1 # Unix SMB/CIFS implementation. Tests for smb manipulation
2 # Copyright (C) David Mulder <dmulder@suse.com> 2018
4 # This program is free software; you can redistribute it and/or modify
5 # it under the terms of the GNU General Public License as published by
6 # the Free Software Foundation; either version 3 of the License, or
7 # (at your option) any later version.
9 # This program is distributed in the hope that it will be useful,
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 # GNU General Public License for more details.
14 # You should have received a copy of the GNU General Public License
15 # along with this program. If not, see <http://www.gnu.org/licenses/>.
19 from samba
import gpo
, tests
20 from samba
.gp
.gpclass
import register_gp_extension
, list_gp_extensions
, \
21 unregister_gp_extension
, GPOStorage
22 from samba
.param
import LoadParm
23 from samba
.gp
.gpclass
import check_refresh_gpo_list
, check_safe_path
, \
24 check_guid
, parse_gpext_conf
, atomic_write_conf
, get_deleted_gpos_list
25 from subprocess
import Popen
, PIPE
26 from tempfile
import NamedTemporaryFile
, TemporaryDirectory
27 from samba
.gp
import gpclass
28 # Disable privilege dropping for testing
29 gpclass
.drop_privileges
= lambda _
, func
, *args
: func(*args
)
30 from samba
.gp
.gp_sec_ext
import gp_krb_ext
, gp_access_ext
31 from samba
.gp
.gp_scripts_ext
import gp_scripts_ext
, gp_user_scripts_ext
32 from samba
.gp
.gp_sudoers_ext
import gp_sudoers_ext
33 from samba
.gp
.vgp_sudoers_ext
import vgp_sudoers_ext
34 from samba
.gp
.vgp_symlink_ext
import vgp_symlink_ext
35 from samba
.gp
.gpclass
import gp_inf_ext
36 from samba
.gp
.gp_smb_conf_ext
import gp_smb_conf_ext
37 from samba
.gp
.vgp_files_ext
import vgp_files_ext
38 from samba
.gp
.vgp_openssh_ext
import vgp_openssh_ext
39 from samba
.gp
.vgp_startup_scripts_ext
import vgp_startup_scripts_ext
40 from samba
.gp
.vgp_motd_ext
import vgp_motd_ext
41 from samba
.gp
.vgp_issue_ext
import vgp_issue_ext
42 from samba
.gp
.vgp_access_ext
import vgp_access_ext
43 from samba
.gp
.gp_gnome_settings_ext
import gp_gnome_settings_ext
44 from samba
.gp
import gp_cert_auto_enroll_ext
as cae
45 from samba
.gp
.gp_firefox_ext
import gp_firefox_ext
46 from samba
.gp
.gp_chromium_ext
import gp_chromium_ext
47 from samba
.gp
.gp_firewalld_ext
import gp_firewalld_ext
48 from samba
.credentials
import Credentials
49 from samba
.gp
.gp_msgs_ext
import gp_msgs_ext
50 from samba
.gp
.gp_centrify_sudoers_ext
import gp_centrify_sudoers_ext
51 from samba
.gp
.gp_centrify_crontab_ext
import gp_centrify_crontab_ext
, \
52 gp_user_centrify_crontab_ext
53 from samba
.common
import get_bytes
54 from samba
.dcerpc
import preg
55 from samba
.ndr
import ndr_pack
57 from shutil
import copyfile
58 import xml
.etree
.ElementTree
as etree
60 from samba
.gp_parse
.gp_pol
import GPPolParser
62 from configparser
import ConfigParser
63 from samba
.gp
.gpclass
import get_dc_hostname
66 from samba
.auth
import system_session
68 from shutil
import which
70 from cryptography
import x509
71 from cryptography
.hazmat
.primitives
import hashes
72 from cryptography
.hazmat
.backends
import default_backend
73 from cryptography
.hazmat
.primitives
.asymmetric
import rsa
74 from cryptography
.hazmat
.primitives
.serialization
import Encoding
75 from datetime
import datetime
, timedelta
77 def dummy_certificate():
79 x509
.NameAttribute(x509
.NameOID
.COMMON_NAME
,
80 os
.environ
.get('SERVER'))
82 cons
= x509
.BasicConstraints(ca
=True, path_length
=0)
83 now
= datetime
.utcnow()
85 key
= rsa
.generate_private_key(public_exponent
=65537, key_size
=2048,
86 backend
=default_backend())
89 x509
.CertificateBuilder()
92 .public_key(key
.public_key())
94 .not_valid_before(now
)
95 .not_valid_after(now
+ timedelta(seconds
=300))
96 .add_extension(cons
, False)
97 .sign(key
, hashes
.SHA256(), default_backend())
100 return cert
.public_bytes(encoding
=Encoding
.DER
)
102 # Dummy requests structure for Certificate Auto Enrollment
103 class dummy_requests(object):
105 def get(url
=None, params
=None):
106 dummy
= requests
.Response()
107 dummy
._content
= dummy_certificate()
108 dummy
.headers
= {'Content-Type': 'application/x-x509-ca-cert'}
111 class exceptions(object):
112 ConnectionError
= Exception
113 cae
.requests
= dummy_requests
115 realm
= os
.environ
.get('REALM')
116 policies
= realm
+ '/POLICIES'
117 realm
= realm
.lower()
118 poldir
= r
'\\{0}\sysvol\{0}\Policies'.format(realm
)
119 # the first part of the base DN varies by testenv. Work it out from the realm
120 base_dn
= 'DC={0},DC=samba,DC=example,DC=com'.format(realm
.split('.')[0])
121 dspath
= 'CN=Policies,CN=System,' + base_dn
122 gpt_data
= '[General]\nVersion=%d'
124 gnome_test_reg_pol
= \
126 <?xml version="1.0" encoding="utf-8"?>
127 <PolFile num_entries="26" signature="PReg" version="1">
128 <Entry type="4" type_name="REG_DWORD">
129 <Key>GNOME Settings\Lock Down Settings</Key>
130 <ValueName>Lock Down Enabled Extensions</ValueName>
133 <Entry type="4" type_name="REG_DWORD">
134 <Key>GNOME Settings\Lock Down Settings</Key>
135 <ValueName>Lock Down Specific Settings</ValueName>
138 <Entry type="4" type_name="REG_DWORD">
139 <Key>GNOME Settings\Lock Down Settings</Key>
140 <ValueName>Disable Printing</ValueName>
143 <Entry type="4" type_name="REG_DWORD">
144 <Key>GNOME Settings\Lock Down Settings</Key>
145 <ValueName>Disable File Saving</ValueName>
148 <Entry type="4" type_name="REG_DWORD">
149 <Key>GNOME Settings\Lock Down Settings</Key>
150 <ValueName>Disable Command-Line Access</ValueName>
153 <Entry type="4" type_name="REG_DWORD">
154 <Key>GNOME Settings\Lock Down Settings</Key>
155 <ValueName>Disallow Login Using a Fingerprint</ValueName>
158 <Entry type="4" type_name="REG_DWORD">
159 <Key>GNOME Settings\Lock Down Settings</Key>
160 <ValueName>Disable User Logout</ValueName>
163 <Entry type="4" type_name="REG_DWORD">
164 <Key>GNOME Settings\Lock Down Settings</Key>
165 <ValueName>Disable User Switching</ValueName>
168 <Entry type="4" type_name="REG_DWORD">
169 <Key>GNOME Settings\Lock Down Settings</Key>
170 <ValueName>Disable Repartitioning</ValueName>
173 <Entry type="4" type_name="REG_DWORD">
174 <Key>GNOME Settings\Lock Down Settings</Key>
175 <ValueName>Whitelisted Online Accounts</ValueName>
178 <Entry type="4" type_name="REG_DWORD">
179 <Key>GNOME Settings\Lock Down Settings</Key>
180 <ValueName>Compose Key</ValueName>
183 <Entry type="4" type_name="REG_DWORD">
184 <Key>GNOME Settings\Lock Down Settings</Key>
185 <ValueName>Dim Screen when User is Idle</ValueName>
188 <Entry type="4" type_name="REG_DWORD">
189 <Key>GNOME Settings\Lock Down Settings</Key>
190 <ValueName>Enabled Extensions</ValueName>
193 <Entry type="1" type_name="REG_SZ">
194 <Key>GNOME Settings\Lock Down Settings\Compose Key</Key>
195 <ValueName>Key Name</ValueName>
196 <Value>Right Alt</Value>
198 <Entry type="4" type_name="REG_DWORD">
199 <Key>GNOME Settings\Lock Down Settings\Dim Screen when User is Idle</Key>
200 <ValueName>Delay</ValueName>
203 <Entry type="4" type_name="REG_DWORD">
204 <Key>GNOME Settings\Lock Down Settings\Dim Screen when User is Idle</Key>
205 <ValueName>Dim Idle Brightness</ValueName>
208 <Entry type="1" type_name="REG_SZ">
209 <Key>GNOME Settings\Lock Down Settings\Enabled Extensions</Key>
210 <ValueName>**delvals.</ValueName>
213 <Entry type="1" type_name="REG_SZ">
214 <Key>GNOME Settings\Lock Down Settings\Enabled Extensions</Key>
215 <ValueName>myextension1@myname.example.com</ValueName>
216 <Value>myextension1@myname.example.com</Value>
218 <Entry type="1" type_name="REG_SZ">
219 <Key>GNOME Settings\Lock Down Settings\Enabled Extensions</Key>
220 <ValueName>myextension2@myname.example.com</ValueName>
221 <Value>myextension2@myname.example.com</Value>
223 <Entry type="1" type_name="REG_SZ">
224 <Key>GNOME Settings\Lock Down Settings\Lock Down Specific Settings</Key>
225 <ValueName>**delvals.</ValueName>
228 <Entry type="1" type_name="REG_SZ">
229 <Key>GNOME Settings\Lock Down Settings\Lock Down Specific Settings</Key>
230 <ValueName>/org/gnome/desktop/background/picture-uri</ValueName>
231 <Value>/org/gnome/desktop/background/picture-uri</Value>
233 <Entry type="1" type_name="REG_SZ">
234 <Key>GNOME Settings\Lock Down Settings\Lock Down Specific Settings</Key>
235 <ValueName>/org/gnome/desktop/background/picture-options</ValueName>
236 <Value>/org/gnome/desktop/background/picture-options</Value>
238 <Entry type="1" type_name="REG_SZ">
239 <Key>GNOME Settings\Lock Down Settings\Lock Down Specific Settings</Key>
240 <ValueName>/org/gnome/desktop/background/primary-color</ValueName>
241 <Value>/org/gnome/desktop/background/primary-color</Value>
243 <Entry type="1" type_name="REG_SZ">
244 <Key>GNOME Settings\Lock Down Settings\Lock Down Specific Settings</Key>
245 <ValueName>/org/gnome/desktop/background/secondary-color</ValueName>
246 <Value>/org/gnome/desktop/background/secondary-color</Value>
248 <Entry type="1" type_name="REG_SZ">
249 <Key>GNOME Settings\Lock Down Settings\Whitelisted Online Accounts</Key>
250 <ValueName>**delvals.</ValueName>
253 <Entry type="1" type_name="REG_SZ">
254 <Key>GNOME Settings\Lock Down Settings\Whitelisted Online Accounts</Key>
255 <ValueName>google</ValueName>
256 <Value>google</Value>
261 auto_enroll_reg_pol
= \
263 <?xml version="1.0" encoding="utf-8"?>
264 <PolFile num_entries="3" signature="PReg" version="1">
265 <Entry type="4" type_name="REG_DWORD">
266 <Key>Software\Policies\Microsoft\Cryptography\AutoEnrollment</Key>
267 <ValueName>AEPolicy</ValueName>
270 <Entry type="4" type_name="REG_DWORD">
271 <Key>Software\Policies\Microsoft\Cryptography\AutoEnrollment</Key>
272 <ValueName>OfflineExpirationPercent</ValueName>
275 <Entry type="1" type_name="REG_SZ">
276 <Key>Software\Policies\Microsoft\Cryptography\AutoEnrollment</Key>
277 <ValueName>OfflineExpirationStoreNames</ValueName>
283 advanced_enroll_reg_pol
= \
285 <?xml version="1.0" encoding="utf-8"?>
286 <PolFile num_entries="30" signature="PReg" version="1">
287 <Entry type="1" type_name="REG_SZ">
288 <Key>Software\Policies\Microsoft\Cryptography</Key>
289 <ValueName>**DeleteKeys</ValueName>
290 <Value>Software\Policies\Microsoft\Cryptography\PolicyServers</Value>
292 <Entry type="4" type_name="REG_DWORD">
293 <Key>Software\Policies\Microsoft\Cryptography\AutoEnrollment</Key>
294 <ValueName>AEPolicy</ValueName>
297 <Entry type="4" type_name="REG_DWORD">
298 <Key>Software\Policies\Microsoft\Cryptography\AutoEnrollment</Key>
299 <ValueName>OfflineExpirationPercent</ValueName>
302 <Entry type="1" type_name="REG_SZ">
303 <Key>Software\Policies\Microsoft\Cryptography\AutoEnrollment</Key>
304 <ValueName>OfflineExpirationStoreNames</ValueName>
307 <Entry type="1" type_name="REG_SZ">
308 <Key>Software\Policies\Microsoft\Cryptography\PolicyServers</Key>
310 <Value>{5AD0BE6D-3393-4940-BFC3-6E19555A8919}</Value>
312 <Entry type="4" type_name="REG_DWORD">
313 <Key>Software\Policies\Microsoft\Cryptography\PolicyServers</Key>
314 <ValueName>Flags</ValueName>
317 <Entry type="1" type_name="REG_SZ">
318 <Key>Software\Policies\Microsoft\Cryptography\PolicyServers\\37c9dc30f207f27f61a2f7c3aed598a6e2920b54</Key>
319 <ValueName>URL</ValueName>
322 <Entry type="1" type_name="REG_SZ">
323 <Key>Software\Policies\Microsoft\Cryptography\PolicyServers\\37c9dc30f207f27f61a2f7c3aed598a6e2920b54</Key>
324 <ValueName>PolicyID</ValueName>
327 <Entry type="1" type_name="REG_SZ">
328 <Key>Software\Policies\Microsoft\Cryptography\PolicyServers\\37c9dc30f207f27f61a2f7c3aed598a6e2920b54</Key>
329 <ValueName>FriendlyName</ValueName>
330 <Value>Example</Value>
332 <Entry type="4" type_name="REG_DWORD">
333 <Key>Software\Policies\Microsoft\Cryptography\PolicyServers\\37c9dc30f207f27f61a2f7c3aed598a6e2920b54</Key>
334 <ValueName>Flags</ValueName>
337 <Entry type="4" type_name="REG_DWORD">
338 <Key>Software\Policies\Microsoft\Cryptography\PolicyServers\\37c9dc30f207f27f61a2f7c3aed598a6e2920b54</Key>
339 <ValueName>AuthFlags</ValueName>
342 <Entry type="4" type_name="REG_DWORD">
343 <Key>Software\Policies\Microsoft\Cryptography\PolicyServers\\37c9dc30f207f27f61a2f7c3aed598a6e2920b54</Key>
344 <ValueName>Cost</ValueName>
345 <Value>2147483645</Value>
347 <Entry type="1" type_name="REG_SZ">
348 <Key>Software\Policies\Microsoft\Cryptography\PolicyServers\\144bdbb8e4717c26e408f3c9a0cb8d6cfacbcbbe</Key>
349 <ValueName>URL</ValueName>
350 <Value>https://example2.com/ADPolicyProvider_CEP_Certificate/service.svc/CEP</Value>
352 <Entry type="1" type_name="REG_SZ">
353 <Key>Software\Policies\Microsoft\Cryptography\PolicyServers\\144bdbb8e4717c26e408f3c9a0cb8d6cfacbcbbe</Key>
354 <ValueName>PolicyID</ValueName>
357 <Entry type="1" type_name="REG_SZ">
358 <Key>Software\Policies\Microsoft\Cryptography\PolicyServers\\144bdbb8e4717c26e408f3c9a0cb8d6cfacbcbbe</Key>
359 <ValueName>FriendlyName</ValueName>
360 <Value>Example2</Value>
362 <Entry type="4" type_name="REG_DWORD">
363 <Key>Software\Policies\Microsoft\Cryptography\PolicyServers\\144bdbb8e4717c26e408f3c9a0cb8d6cfacbcbbe</Key>
364 <ValueName>Flags</ValueName>
367 <Entry type="4" type_name="REG_DWORD">
368 <Key>Software\Policies\Microsoft\Cryptography\PolicyServers\\144bdbb8e4717c26e408f3c9a0cb8d6cfacbcbbe</Key>
369 <ValueName>AuthFlags</ValueName>
372 <Entry type="4" type_name="REG_DWORD">
373 <Key>Software\Policies\Microsoft\Cryptography\PolicyServers\\144bdbb8e4717c26e408f3c9a0cb8d6cfacbcbbe</Key>
374 <ValueName>Cost</ValueName>
377 <Entry type="1" type_name="REG_SZ">
378 <Key>Software\Policies\Microsoft\Cryptography\PolicyServers\\20d46e856e9b9746c0b1265c328f126a7b3283a9</Key>
379 <ValueName>URL</ValueName>
380 <Value>https://example0.com/ADPolicyProvider_CEP_Kerberos/service.svc/CEP</Value>
382 <Entry type="1" type_name="REG_SZ">
383 <Key>Software\Policies\Microsoft\Cryptography\PolicyServers\\20d46e856e9b9746c0b1265c328f126a7b3283a9</Key>
384 <ValueName>PolicyID</ValueName>
387 <Entry type="1" type_name="REG_SZ">
388 <Key>Software\Policies\Microsoft\Cryptography\PolicyServers\\20d46e856e9b9746c0b1265c328f126a7b3283a9</Key>
389 <ValueName>FriendlyName</ValueName>
390 <Value>Example0</Value>
392 <Entry type="4" type_name="REG_DWORD">
393 <Key>Software\Policies\Microsoft\Cryptography\PolicyServers\\20d46e856e9b9746c0b1265c328f126a7b3283a9</Key>
394 <ValueName>Flags</ValueName>
397 <Entry type="4" type_name="REG_DWORD">
398 <Key>Software\Policies\Microsoft\Cryptography\PolicyServers\\20d46e856e9b9746c0b1265c328f126a7b3283a9</Key>
399 <ValueName>AuthFlags</ValueName>
402 <Entry type="4" type_name="REG_DWORD">
403 <Key>Software\Policies\Microsoft\Cryptography\PolicyServers\\20d46e856e9b9746c0b1265c328f126a7b3283a9</Key>
404 <ValueName>Cost</ValueName>
407 <Entry type="1" type_name="REG_SZ">
408 <Key>Software\Policies\Microsoft\Cryptography\PolicyServers\\855b5246433a48402ac4f5c3427566df26ccc9ac</Key>
409 <ValueName>URL</ValueName>
410 <Value>https://example1.com/ADPolicyProvider_CEP_Kerberos/service.svc/CEP</Value>
412 <Entry type="1" type_name="REG_SZ">
413 <Key>Software\Policies\Microsoft\Cryptography\PolicyServers\\855b5246433a48402ac4f5c3427566df26ccc9ac</Key>
414 <ValueName>PolicyID</ValueName>
417 <Entry type="1" type_name="REG_SZ">
418 <Key>Software\Policies\Microsoft\Cryptography\PolicyServers\\855b5246433a48402ac4f5c3427566df26ccc9ac</Key>
419 <ValueName>FriendlyName</ValueName>
420 <Value>Example1</Value>
422 <Entry type="4" type_name="REG_DWORD">
423 <Key>Software\Policies\Microsoft\Cryptography\PolicyServers\\855b5246433a48402ac4f5c3427566df26ccc9ac</Key>
424 <ValueName>Flags</ValueName>
427 <Entry type="4" type_name="REG_DWORD">
428 <Key>Software\Policies\Microsoft\Cryptography\PolicyServers\\855b5246433a48402ac4f5c3427566df26ccc9ac</Key>
429 <ValueName>AuthFlags</ValueName>
432 <Entry type="4" type_name="REG_DWORD">
433 <Key>Software\Policies\Microsoft\Cryptography\PolicyServers\\855b5246433a48402ac4f5c3427566df26ccc9ac</Key>
434 <ValueName>Cost</ValueName>
442 <?xml version="1.0" encoding="utf-8"?>
443 <PolFile num_entries="241" signature="PReg" version="1">
444 <Entry type="7" type_name="REG_MULTI_SZ">
445 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
446 <ValueName>ExtensionSettings</ValueName>
447 <Value>{ "*": { "blocked_install_message": "Custom error message.", "install_sources": ["about:addons","https://addons.mozilla.org/"], "installation_mode": "blocked", "allowed_types": ["extension"] }, "uBlock0@raymondhill.net": { "installation_mode": "force_installed", "install_url": "https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi" }, "https-everywhere@eff.org": { "installation_mode": "allowed" } }</Value>
449 <Entry type="4" type_name="REG_DWORD">
450 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
451 <ValueName>ExtensionUpdate</ValueName>
454 <Entry type="4" type_name="REG_DWORD">
455 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
456 <ValueName>SearchSuggestEnabled</ValueName>
459 <Entry type="4" type_name="REG_DWORD">
460 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
461 <ValueName>AppAutoUpdate</ValueName>
464 <Entry type="1" type_name="REG_SZ">
465 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
466 <ValueName>AppUpdateURL</ValueName>
467 <Value>https://yoursite.com</Value>
469 <Entry type="4" type_name="REG_DWORD">
470 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
471 <ValueName>BlockAboutAddons</ValueName>
474 <Entry type="4" type_name="REG_DWORD">
475 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
476 <ValueName>BlockAboutConfig</ValueName>
479 <Entry type="4" type_name="REG_DWORD">
480 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
481 <ValueName>BlockAboutProfiles</ValueName>
484 <Entry type="4" type_name="REG_DWORD">
485 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
486 <ValueName>BlockAboutSupport</ValueName>
489 <Entry type="4" type_name="REG_DWORD">
490 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
491 <ValueName>CaptivePortal</ValueName>
494 <Entry type="2" type_name="REG_EXPAND_SZ">
495 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
496 <ValueName>DefaultDownloadDirectory</ValueName>
497 <Value>${home}/Downloads</Value>
499 <Entry type="4" type_name="REG_DWORD">
500 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
501 <ValueName>DisableAppUpdate</ValueName>
504 <Entry type="4" type_name="REG_DWORD">
505 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
506 <ValueName>DisableBuiltinPDFViewer</ValueName>
509 <Entry type="4" type_name="REG_DWORD">
510 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
511 <ValueName>DisableDefaultBrowserAgent</ValueName>
514 <Entry type="4" type_name="REG_DWORD">
515 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
516 <ValueName>DisableDeveloperTools</ValueName>
519 <Entry type="4" type_name="REG_DWORD">
520 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
521 <ValueName>DisableFeedbackCommands</ValueName>
524 <Entry type="4" type_name="REG_DWORD">
525 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
526 <ValueName>DisableFirefoxAccounts</ValueName>
529 <Entry type="4" type_name="REG_DWORD">
530 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
531 <ValueName>DisableFirefoxScreenshots</ValueName>
534 <Entry type="4" type_name="REG_DWORD">
535 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
536 <ValueName>DisableFirefoxStudies</ValueName>
539 <Entry type="4" type_name="REG_DWORD">
540 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
541 <ValueName>DisableForgetButton</ValueName>
544 <Entry type="4" type_name="REG_DWORD">
545 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
546 <ValueName>DisableFormHistory</ValueName>
549 <Entry type="4" type_name="REG_DWORD">
550 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
551 <ValueName>DisableMasterPasswordCreation</ValueName>
554 <Entry type="4" type_name="REG_DWORD">
555 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
556 <ValueName>DisablePasswordReveal</ValueName>
559 <Entry type="4" type_name="REG_DWORD">
560 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
561 <ValueName>DisablePocket</ValueName>
564 <Entry type="4" type_name="REG_DWORD">
565 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
566 <ValueName>DisablePrivateBrowsing</ValueName>
569 <Entry type="4" type_name="REG_DWORD">
570 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
571 <ValueName>DisableProfileImport</ValueName>
574 <Entry type="4" type_name="REG_DWORD">
575 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
576 <ValueName>DisableProfileRefresh</ValueName>
579 <Entry type="4" type_name="REG_DWORD">
580 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
581 <ValueName>DisableSafeMode</ValueName>
584 <Entry type="4" type_name="REG_DWORD">
585 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
586 <ValueName>DisableSetDesktopBackground</ValueName>
589 <Entry type="4" type_name="REG_DWORD">
590 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
591 <ValueName>DisableSystemAddonUpdate</ValueName>
594 <Entry type="4" type_name="REG_DWORD">
595 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
596 <ValueName>DisableTelemetry</ValueName>
599 <Entry type="4" type_name="REG_DWORD">
600 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
601 <ValueName>DisplayBookmarksToolbar</ValueName>
604 <Entry type="1" type_name="REG_SZ">
605 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
606 <ValueName>DisplayMenuBar</ValueName>
607 <Value>default-on</Value>
609 <Entry type="4" type_name="REG_DWORD">
610 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
611 <ValueName>DontCheckDefaultBrowser</ValueName>
614 <Entry type="2" type_name="REG_EXPAND_SZ">
615 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
616 <ValueName>DownloadDirectory</ValueName>
617 <Value>${home}/Downloads</Value>
619 <Entry type="7" type_name="REG_MULTI_SZ">
620 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
621 <ValueName>Handlers</ValueName>
622 <Value>{ "mimeTypes": { "application/msword": { "action": "useSystemDefault", "ask": true } }, "schemes": { "mailto": { "action": "useHelperApp", "ask": true, "handlers": [{ "name": "Gmail", "uriTemplate": "https://mail.google.com/mail/?extsrc=mailto&url=%s" }] } }, "extensions": { "pdf": { "action": "useHelperApp", "ask": true, "handlers": [{ "name": "Adobe Acrobat", "path": "/usr/bin/acroread" }] } } }</Value>
624 <Entry type="4" type_name="REG_DWORD">
625 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
626 <ValueName>HardwareAcceleration</ValueName>
629 <Entry type="7" type_name="REG_MULTI_SZ">
630 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
631 <ValueName>ManagedBookmarks</ValueName>
632 <Value>[ { "toplevel_name": "My managed bookmarks folder" }, { "url": "example.com", "name": "Example" }, { "name": "Mozilla links", "children": [ { "url": "https://mozilla.org", "name": "Mozilla.org" }, { "url": "https://support.mozilla.org/", "name": "SUMO" } ] } ]</Value>
634 <Entry type="4" type_name="REG_DWORD">
635 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
636 <ValueName>NetworkPrediction</ValueName>
639 <Entry type="4" type_name="REG_DWORD">
640 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
641 <ValueName>NewTabPage</ValueName>
644 <Entry type="4" type_name="REG_DWORD">
645 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
646 <ValueName>NoDefaultBookmarks</ValueName>
649 <Entry type="4" type_name="REG_DWORD">
650 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
651 <ValueName>OfferToSaveLogins</ValueName>
654 <Entry type="4" type_name="REG_DWORD">
655 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
656 <ValueName>OfferToSaveLoginsDefault</ValueName>
659 <Entry type="1" type_name="REG_SZ">
660 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
661 <ValueName>OverrideFirstRunPage</ValueName>
662 <Value>http://example.org</Value>
664 <Entry type="1" type_name="REG_SZ">
665 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
666 <ValueName>OverridePostUpdatePage</ValueName>
667 <Value>http://example.org</Value>
669 <Entry type="4" type_name="REG_DWORD">
670 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
671 <ValueName>PasswordManagerEnabled</ValueName>
674 <Entry type="7" type_name="REG_MULTI_SZ">
675 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
676 <ValueName>Preferences</ValueName>
677 <Value>{ "accessibility.force_disabled": { "Value": 1, "Status": "default" }, "browser.cache.disk.parent_directory": { "Value": "SOME_NATIVE_PATH", "Status": "user" }, "browser.tabs.warnOnClose": { "Value": false, "Status": "locked" } }</Value>
679 <Entry type="4" type_name="REG_DWORD">
680 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
681 <ValueName>PrimaryPassword</ValueName>
684 <Entry type="4" type_name="REG_DWORD">
685 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
686 <ValueName>PromptForDownloadLocation</ValueName>
689 <Entry type="1" type_name="REG_SZ">
690 <Key>Software\\Policies\\Mozilla\\Firefox\\RequestedLocales</Key>
691 <ValueName>**delvals.</ValueName>
694 <Entry type="1" type_name="REG_SZ">
695 <Key>Software\\Policies\\Mozilla\\Firefox\\RequestedLocales</Key>
696 <ValueName>1</ValueName>
699 <Entry type="1" type_name="REG_SZ">
700 <Key>Software\\Policies\\Mozilla\\Firefox\\RequestedLocales</Key>
701 <ValueName>2</ValueName>
704 <Entry type="1" type_name="REG_SZ">
705 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
706 <ValueName>SSLVersionMax</ValueName>
707 <Value>tls1.3</Value>
709 <Entry type="1" type_name="REG_SZ">
710 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
711 <ValueName>SSLVersionMin</ValueName>
712 <Value>tls1.3</Value>
714 <Entry type="1" type_name="REG_SZ">
715 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
716 <ValueName>SearchBar</ValueName>
717 <Value>unified</Value>
719 <Entry type="4" type_name="REG_DWORD">
720 <Key>Software\\Policies\\Mozilla\\Firefox\\Authentication</Key>
721 <ValueName>Locked</ValueName>
724 <Entry type="4" type_name="REG_DWORD">
725 <Key>Software\\Policies\\Mozilla\\Firefox\\Authentication</Key>
726 <ValueName>PrivateBrowsing</ValueName>
729 <Entry type="4" type_name="REG_DWORD">
730 <Key>Software\\Policies\\Mozilla\\Firefox\\Authentication\\AllowNonFQDN</Key>
731 <ValueName>NTLM</ValueName>
734 <Entry type="4" type_name="REG_DWORD">
735 <Key>Software\\Policies\\Mozilla\\Firefox\\Authentication\\AllowNonFQDN</Key>
736 <ValueName>SPNEGO</ValueName>
739 <Entry type="4" type_name="REG_DWORD">
740 <Key>Software\\Policies\\Mozilla\\Firefox\\Authentication\\AllowProxies</Key>
741 <ValueName>NTLM</ValueName>
744 <Entry type="4" type_name="REG_DWORD">
745 <Key>Software\\Policies\\Mozilla\\Firefox\\Authentication\\AllowProxies</Key>
746 <ValueName>SPNEGO</ValueName>
749 <Entry type="1" type_name="REG_SZ">
750 <Key>Software\\Policies\\Mozilla\\Firefox\\Authentication\\Delegated</Key>
751 <ValueName>**delvals.</ValueName>
754 <Entry type="1" type_name="REG_SZ">
755 <Key>Software\\Policies\\Mozilla\\Firefox\\Authentication\\Delegated</Key>
756 <ValueName>1</ValueName>
757 <Value>mydomain.com</Value>
759 <Entry type="1" type_name="REG_SZ">
760 <Key>Software\\Policies\\Mozilla\\Firefox\\Authentication\\Delegated</Key>
761 <ValueName>1</ValueName>
762 <Value>https://myotherdomain.com</Value>
764 <Entry type="1" type_name="REG_SZ">
765 <Key>Software\\Policies\\Mozilla\\Firefox\\Authentication\\NTLM</Key>
766 <ValueName>**delvals.</ValueName>
769 <Entry type="1" type_name="REG_SZ">
770 <Key>Software\\Policies\\Mozilla\\Firefox\\Authentication\\NTLM</Key>
771 <ValueName>1</ValueName>
772 <Value>mydomain.com</Value>
774 <Entry type="1" type_name="REG_SZ">
775 <Key>Software\\Policies\\Mozilla\\Firefox\\Authentication\\NTLM</Key>
776 <ValueName>1</ValueName>
777 <Value>https://myotherdomain.com</Value>
779 <Entry type="1" type_name="REG_SZ">
780 <Key>Software\\Policies\\Mozilla\\Firefox\\Authentication\\SPNEGO</Key>
781 <ValueName>**delvals.</ValueName>
784 <Entry type="1" type_name="REG_SZ">
785 <Key>Software\\Policies\\Mozilla\\Firefox\\Authentication\\SPNEGO</Key>
786 <ValueName>1</ValueName>
787 <Value>mydomain.com</Value>
789 <Entry type="1" type_name="REG_SZ">
790 <Key>Software\\Policies\\Mozilla\\Firefox\\Authentication\\SPNEGO</Key>
791 <ValueName>1</ValueName>
792 <Value>https://myotherdomain.com</Value>
794 <Entry type="1" type_name="REG_SZ">
795 <Key>Software\\Policies\\Mozilla\\Firefox\\Bookmarks\\1</Key>
796 <ValueName>Title</ValueName>
797 <Value>Example</Value>
799 <Entry type="1" type_name="REG_SZ">
800 <Key>Software\\Policies\\Mozilla\\Firefox\\Bookmarks\\1</Key>
801 <ValueName>URL</ValueName>
802 <Value>https://example.com</Value>
804 <Entry type="1" type_name="REG_SZ">
805 <Key>Software\\Policies\\Mozilla\\Firefox\\Bookmarks\\1</Key>
806 <ValueName>Favicon</ValueName>
807 <Value>https://example.com/favicon.ico</Value>
809 <Entry type="1" type_name="REG_SZ">
810 <Key>Software\\Policies\\Mozilla\\Firefox\\Bookmarks\\1</Key>
811 <ValueName>Placement</ValueName>
814 <Entry type="1" type_name="REG_SZ">
815 <Key>Software\\Policies\\Mozilla\\Firefox\\Bookmarks\\1</Key>
816 <ValueName>Folder</ValueName>
817 <Value>FolderName</Value>
819 <Entry type="1" type_name="REG_SZ">
820 <Key>Software\\Policies\\Mozilla\\Firefox\\Bookmarks\\10</Key>
821 <ValueName>Title</ValueName>
824 <Entry type="1" type_name="REG_SZ">
825 <Key>Software\\Policies\\Mozilla\\Firefox\\Bookmarks\\10</Key>
826 <ValueName>URL</ValueName>
827 <Value>www.samba.org</Value>
829 <Entry type="1" type_name="REG_SZ">
830 <Key>Software\\Policies\\Mozilla\\Firefox\\Bookmarks\\10</Key>
831 <ValueName>Favicon</ValueName>
834 <Entry type="1" type_name="REG_SZ">
835 <Key>Software\\Policies\\Mozilla\\Firefox\\Bookmarks\\10</Key>
836 <ValueName>Placement</ValueName>
837 <Value>toolbar</Value>
839 <Entry type="1" type_name="REG_SZ">
840 <Key>Software\\Policies\\Mozilla\\Firefox\\Bookmarks\\10</Key>
841 <ValueName>Folder</ValueName>
844 <Entry type="1" type_name="REG_SZ">
845 <Key>Software\\Policies\\Mozilla\\Firefox\\Cookies</Key>
846 <ValueName>AcceptThirdParty</ValueName>
849 <Entry type="4" type_name="REG_DWORD">
850 <Key>Software\\Policies\\Mozilla\\Firefox\\Cookies</Key>
851 <ValueName>Default</ValueName>
854 <Entry type="4" type_name="REG_DWORD">
855 <Key>Software\\Policies\\Mozilla\\Firefox\\Cookies</Key>
856 <ValueName>ExpireAtSessionEnd</ValueName>
859 <Entry type="4" type_name="REG_DWORD">
860 <Key>Software\\Policies\\Mozilla\\Firefox\\Cookies</Key>
861 <ValueName>Locked</ValueName>
864 <Entry type="4" type_name="REG_DWORD">
865 <Key>Software\\Policies\\Mozilla\\Firefox\\Cookies</Key>
866 <ValueName>RejectTracker</ValueName>
869 <Entry type="1" type_name="REG_SZ">
870 <Key>Software\\Policies\\Mozilla\\Firefox\\Cookies\\Allow</Key>
871 <ValueName>**delvals.</ValueName>
874 <Entry type="1" type_name="REG_SZ">
875 <Key>Software\\Policies\\Mozilla\\Firefox\\Cookies\\Allow</Key>
876 <ValueName>1</ValueName>
877 <Value>http://example.org/</Value>
879 <Entry type="1" type_name="REG_SZ">
880 <Key>Software\\Policies\\Mozilla\\Firefox\\Cookies\\AllowSession</Key>
881 <ValueName>**delvals.</ValueName>
884 <Entry type="1" type_name="REG_SZ">
885 <Key>Software\\Policies\\Mozilla\\Firefox\\Cookies\\AllowSession</Key>
886 <ValueName>1</ValueName>
887 <Value>http://example.edu/</Value>
889 <Entry type="1" type_name="REG_SZ">
890 <Key>Software\\Policies\\Mozilla\\Firefox\\Cookies\\Block</Key>
891 <ValueName>**delvals.</ValueName>
894 <Entry type="1" type_name="REG_SZ">
895 <Key>Software\\Policies\\Mozilla\\Firefox\\Cookies\\Block</Key>
896 <ValueName>1</ValueName>
897 <Value>http://example.edu/</Value>
899 <Entry type="4" type_name="REG_DWORD">
900 <Key>Software\\Policies\\Mozilla\\Firefox\\DisabledCiphers</Key>
901 <ValueName>TLS_DHE_RSA_WITH_AES_128_CBC_SHA</ValueName>
904 <Entry type="4" type_name="REG_DWORD">
905 <Key>Software\\Policies\\Mozilla\\Firefox\\DisabledCiphers</Key>
906 <ValueName>TLS_DHE_RSA_WITH_AES_256_CBC_SHA</ValueName>
909 <Entry type="4" type_name="REG_DWORD">
910 <Key>Software\\Policies\\Mozilla\\Firefox\\DisabledCiphers</Key>
911 <ValueName>TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256</ValueName>
914 <Entry type="4" type_name="REG_DWORD">
915 <Key>Software\\Policies\\Mozilla\\Firefox\\DisabledCiphers</Key>
916 <ValueName>TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA</ValueName>
919 <Entry type="4" type_name="REG_DWORD">
920 <Key>Software\\Policies\\Mozilla\\Firefox\\DisabledCiphers</Key>
921 <ValueName>TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256</ValueName>
924 <Entry type="4" type_name="REG_DWORD">
925 <Key>Software\\Policies\\Mozilla\\Firefox\\DisabledCiphers</Key>
926 <ValueName>TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA</ValueName>
929 <Entry type="4" type_name="REG_DWORD">
930 <Key>Software\\Policies\\Mozilla\\Firefox\\DisabledCiphers</Key>
931 <ValueName>TLS_RSA_WITH_3DES_EDE_CBC_SHA</ValueName>
934 <Entry type="4" type_name="REG_DWORD">
935 <Key>Software\\Policies\\Mozilla\\Firefox\\DisabledCiphers</Key>
936 <ValueName>TLS_RSA_WITH_AES_128_CBC_SHA</ValueName>
939 <Entry type="4" type_name="REG_DWORD">
940 <Key>Software\\Policies\\Mozilla\\Firefox\\DisabledCiphers</Key>
941 <ValueName>TLS_RSA_WITH_AES_128_GCM_SHA256</ValueName>
944 <Entry type="4" type_name="REG_DWORD">
945 <Key>Software\\Policies\\Mozilla\\Firefox\\DisabledCiphers</Key>
946 <ValueName>TLS_RSA_WITH_AES_256_CBC_SHA</ValueName>
949 <Entry type="4" type_name="REG_DWORD">
950 <Key>Software\\Policies\\Mozilla\\Firefox\\DisabledCiphers</Key>
951 <ValueName>TLS_RSA_WITH_AES_256_GCM_SHA384</ValueName>
954 <Entry type="4" type_name="REG_DWORD">
955 <Key>Software\\Policies\\Mozilla\\Firefox\\DisableSecurityBypass</Key>
956 <ValueName>InvalidCertificate</ValueName>
959 <Entry type="4" type_name="REG_DWORD">
960 <Key>Software\\Policies\\Mozilla\\Firefox\\DisableSecurityBypass</Key>
961 <ValueName>SafeBrowsing</ValueName>
964 <Entry type="4" type_name="REG_DWORD">
965 <Key>Software\\Policies\\Mozilla\\Firefox\\DNSOverHTTPS</Key>
966 <ValueName>Enabled</ValueName>
969 <Entry type="4" type_name="REG_DWORD">
970 <Key>Software\\Policies\\Mozilla\\Firefox\\DNSOverHTTPS</Key>
971 <ValueName>Locked</ValueName>
974 <Entry type="1" type_name="REG_SZ">
975 <Key>Software\\Policies\\Mozilla\\Firefox\\DNSOverHTTPS</Key>
976 <ValueName>ProviderURL</ValueName>
977 <Value>URL_TO_ALTERNATE_PROVIDER</Value>
979 <Entry type="1" type_name="REG_SZ">
980 <Key>Software\\Policies\\Mozilla\\Firefox\\DNSOverHTTPS\\ExcludedDomains</Key>
981 <ValueName>**delvals.</ValueName>
984 <Entry type="1" type_name="REG_SZ">
985 <Key>Software\\Policies\\Mozilla\\Firefox\\DNSOverHTTPS\\ExcludedDomains</Key>
986 <ValueName>1</ValueName>
987 <Value>example.com</Value>
989 <Entry type="4" type_name="REG_DWORD">
990 <Key>Software\\Policies\\Mozilla\\Firefox\\EnableTrackingProtection</Key>
991 <ValueName>Value</ValueName>
994 <Entry type="4" type_name="REG_DWORD">
995 <Key>Software\\Policies\\Mozilla\\Firefox\\EnableTrackingProtection</Key>
996 <ValueName>Cryptomining</ValueName>
999 <Entry type="4" type_name="REG_DWORD">
1000 <Key>Software\\Policies\\Mozilla\\Firefox\\EnableTrackingProtection</Key>
1001 <ValueName>Fingerprinting</ValueName>
1004 <Entry type="4" type_name="REG_DWORD">
1005 <Key>Software\\Policies\\Mozilla\\Firefox\\EnableTrackingProtection</Key>
1006 <ValueName>Locked</ValueName>
1009 <Entry type="1" type_name="REG_SZ">
1010 <Key>Software\\Policies\\Mozilla\\Firefox\\EnableTrackingProtection\\Exceptions</Key>
1011 <ValueName>**delvals.</ValueName>
1014 <Entry type="1" type_name="REG_SZ">
1015 <Key>Software\\Policies\\Mozilla\\Firefox\\EnableTrackingProtection\\Exceptions</Key>
1016 <ValueName>1</ValueName>
1017 <Value>https://example.com</Value>
1019 <Entry type="4" type_name="REG_DWORD">
1020 <Key>Software\\Policies\\Mozilla\\Firefox\\EncryptedMediaExtensions</Key>
1021 <ValueName>Enabled</ValueName>
1024 <Entry type="4" type_name="REG_DWORD">
1025 <Key>Software\\Policies\\Mozilla\\Firefox\\EncryptedMediaExtensions</Key>
1026 <ValueName>Locked</ValueName>
1029 <Entry type="1" type_name="REG_SZ">
1030 <Key>Software\\Policies\\Mozilla\\Firefox\\Extensions\\Install</Key>
1031 <ValueName>**delvals.</ValueName>
1034 <Entry type="2" type_name="REG_EXPAND_SZ">
1035 <Key>Software\\Policies\\Mozilla\\Firefox\\Extensions\\Install</Key>
1036 <ValueName>1</ValueName>
1037 <Value>https://addons.mozilla.org/firefox/downloads/somefile.xpi</Value>
1039 <Entry type="2" type_name="REG_EXPAND_SZ">
1040 <Key>Software\\Policies\\Mozilla\\Firefox\\Extensions\\Install</Key>
1041 <ValueName>2</ValueName>
1042 <Value>//path/to/xpi</Value>
1044 <Entry type="1" type_name="REG_SZ">
1045 <Key>Software\\Policies\\Mozilla\\Firefox\\Extensions\\Locked</Key>
1046 <ValueName>**delvals.</ValueName>
1049 <Entry type="1" type_name="REG_SZ">
1050 <Key>Software\\Policies\\Mozilla\\Firefox\\Extensions\\Locked</Key>
1051 <ValueName>1</ValueName>
1052 <Value>addon_id@mozilla.org</Value>
1054 <Entry type="1" type_name="REG_SZ">
1055 <Key>Software\\Policies\\Mozilla\\Firefox\\Extensions\\Uninstall</Key>
1056 <ValueName>**delvals.</ValueName>
1059 <Entry type="1" type_name="REG_SZ">
1060 <Key>Software\\Policies\\Mozilla\\Firefox\\Extensions\\Uninstall</Key>
1061 <ValueName>1</ValueName>
1062 <Value>bad_addon_id@mozilla.org</Value>
1064 <Entry type="4" type_name="REG_DWORD">
1065 <Key>Software\\Policies\\Mozilla\\Firefox\\FirefoxHome</Key>
1066 <ValueName>Search</ValueName>
1069 <Entry type="4" type_name="REG_DWORD">
1070 <Key>Software\\Policies\\Mozilla\\Firefox\\FirefoxHome</Key>
1071 <ValueName>TopSites</ValueName>
1074 <Entry type="4" type_name="REG_DWORD">
1075 <Key>Software\\Policies\\Mozilla\\Firefox\\FirefoxHome</Key>
1076 <ValueName>Highlights</ValueName>
1079 <Entry type="4" type_name="REG_DWORD">
1080 <Key>Software\\Policies\\Mozilla\\Firefox\\FirefoxHome</Key>
1081 <ValueName>Pocket</ValueName>
1084 <Entry type="4" type_name="REG_DWORD">
1085 <Key>Software\\Policies\\Mozilla\\Firefox\\FirefoxHome</Key>
1086 <ValueName>Snippets</ValueName>
1089 <Entry type="4" type_name="REG_DWORD">
1090 <Key>Software\\Policies\\Mozilla\\Firefox\\FirefoxHome</Key>
1091 <ValueName>Locked</ValueName>
1094 <Entry type="4" type_name="REG_DWORD">
1095 <Key>Software\\Policies\\Mozilla\\Firefox\\FlashPlugin</Key>
1096 <ValueName>Default</ValueName>
1099 <Entry type="4" type_name="REG_DWORD">
1100 <Key>Software\\Policies\\Mozilla\\Firefox\\FlashPlugin</Key>
1101 <ValueName>Locked</ValueName>
1104 <Entry type="1" type_name="REG_SZ">
1105 <Key>Software\\Policies\\Mozilla\\Firefox\\FlashPlugin\\Allow</Key>
1106 <ValueName>**delvals.</ValueName>
1109 <Entry type="1" type_name="REG_SZ">
1110 <Key>Software\\Policies\\Mozilla\\Firefox\\FlashPlugin\\Allow</Key>
1111 <ValueName>1</ValueName>
1112 <Value>http://example.org/</Value>
1114 <Entry type="1" type_name="REG_SZ">
1115 <Key>Software\\Policies\\Mozilla\\Firefox\\FlashPlugin\\Block</Key>
1116 <ValueName>**delvals.</ValueName>
1119 <Entry type="1" type_name="REG_SZ">
1120 <Key>Software\\Policies\\Mozilla\\Firefox\\FlashPlugin\\Block</Key>
1121 <ValueName>1</ValueName>
1122 <Value>http://example.edu/</Value>
1124 <Entry type="1" type_name="REG_SZ">
1125 <Key>Software\\Policies\\Mozilla\\Firefox\\Homepage</Key>
1126 <ValueName>StartPage</ValueName>
1127 <Value>homepage</Value>
1129 <Entry type="1" type_name="REG_SZ">
1130 <Key>Software\\Policies\\Mozilla\\Firefox\\Homepage</Key>
1131 <ValueName>URL</ValueName>
1132 <Value>http://example.com/</Value>
1134 <Entry type="4" type_name="REG_DWORD">
1135 <Key>Software\\Policies\\Mozilla\\Firefox\\Homepage</Key>
1136 <ValueName>Locked</ValueName>
1139 <Entry type="1" type_name="REG_SZ">
1140 <Key>Software\\Policies\\Mozilla\\Firefox\\Homepage\\Additional</Key>
1141 <ValueName>**delvals.</ValueName>
1144 <Entry type="1" type_name="REG_SZ">
1145 <Key>Software\\Policies\\Mozilla\\Firefox\\Homepage\\Additional</Key>
1146 <ValueName>1</ValueName>
1147 <Value>http://example.org/</Value>
1149 <Entry type="1" type_name="REG_SZ">
1150 <Key>Software\\Policies\\Mozilla\\Firefox\\Homepage\\Additional</Key>
1151 <ValueName>2</ValueName>
1152 <Value>http://example.edu/</Value>
1154 <Entry type="4" type_name="REG_DWORD">
1155 <Key>Software\\Policies\\Mozilla\\Firefox\\InstallAddonsPermission</Key>
1156 <ValueName>Default</ValueName>
1159 <Entry type="1" type_name="REG_SZ">
1160 <Key>Software\\Policies\\Mozilla\\Firefox\\InstallAddonsPermission\\Allow</Key>
1161 <ValueName>**delvals.</ValueName>
1164 <Entry type="1" type_name="REG_SZ">
1165 <Key>Software\\Policies\\Mozilla\\Firefox\\InstallAddonsPermission\\Allow</Key>
1166 <ValueName>1</ValueName>
1167 <Value>http://example.org/</Value>
1169 <Entry type="1" type_name="REG_SZ">
1170 <Key>Software\\Policies\\Mozilla\\Firefox\\InstallAddonsPermission\\Allow</Key>
1171 <ValueName>2</ValueName>
1172 <Value>http://example.edu/</Value>
1174 <Entry type="1" type_name="REG_SZ">
1175 <Key>Software\\Policies\\Mozilla\\Firefox\\LocalFileLinks</Key>
1176 <ValueName>**delvals.</ValueName>
1179 <Entry type="1" type_name="REG_SZ">
1180 <Key>Software\\Policies\\Mozilla\\Firefox\\LocalFileLinks</Key>
1181 <ValueName>1</ValueName>
1182 <Value>http://example.org/</Value>
1184 <Entry type="1" type_name="REG_SZ">
1185 <Key>Software\\Policies\\Mozilla\\Firefox\\LocalFileLinks</Key>
1186 <ValueName>2</ValueName>
1187 <Value>http://example.edu/</Value>
1189 <Entry type="4" type_name="REG_DWORD">
1190 <Key>Software\\Policies\\Mozilla\\Firefox\\PDFjs</Key>
1191 <ValueName>EnablePermissions</ValueName>
1194 <Entry type="4" type_name="REG_DWORD">
1195 <Key>Software\\Policies\\Mozilla\\Firefox\\PDFjs</Key>
1196 <ValueName>Enabled</ValueName>
1199 <Entry type="1" type_name="REG_SZ">
1200 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Autoplay</Key>
1201 <ValueName>Default</ValueName>
1202 <Value>block-audio</Value>
1204 <Entry type="4" type_name="REG_DWORD">
1205 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Autoplay</Key>
1206 <ValueName>Locked</ValueName>
1209 <Entry type="1" type_name="REG_SZ">
1210 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Autoplay\\Allow</Key>
1211 <ValueName>**delvals.</ValueName>
1214 <Entry type="1" type_name="REG_SZ">
1215 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Autoplay\\Allow</Key>
1216 <ValueName>1</ValueName>
1217 <Value>https://example.org</Value>
1219 <Entry type="1" type_name="REG_SZ">
1220 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Autoplay\\Block</Key>
1221 <ValueName>**delvals.</ValueName>
1224 <Entry type="1" type_name="REG_SZ">
1225 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Autoplay\\Block</Key>
1226 <ValueName>1</ValueName>
1227 <Value>https://example.edu</Value>
1229 <Entry type="4" type_name="REG_DWORD">
1230 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Camera</Key>
1231 <ValueName>BlockNewRequests</ValueName>
1234 <Entry type="4" type_name="REG_DWORD">
1235 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Camera</Key>
1236 <ValueName>Locked</ValueName>
1239 <Entry type="1" type_name="REG_SZ">
1240 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Camera\\Allow</Key>
1241 <ValueName>**delvals.</ValueName>
1244 <Entry type="1" type_name="REG_SZ">
1245 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Camera\\Allow</Key>
1246 <ValueName>1</ValueName>
1247 <Value>https://example.org</Value>
1249 <Entry type="1" type_name="REG_SZ">
1250 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Camera\\Allow</Key>
1251 <ValueName>2</ValueName>
1252 <Value>https://example.org:1234</Value>
1254 <Entry type="1" type_name="REG_SZ">
1255 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Camera\\Block</Key>
1256 <ValueName>**delvals.</ValueName>
1259 <Entry type="1" type_name="REG_SZ">
1260 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Camera\\Block</Key>
1261 <ValueName>1</ValueName>
1262 <Value>https://example.edu</Value>
1264 <Entry type="4" type_name="REG_DWORD">
1265 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Location</Key>
1266 <ValueName>BlockNewRequests</ValueName>
1269 <Entry type="4" type_name="REG_DWORD">
1270 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Location</Key>
1271 <ValueName>Locked</ValueName>
1274 <Entry type="1" type_name="REG_SZ">
1275 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Location\\Allow</Key>
1276 <ValueName>**delvals.</ValueName>
1279 <Entry type="1" type_name="REG_SZ">
1280 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Location\\Allow</Key>
1281 <ValueName>1</ValueName>
1282 <Value>https://example.org</Value>
1284 <Entry type="1" type_name="REG_SZ">
1285 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Location\\Block</Key>
1286 <ValueName>**delvals.</ValueName>
1289 <Entry type="1" type_name="REG_SZ">
1290 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Location\\Block</Key>
1291 <ValueName>1</ValueName>
1292 <Value>https://example.edu</Value>
1294 <Entry type="4" type_name="REG_DWORD">
1295 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Microphone</Key>
1296 <ValueName>BlockNewRequests</ValueName>
1299 <Entry type="4" type_name="REG_DWORD">
1300 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Microphone</Key>
1301 <ValueName>Locked</ValueName>
1304 <Entry type="1" type_name="REG_SZ">
1305 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Microphone\\Allow</Key>
1306 <ValueName>**delvals.</ValueName>
1309 <Entry type="1" type_name="REG_SZ">
1310 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Microphone\\Allow</Key>
1311 <ValueName>1</ValueName>
1312 <Value>https://example.org</Value>
1314 <Entry type="1" type_name="REG_SZ">
1315 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Microphone\\Block</Key>
1316 <ValueName>**delvals.</ValueName>
1319 <Entry type="1" type_name="REG_SZ">
1320 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Microphone\\Block</Key>
1321 <ValueName>1</ValueName>
1322 <Value>https://example.edu</Value>
1324 <Entry type="4" type_name="REG_DWORD">
1325 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Notifications</Key>
1326 <ValueName>BlockNewRequests</ValueName>
1329 <Entry type="4" type_name="REG_DWORD">
1330 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Notifications</Key>
1331 <ValueName>Locked</ValueName>
1334 <Entry type="1" type_name="REG_SZ">
1335 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Notifications\\Allow</Key>
1336 <ValueName>**delvals.</ValueName>
1339 <Entry type="1" type_name="REG_SZ">
1340 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Notifications\\Allow</Key>
1341 <ValueName>1</ValueName>
1342 <Value>https://example.org</Value>
1344 <Entry type="1" type_name="REG_SZ">
1345 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Notifications\\Block</Key>
1346 <ValueName>**delvals.</ValueName>
1349 <Entry type="1" type_name="REG_SZ">
1350 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Notifications\\Block</Key>
1351 <ValueName>1</ValueName>
1352 <Value>https://example.edu</Value>
1354 <Entry type="4" type_name="REG_DWORD">
1355 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\VirtualReality</Key>
1356 <ValueName>BlockNewRequests</ValueName>
1359 <Entry type="4" type_name="REG_DWORD">
1360 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\VirtualReality</Key>
1361 <ValueName>Locked</ValueName>
1364 <Entry type="1" type_name="REG_SZ">
1365 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\VirtualReality\\Allow</Key>
1366 <ValueName>**delvals.</ValueName>
1369 <Entry type="1" type_name="REG_SZ">
1370 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\VirtualReality\\Allow</Key>
1371 <ValueName>1</ValueName>
1372 <Value>https://example.org</Value>
1374 <Entry type="1" type_name="REG_SZ">
1375 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\VirtualReality\\Block</Key>
1376 <ValueName>**delvals.</ValueName>
1379 <Entry type="1" type_name="REG_SZ">
1380 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\VirtualReality\\Block</Key>
1381 <ValueName>1</ValueName>
1382 <Value>https://example.edu</Value>
1384 <Entry type="4" type_name="REG_DWORD">
1385 <Key>Software\\Policies\\Mozilla\\Firefox\\PictureInPicture</Key>
1386 <ValueName>Enabled</ValueName>
1389 <Entry type="4" type_name="REG_DWORD">
1390 <Key>Software\\Policies\\Mozilla\\Firefox\\PictureInPicture</Key>
1391 <ValueName>Locked</ValueName>
1394 <Entry type="4" type_name="REG_DWORD">
1395 <Key>Software\\Policies\\Mozilla\\Firefox\\PopupBlocking</Key>
1396 <ValueName>Default</ValueName>
1399 <Entry type="4" type_name="REG_DWORD">
1400 <Key>Software\\Policies\\Mozilla\\Firefox\\PopupBlocking</Key>
1401 <ValueName>Locked</ValueName>
1404 <Entry type="1" type_name="REG_SZ">
1405 <Key>Software\\Policies\\Mozilla\\Firefox\\PopupBlocking\\Allow</Key>
1406 <ValueName>**delvals.</ValueName>
1409 <Entry type="1" type_name="REG_SZ">
1410 <Key>Software\\Policies\\Mozilla\\Firefox\\PopupBlocking\\Allow</Key>
1411 <ValueName>1</ValueName>
1412 <Value>http://example.org/</Value>
1414 <Entry type="1" type_name="REG_SZ">
1415 <Key>Software\\Policies\\Mozilla\\Firefox\\PopupBlocking\\Allow</Key>
1416 <ValueName>2</ValueName>
1417 <Value>http://example.edu/</Value>
1419 <Entry type="4" type_name="REG_DWORD">
1420 <Key>Software\\Policies\\Mozilla\\Firefox\\Proxy</Key>
1421 <ValueName>Locked</ValueName>
1424 <Entry type="1" type_name="REG_SZ">
1425 <Key>Software\\Policies\\Mozilla\\Firefox\\Proxy</Key>
1426 <ValueName>Mode</ValueName>
1427 <Value>autoDetect</Value>
1429 <Entry type="1" type_name="REG_SZ">
1430 <Key>Software\\Policies\\Mozilla\\Firefox\\Proxy</Key>
1431 <ValueName>HTTPProxy</ValueName>
1432 <Value>hostname</Value>
1434 <Entry type="4" type_name="REG_DWORD">
1435 <Key>Software\\Policies\\Mozilla\\Firefox\\Proxy</Key>
1436 <ValueName>UseHTTPProxyForAllProtocols</ValueName>
1439 <Entry type="1" type_name="REG_SZ">
1440 <Key>Software\\Policies\\Mozilla\\Firefox\\Proxy</Key>
1441 <ValueName>SSLProxy</ValueName>
1442 <Value>hostname</Value>
1444 <Entry type="1" type_name="REG_SZ">
1445 <Key>Software\\Policies\\Mozilla\\Firefox\\Proxy</Key>
1446 <ValueName>FTPProxy</ValueName>
1447 <Value>hostname</Value>
1449 <Entry type="1" type_name="REG_SZ">
1450 <Key>Software\\Policies\\Mozilla\\Firefox\\Proxy</Key>
1451 <ValueName>SOCKSProxy</ValueName>
1452 <Value>hostname</Value>
1454 <Entry type="4" type_name="REG_DWORD">
1455 <Key>Software\\Policies\\Mozilla\\Firefox\\Proxy</Key>
1456 <ValueName>SOCKSVersion</ValueName>
1459 <Entry type="1" type_name="REG_SZ">
1460 <Key>Software\\Policies\\Mozilla\\Firefox\\Proxy</Key>
1461 <ValueName>Passthrough</ValueName>
1462 <Value><local></Value>
1464 <Entry type="1" type_name="REG_SZ">
1465 <Key>Software\\Policies\\Mozilla\\Firefox\\Proxy</Key>
1466 <ValueName>AutoConfigURL</ValueName>
1467 <Value>URL_TO_AUTOCONFIG</Value>
1469 <Entry type="4" type_name="REG_DWORD">
1470 <Key>Software\\Policies\\Mozilla\\Firefox\\Proxy</Key>
1471 <ValueName>AutoLogin</ValueName>
1474 <Entry type="4" type_name="REG_DWORD">
1475 <Key>Software\\Policies\\Mozilla\\Firefox\\Proxy</Key>
1476 <ValueName>UseProxyForDNS</ValueName>
1479 <Entry type="4" type_name="REG_DWORD">
1480 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
1481 <ValueName>SanitizeOnShutdown</ValueName>
1484 <Entry type="1" type_name="REG_SZ">
1485 <Key>Software\\Policies\\Mozilla\\Firefox\\SearchEngines</Key>
1486 <ValueName>Default</ValueName>
1487 <Value>Google</Value>
1489 <Entry type="4" type_name="REG_DWORD">
1490 <Key>Software\\Policies\\Mozilla\\Firefox\\SearchEngines</Key>
1491 <ValueName>PreventInstalls</ValueName>
1494 <Entry type="1" type_name="REG_SZ">
1495 <Key>Software\\Policies\\Mozilla\\Firefox\\SearchEngines\\Add\\1</Key>
1496 <ValueName>Name</ValueName>
1497 <Value>Example1</Value>
1499 <Entry type="1" type_name="REG_SZ">
1500 <Key>Software\\Policies\\Mozilla\\Firefox\\SearchEngines\\Add\\1</Key>
1501 <ValueName>URLTemplate</ValueName>
1502 <Value>https://www.example.org/q={searchTerms}</Value>
1504 <Entry type="1" type_name="REG_SZ">
1505 <Key>Software\\Policies\\Mozilla\\Firefox\\SearchEngines\\Add\\1</Key>
1506 <ValueName>Method</ValueName>
1509 <Entry type="1" type_name="REG_SZ">
1510 <Key>Software\\Policies\\Mozilla\\Firefox\\SearchEngines\\Add\\1</Key>
1511 <ValueName>IconURL</ValueName>
1512 <Value>https://www.example.org/favicon.ico</Value>
1514 <Entry type="1" type_name="REG_SZ">
1515 <Key>Software\\Policies\\Mozilla\\Firefox\\SearchEngines\\Add\\1</Key>
1516 <ValueName>Alias</ValueName>
1517 <Value>example</Value>
1519 <Entry type="1" type_name="REG_SZ">
1520 <Key>Software\\Policies\\Mozilla\\Firefox\\SearchEngines\\Add\\1</Key>
1521 <ValueName>Description</ValueName>
1522 <Value>Description</Value>
1524 <Entry type="1" type_name="REG_SZ">
1525 <Key>Software\\Policies\\Mozilla\\Firefox\\SearchEngines\\Add\\1</Key>
1526 <ValueName>SuggestURLTemplate</ValueName>
1527 <Value>https://www.example.org/suggestions/q={searchTerms}</Value>
1529 <Entry type="1" type_name="REG_SZ">
1530 <Key>Software\\Policies\\Mozilla\\Firefox\\SearchEngines\\Add\\1</Key>
1531 <ValueName>PostData</ValueName>
1532 <Value>name=value&q={searchTerms}</Value>
1534 <Entry type="1" type_name="REG_SZ">
1535 <Key>Software\\Policies\\Mozilla\\Firefox\\SearchEngines\\Remove</Key>
1536 <ValueName>**delvals.</ValueName>
1539 <Entry type="1" type_name="REG_SZ">
1540 <Key>Software\\Policies\\Mozilla\\Firefox\\SearchEngines\\Remove</Key>
1541 <ValueName>1</ValueName>
1544 <Entry type="1" type_name="REG_SZ">
1545 <Key>Software\\Policies\\Mozilla\\Firefox\\SupportMenu</Key>
1546 <ValueName>Title</ValueName>
1547 <Value>Support Menu</Value>
1549 <Entry type="1" type_name="REG_SZ">
1550 <Key>Software\\Policies\\Mozilla\\Firefox\\SupportMenu</Key>
1551 <ValueName>URL</ValueName>
1552 <Value>http://example.com/support</Value>
1554 <Entry type="1" type_name="REG_SZ">
1555 <Key>Software\\Policies\\Mozilla\\Firefox\\SupportMenu</Key>
1556 <ValueName>AccessKey</ValueName>
1559 <Entry type="4" type_name="REG_DWORD">
1560 <Key>Software\\Policies\\Mozilla\\Firefox\\UserMessaging</Key>
1561 <ValueName>ExtensionRecommendations</ValueName>
1564 <Entry type="4" type_name="REG_DWORD">
1565 <Key>Software\\Policies\\Mozilla\\Firefox\\UserMessaging</Key>
1566 <ValueName>FeatureRecommendations</ValueName>
1569 <Entry type="4" type_name="REG_DWORD">
1570 <Key>Software\\Policies\\Mozilla\\Firefox\\UserMessaging</Key>
1571 <ValueName>WhatsNew</ValueName>
1574 <Entry type="4" type_name="REG_DWORD">
1575 <Key>Software\\Policies\\Mozilla\\Firefox\\UserMessaging</Key>
1576 <ValueName>UrlbarInterventions</ValueName>
1579 <Entry type="4" type_name="REG_DWORD">
1580 <Key>Software\\Policies\\Mozilla\\Firefox\\UserMessaging</Key>
1581 <ValueName>SkipOnboarding</ValueName>
1584 <Entry type="1" type_name="REG_SZ">
1585 <Key>Software\\Policies\\Mozilla\\Firefox\\WebsiteFilter\\Block</Key>
1586 <ValueName>**delvals.</ValueName>
1589 <Entry type="1" type_name="REG_SZ">
1590 <Key>Software\\Policies\\Mozilla\\Firefox\\WebsiteFilter\\Block</Key>
1591 <ValueName>1</ValueName>
1592 <Value><all_urls></Value>
1594 <Entry type="1" type_name="REG_SZ">
1595 <Key>Software\\Policies\\Mozilla\\Firefox\\WebsiteFilter\\Exceptions</Key>
1596 <ValueName>**delvals.</ValueName>
1599 <Entry type="1" type_name="REG_SZ">
1600 <Key>Software\\Policies\\Mozilla\\Firefox\\WebsiteFilter\\Exceptions</Key>
1601 <ValueName>1</ValueName>
1602 <Value>http://example.org/*</Value>
1604 <Entry type="1" type_name="REG_SZ">
1605 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
1606 <ValueName>AllowedDomainsForApps</ValueName>
1607 <Value>managedfirefox.com,example.com</Value>
1609 <Entry type="4" type_name="REG_DWORD">
1610 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
1611 <ValueName>BackgroundAppUpdate</ValueName>
1614 <Entry type="4" type_name="REG_DWORD">
1615 <Key>Software\\Policies\\Mozilla\\Firefox\\Certificates</Key>
1616 <ValueName>ImportEnterpriseRoots</ValueName>
1619 <Entry type="1" type_name="REG_SZ">
1620 <Key>Software\\Policies\\Mozilla\\Firefox\\Certificates\\Install</Key>
1621 <ValueName>**delvals.</ValueName>
1624 <Entry type="1" type_name="REG_SZ">
1625 <Key>Software\\Policies\\Mozilla\\Firefox\\Certificates\\Install</Key>
1626 <ValueName>1</ValueName>
1627 <Value>cert1.der</Value>
1629 <Entry type="1" type_name="REG_SZ">
1630 <Key>Software\\Policies\\Mozilla\\Firefox\\Certificates\\Install</Key>
1631 <ValueName>2</ValueName>
1632 <Value>/home/username/cert2.pem</Value>
1634 <Entry type="1" type_name="REG_SZ">
1635 <Key>Software\\Policies\\Mozilla\\Firefox\\SecurityDevices</Key>
1636 <ValueName>NAME_OF_DEVICE</ValueName>
1637 <Value>PATH_TO_LIBRARY_FOR_DEVICE</Value>
1639 <Entry type="4" type_name="REG_DWORD">
1640 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
1641 <ValueName>ShowHomeButton</ValueName>
1644 <Entry type="7" type_name="REG_MULTI_SZ">
1645 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
1646 <ValueName>AutoLaunchProtocolsFromOrigins</ValueName>
1647 <Value>[{"protocol": "zoommtg", "allowed_origins": ["https://somesite.zoom.us"]}]</Value>
1652 firefox_json_expected
= \
1656 "AppAutoUpdate": true,
1657 "AllowedDomainsForApps": "managedfirefox.com,example.com",
1658 "AppUpdateURL": "https://yoursite.com",
1662 "https://myotherdomain.com"
1666 "https://myotherdomain.com"
1670 "https://myotherdomain.com"
1681 "PrivateBrowsing": true
1683 "AutoLaunchProtocolsFromOrigins": [
1685 "protocol": "zoommtg",
1686 "allowed_origins": [
1687 "https://somesite.zoom.us"
1691 "BackgroundAppUpdate": true,
1692 "BlockAboutAddons": true,
1693 "BlockAboutConfig": true,
1694 "BlockAboutProfiles": true,
1695 "BlockAboutSupport": true,
1699 "URL": "https://example.com",
1700 "Favicon": "https://example.com/favicon.ico",
1701 "Placement": "menu",
1702 "Folder": "FolderName"
1706 "URL": "www.samba.org",
1708 "Placement": "toolbar",
1712 "CaptivePortal": true,
1714 "ImportEnterpriseRoots": true,
1717 "/home/username/cert2.pem"
1722 "http://example.org/"
1725 "http://example.edu/"
1728 "http://example.edu/"
1731 "AcceptThirdParty": "never",
1732 "ExpireAtSessionEnd": true,
1733 "RejectTracker": true,
1736 "DisableSetDesktopBackground": true,
1737 "DisableMasterPasswordCreation": true,
1738 "DisableAppUpdate": true,
1739 "DisableBuiltinPDFViewer": true,
1740 "DisabledCiphers": {
1741 "TLS_DHE_RSA_WITH_AES_128_CBC_SHA": true,
1742 "TLS_DHE_RSA_WITH_AES_256_CBC_SHA": true,
1743 "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA": true,
1744 "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA": true,
1745 "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256": true,
1746 "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256": true,
1747 "TLS_RSA_WITH_AES_128_CBC_SHA": true,
1748 "TLS_RSA_WITH_AES_256_CBC_SHA": true,
1749 "TLS_RSA_WITH_3DES_EDE_CBC_SHA": true,
1750 "TLS_RSA_WITH_AES_128_GCM_SHA256": true,
1751 "TLS_RSA_WITH_AES_256_GCM_SHA384": true
1753 "DisableDefaultBrowserAgent": true,
1754 "DisableDeveloperTools": true,
1755 "DisableFeedbackCommands": true,
1756 "DisableFirefoxScreenshots": true,
1757 "DisableFirefoxAccounts": true,
1758 "DisableFirefoxStudies": true,
1759 "DisableForgetButton": true,
1760 "DisableFormHistory": true,
1761 "DisablePasswordReveal": true,
1762 "DisablePocket": true,
1763 "DisablePrivateBrowsing": true,
1764 "DisableProfileImport": true,
1765 "DisableProfileRefresh": true,
1766 "DisableSafeMode": true,
1767 "DisableSecurityBypass": {
1768 "InvalidCertificate": true,
1769 "SafeBrowsing": true
1771 "DisableSystemAddonUpdate": true,
1772 "DisableTelemetry": true,
1773 "DisplayBookmarksToolbar": true,
1774 "DisplayMenuBar": "default-on",
1777 "ProviderURL": "URL_TO_ALTERNATE_PROVIDER",
1779 "ExcludedDomains": [
1783 "DontCheckDefaultBrowser": true,
1784 "EnableTrackingProtection": {
1787 "Cryptomining": true,
1788 "Fingerprinting": true,
1790 "https://example.com"
1793 "EncryptedMediaExtensions": {
1799 "https://addons.mozilla.org/firefox/downloads/somefile.xpi",
1803 "bad_addon_id@mozilla.org"
1806 "addon_id@mozilla.org"
1809 "ExtensionSettings": {
1811 "blocked_install_message": "Custom error message.",
1812 "install_sources": [
1814 "https://addons.mozilla.org/"
1816 "installation_mode": "blocked",
1821 "uBlock0@raymondhill.net": {
1822 "installation_mode": "force_installed",
1823 "install_url": "https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi"
1825 "https-everywhere@eff.org": {
1826 "installation_mode": "allowed"
1829 "ExtensionUpdate": true,
1832 "http://example.org/"
1835 "http://example.edu/"
1842 "application/msword": {
1843 "action": "useSystemDefault",
1849 "action": "useHelperApp",
1854 "uriTemplate": "https://mail.google.com/mail/?extsrc=mailto&url=%s"
1861 "action": "useHelperApp",
1865 "name": "Adobe Acrobat",
1866 "path": "/usr/bin/acroread"
1880 "HardwareAcceleration": true,
1882 "URL": "http://example.com/",
1885 "http://example.org/",
1886 "http://example.edu/"
1888 "StartPage": "homepage"
1890 "InstallAddonsPermission": {
1892 "http://example.org/",
1893 "http://example.edu/"
1898 "http://example.org/",
1899 "http://example.edu/"
1901 "ManagedBookmarks": [
1903 "toplevel_name": "My managed bookmarks folder"
1906 "url": "example.com",
1910 "name": "Mozilla links",
1913 "url": "https://mozilla.org",
1914 "name": "Mozilla.org"
1917 "url": "https://support.mozilla.org/",
1923 "PrimaryPassword": true,
1924 "NoDefaultBookmarks": true,
1925 "OfferToSaveLogins": true,
1926 "OfferToSaveLoginsDefault": true,
1927 "OverrideFirstRunPage": "http://example.org",
1928 "OverridePostUpdatePage": "http://example.org",
1929 "PasswordManagerEnabled": true,
1932 "EnablePermissions": true
1937 "https://example.org",
1938 "https://example.org:1234"
1941 "https://example.edu"
1943 "BlockNewRequests": true,
1948 "https://example.org"
1951 "https://example.edu"
1953 "BlockNewRequests": true,
1958 "https://example.org"
1961 "https://example.edu"
1963 "BlockNewRequests": true,
1968 "https://example.org"
1971 "https://example.edu"
1973 "BlockNewRequests": true,
1978 "https://example.org"
1981 "https://example.edu"
1983 "Default": "block-audio",
1988 "https://example.org"
1991 "https://example.edu"
1993 "BlockNewRequests": true,
1997 "PictureInPicture": {
2003 "http://example.org/",
2004 "http://example.edu/"
2010 "accessibility.force_disabled": {
2014 "browser.cache.disk.parent_directory": {
2015 "Value": "SOME_NATIVE_PATH",
2018 "browser.tabs.warnOnClose": {
2023 "PromptForDownloadLocation": true,
2025 "Mode": "autoDetect",
2027 "HTTPProxy": "hostname",
2028 "UseHTTPProxyForAllProtocols": true,
2029 "SSLProxy": "hostname",
2030 "FTPProxy": "hostname",
2031 "SOCKSProxy": "hostname",
2033 "Passthrough": "<local>",
2034 "AutoConfigURL": "URL_TO_AUTOCONFIG",
2036 "UseProxyForDNS": true
2038 "SanitizeOnShutdown": true,
2043 "URLTemplate": "https://www.example.org/q={searchTerms}",
2045 "IconURL": "https://www.example.org/favicon.ico",
2047 "Description": "Description",
2048 "PostData": "name=value&q={searchTerms}",
2049 "SuggestURLTemplate": "https://www.example.org/suggestions/q={searchTerms}"
2055 "Default": "Google",
2056 "PreventInstalls": true
2058 "SearchSuggestEnabled": true,
2059 "SecurityDevices": {
2060 "NAME_OF_DEVICE": "PATH_TO_LIBRARY_FOR_DEVICE"
2062 "ShowHomeButton": true,
2063 "SSLVersionMax": "tls1.3",
2064 "SSLVersionMin": "tls1.3",
2066 "Title": "Support Menu",
2067 "URL": "http://example.com/support",
2072 "ExtensionRecommendations": true,
2073 "FeatureRecommendations": true,
2074 "UrlbarInterventions": true,
2075 "SkipOnboarding": true
2082 "http://example.org/*"
2085 "DefaultDownloadDirectory": "${home}/Downloads",
2086 "DownloadDirectory": "${home}/Downloads",
2087 "NetworkPrediction": true,
2089 "RequestedLocales": ["de", "en-US"],
2090 "SearchBar": "unified"
2095 chromium_reg_pol
= \
2097 <?xml version="1.0" encoding="utf-8"?>
2098 <PolFile num_entries="418" signature="PReg" version="1">
2099 <Entry type="4" type_name="REG_DWORD">
2100 <Key>Software\Policies\Google\Chrome</Key>
2101 <ValueName>AbusiveExperienceInterventionEnforce</ValueName>
2104 <Entry type="4" type_name="REG_DWORD">
2105 <Key>Software\Policies\Google\Chrome</Key>
2106 <ValueName>AccessibilityImageLabelsEnabled</ValueName>
2109 <Entry type="4" type_name="REG_DWORD">
2110 <Key>Software\Policies\Google\Chrome</Key>
2111 <ValueName>AdditionalDnsQueryTypesEnabled</ValueName>
2114 <Entry type="4" type_name="REG_DWORD">
2115 <Key>Software\Policies\Google\Chrome</Key>
2116 <ValueName>AdsSettingForIntrusiveAdsSites</ValueName>
2119 <Entry type="4" type_name="REG_DWORD">
2120 <Key>Software\Policies\Google\Chrome</Key>
2121 <ValueName>AdvancedProtectionAllowed</ValueName>
2124 <Entry type="4" type_name="REG_DWORD">
2125 <Key>Software\Policies\Google\Chrome</Key>
2126 <ValueName>AllowCrossOriginAuthPrompt</ValueName>
2129 <Entry type="4" type_name="REG_DWORD">
2130 <Key>Software\Policies\Google\Chrome</Key>
2131 <ValueName>AllowDeletingBrowserHistory</ValueName>
2134 <Entry type="4" type_name="REG_DWORD">
2135 <Key>Software\Policies\Google\Chrome</Key>
2136 <ValueName>AllowDinosaurEasterEgg</ValueName>
2139 <Entry type="4" type_name="REG_DWORD">
2140 <Key>Software\Policies\Google\Chrome</Key>
2141 <ValueName>AllowFileSelectionDialogs</ValueName>
2144 <Entry type="4" type_name="REG_DWORD">
2145 <Key>Software\Policies\Google\Chrome</Key>
2146 <ValueName>AllowSyncXHRInPageDismissal</ValueName>
2149 <Entry type="1" type_name="REG_SZ">
2150 <Key>Software\Policies\Google\Chrome</Key>
2151 <ValueName>AllowedDomainsForApps</ValueName>
2152 <Value>managedchrome.com,example.com</Value>
2154 <Entry type="4" type_name="REG_DWORD">
2155 <Key>Software\Policies\Google\Chrome</Key>
2156 <ValueName>AlternateErrorPagesEnabled</ValueName>
2159 <Entry type="1" type_name="REG_SZ">
2160 <Key>Software\Policies\Google\Chrome</Key>
2161 <ValueName>AlternativeBrowserPath</ValueName>
2162 <Value>${ie}</Value>
2164 <Entry type="4" type_name="REG_DWORD">
2165 <Key>Software\Policies\Google\Chrome</Key>
2166 <ValueName>AlwaysOpenPdfExternally</ValueName>
2169 <Entry type="4" type_name="REG_DWORD">
2170 <Key>Software\Policies\Google\Chrome</Key>
2171 <ValueName>AmbientAuthenticationInPrivateModesEnabled</ValueName>
2174 <Entry type="4" type_name="REG_DWORD">
2175 <Key>Software\Policies\Google\Chrome</Key>
2176 <ValueName>AppCacheForceEnabled</ValueName>
2179 <Entry type="1" type_name="REG_SZ">
2180 <Key>Software\Policies\Google\Chrome</Key>
2181 <ValueName>ApplicationLocaleValue</ValueName>
2184 <Entry type="4" type_name="REG_DWORD">
2185 <Key>Software\Policies\Google\Chrome</Key>
2186 <ValueName>AudioCaptureAllowed</ValueName>
2189 <Entry type="4" type_name="REG_DWORD">
2190 <Key>Software\Policies\Google\Chrome</Key>
2191 <ValueName>AudioProcessHighPriorityEnabled</ValueName>
2194 <Entry type="4" type_name="REG_DWORD">
2195 <Key>Software\Policies\Google\Chrome</Key>
2196 <ValueName>AudioSandboxEnabled</ValueName>
2199 <Entry type="1" type_name="REG_SZ">
2200 <Key>Software\Policies\Google\Chrome</Key>
2201 <ValueName>AuthNegotiateDelegateAllowlist</ValueName>
2202 <Value>foobar.example.com</Value>
2204 <Entry type="1" type_name="REG_SZ">
2205 <Key>Software\Policies\Google\Chrome</Key>
2206 <ValueName>AuthSchemes</ValueName>
2207 <Value>basic,digest,ntlm,negotiate</Value>
2209 <Entry type="1" type_name="REG_SZ">
2210 <Key>Software\Policies\Google\Chrome</Key>
2211 <ValueName>AuthServerAllowlist</ValueName>
2212 <Value>*.example.com,example.com</Value>
2214 <Entry type="1" type_name="REG_SZ">
2215 <Key>Software\Policies\Google\Chrome</Key>
2216 <ValueName>AutoLaunchProtocolsFromOrigins</ValueName>
2217 <Value>[{"allowed_origins": ["example.com", "http://www.example.com:8080"], "protocol": "spotify"}, {"allowed_origins": ["https://example.com", "https://.mail.example.com"], "protocol": "teams"}, {"allowed_origins": ["*"], "protocol": "outlook"}]</Value>
2219 <Entry type="4" type_name="REG_DWORD">
2220 <Key>Software\Policies\Google\Chrome</Key>
2221 <ValueName>AutofillAddressEnabled</ValueName>
2224 <Entry type="4" type_name="REG_DWORD">
2225 <Key>Software\Policies\Google\Chrome</Key>
2226 <ValueName>AutofillCreditCardEnabled</ValueName>
2229 <Entry type="4" type_name="REG_DWORD">
2230 <Key>Software\Policies\Google\Chrome</Key>
2231 <ValueName>AutoplayAllowed</ValueName>
2234 <Entry type="4" type_name="REG_DWORD">
2235 <Key>Software\Policies\Google\Chrome</Key>
2236 <ValueName>BackgroundModeEnabled</ValueName>
2239 <Entry type="4" type_name="REG_DWORD">
2240 <Key>Software\Policies\Google\Chrome</Key>
2241 <ValueName>BasicAuthOverHttpEnabled</ValueName>
2244 <Entry type="4" type_name="REG_DWORD">
2245 <Key>Software\Policies\Google\Chrome</Key>
2246 <ValueName>BlockExternalExtensions</ValueName>
2249 <Entry type="4" type_name="REG_DWORD">
2250 <Key>Software\Policies\Google\Chrome</Key>
2251 <ValueName>BlockThirdPartyCookies</ValueName>
2254 <Entry type="4" type_name="REG_DWORD">
2255 <Key>Software\Policies\Google\Chrome</Key>
2256 <ValueName>BookmarkBarEnabled</ValueName>
2259 <Entry type="4" type_name="REG_DWORD">
2260 <Key>Software\Policies\Google\Chrome</Key>
2261 <ValueName>BrowserAddPersonEnabled</ValueName>
2264 <Entry type="4" type_name="REG_DWORD">
2265 <Key>Software\Policies\Google\Chrome</Key>
2266 <ValueName>BrowserGuestModeEnabled</ValueName>
2269 <Entry type="4" type_name="REG_DWORD">
2270 <Key>Software\Policies\Google\Chrome</Key>
2271 <ValueName>BrowserGuestModeEnforced</ValueName>
2274 <Entry type="4" type_name="REG_DWORD">
2275 <Key>Software\Policies\Google\Chrome</Key>
2276 <ValueName>BrowserLabsEnabled</ValueName>
2279 <Entry type="4" type_name="REG_DWORD">
2280 <Key>Software\Policies\Google\Chrome</Key>
2281 <ValueName>BrowserNetworkTimeQueriesEnabled</ValueName>
2284 <Entry type="4" type_name="REG_DWORD">
2285 <Key>Software\Policies\Google\Chrome</Key>
2286 <ValueName>BrowserSignin</ValueName>
2289 <Entry type="1" type_name="REG_SZ">
2290 <Key>Software\Policies\Google\Chrome</Key>
2291 <ValueName>BrowserSwitcherChromePath</ValueName>
2292 <Value>${chrome}</Value>
2294 <Entry type="4" type_name="REG_DWORD">
2295 <Key>Software\Policies\Google\Chrome</Key>
2296 <ValueName>BrowserSwitcherDelay</ValueName>
2297 <Value>10000</Value>
2299 <Entry type="4" type_name="REG_DWORD">
2300 <Key>Software\Policies\Google\Chrome</Key>
2301 <ValueName>BrowserSwitcherEnabled</ValueName>
2304 <Entry type="1" type_name="REG_SZ">
2305 <Key>Software\Policies\Google\Chrome</Key>
2306 <ValueName>BrowserSwitcherExternalGreylistUrl</ValueName>
2307 <Value>http://example.com/greylist.xml</Value>
2309 <Entry type="1" type_name="REG_SZ">
2310 <Key>Software\Policies\Google\Chrome</Key>
2311 <ValueName>BrowserSwitcherExternalSitelistUrl</ValueName>
2312 <Value>http://example.com/sitelist.xml</Value>
2314 <Entry type="4" type_name="REG_DWORD">
2315 <Key>Software\Policies\Google\Chrome</Key>
2316 <ValueName>BrowserSwitcherKeepLastChromeTab</ValueName>
2319 <Entry type="4" type_name="REG_DWORD">
2320 <Key>Software\Policies\Google\Chrome</Key>
2321 <ValueName>BrowserSwitcherUseIeSitelist</ValueName>
2324 <Entry type="1" type_name="REG_SZ">
2325 <Key>Software\Policies\Google\Chrome</Key>
2326 <ValueName>BrowserThemeColor</ValueName>
2327 <Value>#FFFFFF</Value>
2329 <Entry type="1" type_name="REG_SZ">
2330 <Key>Software\Policies\Google\Chrome</Key>
2331 <ValueName>BrowsingDataLifetime</ValueName>
2332 <Value>[{"data_types": ["browsing_history"], "time_to_live_in_hours": 24}, {"data_types": ["password_signin", "autofill"], "time_to_live_in_hours": 12}]</Value>
2334 <Entry type="4" type_name="REG_DWORD">
2335 <Key>Software\Policies\Google\Chrome</Key>
2336 <ValueName>BuiltInDnsClientEnabled</ValueName>
2339 <Entry type="4" type_name="REG_DWORD">
2340 <Key>Software\Policies\Google\Chrome</Key>
2341 <ValueName>CECPQ2Enabled</ValueName>
2344 <Entry type="4" type_name="REG_DWORD">
2345 <Key>Software\Policies\Google\Chrome</Key>
2346 <ValueName>ChromeCleanupEnabled</ValueName>
2349 <Entry type="4" type_name="REG_DWORD">
2350 <Key>Software\Policies\Google\Chrome</Key>
2351 <ValueName>ChromeCleanupReportingEnabled</ValueName>
2354 <Entry type="4" type_name="REG_DWORD">
2355 <Key>Software\Policies\Google\Chrome</Key>
2356 <ValueName>ChromeVariations</ValueName>
2359 <Entry type="4" type_name="REG_DWORD">
2360 <Key>Software\Policies\Google\Chrome</Key>
2361 <ValueName>ClickToCallEnabled</ValueName>
2364 <Entry type="4" type_name="REG_DWORD">
2365 <Key>Software\Policies\Google\Chrome</Key>
2366 <ValueName>CloudManagementEnrollmentMandatory</ValueName>
2369 <Entry type="1" type_name="REG_SZ">
2370 <Key>Software\Policies\Google\Chrome</Key>
2371 <ValueName>CloudManagementEnrollmentToken</ValueName>
2372 <Value>37185d02-e055-11e7-80c1-9a214cf093ae</Value>
2374 <Entry type="4" type_name="REG_DWORD">
2375 <Key>Software\Policies\Google\Chrome</Key>
2376 <ValueName>CloudPolicyOverridesPlatformPolicy</ValueName>
2379 <Entry type="4" type_name="REG_DWORD">
2380 <Key>Software\Policies\Google\Chrome</Key>
2381 <ValueName>CloudPrintProxyEnabled</ValueName>
2384 <Entry type="4" type_name="REG_DWORD">
2385 <Key>Software\Policies\Google\Chrome</Key>
2386 <ValueName>CloudPrintSubmitEnabled</ValueName>
2389 <Entry type="4" type_name="REG_DWORD">
2390 <Key>Software\Policies\Google\Chrome</Key>
2391 <ValueName>CloudUserPolicyMerge</ValueName>
2394 <Entry type="4" type_name="REG_DWORD">
2395 <Key>Software\Policies\Google\Chrome</Key>
2396 <ValueName>CommandLineFlagSecurityWarningsEnabled</ValueName>
2399 <Entry type="4" type_name="REG_DWORD">
2400 <Key>Software\Policies\Google\Chrome</Key>
2401 <ValueName>ComponentUpdatesEnabled</ValueName>
2404 <Entry type="4" type_name="REG_DWORD">
2405 <Key>Software\Policies\Google\Chrome</Key>
2406 <ValueName>DNSInterceptionChecksEnabled</ValueName>
2409 <Entry type="4" type_name="REG_DWORD">
2410 <Key>Software\Policies\Google\Chrome</Key>
2411 <ValueName>DefaultBrowserSettingEnabled</ValueName>
2414 <Entry type="4" type_name="REG_DWORD">
2415 <Key>Software\Policies\Google\Chrome</Key>
2416 <ValueName>DefaultCookiesSetting</ValueName>
2419 <Entry type="4" type_name="REG_DWORD">
2420 <Key>Software\Policies\Google\Chrome</Key>
2421 <ValueName>DefaultFileHandlingGuardSetting</ValueName>
2424 <Entry type="4" type_name="REG_DWORD">
2425 <Key>Software\Policies\Google\Chrome</Key>
2426 <ValueName>DefaultFileSystemReadGuardSetting</ValueName>
2429 <Entry type="4" type_name="REG_DWORD">
2430 <Key>Software\Policies\Google\Chrome</Key>
2431 <ValueName>DefaultFileSystemWriteGuardSetting</ValueName>
2434 <Entry type="4" type_name="REG_DWORD">
2435 <Key>Software\Policies\Google\Chrome</Key>
2436 <ValueName>DefaultGeolocationSetting</ValueName>
2439 <Entry type="4" type_name="REG_DWORD">
2440 <Key>Software\Policies\Google\Chrome</Key>
2441 <ValueName>DefaultImagesSetting</ValueName>
2444 <Entry type="4" type_name="REG_DWORD">
2445 <Key>Software\Policies\Google\Chrome</Key>
2446 <ValueName>DefaultInsecureContentSetting</ValueName>
2449 <Entry type="4" type_name="REG_DWORD">
2450 <Key>Software\Policies\Google\Chrome</Key>
2451 <ValueName>DefaultJavaScriptSetting</ValueName>
2454 <Entry type="4" type_name="REG_DWORD">
2455 <Key>Software\Policies\Google\Chrome</Key>
2456 <ValueName>DefaultNotificationsSetting</ValueName>
2459 <Entry type="4" type_name="REG_DWORD">
2460 <Key>Software\Policies\Google\Chrome</Key>
2461 <ValueName>DefaultPopupsSetting</ValueName>
2464 <Entry type="1" type_name="REG_SZ">
2465 <Key>Software\Policies\Google\Chrome</Key>
2466 <ValueName>DefaultPrinterSelection</ValueName>
2467 <Value>{ "kind": "cloud", "idPattern": ".*public", "namePattern": ".*Color" }</Value>
2469 <Entry type="4" type_name="REG_DWORD">
2470 <Key>Software\Policies\Google\Chrome</Key>
2471 <ValueName>DefaultSearchProviderContextMenuAccessAllowed</ValueName>
2474 <Entry type="4" type_name="REG_DWORD">
2475 <Key>Software\Policies\Google\Chrome</Key>
2476 <ValueName>DefaultSearchProviderEnabled</ValueName>
2479 <Entry type="1" type_name="REG_SZ">
2480 <Key>Software\Policies\Google\Chrome</Key>
2481 <ValueName>DefaultSearchProviderIconURL</ValueName>
2482 <Value>https://search.my.company/favicon.ico</Value>
2484 <Entry type="1" type_name="REG_SZ">
2485 <Key>Software\Policies\Google\Chrome</Key>
2486 <ValueName>DefaultSearchProviderImageURL</ValueName>
2487 <Value>https://search.my.company/searchbyimage/upload</Value>
2489 <Entry type="1" type_name="REG_SZ">
2490 <Key>Software\Policies\Google\Chrome</Key>
2491 <ValueName>DefaultSearchProviderImageURLPostParams</ValueName>
2492 <Value>content={imageThumbnail},url={imageURL},sbisrc={SearchSource}</Value>
2494 <Entry type="1" type_name="REG_SZ">
2495 <Key>Software\Policies\Google\Chrome</Key>
2496 <ValueName>DefaultSearchProviderKeyword</ValueName>
2499 <Entry type="1" type_name="REG_SZ">
2500 <Key>Software\Policies\Google\Chrome</Key>
2501 <ValueName>DefaultSearchProviderName</ValueName>
2502 <Value>My Intranet Search</Value>
2504 <Entry type="1" type_name="REG_SZ">
2505 <Key>Software\Policies\Google\Chrome</Key>
2506 <ValueName>DefaultSearchProviderNewTabURL</ValueName>
2507 <Value>https://search.my.company/newtab</Value>
2509 <Entry type="1" type_name="REG_SZ">
2510 <Key>Software\Policies\Google\Chrome</Key>
2511 <ValueName>DefaultSearchProviderSearchURL</ValueName>
2512 <Value>https://search.my.company/search?q={searchTerms}</Value>
2514 <Entry type="1" type_name="REG_SZ">
2515 <Key>Software\Policies\Google\Chrome</Key>
2516 <ValueName>DefaultSearchProviderSearchURLPostParams</ValueName>
2517 <Value>q={searchTerms},ie=utf-8,oe=utf-8</Value>
2519 <Entry type="1" type_name="REG_SZ">
2520 <Key>Software\Policies\Google\Chrome</Key>
2521 <ValueName>DefaultSearchProviderSuggestURL</ValueName>
2522 <Value>https://search.my.company/suggest?q={searchTerms}</Value>
2524 <Entry type="1" type_name="REG_SZ">
2525 <Key>Software\Policies\Google\Chrome</Key>
2526 <ValueName>DefaultSearchProviderSuggestURLPostParams</ValueName>
2527 <Value>q={searchTerms},ie=utf-8,oe=utf-8</Value>
2529 <Entry type="4" type_name="REG_DWORD">
2530 <Key>Software\Policies\Google\Chrome</Key>
2531 <ValueName>DefaultSensorsSetting</ValueName>
2534 <Entry type="4" type_name="REG_DWORD">
2535 <Key>Software\Policies\Google\Chrome</Key>
2536 <ValueName>DefaultSerialGuardSetting</ValueName>
2539 <Entry type="4" type_name="REG_DWORD">
2540 <Key>Software\Policies\Google\Chrome</Key>
2541 <ValueName>DefaultWebBluetoothGuardSetting</ValueName>
2544 <Entry type="4" type_name="REG_DWORD">
2545 <Key>Software\Policies\Google\Chrome</Key>
2546 <ValueName>DefaultWebUsbGuardSetting</ValueName>
2549 <Entry type="4" type_name="REG_DWORD">
2550 <Key>Software\Policies\Google\Chrome</Key>
2551 <ValueName>DeveloperToolsAvailability</ValueName>
2554 <Entry type="4" type_name="REG_DWORD">
2555 <Key>Software\Policies\Google\Chrome</Key>
2556 <ValueName>Disable3DAPIs</ValueName>
2559 <Entry type="4" type_name="REG_DWORD">
2560 <Key>Software\Policies\Google\Chrome</Key>
2561 <ValueName>DisableAuthNegotiateCnameLookup</ValueName>
2564 <Entry type="4" type_name="REG_DWORD">
2565 <Key>Software\Policies\Google\Chrome</Key>
2566 <ValueName>DisablePrintPreview</ValueName>
2569 <Entry type="4" type_name="REG_DWORD">
2570 <Key>Software\Policies\Google\Chrome</Key>
2571 <ValueName>DisableSafeBrowsingProceedAnyway</ValueName>
2574 <Entry type="4" type_name="REG_DWORD">
2575 <Key>Software\Policies\Google\Chrome</Key>
2576 <ValueName>DisableScreenshots</ValueName>
2579 <Entry type="1" type_name="REG_SZ">
2580 <Key>Software\Policies\Google\Chrome</Key>
2581 <ValueName>DiskCacheDir</ValueName>
2582 <Value>${user_home}/Chrome_cache</Value>
2584 <Entry type="4" type_name="REG_DWORD">
2585 <Key>Software\Policies\Google\Chrome</Key>
2586 <ValueName>DiskCacheSize</ValueName>
2587 <Value>104857600</Value>
2589 <Entry type="1" type_name="REG_SZ">
2590 <Key>Software\Policies\Google\Chrome</Key>
2591 <ValueName>DnsOverHttpsMode</ValueName>
2594 <Entry type="1" type_name="REG_SZ">
2595 <Key>Software\Policies\Google\Chrome</Key>
2596 <ValueName>DnsOverHttpsTemplates</ValueName>
2597 <Value>https://dns.example.net/dns-query{?dns}</Value>
2599 <Entry type="1" type_name="REG_SZ">
2600 <Key>Software\Policies\Google\Chrome</Key>
2601 <ValueName>DownloadDirectory</ValueName>
2602 <Value>/home/${user_name}/Downloads</Value>
2604 <Entry type="4" type_name="REG_DWORD">
2605 <Key>Software\Policies\Google\Chrome</Key>
2606 <ValueName>DownloadRestrictions</ValueName>
2609 <Entry type="4" type_name="REG_DWORD">
2610 <Key>Software\Policies\Google\Chrome</Key>
2611 <ValueName>EditBookmarksEnabled</ValueName>
2614 <Entry type="4" type_name="REG_DWORD">
2615 <Key>Software\Policies\Google\Chrome</Key>
2616 <ValueName>EnableAuthNegotiatePort</ValueName>
2619 <Entry type="4" type_name="REG_DWORD">
2620 <Key>Software\Policies\Google\Chrome</Key>
2621 <ValueName>EnableDeprecatedPrivetPrinting</ValueName>
2624 <Entry type="4" type_name="REG_DWORD">
2625 <Key>Software\Policies\Google\Chrome</Key>
2626 <ValueName>EnableMediaRouter</ValueName>
2629 <Entry type="4" type_name="REG_DWORD">
2630 <Key>Software\Policies\Google\Chrome</Key>
2631 <ValueName>EnableOnlineRevocationChecks</ValueName>
2634 <Entry type="4" type_name="REG_DWORD">
2635 <Key>Software\Policies\Google\Chrome</Key>
2636 <ValueName>EnterpriseHardwarePlatformAPIEnabled</ValueName>
2639 <Entry type="1" type_name="REG_SZ">
2640 <Key>Software\Policies\Google\Chrome</Key>
2641 <ValueName>ExtensionSettings</ValueName>
2642 <Value>{"*": {"allowed_types": ["hosted_app"], "blocked_install_message": "Custom error message.", "blocked_permissions": ["downloads", "bookmarks"], "install_sources": ["https://company-intranet/chromeapps"], "installation_mode": "blocked", "runtime_allowed_hosts": ["*://good.example.com"], "runtime_blocked_hosts": ["*://*.example.com"]}, "abcdefghijklmnopabcdefghijklmnop": {"blocked_permissions": ["history"], "installation_mode": "allowed", "minimum_version_required": "1.0.1", "toolbar_pin": "force_pinned"}, "bcdefghijklmnopabcdefghijklmnopa": {"allowed_permissions": ["downloads"], "installation_mode": "force_installed", "runtime_allowed_hosts": ["*://good.example.com"], "runtime_blocked_hosts": ["*://*.example.com"], "update_url": "https://example.com/update_url"}, "cdefghijklmnopabcdefghijklmnopab": {"blocked_install_message": "Custom error message.", "installation_mode": "blocked"}, "defghijklmnopabcdefghijklmnopabc,efghijklmnopabcdefghijklmnopabcd": {"blocked_install_message": "Custom error message.", "installation_mode": "blocked"}, "fghijklmnopabcdefghijklmnopabcde": {"blocked_install_message": "Custom removal message.", "installation_mode": "removed"}, "ghijklmnopabcdefghijklmnopabcdef": {"installation_mode": "force_installed", "override_update_url": true, "update_url": "https://example.com/update_url"}, "update_url:https://www.example.com/update.xml": {"allowed_permissions": ["downloads"], "blocked_permissions": ["wallpaper"], "installation_mode": "allowed"}}</Value>
2644 <Entry type="4" type_name="REG_DWORD">
2645 <Key>Software\Policies\Google\Chrome</Key>
2646 <ValueName>ExternalProtocolDialogShowAlwaysOpenCheckbox</ValueName>
2649 <Entry type="4" type_name="REG_DWORD">
2650 <Key>Software\Policies\Google\Chrome</Key>
2651 <ValueName>FetchKeepaliveDurationSecondsOnShutdown</ValueName>
2654 <Entry type="4" type_name="REG_DWORD">
2655 <Key>Software\Policies\Google\Chrome</Key>
2656 <ValueName>ForceEphemeralProfiles</ValueName>
2659 <Entry type="4" type_name="REG_DWORD">
2660 <Key>Software\Policies\Google\Chrome</Key>
2661 <ValueName>ForceGoogleSafeSearch</ValueName>
2664 <Entry type="4" type_name="REG_DWORD">
2665 <Key>Software\Policies\Google\Chrome</Key>
2666 <ValueName>ForceYouTubeRestrict</ValueName>
2669 <Entry type="4" type_name="REG_DWORD">
2670 <Key>Software\Policies\Google\Chrome</Key>
2671 <ValueName>FullscreenAllowed</ValueName>
2674 <Entry type="4" type_name="REG_DWORD">
2675 <Key>Software\Policies\Google\Chrome</Key>
2676 <ValueName>GloballyScopeHTTPAuthCacheEnabled</ValueName>
2679 <Entry type="4" type_name="REG_DWORD">
2680 <Key>Software\Policies\Google\Chrome</Key>
2681 <ValueName>HardwareAccelerationModeEnabled</ValueName>
2684 <Entry type="4" type_name="REG_DWORD">
2685 <Key>Software\Policies\Google\Chrome</Key>
2686 <ValueName>HeadlessMode</ValueName>
2689 <Entry type="4" type_name="REG_DWORD">
2690 <Key>Software\Policies\Google\Chrome</Key>
2691 <ValueName>HideWebStoreIcon</ValueName>
2694 <Entry type="4" type_name="REG_DWORD">
2695 <Key>Software\Policies\Google\Chrome</Key>
2696 <ValueName>HomepageIsNewTabPage</ValueName>
2699 <Entry type="1" type_name="REG_SZ">
2700 <Key>Software\Policies\Google\Chrome</Key>
2701 <ValueName>HomepageLocation</ValueName>
2702 <Value>https://www.chromium.org</Value>
2704 <Entry type="4" type_name="REG_DWORD">
2705 <Key>Software\Policies\Google\Chrome</Key>
2706 <ValueName>ImportAutofillFormData</ValueName>
2709 <Entry type="4" type_name="REG_DWORD">
2710 <Key>Software\Policies\Google\Chrome</Key>
2711 <ValueName>ImportBookmarks</ValueName>
2714 <Entry type="4" type_name="REG_DWORD">
2715 <Key>Software\Policies\Google\Chrome</Key>
2716 <ValueName>ImportHistory</ValueName>
2719 <Entry type="4" type_name="REG_DWORD">
2720 <Key>Software\Policies\Google\Chrome</Key>
2721 <ValueName>ImportHomepage</ValueName>
2724 <Entry type="4" type_name="REG_DWORD">
2725 <Key>Software\Policies\Google\Chrome</Key>
2726 <ValueName>ImportSavedPasswords</ValueName>
2729 <Entry type="4" type_name="REG_DWORD">
2730 <Key>Software\Policies\Google\Chrome</Key>
2731 <ValueName>ImportSearchEngine</ValueName>
2734 <Entry type="4" type_name="REG_DWORD">
2735 <Key>Software\Policies\Google\Chrome</Key>
2736 <ValueName>IncognitoModeAvailability</ValueName>
2739 <Entry type="4" type_name="REG_DWORD">
2740 <Key>Software\Policies\Google\Chrome</Key>
2741 <ValueName>InsecureFormsWarningsEnabled</ValueName>
2744 <Entry type="4" type_name="REG_DWORD">
2745 <Key>Software\Policies\Google\Chrome</Key>
2746 <ValueName>InsecurePrivateNetworkRequestsAllowed</ValueName>
2749 <Entry type="4" type_name="REG_DWORD">
2750 <Key>Software\Policies\Google\Chrome</Key>
2751 <ValueName>IntensiveWakeUpThrottlingEnabled</ValueName>
2754 <Entry type="4" type_name="REG_DWORD">
2755 <Key>Software\Policies\Google\Chrome</Key>
2756 <ValueName>IntranetRedirectBehavior</ValueName>
2759 <Entry type="1" type_name="REG_SZ">
2760 <Key>Software\Policies\Google\Chrome</Key>
2761 <ValueName>IsolateOrigins</ValueName>
2762 <Value>https://example.com/,https://othersite.org/</Value>
2764 <Entry type="1" type_name="REG_SZ">
2765 <Key>Software\Policies\Google\Chrome</Key>
2766 <ValueName>ManagedBookmarks</ValueName>
2767 <Value>[{"toplevel_name": "My managed bookmarks folder"}, {"name": "Google", "url": "google.com"}, {"name": "Youtube", "url": "youtube.com"}, {"children": [{"name": "Chromium", "url": "chromium.org"}, {"name": "Chromium Developers", "url": "dev.chromium.org"}], "name": "Chrome links"}]</Value>
2769 <Entry type="1" type_name="REG_SZ">
2770 <Key>Software\Policies\Google\Chrome</Key>
2771 <ValueName>ManagedConfigurationPerOrigin</ValueName>
2772 <Value>[{"managed_configuration_hash": "asd891jedasd12ue9h", "managed_configuration_url": "https://gstatic.google.com/configuration.json", "origin": "https://www.google.com"}, {"managed_configuration_hash": "djio12easd89u12aws", "managed_configuration_url": "https://gstatic.google.com/configuration2.json", "origin": "https://www.example.com"}]</Value>
2774 <Entry type="4" type_name="REG_DWORD">
2775 <Key>Software\Policies\Google\Chrome</Key>
2776 <ValueName>MaxConnectionsPerProxy</ValueName>
2779 <Entry type="4" type_name="REG_DWORD">
2780 <Key>Software\Policies\Google\Chrome</Key>
2781 <ValueName>MaxInvalidationFetchDelay</ValueName>
2782 <Value>10000</Value>
2784 <Entry type="4" type_name="REG_DWORD">
2785 <Key>Software\Policies\Google\Chrome</Key>
2786 <ValueName>MediaRecommendationsEnabled</ValueName>
2789 <Entry type="4" type_name="REG_DWORD">
2790 <Key>Software\Policies\Google\Chrome</Key>
2791 <ValueName>MediaRouterCastAllowAllIPs</ValueName>
2794 <Entry type="4" type_name="REG_DWORD">
2795 <Key>Software\Policies\Google\Chrome</Key>
2796 <ValueName>MetricsReportingEnabled</ValueName>
2799 <Entry type="4" type_name="REG_DWORD">
2800 <Key>Software\Policies\Google\Chrome</Key>
2801 <ValueName>NTPCardsVisible</ValueName>
2804 <Entry type="4" type_name="REG_DWORD">
2805 <Key>Software\Policies\Google\Chrome</Key>
2806 <ValueName>NTPCustomBackgroundEnabled</ValueName>
2809 <Entry type="4" type_name="REG_DWORD">
2810 <Key>Software\Policies\Google\Chrome</Key>
2811 <ValueName>NativeMessagingUserLevelHosts</ValueName>
2814 <Entry type="4" type_name="REG_DWORD">
2815 <Key>Software\Policies\Google\Chrome</Key>
2816 <ValueName>NetworkPredictionOptions</ValueName>
2819 <Entry type="1" type_name="REG_SZ">
2820 <Key>Software\Policies\Google\Chrome</Key>
2821 <ValueName>NewTabPageLocation</ValueName>
2822 <Value>https://www.chromium.org</Value>
2824 <Entry type="4" type_name="REG_DWORD">
2825 <Key>Software\Policies\Google\Chrome</Key>
2826 <ValueName>PasswordLeakDetectionEnabled</ValueName>
2829 <Entry type="4" type_name="REG_DWORD">
2830 <Key>Software\Policies\Google\Chrome</Key>
2831 <ValueName>PasswordManagerEnabled</ValueName>
2834 <Entry type="1" type_name="REG_SZ">
2835 <Key>Software\Policies\Google\Chrome</Key>
2836 <ValueName>PasswordProtectionChangePasswordURL</ValueName>
2837 <Value>https://mydomain.com/change_password.html</Value>
2839 <Entry type="4" type_name="REG_DWORD">
2840 <Key>Software\Policies\Google\Chrome</Key>
2841 <ValueName>PasswordProtectionWarningTrigger</ValueName>
2844 <Entry type="4" type_name="REG_DWORD">
2845 <Key>Software\Policies\Google\Chrome</Key>
2846 <ValueName>PaymentMethodQueryEnabled</ValueName>
2849 <Entry type="4" type_name="REG_DWORD">
2850 <Key>Software\Policies\Google\Chrome</Key>
2851 <ValueName>PolicyAtomicGroupsEnabled</ValueName>
2854 <Entry type="4" type_name="REG_DWORD">
2855 <Key>Software\Policies\Google\Chrome</Key>
2856 <ValueName>PolicyRefreshRate</ValueName>
2857 <Value>3600000</Value>
2859 <Entry type="4" type_name="REG_DWORD">
2860 <Key>Software\Policies\Google\Chrome</Key>
2861 <ValueName>PrintHeaderFooter</ValueName>
2864 <Entry type="4" type_name="REG_DWORD">
2865 <Key>Software\Policies\Google\Chrome</Key>
2866 <ValueName>PrintPreviewUseSystemDefaultPrinter</ValueName>
2869 <Entry type="4" type_name="REG_DWORD">
2870 <Key>Software\Policies\Google\Chrome</Key>
2871 <ValueName>PrintRasterizationMode</ValueName>
2874 <Entry type="1" type_name="REG_SZ">
2875 <Key>Software\Policies\Google\Chrome</Key>
2876 <ValueName>PrintingAllowedBackgroundGraphicsModes</ValueName>
2877 <Value>enabled</Value>
2879 <Entry type="1" type_name="REG_SZ">
2880 <Key>Software\Policies\Google\Chrome</Key>
2881 <ValueName>PrintingBackgroundGraphicsDefault</ValueName>
2882 <Value>enabled</Value>
2884 <Entry type="4" type_name="REG_DWORD">
2885 <Key>Software\Policies\Google\Chrome</Key>
2886 <ValueName>PrintingEnabled</ValueName>
2889 <Entry type="1" type_name="REG_SZ">
2890 <Key>Software\Policies\Google\Chrome</Key>
2891 <ValueName>PrintingPaperSizeDefault</ValueName>
2892 <Value>{"custom_size": {"height": 297000, "width": 210000}, "name": "custom"}</Value>
2894 <Entry type="4" type_name="REG_DWORD">
2895 <Key>Software\Policies\Google\Chrome</Key>
2896 <ValueName>ProfilePickerOnStartupAvailability</ValueName>
2899 <Entry type="4" type_name="REG_DWORD">
2900 <Key>Software\Policies\Google\Chrome</Key>
2901 <ValueName>PromotionalTabsEnabled</ValueName>
2904 <Entry type="4" type_name="REG_DWORD">
2905 <Key>Software\Policies\Google\Chrome</Key>
2906 <ValueName>PromptForDownloadLocation</ValueName>
2909 <Entry type="1" type_name="REG_SZ">
2910 <Key>Software\Policies\Google\Chrome</Key>
2911 <ValueName>ProxySettings</ValueName>
2912 <Value>{"ProxyBypassList": "https://www.example1.com,https://www.example2.com,https://internalsite/", "ProxyMode": "direct", "ProxyPacUrl": "https://internal.site/example.pac", "ProxyServer": "123.123.123.123:8080", "ProxyServerMode": 2}</Value>
2914 <Entry type="4" type_name="REG_DWORD">
2915 <Key>Software\Policies\Google\Chrome</Key>
2916 <ValueName>QuicAllowed</ValueName>
2919 <Entry type="4" type_name="REG_DWORD">
2920 <Key>Software\Policies\Google\Chrome</Key>
2921 <ValueName>RelaunchNotification</ValueName>
2924 <Entry type="4" type_name="REG_DWORD">
2925 <Key>Software\Policies\Google\Chrome</Key>
2926 <ValueName>RelaunchNotificationPeriod</ValueName>
2927 <Value>604800000</Value>
2929 <Entry type="4" type_name="REG_DWORD">
2930 <Key>Software\Policies\Google\Chrome</Key>
2931 <ValueName>RemoteAccessHostAllowClientPairing</ValueName>
2934 <Entry type="4" type_name="REG_DWORD">
2935 <Key>Software\Policies\Google\Chrome</Key>
2936 <ValueName>RemoteAccessHostAllowFileTransfer</ValueName>
2939 <Entry type="4" type_name="REG_DWORD">
2940 <Key>Software\Policies\Google\Chrome</Key>
2941 <ValueName>RemoteAccessHostAllowRelayedConnection</ValueName>
2944 <Entry type="4" type_name="REG_DWORD">
2945 <Key>Software\Policies\Google\Chrome</Key>
2946 <ValueName>RemoteAccessHostAllowRemoteAccessConnections</ValueName>
2949 <Entry type="4" type_name="REG_DWORD">
2950 <Key>Software\Policies\Google\Chrome</Key>
2951 <ValueName>RemoteAccessHostAllowUiAccessForRemoteAssistance</ValueName>
2954 <Entry type="4" type_name="REG_DWORD">
2955 <Key>Software\Policies\Google\Chrome</Key>
2956 <ValueName>RemoteAccessHostFirewallTraversal</ValueName>
2959 <Entry type="4" type_name="REG_DWORD">
2960 <Key>Software\Policies\Google\Chrome</Key>
2961 <ValueName>RemoteAccessHostMaximumSessionDurationMinutes</ValueName>
2964 <Entry type="4" type_name="REG_DWORD">
2965 <Key>Software\Policies\Google\Chrome</Key>
2966 <ValueName>RemoteAccessHostRequireCurtain</ValueName>
2969 <Entry type="1" type_name="REG_SZ">
2970 <Key>Software\Policies\Google\Chrome</Key>
2971 <ValueName>RemoteAccessHostUdpPortRange</ValueName>
2972 <Value>12400-12409</Value>
2974 <Entry type="4" type_name="REG_DWORD">
2975 <Key>Software\Policies\Google\Chrome</Key>
2976 <ValueName>RendererCodeIntegrityEnabled</ValueName>
2979 <Entry type="4" type_name="REG_DWORD">
2980 <Key>Software\Policies\Google\Chrome</Key>
2981 <ValueName>RequireOnlineRevocationChecksForLocalAnchors</ValueName>
2984 <Entry type="4" type_name="REG_DWORD">
2985 <Key>Software\Policies\Google\Chrome</Key>
2986 <ValueName>RestoreOnStartup</ValueName>
2989 <Entry type="1" type_name="REG_SZ">
2990 <Key>Software\Policies\Google\Chrome</Key>
2991 <ValueName>RestrictSigninToPattern</ValueName>
2992 <Value>.*@example\\.com</Value>
2994 <Entry type="1" type_name="REG_SZ">
2995 <Key>Software\Policies\Google\Chrome</Key>
2996 <ValueName>RoamingProfileLocation</ValueName>
2997 <Value>${roaming_app_data}\\chrome-profile</Value>
2999 <Entry type="4" type_name="REG_DWORD">
3000 <Key>Software\Policies\Google\Chrome</Key>
3001 <ValueName>RoamingProfileSupportEnabled</ValueName>
3004 <Entry type="4" type_name="REG_DWORD">
3005 <Key>Software\Policies\Google\Chrome</Key>
3006 <ValueName>SSLErrorOverrideAllowed</ValueName>
3009 <Entry type="1" type_name="REG_SZ">
3010 <Key>Software\Policies\Google\Chrome</Key>
3011 <ValueName>SSLVersionMin</ValueName>
3014 <Entry type="4" type_name="REG_DWORD">
3015 <Key>Software\Policies\Google\Chrome</Key>
3016 <ValueName>SafeBrowsingExtendedReportingEnabled</ValueName>
3019 <Entry type="4" type_name="REG_DWORD">
3020 <Key>Software\Policies\Google\Chrome</Key>
3021 <ValueName>SafeBrowsingForTrustedSourcesEnabled</ValueName>
3024 <Entry type="4" type_name="REG_DWORD">
3025 <Key>Software\Policies\Google\Chrome</Key>
3026 <ValueName>SafeBrowsingProtectionLevel</ValueName>
3029 <Entry type="4" type_name="REG_DWORD">
3030 <Key>Software\Policies\Google\Chrome</Key>
3031 <ValueName>SafeSitesFilterBehavior</ValueName>
3034 <Entry type="4" type_name="REG_DWORD">
3035 <Key>Software\Policies\Google\Chrome</Key>
3036 <ValueName>SavingBrowserHistoryDisabled</ValueName>
3039 <Entry type="4" type_name="REG_DWORD">
3040 <Key>Software\Policies\Google\Chrome</Key>
3041 <ValueName>ScreenCaptureAllowed</ValueName>
3044 <Entry type="4" type_name="REG_DWORD">
3045 <Key>Software\Policies\Google\Chrome</Key>
3046 <ValueName>ScrollToTextFragmentEnabled</ValueName>
3049 <Entry type="4" type_name="REG_DWORD">
3050 <Key>Software\Policies\Google\Chrome</Key>
3051 <ValueName>SearchSuggestEnabled</ValueName>
3054 <Entry type="4" type_name="REG_DWORD">
3055 <Key>Software\Policies\Google\Chrome</Key>
3056 <ValueName>SharedArrayBufferUnrestrictedAccessAllowed</ValueName>
3059 <Entry type="4" type_name="REG_DWORD">
3060 <Key>Software\Policies\Google\Chrome</Key>
3061 <ValueName>SharedClipboardEnabled</ValueName>
3064 <Entry type="4" type_name="REG_DWORD">
3065 <Key>Software\Policies\Google\Chrome</Key>
3066 <ValueName>ShowAppsShortcutInBookmarkBar</ValueName>
3069 <Entry type="4" type_name="REG_DWORD">
3070 <Key>Software\Policies\Google\Chrome</Key>
3071 <ValueName>ShowCastIconInToolbar</ValueName>
3074 <Entry type="4" type_name="REG_DWORD">
3075 <Key>Software\Policies\Google\Chrome</Key>
3076 <ValueName>ShowFullUrlsInAddressBar</ValueName>
3079 <Entry type="4" type_name="REG_DWORD">
3080 <Key>Software\Policies\Google\Chrome</Key>
3081 <ValueName>ShowHomeButton</ValueName>
3084 <Entry type="4" type_name="REG_DWORD">
3085 <Key>Software\Policies\Google\Chrome</Key>
3086 <ValueName>SignedHTTPExchangeEnabled</ValueName>
3089 <Entry type="4" type_name="REG_DWORD">
3090 <Key>Software\Policies\Google\Chrome</Key>
3091 <ValueName>SigninInterceptionEnabled</ValueName>
3094 <Entry type="4" type_name="REG_DWORD">
3095 <Key>Software\Policies\Google\Chrome</Key>
3096 <ValueName>SitePerProcess</ValueName>
3099 <Entry type="4" type_name="REG_DWORD">
3100 <Key>Software\Policies\Google\Chrome</Key>
3101 <ValueName>SpellCheckServiceEnabled</ValueName>
3104 <Entry type="4" type_name="REG_DWORD">
3105 <Key>Software\Policies\Google\Chrome</Key>
3106 <ValueName>SpellcheckEnabled</ValueName>
3109 <Entry type="4" type_name="REG_DWORD">
3110 <Key>Software\Policies\Google\Chrome</Key>
3111 <ValueName>SuppressDifferentOriginSubframeDialogs</ValueName>
3114 <Entry type="4" type_name="REG_DWORD">
3115 <Key>Software\Policies\Google\Chrome</Key>
3116 <ValueName>SuppressUnsupportedOSWarning</ValueName>
3119 <Entry type="4" type_name="REG_DWORD">
3120 <Key>Software\Policies\Google\Chrome</Key>
3121 <ValueName>SyncDisabled</ValueName>
3124 <Entry type="4" type_name="REG_DWORD">
3125 <Key>Software\Policies\Google\Chrome</Key>
3126 <ValueName>TargetBlankImpliesNoOpener</ValueName>
3129 <Entry type="4" type_name="REG_DWORD">
3130 <Key>Software\Policies\Google\Chrome</Key>
3131 <ValueName>TaskManagerEndProcessEnabled</ValueName>
3134 <Entry type="4" type_name="REG_DWORD">
3135 <Key>Software\Policies\Google\Chrome</Key>
3136 <ValueName>ThirdPartyBlockingEnabled</ValueName>
3139 <Entry type="4" type_name="REG_DWORD">
3140 <Key>Software\Policies\Google\Chrome</Key>
3141 <ValueName>TotalMemoryLimitMb</ValueName>
3144 <Entry type="4" type_name="REG_DWORD">
3145 <Key>Software\Policies\Google\Chrome</Key>
3146 <ValueName>TranslateEnabled</ValueName>
3149 <Entry type="4" type_name="REG_DWORD">
3150 <Key>Software\Policies\Google\Chrome</Key>
3151 <ValueName>TripleDESEnabled</ValueName>
3154 <Entry type="4" type_name="REG_DWORD">
3155 <Key>Software\Policies\Google\Chrome</Key>
3156 <ValueName>UrlKeyedAnonymizedDataCollectionEnabled</ValueName>
3159 <Entry type="4" type_name="REG_DWORD">
3160 <Key>Software\Policies\Google\Chrome</Key>
3161 <ValueName>UserAgentClientHintsEnabled</ValueName>
3164 <Entry type="1" type_name="REG_SZ">
3165 <Key>Software\Policies\Google\Chrome</Key>
3166 <ValueName>UserDataDir</ValueName>
3167 <Value>${users}/${user_name}/Chrome</Value>
3169 <Entry type="4" type_name="REG_DWORD">
3170 <Key>Software\Policies\Google\Chrome</Key>
3171 <ValueName>UserDataSnapshotRetentionLimit</ValueName>
3174 <Entry type="4" type_name="REG_DWORD">
3175 <Key>Software\Policies\Google\Chrome</Key>
3176 <ValueName>UserFeedbackAllowed</ValueName>
3179 <Entry type="4" type_name="REG_DWORD">
3180 <Key>Software\Policies\Google\Chrome</Key>
3181 <ValueName>VideoCaptureAllowed</ValueName>
3184 <Entry type="4" type_name="REG_DWORD">
3185 <Key>Software\Policies\Google\Chrome</Key>
3186 <ValueName>WPADQuickCheckEnabled</ValueName>
3189 <Entry type="1" type_name="REG_SZ">
3190 <Key>Software\Policies\Google\Chrome</Key>
3191 <ValueName>WebAppInstallForceList</ValueName>
3192 <Value>[{"create_desktop_shortcut": true, "default_launch_container": "window", "url": "https://www.google.com/maps"}, {"default_launch_container": "tab", "url": "https://docs.google.com"}, {"default_launch_container": "window", "fallback_app_name": "Editor", "url": "https://docs.google.com/editor"}]</Value>
3194 <Entry type="4" type_name="REG_DWORD">
3195 <Key>Software\Policies\Google\Chrome</Key>
3196 <ValueName>WebRtcAllowLegacyTLSProtocols</ValueName>
3199 <Entry type="4" type_name="REG_DWORD">
3200 <Key>Software\Policies\Google\Chrome</Key>
3201 <ValueName>WebRtcEventLogCollectionAllowed</ValueName>
3204 <Entry type="1" type_name="REG_SZ">
3205 <Key>Software\Policies\Google\Chrome</Key>
3206 <ValueName>WebRtcIPHandling</ValueName>
3207 <Value>default</Value>
3209 <Entry type="1" type_name="REG_SZ">
3210 <Key>Software\Policies\Google\Chrome</Key>
3211 <ValueName>WebRtcUdpPortRange</ValueName>
3212 <Value>10000-11999</Value>
3214 <Entry type="1" type_name="REG_SZ">
3215 <Key>Software\Policies\Google\Chrome</Key>
3216 <ValueName>WebUsbAllowDevicesForUrls</ValueName>
3217 <Value>[{"devices": [{"product_id": 5678, "vendor_id": 1234}], "urls": ["https://google.com"]}]</Value>
3219 <Entry type="4" type_name="REG_DWORD">
3220 <Key>Software\Policies\Google\Chrome</Key>
3221 <ValueName>WindowOcclusionEnabled</ValueName>
3224 <Entry type="1" type_name="REG_SZ">
3225 <Key>Software\Policies\Google\Chrome\AlternativeBrowserParameters</Key>
3226 <ValueName>1</ValueName>
3227 <Value>-foreground</Value>
3229 <Entry type="1" type_name="REG_SZ">
3230 <Key>Software\Policies\Google\Chrome\AlternativeBrowserParameters</Key>
3231 <ValueName>2</ValueName>
3232 <Value>-new-window</Value>
3234 <Entry type="1" type_name="REG_SZ">
3235 <Key>Software\Policies\Google\Chrome\AlternativeBrowserParameters</Key>
3236 <ValueName>3</ValueName>
3237 <Value>${url}</Value>
3239 <Entry type="1" type_name="REG_SZ">
3240 <Key>Software\Policies\Google\Chrome\AlternativeBrowserParameters</Key>
3241 <ValueName>4</ValueName>
3242 <Value>-profile</Value>
3244 <Entry type="1" type_name="REG_SZ">
3245 <Key>Software\Policies\Google\Chrome\AlternativeBrowserParameters</Key>
3246 <ValueName>5</ValueName>
3247 <Value>%HOME%\\browser_profile</Value>
3249 <Entry type="1" type_name="REG_SZ">
3250 <Key>Software\Policies\Google\Chrome\AudioCaptureAllowedUrls</Key>
3251 <ValueName>1</ValueName>
3252 <Value>https://www.example.com/</Value>
3254 <Entry type="1" type_name="REG_SZ">
3255 <Key>Software\Policies\Google\Chrome\AudioCaptureAllowedUrls</Key>
3256 <ValueName>2</ValueName>
3257 <Value>https://[*.]example.edu/</Value>
3259 <Entry type="1" type_name="REG_SZ">
3260 <Key>Software\Policies\Google\Chrome\AutoOpenAllowedForURLs</Key>
3261 <ValueName>1</ValueName>
3262 <Value>example.com</Value>
3264 <Entry type="1" type_name="REG_SZ">
3265 <Key>Software\Policies\Google\Chrome\AutoOpenAllowedForURLs</Key>
3266 <ValueName>2</ValueName>
3267 <Value>https://ssl.server.com</Value>
3269 <Entry type="1" type_name="REG_SZ">
3270 <Key>Software\Policies\Google\Chrome\AutoOpenAllowedForURLs</Key>
3271 <ValueName>3</ValueName>
3272 <Value>hosting.com/good_path</Value>
3274 <Entry type="1" type_name="REG_SZ">
3275 <Key>Software\Policies\Google\Chrome\AutoOpenAllowedForURLs</Key>
3276 <ValueName>4</ValueName>
3277 <Value>https://server:8080/path</Value>
3279 <Entry type="1" type_name="REG_SZ">
3280 <Key>Software\Policies\Google\Chrome\AutoOpenAllowedForURLs</Key>
3281 <ValueName>5</ValueName>
3282 <Value>.exact.hostname.com</Value>
3284 <Entry type="1" type_name="REG_SZ">
3285 <Key>Software\Policies\Google\Chrome\AutoOpenFileTypes</Key>
3286 <ValueName>1</ValueName>
3289 <Entry type="1" type_name="REG_SZ">
3290 <Key>Software\Policies\Google\Chrome\AutoOpenFileTypes</Key>
3291 <ValueName>2</ValueName>
3294 <Entry type="1" type_name="REG_SZ">
3295 <Key>Software\Policies\Google\Chrome\AutoSelectCertificateForUrls</Key>
3296 <ValueName>1</ValueName>
3297 <Value>{"pattern":"https://www.example.com","filter":{"ISSUER":{"CN":"certificate issuer name", "L": "certificate issuer location", "O": "certificate issuer org", "OU": "certificate issuer org unit"}, "SUBJECT":{"CN":"certificate subject name", "L": "certificate subject location", "O": "certificate subject org", "OU": "certificate subject org unit"}}}</Value>
3299 <Entry type="1" type_name="REG_SZ">
3300 <Key>Software\Policies\Google\Chrome\AutoplayAllowlist</Key>
3301 <ValueName>1</ValueName>
3302 <Value>https://www.example.com</Value>
3304 <Entry type="1" type_name="REG_SZ">
3305 <Key>Software\Policies\Google\Chrome\AutoplayAllowlist</Key>
3306 <ValueName>2</ValueName>
3307 <Value>[*.]example.edu</Value>
3309 <Entry type="1" type_name="REG_SZ">
3310 <Key>Software\Policies\Google\Chrome\BrowserSwitcherChromeParameters</Key>
3311 <ValueName>1</ValueName>
3312 <Value>--force-dark-mode</Value>
3314 <Entry type="1" type_name="REG_SZ">
3315 <Key>Software\Policies\Google\Chrome\BrowserSwitcherUrlGreylist</Key>
3316 <ValueName>1</ValueName>
3317 <Value>ie.com</Value>
3319 <Entry type="1" type_name="REG_SZ">
3320 <Key>Software\Policies\Google\Chrome\BrowserSwitcherUrlGreylist</Key>
3321 <ValueName>2</ValueName>
3322 <Value>!open-in-chrome.ie.com</Value>
3324 <Entry type="1" type_name="REG_SZ">
3325 <Key>Software\Policies\Google\Chrome\BrowserSwitcherUrlGreylist</Key>
3326 <ValueName>3</ValueName>
3327 <Value>foobar.com/ie-only/</Value>
3329 <Entry type="1" type_name="REG_SZ">
3330 <Key>Software\Policies\Google\Chrome\BrowserSwitcherUrlList</Key>
3331 <ValueName>1</ValueName>
3332 <Value>ie.com</Value>
3334 <Entry type="1" type_name="REG_SZ">
3335 <Key>Software\Policies\Google\Chrome\BrowserSwitcherUrlList</Key>
3336 <ValueName>2</ValueName>
3337 <Value>!open-in-chrome.ie.com</Value>
3339 <Entry type="1" type_name="REG_SZ">
3340 <Key>Software\Policies\Google\Chrome\BrowserSwitcherUrlList</Key>
3341 <ValueName>3</ValueName>
3342 <Value>foobar.com/ie-only/</Value>
3344 <Entry type="1" type_name="REG_SZ">
3345 <Key>Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForCas</Key>
3346 <ValueName>1</ValueName>
3347 <Value>sha256/AAAAAAAAAAAAAAAAAAAAAA==</Value>
3349 <Entry type="1" type_name="REG_SZ">
3350 <Key>Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForCas</Key>
3351 <ValueName>2</ValueName>
3352 <Value>sha256//////////////////////w==</Value>
3354 <Entry type="1" type_name="REG_SZ">
3355 <Key>Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForLegacyCas</Key>
3356 <ValueName>1</ValueName>
3357 <Value>sha256/AAAAAAAAAAAAAAAAAAAAAA==</Value>
3359 <Entry type="1" type_name="REG_SZ">
3360 <Key>Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForLegacyCas</Key>
3361 <ValueName>2</ValueName>
3362 <Value>sha256//////////////////////w==</Value>
3364 <Entry type="1" type_name="REG_SZ">
3365 <Key>Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls</Key>
3366 <ValueName>1</ValueName>
3367 <Value>example.com</Value>
3369 <Entry type="1" type_name="REG_SZ">
3370 <Key>Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls</Key>
3371 <ValueName>2</ValueName>
3372 <Value>.example.com</Value>
3374 <Entry type="1" type_name="REG_SZ">
3375 <Key>Software\Policies\Google\Chrome\ClearBrowsingDataOnExitList</Key>
3376 <ValueName>1</ValueName>
3377 <Value>browsing_history</Value>
3379 <Entry type="1" type_name="REG_SZ">
3380 <Key>Software\Policies\Google\Chrome\ClearBrowsingDataOnExitList</Key>
3381 <ValueName>2</ValueName>
3382 <Value>download_history</Value>
3384 <Entry type="1" type_name="REG_SZ">
3385 <Key>Software\Policies\Google\Chrome\ClearBrowsingDataOnExitList</Key>
3386 <ValueName>3</ValueName>
3387 <Value>cookies_and_other_site_data</Value>
3389 <Entry type="1" type_name="REG_SZ">
3390 <Key>Software\Policies\Google\Chrome\ClearBrowsingDataOnExitList</Key>
3391 <ValueName>4</ValueName>
3392 <Value>cached_images_and_files</Value>
3394 <Entry type="1" type_name="REG_SZ">
3395 <Key>Software\Policies\Google\Chrome\ClearBrowsingDataOnExitList</Key>
3396 <ValueName>5</ValueName>
3397 <Value>password_signin</Value>
3399 <Entry type="1" type_name="REG_SZ">
3400 <Key>Software\Policies\Google\Chrome\ClearBrowsingDataOnExitList</Key>
3401 <ValueName>6</ValueName>
3402 <Value>autofill</Value>
3404 <Entry type="1" type_name="REG_SZ">
3405 <Key>Software\Policies\Google\Chrome\ClearBrowsingDataOnExitList</Key>
3406 <ValueName>7</ValueName>
3407 <Value>site_settings</Value>
3409 <Entry type="1" type_name="REG_SZ">
3410 <Key>Software\Policies\Google\Chrome\ClearBrowsingDataOnExitList</Key>
3411 <ValueName>8</ValueName>
3412 <Value>hosted_app_data</Value>
3414 <Entry type="1" type_name="REG_SZ">
3415 <Key>Software\Policies\Google\Chrome\CookiesAllowedForUrls</Key>
3416 <ValueName>1</ValueName>
3417 <Value>https://www.example.com</Value>
3419 <Entry type="1" type_name="REG_SZ">
3420 <Key>Software\Policies\Google\Chrome\CookiesAllowedForUrls</Key>
3421 <ValueName>2</ValueName>
3422 <Value>[*.]example.edu</Value>
3424 <Entry type="1" type_name="REG_SZ">
3425 <Key>Software\Policies\Google\Chrome\CookiesBlockedForUrls</Key>
3426 <ValueName>1</ValueName>
3427 <Value>https://www.example.com</Value>
3429 <Entry type="1" type_name="REG_SZ">
3430 <Key>Software\Policies\Google\Chrome\CookiesBlockedForUrls</Key>
3431 <ValueName>2</ValueName>
3432 <Value>[*.]example.edu</Value>
3434 <Entry type="1" type_name="REG_SZ">
3435 <Key>Software\Policies\Google\Chrome\CookiesSessionOnlyForUrls</Key>
3436 <ValueName>1</ValueName>
3437 <Value>https://www.example.com</Value>
3439 <Entry type="1" type_name="REG_SZ">
3440 <Key>Software\Policies\Google\Chrome\CookiesSessionOnlyForUrls</Key>
3441 <ValueName>2</ValueName>
3442 <Value>[*.]example.edu</Value>
3444 <Entry type="1" type_name="REG_SZ">
3445 <Key>Software\Policies\Google\Chrome\DefaultSearchProviderAlternateURLs</Key>
3446 <ValueName>1</ValueName>
3447 <Value>https://search.my.company/suggest#q={searchTerms}</Value>
3449 <Entry type="1" type_name="REG_SZ">
3450 <Key>Software\Policies\Google\Chrome\DefaultSearchProviderAlternateURLs</Key>
3451 <ValueName>2</ValueName>
3452 <Value>https://search.my.company/suggest/search#q={searchTerms}</Value>
3454 <Entry type="1" type_name="REG_SZ">
3455 <Key>Software\Policies\Google\Chrome\DefaultSearchProviderEncodings</Key>
3456 <ValueName>1</ValueName>
3457 <Value>UTF-8</Value>
3459 <Entry type="1" type_name="REG_SZ">
3460 <Key>Software\Policies\Google\Chrome\DefaultSearchProviderEncodings</Key>
3461 <ValueName>2</ValueName>
3462 <Value>UTF-16</Value>
3464 <Entry type="1" type_name="REG_SZ">
3465 <Key>Software\Policies\Google\Chrome\DefaultSearchProviderEncodings</Key>
3466 <ValueName>3</ValueName>
3467 <Value>GB2312</Value>
3469 <Entry type="1" type_name="REG_SZ">
3470 <Key>Software\Policies\Google\Chrome\DefaultSearchProviderEncodings</Key>
3471 <ValueName>4</ValueName>
3472 <Value>ISO-8859-1</Value>
3474 <Entry type="1" type_name="REG_SZ">
3475 <Key>Software\Policies\Google\Chrome\EnableExperimentalPolicies</Key>
3476 <ValueName>1</ValueName>
3477 <Value>ExtensionInstallAllowlist</Value>
3479 <Entry type="1" type_name="REG_SZ">
3480 <Key>Software\Policies\Google\Chrome\EnableExperimentalPolicies</Key>
3481 <ValueName>2</ValueName>
3482 <Value>ExtensionInstallBlocklist</Value>
3484 <Entry type="1" type_name="REG_SZ">
3485 <Key>Software\Policies\Google\Chrome\ExplicitlyAllowedNetworkPorts</Key>
3486 <ValueName>1</ValueName>
3487 <Value>10080</Value>
3489 <Entry type="1" type_name="REG_SZ">
3490 <Key>Software\Policies\Google\Chrome\ExtensionAllowedTypes</Key>
3491 <ValueName>1</ValueName>
3492 <Value>hosted_app</Value>
3494 <Entry type="1" type_name="REG_SZ">
3495 <Key>Software\Policies\Google\Chrome\ExtensionInstallAllowlist</Key>
3496 <ValueName>1</ValueName>
3497 <Value>extension_id1</Value>
3499 <Entry type="1" type_name="REG_SZ">
3500 <Key>Software\Policies\Google\Chrome\ExtensionInstallAllowlist</Key>
3501 <ValueName>2</ValueName>
3502 <Value>extension_id2</Value>
3504 <Entry type="1" type_name="REG_SZ">
3505 <Key>Software\Policies\Google\Chrome\ExtensionInstallBlocklist</Key>
3506 <ValueName>1</ValueName>
3507 <Value>extension_id1</Value>
3509 <Entry type="1" type_name="REG_SZ">
3510 <Key>Software\Policies\Google\Chrome\ExtensionInstallBlocklist</Key>
3511 <ValueName>2</ValueName>
3512 <Value>extension_id2</Value>
3514 <Entry type="1" type_name="REG_SZ">
3515 <Key>Software\Policies\Google\Chrome\ExtensionInstallForcelist</Key>
3516 <ValueName>1</ValueName>
3517 <Value>aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa;https://clients2.google.com/service/update2/crx</Value>
3519 <Entry type="1" type_name="REG_SZ">
3520 <Key>Software\Policies\Google\Chrome\ExtensionInstallForcelist</Key>
3521 <ValueName>2</ValueName>
3522 <Value>abcdefghijklmnopabcdefghijklmnop</Value>
3524 <Entry type="1" type_name="REG_SZ">
3525 <Key>Software\Policies\Google\Chrome\ExtensionInstallSources</Key>
3526 <ValueName>1</ValueName>
3527 <Value>https://corp.mycompany.com/*</Value>
3529 <Entry type="1" type_name="REG_SZ">
3530 <Key>Software\Policies\Google\Chrome\FileHandlingAllowedForUrls</Key>
3531 <ValueName>1</ValueName>
3532 <Value>https://www.example.com</Value>
3534 <Entry type="1" type_name="REG_SZ">
3535 <Key>Software\Policies\Google\Chrome\FileHandlingAllowedForUrls</Key>
3536 <ValueName>2</ValueName>
3537 <Value>[*.]example.edu</Value>
3539 <Entry type="1" type_name="REG_SZ">
3540 <Key>Software\Policies\Google\Chrome\FileHandlingBlockedForUrls</Key>
3541 <ValueName>1</ValueName>
3542 <Value>https://www.example.com</Value>
3544 <Entry type="1" type_name="REG_SZ">
3545 <Key>Software\Policies\Google\Chrome\FileHandlingBlockedForUrls</Key>
3546 <ValueName>2</ValueName>
3547 <Value>[*.]example.edu</Value>
3549 <Entry type="1" type_name="REG_SZ">
3550 <Key>Software\Policies\Google\Chrome\FileSystemReadAskForUrls</Key>
3551 <ValueName>1</ValueName>
3552 <Value>https://www.example.com</Value>
3554 <Entry type="1" type_name="REG_SZ">
3555 <Key>Software\Policies\Google\Chrome\FileSystemReadAskForUrls</Key>
3556 <ValueName>2</ValueName>
3557 <Value>[*.]example.edu</Value>
3559 <Entry type="1" type_name="REG_SZ">
3560 <Key>Software\Policies\Google\Chrome\FileSystemReadBlockedForUrls</Key>
3561 <ValueName>1</ValueName>
3562 <Value>https://www.example.com</Value>
3564 <Entry type="1" type_name="REG_SZ">
3565 <Key>Software\Policies\Google\Chrome\FileSystemReadBlockedForUrls</Key>
3566 <ValueName>2</ValueName>
3567 <Value>[*.]example.edu</Value>
3569 <Entry type="1" type_name="REG_SZ">
3570 <Key>Software\Policies\Google\Chrome\FileSystemWriteAskForUrls</Key>
3571 <ValueName>1</ValueName>
3572 <Value>https://www.example.com</Value>
3574 <Entry type="1" type_name="REG_SZ">
3575 <Key>Software\Policies\Google\Chrome\FileSystemWriteAskForUrls</Key>
3576 <ValueName>2</ValueName>
3577 <Value>[*.]example.edu</Value>
3579 <Entry type="1" type_name="REG_SZ">
3580 <Key>Software\Policies\Google\Chrome\FileSystemWriteBlockedForUrls</Key>
3581 <ValueName>1</ValueName>
3582 <Value>https://www.example.com</Value>
3584 <Entry type="1" type_name="REG_SZ">
3585 <Key>Software\Policies\Google\Chrome\FileSystemWriteBlockedForUrls</Key>
3586 <ValueName>2</ValueName>
3587 <Value>[*.]example.edu</Value>
3589 <Entry type="1" type_name="REG_SZ">
3590 <Key>Software\Policies\Google\Chrome\ForcedLanguages</Key>
3591 <ValueName>1</ValueName>
3592 <Value>en-US</Value>
3594 <Entry type="1" type_name="REG_SZ">
3595 <Key>Software\Policies\Google\Chrome\HSTSPolicyBypassList</Key>
3596 <ValueName>1</ValueName>
3599 <Entry type="1" type_name="REG_SZ">
3600 <Key>Software\Policies\Google\Chrome\ImagesAllowedForUrls</Key>
3601 <ValueName>1</ValueName>
3602 <Value>https://www.example.com</Value>
3604 <Entry type="1" type_name="REG_SZ">
3605 <Key>Software\Policies\Google\Chrome\ImagesAllowedForUrls</Key>
3606 <ValueName>2</ValueName>
3607 <Value>[*.]example.edu</Value>
3609 <Entry type="1" type_name="REG_SZ">
3610 <Key>Software\Policies\Google\Chrome\ImagesBlockedForUrls</Key>
3611 <ValueName>1</ValueName>
3612 <Value>https://www.example.com</Value>
3614 <Entry type="1" type_name="REG_SZ">
3615 <Key>Software\Policies\Google\Chrome\ImagesBlockedForUrls</Key>
3616 <ValueName>2</ValueName>
3617 <Value>[*.]example.edu</Value>
3619 <Entry type="1" type_name="REG_SZ">
3620 <Key>Software\Policies\Google\Chrome\InsecureContentAllowedForUrls</Key>
3621 <ValueName>1</ValueName>
3622 <Value>https://www.example.com</Value>
3624 <Entry type="1" type_name="REG_SZ">
3625 <Key>Software\Policies\Google\Chrome\InsecureContentAllowedForUrls</Key>
3626 <ValueName>2</ValueName>
3627 <Value>[*.]example.edu</Value>
3629 <Entry type="1" type_name="REG_SZ">
3630 <Key>Software\Policies\Google\Chrome\InsecureContentBlockedForUrls</Key>
3631 <ValueName>1</ValueName>
3632 <Value>https://www.example.com</Value>
3634 <Entry type="1" type_name="REG_SZ">
3635 <Key>Software\Policies\Google\Chrome\InsecureContentBlockedForUrls</Key>
3636 <ValueName>2</ValueName>
3637 <Value>[*.]example.edu</Value>
3639 <Entry type="1" type_name="REG_SZ">
3640 <Key>Software\Policies\Google\Chrome\InsecurePrivateNetworkRequestsAllowedForUrls</Key>
3641 <ValueName>1</ValueName>
3642 <Value>http://www.example.com:8080</Value>
3644 <Entry type="1" type_name="REG_SZ">
3645 <Key>Software\Policies\Google\Chrome\InsecurePrivateNetworkRequestsAllowedForUrls</Key>
3646 <ValueName>2</ValueName>
3647 <Value>[*.]example.edu</Value>
3649 <Entry type="1" type_name="REG_SZ">
3650 <Key>Software\Policies\Google\Chrome\JavaScriptAllowedForUrls</Key>
3651 <ValueName>1</ValueName>
3652 <Value>https://www.example.com</Value>
3654 <Entry type="1" type_name="REG_SZ">
3655 <Key>Software\Policies\Google\Chrome\JavaScriptAllowedForUrls</Key>
3656 <ValueName>2</ValueName>
3657 <Value>[*.]example.edu</Value>
3659 <Entry type="1" type_name="REG_SZ">
3660 <Key>Software\Policies\Google\Chrome\JavaScriptBlockedForUrls</Key>
3661 <ValueName>1</ValueName>
3662 <Value>https://www.example.com</Value>
3664 <Entry type="1" type_name="REG_SZ">
3665 <Key>Software\Policies\Google\Chrome\JavaScriptBlockedForUrls</Key>
3666 <ValueName>2</ValueName>
3667 <Value>[*.]example.edu</Value>
3669 <Entry type="1" type_name="REG_SZ">
3670 <Key>Software\Policies\Google\Chrome\LegacySameSiteCookieBehaviorEnabledForDomainList</Key>
3671 <ValueName>1</ValueName>
3672 <Value>www.example.com</Value>
3674 <Entry type="1" type_name="REG_SZ">
3675 <Key>Software\Policies\Google\Chrome\LegacySameSiteCookieBehaviorEnabledForDomainList</Key>
3676 <ValueName>2</ValueName>
3677 <Value>[*.]example.edu</Value>
3679 <Entry type="1" type_name="REG_SZ">
3680 <Key>Software\Policies\Google\Chrome\LookalikeWarningAllowlistDomains</Key>
3681 <ValueName>1</ValueName>
3682 <Value>foo.example.com</Value>
3684 <Entry type="1" type_name="REG_SZ">
3685 <Key>Software\Policies\Google\Chrome\LookalikeWarningAllowlistDomains</Key>
3686 <ValueName>2</ValueName>
3687 <Value>example.org</Value>
3689 <Entry type="1" type_name="REG_SZ">
3690 <Key>Software\Policies\Google\Chrome\NativeMessagingAllowlist</Key>
3691 <ValueName>1</ValueName>
3692 <Value>com.native.messaging.host.name1</Value>
3694 <Entry type="1" type_name="REG_SZ">
3695 <Key>Software\Policies\Google\Chrome\NativeMessagingAllowlist</Key>
3696 <ValueName>2</ValueName>
3697 <Value>com.native.messaging.host.name2</Value>
3699 <Entry type="1" type_name="REG_SZ">
3700 <Key>Software\Policies\Google\Chrome\NativeMessagingBlocklist</Key>
3701 <ValueName>1</ValueName>
3702 <Value>com.native.messaging.host.name1</Value>
3704 <Entry type="1" type_name="REG_SZ">
3705 <Key>Software\Policies\Google\Chrome\NativeMessagingBlocklist</Key>
3706 <ValueName>2</ValueName>
3707 <Value>com.native.messaging.host.name2</Value>
3709 <Entry type="1" type_name="REG_SZ">
3710 <Key>Software\Policies\Google\Chrome\NotificationsAllowedForUrls</Key>
3711 <ValueName>1</ValueName>
3712 <Value>https://www.example.com</Value>
3714 <Entry type="1" type_name="REG_SZ">
3715 <Key>Software\Policies\Google\Chrome\NotificationsAllowedForUrls</Key>
3716 <ValueName>2</ValueName>
3717 <Value>[*.]example.edu</Value>
3719 <Entry type="1" type_name="REG_SZ">
3720 <Key>Software\Policies\Google\Chrome\NotificationsBlockedForUrls</Key>
3721 <ValueName>1</ValueName>
3722 <Value>https://www.example.com</Value>
3724 <Entry type="1" type_name="REG_SZ">
3725 <Key>Software\Policies\Google\Chrome\NotificationsBlockedForUrls</Key>
3726 <ValueName>2</ValueName>
3727 <Value>[*.]example.edu</Value>
3729 <Entry type="1" type_name="REG_SZ">
3730 <Key>Software\Policies\Google\Chrome\OverrideSecurityRestrictionsOnInsecureOrigin</Key>
3731 <ValueName>1</ValueName>
3732 <Value>http://testserver.example.com/</Value>
3734 <Entry type="1" type_name="REG_SZ">
3735 <Key>Software\Policies\Google\Chrome\OverrideSecurityRestrictionsOnInsecureOrigin</Key>
3736 <ValueName>2</ValueName>
3737 <Value>*.example.org</Value>
3739 <Entry type="1" type_name="REG_SZ">
3740 <Key>Software\Policies\Google\Chrome\PasswordProtectionLoginURLs</Key>
3741 <ValueName>1</ValueName>
3742 <Value>https://mydomain.com/login.html</Value>
3744 <Entry type="1" type_name="REG_SZ">
3745 <Key>Software\Policies\Google\Chrome\PasswordProtectionLoginURLs</Key>
3746 <ValueName>2</ValueName>
3747 <Value>https://login.mydomain.com</Value>
3749 <Entry type="1" type_name="REG_SZ">
3750 <Key>Software\Policies\Google\Chrome\PolicyDictionaryMultipleSourceMergeList</Key>
3751 <ValueName>1</ValueName>
3752 <Value>ExtensionSettings</Value>
3754 <Entry type="1" type_name="REG_SZ">
3755 <Key>Software\Policies\Google\Chrome\PolicyListMultipleSourceMergeList</Key>
3756 <ValueName>1</ValueName>
3757 <Value>ExtensionInstallAllowlist</Value>
3759 <Entry type="1" type_name="REG_SZ">
3760 <Key>Software\Policies\Google\Chrome\PolicyListMultipleSourceMergeList</Key>
3761 <ValueName>2</ValueName>
3762 <Value>ExtensionInstallBlocklist</Value>
3764 <Entry type="1" type_name="REG_SZ">
3765 <Key>Software\Policies\Google\Chrome\PopupsAllowedForUrls</Key>
3766 <ValueName>1</ValueName>
3767 <Value>https://www.example.com</Value>
3769 <Entry type="1" type_name="REG_SZ">
3770 <Key>Software\Policies\Google\Chrome\PopupsAllowedForUrls</Key>
3771 <ValueName>2</ValueName>
3772 <Value>[*.]example.edu</Value>
3774 <Entry type="1" type_name="REG_SZ">
3775 <Key>Software\Policies\Google\Chrome\PopupsBlockedForUrls</Key>
3776 <ValueName>1</ValueName>
3777 <Value>https://www.example.com</Value>
3779 <Entry type="1" type_name="REG_SZ">
3780 <Key>Software\Policies\Google\Chrome\PopupsBlockedForUrls</Key>
3781 <ValueName>2</ValueName>
3782 <Value>[*.]example.edu</Value>
3784 <Entry type="1" type_name="REG_SZ">
3785 <Key>Software\Policies\Google\Chrome\PrinterTypeDenyList</Key>
3786 <ValueName>1</ValueName>
3787 <Value>cloud</Value>
3789 <Entry type="1" type_name="REG_SZ">
3790 <Key>Software\Policies\Google\Chrome\PrinterTypeDenyList</Key>
3791 <ValueName>2</ValueName>
3792 <Value>privet</Value>
3794 <Entry type="1" type_name="REG_SZ">
3795 <Key>Software\Policies\Google\Chrome\RemoteAccessHostClientDomainList</Key>
3796 <ValueName>1</ValueName>
3797 <Value>my-awesome-domain.com</Value>
3799 <Entry type="1" type_name="REG_SZ">
3800 <Key>Software\Policies\Google\Chrome\RemoteAccessHostClientDomainList</Key>
3801 <ValueName>2</ValueName>
3802 <Value>my-auxiliary-domain.com</Value>
3804 <Entry type="1" type_name="REG_SZ">
3805 <Key>Software\Policies\Google\Chrome\RemoteAccessHostDomainList</Key>
3806 <ValueName>1</ValueName>
3807 <Value>my-awesome-domain.com</Value>
3809 <Entry type="1" type_name="REG_SZ">
3810 <Key>Software\Policies\Google\Chrome\RemoteAccessHostDomainList</Key>
3811 <ValueName>2</ValueName>
3812 <Value>my-auxiliary-domain.com</Value>
3814 <Entry type="1" type_name="REG_SZ">
3815 <Key>Software\Policies\Google\Chrome\RestoreOnStartupURLs</Key>
3816 <ValueName>1</ValueName>
3817 <Value>https://example.com</Value>
3819 <Entry type="1" type_name="REG_SZ">
3820 <Key>Software\Policies\Google\Chrome\RestoreOnStartupURLs</Key>
3821 <ValueName>2</ValueName>
3822 <Value>https://www.chromium.org</Value>
3824 <Entry type="1" type_name="REG_SZ">
3825 <Key>Software\Policies\Google\Chrome\SSLErrorOverrideAllowedForOrigins</Key>
3826 <ValueName>1</ValueName>
3827 <Value>https://www.example.com</Value>
3829 <Entry type="1" type_name="REG_SZ">
3830 <Key>Software\Policies\Google\Chrome\SSLErrorOverrideAllowedForOrigins</Key>
3831 <ValueName>2</ValueName>
3832 <Value>[*.]example.edu</Value>
3834 <Entry type="1" type_name="REG_SZ">
3835 <Key>Software\Policies\Google\Chrome\SafeBrowsingAllowlistDomains</Key>
3836 <ValueName>1</ValueName>
3837 <Value>mydomain.com</Value>
3839 <Entry type="1" type_name="REG_SZ">
3840 <Key>Software\Policies\Google\Chrome\SafeBrowsingAllowlistDomains</Key>
3841 <ValueName>2</ValueName>
3842 <Value>myuniversity.edu</Value>
3844 <Entry type="1" type_name="REG_SZ">
3845 <Key>Software\Policies\Google\Chrome\SecurityKeyPermitAttestation</Key>
3846 <ValueName>1</ValueName>
3847 <Value>https://example.com</Value>
3849 <Entry type="1" type_name="REG_SZ">
3850 <Key>Software\Policies\Google\Chrome\SensorsAllowedForUrls</Key>
3851 <ValueName>1</ValueName>
3852 <Value>https://www.example.com</Value>
3854 <Entry type="1" type_name="REG_SZ">
3855 <Key>Software\Policies\Google\Chrome\SensorsAllowedForUrls</Key>
3856 <ValueName>2</ValueName>
3857 <Value>[*.]example.edu</Value>
3859 <Entry type="1" type_name="REG_SZ">
3860 <Key>Software\Policies\Google\Chrome\SensorsBlockedForUrls</Key>
3861 <ValueName>1</ValueName>
3862 <Value>https://www.example.com</Value>
3864 <Entry type="1" type_name="REG_SZ">
3865 <Key>Software\Policies\Google\Chrome\SensorsBlockedForUrls</Key>
3866 <ValueName>2</ValueName>
3867 <Value>[*.]example.edu</Value>
3869 <Entry type="1" type_name="REG_SZ">
3870 <Key>Software\Policies\Google\Chrome\SerialAskForUrls</Key>
3871 <ValueName>1</ValueName>
3872 <Value>https://www.example.com</Value>
3874 <Entry type="1" type_name="REG_SZ">
3875 <Key>Software\Policies\Google\Chrome\SerialAskForUrls</Key>
3876 <ValueName>2</ValueName>
3877 <Value>[*.]example.edu</Value>
3879 <Entry type="1" type_name="REG_SZ">
3880 <Key>Software\Policies\Google\Chrome\SerialBlockedForUrls</Key>
3881 <ValueName>1</ValueName>
3882 <Value>https://www.example.com</Value>
3884 <Entry type="1" type_name="REG_SZ">
3885 <Key>Software\Policies\Google\Chrome\SerialBlockedForUrls</Key>
3886 <ValueName>2</ValueName>
3887 <Value>[*.]example.edu</Value>
3889 <Entry type="1" type_name="REG_SZ">
3890 <Key>Software\Policies\Google\Chrome\SpellcheckLanguage</Key>
3891 <ValueName>1</ValueName>
3894 <Entry type="1" type_name="REG_SZ">
3895 <Key>Software\Policies\Google\Chrome\SpellcheckLanguage</Key>
3896 <ValueName>2</ValueName>
3899 <Entry type="1" type_name="REG_SZ">
3900 <Key>Software\Policies\Google\Chrome\SpellcheckLanguageBlocklist</Key>
3901 <ValueName>1</ValueName>
3904 <Entry type="1" type_name="REG_SZ">
3905 <Key>Software\Policies\Google\Chrome\SpellcheckLanguageBlocklist</Key>
3906 <ValueName>2</ValueName>
3909 <Entry type="1" type_name="REG_SZ">
3910 <Key>Software\Policies\Google\Chrome\SyncTypesListDisabled</Key>
3911 <ValueName>1</ValueName>
3912 <Value>bookmarks</Value>
3914 <Entry type="1" type_name="REG_SZ">
3915 <Key>Software\Policies\Google\Chrome\URLAllowlist</Key>
3916 <ValueName>1</ValueName>
3917 <Value>example.com</Value>
3919 <Entry type="1" type_name="REG_SZ">
3920 <Key>Software\Policies\Google\Chrome\URLAllowlist</Key>
3921 <ValueName>2</ValueName>
3922 <Value>https://ssl.server.com</Value>
3924 <Entry type="1" type_name="REG_SZ">
3925 <Key>Software\Policies\Google\Chrome\URLAllowlist</Key>
3926 <ValueName>3</ValueName>
3927 <Value>hosting.com/good_path</Value>
3929 <Entry type="1" type_name="REG_SZ">
3930 <Key>Software\Policies\Google\Chrome\URLAllowlist</Key>
3931 <ValueName>4</ValueName>
3932 <Value>https://server:8080/path</Value>
3934 <Entry type="1" type_name="REG_SZ">
3935 <Key>Software\Policies\Google\Chrome\URLAllowlist</Key>
3936 <ValueName>5</ValueName>
3937 <Value>.exact.hostname.com</Value>
3939 <Entry type="1" type_name="REG_SZ">
3940 <Key>Software\Policies\Google\Chrome\URLBlocklist</Key>
3941 <ValueName>1</ValueName>
3942 <Value>example.com</Value>
3944 <Entry type="1" type_name="REG_SZ">
3945 <Key>Software\Policies\Google\Chrome\URLBlocklist</Key>
3946 <ValueName>2</ValueName>
3947 <Value>https://ssl.server.com</Value>
3949 <Entry type="1" type_name="REG_SZ">
3950 <Key>Software\Policies\Google\Chrome\URLBlocklist</Key>
3951 <ValueName>3</ValueName>
3952 <Value>hosting.com/bad_path</Value>
3954 <Entry type="1" type_name="REG_SZ">
3955 <Key>Software\Policies\Google\Chrome\URLBlocklist</Key>
3956 <ValueName>4</ValueName>
3957 <Value>https://server:8080/path</Value>
3959 <Entry type="1" type_name="REG_SZ">
3960 <Key>Software\Policies\Google\Chrome\URLBlocklist</Key>
3961 <ValueName>5</ValueName>
3962 <Value>.exact.hostname.com</Value>
3964 <Entry type="1" type_name="REG_SZ">
3965 <Key>Software\Policies\Google\Chrome\URLBlocklist</Key>
3966 <ValueName>6</ValueName>
3967 <Value>file://*</Value>
3969 <Entry type="1" type_name="REG_SZ">
3970 <Key>Software\Policies\Google\Chrome\URLBlocklist</Key>
3971 <ValueName>7</ValueName>
3972 <Value>custom_scheme:*</Value>
3974 <Entry type="1" type_name="REG_SZ">
3975 <Key>Software\Policies\Google\Chrome\URLBlocklist</Key>
3976 <ValueName>8</ValueName>
3979 <Entry type="1" type_name="REG_SZ">
3980 <Key>Software\Policies\Google\Chrome\VideoCaptureAllowedUrls</Key>
3981 <ValueName>1</ValueName>
3982 <Value>https://www.example.com/</Value>
3984 <Entry type="1" type_name="REG_SZ">
3985 <Key>Software\Policies\Google\Chrome\VideoCaptureAllowedUrls</Key>
3986 <ValueName>2</ValueName>
3987 <Value>https://[*.]example.edu/</Value>
3989 <Entry type="1" type_name="REG_SZ">
3990 <Key>Software\Policies\Google\Chrome\WebRtcLocalIpsAllowedUrls</Key>
3991 <ValueName>1</ValueName>
3992 <Value>https://www.example.com</Value>
3994 <Entry type="1" type_name="REG_SZ">
3995 <Key>Software\Policies\Google\Chrome\WebRtcLocalIpsAllowedUrls</Key>
3996 <ValueName>2</ValueName>
3997 <Value>*example.com*</Value>
3999 <Entry type="1" type_name="REG_SZ">
4000 <Key>Software\Policies\Google\Chrome\WebUsbAskForUrls</Key>
4001 <ValueName>1</ValueName>
4002 <Value>https://www.example.com</Value>
4004 <Entry type="1" type_name="REG_SZ">
4005 <Key>Software\Policies\Google\Chrome\WebUsbAskForUrls</Key>
4006 <ValueName>2</ValueName>
4007 <Value>[*.]example.edu</Value>
4009 <Entry type="1" type_name="REG_SZ">
4010 <Key>Software\Policies\Google\Chrome\WebUsbBlockedForUrls</Key>
4011 <ValueName>1</ValueName>
4012 <Value>https://www.example.com</Value>
4014 <Entry type="1" type_name="REG_SZ">
4015 <Key>Software\Policies\Google\Chrome\WebUsbBlockedForUrls</Key>
4016 <ValueName>2</ValueName>
4017 <Value>[*.]example.edu</Value>
4019 <Entry type="4" type_name="REG_DWORD">
4020 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4021 <ValueName>AlternateErrorPagesEnabled</ValueName>
4024 <Entry type="1" type_name="REG_SZ">
4025 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4026 <ValueName>ApplicationLocaleValue</ValueName>
4029 <Entry type="4" type_name="REG_DWORD">
4030 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4031 <ValueName>AutofillAddressEnabled</ValueName>
4034 <Entry type="4" type_name="REG_DWORD">
4035 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4036 <ValueName>AutofillCreditCardEnabled</ValueName>
4039 <Entry type="4" type_name="REG_DWORD">
4040 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4041 <ValueName>BackgroundModeEnabled</ValueName>
4044 <Entry type="4" type_name="REG_DWORD">
4045 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4046 <ValueName>BlockThirdPartyCookies</ValueName>
4049 <Entry type="4" type_name="REG_DWORD">
4050 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4051 <ValueName>BookmarkBarEnabled</ValueName>
4054 <Entry type="1" type_name="REG_SZ">
4055 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4056 <ValueName>DefaultDownloadDirectory</ValueName>
4057 <Value>/home/${user_name}/Downloads</Value>
4059 <Entry type="1" type_name="REG_SZ">
4060 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4061 <ValueName>DownloadDirectory</ValueName>
4062 <Value>/home/${user_name}/Downloads</Value>
4064 <Entry type="4" type_name="REG_DWORD">
4065 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4066 <ValueName>DownloadRestrictions</ValueName>
4069 <Entry type="4" type_name="REG_DWORD">
4070 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4071 <ValueName>HomepageIsNewTabPage</ValueName>
4074 <Entry type="1" type_name="REG_SZ">
4075 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4076 <ValueName>HomepageLocation</ValueName>
4077 <Value>https://www.chromium.org</Value>
4079 <Entry type="4" type_name="REG_DWORD">
4080 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4081 <ValueName>ImportAutofillFormData</ValueName>
4084 <Entry type="4" type_name="REG_DWORD">
4085 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4086 <ValueName>ImportBookmarks</ValueName>
4089 <Entry type="4" type_name="REG_DWORD">
4090 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4091 <ValueName>ImportHistory</ValueName>
4094 <Entry type="4" type_name="REG_DWORD">
4095 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4096 <ValueName>ImportSavedPasswords</ValueName>
4099 <Entry type="4" type_name="REG_DWORD">
4100 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4101 <ValueName>ImportSearchEngine</ValueName>
4104 <Entry type="4" type_name="REG_DWORD">
4105 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4106 <ValueName>MetricsReportingEnabled</ValueName>
4109 <Entry type="4" type_name="REG_DWORD">
4110 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4111 <ValueName>NetworkPredictionOptions</ValueName>
4114 <Entry type="4" type_name="REG_DWORD">
4115 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4116 <ValueName>PasswordLeakDetectionEnabled</ValueName>
4119 <Entry type="4" type_name="REG_DWORD">
4120 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4121 <ValueName>PasswordManagerEnabled</ValueName>
4124 <Entry type="4" type_name="REG_DWORD">
4125 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4126 <ValueName>PrintHeaderFooter</ValueName>
4129 <Entry type="4" type_name="REG_DWORD">
4130 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4131 <ValueName>PrintPreviewUseSystemDefaultPrinter</ValueName>
4134 <Entry type="1" type_name="REG_SZ">
4135 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4136 <ValueName>RegisteredProtocolHandlers</ValueName>
4137 <Value>[{"default": true, "protocol": "mailto", "url": "https://mail.google.com/mail/?extsrc=mailto&url=%s"}]</Value>
4139 <Entry type="4" type_name="REG_DWORD">
4140 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4141 <ValueName>RestoreOnStartup</ValueName>
4144 <Entry type="4" type_name="REG_DWORD">
4145 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4146 <ValueName>SafeBrowsingForTrustedSourcesEnabled</ValueName>
4149 <Entry type="4" type_name="REG_DWORD">
4150 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4151 <ValueName>SafeBrowsingProtectionLevel</ValueName>
4154 <Entry type="4" type_name="REG_DWORD">
4155 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4156 <ValueName>SearchSuggestEnabled</ValueName>
4159 <Entry type="4" type_name="REG_DWORD">
4160 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4161 <ValueName>ShowFullUrlsInAddressBar</ValueName>
4164 <Entry type="4" type_name="REG_DWORD">
4165 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4166 <ValueName>ShowHomeButton</ValueName>
4169 <Entry type="4" type_name="REG_DWORD">
4170 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4171 <ValueName>SpellCheckServiceEnabled</ValueName>
4174 <Entry type="4" type_name="REG_DWORD">
4175 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4176 <ValueName>TranslateEnabled</ValueName>
4179 <Entry type="1" type_name="REG_SZ">
4180 <Key>Software\Policies\Google\Chrome\Recommended\RestoreOnStartupURLs</Key>
4181 <ValueName>1</ValueName>
4182 <Value>https://example.com</Value>
4184 <Entry type="1" type_name="REG_SZ">
4185 <Key>Software\Policies\Google\Chrome\Recommended\RestoreOnStartupURLs</Key>
4186 <ValueName>2</ValueName>
4187 <Value>https://www.chromium.org</Value>
4192 chromium_json_expected_managed
= \
4195 "FileSystemWriteAskForUrls": [
4196 "https://www.example.com",
4199 "InsecureContentBlockedForUrls": [
4200 "https://www.example.com",
4203 "DefaultSearchProviderImageURLPostParams": "content={imageThumbnail},url={imageURL},sbisrc={SearchSource}",
4204 "BrowserAddPersonEnabled": true,
4205 "DefaultSearchProviderImageURL": "https://search.my.company/searchbyimage/upload",
4206 "ShowHomeButton": true,
4207 "ClearBrowsingDataOnExitList": [
4210 "cookies_and_other_site_data",
4211 "cached_images_and_files",
4217 "JavaScriptAllowedForUrls": [
4218 "https://www.example.com",
4221 "AmbientAuthenticationInPrivateModesEnabled": 0,
4222 "AllowFileSelectionDialogs": true,
4223 "PrintingAllowedBackgroundGraphicsModes": "enabled",
4224 "DnsOverHttpsTemplates": "https://dns.example.net/dns-query{?dns}",
4225 "ComponentUpdatesEnabled": true,
4226 "RemoteAccessHostAllowRemoteAccessConnections": false,
4227 "WindowOcclusionEnabled": true,
4228 "PrintPreviewUseSystemDefaultPrinter": false,
4229 "AutoLaunchProtocolsFromOrigins": [
4231 "allowed_origins": [
4233 "http://www.example.com:8080"
4235 "protocol": "spotify"
4238 "allowed_origins": [
4239 "https://example.com",
4240 "https://.mail.example.com"
4245 "allowed_origins": [
4248 "protocol": "outlook"
4251 "ManagedConfigurationPerOrigin": [
4253 "origin": "https://www.google.com",
4254 "managed_configuration_hash": "asd891jedasd12ue9h",
4255 "managed_configuration_url": "https://gstatic.google.com/configuration.json"
4258 "origin": "https://www.example.com",
4259 "managed_configuration_hash": "djio12easd89u12aws",
4260 "managed_configuration_url": "https://gstatic.google.com/configuration2.json"
4263 "SyncTypesListDisabled": [
4266 "SecurityKeyPermitAttestation": [
4267 "https://example.com"
4269 "DefaultSearchProviderSearchURL": "https://search.my.company/search?q={searchTerms}",
4270 "MetricsReportingEnabled": true,
4271 "MaxInvalidationFetchDelay": 10000,
4272 "AudioProcessHighPriorityEnabled": true,
4273 "ExtensionInstallForcelist": [
4274 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa;https://clients2.google.com/service/update2/crx",
4275 "abcdefghijklmnopabcdefghijklmnop"
4277 "ExternalProtocolDialogShowAlwaysOpenCheckbox": true,
4278 "CookiesBlockedForUrls": [
4279 "https://www.example.com",
4282 "BrowserSwitcherExternalSitelistUrl": "http://example.com/sitelist.xml",
4283 "AudioCaptureAllowedUrls": [
4284 "https://www.example.com/",
4285 "https://[*.]example.edu/"
4287 "NTPCustomBackgroundEnabled": true,
4288 "BlockExternalExtensions": true,
4289 "BrowserSwitcherChromeParameters": [
4292 "SafeSitesFilterBehavior": 0,
4293 "EnableOnlineRevocationChecks": false,
4294 "ImagesBlockedForUrls": [
4295 "https://www.example.com",
4298 "InsecureFormsWarningsEnabled": true,
4299 "RelaunchNotificationPeriod": 604800000,
4300 "TotalMemoryLimitMb": 2048,
4301 "CloudManagementEnrollmentMandatory": true,
4302 "ClickToCallEnabled": true,
4303 "AppCacheForceEnabled": false,
4304 "UrlKeyedAnonymizedDataCollectionEnabled": true,
4305 "FullscreenAllowed": true,
4306 "AuthSchemes": "basic,digest,ntlm,negotiate",
4307 "PasswordLeakDetectionEnabled": true,
4308 "AuthServerAllowlist": "*.example.com,example.com",
4309 "AllowSyncXHRInPageDismissal": false,
4310 "PasswordProtectionChangePasswordURL": "https://mydomain.com/change_password.html",
4311 "MaxConnectionsPerProxy": 32,
4312 "RemoteAccessHostMaximumSessionDurationMinutes": 1200,
4313 "RemoteAccessHostAllowFileTransfer": false,
4314 "PrintRasterizationMode": 1,
4315 "CertificateTransparencyEnforcementDisabledForLegacyCas": [
4316 "sha256/AAAAAAAAAAAAAAAAAAAAAA==",
4317 "sha256//////////////////////w=="
4319 "DefaultWebBluetoothGuardSetting": 2,
4320 "AutoplayAllowed": true,
4321 "BrowserSwitcherUrlList": [
4323 "!open-in-chrome.ie.com",
4324 "foobar.com/ie-only/"
4326 "CertificateTransparencyEnforcementDisabledForUrls": [
4330 "SpellcheckLanguageBlocklist": [
4334 "PrintHeaderFooter": false,
4335 "ShowAppsShortcutInBookmarkBar": false,
4336 "SerialAskForUrls": [
4337 "https://www.example.com",
4340 "ImagesAllowedForUrls": [
4341 "https://www.example.com",
4344 "ProfilePickerOnStartupAvailability": 0,
4345 "CommandLineFlagSecurityWarningsEnabled": true,
4346 "QuicAllowed": true,
4347 "IntensiveWakeUpThrottlingEnabled": true,
4348 "WPADQuickCheckEnabled": true,
4349 "SensorsAllowedForUrls": [
4350 "https://www.example.com",
4353 "NTPCardsVisible": true,
4354 "DefaultSearchProviderAlternateURLs": [
4355 "https://search.my.company/suggest#q={searchTerms}",
4356 "https://search.my.company/suggest/search#q={searchTerms}"
4358 "DisableSafeBrowsingProceedAnyway": true,
4359 "DefaultFileSystemWriteGuardSetting": 2,
4360 "DefaultSearchProviderSuggestURL": "https://search.my.company/suggest?q={searchTerms}",
4361 "SSLErrorOverrideAllowed": true,
4362 "CloudPrintProxyEnabled": true,
4363 "BrowserSwitcherUrlGreylist": [
4365 "!open-in-chrome.ie.com",
4366 "foobar.com/ie-only/"
4368 "BrowserNetworkTimeQueriesEnabled": true,
4369 "WebUsbAllowDevicesForUrls": [
4372 "https://google.com"
4382 "TaskManagerEndProcessEnabled": true,
4383 "SuppressDifferentOriginSubframeDialogs": true,
4384 "UserDataDir": "${users}/${user_name}/Chrome",
4385 "CookiesAllowedForUrls": [
4386 "https://www.example.com",
4389 "SuppressUnsupportedOSWarning": true,
4390 "RequireOnlineRevocationChecksForLocalAnchors": false,
4391 "BrowsingDataLifetime": [
4396 "time_to_live_in_hours": 24
4403 "time_to_live_in_hours": 12
4406 "FileHandlingBlockedForUrls": [
4407 "https://www.example.com",
4410 "AudioCaptureAllowed": false,
4411 "PromotionalTabsEnabled": false,
4412 "ShowFullUrlsInAddressBar": false,
4413 "EnableMediaRouter": true,
4414 "BrowserSwitcherDelay": 10000,
4415 "AllowDinosaurEasterEgg": false,
4416 "ImportSearchEngine": true,
4417 "PrintingBackgroundGraphicsDefault": "enabled",
4418 "TripleDESEnabled": false,
4419 "AutoplayAllowlist": [
4420 "https://www.example.com",
4423 "RemoteAccessHostUdpPortRange": "12400-12409",
4424 "DefaultSearchProviderIconURL": "https://search.my.company/favicon.ico",
4425 "BrowserSwitcherChromePath": "${chrome}",
4426 "InsecureContentAllowedForUrls": [
4427 "https://www.example.com",
4430 "DefaultSearchProviderSearchURLPostParams": "q={searchTerms},ie=utf-8,oe=utf-8",
4431 "ForceGoogleSafeSearch": false,
4432 "UserFeedbackAllowed": true,
4433 "ForceYouTubeRestrict": 0,
4434 "ApplicationLocaleValue": "en",
4435 "RoamingProfileSupportEnabled": true,
4436 "AlternativeBrowserPath": "${ie}",
4437 "AlternativeBrowserParameters": [
4442 "%HOME%\\\\browser_profile"
4444 "AdvancedProtectionAllowed": true,
4445 "EditBookmarksEnabled": false,
4446 "DefaultPrinterSelection": "{ \\"kind\\": \\"cloud\\", \\"idPattern\\": \\".*public\\", \\"namePattern\\": \\".*Color\\" }",
4447 "SSLVersionMin": "tls1",
4448 "SharedArrayBufferUnrestrictedAccessAllowed": true,
4449 "DefaultSerialGuardSetting": 2,
4450 "DefaultPopupsSetting": 1,
4451 "IntranetRedirectBehavior": 1,
4452 "RendererCodeIntegrityEnabled": false,
4453 "BrowserGuestModeEnforced": true,
4454 "HSTSPolicyBypassList": [
4457 "DefaultWebUsbGuardSetting": 2,
4458 "CECPQ2Enabled": true,
4459 "RemoteAccessHostDomainList": [
4460 "my-awesome-domain.com",
4461 "my-auxiliary-domain.com"
4465 "https://ssl.server.com",
4466 "hosting.com/bad_path",
4467 "https://server:8080/path",
4468 ".exact.hostname.com",
4473 "IsolateOrigins": "https://example.com/,https://othersite.org/",
4474 "ExtensionAllowedTypes": [
4477 "NativeMessagingBlocklist": [
4478 "com.native.messaging.host.name1",
4479 "com.native.messaging.host.name2"
4481 "ExtensionSettings": {
4482 "abcdefghijklmnopabcdefghijklmnop": {
4483 "blocked_permissions": [
4486 "minimum_version_required": "1.0.1",
4487 "toolbar_pin": "force_pinned",
4488 "installation_mode": "allowed"
4490 "bcdefghijklmnopabcdefghijklmnopa": {
4491 "runtime_blocked_hosts": [
4494 "allowed_permissions": [
4497 "update_url": "https://example.com/update_url",
4498 "runtime_allowed_hosts": [
4499 "*://good.example.com"
4501 "installation_mode": "force_installed"
4503 "update_url:https://www.example.com/update.xml": {
4504 "allowed_permissions": [
4507 "blocked_permissions": [
4510 "installation_mode": "allowed"
4512 "cdefghijklmnopabcdefghijklmnopab": {
4513 "blocked_install_message": "Custom error message.",
4514 "installation_mode": "blocked"
4517 "blocked_permissions": [
4521 "installation_mode": "blocked",
4522 "runtime_blocked_hosts": [
4525 "blocked_install_message": "Custom error message.",
4529 "runtime_allowed_hosts": [
4530 "*://good.example.com"
4532 "install_sources": [
4533 "https://company-intranet/chromeapps"
4536 "defghijklmnopabcdefghijklmnopabc,efghijklmnopabcdefghijklmnopabcd": {
4537 "blocked_install_message": "Custom error message.",
4538 "installation_mode": "blocked"
4540 "fghijklmnopabcdefghijklmnopabcde": {
4541 "blocked_install_message": "Custom removal message.",
4542 "installation_mode": "removed"
4544 "ghijklmnopabcdefghijklmnopabcdef": {
4545 "update_url": "https://example.com/update_url",
4546 "override_update_url": true,
4547 "installation_mode": "force_installed"
4550 "FileSystemReadAskForUrls": [
4551 "https://www.example.com",
4554 "SpellCheckServiceEnabled": false,
4555 "ExtensionInstallSources": [
4556 "https://corp.mycompany.com/*"
4558 "PrinterTypeDenyList": [
4562 "SharedClipboardEnabled": true,
4563 "BlockThirdPartyCookies": false,
4564 "MediaRouterCastAllowAllIPs": false,
4565 "DnsOverHttpsMode": "off",
4566 "SyncDisabled": true,
4567 "LookalikeWarningAllowlistDomains": [
4571 "UserDataSnapshotRetentionLimit": 3,
4572 "SafeBrowsingProtectionLevel": 2,
4573 "ScrollToTextFragmentEnabled": false,
4574 "ImportBookmarks": true,
4575 "DefaultBrowserSettingEnabled": true,
4576 "DefaultSearchProviderEnabled": true,
4577 "AdditionalDnsQueryTypesEnabled": true,
4578 "PolicyRefreshRate": 3600000,
4579 "PrintingPaperSizeDefault": {
4586 "RestoreOnStartup": 4,
4587 "PasswordProtectionWarningTrigger": 1,
4588 "ChromeCleanupEnabled": true,
4589 "AbusiveExperienceInterventionEnforce": true,
4590 "BasicAuthOverHttpEnabled": false,
4591 "EnableAuthNegotiatePort": false,
4592 "DefaultGeolocationSetting": 1,
4593 "PolicyDictionaryMultipleSourceMergeList": [
4596 "AllowedDomainsForApps": "managedchrome.com,example.com",
4597 "DisableAuthNegotiateCnameLookup": false,
4598 "IncognitoModeAvailability": 1,
4599 "ChromeVariations": 1,
4600 "DefaultSearchProviderNewTabURL": "https://search.my.company/newtab",
4601 "SavingBrowserHistoryDisabled": true,
4602 "SpellcheckEnabled": false,
4603 "FileSystemWriteBlockedForUrls": [
4604 "https://www.example.com",
4607 "BuiltInDnsClientEnabled": true,
4608 "SSLErrorOverrideAllowedForOrigins": [
4609 "https://www.example.com",
4612 "WebRtcIPHandling": "default",
4613 "DefaultNotificationsSetting": 2,
4614 "PopupsAllowedForUrls": [
4615 "https://www.example.com",
4618 "TranslateEnabled": true,
4619 "DefaultSearchProviderEncodings": [
4625 "DownloadRestrictions": 2,
4626 "PromptForDownloadLocation": false,
4627 "DisablePrintPreview": false,
4628 "NetworkPredictionOptions": 1,
4629 "FileSystemReadBlockedForUrls": [
4630 "https://www.example.com",
4633 "AutoOpenFileTypes": [
4637 "DownloadDirectory": "/home/${user_name}/Downloads",
4638 "ImportHomepage": true,
4639 "GloballyScopeHTTPAuthCacheEnabled": false,
4640 "CloudManagementEnrollmentToken": "37185d02-e055-11e7-80c1-9a214cf093ae",
4641 "ThirdPartyBlockingEnabled": false,
4642 "AdsSettingForIntrusiveAdsSites": 1,
4643 "FetchKeepaliveDurationSecondsOnShutdown": 1,
4644 "BookmarkBarEnabled": true,
4645 "DisableScreenshots": true,
4646 "AccessibilityImageLabelsEnabled": false,
4647 "RemoteAccessHostAllowUiAccessForRemoteAssistance": true,
4648 "PopupsBlockedForUrls": [
4649 "https://www.example.com",
4652 "DefaultFileSystemReadGuardSetting": 2,
4654 "WebRtcAllowLegacyTLSProtocols": false,
4655 "PasswordManagerEnabled": true,
4656 "SafeBrowsingExtendedReportingEnabled": true,
4657 "CloudPolicyOverridesPlatformPolicy": false,
4658 "InsecurePrivateNetworkRequestsAllowedForUrls": [
4659 "http://www.example.com:8080",
4662 "RelaunchNotification": 1,
4663 "AlwaysOpenPdfExternally": true,
4664 "DefaultFileHandlingGuardSetting": 2,
4665 "ForceEphemeralProfiles": true,
4666 "PasswordProtectionLoginURLs": [
4667 "https://mydomain.com/login.html",
4668 "https://login.mydomain.com"
4670 "BrowserSwitcherExternalGreylistUrl": "http://example.com/greylist.xml",
4671 "BrowserGuestModeEnabled": true,
4672 "MediaRecommendationsEnabled": true,
4673 "WebRtcLocalIpsAllowedUrls": [
4674 "https://www.example.com",
4677 "DeveloperToolsAvailability": 2,
4678 "DNSInterceptionChecksEnabled": true,
4679 "DefaultSearchProviderContextMenuAccessAllowed": true,
4680 "RemoteAccessHostRequireCurtain": false,
4681 "PaymentMethodQueryEnabled": true,
4682 "HomepageLocation": "https://www.chromium.org",
4683 "WebUsbAskForUrls": [
4684 "https://www.example.com",
4687 "RemoteAccessHostAllowClientPairing": false,
4689 "ProxyMode": "direct",
4690 "ProxyPacUrl": "https://internal.site/example.pac",
4691 "ProxyServer": "123.123.123.123:8080",
4692 "ProxyServerMode": 2,
4693 "ProxyBypassList": "https://www.example1.com,https://www.example2.com,https://internalsite/"
4695 "AutofillCreditCardEnabled": false,
4696 "FileHandlingAllowedForUrls": [
4697 "https://www.example.com",
4700 "ChromeCleanupReportingEnabled": true,
4701 "AlternateErrorPagesEnabled": true,
4702 "WebRtcEventLogCollectionAllowed": true,
4703 "AutoSelectCertificateForUrls": [
4704 "{\\"pattern\\":\\"https://www.example.com\\",\\"filter\\":{\\"ISSUER\\":{\\"CN\\":\\"certificate issuer name\\", \\"L\\": \\"certificate issuer location\\", \\"O\\": \\"certificate issuer org\\", \\"OU\\": \\"certificate issuer org unit\\"}, \\"SUBJECT\\":{\\"CN\\":\\"certificate subject name\\", \\"L\\": \\"certificate subject location\\", \\"O\\": \\"certificate subject org\\", \\"OU\\": \\"certificate subject org unit\\"}}}"
4706 "PolicyListMultipleSourceMergeList": [
4707 "ExtensionInstallAllowlist",
4708 "ExtensionInstallBlocklist"
4710 "CertificateTransparencyEnforcementDisabledForCas": [
4711 "sha256/AAAAAAAAAAAAAAAAAAAAAA==",
4712 "sha256//////////////////////w=="
4714 "CookiesSessionOnlyForUrls": [
4715 "https://www.example.com",
4718 "SitePerProcess": true,
4719 "RemoteAccessHostFirewallTraversal": false,
4720 "DefaultSearchProviderSuggestURLPostParams": "q={searchTerms},ie=utf-8,oe=utf-8",
4721 "BackgroundModeEnabled": true,
4722 "DefaultJavaScriptSetting": 1,
4723 "ForcedLanguages": [
4726 "ManagedBookmarks": [
4728 "toplevel_name": "My managed bookmarks folder"
4731 "url": "google.com",
4735 "url": "youtube.com",
4741 "url": "chromium.org",
4745 "url": "dev.chromium.org",
4746 "name": "Chromium Developers"
4749 "name": "Chrome links"
4752 "Disable3DAPIs": false,
4753 "CloudPrintSubmitEnabled": true,
4754 "DefaultCookiesSetting": 1,
4755 "ExtensionInstallBlocklist": [
4761 "https://ssl.server.com",
4762 "hosting.com/good_path",
4763 "https://server:8080/path",
4764 ".exact.hostname.com"
4766 "ExplicitlyAllowedNetworkPorts": [
4769 "HomepageIsNewTabPage": true,
4770 "SensorsBlockedForUrls": [
4771 "https://www.example.com",
4774 "BrowserLabsEnabled": false,
4775 "NotificationsAllowedForUrls": [
4776 "https://www.example.com",
4779 "NativeMessagingUserLevelHosts": false,
4780 "AuthNegotiateDelegateAllowlist": "foobar.example.com",
4781 "CloudUserPolicyMerge": true,
4782 "OverrideSecurityRestrictionsOnInsecureOrigin": [
4783 "http://testserver.example.com/",
4786 "HideWebStoreIcon": true,
4787 "SafeBrowsingForTrustedSourcesEnabled": false,
4788 "NewTabPageLocation": "https://www.chromium.org",
4789 "DiskCacheSize": 104857600,
4790 "BrowserSwitcherUseIeSitelist": true,
4791 "WebRtcUdpPortRange": "10000-11999",
4792 "EnterpriseHardwarePlatformAPIEnabled": true,
4793 "AutoOpenAllowedForURLs": [
4795 "https://ssl.server.com",
4796 "hosting.com/good_path",
4797 "https://server:8080/path",
4798 ".exact.hostname.com"
4800 "NativeMessagingAllowlist": [
4801 "com.native.messaging.host.name1",
4802 "com.native.messaging.host.name2"
4804 "DefaultSearchProviderName": "My Intranet Search",
4805 "JavaScriptBlockedForUrls": [
4806 "https://www.example.com",
4809 "EnableExperimentalPolicies": [
4810 "ExtensionInstallAllowlist",
4811 "ExtensionInstallBlocklist"
4813 "SafeBrowsingAllowlistDomains": [
4817 "AutofillAddressEnabled": false,
4818 "AllowCrossOriginAuthPrompt": false,
4819 "SpellcheckLanguage": [
4823 "VideoCaptureAllowed": false,
4824 "ScreenCaptureAllowed": false,
4825 "VideoCaptureAllowedUrls": [
4826 "https://www.example.com/",
4827 "https://[*.]example.edu/"
4829 "ImportHistory": true,
4830 "ShowCastIconInToolbar": false,
4831 "RestoreOnStartupURLs": [
4832 "https://example.com",
4833 "https://www.chromium.org"
4835 "LegacySameSiteCookieBehaviorEnabledForDomainList": [
4839 "PrintingEnabled": true,
4840 "ImportSavedPasswords": true,
4841 "EnableDeprecatedPrivetPrinting": true,
4842 "InsecurePrivateNetworkRequestsAllowed": false,
4844 "PolicyAtomicGroupsEnabled": true,
4845 "HardwareAccelerationModeEnabled": true,
4846 "AllowDeletingBrowserHistory": true,
4847 "DefaultSearchProviderKeyword": "mis",
4848 "ExtensionInstallAllowlist": [
4852 "WebAppInstallForceList": [
4854 "url": "https://www.google.com/maps",
4855 "create_desktop_shortcut": true,
4856 "default_launch_container": "window"
4859 "url": "https://docs.google.com",
4860 "default_launch_container": "tab"
4863 "url": "https://docs.google.com/editor",
4864 "fallback_app_name": "Editor",
4865 "default_launch_container": "window"
4868 "DiskCacheDir": "${user_home}/Chrome_cache",
4869 "SignedHTTPExchangeEnabled": true,
4870 "SearchSuggestEnabled": true,
4871 "BrowserThemeColor": "#FFFFFF",
4872 "RestrictSigninToPattern": ".*@example\\\\.com",
4873 "DefaultInsecureContentSetting": 2,
4874 "DefaultSensorsSetting": 2,
4875 "AudioSandboxEnabled": true,
4876 "RemoteAccessHostAllowRelayedConnection": false,
4877 "RoamingProfileLocation": "${roaming_app_data}\\\\chrome-profile",
4878 "UserAgentClientHintsEnabled": true,
4879 "TargetBlankImpliesNoOpener": false,
4880 "BrowserSwitcherKeepLastChromeTab": false,
4881 "RemoteAccessHostClientDomainList": [
4882 "my-awesome-domain.com",
4883 "my-auxiliary-domain.com"
4885 "NotificationsBlockedForUrls": [
4886 "https://www.example.com",
4889 "SerialBlockedForUrls": [
4890 "https://www.example.com",
4893 "DefaultImagesSetting": 1,
4894 "SigninInterceptionEnabled": true,
4895 "WebUsbBlockedForUrls": [
4896 "https://www.example.com",
4899 "ImportAutofillFormData": true,
4900 "BrowserSwitcherEnabled": true
4904 chromium_json_expected_recommended
= \
4907 "BackgroundModeEnabled": true,
4908 "RestoreOnStartup": 4,
4909 "RegisteredProtocolHandlers": [
4912 "url": "https://mail.google.com/mail/?extsrc=mailto&url=%s",
4913 "protocol": "mailto"
4916 "ShowHomeButton": true,
4917 "PrintHeaderFooter": false,
4918 "SafeBrowsingForTrustedSourcesEnabled": false,
4919 "ShowFullUrlsInAddressBar": false,
4920 "MetricsReportingEnabled": true,
4921 "SpellCheckServiceEnabled": false,
4922 "ImportSearchEngine": true,
4923 "DownloadRestrictions": 2,
4924 "NetworkPredictionOptions": 1,
4925 "DownloadDirectory": "/home/${user_name}/Downloads",
4926 "TranslateEnabled": true,
4927 "AutofillAddressEnabled": false,
4928 "BookmarkBarEnabled": true,
4929 "PrintPreviewUseSystemDefaultPrinter": false,
4930 "ApplicationLocaleValue": "en",
4931 "ImportHistory": true,
4932 "RestoreOnStartupURLs": [
4933 "https://example.com",
4934 "https://www.chromium.org"
4936 "PasswordManagerEnabled": true,
4937 "ImportSavedPasswords": true,
4938 "DefaultDownloadDirectory": "/home/${user_name}/Downloads",
4939 "PasswordLeakDetectionEnabled": true,
4940 "SearchSuggestEnabled": true,
4941 "AlternateErrorPagesEnabled": true,
4942 "HomepageIsNewTabPage": true,
4943 "ImportAutofillFormData": true,
4944 "BlockThirdPartyCookies": false,
4945 "AutofillCreditCardEnabled": false,
4946 "HomepageLocation": "https://www.chromium.org",
4947 "SafeBrowsingProtectionLevel": 2,
4948 "ImportBookmarks": true
4952 firewalld_reg_pol
= \
4954 <?xml version="1.0" encoding="utf-8"?>
4955 <PolFile num_entries="6" signature="PReg" version="1">
4956 <Entry type="4" type_name="REG_DWORD">
4957 <Key>Software\Policies\Samba\Unix Settings\Firewalld</Key>
4958 <ValueName>Zones</ValueName>
4961 <Entry type="4" type_name="REG_DWORD">
4962 <Key>Software\Policies\Samba\Unix Settings\Firewalld</Key>
4963 <ValueName>Rules</ValueName>
4966 <Entry type="1" type_name="REG_SZ">
4967 <Key>Software\Policies\Samba\Unix Settings\Firewalld\Rules</Key>
4968 <ValueName>Rules</ValueName>
4969 <Value>{"work": [{"rule": {"family": "ipv4"}, "source address": "172.25.1.7", "service name": "ftp", "reject": {}}]}</Value>
4971 <Entry type="1" type_name="REG_SZ">
4972 <Key>Software\Policies\Samba\Unix Settings\Firewalld\Zones</Key>
4973 <ValueName>**delvals.</ValueName>
4976 <Entry type="1" type_name="REG_SZ">
4977 <Key>Software\Policies\Samba\Unix Settings\Firewalld\Zones</Key>
4978 <ValueName>work</ValueName>
4981 <Entry type="1" type_name="REG_SZ">
4982 <Key>Software\Policies\Samba\Unix Settings\Firewalld\Zones</Key>
4983 <ValueName>home</ValueName>
4989 def days2rel_nttime(val
):
4994 return -(val
* seconds
* minutes
* hours
* sam_add
)
4996 def gpupdate(lp
, arg
):
4997 gpupdate
= lp
.get('gpo update command')
4998 gpupdate
.append(arg
)
5000 p
= Popen(gpupdate
, stdout
=PIPE
, stderr
=PIPE
)
5001 stdoutdata
, stderrdata
= p
.communicate()
5005 def gpupdate_force(lp
):
5006 return gpupdate(lp
, '--force')
5008 def gpupdate_unapply(lp
):
5009 return gpupdate(lp
, '--unapply')
5012 return gpupdate(lp
, '--rsop')
5014 def stage_file(path
, data
):
5015 dirname
= os
.path
.dirname(path
)
5016 if not os
.path
.exists(dirname
):
5018 os
.makedirs(dirname
)
5019 except OSError as e
:
5020 if not (e
.errno
== errno
.EEXIST
and os
.path
.isdir(dirname
)):
5022 if os
.path
.exists(path
):
5023 os
.rename(path
, '%s.bak' % path
)
5024 with
NamedTemporaryFile(delete
=False, dir=os
.path
.dirname(path
)) as f
:
5025 f
.write(get_bytes(data
))
5026 os
.rename(f
.name
, path
)
5027 os
.chmod(path
, 0o644)
5030 def unstage_file(path
):
5031 backup
= '%s.bak' % path
5032 if os
.path
.exists(backup
):
5033 os
.rename(backup
, path
)
5034 elif os
.path
.exists(path
):
5037 class GPOTests(tests
.TestCase
):
5039 super(GPOTests
, self
).setUp()
5040 self
.server
= os
.environ
["SERVER"]
5041 self
.dc_account
= self
.server
.upper() + '$'
5042 self
.lp
= LoadParm()
5043 self
.lp
.load_default()
5044 self
.creds
= self
.insta_creds(template
=self
.get_credentials())
5047 super(GPOTests
, self
).tearDown()
5049 def test_gpo_list(self
):
5050 global poldir
, dspath
5051 ads
= gpo
.ADS_STRUCT(self
.server
, self
.lp
, self
.creds
)
5053 gpos
= ads
.get_gpo_list(self
.creds
.get_username())
5054 guid
= '{31B2F340-016D-11D2-945F-00C04FB984F9}'
5055 names
= ['Local Policy', guid
]
5056 file_sys_paths
= [None, '%s\\%s' % (poldir
, guid
)]
5057 ds_paths
= [None, 'CN=%s,%s' % (guid
, dspath
)]
5058 for i
in range(0, len(gpos
)):
5059 self
.assertEqual(gpos
[i
].name
, names
[i
],
5060 'The gpo name did not match expected name %s' % gpos
[i
].name
)
5061 self
.assertEqual(gpos
[i
].file_sys_path
, file_sys_paths
[i
],
5062 'file_sys_path did not match expected %s' % gpos
[i
].file_sys_path
)
5063 self
.assertEqual(gpos
[i
].ds_path
, ds_paths
[i
],
5064 'ds_path did not match expected %s' % gpos
[i
].ds_path
)
5066 def test_gpo_ads_does_not_segfault(self
):
5068 ads
= gpo
.ADS_STRUCT(self
.server
, 42, self
.creds
)
5072 def test_gpt_version(self
):
5074 local_path
= self
.lp
.cache_path('gpo_cache')
5075 guid
= '{31B2F340-016D-11D2-945F-00C04FB984F9}'
5076 gpo_path
= os
.path
.join(local_path
, policies
, guid
)
5077 old_vers
= gpo
.gpo_get_sysvol_gpt_version(gpo_path
)[1]
5079 with
open(os
.path
.join(gpo_path
, 'GPT.INI'), 'w') as gpt
:
5080 gpt
.write(gpt_data
% 42)
5081 self
.assertEqual(gpo
.gpo_get_sysvol_gpt_version(gpo_path
)[1], 42,
5082 'gpo_get_sysvol_gpt_version() did not return the expected version')
5084 with
open(os
.path
.join(gpo_path
, 'GPT.INI'), 'w') as gpt
:
5085 gpt
.write(gpt_data
% old_vers
)
5086 self
.assertEqual(gpo
.gpo_get_sysvol_gpt_version(gpo_path
)[1], old_vers
,
5087 'gpo_get_sysvol_gpt_version() did not return the expected version')
5089 def test_check_refresh_gpo_list(self
):
5090 cache
= self
.lp
.cache_path('gpo_cache')
5091 ads
= gpo
.ADS_STRUCT(self
.server
, self
.lp
, self
.creds
)
5093 gpos
= ads
.get_gpo_list(self
.creds
.get_username())
5094 check_refresh_gpo_list(self
.server
, self
.lp
, self
.creds
, gpos
)
5096 self
.assertTrue(os
.path
.exists(cache
),
5097 'GPO cache %s was not created' % cache
)
5099 guid
= '{31B2F340-016D-11D2-945F-00C04FB984F9}'
5100 gpt_ini
= os
.path
.join(cache
, policies
,
5102 self
.assertTrue(os
.path
.exists(gpt_ini
),
5103 'GPT.INI was not cached for %s' % guid
)
5105 def test_check_refresh_gpo_list_malicious_paths(self
):
5106 # the path cannot contain ..
5107 path
= '/usr/local/samba/var/locks/sysvol/../../../../../../root/'
5108 self
.assertRaises(OSError, check_safe_path
, path
)
5110 self
.assertEqual(check_safe_path('/etc/passwd'), 'etc/passwd')
5111 self
.assertEqual(check_safe_path('\\\\etc/\\passwd'), 'etc/passwd')
5113 # there should be no backslashes used to delineate paths
5114 before
= 'sysvol/' + realm
+ '\\Policies/' \
5115 '{31B2F340-016D-11D2-945F-00C04FB984F9}\\GPT.INI'
5116 after
= realm
+ '/Policies/' \
5117 '{31B2F340-016D-11D2-945F-00C04FB984F9}/GPT.INI'
5118 result
= check_safe_path(before
)
5119 self
.assertEqual(result
, after
, 'check_safe_path() didn\'t'
5120 ' correctly convert \\ to /')
5122 def test_check_safe_path_typesafe_name(self
):
5123 path
= '\\\\toady.suse.de\\SysVol\\toady.suse.de\\Policies\\' \
5124 '{31B2F340-016D-11D2-945F-00C04FB984F9}\\GPT.INI'
5125 expected_path
= 'toady.suse.de/Policies/' \
5126 '{31B2F340-016D-11D2-945F-00C04FB984F9}/GPT.INI'
5128 result
= check_safe_path(path
)
5129 self
.assertEqual(result
, expected_path
,
5130 'check_safe_path unable to detect variable case sysvol components')
5132 def test_gpt_ext_register(self
):
5133 this_path
= os
.path
.dirname(os
.path
.realpath(__file__
))
5134 samba_path
= os
.path
.realpath(os
.path
.join(this_path
, '../../../'))
5135 ext_path
= os
.path
.join(samba_path
, 'python/samba/gp/gp_sec_ext.py')
5136 ext_guid
= '{827D319E-6EAC-11D2-A4EA-00C04F79F83A}'
5137 ret
= register_gp_extension(ext_guid
, 'gp_access_ext', ext_path
,
5138 smb_conf
=self
.lp
.configfile
,
5139 machine
=True, user
=False)
5140 self
.assertTrue(ret
, 'Failed to register a gp ext')
5141 gp_exts
= list_gp_extensions(self
.lp
.configfile
)
5142 self
.assertTrue(ext_guid
in gp_exts
.keys(),
5143 'Failed to list gp exts')
5144 self
.assertEqual(gp_exts
[ext_guid
]['DllName'], ext_path
,
5145 'Failed to list gp exts')
5147 unregister_gp_extension(ext_guid
)
5148 gp_exts
= list_gp_extensions(self
.lp
.configfile
)
5149 self
.assertTrue(ext_guid
not in gp_exts
.keys(),
5150 'Failed to unregister gp exts')
5152 self
.assertTrue(check_guid(ext_guid
), 'Failed to parse valid guid')
5153 self
.assertFalse(check_guid('AAAAAABBBBBBBCCC'), 'Parsed invalid guid')
5155 lp
, parser
= parse_gpext_conf(self
.lp
.configfile
)
5156 self
.assertTrue(lp
and parser
, 'parse_gpext_conf() invalid return')
5157 parser
.add_section('test_section')
5158 parser
.set('test_section', 'test_var', ext_guid
)
5159 atomic_write_conf(lp
, parser
)
5161 lp
, parser
= parse_gpext_conf(self
.lp
.configfile
)
5162 self
.assertTrue('test_section' in parser
.sections(),
5163 'test_section not found in gpext.conf')
5164 self
.assertEqual(parser
.get('test_section', 'test_var'), ext_guid
,
5165 'Failed to find test variable in gpext.conf')
5166 parser
.remove_section('test_section')
5167 atomic_write_conf(lp
, parser
)
5169 def test_gp_log_get_applied(self
):
5170 local_path
= self
.lp
.get('path', 'sysvol')
5171 guids
= ['{31B2F340-016D-11D2-945F-00C04FB984F9}',
5172 '{6AC1786C-016F-11D2-945F-00C04FB984F9}']
5173 gpofile
= '%s/' + realm
+ '/Policies/%s/MACHINE/Microsoft/' \
5174 'Windows NT/SecEdit/GptTmpl.inf'
5175 stage
= '[System Access]\nMinimumPasswordAge = 998\n'
5176 cache_dir
= self
.lp
.get('cache directory')
5177 store
= GPOStorage(os
.path
.join(cache_dir
, 'gpo.tdb'))
5179 gpttmpl
= gpofile
% (local_path
, guid
)
5180 ret
= stage_file(gpttmpl
, stage
)
5181 self
.assertTrue(ret
, 'Could not create the target %s' % gpttmpl
)
5183 ret
= gpupdate_force(self
.lp
)
5184 self
.assertEqual(ret
, 0, 'gpupdate force failed')
5186 gp_db
= store
.get_gplog(self
.dc_account
)
5188 applied_guids
= gp_db
.get_applied_guids()
5189 self
.assertEqual(len(applied_guids
), 2, 'The guids were not found')
5190 self
.assertIn(guids
[0], applied_guids
,
5191 '%s not in applied guids' % guids
[0])
5192 self
.assertIn(guids
[1], applied_guids
,
5193 '%s not in applied guids' % guids
[1])
5195 applied_settings
= gp_db
.get_applied_settings(applied_guids
)
5196 for policy
in applied_settings
:
5197 self
.assertIn('System Access', policy
[1],
5198 'System Access policies not set')
5199 self
.assertIn('minPwdAge', policy
[1]['System Access'],
5200 'minPwdAge policy not set')
5201 if policy
[0] == guids
[0]:
5202 self
.assertEqual(int(policy
[1]['System Access']['minPwdAge']),
5204 'minPwdAge policy not set')
5205 elif policy
[0] == guids
[1]:
5206 self
.assertEqual(int(policy
[1]['System Access']['minPwdAge']),
5207 days2rel_nttime(998),
5208 'minPwdAge policy not set')
5210 ads
= gpo
.ADS_STRUCT(self
.server
, self
.lp
, self
.creds
)
5212 gpos
= ads
.get_gpo_list(self
.dc_account
)
5213 del_gpos
= get_deleted_gpos_list(gp_db
, gpos
[:-1])
5214 self
.assertEqual(len(del_gpos
), 1, 'Returned delete gpos is incorrect')
5215 self
.assertEqual(guids
[-1], del_gpos
[0][0],
5216 'GUID for delete gpo is incorrect')
5217 self
.assertIn('System Access', del_gpos
[0][1],
5218 'System Access policies not set for removal')
5219 self
.assertIn('minPwdAge', del_gpos
[0][1]['System Access'],
5220 'minPwdAge policy not set for removal')
5223 gpttmpl
= gpofile
% (local_path
, guid
)
5224 unstage_file(gpttmpl
)
5226 ret
= gpupdate_unapply(self
.lp
)
5227 self
.assertEqual(ret
, 0, 'gpupdate unapply failed')
5229 def test_process_group_policy(self
):
5230 local_path
= self
.lp
.cache_path('gpo_cache')
5231 guids
= ['{31B2F340-016D-11D2-945F-00C04FB984F9}',
5232 '{6AC1786C-016F-11D2-945F-00C04FB984F9}']
5233 gpofile
= '%s/' + policies
+ '/%s/MACHINE/MICROSOFT/' \
5234 'WINDOWS NT/SECEDIT/GPTTMPL.INF'
5235 cache_dir
= self
.lp
.get('cache directory')
5236 store
= GPOStorage(os
.path
.join(cache_dir
, 'gpo.tdb'))
5238 machine_creds
= Credentials()
5239 machine_creds
.guess(self
.lp
)
5240 machine_creds
.set_machine_account()
5242 # Initialize the group policy extension
5243 ext
= gp_krb_ext(self
.lp
, machine_creds
,
5244 machine_creds
.get_username(), store
)
5246 ads
= gpo
.ADS_STRUCT(self
.server
, self
.lp
, machine_creds
)
5248 gpos
= ads
.get_gpo_list(machine_creds
.get_username())
5250 # Include MaxClockSkew to ensure we don't fail on a key we ignore
5251 stage
= '[Kerberos Policy]\nMaxTicketAge = %d\nMaxClockSkew = 5'
5253 for i
in range(0, 2):
5254 gpttmpl
= gpofile
% (local_path
, guids
[i
])
5255 ret
= stage_file(gpttmpl
, stage
% opts
[i
])
5256 self
.assertTrue(ret
, 'Could not create the target %s' % gpttmpl
)
5259 ext
.process_group_policy([], gpos
)
5261 ret
= store
.get_int('kdc:user_ticket_lifetime')
5262 self
.assertEqual(ret
, opts
[1], 'Higher priority policy was not set')
5265 gp_db
= store
.get_gplog(machine_creds
.get_username())
5266 del_gpos
= get_deleted_gpos_list(gp_db
, [])
5267 ext
.process_group_policy(del_gpos
, [])
5269 ret
= store
.get_int('kdc:user_ticket_lifetime')
5270 self
.assertEqual(ret
, None, 'MaxTicketAge should not have applied')
5272 # Process just the first gpo
5273 ext
.process_group_policy([], gpos
[:-1])
5275 ret
= store
.get_int('kdc:user_ticket_lifetime')
5276 self
.assertEqual(ret
, opts
[0], 'Lower priority policy was not set')
5279 ext
.process_group_policy(del_gpos
, [])
5282 gpttmpl
= gpofile
% (local_path
, guid
)
5283 unstage_file(gpttmpl
)
5285 def test_gp_scripts(self
):
5286 local_path
= self
.lp
.cache_path('gpo_cache')
5287 guid
= '{31B2F340-016D-11D2-945F-00C04FB984F9}'
5288 reg_pol
= os
.path
.join(local_path
, policies
, guid
,
5289 'MACHINE/REGISTRY.POL')
5290 cache_dir
= self
.lp
.get('cache directory')
5291 store
= GPOStorage(os
.path
.join(cache_dir
, 'gpo.tdb'))
5293 machine_creds
= Credentials()
5294 machine_creds
.guess(self
.lp
)
5295 machine_creds
.set_machine_account()
5297 # Initialize the group policy extension
5298 ext
= gp_scripts_ext(self
.lp
, machine_creds
,
5299 machine_creds
.get_username(), store
)
5301 ads
= gpo
.ADS_STRUCT(self
.server
, self
.lp
, machine_creds
)
5303 gpos
= ads
.get_gpo_list(machine_creds
.get_username())
5305 reg_key
= b
'Software\\Policies\\Samba\\Unix Settings'
5306 sections
= { b
'%s\\Daily Scripts' % reg_key
: '.cron.daily',
5307 b
'%s\\Monthly Scripts' % reg_key
: '.cron.monthly',
5308 b
'%s\\Weekly Scripts' % reg_key
: '.cron.weekly',
5309 b
'%s\\Hourly Scripts' % reg_key
: '.cron.hourly' }
5310 for keyname
in sections
.keys():
5311 # Stage the Registry.pol file with test data
5315 e
.valuename
= b
'Software\\Policies\\Samba\\Unix Settings'
5317 e
.data
= b
'echo hello world'
5318 stage
.num_entries
= 1
5320 ret
= stage_file(reg_pol
, ndr_pack(stage
))
5321 self
.assertTrue(ret
, 'Could not create the target %s' % reg_pol
)
5323 # Process all gpos, with temp output directory
5324 with
TemporaryDirectory(sections
[keyname
]) as dname
:
5325 ext
.process_group_policy([], gpos
, dname
)
5326 scripts
= os
.listdir(dname
)
5327 self
.assertEquals(len(scripts
), 1,
5328 'The %s script was not created' % keyname
.decode())
5329 out
, _
= Popen([os
.path
.join(dname
, scripts
[0])], stdout
=PIPE
).communicate()
5330 self
.assertIn(b
'hello world', out
,
5331 '%s script execution failed' % keyname
.decode())
5333 # Check that a call to gpupdate --rsop also succeeds
5335 self
.assertEquals(ret
, 0, 'gpupdate --rsop failed!')
5338 gp_db
= store
.get_gplog(machine_creds
.get_username())
5339 del_gpos
= get_deleted_gpos_list(gp_db
, [])
5340 ext
.process_group_policy(del_gpos
, [])
5341 self
.assertEquals(len(os
.listdir(dname
)), 0,
5342 'Unapply failed to cleanup scripts')
5344 # Unstage the Registry.pol file
5345 unstage_file(reg_pol
)
5347 def test_gp_sudoers(self
):
5348 local_path
= self
.lp
.cache_path('gpo_cache')
5349 guid
= '{31B2F340-016D-11D2-945F-00C04FB984F9}'
5350 reg_pol
= os
.path
.join(local_path
, policies
, guid
,
5351 'MACHINE/REGISTRY.POL')
5352 cache_dir
= self
.lp
.get('cache directory')
5353 store
= GPOStorage(os
.path
.join(cache_dir
, 'gpo.tdb'))
5355 machine_creds
= Credentials()
5356 machine_creds
.guess(self
.lp
)
5357 machine_creds
.set_machine_account()
5359 # Initialize the group policy extension
5360 ext
= gp_sudoers_ext(self
.lp
, machine_creds
,
5361 machine_creds
.get_username(), store
)
5363 ads
= gpo
.ADS_STRUCT(self
.server
, self
.lp
, machine_creds
)
5365 gpos
= ads
.get_gpo_list(machine_creds
.get_username())
5367 # Stage the Registry.pol file with test data
5370 e
.keyname
= b
'Software\\Policies\\Samba\\Unix Settings\\Sudo Rights'
5371 e
.valuename
= b
'Software\\Policies\\Samba\\Unix Settings'
5373 e
.data
= b
'fakeu ALL=(ALL) NOPASSWD: ALL'
5374 stage
.num_entries
= 1
5376 ret
= stage_file(reg_pol
, ndr_pack(stage
))
5377 self
.assertTrue(ret
, 'Could not create the target %s' % reg_pol
)
5379 # Process all gpos, with temp output directory
5380 with
TemporaryDirectory() as dname
:
5381 ext
.process_group_policy([], gpos
, dname
)
5382 sudoers
= os
.listdir(dname
)
5383 self
.assertEquals(len(sudoers
), 1, 'The sudoer file was not created')
5384 self
.assertIn(e
.data
,
5385 open(os
.path
.join(dname
, sudoers
[0]), 'r').read(),
5386 'The sudoers entry was not applied')
5388 # Check that a call to gpupdate --rsop also succeeds
5390 self
.assertEquals(ret
, 0, 'gpupdate --rsop failed!')
5393 gp_db
= store
.get_gplog(machine_creds
.get_username())
5394 del_gpos
= get_deleted_gpos_list(gp_db
, [])
5395 ext
.process_group_policy(del_gpos
, [])
5396 self
.assertEquals(len(os
.listdir(dname
)), 0,
5397 'Unapply failed to cleanup scripts')
5399 # Unstage the Registry.pol file
5400 unstage_file(reg_pol
)
5402 def test_vgp_sudoers(self
):
5403 local_path
= self
.lp
.cache_path('gpo_cache')
5404 guid
= '{31B2F340-016D-11D2-945F-00C04FB984F9}'
5405 manifest
= os
.path
.join(local_path
, policies
, guid
, 'MACHINE',
5406 'VGP/VTLA/SUDO/SUDOERSCONFIGURATION/MANIFEST.XML')
5407 cache_dir
= self
.lp
.get('cache directory')
5408 store
= GPOStorage(os
.path
.join(cache_dir
, 'gpo.tdb'))
5410 machine_creds
= Credentials()
5411 machine_creds
.guess(self
.lp
)
5412 machine_creds
.set_machine_account()
5414 # Initialize the group policy extension
5415 ext
= vgp_sudoers_ext(self
.lp
, machine_creds
,
5416 machine_creds
.get_username(), store
)
5418 ads
= gpo
.ADS_STRUCT(self
.server
, self
.lp
, machine_creds
)
5420 gpos
= ads
.get_gpo_list(machine_creds
.get_username())
5422 # Stage the manifest.xml file with test data
5423 stage
= etree
.Element('vgppolicy')
5424 policysetting
= etree
.Element('policysetting')
5425 stage
.append(policysetting
)
5426 version
= etree
.Element('version')
5428 policysetting
.append(version
)
5429 data
= etree
.Element('data')
5430 sudoers_entry
= etree
.Element('sudoers_entry')
5431 command
= etree
.Element('command')
5432 command
.text
= 'ALL'
5433 sudoers_entry
.append(command
)
5434 user
= etree
.Element('user')
5436 sudoers_entry
.append(user
)
5437 principal_list
= etree
.Element('listelement')
5438 principal
= etree
.Element('principal')
5439 principal
.text
= 'fakeu'
5440 principal
.attrib
['type'] = 'user'
5441 group
= etree
.Element('principal')
5442 group
.text
= 'fakeg'
5443 group
.attrib
['type'] = 'group'
5444 principal_list
.append(principal
)
5445 principal_list
.append(group
)
5446 sudoers_entry
.append(principal_list
)
5447 data
.append(sudoers_entry
)
5448 # Ensure an empty principal doesn't cause a crash
5449 sudoers_entry
= etree
.SubElement(data
, 'sudoers_entry')
5450 command
= etree
.SubElement(sudoers_entry
, 'command')
5451 command
.text
= 'ALL'
5452 user
= etree
.SubElement(sudoers_entry
, 'user')
5454 # Ensure having dispersed principals still works
5455 sudoers_entry
= etree
.SubElement(data
, 'sudoers_entry')
5456 command
= etree
.SubElement(sudoers_entry
, 'command')
5457 command
.text
= 'ALL'
5458 user
= etree
.SubElement(sudoers_entry
, 'user')
5460 listelement
= etree
.SubElement(sudoers_entry
, 'listelement')
5461 principal
= etree
.SubElement(listelement
, 'principal')
5462 principal
.text
= 'fakeu2'
5463 principal
.attrib
['type'] = 'user'
5464 listelement
= etree
.SubElement(sudoers_entry
, 'listelement')
5465 group
= etree
.SubElement(listelement
, 'principal')
5466 group
.text
= 'fakeg2'
5467 group
.attrib
['type'] = 'group'
5468 policysetting
.append(data
)
5469 ret
= stage_file(manifest
, etree
.tostring(stage
))
5470 self
.assertTrue(ret
, 'Could not create the target %s' % manifest
)
5472 # Process all gpos, with temp output directory
5473 data
= 'fakeu,fakeg% ALL=(ALL) NOPASSWD: ALL'
5474 data2
= 'fakeu2,fakeg2% ALL=(ALL) NOPASSWD: ALL'
5475 data_no_principal
= 'ALL ALL=(ALL) NOPASSWD: ALL'
5476 with
TemporaryDirectory() as dname
:
5477 ext
.process_group_policy([], gpos
, dname
)
5478 sudoers
= os
.listdir(dname
)
5479 self
.assertEquals(len(sudoers
), 3, 'The sudoer file was not created')
5480 output
= open(os
.path
.join(dname
, sudoers
[0]), 'r').read() + \
5481 open(os
.path
.join(dname
, sudoers
[1]), 'r').read() + \
5482 open(os
.path
.join(dname
, sudoers
[2]), 'r').read()
5483 self
.assertIn(data
, output
,
5484 'The sudoers entry was not applied')
5485 self
.assertIn(data2
, output
,
5486 'The sudoers entry was not applied')
5487 self
.assertIn(data_no_principal
, output
,
5488 'The sudoers entry was not applied')
5490 # Check that a call to gpupdate --rsop also succeeds
5492 self
.assertEquals(ret
, 0, 'gpupdate --rsop failed!')
5495 gp_db
= store
.get_gplog(machine_creds
.get_username())
5496 del_gpos
= get_deleted_gpos_list(gp_db
, [])
5497 ext
.process_group_policy(del_gpos
, [])
5498 self
.assertEquals(len(os
.listdir(dname
)), 0,
5499 'Unapply failed to cleanup scripts')
5501 # Unstage the Registry.pol file
5502 unstage_file(manifest
)
5504 def test_gp_inf_ext_utf(self
):
5505 cache_dir
= self
.lp
.get('cache directory')
5506 store
= GPOStorage(os
.path
.join(cache_dir
, 'gpo.tdb'))
5508 machine_creds
= Credentials()
5509 machine_creds
.guess(self
.lp
)
5510 machine_creds
.set_machine_account()
5512 ext
= gp_inf_ext(self
.lp
, machine_creds
,
5513 machine_creds
.get_username(), store
)
5514 test_data
= '[Kerberos Policy]\nMaxTicketAge = 99\n'
5516 with
NamedTemporaryFile() as f
:
5517 with codecs
.open(f
.name
, 'w', 'utf-16') as w
:
5520 inf_conf
= ext
.read(f
.name
)
5521 except UnicodeDecodeError:
5522 self
.fail('Failed to parse utf-16')
5523 self
.assertIn('Kerberos Policy', inf_conf
.keys(),
5524 'Kerberos Policy was not read from the file')
5525 self
.assertEquals(inf_conf
.get('Kerberos Policy', 'MaxTicketAge'),
5526 '99', 'MaxTicketAge was not read from the file')
5528 with
NamedTemporaryFile() as f
:
5529 with codecs
.open(f
.name
, 'w', 'utf-8') as w
:
5531 inf_conf
= ext
.read(f
.name
)
5532 self
.assertIn('Kerberos Policy', inf_conf
.keys(),
5533 'Kerberos Policy was not read from the file')
5534 self
.assertEquals(inf_conf
.get('Kerberos Policy', 'MaxTicketAge'),
5535 '99', 'MaxTicketAge was not read from the file')
5537 def test_rsop(self
):
5538 cache_dir
= self
.lp
.get('cache directory')
5539 local_path
= self
.lp
.cache_path('gpo_cache')
5540 store
= GPOStorage(os
.path
.join(cache_dir
, 'gpo.tdb'))
5542 machine_creds
= Credentials()
5543 machine_creds
.guess(self
.lp
)
5544 machine_creds
.set_machine_account()
5546 ads
= gpo
.ADS_STRUCT(self
.server
, self
.lp
, machine_creds
)
5548 gpos
= ads
.get_gpo_list(machine_creds
.get_username())
5551 gp_extensions
.append(gp_krb_ext
)
5552 gp_extensions
.append(gp_scripts_ext
)
5553 gp_extensions
.append(gp_sudoers_ext
)
5554 gp_extensions
.append(gp_smb_conf_ext
)
5555 gp_extensions
.append(gp_msgs_ext
)
5557 # Create registry stage data
5558 reg_pol
= os
.path
.join(local_path
, policies
, '%s/MACHINE/REGISTRY.POL')
5559 reg_stage
= preg
.file()
5561 e
.keyname
= b
'Software\\Policies\\Samba\\Unix Settings\\Daily Scripts'
5562 e
.valuename
= b
'Software\\Policies\\Samba\\Unix Settings'
5564 e
.data
= b
'echo hello world'
5566 e2
.keyname
= b
'Software\\Policies\\Samba\\Unix Settings\\Sudo Rights'
5567 e2
.valuename
= b
'Software\\Policies\\Samba\\Unix Settings'
5569 e2
.data
= b
'fakeu ALL=(ALL) NOPASSWD: ALL'
5571 e3
.keyname
= 'Software\\Policies\\Samba\\smb_conf\\apply group policies'
5574 e3
.valuename
= 'apply group policies'
5576 e4
.keyname
= b
'Software\\Policies\\Samba\\Unix Settings\\Messages'
5577 e4
.valuename
= b
'issue'
5579 e4
.data
= b
'Welcome to \\s \\r \\l'
5580 reg_stage
.num_entries
= 4
5581 reg_stage
.entries
= [e
, e2
, e3
, e4
]
5583 # Create krb stage date
5584 gpofile
= os
.path
.join(local_path
, policies
, '%s/MACHINE/MICROSOFT/' \
5585 'WINDOWS NT/SECEDIT/GPTTMPL.INF')
5586 krb_stage
= '[Kerberos Policy]\nMaxTicketAge = 99\n' \
5587 '[System Access]\nMinimumPasswordAge = 998\n'
5589 for g
in [g
for g
in gpos
if g
.file_sys_path
]:
5590 ret
= stage_file(gpofile
% g
.name
, krb_stage
)
5591 self
.assertTrue(ret
, 'Could not create the target %s' %
5593 ret
= stage_file(reg_pol
% g
.name
, ndr_pack(reg_stage
))
5594 self
.assertTrue(ret
, 'Could not create the target %s' %
5596 for ext
in gp_extensions
:
5597 ext
= ext(self
.lp
, machine_creds
,
5598 machine_creds
.get_username(), store
)
5600 self
.assertEquals(len(ret
.keys()), 1,
5601 'A single policy should have been displayed')
5603 # Check the Security Extension
5604 if type(ext
) == gp_krb_ext
:
5605 self
.assertIn('Kerberos Policy', ret
.keys(),
5606 'Kerberos Policy not found')
5607 self
.assertIn('MaxTicketAge', ret
['Kerberos Policy'],
5608 'MaxTicketAge setting not found')
5609 self
.assertEquals(ret
['Kerberos Policy']['MaxTicketAge'], '99',
5610 'MaxTicketAge was not set to 99')
5611 # Check the Scripts Extension
5612 elif type(ext
) == gp_scripts_ext
:
5613 self
.assertIn('Daily Scripts', ret
.keys(),
5614 'Daily Scripts not found')
5615 self
.assertIn('echo hello world', ret
['Daily Scripts'],
5616 'Daily script was not created')
5617 # Check the Sudoers Extension
5618 elif type(ext
) == gp_sudoers_ext
:
5619 self
.assertIn('Sudo Rights', ret
.keys(),
5620 'Sudoers not found')
5621 self
.assertIn('fakeu ALL=(ALL) NOPASSWD: ALL',
5623 'Sudoers policy not created')
5624 # Check the smb.conf Extension
5625 elif type(ext
) == gp_smb_conf_ext
:
5626 self
.assertIn('smb.conf', ret
.keys(),
5627 'apply group policies was not applied')
5628 self
.assertIn(e3
.valuename
, ret
['smb.conf'],
5629 'apply group policies was not applied')
5630 self
.assertEquals(ret
['smb.conf'][e3
.valuename
], e3
.data
,
5631 'apply group policies was not set')
5632 # Check the Messages Extension
5633 elif type(ext
) == gp_msgs_ext
:
5634 self
.assertIn('/etc/issue', ret
,
5635 'Login Prompt Message not applied')
5636 self
.assertEquals(ret
['/etc/issue'], e4
.data
,
5637 'Login Prompt Message not set')
5639 # Check that a call to gpupdate --rsop also succeeds
5641 self
.assertEquals(ret
, 0, 'gpupdate --rsop failed!')
5643 unstage_file(gpofile
% g
.name
)
5644 unstage_file(reg_pol
% g
.name
)
5646 def test_gp_unapply(self
):
5647 cache_dir
= self
.lp
.get('cache directory')
5648 local_path
= self
.lp
.cache_path('gpo_cache')
5649 guid
= '{31B2F340-016D-11D2-945F-00C04FB984F9}'
5650 store
= GPOStorage(os
.path
.join(cache_dir
, 'gpo.tdb'))
5652 machine_creds
= Credentials()
5653 machine_creds
.guess(self
.lp
)
5654 machine_creds
.set_machine_account()
5656 ads
= gpo
.ADS_STRUCT(self
.server
, self
.lp
, machine_creds
)
5658 gpos
= ads
.get_gpo_list(machine_creds
.get_username())
5661 gp_extensions
.append(gp_krb_ext
)
5662 gp_extensions
.append(gp_scripts_ext
)
5663 gp_extensions
.append(gp_sudoers_ext
)
5665 # Create registry stage data
5666 reg_pol
= os
.path
.join(local_path
, policies
, '%s/MACHINE/REGISTRY.POL')
5667 reg_stage
= preg
.file()
5669 e
.keyname
= b
'Software\\Policies\\Samba\\Unix Settings\\Daily Scripts'
5670 e
.valuename
= b
'Software\\Policies\\Samba\\Unix Settings'
5672 e
.data
= b
'echo hello world'
5674 e2
.keyname
= b
'Software\\Policies\\Samba\\Unix Settings\\Sudo Rights'
5675 e2
.valuename
= b
'Software\\Policies\\Samba\\Unix Settings'
5677 e2
.data
= b
'fakeu ALL=(ALL) NOPASSWD: ALL'
5678 reg_stage
.num_entries
= 2
5679 reg_stage
.entries
= [e
, e2
]
5681 # Create krb stage date
5682 gpofile
= os
.path
.join(local_path
, policies
, '%s/MACHINE/MICROSOFT/' \
5683 'WINDOWS NT/SECEDIT/GPTTMPL.INF')
5684 krb_stage
= '[Kerberos Policy]\nMaxTicketAge = 99\n'
5686 ret
= stage_file(gpofile
% guid
, krb_stage
)
5687 self
.assertTrue(ret
, 'Could not create the target %s' %
5689 ret
= stage_file(reg_pol
% guid
, ndr_pack(reg_stage
))
5690 self
.assertTrue(ret
, 'Could not create the target %s' %
5693 # Process all gpos, with temp output directory
5695 with
TemporaryDirectory() as dname
:
5696 for ext
in gp_extensions
:
5697 ext
= ext(self
.lp
, machine_creds
,
5698 machine_creds
.get_username(), store
)
5699 if type(ext
) == gp_krb_ext
:
5700 ext
.process_group_policy([], gpos
)
5701 ret
= store
.get_int('kdc:user_ticket_lifetime')
5702 self
.assertEqual(ret
, 99, 'Kerberos policy was not set')
5703 elif type(ext
) in [gp_scripts_ext
, gp_sudoers_ext
]:
5704 ext
.process_group_policy([], gpos
, dname
)
5705 gp_db
= store
.get_gplog(machine_creds
.get_username())
5706 applied_settings
= gp_db
.get_applied_settings([guid
])
5707 for _
, fname
in applied_settings
[-1][-1][str(ext
)].items():
5708 fname
= fname
.split(':')[-1]
5709 self
.assertIn(dname
, fname
,
5710 'Test file not created in tmp dir')
5711 self
.assertTrue(os
.path
.exists(fname
),
5712 'Test file not created')
5713 remove
.append(fname
)
5715 # Unapply policy, and ensure policies are removed
5716 gpupdate_unapply(self
.lp
)
5718 for fname
in remove
:
5719 self
.assertFalse(os
.path
.exists(fname
),
5720 'Unapply did not remove test file')
5721 ret
= store
.get_int('kdc:user_ticket_lifetime')
5722 self
.assertNotEqual(ret
, 99, 'Kerberos policy was not unapplied')
5724 unstage_file(gpofile
% guid
)
5725 unstage_file(reg_pol
% guid
)
5727 def test_smb_conf_ext(self
):
5728 local_path
= self
.lp
.cache_path('gpo_cache')
5729 guid
= '{31B2F340-016D-11D2-945F-00C04FB984F9}'
5730 reg_pol
= os
.path
.join(local_path
, policies
, guid
,
5731 'MACHINE/REGISTRY.POL')
5732 cache_dir
= self
.lp
.get('cache directory')
5733 store
= GPOStorage(os
.path
.join(cache_dir
, 'gpo.tdb'))
5735 machine_creds
= Credentials()
5736 machine_creds
.guess(self
.lp
)
5737 machine_creds
.set_machine_account()
5739 ads
= gpo
.ADS_STRUCT(self
.server
, self
.lp
, machine_creds
)
5741 gpos
= ads
.get_gpo_list(machine_creds
.get_username())
5745 e
.keyname
= 'Software\\Policies\\Samba\\smb_conf\\template homedir'
5747 e
.data
= '/home/samba/%D/%U'
5748 e
.valuename
= 'template homedir'
5751 e
.keyname
= 'Software\\Policies\\Samba\\smb_conf\\apply group policies'
5754 e
.valuename
= 'apply group policies'
5757 e
.keyname
= 'Software\\Policies\\Samba\\smb_conf\\ldap timeout'
5760 e
.valuename
= 'ldap timeout'
5763 stage
.num_entries
= len(entries
)
5764 stage
.entries
= entries
5766 ret
= stage_file(reg_pol
, ndr_pack(stage
))
5767 self
.assertTrue(ret
, 'Failed to create the Registry.pol file')
5769 with
NamedTemporaryFile(suffix
='_smb.conf') as f
:
5770 copyfile(self
.lp
.configfile
, f
.name
)
5771 lp
= LoadParm(f
.name
)
5773 # Initialize the group policy extension
5774 ext
= gp_smb_conf_ext(lp
, machine_creds
,
5775 machine_creds
.get_username(), store
)
5776 ext
.process_group_policy([], gpos
)
5777 lp
= LoadParm(f
.name
)
5779 template_homedir
= lp
.get('template homedir')
5780 self
.assertEquals(template_homedir
, '/home/samba/%D/%U',
5781 'template homedir was not applied')
5782 apply_group_policies
= lp
.get('apply group policies')
5783 self
.assertTrue(apply_group_policies
,
5784 'apply group policies was not applied')
5785 ldap_timeout
= lp
.get('ldap timeout')
5786 self
.assertEquals(ldap_timeout
, 9999, 'ldap timeout was not applied')
5788 # Check that a call to gpupdate --rsop also succeeds
5790 self
.assertEquals(ret
, 0, 'gpupdate --rsop failed!')
5793 gp_db
= store
.get_gplog(machine_creds
.get_username())
5794 del_gpos
= get_deleted_gpos_list(gp_db
, [])
5795 ext
.process_group_policy(del_gpos
, [])
5797 lp
= LoadParm(f
.name
)
5799 template_homedir
= lp
.get('template homedir')
5800 self
.assertEquals(template_homedir
, self
.lp
.get('template homedir'),
5801 'template homedir was not unapplied')
5802 apply_group_policies
= lp
.get('apply group policies')
5803 self
.assertEquals(apply_group_policies
, self
.lp
.get('apply group policies'),
5804 'apply group policies was not unapplied')
5805 ldap_timeout
= lp
.get('ldap timeout')
5806 self
.assertEquals(ldap_timeout
, self
.lp
.get('ldap timeout'),
5807 'ldap timeout was not unapplied')
5809 # Unstage the Registry.pol file
5810 unstage_file(reg_pol
)
5812 def test_gp_motd(self
):
5813 local_path
= self
.lp
.cache_path('gpo_cache')
5814 guid
= '{31B2F340-016D-11D2-945F-00C04FB984F9}'
5815 reg_pol
= os
.path
.join(local_path
, policies
, guid
,
5816 'MACHINE/REGISTRY.POL')
5817 cache_dir
= self
.lp
.get('cache directory')
5818 store
= GPOStorage(os
.path
.join(cache_dir
, 'gpo.tdb'))
5820 machine_creds
= Credentials()
5821 machine_creds
.guess(self
.lp
)
5822 machine_creds
.set_machine_account()
5824 # Initialize the group policy extension
5825 ext
= gp_msgs_ext(self
.lp
, machine_creds
,
5826 machine_creds
.get_username(), store
)
5828 ads
= gpo
.ADS_STRUCT(self
.server
, self
.lp
, machine_creds
)
5830 gpos
= ads
.get_gpo_list(machine_creds
.get_username())
5832 # Stage the Registry.pol file with test data
5835 e1
.keyname
= b
'Software\\Policies\\Samba\\Unix Settings\\Messages'
5836 e1
.valuename
= b
'motd'
5838 e1
.data
= b
'Have a lot of fun!'
5839 stage
.num_entries
= 2
5841 e2
.keyname
= b
'Software\\Policies\\Samba\\Unix Settings\\Messages'
5842 e2
.valuename
= b
'issue'
5844 e2
.data
= b
'Welcome to \\s \\r \\l'
5845 stage
.entries
= [e1
, e2
]
5846 ret
= stage_file(reg_pol
, ndr_pack(stage
))
5847 self
.assertTrue(ret
, 'Could not create the target %s' % reg_pol
)
5849 # Process all gpos, with temp output directory
5850 with
TemporaryDirectory() as dname
:
5851 ext
.process_group_policy([], gpos
, dname
)
5852 motd_file
= os
.path
.join(dname
, 'motd')
5853 self
.assertTrue(os
.path
.exists(motd_file
),
5854 'Message of the day file not created')
5855 data
= open(motd_file
, 'r').read()
5856 self
.assertEquals(data
, e1
.data
, 'Message of the day not applied')
5857 issue_file
= os
.path
.join(dname
, 'issue')
5858 self
.assertTrue(os
.path
.exists(issue_file
),
5859 'Login Prompt Message file not created')
5860 data
= open(issue_file
, 'r').read()
5861 self
.assertEquals(data
, e2
.data
, 'Login Prompt Message not applied')
5863 # Check that a call to gpupdate --rsop also succeeds
5865 self
.assertEquals(ret
, 0, 'gpupdate --rsop failed!')
5867 # Unapply policy, and ensure the test files are removed
5868 gp_db
= store
.get_gplog(machine_creds
.get_username())
5869 del_gpos
= get_deleted_gpos_list(gp_db
, [])
5870 ext
.process_group_policy(del_gpos
, [], dname
)
5871 data
= open(motd_file
, 'r').read()
5872 self
.assertFalse(data
, 'Message of the day file not removed')
5873 data
= open(issue_file
, 'r').read()
5874 self
.assertFalse(data
, 'Login Prompt Message file not removed')
5876 # Unstage the Registry.pol file
5877 unstage_file(reg_pol
)
5879 def test_vgp_symlink(self
):
5880 local_path
= self
.lp
.cache_path('gpo_cache')
5881 guid
= '{31B2F340-016D-11D2-945F-00C04FB984F9}'
5882 manifest
= os
.path
.join(local_path
, policies
, guid
, 'MACHINE',
5883 'VGP/VTLA/UNIX/SYMLINK/MANIFEST.XML')
5884 cache_dir
= self
.lp
.get('cache directory')
5885 store
= GPOStorage(os
.path
.join(cache_dir
, 'gpo.tdb'))
5887 machine_creds
= Credentials()
5888 machine_creds
.guess(self
.lp
)
5889 machine_creds
.set_machine_account()
5891 # Initialize the group policy extension
5892 ext
= vgp_symlink_ext(self
.lp
, machine_creds
,
5893 machine_creds
.get_username(), store
)
5895 ads
= gpo
.ADS_STRUCT(self
.server
, self
.lp
, machine_creds
)
5897 gpos
= ads
.get_gpo_list(machine_creds
.get_username())
5899 with
TemporaryDirectory() as dname
:
5900 test_source
= os
.path
.join(dname
, 'test.source')
5901 test_target
= os
.path
.join(dname
, 'test.target')
5903 # Stage the manifest.xml file with test data
5904 stage
= etree
.Element('vgppolicy')
5905 policysetting
= etree
.Element('policysetting')
5906 stage
.append(policysetting
)
5907 version
= etree
.Element('version')
5909 policysetting
.append(version
)
5910 data
= etree
.Element('data')
5911 file_properties
= etree
.Element('file_properties')
5912 source
= etree
.Element('source')
5913 source
.text
= test_source
5914 file_properties
.append(source
)
5915 target
= etree
.Element('target')
5916 target
.text
= test_target
5917 file_properties
.append(target
)
5918 data
.append(file_properties
)
5919 policysetting
.append(data
)
5920 ret
= stage_file(manifest
, etree
.tostring(stage
))
5921 self
.assertTrue(ret
, 'Could not create the target %s' % manifest
)
5923 # Create test source
5924 test_source_data
= 'hello world!'
5925 with
open(test_source
, 'w') as w
:
5926 w
.write(test_source_data
)
5928 # Process all gpos, with temp output directory
5929 ext
.process_group_policy([], gpos
)
5930 self
.assertTrue(os
.path
.exists(test_target
),
5931 'The test symlink was not created')
5932 self
.assertTrue(os
.path
.islink(test_target
),
5933 'The test file is not a symlink')
5934 self
.assertIn(test_source_data
, open(test_target
, 'r').read(),
5935 'Reading from symlink does not produce source data')
5937 # Unapply the policy, ensure removal
5938 gp_db
= store
.get_gplog(machine_creds
.get_username())
5939 del_gpos
= get_deleted_gpos_list(gp_db
, [])
5940 ext
.process_group_policy(del_gpos
, [])
5941 self
.assertFalse(os
.path
.exists(test_target
),
5942 'The test symlink was not delete')
5945 ret
= ext
.rsop([g
for g
in gpos
if g
.name
== guid
][0])
5946 self
.assertIn('ln -s %s %s' % (test_source
, test_target
),
5947 list(ret
.values())[0])
5949 # Check that a call to gpupdate --rsop also succeeds
5951 self
.assertEquals(ret
, 0, 'gpupdate --rsop failed!')
5953 # Unstage the manifest.xml file
5954 unstage_file(manifest
)
5956 def test_vgp_files(self
):
5957 local_path
= self
.lp
.cache_path('gpo_cache')
5958 guid
= '{31B2F340-016D-11D2-945F-00C04FB984F9}'
5959 manifest
= os
.path
.join(local_path
, policies
, guid
, 'MACHINE',
5960 'VGP/VTLA/UNIX/FILES/MANIFEST.XML')
5961 source_file
= os
.path
.join(os
.path
.dirname(manifest
), 'TEST.SOURCE')
5962 source_data
= '#!/bin/sh\necho hello world'
5963 ret
= stage_file(source_file
, source_data
)
5964 self
.assertTrue(ret
, 'Could not create the target %s' % source_file
)
5965 cache_dir
= self
.lp
.get('cache directory')
5966 store
= GPOStorage(os
.path
.join(cache_dir
, 'gpo.tdb'))
5968 machine_creds
= Credentials()
5969 machine_creds
.guess(self
.lp
)
5970 machine_creds
.set_machine_account()
5972 # Initialize the group policy extension
5973 ext
= vgp_files_ext(self
.lp
, machine_creds
,
5974 machine_creds
.get_username(), store
)
5976 ads
= gpo
.ADS_STRUCT(self
.server
, self
.lp
, machine_creds
)
5978 gpos
= ads
.get_gpo_list(machine_creds
.get_username())
5980 # Stage the manifest.xml file with test data
5981 with
TemporaryDirectory() as dname
:
5982 stage
= etree
.Element('vgppolicy')
5983 policysetting
= etree
.Element('policysetting')
5984 stage
.append(policysetting
)
5985 version
= etree
.Element('version')
5987 policysetting
.append(version
)
5988 data
= etree
.Element('data')
5989 file_properties
= etree
.SubElement(data
, 'file_properties')
5990 source
= etree
.SubElement(file_properties
, 'source')
5991 source
.text
= os
.path
.basename(source_file
).lower()
5992 target
= etree
.SubElement(file_properties
, 'target')
5993 target
.text
= os
.path
.join(dname
, 'test.target')
5994 user
= etree
.SubElement(file_properties
, 'user')
5995 user
.text
= pwd
.getpwuid(os
.getuid()).pw_name
5996 group
= etree
.SubElement(file_properties
, 'group')
5997 group
.text
= grp
.getgrgid(os
.getgid()).gr_name
5998 # Request permissions of 755
5999 permissions
= etree
.SubElement(file_properties
, 'permissions')
6000 permissions
.set('type', 'user')
6001 etree
.SubElement(permissions
, 'read')
6002 etree
.SubElement(permissions
, 'write')
6003 etree
.SubElement(permissions
, 'execute')
6004 permissions
= etree
.SubElement(file_properties
, 'permissions')
6005 permissions
.set('type', 'group')
6006 etree
.SubElement(permissions
, 'read')
6007 etree
.SubElement(permissions
, 'execute')
6008 permissions
= etree
.SubElement(file_properties
, 'permissions')
6009 permissions
.set('type', 'other')
6010 etree
.SubElement(permissions
, 'read')
6011 etree
.SubElement(permissions
, 'execute')
6012 policysetting
.append(data
)
6013 ret
= stage_file(manifest
, etree
.tostring(stage
))
6014 self
.assertTrue(ret
, 'Could not create the target %s' % manifest
)
6016 # Process all gpos, with temp output directory
6017 ext
.process_group_policy([], gpos
)
6018 self
.assertTrue(os
.path
.exists(target
.text
),
6019 'The target file does not exist')
6020 self
.assertEquals(os
.stat(target
.text
).st_mode
& 0o777, 0o755,
6021 'The target file permissions are incorrect')
6022 self
.assertEquals(open(target
.text
).read(), source_data
,
6023 'The target file contents are incorrect')
6026 gp_db
= store
.get_gplog(machine_creds
.get_username())
6027 del_gpos
= get_deleted_gpos_list(gp_db
, [])
6028 ext
.process_group_policy(del_gpos
, [])
6029 self
.assertFalse(os
.path
.exists(target
.text
),
6030 'The target file was not removed')
6033 g
= [g
for g
in gpos
if g
.name
== guid
][0]
6035 self
.assertIn(target
.text
, list(ret
.values())[0][0],
6036 'The target file was not listed by rsop')
6037 self
.assertIn('-rwxr-xr-x', list(ret
.values())[0][0],
6038 'The target permissions were not listed by rsop')
6040 # Check that a call to gpupdate --rsop also succeeds
6042 self
.assertEquals(ret
, 0, 'gpupdate --rsop failed!')
6044 # Unstage the manifest and source files
6045 unstage_file(manifest
)
6046 unstage_file(source_file
)
6048 def test_vgp_openssh(self
):
6049 local_path
= self
.lp
.cache_path('gpo_cache')
6050 guid
= '{31B2F340-016D-11D2-945F-00C04FB984F9}'
6051 manifest
= os
.path
.join(local_path
, policies
, guid
, 'MACHINE',
6052 'VGP/VTLA/SSHCFG/SSHD/MANIFEST.XML')
6053 cache_dir
= self
.lp
.get('cache directory')
6054 store
= GPOStorage(os
.path
.join(cache_dir
, 'gpo.tdb'))
6056 machine_creds
= Credentials()
6057 machine_creds
.guess(self
.lp
)
6058 machine_creds
.set_machine_account()
6060 # Initialize the group policy extension
6061 ext
= vgp_openssh_ext(self
.lp
, machine_creds
,
6062 machine_creds
.get_username(), store
)
6064 ads
= gpo
.ADS_STRUCT(self
.server
, self
.lp
, machine_creds
)
6066 gpos
= ads
.get_gpo_list(machine_creds
.get_username())
6068 # Stage the manifest.xml file with test data
6069 stage
= etree
.Element('vgppolicy')
6070 policysetting
= etree
.Element('policysetting')
6071 stage
.append(policysetting
)
6072 version
= etree
.Element('version')
6074 policysetting
.append(version
)
6075 data
= etree
.Element('data')
6076 configfile
= etree
.Element('configfile')
6077 configsection
= etree
.Element('configsection')
6078 sectionname
= etree
.Element('sectionname')
6079 configsection
.append(sectionname
)
6080 kvpair
= etree
.Element('keyvaluepair')
6081 key
= etree
.Element('key')
6082 key
.text
= 'AddressFamily'
6084 value
= etree
.Element('value')
6085 value
.text
= 'inet6'
6086 kvpair
.append(value
)
6087 configsection
.append(kvpair
)
6088 configfile
.append(configsection
)
6089 data
.append(configfile
)
6090 policysetting
.append(data
)
6091 ret
= stage_file(manifest
, etree
.tostring(stage
))
6092 self
.assertTrue(ret
, 'Could not create the target %s' % manifest
)
6094 # Process all gpos, with temp output directory
6095 data
= 'AddressFamily inet6'
6096 with
TemporaryDirectory() as dname
:
6097 ext
.process_group_policy([], gpos
, dname
)
6098 conf
= os
.listdir(dname
)
6099 self
.assertEquals(len(conf
), 1, 'The conf file was not created')
6100 gp_cfg
= os
.path
.join(dname
, conf
[0])
6101 self
.assertIn(data
, open(gp_cfg
, 'r').read(),
6102 'The sshd_config entry was not applied')
6104 # Check that a call to gpupdate --rsop also succeeds
6106 self
.assertEquals(ret
, 0, 'gpupdate --rsop failed!')
6109 gp_db
= store
.get_gplog(machine_creds
.get_username())
6110 del_gpos
= get_deleted_gpos_list(gp_db
, [])
6111 ext
.process_group_policy(del_gpos
, [], dname
)
6112 self
.assertFalse(os
.path
.exists(gp_cfg
),
6113 'Unapply failed to cleanup config')
6115 # Unstage the Registry.pol file
6116 unstage_file(manifest
)
6118 def test_vgp_startup_scripts(self
):
6119 local_path
= self
.lp
.cache_path('gpo_cache')
6120 guid
= '{31B2F340-016D-11D2-945F-00C04FB984F9}'
6121 manifest
= os
.path
.join(local_path
, policies
, guid
, 'MACHINE',
6122 'VGP/VTLA/UNIX/SCRIPTS/STARTUP/MANIFEST.XML')
6123 test_script
= os
.path
.join(os
.path
.dirname(manifest
), 'TEST.SH')
6124 test_data
= '#!/bin/sh\necho $@ hello world'
6125 ret
= stage_file(test_script
, test_data
)
6126 self
.assertTrue(ret
, 'Could not create the target %s' % test_script
)
6127 cache_dir
= self
.lp
.get('cache directory')
6128 store
= GPOStorage(os
.path
.join(cache_dir
, 'gpo.tdb'))
6130 machine_creds
= Credentials()
6131 machine_creds
.guess(self
.lp
)
6132 machine_creds
.set_machine_account()
6134 # Initialize the group policy extension
6135 ext
= vgp_startup_scripts_ext(self
.lp
, machine_creds
,
6136 machine_creds
.get_username(), store
)
6138 ads
= gpo
.ADS_STRUCT(self
.server
, self
.lp
, machine_creds
)
6140 gpos
= ads
.get_gpo_list(machine_creds
.get_username())
6142 # Stage the manifest.xml file with test data
6143 stage
= etree
.Element('vgppolicy')
6144 policysetting
= etree
.SubElement(stage
, 'policysetting')
6145 version
= etree
.SubElement(policysetting
, 'version')
6147 data
= etree
.SubElement(policysetting
, 'data')
6148 listelement
= etree
.SubElement(data
, 'listelement')
6149 script
= etree
.SubElement(listelement
, 'script')
6150 script
.text
= os
.path
.basename(test_script
).lower()
6151 parameters
= etree
.SubElement(listelement
, 'parameters')
6152 parameters
.text
= '-n'
6153 hash = etree
.SubElement(listelement
, 'hash')
6155 hashlib
.md5(open(test_script
, 'rb').read()).hexdigest().upper()
6156 run_as
= etree
.SubElement(listelement
, 'run_as')
6157 run_as
.text
= 'root'
6158 ret
= stage_file(manifest
, etree
.tostring(stage
))
6159 self
.assertTrue(ret
, 'Could not create the target %s' % manifest
)
6161 # Process all gpos, with temp output directory
6162 with
TemporaryDirectory() as dname
:
6163 ext
.process_group_policy([], gpos
, dname
)
6164 files
= os
.listdir(dname
)
6165 self
.assertEquals(len(files
), 1,
6166 'The target script was not created')
6167 entry
= '@reboot %s %s %s' % (run_as
.text
, test_script
,
6169 self
.assertIn(entry
,
6170 open(os
.path
.join(dname
, files
[0]), 'r').read(),
6171 'The test entry was not found')
6174 gp_db
= store
.get_gplog(machine_creds
.get_username())
6175 del_gpos
= get_deleted_gpos_list(gp_db
, [])
6176 ext
.process_group_policy(del_gpos
, [])
6177 files
= os
.listdir(dname
)
6178 self
.assertEquals(len(files
), 0,
6179 'The target script was not removed')
6182 g
= [g
for g
in gpos
if g
.name
== guid
][0]
6184 self
.assertIn(entry
, list(ret
.values())[0][0],
6185 'The target entry was not listed by rsop')
6187 # Check that a call to gpupdate --rsop also succeeds
6189 self
.assertEquals(ret
, 0, 'gpupdate --rsop failed!')
6191 # Unstage the manifest.xml and script files
6192 unstage_file(manifest
)
6194 # Stage the manifest.xml file for run once scripts
6195 etree
.SubElement(listelement
, 'run_once')
6196 run_as
.text
= pwd
.getpwuid(os
.getuid()).pw_name
6197 ret
= stage_file(manifest
, etree
.tostring(stage
))
6198 self
.assertTrue(ret
, 'Could not create the target %s' % manifest
)
6200 # Process all gpos, with temp output directory
6201 # A run once script will be executed immediately,
6202 # instead of creating a cron job
6203 with
TemporaryDirectory() as dname
:
6204 test_file
= '%s/TESTING.txt' % dname
6205 test_data
= '#!/bin/sh\ntouch %s' % test_file
6206 ret
= stage_file(test_script
, test_data
)
6207 self
.assertTrue(ret
, 'Could not create the target %s' % test_script
)
6209 ext
.process_group_policy([], gpos
, dname
)
6210 files
= os
.listdir(dname
)
6211 self
.assertEquals(len(files
), 1,
6212 'The test file was not created')
6213 self
.assertEquals(files
[0], os
.path
.basename(test_file
),
6214 'The test file was not created')
6216 # Unlink the test file and ensure that processing
6217 # policy again does not recreate it.
6218 os
.unlink(test_file
)
6219 ext
.process_group_policy([], gpos
, dname
)
6220 files
= os
.listdir(dname
)
6221 self
.assertEquals(len(files
), 0,
6222 'The test file should not have been created')
6225 gp_db
= store
.get_gplog(machine_creds
.get_username())
6226 del_gpos
= get_deleted_gpos_list(gp_db
, [])
6227 ext
.process_group_policy(del_gpos
, [])
6230 entry
= 'Run once as: %s `%s %s`' % (run_as
.text
, test_script
,
6232 g
= [g
for g
in gpos
if g
.name
== guid
][0]
6234 self
.assertIn(entry
, list(ret
.values())[0][0],
6235 'The target entry was not listed by rsop')
6237 # Check that a call to gpupdate --rsop also succeeds
6239 self
.assertEquals(ret
, 0, 'gpupdate --rsop failed!')
6241 # Unstage the manifest.xml and script files
6242 unstage_file(manifest
)
6244 # Stage the manifest.xml file for a script without parameters
6245 stage
= etree
.Element('vgppolicy')
6246 policysetting
= etree
.SubElement(stage
, 'policysetting')
6247 version
= etree
.SubElement(policysetting
, 'version')
6249 data
= etree
.SubElement(policysetting
, 'data')
6250 listelement
= etree
.SubElement(data
, 'listelement')
6251 script
= etree
.SubElement(listelement
, 'script')
6252 script
.text
= os
.path
.basename(test_script
).lower()
6253 hash = etree
.SubElement(listelement
, 'hash')
6255 hashlib
.md5(open(test_script
, 'rb').read()).hexdigest().upper()
6256 run_as
= etree
.SubElement(listelement
, 'run_as')
6257 run_as
.text
= 'root'
6258 ret
= stage_file(manifest
, etree
.tostring(stage
))
6259 self
.assertTrue(ret
, 'Could not create the target %s' % manifest
)
6261 # Process all gpos, with temp output directory
6262 with
TemporaryDirectory() as dname
:
6264 ext
.process_group_policy([], gpos
, dname
)
6265 except Exception as e
:
6267 files
= os
.listdir(dname
)
6268 self
.assertEquals(len(files
), 1,
6269 'The target script was not created')
6270 entry
= '@reboot %s %s' % (run_as
.text
, test_script
)
6271 self
.assertIn(entry
,
6272 open(os
.path
.join(dname
, files
[0]), 'r').read(),
6273 'The test entry was not found')
6276 gp_db
= store
.get_gplog(machine_creds
.get_username())
6277 del_gpos
= get_deleted_gpos_list(gp_db
, [])
6278 ext
.process_group_policy(del_gpos
, [])
6279 files
= os
.listdir(dname
)
6280 self
.assertEquals(len(files
), 0,
6281 'The target script was not removed')
6284 g
= [g
for g
in gpos
if g
.name
== guid
][0]
6286 self
.assertIn(entry
, list(ret
.values())[0][0],
6287 'The target entry was not listed by rsop')
6289 # Check that a call to gpupdate --rsop also succeeds
6291 self
.assertEquals(ret
, 0, 'gpupdate --rsop failed!')
6293 # Unstage the manifest.xml and script files
6294 unstage_file(manifest
)
6295 unstage_file(test_script
)
6297 def test_vgp_motd(self
):
6298 local_path
= self
.lp
.cache_path('gpo_cache')
6299 guid
= '{31B2F340-016D-11D2-945F-00C04FB984F9}'
6300 manifest
= os
.path
.join(local_path
, policies
, guid
, 'MACHINE',
6301 'VGP/VTLA/UNIX/MOTD/MANIFEST.XML')
6302 cache_dir
= self
.lp
.get('cache directory')
6303 store
= GPOStorage(os
.path
.join(cache_dir
, 'gpo.tdb'))
6305 machine_creds
= Credentials()
6306 machine_creds
.guess(self
.lp
)
6307 machine_creds
.set_machine_account()
6309 # Initialize the group policy extension
6310 ext
= vgp_motd_ext(self
.lp
, machine_creds
,
6311 machine_creds
.get_username(), store
)
6313 ads
= gpo
.ADS_STRUCT(self
.server
, self
.lp
, machine_creds
)
6315 gpos
= ads
.get_gpo_list(machine_creds
.get_username())
6317 # Stage the manifest.xml file with test data
6318 stage
= etree
.Element('vgppolicy')
6319 policysetting
= etree
.SubElement(stage
, 'policysetting')
6320 version
= etree
.SubElement(policysetting
, 'version')
6322 data
= etree
.SubElement(policysetting
, 'data')
6323 filename
= etree
.SubElement(data
, 'filename')
6324 filename
.text
= 'motd'
6325 text
= etree
.SubElement(data
, 'text')
6326 text
.text
= 'This is the message of the day'
6327 ret
= stage_file(manifest
, etree
.tostring(stage
))
6328 self
.assertTrue(ret
, 'Could not create the target %s' % manifest
)
6330 # Process all gpos, with temp output directory
6331 with
NamedTemporaryFile() as f
:
6332 ext
.process_group_policy([], gpos
, f
.name
)
6333 self
.assertEquals(open(f
.name
, 'r').read(), text
.text
,
6334 'The motd was not applied')
6336 # Check that a call to gpupdate --rsop also succeeds
6338 self
.assertEquals(ret
, 0, 'gpupdate --rsop failed!')
6341 gp_db
= store
.get_gplog(machine_creds
.get_username())
6342 del_gpos
= get_deleted_gpos_list(gp_db
, [])
6343 ext
.process_group_policy(del_gpos
, [], f
.name
)
6344 self
.assertNotEquals(open(f
.name
, 'r').read(), text
.text
,
6345 'The motd was not unapplied')
6347 # Unstage the Registry.pol file
6348 unstage_file(manifest
)
6350 def test_vgp_issue(self
):
6351 local_path
= self
.lp
.cache_path('gpo_cache')
6352 guid
= '{31B2F340-016D-11D2-945F-00C04FB984F9}'
6353 manifest
= os
.path
.join(local_path
, policies
, guid
, 'MACHINE',
6354 'VGP/VTLA/UNIX/ISSUE/MANIFEST.XML')
6355 cache_dir
= self
.lp
.get('cache directory')
6356 store
= GPOStorage(os
.path
.join(cache_dir
, 'gpo.tdb'))
6358 machine_creds
= Credentials()
6359 machine_creds
.guess(self
.lp
)
6360 machine_creds
.set_machine_account()
6362 # Initialize the group policy extension
6363 ext
= vgp_issue_ext(self
.lp
, machine_creds
,
6364 machine_creds
.get_username(), store
)
6366 ads
= gpo
.ADS_STRUCT(self
.server
, self
.lp
, machine_creds
)
6368 gpos
= ads
.get_gpo_list(machine_creds
.get_username())
6370 # Stage the manifest.xml file with test data
6371 stage
= etree
.Element('vgppolicy')
6372 policysetting
= etree
.SubElement(stage
, 'policysetting')
6373 version
= etree
.SubElement(policysetting
, 'version')
6375 data
= etree
.SubElement(policysetting
, 'data')
6376 filename
= etree
.SubElement(data
, 'filename')
6377 filename
.text
= 'issue'
6378 text
= etree
.SubElement(data
, 'text')
6379 text
.text
= 'Welcome to Samba!'
6380 ret
= stage_file(manifest
, etree
.tostring(stage
))
6381 self
.assertTrue(ret
, 'Could not create the target %s' % manifest
)
6383 # Process all gpos, with temp output directory
6384 with
NamedTemporaryFile() as f
:
6385 ext
.process_group_policy([], gpos
, f
.name
)
6386 self
.assertEquals(open(f
.name
, 'r').read(), text
.text
,
6387 'The issue was not applied')
6389 # Check that a call to gpupdate --rsop also succeeds
6391 self
.assertEquals(ret
, 0, 'gpupdate --rsop failed!')
6394 gp_db
= store
.get_gplog(machine_creds
.get_username())
6395 del_gpos
= get_deleted_gpos_list(gp_db
, [])
6396 ext
.process_group_policy(del_gpos
, [], f
.name
)
6397 self
.assertNotEquals(open(f
.name
, 'r').read(), text
.text
,
6398 'The issue was not unapplied')
6400 # Unstage the manifest.xml file
6401 unstage_file(manifest
)
6403 def test_vgp_access(self
):
6404 local_path
= self
.lp
.cache_path('gpo_cache')
6405 guid
= '{31B2F340-016D-11D2-945F-00C04FB984F9}'
6406 allow
= os
.path
.join(local_path
, policies
, guid
, 'MACHINE',
6407 'VGP/VTLA/VAS/HOSTACCESSCONTROL/ALLOW/MANIFEST.XML')
6408 deny
= os
.path
.join(local_path
, policies
, guid
, 'MACHINE',
6409 'VGP/VTLA/VAS/HOSTACCESSCONTROL/DENY/MANIFEST.XML')
6410 cache_dir
= self
.lp
.get('cache directory')
6411 store
= GPOStorage(os
.path
.join(cache_dir
, 'gpo.tdb'))
6413 machine_creds
= Credentials()
6414 machine_creds
.guess(self
.lp
)
6415 machine_creds
.set_machine_account()
6417 # Initialize the group policy extension
6418 ext
= vgp_access_ext(self
.lp
, machine_creds
,
6419 machine_creds
.get_username(), store
)
6421 ads
= gpo
.ADS_STRUCT(self
.server
, self
.lp
, machine_creds
)
6423 gpos
= ads
.get_gpo_list(machine_creds
.get_username())
6425 # Stage the manifest.xml allow file
6426 stage
= etree
.Element('vgppolicy')
6427 policysetting
= etree
.SubElement(stage
, 'policysetting')
6428 version
= etree
.SubElement(policysetting
, 'version')
6430 apply_mode
= etree
.SubElement(policysetting
, 'apply_mode')
6431 apply_mode
.text
= 'merge'
6432 data
= etree
.SubElement(policysetting
, 'data')
6433 # Add an allowed user
6434 listelement
= etree
.SubElement(data
, 'listelement')
6435 otype
= etree
.SubElement(listelement
, 'type')
6437 entry
= etree
.SubElement(listelement
, 'entry')
6438 entry
.text
= 'goodguy@%s' % realm
6439 adobject
= etree
.SubElement(listelement
, 'adobject')
6440 name
= etree
.SubElement(adobject
, 'name')
6441 name
.text
= 'goodguy'
6442 domain
= etree
.SubElement(adobject
, 'domain')
6444 otype
= etree
.SubElement(adobject
, 'type')
6446 # Add an allowed group
6447 groupattr
= etree
.SubElement(data
, 'groupattr')
6448 groupattr
.text
= 'samAccountName'
6449 listelement
= etree
.SubElement(data
, 'listelement')
6450 otype
= etree
.SubElement(listelement
, 'type')
6451 otype
.text
= 'GROUP'
6452 entry
= etree
.SubElement(listelement
, 'entry')
6453 entry
.text
= '%s\\goodguys' % realm
6454 dn
= etree
.SubElement(listelement
, 'dn')
6455 dn
.text
= 'CN=goodguys,CN=Users,%s' % base_dn
6456 adobject
= etree
.SubElement(listelement
, 'adobject')
6457 name
= etree
.SubElement(adobject
, 'name')
6458 name
.text
= 'goodguys'
6459 domain
= etree
.SubElement(adobject
, 'domain')
6461 otype
= etree
.SubElement(adobject
, 'type')
6462 otype
.text
= 'group'
6463 ret
= stage_file(allow
, etree
.tostring(stage
))
6464 self
.assertTrue(ret
, 'Could not create the target %s' % allow
)
6466 # Stage the manifest.xml deny file
6467 stage
= etree
.Element('vgppolicy')
6468 policysetting
= etree
.SubElement(stage
, 'policysetting')
6469 version
= etree
.SubElement(policysetting
, 'version')
6471 apply_mode
= etree
.SubElement(policysetting
, 'apply_mode')
6472 apply_mode
.text
= 'merge'
6473 data
= etree
.SubElement(policysetting
, 'data')
6475 listelement
= etree
.SubElement(data
, 'listelement')
6476 otype
= etree
.SubElement(listelement
, 'type')
6478 entry
= etree
.SubElement(listelement
, 'entry')
6479 entry
.text
= 'badguy@%s' % realm
6480 adobject
= etree
.SubElement(listelement
, 'adobject')
6481 name
= etree
.SubElement(adobject
, 'name')
6482 name
.text
= 'badguy'
6483 domain
= etree
.SubElement(adobject
, 'domain')
6485 otype
= etree
.SubElement(adobject
, 'type')
6487 # Add a denied group
6488 groupattr
= etree
.SubElement(data
, 'groupattr')
6489 groupattr
.text
= 'samAccountName'
6490 listelement
= etree
.SubElement(data
, 'listelement')
6491 otype
= etree
.SubElement(listelement
, 'type')
6492 otype
.text
= 'GROUP'
6493 entry
= etree
.SubElement(listelement
, 'entry')
6494 entry
.text
= '%s\\badguys' % realm
6495 dn
= etree
.SubElement(listelement
, 'dn')
6496 dn
.text
= 'CN=badguys,CN=Users,%s' % base_dn
6497 adobject
= etree
.SubElement(listelement
, 'adobject')
6498 name
= etree
.SubElement(adobject
, 'name')
6499 name
.text
= 'badguys'
6500 domain
= etree
.SubElement(adobject
, 'domain')
6502 otype
= etree
.SubElement(adobject
, 'type')
6503 otype
.text
= 'group'
6504 ret
= stage_file(deny
, etree
.tostring(stage
))
6505 self
.assertTrue(ret
, 'Could not create the target %s' % deny
)
6507 # Process all gpos, with temp output directory
6508 with
TemporaryDirectory() as dname
:
6509 ext
.process_group_policy([], gpos
, dname
)
6510 conf
= os
.listdir(dname
)
6511 # There will be 2 files, the policy file and the deny file
6512 self
.assertEquals(len(conf
), 2, 'The conf file was not created')
6513 # Ignore the DENY_ALL conf file
6514 gp_cfg
= os
.path
.join(dname
,
6515 [c
for c
in conf
if '_gp_DENY_ALL.conf' not in c
][0])
6517 # Check the access config for the correct access.conf entries
6518 print('Config file %s found' % gp_cfg
)
6519 data
= open(gp_cfg
, 'r').read()
6520 self
.assertIn('+:%s\\goodguy:ALL' % realm
, data
)
6521 self
.assertIn('+:%s\\goodguys:ALL' % realm
, data
)
6522 self
.assertIn('-:%s\\badguy:ALL' % realm
, data
)
6523 self
.assertIn('-:%s\\badguys:ALL' % realm
, data
)
6525 # Check that a call to gpupdate --rsop also succeeds
6527 self
.assertEquals(ret
, 0, 'gpupdate --rsop failed!')
6530 gp_db
= store
.get_gplog(machine_creds
.get_username())
6531 del_gpos
= get_deleted_gpos_list(gp_db
, [])
6532 ext
.process_group_policy(del_gpos
, [], dname
)
6533 self
.assertFalse(os
.path
.exists(gp_cfg
),
6534 'Unapply failed to cleanup config')
6536 # Unstage the manifest.pol files
6540 def test_gnome_settings(self
):
6541 local_path
= self
.lp
.cache_path('gpo_cache')
6542 guid
= '{31B2F340-016D-11D2-945F-00C04FB984F9}'
6543 reg_pol
= os
.path
.join(local_path
, policies
, guid
,
6544 'MACHINE/REGISTRY.POL')
6545 cache_dir
= self
.lp
.get('cache directory')
6546 store
= GPOStorage(os
.path
.join(cache_dir
, 'gpo.tdb'))
6548 machine_creds
= Credentials()
6549 machine_creds
.guess(self
.lp
)
6550 machine_creds
.set_machine_account()
6552 # Initialize the group policy extension
6553 ext
= gp_gnome_settings_ext(self
.lp
, machine_creds
,
6554 machine_creds
.get_username(), store
)
6556 ads
= gpo
.ADS_STRUCT(self
.server
, self
.lp
, machine_creds
)
6558 gpos
= ads
.get_gpo_list(machine_creds
.get_username())
6560 # Stage the Registry.pol file with test data
6561 parser
= GPPolParser()
6562 parser
.load_xml(etree
.fromstring(gnome_test_reg_pol
.strip()))
6563 ret
= stage_file(reg_pol
, ndr_pack(parser
.pol_file
))
6564 self
.assertTrue(ret
, 'Could not create the target %s' % reg_pol
)
6566 with
TemporaryDirectory() as dname
:
6567 ext
.process_group_policy([], gpos
, dname
)
6569 local_db
= os
.path
.join(dname
, 'etc/dconf/db/local.d')
6570 self
.assertTrue(os
.path
.isdir(local_db
),
6571 'Local db dir not created')
6572 def db_check(name
, data
, count
=1):
6573 db
= glob(os
.path
.join(local_db
, '*-%s' % name
))
6574 self
.assertEquals(len(db
), count
, '%s not created' % name
)
6575 file_contents
= ConfigParser()
6576 file_contents
.read(db
)
6577 for key
in data
.keys():
6578 self
.assertTrue(file_contents
.has_section(key
),
6579 'Section %s not found' % key
)
6581 for k
, v
in options
.items():
6582 v_content
= file_contents
.get(key
, k
)
6583 self
.assertEqual(v_content
, v
,
6584 '%s: %s != %s' % (key
, v_content
, v
))
6586 def del_db_check(name
):
6587 db
= glob(os
.path
.join(local_db
, '*-%s' % name
))
6588 self
.assertEquals(len(db
), 0, '%s not deleted' % name
)
6590 locks
= os
.path
.join(local_db
, 'locks')
6591 self
.assertTrue(os
.path
.isdir(local_db
), 'Locks dir not created')
6592 def lock_check(name
, items
, count
=1):
6593 lock
= glob(os
.path
.join(locks
, '*%s' % name
))
6594 self
.assertEquals(len(lock
), count
,
6595 '%s lock not created' % name
)
6597 for i
in range(count
):
6598 file_contents
.extend(open(lock
[i
], 'r').read().split('\n'))
6600 self
.assertIn(data
, file_contents
,
6601 '%s lock not created' % data
)
6603 def del_lock_check(name
):
6604 lock
= glob(os
.path
.join(locks
, '*%s' % name
))
6605 self
.assertEquals(len(lock
), 0, '%s lock not deleted' % name
)
6607 # Check the user profile
6608 user_profile
= os
.path
.join(dname
, 'etc/dconf/profile/user')
6609 self
.assertTrue(os
.path
.exists(user_profile
),
6610 'User profile not created')
6612 # Enable the compose key
6613 data
= { 'org/gnome/desktop/input-sources':
6614 { 'xkb-options': '[\'compose:ralt\']' }
6616 db_check('input-sources', data
)
6617 items
= ['/org/gnome/desktop/input-sources/xkb-options']
6618 lock_check('input-sources', items
)
6620 # Dim screen when user is idle
6621 data
= { 'org/gnome/settings-daemon/plugins/power':
6622 { 'idle-dim': 'true',
6623 'idle-brightness': '30'
6626 db_check('power', data
)
6627 data
= { 'org/gnome/desktop/session':
6628 { 'idle-delay': 'uint32 300' }
6630 db_check('session', data
)
6631 items
= ['/org/gnome/settings-daemon/plugins/power/idle-dim',
6632 '/org/gnome/settings-daemon/plugins/power/idle-brightness',
6633 '/org/gnome/desktop/session/idle-delay']
6634 lock_check('power-saving', items
)
6636 # Lock down specific settings
6637 bg_locks
= ['/org/gnome/desktop/background/picture-uri',
6638 '/org/gnome/desktop/background/picture-options',
6639 '/org/gnome/desktop/background/primary-color',
6640 '/org/gnome/desktop/background/secondary-color']
6641 lock_check('group-policy', bg_locks
)
6643 # Lock down enabled extensions
6644 data
= { 'org/gnome/shell':
6645 { 'enabled-extensions':
6646 '[\'myextension1@myname.example.com\', \'myextension2@myname.example.com\']',
6647 'development-tools': 'false' }
6649 db_check('extensions', data
)
6650 items
= [ '/org/gnome/shell/enabled-extensions',
6651 '/org/gnome/shell/development-tools' ]
6652 lock_check('extensions', items
)
6654 # Disallow login using a fingerprint
6655 data
= { 'org/gnome/login-screen':
6656 { 'enable-fingerprint-authentication': 'false' }
6658 db_check('fingerprintreader', data
)
6659 items
= ['/org/gnome/login-screen/enable-fingerprint-authentication']
6660 lock_check('fingerprintreader', items
)
6662 # Disable user logout and user switching
6663 data
= { 'org/gnome/desktop/lockdown':
6664 { 'disable-log-out': 'true',
6665 'disable-user-switching': 'true' }
6667 db_check('logout', data
, 2)
6668 items
= ['/org/gnome/desktop/lockdown/disable-log-out',
6669 '/org/gnome/desktop/lockdown/disable-user-switching']
6670 lock_check('logout', items
, 2)
6672 # Disable repartitioning
6673 actions
= os
.path
.join(dname
, 'etc/share/polkit-1/actions')
6674 udisk2
= glob(os
.path
.join(actions
,
6675 'org.freedesktop.[u|U][d|D]isks2.policy'))
6676 self
.assertEquals(len(udisk2
), 1, 'udisk2 policy not created')
6677 udisk2_tree
= etree
.fromstring(open(udisk2
[0], 'r').read())
6678 actions
= udisk2_tree
.findall('action')
6679 md
= 'org.freedesktop.udisks2.modify-device'
6680 action
= [a
for a
in actions
if a
.attrib
['id'] == md
]
6681 self
.assertEquals(len(action
), 1, 'modify-device not found')
6682 defaults
= action
[0].find('defaults')
6683 self
.assertTrue(defaults
is not None,
6684 'modify-device defaults not found')
6685 allow_any
= defaults
.find('allow_any').text
6686 self
.assertEquals(allow_any
, 'no',
6687 'modify-device allow_any not set to no')
6688 allow_inactive
= defaults
.find('allow_inactive').text
6689 self
.assertEquals(allow_inactive
, 'no',
6690 'modify-device allow_inactive not set to no')
6691 allow_active
= defaults
.find('allow_active').text
6692 self
.assertEquals(allow_active
, 'yes',
6693 'modify-device allow_active not set to yes')
6696 data
= { 'org/gnome/desktop/lockdown':
6697 { 'disable-printing': 'true' }
6699 db_check('printing', data
)
6700 items
= ['/org/gnome/desktop/lockdown/disable-printing']
6701 lock_check('printing', items
)
6703 # Disable file saving
6704 data
= { 'org/gnome/desktop/lockdown':
6705 { 'disable-save-to-disk': 'true' }
6707 db_check('filesaving', data
)
6708 items
= ['/org/gnome/desktop/lockdown/disable-save-to-disk']
6709 lock_check('filesaving', items
)
6711 # Disable command-line access
6712 data
= { 'org/gnome/desktop/lockdown':
6713 { 'disable-command-line': 'true' }
6715 db_check('cmdline', data
)
6716 items
= ['/org/gnome/desktop/lockdown/disable-command-line']
6717 lock_check('cmdline', items
)
6719 # Allow or disallow online accounts
6720 data
= { 'org/gnome/online-accounts':
6721 { 'whitelisted-providers': '[\'google\']' }
6723 db_check('goa', data
)
6724 items
= ['/org/gnome/online-accounts/whitelisted-providers']
6725 lock_check('goa', items
)
6727 # Verify RSOP does not fail
6728 ext
.rsop([g
for g
in gpos
if g
.name
== guid
][0])
6730 # Check that a call to gpupdate --rsop also succeeds
6732 self
.assertEquals(ret
, 0, 'gpupdate --rsop failed!')
6735 gp_db
= store
.get_gplog(machine_creds
.get_username())
6736 del_gpos
= get_deleted_gpos_list(gp_db
, [])
6737 ext
.process_group_policy(del_gpos
, [], dname
)
6738 del_db_check('input-sources')
6739 del_lock_check('input-sources')
6740 del_db_check('power')
6741 del_db_check('session')
6742 del_lock_check('power-saving')
6743 del_lock_check('group-policy')
6744 del_db_check('extensions')
6745 del_lock_check('extensions')
6746 del_db_check('fingerprintreader')
6747 del_lock_check('fingerprintreader')
6748 del_db_check('logout')
6749 del_lock_check('logout')
6750 actions
= os
.path
.join(dname
, 'etc/share/polkit-1/actions')
6751 udisk2
= glob(os
.path
.join(actions
,
6752 'org.freedesktop.[u|U][d|D]isks2.policy'))
6753 self
.assertEquals(len(udisk2
), 0, 'udisk2 policy not deleted')
6754 del_db_check('printing')
6755 del_lock_check('printing')
6756 del_db_check('filesaving')
6757 del_lock_check('filesaving')
6758 del_db_check('cmdline')
6759 del_lock_check('cmdline')
6761 del_lock_check('goa')
6763 # Unstage the Registry.pol file
6764 unstage_file(reg_pol
)
6766 def test_gp_cert_auto_enroll_ext(self
):
6767 local_path
= self
.lp
.cache_path('gpo_cache')
6768 guid
= '{31B2F340-016D-11D2-945F-00C04FB984F9}'
6769 reg_pol
= os
.path
.join(local_path
, policies
, guid
,
6770 'MACHINE/REGISTRY.POL')
6771 cache_dir
= self
.lp
.get('cache directory')
6772 store
= GPOStorage(os
.path
.join(cache_dir
, 'gpo.tdb'))
6774 machine_creds
= Credentials()
6775 machine_creds
.guess(self
.lp
)
6776 machine_creds
.set_machine_account()
6778 # Initialize the group policy extension
6779 ext
= cae
.gp_cert_auto_enroll_ext(self
.lp
, machine_creds
,
6780 machine_creds
.get_username(), store
)
6782 ads
= gpo
.ADS_STRUCT(self
.server
, self
.lp
, machine_creds
)
6784 gpos
= ads
.get_gpo_list(machine_creds
.get_username())
6786 # Stage the Registry.pol file with test data
6787 parser
= GPPolParser()
6788 parser
.load_xml(etree
.fromstring(auto_enroll_reg_pol
.strip()))
6789 ret
= stage_file(reg_pol
, ndr_pack(parser
.pol_file
))
6790 self
.assertTrue(ret
, 'Could not create the target %s' % reg_pol
)
6792 # Write the dummy CA entry, Enrollment Services, and Templates Entries
6793 admin_creds
= Credentials()
6794 admin_creds
.set_username(os
.environ
.get('DC_USERNAME'))
6795 admin_creds
.set_password(os
.environ
.get('DC_PASSWORD'))
6796 admin_creds
.set_realm(os
.environ
.get('REALM'))
6797 hostname
= get_dc_hostname(machine_creds
, self
.lp
)
6798 url
= 'ldap://%s' % hostname
6799 ldb
= Ldb(url
=url
, session_info
=system_session(),
6800 lp
=self
.lp
, credentials
=admin_creds
)
6801 # Write the dummy CA
6802 confdn
= 'CN=Public Key Services,CN=Services,CN=Configuration,%s' % base_dn
6803 ca_cn
= '%s-CA' % hostname
.replace('.', '-')
6804 certa_dn
= 'CN=%s,CN=Certification Authorities,%s' % (ca_cn
, confdn
)
6805 ldb
.add({'dn': certa_dn
,
6806 'objectClass': 'certificationAuthority',
6807 'authorityRevocationList': ['XXX'],
6808 'cACertificate': 'XXX',
6809 'certificateRevocationList': ['XXX'],
6811 # Write the dummy pKIEnrollmentService
6812 enroll_dn
= 'CN=%s,CN=Enrollment Services,%s' % (ca_cn
, confdn
)
6813 ldb
.add({'dn': enroll_dn
,
6814 'objectClass': 'pKIEnrollmentService',
6815 'cACertificate': 'XXXX',
6816 'certificateTemplates': ['Machine'],
6817 'dNSHostName': hostname
,
6819 # Write the dummy pKICertificateTemplate
6820 template_dn
= 'CN=Machine,CN=Certificate Templates,%s' % confdn
6821 ldb
.add({'dn': template_dn
,
6822 'objectClass': 'pKICertificateTemplate',
6825 with
TemporaryDirectory() as dname
:
6826 ext
.process_group_policy([], gpos
, dname
, dname
)
6827 ca_crt
= os
.path
.join(dname
, '%s.crt' % ca_cn
)
6828 self
.assertTrue(os
.path
.exists(ca_crt
),
6829 'Root CA certificate was not requested')
6830 machine_crt
= os
.path
.join(dname
, '%s.Machine.crt' % ca_cn
)
6831 self
.assertTrue(os
.path
.exists(machine_crt
),
6832 'Machine certificate was not requested')
6833 machine_key
= os
.path
.join(dname
, '%s.Machine.key' % ca_cn
)
6834 self
.assertTrue(os
.path
.exists(machine_crt
),
6835 'Machine key was not generated')
6837 # Verify RSOP does not fail
6838 ext
.rsop([g
for g
in gpos
if g
.name
== guid
][0])
6840 # Check that a call to gpupdate --rsop also succeeds
6842 self
.assertEquals(ret
, 0, 'gpupdate --rsop failed!')
6845 gp_db
= store
.get_gplog(machine_creds
.get_username())
6846 del_gpos
= get_deleted_gpos_list(gp_db
, [])
6847 ext
.process_group_policy(del_gpos
, [], dname
)
6848 self
.assertFalse(os
.path
.exists(ca_crt
),
6849 'Root CA certificate was not removed')
6850 self
.assertFalse(os
.path
.exists(machine_crt
),
6851 'Machine certificate was not removed')
6852 self
.assertFalse(os
.path
.exists(machine_crt
),
6853 'Machine key was not removed')
6854 out
, _
= Popen(['getcert', 'list-cas'], stdout
=PIPE
).communicate()
6855 self
.assertNotIn(get_bytes(ca_cn
), out
, 'CA was not removed')
6856 out
, _
= Popen(['getcert', 'list'], stdout
=PIPE
).communicate()
6857 self
.assertNotIn(b
'Machine', out
,
6858 'Machine certificate not removed')
6860 # Remove the dummy CA, pKIEnrollmentService, and pKICertificateTemplate
6861 ldb
.delete(certa_dn
)
6862 ldb
.delete(enroll_dn
)
6863 ldb
.delete(template_dn
)
6865 # Unstage the Registry.pol file
6866 unstage_file(reg_pol
)
6868 def test_gp_user_scripts_ext(self
):
6869 local_path
= self
.lp
.cache_path('gpo_cache')
6870 guid
= '{31B2F340-016D-11D2-945F-00C04FB984F9}'
6871 reg_pol
= os
.path
.join(local_path
, policies
, guid
,
6872 'USER/REGISTRY.POL')
6873 cache_dir
= self
.lp
.get('cache directory')
6874 store
= GPOStorage(os
.path
.join(cache_dir
, 'gpo.tdb'))
6876 machine_creds
= Credentials()
6877 machine_creds
.guess(self
.lp
)
6878 machine_creds
.set_machine_account()
6880 # Initialize the group policy extension
6881 ext
= gp_user_scripts_ext(self
.lp
, machine_creds
,
6882 os
.environ
.get('DC_USERNAME'), store
)
6884 ads
= gpo
.ADS_STRUCT(self
.server
, self
.lp
, machine_creds
)
6886 gpos
= ads
.get_gpo_list(machine_creds
.get_username())
6888 reg_key
= b
'Software\\Policies\\Samba\\Unix Settings'
6889 sections
= { b
'%s\\Daily Scripts' % reg_key
: b
'@daily',
6890 b
'%s\\Monthly Scripts' % reg_key
: b
'@monthly',
6891 b
'%s\\Weekly Scripts' % reg_key
: b
'@weekly',
6892 b
'%s\\Hourly Scripts' % reg_key
: b
'@hourly' }
6893 for keyname
in sections
.keys():
6894 # Stage the Registry.pol file with test data
6898 e
.valuename
= b
'Software\\Policies\\Samba\\Unix Settings'
6900 e
.data
= b
'echo hello world'
6901 stage
.num_entries
= 1
6903 ret
= stage_file(reg_pol
, ndr_pack(stage
))
6904 self
.assertTrue(ret
, 'Could not create the target %s' % reg_pol
)
6906 # Process all gpos, intentionally skipping the privilege drop
6907 ext
.process_group_policy([], gpos
)
6908 # Dump the fake crontab setup for testing
6909 p
= Popen(['crontab', '-l'], stdout
=PIPE
)
6910 crontab
, _
= p
.communicate()
6911 entry
= b
'%s %s' % (sections
[keyname
], e
.data
.encode())
6912 self
.assertIn(entry
, crontab
,
6913 'The crontab entry was not installed')
6915 # Check that a call to gpupdate --rsop also succeeds
6917 self
.assertEquals(ret
, 0, 'gpupdate --rsop failed!')
6920 gp_db
= store
.get_gplog(os
.environ
.get('DC_USERNAME'))
6921 del_gpos
= get_deleted_gpos_list(gp_db
, [])
6922 ext
.process_group_policy(del_gpos
, [])
6923 # Dump the fake crontab setup for testing
6924 p
= Popen(['crontab', '-l'], stdout
=PIPE
)
6925 crontab
, _
= p
.communicate()
6926 self
.assertNotIn(entry
, crontab
,
6927 'Unapply failed to cleanup crontab entry')
6929 # Unstage the Registry.pol file
6930 unstage_file(reg_pol
)
6932 def test_gp_firefox_ext(self
):
6933 local_path
= self
.lp
.cache_path('gpo_cache')
6934 guid
= '{31B2F340-016D-11D2-945F-00C04FB984F9}'
6935 reg_pol
= os
.path
.join(local_path
, policies
, guid
,
6936 'MACHINE/REGISTRY.POL')
6937 cache_dir
= self
.lp
.get('cache directory')
6938 store
= GPOStorage(os
.path
.join(cache_dir
, 'gpo.tdb'))
6940 machine_creds
= Credentials()
6941 machine_creds
.guess(self
.lp
)
6942 machine_creds
.set_machine_account()
6944 # Initialize the group policy extension
6945 ext
= gp_firefox_ext(self
.lp
, machine_creds
,
6946 machine_creds
.get_username(), store
)
6948 ads
= gpo
.ADS_STRUCT(self
.server
, self
.lp
, machine_creds
)
6950 gpos
= ads
.get_gpo_list(machine_creds
.get_username())
6952 # Stage the Registry.pol file with test data
6953 parser
= GPPolParser()
6954 parser
.load_xml(etree
.fromstring(firefox_reg_pol
.strip()))
6955 ret
= stage_file(reg_pol
, ndr_pack(parser
.pol_file
))
6956 self
.assertTrue(ret
, 'Could not create the target %s' % reg_pol
)
6958 with
TemporaryDirectory() as dname
:
6959 ext
.process_group_policy([], gpos
, dname
)
6960 policies_file
= os
.path
.join(dname
, 'policies.json')
6961 with
open(policies_file
, 'r') as r
:
6962 policy_data
= json
.load(r
)
6963 expected_policy_data
= json
.loads(firefox_json_expected
)
6964 self
.assertIn('policies', policy_data
, 'Policies were not applied')
6965 self
.assertEqual(expected_policy_data
['policies'].keys(),
6966 policy_data
['policies'].keys(),
6967 'Firefox policies are missing')
6968 for name
in expected_policy_data
['policies'].keys():
6969 self
.assertEqual(expected_policy_data
['policies'][name
],
6970 policy_data
['policies'][name
],
6971 'Policies were not applied')
6973 # Verify RSOP does not fail
6974 ext
.rsop([g
for g
in gpos
if g
.name
== guid
][0])
6976 # Check that a call to gpupdate --rsop also succeeds
6978 self
.assertEquals(ret
, 0, 'gpupdate --rsop failed!')
6980 # Unapply the policy
6981 gp_db
= store
.get_gplog(machine_creds
.get_username())
6982 del_gpos
= get_deleted_gpos_list(gp_db
, [])
6983 ext
.process_group_policy(del_gpos
, [], dname
)
6984 if os
.path
.exists(policies_file
):
6985 data
= json
.load(open(policies_file
, 'r'))
6986 if 'policies' in data
.keys():
6987 self
.assertEqual(len(data
['policies'].keys()), 0,
6988 'The policy was not unapplied')
6990 # Unstage the Registry.pol file
6991 unstage_file(reg_pol
)
6993 def test_gp_chromium_ext(self
):
6994 local_path
= self
.lp
.cache_path('gpo_cache')
6995 guid
= '{31B2F340-016D-11D2-945F-00C04FB984F9}'
6996 reg_pol
= os
.path
.join(local_path
, policies
, guid
,
6997 'MACHINE/REGISTRY.POL')
6998 cache_dir
= self
.lp
.get('cache directory')
6999 store
= GPOStorage(os
.path
.join(cache_dir
, 'gpo.tdb'))
7001 machine_creds
= Credentials()
7002 machine_creds
.guess(self
.lp
)
7003 machine_creds
.set_machine_account()
7005 # Initialize the group policy extension
7006 ext
= gp_chromium_ext(self
.lp
, machine_creds
,
7007 machine_creds
.get_username(), store
)
7009 ads
= gpo
.ADS_STRUCT(self
.server
, self
.lp
, machine_creds
)
7011 gpos
= ads
.get_gpo_list(machine_creds
.get_username())
7013 # Stage the Registry.pol file with test data
7014 parser
= GPPolParser()
7015 parser
.load_xml(etree
.fromstring(chromium_reg_pol
.strip()))
7016 ret
= stage_file(reg_pol
, ndr_pack(parser
.pol_file
))
7017 self
.assertTrue(ret
, 'Could not create the target %s' % reg_pol
)
7019 with
TemporaryDirectory() as dname
:
7020 ext
.process_group_policy([], gpos
, dname
)
7021 managed
= os
.path
.join(dname
, 'managed')
7022 managed_files
= os
.listdir(managed
)
7023 self
.assertEquals(len(managed_files
), 1,
7024 'Chromium policies are missing')
7025 managed_file
= os
.path
.join(managed
, managed_files
[0])
7026 with
open(managed_file
, 'r') as r
:
7027 managed_data
= json
.load(r
)
7028 recommended
= os
.path
.join(dname
, 'recommended')
7029 recommended_files
= os
.listdir(recommended
)
7030 self
.assertEquals(len(recommended_files
), 1,
7031 'Chromium policies are missing')
7032 recommended_file
= os
.path
.join(recommended
, recommended_files
[0])
7033 with
open(recommended_file
, 'r') as r
:
7034 recommended_data
= json
.load(r
)
7035 expected_managed_data
= json
.loads(chromium_json_expected_managed
)
7036 expected_recommended_data
= \
7037 json
.loads(chromium_json_expected_recommended
)
7039 self
.assertEqual(sorted(expected_managed_data
.keys()),
7040 sorted(managed_data
.keys()),
7041 'Chromium policies are missing')
7042 for name
in expected_managed_data
.keys():
7043 self
.assertEqual(expected_managed_data
[name
],
7045 'Policies were not applied')
7046 self
.assertEqual(expected_recommended_data
.keys(),
7047 recommended_data
.keys(),
7048 'Chromium policies are missing')
7049 for name
in expected_recommended_data
.keys():
7050 self
.assertEqual(expected_recommended_data
[name
],
7051 recommended_data
[name
],
7052 'Policies were not applied')
7054 # Ensure modifying the policy does not generate extra policy files
7055 unstage_file(reg_pol
)
7056 # Change a managed entry:
7057 parser
.pol_file
.entries
[0].data
= 0
7058 # Change a recommended entry:
7059 parser
.pol_file
.entries
[-1].data
= b
'https://google.com'
7060 ret
= stage_file(reg_pol
, ndr_pack(parser
.pol_file
))
7061 self
.assertTrue(ret
, 'Could not create the target %s' % reg_pol
)
7063 ext
.process_group_policy([], gpos
, dname
)
7064 managed_files
= os
.listdir(managed
)
7065 self
.assertEquals(len(managed_files
), 1,
7066 'Number of Chromium policies is incorrect')
7067 omanaged_file
= managed_file
7068 managed_file
= os
.path
.join(managed
, managed_files
[0])
7069 self
.assertNotEquals(omanaged_file
, managed_file
,
7070 'The managed Chromium file did not change')
7072 recommended_files
= os
.listdir(recommended
)
7073 self
.assertEquals(len(recommended_files
), 1,
7074 'Number of Chromium policies is incorrect')
7075 orecommended_file
= recommended_file
7076 recommended_file
= os
.path
.join(recommended
, recommended_files
[0])
7077 self
.assertNotEquals(orecommended_file
, recommended_file
,
7078 'The recommended Chromium file did not change')
7080 # Verify RSOP does not fail
7081 ext
.rsop([g
for g
in gpos
if g
.name
== guid
][0])
7083 # Check that a call to gpupdate --rsop also succeeds
7085 self
.assertEquals(ret
, 0, 'gpupdate --rsop failed!')
7087 # Unapply the policy
7088 gp_db
= store
.get_gplog(machine_creds
.get_username())
7089 del_gpos
= get_deleted_gpos_list(gp_db
, [])
7090 ext
.process_group_policy(del_gpos
, [], dname
)
7091 managed
= os
.path
.join(managed
, managed_files
[0])
7092 if os
.path
.exists(managed
):
7093 data
= json
.load(open(managed
, 'r'))
7094 self
.assertEqual(len(data
.keys()), 0,
7095 'The policy was not unapplied')
7096 recommended
= os
.path
.join(recommended
, recommended_files
[0])
7097 if os
.path
.exists(recommended
):
7098 data
= json
.load(open(recommended
, 'r'))
7099 self
.assertEqual(len(data
.keys()), 0,
7100 'The policy was not unapplied')
7102 # Unstage the Registry.pol file
7103 unstage_file(reg_pol
)
7105 def test_gp_firewalld_ext(self
):
7106 local_path
= self
.lp
.cache_path('gpo_cache')
7107 guid
= '{31B2F340-016D-11D2-945F-00C04FB984F9}'
7108 reg_pol
= os
.path
.join(local_path
, policies
, guid
,
7109 'MACHINE/REGISTRY.POL')
7110 cache_dir
= self
.lp
.get('cache directory')
7111 store
= GPOStorage(os
.path
.join(cache_dir
, 'gpo.tdb'))
7113 machine_creds
= Credentials()
7114 machine_creds
.guess(self
.lp
)
7115 machine_creds
.set_machine_account()
7117 # Initialize the group policy extension
7118 ext
= gp_firewalld_ext(self
.lp
, machine_creds
,
7119 machine_creds
.get_username(), store
)
7121 ads
= gpo
.ADS_STRUCT(self
.server
, self
.lp
, machine_creds
)
7123 gpos
= ads
.get_gpo_list(machine_creds
.get_username())
7125 # Stage the Registry.pol file with test data
7126 parser
= GPPolParser()
7127 parser
.load_xml(etree
.fromstring(firewalld_reg_pol
.strip()))
7128 ret
= stage_file(reg_pol
, ndr_pack(parser
.pol_file
))
7129 self
.assertTrue(ret
, 'Could not create the target %s' % reg_pol
)
7131 ext
.process_group_policy([], gpos
)
7133 # Check that the policy was applied
7134 firewall_cmd
= which('firewall-cmd')
7135 cmd
= [firewall_cmd
, '--get-zones']
7136 p
= Popen(cmd
, stdout
=PIPE
, stderr
=PIPE
)
7137 out
, err
= p
.communicate()
7138 self
.assertIn(b
'work', out
, 'Failed to apply zones')
7139 self
.assertIn(b
'home', out
, 'Failed to apply zones')
7141 cmd
= [firewall_cmd
, '--zone=work', '--list-interfaces']
7142 p
= Popen(cmd
, stdout
=PIPE
, stderr
=PIPE
)
7143 out
, err
= p
.communicate()
7144 self
.assertIn(b
'eth0', out
, 'Failed to set interface on zone')
7146 cmd
= [firewall_cmd
, '--zone=home', '--list-interfaces']
7147 p
= Popen(cmd
, stdout
=PIPE
, stderr
=PIPE
)
7148 out
, err
= p
.communicate()
7149 self
.assertIn(b
'eth0', out
, 'Failed to set interface on zone')
7151 cmd
= [firewall_cmd
, '--zone=work', '--list-rich-rules']
7152 p
= Popen(cmd
, stdout
=PIPE
, stderr
=PIPE
)
7153 out
, err
= p
.communicate()
7154 rule
= b
'rule family=ipv4 source address=172.25.1.7 ' + \
7155 b
'service name=ftp reject'
7156 self
.assertEquals(rule
, out
.strip(), 'Failed to set rich rule')
7158 # Verify RSOP does not fail
7159 ext
.rsop([g
for g
in gpos
if g
.name
== guid
][0])
7161 # Check that a call to gpupdate --rsop also succeeds
7163 self
.assertEquals(ret
, 0, 'gpupdate --rsop failed!')
7165 # Unapply the policy
7166 gp_db
= store
.get_gplog(machine_creds
.get_username())
7167 del_gpos
= get_deleted_gpos_list(gp_db
, [])
7168 ext
.process_group_policy(del_gpos
, [])
7170 # Check that the policy was unapplied
7171 cmd
= [firewall_cmd
, '--get-zones']
7172 p
= Popen(cmd
, stdout
=PIPE
, stderr
=PIPE
)
7173 out
, err
= p
.communicate()
7174 self
.assertNotIn(b
'work', out
, 'Failed to unapply zones')
7175 self
.assertNotIn(b
'home', out
, 'Failed to unapply zones')
7177 # Unstage the Registry.pol file
7178 unstage_file(reg_pol
)
7180 def test_advanced_gp_cert_auto_enroll_ext(self
):
7181 local_path
= self
.lp
.cache_path('gpo_cache')
7182 guid
= '{31B2F340-016D-11D2-945F-00C04FB984F9}'
7183 reg_pol
= os
.path
.join(local_path
, policies
, guid
,
7184 'MACHINE/REGISTRY.POL')
7185 cache_dir
= self
.lp
.get('cache directory')
7186 store
= GPOStorage(os
.path
.join(cache_dir
, 'gpo.tdb'))
7188 machine_creds
= Credentials()
7189 machine_creds
.guess(self
.lp
)
7190 machine_creds
.set_machine_account()
7192 # Initialize the group policy extension
7193 ext
= cae
.gp_cert_auto_enroll_ext(self
.lp
, machine_creds
,
7194 machine_creds
.get_username(), store
)
7196 ads
= gpo
.ADS_STRUCT(self
.server
, self
.lp
, machine_creds
)
7198 gpos
= ads
.get_gpo_list(machine_creds
.get_username())
7200 admin_creds
= Credentials()
7201 admin_creds
.set_username(os
.environ
.get('DC_USERNAME'))
7202 admin_creds
.set_password(os
.environ
.get('DC_PASSWORD'))
7203 admin_creds
.set_realm(os
.environ
.get('REALM'))
7204 hostname
= get_dc_hostname(machine_creds
, self
.lp
)
7205 url
= 'ldap://%s' % hostname
7206 ldb
= Ldb(url
=url
, session_info
=system_session(),
7207 lp
=self
.lp
, credentials
=admin_creds
)
7209 # Stage the Registry.pol file with test data
7210 res
= ldb
.search('', _ldb
.SCOPE_BASE
, '(objectClass=*)',
7211 ['rootDomainNamingContext'])
7212 self
.assertTrue(len(res
) == 1, 'rootDomainNamingContext not found')
7213 res2
= ldb
.search(res
[0]['rootDomainNamingContext'][0],
7214 _ldb
.SCOPE_BASE
, '(objectClass=*)', ['objectGUID'])
7215 self
.assertTrue(len(res2
) == 1, 'objectGUID not found')
7216 objectGUID
= b
'{%s}' % \
7217 cae
.octet_string_to_objectGUID(res2
[0]['objectGUID'][0]).upper().encode()
7218 parser
= GPPolParser()
7219 parser
.load_xml(etree
.fromstring(advanced_enroll_reg_pol
.strip() % \
7220 (objectGUID
, objectGUID
, objectGUID
, objectGUID
)))
7221 ret
= stage_file(reg_pol
, ndr_pack(parser
.pol_file
))
7222 self
.assertTrue(ret
, 'Could not create the target %s' % reg_pol
)
7224 # Write the dummy CA entry
7225 confdn
= 'CN=Public Key Services,CN=Services,CN=Configuration,%s' % base_dn
7226 ca_cn
= '%s-CA' % hostname
.replace('.', '-')
7227 certa_dn
= 'CN=%s,CN=Certification Authorities,%s' % (ca_cn
, confdn
)
7228 ldb
.add({'dn': certa_dn
,
7229 'objectClass': 'certificationAuthority',
7230 'authorityRevocationList': ['XXX'],
7231 'cACertificate': 'XXX',
7232 'certificateRevocationList': ['XXX'],
7234 # Write the dummy pKIEnrollmentService
7235 enroll_dn
= 'CN=%s,CN=Enrollment Services,%s' % (ca_cn
, confdn
)
7236 ldb
.add({'dn': enroll_dn
,
7237 'objectClass': 'pKIEnrollmentService',
7238 'cACertificate': 'XXXX',
7239 'certificateTemplates': ['Machine'],
7240 'dNSHostName': hostname
,
7242 # Write the dummy pKICertificateTemplate
7243 template_dn
= 'CN=Machine,CN=Certificate Templates,%s' % confdn
7244 ldb
.add({'dn': template_dn
,
7245 'objectClass': 'pKICertificateTemplate',
7248 with
TemporaryDirectory() as dname
:
7249 ext
.process_group_policy([], gpos
, dname
, dname
)
7250 ca_list
= [ca_cn
, 'example0-com-CA', 'example1-com-CA',
7253 ca_crt
= os
.path
.join(dname
, '%s.crt' % ca
)
7254 self
.assertTrue(os
.path
.exists(ca_crt
),
7255 'Root CA certificate was not requested')
7256 machine_crt
= os
.path
.join(dname
, '%s.Machine.crt' % ca
)
7257 self
.assertTrue(os
.path
.exists(machine_crt
),
7258 'Machine certificate was not requested')
7259 machine_key
= os
.path
.join(dname
, '%s.Machine.key' % ca
)
7260 self
.assertTrue(os
.path
.exists(machine_crt
),
7261 'Machine key was not generated')
7263 # Verify RSOP does not fail
7264 ext
.rsop([g
for g
in gpos
if g
.name
== guid
][0])
7266 # Check that a call to gpupdate --rsop also succeeds
7268 self
.assertEquals(ret
, 0, 'gpupdate --rsop failed!')
7271 gp_db
= store
.get_gplog(machine_creds
.get_username())
7272 del_gpos
= get_deleted_gpos_list(gp_db
, [])
7273 ext
.process_group_policy(del_gpos
, [], dname
)
7274 self
.assertFalse(os
.path
.exists(ca_crt
),
7275 'Root CA certificate was not removed')
7276 self
.assertFalse(os
.path
.exists(machine_crt
),
7277 'Machine certificate was not removed')
7278 self
.assertFalse(os
.path
.exists(machine_crt
),
7279 'Machine key was not removed')
7280 out
, _
= Popen(['getcert', 'list-cas'], stdout
=PIPE
).communicate()
7282 self
.assertNotIn(get_bytes(ca
), out
, 'CA was not removed')
7283 out
, _
= Popen(['getcert', 'list'], stdout
=PIPE
).communicate()
7284 self
.assertNotIn(b
'Machine', out
,
7285 'Machine certificate not removed')
7287 # Remove the dummy CA, pKIEnrollmentService, and pKICertificateTemplate
7288 ldb
.delete(certa_dn
)
7289 ldb
.delete(enroll_dn
)
7290 ldb
.delete(template_dn
)
7292 # Unstage the Registry.pol file
7293 unstage_file(reg_pol
)
7295 def test_gp_centrify_sudoers_ext(self
):
7296 local_path
= self
.lp
.cache_path('gpo_cache')
7297 guid
= '{31B2F340-016D-11D2-945F-00C04FB984F9}'
7298 reg_pol
= os
.path
.join(local_path
, policies
, guid
,
7299 'MACHINE/REGISTRY.POL')
7300 cache_dir
= self
.lp
.get('cache directory')
7301 store
= GPOStorage(os
.path
.join(cache_dir
, 'gpo.tdb'))
7303 machine_creds
= Credentials()
7304 machine_creds
.guess(self
.lp
)
7305 machine_creds
.set_machine_account()
7307 # Initialize the group policy extension
7308 ext
= gp_centrify_sudoers_ext(self
.lp
, machine_creds
,
7309 machine_creds
.get_username(), store
)
7311 ads
= gpo
.ADS_STRUCT(self
.server
, self
.lp
, machine_creds
)
7313 gpos
= ads
.get_gpo_list(machine_creds
.get_username())
7315 # Stage the Registry.pol file with test data
7318 e1
.keyname
= b
'Software\\Policies\\Centrify\\UnixSettings'
7319 e1
.valuename
= b
'sudo.enabled'
7323 e2
.keyname
= b
'Software\\Policies\\Centrify\\UnixSettings\\SuDo'
7326 e2
.data
= b
'fakeu ALL=(ALL) NOPASSWD: ALL'
7327 stage
.num_entries
= 2
7328 stage
.entries
= [e1
, e2
]
7329 ret
= stage_file(reg_pol
, ndr_pack(stage
))
7330 self
.assertTrue(ret
, 'Could not create the target %s' % reg_pol
)
7332 # Process all gpos, with temp output directory
7333 with
TemporaryDirectory() as dname
:
7334 ext
.process_group_policy([], gpos
, dname
)
7335 sudoers
= os
.listdir(dname
)
7336 self
.assertEquals(len(sudoers
), 1, 'The sudoer file was not created')
7337 sudoers_file
= os
.path
.join(dname
, sudoers
[0])
7338 self
.assertIn(e2
.data
, open(sudoers_file
, 'r').read(),
7339 'The sudoers entry was not applied')
7341 # Remove the sudoers file, and make sure a re-apply puts it back
7342 os
.unlink(sudoers_file
)
7343 ext
.process_group_policy([], gpos
, dname
)
7344 sudoers
= os
.listdir(dname
)
7345 self
.assertEquals(len(sudoers
), 1,
7346 'The sudoer file was not recreated')
7347 sudoers_file
= os
.path
.join(dname
, sudoers
[0])
7348 self
.assertIn(e2
.data
, open(sudoers_file
, 'r').read(),
7349 'The sudoers entry was not reapplied')
7351 # Check that a call to gpupdate --rsop also succeeds
7353 self
.assertEquals(ret
, 0, 'gpupdate --rsop failed!')
7356 gp_db
= store
.get_gplog(machine_creds
.get_username())
7357 del_gpos
= get_deleted_gpos_list(gp_db
, [])
7358 ext
.process_group_policy(del_gpos
, [])
7359 self
.assertEquals(len(os
.listdir(dname
)), 0,
7360 'Unapply failed to cleanup scripts')
7362 # Unstage the Registry.pol file
7363 unstage_file(reg_pol
)
7365 def test_gp_centrify_crontab_ext(self
):
7366 local_path
= self
.lp
.cache_path('gpo_cache')
7367 guid
= '{31B2F340-016D-11D2-945F-00C04FB984F9}'
7368 reg_pol
= os
.path
.join(local_path
, policies
, guid
,
7369 'MACHINE/REGISTRY.POL')
7370 cache_dir
= self
.lp
.get('cache directory')
7371 store
= GPOStorage(os
.path
.join(cache_dir
, 'gpo.tdb'))
7373 machine_creds
= Credentials()
7374 machine_creds
.guess(self
.lp
)
7375 machine_creds
.set_machine_account()
7377 # Initialize the group policy extension
7378 ext
= gp_centrify_crontab_ext(self
.lp
, machine_creds
,
7379 machine_creds
.get_username(), store
)
7381 ads
= gpo
.ADS_STRUCT(self
.server
, self
.lp
, machine_creds
)
7383 gpos
= ads
.get_gpo_list(machine_creds
.get_username())
7385 # Stage the Registry.pol file with test data
7389 b
'Software\\Policies\\Centrify\\UnixSettings\\CrontabEntries'
7390 e
.valuename
= b
'Command1'
7392 e
.data
= b
'17 * * * * root echo hello world'
7393 stage
.num_entries
= 1
7395 ret
= stage_file(reg_pol
, ndr_pack(stage
))
7396 self
.assertTrue(ret
, 'Could not create the target %s' % reg_pol
)
7398 # Process all gpos, with temp output directory
7399 with
TemporaryDirectory() as dname
:
7400 ext
.process_group_policy([], gpos
, dname
)
7401 cron_entries
= os
.listdir(dname
)
7402 self
.assertEquals(len(cron_entries
), 1, 'Cron entry not created')
7403 fname
= os
.path
.join(dname
, cron_entries
[0])
7404 data
= open(fname
, 'rb').read()
7405 self
.assertIn(get_bytes(e
.data
), data
, 'Cron entry is missing')
7407 # Check that a call to gpupdate --rsop also succeeds
7409 self
.assertEquals(ret
, 0, 'gpupdate --rsop failed!')
7412 gp_db
= store
.get_gplog(machine_creds
.get_username())
7413 del_gpos
= get_deleted_gpos_list(gp_db
, [])
7414 ext
.process_group_policy(del_gpos
, [])
7415 self
.assertEquals(len(os
.listdir(dname
)), 0,
7416 'Unapply failed to cleanup script')
7418 # Unstage the Registry.pol file
7419 unstage_file(reg_pol
)
7421 def test_gp_user_centrify_crontab_ext(self
):
7422 local_path
= self
.lp
.cache_path('gpo_cache')
7423 guid
= '{31B2F340-016D-11D2-945F-00C04FB984F9}'
7424 reg_pol
= os
.path
.join(local_path
, policies
, guid
,
7425 'USER/REGISTRY.POL')
7426 cache_dir
= self
.lp
.get('cache directory')
7427 store
= GPOStorage(os
.path
.join(cache_dir
, 'gpo.tdb'))
7429 machine_creds
= Credentials()
7430 machine_creds
.guess(self
.lp
)
7431 machine_creds
.set_machine_account()
7433 # Initialize the group policy extension
7434 ext
= gp_user_centrify_crontab_ext(self
.lp
, machine_creds
,
7435 os
.environ
.get('DC_USERNAME'),
7438 ads
= gpo
.ADS_STRUCT(self
.server
, self
.lp
, machine_creds
)
7440 gpos
= ads
.get_gpo_list(machine_creds
.get_username())
7442 # Stage the Registry.pol file with test data
7446 b
'Software\\Policies\\Centrify\\UnixSettings\\CrontabEntries'
7447 e
.valuename
= b
'Command1'
7449 e
.data
= b
'17 * * * * echo hello world'
7450 stage
.num_entries
= 1
7452 ret
= stage_file(reg_pol
, ndr_pack(stage
))
7453 self
.assertTrue(ret
, 'Could not create the target %s' % reg_pol
)
7455 # Process all gpos, intentionally skipping the privilege drop
7456 ext
.process_group_policy([], gpos
)
7457 # Dump the fake crontab setup for testing
7458 p
= Popen(['crontab', '-l'], stdout
=PIPE
)
7459 crontab
, _
= p
.communicate()
7460 self
.assertIn(get_bytes(e
.data
), crontab
,
7461 'The crontab entry was not installed')
7463 # Check that a call to gpupdate --rsop also succeeds
7465 self
.assertEquals(ret
, 0, 'gpupdate --rsop failed!')
7468 gp_db
= store
.get_gplog(os
.environ
.get('DC_USERNAME'))
7469 del_gpos
= get_deleted_gpos_list(gp_db
, [])
7470 ext
.process_group_policy(del_gpos
, [])
7471 # Dump the fake crontab setup for testing
7472 p
= Popen(['crontab', '-l'], stdout
=PIPE
)
7473 crontab
, _
= p
.communicate()
7474 self
.assertNotIn(get_bytes(e
.data
), crontab
,
7475 'Unapply failed to cleanup crontab entry')
7477 # Unstage the Registry.pol file
7478 unstage_file(reg_pol
)