1 # Unix SMB/CIFS implementation. Tests for smb manipulation
2 # Copyright (C) David Mulder <dmulder@suse.com> 2018
4 # This program is free software; you can redistribute it and/or modify
5 # it under the terms of the GNU General Public License as published by
6 # the Free Software Foundation; either version 3 of the License, or
7 # (at your option) any later version.
9 # This program is distributed in the hope that it will be useful,
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 # GNU General Public License for more details.
14 # You should have received a copy of the GNU General Public License
15 # along with this program. If not, see <http://www.gnu.org/licenses/>.
19 from samba
import gpo
, tests
20 from samba
.gp
.gpclass
import register_gp_extension
, list_gp_extensions
, \
21 unregister_gp_extension
, GPOStorage
, get_gpo_list
22 from samba
.param
import LoadParm
23 from samba
.gp
.gpclass
import check_refresh_gpo_list
, check_safe_path
, \
24 check_guid
, parse_gpext_conf
, atomic_write_conf
, get_deleted_gpos_list
25 from subprocess
import Popen
, PIPE
26 from tempfile
import NamedTemporaryFile
, TemporaryDirectory
27 from samba
.gp
import gpclass
28 # Disable privilege dropping for testing
29 gpclass
.drop_privileges
= lambda _
, func
, *args
: func(*args
)
30 from samba
.gp
.gp_sec_ext
import gp_krb_ext
, gp_access_ext
31 from samba
.gp
.gp_scripts_ext
import gp_scripts_ext
, gp_user_scripts_ext
32 from samba
.gp
.gp_sudoers_ext
import gp_sudoers_ext
33 from samba
.gp
.vgp_sudoers_ext
import vgp_sudoers_ext
34 from samba
.gp
.vgp_symlink_ext
import vgp_symlink_ext
35 from samba
.gp
.gpclass
import gp_inf_ext
36 from samba
.gp
.gp_smb_conf_ext
import gp_smb_conf_ext
37 from samba
.gp
.vgp_files_ext
import vgp_files_ext
38 from samba
.gp
.vgp_openssh_ext
import vgp_openssh_ext
39 from samba
.gp
.vgp_startup_scripts_ext
import vgp_startup_scripts_ext
40 from samba
.gp
.vgp_motd_ext
import vgp_motd_ext
41 from samba
.gp
.vgp_issue_ext
import vgp_issue_ext
42 from samba
.gp
.vgp_access_ext
import vgp_access_ext
43 from samba
.gp
.gp_gnome_settings_ext
import gp_gnome_settings_ext
44 from samba
.gp
import gp_cert_auto_enroll_ext
as cae
45 from samba
.gp
.gp_firefox_ext
import gp_firefox_ext
46 from samba
.gp
.gp_chromium_ext
import gp_chromium_ext
47 from samba
.gp
.gp_firewalld_ext
import gp_firewalld_ext
48 from samba
.credentials
import Credentials
49 from samba
.gp
.gp_msgs_ext
import gp_msgs_ext
50 from samba
.gp
.gp_centrify_sudoers_ext
import gp_centrify_sudoers_ext
51 from samba
.gp
.gp_centrify_crontab_ext
import gp_centrify_crontab_ext
, \
52 gp_user_centrify_crontab_ext
53 from samba
.common
import get_bytes
54 from samba
.dcerpc
import preg
55 from samba
.ndr
import ndr_pack
57 from shutil
import copyfile
58 import xml
.etree
.ElementTree
as etree
60 from samba
.gp_parse
.gp_pol
import GPPolParser
62 from configparser
import ConfigParser
63 from samba
.gp
.gpclass
import get_dc_hostname
66 from samba
.auth
import system_session
68 from shutil
import which
70 from cryptography
import x509
71 from cryptography
.hazmat
.primitives
import hashes
72 from cryptography
.hazmat
.backends
import default_backend
73 from cryptography
.hazmat
.primitives
.asymmetric
import rsa
74 from cryptography
.hazmat
.primitives
.serialization
import Encoding
75 from datetime
import datetime
, timedelta
76 from samba
.samba3
import param
as s3param
78 def dummy_certificate():
80 x509
.NameAttribute(x509
.NameOID
.COMMON_NAME
,
81 os
.environ
.get('SERVER'))
83 cons
= x509
.BasicConstraints(ca
=True, path_length
=0)
84 now
= datetime
.utcnow()
86 key
= rsa
.generate_private_key(public_exponent
=65537, key_size
=2048,
87 backend
=default_backend())
90 x509
.CertificateBuilder()
93 .public_key(key
.public_key())
95 .not_valid_before(now
)
96 .not_valid_after(now
+ timedelta(seconds
=300))
97 .add_extension(cons
, False)
98 .sign(key
, hashes
.SHA256(), default_backend())
101 return cert
.public_bytes(encoding
=Encoding
.DER
)
103 # Dummy requests structure for Certificate Auto Enrollment
104 class dummy_requests(object):
105 class exceptions(object):
106 ConnectionError
= Exception
108 def __init__(self
, want_exception
=False):
109 self
.want_exception
= want_exception
111 def get(self
, url
=None, params
=None):
112 if self
.want_exception
:
113 raise self
.exceptions
.ConnectionError
115 dummy
= requests
.Response()
116 dummy
._content
= dummy_certificate()
117 dummy
.headers
= {'Content-Type': 'application/x-x509-ca-cert'}
120 realm
= os
.environ
.get('REALM')
121 policies
= realm
+ '/POLICIES'
122 realm
= realm
.lower()
123 poldir
= r
'\\{0}\sysvol\{0}\Policies'.format(realm
)
124 # the first part of the base DN varies by testenv. Work it out from the realm
125 base_dn
= 'DC={0},DC=samba,DC=example,DC=com'.format(realm
.split('.')[0])
126 dspath
= 'CN=Policies,CN=System,' + base_dn
127 gpt_data
= '[General]\nVersion=%d'
129 gnome_test_reg_pol
= \
131 <?xml version="1.0" encoding="utf-8"?>
132 <PolFile num_entries="26" signature="PReg" version="1">
133 <Entry type="4" type_name="REG_DWORD">
134 <Key>GNOME Settings\Lock Down Settings</Key>
135 <ValueName>Lock Down Enabled Extensions</ValueName>
138 <Entry type="4" type_name="REG_DWORD">
139 <Key>GNOME Settings\Lock Down Settings</Key>
140 <ValueName>Lock Down Specific Settings</ValueName>
143 <Entry type="4" type_name="REG_DWORD">
144 <Key>GNOME Settings\Lock Down Settings</Key>
145 <ValueName>Disable Printing</ValueName>
148 <Entry type="4" type_name="REG_DWORD">
149 <Key>GNOME Settings\Lock Down Settings</Key>
150 <ValueName>Disable File Saving</ValueName>
153 <Entry type="4" type_name="REG_DWORD">
154 <Key>GNOME Settings\Lock Down Settings</Key>
155 <ValueName>Disable Command-Line Access</ValueName>
158 <Entry type="4" type_name="REG_DWORD">
159 <Key>GNOME Settings\Lock Down Settings</Key>
160 <ValueName>Disallow Login Using a Fingerprint</ValueName>
163 <Entry type="4" type_name="REG_DWORD">
164 <Key>GNOME Settings\Lock Down Settings</Key>
165 <ValueName>Disable User Logout</ValueName>
168 <Entry type="4" type_name="REG_DWORD">
169 <Key>GNOME Settings\Lock Down Settings</Key>
170 <ValueName>Disable User Switching</ValueName>
173 <Entry type="4" type_name="REG_DWORD">
174 <Key>GNOME Settings\Lock Down Settings</Key>
175 <ValueName>Disable Repartitioning</ValueName>
178 <Entry type="4" type_name="REG_DWORD">
179 <Key>GNOME Settings\Lock Down Settings</Key>
180 <ValueName>Whitelisted Online Accounts</ValueName>
183 <Entry type="4" type_name="REG_DWORD">
184 <Key>GNOME Settings\Lock Down Settings</Key>
185 <ValueName>Compose Key</ValueName>
188 <Entry type="4" type_name="REG_DWORD">
189 <Key>GNOME Settings\Lock Down Settings</Key>
190 <ValueName>Dim Screen when User is Idle</ValueName>
193 <Entry type="4" type_name="REG_DWORD">
194 <Key>GNOME Settings\Lock Down Settings</Key>
195 <ValueName>Enabled Extensions</ValueName>
198 <Entry type="1" type_name="REG_SZ">
199 <Key>GNOME Settings\Lock Down Settings\Compose Key</Key>
200 <ValueName>Key Name</ValueName>
201 <Value>Right Alt</Value>
203 <Entry type="4" type_name="REG_DWORD">
204 <Key>GNOME Settings\Lock Down Settings\Dim Screen when User is Idle</Key>
205 <ValueName>Delay</ValueName>
208 <Entry type="4" type_name="REG_DWORD">
209 <Key>GNOME Settings\Lock Down Settings\Dim Screen when User is Idle</Key>
210 <ValueName>Dim Idle Brightness</ValueName>
213 <Entry type="1" type_name="REG_SZ">
214 <Key>GNOME Settings\Lock Down Settings\Enabled Extensions</Key>
215 <ValueName>**delvals.</ValueName>
218 <Entry type="1" type_name="REG_SZ">
219 <Key>GNOME Settings\Lock Down Settings\Enabled Extensions</Key>
220 <ValueName>myextension1@myname.example.com</ValueName>
221 <Value>myextension1@myname.example.com</Value>
223 <Entry type="1" type_name="REG_SZ">
224 <Key>GNOME Settings\Lock Down Settings\Enabled Extensions</Key>
225 <ValueName>myextension2@myname.example.com</ValueName>
226 <Value>myextension2@myname.example.com</Value>
228 <Entry type="1" type_name="REG_SZ">
229 <Key>GNOME Settings\Lock Down Settings\Lock Down Specific Settings</Key>
230 <ValueName>**delvals.</ValueName>
233 <Entry type="1" type_name="REG_SZ">
234 <Key>GNOME Settings\Lock Down Settings\Lock Down Specific Settings</Key>
235 <ValueName>/org/gnome/desktop/background/picture-uri</ValueName>
236 <Value>/org/gnome/desktop/background/picture-uri</Value>
238 <Entry type="1" type_name="REG_SZ">
239 <Key>GNOME Settings\Lock Down Settings\Lock Down Specific Settings</Key>
240 <ValueName>/org/gnome/desktop/background/picture-options</ValueName>
241 <Value>/org/gnome/desktop/background/picture-options</Value>
243 <Entry type="1" type_name="REG_SZ">
244 <Key>GNOME Settings\Lock Down Settings\Lock Down Specific Settings</Key>
245 <ValueName>/org/gnome/desktop/background/primary-color</ValueName>
246 <Value>/org/gnome/desktop/background/primary-color</Value>
248 <Entry type="1" type_name="REG_SZ">
249 <Key>GNOME Settings\Lock Down Settings\Lock Down Specific Settings</Key>
250 <ValueName>/org/gnome/desktop/background/secondary-color</ValueName>
251 <Value>/org/gnome/desktop/background/secondary-color</Value>
253 <Entry type="1" type_name="REG_SZ">
254 <Key>GNOME Settings\Lock Down Settings\Whitelisted Online Accounts</Key>
255 <ValueName>**delvals.</ValueName>
258 <Entry type="1" type_name="REG_SZ">
259 <Key>GNOME Settings\Lock Down Settings\Whitelisted Online Accounts</Key>
260 <ValueName>google</ValueName>
261 <Value>google</Value>
266 auto_enroll_reg_pol
= \
268 <?xml version="1.0" encoding="utf-8"?>
269 <PolFile num_entries="3" signature="PReg" version="1">
270 <Entry type="4" type_name="REG_DWORD">
271 <Key>Software\Policies\Microsoft\Cryptography\AutoEnrollment</Key>
272 <ValueName>AEPolicy</ValueName>
275 <Entry type="4" type_name="REG_DWORD">
276 <Key>Software\Policies\Microsoft\Cryptography\AutoEnrollment</Key>
277 <ValueName>OfflineExpirationPercent</ValueName>
280 <Entry type="1" type_name="REG_SZ">
281 <Key>Software\Policies\Microsoft\Cryptography\AutoEnrollment</Key>
282 <ValueName>OfflineExpirationStoreNames</ValueName>
288 auto_enroll_unchecked_reg_pol
= \
290 <?xml version="1.0" encoding="utf-8"?>
291 <PolFile num_entries="3" signature="PReg" version="1">
292 <Entry type="4" type_name="REG_DWORD">
293 <Key>Software\Policies\Microsoft\Cryptography\AutoEnrollment</Key>
294 <ValueName>AEPolicy</ValueName>
297 <Entry type="4" type_name="REG_DWORD">
298 <Key>Software\Policies\Microsoft\Cryptography\AutoEnrollment</Key>
299 <ValueName>OfflineExpirationPercent</ValueName>
302 <Entry type="1" type_name="REG_SZ">
303 <Key>Software\Policies\Microsoft\Cryptography\AutoEnrollment</Key>
304 <ValueName>OfflineExpirationStoreNames</ValueName>
310 advanced_enroll_reg_pol
= \
312 <?xml version="1.0" encoding="utf-8"?>
313 <PolFile num_entries="30" signature="PReg" version="1">
314 <Entry type="1" type_name="REG_SZ">
315 <Key>Software\Policies\Microsoft\Cryptography</Key>
316 <ValueName>**DeleteKeys</ValueName>
317 <Value>Software\Policies\Microsoft\Cryptography\PolicyServers</Value>
319 <Entry type="4" type_name="REG_DWORD">
320 <Key>Software\Policies\Microsoft\Cryptography\AutoEnrollment</Key>
321 <ValueName>AEPolicy</ValueName>
324 <Entry type="4" type_name="REG_DWORD">
325 <Key>Software\Policies\Microsoft\Cryptography\AutoEnrollment</Key>
326 <ValueName>OfflineExpirationPercent</ValueName>
329 <Entry type="1" type_name="REG_SZ">
330 <Key>Software\Policies\Microsoft\Cryptography\AutoEnrollment</Key>
331 <ValueName>OfflineExpirationStoreNames</ValueName>
334 <Entry type="1" type_name="REG_SZ">
335 <Key>Software\Policies\Microsoft\Cryptography\PolicyServers</Key>
337 <Value>{5AD0BE6D-3393-4940-BFC3-6E19555A8919}</Value>
339 <Entry type="4" type_name="REG_DWORD">
340 <Key>Software\Policies\Microsoft\Cryptography\PolicyServers</Key>
341 <ValueName>Flags</ValueName>
344 <Entry type="1" type_name="REG_SZ">
345 <Key>Software\Policies\Microsoft\Cryptography\PolicyServers\37c9dc30f207f27f61a2f7c3aed598a6e2920b54</Key>
346 <ValueName>URL</ValueName>
349 <Entry type="1" type_name="REG_SZ">
350 <Key>Software\Policies\Microsoft\Cryptography\PolicyServers\37c9dc30f207f27f61a2f7c3aed598a6e2920b54</Key>
351 <ValueName>PolicyID</ValueName>
354 <Entry type="1" type_name="REG_SZ">
355 <Key>Software\Policies\Microsoft\Cryptography\PolicyServers\37c9dc30f207f27f61a2f7c3aed598a6e2920b54</Key>
356 <ValueName>FriendlyName</ValueName>
357 <Value>Example</Value>
359 <Entry type="4" type_name="REG_DWORD">
360 <Key>Software\Policies\Microsoft\Cryptography\PolicyServers\37c9dc30f207f27f61a2f7c3aed598a6e2920b54</Key>
361 <ValueName>Flags</ValueName>
364 <Entry type="4" type_name="REG_DWORD">
365 <Key>Software\Policies\Microsoft\Cryptography\PolicyServers\37c9dc30f207f27f61a2f7c3aed598a6e2920b54</Key>
366 <ValueName>AuthFlags</ValueName>
369 <Entry type="4" type_name="REG_DWORD">
370 <Key>Software\Policies\Microsoft\Cryptography\PolicyServers\37c9dc30f207f27f61a2f7c3aed598a6e2920b54</Key>
371 <ValueName>Cost</ValueName>
372 <Value>2147483645</Value>
374 <Entry type="1" type_name="REG_SZ">
375 <Key>Software\Policies\Microsoft\Cryptography\PolicyServers\144bdbb8e4717c26e408f3c9a0cb8d6cfacbcbbe</Key>
376 <ValueName>URL</ValueName>
377 <Value>https://example2.com/ADPolicyProvider_CEP_Certificate/service.svc/CEP</Value>
379 <Entry type="1" type_name="REG_SZ">
380 <Key>Software\Policies\Microsoft\Cryptography\PolicyServers\144bdbb8e4717c26e408f3c9a0cb8d6cfacbcbbe</Key>
381 <ValueName>PolicyID</ValueName>
384 <Entry type="1" type_name="REG_SZ">
385 <Key>Software\Policies\Microsoft\Cryptography\PolicyServers\144bdbb8e4717c26e408f3c9a0cb8d6cfacbcbbe</Key>
386 <ValueName>FriendlyName</ValueName>
387 <Value>Example2</Value>
389 <Entry type="4" type_name="REG_DWORD">
390 <Key>Software\Policies\Microsoft\Cryptography\PolicyServers\144bdbb8e4717c26e408f3c9a0cb8d6cfacbcbbe</Key>
391 <ValueName>Flags</ValueName>
394 <Entry type="4" type_name="REG_DWORD">
395 <Key>Software\Policies\Microsoft\Cryptography\PolicyServers\144bdbb8e4717c26e408f3c9a0cb8d6cfacbcbbe</Key>
396 <ValueName>AuthFlags</ValueName>
399 <Entry type="4" type_name="REG_DWORD">
400 <Key>Software\Policies\Microsoft\Cryptography\PolicyServers\144bdbb8e4717c26e408f3c9a0cb8d6cfacbcbbe</Key>
401 <ValueName>Cost</ValueName>
404 <Entry type="1" type_name="REG_SZ">
405 <Key>Software\Policies\Microsoft\Cryptography\PolicyServers\20d46e856e9b9746c0b1265c328f126a7b3283a9</Key>
406 <ValueName>URL</ValueName>
407 <Value>https://example0.com/ADPolicyProvider_CEP_Kerberos/service.svc/CEP</Value>
409 <Entry type="1" type_name="REG_SZ">
410 <Key>Software\Policies\Microsoft\Cryptography\PolicyServers\20d46e856e9b9746c0b1265c328f126a7b3283a9</Key>
411 <ValueName>PolicyID</ValueName>
414 <Entry type="1" type_name="REG_SZ">
415 <Key>Software\Policies\Microsoft\Cryptography\PolicyServers\20d46e856e9b9746c0b1265c328f126a7b3283a9</Key>
416 <ValueName>FriendlyName</ValueName>
417 <Value>Example0</Value>
419 <Entry type="4" type_name="REG_DWORD">
420 <Key>Software\Policies\Microsoft\Cryptography\PolicyServers\20d46e856e9b9746c0b1265c328f126a7b3283a9</Key>
421 <ValueName>Flags</ValueName>
424 <Entry type="4" type_name="REG_DWORD">
425 <Key>Software\Policies\Microsoft\Cryptography\PolicyServers\20d46e856e9b9746c0b1265c328f126a7b3283a9</Key>
426 <ValueName>AuthFlags</ValueName>
429 <Entry type="4" type_name="REG_DWORD">
430 <Key>Software\Policies\Microsoft\Cryptography\PolicyServers\20d46e856e9b9746c0b1265c328f126a7b3283a9</Key>
431 <ValueName>Cost</ValueName>
434 <Entry type="1" type_name="REG_SZ">
435 <Key>Software\Policies\Microsoft\Cryptography\PolicyServers\855b5246433a48402ac4f5c3427566df26ccc9ac</Key>
436 <ValueName>URL</ValueName>
437 <Value>https://example1.com/ADPolicyProvider_CEP_Kerberos/service.svc/CEP</Value>
439 <Entry type="1" type_name="REG_SZ">
440 <Key>Software\Policies\Microsoft\Cryptography\PolicyServers\855b5246433a48402ac4f5c3427566df26ccc9ac</Key>
441 <ValueName>PolicyID</ValueName>
444 <Entry type="1" type_name="REG_SZ">
445 <Key>Software\Policies\Microsoft\Cryptography\PolicyServers\855b5246433a48402ac4f5c3427566df26ccc9ac</Key>
446 <ValueName>FriendlyName</ValueName>
447 <Value>Example1</Value>
449 <Entry type="4" type_name="REG_DWORD">
450 <Key>Software\Policies\Microsoft\Cryptography\PolicyServers\855b5246433a48402ac4f5c3427566df26ccc9ac</Key>
451 <ValueName>Flags</ValueName>
454 <Entry type="4" type_name="REG_DWORD">
455 <Key>Software\Policies\Microsoft\Cryptography\PolicyServers\855b5246433a48402ac4f5c3427566df26ccc9ac</Key>
456 <ValueName>AuthFlags</ValueName>
459 <Entry type="4" type_name="REG_DWORD">
460 <Key>Software\Policies\Microsoft\Cryptography\PolicyServers\855b5246433a48402ac4f5c3427566df26ccc9ac</Key>
461 <ValueName>Cost</ValueName>
469 <?xml version="1.0" encoding="utf-8"?>
470 <PolFile num_entries="241" signature="PReg" version="1">
471 <Entry type="7" type_name="REG_MULTI_SZ">
472 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
473 <ValueName>ExtensionSettings</ValueName>
474 <Value>{ "*": { "blocked_install_message": "Custom error message.", "install_sources": ["about:addons","https://addons.mozilla.org/"], "installation_mode": "blocked", "allowed_types": ["extension"] }, "uBlock0@raymondhill.net": { "installation_mode": "force_installed", "install_url": "https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi" }, "https-everywhere@eff.org": { "installation_mode": "allowed" } }</Value>
476 <Entry type="4" type_name="REG_DWORD">
477 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
478 <ValueName>ExtensionUpdate</ValueName>
481 <Entry type="4" type_name="REG_DWORD">
482 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
483 <ValueName>SearchSuggestEnabled</ValueName>
486 <Entry type="4" type_name="REG_DWORD">
487 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
488 <ValueName>AppAutoUpdate</ValueName>
491 <Entry type="1" type_name="REG_SZ">
492 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
493 <ValueName>AppUpdateURL</ValueName>
494 <Value>https://yoursite.com</Value>
496 <Entry type="4" type_name="REG_DWORD">
497 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
498 <ValueName>BlockAboutAddons</ValueName>
501 <Entry type="4" type_name="REG_DWORD">
502 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
503 <ValueName>BlockAboutConfig</ValueName>
506 <Entry type="4" type_name="REG_DWORD">
507 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
508 <ValueName>BlockAboutProfiles</ValueName>
511 <Entry type="4" type_name="REG_DWORD">
512 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
513 <ValueName>BlockAboutSupport</ValueName>
516 <Entry type="4" type_name="REG_DWORD">
517 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
518 <ValueName>CaptivePortal</ValueName>
521 <Entry type="2" type_name="REG_EXPAND_SZ">
522 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
523 <ValueName>DefaultDownloadDirectory</ValueName>
524 <Value>${home}/Downloads</Value>
526 <Entry type="4" type_name="REG_DWORD">
527 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
528 <ValueName>DisableAppUpdate</ValueName>
531 <Entry type="4" type_name="REG_DWORD">
532 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
533 <ValueName>DisableBuiltinPDFViewer</ValueName>
536 <Entry type="4" type_name="REG_DWORD">
537 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
538 <ValueName>DisableDefaultBrowserAgent</ValueName>
541 <Entry type="4" type_name="REG_DWORD">
542 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
543 <ValueName>DisableDeveloperTools</ValueName>
546 <Entry type="4" type_name="REG_DWORD">
547 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
548 <ValueName>DisableFeedbackCommands</ValueName>
551 <Entry type="4" type_name="REG_DWORD">
552 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
553 <ValueName>DisableFirefoxAccounts</ValueName>
556 <Entry type="4" type_name="REG_DWORD">
557 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
558 <ValueName>DisableFirefoxScreenshots</ValueName>
561 <Entry type="4" type_name="REG_DWORD">
562 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
563 <ValueName>DisableFirefoxStudies</ValueName>
566 <Entry type="4" type_name="REG_DWORD">
567 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
568 <ValueName>DisableForgetButton</ValueName>
571 <Entry type="4" type_name="REG_DWORD">
572 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
573 <ValueName>DisableFormHistory</ValueName>
576 <Entry type="4" type_name="REG_DWORD">
577 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
578 <ValueName>DisableMasterPasswordCreation</ValueName>
581 <Entry type="4" type_name="REG_DWORD">
582 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
583 <ValueName>DisablePasswordReveal</ValueName>
586 <Entry type="4" type_name="REG_DWORD">
587 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
588 <ValueName>DisablePocket</ValueName>
591 <Entry type="4" type_name="REG_DWORD">
592 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
593 <ValueName>DisablePrivateBrowsing</ValueName>
596 <Entry type="4" type_name="REG_DWORD">
597 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
598 <ValueName>DisableProfileImport</ValueName>
601 <Entry type="4" type_name="REG_DWORD">
602 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
603 <ValueName>DisableProfileRefresh</ValueName>
606 <Entry type="4" type_name="REG_DWORD">
607 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
608 <ValueName>DisableSafeMode</ValueName>
611 <Entry type="4" type_name="REG_DWORD">
612 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
613 <ValueName>DisableSetDesktopBackground</ValueName>
616 <Entry type="4" type_name="REG_DWORD">
617 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
618 <ValueName>DisableSystemAddonUpdate</ValueName>
621 <Entry type="4" type_name="REG_DWORD">
622 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
623 <ValueName>DisableTelemetry</ValueName>
626 <Entry type="4" type_name="REG_DWORD">
627 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
628 <ValueName>DisplayBookmarksToolbar</ValueName>
631 <Entry type="1" type_name="REG_SZ">
632 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
633 <ValueName>DisplayMenuBar</ValueName>
634 <Value>default-on</Value>
636 <Entry type="4" type_name="REG_DWORD">
637 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
638 <ValueName>DontCheckDefaultBrowser</ValueName>
641 <Entry type="2" type_name="REG_EXPAND_SZ">
642 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
643 <ValueName>DownloadDirectory</ValueName>
644 <Value>${home}/Downloads</Value>
646 <Entry type="7" type_name="REG_MULTI_SZ">
647 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
648 <ValueName>Handlers</ValueName>
649 <Value>{ "mimeTypes": { "application/msword": { "action": "useSystemDefault", "ask": true } }, "schemes": { "mailto": { "action": "useHelperApp", "ask": true, "handlers": [{ "name": "Gmail", "uriTemplate": "https://mail.google.com/mail/?extsrc=mailto&url=%s" }] } }, "extensions": { "pdf": { "action": "useHelperApp", "ask": true, "handlers": [{ "name": "Adobe Acrobat", "path": "/usr/bin/acroread" }] } } }</Value>
651 <Entry type="4" type_name="REG_DWORD">
652 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
653 <ValueName>HardwareAcceleration</ValueName>
656 <Entry type="7" type_name="REG_MULTI_SZ">
657 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
658 <ValueName>ManagedBookmarks</ValueName>
659 <Value>[ { "toplevel_name": "My managed bookmarks folder" }, { "url": "example.com", "name": "Example" }, { "name": "Mozilla links", "children": [ { "url": "https://mozilla.org", "name": "Mozilla.org" }, { "url": "https://support.mozilla.org/", "name": "SUMO" } ] } ]</Value>
661 <Entry type="4" type_name="REG_DWORD">
662 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
663 <ValueName>NetworkPrediction</ValueName>
666 <Entry type="4" type_name="REG_DWORD">
667 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
668 <ValueName>NewTabPage</ValueName>
671 <Entry type="4" type_name="REG_DWORD">
672 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
673 <ValueName>NoDefaultBookmarks</ValueName>
676 <Entry type="4" type_name="REG_DWORD">
677 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
678 <ValueName>OfferToSaveLogins</ValueName>
681 <Entry type="4" type_name="REG_DWORD">
682 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
683 <ValueName>OfferToSaveLoginsDefault</ValueName>
686 <Entry type="1" type_name="REG_SZ">
687 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
688 <ValueName>OverrideFirstRunPage</ValueName>
689 <Value>http://example.org</Value>
691 <Entry type="1" type_name="REG_SZ">
692 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
693 <ValueName>OverridePostUpdatePage</ValueName>
694 <Value>http://example.org</Value>
696 <Entry type="4" type_name="REG_DWORD">
697 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
698 <ValueName>PasswordManagerEnabled</ValueName>
701 <Entry type="7" type_name="REG_MULTI_SZ">
702 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
703 <ValueName>Preferences</ValueName>
704 <Value>{ "accessibility.force_disabled": { "Value": 1, "Status": "default" }, "browser.cache.disk.parent_directory": { "Value": "SOME_NATIVE_PATH", "Status": "user" }, "browser.tabs.warnOnClose": { "Value": false, "Status": "locked" } }</Value>
706 <Entry type="4" type_name="REG_DWORD">
707 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
708 <ValueName>PrimaryPassword</ValueName>
711 <Entry type="4" type_name="REG_DWORD">
712 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
713 <ValueName>PromptForDownloadLocation</ValueName>
716 <Entry type="1" type_name="REG_SZ">
717 <Key>Software\\Policies\\Mozilla\\Firefox\\RequestedLocales</Key>
718 <ValueName>**delvals.</ValueName>
721 <Entry type="1" type_name="REG_SZ">
722 <Key>Software\\Policies\\Mozilla\\Firefox\\RequestedLocales</Key>
723 <ValueName>1</ValueName>
726 <Entry type="1" type_name="REG_SZ">
727 <Key>Software\\Policies\\Mozilla\\Firefox\\RequestedLocales</Key>
728 <ValueName>2</ValueName>
731 <Entry type="1" type_name="REG_SZ">
732 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
733 <ValueName>SSLVersionMax</ValueName>
734 <Value>tls1.3</Value>
736 <Entry type="1" type_name="REG_SZ">
737 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
738 <ValueName>SSLVersionMin</ValueName>
739 <Value>tls1.3</Value>
741 <Entry type="1" type_name="REG_SZ">
742 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
743 <ValueName>SearchBar</ValueName>
744 <Value>unified</Value>
746 <Entry type="4" type_name="REG_DWORD">
747 <Key>Software\\Policies\\Mozilla\\Firefox\\Authentication</Key>
748 <ValueName>Locked</ValueName>
751 <Entry type="4" type_name="REG_DWORD">
752 <Key>Software\\Policies\\Mozilla\\Firefox\\Authentication</Key>
753 <ValueName>PrivateBrowsing</ValueName>
756 <Entry type="4" type_name="REG_DWORD">
757 <Key>Software\\Policies\\Mozilla\\Firefox\\Authentication\\AllowNonFQDN</Key>
758 <ValueName>NTLM</ValueName>
761 <Entry type="4" type_name="REG_DWORD">
762 <Key>Software\\Policies\\Mozilla\\Firefox\\Authentication\\AllowNonFQDN</Key>
763 <ValueName>SPNEGO</ValueName>
766 <Entry type="4" type_name="REG_DWORD">
767 <Key>Software\\Policies\\Mozilla\\Firefox\\Authentication\\AllowProxies</Key>
768 <ValueName>NTLM</ValueName>
771 <Entry type="4" type_name="REG_DWORD">
772 <Key>Software\\Policies\\Mozilla\\Firefox\\Authentication\\AllowProxies</Key>
773 <ValueName>SPNEGO</ValueName>
776 <Entry type="1" type_name="REG_SZ">
777 <Key>Software\\Policies\\Mozilla\\Firefox\\Authentication\\Delegated</Key>
778 <ValueName>**delvals.</ValueName>
781 <Entry type="1" type_name="REG_SZ">
782 <Key>Software\\Policies\\Mozilla\\Firefox\\Authentication\\Delegated</Key>
783 <ValueName>1</ValueName>
784 <Value>mydomain.com</Value>
786 <Entry type="1" type_name="REG_SZ">
787 <Key>Software\\Policies\\Mozilla\\Firefox\\Authentication\\Delegated</Key>
788 <ValueName>1</ValueName>
789 <Value>https://myotherdomain.com</Value>
791 <Entry type="1" type_name="REG_SZ">
792 <Key>Software\\Policies\\Mozilla\\Firefox\\Authentication\\NTLM</Key>
793 <ValueName>**delvals.</ValueName>
796 <Entry type="1" type_name="REG_SZ">
797 <Key>Software\\Policies\\Mozilla\\Firefox\\Authentication\\NTLM</Key>
798 <ValueName>1</ValueName>
799 <Value>mydomain.com</Value>
801 <Entry type="1" type_name="REG_SZ">
802 <Key>Software\\Policies\\Mozilla\\Firefox\\Authentication\\NTLM</Key>
803 <ValueName>1</ValueName>
804 <Value>https://myotherdomain.com</Value>
806 <Entry type="1" type_name="REG_SZ">
807 <Key>Software\\Policies\\Mozilla\\Firefox\\Authentication\\SPNEGO</Key>
808 <ValueName>**delvals.</ValueName>
811 <Entry type="1" type_name="REG_SZ">
812 <Key>Software\\Policies\\Mozilla\\Firefox\\Authentication\\SPNEGO</Key>
813 <ValueName>1</ValueName>
814 <Value>mydomain.com</Value>
816 <Entry type="1" type_name="REG_SZ">
817 <Key>Software\\Policies\\Mozilla\\Firefox\\Authentication\\SPNEGO</Key>
818 <ValueName>1</ValueName>
819 <Value>https://myotherdomain.com</Value>
821 <Entry type="1" type_name="REG_SZ">
822 <Key>Software\\Policies\\Mozilla\\Firefox\\Bookmarks\\1</Key>
823 <ValueName>Title</ValueName>
824 <Value>Example</Value>
826 <Entry type="1" type_name="REG_SZ">
827 <Key>Software\\Policies\\Mozilla\\Firefox\\Bookmarks\\1</Key>
828 <ValueName>URL</ValueName>
829 <Value>https://example.com</Value>
831 <Entry type="1" type_name="REG_SZ">
832 <Key>Software\\Policies\\Mozilla\\Firefox\\Bookmarks\\1</Key>
833 <ValueName>Favicon</ValueName>
834 <Value>https://example.com/favicon.ico</Value>
836 <Entry type="1" type_name="REG_SZ">
837 <Key>Software\\Policies\\Mozilla\\Firefox\\Bookmarks\\1</Key>
838 <ValueName>Placement</ValueName>
841 <Entry type="1" type_name="REG_SZ">
842 <Key>Software\\Policies\\Mozilla\\Firefox\\Bookmarks\\1</Key>
843 <ValueName>Folder</ValueName>
844 <Value>FolderName</Value>
846 <Entry type="1" type_name="REG_SZ">
847 <Key>Software\\Policies\\Mozilla\\Firefox\\Bookmarks\\10</Key>
848 <ValueName>Title</ValueName>
851 <Entry type="1" type_name="REG_SZ">
852 <Key>Software\\Policies\\Mozilla\\Firefox\\Bookmarks\\10</Key>
853 <ValueName>URL</ValueName>
854 <Value>www.samba.org</Value>
856 <Entry type="1" type_name="REG_SZ">
857 <Key>Software\\Policies\\Mozilla\\Firefox\\Bookmarks\\10</Key>
858 <ValueName>Favicon</ValueName>
861 <Entry type="1" type_name="REG_SZ">
862 <Key>Software\\Policies\\Mozilla\\Firefox\\Bookmarks\\10</Key>
863 <ValueName>Placement</ValueName>
864 <Value>toolbar</Value>
866 <Entry type="1" type_name="REG_SZ">
867 <Key>Software\\Policies\\Mozilla\\Firefox\\Bookmarks\\10</Key>
868 <ValueName>Folder</ValueName>
871 <Entry type="1" type_name="REG_SZ">
872 <Key>Software\\Policies\\Mozilla\\Firefox\\Cookies</Key>
873 <ValueName>AcceptThirdParty</ValueName>
876 <Entry type="4" type_name="REG_DWORD">
877 <Key>Software\\Policies\\Mozilla\\Firefox\\Cookies</Key>
878 <ValueName>Default</ValueName>
881 <Entry type="4" type_name="REG_DWORD">
882 <Key>Software\\Policies\\Mozilla\\Firefox\\Cookies</Key>
883 <ValueName>ExpireAtSessionEnd</ValueName>
886 <Entry type="4" type_name="REG_DWORD">
887 <Key>Software\\Policies\\Mozilla\\Firefox\\Cookies</Key>
888 <ValueName>Locked</ValueName>
891 <Entry type="4" type_name="REG_DWORD">
892 <Key>Software\\Policies\\Mozilla\\Firefox\\Cookies</Key>
893 <ValueName>RejectTracker</ValueName>
896 <Entry type="1" type_name="REG_SZ">
897 <Key>Software\\Policies\\Mozilla\\Firefox\\Cookies\\Allow</Key>
898 <ValueName>**delvals.</ValueName>
901 <Entry type="1" type_name="REG_SZ">
902 <Key>Software\\Policies\\Mozilla\\Firefox\\Cookies\\Allow</Key>
903 <ValueName>1</ValueName>
904 <Value>http://example.org/</Value>
906 <Entry type="1" type_name="REG_SZ">
907 <Key>Software\\Policies\\Mozilla\\Firefox\\Cookies\\AllowSession</Key>
908 <ValueName>**delvals.</ValueName>
911 <Entry type="1" type_name="REG_SZ">
912 <Key>Software\\Policies\\Mozilla\\Firefox\\Cookies\\AllowSession</Key>
913 <ValueName>1</ValueName>
914 <Value>http://example.edu/</Value>
916 <Entry type="1" type_name="REG_SZ">
917 <Key>Software\\Policies\\Mozilla\\Firefox\\Cookies\\Block</Key>
918 <ValueName>**delvals.</ValueName>
921 <Entry type="1" type_name="REG_SZ">
922 <Key>Software\\Policies\\Mozilla\\Firefox\\Cookies\\Block</Key>
923 <ValueName>1</ValueName>
924 <Value>http://example.edu/</Value>
926 <Entry type="4" type_name="REG_DWORD">
927 <Key>Software\\Policies\\Mozilla\\Firefox\\DisabledCiphers</Key>
928 <ValueName>TLS_DHE_RSA_WITH_AES_128_CBC_SHA</ValueName>
931 <Entry type="4" type_name="REG_DWORD">
932 <Key>Software\\Policies\\Mozilla\\Firefox\\DisabledCiphers</Key>
933 <ValueName>TLS_DHE_RSA_WITH_AES_256_CBC_SHA</ValueName>
936 <Entry type="4" type_name="REG_DWORD">
937 <Key>Software\\Policies\\Mozilla\\Firefox\\DisabledCiphers</Key>
938 <ValueName>TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256</ValueName>
941 <Entry type="4" type_name="REG_DWORD">
942 <Key>Software\\Policies\\Mozilla\\Firefox\\DisabledCiphers</Key>
943 <ValueName>TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA</ValueName>
946 <Entry type="4" type_name="REG_DWORD">
947 <Key>Software\\Policies\\Mozilla\\Firefox\\DisabledCiphers</Key>
948 <ValueName>TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256</ValueName>
951 <Entry type="4" type_name="REG_DWORD">
952 <Key>Software\\Policies\\Mozilla\\Firefox\\DisabledCiphers</Key>
953 <ValueName>TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA</ValueName>
956 <Entry type="4" type_name="REG_DWORD">
957 <Key>Software\\Policies\\Mozilla\\Firefox\\DisabledCiphers</Key>
958 <ValueName>TLS_RSA_WITH_3DES_EDE_CBC_SHA</ValueName>
961 <Entry type="4" type_name="REG_DWORD">
962 <Key>Software\\Policies\\Mozilla\\Firefox\\DisabledCiphers</Key>
963 <ValueName>TLS_RSA_WITH_AES_128_CBC_SHA</ValueName>
966 <Entry type="4" type_name="REG_DWORD">
967 <Key>Software\\Policies\\Mozilla\\Firefox\\DisabledCiphers</Key>
968 <ValueName>TLS_RSA_WITH_AES_128_GCM_SHA256</ValueName>
971 <Entry type="4" type_name="REG_DWORD">
972 <Key>Software\\Policies\\Mozilla\\Firefox\\DisabledCiphers</Key>
973 <ValueName>TLS_RSA_WITH_AES_256_CBC_SHA</ValueName>
976 <Entry type="4" type_name="REG_DWORD">
977 <Key>Software\\Policies\\Mozilla\\Firefox\\DisabledCiphers</Key>
978 <ValueName>TLS_RSA_WITH_AES_256_GCM_SHA384</ValueName>
981 <Entry type="4" type_name="REG_DWORD">
982 <Key>Software\\Policies\\Mozilla\\Firefox\\DisableSecurityBypass</Key>
983 <ValueName>InvalidCertificate</ValueName>
986 <Entry type="4" type_name="REG_DWORD">
987 <Key>Software\\Policies\\Mozilla\\Firefox\\DisableSecurityBypass</Key>
988 <ValueName>SafeBrowsing</ValueName>
991 <Entry type="4" type_name="REG_DWORD">
992 <Key>Software\\Policies\\Mozilla\\Firefox\\DNSOverHTTPS</Key>
993 <ValueName>Enabled</ValueName>
996 <Entry type="4" type_name="REG_DWORD">
997 <Key>Software\\Policies\\Mozilla\\Firefox\\DNSOverHTTPS</Key>
998 <ValueName>Locked</ValueName>
1001 <Entry type="1" type_name="REG_SZ">
1002 <Key>Software\\Policies\\Mozilla\\Firefox\\DNSOverHTTPS</Key>
1003 <ValueName>ProviderURL</ValueName>
1004 <Value>URL_TO_ALTERNATE_PROVIDER</Value>
1006 <Entry type="1" type_name="REG_SZ">
1007 <Key>Software\\Policies\\Mozilla\\Firefox\\DNSOverHTTPS\\ExcludedDomains</Key>
1008 <ValueName>**delvals.</ValueName>
1011 <Entry type="1" type_name="REG_SZ">
1012 <Key>Software\\Policies\\Mozilla\\Firefox\\DNSOverHTTPS\\ExcludedDomains</Key>
1013 <ValueName>1</ValueName>
1014 <Value>example.com</Value>
1016 <Entry type="4" type_name="REG_DWORD">
1017 <Key>Software\\Policies\\Mozilla\\Firefox\\EnableTrackingProtection</Key>
1018 <ValueName>Value</ValueName>
1021 <Entry type="4" type_name="REG_DWORD">
1022 <Key>Software\\Policies\\Mozilla\\Firefox\\EnableTrackingProtection</Key>
1023 <ValueName>Cryptomining</ValueName>
1026 <Entry type="4" type_name="REG_DWORD">
1027 <Key>Software\\Policies\\Mozilla\\Firefox\\EnableTrackingProtection</Key>
1028 <ValueName>Fingerprinting</ValueName>
1031 <Entry type="4" type_name="REG_DWORD">
1032 <Key>Software\\Policies\\Mozilla\\Firefox\\EnableTrackingProtection</Key>
1033 <ValueName>Locked</ValueName>
1036 <Entry type="1" type_name="REG_SZ">
1037 <Key>Software\\Policies\\Mozilla\\Firefox\\EnableTrackingProtection\\Exceptions</Key>
1038 <ValueName>**delvals.</ValueName>
1041 <Entry type="1" type_name="REG_SZ">
1042 <Key>Software\\Policies\\Mozilla\\Firefox\\EnableTrackingProtection\\Exceptions</Key>
1043 <ValueName>1</ValueName>
1044 <Value>https://example.com</Value>
1046 <Entry type="4" type_name="REG_DWORD">
1047 <Key>Software\\Policies\\Mozilla\\Firefox\\EncryptedMediaExtensions</Key>
1048 <ValueName>Enabled</ValueName>
1051 <Entry type="4" type_name="REG_DWORD">
1052 <Key>Software\\Policies\\Mozilla\\Firefox\\EncryptedMediaExtensions</Key>
1053 <ValueName>Locked</ValueName>
1056 <Entry type="1" type_name="REG_SZ">
1057 <Key>Software\\Policies\\Mozilla\\Firefox\\Extensions\\Install</Key>
1058 <ValueName>**delvals.</ValueName>
1061 <Entry type="2" type_name="REG_EXPAND_SZ">
1062 <Key>Software\\Policies\\Mozilla\\Firefox\\Extensions\\Install</Key>
1063 <ValueName>1</ValueName>
1064 <Value>https://addons.mozilla.org/firefox/downloads/somefile.xpi</Value>
1066 <Entry type="2" type_name="REG_EXPAND_SZ">
1067 <Key>Software\\Policies\\Mozilla\\Firefox\\Extensions\\Install</Key>
1068 <ValueName>2</ValueName>
1069 <Value>//path/to/xpi</Value>
1071 <Entry type="1" type_name="REG_SZ">
1072 <Key>Software\\Policies\\Mozilla\\Firefox\\Extensions\\Locked</Key>
1073 <ValueName>**delvals.</ValueName>
1076 <Entry type="1" type_name="REG_SZ">
1077 <Key>Software\\Policies\\Mozilla\\Firefox\\Extensions\\Locked</Key>
1078 <ValueName>1</ValueName>
1079 <Value>addon_id@mozilla.org</Value>
1081 <Entry type="1" type_name="REG_SZ">
1082 <Key>Software\\Policies\\Mozilla\\Firefox\\Extensions\\Uninstall</Key>
1083 <ValueName>**delvals.</ValueName>
1086 <Entry type="1" type_name="REG_SZ">
1087 <Key>Software\\Policies\\Mozilla\\Firefox\\Extensions\\Uninstall</Key>
1088 <ValueName>1</ValueName>
1089 <Value>bad_addon_id@mozilla.org</Value>
1091 <Entry type="4" type_name="REG_DWORD">
1092 <Key>Software\\Policies\\Mozilla\\Firefox\\FirefoxHome</Key>
1093 <ValueName>Search</ValueName>
1096 <Entry type="4" type_name="REG_DWORD">
1097 <Key>Software\\Policies\\Mozilla\\Firefox\\FirefoxHome</Key>
1098 <ValueName>TopSites</ValueName>
1101 <Entry type="4" type_name="REG_DWORD">
1102 <Key>Software\\Policies\\Mozilla\\Firefox\\FirefoxHome</Key>
1103 <ValueName>Highlights</ValueName>
1106 <Entry type="4" type_name="REG_DWORD">
1107 <Key>Software\\Policies\\Mozilla\\Firefox\\FirefoxHome</Key>
1108 <ValueName>Pocket</ValueName>
1111 <Entry type="4" type_name="REG_DWORD">
1112 <Key>Software\\Policies\\Mozilla\\Firefox\\FirefoxHome</Key>
1113 <ValueName>Snippets</ValueName>
1116 <Entry type="4" type_name="REG_DWORD">
1117 <Key>Software\\Policies\\Mozilla\\Firefox\\FirefoxHome</Key>
1118 <ValueName>Locked</ValueName>
1121 <Entry type="4" type_name="REG_DWORD">
1122 <Key>Software\\Policies\\Mozilla\\Firefox\\FlashPlugin</Key>
1123 <ValueName>Default</ValueName>
1126 <Entry type="4" type_name="REG_DWORD">
1127 <Key>Software\\Policies\\Mozilla\\Firefox\\FlashPlugin</Key>
1128 <ValueName>Locked</ValueName>
1131 <Entry type="1" type_name="REG_SZ">
1132 <Key>Software\\Policies\\Mozilla\\Firefox\\FlashPlugin\\Allow</Key>
1133 <ValueName>**delvals.</ValueName>
1136 <Entry type="1" type_name="REG_SZ">
1137 <Key>Software\\Policies\\Mozilla\\Firefox\\FlashPlugin\\Allow</Key>
1138 <ValueName>1</ValueName>
1139 <Value>http://example.org/</Value>
1141 <Entry type="1" type_name="REG_SZ">
1142 <Key>Software\\Policies\\Mozilla\\Firefox\\FlashPlugin\\Block</Key>
1143 <ValueName>**delvals.</ValueName>
1146 <Entry type="1" type_name="REG_SZ">
1147 <Key>Software\\Policies\\Mozilla\\Firefox\\FlashPlugin\\Block</Key>
1148 <ValueName>1</ValueName>
1149 <Value>http://example.edu/</Value>
1151 <Entry type="1" type_name="REG_SZ">
1152 <Key>Software\\Policies\\Mozilla\\Firefox\\Homepage</Key>
1153 <ValueName>StartPage</ValueName>
1154 <Value>homepage</Value>
1156 <Entry type="1" type_name="REG_SZ">
1157 <Key>Software\\Policies\\Mozilla\\Firefox\\Homepage</Key>
1158 <ValueName>URL</ValueName>
1159 <Value>http://example.com/</Value>
1161 <Entry type="4" type_name="REG_DWORD">
1162 <Key>Software\\Policies\\Mozilla\\Firefox\\Homepage</Key>
1163 <ValueName>Locked</ValueName>
1166 <Entry type="1" type_name="REG_SZ">
1167 <Key>Software\\Policies\\Mozilla\\Firefox\\Homepage\\Additional</Key>
1168 <ValueName>**delvals.</ValueName>
1171 <Entry type="1" type_name="REG_SZ">
1172 <Key>Software\\Policies\\Mozilla\\Firefox\\Homepage\\Additional</Key>
1173 <ValueName>1</ValueName>
1174 <Value>http://example.org/</Value>
1176 <Entry type="1" type_name="REG_SZ">
1177 <Key>Software\\Policies\\Mozilla\\Firefox\\Homepage\\Additional</Key>
1178 <ValueName>2</ValueName>
1179 <Value>http://example.edu/</Value>
1181 <Entry type="4" type_name="REG_DWORD">
1182 <Key>Software\\Policies\\Mozilla\\Firefox\\InstallAddonsPermission</Key>
1183 <ValueName>Default</ValueName>
1186 <Entry type="1" type_name="REG_SZ">
1187 <Key>Software\\Policies\\Mozilla\\Firefox\\InstallAddonsPermission\\Allow</Key>
1188 <ValueName>**delvals.</ValueName>
1191 <Entry type="1" type_name="REG_SZ">
1192 <Key>Software\\Policies\\Mozilla\\Firefox\\InstallAddonsPermission\\Allow</Key>
1193 <ValueName>1</ValueName>
1194 <Value>http://example.org/</Value>
1196 <Entry type="1" type_name="REG_SZ">
1197 <Key>Software\\Policies\\Mozilla\\Firefox\\InstallAddonsPermission\\Allow</Key>
1198 <ValueName>2</ValueName>
1199 <Value>http://example.edu/</Value>
1201 <Entry type="1" type_name="REG_SZ">
1202 <Key>Software\\Policies\\Mozilla\\Firefox\\LocalFileLinks</Key>
1203 <ValueName>**delvals.</ValueName>
1206 <Entry type="1" type_name="REG_SZ">
1207 <Key>Software\\Policies\\Mozilla\\Firefox\\LocalFileLinks</Key>
1208 <ValueName>1</ValueName>
1209 <Value>http://example.org/</Value>
1211 <Entry type="1" type_name="REG_SZ">
1212 <Key>Software\\Policies\\Mozilla\\Firefox\\LocalFileLinks</Key>
1213 <ValueName>2</ValueName>
1214 <Value>http://example.edu/</Value>
1216 <Entry type="4" type_name="REG_DWORD">
1217 <Key>Software\\Policies\\Mozilla\\Firefox\\PDFjs</Key>
1218 <ValueName>EnablePermissions</ValueName>
1221 <Entry type="4" type_name="REG_DWORD">
1222 <Key>Software\\Policies\\Mozilla\\Firefox\\PDFjs</Key>
1223 <ValueName>Enabled</ValueName>
1226 <Entry type="1" type_name="REG_SZ">
1227 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Autoplay</Key>
1228 <ValueName>Default</ValueName>
1229 <Value>block-audio</Value>
1231 <Entry type="4" type_name="REG_DWORD">
1232 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Autoplay</Key>
1233 <ValueName>Locked</ValueName>
1236 <Entry type="1" type_name="REG_SZ">
1237 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Autoplay\\Allow</Key>
1238 <ValueName>**delvals.</ValueName>
1241 <Entry type="1" type_name="REG_SZ">
1242 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Autoplay\\Allow</Key>
1243 <ValueName>1</ValueName>
1244 <Value>https://example.org</Value>
1246 <Entry type="1" type_name="REG_SZ">
1247 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Autoplay\\Block</Key>
1248 <ValueName>**delvals.</ValueName>
1251 <Entry type="1" type_name="REG_SZ">
1252 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Autoplay\\Block</Key>
1253 <ValueName>1</ValueName>
1254 <Value>https://example.edu</Value>
1256 <Entry type="4" type_name="REG_DWORD">
1257 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Camera</Key>
1258 <ValueName>BlockNewRequests</ValueName>
1261 <Entry type="4" type_name="REG_DWORD">
1262 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Camera</Key>
1263 <ValueName>Locked</ValueName>
1266 <Entry type="1" type_name="REG_SZ">
1267 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Camera\\Allow</Key>
1268 <ValueName>**delvals.</ValueName>
1271 <Entry type="1" type_name="REG_SZ">
1272 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Camera\\Allow</Key>
1273 <ValueName>1</ValueName>
1274 <Value>https://example.org</Value>
1276 <Entry type="1" type_name="REG_SZ">
1277 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Camera\\Allow</Key>
1278 <ValueName>2</ValueName>
1279 <Value>https://example.org:1234</Value>
1281 <Entry type="1" type_name="REG_SZ">
1282 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Camera\\Block</Key>
1283 <ValueName>**delvals.</ValueName>
1286 <Entry type="1" type_name="REG_SZ">
1287 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Camera\\Block</Key>
1288 <ValueName>1</ValueName>
1289 <Value>https://example.edu</Value>
1291 <Entry type="4" type_name="REG_DWORD">
1292 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Location</Key>
1293 <ValueName>BlockNewRequests</ValueName>
1296 <Entry type="4" type_name="REG_DWORD">
1297 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Location</Key>
1298 <ValueName>Locked</ValueName>
1301 <Entry type="1" type_name="REG_SZ">
1302 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Location\\Allow</Key>
1303 <ValueName>**delvals.</ValueName>
1306 <Entry type="1" type_name="REG_SZ">
1307 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Location\\Allow</Key>
1308 <ValueName>1</ValueName>
1309 <Value>https://example.org</Value>
1311 <Entry type="1" type_name="REG_SZ">
1312 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Location\\Block</Key>
1313 <ValueName>**delvals.</ValueName>
1316 <Entry type="1" type_name="REG_SZ">
1317 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Location\\Block</Key>
1318 <ValueName>1</ValueName>
1319 <Value>https://example.edu</Value>
1321 <Entry type="4" type_name="REG_DWORD">
1322 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Microphone</Key>
1323 <ValueName>BlockNewRequests</ValueName>
1326 <Entry type="4" type_name="REG_DWORD">
1327 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Microphone</Key>
1328 <ValueName>Locked</ValueName>
1331 <Entry type="1" type_name="REG_SZ">
1332 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Microphone\\Allow</Key>
1333 <ValueName>**delvals.</ValueName>
1336 <Entry type="1" type_name="REG_SZ">
1337 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Microphone\\Allow</Key>
1338 <ValueName>1</ValueName>
1339 <Value>https://example.org</Value>
1341 <Entry type="1" type_name="REG_SZ">
1342 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Microphone\\Block</Key>
1343 <ValueName>**delvals.</ValueName>
1346 <Entry type="1" type_name="REG_SZ">
1347 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Microphone\\Block</Key>
1348 <ValueName>1</ValueName>
1349 <Value>https://example.edu</Value>
1351 <Entry type="4" type_name="REG_DWORD">
1352 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Notifications</Key>
1353 <ValueName>BlockNewRequests</ValueName>
1356 <Entry type="4" type_name="REG_DWORD">
1357 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Notifications</Key>
1358 <ValueName>Locked</ValueName>
1361 <Entry type="1" type_name="REG_SZ">
1362 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Notifications\\Allow</Key>
1363 <ValueName>**delvals.</ValueName>
1366 <Entry type="1" type_name="REG_SZ">
1367 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Notifications\\Allow</Key>
1368 <ValueName>1</ValueName>
1369 <Value>https://example.org</Value>
1371 <Entry type="1" type_name="REG_SZ">
1372 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Notifications\\Block</Key>
1373 <ValueName>**delvals.</ValueName>
1376 <Entry type="1" type_name="REG_SZ">
1377 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Notifications\\Block</Key>
1378 <ValueName>1</ValueName>
1379 <Value>https://example.edu</Value>
1381 <Entry type="4" type_name="REG_DWORD">
1382 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\VirtualReality</Key>
1383 <ValueName>BlockNewRequests</ValueName>
1386 <Entry type="4" type_name="REG_DWORD">
1387 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\VirtualReality</Key>
1388 <ValueName>Locked</ValueName>
1391 <Entry type="1" type_name="REG_SZ">
1392 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\VirtualReality\\Allow</Key>
1393 <ValueName>**delvals.</ValueName>
1396 <Entry type="1" type_name="REG_SZ">
1397 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\VirtualReality\\Allow</Key>
1398 <ValueName>1</ValueName>
1399 <Value>https://example.org</Value>
1401 <Entry type="1" type_name="REG_SZ">
1402 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\VirtualReality\\Block</Key>
1403 <ValueName>**delvals.</ValueName>
1406 <Entry type="1" type_name="REG_SZ">
1407 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\VirtualReality\\Block</Key>
1408 <ValueName>1</ValueName>
1409 <Value>https://example.edu</Value>
1411 <Entry type="4" type_name="REG_DWORD">
1412 <Key>Software\\Policies\\Mozilla\\Firefox\\PictureInPicture</Key>
1413 <ValueName>Enabled</ValueName>
1416 <Entry type="4" type_name="REG_DWORD">
1417 <Key>Software\\Policies\\Mozilla\\Firefox\\PictureInPicture</Key>
1418 <ValueName>Locked</ValueName>
1421 <Entry type="4" type_name="REG_DWORD">
1422 <Key>Software\\Policies\\Mozilla\\Firefox\\PopupBlocking</Key>
1423 <ValueName>Default</ValueName>
1426 <Entry type="4" type_name="REG_DWORD">
1427 <Key>Software\\Policies\\Mozilla\\Firefox\\PopupBlocking</Key>
1428 <ValueName>Locked</ValueName>
1431 <Entry type="1" type_name="REG_SZ">
1432 <Key>Software\\Policies\\Mozilla\\Firefox\\PopupBlocking\\Allow</Key>
1433 <ValueName>**delvals.</ValueName>
1436 <Entry type="1" type_name="REG_SZ">
1437 <Key>Software\\Policies\\Mozilla\\Firefox\\PopupBlocking\\Allow</Key>
1438 <ValueName>1</ValueName>
1439 <Value>http://example.org/</Value>
1441 <Entry type="1" type_name="REG_SZ">
1442 <Key>Software\\Policies\\Mozilla\\Firefox\\PopupBlocking\\Allow</Key>
1443 <ValueName>2</ValueName>
1444 <Value>http://example.edu/</Value>
1446 <Entry type="4" type_name="REG_DWORD">
1447 <Key>Software\\Policies\\Mozilla\\Firefox\\Proxy</Key>
1448 <ValueName>Locked</ValueName>
1451 <Entry type="1" type_name="REG_SZ">
1452 <Key>Software\\Policies\\Mozilla\\Firefox\\Proxy</Key>
1453 <ValueName>Mode</ValueName>
1454 <Value>autoDetect</Value>
1456 <Entry type="1" type_name="REG_SZ">
1457 <Key>Software\\Policies\\Mozilla\\Firefox\\Proxy</Key>
1458 <ValueName>HTTPProxy</ValueName>
1459 <Value>hostname</Value>
1461 <Entry type="4" type_name="REG_DWORD">
1462 <Key>Software\\Policies\\Mozilla\\Firefox\\Proxy</Key>
1463 <ValueName>UseHTTPProxyForAllProtocols</ValueName>
1466 <Entry type="1" type_name="REG_SZ">
1467 <Key>Software\\Policies\\Mozilla\\Firefox\\Proxy</Key>
1468 <ValueName>SSLProxy</ValueName>
1469 <Value>hostname</Value>
1471 <Entry type="1" type_name="REG_SZ">
1472 <Key>Software\\Policies\\Mozilla\\Firefox\\Proxy</Key>
1473 <ValueName>FTPProxy</ValueName>
1474 <Value>hostname</Value>
1476 <Entry type="1" type_name="REG_SZ">
1477 <Key>Software\\Policies\\Mozilla\\Firefox\\Proxy</Key>
1478 <ValueName>SOCKSProxy</ValueName>
1479 <Value>hostname</Value>
1481 <Entry type="4" type_name="REG_DWORD">
1482 <Key>Software\\Policies\\Mozilla\\Firefox\\Proxy</Key>
1483 <ValueName>SOCKSVersion</ValueName>
1486 <Entry type="1" type_name="REG_SZ">
1487 <Key>Software\\Policies\\Mozilla\\Firefox\\Proxy</Key>
1488 <ValueName>Passthrough</ValueName>
1489 <Value><local></Value>
1491 <Entry type="1" type_name="REG_SZ">
1492 <Key>Software\\Policies\\Mozilla\\Firefox\\Proxy</Key>
1493 <ValueName>AutoConfigURL</ValueName>
1494 <Value>URL_TO_AUTOCONFIG</Value>
1496 <Entry type="4" type_name="REG_DWORD">
1497 <Key>Software\\Policies\\Mozilla\\Firefox\\Proxy</Key>
1498 <ValueName>AutoLogin</ValueName>
1501 <Entry type="4" type_name="REG_DWORD">
1502 <Key>Software\\Policies\\Mozilla\\Firefox\\Proxy</Key>
1503 <ValueName>UseProxyForDNS</ValueName>
1506 <Entry type="4" type_name="REG_DWORD">
1507 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
1508 <ValueName>SanitizeOnShutdown</ValueName>
1511 <Entry type="1" type_name="REG_SZ">
1512 <Key>Software\\Policies\\Mozilla\\Firefox\\SearchEngines</Key>
1513 <ValueName>Default</ValueName>
1514 <Value>Google</Value>
1516 <Entry type="4" type_name="REG_DWORD">
1517 <Key>Software\\Policies\\Mozilla\\Firefox\\SearchEngines</Key>
1518 <ValueName>PreventInstalls</ValueName>
1521 <Entry type="1" type_name="REG_SZ">
1522 <Key>Software\\Policies\\Mozilla\\Firefox\\SearchEngines\\Add\\1</Key>
1523 <ValueName>Name</ValueName>
1524 <Value>Example1</Value>
1526 <Entry type="1" type_name="REG_SZ">
1527 <Key>Software\\Policies\\Mozilla\\Firefox\\SearchEngines\\Add\\1</Key>
1528 <ValueName>URLTemplate</ValueName>
1529 <Value>https://www.example.org/q={searchTerms}</Value>
1531 <Entry type="1" type_name="REG_SZ">
1532 <Key>Software\\Policies\\Mozilla\\Firefox\\SearchEngines\\Add\\1</Key>
1533 <ValueName>Method</ValueName>
1536 <Entry type="1" type_name="REG_SZ">
1537 <Key>Software\\Policies\\Mozilla\\Firefox\\SearchEngines\\Add\\1</Key>
1538 <ValueName>IconURL</ValueName>
1539 <Value>https://www.example.org/favicon.ico</Value>
1541 <Entry type="1" type_name="REG_SZ">
1542 <Key>Software\\Policies\\Mozilla\\Firefox\\SearchEngines\\Add\\1</Key>
1543 <ValueName>Alias</ValueName>
1544 <Value>example</Value>
1546 <Entry type="1" type_name="REG_SZ">
1547 <Key>Software\\Policies\\Mozilla\\Firefox\\SearchEngines\\Add\\1</Key>
1548 <ValueName>Description</ValueName>
1549 <Value>Description</Value>
1551 <Entry type="1" type_name="REG_SZ">
1552 <Key>Software\\Policies\\Mozilla\\Firefox\\SearchEngines\\Add\\1</Key>
1553 <ValueName>SuggestURLTemplate</ValueName>
1554 <Value>https://www.example.org/suggestions/q={searchTerms}</Value>
1556 <Entry type="1" type_name="REG_SZ">
1557 <Key>Software\\Policies\\Mozilla\\Firefox\\SearchEngines\\Add\\1</Key>
1558 <ValueName>PostData</ValueName>
1559 <Value>name=value&q={searchTerms}</Value>
1561 <Entry type="1" type_name="REG_SZ">
1562 <Key>Software\\Policies\\Mozilla\\Firefox\\SearchEngines\\Remove</Key>
1563 <ValueName>**delvals.</ValueName>
1566 <Entry type="1" type_name="REG_SZ">
1567 <Key>Software\\Policies\\Mozilla\\Firefox\\SearchEngines\\Remove</Key>
1568 <ValueName>1</ValueName>
1571 <Entry type="1" type_name="REG_SZ">
1572 <Key>Software\\Policies\\Mozilla\\Firefox\\SupportMenu</Key>
1573 <ValueName>Title</ValueName>
1574 <Value>Support Menu</Value>
1576 <Entry type="1" type_name="REG_SZ">
1577 <Key>Software\\Policies\\Mozilla\\Firefox\\SupportMenu</Key>
1578 <ValueName>URL</ValueName>
1579 <Value>http://example.com/support</Value>
1581 <Entry type="1" type_name="REG_SZ">
1582 <Key>Software\\Policies\\Mozilla\\Firefox\\SupportMenu</Key>
1583 <ValueName>AccessKey</ValueName>
1586 <Entry type="4" type_name="REG_DWORD">
1587 <Key>Software\\Policies\\Mozilla\\Firefox\\UserMessaging</Key>
1588 <ValueName>ExtensionRecommendations</ValueName>
1591 <Entry type="4" type_name="REG_DWORD">
1592 <Key>Software\\Policies\\Mozilla\\Firefox\\UserMessaging</Key>
1593 <ValueName>FeatureRecommendations</ValueName>
1596 <Entry type="4" type_name="REG_DWORD">
1597 <Key>Software\\Policies\\Mozilla\\Firefox\\UserMessaging</Key>
1598 <ValueName>WhatsNew</ValueName>
1601 <Entry type="4" type_name="REG_DWORD">
1602 <Key>Software\\Policies\\Mozilla\\Firefox\\UserMessaging</Key>
1603 <ValueName>UrlbarInterventions</ValueName>
1606 <Entry type="4" type_name="REG_DWORD">
1607 <Key>Software\\Policies\\Mozilla\\Firefox\\UserMessaging</Key>
1608 <ValueName>SkipOnboarding</ValueName>
1611 <Entry type="1" type_name="REG_SZ">
1612 <Key>Software\\Policies\\Mozilla\\Firefox\\WebsiteFilter\\Block</Key>
1613 <ValueName>**delvals.</ValueName>
1616 <Entry type="1" type_name="REG_SZ">
1617 <Key>Software\\Policies\\Mozilla\\Firefox\\WebsiteFilter\\Block</Key>
1618 <ValueName>1</ValueName>
1619 <Value><all_urls></Value>
1621 <Entry type="1" type_name="REG_SZ">
1622 <Key>Software\\Policies\\Mozilla\\Firefox\\WebsiteFilter\\Exceptions</Key>
1623 <ValueName>**delvals.</ValueName>
1626 <Entry type="1" type_name="REG_SZ">
1627 <Key>Software\\Policies\\Mozilla\\Firefox\\WebsiteFilter\\Exceptions</Key>
1628 <ValueName>1</ValueName>
1629 <Value>http://example.org/*</Value>
1631 <Entry type="1" type_name="REG_SZ">
1632 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
1633 <ValueName>AllowedDomainsForApps</ValueName>
1634 <Value>managedfirefox.com,example.com</Value>
1636 <Entry type="4" type_name="REG_DWORD">
1637 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
1638 <ValueName>BackgroundAppUpdate</ValueName>
1641 <Entry type="4" type_name="REG_DWORD">
1642 <Key>Software\\Policies\\Mozilla\\Firefox\\Certificates</Key>
1643 <ValueName>ImportEnterpriseRoots</ValueName>
1646 <Entry type="1" type_name="REG_SZ">
1647 <Key>Software\\Policies\\Mozilla\\Firefox\\Certificates\\Install</Key>
1648 <ValueName>**delvals.</ValueName>
1651 <Entry type="1" type_name="REG_SZ">
1652 <Key>Software\\Policies\\Mozilla\\Firefox\\Certificates\\Install</Key>
1653 <ValueName>1</ValueName>
1654 <Value>cert1.der</Value>
1656 <Entry type="1" type_name="REG_SZ">
1657 <Key>Software\\Policies\\Mozilla\\Firefox\\Certificates\\Install</Key>
1658 <ValueName>2</ValueName>
1659 <Value>/home/username/cert2.pem</Value>
1661 <Entry type="1" type_name="REG_SZ">
1662 <Key>Software\\Policies\\Mozilla\\Firefox\\SecurityDevices</Key>
1663 <ValueName>NAME_OF_DEVICE</ValueName>
1664 <Value>PATH_TO_LIBRARY_FOR_DEVICE</Value>
1666 <Entry type="4" type_name="REG_DWORD">
1667 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
1668 <ValueName>ShowHomeButton</ValueName>
1671 <Entry type="7" type_name="REG_MULTI_SZ">
1672 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
1673 <ValueName>AutoLaunchProtocolsFromOrigins</ValueName>
1674 <Value>[{"protocol": "zoommtg", "allowed_origins": ["https://somesite.zoom.us"]}]</Value>
1679 firefox_json_expected
= \
1683 "AppAutoUpdate": true,
1684 "AllowedDomainsForApps": "managedfirefox.com,example.com",
1685 "AppUpdateURL": "https://yoursite.com",
1689 "https://myotherdomain.com"
1693 "https://myotherdomain.com"
1697 "https://myotherdomain.com"
1708 "PrivateBrowsing": true
1710 "AutoLaunchProtocolsFromOrigins": [
1712 "protocol": "zoommtg",
1713 "allowed_origins": [
1714 "https://somesite.zoom.us"
1718 "BackgroundAppUpdate": true,
1719 "BlockAboutAddons": true,
1720 "BlockAboutConfig": true,
1721 "BlockAboutProfiles": true,
1722 "BlockAboutSupport": true,
1726 "URL": "https://example.com",
1727 "Favicon": "https://example.com/favicon.ico",
1728 "Placement": "menu",
1729 "Folder": "FolderName"
1733 "URL": "www.samba.org",
1735 "Placement": "toolbar",
1739 "CaptivePortal": true,
1741 "ImportEnterpriseRoots": true,
1744 "/home/username/cert2.pem"
1749 "http://example.org/"
1752 "http://example.edu/"
1755 "http://example.edu/"
1758 "AcceptThirdParty": "never",
1759 "ExpireAtSessionEnd": true,
1760 "RejectTracker": true,
1763 "DisableSetDesktopBackground": true,
1764 "DisableMasterPasswordCreation": true,
1765 "DisableAppUpdate": true,
1766 "DisableBuiltinPDFViewer": true,
1767 "DisabledCiphers": {
1768 "TLS_DHE_RSA_WITH_AES_128_CBC_SHA": true,
1769 "TLS_DHE_RSA_WITH_AES_256_CBC_SHA": true,
1770 "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA": true,
1771 "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA": true,
1772 "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256": true,
1773 "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256": true,
1774 "TLS_RSA_WITH_AES_128_CBC_SHA": true,
1775 "TLS_RSA_WITH_AES_256_CBC_SHA": true,
1776 "TLS_RSA_WITH_3DES_EDE_CBC_SHA": true,
1777 "TLS_RSA_WITH_AES_128_GCM_SHA256": true,
1778 "TLS_RSA_WITH_AES_256_GCM_SHA384": true
1780 "DisableDefaultBrowserAgent": true,
1781 "DisableDeveloperTools": true,
1782 "DisableFeedbackCommands": true,
1783 "DisableFirefoxScreenshots": true,
1784 "DisableFirefoxAccounts": true,
1785 "DisableFirefoxStudies": true,
1786 "DisableForgetButton": true,
1787 "DisableFormHistory": true,
1788 "DisablePasswordReveal": true,
1789 "DisablePocket": true,
1790 "DisablePrivateBrowsing": true,
1791 "DisableProfileImport": true,
1792 "DisableProfileRefresh": true,
1793 "DisableSafeMode": true,
1794 "DisableSecurityBypass": {
1795 "InvalidCertificate": true,
1796 "SafeBrowsing": true
1798 "DisableSystemAddonUpdate": true,
1799 "DisableTelemetry": true,
1800 "DisplayBookmarksToolbar": true,
1801 "DisplayMenuBar": "default-on",
1804 "ProviderURL": "URL_TO_ALTERNATE_PROVIDER",
1806 "ExcludedDomains": [
1810 "DontCheckDefaultBrowser": true,
1811 "EnableTrackingProtection": {
1814 "Cryptomining": true,
1815 "Fingerprinting": true,
1817 "https://example.com"
1820 "EncryptedMediaExtensions": {
1826 "https://addons.mozilla.org/firefox/downloads/somefile.xpi",
1830 "bad_addon_id@mozilla.org"
1833 "addon_id@mozilla.org"
1836 "ExtensionSettings": {
1838 "blocked_install_message": "Custom error message.",
1839 "install_sources": [
1841 "https://addons.mozilla.org/"
1843 "installation_mode": "blocked",
1848 "uBlock0@raymondhill.net": {
1849 "installation_mode": "force_installed",
1850 "install_url": "https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi"
1852 "https-everywhere@eff.org": {
1853 "installation_mode": "allowed"
1856 "ExtensionUpdate": true,
1859 "http://example.org/"
1862 "http://example.edu/"
1869 "application/msword": {
1870 "action": "useSystemDefault",
1876 "action": "useHelperApp",
1881 "uriTemplate": "https://mail.google.com/mail/?extsrc=mailto&url=%s"
1888 "action": "useHelperApp",
1892 "name": "Adobe Acrobat",
1893 "path": "/usr/bin/acroread"
1907 "HardwareAcceleration": true,
1909 "URL": "http://example.com/",
1912 "http://example.org/",
1913 "http://example.edu/"
1915 "StartPage": "homepage"
1917 "InstallAddonsPermission": {
1919 "http://example.org/",
1920 "http://example.edu/"
1925 "http://example.org/",
1926 "http://example.edu/"
1928 "ManagedBookmarks": [
1930 "toplevel_name": "My managed bookmarks folder"
1933 "url": "example.com",
1937 "name": "Mozilla links",
1940 "url": "https://mozilla.org",
1941 "name": "Mozilla.org"
1944 "url": "https://support.mozilla.org/",
1950 "PrimaryPassword": true,
1951 "NoDefaultBookmarks": true,
1952 "OfferToSaveLogins": true,
1953 "OfferToSaveLoginsDefault": true,
1954 "OverrideFirstRunPage": "http://example.org",
1955 "OverridePostUpdatePage": "http://example.org",
1956 "PasswordManagerEnabled": true,
1959 "EnablePermissions": true
1964 "https://example.org",
1965 "https://example.org:1234"
1968 "https://example.edu"
1970 "BlockNewRequests": true,
1975 "https://example.org"
1978 "https://example.edu"
1980 "BlockNewRequests": true,
1985 "https://example.org"
1988 "https://example.edu"
1990 "BlockNewRequests": true,
1995 "https://example.org"
1998 "https://example.edu"
2000 "BlockNewRequests": true,
2005 "https://example.org"
2008 "https://example.edu"
2010 "Default": "block-audio",
2015 "https://example.org"
2018 "https://example.edu"
2020 "BlockNewRequests": true,
2024 "PictureInPicture": {
2030 "http://example.org/",
2031 "http://example.edu/"
2037 "accessibility.force_disabled": {
2041 "browser.cache.disk.parent_directory": {
2042 "Value": "SOME_NATIVE_PATH",
2045 "browser.tabs.warnOnClose": {
2050 "PromptForDownloadLocation": true,
2052 "Mode": "autoDetect",
2054 "HTTPProxy": "hostname",
2055 "UseHTTPProxyForAllProtocols": true,
2056 "SSLProxy": "hostname",
2057 "FTPProxy": "hostname",
2058 "SOCKSProxy": "hostname",
2060 "Passthrough": "<local>",
2061 "AutoConfigURL": "URL_TO_AUTOCONFIG",
2063 "UseProxyForDNS": true
2065 "SanitizeOnShutdown": true,
2070 "URLTemplate": "https://www.example.org/q={searchTerms}",
2072 "IconURL": "https://www.example.org/favicon.ico",
2074 "Description": "Description",
2075 "PostData": "name=value&q={searchTerms}",
2076 "SuggestURLTemplate": "https://www.example.org/suggestions/q={searchTerms}"
2082 "Default": "Google",
2083 "PreventInstalls": true
2085 "SearchSuggestEnabled": true,
2086 "SecurityDevices": {
2087 "NAME_OF_DEVICE": "PATH_TO_LIBRARY_FOR_DEVICE"
2089 "ShowHomeButton": true,
2090 "SSLVersionMax": "tls1.3",
2091 "SSLVersionMin": "tls1.3",
2093 "Title": "Support Menu",
2094 "URL": "http://example.com/support",
2099 "ExtensionRecommendations": true,
2100 "FeatureRecommendations": true,
2101 "UrlbarInterventions": true,
2102 "SkipOnboarding": true
2109 "http://example.org/*"
2112 "DefaultDownloadDirectory": "${home}/Downloads",
2113 "DownloadDirectory": "${home}/Downloads",
2114 "NetworkPrediction": true,
2116 "RequestedLocales": ["de", "en-US"],
2117 "SearchBar": "unified"
2122 chromium_reg_pol
= \
2124 <?xml version="1.0" encoding="utf-8"?>
2125 <PolFile num_entries="418" signature="PReg" version="1">
2126 <Entry type="4" type_name="REG_DWORD">
2127 <Key>Software\Policies\Google\Chrome</Key>
2128 <ValueName>AbusiveExperienceInterventionEnforce</ValueName>
2131 <Entry type="4" type_name="REG_DWORD">
2132 <Key>Software\Policies\Google\Chrome</Key>
2133 <ValueName>AccessibilityImageLabelsEnabled</ValueName>
2136 <Entry type="4" type_name="REG_DWORD">
2137 <Key>Software\Policies\Google\Chrome</Key>
2138 <ValueName>AdditionalDnsQueryTypesEnabled</ValueName>
2141 <Entry type="4" type_name="REG_DWORD">
2142 <Key>Software\Policies\Google\Chrome</Key>
2143 <ValueName>AdsSettingForIntrusiveAdsSites</ValueName>
2146 <Entry type="4" type_name="REG_DWORD">
2147 <Key>Software\Policies\Google\Chrome</Key>
2148 <ValueName>AdvancedProtectionAllowed</ValueName>
2151 <Entry type="4" type_name="REG_DWORD">
2152 <Key>Software\Policies\Google\Chrome</Key>
2153 <ValueName>AllowCrossOriginAuthPrompt</ValueName>
2156 <Entry type="4" type_name="REG_DWORD">
2157 <Key>Software\Policies\Google\Chrome</Key>
2158 <ValueName>AllowDeletingBrowserHistory</ValueName>
2161 <Entry type="4" type_name="REG_DWORD">
2162 <Key>Software\Policies\Google\Chrome</Key>
2163 <ValueName>AllowDinosaurEasterEgg</ValueName>
2166 <Entry type="4" type_name="REG_DWORD">
2167 <Key>Software\Policies\Google\Chrome</Key>
2168 <ValueName>AllowFileSelectionDialogs</ValueName>
2171 <Entry type="4" type_name="REG_DWORD">
2172 <Key>Software\Policies\Google\Chrome</Key>
2173 <ValueName>AllowSyncXHRInPageDismissal</ValueName>
2176 <Entry type="1" type_name="REG_SZ">
2177 <Key>Software\Policies\Google\Chrome</Key>
2178 <ValueName>AllowedDomainsForApps</ValueName>
2179 <Value>managedchrome.com,example.com</Value>
2181 <Entry type="4" type_name="REG_DWORD">
2182 <Key>Software\Policies\Google\Chrome</Key>
2183 <ValueName>AlternateErrorPagesEnabled</ValueName>
2186 <Entry type="1" type_name="REG_SZ">
2187 <Key>Software\Policies\Google\Chrome</Key>
2188 <ValueName>AlternativeBrowserPath</ValueName>
2189 <Value>${ie}</Value>
2191 <Entry type="4" type_name="REG_DWORD">
2192 <Key>Software\Policies\Google\Chrome</Key>
2193 <ValueName>AlwaysOpenPdfExternally</ValueName>
2196 <Entry type="4" type_name="REG_DWORD">
2197 <Key>Software\Policies\Google\Chrome</Key>
2198 <ValueName>AmbientAuthenticationInPrivateModesEnabled</ValueName>
2201 <Entry type="4" type_name="REG_DWORD">
2202 <Key>Software\Policies\Google\Chrome</Key>
2203 <ValueName>AppCacheForceEnabled</ValueName>
2206 <Entry type="1" type_name="REG_SZ">
2207 <Key>Software\Policies\Google\Chrome</Key>
2208 <ValueName>ApplicationLocaleValue</ValueName>
2211 <Entry type="4" type_name="REG_DWORD">
2212 <Key>Software\Policies\Google\Chrome</Key>
2213 <ValueName>AudioCaptureAllowed</ValueName>
2216 <Entry type="4" type_name="REG_DWORD">
2217 <Key>Software\Policies\Google\Chrome</Key>
2218 <ValueName>AudioProcessHighPriorityEnabled</ValueName>
2221 <Entry type="4" type_name="REG_DWORD">
2222 <Key>Software\Policies\Google\Chrome</Key>
2223 <ValueName>AudioSandboxEnabled</ValueName>
2226 <Entry type="1" type_name="REG_SZ">
2227 <Key>Software\Policies\Google\Chrome</Key>
2228 <ValueName>AuthNegotiateDelegateAllowlist</ValueName>
2229 <Value>foobar.example.com</Value>
2231 <Entry type="1" type_name="REG_SZ">
2232 <Key>Software\Policies\Google\Chrome</Key>
2233 <ValueName>AuthSchemes</ValueName>
2234 <Value>basic,digest,ntlm,negotiate</Value>
2236 <Entry type="1" type_name="REG_SZ">
2237 <Key>Software\Policies\Google\Chrome</Key>
2238 <ValueName>AuthServerAllowlist</ValueName>
2239 <Value>*.example.com,example.com</Value>
2241 <Entry type="1" type_name="REG_SZ">
2242 <Key>Software\Policies\Google\Chrome</Key>
2243 <ValueName>AutoLaunchProtocolsFromOrigins</ValueName>
2244 <Value>[{"allowed_origins": ["example.com", "http://www.example.com:8080"], "protocol": "spotify"}, {"allowed_origins": ["https://example.com", "https://.mail.example.com"], "protocol": "teams"}, {"allowed_origins": ["*"], "protocol": "outlook"}]</Value>
2246 <Entry type="4" type_name="REG_DWORD">
2247 <Key>Software\Policies\Google\Chrome</Key>
2248 <ValueName>AutofillAddressEnabled</ValueName>
2251 <Entry type="4" type_name="REG_DWORD">
2252 <Key>Software\Policies\Google\Chrome</Key>
2253 <ValueName>AutofillCreditCardEnabled</ValueName>
2256 <Entry type="4" type_name="REG_DWORD">
2257 <Key>Software\Policies\Google\Chrome</Key>
2258 <ValueName>AutoplayAllowed</ValueName>
2261 <Entry type="4" type_name="REG_DWORD">
2262 <Key>Software\Policies\Google\Chrome</Key>
2263 <ValueName>BackgroundModeEnabled</ValueName>
2266 <Entry type="4" type_name="REG_DWORD">
2267 <Key>Software\Policies\Google\Chrome</Key>
2268 <ValueName>BasicAuthOverHttpEnabled</ValueName>
2271 <Entry type="4" type_name="REG_DWORD">
2272 <Key>Software\Policies\Google\Chrome</Key>
2273 <ValueName>BlockExternalExtensions</ValueName>
2276 <Entry type="4" type_name="REG_DWORD">
2277 <Key>Software\Policies\Google\Chrome</Key>
2278 <ValueName>BlockThirdPartyCookies</ValueName>
2281 <Entry type="4" type_name="REG_DWORD">
2282 <Key>Software\Policies\Google\Chrome</Key>
2283 <ValueName>BookmarkBarEnabled</ValueName>
2286 <Entry type="4" type_name="REG_DWORD">
2287 <Key>Software\Policies\Google\Chrome</Key>
2288 <ValueName>BrowserAddPersonEnabled</ValueName>
2291 <Entry type="4" type_name="REG_DWORD">
2292 <Key>Software\Policies\Google\Chrome</Key>
2293 <ValueName>BrowserGuestModeEnabled</ValueName>
2296 <Entry type="4" type_name="REG_DWORD">
2297 <Key>Software\Policies\Google\Chrome</Key>
2298 <ValueName>BrowserGuestModeEnforced</ValueName>
2301 <Entry type="4" type_name="REG_DWORD">
2302 <Key>Software\Policies\Google\Chrome</Key>
2303 <ValueName>BrowserLabsEnabled</ValueName>
2306 <Entry type="4" type_name="REG_DWORD">
2307 <Key>Software\Policies\Google\Chrome</Key>
2308 <ValueName>BrowserNetworkTimeQueriesEnabled</ValueName>
2311 <Entry type="4" type_name="REG_DWORD">
2312 <Key>Software\Policies\Google\Chrome</Key>
2313 <ValueName>BrowserSignin</ValueName>
2316 <Entry type="1" type_name="REG_SZ">
2317 <Key>Software\Policies\Google\Chrome</Key>
2318 <ValueName>BrowserSwitcherChromePath</ValueName>
2319 <Value>${chrome}</Value>
2321 <Entry type="4" type_name="REG_DWORD">
2322 <Key>Software\Policies\Google\Chrome</Key>
2323 <ValueName>BrowserSwitcherDelay</ValueName>
2324 <Value>10000</Value>
2326 <Entry type="4" type_name="REG_DWORD">
2327 <Key>Software\Policies\Google\Chrome</Key>
2328 <ValueName>BrowserSwitcherEnabled</ValueName>
2331 <Entry type="1" type_name="REG_SZ">
2332 <Key>Software\Policies\Google\Chrome</Key>
2333 <ValueName>BrowserSwitcherExternalGreylistUrl</ValueName>
2334 <Value>http://example.com/greylist.xml</Value>
2336 <Entry type="1" type_name="REG_SZ">
2337 <Key>Software\Policies\Google\Chrome</Key>
2338 <ValueName>BrowserSwitcherExternalSitelistUrl</ValueName>
2339 <Value>http://example.com/sitelist.xml</Value>
2341 <Entry type="4" type_name="REG_DWORD">
2342 <Key>Software\Policies\Google\Chrome</Key>
2343 <ValueName>BrowserSwitcherKeepLastChromeTab</ValueName>
2346 <Entry type="4" type_name="REG_DWORD">
2347 <Key>Software\Policies\Google\Chrome</Key>
2348 <ValueName>BrowserSwitcherUseIeSitelist</ValueName>
2351 <Entry type="1" type_name="REG_SZ">
2352 <Key>Software\Policies\Google\Chrome</Key>
2353 <ValueName>BrowserThemeColor</ValueName>
2354 <Value>#FFFFFF</Value>
2356 <Entry type="1" type_name="REG_SZ">
2357 <Key>Software\Policies\Google\Chrome</Key>
2358 <ValueName>BrowsingDataLifetime</ValueName>
2359 <Value>[{"data_types": ["browsing_history"], "time_to_live_in_hours": 24}, {"data_types": ["password_signin", "autofill"], "time_to_live_in_hours": 12}]</Value>
2361 <Entry type="4" type_name="REG_DWORD">
2362 <Key>Software\Policies\Google\Chrome</Key>
2363 <ValueName>BuiltInDnsClientEnabled</ValueName>
2366 <Entry type="4" type_name="REG_DWORD">
2367 <Key>Software\Policies\Google\Chrome</Key>
2368 <ValueName>CECPQ2Enabled</ValueName>
2371 <Entry type="4" type_name="REG_DWORD">
2372 <Key>Software\Policies\Google\Chrome</Key>
2373 <ValueName>ChromeCleanupEnabled</ValueName>
2376 <Entry type="4" type_name="REG_DWORD">
2377 <Key>Software\Policies\Google\Chrome</Key>
2378 <ValueName>ChromeCleanupReportingEnabled</ValueName>
2381 <Entry type="4" type_name="REG_DWORD">
2382 <Key>Software\Policies\Google\Chrome</Key>
2383 <ValueName>ChromeVariations</ValueName>
2386 <Entry type="4" type_name="REG_DWORD">
2387 <Key>Software\Policies\Google\Chrome</Key>
2388 <ValueName>ClickToCallEnabled</ValueName>
2391 <Entry type="4" type_name="REG_DWORD">
2392 <Key>Software\Policies\Google\Chrome</Key>
2393 <ValueName>CloudManagementEnrollmentMandatory</ValueName>
2396 <Entry type="1" type_name="REG_SZ">
2397 <Key>Software\Policies\Google\Chrome</Key>
2398 <ValueName>CloudManagementEnrollmentToken</ValueName>
2399 <Value>37185d02-e055-11e7-80c1-9a214cf093ae</Value>
2401 <Entry type="4" type_name="REG_DWORD">
2402 <Key>Software\Policies\Google\Chrome</Key>
2403 <ValueName>CloudPolicyOverridesPlatformPolicy</ValueName>
2406 <Entry type="4" type_name="REG_DWORD">
2407 <Key>Software\Policies\Google\Chrome</Key>
2408 <ValueName>CloudPrintProxyEnabled</ValueName>
2411 <Entry type="4" type_name="REG_DWORD">
2412 <Key>Software\Policies\Google\Chrome</Key>
2413 <ValueName>CloudPrintSubmitEnabled</ValueName>
2416 <Entry type="4" type_name="REG_DWORD">
2417 <Key>Software\Policies\Google\Chrome</Key>
2418 <ValueName>CloudUserPolicyMerge</ValueName>
2421 <Entry type="4" type_name="REG_DWORD">
2422 <Key>Software\Policies\Google\Chrome</Key>
2423 <ValueName>CommandLineFlagSecurityWarningsEnabled</ValueName>
2426 <Entry type="4" type_name="REG_DWORD">
2427 <Key>Software\Policies\Google\Chrome</Key>
2428 <ValueName>ComponentUpdatesEnabled</ValueName>
2431 <Entry type="4" type_name="REG_DWORD">
2432 <Key>Software\Policies\Google\Chrome</Key>
2433 <ValueName>DNSInterceptionChecksEnabled</ValueName>
2436 <Entry type="4" type_name="REG_DWORD">
2437 <Key>Software\Policies\Google\Chrome</Key>
2438 <ValueName>DefaultBrowserSettingEnabled</ValueName>
2441 <Entry type="4" type_name="REG_DWORD">
2442 <Key>Software\Policies\Google\Chrome</Key>
2443 <ValueName>DefaultCookiesSetting</ValueName>
2446 <Entry type="4" type_name="REG_DWORD">
2447 <Key>Software\Policies\Google\Chrome</Key>
2448 <ValueName>DefaultFileHandlingGuardSetting</ValueName>
2451 <Entry type="4" type_name="REG_DWORD">
2452 <Key>Software\Policies\Google\Chrome</Key>
2453 <ValueName>DefaultFileSystemReadGuardSetting</ValueName>
2456 <Entry type="4" type_name="REG_DWORD">
2457 <Key>Software\Policies\Google\Chrome</Key>
2458 <ValueName>DefaultFileSystemWriteGuardSetting</ValueName>
2461 <Entry type="4" type_name="REG_DWORD">
2462 <Key>Software\Policies\Google\Chrome</Key>
2463 <ValueName>DefaultGeolocationSetting</ValueName>
2466 <Entry type="4" type_name="REG_DWORD">
2467 <Key>Software\Policies\Google\Chrome</Key>
2468 <ValueName>DefaultImagesSetting</ValueName>
2471 <Entry type="4" type_name="REG_DWORD">
2472 <Key>Software\Policies\Google\Chrome</Key>
2473 <ValueName>DefaultInsecureContentSetting</ValueName>
2476 <Entry type="4" type_name="REG_DWORD">
2477 <Key>Software\Policies\Google\Chrome</Key>
2478 <ValueName>DefaultJavaScriptSetting</ValueName>
2481 <Entry type="4" type_name="REG_DWORD">
2482 <Key>Software\Policies\Google\Chrome</Key>
2483 <ValueName>DefaultNotificationsSetting</ValueName>
2486 <Entry type="4" type_name="REG_DWORD">
2487 <Key>Software\Policies\Google\Chrome</Key>
2488 <ValueName>DefaultPopupsSetting</ValueName>
2491 <Entry type="1" type_name="REG_SZ">
2492 <Key>Software\Policies\Google\Chrome</Key>
2493 <ValueName>DefaultPrinterSelection</ValueName>
2494 <Value>{ "kind": "cloud", "idPattern": ".*public", "namePattern": ".*Color" }</Value>
2496 <Entry type="4" type_name="REG_DWORD">
2497 <Key>Software\Policies\Google\Chrome</Key>
2498 <ValueName>DefaultSearchProviderContextMenuAccessAllowed</ValueName>
2501 <Entry type="4" type_name="REG_DWORD">
2502 <Key>Software\Policies\Google\Chrome</Key>
2503 <ValueName>DefaultSearchProviderEnabled</ValueName>
2506 <Entry type="1" type_name="REG_SZ">
2507 <Key>Software\Policies\Google\Chrome</Key>
2508 <ValueName>DefaultSearchProviderIconURL</ValueName>
2509 <Value>https://search.my.company/favicon.ico</Value>
2511 <Entry type="1" type_name="REG_SZ">
2512 <Key>Software\Policies\Google\Chrome</Key>
2513 <ValueName>DefaultSearchProviderImageURL</ValueName>
2514 <Value>https://search.my.company/searchbyimage/upload</Value>
2516 <Entry type="1" type_name="REG_SZ">
2517 <Key>Software\Policies\Google\Chrome</Key>
2518 <ValueName>DefaultSearchProviderImageURLPostParams</ValueName>
2519 <Value>content={imageThumbnail},url={imageURL},sbisrc={SearchSource}</Value>
2521 <Entry type="1" type_name="REG_SZ">
2522 <Key>Software\Policies\Google\Chrome</Key>
2523 <ValueName>DefaultSearchProviderKeyword</ValueName>
2526 <Entry type="1" type_name="REG_SZ">
2527 <Key>Software\Policies\Google\Chrome</Key>
2528 <ValueName>DefaultSearchProviderName</ValueName>
2529 <Value>My Intranet Search</Value>
2531 <Entry type="1" type_name="REG_SZ">
2532 <Key>Software\Policies\Google\Chrome</Key>
2533 <ValueName>DefaultSearchProviderNewTabURL</ValueName>
2534 <Value>https://search.my.company/newtab</Value>
2536 <Entry type="1" type_name="REG_SZ">
2537 <Key>Software\Policies\Google\Chrome</Key>
2538 <ValueName>DefaultSearchProviderSearchURL</ValueName>
2539 <Value>https://search.my.company/search?q={searchTerms}</Value>
2541 <Entry type="1" type_name="REG_SZ">
2542 <Key>Software\Policies\Google\Chrome</Key>
2543 <ValueName>DefaultSearchProviderSearchURLPostParams</ValueName>
2544 <Value>q={searchTerms},ie=utf-8,oe=utf-8</Value>
2546 <Entry type="1" type_name="REG_SZ">
2547 <Key>Software\Policies\Google\Chrome</Key>
2548 <ValueName>DefaultSearchProviderSuggestURL</ValueName>
2549 <Value>https://search.my.company/suggest?q={searchTerms}</Value>
2551 <Entry type="1" type_name="REG_SZ">
2552 <Key>Software\Policies\Google\Chrome</Key>
2553 <ValueName>DefaultSearchProviderSuggestURLPostParams</ValueName>
2554 <Value>q={searchTerms},ie=utf-8,oe=utf-8</Value>
2556 <Entry type="4" type_name="REG_DWORD">
2557 <Key>Software\Policies\Google\Chrome</Key>
2558 <ValueName>DefaultSensorsSetting</ValueName>
2561 <Entry type="4" type_name="REG_DWORD">
2562 <Key>Software\Policies\Google\Chrome</Key>
2563 <ValueName>DefaultSerialGuardSetting</ValueName>
2566 <Entry type="4" type_name="REG_DWORD">
2567 <Key>Software\Policies\Google\Chrome</Key>
2568 <ValueName>DefaultWebBluetoothGuardSetting</ValueName>
2571 <Entry type="4" type_name="REG_DWORD">
2572 <Key>Software\Policies\Google\Chrome</Key>
2573 <ValueName>DefaultWebUsbGuardSetting</ValueName>
2576 <Entry type="4" type_name="REG_DWORD">
2577 <Key>Software\Policies\Google\Chrome</Key>
2578 <ValueName>DeveloperToolsAvailability</ValueName>
2581 <Entry type="4" type_name="REG_DWORD">
2582 <Key>Software\Policies\Google\Chrome</Key>
2583 <ValueName>Disable3DAPIs</ValueName>
2586 <Entry type="4" type_name="REG_DWORD">
2587 <Key>Software\Policies\Google\Chrome</Key>
2588 <ValueName>DisableAuthNegotiateCnameLookup</ValueName>
2591 <Entry type="4" type_name="REG_DWORD">
2592 <Key>Software\Policies\Google\Chrome</Key>
2593 <ValueName>DisablePrintPreview</ValueName>
2596 <Entry type="4" type_name="REG_DWORD">
2597 <Key>Software\Policies\Google\Chrome</Key>
2598 <ValueName>DisableSafeBrowsingProceedAnyway</ValueName>
2601 <Entry type="4" type_name="REG_DWORD">
2602 <Key>Software\Policies\Google\Chrome</Key>
2603 <ValueName>DisableScreenshots</ValueName>
2606 <Entry type="1" type_name="REG_SZ">
2607 <Key>Software\Policies\Google\Chrome</Key>
2608 <ValueName>DiskCacheDir</ValueName>
2609 <Value>${user_home}/Chrome_cache</Value>
2611 <Entry type="4" type_name="REG_DWORD">
2612 <Key>Software\Policies\Google\Chrome</Key>
2613 <ValueName>DiskCacheSize</ValueName>
2614 <Value>104857600</Value>
2616 <Entry type="1" type_name="REG_SZ">
2617 <Key>Software\Policies\Google\Chrome</Key>
2618 <ValueName>DnsOverHttpsMode</ValueName>
2621 <Entry type="1" type_name="REG_SZ">
2622 <Key>Software\Policies\Google\Chrome</Key>
2623 <ValueName>DnsOverHttpsTemplates</ValueName>
2624 <Value>https://dns.example.net/dns-query{?dns}</Value>
2626 <Entry type="1" type_name="REG_SZ">
2627 <Key>Software\Policies\Google\Chrome</Key>
2628 <ValueName>DownloadDirectory</ValueName>
2629 <Value>/home/${user_name}/Downloads</Value>
2631 <Entry type="4" type_name="REG_DWORD">
2632 <Key>Software\Policies\Google\Chrome</Key>
2633 <ValueName>DownloadRestrictions</ValueName>
2636 <Entry type="4" type_name="REG_DWORD">
2637 <Key>Software\Policies\Google\Chrome</Key>
2638 <ValueName>EditBookmarksEnabled</ValueName>
2641 <Entry type="4" type_name="REG_DWORD">
2642 <Key>Software\Policies\Google\Chrome</Key>
2643 <ValueName>EnableAuthNegotiatePort</ValueName>
2646 <Entry type="4" type_name="REG_DWORD">
2647 <Key>Software\Policies\Google\Chrome</Key>
2648 <ValueName>EnableDeprecatedPrivetPrinting</ValueName>
2651 <Entry type="4" type_name="REG_DWORD">
2652 <Key>Software\Policies\Google\Chrome</Key>
2653 <ValueName>EnableMediaRouter</ValueName>
2656 <Entry type="4" type_name="REG_DWORD">
2657 <Key>Software\Policies\Google\Chrome</Key>
2658 <ValueName>EnableOnlineRevocationChecks</ValueName>
2661 <Entry type="4" type_name="REG_DWORD">
2662 <Key>Software\Policies\Google\Chrome</Key>
2663 <ValueName>EnterpriseHardwarePlatformAPIEnabled</ValueName>
2666 <Entry type="1" type_name="REG_SZ">
2667 <Key>Software\Policies\Google\Chrome</Key>
2668 <ValueName>ExtensionSettings</ValueName>
2669 <Value>{"*": {"allowed_types": ["hosted_app"], "blocked_install_message": "Custom error message.", "blocked_permissions": ["downloads", "bookmarks"], "install_sources": ["https://company-intranet/chromeapps"], "installation_mode": "blocked", "runtime_allowed_hosts": ["*://good.example.com"], "runtime_blocked_hosts": ["*://*.example.com"]}, "abcdefghijklmnopabcdefghijklmnop": {"blocked_permissions": ["history"], "installation_mode": "allowed", "minimum_version_required": "1.0.1", "toolbar_pin": "force_pinned"}, "bcdefghijklmnopabcdefghijklmnopa": {"allowed_permissions": ["downloads"], "installation_mode": "force_installed", "runtime_allowed_hosts": ["*://good.example.com"], "runtime_blocked_hosts": ["*://*.example.com"], "update_url": "https://example.com/update_url"}, "cdefghijklmnopabcdefghijklmnopab": {"blocked_install_message": "Custom error message.", "installation_mode": "blocked"}, "defghijklmnopabcdefghijklmnopabc,efghijklmnopabcdefghijklmnopabcd": {"blocked_install_message": "Custom error message.", "installation_mode": "blocked"}, "fghijklmnopabcdefghijklmnopabcde": {"blocked_install_message": "Custom removal message.", "installation_mode": "removed"}, "ghijklmnopabcdefghijklmnopabcdef": {"installation_mode": "force_installed", "override_update_url": true, "update_url": "https://example.com/update_url"}, "update_url:https://www.example.com/update.xml": {"allowed_permissions": ["downloads"], "blocked_permissions": ["wallpaper"], "installation_mode": "allowed"}}</Value>
2671 <Entry type="4" type_name="REG_DWORD">
2672 <Key>Software\Policies\Google\Chrome</Key>
2673 <ValueName>ExternalProtocolDialogShowAlwaysOpenCheckbox</ValueName>
2676 <Entry type="4" type_name="REG_DWORD">
2677 <Key>Software\Policies\Google\Chrome</Key>
2678 <ValueName>FetchKeepaliveDurationSecondsOnShutdown</ValueName>
2681 <Entry type="4" type_name="REG_DWORD">
2682 <Key>Software\Policies\Google\Chrome</Key>
2683 <ValueName>ForceEphemeralProfiles</ValueName>
2686 <Entry type="4" type_name="REG_DWORD">
2687 <Key>Software\Policies\Google\Chrome</Key>
2688 <ValueName>ForceGoogleSafeSearch</ValueName>
2691 <Entry type="4" type_name="REG_DWORD">
2692 <Key>Software\Policies\Google\Chrome</Key>
2693 <ValueName>ForceYouTubeRestrict</ValueName>
2696 <Entry type="4" type_name="REG_DWORD">
2697 <Key>Software\Policies\Google\Chrome</Key>
2698 <ValueName>FullscreenAllowed</ValueName>
2701 <Entry type="4" type_name="REG_DWORD">
2702 <Key>Software\Policies\Google\Chrome</Key>
2703 <ValueName>GloballyScopeHTTPAuthCacheEnabled</ValueName>
2706 <Entry type="4" type_name="REG_DWORD">
2707 <Key>Software\Policies\Google\Chrome</Key>
2708 <ValueName>HardwareAccelerationModeEnabled</ValueName>
2711 <Entry type="4" type_name="REG_DWORD">
2712 <Key>Software\Policies\Google\Chrome</Key>
2713 <ValueName>HeadlessMode</ValueName>
2716 <Entry type="4" type_name="REG_DWORD">
2717 <Key>Software\Policies\Google\Chrome</Key>
2718 <ValueName>HideWebStoreIcon</ValueName>
2721 <Entry type="4" type_name="REG_DWORD">
2722 <Key>Software\Policies\Google\Chrome</Key>
2723 <ValueName>HomepageIsNewTabPage</ValueName>
2726 <Entry type="1" type_name="REG_SZ">
2727 <Key>Software\Policies\Google\Chrome</Key>
2728 <ValueName>HomepageLocation</ValueName>
2729 <Value>https://www.chromium.org</Value>
2731 <Entry type="4" type_name="REG_DWORD">
2732 <Key>Software\Policies\Google\Chrome</Key>
2733 <ValueName>ImportAutofillFormData</ValueName>
2736 <Entry type="4" type_name="REG_DWORD">
2737 <Key>Software\Policies\Google\Chrome</Key>
2738 <ValueName>ImportBookmarks</ValueName>
2741 <Entry type="4" type_name="REG_DWORD">
2742 <Key>Software\Policies\Google\Chrome</Key>
2743 <ValueName>ImportHistory</ValueName>
2746 <Entry type="4" type_name="REG_DWORD">
2747 <Key>Software\Policies\Google\Chrome</Key>
2748 <ValueName>ImportHomepage</ValueName>
2751 <Entry type="4" type_name="REG_DWORD">
2752 <Key>Software\Policies\Google\Chrome</Key>
2753 <ValueName>ImportSavedPasswords</ValueName>
2756 <Entry type="4" type_name="REG_DWORD">
2757 <Key>Software\Policies\Google\Chrome</Key>
2758 <ValueName>ImportSearchEngine</ValueName>
2761 <Entry type="4" type_name="REG_DWORD">
2762 <Key>Software\Policies\Google\Chrome</Key>
2763 <ValueName>IncognitoModeAvailability</ValueName>
2766 <Entry type="4" type_name="REG_DWORD">
2767 <Key>Software\Policies\Google\Chrome</Key>
2768 <ValueName>InsecureFormsWarningsEnabled</ValueName>
2771 <Entry type="4" type_name="REG_DWORD">
2772 <Key>Software\Policies\Google\Chrome</Key>
2773 <ValueName>InsecurePrivateNetworkRequestsAllowed</ValueName>
2776 <Entry type="4" type_name="REG_DWORD">
2777 <Key>Software\Policies\Google\Chrome</Key>
2778 <ValueName>IntensiveWakeUpThrottlingEnabled</ValueName>
2781 <Entry type="4" type_name="REG_DWORD">
2782 <Key>Software\Policies\Google\Chrome</Key>
2783 <ValueName>IntranetRedirectBehavior</ValueName>
2786 <Entry type="1" type_name="REG_SZ">
2787 <Key>Software\Policies\Google\Chrome</Key>
2788 <ValueName>IsolateOrigins</ValueName>
2789 <Value>https://example.com/,https://othersite.org/</Value>
2791 <Entry type="1" type_name="REG_SZ">
2792 <Key>Software\Policies\Google\Chrome</Key>
2793 <ValueName>ManagedBookmarks</ValueName>
2794 <Value>[{"toplevel_name": "My managed bookmarks folder"}, {"name": "Google", "url": "google.com"}, {"name": "Youtube", "url": "youtube.com"}, {"children": [{"name": "Chromium", "url": "chromium.org"}, {"name": "Chromium Developers", "url": "dev.chromium.org"}], "name": "Chrome links"}]</Value>
2796 <Entry type="1" type_name="REG_SZ">
2797 <Key>Software\Policies\Google\Chrome</Key>
2798 <ValueName>ManagedConfigurationPerOrigin</ValueName>
2799 <Value>[{"managed_configuration_hash": "asd891jedasd12ue9h", "managed_configuration_url": "https://gstatic.google.com/configuration.json", "origin": "https://www.google.com"}, {"managed_configuration_hash": "djio12easd89u12aws", "managed_configuration_url": "https://gstatic.google.com/configuration2.json", "origin": "https://www.example.com"}]</Value>
2801 <Entry type="4" type_name="REG_DWORD">
2802 <Key>Software\Policies\Google\Chrome</Key>
2803 <ValueName>MaxConnectionsPerProxy</ValueName>
2806 <Entry type="4" type_name="REG_DWORD">
2807 <Key>Software\Policies\Google\Chrome</Key>
2808 <ValueName>MaxInvalidationFetchDelay</ValueName>
2809 <Value>10000</Value>
2811 <Entry type="4" type_name="REG_DWORD">
2812 <Key>Software\Policies\Google\Chrome</Key>
2813 <ValueName>MediaRecommendationsEnabled</ValueName>
2816 <Entry type="4" type_name="REG_DWORD">
2817 <Key>Software\Policies\Google\Chrome</Key>
2818 <ValueName>MediaRouterCastAllowAllIPs</ValueName>
2821 <Entry type="4" type_name="REG_DWORD">
2822 <Key>Software\Policies\Google\Chrome</Key>
2823 <ValueName>MetricsReportingEnabled</ValueName>
2826 <Entry type="4" type_name="REG_DWORD">
2827 <Key>Software\Policies\Google\Chrome</Key>
2828 <ValueName>NTPCardsVisible</ValueName>
2831 <Entry type="4" type_name="REG_DWORD">
2832 <Key>Software\Policies\Google\Chrome</Key>
2833 <ValueName>NTPCustomBackgroundEnabled</ValueName>
2836 <Entry type="4" type_name="REG_DWORD">
2837 <Key>Software\Policies\Google\Chrome</Key>
2838 <ValueName>NativeMessagingUserLevelHosts</ValueName>
2841 <Entry type="4" type_name="REG_DWORD">
2842 <Key>Software\Policies\Google\Chrome</Key>
2843 <ValueName>NetworkPredictionOptions</ValueName>
2846 <Entry type="1" type_name="REG_SZ">
2847 <Key>Software\Policies\Google\Chrome</Key>
2848 <ValueName>NewTabPageLocation</ValueName>
2849 <Value>https://www.chromium.org</Value>
2851 <Entry type="4" type_name="REG_DWORD">
2852 <Key>Software\Policies\Google\Chrome</Key>
2853 <ValueName>PasswordLeakDetectionEnabled</ValueName>
2856 <Entry type="4" type_name="REG_DWORD">
2857 <Key>Software\Policies\Google\Chrome</Key>
2858 <ValueName>PasswordManagerEnabled</ValueName>
2861 <Entry type="1" type_name="REG_SZ">
2862 <Key>Software\Policies\Google\Chrome</Key>
2863 <ValueName>PasswordProtectionChangePasswordURL</ValueName>
2864 <Value>https://mydomain.com/change_password.html</Value>
2866 <Entry type="4" type_name="REG_DWORD">
2867 <Key>Software\Policies\Google\Chrome</Key>
2868 <ValueName>PasswordProtectionWarningTrigger</ValueName>
2871 <Entry type="4" type_name="REG_DWORD">
2872 <Key>Software\Policies\Google\Chrome</Key>
2873 <ValueName>PaymentMethodQueryEnabled</ValueName>
2876 <Entry type="4" type_name="REG_DWORD">
2877 <Key>Software\Policies\Google\Chrome</Key>
2878 <ValueName>PolicyAtomicGroupsEnabled</ValueName>
2881 <Entry type="4" type_name="REG_DWORD">
2882 <Key>Software\Policies\Google\Chrome</Key>
2883 <ValueName>PolicyRefreshRate</ValueName>
2884 <Value>3600000</Value>
2886 <Entry type="4" type_name="REG_DWORD">
2887 <Key>Software\Policies\Google\Chrome</Key>
2888 <ValueName>PrintHeaderFooter</ValueName>
2891 <Entry type="4" type_name="REG_DWORD">
2892 <Key>Software\Policies\Google\Chrome</Key>
2893 <ValueName>PrintPreviewUseSystemDefaultPrinter</ValueName>
2896 <Entry type="4" type_name="REG_DWORD">
2897 <Key>Software\Policies\Google\Chrome</Key>
2898 <ValueName>PrintRasterizationMode</ValueName>
2901 <Entry type="1" type_name="REG_SZ">
2902 <Key>Software\Policies\Google\Chrome</Key>
2903 <ValueName>PrintingAllowedBackgroundGraphicsModes</ValueName>
2904 <Value>enabled</Value>
2906 <Entry type="1" type_name="REG_SZ">
2907 <Key>Software\Policies\Google\Chrome</Key>
2908 <ValueName>PrintingBackgroundGraphicsDefault</ValueName>
2909 <Value>enabled</Value>
2911 <Entry type="4" type_name="REG_DWORD">
2912 <Key>Software\Policies\Google\Chrome</Key>
2913 <ValueName>PrintingEnabled</ValueName>
2916 <Entry type="1" type_name="REG_SZ">
2917 <Key>Software\Policies\Google\Chrome</Key>
2918 <ValueName>PrintingPaperSizeDefault</ValueName>
2919 <Value>{"custom_size": {"height": 297000, "width": 210000}, "name": "custom"}</Value>
2921 <Entry type="4" type_name="REG_DWORD">
2922 <Key>Software\Policies\Google\Chrome</Key>
2923 <ValueName>ProfilePickerOnStartupAvailability</ValueName>
2926 <Entry type="4" type_name="REG_DWORD">
2927 <Key>Software\Policies\Google\Chrome</Key>
2928 <ValueName>PromotionalTabsEnabled</ValueName>
2931 <Entry type="4" type_name="REG_DWORD">
2932 <Key>Software\Policies\Google\Chrome</Key>
2933 <ValueName>PromptForDownloadLocation</ValueName>
2936 <Entry type="1" type_name="REG_SZ">
2937 <Key>Software\Policies\Google\Chrome</Key>
2938 <ValueName>ProxySettings</ValueName>
2939 <Value>{"ProxyBypassList": "https://www.example1.com,https://www.example2.com,https://internalsite/", "ProxyMode": "direct", "ProxyPacUrl": "https://internal.site/example.pac", "ProxyServer": "123.123.123.123:8080", "ProxyServerMode": 2}</Value>
2941 <Entry type="4" type_name="REG_DWORD">
2942 <Key>Software\Policies\Google\Chrome</Key>
2943 <ValueName>QuicAllowed</ValueName>
2946 <Entry type="4" type_name="REG_DWORD">
2947 <Key>Software\Policies\Google\Chrome</Key>
2948 <ValueName>RelaunchNotification</ValueName>
2951 <Entry type="4" type_name="REG_DWORD">
2952 <Key>Software\Policies\Google\Chrome</Key>
2953 <ValueName>RelaunchNotificationPeriod</ValueName>
2954 <Value>604800000</Value>
2956 <Entry type="4" type_name="REG_DWORD">
2957 <Key>Software\Policies\Google\Chrome</Key>
2958 <ValueName>RemoteAccessHostAllowClientPairing</ValueName>
2961 <Entry type="4" type_name="REG_DWORD">
2962 <Key>Software\Policies\Google\Chrome</Key>
2963 <ValueName>RemoteAccessHostAllowFileTransfer</ValueName>
2966 <Entry type="4" type_name="REG_DWORD">
2967 <Key>Software\Policies\Google\Chrome</Key>
2968 <ValueName>RemoteAccessHostAllowRelayedConnection</ValueName>
2971 <Entry type="4" type_name="REG_DWORD">
2972 <Key>Software\Policies\Google\Chrome</Key>
2973 <ValueName>RemoteAccessHostAllowRemoteAccessConnections</ValueName>
2976 <Entry type="4" type_name="REG_DWORD">
2977 <Key>Software\Policies\Google\Chrome</Key>
2978 <ValueName>RemoteAccessHostAllowUiAccessForRemoteAssistance</ValueName>
2981 <Entry type="4" type_name="REG_DWORD">
2982 <Key>Software\Policies\Google\Chrome</Key>
2983 <ValueName>RemoteAccessHostFirewallTraversal</ValueName>
2986 <Entry type="4" type_name="REG_DWORD">
2987 <Key>Software\Policies\Google\Chrome</Key>
2988 <ValueName>RemoteAccessHostMaximumSessionDurationMinutes</ValueName>
2991 <Entry type="4" type_name="REG_DWORD">
2992 <Key>Software\Policies\Google\Chrome</Key>
2993 <ValueName>RemoteAccessHostRequireCurtain</ValueName>
2996 <Entry type="1" type_name="REG_SZ">
2997 <Key>Software\Policies\Google\Chrome</Key>
2998 <ValueName>RemoteAccessHostUdpPortRange</ValueName>
2999 <Value>12400-12409</Value>
3001 <Entry type="4" type_name="REG_DWORD">
3002 <Key>Software\Policies\Google\Chrome</Key>
3003 <ValueName>RendererCodeIntegrityEnabled</ValueName>
3006 <Entry type="4" type_name="REG_DWORD">
3007 <Key>Software\Policies\Google\Chrome</Key>
3008 <ValueName>RequireOnlineRevocationChecksForLocalAnchors</ValueName>
3011 <Entry type="4" type_name="REG_DWORD">
3012 <Key>Software\Policies\Google\Chrome</Key>
3013 <ValueName>RestoreOnStartup</ValueName>
3016 <Entry type="1" type_name="REG_SZ">
3017 <Key>Software\Policies\Google\Chrome</Key>
3018 <ValueName>RestrictSigninToPattern</ValueName>
3019 <Value>.*@example\.com</Value>
3021 <Entry type="1" type_name="REG_SZ">
3022 <Key>Software\Policies\Google\Chrome</Key>
3023 <ValueName>RoamingProfileLocation</ValueName>
3024 <Value>${roaming_app_data}\chrome-profile</Value>
3026 <Entry type="4" type_name="REG_DWORD">
3027 <Key>Software\Policies\Google\Chrome</Key>
3028 <ValueName>RoamingProfileSupportEnabled</ValueName>
3031 <Entry type="4" type_name="REG_DWORD">
3032 <Key>Software\Policies\Google\Chrome</Key>
3033 <ValueName>SSLErrorOverrideAllowed</ValueName>
3036 <Entry type="1" type_name="REG_SZ">
3037 <Key>Software\Policies\Google\Chrome</Key>
3038 <ValueName>SSLVersionMin</ValueName>
3041 <Entry type="4" type_name="REG_DWORD">
3042 <Key>Software\Policies\Google\Chrome</Key>
3043 <ValueName>SafeBrowsingExtendedReportingEnabled</ValueName>
3046 <Entry type="4" type_name="REG_DWORD">
3047 <Key>Software\Policies\Google\Chrome</Key>
3048 <ValueName>SafeBrowsingForTrustedSourcesEnabled</ValueName>
3051 <Entry type="4" type_name="REG_DWORD">
3052 <Key>Software\Policies\Google\Chrome</Key>
3053 <ValueName>SafeBrowsingProtectionLevel</ValueName>
3056 <Entry type="4" type_name="REG_DWORD">
3057 <Key>Software\Policies\Google\Chrome</Key>
3058 <ValueName>SafeSitesFilterBehavior</ValueName>
3061 <Entry type="4" type_name="REG_DWORD">
3062 <Key>Software\Policies\Google\Chrome</Key>
3063 <ValueName>SavingBrowserHistoryDisabled</ValueName>
3066 <Entry type="4" type_name="REG_DWORD">
3067 <Key>Software\Policies\Google\Chrome</Key>
3068 <ValueName>ScreenCaptureAllowed</ValueName>
3071 <Entry type="4" type_name="REG_DWORD">
3072 <Key>Software\Policies\Google\Chrome</Key>
3073 <ValueName>ScrollToTextFragmentEnabled</ValueName>
3076 <Entry type="4" type_name="REG_DWORD">
3077 <Key>Software\Policies\Google\Chrome</Key>
3078 <ValueName>SearchSuggestEnabled</ValueName>
3081 <Entry type="4" type_name="REG_DWORD">
3082 <Key>Software\Policies\Google\Chrome</Key>
3083 <ValueName>SharedArrayBufferUnrestrictedAccessAllowed</ValueName>
3086 <Entry type="4" type_name="REG_DWORD">
3087 <Key>Software\Policies\Google\Chrome</Key>
3088 <ValueName>SharedClipboardEnabled</ValueName>
3091 <Entry type="4" type_name="REG_DWORD">
3092 <Key>Software\Policies\Google\Chrome</Key>
3093 <ValueName>ShowAppsShortcutInBookmarkBar</ValueName>
3096 <Entry type="4" type_name="REG_DWORD">
3097 <Key>Software\Policies\Google\Chrome</Key>
3098 <ValueName>ShowCastIconInToolbar</ValueName>
3101 <Entry type="4" type_name="REG_DWORD">
3102 <Key>Software\Policies\Google\Chrome</Key>
3103 <ValueName>ShowFullUrlsInAddressBar</ValueName>
3106 <Entry type="4" type_name="REG_DWORD">
3107 <Key>Software\Policies\Google\Chrome</Key>
3108 <ValueName>ShowHomeButton</ValueName>
3111 <Entry type="4" type_name="REG_DWORD">
3112 <Key>Software\Policies\Google\Chrome</Key>
3113 <ValueName>SignedHTTPExchangeEnabled</ValueName>
3116 <Entry type="4" type_name="REG_DWORD">
3117 <Key>Software\Policies\Google\Chrome</Key>
3118 <ValueName>SigninInterceptionEnabled</ValueName>
3121 <Entry type="4" type_name="REG_DWORD">
3122 <Key>Software\Policies\Google\Chrome</Key>
3123 <ValueName>SitePerProcess</ValueName>
3126 <Entry type="4" type_name="REG_DWORD">
3127 <Key>Software\Policies\Google\Chrome</Key>
3128 <ValueName>SpellCheckServiceEnabled</ValueName>
3131 <Entry type="4" type_name="REG_DWORD">
3132 <Key>Software\Policies\Google\Chrome</Key>
3133 <ValueName>SpellcheckEnabled</ValueName>
3136 <Entry type="4" type_name="REG_DWORD">
3137 <Key>Software\Policies\Google\Chrome</Key>
3138 <ValueName>SuppressDifferentOriginSubframeDialogs</ValueName>
3141 <Entry type="4" type_name="REG_DWORD">
3142 <Key>Software\Policies\Google\Chrome</Key>
3143 <ValueName>SuppressUnsupportedOSWarning</ValueName>
3146 <Entry type="4" type_name="REG_DWORD">
3147 <Key>Software\Policies\Google\Chrome</Key>
3148 <ValueName>SyncDisabled</ValueName>
3151 <Entry type="4" type_name="REG_DWORD">
3152 <Key>Software\Policies\Google\Chrome</Key>
3153 <ValueName>TargetBlankImpliesNoOpener</ValueName>
3156 <Entry type="4" type_name="REG_DWORD">
3157 <Key>Software\Policies\Google\Chrome</Key>
3158 <ValueName>TaskManagerEndProcessEnabled</ValueName>
3161 <Entry type="4" type_name="REG_DWORD">
3162 <Key>Software\Policies\Google\Chrome</Key>
3163 <ValueName>ThirdPartyBlockingEnabled</ValueName>
3166 <Entry type="4" type_name="REG_DWORD">
3167 <Key>Software\Policies\Google\Chrome</Key>
3168 <ValueName>TotalMemoryLimitMb</ValueName>
3171 <Entry type="4" type_name="REG_DWORD">
3172 <Key>Software\Policies\Google\Chrome</Key>
3173 <ValueName>TranslateEnabled</ValueName>
3176 <Entry type="4" type_name="REG_DWORD">
3177 <Key>Software\Policies\Google\Chrome</Key>
3178 <ValueName>TripleDESEnabled</ValueName>
3181 <Entry type="4" type_name="REG_DWORD">
3182 <Key>Software\Policies\Google\Chrome</Key>
3183 <ValueName>UrlKeyedAnonymizedDataCollectionEnabled</ValueName>
3186 <Entry type="4" type_name="REG_DWORD">
3187 <Key>Software\Policies\Google\Chrome</Key>
3188 <ValueName>UserAgentClientHintsEnabled</ValueName>
3191 <Entry type="1" type_name="REG_SZ">
3192 <Key>Software\Policies\Google\Chrome</Key>
3193 <ValueName>UserDataDir</ValueName>
3194 <Value>${users}/${user_name}/Chrome</Value>
3196 <Entry type="4" type_name="REG_DWORD">
3197 <Key>Software\Policies\Google\Chrome</Key>
3198 <ValueName>UserDataSnapshotRetentionLimit</ValueName>
3201 <Entry type="4" type_name="REG_DWORD">
3202 <Key>Software\Policies\Google\Chrome</Key>
3203 <ValueName>UserFeedbackAllowed</ValueName>
3206 <Entry type="4" type_name="REG_DWORD">
3207 <Key>Software\Policies\Google\Chrome</Key>
3208 <ValueName>VideoCaptureAllowed</ValueName>
3211 <Entry type="4" type_name="REG_DWORD">
3212 <Key>Software\Policies\Google\Chrome</Key>
3213 <ValueName>WPADQuickCheckEnabled</ValueName>
3216 <Entry type="1" type_name="REG_SZ">
3217 <Key>Software\Policies\Google\Chrome</Key>
3218 <ValueName>WebAppInstallForceList</ValueName>
3219 <Value>[{"create_desktop_shortcut": true, "default_launch_container": "window", "url": "https://www.google.com/maps"}, {"default_launch_container": "tab", "url": "https://docs.google.com"}, {"default_launch_container": "window", "fallback_app_name": "Editor", "url": "https://docs.google.com/editor"}]</Value>
3221 <Entry type="4" type_name="REG_DWORD">
3222 <Key>Software\Policies\Google\Chrome</Key>
3223 <ValueName>WebRtcAllowLegacyTLSProtocols</ValueName>
3226 <Entry type="4" type_name="REG_DWORD">
3227 <Key>Software\Policies\Google\Chrome</Key>
3228 <ValueName>WebRtcEventLogCollectionAllowed</ValueName>
3231 <Entry type="1" type_name="REG_SZ">
3232 <Key>Software\Policies\Google\Chrome</Key>
3233 <ValueName>WebRtcIPHandling</ValueName>
3234 <Value>default</Value>
3236 <Entry type="1" type_name="REG_SZ">
3237 <Key>Software\Policies\Google\Chrome</Key>
3238 <ValueName>WebRtcUdpPortRange</ValueName>
3239 <Value>10000-11999</Value>
3241 <Entry type="1" type_name="REG_SZ">
3242 <Key>Software\Policies\Google\Chrome</Key>
3243 <ValueName>WebUsbAllowDevicesForUrls</ValueName>
3244 <Value>[{"devices": [{"product_id": 5678, "vendor_id": 1234}], "urls": ["https://google.com"]}]</Value>
3246 <Entry type="4" type_name="REG_DWORD">
3247 <Key>Software\Policies\Google\Chrome</Key>
3248 <ValueName>WindowOcclusionEnabled</ValueName>
3251 <Entry type="1" type_name="REG_SZ">
3252 <Key>Software\Policies\Google\Chrome\AlternativeBrowserParameters</Key>
3253 <ValueName>1</ValueName>
3254 <Value>-foreground</Value>
3256 <Entry type="1" type_name="REG_SZ">
3257 <Key>Software\Policies\Google\Chrome\AlternativeBrowserParameters</Key>
3258 <ValueName>2</ValueName>
3259 <Value>-new-window</Value>
3261 <Entry type="1" type_name="REG_SZ">
3262 <Key>Software\Policies\Google\Chrome\AlternativeBrowserParameters</Key>
3263 <ValueName>3</ValueName>
3264 <Value>${url}</Value>
3266 <Entry type="1" type_name="REG_SZ">
3267 <Key>Software\Policies\Google\Chrome\AlternativeBrowserParameters</Key>
3268 <ValueName>4</ValueName>
3269 <Value>-profile</Value>
3271 <Entry type="1" type_name="REG_SZ">
3272 <Key>Software\Policies\Google\Chrome\AlternativeBrowserParameters</Key>
3273 <ValueName>5</ValueName>
3274 <Value>%HOME%\browser_profile</Value>
3276 <Entry type="1" type_name="REG_SZ">
3277 <Key>Software\Policies\Google\Chrome\AudioCaptureAllowedUrls</Key>
3278 <ValueName>1</ValueName>
3279 <Value>https://www.example.com/</Value>
3281 <Entry type="1" type_name="REG_SZ">
3282 <Key>Software\Policies\Google\Chrome\AudioCaptureAllowedUrls</Key>
3283 <ValueName>2</ValueName>
3284 <Value>https://[*.]example.edu/</Value>
3286 <Entry type="1" type_name="REG_SZ">
3287 <Key>Software\Policies\Google\Chrome\AutoOpenAllowedForURLs</Key>
3288 <ValueName>1</ValueName>
3289 <Value>example.com</Value>
3291 <Entry type="1" type_name="REG_SZ">
3292 <Key>Software\Policies\Google\Chrome\AutoOpenAllowedForURLs</Key>
3293 <ValueName>2</ValueName>
3294 <Value>https://ssl.server.com</Value>
3296 <Entry type="1" type_name="REG_SZ">
3297 <Key>Software\Policies\Google\Chrome\AutoOpenAllowedForURLs</Key>
3298 <ValueName>3</ValueName>
3299 <Value>hosting.com/good_path</Value>
3301 <Entry type="1" type_name="REG_SZ">
3302 <Key>Software\Policies\Google\Chrome\AutoOpenAllowedForURLs</Key>
3303 <ValueName>4</ValueName>
3304 <Value>https://server:8080/path</Value>
3306 <Entry type="1" type_name="REG_SZ">
3307 <Key>Software\Policies\Google\Chrome\AutoOpenAllowedForURLs</Key>
3308 <ValueName>5</ValueName>
3309 <Value>.exact.hostname.com</Value>
3311 <Entry type="1" type_name="REG_SZ">
3312 <Key>Software\Policies\Google\Chrome\AutoOpenFileTypes</Key>
3313 <ValueName>1</ValueName>
3316 <Entry type="1" type_name="REG_SZ">
3317 <Key>Software\Policies\Google\Chrome\AutoOpenFileTypes</Key>
3318 <ValueName>2</ValueName>
3321 <Entry type="1" type_name="REG_SZ">
3322 <Key>Software\Policies\Google\Chrome\AutoSelectCertificateForUrls</Key>
3323 <ValueName>1</ValueName>
3324 <Value>{"pattern":"https://www.example.com","filter":{"ISSUER":{"CN":"certificate issuer name", "L": "certificate issuer location", "O": "certificate issuer org", "OU": "certificate issuer org unit"}, "SUBJECT":{"CN":"certificate subject name", "L": "certificate subject location", "O": "certificate subject org", "OU": "certificate subject org unit"}}}</Value>
3326 <Entry type="1" type_name="REG_SZ">
3327 <Key>Software\Policies\Google\Chrome\AutoplayAllowlist</Key>
3328 <ValueName>1</ValueName>
3329 <Value>https://www.example.com</Value>
3331 <Entry type="1" type_name="REG_SZ">
3332 <Key>Software\Policies\Google\Chrome\AutoplayAllowlist</Key>
3333 <ValueName>2</ValueName>
3334 <Value>[*.]example.edu</Value>
3336 <Entry type="1" type_name="REG_SZ">
3337 <Key>Software\Policies\Google\Chrome\BrowserSwitcherChromeParameters</Key>
3338 <ValueName>1</ValueName>
3339 <Value>--force-dark-mode</Value>
3341 <Entry type="1" type_name="REG_SZ">
3342 <Key>Software\Policies\Google\Chrome\BrowserSwitcherUrlGreylist</Key>
3343 <ValueName>1</ValueName>
3344 <Value>ie.com</Value>
3346 <Entry type="1" type_name="REG_SZ">
3347 <Key>Software\Policies\Google\Chrome\BrowserSwitcherUrlGreylist</Key>
3348 <ValueName>2</ValueName>
3349 <Value>!open-in-chrome.ie.com</Value>
3351 <Entry type="1" type_name="REG_SZ">
3352 <Key>Software\Policies\Google\Chrome\BrowserSwitcherUrlGreylist</Key>
3353 <ValueName>3</ValueName>
3354 <Value>foobar.com/ie-only/</Value>
3356 <Entry type="1" type_name="REG_SZ">
3357 <Key>Software\Policies\Google\Chrome\BrowserSwitcherUrlList</Key>
3358 <ValueName>1</ValueName>
3359 <Value>ie.com</Value>
3361 <Entry type="1" type_name="REG_SZ">
3362 <Key>Software\Policies\Google\Chrome\BrowserSwitcherUrlList</Key>
3363 <ValueName>2</ValueName>
3364 <Value>!open-in-chrome.ie.com</Value>
3366 <Entry type="1" type_name="REG_SZ">
3367 <Key>Software\Policies\Google\Chrome\BrowserSwitcherUrlList</Key>
3368 <ValueName>3</ValueName>
3369 <Value>foobar.com/ie-only/</Value>
3371 <Entry type="1" type_name="REG_SZ">
3372 <Key>Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForCas</Key>
3373 <ValueName>1</ValueName>
3374 <Value>sha256/AAAAAAAAAAAAAAAAAAAAAA==</Value>
3376 <Entry type="1" type_name="REG_SZ">
3377 <Key>Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForCas</Key>
3378 <ValueName>2</ValueName>
3379 <Value>sha256//////////////////////w==</Value>
3381 <Entry type="1" type_name="REG_SZ">
3382 <Key>Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForLegacyCas</Key>
3383 <ValueName>1</ValueName>
3384 <Value>sha256/AAAAAAAAAAAAAAAAAAAAAA==</Value>
3386 <Entry type="1" type_name="REG_SZ">
3387 <Key>Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForLegacyCas</Key>
3388 <ValueName>2</ValueName>
3389 <Value>sha256//////////////////////w==</Value>
3391 <Entry type="1" type_name="REG_SZ">
3392 <Key>Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls</Key>
3393 <ValueName>1</ValueName>
3394 <Value>example.com</Value>
3396 <Entry type="1" type_name="REG_SZ">
3397 <Key>Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls</Key>
3398 <ValueName>2</ValueName>
3399 <Value>.example.com</Value>
3401 <Entry type="1" type_name="REG_SZ">
3402 <Key>Software\Policies\Google\Chrome\ClearBrowsingDataOnExitList</Key>
3403 <ValueName>1</ValueName>
3404 <Value>browsing_history</Value>
3406 <Entry type="1" type_name="REG_SZ">
3407 <Key>Software\Policies\Google\Chrome\ClearBrowsingDataOnExitList</Key>
3408 <ValueName>2</ValueName>
3409 <Value>download_history</Value>
3411 <Entry type="1" type_name="REG_SZ">
3412 <Key>Software\Policies\Google\Chrome\ClearBrowsingDataOnExitList</Key>
3413 <ValueName>3</ValueName>
3414 <Value>cookies_and_other_site_data</Value>
3416 <Entry type="1" type_name="REG_SZ">
3417 <Key>Software\Policies\Google\Chrome\ClearBrowsingDataOnExitList</Key>
3418 <ValueName>4</ValueName>
3419 <Value>cached_images_and_files</Value>
3421 <Entry type="1" type_name="REG_SZ">
3422 <Key>Software\Policies\Google\Chrome\ClearBrowsingDataOnExitList</Key>
3423 <ValueName>5</ValueName>
3424 <Value>password_signin</Value>
3426 <Entry type="1" type_name="REG_SZ">
3427 <Key>Software\Policies\Google\Chrome\ClearBrowsingDataOnExitList</Key>
3428 <ValueName>6</ValueName>
3429 <Value>autofill</Value>
3431 <Entry type="1" type_name="REG_SZ">
3432 <Key>Software\Policies\Google\Chrome\ClearBrowsingDataOnExitList</Key>
3433 <ValueName>7</ValueName>
3434 <Value>site_settings</Value>
3436 <Entry type="1" type_name="REG_SZ">
3437 <Key>Software\Policies\Google\Chrome\ClearBrowsingDataOnExitList</Key>
3438 <ValueName>8</ValueName>
3439 <Value>hosted_app_data</Value>
3441 <Entry type="1" type_name="REG_SZ">
3442 <Key>Software\Policies\Google\Chrome\CookiesAllowedForUrls</Key>
3443 <ValueName>1</ValueName>
3444 <Value>https://www.example.com</Value>
3446 <Entry type="1" type_name="REG_SZ">
3447 <Key>Software\Policies\Google\Chrome\CookiesAllowedForUrls</Key>
3448 <ValueName>2</ValueName>
3449 <Value>[*.]example.edu</Value>
3451 <Entry type="1" type_name="REG_SZ">
3452 <Key>Software\Policies\Google\Chrome\CookiesBlockedForUrls</Key>
3453 <ValueName>1</ValueName>
3454 <Value>https://www.example.com</Value>
3456 <Entry type="1" type_name="REG_SZ">
3457 <Key>Software\Policies\Google\Chrome\CookiesBlockedForUrls</Key>
3458 <ValueName>2</ValueName>
3459 <Value>[*.]example.edu</Value>
3461 <Entry type="1" type_name="REG_SZ">
3462 <Key>Software\Policies\Google\Chrome\CookiesSessionOnlyForUrls</Key>
3463 <ValueName>1</ValueName>
3464 <Value>https://www.example.com</Value>
3466 <Entry type="1" type_name="REG_SZ">
3467 <Key>Software\Policies\Google\Chrome\CookiesSessionOnlyForUrls</Key>
3468 <ValueName>2</ValueName>
3469 <Value>[*.]example.edu</Value>
3471 <Entry type="1" type_name="REG_SZ">
3472 <Key>Software\Policies\Google\Chrome\DefaultSearchProviderAlternateURLs</Key>
3473 <ValueName>1</ValueName>
3474 <Value>https://search.my.company/suggest#q={searchTerms}</Value>
3476 <Entry type="1" type_name="REG_SZ">
3477 <Key>Software\Policies\Google\Chrome\DefaultSearchProviderAlternateURLs</Key>
3478 <ValueName>2</ValueName>
3479 <Value>https://search.my.company/suggest/search#q={searchTerms}</Value>
3481 <Entry type="1" type_name="REG_SZ">
3482 <Key>Software\Policies\Google\Chrome\DefaultSearchProviderEncodings</Key>
3483 <ValueName>1</ValueName>
3484 <Value>UTF-8</Value>
3486 <Entry type="1" type_name="REG_SZ">
3487 <Key>Software\Policies\Google\Chrome\DefaultSearchProviderEncodings</Key>
3488 <ValueName>2</ValueName>
3489 <Value>UTF-16</Value>
3491 <Entry type="1" type_name="REG_SZ">
3492 <Key>Software\Policies\Google\Chrome\DefaultSearchProviderEncodings</Key>
3493 <ValueName>3</ValueName>
3494 <Value>GB2312</Value>
3496 <Entry type="1" type_name="REG_SZ">
3497 <Key>Software\Policies\Google\Chrome\DefaultSearchProviderEncodings</Key>
3498 <ValueName>4</ValueName>
3499 <Value>ISO-8859-1</Value>
3501 <Entry type="1" type_name="REG_SZ">
3502 <Key>Software\Policies\Google\Chrome\EnableExperimentalPolicies</Key>
3503 <ValueName>1</ValueName>
3504 <Value>ExtensionInstallAllowlist</Value>
3506 <Entry type="1" type_name="REG_SZ">
3507 <Key>Software\Policies\Google\Chrome\EnableExperimentalPolicies</Key>
3508 <ValueName>2</ValueName>
3509 <Value>ExtensionInstallBlocklist</Value>
3511 <Entry type="1" type_name="REG_SZ">
3512 <Key>Software\Policies\Google\Chrome\ExplicitlyAllowedNetworkPorts</Key>
3513 <ValueName>1</ValueName>
3514 <Value>10080</Value>
3516 <Entry type="1" type_name="REG_SZ">
3517 <Key>Software\Policies\Google\Chrome\ExtensionAllowedTypes</Key>
3518 <ValueName>1</ValueName>
3519 <Value>hosted_app</Value>
3521 <Entry type="1" type_name="REG_SZ">
3522 <Key>Software\Policies\Google\Chrome\ExtensionInstallAllowlist</Key>
3523 <ValueName>1</ValueName>
3524 <Value>extension_id1</Value>
3526 <Entry type="1" type_name="REG_SZ">
3527 <Key>Software\Policies\Google\Chrome\ExtensionInstallAllowlist</Key>
3528 <ValueName>2</ValueName>
3529 <Value>extension_id2</Value>
3531 <Entry type="1" type_name="REG_SZ">
3532 <Key>Software\Policies\Google\Chrome\ExtensionInstallBlocklist</Key>
3533 <ValueName>1</ValueName>
3534 <Value>extension_id1</Value>
3536 <Entry type="1" type_name="REG_SZ">
3537 <Key>Software\Policies\Google\Chrome\ExtensionInstallBlocklist</Key>
3538 <ValueName>2</ValueName>
3539 <Value>extension_id2</Value>
3541 <Entry type="1" type_name="REG_SZ">
3542 <Key>Software\Policies\Google\Chrome\ExtensionInstallForcelist</Key>
3543 <ValueName>1</ValueName>
3544 <Value>aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa;https://clients2.google.com/service/update2/crx</Value>
3546 <Entry type="1" type_name="REG_SZ">
3547 <Key>Software\Policies\Google\Chrome\ExtensionInstallForcelist</Key>
3548 <ValueName>2</ValueName>
3549 <Value>abcdefghijklmnopabcdefghijklmnop</Value>
3551 <Entry type="1" type_name="REG_SZ">
3552 <Key>Software\Policies\Google\Chrome\ExtensionInstallSources</Key>
3553 <ValueName>1</ValueName>
3554 <Value>https://corp.mycompany.com/*</Value>
3556 <Entry type="1" type_name="REG_SZ">
3557 <Key>Software\Policies\Google\Chrome\FileHandlingAllowedForUrls</Key>
3558 <ValueName>1</ValueName>
3559 <Value>https://www.example.com</Value>
3561 <Entry type="1" type_name="REG_SZ">
3562 <Key>Software\Policies\Google\Chrome\FileHandlingAllowedForUrls</Key>
3563 <ValueName>2</ValueName>
3564 <Value>[*.]example.edu</Value>
3566 <Entry type="1" type_name="REG_SZ">
3567 <Key>Software\Policies\Google\Chrome\FileHandlingBlockedForUrls</Key>
3568 <ValueName>1</ValueName>
3569 <Value>https://www.example.com</Value>
3571 <Entry type="1" type_name="REG_SZ">
3572 <Key>Software\Policies\Google\Chrome\FileHandlingBlockedForUrls</Key>
3573 <ValueName>2</ValueName>
3574 <Value>[*.]example.edu</Value>
3576 <Entry type="1" type_name="REG_SZ">
3577 <Key>Software\Policies\Google\Chrome\FileSystemReadAskForUrls</Key>
3578 <ValueName>1</ValueName>
3579 <Value>https://www.example.com</Value>
3581 <Entry type="1" type_name="REG_SZ">
3582 <Key>Software\Policies\Google\Chrome\FileSystemReadAskForUrls</Key>
3583 <ValueName>2</ValueName>
3584 <Value>[*.]example.edu</Value>
3586 <Entry type="1" type_name="REG_SZ">
3587 <Key>Software\Policies\Google\Chrome\FileSystemReadBlockedForUrls</Key>
3588 <ValueName>1</ValueName>
3589 <Value>https://www.example.com</Value>
3591 <Entry type="1" type_name="REG_SZ">
3592 <Key>Software\Policies\Google\Chrome\FileSystemReadBlockedForUrls</Key>
3593 <ValueName>2</ValueName>
3594 <Value>[*.]example.edu</Value>
3596 <Entry type="1" type_name="REG_SZ">
3597 <Key>Software\Policies\Google\Chrome\FileSystemWriteAskForUrls</Key>
3598 <ValueName>1</ValueName>
3599 <Value>https://www.example.com</Value>
3601 <Entry type="1" type_name="REG_SZ">
3602 <Key>Software\Policies\Google\Chrome\FileSystemWriteAskForUrls</Key>
3603 <ValueName>2</ValueName>
3604 <Value>[*.]example.edu</Value>
3606 <Entry type="1" type_name="REG_SZ">
3607 <Key>Software\Policies\Google\Chrome\FileSystemWriteBlockedForUrls</Key>
3608 <ValueName>1</ValueName>
3609 <Value>https://www.example.com</Value>
3611 <Entry type="1" type_name="REG_SZ">
3612 <Key>Software\Policies\Google\Chrome\FileSystemWriteBlockedForUrls</Key>
3613 <ValueName>2</ValueName>
3614 <Value>[*.]example.edu</Value>
3616 <Entry type="1" type_name="REG_SZ">
3617 <Key>Software\Policies\Google\Chrome\ForcedLanguages</Key>
3618 <ValueName>1</ValueName>
3619 <Value>en-US</Value>
3621 <Entry type="1" type_name="REG_SZ">
3622 <Key>Software\Policies\Google\Chrome\HSTSPolicyBypassList</Key>
3623 <ValueName>1</ValueName>
3626 <Entry type="1" type_name="REG_SZ">
3627 <Key>Software\Policies\Google\Chrome\ImagesAllowedForUrls</Key>
3628 <ValueName>1</ValueName>
3629 <Value>https://www.example.com</Value>
3631 <Entry type="1" type_name="REG_SZ">
3632 <Key>Software\Policies\Google\Chrome\ImagesAllowedForUrls</Key>
3633 <ValueName>2</ValueName>
3634 <Value>[*.]example.edu</Value>
3636 <Entry type="1" type_name="REG_SZ">
3637 <Key>Software\Policies\Google\Chrome\ImagesBlockedForUrls</Key>
3638 <ValueName>1</ValueName>
3639 <Value>https://www.example.com</Value>
3641 <Entry type="1" type_name="REG_SZ">
3642 <Key>Software\Policies\Google\Chrome\ImagesBlockedForUrls</Key>
3643 <ValueName>2</ValueName>
3644 <Value>[*.]example.edu</Value>
3646 <Entry type="1" type_name="REG_SZ">
3647 <Key>Software\Policies\Google\Chrome\InsecureContentAllowedForUrls</Key>
3648 <ValueName>1</ValueName>
3649 <Value>https://www.example.com</Value>
3651 <Entry type="1" type_name="REG_SZ">
3652 <Key>Software\Policies\Google\Chrome\InsecureContentAllowedForUrls</Key>
3653 <ValueName>2</ValueName>
3654 <Value>[*.]example.edu</Value>
3656 <Entry type="1" type_name="REG_SZ">
3657 <Key>Software\Policies\Google\Chrome\InsecureContentBlockedForUrls</Key>
3658 <ValueName>1</ValueName>
3659 <Value>https://www.example.com</Value>
3661 <Entry type="1" type_name="REG_SZ">
3662 <Key>Software\Policies\Google\Chrome\InsecureContentBlockedForUrls</Key>
3663 <ValueName>2</ValueName>
3664 <Value>[*.]example.edu</Value>
3666 <Entry type="1" type_name="REG_SZ">
3667 <Key>Software\Policies\Google\Chrome\InsecurePrivateNetworkRequestsAllowedForUrls</Key>
3668 <ValueName>1</ValueName>
3669 <Value>http://www.example.com:8080</Value>
3671 <Entry type="1" type_name="REG_SZ">
3672 <Key>Software\Policies\Google\Chrome\InsecurePrivateNetworkRequestsAllowedForUrls</Key>
3673 <ValueName>2</ValueName>
3674 <Value>[*.]example.edu</Value>
3676 <Entry type="1" type_name="REG_SZ">
3677 <Key>Software\Policies\Google\Chrome\JavaScriptAllowedForUrls</Key>
3678 <ValueName>1</ValueName>
3679 <Value>https://www.example.com</Value>
3681 <Entry type="1" type_name="REG_SZ">
3682 <Key>Software\Policies\Google\Chrome\JavaScriptAllowedForUrls</Key>
3683 <ValueName>2</ValueName>
3684 <Value>[*.]example.edu</Value>
3686 <Entry type="1" type_name="REG_SZ">
3687 <Key>Software\Policies\Google\Chrome\JavaScriptBlockedForUrls</Key>
3688 <ValueName>1</ValueName>
3689 <Value>https://www.example.com</Value>
3691 <Entry type="1" type_name="REG_SZ">
3692 <Key>Software\Policies\Google\Chrome\JavaScriptBlockedForUrls</Key>
3693 <ValueName>2</ValueName>
3694 <Value>[*.]example.edu</Value>
3696 <Entry type="1" type_name="REG_SZ">
3697 <Key>Software\Policies\Google\Chrome\LegacySameSiteCookieBehaviorEnabledForDomainList</Key>
3698 <ValueName>1</ValueName>
3699 <Value>www.example.com</Value>
3701 <Entry type="1" type_name="REG_SZ">
3702 <Key>Software\Policies\Google\Chrome\LegacySameSiteCookieBehaviorEnabledForDomainList</Key>
3703 <ValueName>2</ValueName>
3704 <Value>[*.]example.edu</Value>
3706 <Entry type="1" type_name="REG_SZ">
3707 <Key>Software\Policies\Google\Chrome\LookalikeWarningAllowlistDomains</Key>
3708 <ValueName>1</ValueName>
3709 <Value>foo.example.com</Value>
3711 <Entry type="1" type_name="REG_SZ">
3712 <Key>Software\Policies\Google\Chrome\LookalikeWarningAllowlistDomains</Key>
3713 <ValueName>2</ValueName>
3714 <Value>example.org</Value>
3716 <Entry type="1" type_name="REG_SZ">
3717 <Key>Software\Policies\Google\Chrome\NativeMessagingAllowlist</Key>
3718 <ValueName>1</ValueName>
3719 <Value>com.native.messaging.host.name1</Value>
3721 <Entry type="1" type_name="REG_SZ">
3722 <Key>Software\Policies\Google\Chrome\NativeMessagingAllowlist</Key>
3723 <ValueName>2</ValueName>
3724 <Value>com.native.messaging.host.name2</Value>
3726 <Entry type="1" type_name="REG_SZ">
3727 <Key>Software\Policies\Google\Chrome\NativeMessagingBlocklist</Key>
3728 <ValueName>1</ValueName>
3729 <Value>com.native.messaging.host.name1</Value>
3731 <Entry type="1" type_name="REG_SZ">
3732 <Key>Software\Policies\Google\Chrome\NativeMessagingBlocklist</Key>
3733 <ValueName>2</ValueName>
3734 <Value>com.native.messaging.host.name2</Value>
3736 <Entry type="1" type_name="REG_SZ">
3737 <Key>Software\Policies\Google\Chrome\NotificationsAllowedForUrls</Key>
3738 <ValueName>1</ValueName>
3739 <Value>https://www.example.com</Value>
3741 <Entry type="1" type_name="REG_SZ">
3742 <Key>Software\Policies\Google\Chrome\NotificationsAllowedForUrls</Key>
3743 <ValueName>2</ValueName>
3744 <Value>[*.]example.edu</Value>
3746 <Entry type="1" type_name="REG_SZ">
3747 <Key>Software\Policies\Google\Chrome\NotificationsBlockedForUrls</Key>
3748 <ValueName>1</ValueName>
3749 <Value>https://www.example.com</Value>
3751 <Entry type="1" type_name="REG_SZ">
3752 <Key>Software\Policies\Google\Chrome\NotificationsBlockedForUrls</Key>
3753 <ValueName>2</ValueName>
3754 <Value>[*.]example.edu</Value>
3756 <Entry type="1" type_name="REG_SZ">
3757 <Key>Software\Policies\Google\Chrome\OverrideSecurityRestrictionsOnInsecureOrigin</Key>
3758 <ValueName>1</ValueName>
3759 <Value>http://testserver.example.com/</Value>
3761 <Entry type="1" type_name="REG_SZ">
3762 <Key>Software\Policies\Google\Chrome\OverrideSecurityRestrictionsOnInsecureOrigin</Key>
3763 <ValueName>2</ValueName>
3764 <Value>*.example.org</Value>
3766 <Entry type="1" type_name="REG_SZ">
3767 <Key>Software\Policies\Google\Chrome\PasswordProtectionLoginURLs</Key>
3768 <ValueName>1</ValueName>
3769 <Value>https://mydomain.com/login.html</Value>
3771 <Entry type="1" type_name="REG_SZ">
3772 <Key>Software\Policies\Google\Chrome\PasswordProtectionLoginURLs</Key>
3773 <ValueName>2</ValueName>
3774 <Value>https://login.mydomain.com</Value>
3776 <Entry type="1" type_name="REG_SZ">
3777 <Key>Software\Policies\Google\Chrome\PolicyDictionaryMultipleSourceMergeList</Key>
3778 <ValueName>1</ValueName>
3779 <Value>ExtensionSettings</Value>
3781 <Entry type="1" type_name="REG_SZ">
3782 <Key>Software\Policies\Google\Chrome\PolicyListMultipleSourceMergeList</Key>
3783 <ValueName>1</ValueName>
3784 <Value>ExtensionInstallAllowlist</Value>
3786 <Entry type="1" type_name="REG_SZ">
3787 <Key>Software\Policies\Google\Chrome\PolicyListMultipleSourceMergeList</Key>
3788 <ValueName>2</ValueName>
3789 <Value>ExtensionInstallBlocklist</Value>
3791 <Entry type="1" type_name="REG_SZ">
3792 <Key>Software\Policies\Google\Chrome\PopupsAllowedForUrls</Key>
3793 <ValueName>1</ValueName>
3794 <Value>https://www.example.com</Value>
3796 <Entry type="1" type_name="REG_SZ">
3797 <Key>Software\Policies\Google\Chrome\PopupsAllowedForUrls</Key>
3798 <ValueName>2</ValueName>
3799 <Value>[*.]example.edu</Value>
3801 <Entry type="1" type_name="REG_SZ">
3802 <Key>Software\Policies\Google\Chrome\PopupsBlockedForUrls</Key>
3803 <ValueName>1</ValueName>
3804 <Value>https://www.example.com</Value>
3806 <Entry type="1" type_name="REG_SZ">
3807 <Key>Software\Policies\Google\Chrome\PopupsBlockedForUrls</Key>
3808 <ValueName>2</ValueName>
3809 <Value>[*.]example.edu</Value>
3811 <Entry type="1" type_name="REG_SZ">
3812 <Key>Software\Policies\Google\Chrome\PrinterTypeDenyList</Key>
3813 <ValueName>1</ValueName>
3814 <Value>cloud</Value>
3816 <Entry type="1" type_name="REG_SZ">
3817 <Key>Software\Policies\Google\Chrome\PrinterTypeDenyList</Key>
3818 <ValueName>2</ValueName>
3819 <Value>privet</Value>
3821 <Entry type="1" type_name="REG_SZ">
3822 <Key>Software\Policies\Google\Chrome\RemoteAccessHostClientDomainList</Key>
3823 <ValueName>1</ValueName>
3824 <Value>my-awesome-domain.com</Value>
3826 <Entry type="1" type_name="REG_SZ">
3827 <Key>Software\Policies\Google\Chrome\RemoteAccessHostClientDomainList</Key>
3828 <ValueName>2</ValueName>
3829 <Value>my-auxiliary-domain.com</Value>
3831 <Entry type="1" type_name="REG_SZ">
3832 <Key>Software\Policies\Google\Chrome\RemoteAccessHostDomainList</Key>
3833 <ValueName>1</ValueName>
3834 <Value>my-awesome-domain.com</Value>
3836 <Entry type="1" type_name="REG_SZ">
3837 <Key>Software\Policies\Google\Chrome\RemoteAccessHostDomainList</Key>
3838 <ValueName>2</ValueName>
3839 <Value>my-auxiliary-domain.com</Value>
3841 <Entry type="1" type_name="REG_SZ">
3842 <Key>Software\Policies\Google\Chrome\RestoreOnStartupURLs</Key>
3843 <ValueName>1</ValueName>
3844 <Value>https://example.com</Value>
3846 <Entry type="1" type_name="REG_SZ">
3847 <Key>Software\Policies\Google\Chrome\RestoreOnStartupURLs</Key>
3848 <ValueName>2</ValueName>
3849 <Value>https://www.chromium.org</Value>
3851 <Entry type="1" type_name="REG_SZ">
3852 <Key>Software\Policies\Google\Chrome\SSLErrorOverrideAllowedForOrigins</Key>
3853 <ValueName>1</ValueName>
3854 <Value>https://www.example.com</Value>
3856 <Entry type="1" type_name="REG_SZ">
3857 <Key>Software\Policies\Google\Chrome\SSLErrorOverrideAllowedForOrigins</Key>
3858 <ValueName>2</ValueName>
3859 <Value>[*.]example.edu</Value>
3861 <Entry type="1" type_name="REG_SZ">
3862 <Key>Software\Policies\Google\Chrome\SafeBrowsingAllowlistDomains</Key>
3863 <ValueName>1</ValueName>
3864 <Value>mydomain.com</Value>
3866 <Entry type="1" type_name="REG_SZ">
3867 <Key>Software\Policies\Google\Chrome\SafeBrowsingAllowlistDomains</Key>
3868 <ValueName>2</ValueName>
3869 <Value>myuniversity.edu</Value>
3871 <Entry type="1" type_name="REG_SZ">
3872 <Key>Software\Policies\Google\Chrome\SecurityKeyPermitAttestation</Key>
3873 <ValueName>1</ValueName>
3874 <Value>https://example.com</Value>
3876 <Entry type="1" type_name="REG_SZ">
3877 <Key>Software\Policies\Google\Chrome\SensorsAllowedForUrls</Key>
3878 <ValueName>1</ValueName>
3879 <Value>https://www.example.com</Value>
3881 <Entry type="1" type_name="REG_SZ">
3882 <Key>Software\Policies\Google\Chrome\SensorsAllowedForUrls</Key>
3883 <ValueName>2</ValueName>
3884 <Value>[*.]example.edu</Value>
3886 <Entry type="1" type_name="REG_SZ">
3887 <Key>Software\Policies\Google\Chrome\SensorsBlockedForUrls</Key>
3888 <ValueName>1</ValueName>
3889 <Value>https://www.example.com</Value>
3891 <Entry type="1" type_name="REG_SZ">
3892 <Key>Software\Policies\Google\Chrome\SensorsBlockedForUrls</Key>
3893 <ValueName>2</ValueName>
3894 <Value>[*.]example.edu</Value>
3896 <Entry type="1" type_name="REG_SZ">
3897 <Key>Software\Policies\Google\Chrome\SerialAskForUrls</Key>
3898 <ValueName>1</ValueName>
3899 <Value>https://www.example.com</Value>
3901 <Entry type="1" type_name="REG_SZ">
3902 <Key>Software\Policies\Google\Chrome\SerialAskForUrls</Key>
3903 <ValueName>2</ValueName>
3904 <Value>[*.]example.edu</Value>
3906 <Entry type="1" type_name="REG_SZ">
3907 <Key>Software\Policies\Google\Chrome\SerialBlockedForUrls</Key>
3908 <ValueName>1</ValueName>
3909 <Value>https://www.example.com</Value>
3911 <Entry type="1" type_name="REG_SZ">
3912 <Key>Software\Policies\Google\Chrome\SerialBlockedForUrls</Key>
3913 <ValueName>2</ValueName>
3914 <Value>[*.]example.edu</Value>
3916 <Entry type="1" type_name="REG_SZ">
3917 <Key>Software\Policies\Google\Chrome\SpellcheckLanguage</Key>
3918 <ValueName>1</ValueName>
3921 <Entry type="1" type_name="REG_SZ">
3922 <Key>Software\Policies\Google\Chrome\SpellcheckLanguage</Key>
3923 <ValueName>2</ValueName>
3926 <Entry type="1" type_name="REG_SZ">
3927 <Key>Software\Policies\Google\Chrome\SpellcheckLanguageBlocklist</Key>
3928 <ValueName>1</ValueName>
3931 <Entry type="1" type_name="REG_SZ">
3932 <Key>Software\Policies\Google\Chrome\SpellcheckLanguageBlocklist</Key>
3933 <ValueName>2</ValueName>
3936 <Entry type="1" type_name="REG_SZ">
3937 <Key>Software\Policies\Google\Chrome\SyncTypesListDisabled</Key>
3938 <ValueName>1</ValueName>
3939 <Value>bookmarks</Value>
3941 <Entry type="1" type_name="REG_SZ">
3942 <Key>Software\Policies\Google\Chrome\URLAllowlist</Key>
3943 <ValueName>1</ValueName>
3944 <Value>example.com</Value>
3946 <Entry type="1" type_name="REG_SZ">
3947 <Key>Software\Policies\Google\Chrome\URLAllowlist</Key>
3948 <ValueName>2</ValueName>
3949 <Value>https://ssl.server.com</Value>
3951 <Entry type="1" type_name="REG_SZ">
3952 <Key>Software\Policies\Google\Chrome\URLAllowlist</Key>
3953 <ValueName>3</ValueName>
3954 <Value>hosting.com/good_path</Value>
3956 <Entry type="1" type_name="REG_SZ">
3957 <Key>Software\Policies\Google\Chrome\URLAllowlist</Key>
3958 <ValueName>4</ValueName>
3959 <Value>https://server:8080/path</Value>
3961 <Entry type="1" type_name="REG_SZ">
3962 <Key>Software\Policies\Google\Chrome\URLAllowlist</Key>
3963 <ValueName>5</ValueName>
3964 <Value>.exact.hostname.com</Value>
3966 <Entry type="1" type_name="REG_SZ">
3967 <Key>Software\Policies\Google\Chrome\URLBlocklist</Key>
3968 <ValueName>1</ValueName>
3969 <Value>example.com</Value>
3971 <Entry type="1" type_name="REG_SZ">
3972 <Key>Software\Policies\Google\Chrome\URLBlocklist</Key>
3973 <ValueName>2</ValueName>
3974 <Value>https://ssl.server.com</Value>
3976 <Entry type="1" type_name="REG_SZ">
3977 <Key>Software\Policies\Google\Chrome\URLBlocklist</Key>
3978 <ValueName>3</ValueName>
3979 <Value>hosting.com/bad_path</Value>
3981 <Entry type="1" type_name="REG_SZ">
3982 <Key>Software\Policies\Google\Chrome\URLBlocklist</Key>
3983 <ValueName>4</ValueName>
3984 <Value>https://server:8080/path</Value>
3986 <Entry type="1" type_name="REG_SZ">
3987 <Key>Software\Policies\Google\Chrome\URLBlocklist</Key>
3988 <ValueName>5</ValueName>
3989 <Value>.exact.hostname.com</Value>
3991 <Entry type="1" type_name="REG_SZ">
3992 <Key>Software\Policies\Google\Chrome\URLBlocklist</Key>
3993 <ValueName>6</ValueName>
3994 <Value>file://*</Value>
3996 <Entry type="1" type_name="REG_SZ">
3997 <Key>Software\Policies\Google\Chrome\URLBlocklist</Key>
3998 <ValueName>7</ValueName>
3999 <Value>custom_scheme:*</Value>
4001 <Entry type="1" type_name="REG_SZ">
4002 <Key>Software\Policies\Google\Chrome\URLBlocklist</Key>
4003 <ValueName>8</ValueName>
4006 <Entry type="1" type_name="REG_SZ">
4007 <Key>Software\Policies\Google\Chrome\VideoCaptureAllowedUrls</Key>
4008 <ValueName>1</ValueName>
4009 <Value>https://www.example.com/</Value>
4011 <Entry type="1" type_name="REG_SZ">
4012 <Key>Software\Policies\Google\Chrome\VideoCaptureAllowedUrls</Key>
4013 <ValueName>2</ValueName>
4014 <Value>https://[*.]example.edu/</Value>
4016 <Entry type="1" type_name="REG_SZ">
4017 <Key>Software\Policies\Google\Chrome\WebRtcLocalIpsAllowedUrls</Key>
4018 <ValueName>1</ValueName>
4019 <Value>https://www.example.com</Value>
4021 <Entry type="1" type_name="REG_SZ">
4022 <Key>Software\Policies\Google\Chrome\WebRtcLocalIpsAllowedUrls</Key>
4023 <ValueName>2</ValueName>
4024 <Value>*example.com*</Value>
4026 <Entry type="1" type_name="REG_SZ">
4027 <Key>Software\Policies\Google\Chrome\WebUsbAskForUrls</Key>
4028 <ValueName>1</ValueName>
4029 <Value>https://www.example.com</Value>
4031 <Entry type="1" type_name="REG_SZ">
4032 <Key>Software\Policies\Google\Chrome\WebUsbAskForUrls</Key>
4033 <ValueName>2</ValueName>
4034 <Value>[*.]example.edu</Value>
4036 <Entry type="1" type_name="REG_SZ">
4037 <Key>Software\Policies\Google\Chrome\WebUsbBlockedForUrls</Key>
4038 <ValueName>1</ValueName>
4039 <Value>https://www.example.com</Value>
4041 <Entry type="1" type_name="REG_SZ">
4042 <Key>Software\Policies\Google\Chrome\WebUsbBlockedForUrls</Key>
4043 <ValueName>2</ValueName>
4044 <Value>[*.]example.edu</Value>
4046 <Entry type="4" type_name="REG_DWORD">
4047 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4048 <ValueName>AlternateErrorPagesEnabled</ValueName>
4051 <Entry type="1" type_name="REG_SZ">
4052 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4053 <ValueName>ApplicationLocaleValue</ValueName>
4056 <Entry type="4" type_name="REG_DWORD">
4057 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4058 <ValueName>AutofillAddressEnabled</ValueName>
4061 <Entry type="4" type_name="REG_DWORD">
4062 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4063 <ValueName>AutofillCreditCardEnabled</ValueName>
4066 <Entry type="4" type_name="REG_DWORD">
4067 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4068 <ValueName>BackgroundModeEnabled</ValueName>
4071 <Entry type="4" type_name="REG_DWORD">
4072 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4073 <ValueName>BlockThirdPartyCookies</ValueName>
4076 <Entry type="4" type_name="REG_DWORD">
4077 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4078 <ValueName>BookmarkBarEnabled</ValueName>
4081 <Entry type="1" type_name="REG_SZ">
4082 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4083 <ValueName>DefaultDownloadDirectory</ValueName>
4084 <Value>/home/${user_name}/Downloads</Value>
4086 <Entry type="1" type_name="REG_SZ">
4087 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4088 <ValueName>DownloadDirectory</ValueName>
4089 <Value>/home/${user_name}/Downloads</Value>
4091 <Entry type="4" type_name="REG_DWORD">
4092 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4093 <ValueName>DownloadRestrictions</ValueName>
4096 <Entry type="4" type_name="REG_DWORD">
4097 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4098 <ValueName>HomepageIsNewTabPage</ValueName>
4101 <Entry type="1" type_name="REG_SZ">
4102 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4103 <ValueName>HomepageLocation</ValueName>
4104 <Value>https://www.chromium.org</Value>
4106 <Entry type="4" type_name="REG_DWORD">
4107 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4108 <ValueName>ImportAutofillFormData</ValueName>
4111 <Entry type="4" type_name="REG_DWORD">
4112 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4113 <ValueName>ImportBookmarks</ValueName>
4116 <Entry type="4" type_name="REG_DWORD">
4117 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4118 <ValueName>ImportHistory</ValueName>
4121 <Entry type="4" type_name="REG_DWORD">
4122 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4123 <ValueName>ImportSavedPasswords</ValueName>
4126 <Entry type="4" type_name="REG_DWORD">
4127 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4128 <ValueName>ImportSearchEngine</ValueName>
4131 <Entry type="4" type_name="REG_DWORD">
4132 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4133 <ValueName>MetricsReportingEnabled</ValueName>
4136 <Entry type="4" type_name="REG_DWORD">
4137 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4138 <ValueName>NetworkPredictionOptions</ValueName>
4141 <Entry type="4" type_name="REG_DWORD">
4142 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4143 <ValueName>PasswordLeakDetectionEnabled</ValueName>
4146 <Entry type="4" type_name="REG_DWORD">
4147 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4148 <ValueName>PasswordManagerEnabled</ValueName>
4151 <Entry type="4" type_name="REG_DWORD">
4152 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4153 <ValueName>PrintHeaderFooter</ValueName>
4156 <Entry type="4" type_name="REG_DWORD">
4157 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4158 <ValueName>PrintPreviewUseSystemDefaultPrinter</ValueName>
4161 <Entry type="1" type_name="REG_SZ">
4162 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4163 <ValueName>RegisteredProtocolHandlers</ValueName>
4164 <Value>[{"default": true, "protocol": "mailto", "url": "https://mail.google.com/mail/?extsrc=mailto&url=%s"}]</Value>
4166 <Entry type="4" type_name="REG_DWORD">
4167 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4168 <ValueName>RestoreOnStartup</ValueName>
4171 <Entry type="4" type_name="REG_DWORD">
4172 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4173 <ValueName>SafeBrowsingForTrustedSourcesEnabled</ValueName>
4176 <Entry type="4" type_name="REG_DWORD">
4177 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4178 <ValueName>SafeBrowsingProtectionLevel</ValueName>
4181 <Entry type="4" type_name="REG_DWORD">
4182 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4183 <ValueName>SearchSuggestEnabled</ValueName>
4186 <Entry type="4" type_name="REG_DWORD">
4187 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4188 <ValueName>ShowFullUrlsInAddressBar</ValueName>
4191 <Entry type="4" type_name="REG_DWORD">
4192 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4193 <ValueName>ShowHomeButton</ValueName>
4196 <Entry type="4" type_name="REG_DWORD">
4197 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4198 <ValueName>SpellCheckServiceEnabled</ValueName>
4201 <Entry type="4" type_name="REG_DWORD">
4202 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4203 <ValueName>TranslateEnabled</ValueName>
4206 <Entry type="1" type_name="REG_SZ">
4207 <Key>Software\Policies\Google\Chrome\Recommended\RestoreOnStartupURLs</Key>
4208 <ValueName>1</ValueName>
4209 <Value>https://example.com</Value>
4211 <Entry type="1" type_name="REG_SZ">
4212 <Key>Software\Policies\Google\Chrome\Recommended\RestoreOnStartupURLs</Key>
4213 <ValueName>2</ValueName>
4214 <Value>https://www.chromium.org</Value>
4219 chromium_json_expected_managed
= \
4222 "FileSystemWriteAskForUrls": [
4223 "https://www.example.com",
4226 "InsecureContentBlockedForUrls": [
4227 "https://www.example.com",
4230 "DefaultSearchProviderImageURLPostParams": "content={imageThumbnail},url={imageURL},sbisrc={SearchSource}",
4231 "BrowserAddPersonEnabled": true,
4232 "DefaultSearchProviderImageURL": "https://search.my.company/searchbyimage/upload",
4233 "ShowHomeButton": true,
4234 "ClearBrowsingDataOnExitList": [
4237 "cookies_and_other_site_data",
4238 "cached_images_and_files",
4244 "JavaScriptAllowedForUrls": [
4245 "https://www.example.com",
4248 "AmbientAuthenticationInPrivateModesEnabled": 0,
4249 "AllowFileSelectionDialogs": true,
4250 "PrintingAllowedBackgroundGraphicsModes": "enabled",
4251 "DnsOverHttpsTemplates": "https://dns.example.net/dns-query{?dns}",
4252 "ComponentUpdatesEnabled": true,
4253 "RemoteAccessHostAllowRemoteAccessConnections": false,
4254 "WindowOcclusionEnabled": true,
4255 "PrintPreviewUseSystemDefaultPrinter": false,
4256 "AutoLaunchProtocolsFromOrigins": [
4258 "allowed_origins": [
4260 "http://www.example.com:8080"
4262 "protocol": "spotify"
4265 "allowed_origins": [
4266 "https://example.com",
4267 "https://.mail.example.com"
4272 "allowed_origins": [
4275 "protocol": "outlook"
4278 "ManagedConfigurationPerOrigin": [
4280 "origin": "https://www.google.com",
4281 "managed_configuration_hash": "asd891jedasd12ue9h",
4282 "managed_configuration_url": "https://gstatic.google.com/configuration.json"
4285 "origin": "https://www.example.com",
4286 "managed_configuration_hash": "djio12easd89u12aws",
4287 "managed_configuration_url": "https://gstatic.google.com/configuration2.json"
4290 "SyncTypesListDisabled": [
4293 "SecurityKeyPermitAttestation": [
4294 "https://example.com"
4296 "DefaultSearchProviderSearchURL": "https://search.my.company/search?q={searchTerms}",
4297 "MetricsReportingEnabled": true,
4298 "MaxInvalidationFetchDelay": 10000,
4299 "AudioProcessHighPriorityEnabled": true,
4300 "ExtensionInstallForcelist": [
4301 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa;https://clients2.google.com/service/update2/crx",
4302 "abcdefghijklmnopabcdefghijklmnop"
4304 "ExternalProtocolDialogShowAlwaysOpenCheckbox": true,
4305 "CookiesBlockedForUrls": [
4306 "https://www.example.com",
4309 "BrowserSwitcherExternalSitelistUrl": "http://example.com/sitelist.xml",
4310 "AudioCaptureAllowedUrls": [
4311 "https://www.example.com/",
4312 "https://[*.]example.edu/"
4314 "NTPCustomBackgroundEnabled": true,
4315 "BlockExternalExtensions": true,
4316 "BrowserSwitcherChromeParameters": [
4319 "SafeSitesFilterBehavior": 0,
4320 "EnableOnlineRevocationChecks": false,
4321 "ImagesBlockedForUrls": [
4322 "https://www.example.com",
4325 "InsecureFormsWarningsEnabled": true,
4326 "RelaunchNotificationPeriod": 604800000,
4327 "TotalMemoryLimitMb": 2048,
4328 "CloudManagementEnrollmentMandatory": true,
4329 "ClickToCallEnabled": true,
4330 "AppCacheForceEnabled": false,
4331 "UrlKeyedAnonymizedDataCollectionEnabled": true,
4332 "FullscreenAllowed": true,
4333 "AuthSchemes": "basic,digest,ntlm,negotiate",
4334 "PasswordLeakDetectionEnabled": true,
4335 "AuthServerAllowlist": "*.example.com,example.com",
4336 "AllowSyncXHRInPageDismissal": false,
4337 "PasswordProtectionChangePasswordURL": "https://mydomain.com/change_password.html",
4338 "MaxConnectionsPerProxy": 32,
4339 "RemoteAccessHostMaximumSessionDurationMinutes": 1200,
4340 "RemoteAccessHostAllowFileTransfer": false,
4341 "PrintRasterizationMode": 1,
4342 "CertificateTransparencyEnforcementDisabledForLegacyCas": [
4343 "sha256/AAAAAAAAAAAAAAAAAAAAAA==",
4344 "sha256//////////////////////w=="
4346 "DefaultWebBluetoothGuardSetting": 2,
4347 "AutoplayAllowed": true,
4348 "BrowserSwitcherUrlList": [
4350 "!open-in-chrome.ie.com",
4351 "foobar.com/ie-only/"
4353 "CertificateTransparencyEnforcementDisabledForUrls": [
4357 "SpellcheckLanguageBlocklist": [
4361 "PrintHeaderFooter": false,
4362 "ShowAppsShortcutInBookmarkBar": false,
4363 "SerialAskForUrls": [
4364 "https://www.example.com",
4367 "ImagesAllowedForUrls": [
4368 "https://www.example.com",
4371 "ProfilePickerOnStartupAvailability": 0,
4372 "CommandLineFlagSecurityWarningsEnabled": true,
4373 "QuicAllowed": true,
4374 "IntensiveWakeUpThrottlingEnabled": true,
4375 "WPADQuickCheckEnabled": true,
4376 "SensorsAllowedForUrls": [
4377 "https://www.example.com",
4380 "NTPCardsVisible": true,
4381 "DefaultSearchProviderAlternateURLs": [
4382 "https://search.my.company/suggest#q={searchTerms}",
4383 "https://search.my.company/suggest/search#q={searchTerms}"
4385 "DisableSafeBrowsingProceedAnyway": true,
4386 "DefaultFileSystemWriteGuardSetting": 2,
4387 "DefaultSearchProviderSuggestURL": "https://search.my.company/suggest?q={searchTerms}",
4388 "SSLErrorOverrideAllowed": true,
4389 "CloudPrintProxyEnabled": true,
4390 "BrowserSwitcherUrlGreylist": [
4392 "!open-in-chrome.ie.com",
4393 "foobar.com/ie-only/"
4395 "BrowserNetworkTimeQueriesEnabled": true,
4396 "WebUsbAllowDevicesForUrls": [
4399 "https://google.com"
4409 "TaskManagerEndProcessEnabled": true,
4410 "SuppressDifferentOriginSubframeDialogs": true,
4411 "UserDataDir": "${users}/${user_name}/Chrome",
4412 "CookiesAllowedForUrls": [
4413 "https://www.example.com",
4416 "SuppressUnsupportedOSWarning": true,
4417 "RequireOnlineRevocationChecksForLocalAnchors": false,
4418 "BrowsingDataLifetime": [
4423 "time_to_live_in_hours": 24
4430 "time_to_live_in_hours": 12
4433 "FileHandlingBlockedForUrls": [
4434 "https://www.example.com",
4437 "AudioCaptureAllowed": false,
4438 "PromotionalTabsEnabled": false,
4439 "ShowFullUrlsInAddressBar": false,
4440 "EnableMediaRouter": true,
4441 "BrowserSwitcherDelay": 10000,
4442 "AllowDinosaurEasterEgg": false,
4443 "ImportSearchEngine": true,
4444 "PrintingBackgroundGraphicsDefault": "enabled",
4445 "TripleDESEnabled": false,
4446 "AutoplayAllowlist": [
4447 "https://www.example.com",
4450 "RemoteAccessHostUdpPortRange": "12400-12409",
4451 "DefaultSearchProviderIconURL": "https://search.my.company/favicon.ico",
4452 "BrowserSwitcherChromePath": "${chrome}",
4453 "InsecureContentAllowedForUrls": [
4454 "https://www.example.com",
4457 "DefaultSearchProviderSearchURLPostParams": "q={searchTerms},ie=utf-8,oe=utf-8",
4458 "ForceGoogleSafeSearch": false,
4459 "UserFeedbackAllowed": true,
4460 "ForceYouTubeRestrict": 0,
4461 "ApplicationLocaleValue": "en",
4462 "RoamingProfileSupportEnabled": true,
4463 "AlternativeBrowserPath": "${ie}",
4464 "AlternativeBrowserParameters": [
4469 "%HOME%\\\\browser_profile"
4471 "AdvancedProtectionAllowed": true,
4472 "EditBookmarksEnabled": false,
4473 "DefaultPrinterSelection": "{ \\"kind\\": \\"cloud\\", \\"idPattern\\": \\".*public\\", \\"namePattern\\": \\".*Color\\" }",
4474 "SSLVersionMin": "tls1",
4475 "SharedArrayBufferUnrestrictedAccessAllowed": true,
4476 "DefaultSerialGuardSetting": 2,
4477 "DefaultPopupsSetting": 1,
4478 "IntranetRedirectBehavior": 1,
4479 "RendererCodeIntegrityEnabled": false,
4480 "BrowserGuestModeEnforced": true,
4481 "HSTSPolicyBypassList": [
4484 "DefaultWebUsbGuardSetting": 2,
4485 "CECPQ2Enabled": true,
4486 "RemoteAccessHostDomainList": [
4487 "my-awesome-domain.com",
4488 "my-auxiliary-domain.com"
4492 "https://ssl.server.com",
4493 "hosting.com/bad_path",
4494 "https://server:8080/path",
4495 ".exact.hostname.com",
4500 "IsolateOrigins": "https://example.com/,https://othersite.org/",
4501 "ExtensionAllowedTypes": [
4504 "NativeMessagingBlocklist": [
4505 "com.native.messaging.host.name1",
4506 "com.native.messaging.host.name2"
4508 "ExtensionSettings": {
4509 "abcdefghijklmnopabcdefghijklmnop": {
4510 "blocked_permissions": [
4513 "minimum_version_required": "1.0.1",
4514 "toolbar_pin": "force_pinned",
4515 "installation_mode": "allowed"
4517 "bcdefghijklmnopabcdefghijklmnopa": {
4518 "runtime_blocked_hosts": [
4521 "allowed_permissions": [
4524 "update_url": "https://example.com/update_url",
4525 "runtime_allowed_hosts": [
4526 "*://good.example.com"
4528 "installation_mode": "force_installed"
4530 "update_url:https://www.example.com/update.xml": {
4531 "allowed_permissions": [
4534 "blocked_permissions": [
4537 "installation_mode": "allowed"
4539 "cdefghijklmnopabcdefghijklmnopab": {
4540 "blocked_install_message": "Custom error message.",
4541 "installation_mode": "blocked"
4544 "blocked_permissions": [
4548 "installation_mode": "blocked",
4549 "runtime_blocked_hosts": [
4552 "blocked_install_message": "Custom error message.",
4556 "runtime_allowed_hosts": [
4557 "*://good.example.com"
4559 "install_sources": [
4560 "https://company-intranet/chromeapps"
4563 "defghijklmnopabcdefghijklmnopabc,efghijklmnopabcdefghijklmnopabcd": {
4564 "blocked_install_message": "Custom error message.",
4565 "installation_mode": "blocked"
4567 "fghijklmnopabcdefghijklmnopabcde": {
4568 "blocked_install_message": "Custom removal message.",
4569 "installation_mode": "removed"
4571 "ghijklmnopabcdefghijklmnopabcdef": {
4572 "update_url": "https://example.com/update_url",
4573 "override_update_url": true,
4574 "installation_mode": "force_installed"
4577 "FileSystemReadAskForUrls": [
4578 "https://www.example.com",
4581 "SpellCheckServiceEnabled": false,
4582 "ExtensionInstallSources": [
4583 "https://corp.mycompany.com/*"
4585 "PrinterTypeDenyList": [
4589 "SharedClipboardEnabled": true,
4590 "BlockThirdPartyCookies": false,
4591 "MediaRouterCastAllowAllIPs": false,
4592 "DnsOverHttpsMode": "off",
4593 "SyncDisabled": true,
4594 "LookalikeWarningAllowlistDomains": [
4598 "UserDataSnapshotRetentionLimit": 3,
4599 "SafeBrowsingProtectionLevel": 2,
4600 "ScrollToTextFragmentEnabled": false,
4601 "ImportBookmarks": true,
4602 "DefaultBrowserSettingEnabled": true,
4603 "DefaultSearchProviderEnabled": true,
4604 "AdditionalDnsQueryTypesEnabled": true,
4605 "PolicyRefreshRate": 3600000,
4606 "PrintingPaperSizeDefault": {
4613 "RestoreOnStartup": 4,
4614 "PasswordProtectionWarningTrigger": 1,
4615 "ChromeCleanupEnabled": true,
4616 "AbusiveExperienceInterventionEnforce": true,
4617 "BasicAuthOverHttpEnabled": false,
4618 "EnableAuthNegotiatePort": false,
4619 "DefaultGeolocationSetting": 1,
4620 "PolicyDictionaryMultipleSourceMergeList": [
4623 "AllowedDomainsForApps": "managedchrome.com,example.com",
4624 "DisableAuthNegotiateCnameLookup": false,
4625 "IncognitoModeAvailability": 1,
4626 "ChromeVariations": 1,
4627 "DefaultSearchProviderNewTabURL": "https://search.my.company/newtab",
4628 "SavingBrowserHistoryDisabled": true,
4629 "SpellcheckEnabled": false,
4630 "FileSystemWriteBlockedForUrls": [
4631 "https://www.example.com",
4634 "BuiltInDnsClientEnabled": true,
4635 "SSLErrorOverrideAllowedForOrigins": [
4636 "https://www.example.com",
4639 "WebRtcIPHandling": "default",
4640 "DefaultNotificationsSetting": 2,
4641 "PopupsAllowedForUrls": [
4642 "https://www.example.com",
4645 "TranslateEnabled": true,
4646 "DefaultSearchProviderEncodings": [
4652 "DownloadRestrictions": 2,
4653 "PromptForDownloadLocation": false,
4654 "DisablePrintPreview": false,
4655 "NetworkPredictionOptions": 1,
4656 "FileSystemReadBlockedForUrls": [
4657 "https://www.example.com",
4660 "AutoOpenFileTypes": [
4664 "DownloadDirectory": "/home/${user_name}/Downloads",
4665 "ImportHomepage": true,
4666 "GloballyScopeHTTPAuthCacheEnabled": false,
4667 "CloudManagementEnrollmentToken": "37185d02-e055-11e7-80c1-9a214cf093ae",
4668 "ThirdPartyBlockingEnabled": false,
4669 "AdsSettingForIntrusiveAdsSites": 1,
4670 "FetchKeepaliveDurationSecondsOnShutdown": 1,
4671 "BookmarkBarEnabled": true,
4672 "DisableScreenshots": true,
4673 "AccessibilityImageLabelsEnabled": false,
4674 "RemoteAccessHostAllowUiAccessForRemoteAssistance": true,
4675 "PopupsBlockedForUrls": [
4676 "https://www.example.com",
4679 "DefaultFileSystemReadGuardSetting": 2,
4681 "WebRtcAllowLegacyTLSProtocols": false,
4682 "PasswordManagerEnabled": true,
4683 "SafeBrowsingExtendedReportingEnabled": true,
4684 "CloudPolicyOverridesPlatformPolicy": false,
4685 "InsecurePrivateNetworkRequestsAllowedForUrls": [
4686 "http://www.example.com:8080",
4689 "RelaunchNotification": 1,
4690 "AlwaysOpenPdfExternally": true,
4691 "DefaultFileHandlingGuardSetting": 2,
4692 "ForceEphemeralProfiles": true,
4693 "PasswordProtectionLoginURLs": [
4694 "https://mydomain.com/login.html",
4695 "https://login.mydomain.com"
4697 "BrowserSwitcherExternalGreylistUrl": "http://example.com/greylist.xml",
4698 "BrowserGuestModeEnabled": true,
4699 "MediaRecommendationsEnabled": true,
4700 "WebRtcLocalIpsAllowedUrls": [
4701 "https://www.example.com",
4704 "DeveloperToolsAvailability": 2,
4705 "DNSInterceptionChecksEnabled": true,
4706 "DefaultSearchProviderContextMenuAccessAllowed": true,
4707 "RemoteAccessHostRequireCurtain": false,
4708 "PaymentMethodQueryEnabled": true,
4709 "HomepageLocation": "https://www.chromium.org",
4710 "WebUsbAskForUrls": [
4711 "https://www.example.com",
4714 "RemoteAccessHostAllowClientPairing": false,
4716 "ProxyMode": "direct",
4717 "ProxyPacUrl": "https://internal.site/example.pac",
4718 "ProxyServer": "123.123.123.123:8080",
4719 "ProxyServerMode": 2,
4720 "ProxyBypassList": "https://www.example1.com,https://www.example2.com,https://internalsite/"
4722 "AutofillCreditCardEnabled": false,
4723 "FileHandlingAllowedForUrls": [
4724 "https://www.example.com",
4727 "ChromeCleanupReportingEnabled": true,
4728 "AlternateErrorPagesEnabled": true,
4729 "WebRtcEventLogCollectionAllowed": true,
4730 "AutoSelectCertificateForUrls": [
4731 "{\\"pattern\\":\\"https://www.example.com\\",\\"filter\\":{\\"ISSUER\\":{\\"CN\\":\\"certificate issuer name\\", \\"L\\": \\"certificate issuer location\\", \\"O\\": \\"certificate issuer org\\", \\"OU\\": \\"certificate issuer org unit\\"}, \\"SUBJECT\\":{\\"CN\\":\\"certificate subject name\\", \\"L\\": \\"certificate subject location\\", \\"O\\": \\"certificate subject org\\", \\"OU\\": \\"certificate subject org unit\\"}}}"
4733 "PolicyListMultipleSourceMergeList": [
4734 "ExtensionInstallAllowlist",
4735 "ExtensionInstallBlocklist"
4737 "CertificateTransparencyEnforcementDisabledForCas": [
4738 "sha256/AAAAAAAAAAAAAAAAAAAAAA==",
4739 "sha256//////////////////////w=="
4741 "CookiesSessionOnlyForUrls": [
4742 "https://www.example.com",
4745 "SitePerProcess": true,
4746 "RemoteAccessHostFirewallTraversal": false,
4747 "DefaultSearchProviderSuggestURLPostParams": "q={searchTerms},ie=utf-8,oe=utf-8",
4748 "BackgroundModeEnabled": true,
4749 "DefaultJavaScriptSetting": 1,
4750 "ForcedLanguages": [
4753 "ManagedBookmarks": [
4755 "toplevel_name": "My managed bookmarks folder"
4758 "url": "google.com",
4762 "url": "youtube.com",
4768 "url": "chromium.org",
4772 "url": "dev.chromium.org",
4773 "name": "Chromium Developers"
4776 "name": "Chrome links"
4779 "Disable3DAPIs": false,
4780 "CloudPrintSubmitEnabled": true,
4781 "DefaultCookiesSetting": 1,
4782 "ExtensionInstallBlocklist": [
4788 "https://ssl.server.com",
4789 "hosting.com/good_path",
4790 "https://server:8080/path",
4791 ".exact.hostname.com"
4793 "ExplicitlyAllowedNetworkPorts": [
4796 "HomepageIsNewTabPage": true,
4797 "SensorsBlockedForUrls": [
4798 "https://www.example.com",
4801 "BrowserLabsEnabled": false,
4802 "NotificationsAllowedForUrls": [
4803 "https://www.example.com",
4806 "NativeMessagingUserLevelHosts": false,
4807 "AuthNegotiateDelegateAllowlist": "foobar.example.com",
4808 "CloudUserPolicyMerge": true,
4809 "OverrideSecurityRestrictionsOnInsecureOrigin": [
4810 "http://testserver.example.com/",
4813 "HideWebStoreIcon": true,
4814 "SafeBrowsingForTrustedSourcesEnabled": false,
4815 "NewTabPageLocation": "https://www.chromium.org",
4816 "DiskCacheSize": 104857600,
4817 "BrowserSwitcherUseIeSitelist": true,
4818 "WebRtcUdpPortRange": "10000-11999",
4819 "EnterpriseHardwarePlatformAPIEnabled": true,
4820 "AutoOpenAllowedForURLs": [
4822 "https://ssl.server.com",
4823 "hosting.com/good_path",
4824 "https://server:8080/path",
4825 ".exact.hostname.com"
4827 "NativeMessagingAllowlist": [
4828 "com.native.messaging.host.name1",
4829 "com.native.messaging.host.name2"
4831 "DefaultSearchProviderName": "My Intranet Search",
4832 "JavaScriptBlockedForUrls": [
4833 "https://www.example.com",
4836 "EnableExperimentalPolicies": [
4837 "ExtensionInstallAllowlist",
4838 "ExtensionInstallBlocklist"
4840 "SafeBrowsingAllowlistDomains": [
4844 "AutofillAddressEnabled": false,
4845 "AllowCrossOriginAuthPrompt": false,
4846 "SpellcheckLanguage": [
4850 "VideoCaptureAllowed": false,
4851 "ScreenCaptureAllowed": false,
4852 "VideoCaptureAllowedUrls": [
4853 "https://www.example.com/",
4854 "https://[*.]example.edu/"
4856 "ImportHistory": true,
4857 "ShowCastIconInToolbar": false,
4858 "RestoreOnStartupURLs": [
4859 "https://example.com",
4860 "https://www.chromium.org"
4862 "LegacySameSiteCookieBehaviorEnabledForDomainList": [
4866 "PrintingEnabled": true,
4867 "ImportSavedPasswords": true,
4868 "EnableDeprecatedPrivetPrinting": true,
4869 "InsecurePrivateNetworkRequestsAllowed": false,
4871 "PolicyAtomicGroupsEnabled": true,
4872 "HardwareAccelerationModeEnabled": true,
4873 "AllowDeletingBrowserHistory": true,
4874 "DefaultSearchProviderKeyword": "mis",
4875 "ExtensionInstallAllowlist": [
4879 "WebAppInstallForceList": [
4881 "url": "https://www.google.com/maps",
4882 "create_desktop_shortcut": true,
4883 "default_launch_container": "window"
4886 "url": "https://docs.google.com",
4887 "default_launch_container": "tab"
4890 "url": "https://docs.google.com/editor",
4891 "fallback_app_name": "Editor",
4892 "default_launch_container": "window"
4895 "DiskCacheDir": "${user_home}/Chrome_cache",
4896 "SignedHTTPExchangeEnabled": true,
4897 "SearchSuggestEnabled": true,
4898 "BrowserThemeColor": "#FFFFFF",
4899 "RestrictSigninToPattern": ".*@example\\\\.com",
4900 "DefaultInsecureContentSetting": 2,
4901 "DefaultSensorsSetting": 2,
4902 "AudioSandboxEnabled": true,
4903 "RemoteAccessHostAllowRelayedConnection": false,
4904 "RoamingProfileLocation": "${roaming_app_data}\\\\chrome-profile",
4905 "UserAgentClientHintsEnabled": true,
4906 "TargetBlankImpliesNoOpener": false,
4907 "BrowserSwitcherKeepLastChromeTab": false,
4908 "RemoteAccessHostClientDomainList": [
4909 "my-awesome-domain.com",
4910 "my-auxiliary-domain.com"
4912 "NotificationsBlockedForUrls": [
4913 "https://www.example.com",
4916 "SerialBlockedForUrls": [
4917 "https://www.example.com",
4920 "DefaultImagesSetting": 1,
4921 "SigninInterceptionEnabled": true,
4922 "WebUsbBlockedForUrls": [
4923 "https://www.example.com",
4926 "ImportAutofillFormData": true,
4927 "BrowserSwitcherEnabled": true
4931 chromium_json_expected_recommended
= \
4934 "BackgroundModeEnabled": true,
4935 "RestoreOnStartup": 4,
4936 "RegisteredProtocolHandlers": [
4939 "url": "https://mail.google.com/mail/?extsrc=mailto&url=%s",
4940 "protocol": "mailto"
4943 "ShowHomeButton": true,
4944 "PrintHeaderFooter": false,
4945 "SafeBrowsingForTrustedSourcesEnabled": false,
4946 "ShowFullUrlsInAddressBar": false,
4947 "MetricsReportingEnabled": true,
4948 "SpellCheckServiceEnabled": false,
4949 "ImportSearchEngine": true,
4950 "DownloadRestrictions": 2,
4951 "NetworkPredictionOptions": 1,
4952 "DownloadDirectory": "/home/${user_name}/Downloads",
4953 "TranslateEnabled": true,
4954 "AutofillAddressEnabled": false,
4955 "BookmarkBarEnabled": true,
4956 "PrintPreviewUseSystemDefaultPrinter": false,
4957 "ApplicationLocaleValue": "en",
4958 "ImportHistory": true,
4959 "RestoreOnStartupURLs": [
4960 "https://example.com",
4961 "https://www.chromium.org"
4963 "PasswordManagerEnabled": true,
4964 "ImportSavedPasswords": true,
4965 "DefaultDownloadDirectory": "/home/${user_name}/Downloads",
4966 "PasswordLeakDetectionEnabled": true,
4967 "SearchSuggestEnabled": true,
4968 "AlternateErrorPagesEnabled": true,
4969 "HomepageIsNewTabPage": true,
4970 "ImportAutofillFormData": true,
4971 "BlockThirdPartyCookies": false,
4972 "AutofillCreditCardEnabled": false,
4973 "HomepageLocation": "https://www.chromium.org",
4974 "SafeBrowsingProtectionLevel": 2,
4975 "ImportBookmarks": true
4979 firewalld_reg_pol
= \
4981 <?xml version="1.0" encoding="utf-8"?>
4982 <PolFile num_entries="6" signature="PReg" version="1">
4983 <Entry type="4" type_name="REG_DWORD">
4984 <Key>Software\Policies\Samba\Unix Settings\Firewalld</Key>
4985 <ValueName>Zones</ValueName>
4988 <Entry type="4" type_name="REG_DWORD">
4989 <Key>Software\Policies\Samba\Unix Settings\Firewalld</Key>
4990 <ValueName>Rules</ValueName>
4993 <Entry type="1" type_name="REG_SZ">
4994 <Key>Software\Policies\Samba\Unix Settings\Firewalld\Rules</Key>
4995 <ValueName>Rules</ValueName>
4996 <Value>{"work": [{"rule": {"family": "ipv4"}, "source address": "172.25.1.7", "service name": "ftp", "reject": {}}]}</Value>
4998 <Entry type="1" type_name="REG_SZ">
4999 <Key>Software\Policies\Samba\Unix Settings\Firewalld\Zones</Key>
5000 <ValueName>**delvals.</ValueName>
5003 <Entry type="1" type_name="REG_SZ">
5004 <Key>Software\Policies\Samba\Unix Settings\Firewalld\Zones</Key>
5005 <ValueName>work</ValueName>
5008 <Entry type="1" type_name="REG_SZ">
5009 <Key>Software\Policies\Samba\Unix Settings\Firewalld\Zones</Key>
5010 <ValueName>home</ValueName>
5016 def days2rel_nttime(val
):
5021 return -(val
* seconds
* minutes
* hours
* sam_add
)
5023 def gpupdate(lp
, arg
):
5024 gpupdate
= lp
.get('gpo update command')
5025 gpupdate
.append(arg
)
5027 p
= Popen(gpupdate
, stdout
=PIPE
, stderr
=PIPE
)
5028 stdoutdata
, stderrdata
= p
.communicate()
5032 def gpupdate_force(lp
):
5033 return gpupdate(lp
, '--force')
5035 def gpupdate_unapply(lp
):
5036 return gpupdate(lp
, '--unapply')
5039 return gpupdate(lp
, '--rsop')
5041 def stage_file(path
, data
):
5042 dirname
= os
.path
.dirname(path
)
5043 if not os
.path
.exists(dirname
):
5045 os
.makedirs(dirname
)
5046 except OSError as e
:
5047 if not (e
.errno
== errno
.EEXIST
and os
.path
.isdir(dirname
)):
5049 if os
.path
.exists(path
):
5050 os
.rename(path
, '%s.bak' % path
)
5051 with
NamedTemporaryFile(delete
=False, dir=os
.path
.dirname(path
)) as f
:
5052 f
.write(get_bytes(data
))
5053 os
.rename(f
.name
, path
)
5054 os
.chmod(path
, 0o644)
5057 def unstage_file(path
):
5058 backup
= '%s.bak' % path
5059 if os
.path
.exists(backup
):
5060 os
.rename(backup
, path
)
5061 elif os
.path
.exists(path
):
5064 class GPOTests(tests
.TestCase
):
5066 super(GPOTests
, self
).setUp()
5067 self
.server
= os
.environ
["SERVER"]
5068 self
.dc_account
= self
.server
.upper() + '$'
5069 self
.lp
= s3param
.get_context()
5070 self
.lp
.load_default()
5071 self
.creds
= self
.insta_creds(template
=self
.get_credentials())
5074 super(GPOTests
, self
).tearDown()
5076 def test_gpo_list(self
):
5077 global poldir
, dspath
5078 gpos
= get_gpo_list(self
.server
, self
.creds
, self
.lp
,
5079 self
.creds
.get_username())
5080 guid
= '{31B2F340-016D-11D2-945F-00C04FB984F9}'
5081 names
= ['Local Policy', guid
]
5082 file_sys_paths
= [None, '%s\\%s' % (poldir
, guid
)]
5083 ds_paths
= [None, 'CN=%s,%s' % (guid
, dspath
)]
5084 for i
in range(0, len(gpos
)):
5085 self
.assertEqual(gpos
[i
].name
, names
[i
],
5086 'The gpo name did not match expected name %s' % gpos
[i
].name
)
5087 self
.assertEqual(gpos
[i
].file_sys_path
, file_sys_paths
[i
],
5088 'file_sys_path did not match expected %s' % gpos
[i
].file_sys_path
)
5089 self
.assertEqual(gpos
[i
].ds_path
, ds_paths
[i
],
5090 'ds_path did not match expected %s' % gpos
[i
].ds_path
)
5092 def test_gpt_version(self
):
5094 local_path
= self
.lp
.cache_path('gpo_cache')
5095 guid
= '{31B2F340-016D-11D2-945F-00C04FB984F9}'
5096 gpo_path
= os
.path
.join(local_path
, policies
, guid
)
5097 old_vers
= gpo
.gpo_get_sysvol_gpt_version(gpo_path
)[1]
5099 with
open(os
.path
.join(gpo_path
, 'GPT.INI'), 'w') as gpt
:
5100 gpt
.write(gpt_data
% 42)
5101 self
.assertEqual(gpo
.gpo_get_sysvol_gpt_version(gpo_path
)[1], 42,
5102 'gpo_get_sysvol_gpt_version() did not return the expected version')
5104 with
open(os
.path
.join(gpo_path
, 'GPT.INI'), 'w') as gpt
:
5105 gpt
.write(gpt_data
% old_vers
)
5106 self
.assertEqual(gpo
.gpo_get_sysvol_gpt_version(gpo_path
)[1], old_vers
,
5107 'gpo_get_sysvol_gpt_version() did not return the expected version')
5109 def test_check_refresh_gpo_list(self
):
5110 cache
= self
.lp
.cache_path('gpo_cache')
5111 gpos
= get_gpo_list(self
.server
, self
.creds
, self
.lp
,
5112 self
.creds
.get_username())
5113 check_refresh_gpo_list(self
.server
, self
.lp
, self
.creds
, gpos
)
5115 self
.assertTrue(os
.path
.exists(cache
),
5116 'GPO cache %s was not created' % cache
)
5118 guid
= '{31B2F340-016D-11D2-945F-00C04FB984F9}'
5119 gpt_ini
= os
.path
.join(cache
, policies
,
5121 self
.assertTrue(os
.path
.exists(gpt_ini
),
5122 'GPT.INI was not cached for %s' % guid
)
5124 def test_check_refresh_gpo_list_malicious_paths(self
):
5125 # the path cannot contain ..
5126 path
= '/usr/local/samba/var/locks/sysvol/../../../../../../root/'
5127 self
.assertRaises(OSError, check_safe_path
, path
)
5129 self
.assertEqual(check_safe_path('/etc/passwd'), 'etc/passwd')
5130 self
.assertEqual(check_safe_path('\\\\etc/\\passwd'), 'etc/passwd')
5132 # there should be no backslashes used to delineate paths
5133 before
= 'sysvol/' + realm
+ '\\Policies/' \
5134 '{31B2F340-016D-11D2-945F-00C04FB984F9}\\GPT.INI'
5135 after
= realm
+ '/Policies/' \
5136 '{31B2F340-016D-11D2-945F-00C04FB984F9}/GPT.INI'
5137 result
= check_safe_path(before
)
5138 self
.assertEqual(result
, after
, 'check_safe_path() didn\'t'
5139 ' correctly convert \\ to /')
5141 def test_check_safe_path_typesafe_name(self
):
5142 path
= '\\\\toady.suse.de\\SysVol\\toady.suse.de\\Policies\\' \
5143 '{31B2F340-016D-11D2-945F-00C04FB984F9}\\GPT.INI'
5144 expected_path
= 'toady.suse.de/Policies/' \
5145 '{31B2F340-016D-11D2-945F-00C04FB984F9}/GPT.INI'
5147 result
= check_safe_path(path
)
5148 self
.assertEqual(result
, expected_path
,
5149 'check_safe_path unable to detect variable case sysvol components')
5151 def test_gpt_ext_register(self
):
5152 this_path
= os
.path
.dirname(os
.path
.realpath(__file__
))
5153 samba_path
= os
.path
.realpath(os
.path
.join(this_path
, '../../../'))
5154 ext_path
= os
.path
.join(samba_path
, 'python/samba/gp/gp_sec_ext.py')
5155 ext_guid
= '{827D319E-6EAC-11D2-A4EA-00C04F79F83A}'
5156 ret
= register_gp_extension(ext_guid
, 'gp_access_ext', ext_path
,
5157 smb_conf
=self
.lp
.configfile
,
5158 machine
=True, user
=False)
5159 self
.assertTrue(ret
, 'Failed to register a gp ext')
5160 gp_exts
= list_gp_extensions(self
.lp
.configfile
)
5161 self
.assertTrue(ext_guid
in gp_exts
.keys(),
5162 'Failed to list gp exts')
5163 self
.assertEqual(gp_exts
[ext_guid
]['DllName'], ext_path
,
5164 'Failed to list gp exts')
5166 unregister_gp_extension(ext_guid
)
5167 gp_exts
= list_gp_extensions(self
.lp
.configfile
)
5168 self
.assertTrue(ext_guid
not in gp_exts
.keys(),
5169 'Failed to unregister gp exts')
5171 self
.assertTrue(check_guid(ext_guid
), 'Failed to parse valid guid')
5172 self
.assertFalse(check_guid('AAAAAABBBBBBBCCC'), 'Parsed invalid guid')
5174 lp
, parser
= parse_gpext_conf(self
.lp
.configfile
)
5175 self
.assertTrue(lp
and parser
, 'parse_gpext_conf() invalid return')
5176 parser
.add_section('test_section')
5177 parser
.set('test_section', 'test_var', ext_guid
)
5178 atomic_write_conf(lp
, parser
)
5180 lp
, parser
= parse_gpext_conf(self
.lp
.configfile
)
5181 self
.assertTrue('test_section' in parser
.sections(),
5182 'test_section not found in gpext.conf')
5183 self
.assertEqual(parser
.get('test_section', 'test_var'), ext_guid
,
5184 'Failed to find test variable in gpext.conf')
5185 parser
.remove_section('test_section')
5186 atomic_write_conf(lp
, parser
)
5188 def test_gp_log_get_applied(self
):
5189 local_path
= self
.lp
.get('path', 'sysvol')
5190 guids
= ['{31B2F340-016D-11D2-945F-00C04FB984F9}',
5191 '{6AC1786C-016F-11D2-945F-00C04FB984F9}']
5192 gpofile
= '%s/' + realm
+ '/Policies/%s/MACHINE/Microsoft/' \
5193 'Windows NT/SecEdit/GptTmpl.inf'
5194 stage
= '[System Access]\nMinimumPasswordAge = 998\n'
5195 cache_dir
= self
.lp
.get('cache directory')
5196 store
= GPOStorage(os
.path
.join(cache_dir
, 'gpo.tdb'))
5198 gpttmpl
= gpofile
% (local_path
, guid
)
5199 ret
= stage_file(gpttmpl
, stage
)
5200 self
.assertTrue(ret
, 'Could not create the target %s' % gpttmpl
)
5202 ret
= gpupdate_force(self
.lp
)
5203 self
.assertEqual(ret
, 0, 'gpupdate force failed')
5205 gp_db
= store
.get_gplog(self
.dc_account
)
5207 applied_guids
= gp_db
.get_applied_guids()
5208 self
.assertEqual(len(applied_guids
), 2, 'The guids were not found')
5209 self
.assertIn(guids
[0], applied_guids
,
5210 '%s not in applied guids' % guids
[0])
5211 self
.assertIn(guids
[1], applied_guids
,
5212 '%s not in applied guids' % guids
[1])
5214 applied_settings
= gp_db
.get_applied_settings(applied_guids
)
5215 for policy
in applied_settings
:
5216 self
.assertIn('System Access', policy
[1],
5217 'System Access policies not set')
5218 self
.assertIn('minPwdAge', policy
[1]['System Access'],
5219 'minPwdAge policy not set')
5220 if policy
[0] == guids
[0]:
5221 self
.assertEqual(int(policy
[1]['System Access']['minPwdAge']),
5223 'minPwdAge policy not set')
5224 elif policy
[0] == guids
[1]:
5225 self
.assertEqual(int(policy
[1]['System Access']['minPwdAge']),
5226 days2rel_nttime(998),
5227 'minPwdAge policy not set')
5229 gpos
= get_gpo_list(self
.server
, self
.creds
, self
.lp
,
5231 del_gpos
= get_deleted_gpos_list(gp_db
, gpos
[:-1])
5232 self
.assertEqual(len(del_gpos
), 1, 'Returned delete gpos is incorrect')
5233 self
.assertEqual(guids
[-1], del_gpos
[0][0],
5234 'GUID for delete gpo is incorrect')
5235 self
.assertIn('System Access', del_gpos
[0][1],
5236 'System Access policies not set for removal')
5237 self
.assertIn('minPwdAge', del_gpos
[0][1]['System Access'],
5238 'minPwdAge policy not set for removal')
5241 gpttmpl
= gpofile
% (local_path
, guid
)
5242 unstage_file(gpttmpl
)
5244 ret
= gpupdate_unapply(self
.lp
)
5245 self
.assertEqual(ret
, 0, 'gpupdate unapply failed')
5247 def test_process_group_policy(self
):
5248 local_path
= self
.lp
.cache_path('gpo_cache')
5249 guids
= ['{31B2F340-016D-11D2-945F-00C04FB984F9}',
5250 '{6AC1786C-016F-11D2-945F-00C04FB984F9}']
5251 gpofile
= '%s/' + policies
+ '/%s/MACHINE/MICROSOFT/' \
5252 'WINDOWS NT/SECEDIT/GPTTMPL.INF'
5253 cache_dir
= self
.lp
.get('cache directory')
5254 store
= GPOStorage(os
.path
.join(cache_dir
, 'gpo.tdb'))
5256 machine_creds
= Credentials()
5257 machine_creds
.guess(self
.lp
)
5258 machine_creds
.set_machine_account()
5260 # Initialize the group policy extension
5261 ext
= gp_krb_ext(self
.lp
, machine_creds
,
5262 machine_creds
.get_username(), store
)
5264 gpos
= get_gpo_list(self
.server
, machine_creds
, self
.lp
,
5265 machine_creds
.get_username())
5267 # Include MaxClockSkew to ensure we don't fail on a key we ignore
5268 stage
= '[Kerberos Policy]\nMaxTicketAge = %d\nMaxClockSkew = 5'
5270 for i
in range(0, 2):
5271 gpttmpl
= gpofile
% (local_path
, guids
[i
])
5272 ret
= stage_file(gpttmpl
, stage
% opts
[i
])
5273 self
.assertTrue(ret
, 'Could not create the target %s' % gpttmpl
)
5276 ext
.process_group_policy([], gpos
)
5278 ret
= store
.get_int('kdc:user_ticket_lifetime')
5279 self
.assertEqual(ret
, opts
[1], 'Higher priority policy was not set')
5282 gp_db
= store
.get_gplog(machine_creds
.get_username())
5283 del_gpos
= get_deleted_gpos_list(gp_db
, [])
5284 ext
.process_group_policy(del_gpos
, [])
5286 ret
= store
.get_int('kdc:user_ticket_lifetime')
5287 self
.assertEqual(ret
, None, 'MaxTicketAge should not have applied')
5289 # Process just the first gpo
5290 ext
.process_group_policy([], gpos
[:-1])
5292 ret
= store
.get_int('kdc:user_ticket_lifetime')
5293 self
.assertEqual(ret
, opts
[0], 'Lower priority policy was not set')
5296 ext
.process_group_policy(del_gpos
, [])
5299 gpttmpl
= gpofile
% (local_path
, guid
)
5300 unstage_file(gpttmpl
)
5302 def test_gp_scripts(self
):
5303 local_path
= self
.lp
.cache_path('gpo_cache')
5304 guid
= '{31B2F340-016D-11D2-945F-00C04FB984F9}'
5305 reg_pol
= os
.path
.join(local_path
, policies
, guid
,
5306 'MACHINE/REGISTRY.POL')
5307 cache_dir
= self
.lp
.get('cache directory')
5308 store
= GPOStorage(os
.path
.join(cache_dir
, 'gpo.tdb'))
5310 machine_creds
= Credentials()
5311 machine_creds
.guess(self
.lp
)
5312 machine_creds
.set_machine_account()
5314 # Initialize the group policy extension
5315 ext
= gp_scripts_ext(self
.lp
, machine_creds
,
5316 machine_creds
.get_username(), store
)
5318 gpos
= get_gpo_list(self
.server
, machine_creds
, self
.lp
,
5319 machine_creds
.get_username())
5321 reg_key
= b
'Software\\Policies\\Samba\\Unix Settings'
5322 sections
= { b
'%s\\Daily Scripts' % reg_key
: '.cron.daily',
5323 b
'%s\\Monthly Scripts' % reg_key
: '.cron.monthly',
5324 b
'%s\\Weekly Scripts' % reg_key
: '.cron.weekly',
5325 b
'%s\\Hourly Scripts' % reg_key
: '.cron.hourly' }
5326 for keyname
in sections
.keys():
5327 # Stage the Registry.pol file with test data
5331 e
.valuename
= b
'Software\\Policies\\Samba\\Unix Settings'
5333 e
.data
= b
'echo hello world'
5334 stage
.num_entries
= 1
5336 ret
= stage_file(reg_pol
, ndr_pack(stage
))
5337 self
.assertTrue(ret
, 'Could not create the target %s' % reg_pol
)
5339 # Process all gpos, with temp output directory
5340 with
TemporaryDirectory(sections
[keyname
]) as dname
:
5341 ext
.process_group_policy([], gpos
, dname
)
5342 scripts
= os
.listdir(dname
)
5343 self
.assertEqual(len(scripts
), 1,
5344 'The %s script was not created' % keyname
.decode())
5345 out
, _
= Popen([os
.path
.join(dname
, scripts
[0])], stdout
=PIPE
).communicate()
5346 self
.assertIn(b
'hello world', out
,
5347 '%s script execution failed' % keyname
.decode())
5349 # Check that a call to gpupdate --rsop also succeeds
5351 self
.assertEqual(ret
, 0, 'gpupdate --rsop failed!')
5354 gp_db
= store
.get_gplog(machine_creds
.get_username())
5355 del_gpos
= get_deleted_gpos_list(gp_db
, [])
5356 ext
.process_group_policy(del_gpos
, [])
5357 self
.assertEqual(len(os
.listdir(dname
)), 0,
5358 'Unapply failed to cleanup scripts')
5360 # Unstage the Registry.pol file
5361 unstage_file(reg_pol
)
5363 def test_gp_sudoers(self
):
5364 local_path
= self
.lp
.cache_path('gpo_cache')
5365 guid
= '{31B2F340-016D-11D2-945F-00C04FB984F9}'
5366 reg_pol
= os
.path
.join(local_path
, policies
, guid
,
5367 'MACHINE/REGISTRY.POL')
5368 cache_dir
= self
.lp
.get('cache directory')
5369 store
= GPOStorage(os
.path
.join(cache_dir
, 'gpo.tdb'))
5371 machine_creds
= Credentials()
5372 machine_creds
.guess(self
.lp
)
5373 machine_creds
.set_machine_account()
5375 # Initialize the group policy extension
5376 ext
= gp_sudoers_ext(self
.lp
, machine_creds
,
5377 machine_creds
.get_username(), store
)
5379 gpos
= get_gpo_list(self
.server
, machine_creds
, self
.lp
,
5380 machine_creds
.get_username())
5382 # Stage the Registry.pol file with test data
5385 e
.keyname
= b
'Software\\Policies\\Samba\\Unix Settings\\Sudo Rights'
5386 e
.valuename
= b
'Software\\Policies\\Samba\\Unix Settings'
5388 e
.data
= b
'fakeu ALL=(ALL) NOPASSWD: ALL'
5389 stage
.num_entries
= 1
5391 ret
= stage_file(reg_pol
, ndr_pack(stage
))
5392 self
.assertTrue(ret
, 'Could not create the target %s' % reg_pol
)
5394 # Process all gpos, with temp output directory
5395 with
TemporaryDirectory() as dname
:
5396 ext
.process_group_policy([], gpos
, dname
)
5397 sudoers
= os
.listdir(dname
)
5398 self
.assertEqual(len(sudoers
), 1, 'The sudoer file was not created')
5399 self
.assertIn(e
.data
,
5400 open(os
.path
.join(dname
, sudoers
[0]), 'r').read(),
5401 'The sudoers entry was not applied')
5403 # Check that a call to gpupdate --rsop also succeeds
5405 self
.assertEqual(ret
, 0, 'gpupdate --rsop failed!')
5408 gp_db
= store
.get_gplog(machine_creds
.get_username())
5409 del_gpos
= get_deleted_gpos_list(gp_db
, [])
5410 ext
.process_group_policy(del_gpos
, [])
5411 self
.assertEqual(len(os
.listdir(dname
)), 0,
5412 'Unapply failed to cleanup scripts')
5414 # Unstage the Registry.pol file
5415 unstage_file(reg_pol
)
5417 def test_vgp_sudoers(self
):
5418 local_path
= self
.lp
.cache_path('gpo_cache')
5419 guid
= '{31B2F340-016D-11D2-945F-00C04FB984F9}'
5420 manifest
= os
.path
.join(local_path
, policies
, guid
, 'MACHINE',
5421 'VGP/VTLA/SUDO/SUDOERSCONFIGURATION/MANIFEST.XML')
5422 cache_dir
= self
.lp
.get('cache directory')
5423 store
= GPOStorage(os
.path
.join(cache_dir
, 'gpo.tdb'))
5425 machine_creds
= Credentials()
5426 machine_creds
.guess(self
.lp
)
5427 machine_creds
.set_machine_account()
5429 # Initialize the group policy extension
5430 ext
= vgp_sudoers_ext(self
.lp
, machine_creds
,
5431 machine_creds
.get_username(), store
)
5433 gpos
= get_gpo_list(self
.server
, machine_creds
, self
.lp
,
5434 machine_creds
.get_username())
5436 # Stage the manifest.xml file with test data
5437 stage
= etree
.Element('vgppolicy')
5438 policysetting
= etree
.Element('policysetting')
5439 stage
.append(policysetting
)
5440 version
= etree
.Element('version')
5442 policysetting
.append(version
)
5443 data
= etree
.Element('data')
5444 sudoers_entry
= etree
.Element('sudoers_entry')
5445 command
= etree
.Element('command')
5446 command
.text
= 'ALL'
5447 sudoers_entry
.append(command
)
5448 user
= etree
.Element('user')
5450 sudoers_entry
.append(user
)
5451 principal_list
= etree
.Element('listelement')
5452 principal
= etree
.Element('principal')
5453 principal
.text
= 'fakeu'
5454 principal
.attrib
['type'] = 'user'
5455 group
= etree
.Element('principal')
5456 group
.text
= 'fakeg'
5457 group
.attrib
['type'] = 'group'
5458 principal_list
.append(principal
)
5459 principal_list
.append(group
)
5460 sudoers_entry
.append(principal_list
)
5461 data
.append(sudoers_entry
)
5462 # Ensure an empty principal doesn't cause a crash
5463 sudoers_entry
= etree
.SubElement(data
, 'sudoers_entry')
5464 command
= etree
.SubElement(sudoers_entry
, 'command')
5465 command
.text
= 'ALL'
5466 user
= etree
.SubElement(sudoers_entry
, 'user')
5468 # Ensure having dispersed principals still works
5469 sudoers_entry
= etree
.SubElement(data
, 'sudoers_entry')
5470 command
= etree
.SubElement(sudoers_entry
, 'command')
5471 command
.text
= 'ALL'
5472 user
= etree
.SubElement(sudoers_entry
, 'user')
5474 listelement
= etree
.SubElement(sudoers_entry
, 'listelement')
5475 principal
= etree
.SubElement(listelement
, 'principal')
5476 principal
.text
= 'fakeu2'
5477 principal
.attrib
['type'] = 'user'
5478 listelement
= etree
.SubElement(sudoers_entry
, 'listelement')
5479 group
= etree
.SubElement(listelement
, 'principal')
5480 group
.text
= 'fakeg2'
5481 group
.attrib
['type'] = 'group'
5482 policysetting
.append(data
)
5483 ret
= stage_file(manifest
, etree
.tostring(stage
))
5484 self
.assertTrue(ret
, 'Could not create the target %s' % manifest
)
5486 # Process all gpos, with temp output directory
5487 data
= 'fakeu,fakeg% ALL=(ALL) NOPASSWD: ALL'
5488 data2
= 'fakeu2,fakeg2% ALL=(ALL) NOPASSWD: ALL'
5489 data_no_principal
= 'ALL ALL=(ALL) NOPASSWD: ALL'
5490 with
TemporaryDirectory() as dname
:
5491 ext
.process_group_policy([], gpos
, dname
)
5492 sudoers
= os
.listdir(dname
)
5493 self
.assertEqual(len(sudoers
), 3, 'The sudoer file was not created')
5494 output
= open(os
.path
.join(dname
, sudoers
[0]), 'r').read() + \
5495 open(os
.path
.join(dname
, sudoers
[1]), 'r').read() + \
5496 open(os
.path
.join(dname
, sudoers
[2]), 'r').read()
5497 self
.assertIn(data
, output
,
5498 'The sudoers entry was not applied')
5499 self
.assertIn(data2
, output
,
5500 'The sudoers entry was not applied')
5501 self
.assertIn(data_no_principal
, output
,
5502 'The sudoers entry was not applied')
5504 # Check that a call to gpupdate --rsop also succeeds
5506 self
.assertEqual(ret
, 0, 'gpupdate --rsop failed!')
5509 gp_db
= store
.get_gplog(machine_creds
.get_username())
5510 del_gpos
= get_deleted_gpos_list(gp_db
, [])
5511 ext
.process_group_policy(del_gpos
, [])
5512 self
.assertEqual(len(os
.listdir(dname
)), 0,
5513 'Unapply failed to cleanup scripts')
5515 # Unstage the Registry.pol file
5516 unstage_file(manifest
)
5518 def test_gp_inf_ext_utf(self
):
5519 cache_dir
= self
.lp
.get('cache directory')
5520 store
= GPOStorage(os
.path
.join(cache_dir
, 'gpo.tdb'))
5522 machine_creds
= Credentials()
5523 machine_creds
.guess(self
.lp
)
5524 machine_creds
.set_machine_account()
5526 ext
= gp_inf_ext(self
.lp
, machine_creds
,
5527 machine_creds
.get_username(), store
)
5528 test_data
= '[Kerberos Policy]\nMaxTicketAge = 99\n'
5530 with
NamedTemporaryFile() as f
:
5531 with codecs
.open(f
.name
, 'w', 'utf-16') as w
:
5534 inf_conf
= ext
.read(f
.name
)
5535 except UnicodeDecodeError:
5536 self
.fail('Failed to parse utf-16')
5537 self
.assertIn('Kerberos Policy', inf_conf
.keys(),
5538 'Kerberos Policy was not read from the file')
5539 self
.assertEqual(inf_conf
.get('Kerberos Policy', 'MaxTicketAge'),
5540 '99', 'MaxTicketAge was not read from the file')
5542 with
NamedTemporaryFile() as f
:
5543 with codecs
.open(f
.name
, 'w', 'utf-8') as w
:
5545 inf_conf
= ext
.read(f
.name
)
5546 self
.assertIn('Kerberos Policy', inf_conf
.keys(),
5547 'Kerberos Policy was not read from the file')
5548 self
.assertEqual(inf_conf
.get('Kerberos Policy', 'MaxTicketAge'),
5549 '99', 'MaxTicketAge was not read from the file')
5551 def test_rsop(self
):
5552 cache_dir
= self
.lp
.get('cache directory')
5553 local_path
= self
.lp
.cache_path('gpo_cache')
5554 store
= GPOStorage(os
.path
.join(cache_dir
, 'gpo.tdb'))
5556 machine_creds
= Credentials()
5557 machine_creds
.guess(self
.lp
)
5558 machine_creds
.set_machine_account()
5560 gpos
= get_gpo_list(self
.server
, machine_creds
, self
.lp
,
5561 machine_creds
.get_username())
5564 gp_extensions
.append(gp_krb_ext
)
5565 gp_extensions
.append(gp_scripts_ext
)
5566 gp_extensions
.append(gp_sudoers_ext
)
5567 gp_extensions
.append(gp_smb_conf_ext
)
5568 gp_extensions
.append(gp_msgs_ext
)
5570 # Create registry stage data
5571 reg_pol
= os
.path
.join(local_path
, policies
, '%s/MACHINE/REGISTRY.POL')
5572 reg_stage
= preg
.file()
5574 e
.keyname
= b
'Software\\Policies\\Samba\\Unix Settings\\Daily Scripts'
5575 e
.valuename
= b
'Software\\Policies\\Samba\\Unix Settings'
5577 e
.data
= b
'echo hello world'
5579 e2
.keyname
= b
'Software\\Policies\\Samba\\Unix Settings\\Sudo Rights'
5580 e2
.valuename
= b
'Software\\Policies\\Samba\\Unix Settings'
5582 e2
.data
= b
'fakeu ALL=(ALL) NOPASSWD: ALL'
5584 e3
.keyname
= 'Software\\Policies\\Samba\\smb_conf\\apply group policies'
5587 e3
.valuename
= 'apply group policies'
5589 e4
.keyname
= b
'Software\\Policies\\Samba\\Unix Settings\\Messages'
5590 e4
.valuename
= b
'issue'
5592 e4
.data
= b
'Welcome to \\s \\r \\l'
5593 reg_stage
.num_entries
= 4
5594 reg_stage
.entries
= [e
, e2
, e3
, e4
]
5596 # Create krb stage date
5597 gpofile
= os
.path
.join(local_path
, policies
, '%s/MACHINE/MICROSOFT/' \
5598 'WINDOWS NT/SECEDIT/GPTTMPL.INF')
5599 krb_stage
= '[Kerberos Policy]\nMaxTicketAge = 99\n' \
5600 '[System Access]\nMinimumPasswordAge = 998\n'
5602 for g
in [g
for g
in gpos
if g
.file_sys_path
]:
5603 ret
= stage_file(gpofile
% g
.name
, krb_stage
)
5604 self
.assertTrue(ret
, 'Could not create the target %s' %
5606 ret
= stage_file(reg_pol
% g
.name
, ndr_pack(reg_stage
))
5607 self
.assertTrue(ret
, 'Could not create the target %s' %
5609 for ext
in gp_extensions
:
5610 ext
= ext(self
.lp
, machine_creds
,
5611 machine_creds
.get_username(), store
)
5613 self
.assertEqual(len(ret
.keys()), 1,
5614 'A single policy should have been displayed')
5616 # Check the Security Extension
5617 if type(ext
) == gp_krb_ext
:
5618 self
.assertIn('Kerberos Policy', ret
.keys(),
5619 'Kerberos Policy not found')
5620 self
.assertIn('MaxTicketAge', ret
['Kerberos Policy'],
5621 'MaxTicketAge setting not found')
5622 self
.assertEqual(ret
['Kerberos Policy']['MaxTicketAge'], '99',
5623 'MaxTicketAge was not set to 99')
5624 # Check the Scripts Extension
5625 elif type(ext
) == gp_scripts_ext
:
5626 self
.assertIn('Daily Scripts', ret
.keys(),
5627 'Daily Scripts not found')
5628 self
.assertIn('echo hello world', ret
['Daily Scripts'],
5629 'Daily script was not created')
5630 # Check the Sudoers Extension
5631 elif type(ext
) == gp_sudoers_ext
:
5632 self
.assertIn('Sudo Rights', ret
.keys(),
5633 'Sudoers not found')
5634 self
.assertIn('fakeu ALL=(ALL) NOPASSWD: ALL',
5636 'Sudoers policy not created')
5637 # Check the smb.conf Extension
5638 elif type(ext
) == gp_smb_conf_ext
:
5639 self
.assertIn('smb.conf', ret
.keys(),
5640 'apply group policies was not applied')
5641 self
.assertIn(e3
.valuename
, ret
['smb.conf'],
5642 'apply group policies was not applied')
5643 self
.assertEqual(ret
['smb.conf'][e3
.valuename
], e3
.data
,
5644 'apply group policies was not set')
5645 # Check the Messages Extension
5646 elif type(ext
) == gp_msgs_ext
:
5647 self
.assertIn('/etc/issue', ret
,
5648 'Login Prompt Message not applied')
5649 self
.assertEqual(ret
['/etc/issue'], e4
.data
,
5650 'Login Prompt Message not set')
5652 # Check that a call to gpupdate --rsop also succeeds
5654 self
.assertEqual(ret
, 0, 'gpupdate --rsop failed!')
5656 unstage_file(gpofile
% g
.name
)
5657 unstage_file(reg_pol
% g
.name
)
5659 def test_gp_unapply(self
):
5660 cache_dir
= self
.lp
.get('cache directory')
5661 local_path
= self
.lp
.cache_path('gpo_cache')
5662 guid
= '{31B2F340-016D-11D2-945F-00C04FB984F9}'
5663 store
= GPOStorage(os
.path
.join(cache_dir
, 'gpo.tdb'))
5665 machine_creds
= Credentials()
5666 machine_creds
.guess(self
.lp
)
5667 machine_creds
.set_machine_account()
5669 gpos
= get_gpo_list(self
.server
, machine_creds
, self
.lp
,
5670 machine_creds
.get_username())
5673 gp_extensions
.append(gp_krb_ext
)
5674 gp_extensions
.append(gp_scripts_ext
)
5675 gp_extensions
.append(gp_sudoers_ext
)
5677 # Create registry stage data
5678 reg_pol
= os
.path
.join(local_path
, policies
, '%s/MACHINE/REGISTRY.POL')
5679 reg_stage
= preg
.file()
5681 e
.keyname
= b
'Software\\Policies\\Samba\\Unix Settings\\Daily Scripts'
5682 e
.valuename
= b
'Software\\Policies\\Samba\\Unix Settings'
5684 e
.data
= b
'echo hello world'
5686 e2
.keyname
= b
'Software\\Policies\\Samba\\Unix Settings\\Sudo Rights'
5687 e2
.valuename
= b
'Software\\Policies\\Samba\\Unix Settings'
5689 e2
.data
= b
'fakeu ALL=(ALL) NOPASSWD: ALL'
5690 reg_stage
.num_entries
= 2
5691 reg_stage
.entries
= [e
, e2
]
5693 # Create krb stage date
5694 gpofile
= os
.path
.join(local_path
, policies
, '%s/MACHINE/MICROSOFT/' \
5695 'WINDOWS NT/SECEDIT/GPTTMPL.INF')
5696 krb_stage
= '[Kerberos Policy]\nMaxTicketAge = 99\n'
5698 ret
= stage_file(gpofile
% guid
, krb_stage
)
5699 self
.assertTrue(ret
, 'Could not create the target %s' %
5701 ret
= stage_file(reg_pol
% guid
, ndr_pack(reg_stage
))
5702 self
.assertTrue(ret
, 'Could not create the target %s' %
5705 # Process all gpos, with temp output directory
5707 with
TemporaryDirectory() as dname
:
5708 for ext
in gp_extensions
:
5709 ext
= ext(self
.lp
, machine_creds
,
5710 machine_creds
.get_username(), store
)
5711 if type(ext
) == gp_krb_ext
:
5712 ext
.process_group_policy([], gpos
)
5713 ret
= store
.get_int('kdc:user_ticket_lifetime')
5714 self
.assertEqual(ret
, 99, 'Kerberos policy was not set')
5715 elif type(ext
) in [gp_scripts_ext
, gp_sudoers_ext
]:
5716 ext
.process_group_policy([], gpos
, dname
)
5717 gp_db
= store
.get_gplog(machine_creds
.get_username())
5718 applied_settings
= gp_db
.get_applied_settings([guid
])
5719 for _
, fname
in applied_settings
[-1][-1][str(ext
)].items():
5720 fname
= fname
.split(':')[-1]
5721 self
.assertIn(dname
, fname
,
5722 'Test file not created in tmp dir')
5723 self
.assertTrue(os
.path
.exists(fname
),
5724 'Test file not created')
5725 remove
.append(fname
)
5727 # Unapply policy, and ensure policies are removed
5728 gpupdate_unapply(self
.lp
)
5730 for fname
in remove
:
5731 self
.assertFalse(os
.path
.exists(fname
),
5732 'Unapply did not remove test file')
5733 ret
= store
.get_int('kdc:user_ticket_lifetime')
5734 self
.assertNotEqual(ret
, 99, 'Kerberos policy was not unapplied')
5736 unstage_file(gpofile
% guid
)
5737 unstage_file(reg_pol
% guid
)
5739 def test_smb_conf_ext(self
):
5740 local_path
= self
.lp
.cache_path('gpo_cache')
5741 guid
= '{31B2F340-016D-11D2-945F-00C04FB984F9}'
5742 reg_pol
= os
.path
.join(local_path
, policies
, guid
,
5743 'MACHINE/REGISTRY.POL')
5744 cache_dir
= self
.lp
.get('cache directory')
5745 store
= GPOStorage(os
.path
.join(cache_dir
, 'gpo.tdb'))
5747 machine_creds
= Credentials()
5748 machine_creds
.guess(self
.lp
)
5749 machine_creds
.set_machine_account()
5751 gpos
= get_gpo_list(self
.server
, machine_creds
, self
.lp
,
5752 machine_creds
.get_username())
5756 e
.keyname
= 'Software\\Policies\\Samba\\smb_conf\\template homedir'
5758 e
.data
= '/home/samba/%D/%U'
5759 e
.valuename
= 'template homedir'
5762 e
.keyname
= 'Software\\Policies\\Samba\\smb_conf\\apply group policies'
5765 e
.valuename
= 'apply group policies'
5768 e
.keyname
= 'Software\\Policies\\Samba\\smb_conf\\ldap timeout'
5771 e
.valuename
= 'ldap timeout'
5774 stage
.num_entries
= len(entries
)
5775 stage
.entries
= entries
5777 ret
= stage_file(reg_pol
, ndr_pack(stage
))
5778 self
.assertTrue(ret
, 'Failed to create the Registry.pol file')
5780 with
NamedTemporaryFile(suffix
='_smb.conf') as f
:
5781 copyfile(self
.lp
.configfile
, f
.name
)
5782 lp
= LoadParm(f
.name
)
5784 # Initialize the group policy extension
5785 ext
= gp_smb_conf_ext(lp
, machine_creds
,
5786 machine_creds
.get_username(), store
)
5787 ext
.process_group_policy([], gpos
)
5788 lp
= LoadParm(f
.name
)
5790 template_homedir
= lp
.get('template homedir')
5791 self
.assertEqual(template_homedir
, '/home/samba/%D/%U',
5792 'template homedir was not applied')
5793 apply_group_policies
= lp
.get('apply group policies')
5794 self
.assertTrue(apply_group_policies
,
5795 'apply group policies was not applied')
5796 ldap_timeout
= lp
.get('ldap timeout')
5797 self
.assertEqual(ldap_timeout
, 9999, 'ldap timeout was not applied')
5799 # Check that a call to gpupdate --rsop also succeeds
5801 self
.assertEqual(ret
, 0, 'gpupdate --rsop failed!')
5804 gp_db
= store
.get_gplog(machine_creds
.get_username())
5805 del_gpos
= get_deleted_gpos_list(gp_db
, [])
5806 ext
.process_group_policy(del_gpos
, [])
5808 lp
= LoadParm(f
.name
)
5810 template_homedir
= lp
.get('template homedir')
5811 self
.assertEqual(template_homedir
, self
.lp
.get('template homedir'),
5812 'template homedir was not unapplied')
5813 apply_group_policies
= lp
.get('apply group policies')
5814 self
.assertEqual(apply_group_policies
, self
.lp
.get('apply group policies'),
5815 'apply group policies was not unapplied')
5816 ldap_timeout
= lp
.get('ldap timeout')
5817 self
.assertEqual(ldap_timeout
, self
.lp
.get('ldap timeout'),
5818 'ldap timeout was not unapplied')
5820 # Unstage the Registry.pol file
5821 unstage_file(reg_pol
)
5823 def test_gp_motd(self
):
5824 local_path
= self
.lp
.cache_path('gpo_cache')
5825 guid
= '{31B2F340-016D-11D2-945F-00C04FB984F9}'
5826 reg_pol
= os
.path
.join(local_path
, policies
, guid
,
5827 'MACHINE/REGISTRY.POL')
5828 cache_dir
= self
.lp
.get('cache directory')
5829 store
= GPOStorage(os
.path
.join(cache_dir
, 'gpo.tdb'))
5831 machine_creds
= Credentials()
5832 machine_creds
.guess(self
.lp
)
5833 machine_creds
.set_machine_account()
5835 # Initialize the group policy extension
5836 ext
= gp_msgs_ext(self
.lp
, machine_creds
,
5837 machine_creds
.get_username(), store
)
5839 gpos
= get_gpo_list(self
.server
, machine_creds
, self
.lp
,
5840 machine_creds
.get_username())
5842 # Stage the Registry.pol file with test data
5845 e1
.keyname
= b
'Software\\Policies\\Samba\\Unix Settings\\Messages'
5846 e1
.valuename
= b
'motd'
5848 e1
.data
= b
'Have a lot of fun!'
5849 stage
.num_entries
= 2
5851 e2
.keyname
= b
'Software\\Policies\\Samba\\Unix Settings\\Messages'
5852 e2
.valuename
= b
'issue'
5854 e2
.data
= b
'Welcome to \\s \\r \\l'
5855 stage
.entries
= [e1
, e2
]
5856 ret
= stage_file(reg_pol
, ndr_pack(stage
))
5857 self
.assertTrue(ret
, 'Could not create the target %s' % reg_pol
)
5859 # Process all gpos, with temp output directory
5860 with
TemporaryDirectory() as dname
:
5861 ext
.process_group_policy([], gpos
, dname
)
5862 motd_file
= os
.path
.join(dname
, 'motd')
5863 self
.assertTrue(os
.path
.exists(motd_file
),
5864 'Message of the day file not created')
5865 data
= open(motd_file
, 'r').read()
5866 self
.assertEqual(data
, e1
.data
, 'Message of the day not applied')
5867 issue_file
= os
.path
.join(dname
, 'issue')
5868 self
.assertTrue(os
.path
.exists(issue_file
),
5869 'Login Prompt Message file not created')
5870 data
= open(issue_file
, 'r').read()
5871 self
.assertEqual(data
, e2
.data
, 'Login Prompt Message not applied')
5873 # Check that a call to gpupdate --rsop also succeeds
5875 self
.assertEqual(ret
, 0, 'gpupdate --rsop failed!')
5877 # Unapply policy, and ensure the test files are removed
5878 gp_db
= store
.get_gplog(machine_creds
.get_username())
5879 del_gpos
= get_deleted_gpos_list(gp_db
, [])
5880 ext
.process_group_policy(del_gpos
, [], dname
)
5881 data
= open(motd_file
, 'r').read()
5882 self
.assertFalse(data
, 'Message of the day file not removed')
5883 data
= open(issue_file
, 'r').read()
5884 self
.assertFalse(data
, 'Login Prompt Message file not removed')
5886 # Unstage the Registry.pol file
5887 unstage_file(reg_pol
)
5889 def test_vgp_symlink(self
):
5890 local_path
= self
.lp
.cache_path('gpo_cache')
5891 guid
= '{31B2F340-016D-11D2-945F-00C04FB984F9}'
5892 manifest
= os
.path
.join(local_path
, policies
, guid
, 'MACHINE',
5893 'VGP/VTLA/UNIX/SYMLINK/MANIFEST.XML')
5894 cache_dir
= self
.lp
.get('cache directory')
5895 store
= GPOStorage(os
.path
.join(cache_dir
, 'gpo.tdb'))
5897 machine_creds
= Credentials()
5898 machine_creds
.guess(self
.lp
)
5899 machine_creds
.set_machine_account()
5901 # Initialize the group policy extension
5902 ext
= vgp_symlink_ext(self
.lp
, machine_creds
,
5903 machine_creds
.get_username(), store
)
5905 gpos
= get_gpo_list(self
.server
, machine_creds
, self
.lp
,
5906 machine_creds
.get_username())
5908 with
TemporaryDirectory() as dname
:
5909 test_source
= os
.path
.join(dname
, 'test.source')
5910 test_target
= os
.path
.join(dname
, 'test.target')
5912 # Stage the manifest.xml file with test data
5913 stage
= etree
.Element('vgppolicy')
5914 policysetting
= etree
.Element('policysetting')
5915 stage
.append(policysetting
)
5916 version
= etree
.Element('version')
5918 policysetting
.append(version
)
5919 data
= etree
.Element('data')
5920 file_properties
= etree
.Element('file_properties')
5921 source
= etree
.Element('source')
5922 source
.text
= test_source
5923 file_properties
.append(source
)
5924 target
= etree
.Element('target')
5925 target
.text
= test_target
5926 file_properties
.append(target
)
5927 data
.append(file_properties
)
5928 policysetting
.append(data
)
5929 ret
= stage_file(manifest
, etree
.tostring(stage
))
5930 self
.assertTrue(ret
, 'Could not create the target %s' % manifest
)
5932 # Create test source
5933 test_source_data
= 'hello world!'
5934 with
open(test_source
, 'w') as w
:
5935 w
.write(test_source_data
)
5937 # Process all gpos, with temp output directory
5938 ext
.process_group_policy([], gpos
)
5939 self
.assertTrue(os
.path
.exists(test_target
),
5940 'The test symlink was not created')
5941 self
.assertTrue(os
.path
.islink(test_target
),
5942 'The test file is not a symlink')
5943 self
.assertIn(test_source_data
, open(test_target
, 'r').read(),
5944 'Reading from symlink does not produce source data')
5946 # Unapply the policy, ensure removal
5947 gp_db
= store
.get_gplog(machine_creds
.get_username())
5948 del_gpos
= get_deleted_gpos_list(gp_db
, [])
5949 ext
.process_group_policy(del_gpos
, [])
5950 self
.assertFalse(os
.path
.exists(test_target
),
5951 'The test symlink was not delete')
5954 ret
= ext
.rsop([g
for g
in gpos
if g
.name
== guid
][0])
5955 self
.assertIn('ln -s %s %s' % (test_source
, test_target
),
5956 list(ret
.values())[0])
5958 # Check that a call to gpupdate --rsop also succeeds
5960 self
.assertEqual(ret
, 0, 'gpupdate --rsop failed!')
5962 # Unstage the manifest.xml file
5963 unstage_file(manifest
)
5965 def test_vgp_files(self
):
5966 local_path
= self
.lp
.cache_path('gpo_cache')
5967 guid
= '{31B2F340-016D-11D2-945F-00C04FB984F9}'
5968 manifest
= os
.path
.join(local_path
, policies
, guid
, 'MACHINE',
5969 'VGP/VTLA/UNIX/FILES/MANIFEST.XML')
5970 source_file
= os
.path
.join(os
.path
.dirname(manifest
), 'TEST.SOURCE')
5971 source_data
= '#!/bin/sh\necho hello world'
5972 ret
= stage_file(source_file
, source_data
)
5973 self
.assertTrue(ret
, 'Could not create the target %s' % source_file
)
5974 cache_dir
= self
.lp
.get('cache directory')
5975 store
= GPOStorage(os
.path
.join(cache_dir
, 'gpo.tdb'))
5977 machine_creds
= Credentials()
5978 machine_creds
.guess(self
.lp
)
5979 machine_creds
.set_machine_account()
5981 # Initialize the group policy extension
5982 ext
= vgp_files_ext(self
.lp
, machine_creds
,
5983 machine_creds
.get_username(), store
)
5985 gpos
= get_gpo_list(self
.server
, machine_creds
, self
.lp
,
5986 machine_creds
.get_username())
5988 # Stage the manifest.xml file with test data
5989 with
TemporaryDirectory() as dname
:
5990 stage
= etree
.Element('vgppolicy')
5991 policysetting
= etree
.Element('policysetting')
5992 stage
.append(policysetting
)
5993 version
= etree
.Element('version')
5995 policysetting
.append(version
)
5996 data
= etree
.Element('data')
5997 file_properties
= etree
.SubElement(data
, 'file_properties')
5998 source
= etree
.SubElement(file_properties
, 'source')
5999 source
.text
= os
.path
.basename(source_file
).lower()
6000 target
= etree
.SubElement(file_properties
, 'target')
6001 target
.text
= os
.path
.join(dname
, 'test.target')
6002 user
= etree
.SubElement(file_properties
, 'user')
6003 user
.text
= pwd
.getpwuid(os
.getuid()).pw_name
6004 group
= etree
.SubElement(file_properties
, 'group')
6005 group
.text
= grp
.getgrgid(os
.getgid()).gr_name
6006 # Request permissions of 755
6007 permissions
= etree
.SubElement(file_properties
, 'permissions')
6008 permissions
.set('type', 'user')
6009 etree
.SubElement(permissions
, 'read')
6010 etree
.SubElement(permissions
, 'write')
6011 etree
.SubElement(permissions
, 'execute')
6012 permissions
= etree
.SubElement(file_properties
, 'permissions')
6013 permissions
.set('type', 'group')
6014 etree
.SubElement(permissions
, 'read')
6015 etree
.SubElement(permissions
, 'execute')
6016 permissions
= etree
.SubElement(file_properties
, 'permissions')
6017 permissions
.set('type', 'other')
6018 etree
.SubElement(permissions
, 'read')
6019 etree
.SubElement(permissions
, 'execute')
6020 policysetting
.append(data
)
6021 ret
= stage_file(manifest
, etree
.tostring(stage
))
6022 self
.assertTrue(ret
, 'Could not create the target %s' % manifest
)
6024 # Process all gpos, with temp output directory
6025 ext
.process_group_policy([], gpos
)
6026 self
.assertTrue(os
.path
.exists(target
.text
),
6027 'The target file does not exist')
6028 self
.assertEqual(os
.stat(target
.text
).st_mode
& 0o777, 0o755,
6029 'The target file permissions are incorrect')
6030 self
.assertEqual(open(target
.text
).read(), source_data
,
6031 'The target file contents are incorrect')
6034 gp_db
= store
.get_gplog(machine_creds
.get_username())
6035 del_gpos
= get_deleted_gpos_list(gp_db
, [])
6036 ext
.process_group_policy(del_gpos
, [])
6037 self
.assertFalse(os
.path
.exists(target
.text
),
6038 'The target file was not removed')
6041 g
= [g
for g
in gpos
if g
.name
== guid
][0]
6043 self
.assertIn(target
.text
, list(ret
.values())[0][0],
6044 'The target file was not listed by rsop')
6045 self
.assertIn('-rwxr-xr-x', list(ret
.values())[0][0],
6046 'The target permissions were not listed by rsop')
6048 # Check that a call to gpupdate --rsop also succeeds
6050 self
.assertEqual(ret
, 0, 'gpupdate --rsop failed!')
6052 # Unstage the manifest and source files
6053 unstage_file(manifest
)
6054 unstage_file(source_file
)
6056 def test_vgp_openssh(self
):
6057 local_path
= self
.lp
.cache_path('gpo_cache')
6058 guid
= '{31B2F340-016D-11D2-945F-00C04FB984F9}'
6059 manifest
= os
.path
.join(local_path
, policies
, guid
, 'MACHINE',
6060 'VGP/VTLA/SSHCFG/SSHD/MANIFEST.XML')
6061 cache_dir
= self
.lp
.get('cache directory')
6062 store
= GPOStorage(os
.path
.join(cache_dir
, 'gpo.tdb'))
6064 machine_creds
= Credentials()
6065 machine_creds
.guess(self
.lp
)
6066 machine_creds
.set_machine_account()
6068 # Initialize the group policy extension
6069 ext
= vgp_openssh_ext(self
.lp
, machine_creds
,
6070 machine_creds
.get_username(), store
)
6072 gpos
= get_gpo_list(self
.server
, machine_creds
, self
.lp
,
6073 machine_creds
.get_username())
6075 # Stage the manifest.xml file with test data
6076 stage
= etree
.Element('vgppolicy')
6077 policysetting
= etree
.Element('policysetting')
6078 stage
.append(policysetting
)
6079 version
= etree
.Element('version')
6081 policysetting
.append(version
)
6082 data
= etree
.Element('data')
6083 configfile
= etree
.Element('configfile')
6084 configsection
= etree
.Element('configsection')
6085 sectionname
= etree
.Element('sectionname')
6086 configsection
.append(sectionname
)
6087 kvpair
= etree
.Element('keyvaluepair')
6088 key
= etree
.Element('key')
6089 key
.text
= 'AddressFamily'
6091 value
= etree
.Element('value')
6092 value
.text
= 'inet6'
6093 kvpair
.append(value
)
6094 configsection
.append(kvpair
)
6095 configfile
.append(configsection
)
6096 data
.append(configfile
)
6097 policysetting
.append(data
)
6098 ret
= stage_file(manifest
, etree
.tostring(stage
))
6099 self
.assertTrue(ret
, 'Could not create the target %s' % manifest
)
6101 # Process all gpos, with temp output directory
6102 data
= 'AddressFamily inet6'
6103 with
TemporaryDirectory() as dname
:
6104 ext
.process_group_policy([], gpos
, dname
)
6105 conf
= os
.listdir(dname
)
6106 self
.assertEqual(len(conf
), 1, 'The conf file was not created')
6107 gp_cfg
= os
.path
.join(dname
, conf
[0])
6108 self
.assertIn(data
, open(gp_cfg
, 'r').read(),
6109 'The sshd_config entry was not applied')
6111 # Check that a call to gpupdate --rsop also succeeds
6113 self
.assertEqual(ret
, 0, 'gpupdate --rsop failed!')
6116 gp_db
= store
.get_gplog(machine_creds
.get_username())
6117 del_gpos
= get_deleted_gpos_list(gp_db
, [])
6118 ext
.process_group_policy(del_gpos
, [], dname
)
6119 self
.assertFalse(os
.path
.exists(gp_cfg
),
6120 'Unapply failed to cleanup config')
6122 # Unstage the Registry.pol file
6123 unstage_file(manifest
)
6125 def test_vgp_startup_scripts(self
):
6126 local_path
= self
.lp
.cache_path('gpo_cache')
6127 guid
= '{31B2F340-016D-11D2-945F-00C04FB984F9}'
6128 manifest
= os
.path
.join(local_path
, policies
, guid
, 'MACHINE',
6129 'VGP/VTLA/UNIX/SCRIPTS/STARTUP/MANIFEST.XML')
6130 test_script
= os
.path
.join(os
.path
.dirname(manifest
), 'TEST.SH')
6131 test_data
= '#!/bin/sh\necho $@ hello world'
6132 ret
= stage_file(test_script
, test_data
)
6133 self
.assertTrue(ret
, 'Could not create the target %s' % test_script
)
6134 cache_dir
= self
.lp
.get('cache directory')
6135 store
= GPOStorage(os
.path
.join(cache_dir
, 'gpo.tdb'))
6137 machine_creds
= Credentials()
6138 machine_creds
.guess(self
.lp
)
6139 machine_creds
.set_machine_account()
6141 # Initialize the group policy extension
6142 ext
= vgp_startup_scripts_ext(self
.lp
, machine_creds
,
6143 machine_creds
.get_username(), store
)
6145 gpos
= get_gpo_list(self
.server
, machine_creds
, self
.lp
,
6146 machine_creds
.get_username())
6148 # Stage the manifest.xml file with test data
6149 stage
= etree
.Element('vgppolicy')
6150 policysetting
= etree
.SubElement(stage
, 'policysetting')
6151 version
= etree
.SubElement(policysetting
, 'version')
6153 data
= etree
.SubElement(policysetting
, 'data')
6154 listelement
= etree
.SubElement(data
, 'listelement')
6155 script
= etree
.SubElement(listelement
, 'script')
6156 script
.text
= os
.path
.basename(test_script
).lower()
6157 parameters
= etree
.SubElement(listelement
, 'parameters')
6158 parameters
.text
= '-n'
6159 hash = etree
.SubElement(listelement
, 'hash')
6161 hashlib
.md5(open(test_script
, 'rb').read()).hexdigest().upper()
6162 run_as
= etree
.SubElement(listelement
, 'run_as')
6163 run_as
.text
= 'root'
6164 ret
= stage_file(manifest
, etree
.tostring(stage
))
6165 self
.assertTrue(ret
, 'Could not create the target %s' % manifest
)
6167 # Process all gpos, with temp output directory
6168 with
TemporaryDirectory() as dname
:
6169 ext
.process_group_policy([], gpos
, dname
)
6170 files
= os
.listdir(dname
)
6171 self
.assertEqual(len(files
), 1,
6172 'The target script was not created')
6173 entry
= '@reboot %s %s %s' % (run_as
.text
, test_script
,
6175 self
.assertIn(entry
,
6176 open(os
.path
.join(dname
, files
[0]), 'r').read(),
6177 'The test entry was not found')
6180 gp_db
= store
.get_gplog(machine_creds
.get_username())
6181 del_gpos
= get_deleted_gpos_list(gp_db
, [])
6182 ext
.process_group_policy(del_gpos
, [])
6183 files
= os
.listdir(dname
)
6184 self
.assertEqual(len(files
), 0,
6185 'The target script was not removed')
6188 g
= [g
for g
in gpos
if g
.name
== guid
][0]
6190 self
.assertIn(entry
, list(ret
.values())[0][0],
6191 'The target entry was not listed by rsop')
6193 # Check that a call to gpupdate --rsop also succeeds
6195 self
.assertEqual(ret
, 0, 'gpupdate --rsop failed!')
6197 # Unstage the manifest.xml and script files
6198 unstage_file(manifest
)
6200 # Stage the manifest.xml file for run once scripts
6201 etree
.SubElement(listelement
, 'run_once')
6202 run_as
.text
= pwd
.getpwuid(os
.getuid()).pw_name
6203 ret
= stage_file(manifest
, etree
.tostring(stage
))
6204 self
.assertTrue(ret
, 'Could not create the target %s' % manifest
)
6206 # Process all gpos, with temp output directory
6207 # A run once script will be executed immediately,
6208 # instead of creating a cron job
6209 with
TemporaryDirectory() as dname
:
6210 test_file
= '%s/TESTING.txt' % dname
6211 test_data
= '#!/bin/sh\ntouch %s' % test_file
6212 ret
= stage_file(test_script
, test_data
)
6213 self
.assertTrue(ret
, 'Could not create the target %s' % test_script
)
6215 ext
.process_group_policy([], gpos
, dname
)
6216 files
= os
.listdir(dname
)
6217 self
.assertEqual(len(files
), 1,
6218 'The test file was not created')
6219 self
.assertEqual(files
[0], os
.path
.basename(test_file
),
6220 'The test file was not created')
6222 # Unlink the test file and ensure that processing
6223 # policy again does not recreate it.
6224 os
.unlink(test_file
)
6225 ext
.process_group_policy([], gpos
, dname
)
6226 files
= os
.listdir(dname
)
6227 self
.assertEqual(len(files
), 0,
6228 'The test file should not have been created')
6231 gp_db
= store
.get_gplog(machine_creds
.get_username())
6232 del_gpos
= get_deleted_gpos_list(gp_db
, [])
6233 ext
.process_group_policy(del_gpos
, [])
6236 entry
= 'Run once as: %s `%s %s`' % (run_as
.text
, test_script
,
6238 g
= [g
for g
in gpos
if g
.name
== guid
][0]
6240 self
.assertIn(entry
, list(ret
.values())[0][0],
6241 'The target entry was not listed by rsop')
6243 # Check that a call to gpupdate --rsop also succeeds
6245 self
.assertEqual(ret
, 0, 'gpupdate --rsop failed!')
6247 # Unstage the manifest.xml and script files
6248 unstage_file(manifest
)
6250 # Stage the manifest.xml file for a script without parameters
6251 stage
= etree
.Element('vgppolicy')
6252 policysetting
= etree
.SubElement(stage
, 'policysetting')
6253 version
= etree
.SubElement(policysetting
, 'version')
6255 data
= etree
.SubElement(policysetting
, 'data')
6256 listelement
= etree
.SubElement(data
, 'listelement')
6257 script
= etree
.SubElement(listelement
, 'script')
6258 script
.text
= os
.path
.basename(test_script
).lower()
6259 hash = etree
.SubElement(listelement
, 'hash')
6261 hashlib
.md5(open(test_script
, 'rb').read()).hexdigest().upper()
6262 run_as
= etree
.SubElement(listelement
, 'run_as')
6263 run_as
.text
= 'root'
6264 ret
= stage_file(manifest
, etree
.tostring(stage
))
6265 self
.assertTrue(ret
, 'Could not create the target %s' % manifest
)
6267 # Process all gpos, with temp output directory
6268 with
TemporaryDirectory() as dname
:
6270 ext
.process_group_policy([], gpos
, dname
)
6271 except Exception as e
:
6273 files
= os
.listdir(dname
)
6274 self
.assertEqual(len(files
), 1,
6275 'The target script was not created')
6276 entry
= '@reboot %s %s' % (run_as
.text
, test_script
)
6277 self
.assertIn(entry
,
6278 open(os
.path
.join(dname
, files
[0]), 'r').read(),
6279 'The test entry was not found')
6282 gp_db
= store
.get_gplog(machine_creds
.get_username())
6283 del_gpos
= get_deleted_gpos_list(gp_db
, [])
6284 ext
.process_group_policy(del_gpos
, [])
6285 files
= os
.listdir(dname
)
6286 self
.assertEqual(len(files
), 0,
6287 'The target script was not removed')
6290 g
= [g
for g
in gpos
if g
.name
== guid
][0]
6292 self
.assertIn(entry
, list(ret
.values())[0][0],
6293 'The target entry was not listed by rsop')
6295 # Check that a call to gpupdate --rsop also succeeds
6297 self
.assertEqual(ret
, 0, 'gpupdate --rsop failed!')
6299 # Unstage the manifest.xml and script files
6300 unstage_file(manifest
)
6301 unstage_file(test_script
)
6303 def test_vgp_motd(self
):
6304 local_path
= self
.lp
.cache_path('gpo_cache')
6305 guid
= '{31B2F340-016D-11D2-945F-00C04FB984F9}'
6306 manifest
= os
.path
.join(local_path
, policies
, guid
, 'MACHINE',
6307 'VGP/VTLA/UNIX/MOTD/MANIFEST.XML')
6308 cache_dir
= self
.lp
.get('cache directory')
6309 store
= GPOStorage(os
.path
.join(cache_dir
, 'gpo.tdb'))
6311 machine_creds
= Credentials()
6312 machine_creds
.guess(self
.lp
)
6313 machine_creds
.set_machine_account()
6315 # Initialize the group policy extension
6316 ext
= vgp_motd_ext(self
.lp
, machine_creds
,
6317 machine_creds
.get_username(), store
)
6319 gpos
= get_gpo_list(self
.server
, machine_creds
, self
.lp
,
6320 machine_creds
.get_username())
6322 # Stage the manifest.xml file with test data
6323 stage
= etree
.Element('vgppolicy')
6324 policysetting
= etree
.SubElement(stage
, 'policysetting')
6325 version
= etree
.SubElement(policysetting
, 'version')
6327 data
= etree
.SubElement(policysetting
, 'data')
6328 filename
= etree
.SubElement(data
, 'filename')
6329 filename
.text
= 'motd'
6330 text
= etree
.SubElement(data
, 'text')
6331 text
.text
= 'This is the message of the day'
6332 ret
= stage_file(manifest
, etree
.tostring(stage
))
6333 self
.assertTrue(ret
, 'Could not create the target %s' % manifest
)
6335 # Process all gpos, with temp output directory
6336 with
NamedTemporaryFile() as f
:
6337 ext
.process_group_policy([], gpos
, f
.name
)
6338 self
.assertEqual(open(f
.name
, 'r').read(), text
.text
,
6339 'The motd was not applied')
6341 # Check that a call to gpupdate --rsop also succeeds
6343 self
.assertEqual(ret
, 0, 'gpupdate --rsop failed!')
6346 gp_db
= store
.get_gplog(machine_creds
.get_username())
6347 del_gpos
= get_deleted_gpos_list(gp_db
, [])
6348 ext
.process_group_policy(del_gpos
, [], f
.name
)
6349 self
.assertNotEqual(open(f
.name
, 'r').read(), text
.text
,
6350 'The motd was not unapplied')
6352 # Unstage the Registry.pol file
6353 unstage_file(manifest
)
6355 def test_vgp_issue(self
):
6356 local_path
= self
.lp
.cache_path('gpo_cache')
6357 guid
= '{31B2F340-016D-11D2-945F-00C04FB984F9}'
6358 manifest
= os
.path
.join(local_path
, policies
, guid
, 'MACHINE',
6359 'VGP/VTLA/UNIX/ISSUE/MANIFEST.XML')
6360 cache_dir
= self
.lp
.get('cache directory')
6361 store
= GPOStorage(os
.path
.join(cache_dir
, 'gpo.tdb'))
6363 machine_creds
= Credentials()
6364 machine_creds
.guess(self
.lp
)
6365 machine_creds
.set_machine_account()
6367 # Initialize the group policy extension
6368 ext
= vgp_issue_ext(self
.lp
, machine_creds
,
6369 machine_creds
.get_username(), store
)
6371 gpos
= get_gpo_list(self
.server
, machine_creds
, self
.lp
,
6372 machine_creds
.get_username())
6374 # Stage the manifest.xml file with test data
6375 stage
= etree
.Element('vgppolicy')
6376 policysetting
= etree
.SubElement(stage
, 'policysetting')
6377 version
= etree
.SubElement(policysetting
, 'version')
6379 data
= etree
.SubElement(policysetting
, 'data')
6380 filename
= etree
.SubElement(data
, 'filename')
6381 filename
.text
= 'issue'
6382 text
= etree
.SubElement(data
, 'text')
6383 text
.text
= 'Welcome to Samba!'
6384 ret
= stage_file(manifest
, etree
.tostring(stage
))
6385 self
.assertTrue(ret
, 'Could not create the target %s' % manifest
)
6387 # Process all gpos, with temp output directory
6388 with
NamedTemporaryFile() as f
:
6389 ext
.process_group_policy([], gpos
, f
.name
)
6390 self
.assertEqual(open(f
.name
, 'r').read(), text
.text
,
6391 'The issue was not applied')
6393 # Check that a call to gpupdate --rsop also succeeds
6395 self
.assertEqual(ret
, 0, 'gpupdate --rsop failed!')
6398 gp_db
= store
.get_gplog(machine_creds
.get_username())
6399 del_gpos
= get_deleted_gpos_list(gp_db
, [])
6400 ext
.process_group_policy(del_gpos
, [], f
.name
)
6401 self
.assertNotEqual(open(f
.name
, 'r').read(), text
.text
,
6402 'The issue was not unapplied')
6404 # Unstage the manifest.xml file
6405 unstage_file(manifest
)
6407 def test_vgp_access(self
):
6408 local_path
= self
.lp
.cache_path('gpo_cache')
6409 guid
= '{31B2F340-016D-11D2-945F-00C04FB984F9}'
6410 allow
= os
.path
.join(local_path
, policies
, guid
, 'MACHINE',
6411 'VGP/VTLA/VAS/HOSTACCESSCONTROL/ALLOW/MANIFEST.XML')
6412 deny
= os
.path
.join(local_path
, policies
, guid
, 'MACHINE',
6413 'VGP/VTLA/VAS/HOSTACCESSCONTROL/DENY/MANIFEST.XML')
6414 cache_dir
= self
.lp
.get('cache directory')
6415 store
= GPOStorage(os
.path
.join(cache_dir
, 'gpo.tdb'))
6417 machine_creds
= Credentials()
6418 machine_creds
.guess(self
.lp
)
6419 machine_creds
.set_machine_account()
6421 # Initialize the group policy extension
6422 winbind_sep
= self
.lp
.get('winbind separator')
6423 self
.addCleanup(self
.lp
.set, 'winbind separator', winbind_sep
)
6424 self
.lp
.set('winbind separator', '+')
6425 ext
= vgp_access_ext(self
.lp
, machine_creds
,
6426 machine_creds
.get_username(), store
)
6428 gpos
= get_gpo_list(self
.server
, machine_creds
, self
.lp
,
6429 machine_creds
.get_username())
6431 # Stage the manifest.xml allow file
6432 stage
= etree
.Element('vgppolicy')
6433 policysetting
= etree
.SubElement(stage
, 'policysetting')
6434 version
= etree
.SubElement(policysetting
, 'version')
6436 apply_mode
= etree
.SubElement(policysetting
, 'apply_mode')
6437 apply_mode
.text
= 'merge'
6438 data
= etree
.SubElement(policysetting
, 'data')
6439 # Add an allowed user
6440 listelement
= etree
.SubElement(data
, 'listelement')
6441 otype
= etree
.SubElement(listelement
, 'type')
6443 entry
= etree
.SubElement(listelement
, 'entry')
6444 entry
.text
= 'goodguy@%s' % realm
6445 adobject
= etree
.SubElement(listelement
, 'adobject')
6446 name
= etree
.SubElement(adobject
, 'name')
6447 name
.text
= 'goodguy'
6448 domain
= etree
.SubElement(adobject
, 'domain')
6450 otype
= etree
.SubElement(adobject
, 'type')
6452 # Add an allowed group
6453 groupattr
= etree
.SubElement(data
, 'groupattr')
6454 groupattr
.text
= 'samAccountName'
6455 listelement
= etree
.SubElement(data
, 'listelement')
6456 otype
= etree
.SubElement(listelement
, 'type')
6457 otype
.text
= 'GROUP'
6458 entry
= etree
.SubElement(listelement
, 'entry')
6459 entry
.text
= '%s\\goodguys' % realm
6460 dn
= etree
.SubElement(listelement
, 'dn')
6461 dn
.text
= 'CN=goodguys,CN=Users,%s' % base_dn
6462 adobject
= etree
.SubElement(listelement
, 'adobject')
6463 name
= etree
.SubElement(adobject
, 'name')
6464 name
.text
= 'goodguys'
6465 domain
= etree
.SubElement(adobject
, 'domain')
6467 otype
= etree
.SubElement(adobject
, 'type')
6468 otype
.text
= 'group'
6469 ret
= stage_file(allow
, etree
.tostring(stage
))
6470 self
.assertTrue(ret
, 'Could not create the target %s' % allow
)
6472 # Stage the manifest.xml deny file
6473 stage
= etree
.Element('vgppolicy')
6474 policysetting
= etree
.SubElement(stage
, 'policysetting')
6475 version
= etree
.SubElement(policysetting
, 'version')
6477 apply_mode
= etree
.SubElement(policysetting
, 'apply_mode')
6478 apply_mode
.text
= 'merge'
6479 data
= etree
.SubElement(policysetting
, 'data')
6481 listelement
= etree
.SubElement(data
, 'listelement')
6482 otype
= etree
.SubElement(listelement
, 'type')
6484 entry
= etree
.SubElement(listelement
, 'entry')
6485 entry
.text
= 'badguy@%s' % realm
6486 adobject
= etree
.SubElement(listelement
, 'adobject')
6487 name
= etree
.SubElement(adobject
, 'name')
6488 name
.text
= 'badguy'
6489 domain
= etree
.SubElement(adobject
, 'domain')
6491 otype
= etree
.SubElement(adobject
, 'type')
6493 # Add a denied group
6494 groupattr
= etree
.SubElement(data
, 'groupattr')
6495 groupattr
.text
= 'samAccountName'
6496 listelement
= etree
.SubElement(data
, 'listelement')
6497 otype
= etree
.SubElement(listelement
, 'type')
6498 otype
.text
= 'GROUP'
6499 entry
= etree
.SubElement(listelement
, 'entry')
6500 entry
.text
= '%s\\badguys' % realm
6501 dn
= etree
.SubElement(listelement
, 'dn')
6502 dn
.text
= 'CN=badguys,CN=Users,%s' % base_dn
6503 adobject
= etree
.SubElement(listelement
, 'adobject')
6504 name
= etree
.SubElement(adobject
, 'name')
6505 name
.text
= 'badguys'
6506 domain
= etree
.SubElement(adobject
, 'domain')
6508 otype
= etree
.SubElement(adobject
, 'type')
6509 otype
.text
= 'group'
6510 ret
= stage_file(deny
, etree
.tostring(stage
))
6511 self
.assertTrue(ret
, 'Could not create the target %s' % deny
)
6513 # Process all gpos, with temp output directory
6514 with
TemporaryDirectory() as dname
:
6515 ext
.process_group_policy([], gpos
, dname
)
6516 conf
= os
.listdir(dname
)
6517 # There will be 2 files, the policy file and the deny file
6518 self
.assertEqual(len(conf
), 2, 'The conf file was not created')
6519 # Ignore the DENY_ALL conf file
6520 gp_cfg
= os
.path
.join(dname
,
6521 [c
for c
in conf
if '_gp_DENY_ALL.conf' not in c
][0])
6523 # Check the access config for the correct access.conf entries
6524 print('Config file %s found' % gp_cfg
)
6525 data
= open(gp_cfg
, 'r').read()
6526 self
.assertIn('+:%s+goodguy:ALL' % realm
, data
)
6527 self
.assertIn('+:%s+goodguys:ALL' % realm
, data
)
6528 self
.assertIn('-:%s+badguy:ALL' % realm
, data
)
6529 self
.assertIn('-:%s+badguys:ALL' % realm
, data
)
6531 # Check that a call to gpupdate --rsop also succeeds
6533 self
.assertEqual(ret
, 0, 'gpupdate --rsop failed!')
6536 gp_db
= store
.get_gplog(machine_creds
.get_username())
6537 del_gpos
= get_deleted_gpos_list(gp_db
, [])
6538 ext
.process_group_policy(del_gpos
, [], dname
)
6539 self
.assertFalse(os
.path
.exists(gp_cfg
),
6540 'Unapply failed to cleanup config')
6542 # Unstage the manifest.pol files
6546 def test_gnome_settings(self
):
6547 local_path
= self
.lp
.cache_path('gpo_cache')
6548 guid
= '{31B2F340-016D-11D2-945F-00C04FB984F9}'
6549 reg_pol
= os
.path
.join(local_path
, policies
, guid
,
6550 'MACHINE/REGISTRY.POL')
6551 cache_dir
= self
.lp
.get('cache directory')
6552 store
= GPOStorage(os
.path
.join(cache_dir
, 'gpo.tdb'))
6554 machine_creds
= Credentials()
6555 machine_creds
.guess(self
.lp
)
6556 machine_creds
.set_machine_account()
6558 # Initialize the group policy extension
6559 ext
= gp_gnome_settings_ext(self
.lp
, machine_creds
,
6560 machine_creds
.get_username(), store
)
6562 gpos
= get_gpo_list(self
.server
, machine_creds
, self
.lp
,
6563 machine_creds
.get_username())
6565 # Stage the Registry.pol file with test data
6566 parser
= GPPolParser()
6567 parser
.load_xml(etree
.fromstring(gnome_test_reg_pol
.strip()))
6568 ret
= stage_file(reg_pol
, ndr_pack(parser
.pol_file
))
6569 self
.assertTrue(ret
, 'Could not create the target %s' % reg_pol
)
6571 with
TemporaryDirectory() as dname
:
6572 ext
.process_group_policy([], gpos
, dname
)
6574 local_db
= os
.path
.join(dname
, 'etc/dconf/db/local.d')
6575 self
.assertTrue(os
.path
.isdir(local_db
),
6576 'Local db dir not created')
6577 def db_check(name
, data
, count
=1):
6578 db
= glob(os
.path
.join(local_db
, '*-%s' % name
))
6579 self
.assertEqual(len(db
), count
, '%s not created' % name
)
6580 file_contents
= ConfigParser()
6581 file_contents
.read(db
)
6582 for key
in data
.keys():
6583 self
.assertTrue(file_contents
.has_section(key
),
6584 'Section %s not found' % key
)
6586 for k
, v
in options
.items():
6587 v_content
= file_contents
.get(key
, k
)
6588 self
.assertEqual(v_content
, v
,
6589 '%s: %s != %s' % (key
, v_content
, v
))
6591 def del_db_check(name
):
6592 db
= glob(os
.path
.join(local_db
, '*-%s' % name
))
6593 self
.assertEqual(len(db
), 0, '%s not deleted' % name
)
6595 locks
= os
.path
.join(local_db
, 'locks')
6596 self
.assertTrue(os
.path
.isdir(local_db
), 'Locks dir not created')
6597 def lock_check(name
, items
, count
=1):
6598 lock
= glob(os
.path
.join(locks
, '*%s' % name
))
6599 self
.assertEqual(len(lock
), count
,
6600 '%s lock not created' % name
)
6602 for i
in range(count
):
6603 file_contents
.extend(open(lock
[i
], 'r').read().split('\n'))
6605 self
.assertIn(data
, file_contents
,
6606 '%s lock not created' % data
)
6608 def del_lock_check(name
):
6609 lock
= glob(os
.path
.join(locks
, '*%s' % name
))
6610 self
.assertEqual(len(lock
), 0, '%s lock not deleted' % name
)
6612 # Check the user profile
6613 user_profile
= os
.path
.join(dname
, 'etc/dconf/profile/user')
6614 self
.assertTrue(os
.path
.exists(user_profile
),
6615 'User profile not created')
6617 # Enable the compose key
6618 data
= { 'org/gnome/desktop/input-sources':
6619 { 'xkb-options': '[\'compose:ralt\']' }
6621 db_check('input-sources', data
)
6622 items
= ['/org/gnome/desktop/input-sources/xkb-options']
6623 lock_check('input-sources', items
)
6625 # Dim screen when user is idle
6626 data
= { 'org/gnome/settings-daemon/plugins/power':
6627 { 'idle-dim': 'true',
6628 'idle-brightness': '30'
6631 db_check('power', data
)
6632 data
= { 'org/gnome/desktop/session':
6633 { 'idle-delay': 'uint32 300' }
6635 db_check('session', data
)
6636 items
= ['/org/gnome/settings-daemon/plugins/power/idle-dim',
6637 '/org/gnome/settings-daemon/plugins/power/idle-brightness',
6638 '/org/gnome/desktop/session/idle-delay']
6639 lock_check('power-saving', items
)
6641 # Lock down specific settings
6642 bg_locks
= ['/org/gnome/desktop/background/picture-uri',
6643 '/org/gnome/desktop/background/picture-options',
6644 '/org/gnome/desktop/background/primary-color',
6645 '/org/gnome/desktop/background/secondary-color']
6646 lock_check('group-policy', bg_locks
)
6648 # Lock down enabled extensions
6649 data
= { 'org/gnome/shell':
6650 { 'enabled-extensions':
6651 '[\'myextension1@myname.example.com\', \'myextension2@myname.example.com\']',
6652 'development-tools': 'false' }
6654 db_check('extensions', data
)
6655 items
= [ '/org/gnome/shell/enabled-extensions',
6656 '/org/gnome/shell/development-tools' ]
6657 lock_check('extensions', items
)
6659 # Disallow login using a fingerprint
6660 data
= { 'org/gnome/login-screen':
6661 { 'enable-fingerprint-authentication': 'false' }
6663 db_check('fingerprintreader', data
)
6664 items
= ['/org/gnome/login-screen/enable-fingerprint-authentication']
6665 lock_check('fingerprintreader', items
)
6667 # Disable user logout and user switching
6668 data
= { 'org/gnome/desktop/lockdown':
6669 { 'disable-log-out': 'true',
6670 'disable-user-switching': 'true' }
6672 db_check('logout', data
, 2)
6673 items
= ['/org/gnome/desktop/lockdown/disable-log-out',
6674 '/org/gnome/desktop/lockdown/disable-user-switching']
6675 lock_check('logout', items
, 2)
6677 # Disable repartitioning
6678 actions
= os
.path
.join(dname
, 'etc/share/polkit-1/actions')
6679 udisk2
= glob(os
.path
.join(actions
,
6680 'org.freedesktop.[u|U][d|D]isks2.policy'))
6681 self
.assertEqual(len(udisk2
), 1, 'udisk2 policy not created')
6682 udisk2_tree
= etree
.fromstring(open(udisk2
[0], 'r').read())
6683 actions
= udisk2_tree
.findall('action')
6684 md
= 'org.freedesktop.udisks2.modify-device'
6685 action
= [a
for a
in actions
if a
.attrib
['id'] == md
]
6686 self
.assertEqual(len(action
), 1, 'modify-device not found')
6687 defaults
= action
[0].find('defaults')
6688 self
.assertTrue(defaults
is not None,
6689 'modify-device defaults not found')
6690 allow_any
= defaults
.find('allow_any').text
6691 self
.assertEqual(allow_any
, 'no',
6692 'modify-device allow_any not set to no')
6693 allow_inactive
= defaults
.find('allow_inactive').text
6694 self
.assertEqual(allow_inactive
, 'no',
6695 'modify-device allow_inactive not set to no')
6696 allow_active
= defaults
.find('allow_active').text
6697 self
.assertEqual(allow_active
, 'yes',
6698 'modify-device allow_active not set to yes')
6701 data
= { 'org/gnome/desktop/lockdown':
6702 { 'disable-printing': 'true' }
6704 db_check('printing', data
)
6705 items
= ['/org/gnome/desktop/lockdown/disable-printing']
6706 lock_check('printing', items
)
6708 # Disable file saving
6709 data
= { 'org/gnome/desktop/lockdown':
6710 { 'disable-save-to-disk': 'true' }
6712 db_check('filesaving', data
)
6713 items
= ['/org/gnome/desktop/lockdown/disable-save-to-disk']
6714 lock_check('filesaving', items
)
6716 # Disable command-line access
6717 data
= { 'org/gnome/desktop/lockdown':
6718 { 'disable-command-line': 'true' }
6720 db_check('cmdline', data
)
6721 items
= ['/org/gnome/desktop/lockdown/disable-command-line']
6722 lock_check('cmdline', items
)
6724 # Allow or disallow online accounts
6725 data
= { 'org/gnome/online-accounts':
6726 { 'whitelisted-providers': '[\'google\']' }
6728 db_check('goa', data
)
6729 items
= ['/org/gnome/online-accounts/whitelisted-providers']
6730 lock_check('goa', items
)
6732 # Verify RSOP does not fail
6733 ext
.rsop([g
for g
in gpos
if g
.name
== guid
][0])
6735 # Check that a call to gpupdate --rsop also succeeds
6737 self
.assertEqual(ret
, 0, 'gpupdate --rsop failed!')
6740 gp_db
= store
.get_gplog(machine_creds
.get_username())
6741 del_gpos
= get_deleted_gpos_list(gp_db
, [])
6742 ext
.process_group_policy(del_gpos
, [], dname
)
6743 del_db_check('input-sources')
6744 del_lock_check('input-sources')
6745 del_db_check('power')
6746 del_db_check('session')
6747 del_lock_check('power-saving')
6748 del_lock_check('group-policy')
6749 del_db_check('extensions')
6750 del_lock_check('extensions')
6751 del_db_check('fingerprintreader')
6752 del_lock_check('fingerprintreader')
6753 del_db_check('logout')
6754 del_lock_check('logout')
6755 actions
= os
.path
.join(dname
, 'etc/share/polkit-1/actions')
6756 udisk2
= glob(os
.path
.join(actions
,
6757 'org.freedesktop.[u|U][d|D]isks2.policy'))
6758 self
.assertEqual(len(udisk2
), 0, 'udisk2 policy not deleted')
6759 del_db_check('printing')
6760 del_lock_check('printing')
6761 del_db_check('filesaving')
6762 del_lock_check('filesaving')
6763 del_db_check('cmdline')
6764 del_lock_check('cmdline')
6766 del_lock_check('goa')
6768 # Unstage the Registry.pol file
6769 unstage_file(reg_pol
)
6771 def test_gp_cert_auto_enroll_ext_without_ndes(self
):
6772 local_path
= self
.lp
.cache_path('gpo_cache')
6773 guid
= '{31B2F340-016D-11D2-945F-00C04FB984F9}'
6774 reg_pol
= os
.path
.join(local_path
, policies
, guid
,
6775 'MACHINE/REGISTRY.POL')
6776 cache_dir
= self
.lp
.get('cache directory')
6777 store
= GPOStorage(os
.path
.join(cache_dir
, 'gpo.tdb'))
6779 machine_creds
= Credentials()
6780 machine_creds
.guess(self
.lp
)
6781 machine_creds
.set_machine_account()
6783 # Initialize the group policy extension
6784 cae
.requests
= dummy_requests(want_exception
=True)
6785 ext
= cae
.gp_cert_auto_enroll_ext(self
.lp
, machine_creds
,
6786 machine_creds
.get_username(), store
)
6788 gpos
= get_gpo_list(self
.server
, machine_creds
, self
.lp
,
6789 machine_creds
.get_username())
6791 # Stage the Registry.pol file with test data
6792 parser
= GPPolParser()
6793 parser
.load_xml(etree
.fromstring(auto_enroll_reg_pol
.strip()))
6794 ret
= stage_file(reg_pol
, ndr_pack(parser
.pol_file
))
6795 self
.assertTrue(ret
, 'Could not create the target %s' % reg_pol
)
6797 # Write the dummy CA entry, Enrollment Services, and Templates Entries
6798 admin_creds
= Credentials()
6799 admin_creds
.set_username(os
.environ
.get('DC_USERNAME'))
6800 admin_creds
.set_password(os
.environ
.get('DC_PASSWORD'))
6801 admin_creds
.set_realm(os
.environ
.get('REALM'))
6802 hostname
= get_dc_hostname(machine_creds
, self
.lp
)
6803 url
= 'ldap://%s' % hostname
6804 ldb
= Ldb(url
=url
, session_info
=system_session(),
6805 lp
=self
.lp
, credentials
=admin_creds
)
6806 # Write the dummy CA
6807 confdn
= 'CN=Public Key Services,CN=Services,CN=Configuration,%s' % base_dn
6808 ca_cn
= '%s-CA' % hostname
.replace('.', '-')
6809 certa_dn
= 'CN=%s,CN=Certification Authorities,%s' % (ca_cn
, confdn
)
6810 ldb
.add({'dn': certa_dn
,
6811 'objectClass': 'certificationAuthority',
6812 'authorityRevocationList': ['XXX'],
6813 'cACertificate': dummy_certificate(),
6814 'certificateRevocationList': ['XXX'],
6816 # Write the dummy pKIEnrollmentService
6817 enroll_dn
= 'CN=%s,CN=Enrollment Services,%s' % (ca_cn
, confdn
)
6818 ldb
.add({'dn': enroll_dn
,
6819 'objectClass': 'pKIEnrollmentService',
6820 'cACertificate': dummy_certificate(),
6821 'certificateTemplates': ['Machine'],
6822 'dNSHostName': hostname
,
6824 # Write the dummy pKICertificateTemplate
6825 template_dn
= 'CN=Machine,CN=Certificate Templates,%s' % confdn
6826 ldb
.add({'dn': template_dn
,
6827 'objectClass': 'pKICertificateTemplate',
6830 with
TemporaryDirectory() as dname
:
6832 ext
.process_group_policy([], gpos
, dname
, dname
)
6833 except Exception as e
:
6836 ca_crt
= os
.path
.join(dname
, '%s.crt' % ca_cn
)
6837 self
.assertTrue(os
.path
.exists(ca_crt
),
6838 'Root CA certificate was not requested')
6839 machine_crt
= os
.path
.join(dname
, '%s.Machine.crt' % ca_cn
)
6840 self
.assertTrue(os
.path
.exists(machine_crt
),
6841 'Machine certificate was not requested')
6842 machine_key
= os
.path
.join(dname
, '%s.Machine.key' % ca_cn
)
6843 self
.assertTrue(os
.path
.exists(machine_key
),
6844 'Machine key was not generated')
6846 # Verify RSOP does not fail
6847 ext
.rsop([g
for g
in gpos
if g
.name
== guid
][0])
6849 # Check that a call to gpupdate --rsop also succeeds
6851 self
.assertEqual(ret
, 0, 'gpupdate --rsop failed!')
6854 gp_db
= store
.get_gplog(machine_creds
.get_username())
6855 del_gpos
= get_deleted_gpos_list(gp_db
, [])
6856 ext
.process_group_policy(del_gpos
, [], dname
)
6857 self
.assertFalse(os
.path
.exists(ca_crt
),
6858 'Root CA certificate was not removed')
6859 self
.assertFalse(os
.path
.exists(machine_crt
),
6860 'Machine certificate was not removed')
6861 self
.assertFalse(os
.path
.exists(machine_key
),
6862 'Machine key was not removed')
6863 out
, _
= Popen(['getcert', 'list-cas'], stdout
=PIPE
).communicate()
6864 self
.assertNotIn(get_bytes(ca_cn
), out
, 'CA was not removed')
6865 out
, _
= Popen(['getcert', 'list'], stdout
=PIPE
).communicate()
6866 self
.assertNotIn(b
'Machine', out
,
6867 'Machine certificate not removed')
6868 self
.assertNotIn(b
'Workstation', out
,
6869 'Workstation certificate not removed')
6871 # Remove the dummy CA, pKIEnrollmentService, and pKICertificateTemplate
6872 ldb
.delete(certa_dn
)
6873 ldb
.delete(enroll_dn
)
6874 ldb
.delete(template_dn
)
6876 # Unstage the Registry.pol file
6877 unstage_file(reg_pol
)
6879 def test_gp_cert_auto_enroll_ext(self
):
6880 local_path
= self
.lp
.cache_path('gpo_cache')
6881 guid
= '{31B2F340-016D-11D2-945F-00C04FB984F9}'
6882 reg_pol
= os
.path
.join(local_path
, policies
, guid
,
6883 'MACHINE/REGISTRY.POL')
6884 cache_dir
= self
.lp
.get('cache directory')
6885 store
= GPOStorage(os
.path
.join(cache_dir
, 'gpo.tdb'))
6887 machine_creds
= Credentials()
6888 machine_creds
.guess(self
.lp
)
6889 machine_creds
.set_machine_account()
6891 # Initialize the group policy extension
6892 cae
.requests
= dummy_requests()
6893 ext
= cae
.gp_cert_auto_enroll_ext(self
.lp
, machine_creds
,
6894 machine_creds
.get_username(), store
)
6896 gpos
= get_gpo_list(self
.server
, machine_creds
, self
.lp
,
6897 machine_creds
.get_username())
6899 # Stage the Registry.pol file with test data
6900 parser
= GPPolParser()
6901 parser
.load_xml(etree
.fromstring(auto_enroll_reg_pol
.strip()))
6902 ret
= stage_file(reg_pol
, ndr_pack(parser
.pol_file
))
6903 self
.assertTrue(ret
, 'Could not create the target %s' % reg_pol
)
6905 # Write the dummy CA entry, Enrollment Services, and Templates Entries
6906 admin_creds
= Credentials()
6907 admin_creds
.set_username(os
.environ
.get('DC_USERNAME'))
6908 admin_creds
.set_password(os
.environ
.get('DC_PASSWORD'))
6909 admin_creds
.set_realm(os
.environ
.get('REALM'))
6910 hostname
= get_dc_hostname(machine_creds
, self
.lp
)
6911 url
= 'ldap://%s' % hostname
6912 ldb
= Ldb(url
=url
, session_info
=system_session(),
6913 lp
=self
.lp
, credentials
=admin_creds
)
6914 # Write the dummy CA
6915 confdn
= 'CN=Public Key Services,CN=Services,CN=Configuration,%s' % base_dn
6916 ca_cn
= '%s-CA' % hostname
.replace('.', '-')
6917 certa_dn
= 'CN=%s,CN=Certification Authorities,%s' % (ca_cn
, confdn
)
6918 ldb
.add({'dn': certa_dn
,
6919 'objectClass': 'certificationAuthority',
6920 'authorityRevocationList': ['XXX'],
6921 'cACertificate': b
'0\x82\x03u0\x82\x02]\xa0\x03\x02\x01\x02\x02\x10I',
6922 'certificateRevocationList': ['XXX'],
6924 # Write the dummy pKIEnrollmentService
6925 enroll_dn
= 'CN=%s,CN=Enrollment Services,%s' % (ca_cn
, confdn
)
6926 ldb
.add({'dn': enroll_dn
,
6927 'objectClass': 'pKIEnrollmentService',
6928 'cACertificate': b
'0\x82\x03u0\x82\x02]\xa0\x03\x02\x01\x02\x02\x10I',
6929 'certificateTemplates': ['Machine'],
6930 'dNSHostName': hostname
,
6932 # Write the dummy pKICertificateTemplate
6933 template_dn
= 'CN=Machine,CN=Certificate Templates,%s' % confdn
6934 ldb
.add({'dn': template_dn
,
6935 'objectClass': 'pKICertificateTemplate',
6938 with
TemporaryDirectory() as dname
:
6939 ext
.process_group_policy([], gpos
, dname
, dname
)
6940 ca_crt
= os
.path
.join(dname
, '%s.crt' % ca_cn
)
6941 self
.assertTrue(os
.path
.exists(ca_crt
),
6942 'Root CA certificate was not requested')
6943 machine_crt
= os
.path
.join(dname
, '%s.Machine.crt' % ca_cn
)
6944 self
.assertTrue(os
.path
.exists(machine_crt
),
6945 'Machine certificate was not requested')
6946 machine_key
= os
.path
.join(dname
, '%s.Machine.key' % ca_cn
)
6947 self
.assertTrue(os
.path
.exists(machine_crt
),
6948 'Machine key was not generated')
6950 # Subsequent apply should react to new certificate templates
6951 os
.environ
['CEPCES_SUBMIT_SUPPORTED_TEMPLATES'] = 'Machine,Workstation'
6952 self
.addCleanup(os
.environ
.pop
, 'CEPCES_SUBMIT_SUPPORTED_TEMPLATES')
6953 ext
.process_group_policy([], gpos
, dname
, dname
)
6954 self
.assertTrue(os
.path
.exists(ca_crt
),
6955 'Root CA certificate was not requested')
6956 self
.assertTrue(os
.path
.exists(machine_crt
),
6957 'Machine certificate was not requested')
6958 self
.assertTrue(os
.path
.exists(machine_crt
),
6959 'Machine key was not generated')
6960 workstation_crt
= os
.path
.join(dname
, '%s.Workstation.crt' % ca_cn
)
6961 self
.assertTrue(os
.path
.exists(workstation_crt
),
6962 'Workstation certificate was not requested')
6963 workstation_key
= os
.path
.join(dname
, '%s.Workstation.key' % ca_cn
)
6964 self
.assertTrue(os
.path
.exists(workstation_crt
),
6965 'Workstation key was not generated')
6967 # Verify RSOP does not fail
6968 ext
.rsop([g
for g
in gpos
if g
.name
== guid
][0])
6970 # Check that a call to gpupdate --rsop also succeeds
6972 self
.assertEqual(ret
, 0, 'gpupdate --rsop failed!')
6974 # Remove policy by staging pol file with auto-enroll unchecked
6975 parser
.load_xml(etree
.fromstring(auto_enroll_unchecked_reg_pol
.strip()))
6976 ret
= stage_file(reg_pol
, ndr_pack(parser
.pol_file
))
6977 self
.assertTrue(ret
, 'Could not create the target %s' % reg_pol
)
6978 ext
.process_group_policy([], gpos
, dname
, dname
)
6979 self
.assertFalse(os
.path
.exists(ca_crt
),
6980 'Root CA certificate was not removed')
6981 self
.assertFalse(os
.path
.exists(machine_crt
),
6982 'Machine certificate was not removed')
6983 self
.assertFalse(os
.path
.exists(machine_crt
),
6984 'Machine key was not removed')
6985 self
.assertFalse(os
.path
.exists(workstation_crt
),
6986 'Workstation certificate was not removed')
6987 self
.assertFalse(os
.path
.exists(workstation_crt
),
6988 'Workstation key was not removed')
6990 # Reapply policy by staging the enabled pol file
6991 parser
.load_xml(etree
.fromstring(auto_enroll_reg_pol
.strip()))
6992 ret
= stage_file(reg_pol
, ndr_pack(parser
.pol_file
))
6993 self
.assertTrue(ret
, 'Could not create the target %s' % reg_pol
)
6994 ext
.process_group_policy([], gpos
, dname
, dname
)
6995 self
.assertTrue(os
.path
.exists(ca_crt
),
6996 'Root CA certificate was not requested')
6997 self
.assertTrue(os
.path
.exists(machine_crt
),
6998 'Machine certificate was not requested')
6999 self
.assertTrue(os
.path
.exists(machine_crt
),
7000 'Machine key was not generated')
7001 self
.assertTrue(os
.path
.exists(workstation_crt
),
7002 'Workstation certificate was not requested')
7003 self
.assertTrue(os
.path
.exists(workstation_crt
),
7004 'Workstation key was not generated')
7007 gp_db
= store
.get_gplog(machine_creds
.get_username())
7008 del_gpos
= get_deleted_gpos_list(gp_db
, [])
7009 ext
.process_group_policy(del_gpos
, [], dname
)
7010 self
.assertFalse(os
.path
.exists(ca_crt
),
7011 'Root CA certificate was not removed')
7012 self
.assertFalse(os
.path
.exists(machine_crt
),
7013 'Machine certificate was not removed')
7014 self
.assertFalse(os
.path
.exists(machine_crt
),
7015 'Machine key was not removed')
7016 self
.assertFalse(os
.path
.exists(workstation_crt
),
7017 'Workstation certificate was not removed')
7018 self
.assertFalse(os
.path
.exists(workstation_crt
),
7019 'Workstation key was not removed')
7020 out
, _
= Popen(['getcert', 'list-cas'], stdout
=PIPE
).communicate()
7021 self
.assertNotIn(get_bytes(ca_cn
), out
, 'CA was not removed')
7022 out
, _
= Popen(['getcert', 'list'], stdout
=PIPE
).communicate()
7023 self
.assertNotIn(b
'Machine', out
,
7024 'Machine certificate not removed')
7025 self
.assertNotIn(b
'Workstation', out
,
7026 'Workstation certificate not removed')
7028 # Remove the dummy CA, pKIEnrollmentService, and pKICertificateTemplate
7029 ldb
.delete(certa_dn
)
7030 ldb
.delete(enroll_dn
)
7031 ldb
.delete(template_dn
)
7033 # Unstage the Registry.pol file
7034 unstage_file(reg_pol
)
7036 def test_gp_user_scripts_ext(self
):
7037 local_path
= self
.lp
.cache_path('gpo_cache')
7038 guid
= '{31B2F340-016D-11D2-945F-00C04FB984F9}'
7039 reg_pol
= os
.path
.join(local_path
, policies
, guid
,
7040 'USER/REGISTRY.POL')
7041 cache_dir
= self
.lp
.get('cache directory')
7042 store
= GPOStorage(os
.path
.join(cache_dir
, 'gpo.tdb'))
7044 machine_creds
= Credentials()
7045 machine_creds
.guess(self
.lp
)
7046 machine_creds
.set_machine_account()
7048 # Initialize the group policy extension
7049 ext
= gp_user_scripts_ext(self
.lp
, machine_creds
,
7050 os
.environ
.get('DC_USERNAME'), store
)
7052 gpos
= get_gpo_list(self
.server
, machine_creds
, self
.lp
,
7053 machine_creds
.get_username())
7055 reg_key
= b
'Software\\Policies\\Samba\\Unix Settings'
7056 sections
= { b
'%s\\Daily Scripts' % reg_key
: b
'@daily',
7057 b
'%s\\Monthly Scripts' % reg_key
: b
'@monthly',
7058 b
'%s\\Weekly Scripts' % reg_key
: b
'@weekly',
7059 b
'%s\\Hourly Scripts' % reg_key
: b
'@hourly' }
7060 for keyname
in sections
.keys():
7061 # Stage the Registry.pol file with test data
7065 e
.valuename
= b
'Software\\Policies\\Samba\\Unix Settings'
7067 e
.data
= b
'echo hello world'
7068 stage
.num_entries
= 1
7070 ret
= stage_file(reg_pol
, ndr_pack(stage
))
7071 self
.assertTrue(ret
, 'Could not create the target %s' % reg_pol
)
7073 # Process all gpos, intentionally skipping the privilege drop
7074 ext
.process_group_policy([], gpos
)
7075 # Dump the fake crontab setup for testing
7076 p
= Popen(['crontab', '-l'], stdout
=PIPE
)
7077 crontab
, _
= p
.communicate()
7078 entry
= b
'%s %s' % (sections
[keyname
], e
.data
.encode())
7079 self
.assertIn(entry
, crontab
,
7080 'The crontab entry was not installed')
7082 # Check that a call to gpupdate --rsop also succeeds
7084 self
.assertEqual(ret
, 0, 'gpupdate --rsop failed!')
7087 gp_db
= store
.get_gplog(os
.environ
.get('DC_USERNAME'))
7088 del_gpos
= get_deleted_gpos_list(gp_db
, [])
7089 ext
.process_group_policy(del_gpos
, [])
7090 # Dump the fake crontab setup for testing
7091 p
= Popen(['crontab', '-l'], stdout
=PIPE
)
7092 crontab
, _
= p
.communicate()
7093 self
.assertNotIn(entry
, crontab
,
7094 'Unapply failed to cleanup crontab entry')
7096 # Unstage the Registry.pol file
7097 unstage_file(reg_pol
)
7099 def test_gp_firefox_ext(self
):
7100 local_path
= self
.lp
.cache_path('gpo_cache')
7101 guid
= '{31B2F340-016D-11D2-945F-00C04FB984F9}'
7102 reg_pol
= os
.path
.join(local_path
, policies
, guid
,
7103 'MACHINE/REGISTRY.POL')
7104 cache_dir
= self
.lp
.get('cache directory')
7105 store
= GPOStorage(os
.path
.join(cache_dir
, 'gpo.tdb'))
7107 machine_creds
= Credentials()
7108 machine_creds
.guess(self
.lp
)
7109 machine_creds
.set_machine_account()
7111 # Initialize the group policy extension
7112 ext
= gp_firefox_ext(self
.lp
, machine_creds
,
7113 machine_creds
.get_username(), store
)
7115 gpos
= get_gpo_list(self
.server
, machine_creds
, self
.lp
,
7116 machine_creds
.get_username())
7118 # Stage the Registry.pol file with test data
7119 parser
= GPPolParser()
7120 parser
.load_xml(etree
.fromstring(firefox_reg_pol
.strip()))
7121 ret
= stage_file(reg_pol
, ndr_pack(parser
.pol_file
))
7122 self
.assertTrue(ret
, 'Could not create the target %s' % reg_pol
)
7124 with
TemporaryDirectory() as dname
:
7125 ext
.process_group_policy([], gpos
, dname
)
7126 policies_file
= os
.path
.join(dname
, 'policies.json')
7127 with
open(policies_file
, 'r') as r
:
7128 policy_data
= json
.load(r
)
7129 expected_policy_data
= json
.loads(firefox_json_expected
)
7130 self
.assertIn('policies', policy_data
, 'Policies were not applied')
7131 self
.assertEqual(expected_policy_data
['policies'].keys(),
7132 policy_data
['policies'].keys(),
7133 'Firefox policies are missing')
7134 for name
in expected_policy_data
['policies'].keys():
7135 self
.assertEqual(expected_policy_data
['policies'][name
],
7136 policy_data
['policies'][name
],
7137 'Policies were not applied')
7139 # Verify RSOP does not fail
7140 ext
.rsop([g
for g
in gpos
if g
.name
== guid
][0])
7142 # Check that a call to gpupdate --rsop also succeeds
7144 self
.assertEqual(ret
, 0, 'gpupdate --rsop failed!')
7146 # Unapply the policy
7147 gp_db
= store
.get_gplog(machine_creds
.get_username())
7148 del_gpos
= get_deleted_gpos_list(gp_db
, [])
7149 ext
.process_group_policy(del_gpos
, [], dname
)
7150 if os
.path
.exists(policies_file
):
7151 data
= json
.load(open(policies_file
, 'r'))
7152 if 'policies' in data
.keys():
7153 self
.assertEqual(len(data
['policies'].keys()), 0,
7154 'The policy was not unapplied')
7156 # Unstage the Registry.pol file
7157 unstage_file(reg_pol
)
7159 def test_gp_chromium_ext(self
):
7160 local_path
= self
.lp
.cache_path('gpo_cache')
7161 guid
= '{31B2F340-016D-11D2-945F-00C04FB984F9}'
7162 reg_pol
= os
.path
.join(local_path
, policies
, guid
,
7163 'MACHINE/REGISTRY.POL')
7164 cache_dir
= self
.lp
.get('cache directory')
7165 store
= GPOStorage(os
.path
.join(cache_dir
, 'gpo.tdb'))
7167 machine_creds
= Credentials()
7168 machine_creds
.guess(self
.lp
)
7169 machine_creds
.set_machine_account()
7171 # Initialize the group policy extension
7172 ext
= gp_chromium_ext(self
.lp
, machine_creds
,
7173 machine_creds
.get_username(), store
)
7175 gpos
= get_gpo_list(self
.server
, machine_creds
, self
.lp
,
7176 machine_creds
.get_username())
7178 # Stage the Registry.pol file with test data
7179 parser
= GPPolParser()
7180 parser
.load_xml(etree
.fromstring(chromium_reg_pol
.strip()))
7181 ret
= stage_file(reg_pol
, ndr_pack(parser
.pol_file
))
7182 self
.assertTrue(ret
, 'Could not create the target %s' % reg_pol
)
7184 with
TemporaryDirectory() as dname
:
7185 ext
.process_group_policy([], gpos
, dname
)
7186 managed
= os
.path
.join(dname
, 'managed')
7187 managed_files
= os
.listdir(managed
)
7188 self
.assertEqual(len(managed_files
), 1,
7189 'Chromium policies are missing')
7190 managed_file
= os
.path
.join(managed
, managed_files
[0])
7191 with
open(managed_file
, 'r') as r
:
7192 managed_data
= json
.load(r
)
7193 recommended
= os
.path
.join(dname
, 'recommended')
7194 recommended_files
= os
.listdir(recommended
)
7195 self
.assertEqual(len(recommended_files
), 1,
7196 'Chromium policies are missing')
7197 recommended_file
= os
.path
.join(recommended
, recommended_files
[0])
7198 with
open(recommended_file
, 'r') as r
:
7199 recommended_data
= json
.load(r
)
7200 expected_managed_data
= json
.loads(chromium_json_expected_managed
)
7201 expected_recommended_data
= \
7202 json
.loads(chromium_json_expected_recommended
)
7204 self
.assertEqual(sorted(expected_managed_data
.keys()),
7205 sorted(managed_data
.keys()),
7206 'Chromium policies are missing')
7207 for name
in expected_managed_data
.keys():
7208 self
.assertEqual(expected_managed_data
[name
],
7210 'Policies were not applied')
7211 self
.assertEqual(expected_recommended_data
.keys(),
7212 recommended_data
.keys(),
7213 'Chromium policies are missing')
7214 for name
in expected_recommended_data
.keys():
7215 self
.assertEqual(expected_recommended_data
[name
],
7216 recommended_data
[name
],
7217 'Policies were not applied')
7219 # Ensure modifying the policy does not generate extra policy files
7220 unstage_file(reg_pol
)
7221 # Change a managed entry:
7222 parser
.pol_file
.entries
[0].data
= 0
7223 # Change a recommended entry:
7224 parser
.pol_file
.entries
[-1].data
= b
'https://google.com'
7225 ret
= stage_file(reg_pol
, ndr_pack(parser
.pol_file
))
7226 self
.assertTrue(ret
, 'Could not create the target %s' % reg_pol
)
7228 ext
.process_group_policy([], gpos
, dname
)
7229 managed_files
= os
.listdir(managed
)
7230 self
.assertEqual(len(managed_files
), 1,
7231 'Number of Chromium policies is incorrect')
7232 omanaged_file
= managed_file
7233 managed_file
= os
.path
.join(managed
, managed_files
[0])
7234 self
.assertNotEqual(omanaged_file
, managed_file
,
7235 'The managed Chromium file did not change')
7237 recommended_files
= os
.listdir(recommended
)
7238 self
.assertEqual(len(recommended_files
), 1,
7239 'Number of Chromium policies is incorrect')
7240 orecommended_file
= recommended_file
7241 recommended_file
= os
.path
.join(recommended
, recommended_files
[0])
7242 self
.assertNotEqual(orecommended_file
, recommended_file
,
7243 'The recommended Chromium file did not change')
7245 # Verify RSOP does not fail
7246 ext
.rsop([g
for g
in gpos
if g
.name
== guid
][0])
7248 # Check that a call to gpupdate --rsop also succeeds
7250 self
.assertEqual(ret
, 0, 'gpupdate --rsop failed!')
7252 # Unapply the policy
7253 gp_db
= store
.get_gplog(machine_creds
.get_username())
7254 del_gpos
= get_deleted_gpos_list(gp_db
, [])
7255 ext
.process_group_policy(del_gpos
, [], dname
)
7256 managed
= os
.path
.join(managed
, managed_files
[0])
7257 if os
.path
.exists(managed
):
7258 data
= json
.load(open(managed
, 'r'))
7259 self
.assertEqual(len(data
.keys()), 0,
7260 'The policy was not unapplied')
7261 recommended
= os
.path
.join(recommended
, recommended_files
[0])
7262 if os
.path
.exists(recommended
):
7263 data
= json
.load(open(recommended
, 'r'))
7264 self
.assertEqual(len(data
.keys()), 0,
7265 'The policy was not unapplied')
7267 # Unstage the Registry.pol file
7268 unstage_file(reg_pol
)
7270 def test_gp_firewalld_ext(self
):
7271 local_path
= self
.lp
.cache_path('gpo_cache')
7272 guid
= '{31B2F340-016D-11D2-945F-00C04FB984F9}'
7273 reg_pol
= os
.path
.join(local_path
, policies
, guid
,
7274 'MACHINE/REGISTRY.POL')
7275 cache_dir
= self
.lp
.get('cache directory')
7276 store
= GPOStorage(os
.path
.join(cache_dir
, 'gpo.tdb'))
7278 machine_creds
= Credentials()
7279 machine_creds
.guess(self
.lp
)
7280 machine_creds
.set_machine_account()
7282 # Initialize the group policy extension
7283 ext
= gp_firewalld_ext(self
.lp
, machine_creds
,
7284 machine_creds
.get_username(), store
)
7286 gpos
= get_gpo_list(self
.server
, machine_creds
, self
.lp
,
7287 machine_creds
.get_username())
7289 # Stage the Registry.pol file with test data
7290 parser
= GPPolParser()
7291 parser
.load_xml(etree
.fromstring(firewalld_reg_pol
.strip()))
7292 ret
= stage_file(reg_pol
, ndr_pack(parser
.pol_file
))
7293 self
.assertTrue(ret
, 'Could not create the target %s' % reg_pol
)
7295 ext
.process_group_policy([], gpos
)
7297 # Check that the policy was applied
7298 firewall_cmd
= which('firewall-cmd')
7299 cmd
= [firewall_cmd
, '--get-zones']
7300 p
= Popen(cmd
, stdout
=PIPE
, stderr
=PIPE
)
7301 out
, err
= p
.communicate()
7302 self
.assertIn(b
'work', out
, 'Failed to apply zones')
7303 self
.assertIn(b
'home', out
, 'Failed to apply zones')
7305 cmd
= [firewall_cmd
, '--zone=work', '--list-interfaces']
7306 p
= Popen(cmd
, stdout
=PIPE
, stderr
=PIPE
)
7307 out
, err
= p
.communicate()
7308 self
.assertIn(b
'eth0', out
, 'Failed to set interface on zone')
7310 cmd
= [firewall_cmd
, '--zone=home', '--list-interfaces']
7311 p
= Popen(cmd
, stdout
=PIPE
, stderr
=PIPE
)
7312 out
, err
= p
.communicate()
7313 self
.assertIn(b
'eth0', out
, 'Failed to set interface on zone')
7315 cmd
= [firewall_cmd
, '--zone=work', '--list-rich-rules']
7316 p
= Popen(cmd
, stdout
=PIPE
, stderr
=PIPE
)
7317 out
, err
= p
.communicate()
7318 rule
= b
'rule family=ipv4 source address=172.25.1.7 ' + \
7319 b
'service name=ftp reject'
7320 self
.assertEqual(rule
, out
.strip(), 'Failed to set rich rule')
7322 # Verify RSOP does not fail
7323 ext
.rsop([g
for g
in gpos
if g
.name
== guid
][0])
7325 # Check that a call to gpupdate --rsop also succeeds
7327 self
.assertEqual(ret
, 0, 'gpupdate --rsop failed!')
7329 # Unapply the policy
7330 gp_db
= store
.get_gplog(machine_creds
.get_username())
7331 del_gpos
= get_deleted_gpos_list(gp_db
, [])
7332 ext
.process_group_policy(del_gpos
, [])
7334 # Check that the policy was unapplied
7335 cmd
= [firewall_cmd
, '--get-zones']
7336 p
= Popen(cmd
, stdout
=PIPE
, stderr
=PIPE
)
7337 out
, err
= p
.communicate()
7338 self
.assertNotIn(b
'work', out
, 'Failed to unapply zones')
7339 self
.assertNotIn(b
'home', out
, 'Failed to unapply zones')
7341 # Unstage the Registry.pol file
7342 unstage_file(reg_pol
)
7344 def test_advanced_gp_cert_auto_enroll_ext(self
):
7345 local_path
= self
.lp
.cache_path('gpo_cache')
7346 guid
= '{31B2F340-016D-11D2-945F-00C04FB984F9}'
7347 reg_pol
= os
.path
.join(local_path
, policies
, guid
,
7348 'MACHINE/REGISTRY.POL')
7349 cache_dir
= self
.lp
.get('cache directory')
7350 store
= GPOStorage(os
.path
.join(cache_dir
, 'gpo.tdb'))
7352 machine_creds
= Credentials()
7353 machine_creds
.guess(self
.lp
)
7354 machine_creds
.set_machine_account()
7356 # Initialize the group policy extension
7357 cae
.requests
= dummy_requests()
7358 ext
= cae
.gp_cert_auto_enroll_ext(self
.lp
, machine_creds
,
7359 machine_creds
.get_username(), store
)
7361 gpos
= get_gpo_list(self
.server
, machine_creds
, self
.lp
,
7362 machine_creds
.get_username())
7364 admin_creds
= Credentials()
7365 admin_creds
.set_username(os
.environ
.get('DC_USERNAME'))
7366 admin_creds
.set_password(os
.environ
.get('DC_PASSWORD'))
7367 admin_creds
.set_realm(os
.environ
.get('REALM'))
7368 hostname
= get_dc_hostname(machine_creds
, self
.lp
)
7369 url
= 'ldap://%s' % hostname
7370 ldb
= Ldb(url
=url
, session_info
=system_session(),
7371 lp
=self
.lp
, credentials
=admin_creds
)
7373 # Stage the Registry.pol file with test data
7374 res
= ldb
.search('', _ldb
.SCOPE_BASE
, '(objectClass=*)',
7375 ['rootDomainNamingContext'])
7376 self
.assertTrue(len(res
) == 1, 'rootDomainNamingContext not found')
7377 res2
= ldb
.search(res
[0]['rootDomainNamingContext'][0],
7378 _ldb
.SCOPE_BASE
, '(objectClass=*)', ['objectGUID'])
7379 self
.assertTrue(len(res2
) == 1, 'objectGUID not found')
7380 objectGUID
= b
'{%s}' % \
7381 cae
.octet_string_to_objectGUID(res2
[0]['objectGUID'][0]).upper().encode()
7382 parser
= GPPolParser()
7383 parser
.load_xml(etree
.fromstring(advanced_enroll_reg_pol
.strip() % \
7384 (objectGUID
, objectGUID
, objectGUID
, objectGUID
)))
7385 ret
= stage_file(reg_pol
, ndr_pack(parser
.pol_file
))
7386 self
.assertTrue(ret
, 'Could not create the target %s' % reg_pol
)
7388 # Write the dummy CA entry
7389 confdn
= 'CN=Public Key Services,CN=Services,CN=Configuration,%s' % base_dn
7390 ca_cn
= '%s-CA' % hostname
.replace('.', '-')
7391 certa_dn
= 'CN=%s,CN=Certification Authorities,%s' % (ca_cn
, confdn
)
7392 ldb
.add({'dn': certa_dn
,
7393 'objectClass': 'certificationAuthority',
7394 'authorityRevocationList': ['XXX'],
7395 'cACertificate': b
'0\x82\x03u0\x82\x02]\xa0\x03\x02\x01\x02\x02\x10I',
7396 'certificateRevocationList': ['XXX'],
7398 # Write the dummy pKIEnrollmentService
7399 enroll_dn
= 'CN=%s,CN=Enrollment Services,%s' % (ca_cn
, confdn
)
7400 ldb
.add({'dn': enroll_dn
,
7401 'objectClass': 'pKIEnrollmentService',
7402 'cACertificate': b
'0\x82\x03u0\x82\x02]\xa0\x03\x02\x01\x02\x02\x10I',
7403 'certificateTemplates': ['Machine'],
7404 'dNSHostName': hostname
,
7406 # Write the dummy pKICertificateTemplate
7407 template_dn
= 'CN=Machine,CN=Certificate Templates,%s' % confdn
7408 ldb
.add({'dn': template_dn
,
7409 'objectClass': 'pKICertificateTemplate',
7412 with
TemporaryDirectory() as dname
:
7413 ext
.process_group_policy([], gpos
, dname
, dname
)
7414 ca_list
= [ca_cn
, 'example0-com-CA', 'example1-com-CA',
7417 ca_crt
= os
.path
.join(dname
, '%s.crt' % ca
)
7418 self
.assertTrue(os
.path
.exists(ca_crt
),
7419 'Root CA certificate was not requested')
7420 machine_crt
= os
.path
.join(dname
, '%s.Machine.crt' % ca
)
7421 self
.assertTrue(os
.path
.exists(machine_crt
),
7422 'Machine certificate was not requested')
7423 machine_key
= os
.path
.join(dname
, '%s.Machine.key' % ca
)
7424 self
.assertTrue(os
.path
.exists(machine_crt
),
7425 'Machine key was not generated')
7427 # Subsequent apply should react to new certificate templates
7428 os
.environ
['CEPCES_SUBMIT_SUPPORTED_TEMPLATES'] = 'Machine,Workstation'
7429 self
.addCleanup(os
.environ
.pop
, 'CEPCES_SUBMIT_SUPPORTED_TEMPLATES')
7430 ext
.process_group_policy([], gpos
, dname
, dname
)
7432 self
.assertTrue(os
.path
.exists(ca_crt
),
7433 'Root CA certificate was not requested')
7434 self
.assertTrue(os
.path
.exists(machine_crt
),
7435 'Machine certificate was not requested')
7436 self
.assertTrue(os
.path
.exists(machine_crt
),
7437 'Machine key was not generated')
7439 workstation_crt
= os
.path
.join(dname
, '%s.Workstation.crt' % ca
)
7440 self
.assertTrue(os
.path
.exists(workstation_crt
),
7441 'Workstation certificate was not requested')
7442 workstation_key
= os
.path
.join(dname
, '%s.Workstation.key' % ca
)
7443 self
.assertTrue(os
.path
.exists(workstation_crt
),
7444 'Workstation key was not generated')
7446 # Verify RSOP does not fail
7447 ext
.rsop([g
for g
in gpos
if g
.name
== guid
][0])
7449 # Check that a call to gpupdate --rsop also succeeds
7451 self
.assertEqual(ret
, 0, 'gpupdate --rsop failed!')
7454 gp_db
= store
.get_gplog(machine_creds
.get_username())
7455 del_gpos
= get_deleted_gpos_list(gp_db
, [])
7456 ext
.process_group_policy(del_gpos
, [], dname
)
7457 self
.assertFalse(os
.path
.exists(ca_crt
),
7458 'Root CA certificate was not removed')
7459 self
.assertFalse(os
.path
.exists(machine_crt
),
7460 'Machine certificate was not removed')
7461 self
.assertFalse(os
.path
.exists(machine_crt
),
7462 'Machine key was not removed')
7463 self
.assertFalse(os
.path
.exists(workstation_crt
),
7464 'Workstation certificate was not removed')
7465 self
.assertFalse(os
.path
.exists(workstation_crt
),
7466 'Workstation key was not removed')
7467 out
, _
= Popen(['getcert', 'list-cas'], stdout
=PIPE
).communicate()
7469 self
.assertNotIn(get_bytes(ca
), out
, 'CA was not removed')
7470 out
, _
= Popen(['getcert', 'list'], stdout
=PIPE
).communicate()
7471 self
.assertNotIn(b
'Machine', out
,
7472 'Machine certificate not removed')
7473 self
.assertNotIn(b
'Workstation', out
,
7474 'Workstation certificate not removed')
7476 # Remove the dummy CA, pKIEnrollmentService, and pKICertificateTemplate
7477 ldb
.delete(certa_dn
)
7478 ldb
.delete(enroll_dn
)
7479 ldb
.delete(template_dn
)
7481 # Unstage the Registry.pol file
7482 unstage_file(reg_pol
)
7484 def test_gp_centrify_sudoers_ext(self
):
7485 local_path
= self
.lp
.cache_path('gpo_cache')
7486 guid
= '{31B2F340-016D-11D2-945F-00C04FB984F9}'
7487 reg_pol
= os
.path
.join(local_path
, policies
, guid
,
7488 'MACHINE/REGISTRY.POL')
7489 cache_dir
= self
.lp
.get('cache directory')
7490 store
= GPOStorage(os
.path
.join(cache_dir
, 'gpo.tdb'))
7492 machine_creds
= Credentials()
7493 machine_creds
.guess(self
.lp
)
7494 machine_creds
.set_machine_account()
7496 # Initialize the group policy extension
7497 ext
= gp_centrify_sudoers_ext(self
.lp
, machine_creds
,
7498 machine_creds
.get_username(), store
)
7500 gpos
= get_gpo_list(self
.server
, machine_creds
, self
.lp
,
7501 machine_creds
.get_username())
7503 # Stage the Registry.pol file with test data
7506 e1
.keyname
= b
'Software\\Policies\\Centrify\\UnixSettings'
7507 e1
.valuename
= b
'sudo.enabled'
7511 e2
.keyname
= b
'Software\\Policies\\Centrify\\UnixSettings\\SuDo'
7514 e2
.data
= b
'fakeu ALL=(ALL) NOPASSWD: ALL'
7515 stage
.num_entries
= 2
7516 stage
.entries
= [e1
, e2
]
7517 ret
= stage_file(reg_pol
, ndr_pack(stage
))
7518 self
.assertTrue(ret
, 'Could not create the target %s' % reg_pol
)
7520 # Process all gpos, with temp output directory
7521 with
TemporaryDirectory() as dname
:
7522 ext
.process_group_policy([], gpos
, dname
)
7523 sudoers
= os
.listdir(dname
)
7524 self
.assertEqual(len(sudoers
), 1, 'The sudoer file was not created')
7525 sudoers_file
= os
.path
.join(dname
, sudoers
[0])
7526 self
.assertIn(e2
.data
, open(sudoers_file
, 'r').read(),
7527 'The sudoers entry was not applied')
7529 # Remove the sudoers file, and make sure a re-apply puts it back
7530 os
.unlink(sudoers_file
)
7531 ext
.process_group_policy([], gpos
, dname
)
7532 sudoers
= os
.listdir(dname
)
7533 self
.assertEqual(len(sudoers
), 1,
7534 'The sudoer file was not recreated')
7535 sudoers_file
= os
.path
.join(dname
, sudoers
[0])
7536 self
.assertIn(e2
.data
, open(sudoers_file
, 'r').read(),
7537 'The sudoers entry was not reapplied')
7539 # Check that a call to gpupdate --rsop also succeeds
7541 self
.assertEqual(ret
, 0, 'gpupdate --rsop failed!')
7544 gp_db
= store
.get_gplog(machine_creds
.get_username())
7545 del_gpos
= get_deleted_gpos_list(gp_db
, [])
7546 ext
.process_group_policy(del_gpos
, [])
7547 self
.assertEqual(len(os
.listdir(dname
)), 0,
7548 'Unapply failed to cleanup scripts')
7550 # Unstage the Registry.pol file
7551 unstage_file(reg_pol
)
7553 def test_gp_centrify_crontab_ext(self
):
7554 local_path
= self
.lp
.cache_path('gpo_cache')
7555 guid
= '{31B2F340-016D-11D2-945F-00C04FB984F9}'
7556 reg_pol
= os
.path
.join(local_path
, policies
, guid
,
7557 'MACHINE/REGISTRY.POL')
7558 cache_dir
= self
.lp
.get('cache directory')
7559 store
= GPOStorage(os
.path
.join(cache_dir
, 'gpo.tdb'))
7561 machine_creds
= Credentials()
7562 machine_creds
.guess(self
.lp
)
7563 machine_creds
.set_machine_account()
7565 # Initialize the group policy extension
7566 ext
= gp_centrify_crontab_ext(self
.lp
, machine_creds
,
7567 machine_creds
.get_username(), store
)
7569 gpos
= get_gpo_list(self
.server
, machine_creds
, self
.lp
,
7570 machine_creds
.get_username())
7572 # Stage the Registry.pol file with test data
7576 b
'Software\\Policies\\Centrify\\UnixSettings\\CrontabEntries'
7577 e
.valuename
= b
'Command1'
7579 e
.data
= b
'17 * * * * root echo hello world'
7580 stage
.num_entries
= 1
7582 ret
= stage_file(reg_pol
, ndr_pack(stage
))
7583 self
.assertTrue(ret
, 'Could not create the target %s' % reg_pol
)
7585 # Process all gpos, with temp output directory
7586 with
TemporaryDirectory() as dname
:
7587 ext
.process_group_policy([], gpos
, dname
)
7588 cron_entries
= os
.listdir(dname
)
7589 self
.assertEqual(len(cron_entries
), 1, 'Cron entry not created')
7590 fname
= os
.path
.join(dname
, cron_entries
[0])
7591 data
= open(fname
, 'rb').read()
7592 self
.assertIn(get_bytes(e
.data
), data
, 'Cron entry is missing')
7594 # Check that a call to gpupdate --rsop also succeeds
7596 self
.assertEqual(ret
, 0, 'gpupdate --rsop failed!')
7599 gp_db
= store
.get_gplog(machine_creds
.get_username())
7600 del_gpos
= get_deleted_gpos_list(gp_db
, [])
7601 ext
.process_group_policy(del_gpos
, [])
7602 self
.assertEqual(len(os
.listdir(dname
)), 0,
7603 'Unapply failed to cleanup script')
7605 # Unstage the Registry.pol file
7606 unstage_file(reg_pol
)
7608 def test_gp_user_centrify_crontab_ext(self
):
7609 local_path
= self
.lp
.cache_path('gpo_cache')
7610 guid
= '{31B2F340-016D-11D2-945F-00C04FB984F9}'
7611 reg_pol
= os
.path
.join(local_path
, policies
, guid
,
7612 'USER/REGISTRY.POL')
7613 cache_dir
= self
.lp
.get('cache directory')
7614 store
= GPOStorage(os
.path
.join(cache_dir
, 'gpo.tdb'))
7616 machine_creds
= Credentials()
7617 machine_creds
.guess(self
.lp
)
7618 machine_creds
.set_machine_account()
7620 # Initialize the group policy extension
7621 ext
= gp_user_centrify_crontab_ext(self
.lp
, machine_creds
,
7622 os
.environ
.get('DC_USERNAME'),
7625 gpos
= get_gpo_list(self
.server
, machine_creds
, self
.lp
,
7626 machine_creds
.get_username())
7628 # Stage the Registry.pol file with test data
7632 b
'Software\\Policies\\Centrify\\UnixSettings\\CrontabEntries'
7633 e
.valuename
= b
'Command1'
7635 e
.data
= b
'17 * * * * echo hello world'
7636 stage
.num_entries
= 1
7638 ret
= stage_file(reg_pol
, ndr_pack(stage
))
7639 self
.assertTrue(ret
, 'Could not create the target %s' % reg_pol
)
7641 # Process all gpos, intentionally skipping the privilege drop
7642 ext
.process_group_policy([], gpos
)
7643 # Dump the fake crontab setup for testing
7644 p
= Popen(['crontab', '-l'], stdout
=PIPE
)
7645 crontab
, _
= p
.communicate()
7646 self
.assertIn(get_bytes(e
.data
), crontab
,
7647 'The crontab entry was not installed')
7649 # Check that a call to gpupdate --rsop also succeeds
7651 self
.assertEqual(ret
, 0, 'gpupdate --rsop failed!')
7654 gp_db
= store
.get_gplog(os
.environ
.get('DC_USERNAME'))
7655 del_gpos
= get_deleted_gpos_list(gp_db
, [])
7656 ext
.process_group_policy(del_gpos
, [])
7657 # Dump the fake crontab setup for testing
7658 p
= Popen(['crontab', '-l'], stdout
=PIPE
)
7659 crontab
, _
= p
.communicate()
7660 self
.assertNotIn(get_bytes(e
.data
), crontab
,
7661 'Unapply failed to cleanup crontab entry')
7663 # Unstage the Registry.pol file
7664 unstage_file(reg_pol
)