-00C04FB984F9}'
5055 names
= ['Local Policy', guid
]
5056 file_sys_paths
= [None, '%s\\%s' % (poldir
, guid
)]
5057 ds_paths
= [None, 'CN=%s,%s' % (guid
, dspath
)]
5058 for i
in range(0, len(gpos
)):
5059 self
.assertEqual(gpos
[i
].name
, names
[i
],
5060 'The gpo name did not match expected name %s' % gpos
[i
].name
)
5061 self
.assertEqual(gpos
[i
].file_sys_path
, file_sys_paths
[i
],
5062 'file_sys_path did not match expected %s' % gpos
[i
].file_sys_path
)
5063 self
.assertEqual(gpos
[i
].ds_path
, ds_paths
[i
],
5064 'ds_path did not match expected %s' % gpos
[i
].ds_path
)
5066 def test_gpt_version(self
):
5068 local_path
= self
.lp
.cache_path('gpo_cache')
5069 guid
= '{31B2F340-016D-11D2-945F-00C04FB984F9}'
5070 gpo_path
= os
.path
.join(local_path
, policies
, guid
)
5071 old_vers
= gpo
.gpo_get_sysvol_gpt_version(gpo_path
)[1]
5073 with
open(os
.path
.join(gpo_path
, 'GPT.INI'), 'w') as gpt
:
5074 gpt
.write(gpt_data
% 42)
5075 self
.assertEqual(gpo
.gpo_get_sysvol_gpt_version(gpo_path
)[1], 42,
5076 'gpo_get_sysvol_gpt_version() did not return the expected version')
5078 with
open(os
.path
.join(gpo_path
, 'GPT.INI'), 'w') as gpt
:
5079 gpt
.write(gpt_data
% old_vers
)
5080 self
.assertEqual(gpo
.gpo_get_sysvol_gpt_version(gpo_path
)[1], old_vers
,
5081 'gpo_get_sysvol_gpt_version() did not return the expected version')
5083 def test_check_refresh_gpo_list(self
):
5084 cache
= self
.lp
.cache_path('gpo_cache')
5085 gpos
= get_gpo_list(self
.server
, self
.creds
, self
.lp
,
5086 self
.creds
.get_username())
5087 check_refresh_gpo_list(self
.server
, self
.lp
, self
.creds
, gpos
)
5089 self
.assertTrue(os
.path
.exists(cache
),
5090 'GPO cache %s was not created' % cache
)
5092 guid
= '{31B2F340-016D-11D2-945F-00C04FB984F9}'
5093 gpt_ini
= os
.path
.join(cache
, policies
,
5095 self
.assertTrue(os
.path
.exists(gpt_ini
),
5096 'GPT.INI was not cached for %s' % guid
)
5098 def test_check_refresh_gpo_list_malicious_paths(self
):
5099 # the path cannot contain ..
5100 path
= '/usr/local/samba/var/locks/sysvol/../../../../../../root/'
5101 self
.assertRaises(OSError, check_safe_path
, path
)
5103 self
.assertEqual(check_safe_path('/etc/passwd'), 'etc/passwd')
5104 self
.assertEqual(check_safe_path('\\\\etc/\\passwd'), 'etc/passwd')
5106 # there should be no backslashes used to delineate paths
5107 before
= 'sysvol/' + realm
+ '\\Policies/' \
5108 '{31B2F340-016D-11D2-945F-00C04FB984F9}\\GPT.INI'
5109 after
= realm
+ '/Policies/' \
5110 '{31B2F340-016D-11D2-945F-00C04FB984F9}/GPT.INI'
5111 result
= check_safe_path(before
)
5112 self
.assertEqual(result
, after
, 'check_safe_path() didn\'t'
5113 ' correctly convert \\ to /')
5115 def test_check_safe_path_typesafe_name(self
):
5116 path
= '\\\\toady.suse.de\\SysVol\\toady.suse.de\\Policies\\' \
5117 '{31B2F340-016D-11D2-945F-00C04FB984F9}\\GPT.INI'
5118 expected_path
= 'toady.suse.de/Policies/' \
5119 '{31B2F340-016D-11D2-945F-00C04FB984F9}/GPT.INI'
5121 result
= check_safe_path(path
)
5122 self
.assertEqual(result
, expected_path
,
5123 'check_safe_path unable to detect variable case sysvol components')
5125 def test_gpt_ext_register(self
):
5126 this_path
= os
.path
.dirname(os
.path
.realpath(__file__
))
5127 samba_path
= os
.path
.realpath(os
.path
.join(this_path
, '../../../'))
5128 ext_path
= os
.path
.join(samba_path
, 'python/samba/gp/gp_sec_ext.py')
5129 ext_guid
= '{827D319E-6EAC-11D2-A4EA-00C04F79F83A}'
5130 ret
= register_gp_extension(ext_guid
, 'gp_access_ext', ext_path
,
5131 smb_conf
=self
.lp
.configfile
,
5132 machine
=True, user
=False)
5133 self
.assertTrue(ret
, 'Failed to register a gp ext')
5134 gp_exts
= list_gp_extensions(self
.lp
.configfile
)
5135 self
.assertTrue(ext_guid
in gp_exts
.keys(),
5136 'Failed to list gp exts')
5137 self
.assertEqual(gp_exts
[ext_guid
]['DllName'], ext_path
,
5138 'Failed to list gp exts')
5140 unregister_gp_extension(ext_guid
)
5141 gp_exts
= list_gp_extensions(self
.lp
.configfile
)
5142 self
.assertTrue(ext_guid
not in gp_exts
.keys(),
5143 'Failed to unregister gp exts')
5145 self
.assertTrue(check_guid(ext_guid
), 'Failed to parse valid guid')
5146 self
.assertFalse(check_guid('AAAAAABBBBBBBCCC'), 'Parsed invalid guid')
5148 lp
, parser
= parse_gpext_conf(self
.lp
.configfile
)
5149 self
.assertTrue(lp
and parser
, 'parse_gpext_conf() invalid return')
5150 parser
.add_section('test_section')
5151 parser
.set('test_section', 'test_var', ext_guid
)
5152 atomic_write_conf(lp
, parser
)
5154 lp
, parser
= parse_gpext_conf(self
.lp
.configfile
)
5155 self
.assertTrue('test_section' in parser
.sections(),
5156 'test_section not found in gpext.conf')
5157 self
.assertEqual(parser
.get('test_section', 'test_var'), ext_guid
,
5158 'Failed to find test variable in gpext.conf')
5159 parser
.remove_section('test_section')
5160 atomic_write_conf(lp
, parser
)
5162 def test_gp_log_get_applied(self
):
5163 local_path
= self
.lp
.get('path', 'sysvol')
5164 guids
= ['{31B2F340-016D-11D2-945F-00C04FB984F9}',
5165 '{6AC1786C-016F-11D2-945F-00C04FB984F9}']
5166 gpofile
= '%s/' + realm
+ '/Policies/%s/MACHINE/Microsoft/' \
5167 'Windows NT/SecEdit/GptTmpl.inf'
5168 stage
= '[System Access]\nMinimumPasswordAge = 998\n'
5169 cache_dir
= self
.lp
.get('cache directory')
5170 store
= GPOStorage(os
.path
.join(cache_dir
, 'gpo.tdb'))
5172 gpttmpl
= gpofile
% (local_path
, guid
)
5173 ret
= stage_file(gpttmpl
, stage
)
5174 self
.assertTrue(ret
, 'Could not create the target %s' % gpttmpl
)
5176 ret
= gpupdate_force(self
.lp
)
5177 self
.assertEqual(ret
, 0, 'gpupdate force failed')
5179 gp_db
= store
.get_gplog(self
.dc_account
)
5181 applied_guids
= gp_db
.get_applied_guids()
5182 self
.assertEqual(len(applied_guids
), 2, 'The guids were not found')
5183 self
.assertIn(guids
[0], applied_guids
,
5184 '%s not in applied guids' % guids
[0])
5185 self
.assertIn(guids
[1], applied_guids
,
5186 '%s not in applied guids' % guids
[1])
5188 applied_settings
= gp_db
.get_applied_settings(applied_guids
)
5189 for policy
in applied_settings
:
5190 self
.assertIn('System Access', policy
[1],
5191 'System Access policies not set')
5192 self
.assertIn('minPwdAge', policy
[1]['System Access'],
5193 'minPwdAge policy not set')
5194 if policy
[0] == guids
[0]:
5195 self
.assertEqual(int(policy
[1]['System Access']['minPwdAge']),
5197 'minPwdAge policy not set')
5198 elif policy
[0] == guids
[1]:
5199 self
.assertEqual(int(policy
[1]['System Access']['minPwdAge']),
5200 days2rel_nttime(998),
5201 'minPwdAge policy not set')
5203 gpos
= get_gpo_list(self
.server
, self
.creds
, self
.lp
,
5205 del_gpos
= get_deleted_gpos_list(gp_db
, gpos
[:-1])
5206 self
.assertEqual(len(del_gpos
), 1, 'Returned delete gpos is incorrect')
5207 self
.assertEqual(guids
[-1], del_gpos
[0][0],
5208 'GUID for delete gpo is incorrect')
5209 self
.assertIn('System Access', del_gpos
[0][1],
5210 'System Access policies not set for removal')
5211 self
.assertIn('minPwdAge', del_gpos
[0][1]['System Access'],
5212 'minPwdAge policy not set for removal')
5215 gpttmpl
= gpofile
% (local_path
, guid
)
5216 unstage_file(gpttmpl
)
5218 ret
= gpupdate_unapply(self
.lp
)
5219 self
.assertEqual(ret
, 0, 'gpupdate unapply failed')
5221 def test_process_group_policy(self
):
5222 local_path
= self
.lp
.cache_path('gpo_cache')
5223 guids
= ['{31B2F340-016D-11D2-945F-00C04FB984F9}',
5224 '{6AC1786C-016F-11D2-945F-00C04FB984F9}']
5225 gpofile
= '%s/' + policies
+ '/%s/MACHINE/MICROSOFT/' \
5226 'WINDOWS NT/SECEDIT/GPTTMPL.INF'
5227 cache_dir
= self
.lp
.get('cache directory')
5228 store
= GPOStorage(os
.path
.join(cache_dir
, 'gpo.tdb'))
5230 machine_creds
= Credentials()
5231 machine_creds
.guess(self
.lp
)
5232 machine_creds
.set_machine_account()
5234 # Initialize the group policy extension
5235 ext
= gp_krb_ext(self
.lp
, machine_creds
,
5236 machine_creds
.get_username(), store
)
5238 gpos
= get_gpo_list(self
.server
, machine_creds
, self
.lp
,
5239 machine_creds
.get_username())
5241 # Include MaxClockSkew to ensure we don't fail on a key we ignore
5242 stage
= '[Kerberos Policy]\nMaxTicketAge = %d\nMaxClockSkew = 5'
5244 for i
in range(0, 2):
5245 gpttmpl
= gpofile
% (local_path
, guids
[i
])
5246 ret
= stage_file(gpttmpl
, stage
% opts
[i
])
5247 self
.assertTrue(ret
, 'Could not create the target %s' % gpttmpl
)
5250 ext
.process_group_policy([], gpos
)
5252 ret
= store
.get_int('kdc:user_ticket_lifetime')
5253 self
.assertEqual(ret
, opts
[1], 'Higher priority policy was not set')
5256 gp_db
= store
.get_gplog(machine_creds
.get_username())
5257 del_gpos
= get_deleted_gpos_list(gp_db
, [])
5258 ext
.process_group_policy(del_gpos
, [])
5260 ret
= store
.get_int('kdc:user_ticket_lifetime')
5261 self
.assertEqual(ret
, None, 'MaxTicketAge should not have applied')
5263 # Process just the first gpo
5264 ext
.process_group_policy([], gpos
[:-1])
5266 ret
= store
.get_int('kdc:user_ticket_lifetime')
5267 self
.assertEqual(ret
, opts
[0], 'Lower priority policy was not set')
5270 ext
.process_group_policy(del_gpos
, [])
5273 gpttmpl
= gpofile
% (local_path
, guid
)
5274 unstage_file(gpttmpl
)
5276 def test_gp_scripts(self
):
5277 local_path
= self
.lp
.cache_path('gpo_cache')
5278 guid
= '{31B2F340-016D-11D2-945F-00C04FB984F9}'
5279 reg_pol
= os
.path
.join(local_path
, policies
, guid
,
5280 'MACHINE/REGISTRY.POL')
5281 cache_dir
= self
.lp
.get('cache directory')
5282 store
= GPOStorage(os
.path
.join(cache_dir
, 'gpo.tdb'))
5284 machine_creds
= Credentials()
5285 machine_creds
.guess(self
.lp
)
5286 machine_creds
.set_machine_account()
5288 # Initialize the group policy extension
5289 ext
= gp_scripts_ext(self
.lp
, machine_creds
,
5290 machine_creds
.get_username(), store
)
5292 gpos
= get_gpo_list(self
.server
, machine_creds
, self
.lp
,
5293 machine_creds
.get_username())
5295 reg_key
= b
'Software\\Policies\\Samba\\Unix Settings'
5296 sections
= { b
'%s\\Daily Scripts' % reg_key
: '.cron.daily',
5297 b
'%s\\Monthly Scripts' % reg_key
: '.cron.monthly',
5298 b
'%s\\Weekly Scripts' % reg_key
: '.cron.weekly',
5299 b
'%s\\Hourly Scripts' % reg_key
: '.cron.hourly' }
5300 for keyname
in sections
.keys():
5301 # Stage the Registry.pol file with test data
5305 e
.valuename
= b
'Software\\Policies\\Samba\\Unix Settings'
5307 e
.data
= b
'echo hello world'
5308 stage
.num_entries
= 1
5310 ret
= stage_file(reg_pol
, ndr_pack(stage
))
5311 self
.assertTrue(ret
, 'Could not create the target %s' % reg_pol
)
5313 # Process all gpos, with temp output directory
5314 with
TemporaryDirectory(sections
[keyname
]) as dname
:
5315 ext
.process_group_policy([], gpos
, dname
)
5316 scripts
= os
.listdir(dname
)
5317 self
.assertEqual(len(scripts
), 1,
5318 'The %s script was not created' % keyname
.decode())
5319 out
, _
= Popen([os
.path
.join(dname
, scripts
[0])], stdout
=PIPE
).communicate()
5320 self
.assertIn(b
'hello world', out
,
5321 '%s script execution failed' % keyname
.decode())
5323 # Check that a call to gpupdate --rsop also succeeds
5325 self
.assertEqual(ret
, 0, 'gpupdate --rsop failed!')
5328 gp_db
= store
.get_gplog(machine_creds
.get_username())
5329 del_gpos
= get_deleted_gpos_list(gp_db
, [])
5330 ext
.process_group_policy(del_gpos
, [])
5331 self
.assertEqual(len(os
.listdir(dname
)), 0,
5332 'Unapply failed to cleanup scripts')
5334 # Unstage the Registry.pol file
5335 unstage_file(reg_pol
)
5337 def test_gp_sudoers(self
):
5338 local_path
= self
.lp
.cache_path('gpo_cache')
5339 guid
= '{31B2F340-016D-11D2-945F-00C04FB984F9}'
5340 reg_pol
= os
.path
.join(local_path
, policies
, guid
,
5341 'MACHINE/REGISTRY.POL')
5342 cache_dir
= self
.lp
.get('cache directory')
5343 store
= GPOStorage(os
.path
.join(cache_dir
, 'gpo.tdb'))
5345 machine_creds
= Credentials()
5346 machine_creds
.guess(self
.lp
)
5347 machine_creds
.set_machine_account()
5349 # Initialize the group policy extension
5350 ext
= gp_sudoers_ext(self
.lp
, machine_creds
,
5351 machine_creds
.get_username(), store
)
5353 gpos
= get_gpo_list(self
.server
, machine_creds
, self
.lp
,
5354 machine_creds
.get_username())
5356 # Stage the Registry.pol file with test data
5359 e
.keyname
= b
'Software\\Policies\\Samba\\Unix Settings\\Sudo Rights'
5360 e
.valuename
= b
'Software\\Policies\\Samba\\Unix Settings'
5362 e
.data
= b
'fakeu ALL=(ALL) NOPASSWD: ALL'
5363 stage
.num_entries
= 1
5365 ret
= stage_file(reg_pol
, ndr_pack(stage
))
5366 self
.assertTrue(ret
, 'Could not create the target %s' % reg_pol
)
5368 # Process all gpos, with temp output directory
5369 with
TemporaryDirectory() as dname
:
5370 ext
.process_group_policy([], gpos
, dname
)
5371 sudoers
= os
.listdir(dname
)
5372 self
.assertEqual(len(sudoers
), 1, 'The sudoer file was not created')
5373 self
.assertIn(e
.data
,
5374 open(os
.path
.join(dname
, sudoers
[0]), 'r').read(),
5375 'The sudoers entry was not applied')
5377 # Check that a call to gpupdate --rsop also succeeds
5379 self
.assertEqual(ret
, 0, 'gpupdate --rsop failed!')
5382 gp_db
= store
.get_gplog(machine_creds
.get_username())
5383 del_gpos
= get_deleted_gpos_list(gp_db
, [])
5384 ext
.process_group_policy(del_gpos
, [])
5385 self
.assertEqual(len(os
.listdir(dname
)), 0,
5386 'Unapply failed to cleanup scripts')
5388 # Unstage the Registry.pol file
5389 unstage_file(reg_pol
)
5391 def test_vgp_sudoers(self
):
5392 local_path
= self
.lp
.cache_path('gpo_cache')
5393 guid
= '{31B2F340-016D-11D2-945F-00C04FB984F9}'
5394 manifest
= os
.path
.join(local_path
, policies
, guid
, 'MACHINE',
5395 'VGP/VTLA/SUDO/SUDOERSCONFIGURATION/MANIFEST.XML')
5396 cache_dir
= self
.lp
.get('cache directory')
5397 store
= GPOStorage(os
.path
.join(cache_dir
, 'gpo.tdb'))
5399 machine_creds
= Credentials()
5400 machine_creds
.guess(self
.lp
)
5401 machine_creds
.set_machine_account()
5403 # Initialize the group policy extension
5404 ext
= vgp_sudoers_ext(self
.lp
, machine_creds
,
5405 machine_creds
.get_username(), store
)
5407 gpos
= get_gpo_list(self
.server
, machine_creds
, self
.lp
,
5408 machine_creds
.get_username())
5410 # Stage the manifest.xml file with test data
5411 stage
= etree
.Element('vgppolicy')
5412 policysetting
= etree
.Element('policysetting')
5413 stage
.append(policysetting
)
5414 version
= etree
.Element('version')
5416 policysetting
.append(version
)
5417 data
= etree
.Element('data')
5418 sudoers_entry
= etree
.Element('sudoers_entry')
5419 command
= etree
.Element('command')
5420 command
.text
= 'ALL'
5421 sudoers_entry
.append(command
)
5422 user
= etree
.Element('user')
5424 sudoers_entry
.append(user
)
5425 principal_list
= etree
.Element('listelement')
5426 principal
= etree
.Element('principal')
5427 principal
.text
= 'fakeu'
5428 principal
.attrib
['type'] = 'user'
5429 group
= etree
.Element('principal')
5430 group
.text
= 'fakeg'
5431 group
.attrib
['type'] = 'group'
5432 principal_list
.append(principal
)
5433 principal_list
.append(group
)
5434 sudoers_entry
.append(principal_list
)
5435 data
.append(sudoers_entry
)
5436 # Ensure an empty principal doesn't cause a crash
5437 sudoers_entry
= etree
.SubElement(data
, 'sudoers_entry')
5438 command
= etree
.SubElement(sudoers_entry
, 'command')
5439 command
.text
= 'ALL'
5440 user
= etree
.SubElement(sudoers_entry
, 'user')
5442 # Ensure having dispersed principals still works
5443 sudoers_entry
= etree
.SubElement(data
, 'sudoers_entry')
5444 command
= etree
.SubElement(sudoers_entry
, 'command')
5445 command
.text
= 'ALL'
5446 user
= etree
.SubElement(sudoers_entry
, 'user')
5448 listelement
= etree
.SubElement(sudoers_entry
, 'listelement')
5449 principal
= etree
.SubElement(listelement
, 'principal')
5450 principal
.text
= 'fakeu2'
5451 principal
.attrib
['type'] = 'user'
5452 listelement
= etree
.SubElement(sudoers_entry
, 'listelement')
5453 group
= etree
.SubElement(listelement
, 'principal')
5454 group
.text
= 'fakeg2'
5455 group
.attrib
['type'] = 'group'
5456 policysetting
.append(data
)
5457 ret
= stage_file(manifest
, etree
.tostring(stage
))
5458 self
.assertTrue(ret
, 'Could not create the target %s' % manifest
)
5460 # Process all gpos, with temp output directory
5461 data
= 'fakeu,fakeg% ALL=(ALL) NOPASSWD: ALL'
5462 data2
= 'fakeu2,fakeg2% ALL=(ALL) NOPASSWD: ALL'
5463 data_no_principal
= 'ALL ALL=(ALL) NOPASSWD: ALL'
5464 with
TemporaryDirectory() as dname
:
5465 ext
.process_group_policy([], gpos
, dname
)
5466 sudoers
= os
.listdir(dname
)
5467 self
.assertEqual(len(sudoers
), 3, 'The sudoer file was not created')
5468 output
= open(os
.path
.join(dname
, sudoers
[0]), 'r').read() + \
5469 open(os
.path
.join(dname
, sudoers
[1]), 'r').read() + \
5470 open(os
.path
.join(dname
, sudoers
[2]), 'r').read()
5471 self
.assertIn(data
, output
,
5472 'The sudoers entry was not applied')
5473 self
.assertIn(data2
, output
,
5474 'The sudoers entry was not applied')
5475 self
.assertIn(data_no_principal
, output
,
5476 'The sudoers entry was not applied')
5478 # Check that a call to gpupdate --rsop also succeeds
5480 self
.assertEqual(ret
, 0, 'gpupdate --rsop failed!')
5483 gp_db
= store
.get_gplog(machine_creds
.get_username())
5484 del_gpos
= get_deleted_gpos_list(gp_db
, [])
5485 ext
.process_group_policy(del_gpos
, [])
5486 self
.assertEqual(len(os
.listdir(dname
)), 0,
5487 'Unapply failed to cleanup scripts')
5489 # Unstage the Registry.pol file
5490 unstage_file(manifest
)
5492 def test_gp_inf_ext_utf(self
):
5493 cache_dir
= self
.lp
.get('cache directory')
5494 store
= GPOStorage(os
.path
.join(cache_dir
, 'gpo.tdb'))
5496 machine_creds
= Credentials()
5497 machine_creds
.guess(self
.lp
)
5498 machine_creds
.set_machine_account()
5500 ext
= gp_inf_ext(self
.lp
, machine_creds
,
5501 machine_creds
.get_username(), store
)
5502 test_data
= '[Kerberos Policy]\nMaxTicketAge = 99\n'
5504 with
NamedTemporaryFile() as f
:
5505 with codecs
.open(f
.name
, 'w', 'utf-16') as w
:
5508 inf_conf
= ext
.read(f
.name
)
5509 except UnicodeDecodeError:
5510 self
.fail('Failed to parse utf-16')
5511 self
.assertIn('Kerberos Policy', inf_conf
.keys(),
5512 'Kerberos Policy was not read from the file')
5513 self
.assertEqual(inf_conf
.get('Kerberos Policy', 'MaxTicketAge'),
5514 '99', 'MaxTicketAge was not read from the file')
5516 with
NamedTemporaryFile() as f
:
5517 with codecs
.open(f
.name
, 'w', 'utf-8') as w
:
5519 inf_conf
= ext
.read(f
.name
)
5520 self
.assertIn('Kerberos Policy', inf_conf
.keys(),
5521 'Kerberos Policy was not read from the file')
5522 self
.assertEqual(inf_conf
.get('Kerberos Policy', 'MaxTicketAge'),
5523 '99', 'MaxTicketAge was not read from the file')
5525 def test_rsop(self
):
5526 cache_dir
= self
.lp
.get('cache directory')
5527 local_path
= self
.lp
.cache_path('gpo_cache')
5528 store
= GPOStorage(os
.path
.join(cache_dir
, 'gpo.tdb'))
5530 machine_creds
= Credentials()
5531 machine_creds
.guess(self
.lp
)
5532 machine_creds
.set_machine_account()
5534 gpos
= get_gpo_list(self
.server
, machine_creds
, self
.lp
,
5535 machine_creds
.get_username())
5538 gp_extensions
.append(gp_krb_ext
)
5539 gp_extensions
.append(gp_scripts_ext
)
5540 gp_extensions
.append(gp_sudoers_ext
)
5541 gp_extensions
.append(gp_smb_conf_ext
)
5542 gp_extensions
.append(gp_msgs_ext
)
5544 # Create registry stage data
5545 reg_pol
= os
.path
.join(local_path
, policies
, '%s/MACHINE/REGISTRY.POL')
5546 reg_stage
= preg
.file()
5548 e
.keyname
= b
'Software\\Policies\\Samba\\Unix Settings\\Daily Scripts'
5549 e
.valuename
= b
'Software\\Policies\\Samba\\Unix Settings'
5551 e
.data
= b
'echo hello world'
5553 e2
.keyname
= b
'Software\\Policies\\Samba\\Unix Settings\\Sudo Rights'
5554 e2
.valuename
= b
'Software\\Policies\\Samba\\Unix Settings'
5556 e2
.data
= b
'fakeu ALL=(ALL) NOPASSWD: ALL'
5558 e3
.keyname
= 'Software\\Policies\\Samba\\smb_conf\\apply group policies'
5561 e3
.valuename
= 'apply group policies'
5563 e4
.keyname
= b
'Software\\Policies\\Samba\\Unix Settings\\Messages'
5564 e4
.valuename
= b
'issue'
5566 e4
.data
= b
'Welcome to \\s \\r \\l'
5567 reg_stage
.num_entries
= 4
5568 reg_stage
.entries
= [e
, e2
, e3
, e4
]
5570 # Create krb stage date
5571 gpofile
= os
.path
.join(local_path
, policies
, '%s/MACHINE/MICROSOFT/' \
5572 'WINDOWS NT/SECEDIT/GPTTMPL.INF')
5573 krb_stage
= '[Kerberos Policy]\nMaxTicketAge = 99\n' \
5574 '[System Access]\nMinimumPasswordAge = 998\n'
5576 for g
in [g
for g
in gpos
if g
.file_sys_path
]:
5577 ret
= stage_file(gpofile
% g
.name
, krb_stage
)
5578 self
.assertTrue(ret
, 'Could not create the target %s' %
5580 ret
= stage_file(reg_pol
% g
.name
, ndr_pack(reg_stage
))
5581 self
.assertTrue(ret
, 'Could not create the target %s' %
5583 for ext
in gp_extensions
:
5584 ext
= ext(self
.lp
, machine_creds
,
5585 machine_creds
.get_username(), store
)
5587 self
.assertEqual(len(ret
.keys()), 1,
5588 'A single policy should have been displayed')
5590 # Check the Security Extension
5591 if type(ext
) == gp_krb_ext
:
5592 self
.assertIn('Kerberos Policy', ret
.keys(),
5593 'Kerberos Policy not found')
5594 self
.assertIn('MaxTicketAge', ret
['Kerberos Policy'],
5595 'MaxTicketAge setting not found')
5596 self
.assertEqual(ret
['Kerberos Policy']['MaxTicketAge'], '99',
5597 'MaxTicketAge was not set to 99')
5598 # Check the Scripts Extension
5599 elif type(ext
) == gp_scripts_ext
:
5600 self
.assertIn('Daily Scripts', ret
.keys(),
5601 'Daily Scripts not found')
5602 self
.assertIn('echo hello world', ret
['Daily Scripts'],
5603 'Daily script was not created')
5604 # Check the Sudoers Extension
5605 elif type(ext
) == gp_sudoers_ext
:
5606 self
.assertIn('Sudo Rights', ret
.keys(),
5607 'Sudoers not found')
5608 self
.assertIn('fakeu ALL=(ALL) NOPASSWD: ALL',
5610 'Sudoers policy not created')
5611 # Check the smb.conf Extension
5612 elif type(ext
) == gp_smb_conf_ext
:
5613 self
.assertIn('smb.conf', ret
.keys(),
5614 'apply group policies was not applied')
5615 self
.assertIn(e3
.valuename
, ret
['smb.conf'],
5616 'apply group policies was not applied')
5617 self
.assertEqual(ret
['smb.conf'][e3
.valuename
], e3
.data
,
5618 'apply group policies was not set')
5619 # Check the Messages Extension
5620 elif type(ext
) == gp_msgs_ext
:
5621 self
.assertIn('/etc/issue', ret
,
5622 'Login Prompt Message not applied')
5623 self
.assertEqual(ret
['/etc/issue'], e4
.data
,
5624 'Login Prompt Message not set')
5626 # Check that a call to gpupdate --rsop also succeeds
5628 self
.assertEqual(ret
, 0, 'gpupdate --rsop failed!')
5630 unstage_file(gpofile
% g
.name
)
5631 unstage_file(reg_pol
% g
.name
)
5633 def test_gp_unapply(self
):
5634 cache_dir
= self
.lp
.get('cache directory')
5635 local_path
= self
.lp
.cache_path('gpo_cache')
5636 guid
= '{31B2F340-016D-11D2-945F-00C04FB984F9}'
5637 store
= GPOStorage(os
.path
.join(cache_dir
, 'gpo.tdb'))
5639 machine_creds
= Credentials()
5640 machine_creds
.guess(self
.lp
)
5641 machine_creds
.set_machine_account()
5643 gpos
= get_gpo_list(self
.server
, machine_creds
, self
.lp
,
5644 machine_creds
.get_username())
5647 gp_extensions
.append(gp_krb_ext
)
5648 gp_extensions
.append(gp_scripts_ext
)
5649 gp_extensions
.append(gp_sudoers_ext
)
5651 # Create registry stage data
5652 reg_pol
= os
.path
.join(local_path
, policies
, '%s/MACHINE/REGISTRY.POL')
5653 reg_stage
= preg
.file()
5655 e
.keyname
= b
'Software\\Policies\\Samba\\Unix Settings\\Daily Scripts'
5656 e
.valuename
= b
'Software\\Policies\\Samba\\Unix Settings'
5658 e
.data
= b
'echo hello world'
5660 e2
.keyname
= b
'Software\\Policies\\Samba\\Unix Settings\\Sudo Rights'
5661 e2
.valuename
= b
'Software\\Policies\\Samba\\Unix Settings'
5663 e2
.data
= b
'fakeu ALL=(ALL) NOPASSWD: ALL'
5664 reg_stage
.num_entries
= 2
5665 reg_stage
.entries
= [e
, e2
]
5667 # Create krb stage date
5668 gpofile
= os
.path
.join(local_path
, policies
, '%s/MACHINE/MICROSOFT/' \
5669 'WINDOWS NT/SECEDIT/GPTTMPL.INF')
5670 krb_stage
= '[Kerberos Policy]\nMaxTicketAge = 99\n'
5672 ret
= stage_file(gpofile
% guid
, krb_stage
)
5673 self
.assertTrue(ret
, 'Could not create the target %s' %
5675 ret
= stage_file(reg_pol
% guid
, ndr_pack(reg_stage
))
5676 self
.assertTrue(ret
, 'Could not create the target %s' %
5679 # Process all gpos, with temp output directory
5681 with
TemporaryDirectory() as dname
:
5682 for ext
in gp_extensions
:
5683 ext
= ext(self
.lp
, machine_creds
,
5684 machine_creds
.get_username(), store
)
5685 if type(ext
) == gp_krb_ext
:
5686 ext
.process_group_policy([], gpos
)
5687 ret
= store
.get_int('kdc:user_ticket_lifetime')
5688 self
.assertEqual(ret
, 99, 'Kerberos policy was not set')
5689 elif type(ext
) in [gp_scripts_ext
, gp_sudoers_ext
]:
5690 ext
.process_group_policy([], gpos
, dname
)
5691 gp_db
= store
.get_gplog(machine_creds
.get_username())
5692 applied_settings
= gp_db
.get_applied_settings([guid
])
5693 for _
, fname
in applied_settings
[-1][-1][str(ext
)].items():
5694 fname
= fname
.split(':')[-1]
5695 self
.assertIn(dname
, fname
,
5696 'Test file not created in tmp dir')
5697 self
.assertTrue(os
.path
.exists(fname
),
5698 'Test file not created')
5699 remove
.append(fname
)
5701 # Unapply policy, and ensure policies are removed
5702 gpupdate_unapply(self
.lp
)
5704 for fname
in remove
:
5705 self
.assertFalse(os
.path
.exists(fname
),
5706 'Unapply did not remove test file')
5707 ret
= store
.get_int('kdc:user_ticket_lifetime')
5708 self
.assertNotEqual(ret
, 99, 'Kerberos policy was not unapplied')
5710 unstage_file(gpofile
% guid
)
5711 unstage_file(reg_pol
% guid
)
5713 def test_smb_conf_ext(self
):
5714 local_path
= self
.lp
.cache_path('gpo_cache')
5715 guid
= '{31B2F340-016D-11D2-945F-00C04FB984F9}'
5716 reg_pol
= os
.path
.join(local_path
, policies
, guid
,
5717 'MACHINE/REGISTRY.POL')
5718 cache_dir
= self
.lp
.get('cache directory')
5719 store
= GPOStorage(os
.path
.join(cache_dir
, 'gpo.tdb'))
5721 machine_creds
= Credentials()
5722 machine_creds
.guess(self
.lp
)
5723 machine_creds
.set_machine_account()
5725 gpos
= get_gpo_list(self
.server
, machine_creds
, self
.lp
,
5726 machine_creds
.get_username())
5730 e
.keyname
= 'Software\\Policies\\Samba\\smb_conf\\template homedir'
5732 e
.data
= '/home/samba/%D/%U'
5733 e
.valuename
= 'template homedir'
5736 e
.keyname
= 'Software\\Policies\\Samba\\smb_conf\\apply group policies'
5739 e
.valuename
= 'apply group policies'
5742 e
.keyname
= 'Software\\Policies\\Samba\\smb_conf\\ldap timeout'
5745 e
.valuename
= 'ldap timeout'
5748 stage
.num_entries
= len(entries
)
5749 stage
.entries
= entries
5751 ret
= stage_file(reg_pol
, ndr_pack(stage
))
5752 self
.assertTrue(ret
, 'Failed to create the Registry.pol file')
5754 with
NamedTemporaryFile(suffix
='_smb.conf') as f
:
5755 copyfile(self
.lp
.configfile
, f
.name
)
5756 lp
= LoadParm(f
.name
)
5758 # Initialize the group policy extension
5759 ext
= gp_smb_conf_ext(lp
, machine_creds
,
5760 machine_creds
.get_username(), store
)
5761 ext
.process_group_policy([], gpos
)
5762 lp
= LoadParm(f
.name
)
5764 template_homedir
= lp
.get('template homedir')
5765 self
.assertEqual(template_homedir
, '/home/samba/%D/%U',
5766 'template homedir was not applied')
5767 apply_group_policies
= lp
.get('apply group policies')
5768 self
.assertTrue(apply_group_policies
,
5769 'apply group policies was not applied')
5770 ldap_timeout
= lp
.get('ldap timeout')
5771 self
.assertEqual(ldap_timeout
, 9999, 'ldap timeout was not applied')
5773 # Check that a call to gpupdate --rsop also succeeds
5775 self
.assertEqual(ret
, 0, 'gpupdate --rsop failed!')
5778 gp_db
= store
.get_gplog(machine_creds
.get_username())
5779 del_gpos
= get_deleted_gpos_list(gp_db
, [])
5780 ext
.process_group_policy(del_gpos
, [])
5782 lp
= LoadParm(f
.name
)
5784 template_homedir
= lp
.get('template homedir')
5785 self
.assertEqual(template_homedir
, self
.lp
.get('template homedir'),
5786 'template homedir was not unapplied')
5787 apply_group_policies
= lp
.get('apply group policies')
5788 self
.assertEqual(apply_group_policies
, self
.lp
.get('apply group policies'),
5789 'apply group policies was not unapplied')
5790 ldap_timeout
= lp
.get('ldap timeout')
5791 self
.assertEqual(ldap_timeout
, self
.lp
.get('ldap timeout'),
5792 'ldap timeout was not unapplied')
5794 # Unstage the Registry.pol file
5795 unstage_file(reg_pol
)
5797 def test_gp_motd(self
):
5798 local_path
= self
.lp
.cache_path('gpo_cache')
5799 guid
= '{31B2F340-016D-11D2-945F-00C04FB984F9}'
5800 reg_pol
= os
.path
.join(local_path
, policies
, guid
,
5801 'MACHINE/REGISTRY.POL')
5802 cache_dir
= self
.lp
.get('cache directory')
5803 store
= GPOStorage(os
.path
.join(cache_dir
, 'gpo.tdb'))
5805 machine_creds
= Credentials()
5806 machine_creds
.guess(self
.lp
)
5807 machine_creds
.set_machine_account()
5809 # Initialize the group policy extension
5810 ext
= gp_msgs_ext(self
.lp
, machine_creds
,
5811 machine_creds
.get_username(), store
)
5813 gpos
= get_gpo_list(self
.server
, machine_creds
, self
.lp
,
5814 machine_creds
.get_username())
5816 # Stage the Registry.pol file with test data
5819 e1
.keyname
= b
'Software\\Policies\\Samba\\Unix Settings\\Messages'
5820 e1
.valuename
= b
'motd'
5822 e1
.data
= b
'Have a lot of fun!'
5823 stage
.num_entries
= 2
5825 e2
.keyname
= b
'Software\\Policies\\Samba\\Unix Settings\\Messages'
5826 e2
.valuename
= b
'issue'
5828 e2
.data
= b
'Welcome to \\s \\r \\l'
5829 stage
.entries
= [e1
, e2
]
5830 ret
= stage_file(reg_pol
, ndr_pack(stage
))
5831 self
.assertTrue(ret
, 'Could not create the target %s' % reg_pol
)
5833 # Process all gpos, with temp output directory
5834 with
TemporaryDirectory() as dname
:
5835 ext
.process_group_policy([], gpos
, dname
)
5836 motd_file
= os
.path
.join(dname
, 'motd')
5837 self
.assertTrue(os
.path
.exists(motd_file
),
5838 'Message of the day file not created')
5839 data
= open(motd_file
, 'r').read()
5840 self
.assertEqual(data
, e1
.data
, 'Message of the day not applied')
5841 issue_file
= os
.path
.join(dname
, 'issue')
5842 self
.assertTrue(os
.path
.exists(issue_file
),
5843 'Login Prompt Message file not created')
5844 data
= open(issue_file
, 'r').read()
5845 self
.assertEqual(data
, e2
.data
, 'Login Prompt Message not applied')
5847 # Check that a call to gpupdate --rsop also succeeds
5849 self
.assertEqual(ret
, 0, 'gpupdate --rsop failed!')
5851 # Unapply policy, and ensure the test files are removed
5852 gp_db
= store
.get_gplog(machine_creds
.get_username())
5853 del_gpos
= get_deleted_gpos_list(gp_db
, [])
5854 ext
.process_group_policy(del_gpos
, [], dname
)
5855 data
= open(motd_file
, 'r').read()
5856 self
.assertFalse(data
, 'Message of the day file not removed')
5857 data
= open(issue_file
, 'r').read()
5858 self
.assertFalse(data
, 'Login Prompt Message file not removed')
5860 # Unstage the Registry.pol file
5861 unstage_file(reg_pol
)
5863 def test_vgp_symlink(self
):
5864 local_path
= self
.lp
.cache_path('gpo_cache')
5865 guid
= '{31B2F340-016D-11D2-945F-00C04FB984F9}'
5866 manifest
= os
.path
.join(local_path
, policies
, guid
, 'MACHINE',
5867 'VGP/VTLA/UNIX/SYMLINK/MANIFEST.XML')
5868 cache_dir
= self
.lp
.get('cache directory')
5869 store
= GPOStorage(os
.path
.join(cache_dir
, 'gpo.tdb'))
5871 machine_creds
= Credentials()
5872 machine_creds
.guess(self
.lp
)
5873 machine_creds
.set_machine_account()
5875 # Initialize the group policy extension
5876 ext
= vgp_symlink_ext(self
.lp
, machine_creds
,
5877 machine_creds
.get_username(), store
)
5879 gpos
= get_gpo_list(self
.server
, machine_creds
, self
.lp
,
5880 machine_creds
.get_username())
5882 with
TemporaryDirectory() as dname
:
5883 test_source
= os
.path
.join(dname
, 'test.source')
5884 test_target
= os
.path
.join(dname
, 'test.target')
5886 # Stage the manifest.xml file with test data
5887 stage
= etree
.Element('vgppolicy')
5888 policysetting
= etree
.Element('policysetting')
5889 stage
.append(policysetting
)
5890 version
= etree
.Element('version')
5892 policysetting
.append(version
)
5893 data
= etree
.Element('data')
5894 file_properties
= etree
.Element('file_properties')
5895 source
= etree
.Element('source')
5896 source
.text
= test_source
5897 file_properties
.append(source
)
5898 target
= etree
.Element('target')
5899 target
.text
= test_target
5900 file_properties
.append(target
)
5901 data
.append(file_properties
)
5902 policysetting
.append(data
)
5903 ret
= stage_file(manifest
, etree
.tostring(stage
))
5904 self
.assertTrue(ret
, 'Could not create the target %s' % manifest
)
5906 # Create test source
5907 test_source_data
= 'hello world!'
5908 with
open(test_source
, 'w') as w
:
5909 w
.write(test_source_data
)
5911 # Process all gpos, with temp output directory
5912 ext
.process_group_policy([], gpos
)
5913 self
.assertTrue(os
.path
.exists(test_target
),
5914 'The test symlink was not created')
5915 self
.assertTrue(os
.path
.islink(test_target
),
5916 'The test file is not a symlink')
5917 self
.assertIn(test_source_data
, open(test_target
, 'r').read(),
5918 'Reading from symlink does not produce source data')
5920 # Unapply the policy, ensure removal
5921 gp_db
= store
.get_gplog(machine_creds
.get_username())
5922 del_gpos
= get_deleted_gpos_list(gp_db
, [])
5923 ext
.process_group_policy(del_gpos
, [])
5924 self
.assertFalse(os
.path
.exists(test_target
),
5925 'The test symlink was not delete')
5928 ret
= ext
.rsop([g
for g
in gpos
if g
.name
== guid
][0])
5929 self
.assertIn('ln -s %s %s' % (test_source
, test_target
),
5930 list(ret
.values())[0])
5932 # Check that a call to gpupdate --rsop also succeeds
5934 self
.assertEqual(ret
, 0, 'gpupdate --rsop failed!')
5936 # Unstage the manifest.xml file
5937 unstage_file(manifest
)
5939 def test_vgp_files(self
):
5940 local_path
= self
.lp
.cache_path('gpo_cache')
5941 guid
= '{31B2F340-016D-11D2-945F-00C04FB984F9}'
5942 manifest
= os
.path
.join(local_path
, policies
, guid
, 'MACHINE',
5943 'VGP/VTLA/UNIX/FILES/MANIFEST.XML')
5944 source_file
= os
.path
.join(os
.path
.dirname(manifest
), 'TEST.SOURCE')
5945 source_data
= '#!/bin/sh\necho hello world'
5946 ret
= stage_file(source_file
, source_data
)
5947 self
.assertTrue(ret
, 'Could not create the target %s' % source_file
)
5948 cache_dir
= self
.lp
.get('cache directory')
5949 store
= GPOStorage(os
.path
.join(cache_dir
, 'gpo.tdb'))
5951 machine_creds
= Credentials()
5952 machine_creds
.guess(self
.lp
)
5953 machine_creds
.set_machine_account()
5955 # Initialize the group policy extension
5956 ext
= vgp_files_ext(self
.lp
, machine_creds
,
5957 machine_creds
.get_username(), store
)
5959 gpos
= get_gpo_list(self
.server
, machine_creds
, self
.lp
,
5960 machine_creds
.get_username())
5962 # Stage the manifest.xml file with test data
5963 with
TemporaryDirectory() as dname
:
5964 stage
= etree
.Element('vgppolicy')
5965 policysetting
= etree
.Element('policysetting')
5966 stage
.append(policysetting
)
5967 version
= etree
.Element('version')
5969 policysetting
.append(version
)
5970 data
= etree
.Element('data')
5971 file_properties
= etree
.SubElement(data
, 'file_properties')
5972 source
= etree
.SubElement(file_properties
, 'source')
5973 source
.text
= os
.path
.basename(source_file
).lower()
5974 target
= etree
.SubElement(file_properties
, 'target')
5975 target
.text
= os
.path
.join(dname
, 'test.target')
5976 user
= etree
.SubElement(file_properties
, 'user')
5977 user
.text
= pwd
.getpwuid(os
.getuid()).pw_name
5978 group
= etree
.SubElement(file_properties
, 'group')
5979 group
.text
= grp
.getgrgid(os
.getgid()).gr_name
5980 # Request permissions of 755
5981 permissions
= etree
.SubElement(file_properties
, 'permissions')
5982 permissions
.set('type', 'user')
5983 etree
.SubElement(permissions
, 'read')
5984 etree
.SubElement(permissions
, 'write')
5985 etree
.SubElement(permissions
, 'execute')
5986 permissions
= etree
.SubElement(file_properties
, 'permissions')
5987 permissions
.set('type', 'group')
5988 etree
.SubElement(permissions
, 'read')
5989 etree
.SubElement(permissions
, 'execute')
5990 permissions
= etree
.SubElement(file_properties
, 'permissions')
5991 permissions
.set('type', 'other')
5992 etree
.SubElement(permissions
, 'read')
5993 etree
.SubElement(permissions
, 'execute')
5994 policysetting
.append(data
)
5995 ret
= stage_file(manifest
, etree
.tostring(stage
))
5996 self
.assertTrue(ret
, 'Could not create the target %s' % manifest
)
5998 # Process all gpos, with temp output directory
5999 ext
.process_group_policy([], gpos
)
6000 self
.assertTrue(os
.path
.exists(target
.text
),
6001 'The target file does not exist')
6002 self
.assertEqual(os
.stat(target
.text
).st_mode
& 0o777, 0o755,
6003 'The target file permissions are incorrect')
6004 self
.assertEqual(open(target
.text
).read(), source_data
,
6005 'The target file contents are incorrect')
6008 gp_db
= store
.get_gplog(machine_creds
.get_username())
6009 del_gpos
= get_deleted_gpos_list(gp_db
, [])
6010 ext
.process_group_policy(del_gpos
, [])
6011 self
.assertFalse(os
.path
.exists(target
.text
),
6012 'The target file was not removed')
6015 g
= [g
for g
in gpos
if g
.name
== guid
][0]
6017 self
.assertIn(target
.text
, list(ret
.values())[0][0],
6018 'The target file was not listed by rsop')
6019 self
.assertIn('-rwxr-xr-x', list(ret
.values())[0][0],
6020 'The target permissions were not listed by rsop')
6022 # Check that a call to gpupdate --rsop also succeeds
6024 self
.assertEqual(ret
, 0, 'gpupdate --rsop failed!')
6026 # Unstage the manifest and source files
6027 unstage_file(manifest
)
6028 unstage_file(source_file
)
6030 def test_vgp_openssh(self
):
6031 local_path
= self
.lp
.cache_path('gpo_cache')
6032 guid
= '{31B2F340-016D-11D2-945F-00C04FB984F9}'
6033 manifest
= os
.path
.join(local_path
, policies
, guid
, 'MACHINE',
6034 'VGP/VTLA/SSHCFG/SSHD/MANIFEST.XML')
6035 cache_dir
= self
.lp
.get('cache directory')
6036 store
= GPOStorage(os
.path
.join(cache_dir
, 'gpo.tdb'))
6038 machine_creds
= Credentials()
6039 machine_creds
.guess(self
.lp
)
6040 machine_creds
.set_machine_account()
6042 # Initialize the group policy extension
6043 ext
= vgp_openssh_ext(self
.lp
, machine_creds
,
6044 machine_creds
.get_username(), store
)
6046 gpos
= get_gpo_list(self
.server
, machine_creds
, self
.lp
,
6047 machine_creds
.get_username())
6049 # Stage the manifest.xml file with test data
6050 stage
= etree
.Element('vgppolicy')
6051 policysetting
= etree
.Element('policysetting')
6052 stage
.append(policysetting
)
6053 version
= etree
.Element('version')
6055 policysetting
.append(version
)
6056 data
= etree
.Element('data')
6057 configfile
= etree
.Element('configfile')
6058 configsection
= etree
.Element('configsection')
6059 sectionname
= etree
.Element('sectionname')
6060 configsection
.append(sectionname
)
6061 kvpair
= etree
.Element('keyvaluepair')
6062 key
= etree
.Element('key')
6063 key
.text
= 'AddressFamily'
6065 value
= etree
.Element('value')
6066 value
.text
= 'inet6'
6067 kvpair
.append(value
)
6068 configsection
.append(kvpair
)
6069 configfile
.append(configsection
)
6070 data
.append(configfile
)
6071 policysetting
.append(data
)
6072 ret
= stage_file(manifest
, etree
.tostring(stage
))
6073 self
.assertTrue(ret
, 'Could not create the target %s' % manifest
)
6075 # Process all gpos, with temp output directory
6076 data
= 'AddressFamily inet6'
6077 with
TemporaryDirectory() as dname
:
6078 ext
.process_group_policy([], gpos
, dname
)
6079 conf
= os
.listdir(dname
)
6080 self
.assertEqual(len(conf
), 1, 'The conf file was not created')
6081 gp_cfg
= os
.path
.join(dname
, conf
[0])
6082 self
.assertIn(data
, open(gp_cfg
, 'r').read(),
6083 'The sshd_config entry was not applied')
6085 # Check that a call to gpupdate --rsop also succeeds
6087 self
.assertEqual(ret
, 0, 'gpupdate --rsop failed!')
6090 gp_db
= store
.get_gplog(machine_creds
.get_username())
6091 del_gpos
= get_deleted_gpos_list(gp_db
, [])
6092 ext
.process_group_policy(del_gpos
, [], dname
)
6093 self
.assertFalse(os
.path
.exists(gp_cfg
),
6094 'Unapply failed to cleanup config')
6096 # Unstage the Registry.pol file
6097 unstage_file(manifest
)
6099 def test_vgp_startup_scripts(self
):
6100 local_path
= self
.lp
.cache_path('gpo_cache')
6101 guid
= '{31B2F340-016D-11D2-945F-00C04FB984F9}'
6102 manifest
= os
.path
.join(local_path
, policies
, guid
, 'MACHINE',
6103 'VGP/VTLA/UNIX/SCRIPTS/STARTUP/MANIFEST.XML')
6104 test_script
= os
.path
.join(os
.path
.dirname(manifest
), 'TEST.SH')
6105 test_data
= '#!/bin/sh\necho $@ hello world'
6106 ret
= stage_file(test_script
, test_data
)
6107 self
.assertTrue(ret
, 'Could not create the target %s' % test_script
)
6108 cache_dir
= self
.lp
.get('cache directory')
6109 store
= GPOStorage(os
.path
.join(cache_dir
, 'gpo.tdb'))
6111 machine_creds
= Credentials()
6112 machine_creds
.guess(self
.lp
)
6113 machine_creds
.set_machine_account()
6115 # Initialize the group policy extension
6116 ext
= vgp_startup_scripts_ext(self
.lp
, machine_creds
,
6117 machine_creds
.get_username(), store
)
6119 gpos
= get_gpo_list(self
.server
, machine_creds
, self
.lp
,
6120 machine_creds
.get_username())
6122 # Stage the manifest.xml file with test data
6123 stage
= etree
.Element('vgppolicy')
6124 policysetting
= etree
.SubElement(stage
, 'policysetting')
6125 version
= etree
.SubElement(policysetting
, 'version')
6127 data
= etree
.SubElement(policysetting
, 'data')
6128 listelement
= etree
.SubElement(data
, 'listelement')
6129 script
= etree
.SubElement(listelement
, 'script')
6130 script
.text
= os
.path
.basename(test_script
).lower()
6131 parameters
= etree
.SubElement(listelement
, 'parameters')
6132 parameters
.text
= '-n'
6133 hash = etree
.SubElement(listelement
, 'hash')
6135 hashlib
.md5(open(test_script
, 'rb').read()).hexdigest().upper()
6136 run_as
= etree
.SubElement(listelement
, 'run_as')
6137 run_as
.text
= 'root'
6138 ret
= stage_file(manifest
, etree
.tostring(stage
))
6139 self
.assertTrue(ret
, 'Could not create the target %s' % manifest
)
6141 # Process all gpos, with temp output directory
6142 with
TemporaryDirectory() as dname
:
6143 ext
.process_group_policy([], gpos
, dname
)
6144 files
= os
.listdir(dname
)
6145 self
.assertEqual(len(files
), 1,
6146 'The target script was not created')
6147 entry
= '@reboot %s %s %s' % (run_as
.text
, test_script
,
6149 self
.assertIn(entry
,
6150 open(os
.path
.join(dname
, files
[0]), 'r').read(),
6151 'The test entry was not found')
6154 gp_db
= store
.get_gplog(machine_creds
.get_username())
6155 del_gpos
= get_deleted_gpos_list(gp_db
, [])
6156 ext
.process_group_policy(del_gpos
, [])
6157 files
= os
.listdir(dname
)
6158 self
.assertEqual(len(files
), 0,
6159 'The target script was not removed')
6162 g
= [g
for g
in gpos
if g
.name
== guid
][0]
6164 self
.assertIn(entry
, list(ret
.values())[0][0],
6165 'The target entry was not listed by rsop')
6167 # Check that a call to gpupdate --rsop also succeeds
6169 self
.assertEqual(ret
, 0, 'gpupdate --rsop failed!')
6171 # Unstage the manifest.xml and script files
6172 unstage_file(manifest
)
6174 # Stage the manifest.xml file for run once scripts
6175 etree
.SubElement(listelement
, 'run_once')
6176 run_as
.text
= pwd
.getpwuid(os
.getuid()).pw_name
6177 ret
= stage_file(manifest
, etree
.tostring(stage
))
6178 self
.assertTrue(ret
, 'Could not create the target %s' % manifest
)
6180 # Process all gpos, with temp output directory
6181 # A run once script will be executed immediately,
6182 # instead of creating a cron job
6183 with
TemporaryDirectory() as dname
:
6184 test_file
= '%s/TESTING.txt' % dname
6185 test_data
= '#!/bin/sh\ntouch %s' % test_file
6186 ret
= stage_file(test_script
, test_data
)
6187 self
.assertTrue(ret
, 'Could not create the target %s' % test_script
)
6189 ext
.process_group_policy([], gpos
, dname
)
6190 files
= os
.listdir(dname
)
6191 self
.assertEqual(len(files
), 1,
6192 'The test file was not created')
6193 self
.assertEqual(files
[0], os
.path
.basename(test_file
),
6194 'The test file was not created')
6196 # Unlink the test file and ensure that processing
6197 # policy again does not recreate it.
6198 os
.unlink(test_file
)
6199 ext
.process_group_policy([], gpos
, dname
)
6200 files
= os
.listdir(dname
)
6201 self
.assertEqual(len(files
), 0,
6202 'The test file should not have been created')
6205 gp_db
= store
.get_gplog(machine_creds
.get_username())
6206 del_gpos
= get_deleted_gpos_list(gp_db
, [])
6207 ext
.process_group_policy(del_gpos
, [])
6210 entry
= 'Run once as: %s `%s %s`' % (run_as
.text
, test_script
,
6212 g
= [g
for g
in gpos
if g
.name
== guid
][0]
6214 self
.assertIn(entry
, list(ret
.values())[0][0],
6215 'The target entry was not listed by rsop')
6217 # Check that a call to gpupdate --rsop also succeeds
6219 self
.assertEqual(ret
, 0, 'gpupdate --rsop failed!')
6221 # Unstage the manifest.xml and script files
6222 unstage_file(manifest
)
6224 # Stage the manifest.xml file for a script without parameters
6225 stage
= etree
.Element('vgppolicy')
6226 policysetting
= etree
.SubElement(stage
, 'policysetting')
6227 version
= etree
.SubElement(policysetting
, 'version')
6229 data
= etree
.SubElement(policysetting
, 'data')
6230 listelement
= etree
.SubElement(data
, 'listelement')
6231 script
= etree
.SubElement(listelement
, 'script')
6232 script
.text
= os
.path
.basename(test_script
).lower()
6233 hash = etree
.SubElement(listelement
, 'hash')
6235 hashlib
.md5(open(test_script
, 'rb').read()).hexdigest().upper()
6236 run_as
= etree
.SubElement(listelement
, 'run_as')
6237 run_as
.text
= 'root'
6238 ret
= stage_file(manifest
, etree
.tostring(stage
))
6239 self
.assertTrue(ret
, 'Could not create the target %s' % manifest
)
6241 # Process all gpos, with temp output directory
6242 with
TemporaryDirectory() as dname
:
6244 ext
.process_group_policy([], gpos
, dname
)
6245 except Exception as e
:
6247 files
= os
.listdir(dname
)
6248 self
.assertEqual(len(files
), 1,
6249 'The target script was not created')
6250 entry
= '@reboot %s %s' % (run_as
.text
, test_script
)
6251 self
.assertIn(entry
,
6252 open(os
.path
.join(dname
, files
[0]), 'r').read(),
6253 'The test entry was not found')
6256 gp_db
= store
.get_gplog(machine_creds
.get_username())
6257 del_gpos
= get_deleted_gpos_list(gp_db
, [])
6258 ext
.process_group_policy(del_gpos
, [])
6259 files
= os
.listdir(dname
)
6260 self
.assertEqual(len(files
), 0,
6261 'The target script was not removed')
6264 g
= [g
for g
in gpos
if g
.name
== guid
][0]
6266 self
.assertIn(entry
, list(ret
.values())[0][0],
6267 'The target entry was not listed by rsop')
6269 # Check that a call to gpupdate --rsop also succeeds
6271 self
.assertEqual(ret
, 0, 'gpupdate --rsop failed!')
6273 # Unstage the manifest.xml and script files
6274 unstage_file(manifest
)
6275 unstage_file(test_script
)
6277 def test_vgp_motd(self
):
6278 local_path
= self
.lp
.cache_path('gpo_cache')
6279 guid
= '{31B2F340-016D-11D2-945F-00C04FB984F9}'
6280 manifest
= os
.path
.join(local_path
, policies
, guid
, 'MACHINE',
6281 'VGP/VTLA/UNIX/MOTD/MANIFEST.XML')
6282 cache_dir
= self
.lp
.get('cache directory')
6283 store
= GPOStorage(os
.path
.join(cache_dir
, 'gpo.tdb'))
6285 machine_creds
= Credentials()
6286 machine_creds
.guess(self
.lp
)
6287 machine_creds
.set_machine_account()
6289 # Initialize the group policy extension
6290 ext
= vgp_motd_ext(self
.lp
, machine_creds
,
6291 machine_creds
.get_username(), store
)
6293 gpos
= get_gpo_list(self
.server
, machine_creds
, self
.lp
,
6294 machine_creds
.get_username())
6296 # Stage the manifest.xml file with test data
6297 stage
= etree
.Element('vgppolicy')
6298 policysetting
= etree
.SubElement(stage
, 'policysetting')
6299 version
= etree
.SubElement(policysetting
, 'version')
6301 data
= etree
.SubElement(policysetting
, 'data')
6302 filename
= etree
.SubElement(data
, 'filename')
6303 filename
.text
= 'motd'
6304 text
= etree
.SubElement(data
, 'text')
6305 text
.text
= 'This is the message of the day'
6306 ret
= stage_file(manifest
, etree
.tostring(stage
))
6307 self
.assertTrue(ret
, 'Could not create the target %s' % manifest
)
6309 # Process all gpos, with temp output directory
6310 with
NamedTemporaryFile() as f
:
6311 ext
.process_group_policy([], gpos
, f
.name
)
6312 self
.assertEqual(open(f
.name
, 'r').read(), text
.text
,
6313 'The motd was not applied')
6315 # Check that a call to gpupdate --rsop also succeeds
6317 self
.assertEqual(ret
, 0, 'gpupdate --rsop failed!')
6320 gp_db
= store
.get_gplog(machine_creds
.get_username())
6321 del_gpos
= get_deleted_gpos_list(gp_db
, [])
6322 ext
.process_group_policy(del_gpos
, [], f
.name
)
6323 self
.assertNotEqual(open(f
.name
, 'r').read(), text
.text
,
6324 'The motd was not unapplied')
6326 # Unstage the Registry.pol file
6327 unstage_file(manifest
)
6329 def test_vgp_issue(self
):
6330 local_path
= self
.lp
.cache_path('gpo_cache')
6331 guid
= '{31B2F340-016D-11D2-945F-00C04FB984F9}'
6332 manifest
= os
.path
.join(local_path
, policies
, guid
, 'MACHINE',
6333 'VGP/VTLA/UNIX/ISSUE/MANIFEST.XML')
6334 cache_dir
= self
.lp
.get('cache directory')
6335 store
= GPOStorage(os
.path
.join(cache_dir
, 'gpo.tdb'))
6337 machine_creds
= Credentials()
6338 machine_creds
.guess(self
.lp
)
6339 machine_creds
.set_machine_account()
6341 # Initialize the group policy extension
6342 ext
= vgp_issue_ext(self
.lp
, machine_creds
,
6343 machine_creds
.get_username(), store
)
6345 gpos
= get_gpo_list(self
.server
, machine_creds
, self
.lp
,
6346 machine_creds
.get_username())
6348 # Stage the manifest.xml file with test data
6349 stage
= etree
.Element('vgppolicy')
6350 policysetting
= etree
.SubElement(stage
, 'policysetting')
6351 version
= etree
.SubElement(policysetting
, 'version')
6353 data
= etree
.SubElement(policysetting
, 'data')
6354 filename
= etree
.SubElement(data
, 'filename')
6355 filename
.text
= 'issue'
6356 text
= etree
.SubElement(data
, 'text')
6357 text
.text
= 'Welcome to Samba!'
6358 ret
= stage_file(manifest
, etree
.tostring(stage
))
6359 self
.assertTrue(ret
, 'Could not create the target %s' % manifest
)
6361 # Process all gpos, with temp output directory
6362 with
NamedTemporaryFile() as f
:
6363 ext
.process_group_policy([], gpos
, f
.name
)
6364 self
.assertEqual(open(f
.name
, 'r').read(), text
.text
,
6365 'The issue was not applied')
6367 # Check that a call to gpupdate --rsop also succeeds
6369 self
.assertEqual(ret
, 0, 'gpupdate --rsop failed!')
6372 gp_db
= store
.get_gplog(machine_creds
.get_username())
6373 del_gpos
= get_deleted_gpos_list(gp_db
, [])
6374 ext
.process_group_policy(del_gpos
, [], f
.name
)
6375 self
.assertNotEqual(open(f
.name
, 'r').read(), text
.text
,
6376 'The issue was not unapplied')
6378 # Unstage the manifest.xml file
6379 unstage_file(manifest
)
6381 def test_vgp_access(self
):
6382 local_path
= self
.lp
.cache_path('gpo_cache')
6383 guid
= '{31B2F340-016D-11D2-945F-00C04FB984F9}'
6384 allow
= os
.path
.join(local_path
, policies
, guid
, 'MACHINE',
6385 'VGP/VTLA/VAS/HOSTACCESSCONTROL/ALLOW/MANIFEST.XML')
6386 deny
= os
.path
.join(local_path
, policies
, guid
, 'MACHINE',
6387 'VGP/VTLA/VAS/HOSTACCESSCONTROL/DENY/MANIFEST.XML')
6388 cache_dir
= self
.lp
.get('cache directory')
6389 store
= GPOStorage(os
.path
.join(cache_dir
, 'gpo.tdb'))
6391 machine_creds
= Credentials()
6392 machine_creds
.guess(self
.lp
)
6393 machine_creds
.set_machine_account()
6395 # Initialize the group policy extension
6396 winbind_sep
= self
.lp
.get('winbind separator')
6397 self
.addCleanup(self
.lp
.set, 'winbind separator', winbind_sep
)
6398 self
.lp
.set('winbind separator', '+')
6399 ext
= vgp_access_ext(self
.lp
, machine_creds
,
6400 machine_creds
.get_username(), store
)
6402 gpos
= get_gpo_list(self
.server
, machine_creds
, self
.lp
,
6403 machine_creds
.get_username())
6405 # Stage the manifest.xml allow file
6406 stage
= etree
.Element('vgppolicy')
6407 policysetting
= etree
.SubElement(stage
, 'policysetting')
6408 version
= etree
.SubElement(policysetting
, 'version')
6410 apply_mode
= etree
.SubElement(policysetting
, 'apply_mode')
6411 apply_mode
.text
= 'merge'
6412 data
= etree
.SubElement(policysetting
, 'data')
6413 # Add an allowed user
6414 listelement
= etree
.SubElement(data
, 'listelement')
6415 otype
= etree
.SubElement(listelement
, 'type')
6417 entry
= etree
.SubElement(listelement
, 'entry')
6418 entry
.text
= 'goodguy@%s' % realm
6419 adobject
= etree
.SubElement(listelement
, 'adobject')
6420 name
= etree
.SubElement(adobject
, 'name')
6421 name
.text
= 'goodguy'
6422 domain
= etree
.SubElement(adobject
, 'domain')
6424 otype
= etree
.SubElement(adobject
, 'type')
6426 # Add an allowed group
6427 groupattr
= etree
.SubElement(data
, 'groupattr')
6428 groupattr
.text
= 'samAccountName'
6429 listelement
= etree
.SubElement(data
, 'listelement')
6430 otype
= etree
.SubElement(listelement
, 'type')
6431 otype
.text
= 'GROUP'
6432 entry
= etree
.SubElement(listelement
, 'entry')
6433 entry
.text
= '%s\\goodguys' % realm
6434 dn
= etree
.SubElement(listelement
, 'dn')
6435 dn
.text
= 'CN=goodguys,CN=Users,%s' % base_dn
6436 adobject
= etree
.SubElement(listelement
, 'adobject')
6437 name
= etree
.SubElement(adobject
, 'name')
6438 name
.text
= 'goodguys'
6439 domain
= etree
.SubElement(adobject
, 'domain')
6441 otype
= etree
.SubElement(adobject
, 'type')
6442 otype
.text
= 'group'
6443 ret
= stage_file(allow
, etree
.tostring(stage
))
6444 self
.assertTrue(ret
, 'Could not create the target %s' % allow
)
6446 # Stage the manifest.xml deny file
6447 stage
= etree
.Element('vgppolicy')
6448 policysetting
= etree
.SubElement(stage
, 'policysetting')
6449 version
= etree
.SubElement(policysetting
, 'version')
6451 apply_mode
= etree
.SubElement(policysetting
, 'apply_mode')
6452 apply_mode
.text
= 'merge'
6453 data
= etree
.SubElement(policysetting
, 'data')
6455 listelement
= etree
.SubElement(data
, 'listelement')
6456 otype
= etree
.SubElement(listelement
, 'type')
6458 entry
= etree
.SubElement(listelement
, 'entry')
6459 entry
.text
= 'badguy@%s' % realm
6460 adobject
= etree
.SubElement(listelement
, 'adobject')
6461 name
= etree
.SubElement(adobject
, 'name')
6462 name
.text
= 'badguy'
6463 domain
= etree
.SubElement(adobject
, 'domain')
6465 otype
= etree
.SubElement(adobject
, 'type')
6467 # Add a denied group
6468 groupattr
= etree
.SubElement(data
, 'groupattr')
6469 groupattr
.text
= 'samAccountName'
6470 listelement
= etree
.SubElement(data
, 'listelement')
6471 otype
= etree
.SubElement(listelement
, 'type')
6472 otype
.text
= 'GROUP'
6473 entry
= etree
.SubElement(listelement
, 'entry')
6474 entry
.text
= '%s\\badguys' % realm
6475 dn
= etree
.SubElement(listelement
, 'dn')
6476 dn
.text
= 'CN=badguys,CN=Users,%s' % base_dn
6477 adobject
= etree
.SubElement(listelement
, 'adobject')
6478 name
= etree
.SubElement(adobject
, 'name')
6479 name
.text
= 'badguys'
6480 domain
= etree
.SubElement(adobject
, 'domain')
6482 otype
= etree
.SubElement(adobject
, 'type')
6483 otype
.text
= 'group'
6484 ret
= stage_file(deny
, etree
.tostring(stage
))
6485 self
.assertTrue(ret
, 'Could not create the target %s' % deny
)
6487 # Process all gpos, with temp output directory
6488 with
TemporaryDirectory() as dname
:
6489 ext
.process_group_policy([], gpos
, dname
)
6490 conf
= os
.listdir(dname
)
6491 # There will be 2 files, the policy file and the deny file
6492 self
.assertEqual(len(conf
), 2, 'The conf file was not created')
6493 # Ignore the DENY_ALL conf file
6494 gp_cfg
= os
.path
.join(dname
,
6495 [c
for c
in conf
if '_gp_DENY_ALL.conf' not in c
][0])
6497 # Check the access config for the correct access.conf entries
6498 print('Config file %s found' % gp_cfg
)
6499 data
= open(gp_cfg
, 'r').read()
6500 self
.assertIn('+:%s+goodguy:ALL' % realm
, data
)
6501 self
.assertIn('+:%s+goodguys:ALL' % realm
, data
)
6502 self
.assertIn('-:%s+badguy:ALL' % realm
, data
)
6503 self
.assertIn('-:%s+badguys:ALL' % realm
, data
)
6505 # Check that a call to gpupdate --rsop also succeeds
6507 self
.assertEqual(ret
, 0, 'gpupdate --rsop failed!')
6510 gp_db
= store
.get_gplog(machine_creds
.get_username())
6511 del_gpos
= get_deleted_gpos_list(gp_db
, [])
6512 ext
.process_group_policy(del_gpos
, [], dname
)
6513 self
.assertFalse(os
.path
.exists(gp_cfg
),
6514 'Unapply failed to cleanup config')
6516 # Unstage the manifest.pol files
6520 def test_gnome_settings(self
):
6521 local_path
= self
.lp
.cache_path('gpo_cache')
6522 guid
= '{31B2F340-016D-11D2-945F-00C04FB984F9}'
6523 reg_pol
= os
.path
.join(local_path
, policies
, guid
,
6524 'MACHINE/REGISTRY.POL')
6525 cache_dir
= self
.lp
.get('cache directory')
6526 store
= GPOStorage(os
.path
.join(cache_dir
, 'gpo.tdb'))
6528 machine_creds
= Credentials()
6529 machine_creds
.guess(self
.lp
)
6530 machine_creds
.set_machine_account()
6532 # Initialize the group policy extension
6533 ext
= gp_gnome_settings_ext(self
.lp
, machine_creds
,
6534 machine_creds
.get_username(), store
)
6536 gpos
= get_gpo_list(self
.server
, machine_creds
, self
.lp
,
6537 machine_creds
.get_username())
6539 # Stage the Registry.pol file with test data
6540 parser
= GPPolParser()
6541 parser
.load_xml(etree
.fromstring(gnome_test_reg_pol
.strip()))
6542 ret
= stage_file(reg_pol
, ndr_pack(parser
.pol_file
))
6543 self
.assertTrue(ret
, 'Could not create the target %s' % reg_pol
)
6545 with
TemporaryDirectory() as dname
:
6546 ext
.process_group_policy([], gpos
, dname
)
6548 local_db
= os
.path
.join(dname
, 'etc/dconf/db/local.d')
6549 self
.assertTrue(os
.path
.isdir(local_db
),
6550 'Local db dir not created')
6551 def db_check(name
, data
, count
=1):
6552 db
= glob(os
.path
.join(local_db
, '*-%s' % name
))
6553 self
.assertEqual(len(db
), count
, '%s not created' % name
)
6554 file_contents
= ConfigParser()
6555 file_contents
.read(db
)
6556 for key
in data
.keys():
6557 self
.assertTrue(file_contents
.has_section(key
),
6558 'Section %s not found' % key
)
6560 for k
, v
in options
.items():
6561 v_content
= file_contents
.get(key
, k
)
6562 self
.assertEqual(v_content
, v
,
6563 '%s: %s != %s' % (key
, v_content
, v
))
6565 def del_db_check(name
):
6566 db
= glob(os
.path
.join(local_db
, '*-%s' % name
))
6567 self
.assertEqual(len(db
), 0, '%s not deleted' % name
)
6569 locks
= os
.path
.join(local_db
, 'locks')
6570 self
.assertTrue(os
.path
.isdir(local_db
), 'Locks dir not created')
6571 def lock_check(name
, items
, count
=1):
6572 lock
= glob(os
.path
.join(locks
, '*%s' % name
))
6573 self
.assertEqual(len(lock
), count
,
6574 '%s lock not created' % name
)
6576 for i
in range(count
):
6577 file_contents
.extend(open(lock
[i
], 'r').read().split('\n'))
6579 self
.assertIn(data
, file_contents
,
6580 '%s lock not created' % data
)
6582 def del_lock_check(name
):
6583 lock
= glob(os
.path
.join(locks
, '*%s' % name
))
6584 self
.assertEqual(len(lock
), 0, '%s lock not deleted' % name
)
6586 # Check the user profile
6587 user_profile
= os
.path
.join(dname
, 'etc/dconf/profile/user')
6588 self
.assertTrue(os
.path
.exists(user_profile
),
6589 'User profile not created')
6591 # Enable the compose key
6592 data
= { 'org/gnome/desktop/input-sources':
6593 { 'xkb-options': '[\'compose:ralt\']' }
6595 db_check('input-sources', data
)
6596 items
= ['/org/gnome/desktop/input-sources/xkb-options']
6597 lock_check('input-sources', items
)
6599 # Dim screen when user is idle
6600 data
= { 'org/gnome/settings-daemon/plugins/power':
6601 { 'idle-dim': 'true',
6602 'idle-brightness': '30'
6605 db_check('power', data
)
6606 data
= { 'org/gnome/desktop/session':
6607 { 'idle-delay': 'uint32 300' }
6609 db_check('session', data
)
6610 items
= ['/org/gnome/settings-daemon/plugins/power/idle-dim',
6611 '/org/gnome/settings-daemon/plugins/power/idle-brightness',
6612 '/org/gnome/desktop/session/idle-delay']
6613 lock_check('power-saving', items
)
6615 # Lock down specific settings
6616 bg_locks
= ['/org/gnome/desktop/background/picture-uri',
6617 '/org/gnome/desktop/background/picture-options',
6618 '/org/gnome/desktop/background/primary-color',
6619 '/org/gnome/desktop/background/secondary-color']
6620 lock_check('group-policy', bg_locks
)
6622 # Lock down enabled extensions
6623 data
= { 'org/gnome/shell':
6624 { 'enabled-extensions':
6625 '[\'myextension1@myname.example.com\', \'myextension2@myname.example.com\']',
6626 'development-tools': 'false' }
6628 db_check('extensions', data
)
6629 items
= [ '/org/gnome/shell/enabled-extensions',
6630 '/org/gnome/shell/development-tools' ]
6631 lock_check('extensions', items
)
6633 # Disallow login using a fingerprint
6634 data
= { 'org/gnome/login-screen':
6635 { 'enable-fingerprint-authentication': 'false' }
6637 db_check('fingerprintreader', data
)
6638 items
= ['/org/gnome/login-screen/enable-fingerprint-authentication']
6639 lock_check('fingerprintreader', items
)
6641 # Disable user logout and user switching
6642 data
= { 'org/gnome/desktop/lockdown':
6643 { 'disable-log-out': 'true',
6644 'disable-user-switching': 'true' }
6646 db_check('logout', data
, 2)
6647 items
= ['/org/gnome/desktop/lockdown/disable-log-out',
6648 '/org/gnome/desktop/lockdown/disable-user-switching']
6649 lock_check('logout', items
, 2)
6651 # Disable repartitioning
6652 actions
= os
.path
.join(dname
, 'etc/share/polkit-1/actions')
6653 udisk2
= glob(os
.path
.join(actions
,
6654 'org.freedesktop.[u|U][d|D]isks2.policy'))
6655 self
.assertEqual(len(udisk2
), 1, 'udisk2 policy not created')
6656 udisk2_tree
= etree
.fromstring(open(udisk2
[0], 'r').read())
6657 actions
= udisk2_tree
.findall('action')
6658 md
= 'org.freedesktop.udisks2.modify-device'
6659 action
= [a
for a
in actions
if a
.attrib
['id'] == md
]
6660 self
.assertEqual(len(action
), 1, 'modify-device not found')
6661 defaults
= action
[0].find('defaults')
6662 self
.assertTrue(defaults
is not None,
6663 'modify-device defaults not found')
6664 allow_any
= defaults
.find('allow_any').text
6665 self
.assertEqual(allow_any
, 'no',
6666 'modify-device allow_any not set to no')
6667 allow_inactive
= defaults
.find('allow_inactive').text
6668 self
.assertEqual(allow_inactive
, 'no',
6669 'modify-device allow_inactive not set to no')
6670 allow_active
= defaults
.find('allow_active').text
6671 self
.assertEqual(allow_active
, 'yes',
6672 'modify-device allow_active not set to yes')
6675 data
= { 'org/gnome/desktop/lockdown':
6676 { 'disable-printing': 'true' }
6678 db_check('printing', data
)
6679 items
= ['/org/gnome/desktop/lockdown/disable-printing']
6680 lock_check('printing', items
)
6682 # Disable file saving
6683 data
= { 'org/gnome/desktop/lockdown':
6684 { 'disable-save-to-disk': 'true' }
6686 db_check('filesaving', data
)
6687 items
= ['/org/gnome/desktop/lockdown/disable-save-to-disk']
6688 lock_check('filesaving', items
)
6690 # Disable command-line access
6691 data
= { 'org/gnome/desktop/lockdown':
6692 { 'disable-command-line': 'true' }
6694 db_check('cmdline', data
)
6695 items
= ['/org/gnome/desktop/lockdown/disable-command-line']
6696 lock_check('cmdline', items
)
6698 # Allow or disallow online accounts
6699 data
= { 'org/gnome/online-accounts':
6700 { 'whitelisted-providers': '[\'google\']' }
6702 db_check('goa', data
)
6703 items
= ['/org/gnome/online-accounts/whitelisted-providers']
6704 lock_check('goa', items
)
6706 # Verify RSOP does not fail
6707 ext
.rsop([g
for g
in gpos
if g
.name
== guid
][0])
6709 # Check that a call to gpupdate --rsop also succeeds
6711 self
.assertEqual(ret
, 0, 'gpupdate --rsop failed!')
6714 gp_db
= store
.get_gplog(machine_creds
.get_username())
6715 del_gpos
= get_deleted_gpos_list(gp_db
, [])
6716 ext
.process_group_policy(del_gpos
, [], dname
)
6717 del_db_check('input-sources')
6718 del_lock_check('input-sources')
6719 del_db_check('power')
6720 del_db_check('session')
6721 del_lock_check('power-saving')
6722 del_lock_check('group-policy')
6723 del_db_check('extensions')
6724 del_lock_check('extensions')
6725 del_db_check('fingerprintreader')
6726 del_lock_check('fingerprintreader')
6727 del_db_check('logout')
6728 del_lock_check('logout')
6729 actions
= os
.path
.join(dname
, 'etc/share/polkit-1/actions')
6730 udisk2
= glob(os
.path
.join(actions
,
6731 'org.freedesktop.[u|U][d|D]isks2.policy'))
6732 self
.assertEqual(len(udisk2
), 0, 'udisk2 policy not deleted')
6733 del_db_check('printing')
6734 del_lock_check('printing')
6735 del_db_check('filesaving')
6736 del_lock_check('filesaving')
6737 del_db_check('cmdline')
6738 del_lock_check('cmdline')
6740 del_lock_check('goa')
6742 # Unstage the Registry.pol file
6743 unstage_file(reg_pol
)
6745 def test_gp_cert_auto_enroll_ext(self
):
6746 local_path
= self
.lp
.cache_path('gpo_cache')
6747 guid
= '{31B2F340-016D-11D2-945F-00C04FB984F9}'
6748 reg_pol
= os
.path
.join(local_path
, policies
, guid
,
6749 'MACHINE/REGISTRY.POL')
6750 cache_dir
= self
.lp
.get('cache directory')
6751 store
= GPOStorage(os
.path
.join(cache_dir
, 'gpo.tdb'))
6753 machine_creds
= Credentials()
6754 machine_creds
.guess(self
.lp
)
6755 machine_creds
.set_machine_account()
6757 # Initialize the group policy extension
6758 ext
= cae
.gp_cert_auto_enroll_ext(self
.lp
, machine_creds
,
6759 machine_creds
.get_username(), store
)
6761 gpos
= get_gpo_list(self
.server
, machine_creds
, self
.lp
,
6762 machine_creds
.get_username())
6764 # Stage the Registry.pol file with test data
6765 parser
= GPPolParser()
6766 parser
.load_xml(etree
.fromstring(auto_enroll_reg_pol
.strip()))
6767 ret
= stage_file(reg_pol
, ndr_pack(parser
.pol_file
))
6768 self
.assertTrue(ret
, 'Could not create the target %s' % reg_pol
)
6770 # Write the dummy CA entry, Enrollment Services, and Templates Entries
6771 admin_creds
= Credentials()
6772 admin_creds
.set_username(os
.environ
.get('DC_USERNAME'))
6773 admin_creds
.set_password(os
.environ
.get('DC_PASSWORD'))
6774 admin_creds
.set_realm(os
.environ
.get('REALM'))
6775 hostname
= get_dc_hostname(machine_creds
, self
.lp
)
6776 url
= 'ldap://%s' % hostname
6777 ldb
= Ldb(url
=url
, session_info
=system_session(),
6778 lp
=self
.lp
, credentials
=admin_creds
)
6779 # Write the dummy CA
6780 confdn
= 'CN=Public Key Services,CN=Services,CN=Configuration,%s' % base_dn
6781 ca_cn
= '%s-CA' % hostname
.replace('.', '-')
6782 certa_dn
= 'CN=%s,CN=Certification Authorities,%s' % (ca_cn
, confdn
)
6783 ldb
.add({'dn': certa_dn
,
6784 'objectClass': 'certificationAuthority',
6785 'authorityRevocationList': ['XXX'],
6786 'cACertificate': b
'0\x82\x03u0\x82\x02]\xa0\x03\x02\x01\x02\x02\x10I',
6787 'certificateRevocationList': ['XXX'],
6789 # Write the dummy pKIEnrollmentService
6790 enroll_dn
= 'CN=%s,CN=Enrollment Services,%s' % (ca_cn
, confdn
)
6791 ldb
.add({'dn': enroll_dn
,
6792 'objectClass': 'pKIEnrollmentService',
6793 'cACertificate': b
'0\x82\x03u0\x82\x02]\xa0\x03\x02\x01\x02\x02\x10I',
6794 'certificateTemplates': ['Machine'],
6795 'dNSHostName': hostname
,
6797 # Write the dummy pKICertificateTemplate
6798 template_dn
= 'CN=Machine,CN=Certificate Templates,%s' % confdn
6799 ldb
.add({'dn': template_dn
,
6800 'objectClass': 'pKICertificateTemplate',
6803 with
TemporaryDirectory() as dname
:
6804 ext
.process_group_policy([], gpos
, dname
, dname
)
6805 ca_crt
= os
.path
.join(dname
, '%s.crt' % ca_cn
)
6806 self
.assertTrue(os
.path
.exists(ca_crt
),
6807 'Root CA certificate was not requested')
6808 machine_crt
= os
.path
.join(dname
, '%s.Machine.crt' % ca_cn
)
6809 self
.assertTrue(os
.path
.exists(machine_crt
),
6810 'Machine certificate was not requested')
6811 machine_key
= os
.path
.join(dname
, '%s.Machine.key' % ca_cn
)
6812 self
.assertTrue(os
.path
.exists(machine_crt
),
6813 'Machine key was not generated')
6815 # Verify RSOP does not fail
6816 ext
.rsop([g
for g
in gpos
if g
.name
== guid
][0])
6818 # Check that a call to gpupdate --rsop also succeeds
6820 self
.assertEqual(ret
, 0, 'gpupdate --rsop failed!')
6823 gp_db
= store
.get_gplog(machine_creds
.get_username())
6824 del_gpos
= get_deleted_gpos_list(gp_db
, [])
6825 ext
.process_group_policy(del_gpos
, [], dname
)
6826 self
.assertFalse(os
.path
.exists(ca_crt
),
6827 'Root CA certificate was not removed')
6828 self
.assertFalse(os
.path
.exists(machine_crt
),
6829 'Machine certificate was not removed')
6830 self
.assertFalse(os
.path
.exists(machine_crt
),
6831 'Machine key was not removed')
6832 out
, _
= Popen(['getcert', 'list-cas'], stdout
=PIPE
).communicate()
6833 self
.assertNotIn(get_bytes(ca_cn
), out
, 'CA was not removed')
6834 out
, _
= Popen(['getcert', 'list'], stdout
=PIPE
).communicate()
6835 self
.assertNotIn(b
'Machine', out
,
6836 'Machine certificate not removed')
6838 # Remove the dummy CA, pKIEnrollmentService, and pKICertificateTemplate
6839 ldb
.delete(certa_dn
)
6840 ldb
.delete(enroll_dn
)
6841 ldb
.delete(template_dn
)
6843 # Unstage the Registry.pol file
6844 unstage_file(reg_pol
)
6846 def test_gp_user_scripts_ext(self
):
6847 local_path
= self
.lp
.cache_path('gpo_cache')
6848 guid
= '{31B2F340-016D-11D2-945F-00C04FB984F9}'
6849 reg_pol
= os
.path
.join(local_path
, policies
, guid
,
6850 'USER/REGISTRY.POL')
6851 cache_dir
= self
.lp
.get('cache directory')
6852 store
= GPOStorage(os
.path
.join(cache_dir
, 'gpo.tdb'))
6854 machine_creds
= Credentials()
6855 machine_creds
.guess(self
.lp
)
6856 machine_creds
.set_machine_account()
6858 # Initialize the group policy extension
6859 ext
= gp_user_scripts_ext(self
.lp
, machine_creds
,
6860 os
.environ
.get('DC_USERNAME'), store
)
6862 gpos
= get_gpo_list(self
.server
, machine_creds
, self
.lp
,
6863 machine_creds
.get_username())
6865 reg_key
= b
'Software\\Policies\\Samba\\Unix Settings'
6866 sections
= { b
'%s\\Daily Scripts' % reg_key
: b
'@daily',
6867 b
'%s\\Monthly Scripts' % reg_key
: b
'@monthly',
6868 b
'%s\\Weekly Scripts' % reg_key
: b
'@weekly',
6869 b
'%s\\Hourly Scripts' % reg_key
: b
'@hourly' }
6870 for keyname
in sections
.keys():
6871 # Stage the Registry.pol file with test data
6875 e
.valuename
= b
'Software\\Policies\\Samba\\Unix Settings'
6877 e
.data
= b
'echo hello world'
6878 stage
.num_entries
= 1
6880 ret
= stage_file(reg_pol
, ndr_pack(stage
))
6881 self
.assertTrue(ret
, 'Could not create the target %s' % reg_pol
)
6883 # Process all gpos, intentionally skipping the privilege drop
6884 ext
.process_group_policy([], gpos
)
6885 # Dump the fake crontab setup for testing
6886 p
= Popen(['crontab', '-l'], stdout
=PIPE
)
6887 crontab
, _
= p
.communicate()
6888 entry
= b
'%s %s' % (sections
[keyname
], e
.data
.encode())
6889 self
.assertIn(entry
, crontab
,
6890 'The crontab entry was not installed')
6892 # Check that a call to gpupdate --rsop also succeeds
6894 self
.assertEqual(ret
, 0, 'gpupdate --rsop failed!')
6897 gp_db
= store
.get_gplog(os
.environ
.get('DC_USERNAME'))
6898 del_gpos
= get_deleted_gpos_list(gp_db
, [])
6899 ext
.process_group_policy(del_gpos
, [])
6900 # Dump the fake crontab setup for testing
6901 p
= Popen(['crontab', '-l'], stdout
=PIPE
)
6902 crontab
, _
= p
.communicate()
6903 self
.assertNotIn(entry
, crontab
,
6904 'Unapply failed to cleanup crontab entry')
6906 # Unstage the Registry.pol file
6907 unstage_file(reg_pol
)
6909 def test_gp_firefox_ext(self
):
6910 local_path
= self
.lp
.cache_path('gpo_cache')
6911 guid
= '{31B2F340-016D-11D2-945F-00C04FB984F9}'
6912 reg_pol
= os
.path
.join(local_path
, policies
, guid
,
6913 'MACHINE/REGISTRY.POL')
6914 cache_dir
= self
.lp
.get('cache directory')
6915 store
= GPOStorage(os
.path
.join(cache_dir
, 'gpo.tdb'))
6917 machine_creds
= Credentials()
6918 machine_creds
.guess(self
.lp
)
6919 machine_creds
.set_machine_account()
6921 # Initialize the group policy extension
6922 ext
= gp_firefox_ext(self
.lp
, machine_creds
,
6923 machine_creds
.get_username(), store
)
6925 gpos
= get_gpo_list(self
.server
, machine_creds
, self
.lp
,
6926 machine_creds
.get_username())
6928 # Stage the Registry.pol file with test data
6929 parser
= GPPolParser()
6930 parser
.load_xml(etree
.fromstring(firefox_reg_pol
.strip()))
6931 ret
= stage_file(reg_pol
, ndr_pack(parser
.pol_file
))
6932 self
.assertTrue(ret
, 'Could not create the target %s' % reg_pol
)
6934 with
TemporaryDirectory() as dname
:
6935 ext
.process_group_policy([], gpos
, dname
)
6936 policies_file
= os
.path
.join(dname
, 'policies.json')
6937 with
open(policies_file
, 'r') as r
:
6938 policy_data
= json
.load(r
)
6939 expected_policy_data
= json
.loads(firefox_json_expected
)
6940 self
.assertIn('policies', policy_data
, 'Policies were not applied')
6941 self
.assertEqual(expected_policy_data
['policies'].keys(),
6942 policy_data
['policies'].keys(),
6943 'Firefox policies are missing')
6944 for name
in expected_policy_data
['policies'].keys():
6945 self
.assertEqual(expected_policy_data
['policies'][name
],
6946 policy_data
['policies'][name
],
6947 'Policies were not applied')
6949 # Verify RSOP does not fail
6950 ext
.rsop([g
for g
in gpos
if g
.name
== guid
][0])
6952 # Check that a call to gpupdate --rsop also succeeds
6954 self
.assertEqual(ret
, 0, 'gpupdate --rsop failed!')
6956 # Unapply the policy
6957 gp_db
= store
.get_gplog(machine_creds
.get_username())
6958 del_gpos
= get_deleted_gpos_list(gp_db
, [])
6959 ext
.process_group_policy(del_gpos
, [], dname
)
6960 if os
.path
.exists(policies_file
):
6961 data
= json
.load(open(policies_file
, 'r'))
6962 if 'policies' in data
.keys():
6963 self
.assertEqual(len(data
['policies'].keys()), 0,
6964 'The policy was not unapplied')
6966 # Unstage the Registry.pol file
6967 unstage_file(reg_pol
)
6969 def test_gp_chromium_ext(self
):
6970 local_path
= self
.lp
.cache_path('gpo_cache')
6971 guid
= '{31B2F340-016D-11D2-945F-00C04FB984F9}'
6972 reg_pol
= os
.path
.join(local_path
, policies
, guid
,
6973 'MACHINE/REGISTRY.POL')
6974 cache_dir
= self
.lp
.get('cache directory')
6975 store
= GPOStorage(os
.path
.join(cache_dir
, 'gpo.tdb'))
6977 machine_creds
= Credentials()
6978 machine_creds
.guess(self
.lp
)
6979 machine_creds
.set_machine_account()
6981 # Initialize the group policy extension
6982 ext
= gp_chromium_ext(self
.lp
, machine_creds
,
6983 machine_creds
.get_username(), store
)
6985 gpos
= get_gpo_list(self
.server
, machine_creds
, self
.lp
,
6986 machine_creds
.get_username())
6988 # Stage the Registry.pol file with test data
6989 parser
= GPPolParser()
6990 parser
.load_xml(etree
.fromstring(chromium_reg_pol
.strip()))
6991 ret
= stage_file(reg_pol
, ndr_pack(parser
.pol_file
))
6992 self
.assertTrue(ret
, 'Could not create the target %s' % reg_pol
)
6994 with
TemporaryDirectory() as dname
:
6995 ext
.process_group_policy([], gpos
, dname
)
6996 managed
= os
.path
.join(dname
, 'managed')
6997 managed_files
= os
.listdir(managed
)
6998 self
.assertEqual(len(managed_files
), 1,
6999 'Chromium policies are missing')
7000 managed_file
= os
.path
.join(managed
, managed_files
[0])
7001 with
open(managed_file
, 'r') as r
:
7002 managed_data
= json
.load(r
)
7003 recommended
= os
.path
.join(dname
, 'recommended')
7004 recommended_files
= os
.listdir(recommended
)
7005 self
.assertEqual(len(recommended_files
), 1,
7006 'Chromium policies are missing')
7007 recommended_file
= os
.path
.join(recommended
, recommended_files
[0])
7008 with
open(recommended_file
, 'r') as r
:
7009 recommended_data
= json
.load(r
)
7010 expected_managed_data
= json
.loads(chromium_json_expected_managed
)
7011 expected_recommended_data
= \
7012 json
.loads(chromium_json_expected_recommended
)
7014 self
.assertEqual(sorted(expected_managed_data
.keys()),
7015 sorted(managed_data
.keys()),
7016 'Chromium policies are missing')
7017 for name
in expected_managed_data
.keys():
7018 self
.assertEqual(expected_managed_data
[name
],
7020 'Policies were not applied')
7021 self
.assertEqual(expected_recommended_data
.keys(),
7022 recommended_data
.keys(),
7023 'Chromium policies are missing')
7024 for name
in expected_recommended_data
.keys():
7025 self
.assertEqual(expected_recommended_data
[name
],
7026 recommended_data
[name
],
7027 'Policies were not applied')
7029 # Ensure modifying the policy does not generate extra policy files
7030 unstage_file(reg_pol
)
7031 # Change a managed entry:
7032 parser
.pol_file
.entries
[0].data
= 0
7033 # Change a recommended entry:
7034 parser
.pol_file
.entries
[-1].data
= b
'https://google.com'
7035 ret
= stage_file(reg_pol
, ndr_pack(parser
.pol_file
))
7036 self
.assertTrue(ret
, 'Could not create the target %s' % reg_pol
)
7038 ext
.process_group_policy([], gpos
, dname
)
7039 managed_files
= os
.listdir(managed
)
7040 self
.assertEqual(len(managed_files
), 1,
7041 'Number of Chromium policies is incorrect')
7042 omanaged_file
= managed_file
7043 managed_file
= os
.path
.join(managed
, managed_files
[0])
7044 self
.assertNotEqual(omanaged_file
, managed_file
,
7045 'The managed Chromium file did not change')
7047 recommended_files
= os
.listdir(recommended
)
7048 self
.assertEqual(len(recommended_files
), 1,
7049 'Number of Chromium policies is incorrect')
7050 orecommended_file
= recommended_file
7051 recommended_file
= os
.path
.join(recommended
, recommended_files
[0])
7052 self
.assertNotEqual(orecommended_file
, recommended_file
,
7053 'The recommended Chromium file did not change')
7055 # Verify RSOP does not fail
7056 ext
.rsop([g
for g
in gpos
if g
.name
== guid
][0])
7058 # Check that a call to gpupdate --rsop also succeeds
7060 self
.assertEqual(ret
, 0, 'gpupdate --rsop failed!')
7062 # Unapply the policy
7063 gp_db
= store
.get_gplog(machine_creds
.get_username())
7064 del_gpos
= get_deleted_gpos_list(gp_db
, [])
7065 ext
.process_group_policy(del_gpos
, [], dname
)
7066 managed
= os
.path
.join(managed
, managed_files
[0])
7067 if os
.path
.exists(managed
):
7068 data
= json
.load(open(managed
, 'r'))
7069 self
.assertEqual(len(data
.keys()), 0,
7070 'The policy was not unapplied')
7071 recommended
= os
.path
.join(recommended
, recommended_files
[0])
7072 if os
.path
.exists(recommended
):
7073 data
= json
.load(open(recommended
, 'r'))
7074 self
.assertEqual(len(data
.keys()), 0,
7075 'The policy was not unapplied')
7077 # Unstage the Registry.pol file
7078 unstage_file(reg_pol
)
7080 def test_gp_firewalld_ext(self
):
7081 local_path
= self
.lp
.cache_path('gpo_cache')
7082 guid
= '{31B2F340-016D-11D2-945F-00C04FB984F9}'
7083 reg_pol
= os
.path
.join(local_path
, policies
, guid
,
7084 'MACHINE/REGISTRY.POL')
7085 cache_dir
= self
.lp
.get('cache directory')
7086 store
= GPOStorage(os
.path
.join(cache_dir
, 'gpo.tdb'))
7088 machine_creds
= Credentials()
7089 machine_creds
.guess(self
.lp
)
7090 machine_creds
.set_machine_account()
7092 # Initialize the group policy extension
7093 ext
= gp_firewalld_ext(self
.lp
, machine_creds
,
7094 machine_creds
.get_username(), store
)
7096 gpos
= get_gpo_list(self
.server
, machine_creds
, self
.lp
,
7097 machine_creds
.get_username())
7099 # Stage the Registry.pol file with test data
7100 parser
= GPPolParser()
7101 parser
.load_xml(etree
.fromstring(firewalld_reg_pol
.strip()))
7102 ret
= stage_file(reg_pol
, ndr_pack(parser
.pol_file
))
7103 self
.assertTrue(ret
, 'Could not create the target %s' % reg_pol
)
7105 ext
.process_group_policy([], gpos
)
7107 # Check that the policy was applied
7108 firewall_cmd
= which('firewall-cmd')
7109 cmd
= [firewall_cmd
, '--get-zones']
7110 p
= Popen(cmd
, stdout
=PIPE
, stderr
=PIPE
)
7111 out
, err
= p
.communicate()
7112 self
.assertIn(b
'work', out
, 'Failed to apply zones')
7113 self
.assertIn(b
'home', out
, 'Failed to apply zones')
7115 cmd
= [firewall_cmd
, '--zone=work', '--list-interfaces']
7116 p
= Popen(cmd
, stdout
=PIPE
, stderr
=PIPE
)
7117 out
, err
= p
.communicate()
7118 self
.assertIn(b
'eth0', out
, 'Failed to set interface on zone')
7120 cmd
= [firewall_cmd
, '--zone=home', '--list-interfaces']
7121 p
= Popen(cmd
, stdout
=PIPE
, stderr
=PIPE
)
7122 out
, err
= p
.communicate()
7123 self
.assertIn(b
'eth0', out
, 'Failed to set interface on zone')
7125 cmd
= [firewall_cmd
, '--zone=work', '--list-rich-rules']
7126 p
= Popen(cmd
, stdout
=PIPE
, stderr
=PIPE
)
7127 out
, err
= p
.communicate()
7128 rule
= b
'rule family=ipv4 source address=172.25.1.7 ' + \
7129 b
'service name=ftp reject'
7130 self
.assertEqual(rule
, out
.strip(), 'Failed to set rich rule')
7132 # Verify RSOP does not fail
7133 ext
.rsop([g
for g
in gpos
if g
.name
== guid
][0])
7135 # Check that a call to gpupdate --rsop also succeeds
7137 self
.assertEqual(ret
, 0, 'gpupdate --rsop failed!')
7139 # Unapply the policy
7140 gp_db
= store
.get_gplog(machine_creds
.get_username())
7141 del_gpos
= get_deleted_gpos_list(gp_db
, [])
7142 ext
.process_group_policy(del_gpos
, [])
7144 # Check that the policy was unapplied
7145 cmd
= [firewall_cmd
, '--get-zones']
7146 p
= Popen(cmd
, stdout
=PIPE
, stderr
=PIPE
)
7147 out
, err
= p
.communicate()
7148 self
.assertNotIn(b
'work', out
, 'Failed to unapply zones')
7149 self
.assertNotIn(b
'home', out
, 'Failed to unapply zones')
7151 # Unstage the Registry.pol file
7152 unstage_file(reg_pol
)
7154 def test_advanced_gp_cert_auto_enroll_ext(self
):
7155 local_path
= self
.lp
.cache_path('gpo_cache')
7156 guid
= '{31B2F340-016D-11D2-945F-00C04FB984F9}'
7157 reg_pol
= os
.path
.join(local_path
, policies
, guid
,
7158 'MACHINE/REGISTRY.POL')
7159 cache_dir
= self
.lp
.get('cache directory')
7160 store
= GPOStorage(os
.path
.join(cache_dir
, 'gpo.tdb'))
7162 machine_creds
= Credentials()
7163 machine_creds
.guess(self
.lp
)
7164 machine_creds
.set_machine_account()
7166 # Initialize the group policy extension
7167 ext
= cae
.gp_cert_auto_enroll_ext(self
.lp
, machine_creds
,
7168 machine_creds
.get_username(), store
)
7170 gpos
= get_gpo_list(self
.server
, machine_creds
, self
.lp
,
7171 machine_creds
.get_username())
7173 admin_creds
= Credentials()
7174 admin_creds
.set_username(os
.environ
.get('DC_USERNAME'))
7175 admin_creds
.set_password(os
.environ
.get('DC_PASSWORD'))
7176 admin_creds
.set_realm(os
.environ
.get('REALM'))
7177 hostname
= get_dc_hostname(machine_creds
, self
.lp
)
7178 url
= 'ldap://%s' % hostname
7179 ldb
= Ldb(url
=url
, session_info
=system_session(),
7180 lp
=self
.lp
, credentials
=admin_creds
)
7182 # Stage the Registry.pol file with test data
7183 res
= ldb
.search('', _ldb
.SCOPE_BASE
, '(objectClass=*)',
7184 ['rootDomainNamingContext'])
7185 self
.assertTrue(len(res
) == 1, 'rootDomainNamingContext not found')
7186 res2
= ldb
.search(res
[0]['rootDomainNamingContext'][0],
7187 _ldb
.SCOPE_BASE
, '(objectClass=*)', ['objectGUID'])
7188 self
.assertTrue(len(res2
) == 1, 'objectGUID not found')
7189 objectGUID
= b
'{%s}' % \
7190 cae
.octet_string_to_objectGUID(res2
[0]['objectGUID'][0]).upper().encode()
7191 parser
= GPPolParser()
7192 parser
.load_xml(etree
.fromstring(advanced_enroll_reg_pol
.strip() % \
7193 (objectGUID
, objectGUID
, objectGUID
, objectGUID
)))
7194 ret
= stage_file(reg_pol
, ndr_pack(parser
.pol_file
))
7195 self
.assertTrue(ret
, 'Could not create the target %s' % reg_pol
)
7197 # Write the dummy CA entry
7198 confdn
= 'CN=Public Key Services,CN=Services,CN=Configuration,%s' % base_dn
7199 ca_cn
= '%s-CA' % hostname
.replace('.', '-')
7200 certa_dn
= 'CN=%s,CN=Certification Authorities,%s' % (ca_cn
, confdn
)
7201 ldb
.add({'dn': certa_dn
,
7202 'objectClass': 'certificationAuthority',
7203 'authorityRevocationList': ['XXX'],
7204 'cACertificate': b
'0\x82\x03u0\x82\x02]\xa0\x03\x02\x01\x02\x02\x10I',
7205 'certificateRevocationList': ['XXX'],
7207 # Write the dummy pKIEnrollmentService
7208 enroll_dn
= 'CN=%s,CN=Enrollment Services,%s' % (ca_cn
, confdn
)
7209 ldb
.add({'dn': enroll_dn
,
7210 'objectClass': 'pKIEnrollmentService',
7211 'cACertificate': b
'0\x82\x03u0\x82\x02]\xa0\x03\x02\x01\x02\x02\x10I',
7212 'certificateTemplates': ['Machine'],
7213 'dNSHostName': hostname
,
7215 # Write the dummy pKICertificateTemplate
7216 template_dn
= 'CN=Machine,CN=Certificate Templates,%s' % confdn
7217 ldb
.add({'dn': template_dn
,
7218 'objectClass': 'pKICertificateTemplate',
7221 with
TemporaryDirectory() as dname
:
7222 ext
.process_group_policy([], gpos
, dname
, dname
)
7223 ca_list
= [ca_cn
, 'example0-com-CA', 'example1-com-CA',
7226 ca_crt
= os
.path
.join(dname
, '%s.crt' % ca
)
7227 self
.assertTrue(os
.path
.exists(ca_crt
),
7228 'Root CA certificate was not requested')
7229 machine_crt
= os
.path
.join(dname
, '%s.Machine.crt' % ca
)
7230 self
.assertTrue(os
.path
.exists(machine_crt
),
7231 'Machine certificate was not requested')
7232 machine_key
= os
.path
.join(dname
, '%s.Machine.key' % ca
)
7233 self
.assertTrue(os
.path
.exists(machine_crt
),
7234 'Machine key was not generated')
7236 # Verify RSOP does not fail
7237 ext
.rsop([g
for g
in gpos
if g
.name
== guid
][0])
7239 # Check that a call to gpupdate --rsop also succeeds
7241 self
.assertEqual(ret
, 0, 'gpupdate --rsop failed!')
7244 gp_db
= store
.get_gplog(machine_creds
.get_username())
7245 del_gpos
= get_deleted_gpos_list(gp_db
, [])
7246 ext
.process_group_policy(del_gpos
, [], dname
)
7247 self
.assertFalse(os
.path
.exists(ca_crt
),
7248 'Root CA certificate was not removed')
7249 self
.assertFalse(os
.path
.exists(machine_crt
),
7250 'Machine certificate was not removed')
7251 self
.assertFalse(os
.path
.exists(machine_crt
),
7252 'Machine key was not removed')
7253 out
, _
= Popen(['getcert', 'list-cas'], stdout
=PIPE
).communicate()
7255 self
.assertNotIn(get_bytes(ca
), out
, 'CA was not removed')
7256 out
, _
= Popen(['getcert', 'list'], stdout
=PIPE
).communicate()
7257 self
.assertNotIn(b
'Machine', out
,
7258 'Machine certificate not removed')
7260 # Remove the dummy CA, pKIEnrollmentService, and pKICertificateTemplate
7261 ldb
.delete(certa_dn
)
7262 ldb
.delete(enroll_dn
)
7263 ldb
.delete(template_dn
)
7265 # Unstage the Registry.pol file
7266 unstage_file(reg_pol
)
7268 def test_gp_centrify_sudoers_ext(self
):
7269 local_path
= self
.lp
.cache_path('gpo_cache')
7270 guid
= '{31B2F340-016D-11D2-945F-00C04FB984F9}'
7271 reg_pol
= os
.path
.join(local_path
, policies
, guid
,
7272 'MACHINE/REGISTRY.POL')
7273 cache_dir
= self
.lp
.get('cache directory')
7274 store
= GPOStorage(os
.path
.join(cache_dir
, 'gpo.tdb'))
7276 machine_creds
= Credentials()
7277 machine_creds
.guess(self
.lp
)
7278 machine_creds
.set_machine_account()
7280 # Initialize the group policy extension
7281 ext
= gp_centrify_sudoers_ext(self
.lp
, machine_creds
,
7282 machine_creds
.get_username(), store
)
7284 gpos
= get_gpo_list(self
.server
, machine_creds
, self
.lp
,
7285 machine_creds
.get_username())
7287 # Stage the Registry.pol file with test data
7290 e1
.keyname
= b
'Software\\Policies\\Centrify\\UnixSettings'
7291 e1
.valuename
= b
'sudo.enabled'
7295 e2
.keyname
= b
'Software\\Policies\\Centrify\\UnixSettings\\SuDo'
7298 e2
.data
= b
'fakeu ALL=(ALL) NOPASSWD: ALL'
7299 stage
.num_entries
= 2
7300 stage
.entries
= [e1
, e2
]
7301 ret
= stage_file(reg_pol
, ndr_pack(stage
))
7302 self
.assertTrue(ret
, 'Could not create the target %s' % reg_pol
)
7304 # Process all gpos, with temp output directory
7305 with
TemporaryDirectory() as dname
:
7306 ext
.process_group_policy([], gpos
, dname
)
7307 sudoers
= os
.listdir(dname
)
7308 self
.assertEqual(len(sudoers
), 1, 'The sudoer file was not created')
7309 sudoers_file
= os
.path
.join(dname
, sudoers
[0])
7310 self
.assertIn(e2
.data
, open(sudoers_file
, 'r').read(),
7311 'The sudoers entry was not applied')
7313 # Remove the sudoers file, and make sure a re-apply puts it back
7314 os
.unlink(sudoers_file
)
7315 ext
.process_group_policy([], gpos
, dname
)
7316 sudoers
= os
.listdir(dname
)
7317 self
.assertEqual(len(sudoers
), 1,
7318 'The sudoer file was not recreated')
7319 sudoers_file
= os
.path
.join(dname
, sudoers
[0])
7320 self
.assertIn(e2
.data
, open(sudoers_file
, 'r').read(),
7321 'The sudoers entry was not reapplied')
7323 # Check that a call to gpupdate --rsop also succeeds
7325 self
.assertEqual(ret
, 0, 'gpupdate --rsop failed!')
7328 gp_db
= store
.get_gplog(machine_creds
.get_username())
7329 del_gpos
= get_deleted_gpos_list(gp_db
, [])
7330 ext
.process_group_policy(del_gpos
, [])
7331 self
.assertEqual(len(os
.listdir(dname
)), 0,
7332 'Unapply failed to cleanup scripts')
7334 # Unstage the Registry.pol file
7335 unstage_file(reg_pol
)
7337 def test_gp_centrify_crontab_ext(self
):
7338 local_path
= self
.lp
.cache_path('gpo_cache')
7339 guid
= '{31B2F340-016D-11D2-945F-00C04FB984F9}'
7340 reg_pol
= os
.path
.join(local_path
, policies
, guid
,
7341 'MACHINE/REGISTRY.POL')
7342 cache_dir
= self
.lp
.get('cache directory')
7343 store
= GPOStorage(os
.path
.join(cache_dir
, 'gpo.tdb'))
7345 machine_creds
= Credentials()
7346 machine_creds
.guess(self
.lp
)
7347 machine_creds
.set_machine_account()
7349 # Initialize the group policy extension
7350 ext
= gp_centrify_crontab_ext(self
.lp
, machine_creds
,
7351 machine_creds
.get_username(), store
)
7353 gpos
= get_gpo_list(self
.server
, machine_creds
, self
.lp
,
7354 machine_creds
.get_username())
7356 # Stage the Registry.pol file with test data
7360 b
'Software\\Policies\\Centrify\\UnixSettings\\CrontabEntries'
7361 e
.valuename
= b
'Command1'
7363 e
.data
= b
'17 * * * * root echo hello world'
7364 stage
.num_entries
= 1
7366 ret
= stage_file(reg_pol
, ndr_pack(stage
))
7367 self
.assertTrue(ret
, 'Could not create the target %s' % reg_pol
)
7369 # Process all gpos, with temp output directory
7370 with
TemporaryDirectory() as dname
:
7371 ext
.process_group_policy([], gpos
, dname
)
7372 cron_entries
= os
.listdir(dname
)
7373 self
.assertEqual(len(cron_entries
), 1, 'Cron entry not created')
7374 fname
= os
.path
.join(dname
, cron_entries
[0])
7375 data
= open(fname
, 'rb').read()
7376 self
.assertIn(get_bytes(e
.data
), data
, 'Cron entry is missing')
7378 # Check that a call to gpupdate --rsop also succeeds
7380 self
.assertEqual(ret
, 0, 'gpupdate --rsop failed!')
7383 gp_db
= store
.get_gplog(machine_creds
.get_username())
7384 del_gpos
= get_deleted_gpos_list(gp_db
, [])
7385 ext
.process_group_policy(del_gpos
, [])
7386 self
.assertEqual(len(os
.listdir(dname
)), 0,
7387 'Unapply failed to cleanup script')
7389 # Unstage the Registry.pol file
7390 unstage_file(reg_pol
)
7392 def test_gp_user_centrify_crontab_ext(self
):
7393 local_path
= self
.lp
.cache_path('gpo_cache')
7394 guid
= '{31B2F340-016D-11D2-945F-00C04FB984F9}'
7395 reg_pol
= os
.path
.join(local_path
, policies
, guid
,
7396 'USER/REGISTRY.POL')
7397 cache_dir
= self
.lp
.get('cache directory')
7398 store
= GPOStorage(os
.path
.join(cache_dir
, 'gpo.tdb'))
7400 machine_creds
= Credentials()
7401 machine_creds
.guess(self
.lp
)
7402 machine_creds
.set_machine_account()
7404 # Initialize the group policy extension
7405 ext
= gp_user_centrify_crontab_ext(self
.lp
, machine_creds
,
7406 os
.environ
.get('DC_USERNAME'),
7409 gpos
= get_gpo_list(self
.server
, machine_creds
, self
.lp
,
7410 machine_creds
.get_username())
7412 # Stage the Registry.pol file with test data
7416 b
'Software\\Policies\\Centrify\\UnixSettings\\CrontabEntries'
7417 e
.valuename
= b
'Command1'
7419 e
.data
= b
'17 * * * * echo hello world'
7420 stage
.num_entries
= 1
7422 ret
= stage_file(reg_pol
, ndr_pack(stage
))
7423 self
.assertTrue(ret
, 'Could not create the target %s' % reg_pol
)
7425 # Process all gpos, intentionally skipping the privilege drop
7426 ext
.process_group_policy([], gpos
)
7427 # Dump the fake crontab setup for testing
7428 p
= Popen(['crontab', '-l'], stdout
=PIPE
)
7429 crontab
, _
= p
.communicate()
7430 self
.assertIn(get_bytes(e
.data
), crontab
,
7431 'The crontab entry was not installed')
7433 # Check that a call to gpupdate --rsop also succeeds
7435 self
.assertEqual(ret
, 0, 'gpupdate --rsop failed!')
7438 gp_db
= store
.get_gplog(os
.environ
.get('DC_USERNAME'))
7439 del_gpos
= get_deleted_gpos_list(gp_db
, [])
7440 ext
.process_group_policy(del_gpos
, [])
7441 # Dump the fake crontab setup for testing
7442 p
= Popen(['crontab', '-l'], stdout
=PIPE
)
7443 crontab
, _
= p
.communicate()
7444 self
.assertNotIn(get_bytes(e
.data
), crontab
,
7445 'Unapply failed to cleanup crontab entry')
7447 # Unstage the Registry.pol file
7448 unstage_file(reg_pol
)