1 # Unix SMB/CIFS implementation. Tests for smb manipulation
2 # Copyright (C) David Mulder <dmulder@suse.com> 2018
4 # This program is free software; you can redistribute it and/or modify
5 # it under the terms of the GNU General Public License as published by
6 # the Free Software Foundation; either version 3 of the License, or
7 # (at your option) any later version.
9 # This program is distributed in the hope that it will be useful,
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 # GNU General Public License for more details.
14 # You should have received a copy of the GNU General Public License
15 # along with this program. If not, see <http://www.gnu.org/licenses/>.
17 import os
, grp
, pwd
, re
19 from samba
import gpo
, tests
20 from samba
.gp
.gpclass
import register_gp_extension
, list_gp_extensions
, \
21 unregister_gp_extension
, GPOStorage
, get_gpo_list
22 from samba
.param
import LoadParm
23 from samba
.gp
.gpclass
import check_refresh_gpo_list
, check_safe_path
, \
24 check_guid
, parse_gpext_conf
, atomic_write_conf
, get_deleted_gpos_list
25 from subprocess
import Popen
, PIPE
26 from tempfile
import NamedTemporaryFile
, TemporaryDirectory
27 from samba
.gp
import gpclass
28 # Disable privilege dropping for testing
29 gpclass
.drop_privileges
= lambda _
, func
, *args
: func(*args
)
30 from samba
.gp
.gp_sec_ext
import gp_krb_ext
31 from samba
.gp
.gp_scripts_ext
import gp_scripts_ext
, gp_user_scripts_ext
32 from samba
.gp
.gp_sudoers_ext
import gp_sudoers_ext
33 from samba
.gp
.vgp_sudoers_ext
import vgp_sudoers_ext
34 from samba
.gp
.vgp_symlink_ext
import vgp_symlink_ext
35 from samba
.gp
.gpclass
import gp_inf_ext
36 from samba
.gp
.gp_smb_conf_ext
import gp_smb_conf_ext
37 from samba
.gp
.vgp_files_ext
import vgp_files_ext
38 from samba
.gp
.vgp_openssh_ext
import vgp_openssh_ext
39 from samba
.gp
.vgp_startup_scripts_ext
import vgp_startup_scripts_ext
40 from samba
.gp
.vgp_motd_ext
import vgp_motd_ext
41 from samba
.gp
.vgp_issue_ext
import vgp_issue_ext
42 from samba
.gp
.vgp_access_ext
import vgp_access_ext
43 from samba
.gp
.gp_gnome_settings_ext
import gp_gnome_settings_ext
44 from samba
.gp
import gp_cert_auto_enroll_ext
as cae
45 from samba
.gp
.gp_firefox_ext
import gp_firefox_ext
46 from samba
.gp
.gp_chromium_ext
import gp_chromium_ext
47 from samba
.gp
.gp_firewalld_ext
import gp_firewalld_ext
48 from samba
.credentials
import Credentials
49 from samba
.gp
.gp_msgs_ext
import gp_msgs_ext
50 from samba
.gp
.gp_centrify_sudoers_ext
import gp_centrify_sudoers_ext
51 from samba
.gp
.gp_centrify_crontab_ext
import gp_centrify_crontab_ext
, \
52 gp_user_centrify_crontab_ext
53 from samba
.gp
.gp_drive_maps_ext
import gp_drive_maps_user_ext
54 from samba
.common
import get_bytes
55 from samba
.dcerpc
import preg
56 from samba
.ndr
import ndr_pack
58 from shutil
import copyfile
59 import xml
.etree
.ElementTree
as etree
61 from samba
.gp_parse
.gp_pol
import GPPolParser
63 from configparser
import ConfigParser
64 from samba
.gp
.gpclass
import get_dc_hostname
, expand_pref_variables
67 from samba
.auth
import system_session
69 from shutil
import which
71 from cryptography
import x509
72 from cryptography
.hazmat
.primitives
import hashes
73 from cryptography
.hazmat
.backends
import default_backend
74 from cryptography
.hazmat
.primitives
.asymmetric
import rsa
75 from cryptography
.hazmat
.primitives
.serialization
import Encoding
76 from datetime
import datetime
, timedelta
, timezone
77 from samba
.samba3
import param
as s3param
79 def dummy_certificate():
81 x509
.NameAttribute(x509
.NameOID
.COMMON_NAME
,
82 os
.environ
.get('SERVER'))
84 cons
= x509
.BasicConstraints(ca
=True, path_length
=0)
85 now
= datetime
.now(tz
=timezone
.utc
)
87 key
= rsa
.generate_private_key(public_exponent
=65537, key_size
=2048,
88 backend
=default_backend())
91 x509
.CertificateBuilder()
94 .public_key(key
.public_key())
96 .not_valid_before(now
)
97 .not_valid_after(now
+ timedelta(seconds
=300))
98 .add_extension(cons
, False)
99 .sign(key
, hashes
.SHA256(), default_backend())
102 return cert
.public_bytes(encoding
=Encoding
.DER
)
104 # Dummy requests structure for Certificate Auto Enrollment
105 class dummy_requests(object):
107 def get(url
=None, params
=None):
108 dummy
= requests
.Response()
109 dummy
._content
= dummy_certificate()
110 dummy
.headers
= {'Content-Type': 'application/x-x509-ca-cert'}
113 class exceptions(object):
114 ConnectionError
= Exception
115 cae
.requests
= dummy_requests
117 realm
= os
.environ
.get('REALM')
118 policies
= realm
+ '/POLICIES'
119 realm
= realm
.lower()
120 poldir
= r
'\\{0}\sysvol\{0}\Policies'.format(realm
)
121 # the first part of the base DN varies by testenv. Work it out from the realm
122 base_dn
= 'DC={0},DC=samba,DC=example,DC=com'.format(realm
.split('.')[0])
123 dspath
= 'CN=Policies,CN=System,' + base_dn
124 gpt_data
= '[General]\nVersion=%d'
126 gnome_test_reg_pol
= \
128 <?xml version="1.0" encoding="utf-8"?>
129 <PolFile num_entries="26" signature="PReg" version="1">
130 <Entry type="4" type_name="REG_DWORD">
131 <Key>GNOME Settings\Lock Down Settings</Key>
132 <ValueName>Lock Down Enabled Extensions</ValueName>
135 <Entry type="4" type_name="REG_DWORD">
136 <Key>GNOME Settings\Lock Down Settings</Key>
137 <ValueName>Lock Down Specific Settings</ValueName>
140 <Entry type="4" type_name="REG_DWORD">
141 <Key>GNOME Settings\Lock Down Settings</Key>
142 <ValueName>Disable Printing</ValueName>
145 <Entry type="4" type_name="REG_DWORD">
146 <Key>GNOME Settings\Lock Down Settings</Key>
147 <ValueName>Disable File Saving</ValueName>
150 <Entry type="4" type_name="REG_DWORD">
151 <Key>GNOME Settings\Lock Down Settings</Key>
152 <ValueName>Disable Command-Line Access</ValueName>
155 <Entry type="4" type_name="REG_DWORD">
156 <Key>GNOME Settings\Lock Down Settings</Key>
157 <ValueName>Disallow Login Using a Fingerprint</ValueName>
160 <Entry type="4" type_name="REG_DWORD">
161 <Key>GNOME Settings\Lock Down Settings</Key>
162 <ValueName>Disable User Logout</ValueName>
165 <Entry type="4" type_name="REG_DWORD">
166 <Key>GNOME Settings\Lock Down Settings</Key>
167 <ValueName>Disable User Switching</ValueName>
170 <Entry type="4" type_name="REG_DWORD">
171 <Key>GNOME Settings\Lock Down Settings</Key>
172 <ValueName>Disable Repartitioning</ValueName>
175 <Entry type="4" type_name="REG_DWORD">
176 <Key>GNOME Settings\Lock Down Settings</Key>
177 <ValueName>Whitelisted Online Accounts</ValueName>
180 <Entry type="4" type_name="REG_DWORD">
181 <Key>GNOME Settings\Lock Down Settings</Key>
182 <ValueName>Compose Key</ValueName>
185 <Entry type="4" type_name="REG_DWORD">
186 <Key>GNOME Settings\Lock Down Settings</Key>
187 <ValueName>Dim Screen when User is Idle</ValueName>
190 <Entry type="4" type_name="REG_DWORD">
191 <Key>GNOME Settings\Lock Down Settings</Key>
192 <ValueName>Enabled Extensions</ValueName>
195 <Entry type="1" type_name="REG_SZ">
196 <Key>GNOME Settings\Lock Down Settings\Compose Key</Key>
197 <ValueName>Key Name</ValueName>
198 <Value>Right Alt</Value>
200 <Entry type="4" type_name="REG_DWORD">
201 <Key>GNOME Settings\Lock Down Settings\Dim Screen when User is Idle</Key>
202 <ValueName>Delay</ValueName>
205 <Entry type="4" type_name="REG_DWORD">
206 <Key>GNOME Settings\Lock Down Settings\Dim Screen when User is Idle</Key>
207 <ValueName>Dim Idle Brightness</ValueName>
210 <Entry type="1" type_name="REG_SZ">
211 <Key>GNOME Settings\Lock Down Settings\Enabled Extensions</Key>
212 <ValueName>**delvals.</ValueName>
215 <Entry type="1" type_name="REG_SZ">
216 <Key>GNOME Settings\Lock Down Settings\Enabled Extensions</Key>
217 <ValueName>myextension1@myname.example.com</ValueName>
218 <Value>myextension1@myname.example.com</Value>
220 <Entry type="1" type_name="REG_SZ">
221 <Key>GNOME Settings\Lock Down Settings\Enabled Extensions</Key>
222 <ValueName>myextension2@myname.example.com</ValueName>
223 <Value>myextension2@myname.example.com</Value>
225 <Entry type="1" type_name="REG_SZ">
226 <Key>GNOME Settings\Lock Down Settings\Lock Down Specific Settings</Key>
227 <ValueName>**delvals.</ValueName>
230 <Entry type="1" type_name="REG_SZ">
231 <Key>GNOME Settings\Lock Down Settings\Lock Down Specific Settings</Key>
232 <ValueName>/org/gnome/desktop/background/picture-uri</ValueName>
233 <Value>/org/gnome/desktop/background/picture-uri</Value>
235 <Entry type="1" type_name="REG_SZ">
236 <Key>GNOME Settings\Lock Down Settings\Lock Down Specific Settings</Key>
237 <ValueName>/org/gnome/desktop/background/picture-options</ValueName>
238 <Value>/org/gnome/desktop/background/picture-options</Value>
240 <Entry type="1" type_name="REG_SZ">
241 <Key>GNOME Settings\Lock Down Settings\Lock Down Specific Settings</Key>
242 <ValueName>/org/gnome/desktop/background/primary-color</ValueName>
243 <Value>/org/gnome/desktop/background/primary-color</Value>
245 <Entry type="1" type_name="REG_SZ">
246 <Key>GNOME Settings\Lock Down Settings\Lock Down Specific Settings</Key>
247 <ValueName>/org/gnome/desktop/background/secondary-color</ValueName>
248 <Value>/org/gnome/desktop/background/secondary-color</Value>
250 <Entry type="1" type_name="REG_SZ">
251 <Key>GNOME Settings\Lock Down Settings\Whitelisted Online Accounts</Key>
252 <ValueName>**delvals.</ValueName>
255 <Entry type="1" type_name="REG_SZ">
256 <Key>GNOME Settings\Lock Down Settings\Whitelisted Online Accounts</Key>
257 <ValueName>google</ValueName>
258 <Value>google</Value>
263 auto_enroll_reg_pol
= \
265 <?xml version="1.0" encoding="utf-8"?>
266 <PolFile num_entries="3" signature="PReg" version="1">
267 <Entry type="4" type_name="REG_DWORD">
268 <Key>Software\Policies\Microsoft\Cryptography\AutoEnrollment</Key>
269 <ValueName>AEPolicy</ValueName>
272 <Entry type="4" type_name="REG_DWORD">
273 <Key>Software\Policies\Microsoft\Cryptography\AutoEnrollment</Key>
274 <ValueName>OfflineExpirationPercent</ValueName>
277 <Entry type="1" type_name="REG_SZ">
278 <Key>Software\Policies\Microsoft\Cryptography\AutoEnrollment</Key>
279 <ValueName>OfflineExpirationStoreNames</ValueName>
285 auto_enroll_unchecked_reg_pol
= \
287 <?xml version="1.0" encoding="utf-8"?>
288 <PolFile num_entries="3" signature="PReg" version="1">
289 <Entry type="4" type_name="REG_DWORD">
290 <Key>Software\Policies\Microsoft\Cryptography\AutoEnrollment</Key>
291 <ValueName>AEPolicy</ValueName>
294 <Entry type="4" type_name="REG_DWORD">
295 <Key>Software\Policies\Microsoft\Cryptography\AutoEnrollment</Key>
296 <ValueName>OfflineExpirationPercent</ValueName>
299 <Entry type="1" type_name="REG_SZ">
300 <Key>Software\Policies\Microsoft\Cryptography\AutoEnrollment</Key>
301 <ValueName>OfflineExpirationStoreNames</ValueName>
307 advanced_enroll_reg_pol
= \
309 <?xml version="1.0" encoding="utf-8"?>
310 <PolFile num_entries="30" signature="PReg" version="1">
311 <Entry type="1" type_name="REG_SZ">
312 <Key>Software\Policies\Microsoft\Cryptography</Key>
313 <ValueName>**DeleteKeys</ValueName>
314 <Value>Software\Policies\Microsoft\Cryptography\PolicyServers</Value>
316 <Entry type="4" type_name="REG_DWORD">
317 <Key>Software\Policies\Microsoft\Cryptography\AutoEnrollment</Key>
318 <ValueName>AEPolicy</ValueName>
321 <Entry type="4" type_name="REG_DWORD">
322 <Key>Software\Policies\Microsoft\Cryptography\AutoEnrollment</Key>
323 <ValueName>OfflineExpirationPercent</ValueName>
326 <Entry type="1" type_name="REG_SZ">
327 <Key>Software\Policies\Microsoft\Cryptography\AutoEnrollment</Key>
328 <ValueName>OfflineExpirationStoreNames</ValueName>
331 <Entry type="1" type_name="REG_SZ">
332 <Key>Software\Policies\Microsoft\Cryptography\PolicyServers</Key>
334 <Value>{5AD0BE6D-3393-4940-BFC3-6E19555A8919}</Value>
336 <Entry type="4" type_name="REG_DWORD">
337 <Key>Software\Policies\Microsoft\Cryptography\PolicyServers</Key>
338 <ValueName>Flags</ValueName>
341 <Entry type="1" type_name="REG_SZ">
342 <Key>Software\Policies\Microsoft\Cryptography\PolicyServers\37c9dc30f207f27f61a2f7c3aed598a6e2920b54</Key>
343 <ValueName>URL</ValueName>
346 <Entry type="1" type_name="REG_SZ">
347 <Key>Software\Policies\Microsoft\Cryptography\PolicyServers\37c9dc30f207f27f61a2f7c3aed598a6e2920b54</Key>
348 <ValueName>PolicyID</ValueName>
351 <Entry type="1" type_name="REG_SZ">
352 <Key>Software\Policies\Microsoft\Cryptography\PolicyServers\37c9dc30f207f27f61a2f7c3aed598a6e2920b54</Key>
353 <ValueName>FriendlyName</ValueName>
354 <Value>Example</Value>
356 <Entry type="4" type_name="REG_DWORD">
357 <Key>Software\Policies\Microsoft\Cryptography\PolicyServers\37c9dc30f207f27f61a2f7c3aed598a6e2920b54</Key>
358 <ValueName>Flags</ValueName>
361 <Entry type="4" type_name="REG_DWORD">
362 <Key>Software\Policies\Microsoft\Cryptography\PolicyServers\37c9dc30f207f27f61a2f7c3aed598a6e2920b54</Key>
363 <ValueName>AuthFlags</ValueName>
366 <Entry type="4" type_name="REG_DWORD">
367 <Key>Software\Policies\Microsoft\Cryptography\PolicyServers\37c9dc30f207f27f61a2f7c3aed598a6e2920b54</Key>
368 <ValueName>Cost</ValueName>
369 <Value>2147483645</Value>
371 <Entry type="1" type_name="REG_SZ">
372 <Key>Software\Policies\Microsoft\Cryptography\PolicyServers\144bdbb8e4717c26e408f3c9a0cb8d6cfacbcbbe</Key>
373 <ValueName>URL</ValueName>
374 <Value>https://example2.com/ADPolicyProvider_CEP_Certificate/service.svc/CEP</Value>
376 <Entry type="1" type_name="REG_SZ">
377 <Key>Software\Policies\Microsoft\Cryptography\PolicyServers\144bdbb8e4717c26e408f3c9a0cb8d6cfacbcbbe</Key>
378 <ValueName>PolicyID</ValueName>
381 <Entry type="1" type_name="REG_SZ">
382 <Key>Software\Policies\Microsoft\Cryptography\PolicyServers\144bdbb8e4717c26e408f3c9a0cb8d6cfacbcbbe</Key>
383 <ValueName>FriendlyName</ValueName>
384 <Value>Example2</Value>
386 <Entry type="4" type_name="REG_DWORD">
387 <Key>Software\Policies\Microsoft\Cryptography\PolicyServers\144bdbb8e4717c26e408f3c9a0cb8d6cfacbcbbe</Key>
388 <ValueName>Flags</ValueName>
391 <Entry type="4" type_name="REG_DWORD">
392 <Key>Software\Policies\Microsoft\Cryptography\PolicyServers\144bdbb8e4717c26e408f3c9a0cb8d6cfacbcbbe</Key>
393 <ValueName>AuthFlags</ValueName>
396 <Entry type="4" type_name="REG_DWORD">
397 <Key>Software\Policies\Microsoft\Cryptography\PolicyServers\144bdbb8e4717c26e408f3c9a0cb8d6cfacbcbbe</Key>
398 <ValueName>Cost</ValueName>
401 <Entry type="1" type_name="REG_SZ">
402 <Key>Software\Policies\Microsoft\Cryptography\PolicyServers\20d46e856e9b9746c0b1265c328f126a7b3283a9</Key>
403 <ValueName>URL</ValueName>
404 <Value>https://example0.com/ADPolicyProvider_CEP_Kerberos/service.svc/CEP</Value>
406 <Entry type="1" type_name="REG_SZ">
407 <Key>Software\Policies\Microsoft\Cryptography\PolicyServers\20d46e856e9b9746c0b1265c328f126a7b3283a9</Key>
408 <ValueName>PolicyID</ValueName>
411 <Entry type="1" type_name="REG_SZ">
412 <Key>Software\Policies\Microsoft\Cryptography\PolicyServers\20d46e856e9b9746c0b1265c328f126a7b3283a9</Key>
413 <ValueName>FriendlyName</ValueName>
414 <Value>Example0</Value>
416 <Entry type="4" type_name="REG_DWORD">
417 <Key>Software\Policies\Microsoft\Cryptography\PolicyServers\20d46e856e9b9746c0b1265c328f126a7b3283a9</Key>
418 <ValueName>Flags</ValueName>
421 <Entry type="4" type_name="REG_DWORD">
422 <Key>Software\Policies\Microsoft\Cryptography\PolicyServers\20d46e856e9b9746c0b1265c328f126a7b3283a9</Key>
423 <ValueName>AuthFlags</ValueName>
426 <Entry type="4" type_name="REG_DWORD">
427 <Key>Software\Policies\Microsoft\Cryptography\PolicyServers\20d46e856e9b9746c0b1265c328f126a7b3283a9</Key>
428 <ValueName>Cost</ValueName>
431 <Entry type="1" type_name="REG_SZ">
432 <Key>Software\Policies\Microsoft\Cryptography\PolicyServers\855b5246433a48402ac4f5c3427566df26ccc9ac</Key>
433 <ValueName>URL</ValueName>
434 <Value>https://example1.com/ADPolicyProvider_CEP_Kerberos/service.svc/CEP</Value>
436 <Entry type="1" type_name="REG_SZ">
437 <Key>Software\Policies\Microsoft\Cryptography\PolicyServers\855b5246433a48402ac4f5c3427566df26ccc9ac</Key>
438 <ValueName>PolicyID</ValueName>
441 <Entry type="1" type_name="REG_SZ">
442 <Key>Software\Policies\Microsoft\Cryptography\PolicyServers\855b5246433a48402ac4f5c3427566df26ccc9ac</Key>
443 <ValueName>FriendlyName</ValueName>
444 <Value>Example1</Value>
446 <Entry type="4" type_name="REG_DWORD">
447 <Key>Software\Policies\Microsoft\Cryptography\PolicyServers\855b5246433a48402ac4f5c3427566df26ccc9ac</Key>
448 <ValueName>Flags</ValueName>
451 <Entry type="4" type_name="REG_DWORD">
452 <Key>Software\Policies\Microsoft\Cryptography\PolicyServers\855b5246433a48402ac4f5c3427566df26ccc9ac</Key>
453 <ValueName>AuthFlags</ValueName>
456 <Entry type="4" type_name="REG_DWORD">
457 <Key>Software\Policies\Microsoft\Cryptography\PolicyServers\855b5246433a48402ac4f5c3427566df26ccc9ac</Key>
458 <ValueName>Cost</ValueName>
466 <?xml version="1.0" encoding="utf-8"?>
467 <PolFile num_entries="241" signature="PReg" version="1">
468 <Entry type="7" type_name="REG_MULTI_SZ">
469 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
470 <ValueName>ExtensionSettings</ValueName>
471 <Value>{ "*": { "blocked_install_message": "Custom error message.", "install_sources": ["about:addons","https://addons.mozilla.org/"], "installation_mode": "blocked", "allowed_types": ["extension"] }, "uBlock0@raymondhill.net": { "installation_mode": "force_installed", "install_url": "https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi" }, "https-everywhere@eff.org": { "installation_mode": "allowed" } }</Value>
473 <Entry type="4" type_name="REG_DWORD">
474 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
475 <ValueName>ExtensionUpdate</ValueName>
478 <Entry type="4" type_name="REG_DWORD">
479 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
480 <ValueName>SearchSuggestEnabled</ValueName>
483 <Entry type="4" type_name="REG_DWORD">
484 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
485 <ValueName>AppAutoUpdate</ValueName>
488 <Entry type="1" type_name="REG_SZ">
489 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
490 <ValueName>AppUpdateURL</ValueName>
491 <Value>https://yoursite.com</Value>
493 <Entry type="4" type_name="REG_DWORD">
494 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
495 <ValueName>BlockAboutAddons</ValueName>
498 <Entry type="4" type_name="REG_DWORD">
499 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
500 <ValueName>BlockAboutConfig</ValueName>
503 <Entry type="4" type_name="REG_DWORD">
504 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
505 <ValueName>BlockAboutProfiles</ValueName>
508 <Entry type="4" type_name="REG_DWORD">
509 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
510 <ValueName>BlockAboutSupport</ValueName>
513 <Entry type="4" type_name="REG_DWORD">
514 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
515 <ValueName>CaptivePortal</ValueName>
518 <Entry type="2" type_name="REG_EXPAND_SZ">
519 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
520 <ValueName>DefaultDownloadDirectory</ValueName>
521 <Value>${home}/Downloads</Value>
523 <Entry type="4" type_name="REG_DWORD">
524 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
525 <ValueName>DisableAppUpdate</ValueName>
528 <Entry type="4" type_name="REG_DWORD">
529 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
530 <ValueName>DisableBuiltinPDFViewer</ValueName>
533 <Entry type="4" type_name="REG_DWORD">
534 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
535 <ValueName>DisableDefaultBrowserAgent</ValueName>
538 <Entry type="4" type_name="REG_DWORD">
539 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
540 <ValueName>DisableDeveloperTools</ValueName>
543 <Entry type="4" type_name="REG_DWORD">
544 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
545 <ValueName>DisableFeedbackCommands</ValueName>
548 <Entry type="4" type_name="REG_DWORD">
549 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
550 <ValueName>DisableFirefoxAccounts</ValueName>
553 <Entry type="4" type_name="REG_DWORD">
554 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
555 <ValueName>DisableFirefoxScreenshots</ValueName>
558 <Entry type="4" type_name="REG_DWORD">
559 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
560 <ValueName>DisableFirefoxStudies</ValueName>
563 <Entry type="4" type_name="REG_DWORD">
564 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
565 <ValueName>DisableForgetButton</ValueName>
568 <Entry type="4" type_name="REG_DWORD">
569 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
570 <ValueName>DisableFormHistory</ValueName>
573 <Entry type="4" type_name="REG_DWORD">
574 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
575 <ValueName>DisableMasterPasswordCreation</ValueName>
578 <Entry type="4" type_name="REG_DWORD">
579 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
580 <ValueName>DisablePasswordReveal</ValueName>
583 <Entry type="4" type_name="REG_DWORD">
584 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
585 <ValueName>DisablePocket</ValueName>
588 <Entry type="4" type_name="REG_DWORD">
589 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
590 <ValueName>DisablePrivateBrowsing</ValueName>
593 <Entry type="4" type_name="REG_DWORD">
594 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
595 <ValueName>DisableProfileImport</ValueName>
598 <Entry type="4" type_name="REG_DWORD">
599 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
600 <ValueName>DisableProfileRefresh</ValueName>
603 <Entry type="4" type_name="REG_DWORD">
604 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
605 <ValueName>DisableSafeMode</ValueName>
608 <Entry type="4" type_name="REG_DWORD">
609 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
610 <ValueName>DisableSetDesktopBackground</ValueName>
613 <Entry type="4" type_name="REG_DWORD">
614 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
615 <ValueName>DisableSystemAddonUpdate</ValueName>
618 <Entry type="4" type_name="REG_DWORD">
619 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
620 <ValueName>DisableTelemetry</ValueName>
623 <Entry type="4" type_name="REG_DWORD">
624 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
625 <ValueName>DisplayBookmarksToolbar</ValueName>
628 <Entry type="1" type_name="REG_SZ">
629 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
630 <ValueName>DisplayMenuBar</ValueName>
631 <Value>default-on</Value>
633 <Entry type="4" type_name="REG_DWORD">
634 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
635 <ValueName>DontCheckDefaultBrowser</ValueName>
638 <Entry type="2" type_name="REG_EXPAND_SZ">
639 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
640 <ValueName>DownloadDirectory</ValueName>
641 <Value>${home}/Downloads</Value>
643 <Entry type="7" type_name="REG_MULTI_SZ">
644 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
645 <ValueName>Handlers</ValueName>
646 <Value>{ "mimeTypes": { "application/msword": { "action": "useSystemDefault", "ask": true } }, "schemes": { "mailto": { "action": "useHelperApp", "ask": true, "handlers": [{ "name": "Gmail", "uriTemplate": "https://mail.google.com/mail/?extsrc=mailto&url=%s" }] } }, "extensions": { "pdf": { "action": "useHelperApp", "ask": true, "handlers": [{ "name": "Adobe Acrobat", "path": "/usr/bin/acroread" }] } } }</Value>
648 <Entry type="4" type_name="REG_DWORD">
649 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
650 <ValueName>HardwareAcceleration</ValueName>
653 <Entry type="7" type_name="REG_MULTI_SZ">
654 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
655 <ValueName>ManagedBookmarks</ValueName>
656 <Value>[ { "toplevel_name": "My managed bookmarks folder" }, { "url": "example.com", "name": "Example" }, { "name": "Mozilla links", "children": [ { "url": "https://mozilla.org", "name": "Mozilla.org" }, { "url": "https://support.mozilla.org/", "name": "SUMO" } ] } ]</Value>
658 <Entry type="4" type_name="REG_DWORD">
659 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
660 <ValueName>NetworkPrediction</ValueName>
663 <Entry type="4" type_name="REG_DWORD">
664 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
665 <ValueName>NewTabPage</ValueName>
668 <Entry type="4" type_name="REG_DWORD">
669 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
670 <ValueName>NoDefaultBookmarks</ValueName>
673 <Entry type="4" type_name="REG_DWORD">
674 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
675 <ValueName>OfferToSaveLogins</ValueName>
678 <Entry type="4" type_name="REG_DWORD">
679 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
680 <ValueName>OfferToSaveLoginsDefault</ValueName>
683 <Entry type="1" type_name="REG_SZ">
684 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
685 <ValueName>OverrideFirstRunPage</ValueName>
686 <Value>http://example.org</Value>
688 <Entry type="1" type_name="REG_SZ">
689 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
690 <ValueName>OverridePostUpdatePage</ValueName>
691 <Value>http://example.org</Value>
693 <Entry type="4" type_name="REG_DWORD">
694 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
695 <ValueName>PasswordManagerEnabled</ValueName>
698 <Entry type="7" type_name="REG_MULTI_SZ">
699 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
700 <ValueName>Preferences</ValueName>
701 <Value>{ "accessibility.force_disabled": { "Value": 1, "Status": "default" }, "browser.cache.disk.parent_directory": { "Value": "SOME_NATIVE_PATH", "Status": "user" }, "browser.tabs.warnOnClose": { "Value": false, "Status": "locked" } }</Value>
703 <Entry type="4" type_name="REG_DWORD">
704 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
705 <ValueName>PrimaryPassword</ValueName>
708 <Entry type="4" type_name="REG_DWORD">
709 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
710 <ValueName>PromptForDownloadLocation</ValueName>
713 <Entry type="1" type_name="REG_SZ">
714 <Key>Software\\Policies\\Mozilla\\Firefox\\RequestedLocales</Key>
715 <ValueName>**delvals.</ValueName>
718 <Entry type="1" type_name="REG_SZ">
719 <Key>Software\\Policies\\Mozilla\\Firefox\\RequestedLocales</Key>
720 <ValueName>1</ValueName>
723 <Entry type="1" type_name="REG_SZ">
724 <Key>Software\\Policies\\Mozilla\\Firefox\\RequestedLocales</Key>
725 <ValueName>2</ValueName>
728 <Entry type="1" type_name="REG_SZ">
729 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
730 <ValueName>SSLVersionMax</ValueName>
731 <Value>tls1.3</Value>
733 <Entry type="1" type_name="REG_SZ">
734 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
735 <ValueName>SSLVersionMin</ValueName>
736 <Value>tls1.3</Value>
738 <Entry type="1" type_name="REG_SZ">
739 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
740 <ValueName>SearchBar</ValueName>
741 <Value>unified</Value>
743 <Entry type="4" type_name="REG_DWORD">
744 <Key>Software\\Policies\\Mozilla\\Firefox\\Authentication</Key>
745 <ValueName>Locked</ValueName>
748 <Entry type="4" type_name="REG_DWORD">
749 <Key>Software\\Policies\\Mozilla\\Firefox\\Authentication</Key>
750 <ValueName>PrivateBrowsing</ValueName>
753 <Entry type="4" type_name="REG_DWORD">
754 <Key>Software\\Policies\\Mozilla\\Firefox\\Authentication\\AllowNonFQDN</Key>
755 <ValueName>NTLM</ValueName>
758 <Entry type="4" type_name="REG_DWORD">
759 <Key>Software\\Policies\\Mozilla\\Firefox\\Authentication\\AllowNonFQDN</Key>
760 <ValueName>SPNEGO</ValueName>
763 <Entry type="4" type_name="REG_DWORD">
764 <Key>Software\\Policies\\Mozilla\\Firefox\\Authentication\\AllowProxies</Key>
765 <ValueName>NTLM</ValueName>
768 <Entry type="4" type_name="REG_DWORD">
769 <Key>Software\\Policies\\Mozilla\\Firefox\\Authentication\\AllowProxies</Key>
770 <ValueName>SPNEGO</ValueName>
773 <Entry type="1" type_name="REG_SZ">
774 <Key>Software\\Policies\\Mozilla\\Firefox\\Authentication\\Delegated</Key>
775 <ValueName>**delvals.</ValueName>
778 <Entry type="1" type_name="REG_SZ">
779 <Key>Software\\Policies\\Mozilla\\Firefox\\Authentication\\Delegated</Key>
780 <ValueName>1</ValueName>
781 <Value>mydomain.com</Value>
783 <Entry type="1" type_name="REG_SZ">
784 <Key>Software\\Policies\\Mozilla\\Firefox\\Authentication\\Delegated</Key>
785 <ValueName>1</ValueName>
786 <Value>https://myotherdomain.com</Value>
788 <Entry type="1" type_name="REG_SZ">
789 <Key>Software\\Policies\\Mozilla\\Firefox\\Authentication\\NTLM</Key>
790 <ValueName>**delvals.</ValueName>
793 <Entry type="1" type_name="REG_SZ">
794 <Key>Software\\Policies\\Mozilla\\Firefox\\Authentication\\NTLM</Key>
795 <ValueName>1</ValueName>
796 <Value>mydomain.com</Value>
798 <Entry type="1" type_name="REG_SZ">
799 <Key>Software\\Policies\\Mozilla\\Firefox\\Authentication\\NTLM</Key>
800 <ValueName>1</ValueName>
801 <Value>https://myotherdomain.com</Value>
803 <Entry type="1" type_name="REG_SZ">
804 <Key>Software\\Policies\\Mozilla\\Firefox\\Authentication\\SPNEGO</Key>
805 <ValueName>**delvals.</ValueName>
808 <Entry type="1" type_name="REG_SZ">
809 <Key>Software\\Policies\\Mozilla\\Firefox\\Authentication\\SPNEGO</Key>
810 <ValueName>1</ValueName>
811 <Value>mydomain.com</Value>
813 <Entry type="1" type_name="REG_SZ">
814 <Key>Software\\Policies\\Mozilla\\Firefox\\Authentication\\SPNEGO</Key>
815 <ValueName>1</ValueName>
816 <Value>https://myotherdomain.com</Value>
818 <Entry type="1" type_name="REG_SZ">
819 <Key>Software\\Policies\\Mozilla\\Firefox\\Bookmarks\\1</Key>
820 <ValueName>Title</ValueName>
821 <Value>Example</Value>
823 <Entry type="1" type_name="REG_SZ">
824 <Key>Software\\Policies\\Mozilla\\Firefox\\Bookmarks\\1</Key>
825 <ValueName>URL</ValueName>
826 <Value>https://example.com</Value>
828 <Entry type="1" type_name="REG_SZ">
829 <Key>Software\\Policies\\Mozilla\\Firefox\\Bookmarks\\1</Key>
830 <ValueName>Favicon</ValueName>
831 <Value>https://example.com/favicon.ico</Value>
833 <Entry type="1" type_name="REG_SZ">
834 <Key>Software\\Policies\\Mozilla\\Firefox\\Bookmarks\\1</Key>
835 <ValueName>Placement</ValueName>
838 <Entry type="1" type_name="REG_SZ">
839 <Key>Software\\Policies\\Mozilla\\Firefox\\Bookmarks\\1</Key>
840 <ValueName>Folder</ValueName>
841 <Value>FolderName</Value>
843 <Entry type="1" type_name="REG_SZ">
844 <Key>Software\\Policies\\Mozilla\\Firefox\\Bookmarks\\10</Key>
845 <ValueName>Title</ValueName>
848 <Entry type="1" type_name="REG_SZ">
849 <Key>Software\\Policies\\Mozilla\\Firefox\\Bookmarks\\10</Key>
850 <ValueName>URL</ValueName>
851 <Value>www.samba.org</Value>
853 <Entry type="1" type_name="REG_SZ">
854 <Key>Software\\Policies\\Mozilla\\Firefox\\Bookmarks\\10</Key>
855 <ValueName>Favicon</ValueName>
858 <Entry type="1" type_name="REG_SZ">
859 <Key>Software\\Policies\\Mozilla\\Firefox\\Bookmarks\\10</Key>
860 <ValueName>Placement</ValueName>
861 <Value>toolbar</Value>
863 <Entry type="1" type_name="REG_SZ">
864 <Key>Software\\Policies\\Mozilla\\Firefox\\Bookmarks\\10</Key>
865 <ValueName>Folder</ValueName>
868 <Entry type="1" type_name="REG_SZ">
869 <Key>Software\\Policies\\Mozilla\\Firefox\\Cookies</Key>
870 <ValueName>AcceptThirdParty</ValueName>
873 <Entry type="4" type_name="REG_DWORD">
874 <Key>Software\\Policies\\Mozilla\\Firefox\\Cookies</Key>
875 <ValueName>Default</ValueName>
878 <Entry type="4" type_name="REG_DWORD">
879 <Key>Software\\Policies\\Mozilla\\Firefox\\Cookies</Key>
880 <ValueName>ExpireAtSessionEnd</ValueName>
883 <Entry type="4" type_name="REG_DWORD">
884 <Key>Software\\Policies\\Mozilla\\Firefox\\Cookies</Key>
885 <ValueName>Locked</ValueName>
888 <Entry type="4" type_name="REG_DWORD">
889 <Key>Software\\Policies\\Mozilla\\Firefox\\Cookies</Key>
890 <ValueName>RejectTracker</ValueName>
893 <Entry type="1" type_name="REG_SZ">
894 <Key>Software\\Policies\\Mozilla\\Firefox\\Cookies\\Allow</Key>
895 <ValueName>**delvals.</ValueName>
898 <Entry type="1" type_name="REG_SZ">
899 <Key>Software\\Policies\\Mozilla\\Firefox\\Cookies\\Allow</Key>
900 <ValueName>1</ValueName>
901 <Value>http://example.org/</Value>
903 <Entry type="1" type_name="REG_SZ">
904 <Key>Software\\Policies\\Mozilla\\Firefox\\Cookies\\AllowSession</Key>
905 <ValueName>**delvals.</ValueName>
908 <Entry type="1" type_name="REG_SZ">
909 <Key>Software\\Policies\\Mozilla\\Firefox\\Cookies\\AllowSession</Key>
910 <ValueName>1</ValueName>
911 <Value>http://example.edu/</Value>
913 <Entry type="1" type_name="REG_SZ">
914 <Key>Software\\Policies\\Mozilla\\Firefox\\Cookies\\Block</Key>
915 <ValueName>**delvals.</ValueName>
918 <Entry type="1" type_name="REG_SZ">
919 <Key>Software\\Policies\\Mozilla\\Firefox\\Cookies\\Block</Key>
920 <ValueName>1</ValueName>
921 <Value>http://example.edu/</Value>
923 <Entry type="4" type_name="REG_DWORD">
924 <Key>Software\\Policies\\Mozilla\\Firefox\\DisabledCiphers</Key>
925 <ValueName>TLS_DHE_RSA_WITH_AES_128_CBC_SHA</ValueName>
928 <Entry type="4" type_name="REG_DWORD">
929 <Key>Software\\Policies\\Mozilla\\Firefox\\DisabledCiphers</Key>
930 <ValueName>TLS_DHE_RSA_WITH_AES_256_CBC_SHA</ValueName>
933 <Entry type="4" type_name="REG_DWORD">
934 <Key>Software\\Policies\\Mozilla\\Firefox\\DisabledCiphers</Key>
935 <ValueName>TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256</ValueName>
938 <Entry type="4" type_name="REG_DWORD">
939 <Key>Software\\Policies\\Mozilla\\Firefox\\DisabledCiphers</Key>
940 <ValueName>TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA</ValueName>
943 <Entry type="4" type_name="REG_DWORD">
944 <Key>Software\\Policies\\Mozilla\\Firefox\\DisabledCiphers</Key>
945 <ValueName>TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256</ValueName>
948 <Entry type="4" type_name="REG_DWORD">
949 <Key>Software\\Policies\\Mozilla\\Firefox\\DisabledCiphers</Key>
950 <ValueName>TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA</ValueName>
953 <Entry type="4" type_name="REG_DWORD">
954 <Key>Software\\Policies\\Mozilla\\Firefox\\DisabledCiphers</Key>
955 <ValueName>TLS_RSA_WITH_3DES_EDE_CBC_SHA</ValueName>
958 <Entry type="4" type_name="REG_DWORD">
959 <Key>Software\\Policies\\Mozilla\\Firefox\\DisabledCiphers</Key>
960 <ValueName>TLS_RSA_WITH_AES_128_CBC_SHA</ValueName>
963 <Entry type="4" type_name="REG_DWORD">
964 <Key>Software\\Policies\\Mozilla\\Firefox\\DisabledCiphers</Key>
965 <ValueName>TLS_RSA_WITH_AES_128_GCM_SHA256</ValueName>
968 <Entry type="4" type_name="REG_DWORD">
969 <Key>Software\\Policies\\Mozilla\\Firefox\\DisabledCiphers</Key>
970 <ValueName>TLS_RSA_WITH_AES_256_CBC_SHA</ValueName>
973 <Entry type="4" type_name="REG_DWORD">
974 <Key>Software\\Policies\\Mozilla\\Firefox\\DisabledCiphers</Key>
975 <ValueName>TLS_RSA_WITH_AES_256_GCM_SHA384</ValueName>
978 <Entry type="4" type_name="REG_DWORD">
979 <Key>Software\\Policies\\Mozilla\\Firefox\\DisableSecurityBypass</Key>
980 <ValueName>InvalidCertificate</ValueName>
983 <Entry type="4" type_name="REG_DWORD">
984 <Key>Software\\Policies\\Mozilla\\Firefox\\DisableSecurityBypass</Key>
985 <ValueName>SafeBrowsing</ValueName>
988 <Entry type="4" type_name="REG_DWORD">
989 <Key>Software\\Policies\\Mozilla\\Firefox\\DNSOverHTTPS</Key>
990 <ValueName>Enabled</ValueName>
993 <Entry type="4" type_name="REG_DWORD">
994 <Key>Software\\Policies\\Mozilla\\Firefox\\DNSOverHTTPS</Key>
995 <ValueName>Locked</ValueName>
998 <Entry type="1" type_name="REG_SZ">
999 <Key>Software\\Policies\\Mozilla\\Firefox\\DNSOverHTTPS</Key>
1000 <ValueName>ProviderURL</ValueName>
1001 <Value>URL_TO_ALTERNATE_PROVIDER</Value>
1003 <Entry type="1" type_name="REG_SZ">
1004 <Key>Software\\Policies\\Mozilla\\Firefox\\DNSOverHTTPS\\ExcludedDomains</Key>
1005 <ValueName>**delvals.</ValueName>
1008 <Entry type="1" type_name="REG_SZ">
1009 <Key>Software\\Policies\\Mozilla\\Firefox\\DNSOverHTTPS\\ExcludedDomains</Key>
1010 <ValueName>1</ValueName>
1011 <Value>example.com</Value>
1013 <Entry type="4" type_name="REG_DWORD">
1014 <Key>Software\\Policies\\Mozilla\\Firefox\\EnableTrackingProtection</Key>
1015 <ValueName>Value</ValueName>
1018 <Entry type="4" type_name="REG_DWORD">
1019 <Key>Software\\Policies\\Mozilla\\Firefox\\EnableTrackingProtection</Key>
1020 <ValueName>Cryptomining</ValueName>
1023 <Entry type="4" type_name="REG_DWORD">
1024 <Key>Software\\Policies\\Mozilla\\Firefox\\EnableTrackingProtection</Key>
1025 <ValueName>Fingerprinting</ValueName>
1028 <Entry type="4" type_name="REG_DWORD">
1029 <Key>Software\\Policies\\Mozilla\\Firefox\\EnableTrackingProtection</Key>
1030 <ValueName>Locked</ValueName>
1033 <Entry type="1" type_name="REG_SZ">
1034 <Key>Software\\Policies\\Mozilla\\Firefox\\EnableTrackingProtection\\Exceptions</Key>
1035 <ValueName>**delvals.</ValueName>
1038 <Entry type="1" type_name="REG_SZ">
1039 <Key>Software\\Policies\\Mozilla\\Firefox\\EnableTrackingProtection\\Exceptions</Key>
1040 <ValueName>1</ValueName>
1041 <Value>https://example.com</Value>
1043 <Entry type="4" type_name="REG_DWORD">
1044 <Key>Software\\Policies\\Mozilla\\Firefox\\EncryptedMediaExtensions</Key>
1045 <ValueName>Enabled</ValueName>
1048 <Entry type="4" type_name="REG_DWORD">
1049 <Key>Software\\Policies\\Mozilla\\Firefox\\EncryptedMediaExtensions</Key>
1050 <ValueName>Locked</ValueName>
1053 <Entry type="1" type_name="REG_SZ">
1054 <Key>Software\\Policies\\Mozilla\\Firefox\\Extensions\\Install</Key>
1055 <ValueName>**delvals.</ValueName>
1058 <Entry type="2" type_name="REG_EXPAND_SZ">
1059 <Key>Software\\Policies\\Mozilla\\Firefox\\Extensions\\Install</Key>
1060 <ValueName>1</ValueName>
1061 <Value>https://addons.mozilla.org/firefox/downloads/somefile.xpi</Value>
1063 <Entry type="2" type_name="REG_EXPAND_SZ">
1064 <Key>Software\\Policies\\Mozilla\\Firefox\\Extensions\\Install</Key>
1065 <ValueName>2</ValueName>
1066 <Value>//path/to/xpi</Value>
1068 <Entry type="1" type_name="REG_SZ">
1069 <Key>Software\\Policies\\Mozilla\\Firefox\\Extensions\\Locked</Key>
1070 <ValueName>**delvals.</ValueName>
1073 <Entry type="1" type_name="REG_SZ">
1074 <Key>Software\\Policies\\Mozilla\\Firefox\\Extensions\\Locked</Key>
1075 <ValueName>1</ValueName>
1076 <Value>addon_id@mozilla.org</Value>
1078 <Entry type="1" type_name="REG_SZ">
1079 <Key>Software\\Policies\\Mozilla\\Firefox\\Extensions\\Uninstall</Key>
1080 <ValueName>**delvals.</ValueName>
1083 <Entry type="1" type_name="REG_SZ">
1084 <Key>Software\\Policies\\Mozilla\\Firefox\\Extensions\\Uninstall</Key>
1085 <ValueName>1</ValueName>
1086 <Value>bad_addon_id@mozilla.org</Value>
1088 <Entry type="4" type_name="REG_DWORD">
1089 <Key>Software\\Policies\\Mozilla\\Firefox\\FirefoxHome</Key>
1090 <ValueName>Search</ValueName>
1093 <Entry type="4" type_name="REG_DWORD">
1094 <Key>Software\\Policies\\Mozilla\\Firefox\\FirefoxHome</Key>
1095 <ValueName>TopSites</ValueName>
1098 <Entry type="4" type_name="REG_DWORD">
1099 <Key>Software\\Policies\\Mozilla\\Firefox\\FirefoxHome</Key>
1100 <ValueName>Highlights</ValueName>
1103 <Entry type="4" type_name="REG_DWORD">
1104 <Key>Software\\Policies\\Mozilla\\Firefox\\FirefoxHome</Key>
1105 <ValueName>Pocket</ValueName>
1108 <Entry type="4" type_name="REG_DWORD">
1109 <Key>Software\\Policies\\Mozilla\\Firefox\\FirefoxHome</Key>
1110 <ValueName>Snippets</ValueName>
1113 <Entry type="4" type_name="REG_DWORD">
1114 <Key>Software\\Policies\\Mozilla\\Firefox\\FirefoxHome</Key>
1115 <ValueName>Locked</ValueName>
1118 <Entry type="4" type_name="REG_DWORD">
1119 <Key>Software\\Policies\\Mozilla\\Firefox\\FlashPlugin</Key>
1120 <ValueName>Default</ValueName>
1123 <Entry type="4" type_name="REG_DWORD">
1124 <Key>Software\\Policies\\Mozilla\\Firefox\\FlashPlugin</Key>
1125 <ValueName>Locked</ValueName>
1128 <Entry type="1" type_name="REG_SZ">
1129 <Key>Software\\Policies\\Mozilla\\Firefox\\FlashPlugin\\Allow</Key>
1130 <ValueName>**delvals.</ValueName>
1133 <Entry type="1" type_name="REG_SZ">
1134 <Key>Software\\Policies\\Mozilla\\Firefox\\FlashPlugin\\Allow</Key>
1135 <ValueName>1</ValueName>
1136 <Value>http://example.org/</Value>
1138 <Entry type="1" type_name="REG_SZ">
1139 <Key>Software\\Policies\\Mozilla\\Firefox\\FlashPlugin\\Block</Key>
1140 <ValueName>**delvals.</ValueName>
1143 <Entry type="1" type_name="REG_SZ">
1144 <Key>Software\\Policies\\Mozilla\\Firefox\\FlashPlugin\\Block</Key>
1145 <ValueName>1</ValueName>
1146 <Value>http://example.edu/</Value>
1148 <Entry type="1" type_name="REG_SZ">
1149 <Key>Software\\Policies\\Mozilla\\Firefox\\Homepage</Key>
1150 <ValueName>StartPage</ValueName>
1151 <Value>homepage</Value>
1153 <Entry type="1" type_name="REG_SZ">
1154 <Key>Software\\Policies\\Mozilla\\Firefox\\Homepage</Key>
1155 <ValueName>URL</ValueName>
1156 <Value>http://example.com/</Value>
1158 <Entry type="4" type_name="REG_DWORD">
1159 <Key>Software\\Policies\\Mozilla\\Firefox\\Homepage</Key>
1160 <ValueName>Locked</ValueName>
1163 <Entry type="1" type_name="REG_SZ">
1164 <Key>Software\\Policies\\Mozilla\\Firefox\\Homepage\\Additional</Key>
1165 <ValueName>**delvals.</ValueName>
1168 <Entry type="1" type_name="REG_SZ">
1169 <Key>Software\\Policies\\Mozilla\\Firefox\\Homepage\\Additional</Key>
1170 <ValueName>1</ValueName>
1171 <Value>http://example.org/</Value>
1173 <Entry type="1" type_name="REG_SZ">
1174 <Key>Software\\Policies\\Mozilla\\Firefox\\Homepage\\Additional</Key>
1175 <ValueName>2</ValueName>
1176 <Value>http://example.edu/</Value>
1178 <Entry type="4" type_name="REG_DWORD">
1179 <Key>Software\\Policies\\Mozilla\\Firefox\\InstallAddonsPermission</Key>
1180 <ValueName>Default</ValueName>
1183 <Entry type="1" type_name="REG_SZ">
1184 <Key>Software\\Policies\\Mozilla\\Firefox\\InstallAddonsPermission\\Allow</Key>
1185 <ValueName>**delvals.</ValueName>
1188 <Entry type="1" type_name="REG_SZ">
1189 <Key>Software\\Policies\\Mozilla\\Firefox\\InstallAddonsPermission\\Allow</Key>
1190 <ValueName>1</ValueName>
1191 <Value>http://example.org/</Value>
1193 <Entry type="1" type_name="REG_SZ">
1194 <Key>Software\\Policies\\Mozilla\\Firefox\\InstallAddonsPermission\\Allow</Key>
1195 <ValueName>2</ValueName>
1196 <Value>http://example.edu/</Value>
1198 <Entry type="1" type_name="REG_SZ">
1199 <Key>Software\\Policies\\Mozilla\\Firefox\\LocalFileLinks</Key>
1200 <ValueName>**delvals.</ValueName>
1203 <Entry type="1" type_name="REG_SZ">
1204 <Key>Software\\Policies\\Mozilla\\Firefox\\LocalFileLinks</Key>
1205 <ValueName>1</ValueName>
1206 <Value>http://example.org/</Value>
1208 <Entry type="1" type_name="REG_SZ">
1209 <Key>Software\\Policies\\Mozilla\\Firefox\\LocalFileLinks</Key>
1210 <ValueName>2</ValueName>
1211 <Value>http://example.edu/</Value>
1213 <Entry type="4" type_name="REG_DWORD">
1214 <Key>Software\\Policies\\Mozilla\\Firefox\\PDFjs</Key>
1215 <ValueName>EnablePermissions</ValueName>
1218 <Entry type="4" type_name="REG_DWORD">
1219 <Key>Software\\Policies\\Mozilla\\Firefox\\PDFjs</Key>
1220 <ValueName>Enabled</ValueName>
1223 <Entry type="1" type_name="REG_SZ">
1224 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Autoplay</Key>
1225 <ValueName>Default</ValueName>
1226 <Value>block-audio</Value>
1228 <Entry type="4" type_name="REG_DWORD">
1229 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Autoplay</Key>
1230 <ValueName>Locked</ValueName>
1233 <Entry type="1" type_name="REG_SZ">
1234 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Autoplay\\Allow</Key>
1235 <ValueName>**delvals.</ValueName>
1238 <Entry type="1" type_name="REG_SZ">
1239 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Autoplay\\Allow</Key>
1240 <ValueName>1</ValueName>
1241 <Value>https://example.org</Value>
1243 <Entry type="1" type_name="REG_SZ">
1244 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Autoplay\\Block</Key>
1245 <ValueName>**delvals.</ValueName>
1248 <Entry type="1" type_name="REG_SZ">
1249 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Autoplay\\Block</Key>
1250 <ValueName>1</ValueName>
1251 <Value>https://example.edu</Value>
1253 <Entry type="4" type_name="REG_DWORD">
1254 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Camera</Key>
1255 <ValueName>BlockNewRequests</ValueName>
1258 <Entry type="4" type_name="REG_DWORD">
1259 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Camera</Key>
1260 <ValueName>Locked</ValueName>
1263 <Entry type="1" type_name="REG_SZ">
1264 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Camera\\Allow</Key>
1265 <ValueName>**delvals.</ValueName>
1268 <Entry type="1" type_name="REG_SZ">
1269 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Camera\\Allow</Key>
1270 <ValueName>1</ValueName>
1271 <Value>https://example.org</Value>
1273 <Entry type="1" type_name="REG_SZ">
1274 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Camera\\Allow</Key>
1275 <ValueName>2</ValueName>
1276 <Value>https://example.org:1234</Value>
1278 <Entry type="1" type_name="REG_SZ">
1279 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Camera\\Block</Key>
1280 <ValueName>**delvals.</ValueName>
1283 <Entry type="1" type_name="REG_SZ">
1284 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Camera\\Block</Key>
1285 <ValueName>1</ValueName>
1286 <Value>https://example.edu</Value>
1288 <Entry type="4" type_name="REG_DWORD">
1289 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Location</Key>
1290 <ValueName>BlockNewRequests</ValueName>
1293 <Entry type="4" type_name="REG_DWORD">
1294 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Location</Key>
1295 <ValueName>Locked</ValueName>
1298 <Entry type="1" type_name="REG_SZ">
1299 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Location\\Allow</Key>
1300 <ValueName>**delvals.</ValueName>
1303 <Entry type="1" type_name="REG_SZ">
1304 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Location\\Allow</Key>
1305 <ValueName>1</ValueName>
1306 <Value>https://example.org</Value>
1308 <Entry type="1" type_name="REG_SZ">
1309 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Location\\Block</Key>
1310 <ValueName>**delvals.</ValueName>
1313 <Entry type="1" type_name="REG_SZ">
1314 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Location\\Block</Key>
1315 <ValueName>1</ValueName>
1316 <Value>https://example.edu</Value>
1318 <Entry type="4" type_name="REG_DWORD">
1319 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Microphone</Key>
1320 <ValueName>BlockNewRequests</ValueName>
1323 <Entry type="4" type_name="REG_DWORD">
1324 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Microphone</Key>
1325 <ValueName>Locked</ValueName>
1328 <Entry type="1" type_name="REG_SZ">
1329 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Microphone\\Allow</Key>
1330 <ValueName>**delvals.</ValueName>
1333 <Entry type="1" type_name="REG_SZ">
1334 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Microphone\\Allow</Key>
1335 <ValueName>1</ValueName>
1336 <Value>https://example.org</Value>
1338 <Entry type="1" type_name="REG_SZ">
1339 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Microphone\\Block</Key>
1340 <ValueName>**delvals.</ValueName>
1343 <Entry type="1" type_name="REG_SZ">
1344 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Microphone\\Block</Key>
1345 <ValueName>1</ValueName>
1346 <Value>https://example.edu</Value>
1348 <Entry type="4" type_name="REG_DWORD">
1349 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Notifications</Key>
1350 <ValueName>BlockNewRequests</ValueName>
1353 <Entry type="4" type_name="REG_DWORD">
1354 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Notifications</Key>
1355 <ValueName>Locked</ValueName>
1358 <Entry type="1" type_name="REG_SZ">
1359 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Notifications\\Allow</Key>
1360 <ValueName>**delvals.</ValueName>
1363 <Entry type="1" type_name="REG_SZ">
1364 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Notifications\\Allow</Key>
1365 <ValueName>1</ValueName>
1366 <Value>https://example.org</Value>
1368 <Entry type="1" type_name="REG_SZ">
1369 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Notifications\\Block</Key>
1370 <ValueName>**delvals.</ValueName>
1373 <Entry type="1" type_name="REG_SZ">
1374 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Notifications\\Block</Key>
1375 <ValueName>1</ValueName>
1376 <Value>https://example.edu</Value>
1378 <Entry type="4" type_name="REG_DWORD">
1379 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\VirtualReality</Key>
1380 <ValueName>BlockNewRequests</ValueName>
1383 <Entry type="4" type_name="REG_DWORD">
1384 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\VirtualReality</Key>
1385 <ValueName>Locked</ValueName>
1388 <Entry type="1" type_name="REG_SZ">
1389 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\VirtualReality\\Allow</Key>
1390 <ValueName>**delvals.</ValueName>
1393 <Entry type="1" type_name="REG_SZ">
1394 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\VirtualReality\\Allow</Key>
1395 <ValueName>1</ValueName>
1396 <Value>https://example.org</Value>
1398 <Entry type="1" type_name="REG_SZ">
1399 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\VirtualReality\\Block</Key>
1400 <ValueName>**delvals.</ValueName>
1403 <Entry type="1" type_name="REG_SZ">
1404 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\VirtualReality\\Block</Key>
1405 <ValueName>1</ValueName>
1406 <Value>https://example.edu</Value>
1408 <Entry type="4" type_name="REG_DWORD">
1409 <Key>Software\\Policies\\Mozilla\\Firefox\\PictureInPicture</Key>
1410 <ValueName>Enabled</ValueName>
1413 <Entry type="4" type_name="REG_DWORD">
1414 <Key>Software\\Policies\\Mozilla\\Firefox\\PictureInPicture</Key>
1415 <ValueName>Locked</ValueName>
1418 <Entry type="4" type_name="REG_DWORD">
1419 <Key>Software\\Policies\\Mozilla\\Firefox\\PopupBlocking</Key>
1420 <ValueName>Default</ValueName>
1423 <Entry type="4" type_name="REG_DWORD">
1424 <Key>Software\\Policies\\Mozilla\\Firefox\\PopupBlocking</Key>
1425 <ValueName>Locked</ValueName>
1428 <Entry type="1" type_name="REG_SZ">
1429 <Key>Software\\Policies\\Mozilla\\Firefox\\PopupBlocking\\Allow</Key>
1430 <ValueName>**delvals.</ValueName>
1433 <Entry type="1" type_name="REG_SZ">
1434 <Key>Software\\Policies\\Mozilla\\Firefox\\PopupBlocking\\Allow</Key>
1435 <ValueName>1</ValueName>
1436 <Value>http://example.org/</Value>
1438 <Entry type="1" type_name="REG_SZ">
1439 <Key>Software\\Policies\\Mozilla\\Firefox\\PopupBlocking\\Allow</Key>
1440 <ValueName>2</ValueName>
1441 <Value>http://example.edu/</Value>
1443 <Entry type="4" type_name="REG_DWORD">
1444 <Key>Software\\Policies\\Mozilla\\Firefox\\Proxy</Key>
1445 <ValueName>Locked</ValueName>
1448 <Entry type="1" type_name="REG_SZ">
1449 <Key>Software\\Policies\\Mozilla\\Firefox\\Proxy</Key>
1450 <ValueName>Mode</ValueName>
1451 <Value>autoDetect</Value>
1453 <Entry type="1" type_name="REG_SZ">
1454 <Key>Software\\Policies\\Mozilla\\Firefox\\Proxy</Key>
1455 <ValueName>HTTPProxy</ValueName>
1456 <Value>hostname</Value>
1458 <Entry type="4" type_name="REG_DWORD">
1459 <Key>Software\\Policies\\Mozilla\\Firefox\\Proxy</Key>
1460 <ValueName>UseHTTPProxyForAllProtocols</ValueName>
1463 <Entry type="1" type_name="REG_SZ">
1464 <Key>Software\\Policies\\Mozilla\\Firefox\\Proxy</Key>
1465 <ValueName>SSLProxy</ValueName>
1466 <Value>hostname</Value>
1468 <Entry type="1" type_name="REG_SZ">
1469 <Key>Software\\Policies\\Mozilla\\Firefox\\Proxy</Key>
1470 <ValueName>FTPProxy</ValueName>
1471 <Value>hostname</Value>
1473 <Entry type="1" type_name="REG_SZ">
1474 <Key>Software\\Policies\\Mozilla\\Firefox\\Proxy</Key>
1475 <ValueName>SOCKSProxy</ValueName>
1476 <Value>hostname</Value>
1478 <Entry type="4" type_name="REG_DWORD">
1479 <Key>Software\\Policies\\Mozilla\\Firefox\\Proxy</Key>
1480 <ValueName>SOCKSVersion</ValueName>
1483 <Entry type="1" type_name="REG_SZ">
1484 <Key>Software\\Policies\\Mozilla\\Firefox\\Proxy</Key>
1485 <ValueName>Passthrough</ValueName>
1486 <Value><local></Value>
1488 <Entry type="1" type_name="REG_SZ">
1489 <Key>Software\\Policies\\Mozilla\\Firefox\\Proxy</Key>
1490 <ValueName>AutoConfigURL</ValueName>
1491 <Value>URL_TO_AUTOCONFIG</Value>
1493 <Entry type="4" type_name="REG_DWORD">
1494 <Key>Software\\Policies\\Mozilla\\Firefox\\Proxy</Key>
1495 <ValueName>AutoLogin</ValueName>
1498 <Entry type="4" type_name="REG_DWORD">
1499 <Key>Software\\Policies\\Mozilla\\Firefox\\Proxy</Key>
1500 <ValueName>UseProxyForDNS</ValueName>
1503 <Entry type="4" type_name="REG_DWORD">
1504 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
1505 <ValueName>SanitizeOnShutdown</ValueName>
1508 <Entry type="1" type_name="REG_SZ">
1509 <Key>Software\\Policies\\Mozilla\\Firefox\\SearchEngines</Key>
1510 <ValueName>Default</ValueName>
1511 <Value>Google</Value>
1513 <Entry type="4" type_name="REG_DWORD">
1514 <Key>Software\\Policies\\Mozilla\\Firefox\\SearchEngines</Key>
1515 <ValueName>PreventInstalls</ValueName>
1518 <Entry type="1" type_name="REG_SZ">
1519 <Key>Software\\Policies\\Mozilla\\Firefox\\SearchEngines\\Add\\1</Key>
1520 <ValueName>Name</ValueName>
1521 <Value>Example1</Value>
1523 <Entry type="1" type_name="REG_SZ">
1524 <Key>Software\\Policies\\Mozilla\\Firefox\\SearchEngines\\Add\\1</Key>
1525 <ValueName>URLTemplate</ValueName>
1526 <Value>https://www.example.org/q={searchTerms}</Value>
1528 <Entry type="1" type_name="REG_SZ">
1529 <Key>Software\\Policies\\Mozilla\\Firefox\\SearchEngines\\Add\\1</Key>
1530 <ValueName>Method</ValueName>
1533 <Entry type="1" type_name="REG_SZ">
1534 <Key>Software\\Policies\\Mozilla\\Firefox\\SearchEngines\\Add\\1</Key>
1535 <ValueName>IconURL</ValueName>
1536 <Value>https://www.example.org/favicon.ico</Value>
1538 <Entry type="1" type_name="REG_SZ">
1539 <Key>Software\\Policies\\Mozilla\\Firefox\\SearchEngines\\Add\\1</Key>
1540 <ValueName>Alias</ValueName>
1541 <Value>example</Value>
1543 <Entry type="1" type_name="REG_SZ">
1544 <Key>Software\\Policies\\Mozilla\\Firefox\\SearchEngines\\Add\\1</Key>
1545 <ValueName>Description</ValueName>
1546 <Value>Description</Value>
1548 <Entry type="1" type_name="REG_SZ">
1549 <Key>Software\\Policies\\Mozilla\\Firefox\\SearchEngines\\Add\\1</Key>
1550 <ValueName>SuggestURLTemplate</ValueName>
1551 <Value>https://www.example.org/suggestions/q={searchTerms}</Value>
1553 <Entry type="1" type_name="REG_SZ">
1554 <Key>Software\\Policies\\Mozilla\\Firefox\\SearchEngines\\Add\\1</Key>
1555 <ValueName>PostData</ValueName>
1556 <Value>name=value&q={searchTerms}</Value>
1558 <Entry type="1" type_name="REG_SZ">
1559 <Key>Software\\Policies\\Mozilla\\Firefox\\SearchEngines\\Remove</Key>
1560 <ValueName>**delvals.</ValueName>
1563 <Entry type="1" type_name="REG_SZ">
1564 <Key>Software\\Policies\\Mozilla\\Firefox\\SearchEngines\\Remove</Key>
1565 <ValueName>1</ValueName>
1568 <Entry type="1" type_name="REG_SZ">
1569 <Key>Software\\Policies\\Mozilla\\Firefox\\SupportMenu</Key>
1570 <ValueName>Title</ValueName>
1571 <Value>Support Menu</Value>
1573 <Entry type="1" type_name="REG_SZ">
1574 <Key>Software\\Policies\\Mozilla\\Firefox\\SupportMenu</Key>
1575 <ValueName>URL</ValueName>
1576 <Value>http://example.com/support</Value>
1578 <Entry type="1" type_name="REG_SZ">
1579 <Key>Software\\Policies\\Mozilla\\Firefox\\SupportMenu</Key>
1580 <ValueName>AccessKey</ValueName>
1583 <Entry type="4" type_name="REG_DWORD">
1584 <Key>Software\\Policies\\Mozilla\\Firefox\\UserMessaging</Key>
1585 <ValueName>ExtensionRecommendations</ValueName>
1588 <Entry type="4" type_name="REG_DWORD">
1589 <Key>Software\\Policies\\Mozilla\\Firefox\\UserMessaging</Key>
1590 <ValueName>FeatureRecommendations</ValueName>
1593 <Entry type="4" type_name="REG_DWORD">
1594 <Key>Software\\Policies\\Mozilla\\Firefox\\UserMessaging</Key>
1595 <ValueName>WhatsNew</ValueName>
1598 <Entry type="4" type_name="REG_DWORD">
1599 <Key>Software\\Policies\\Mozilla\\Firefox\\UserMessaging</Key>
1600 <ValueName>UrlbarInterventions</ValueName>
1603 <Entry type="4" type_name="REG_DWORD">
1604 <Key>Software\\Policies\\Mozilla\\Firefox\\UserMessaging</Key>
1605 <ValueName>SkipOnboarding</ValueName>
1608 <Entry type="1" type_name="REG_SZ">
1609 <Key>Software\\Policies\\Mozilla\\Firefox\\WebsiteFilter\\Block</Key>
1610 <ValueName>**delvals.</ValueName>
1613 <Entry type="1" type_name="REG_SZ">
1614 <Key>Software\\Policies\\Mozilla\\Firefox\\WebsiteFilter\\Block</Key>
1615 <ValueName>1</ValueName>
1616 <Value><all_urls></Value>
1618 <Entry type="1" type_name="REG_SZ">
1619 <Key>Software\\Policies\\Mozilla\\Firefox\\WebsiteFilter\\Exceptions</Key>
1620 <ValueName>**delvals.</ValueName>
1623 <Entry type="1" type_name="REG_SZ">
1624 <Key>Software\\Policies\\Mozilla\\Firefox\\WebsiteFilter\\Exceptions</Key>
1625 <ValueName>1</ValueName>
1626 <Value>http://example.org/*</Value>
1628 <Entry type="1" type_name="REG_SZ">
1629 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
1630 <ValueName>AllowedDomainsForApps</ValueName>
1631 <Value>managedfirefox.com,example.com</Value>
1633 <Entry type="4" type_name="REG_DWORD">
1634 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
1635 <ValueName>BackgroundAppUpdate</ValueName>
1638 <Entry type="4" type_name="REG_DWORD">
1639 <Key>Software\\Policies\\Mozilla\\Firefox\\Certificates</Key>
1640 <ValueName>ImportEnterpriseRoots</ValueName>
1643 <Entry type="1" type_name="REG_SZ">
1644 <Key>Software\\Policies\\Mozilla\\Firefox\\Certificates\\Install</Key>
1645 <ValueName>**delvals.</ValueName>
1648 <Entry type="1" type_name="REG_SZ">
1649 <Key>Software\\Policies\\Mozilla\\Firefox\\Certificates\\Install</Key>
1650 <ValueName>1</ValueName>
1651 <Value>cert1.der</Value>
1653 <Entry type="1" type_name="REG_SZ">
1654 <Key>Software\\Policies\\Mozilla\\Firefox\\Certificates\\Install</Key>
1655 <ValueName>2</ValueName>
1656 <Value>/home/username/cert2.pem</Value>
1658 <Entry type="1" type_name="REG_SZ">
1659 <Key>Software\\Policies\\Mozilla\\Firefox\\SecurityDevices</Key>
1660 <ValueName>NAME_OF_DEVICE</ValueName>
1661 <Value>PATH_TO_LIBRARY_FOR_DEVICE</Value>
1663 <Entry type="4" type_name="REG_DWORD">
1664 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
1665 <ValueName>ShowHomeButton</ValueName>
1668 <Entry type="7" type_name="REG_MULTI_SZ">
1669 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
1670 <ValueName>AutoLaunchProtocolsFromOrigins</ValueName>
1671 <Value>[{"protocol": "zoommtg", "allowed_origins": ["https://somesite.zoom.us"]}]</Value>
1676 firefox_json_expected
= \
1680 "AppAutoUpdate": true,
1681 "AllowedDomainsForApps": "managedfirefox.com,example.com",
1682 "AppUpdateURL": "https://yoursite.com",
1686 "https://myotherdomain.com"
1690 "https://myotherdomain.com"
1694 "https://myotherdomain.com"
1705 "PrivateBrowsing": true
1707 "AutoLaunchProtocolsFromOrigins": [
1709 "protocol": "zoommtg",
1710 "allowed_origins": [
1711 "https://somesite.zoom.us"
1715 "BackgroundAppUpdate": true,
1716 "BlockAboutAddons": true,
1717 "BlockAboutConfig": true,
1718 "BlockAboutProfiles": true,
1719 "BlockAboutSupport": true,
1723 "URL": "https://example.com",
1724 "Favicon": "https://example.com/favicon.ico",
1725 "Placement": "menu",
1726 "Folder": "FolderName"
1730 "URL": "www.samba.org",
1732 "Placement": "toolbar",
1736 "CaptivePortal": true,
1738 "ImportEnterpriseRoots": true,
1741 "/home/username/cert2.pem"
1746 "http://example.org/"
1749 "http://example.edu/"
1752 "http://example.edu/"
1755 "AcceptThirdParty": "never",
1756 "ExpireAtSessionEnd": true,
1757 "RejectTracker": true,
1760 "DisableSetDesktopBackground": true,
1761 "DisableMasterPasswordCreation": true,
1762 "DisableAppUpdate": true,
1763 "DisableBuiltinPDFViewer": true,
1764 "DisabledCiphers": {
1765 "TLS_DHE_RSA_WITH_AES_128_CBC_SHA": true,
1766 "TLS_DHE_RSA_WITH_AES_256_CBC_SHA": true,
1767 "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA": true,
1768 "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA": true,
1769 "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256": true,
1770 "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256": true,
1771 "TLS_RSA_WITH_AES_128_CBC_SHA": true,
1772 "TLS_RSA_WITH_AES_256_CBC_SHA": true,
1773 "TLS_RSA_WITH_3DES_EDE_CBC_SHA": true,
1774 "TLS_RSA_WITH_AES_128_GCM_SHA256": true,
1775 "TLS_RSA_WITH_AES_256_GCM_SHA384": true
1777 "DisableDefaultBrowserAgent": true,
1778 "DisableDeveloperTools": true,
1779 "DisableFeedbackCommands": true,
1780 "DisableFirefoxScreenshots": true,
1781 "DisableFirefoxAccounts": true,
1782 "DisableFirefoxStudies": true,
1783 "DisableForgetButton": true,
1784 "DisableFormHistory": true,
1785 "DisablePasswordReveal": true,
1786 "DisablePocket": true,
1787 "DisablePrivateBrowsing": true,
1788 "DisableProfileImport": true,
1789 "DisableProfileRefresh": true,
1790 "DisableSafeMode": true,
1791 "DisableSecurityBypass": {
1792 "InvalidCertificate": true,
1793 "SafeBrowsing": true
1795 "DisableSystemAddonUpdate": true,
1796 "DisableTelemetry": true,
1797 "DisplayBookmarksToolbar": true,
1798 "DisplayMenuBar": "default-on",
1801 "ProviderURL": "URL_TO_ALTERNATE_PROVIDER",
1803 "ExcludedDomains": [
1807 "DontCheckDefaultBrowser": true,
1808 "EnableTrackingProtection": {
1811 "Cryptomining": true,
1812 "Fingerprinting": true,
1814 "https://example.com"
1817 "EncryptedMediaExtensions": {
1823 "https://addons.mozilla.org/firefox/downloads/somefile.xpi",
1827 "bad_addon_id@mozilla.org"
1830 "addon_id@mozilla.org"
1833 "ExtensionSettings": {
1835 "blocked_install_message": "Custom error message.",
1836 "install_sources": [
1838 "https://addons.mozilla.org/"
1840 "installation_mode": "blocked",
1845 "uBlock0@raymondhill.net": {
1846 "installation_mode": "force_installed",
1847 "install_url": "https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi"
1849 "https-everywhere@eff.org": {
1850 "installation_mode": "allowed"
1853 "ExtensionUpdate": true,
1856 "http://example.org/"
1859 "http://example.edu/"
1866 "application/msword": {
1867 "action": "useSystemDefault",
1873 "action": "useHelperApp",
1878 "uriTemplate": "https://mail.google.com/mail/?extsrc=mailto&url=%s"
1885 "action": "useHelperApp",
1889 "name": "Adobe Acrobat",
1890 "path": "/usr/bin/acroread"
1904 "HardwareAcceleration": true,
1906 "URL": "http://example.com/",
1909 "http://example.org/",
1910 "http://example.edu/"
1912 "StartPage": "homepage"
1914 "InstallAddonsPermission": {
1916 "http://example.org/",
1917 "http://example.edu/"
1922 "http://example.org/",
1923 "http://example.edu/"
1925 "ManagedBookmarks": [
1927 "toplevel_name": "My managed bookmarks folder"
1930 "url": "example.com",
1934 "name": "Mozilla links",
1937 "url": "https://mozilla.org",
1938 "name": "Mozilla.org"
1941 "url": "https://support.mozilla.org/",
1947 "PrimaryPassword": true,
1948 "NoDefaultBookmarks": true,
1949 "OfferToSaveLogins": true,
1950 "OfferToSaveLoginsDefault": true,
1951 "OverrideFirstRunPage": "http://example.org",
1952 "OverridePostUpdatePage": "http://example.org",
1953 "PasswordManagerEnabled": true,
1956 "EnablePermissions": true
1961 "https://example.org",
1962 "https://example.org:1234"
1965 "https://example.edu"
1967 "BlockNewRequests": true,
1972 "https://example.org"
1975 "https://example.edu"
1977 "BlockNewRequests": true,
1982 "https://example.org"
1985 "https://example.edu"
1987 "BlockNewRequests": true,
1992 "https://example.org"
1995 "https://example.edu"
1997 "BlockNewRequests": true,
2002 "https://example.org"
2005 "https://example.edu"
2007 "Default": "block-audio",
2012 "https://example.org"
2015 "https://example.edu"
2017 "BlockNewRequests": true,
2021 "PictureInPicture": {
2027 "http://example.org/",
2028 "http://example.edu/"
2034 "accessibility.force_disabled": {
2038 "browser.cache.disk.parent_directory": {
2039 "Value": "SOME_NATIVE_PATH",
2042 "browser.tabs.warnOnClose": {
2047 "PromptForDownloadLocation": true,
2049 "Mode": "autoDetect",
2051 "HTTPProxy": "hostname",
2052 "UseHTTPProxyForAllProtocols": true,
2053 "SSLProxy": "hostname",
2054 "FTPProxy": "hostname",
2055 "SOCKSProxy": "hostname",
2057 "Passthrough": "<local>",
2058 "AutoConfigURL": "URL_TO_AUTOCONFIG",
2060 "UseProxyForDNS": true
2062 "SanitizeOnShutdown": true,
2067 "URLTemplate": "https://www.example.org/q={searchTerms}",
2069 "IconURL": "https://www.example.org/favicon.ico",
2071 "Description": "Description",
2072 "PostData": "name=value&q={searchTerms}",
2073 "SuggestURLTemplate": "https://www.example.org/suggestions/q={searchTerms}"
2079 "Default": "Google",
2080 "PreventInstalls": true
2082 "SearchSuggestEnabled": true,
2083 "SecurityDevices": {
2084 "NAME_OF_DEVICE": "PATH_TO_LIBRARY_FOR_DEVICE"
2086 "ShowHomeButton": true,
2087 "SSLVersionMax": "tls1.3",
2088 "SSLVersionMin": "tls1.3",
2090 "Title": "Support Menu",
2091 "URL": "http://example.com/support",
2096 "ExtensionRecommendations": true,
2097 "FeatureRecommendations": true,
2098 "UrlbarInterventions": true,
2099 "SkipOnboarding": true
2106 "http://example.org/*"
2109 "DefaultDownloadDirectory": "${home}/Downloads",
2110 "DownloadDirectory": "${home}/Downloads",
2111 "NetworkPrediction": true,
2113 "RequestedLocales": ["de", "en-US"],
2114 "SearchBar": "unified"
2119 chromium_reg_pol
= \
2121 <?xml version="1.0" encoding="utf-8"?>
2122 <PolFile num_entries="418" signature="PReg" version="1">
2123 <Entry type="4" type_name="REG_DWORD">
2124 <Key>Software\Policies\Google\Chrome</Key>
2125 <ValueName>AbusiveExperienceInterventionEnforce</ValueName>
2128 <Entry type="4" type_name="REG_DWORD">
2129 <Key>Software\Policies\Google\Chrome</Key>
2130 <ValueName>AccessibilityImageLabelsEnabled</ValueName>
2133 <Entry type="4" type_name="REG_DWORD">
2134 <Key>Software\Policies\Google\Chrome</Key>
2135 <ValueName>AdditionalDnsQueryTypesEnabled</ValueName>
2138 <Entry type="4" type_name="REG_DWORD">
2139 <Key>Software\Policies\Google\Chrome</Key>
2140 <ValueName>AdsSettingForIntrusiveAdsSites</ValueName>
2143 <Entry type="4" type_name="REG_DWORD">
2144 <Key>Software\Policies\Google\Chrome</Key>
2145 <ValueName>AdvancedProtectionAllowed</ValueName>
2148 <Entry type="4" type_name="REG_DWORD">
2149 <Key>Software\Policies\Google\Chrome</Key>
2150 <ValueName>AllowCrossOriginAuthPrompt</ValueName>
2153 <Entry type="4" type_name="REG_DWORD">
2154 <Key>Software\Policies\Google\Chrome</Key>
2155 <ValueName>AllowDeletingBrowserHistory</ValueName>
2158 <Entry type="4" type_name="REG_DWORD">
2159 <Key>Software\Policies\Google\Chrome</Key>
2160 <ValueName>AllowDinosaurEasterEgg</ValueName>
2163 <Entry type="4" type_name="REG_DWORD">
2164 <Key>Software\Policies\Google\Chrome</Key>
2165 <ValueName>AllowFileSelectionDialogs</ValueName>
2168 <Entry type="4" type_name="REG_DWORD">
2169 <Key>Software\Policies\Google\Chrome</Key>
2170 <ValueName>AllowSyncXHRInPageDismissal</ValueName>
2173 <Entry type="1" type_name="REG_SZ">
2174 <Key>Software\Policies\Google\Chrome</Key>
2175 <ValueName>AllowedDomainsForApps</ValueName>
2176 <Value>managedchrome.com,example.com</Value>
2178 <Entry type="4" type_name="REG_DWORD">
2179 <Key>Software\Policies\Google\Chrome</Key>
2180 <ValueName>AlternateErrorPagesEnabled</ValueName>
2183 <Entry type="1" type_name="REG_SZ">
2184 <Key>Software\Policies\Google\Chrome</Key>
2185 <ValueName>AlternativeBrowserPath</ValueName>
2186 <Value>${ie}</Value>
2188 <Entry type="4" type_name="REG_DWORD">
2189 <Key>Software\Policies\Google\Chrome</Key>
2190 <ValueName>AlwaysOpenPdfExternally</ValueName>
2193 <Entry type="4" type_name="REG_DWORD">
2194 <Key>Software\Policies\Google\Chrome</Key>
2195 <ValueName>AmbientAuthenticationInPrivateModesEnabled</ValueName>
2198 <Entry type="4" type_name="REG_DWORD">
2199 <Key>Software\Policies\Google\Chrome</Key>
2200 <ValueName>AppCacheForceEnabled</ValueName>
2203 <Entry type="1" type_name="REG_SZ">
2204 <Key>Software\Policies\Google\Chrome</Key>
2205 <ValueName>ApplicationLocaleValue</ValueName>
2208 <Entry type="4" type_name="REG_DWORD">
2209 <Key>Software\Policies\Google\Chrome</Key>
2210 <ValueName>AudioCaptureAllowed</ValueName>
2213 <Entry type="4" type_name="REG_DWORD">
2214 <Key>Software\Policies\Google\Chrome</Key>
2215 <ValueName>AudioProcessHighPriorityEnabled</ValueName>
2218 <Entry type="4" type_name="REG_DWORD">
2219 <Key>Software\Policies\Google\Chrome</Key>
2220 <ValueName>AudioSandboxEnabled</ValueName>
2223 <Entry type="1" type_name="REG_SZ">
2224 <Key>Software\Policies\Google\Chrome</Key>
2225 <ValueName>AuthNegotiateDelegateAllowlist</ValueName>
2226 <Value>foobar.example.com</Value>
2228 <Entry type="1" type_name="REG_SZ">
2229 <Key>Software\Policies\Google\Chrome</Key>
2230 <ValueName>AuthSchemes</ValueName>
2231 <Value>basic,digest,ntlm,negotiate</Value>
2233 <Entry type="1" type_name="REG_SZ">
2234 <Key>Software\Policies\Google\Chrome</Key>
2235 <ValueName>AuthServerAllowlist</ValueName>
2236 <Value>*.example.com,example.com</Value>
2238 <Entry type="1" type_name="REG_SZ">
2239 <Key>Software\Policies\Google\Chrome</Key>
2240 <ValueName>AutoLaunchProtocolsFromOrigins</ValueName>
2241 <Value>[{"allowed_origins": ["example.com", "http://www.example.com:8080"], "protocol": "spotify"}, {"allowed_origins": ["https://example.com", "https://.mail.example.com"], "protocol": "teams"}, {"allowed_origins": ["*"], "protocol": "outlook"}]</Value>
2243 <Entry type="4" type_name="REG_DWORD">
2244 <Key>Software\Policies\Google\Chrome</Key>
2245 <ValueName>AutofillAddressEnabled</ValueName>
2248 <Entry type="4" type_name="REG_DWORD">
2249 <Key>Software\Policies\Google\Chrome</Key>
2250 <ValueName>AutofillCreditCardEnabled</ValueName>
2253 <Entry type="4" type_name="REG_DWORD">
2254 <Key>Software\Policies\Google\Chrome</Key>
2255 <ValueName>AutoplayAllowed</ValueName>
2258 <Entry type="4" type_name="REG_DWORD">
2259 <Key>Software\Policies\Google\Chrome</Key>
2260 <ValueName>BackgroundModeEnabled</ValueName>
2263 <Entry type="4" type_name="REG_DWORD">
2264 <Key>Software\Policies\Google\Chrome</Key>
2265 <ValueName>BasicAuthOverHttpEnabled</ValueName>
2268 <Entry type="4" type_name="REG_DWORD">
2269 <Key>Software\Policies\Google\Chrome</Key>
2270 <ValueName>BlockExternalExtensions</ValueName>
2273 <Entry type="4" type_name="REG_DWORD">
2274 <Key>Software\Policies\Google\Chrome</Key>
2275 <ValueName>BlockThirdPartyCookies</ValueName>
2278 <Entry type="4" type_name="REG_DWORD">
2279 <Key>Software\Policies\Google\Chrome</Key>
2280 <ValueName>BookmarkBarEnabled</ValueName>
2283 <Entry type="4" type_name="REG_DWORD">
2284 <Key>Software\Policies\Google\Chrome</Key>
2285 <ValueName>BrowserAddPersonEnabled</ValueName>
2288 <Entry type="4" type_name="REG_DWORD">
2289 <Key>Software\Policies\Google\Chrome</Key>
2290 <ValueName>BrowserGuestModeEnabled</ValueName>
2293 <Entry type="4" type_name="REG_DWORD">
2294 <Key>Software\Policies\Google\Chrome</Key>
2295 <ValueName>BrowserGuestModeEnforced</ValueName>
2298 <Entry type="4" type_name="REG_DWORD">
2299 <Key>Software\Policies\Google\Chrome</Key>
2300 <ValueName>BrowserLabsEnabled</ValueName>
2303 <Entry type="4" type_name="REG_DWORD">
2304 <Key>Software\Policies\Google\Chrome</Key>
2305 <ValueName>BrowserNetworkTimeQueriesEnabled</ValueName>
2308 <Entry type="4" type_name="REG_DWORD">
2309 <Key>Software\Policies\Google\Chrome</Key>
2310 <ValueName>BrowserSignin</ValueName>
2313 <Entry type="1" type_name="REG_SZ">
2314 <Key>Software\Policies\Google\Chrome</Key>
2315 <ValueName>BrowserSwitcherChromePath</ValueName>
2316 <Value>${chrome}</Value>
2318 <Entry type="4" type_name="REG_DWORD">
2319 <Key>Software\Policies\Google\Chrome</Key>
2320 <ValueName>BrowserSwitcherDelay</ValueName>
2321 <Value>10000</Value>
2323 <Entry type="4" type_name="REG_DWORD">
2324 <Key>Software\Policies\Google\Chrome</Key>
2325 <ValueName>BrowserSwitcherEnabled</ValueName>
2328 <Entry type="1" type_name="REG_SZ">
2329 <Key>Software\Policies\Google\Chrome</Key>
2330 <ValueName>BrowserSwitcherExternalGreylistUrl</ValueName>
2331 <Value>http://example.com/greylist.xml</Value>
2333 <Entry type="1" type_name="REG_SZ">
2334 <Key>Software\Policies\Google\Chrome</Key>
2335 <ValueName>BrowserSwitcherExternalSitelistUrl</ValueName>
2336 <Value>http://example.com/sitelist.xml</Value>
2338 <Entry type="4" type_name="REG_DWORD">
2339 <Key>Software\Policies\Google\Chrome</Key>
2340 <ValueName>BrowserSwitcherKeepLastChromeTab</ValueName>
2343 <Entry type="4" type_name="REG_DWORD">
2344 <Key>Software\Policies\Google\Chrome</Key>
2345 <ValueName>BrowserSwitcherUseIeSitelist</ValueName>
2348 <Entry type="1" type_name="REG_SZ">
2349 <Key>Software\Policies\Google\Chrome</Key>
2350 <ValueName>BrowserThemeColor</ValueName>
2351 <Value>#FFFFFF</Value>
2353 <Entry type="1" type_name="REG_SZ">
2354 <Key>Software\Policies\Google\Chrome</Key>
2355 <ValueName>BrowsingDataLifetime</ValueName>
2356 <Value>[{"data_types": ["browsing_history"], "time_to_live_in_hours": 24}, {"data_types": ["password_signin", "autofill"], "time_to_live_in_hours": 12}]</Value>
2358 <Entry type="4" type_name="REG_DWORD">
2359 <Key>Software\Policies\Google\Chrome</Key>
2360 <ValueName>BuiltInDnsClientEnabled</ValueName>
2363 <Entry type="4" type_name="REG_DWORD">
2364 <Key>Software\Policies\Google\Chrome</Key>
2365 <ValueName>CECPQ2Enabled</ValueName>
2368 <Entry type="4" type_name="REG_DWORD">
2369 <Key>Software\Policies\Google\Chrome</Key>
2370 <ValueName>ChromeCleanupEnabled</ValueName>
2373 <Entry type="4" type_name="REG_DWORD">
2374 <Key>Software\Policies\Google\Chrome</Key>
2375 <ValueName>ChromeCleanupReportingEnabled</ValueName>
2378 <Entry type="4" type_name="REG_DWORD">
2379 <Key>Software\Policies\Google\Chrome</Key>
2380 <ValueName>ChromeVariations</ValueName>
2383 <Entry type="4" type_name="REG_DWORD">
2384 <Key>Software\Policies\Google\Chrome</Key>
2385 <ValueName>ClickToCallEnabled</ValueName>
2388 <Entry type="4" type_name="REG_DWORD">
2389 <Key>Software\Policies\Google\Chrome</Key>
2390 <ValueName>CloudManagementEnrollmentMandatory</ValueName>
2393 <Entry type="1" type_name="REG_SZ">
2394 <Key>Software\Policies\Google\Chrome</Key>
2395 <ValueName>CloudManagementEnrollmentToken</ValueName>
2396 <Value>37185d02-e055-11e7-80c1-9a214cf093ae</Value>
2398 <Entry type="4" type_name="REG_DWORD">
2399 <Key>Software\Policies\Google\Chrome</Key>
2400 <ValueName>CloudPolicyOverridesPlatformPolicy</ValueName>
2403 <Entry type="4" type_name="REG_DWORD">
2404 <Key>Software\Policies\Google\Chrome</Key>
2405 <ValueName>CloudPrintProxyEnabled</ValueName>
2408 <Entry type="4" type_name="REG_DWORD">
2409 <Key>Software\Policies\Google\Chrome</Key>
2410 <ValueName>CloudPrintSubmitEnabled</ValueName>
2413 <Entry type="4" type_name="REG_DWORD">
2414 <Key>Software\Policies\Google\Chrome</Key>
2415 <ValueName>CloudUserPolicyMerge</ValueName>
2418 <Entry type="4" type_name="REG_DWORD">
2419 <Key>Software\Policies\Google\Chrome</Key>
2420 <ValueName>CommandLineFlagSecurityWarningsEnabled</ValueName>
2423 <Entry type="4" type_name="REG_DWORD">
2424 <Key>Software\Policies\Google\Chrome</Key>
2425 <ValueName>ComponentUpdatesEnabled</ValueName>
2428 <Entry type="4" type_name="REG_DWORD">
2429 <Key>Software\Policies\Google\Chrome</Key>
2430 <ValueName>DNSInterceptionChecksEnabled</ValueName>
2433 <Entry type="4" type_name="REG_DWORD">
2434 <Key>Software\Policies\Google\Chrome</Key>
2435 <ValueName>DefaultBrowserSettingEnabled</ValueName>
2438 <Entry type="4" type_name="REG_DWORD">
2439 <Key>Software\Policies\Google\Chrome</Key>
2440 <ValueName>DefaultCookiesSetting</ValueName>
2443 <Entry type="4" type_name="REG_DWORD">
2444 <Key>Software\Policies\Google\Chrome</Key>
2445 <ValueName>DefaultFileHandlingGuardSetting</ValueName>
2448 <Entry type="4" type_name="REG_DWORD">
2449 <Key>Software\Policies\Google\Chrome</Key>
2450 <ValueName>DefaultFileSystemReadGuardSetting</ValueName>
2453 <Entry type="4" type_name="REG_DWORD">
2454 <Key>Software\Policies\Google\Chrome</Key>
2455 <ValueName>DefaultFileSystemWriteGuardSetting</ValueName>
2458 <Entry type="4" type_name="REG_DWORD">
2459 <Key>Software\Policies\Google\Chrome</Key>
2460 <ValueName>DefaultGeolocationSetting</ValueName>
2463 <Entry type="4" type_name="REG_DWORD">
2464 <Key>Software\Policies\Google\Chrome</Key>
2465 <ValueName>DefaultImagesSetting</ValueName>
2468 <Entry type="4" type_name="REG_DWORD">
2469 <Key>Software\Policies\Google\Chrome</Key>
2470 <ValueName>DefaultInsecureContentSetting</ValueName>
2473 <Entry type="4" type_name="REG_DWORD">
2474 <Key>Software\Policies\Google\Chrome</Key>
2475 <ValueName>DefaultJavaScriptSetting</ValueName>
2478 <Entry type="4" type_name="REG_DWORD">
2479 <Key>Software\Policies\Google\Chrome</Key>
2480 <ValueName>DefaultNotificationsSetting</ValueName>
2483 <Entry type="4" type_name="REG_DWORD">
2484 <Key>Software\Policies\Google\Chrome</Key>
2485 <ValueName>DefaultPopupsSetting</ValueName>
2488 <Entry type="1" type_name="REG_SZ">
2489 <Key>Software\Policies\Google\Chrome</Key>
2490 <ValueName>DefaultPrinterSelection</ValueName>
2491 <Value>{ "kind": "cloud", "idPattern": ".*public", "namePattern": ".*Color" }</Value>
2493 <Entry type="4" type_name="REG_DWORD">
2494 <Key>Software\Policies\Google\Chrome</Key>
2495 <ValueName>DefaultSearchProviderContextMenuAccessAllowed</ValueName>
2498 <Entry type="4" type_name="REG_DWORD">
2499 <Key>Software\Policies\Google\Chrome</Key>
2500 <ValueName>DefaultSearchProviderEnabled</ValueName>
2503 <Entry type="1" type_name="REG_SZ">
2504 <Key>Software\Policies\Google\Chrome</Key>
2505 <ValueName>DefaultSearchProviderIconURL</ValueName>
2506 <Value>https://search.my.company/favicon.ico</Value>
2508 <Entry type="1" type_name="REG_SZ">
2509 <Key>Software\Policies\Google\Chrome</Key>
2510 <ValueName>DefaultSearchProviderImageURL</ValueName>
2511 <Value>https://search.my.company/searchbyimage/upload</Value>
2513 <Entry type="1" type_name="REG_SZ">
2514 <Key>Software\Policies\Google\Chrome</Key>
2515 <ValueName>DefaultSearchProviderImageURLPostParams</ValueName>
2516 <Value>content={imageThumbnail},url={imageURL},sbisrc={SearchSource}</Value>
2518 <Entry type="1" type_name="REG_SZ">
2519 <Key>Software\Policies\Google\Chrome</Key>
2520 <ValueName>DefaultSearchProviderKeyword</ValueName>
2523 <Entry type="1" type_name="REG_SZ">
2524 <Key>Software\Policies\Google\Chrome</Key>
2525 <ValueName>DefaultSearchProviderName</ValueName>
2526 <Value>My Intranet Search</Value>
2528 <Entry type="1" type_name="REG_SZ">
2529 <Key>Software\Policies\Google\Chrome</Key>
2530 <ValueName>DefaultSearchProviderNewTabURL</ValueName>
2531 <Value>https://search.my.company/newtab</Value>
2533 <Entry type="1" type_name="REG_SZ">
2534 <Key>Software\Policies\Google\Chrome</Key>
2535 <ValueName>DefaultSearchProviderSearchURL</ValueName>
2536 <Value>https://search.my.company/search?q={searchTerms}</Value>
2538 <Entry type="1" type_name="REG_SZ">
2539 <Key>Software\Policies\Google\Chrome</Key>
2540 <ValueName>DefaultSearchProviderSearchURLPostParams</ValueName>
2541 <Value>q={searchTerms},ie=utf-8,oe=utf-8</Value>
2543 <Entry type="1" type_name="REG_SZ">
2544 <Key>Software\Policies\Google\Chrome</Key>
2545 <ValueName>DefaultSearchProviderSuggestURL</ValueName>
2546 <Value>https://search.my.company/suggest?q={searchTerms}</Value>
2548 <Entry type="1" type_name="REG_SZ">
2549 <Key>Software\Policies\Google\Chrome</Key>
2550 <ValueName>DefaultSearchProviderSuggestURLPostParams</ValueName>
2551 <Value>q={searchTerms},ie=utf-8,oe=utf-8</Value>
2553 <Entry type="4" type_name="REG_DWORD">
2554 <Key>Software\Policies\Google\Chrome</Key>
2555 <ValueName>DefaultSensorsSetting</ValueName>
2558 <Entry type="4" type_name="REG_DWORD">
2559 <Key>Software\Policies\Google\Chrome</Key>
2560 <ValueName>DefaultSerialGuardSetting</ValueName>
2563 <Entry type="4" type_name="REG_DWORD">
2564 <Key>Software\Policies\Google\Chrome</Key>
2565 <ValueName>DefaultWebBluetoothGuardSetting</ValueName>
2568 <Entry type="4" type_name="REG_DWORD">
2569 <Key>Software\Policies\Google\Chrome</Key>
2570 <ValueName>DefaultWebUsbGuardSetting</ValueName>
2573 <Entry type="4" type_name="REG_DWORD">
2574 <Key>Software\Policies\Google\Chrome</Key>
2575 <ValueName>DeveloperToolsAvailability</ValueName>
2578 <Entry type="4" type_name="REG_DWORD">
2579 <Key>Software\Policies\Google\Chrome</Key>
2580 <ValueName>Disable3DAPIs</ValueName>
2583 <Entry type="4" type_name="REG_DWORD">
2584 <Key>Software\Policies\Google\Chrome</Key>
2585 <ValueName>DisableAuthNegotiateCnameLookup</ValueName>
2588 <Entry type="4" type_name="REG_DWORD">
2589 <Key>Software\Policies\Google\Chrome</Key>
2590 <ValueName>DisablePrintPreview</ValueName>
2593 <Entry type="4" type_name="REG_DWORD">
2594 <Key>Software\Policies\Google\Chrome</Key>
2595 <ValueName>DisableSafeBrowsingProceedAnyway</ValueName>
2598 <Entry type="4" type_name="REG_DWORD">
2599 <Key>Software\Policies\Google\Chrome</Key>
2600 <ValueName>DisableScreenshots</ValueName>
2603 <Entry type="1" type_name="REG_SZ">
2604 <Key>Software\Policies\Google\Chrome</Key>
2605 <ValueName>DiskCacheDir</ValueName>
2606 <Value>${user_home}/Chrome_cache</Value>
2608 <Entry type="4" type_name="REG_DWORD">
2609 <Key>Software\Policies\Google\Chrome</Key>
2610 <ValueName>DiskCacheSize</ValueName>
2611 <Value>104857600</Value>
2613 <Entry type="1" type_name="REG_SZ">
2614 <Key>Software\Policies\Google\Chrome</Key>
2615 <ValueName>DnsOverHttpsMode</ValueName>
2618 <Entry type="1" type_name="REG_SZ">
2619 <Key>Software\Policies\Google\Chrome</Key>
2620 <ValueName>DnsOverHttpsTemplates</ValueName>
2621 <Value>https://dns.example.net/dns-query{?dns}</Value>
2623 <Entry type="1" type_name="REG_SZ">
2624 <Key>Software\Policies\Google\Chrome</Key>
2625 <ValueName>DownloadDirectory</ValueName>
2626 <Value>/home/${user_name}/Downloads</Value>
2628 <Entry type="4" type_name="REG_DWORD">
2629 <Key>Software\Policies\Google\Chrome</Key>
2630 <ValueName>DownloadRestrictions</ValueName>
2633 <Entry type="4" type_name="REG_DWORD">
2634 <Key>Software\Policies\Google\Chrome</Key>
2635 <ValueName>EditBookmarksEnabled</ValueName>
2638 <Entry type="4" type_name="REG_DWORD">
2639 <Key>Software\Policies\Google\Chrome</Key>
2640 <ValueName>EnableAuthNegotiatePort</ValueName>
2643 <Entry type="4" type_name="REG_DWORD">
2644 <Key>Software\Policies\Google\Chrome</Key>
2645 <ValueName>EnableDeprecatedPrivetPrinting</ValueName>
2648 <Entry type="4" type_name="REG_DWORD">
2649 <Key>Software\Policies\Google\Chrome</Key>
2650 <ValueName>EnableMediaRouter</ValueName>
2653 <Entry type="4" type_name="REG_DWORD">
2654 <Key>Software\Policies\Google\Chrome</Key>
2655 <ValueName>EnableOnlineRevocationChecks</ValueName>
2658 <Entry type="4" type_name="REG_DWORD">
2659 <Key>Software\Policies\Google\Chrome</Key>
2660 <ValueName>EnterpriseHardwarePlatformAPIEnabled</ValueName>
2663 <Entry type="1" type_name="REG_SZ">
2664 <Key>Software\Policies\Google\Chrome</Key>
2665 <ValueName>ExtensionSettings</ValueName>
2666 <Value>{"*": {"allowed_types": ["hosted_app"], "blocked_install_message": "Custom error message.", "blocked_permissions": ["downloads", "bookmarks"], "install_sources": ["https://company-intranet/chromeapps"], "installation_mode": "blocked", "runtime_allowed_hosts": ["*://good.example.com"], "runtime_blocked_hosts": ["*://*.example.com"]}, "abcdefghijklmnopabcdefghijklmnop": {"blocked_permissions": ["history"], "installation_mode": "allowed", "minimum_version_required": "1.0.1", "toolbar_pin": "force_pinned"}, "bcdefghijklmnopabcdefghijklmnopa": {"allowed_permissions": ["downloads"], "installation_mode": "force_installed", "runtime_allowed_hosts": ["*://good.example.com"], "runtime_blocked_hosts": ["*://*.example.com"], "update_url": "https://example.com/update_url"}, "cdefghijklmnopabcdefghijklmnopab": {"blocked_install_message": "Custom error message.", "installation_mode": "blocked"}, "defghijklmnopabcdefghijklmnopabc,efghijklmnopabcdefghijklmnopabcd": {"blocked_install_message": "Custom error message.", "installation_mode": "blocked"}, "fghijklmnopabcdefghijklmnopabcde": {"blocked_install_message": "Custom removal message.", "installation_mode": "removed"}, "ghijklmnopabcdefghijklmnopabcdef": {"installation_mode": "force_installed", "override_update_url": true, "update_url": "https://example.com/update_url"}, "update_url:https://www.example.com/update.xml": {"allowed_permissions": ["downloads"], "blocked_permissions": ["wallpaper"], "installation_mode": "allowed"}}</Value>
2668 <Entry type="4" type_name="REG_DWORD">
2669 <Key>Software\Policies\Google\Chrome</Key>
2670 <ValueName>ExternalProtocolDialogShowAlwaysOpenCheckbox</ValueName>
2673 <Entry type="4" type_name="REG_DWORD">
2674 <Key>Software\Policies\Google\Chrome</Key>
2675 <ValueName>FetchKeepaliveDurationSecondsOnShutdown</ValueName>
2678 <Entry type="4" type_name="REG_DWORD">
2679 <Key>Software\Policies\Google\Chrome</Key>
2680 <ValueName>ForceEphemeralProfiles</ValueName>
2683 <Entry type="4" type_name="REG_DWORD">
2684 <Key>Software\Policies\Google\Chrome</Key>
2685 <ValueName>ForceGoogleSafeSearch</ValueName>
2688 <Entry type="4" type_name="REG_DWORD">
2689 <Key>Software\Policies\Google\Chrome</Key>
2690 <ValueName>ForceYouTubeRestrict</ValueName>
2693 <Entry type="4" type_name="REG_DWORD">
2694 <Key>Software\Policies\Google\Chrome</Key>
2695 <ValueName>FullscreenAllowed</ValueName>
2698 <Entry type="4" type_name="REG_DWORD">
2699 <Key>Software\Policies\Google\Chrome</Key>
2700 <ValueName>GloballyScopeHTTPAuthCacheEnabled</ValueName>
2703 <Entry type="4" type_name="REG_DWORD">
2704 <Key>Software\Policies\Google\Chrome</Key>
2705 <ValueName>HardwareAccelerationModeEnabled</ValueName>
2708 <Entry type="4" type_name="REG_DWORD">
2709 <Key>Software\Policies\Google\Chrome</Key>
2710 <ValueName>HeadlessMode</ValueName>
2713 <Entry type="4" type_name="REG_DWORD">
2714 <Key>Software\Policies\Google\Chrome</Key>
2715 <ValueName>HideWebStoreIcon</ValueName>
2718 <Entry type="4" type_name="REG_DWORD">
2719 <Key>Software\Policies\Google\Chrome</Key>
2720 <ValueName>HomepageIsNewTabPage</ValueName>
2723 <Entry type="1" type_name="REG_SZ">
2724 <Key>Software\Policies\Google\Chrome</Key>
2725 <ValueName>HomepageLocation</ValueName>
2726 <Value>https://www.chromium.org</Value>
2728 <Entry type="4" type_name="REG_DWORD">
2729 <Key>Software\Policies\Google\Chrome</Key>
2730 <ValueName>ImportAutofillFormData</ValueName>
2733 <Entry type="4" type_name="REG_DWORD">
2734 <Key>Software\Policies\Google\Chrome</Key>
2735 <ValueName>ImportBookmarks</ValueName>
2738 <Entry type="4" type_name="REG_DWORD">
2739 <Key>Software\Policies\Google\Chrome</Key>
2740 <ValueName>ImportHistory</ValueName>
2743 <Entry type="4" type_name="REG_DWORD">
2744 <Key>Software\Policies\Google\Chrome</Key>
2745 <ValueName>ImportHomepage</ValueName>
2748 <Entry type="4" type_name="REG_DWORD">
2749 <Key>Software\Policies\Google\Chrome</Key>
2750 <ValueName>ImportSavedPasswords</ValueName>
2753 <Entry type="4" type_name="REG_DWORD">
2754 <Key>Software\Policies\Google\Chrome</Key>
2755 <ValueName>ImportSearchEngine</ValueName>
2758 <Entry type="4" type_name="REG_DWORD">
2759 <Key>Software\Policies\Google\Chrome</Key>
2760 <ValueName>IncognitoModeAvailability</ValueName>
2763 <Entry type="4" type_name="REG_DWORD">
2764 <Key>Software\Policies\Google\Chrome</Key>
2765 <ValueName>InsecureFormsWarningsEnabled</ValueName>
2768 <Entry type="4" type_name="REG_DWORD">
2769 <Key>Software\Policies\Google\Chrome</Key>
2770 <ValueName>InsecurePrivateNetworkRequestsAllowed</ValueName>
2773 <Entry type="4" type_name="REG_DWORD">
2774 <Key>Software\Policies\Google\Chrome</Key>
2775 <ValueName>IntensiveWakeUpThrottlingEnabled</ValueName>
2778 <Entry type="4" type_name="REG_DWORD">
2779 <Key>Software\Policies\Google\Chrome</Key>
2780 <ValueName>IntranetRedirectBehavior</ValueName>
2783 <Entry type="1" type_name="REG_SZ">
2784 <Key>Software\Policies\Google\Chrome</Key>
2785 <ValueName>IsolateOrigins</ValueName>
2786 <Value>https://example.com/,https://othersite.org/</Value>
2788 <Entry type="1" type_name="REG_SZ">
2789 <Key>Software\Policies\Google\Chrome</Key>
2790 <ValueName>ManagedBookmarks</ValueName>
2791 <Value>[{"toplevel_name": "My managed bookmarks folder"}, {"name": "Google", "url": "google.com"}, {"name": "Youtube", "url": "youtube.com"}, {"children": [{"name": "Chromium", "url": "chromium.org"}, {"name": "Chromium Developers", "url": "dev.chromium.org"}], "name": "Chrome links"}]</Value>
2793 <Entry type="1" type_name="REG_SZ">
2794 <Key>Software\Policies\Google\Chrome</Key>
2795 <ValueName>ManagedConfigurationPerOrigin</ValueName>
2796 <Value>[{"managed_configuration_hash": "asd891jedasd12ue9h", "managed_configuration_url": "https://gstatic.google.com/configuration.json", "origin": "https://www.google.com"}, {"managed_configuration_hash": "djio12easd89u12aws", "managed_configuration_url": "https://gstatic.google.com/configuration2.json", "origin": "https://www.example.com"}]</Value>
2798 <Entry type="4" type_name="REG_DWORD">
2799 <Key>Software\Policies\Google\Chrome</Key>
2800 <ValueName>MaxConnectionsPerProxy</ValueName>
2803 <Entry type="4" type_name="REG_DWORD">
2804 <Key>Software\Policies\Google\Chrome</Key>
2805 <ValueName>MaxInvalidationFetchDelay</ValueName>
2806 <Value>10000</Value>
2808 <Entry type="4" type_name="REG_DWORD">
2809 <Key>Software\Policies\Google\Chrome</Key>
2810 <ValueName>MediaRecommendationsEnabled</ValueName>
2813 <Entry type="4" type_name="REG_DWORD">
2814 <Key>Software\Policies\Google\Chrome</Key>
2815 <ValueName>MediaRouterCastAllowAllIPs</ValueName>
2818 <Entry type="4" type_name="REG_DWORD">
2819 <Key>Software\Policies\Google\Chrome</Key>
2820 <ValueName>MetricsReportingEnabled</ValueName>
2823 <Entry type="4" type_name="REG_DWORD">
2824 <Key>Software\Policies\Google\Chrome</Key>
2825 <ValueName>NTPCardsVisible</ValueName>
2828 <Entry type="4" type_name="REG_DWORD">
2829 <Key>Software\Policies\Google\Chrome</Key>
2830 <ValueName>NTPCustomBackgroundEnabled</ValueName>
2833 <Entry type="4" type_name="REG_DWORD">
2834 <Key>Software\Policies\Google\Chrome</Key>
2835 <ValueName>NativeMessagingUserLevelHosts</ValueName>
2838 <Entry type="4" type_name="REG_DWORD">
2839 <Key>Software\Policies\Google\Chrome</Key>
2840 <ValueName>NetworkPredictionOptions</ValueName>
2843 <Entry type="1" type_name="REG_SZ">
2844 <Key>Software\Policies\Google\Chrome</Key>
2845 <ValueName>NewTabPageLocation</ValueName>
2846 <Value>https://www.chromium.org</Value>
2848 <Entry type="4" type_name="REG_DWORD">
2849 <Key>Software\Policies\Google\Chrome</Key>
2850 <ValueName>PasswordLeakDetectionEnabled</ValueName>
2853 <Entry type="4" type_name="REG_DWORD">
2854 <Key>Software\Policies\Google\Chrome</Key>
2855 <ValueName>PasswordManagerEnabled</ValueName>
2858 <Entry type="1" type_name="REG_SZ">
2859 <Key>Software\Policies\Google\Chrome</Key>
2860 <ValueName>PasswordProtectionChangePasswordURL</ValueName>
2861 <Value>https://mydomain.com/change_password.html</Value>
2863 <Entry type="4" type_name="REG_DWORD">
2864 <Key>Software\Policies\Google\Chrome</Key>
2865 <ValueName>PasswordProtectionWarningTrigger</ValueName>
2868 <Entry type="4" type_name="REG_DWORD">
2869 <Key>Software\Policies\Google\Chrome</Key>
2870 <ValueName>PaymentMethodQueryEnabled</ValueName>
2873 <Entry type="4" type_name="REG_DWORD">
2874 <Key>Software\Policies\Google\Chrome</Key>
2875 <ValueName>PolicyAtomicGroupsEnabled</ValueName>
2878 <Entry type="4" type_name="REG_DWORD">
2879 <Key>Software\Policies\Google\Chrome</Key>
2880 <ValueName>PolicyRefreshRate</ValueName>
2881 <Value>3600000</Value>
2883 <Entry type="4" type_name="REG_DWORD">
2884 <Key>Software\Policies\Google\Chrome</Key>
2885 <ValueName>PrintHeaderFooter</ValueName>
2888 <Entry type="4" type_name="REG_DWORD">
2889 <Key>Software\Policies\Google\Chrome</Key>
2890 <ValueName>PrintPreviewUseSystemDefaultPrinter</ValueName>
2893 <Entry type="4" type_name="REG_DWORD">
2894 <Key>Software\Policies\Google\Chrome</Key>
2895 <ValueName>PrintRasterizationMode</ValueName>
2898 <Entry type="1" type_name="REG_SZ">
2899 <Key>Software\Policies\Google\Chrome</Key>
2900 <ValueName>PrintingAllowedBackgroundGraphicsModes</ValueName>
2901 <Value>enabled</Value>
2903 <Entry type="1" type_name="REG_SZ">
2904 <Key>Software\Policies\Google\Chrome</Key>
2905 <ValueName>PrintingBackgroundGraphicsDefault</ValueName>
2906 <Value>enabled</Value>
2908 <Entry type="4" type_name="REG_DWORD">
2909 <Key>Software\Policies\Google\Chrome</Key>
2910 <ValueName>PrintingEnabled</ValueName>
2913 <Entry type="1" type_name="REG_SZ">
2914 <Key>Software\Policies\Google\Chrome</Key>
2915 <ValueName>PrintingPaperSizeDefault</ValueName>
2916 <Value>{"custom_size": {"height": 297000, "width": 210000}, "name": "custom"}</Value>
2918 <Entry type="4" type_name="REG_DWORD">
2919 <Key>Software\Policies\Google\Chrome</Key>
2920 <ValueName>ProfilePickerOnStartupAvailability</ValueName>
2923 <Entry type="4" type_name="REG_DWORD">
2924 <Key>Software\Policies\Google\Chrome</Key>
2925 <ValueName>PromotionalTabsEnabled</ValueName>
2928 <Entry type="4" type_name="REG_DWORD">
2929 <Key>Software\Policies\Google\Chrome</Key>
2930 <ValueName>PromptForDownloadLocation</ValueName>
2933 <Entry type="1" type_name="REG_SZ">
2934 <Key>Software\Policies\Google\Chrome</Key>
2935 <ValueName>ProxySettings</ValueName>
2936 <Value>{"ProxyBypassList": "https://www.example1.com,https://www.example2.com,https://internalsite/", "ProxyMode": "direct", "ProxyPacUrl": "https://internal.site/example.pac", "ProxyServer": "123.123.123.123:8080", "ProxyServerMode": 2}</Value>
2938 <Entry type="4" type_name="REG_DWORD">
2939 <Key>Software\Policies\Google\Chrome</Key>
2940 <ValueName>QuicAllowed</ValueName>
2943 <Entry type="4" type_name="REG_DWORD">
2944 <Key>Software\Policies\Google\Chrome</Key>
2945 <ValueName>RelaunchNotification</ValueName>
2948 <Entry type="4" type_name="REG_DWORD">
2949 <Key>Software\Policies\Google\Chrome</Key>
2950 <ValueName>RelaunchNotificationPeriod</ValueName>
2951 <Value>604800000</Value>
2953 <Entry type="4" type_name="REG_DWORD">
2954 <Key>Software\Policies\Google\Chrome</Key>
2955 <ValueName>RemoteAccessHostAllowClientPairing</ValueName>
2958 <Entry type="4" type_name="REG_DWORD">
2959 <Key>Software\Policies\Google\Chrome</Key>
2960 <ValueName>RemoteAccessHostAllowFileTransfer</ValueName>
2963 <Entry type="4" type_name="REG_DWORD">
2964 <Key>Software\Policies\Google\Chrome</Key>
2965 <ValueName>RemoteAccessHostAllowRelayedConnection</ValueName>
2968 <Entry type="4" type_name="REG_DWORD">
2969 <Key>Software\Policies\Google\Chrome</Key>
2970 <ValueName>RemoteAccessHostAllowRemoteAccessConnections</ValueName>
2973 <Entry type="4" type_name="REG_DWORD">
2974 <Key>Software\Policies\Google\Chrome</Key>
2975 <ValueName>RemoteAccessHostAllowUiAccessForRemoteAssistance</ValueName>
2978 <Entry type="4" type_name="REG_DWORD">
2979 <Key>Software\Policies\Google\Chrome</Key>
2980 <ValueName>RemoteAccessHostFirewallTraversal</ValueName>
2983 <Entry type="4" type_name="REG_DWORD">
2984 <Key>Software\Policies\Google\Chrome</Key>
2985 <ValueName>RemoteAccessHostMaximumSessionDurationMinutes</ValueName>
2988 <Entry type="4" type_name="REG_DWORD">
2989 <Key>Software\Policies\Google\Chrome</Key>
2990 <ValueName>RemoteAccessHostRequireCurtain</ValueName>
2993 <Entry type="1" type_name="REG_SZ">
2994 <Key>Software\Policies\Google\Chrome</Key>
2995 <ValueName>RemoteAccessHostUdpPortRange</ValueName>
2996 <Value>12400-12409</Value>
2998 <Entry type="4" type_name="REG_DWORD">
2999 <Key>Software\Policies\Google\Chrome</Key>
3000 <ValueName>RendererCodeIntegrityEnabled</ValueName>
3003 <Entry type="4" type_name="REG_DWORD">
3004 <Key>Software\Policies\Google\Chrome</Key>
3005 <ValueName>RequireOnlineRevocationChecksForLocalAnchors</ValueName>
3008 <Entry type="4" type_name="REG_DWORD">
3009 <Key>Software\Policies\Google\Chrome</Key>
3010 <ValueName>RestoreOnStartup</ValueName>
3013 <Entry type="1" type_name="REG_SZ">
3014 <Key>Software\Policies\Google\Chrome</Key>
3015 <ValueName>RestrictSigninToPattern</ValueName>
3016 <Value>.*@example\.com</Value>
3018 <Entry type="1" type_name="REG_SZ">
3019 <Key>Software\Policies\Google\Chrome</Key>
3020 <ValueName>RoamingProfileLocation</ValueName>
3021 <Value>${roaming_app_data}\chrome-profile</Value>
3023 <Entry type="4" type_name="REG_DWORD">
3024 <Key>Software\Policies\Google\Chrome</Key>
3025 <ValueName>RoamingProfileSupportEnabled</ValueName>
3028 <Entry type="4" type_name="REG_DWORD">
3029 <Key>Software\Policies\Google\Chrome</Key>
3030 <ValueName>SSLErrorOverrideAllowed</ValueName>
3033 <Entry type="1" type_name="REG_SZ">
3034 <Key>Software\Policies\Google\Chrome</Key>
3035 <ValueName>SSLVersionMin</ValueName>
3038 <Entry type="4" type_name="REG_DWORD">
3039 <Key>Software\Policies\Google\Chrome</Key>
3040 <ValueName>SafeBrowsingExtendedReportingEnabled</ValueName>
3043 <Entry type="4" type_name="REG_DWORD">
3044 <Key>Software\Policies\Google\Chrome</Key>
3045 <ValueName>SafeBrowsingForTrustedSourcesEnabled</ValueName>
3048 <Entry type="4" type_name="REG_DWORD">
3049 <Key>Software\Policies\Google\Chrome</Key>
3050 <ValueName>SafeBrowsingProtectionLevel</ValueName>
3053 <Entry type="4" type_name="REG_DWORD">
3054 <Key>Software\Policies\Google\Chrome</Key>
3055 <ValueName>SafeSitesFilterBehavior</ValueName>
3058 <Entry type="4" type_name="REG_DWORD">
3059 <Key>Software\Policies\Google\Chrome</Key>
3060 <ValueName>SavingBrowserHistoryDisabled</ValueName>
3063 <Entry type="4" type_name="REG_DWORD">
3064 <Key>Software\Policies\Google\Chrome</Key>
3065 <ValueName>ScreenCaptureAllowed</ValueName>
3068 <Entry type="4" type_name="REG_DWORD">
3069 <Key>Software\Policies\Google\Chrome</Key>
3070 <ValueName>ScrollToTextFragmentEnabled</ValueName>
3073 <Entry type="4" type_name="REG_DWORD">
3074 <Key>Software\Policies\Google\Chrome</Key>
3075 <ValueName>SearchSuggestEnabled</ValueName>
3078 <Entry type="4" type_name="REG_DWORD">
3079 <Key>Software\Policies\Google\Chrome</Key>
3080 <ValueName>SharedArrayBufferUnrestrictedAccessAllowed</ValueName>
3083 <Entry type="4" type_name="REG_DWORD">
3084 <Key>Software\Policies\Google\Chrome</Key>
3085 <ValueName>SharedClipboardEnabled</ValueName>
3088 <Entry type="4" type_name="REG_DWORD">
3089 <Key>Software\Policies\Google\Chrome</Key>
3090 <ValueName>ShowAppsShortcutInBookmarkBar</ValueName>
3093 <Entry type="4" type_name="REG_DWORD">
3094 <Key>Software\Policies\Google\Chrome</Key>
3095 <ValueName>ShowCastIconInToolbar</ValueName>
3098 <Entry type="4" type_name="REG_DWORD">
3099 <Key>Software\Policies\Google\Chrome</Key>
3100 <ValueName>ShowFullUrlsInAddressBar</ValueName>
3103 <Entry type="4" type_name="REG_DWORD">
3104 <Key>Software\Policies\Google\Chrome</Key>
3105 <ValueName>ShowHomeButton</ValueName>
3108 <Entry type="4" type_name="REG_DWORD">
3109 <Key>Software\Policies\Google\Chrome</Key>
3110 <ValueName>SignedHTTPExchangeEnabled</ValueName>
3113 <Entry type="4" type_name="REG_DWORD">
3114 <Key>Software\Policies\Google\Chrome</Key>
3115 <ValueName>SigninInterceptionEnabled</ValueName>
3118 <Entry type="4" type_name="REG_DWORD">
3119 <Key>Software\Policies\Google\Chrome</Key>
3120 <ValueName>SitePerProcess</ValueName>
3123 <Entry type="4" type_name="REG_DWORD">
3124 <Key>Software\Policies\Google\Chrome</Key>
3125 <ValueName>SpellCheckServiceEnabled</ValueName>
3128 <Entry type="4" type_name="REG_DWORD">
3129 <Key>Software\Policies\Google\Chrome</Key>
3130 <ValueName>SpellcheckEnabled</ValueName>
3133 <Entry type="4" type_name="REG_DWORD">
3134 <Key>Software\Policies\Google\Chrome</Key>
3135 <ValueName>SuppressDifferentOriginSubframeDialogs</ValueName>
3138 <Entry type="4" type_name="REG_DWORD">
3139 <Key>Software\Policies\Google\Chrome</Key>
3140 <ValueName>SuppressUnsupportedOSWarning</ValueName>
3143 <Entry type="4" type_name="REG_DWORD">
3144 <Key>Software\Policies\Google\Chrome</Key>
3145 <ValueName>SyncDisabled</ValueName>
3148 <Entry type="4" type_name="REG_DWORD">
3149 <Key>Software\Policies\Google\Chrome</Key>
3150 <ValueName>TargetBlankImpliesNoOpener</ValueName>
3153 <Entry type="4" type_name="REG_DWORD">
3154 <Key>Software\Policies\Google\Chrome</Key>
3155 <ValueName>TaskManagerEndProcessEnabled</ValueName>
3158 <Entry type="4" type_name="REG_DWORD">
3159 <Key>Software\Policies\Google\Chrome</Key>
3160 <ValueName>ThirdPartyBlockingEnabled</ValueName>
3163 <Entry type="4" type_name="REG_DWORD">
3164 <Key>Software\Policies\Google\Chrome</Key>
3165 <ValueName>TotalMemoryLimitMb</ValueName>
3168 <Entry type="4" type_name="REG_DWORD">
3169 <Key>Software\Policies\Google\Chrome</Key>
3170 <ValueName>TranslateEnabled</ValueName>
3173 <Entry type="4" type_name="REG_DWORD">
3174 <Key>Software\Policies\Google\Chrome</Key>
3175 <ValueName>TripleDESEnabled</ValueName>
3178 <Entry type="4" type_name="REG_DWORD">
3179 <Key>Software\Policies\Google\Chrome</Key>
3180 <ValueName>UrlKeyedAnonymizedDataCollectionEnabled</ValueName>
3183 <Entry type="4" type_name="REG_DWORD">
3184 <Key>Software\Policies\Google\Chrome</Key>
3185 <ValueName>UserAgentClientHintsEnabled</ValueName>
3188 <Entry type="1" type_name="REG_SZ">
3189 <Key>Software\Policies\Google\Chrome</Key>
3190 <ValueName>UserDataDir</ValueName>
3191 <Value>${users}/${user_name}/Chrome</Value>
3193 <Entry type="4" type_name="REG_DWORD">
3194 <Key>Software\Policies\Google\Chrome</Key>
3195 <ValueName>UserDataSnapshotRetentionLimit</ValueName>
3198 <Entry type="4" type_name="REG_DWORD">
3199 <Key>Software\Policies\Google\Chrome</Key>
3200 <ValueName>UserFeedbackAllowed</ValueName>
3203 <Entry type="4" type_name="REG_DWORD">
3204 <Key>Software\Policies\Google\Chrome</Key>
3205 <ValueName>VideoCaptureAllowed</ValueName>
3208 <Entry type="4" type_name="REG_DWORD">
3209 <Key>Software\Policies\Google\Chrome</Key>
3210 <ValueName>WPADQuickCheckEnabled</ValueName>
3213 <Entry type="1" type_name="REG_SZ">
3214 <Key>Software\Policies\Google\Chrome</Key>
3215 <ValueName>WebAppInstallForceList</ValueName>
3216 <Value>[{"create_desktop_shortcut": true, "default_launch_container": "window", "url": "https://www.google.com/maps"}, {"default_launch_container": "tab", "url": "https://docs.google.com"}, {"default_launch_container": "window", "fallback_app_name": "Editor", "url": "https://docs.google.com/editor"}]</Value>
3218 <Entry type="4" type_name="REG_DWORD">
3219 <Key>Software\Policies\Google\Chrome</Key>
3220 <ValueName>WebRtcAllowLegacyTLSProtocols</ValueName>
3223 <Entry type="4" type_name="REG_DWORD">
3224 <Key>Software\Policies\Google\Chrome</Key>
3225 <ValueName>WebRtcEventLogCollectionAllowed</ValueName>
3228 <Entry type="1" type_name="REG_SZ">
3229 <Key>Software\Policies\Google\Chrome</Key>
3230 <ValueName>WebRtcIPHandling</ValueName>
3231 <Value>default</Value>
3233 <Entry type="1" type_name="REG_SZ">
3234 <Key>Software\Policies\Google\Chrome</Key>
3235 <ValueName>WebRtcUdpPortRange</ValueName>
3236 <Value>10000-11999</Value>
3238 <Entry type="1" type_name="REG_SZ">
3239 <Key>Software\Policies\Google\Chrome</Key>
3240 <ValueName>WebUsbAllowDevicesForUrls</ValueName>
3241 <Value>[{"devices": [{"product_id": 5678, "vendor_id": 1234}], "urls": ["https://google.com"]}]</Value>
3243 <Entry type="4" type_name="REG_DWORD">
3244 <Key>Software\Policies\Google\Chrome</Key>
3245 <ValueName>WindowOcclusionEnabled</ValueName>
3248 <Entry type="1" type_name="REG_SZ">
3249 <Key>Software\Policies\Google\Chrome\AlternativeBrowserParameters</Key>
3250 <ValueName>1</ValueName>
3251 <Value>-foreground</Value>
3253 <Entry type="1" type_name="REG_SZ">
3254 <Key>Software\Policies\Google\Chrome\AlternativeBrowserParameters</Key>
3255 <ValueName>2</ValueName>
3256 <Value>-new-window</Value>
3258 <Entry type="1" type_name="REG_SZ">
3259 <Key>Software\Policies\Google\Chrome\AlternativeBrowserParameters</Key>
3260 <ValueName>3</ValueName>
3261 <Value>${url}</Value>
3263 <Entry type="1" type_name="REG_SZ">
3264 <Key>Software\Policies\Google\Chrome\AlternativeBrowserParameters</Key>
3265 <ValueName>4</ValueName>
3266 <Value>-profile</Value>
3268 <Entry type="1" type_name="REG_SZ">
3269 <Key>Software\Policies\Google\Chrome\AlternativeBrowserParameters</Key>
3270 <ValueName>5</ValueName>
3271 <Value>%HOME%\browser_profile</Value>
3273 <Entry type="1" type_name="REG_SZ">
3274 <Key>Software\Policies\Google\Chrome\AudioCaptureAllowedUrls</Key>
3275 <ValueName>1</ValueName>
3276 <Value>https://www.example.com/</Value>
3278 <Entry type="1" type_name="REG_SZ">
3279 <Key>Software\Policies\Google\Chrome\AudioCaptureAllowedUrls</Key>
3280 <ValueName>2</ValueName>
3281 <Value>https://[*.]example.edu/</Value>
3283 <Entry type="1" type_name="REG_SZ">
3284 <Key>Software\Policies\Google\Chrome\AutoOpenAllowedForURLs</Key>
3285 <ValueName>1</ValueName>
3286 <Value>example.com</Value>
3288 <Entry type="1" type_name="REG_SZ">
3289 <Key>Software\Policies\Google\Chrome\AutoOpenAllowedForURLs</Key>
3290 <ValueName>2</ValueName>
3291 <Value>https://ssl.server.com</Value>
3293 <Entry type="1" type_name="REG_SZ">
3294 <Key>Software\Policies\Google\Chrome\AutoOpenAllowedForURLs</Key>
3295 <ValueName>3</ValueName>
3296 <Value>hosting.com/good_path</Value>
3298 <Entry type="1" type_name="REG_SZ">
3299 <Key>Software\Policies\Google\Chrome\AutoOpenAllowedForURLs</Key>
3300 <ValueName>4</ValueName>
3301 <Value>https://server:8080/path</Value>
3303 <Entry type="1" type_name="REG_SZ">
3304 <Key>Software\Policies\Google\Chrome\AutoOpenAllowedForURLs</Key>
3305 <ValueName>5</ValueName>
3306 <Value>.exact.hostname.com</Value>
3308 <Entry type="1" type_name="REG_SZ">
3309 <Key>Software\Policies\Google\Chrome\AutoOpenFileTypes</Key>
3310 <ValueName>1</ValueName>
3313 <Entry type="1" type_name="REG_SZ">
3314 <Key>Software\Policies\Google\Chrome\AutoOpenFileTypes</Key>
3315 <ValueName>2</ValueName>
3318 <Entry type="1" type_name="REG_SZ">
3319 <Key>Software\Policies\Google\Chrome\AutoSelectCertificateForUrls</Key>
3320 <ValueName>1</ValueName>
3321 <Value>{"pattern":"https://www.example.com","filter":{"ISSUER":{"CN":"certificate issuer name", "L": "certificate issuer location", "O": "certificate issuer org", "OU": "certificate issuer org unit"}, "SUBJECT":{"CN":"certificate subject name", "L": "certificate subject location", "O": "certificate subject org", "OU": "certificate subject org unit"}}}</Value>
3323 <Entry type="1" type_name="REG_SZ">
3324 <Key>Software\Policies\Google\Chrome\AutoplayAllowlist</Key>
3325 <ValueName>1</ValueName>
3326 <Value>https://www.example.com</Value>
3328 <Entry type="1" type_name="REG_SZ">
3329 <Key>Software\Policies\Google\Chrome\AutoplayAllowlist</Key>
3330 <ValueName>2</ValueName>
3331 <Value>[*.]example.edu</Value>
3333 <Entry type="1" type_name="REG_SZ">
3334 <Key>Software\Policies\Google\Chrome\BrowserSwitcherChromeParameters</Key>
3335 <ValueName>1</ValueName>
3336 <Value>--force-dark-mode</Value>
3338 <Entry type="1" type_name="REG_SZ">
3339 <Key>Software\Policies\Google\Chrome\BrowserSwitcherUrlGreylist</Key>
3340 <ValueName>1</ValueName>
3341 <Value>ie.com</Value>
3343 <Entry type="1" type_name="REG_SZ">
3344 <Key>Software\Policies\Google\Chrome\BrowserSwitcherUrlGreylist</Key>
3345 <ValueName>2</ValueName>
3346 <Value>!open-in-chrome.ie.com</Value>
3348 <Entry type="1" type_name="REG_SZ">
3349 <Key>Software\Policies\Google\Chrome\BrowserSwitcherUrlGreylist</Key>
3350 <ValueName>3</ValueName>
3351 <Value>foobar.com/ie-only/</Value>
3353 <Entry type="1" type_name="REG_SZ">
3354 <Key>Software\Policies\Google\Chrome\BrowserSwitcherUrlList</Key>
3355 <ValueName>1</ValueName>
3356 <Value>ie.com</Value>
3358 <Entry type="1" type_name="REG_SZ">
3359 <Key>Software\Policies\Google\Chrome\BrowserSwitcherUrlList</Key>
3360 <ValueName>2</ValueName>
3361 <Value>!open-in-chrome.ie.com</Value>
3363 <Entry type="1" type_name="REG_SZ">
3364 <Key>Software\Policies\Google\Chrome\BrowserSwitcherUrlList</Key>
3365 <ValueName>3</ValueName>
3366 <Value>foobar.com/ie-only/</Value>
3368 <Entry type="1" type_name="REG_SZ">
3369 <Key>Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForCas</Key>
3370 <ValueName>1</ValueName>
3371 <Value>sha256/AAAAAAAAAAAAAAAAAAAAAA==</Value>
3373 <Entry type="1" type_name="REG_SZ">
3374 <Key>Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForCas</Key>
3375 <ValueName>2</ValueName>
3376 <Value>sha256//////////////////////w==</Value>
3378 <Entry type="1" type_name="REG_SZ">
3379 <Key>Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForLegacyCas</Key>
3380 <ValueName>1</ValueName>
3381 <Value>sha256/AAAAAAAAAAAAAAAAAAAAAA==</Value>
3383 <Entry type="1" type_name="REG_SZ">
3384 <Key>Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForLegacyCas</Key>
3385 <ValueName>2</ValueName>
3386 <Value>sha256//////////////////////w==</Value>
3388 <Entry type="1" type_name="REG_SZ">
3389 <Key>Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls</Key>
3390 <ValueName>1</ValueName>
3391 <Value>example.com</Value>
3393 <Entry type="1" type_name="REG_SZ">
3394 <Key>Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls</Key>
3395 <ValueName>2</ValueName>
3396 <Value>.example.com</Value>
3398 <Entry type="1" type_name="REG_SZ">
3399 <Key>Software\Policies\Google\Chrome\ClearBrowsingDataOnExitList</Key>
3400 <ValueName>1</ValueName>
3401 <Value>browsing_history</Value>
3403 <Entry type="1" type_name="REG_SZ">
3404 <Key>Software\Policies\Google\Chrome\ClearBrowsingDataOnExitList</Key>
3405 <ValueName>2</ValueName>
3406 <Value>download_history</Value>
3408 <Entry type="1" type_name="REG_SZ">
3409 <Key>Software\Policies\Google\Chrome\ClearBrowsingDataOnExitList</Key>
3410 <ValueName>3</ValueName>
3411 <Value>cookies_and_other_site_data</Value>
3413 <Entry type="1" type_name="REG_SZ">
3414 <Key>Software\Policies\Google\Chrome\ClearBrowsingDataOnExitList</Key>
3415 <ValueName>4</ValueName>
3416 <Value>cached_images_and_files</Value>
3418 <Entry type="1" type_name="REG_SZ">
3419 <Key>Software\Policies\Google\Chrome\ClearBrowsingDataOnExitList</Key>
3420 <ValueName>5</ValueName>
3421 <Value>password_signin</Value>
3423 <Entry type="1" type_name="REG_SZ">
3424 <Key>Software\Policies\Google\Chrome\ClearBrowsingDataOnExitList</Key>
3425 <ValueName>6</ValueName>
3426 <Value>autofill</Value>
3428 <Entry type="1" type_name="REG_SZ">
3429 <Key>Software\Policies\Google\Chrome\ClearBrowsingDataOnExitList</Key>
3430 <ValueName>7</ValueName>
3431 <Value>site_settings</Value>
3433 <Entry type="1" type_name="REG_SZ">
3434 <Key>Software\Policies\Google\Chrome\ClearBrowsingDataOnExitList</Key>
3435 <ValueName>8</ValueName>
3436 <Value>hosted_app_data</Value>
3438 <Entry type="1" type_name="REG_SZ">
3439 <Key>Software\Policies\Google\Chrome\CookiesAllowedForUrls</Key>
3440 <ValueName>1</ValueName>
3441 <Value>https://www.example.com</Value>
3443 <Entry type="1" type_name="REG_SZ">
3444 <Key>Software\Policies\Google\Chrome\CookiesAllowedForUrls</Key>
3445 <ValueName>2</ValueName>
3446 <Value>[*.]example.edu</Value>
3448 <Entry type="1" type_name="REG_SZ">
3449 <Key>Software\Policies\Google\Chrome\CookiesBlockedForUrls</Key>
3450 <ValueName>1</ValueName>
3451 <Value>https://www.example.com</Value>
3453 <Entry type="1" type_name="REG_SZ">
3454 <Key>Software\Policies\Google\Chrome\CookiesBlockedForUrls</Key>
3455 <ValueName>2</ValueName>
3456 <Value>[*.]example.edu</Value>
3458 <Entry type="1" type_name="REG_SZ">
3459 <Key>Software\Policies\Google\Chrome\CookiesSessionOnlyForUrls</Key>
3460 <ValueName>1</ValueName>
3461 <Value>https://www.example.com</Value>
3463 <Entry type="1" type_name="REG_SZ">
3464 <Key>Software\Policies\Google\Chrome\CookiesSessionOnlyForUrls</Key>
3465 <ValueName>2</ValueName>
3466 <Value>[*.]example.edu</Value>
3468 <Entry type="1" type_name="REG_SZ">
3469 <Key>Software\Policies\Google\Chrome\DefaultSearchProviderAlternateURLs</Key>
3470 <ValueName>1</ValueName>
3471 <Value>https://search.my.company/suggest#q={searchTerms}</Value>
3473 <Entry type="1" type_name="REG_SZ">
3474 <Key>Software\Policies\Google\Chrome\DefaultSearchProviderAlternateURLs</Key>
3475 <ValueName>2</ValueName>
3476 <Value>https://search.my.company/suggest/search#q={searchTerms}</Value>
3478 <Entry type="1" type_name="REG_SZ">
3479 <Key>Software\Policies\Google\Chrome\DefaultSearchProviderEncodings</Key>
3480 <ValueName>1</ValueName>
3481 <Value>UTF-8</Value>
3483 <Entry type="1" type_name="REG_SZ">
3484 <Key>Software\Policies\Google\Chrome\DefaultSearchProviderEncodings</Key>
3485 <ValueName>2</ValueName>
3486 <Value>UTF-16</Value>
3488 <Entry type="1" type_name="REG_SZ">
3489 <Key>Software\Policies\Google\Chrome\DefaultSearchProviderEncodings</Key>
3490 <ValueName>3</ValueName>
3491 <Value>GB2312</Value>
3493 <Entry type="1" type_name="REG_SZ">
3494 <Key>Software\Policies\Google\Chrome\DefaultSearchProviderEncodings</Key>
3495 <ValueName>4</ValueName>
3496 <Value>ISO-8859-1</Value>
3498 <Entry type="1" type_name="REG_SZ">
3499 <Key>Software\Policies\Google\Chrome\EnableExperimentalPolicies</Key>
3500 <ValueName>1</ValueName>
3501 <Value>ExtensionInstallAllowlist</Value>
3503 <Entry type="1" type_name="REG_SZ">
3504 <Key>Software\Policies\Google\Chrome\EnableExperimentalPolicies</Key>
3505 <ValueName>2</ValueName>
3506 <Value>ExtensionInstallBlocklist</Value>
3508 <Entry type="1" type_name="REG_SZ">
3509 <Key>Software\Policies\Google\Chrome\ExplicitlyAllowedNetworkPorts</Key>
3510 <ValueName>1</ValueName>
3511 <Value>10080</Value>
3513 <Entry type="1" type_name="REG_SZ">
3514 <Key>Software\Policies\Google\Chrome\ExtensionAllowedTypes</Key>
3515 <ValueName>1</ValueName>
3516 <Value>hosted_app</Value>
3518 <Entry type="1" type_name="REG_SZ">
3519 <Key>Software\Policies\Google\Chrome\ExtensionInstallAllowlist</Key>
3520 <ValueName>1</ValueName>
3521 <Value>extension_id1</Value>
3523 <Entry type="1" type_name="REG_SZ">
3524 <Key>Software\Policies\Google\Chrome\ExtensionInstallAllowlist</Key>
3525 <ValueName>2</ValueName>
3526 <Value>extension_id2</Value>
3528 <Entry type="1" type_name="REG_SZ">
3529 <Key>Software\Policies\Google\Chrome\ExtensionInstallBlocklist</Key>
3530 <ValueName>1</ValueName>
3531 <Value>extension_id1</Value>
3533 <Entry type="1" type_name="REG_SZ">
3534 <Key>Software\Policies\Google\Chrome\ExtensionInstallBlocklist</Key>
3535 <ValueName>2</ValueName>
3536 <Value>extension_id2</Value>
3538 <Entry type="1" type_name="REG_SZ">
3539 <Key>Software\Policies\Google\Chrome\ExtensionInstallForcelist</Key>
3540 <ValueName>1</ValueName>
3541 <Value>aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa;https://clients2.google.com/service/update2/crx</Value>
3543 <Entry type="1" type_name="REG_SZ">
3544 <Key>Software\Policies\Google\Chrome\ExtensionInstallForcelist</Key>
3545 <ValueName>2</ValueName>
3546 <Value>abcdefghijklmnopabcdefghijklmnop</Value>
3548 <Entry type="1" type_name="REG_SZ">
3549 <Key>Software\Policies\Google\Chrome\ExtensionInstallSources</Key>
3550 <ValueName>1</ValueName>
3551 <Value>https://corp.mycompany.com/*</Value>
3553 <Entry type="1" type_name="REG_SZ">
3554 <Key>Software\Policies\Google\Chrome\FileHandlingAllowedForUrls</Key>
3555 <ValueName>1</ValueName>
3556 <Value>https://www.example.com</Value>
3558 <Entry type="1" type_name="REG_SZ">
3559 <Key>Software\Policies\Google\Chrome\FileHandlingAllowedForUrls</Key>
3560 <ValueName>2</ValueName>
3561 <Value>[*.]example.edu</Value>
3563 <Entry type="1" type_name="REG_SZ">
3564 <Key>Software\Policies\Google\Chrome\FileHandlingBlockedForUrls</Key>
3565 <ValueName>1</ValueName>
3566 <Value>https://www.example.com</Value>
3568 <Entry type="1" type_name="REG_SZ">
3569 <Key>Software\Policies\Google\Chrome\FileHandlingBlockedForUrls</Key>
3570 <ValueName>2</ValueName>
3571 <Value>[*.]example.edu</Value>
3573 <Entry type="1" type_name="REG_SZ">
3574 <Key>Software\Policies\Google\Chrome\FileSystemReadAskForUrls</Key>
3575 <ValueName>1</ValueName>
3576 <Value>https://www.example.com</Value>
3578 <Entry type="1" type_name="REG_SZ">
3579 <Key>Software\Policies\Google\Chrome\FileSystemReadAskForUrls</Key>
3580 <ValueName>2</ValueName>
3581 <Value>[*.]example.edu</Value>
3583 <Entry type="1" type_name="REG_SZ">
3584 <Key>Software\Policies\Google\Chrome\FileSystemReadBlockedForUrls</Key>
3585 <ValueName>1</ValueName>
3586 <Value>https://www.example.com</Value>
3588 <Entry type="1" type_name="REG_SZ">
3589 <Key>Software\Policies\Google\Chrome\FileSystemReadBlockedForUrls</Key>
3590 <ValueName>2</ValueName>
3591 <Value>[*.]example.edu</Value>
3593 <Entry type="1" type_name="REG_SZ">
3594 <Key>Software\Policies\Google\Chrome\FileSystemWriteAskForUrls</Key>
3595 <ValueName>1</ValueName>
3596 <Value>https://www.example.com</Value>
3598 <Entry type="1" type_name="REG_SZ">
3599 <Key>Software\Policies\Google\Chrome\FileSystemWriteAskForUrls</Key>
3600 <ValueName>2</ValueName>
3601 <Value>[*.]example.edu</Value>
3603 <Entry type="1" type_name="REG_SZ">
3604 <Key>Software\Policies\Google\Chrome\FileSystemWriteBlockedForUrls</Key>
3605 <ValueName>1</ValueName>
3606 <Value>https://www.example.com</Value>
3608 <Entry type="1" type_name="REG_SZ">
3609 <Key>Software\Policies\Google\Chrome\FileSystemWriteBlockedForUrls</Key>
3610 <ValueName>2</ValueName>
3611 <Value>[*.]example.edu</Value>
3613 <Entry type="1" type_name="REG_SZ">
3614 <Key>Software\Policies\Google\Chrome\ForcedLanguages</Key>
3615 <ValueName>1</ValueName>
3616 <Value>en-US</Value>
3618 <Entry type="1" type_name="REG_SZ">
3619 <Key>Software\Policies\Google\Chrome\HSTSPolicyBypassList</Key>
3620 <ValueName>1</ValueName>
3623 <Entry type="1" type_name="REG_SZ">
3624 <Key>Software\Policies\Google\Chrome\ImagesAllowedForUrls</Key>
3625 <ValueName>1</ValueName>
3626 <Value>https://www.example.com</Value>
3628 <Entry type="1" type_name="REG_SZ">
3629 <Key>Software\Policies\Google\Chrome\ImagesAllowedForUrls</Key>
3630 <ValueName>2</ValueName>
3631 <Value>[*.]example.edu</Value>
3633 <Entry type="1" type_name="REG_SZ">
3634 <Key>Software\Policies\Google\Chrome\ImagesBlockedForUrls</Key>
3635 <ValueName>1</ValueName>
3636 <Value>https://www.example.com</Value>
3638 <Entry type="1" type_name="REG_SZ">
3639 <Key>Software\Policies\Google\Chrome\ImagesBlockedForUrls</Key>
3640 <ValueName>2</ValueName>
3641 <Value>[*.]example.edu</Value>
3643 <Entry type="1" type_name="REG_SZ">
3644 <Key>Software\Policies\Google\Chrome\InsecureContentAllowedForUrls</Key>
3645 <ValueName>1</ValueName>
3646 <Value>https://www.example.com</Value>
3648 <Entry type="1" type_name="REG_SZ">
3649 <Key>Software\Policies\Google\Chrome\InsecureContentAllowedForUrls</Key>
3650 <ValueName>2</ValueName>
3651 <Value>[*.]example.edu</Value>
3653 <Entry type="1" type_name="REG_SZ">
3654 <Key>Software\Policies\Google\Chrome\InsecureContentBlockedForUrls</Key>
3655 <ValueName>1</ValueName>
3656 <Value>https://www.example.com</Value>
3658 <Entry type="1" type_name="REG_SZ">
3659 <Key>Software\Policies\Google\Chrome\InsecureContentBlockedForUrls</Key>
3660 <ValueName>2</ValueName>
3661 <Value>[*.]example.edu</Value>
3663 <Entry type="1" type_name="REG_SZ">
3664 <Key>Software\Policies\Google\Chrome\InsecurePrivateNetworkRequestsAllowedForUrls</Key>
3665 <ValueName>1</ValueName>
3666 <Value>http://www.example.com:8080</Value>
3668 <Entry type="1" type_name="REG_SZ">
3669 <Key>Software\Policies\Google\Chrome\InsecurePrivateNetworkRequestsAllowedForUrls</Key>
3670 <ValueName>2</ValueName>
3671 <Value>[*.]example.edu</Value>
3673 <Entry type="1" type_name="REG_SZ">
3674 <Key>Software\Policies\Google\Chrome\JavaScriptAllowedForUrls</Key>
3675 <ValueName>1</ValueName>
3676 <Value>https://www.example.com</Value>
3678 <Entry type="1" type_name="REG_SZ">
3679 <Key>Software\Policies\Google\Chrome\JavaScriptAllowedForUrls</Key>
3680 <ValueName>2</ValueName>
3681 <Value>[*.]example.edu</Value>
3683 <Entry type="1" type_name="REG_SZ">
3684 <Key>Software\Policies\Google\Chrome\JavaScriptBlockedForUrls</Key>
3685 <ValueName>1</ValueName>
3686 <Value>https://www.example.com</Value>
3688 <Entry type="1" type_name="REG_SZ">
3689 <Key>Software\Policies\Google\Chrome\JavaScriptBlockedForUrls</Key>
3690 <ValueName>2</ValueName>
3691 <Value>[*.]example.edu</Value>
3693 <Entry type="1" type_name="REG_SZ">
3694 <Key>Software\Policies\Google\Chrome\LegacySameSiteCookieBehaviorEnabledForDomainList</Key>
3695 <ValueName>1</ValueName>
3696 <Value>www.example.com</Value>
3698 <Entry type="1" type_name="REG_SZ">
3699 <Key>Software\Policies\Google\Chrome\LegacySameSiteCookieBehaviorEnabledForDomainList</Key>
3700 <ValueName>2</ValueName>
3701 <Value>[*.]example.edu</Value>
3703 <Entry type="1" type_name="REG_SZ">
3704 <Key>Software\Policies\Google\Chrome\LookalikeWarningAllowlistDomains</Key>
3705 <ValueName>1</ValueName>
3706 <Value>foo.example.com</Value>
3708 <Entry type="1" type_name="REG_SZ">
3709 <Key>Software\Policies\Google\Chrome\LookalikeWarningAllowlistDomains</Key>
3710 <ValueName>2</ValueName>
3711 <Value>example.org</Value>
3713 <Entry type="1" type_name="REG_SZ">
3714 <Key>Software\Policies\Google\Chrome\NativeMessagingAllowlist</Key>
3715 <ValueName>1</ValueName>
3716 <Value>com.native.messaging.host.name1</Value>
3718 <Entry type="1" type_name="REG_SZ">
3719 <Key>Software\Policies\Google\Chrome\NativeMessagingAllowlist</Key>
3720 <ValueName>2</ValueName>
3721 <Value>com.native.messaging.host.name2</Value>
3723 <Entry type="1" type_name="REG_SZ">
3724 <Key>Software\Policies\Google\Chrome\NativeMessagingBlocklist</Key>
3725 <ValueName>1</ValueName>
3726 <Value>com.native.messaging.host.name1</Value>
3728 <Entry type="1" type_name="REG_SZ">
3729 <Key>Software\Policies\Google\Chrome\NativeMessagingBlocklist</Key>
3730 <ValueName>2</ValueName>
3731 <Value>com.native.messaging.host.name2</Value>
3733 <Entry type="1" type_name="REG_SZ">
3734 <Key>Software\Policies\Google\Chrome\NotificationsAllowedForUrls</Key>
3735 <ValueName>1</ValueName>
3736 <Value>https://www.example.com</Value>
3738 <Entry type="1" type_name="REG_SZ">
3739 <Key>Software\Policies\Google\Chrome\NotificationsAllowedForUrls</Key>
3740 <ValueName>2</ValueName>
3741 <Value>[*.]example.edu</Value>
3743 <Entry type="1" type_name="REG_SZ">
3744 <Key>Software\Policies\Google\Chrome\NotificationsBlockedForUrls</Key>
3745 <ValueName>1</ValueName>
3746 <Value>https://www.example.com</Value>
3748 <Entry type="1" type_name="REG_SZ">
3749 <Key>Software\Policies\Google\Chrome\NotificationsBlockedForUrls</Key>
3750 <ValueName>2</ValueName>
3751 <Value>[*.]example.edu</Value>
3753 <Entry type="1" type_name="REG_SZ">
3754 <Key>Software\Policies\Google\Chrome\OverrideSecurityRestrictionsOnInsecureOrigin</Key>
3755 <ValueName>1</ValueName>
3756 <Value>http://testserver.example.com/</Value>
3758 <Entry type="1" type_name="REG_SZ">
3759 <Key>Software\Policies\Google\Chrome\OverrideSecurityRestrictionsOnInsecureOrigin</Key>
3760 <ValueName>2</ValueName>
3761 <Value>*.example.org</Value>
3763 <Entry type="1" type_name="REG_SZ">
3764 <Key>Software\Policies\Google\Chrome\PasswordProtectionLoginURLs</Key>
3765 <ValueName>1</ValueName>
3766 <Value>https://mydomain.com/login.html</Value>
3768 <Entry type="1" type_name="REG_SZ">
3769 <Key>Software\Policies\Google\Chrome\PasswordProtectionLoginURLs</Key>
3770 <ValueName>2</ValueName>
3771 <Value>https://login.mydomain.com</Value>
3773 <Entry type="1" type_name="REG_SZ">
3774 <Key>Software\Policies\Google\Chrome\PolicyDictionaryMultipleSourceMergeList</Key>
3775 <ValueName>1</ValueName>
3776 <Value>ExtensionSettings</Value>
3778 <Entry type="1" type_name="REG_SZ">
3779 <Key>Software\Policies\Google\Chrome\PolicyListMultipleSourceMergeList</Key>
3780 <ValueName>1</ValueName>
3781 <Value>ExtensionInstallAllowlist</Value>
3783 <Entry type="1" type_name="REG_SZ">
3784 <Key>Software\Policies\Google\Chrome\PolicyListMultipleSourceMergeList</Key>
3785 <ValueName>2</ValueName>
3786 <Value>ExtensionInstallBlocklist</Value>
3788 <Entry type="1" type_name="REG_SZ">
3789 <Key>Software\Policies\Google\Chrome\PopupsAllowedForUrls</Key>
3790 <ValueName>1</ValueName>
3791 <Value>https://www.example.com</Value>
3793 <Entry type="1" type_name="REG_SZ">
3794 <Key>Software\Policies\Google\Chrome\PopupsAllowedForUrls</Key>
3795 <ValueName>2</ValueName>
3796 <Value>[*.]example.edu</Value>
3798 <Entry type="1" type_name="REG_SZ">
3799 <Key>Software\Policies\Google\Chrome\PopupsBlockedForUrls</Key>
3800 <ValueName>1</ValueName>
3801 <Value>https://www.example.com</Value>
3803 <Entry type="1" type_name="REG_SZ">
3804 <Key>Software\Policies\Google\Chrome\PopupsBlockedForUrls</Key>
3805 <ValueName>2</ValueName>
3806 <Value>[*.]example.edu</Value>
3808 <Entry type="1" type_name="REG_SZ">
3809 <Key>Software\Policies\Google\Chrome\PrinterTypeDenyList</Key>
3810 <ValueName>1</ValueName>
3811 <Value>cloud</Value>
3813 <Entry type="1" type_name="REG_SZ">
3814 <Key>Software\Policies\Google\Chrome\PrinterTypeDenyList</Key>
3815 <ValueName>2</ValueName>
3816 <Value>privet</Value>
3818 <Entry type="1" type_name="REG_SZ">
3819 <Key>Software\Policies\Google\Chrome\RemoteAccessHostClientDomainList</Key>
3820 <ValueName>1</ValueName>
3821 <Value>my-awesome-domain.com</Value>
3823 <Entry type="1" type_name="REG_SZ">
3824 <Key>Software\Policies\Google\Chrome\RemoteAccessHostClientDomainList</Key>
3825 <ValueName>2</ValueName>
3826 <Value>my-auxiliary-domain.com</Value>
3828 <Entry type="1" type_name="REG_SZ">
3829 <Key>Software\Policies\Google\Chrome\RemoteAccessHostDomainList</Key>
3830 <ValueName>1</ValueName>
3831 <Value>my-awesome-domain.com</Value>
3833 <Entry type="1" type_name="REG_SZ">
3834 <Key>Software\Policies\Google\Chrome\RemoteAccessHostDomainList</Key>
3835 <ValueName>2</ValueName>
3836 <Value>my-auxiliary-domain.com</Value>
3838 <Entry type="1" type_name="REG_SZ">
3839 <Key>Software\Policies\Google\Chrome\RestoreOnStartupURLs</Key>
3840 <ValueName>1</ValueName>
3841 <Value>https://example.com</Value>
3843 <Entry type="1" type_name="REG_SZ">
3844 <Key>Software\Policies\Google\Chrome\RestoreOnStartupURLs</Key>
3845 <ValueName>2</ValueName>
3846 <Value>https://www.chromium.org</Value>
3848 <Entry type="1" type_name="REG_SZ">
3849 <Key>Software\Policies\Google\Chrome\SSLErrorOverrideAllowedForOrigins</Key>
3850 <ValueName>1</ValueName>
3851 <Value>https://www.example.com</Value>
3853 <Entry type="1" type_name="REG_SZ">
3854 <Key>Software\Policies\Google\Chrome\SSLErrorOverrideAllowedForOrigins</Key>
3855 <ValueName>2</ValueName>
3856 <Value>[*.]example.edu</Value>
3858 <Entry type="1" type_name="REG_SZ">
3859 <Key>Software\Policies\Google\Chrome\SafeBrowsingAllowlistDomains</Key>
3860 <ValueName>1</ValueName>
3861 <Value>mydomain.com</Value>
3863 <Entry type="1" type_name="REG_SZ">
3864 <Key>Software\Policies\Google\Chrome\SafeBrowsingAllowlistDomains</Key>
3865 <ValueName>2</ValueName>
3866 <Value>myuniversity.edu</Value>
3868 <Entry type="1" type_name="REG_SZ">
3869 <Key>Software\Policies\Google\Chrome\SecurityKeyPermitAttestation</Key>
3870 <ValueName>1</ValueName>
3871 <Value>https://example.com</Value>
3873 <Entry type="1" type_name="REG_SZ">
3874 <Key>Software\Policies\Google\Chrome\SensorsAllowedForUrls</Key>
3875 <ValueName>1</ValueName>
3876 <Value>https://www.example.com</Value>
3878 <Entry type="1" type_name="REG_SZ">
3879 <Key>Software\Policies\Google\Chrome\SensorsAllowedForUrls</Key>
3880 <ValueName>2</ValueName>
3881 <Value>[*.]example.edu</Value>
3883 <Entry type="1" type_name="REG_SZ">
3884 <Key>Software\Policies\Google\Chrome\SensorsBlockedForUrls</Key>
3885 <ValueName>1</ValueName>
3886 <Value>https://www.example.com</Value>
3888 <Entry type="1" type_name="REG_SZ">
3889 <Key>Software\Policies\Google\Chrome\SensorsBlockedForUrls</Key>
3890 <ValueName>2</ValueName>
3891 <Value>[*.]example.edu</Value>
3893 <Entry type="1" type_name="REG_SZ">
3894 <Key>Software\Policies\Google\Chrome\SerialAskForUrls</Key>
3895 <ValueName>1</ValueName>
3896 <Value>https://www.example.com</Value>
3898 <Entry type="1" type_name="REG_SZ">
3899 <Key>Software\Policies\Google\Chrome\SerialAskForUrls</Key>
3900 <ValueName>2</ValueName>
3901 <Value>[*.]example.edu</Value>
3903 <Entry type="1" type_name="REG_SZ">
3904 <Key>Software\Policies\Google\Chrome\SerialBlockedForUrls</Key>
3905 <ValueName>1</ValueName>
3906 <Value>https://www.example.com</Value>
3908 <Entry type="1" type_name="REG_SZ">
3909 <Key>Software\Policies\Google\Chrome\SerialBlockedForUrls</Key>
3910 <ValueName>2</ValueName>
3911 <Value>[*.]example.edu</Value>
3913 <Entry type="1" type_name="REG_SZ">
3914 <Key>Software\Policies\Google\Chrome\SpellcheckLanguage</Key>
3915 <ValueName>1</ValueName>
3918 <Entry type="1" type_name="REG_SZ">
3919 <Key>Software\Policies\Google\Chrome\SpellcheckLanguage</Key>
3920 <ValueName>2</ValueName>
3923 <Entry type="1" type_name="REG_SZ">
3924 <Key>Software\Policies\Google\Chrome\SpellcheckLanguageBlocklist</Key>
3925 <ValueName>1</ValueName>
3928 <Entry type="1" type_name="REG_SZ">
3929 <Key>Software\Policies\Google\Chrome\SpellcheckLanguageBlocklist</Key>
3930 <ValueName>2</ValueName>
3933 <Entry type="1" type_name="REG_SZ">
3934 <Key>Software\Policies\Google\Chrome\SyncTypesListDisabled</Key>
3935 <ValueName>1</ValueName>
3936 <Value>bookmarks</Value>
3938 <Entry type="1" type_name="REG_SZ">
3939 <Key>Software\Policies\Google\Chrome\URLAllowlist</Key>
3940 <ValueName>1</ValueName>
3941 <Value>example.com</Value>
3943 <Entry type="1" type_name="REG_SZ">
3944 <Key>Software\Policies\Google\Chrome\URLAllowlist</Key>
3945 <ValueName>2</ValueName>
3946 <Value>https://ssl.server.com</Value>
3948 <Entry type="1" type_name="REG_SZ">
3949 <Key>Software\Policies\Google\Chrome\URLAllowlist</Key>
3950 <ValueName>3</ValueName>
3951 <Value>hosting.com/good_path</Value>
3953 <Entry type="1" type_name="REG_SZ">
3954 <Key>Software\Policies\Google\Chrome\URLAllowlist</Key>
3955 <ValueName>4</ValueName>
3956 <Value>https://server:8080/path</Value>
3958 <Entry type="1" type_name="REG_SZ">
3959 <Key>Software\Policies\Google\Chrome\URLAllowlist</Key>
3960 <ValueName>5</ValueName>
3961 <Value>.exact.hostname.com</Value>
3963 <Entry type="1" type_name="REG_SZ">
3964 <Key>Software\Policies\Google\Chrome\URLBlocklist</Key>
3965 <ValueName>1</ValueName>
3966 <Value>example.com</Value>
3968 <Entry type="1" type_name="REG_SZ">
3969 <Key>Software\Policies\Google\Chrome\URLBlocklist</Key>
3970 <ValueName>2</ValueName>
3971 <Value>https://ssl.server.com</Value>
3973 <Entry type="1" type_name="REG_SZ">
3974 <Key>Software\Policies\Google\Chrome\URLBlocklist</Key>
3975 <ValueName>3</ValueName>
3976 <Value>hosting.com/bad_path</Value>
3978 <Entry type="1" type_name="REG_SZ">
3979 <Key>Software\Policies\Google\Chrome\URLBlocklist</Key>
3980 <ValueName>4</ValueName>
3981 <Value>https://server:8080/path</Value>
3983 <Entry type="1" type_name="REG_SZ">
3984 <Key>Software\Policies\Google\Chrome\URLBlocklist</Key>
3985 <ValueName>5</ValueName>
3986 <Value>.exact.hostname.com</Value>
3988 <Entry type="1" type_name="REG_SZ">
3989 <Key>Software\Policies\Google\Chrome\URLBlocklist</Key>
3990 <ValueName>6</ValueName>
3991 <Value>file://*</Value>
3993 <Entry type="1" type_name="REG_SZ">
3994 <Key>Software\Policies\Google\Chrome\URLBlocklist</Key>
3995 <ValueName>7</ValueName>
3996 <Value>custom_scheme:*</Value>
3998 <Entry type="1" type_name="REG_SZ">
3999 <Key>Software\Policies\Google\Chrome\URLBlocklist</Key>
4000 <ValueName>8</ValueName>
4003 <Entry type="1" type_name="REG_SZ">
4004 <Key>Software\Policies\Google\Chrome\VideoCaptureAllowedUrls</Key>
4005 <ValueName>1</ValueName>
4006 <Value>https://www.example.com/</Value>
4008 <Entry type="1" type_name="REG_SZ">
4009 <Key>Software\Policies\Google\Chrome\VideoCaptureAllowedUrls</Key>
4010 <ValueName>2</ValueName>
4011 <Value>https://[*.]example.edu/</Value>
4013 <Entry type="1" type_name="REG_SZ">
4014 <Key>Software\Policies\Google\Chrome\WebRtcLocalIpsAllowedUrls</Key>
4015 <ValueName>1</ValueName>
4016 <Value>https://www.example.com</Value>
4018 <Entry type="1" type_name="REG_SZ">
4019 <Key>Software\Policies\Google\Chrome\WebRtcLocalIpsAllowedUrls</Key>
4020 <ValueName>2</ValueName>
4021 <Value>*example.com*</Value>
4023 <Entry type="1" type_name="REG_SZ">
4024 <Key>Software\Policies\Google\Chrome\WebUsbAskForUrls</Key>
4025 <ValueName>1</ValueName>
4026 <Value>https://www.example.com</Value>
4028 <Entry type="1" type_name="REG_SZ">
4029 <Key>Software\Policies\Google\Chrome\WebUsbAskForUrls</Key>
4030 <ValueName>2</ValueName>
4031 <Value>[*.]example.edu</Value>
4033 <Entry type="1" type_name="REG_SZ">
4034 <Key>Software\Policies\Google\Chrome\WebUsbBlockedForUrls</Key>
4035 <ValueName>1</ValueName>
4036 <Value>https://www.example.com</Value>
4038 <Entry type="1" type_name="REG_SZ">
4039 <Key>Software\Policies\Google\Chrome\WebUsbBlockedForUrls</Key>
4040 <ValueName>2</ValueName>
4041 <Value>[*.]example.edu</Value>
4043 <Entry type="4" type_name="REG_DWORD">
4044 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4045 <ValueName>AlternateErrorPagesEnabled</ValueName>
4048 <Entry type="1" type_name="REG_SZ">
4049 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4050 <ValueName>ApplicationLocaleValue</ValueName>
4053 <Entry type="4" type_name="REG_DWORD">
4054 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4055 <ValueName>AutofillAddressEnabled</ValueName>
4058 <Entry type="4" type_name="REG_DWORD">
4059 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4060 <ValueName>AutofillCreditCardEnabled</ValueName>
4063 <Entry type="4" type_name="REG_DWORD">
4064 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4065 <ValueName>BackgroundModeEnabled</ValueName>
4068 <Entry type="4" type_name="REG_DWORD">
4069 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4070 <ValueName>BlockThirdPartyCookies</ValueName>
4073 <Entry type="4" type_name="REG_DWORD">
4074 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4075 <ValueName>BookmarkBarEnabled</ValueName>
4078 <Entry type="1" type_name="REG_SZ">
4079 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4080 <ValueName>DefaultDownloadDirectory</ValueName>
4081 <Value>/home/${user_name}/Downloads</Value>
4083 <Entry type="1" type_name="REG_SZ">
4084 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4085 <ValueName>DownloadDirectory</ValueName>
4086 <Value>/home/${user_name}/Downloads</Value>
4088 <Entry type="4" type_name="REG_DWORD">
4089 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4090 <ValueName>DownloadRestrictions</ValueName>
4093 <Entry type="4" type_name="REG_DWORD">
4094 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4095 <ValueName>HomepageIsNewTabPage</ValueName>
4098 <Entry type="1" type_name="REG_SZ">
4099 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4100 <ValueName>HomepageLocation</ValueName>
4101 <Value>https://www.chromium.org</Value>
4103 <Entry type="4" type_name="REG_DWORD">
4104 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4105 <ValueName>ImportAutofillFormData</ValueName>
4108 <Entry type="4" type_name="REG_DWORD">
4109 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4110 <ValueName>ImportBookmarks</ValueName>
4113 <Entry type="4" type_name="REG_DWORD">
4114 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4115 <ValueName>ImportHistory</ValueName>
4118 <Entry type="4" type_name="REG_DWORD">
4119 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4120 <ValueName>ImportSavedPasswords</ValueName>
4123 <Entry type="4" type_name="REG_DWORD">
4124 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4125 <ValueName>ImportSearchEngine</ValueName>
4128 <Entry type="4" type_name="REG_DWORD">
4129 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4130 <ValueName>MetricsReportingEnabled</ValueName>
4133 <Entry type="4" type_name="REG_DWORD">
4134 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4135 <ValueName>NetworkPredictionOptions</ValueName>
4138 <Entry type="4" type_name="REG_DWORD">
4139 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4140 <ValueName>PasswordLeakDetectionEnabled</ValueName>
4143 <Entry type="4" type_name="REG_DWORD">
4144 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4145 <ValueName>PasswordManagerEnabled</ValueName>
4148 <Entry type="4" type_name="REG_DWORD">
4149 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4150 <ValueName>PrintHeaderFooter</ValueName>
4153 <Entry type="4" type_name="REG_DWORD">
4154 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4155 <ValueName>PrintPreviewUseSystemDefaultPrinter</ValueName>
4158 <Entry type="1" type_name="REG_SZ">
4159 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4160 <ValueName>RegisteredProtocolHandlers</ValueName>
4161 <Value>[{"default": true, "protocol": "mailto", "url": "https://mail.google.com/mail/?extsrc=mailto&url=%s"}]</Value>
4163 <Entry type="4" type_name="REG_DWORD">
4164 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4165 <ValueName>RestoreOnStartup</ValueName>
4168 <Entry type="4" type_name="REG_DWORD">
4169 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4170 <ValueName>SafeBrowsingForTrustedSourcesEnabled</ValueName>
4173 <Entry type="4" type_name="REG_DWORD">
4174 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4175 <ValueName>SafeBrowsingProtectionLevel</ValueName>
4178 <Entry type="4" type_name="REG_DWORD">
4179 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4180 <ValueName>SearchSuggestEnabled</ValueName>
4183 <Entry type="4" type_name="REG_DWORD">
4184 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4185 <ValueName>ShowFullUrlsInAddressBar</ValueName>
4188 <Entry type="4" type_name="REG_DWORD">
4189 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4190 <ValueName>ShowHomeButton</ValueName>
4193 <Entry type="4" type_name="REG_DWORD">
4194 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4195 <ValueName>SpellCheckServiceEnabled</ValueName>
4198 <Entry type="4" type_name="REG_DWORD">
4199 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4200 <ValueName>TranslateEnabled</ValueName>
4203 <Entry type="1" type_name="REG_SZ">
4204 <Key>Software\Policies\Google\Chrome\Recommended\RestoreOnStartupURLs</Key>
4205 <ValueName>1</ValueName>
4206 <Value>https://example.com</Value>
4208 <Entry type="1" type_name="REG_SZ">
4209 <Key>Software\Policies\Google\Chrome\Recommended\RestoreOnStartupURLs</Key>
4210 <ValueName>2</ValueName>
4211 <Value>https://www.chromium.org</Value>
4216 chromium_json_expected_managed
= \
4219 "FileSystemWriteAskForUrls": [
4220 "https://www.example.com",
4223 "InsecureContentBlockedForUrls": [
4224 "https://www.example.com",
4227 "DefaultSearchProviderImageURLPostParams": "content={imageThumbnail},url={imageURL},sbisrc={SearchSource}",
4228 "BrowserAddPersonEnabled": true,
4229 "DefaultSearchProviderImageURL": "https://search.my.company/searchbyimage/upload",
4230 "ShowHomeButton": true,
4231 "ClearBrowsingDataOnExitList": [
4234 "cookies_and_other_site_data",
4235 "cached_images_and_files",
4241 "JavaScriptAllowedForUrls": [
4242 "https://www.example.com",
4245 "AmbientAuthenticationInPrivateModesEnabled": 0,
4246 "AllowFileSelectionDialogs": true,
4247 "PrintingAllowedBackgroundGraphicsModes": "enabled",
4248 "DnsOverHttpsTemplates": "https://dns.example.net/dns-query{?dns}",
4249 "ComponentUpdatesEnabled": true,
4250 "RemoteAccessHostAllowRemoteAccessConnections": false,
4251 "WindowOcclusionEnabled": true,
4252 "PrintPreviewUseSystemDefaultPrinter": false,
4253 "AutoLaunchProtocolsFromOrigins": [
4255 "allowed_origins": [
4257 "http://www.example.com:8080"
4259 "protocol": "spotify"
4262 "allowed_origins": [
4263 "https://example.com",
4264 "https://.mail.example.com"
4269 "allowed_origins": [
4272 "protocol": "outlook"
4275 "ManagedConfigurationPerOrigin": [
4277 "origin": "https://www.google.com",
4278 "managed_configuration_hash": "asd891jedasd12ue9h",
4279 "managed_configuration_url": "https://gstatic.google.com/configuration.json"
4282 "origin": "https://www.example.com",
4283 "managed_configuration_hash": "djio12easd89u12aws",
4284 "managed_configuration_url": "https://gstatic.google.com/configuration2.json"
4287 "SyncTypesListDisabled": [
4290 "SecurityKeyPermitAttestation": [
4291 "https://example.com"
4293 "DefaultSearchProviderSearchURL": "https://search.my.company/search?q={searchTerms}",
4294 "MetricsReportingEnabled": true,
4295 "MaxInvalidationFetchDelay": 10000,
4296 "AudioProcessHighPriorityEnabled": true,
4297 "ExtensionInstallForcelist": [
4298 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa;https://clients2.google.com/service/update2/crx",
4299 "abcdefghijklmnopabcdefghijklmnop"
4301 "ExternalProtocolDialogShowAlwaysOpenCheckbox": true,
4302 "CookiesBlockedForUrls": [
4303 "https://www.example.com",
4306 "BrowserSwitcherExternalSitelistUrl": "http://example.com/sitelist.xml",
4307 "AudioCaptureAllowedUrls": [
4308 "https://www.example.com/",
4309 "https://[*.]example.edu/"
4311 "NTPCustomBackgroundEnabled": true,
4312 "BlockExternalExtensions": true,
4313 "BrowserSwitcherChromeParameters": [
4316 "SafeSitesFilterBehavior": 0,
4317 "EnableOnlineRevocationChecks": false,
4318 "ImagesBlockedForUrls": [
4319 "https://www.example.com",
4322 "InsecureFormsWarningsEnabled": true,
4323 "RelaunchNotificationPeriod": 604800000,
4324 "TotalMemoryLimitMb": 2048,
4325 "CloudManagementEnrollmentMandatory": true,
4326 "ClickToCallEnabled": true,
4327 "AppCacheForceEnabled": false,
4328 "UrlKeyedAnonymizedDataCollectionEnabled": true,
4329 "FullscreenAllowed": true,
4330 "AuthSchemes": "basic,digest,ntlm,negotiate",
4331 "PasswordLeakDetectionEnabled": true,
4332 "AuthServerAllowlist": "*.example.com,example.com",
4333 "AllowSyncXHRInPageDismissal": false,
4334 "PasswordProtectionChangePasswordURL": "https://mydomain.com/change_password.html",
4335 "MaxConnectionsPerProxy": 32,
4336 "RemoteAccessHostMaximumSessionDurationMinutes": 1200,
4337 "RemoteAccessHostAllowFileTransfer": false,
4338 "PrintRasterizationMode": 1,
4339 "CertificateTransparencyEnforcementDisabledForLegacyCas": [
4340 "sha256/AAAAAAAAAAAAAAAAAAAAAA==",
4341 "sha256//////////////////////w=="
4343 "DefaultWebBluetoothGuardSetting": 2,
4344 "AutoplayAllowed": true,
4345 "BrowserSwitcherUrlList": [
4347 "!open-in-chrome.ie.com",
4348 "foobar.com/ie-only/"
4350 "CertificateTransparencyEnforcementDisabledForUrls": [
4354 "SpellcheckLanguageBlocklist": [
4358 "PrintHeaderFooter": false,
4359 "ShowAppsShortcutInBookmarkBar": false,
4360 "SerialAskForUrls": [
4361 "https://www.example.com",
4364 "ImagesAllowedForUrls": [
4365 "https://www.example.com",
4368 "ProfilePickerOnStartupAvailability": 0,
4369 "CommandLineFlagSecurityWarningsEnabled": true,
4370 "QuicAllowed": true,
4371 "IntensiveWakeUpThrottlingEnabled": true,
4372 "WPADQuickCheckEnabled": true,
4373 "SensorsAllowedForUrls": [
4374 "https://www.example.com",
4377 "NTPCardsVisible": true,
4378 "DefaultSearchProviderAlternateURLs": [
4379 "https://search.my.company/suggest#q={searchTerms}",
4380 "https://search.my.company/suggest/search#q={searchTerms}"
4382 "DisableSafeBrowsingProceedAnyway": true,
4383 "DefaultFileSystemWriteGuardSetting": 2,
4384 "DefaultSearchProviderSuggestURL": "https://search.my.company/suggest?q={searchTerms}",
4385 "SSLErrorOverrideAllowed": true,
4386 "CloudPrintProxyEnabled": true,
4387 "BrowserSwitcherUrlGreylist": [
4389 "!open-in-chrome.ie.com",
4390 "foobar.com/ie-only/"
4392 "BrowserNetworkTimeQueriesEnabled": true,
4393 "WebUsbAllowDevicesForUrls": [
4396 "https://google.com"
4406 "TaskManagerEndProcessEnabled": true,
4407 "SuppressDifferentOriginSubframeDialogs": true,
4408 "UserDataDir": "${users}/${user_name}/Chrome",
4409 "CookiesAllowedForUrls": [
4410 "https://www.example.com",
4413 "SuppressUnsupportedOSWarning": true,
4414 "RequireOnlineRevocationChecksForLocalAnchors": false,
4415 "BrowsingDataLifetime": [
4420 "time_to_live_in_hours": 24
4427 "time_to_live_in_hours": 12
4430 "FileHandlingBlockedForUrls": [
4431 "https://www.example.com",
4434 "AudioCaptureAllowed": false,
4435 "PromotionalTabsEnabled": false,
4436 "ShowFullUrlsInAddressBar": false,
4437 "EnableMediaRouter": true,
4438 "BrowserSwitcherDelay": 10000,
4439 "AllowDinosaurEasterEgg": false,
4440 "ImportSearchEngine": true,
4441 "PrintingBackgroundGraphicsDefault": "enabled",
4442 "TripleDESEnabled": false,
4443 "AutoplayAllowlist": [
4444 "https://www.example.com",
4447 "RemoteAccessHostUdpPortRange": "12400-12409",
4448 "DefaultSearchProviderIconURL": "https://search.my.company/favicon.ico",
4449 "BrowserSwitcherChromePath": "${chrome}",
4450 "InsecureContentAllowedForUrls": [
4451 "https://www.example.com",
4454 "DefaultSearchProviderSearchURLPostParams": "q={searchTerms},ie=utf-8,oe=utf-8",
4455 "ForceGoogleSafeSearch": false,
4456 "UserFeedbackAllowed": true,
4457 "ForceYouTubeRestrict": 0,
4458 "ApplicationLocaleValue": "en",
4459 "RoamingProfileSupportEnabled": true,
4460 "AlternativeBrowserPath": "${ie}",
4461 "AlternativeBrowserParameters": [
4466 "%HOME%\\\\browser_profile"
4468 "AdvancedProtectionAllowed": true,
4469 "EditBookmarksEnabled": false,
4470 "DefaultPrinterSelection": "{ \\"kind\\": \\"cloud\\", \\"idPattern\\": \\".*public\\", \\"namePattern\\": \\".*Color\\" }",
4471 "SSLVersionMin": "tls1",
4472 "SharedArrayBufferUnrestrictedAccessAllowed": true,
4473 "DefaultSerialGuardSetting": 2,
4474 "DefaultPopupsSetting": 1,
4475 "IntranetRedirectBehavior": 1,
4476 "RendererCodeIntegrityEnabled": false,
4477 "BrowserGuestModeEnforced": true,
4478 "HSTSPolicyBypassList": [
4481 "DefaultWebUsbGuardSetting": 2,
4482 "CECPQ2Enabled": true,
4483 "RemoteAccessHostDomainList": [
4484 "my-awesome-domain.com",
4485 "my-auxiliary-domain.com"
4489 "https://ssl.server.com",
4490 "hosting.com/bad_path",
4491 "https://server:8080/path",
4492 ".exact.hostname.com",
4497 "IsolateOrigins": "https://example.com/,https://othersite.org/",
4498 "ExtensionAllowedTypes": [
4501 "NativeMessagingBlocklist": [
4502 "com.native.messaging.host.name1",
4503 "com.native.messaging.host.name2"
4505 "ExtensionSettings": {
4506 "abcdefghijklmnopabcdefghijklmnop": {
4507 "blocked_permissions": [
4510 "minimum_version_required": "1.0.1",
4511 "toolbar_pin": "force_pinned",
4512 "installation_mode": "allowed"
4514 "bcdefghijklmnopabcdefghijklmnopa": {
4515 "runtime_blocked_hosts": [
4518 "allowed_permissions": [
4521 "update_url": "https://example.com/update_url",
4522 "runtime_allowed_hosts": [
4523 "*://good.example.com"
4525 "installation_mode": "force_installed"
4527 "update_url:https://www.example.com/update.xml": {
4528 "allowed_permissions": [
4531 "blocked_permissions": [
4534 "installation_mode": "allowed"
4536 "cdefghijklmnopabcdefghijklmnopab": {
4537 "blocked_install_message": "Custom error message.",
4538 "installation_mode": "blocked"
4541 "blocked_permissions": [
4545 "installation_mode": "blocked",
4546 "runtime_blocked_hosts": [
4549 "blocked_install_message": "Custom error message.",
4553 "runtime_allowed_hosts": [
4554 "*://good.example.com"
4556 "install_sources": [
4557 "https://company-intranet/chromeapps"
4560 "defghijklmnopabcdefghijklmnopabc,efghijklmnopabcdefghijklmnopabcd": {
4561 "blocked_install_message": "Custom error message.",
4562 "installation_mode": "blocked"
4564 "fghijklmnopabcdefghijklmnopabcde": {
4565 "blocked_install_message": "Custom removal message.",
4566 "installation_mode": "removed"
4568 "ghijklmnopabcdefghijklmnopabcdef": {
4569 "update_url": "https://example.com/update_url",
4570 "override_update_url": true,
4571 "installation_mode": "force_installed"
4574 "FileSystemReadAskForUrls": [
4575 "https://www.example.com",
4578 "SpellCheckServiceEnabled": false,
4579 "ExtensionInstallSources": [
4580 "https://corp.mycompany.com/*"
4582 "PrinterTypeDenyList": [
4586 "SharedClipboardEnabled": true,
4587 "BlockThirdPartyCookies": false,
4588 "MediaRouterCastAllowAllIPs": false,
4589 "DnsOverHttpsMode": "off",
4590 "SyncDisabled": true,
4591 "LookalikeWarningAllowlistDomains": [
4595 "UserDataSnapshotRetentionLimit": 3,
4596 "SafeBrowsingProtectionLevel": 2,
4597 "ScrollToTextFragmentEnabled": false,
4598 "ImportBookmarks": true,
4599 "DefaultBrowserSettingEnabled": true,
4600 "DefaultSearchProviderEnabled": true,
4601 "AdditionalDnsQueryTypesEnabled": true,
4602 "PolicyRefreshRate": 3600000,
4603 "PrintingPaperSizeDefault": {
4610 "RestoreOnStartup": 4,
4611 "PasswordProtectionWarningTrigger": 1,
4612 "ChromeCleanupEnabled": true,
4613 "AbusiveExperienceInterventionEnforce": true,
4614 "BasicAuthOverHttpEnabled": false,
4615 "EnableAuthNegotiatePort": false,
4616 "DefaultGeolocationSetting": 1,
4617 "PolicyDictionaryMultipleSourceMergeList": [
4620 "AllowedDomainsForApps": "managedchrome.com,example.com",
4621 "DisableAuthNegotiateCnameLookup": false,
4622 "IncognitoModeAvailability": 1,
4623 "ChromeVariations": 1,
4624 "DefaultSearchProviderNewTabURL": "https://search.my.company/newtab",
4625 "SavingBrowserHistoryDisabled": true,
4626 "SpellcheckEnabled": false,
4627 "FileSystemWriteBlockedForUrls": [
4628 "https://www.example.com",
4631 "BuiltInDnsClientEnabled": true,
4632 "SSLErrorOverrideAllowedForOrigins": [
4633 "https://www.example.com",
4636 "WebRtcIPHandling": "default",
4637 "DefaultNotificationsSetting": 2,
4638 "PopupsAllowedForUrls": [
4639 "https://www.example.com",
4642 "TranslateEnabled": true,
4643 "DefaultSearchProviderEncodings": [
4649 "DownloadRestrictions": 2,
4650 "PromptForDownloadLocation": false,
4651 "DisablePrintPreview": false,
4652 "NetworkPredictionOptions": 1,
4653 "FileSystemReadBlockedForUrls": [
4654 "https://www.example.com",
4657 "AutoOpenFileTypes": [
4661 "DownloadDirectory": "/home/${user_name}/Downloads",
4662 "ImportHomepage": true,
4663 "GloballyScopeHTTPAuthCacheEnabled": false,
4664 "CloudManagementEnrollmentToken": "37185d02-e055-11e7-80c1-9a214cf093ae",
4665 "ThirdPartyBlockingEnabled": false,
4666 "AdsSettingForIntrusiveAdsSites": 1,
4667 "FetchKeepaliveDurationSecondsOnShutdown": 1,
4668 "BookmarkBarEnabled": true,
4669 "DisableScreenshots": true,
4670 "AccessibilityImageLabelsEnabled": false,
4671 "RemoteAccessHostAllowUiAccessForRemoteAssistance": true,
4672 "PopupsBlockedForUrls": [
4673 "https://www.example.com",
4676 "DefaultFileSystemReadGuardSetting": 2,
4678 "WebRtcAllowLegacyTLSProtocols": false,
4679 "PasswordManagerEnabled": true,
4680 "SafeBrowsingExtendedReportingEnabled": true,
4681 "CloudPolicyOverridesPlatformPolicy": false,
4682 "InsecurePrivateNetworkRequestsAllowedForUrls": [
4683 "http://www.example.com:8080",
4686 "RelaunchNotification": 1,
4687 "AlwaysOpenPdfExternally": true,
4688 "DefaultFileHandlingGuardSetting": 2,
4689 "ForceEphemeralProfiles": true,
4690 "PasswordProtectionLoginURLs": [
4691 "https://mydomain.com/login.html",
4692 "https://login.mydomain.com"
4694 "BrowserSwitcherExternalGreylistUrl": "http://example.com/greylist.xml",
4695 "BrowserGuestModeEnabled": true,
4696 "MediaRecommendationsEnabled": true,
4697 "WebRtcLocalIpsAllowedUrls": [
4698 "https://www.example.com",
4701 "DeveloperToolsAvailability": 2,
4702 "DNSInterceptionChecksEnabled": true,
4703 "DefaultSearchProviderContextMenuAccessAllowed": true,
4704 "RemoteAccessHostRequireCurtain": false,
4705 "PaymentMethodQueryEnabled": true,
4706 "HomepageLocation": "https://www.chromium.org",
4707 "WebUsbAskForUrls": [
4708 "https://www.example.com",
4711 "RemoteAccessHostAllowClientPairing": false,
4713 "ProxyMode": "direct",
4714 "ProxyPacUrl": "https://internal.site/example.pac",
4715 "ProxyServer": "123.123.123.123:8080",
4716 "ProxyServerMode": 2,
4717 "ProxyBypassList": "https://www.example1.com,https://www.example2.com,https://internalsite/"
4719 "AutofillCreditCardEnabled": false,
4720 "FileHandlingAllowedForUrls": [
4721 "https://www.example.com",
4724 "ChromeCleanupReportingEnabled": true,
4725 "AlternateErrorPagesEnabled": true,
4726 "WebRtcEventLogCollectionAllowed": true,
4727 "AutoSelectCertificateForUrls": [
4728 "{\\"pattern\\":\\"https://www.example.com\\",\\"filter\\":{\\"ISSUER\\":{\\"CN\\":\\"certificate issuer name\\", \\"L\\": \\"certificate issuer location\\", \\"O\\": \\"certificate issuer org\\", \\"OU\\": \\"certificate issuer org unit\\"}, \\"SUBJECT\\":{\\"CN\\":\\"certificate subject name\\", \\"L\\": \\"certificate subject location\\", \\"O\\": \\"certificate subject org\\", \\"OU\\": \\"certificate subject org unit\\"}}}"
4730 "PolicyListMultipleSourceMergeList": [
4731 "ExtensionInstallAllowlist",
4732 "ExtensionInstallBlocklist"
4734 "CertificateTransparencyEnforcementDisabledForCas": [
4735 "sha256/AAAAAAAAAAAAAAAAAAAAAA==",
4736 "sha256//////////////////////w=="
4738 "CookiesSessionOnlyForUrls": [
4739 "https://www.example.com",
4742 "SitePerProcess": true,
4743 "RemoteAccessHostFirewallTraversal": false,
4744 "DefaultSearchProviderSuggestURLPostParams": "q={searchTerms},ie=utf-8,oe=utf-8",
4745 "BackgroundModeEnabled": true,
4746 "DefaultJavaScriptSetting": 1,
4747 "ForcedLanguages": [
4750 "ManagedBookmarks": [
4752 "toplevel_name": "My managed bookmarks folder"
4755 "url": "google.com",
4759 "url": "youtube.com",
4765 "url": "chromium.org",
4769 "url": "dev.chromium.org",
4770 "name": "Chromium Developers"
4773 "name": "Chrome links"
4776 "Disable3DAPIs": false,
4777 "CloudPrintSubmitEnabled": true,
4778 "DefaultCookiesSetting": 1,
4779 "ExtensionInstallBlocklist": [
4785 "https://ssl.server.com",
4786 "hosting.com/good_path",
4787 "https://server:8080/path",
4788 ".exact.hostname.com"
4790 "ExplicitlyAllowedNetworkPorts": [
4793 "HomepageIsNewTabPage": true,
4794 "SensorsBlockedForUrls": [
4795 "https://www.example.com",
4798 "BrowserLabsEnabled": false,
4799 "NotificationsAllowedForUrls": [
4800 "https://www.example.com",
4803 "NativeMessagingUserLevelHosts": false,
4804 "AuthNegotiateDelegateAllowlist": "foobar.example.com",
4805 "CloudUserPolicyMerge": true,
4806 "OverrideSecurityRestrictionsOnInsecureOrigin": [
4807 "http://testserver.example.com/",
4810 "HideWebStoreIcon": true,
4811 "SafeBrowsingForTrustedSourcesEnabled": false,
4812 "NewTabPageLocation": "https://www.chromium.org",
4813 "DiskCacheSize": 104857600,
4814 "BrowserSwitcherUseIeSitelist": true,
4815 "WebRtcUdpPortRange": "10000-11999",
4816 "EnterpriseHardwarePlatformAPIEnabled": true,
4817 "AutoOpenAllowedForURLs": [
4819 "https://ssl.server.com",
4820 "hosting.com/good_path",
4821 "https://server:8080/path",
4822 ".exact.hostname.com"
4824 "NativeMessagingAllowlist": [
4825 "com.native.messaging.host.name1",
4826 "com.native.messaging.host.name2"
4828 "DefaultSearchProviderName": "My Intranet Search",
4829 "JavaScriptBlockedForUrls": [
4830 "https://www.example.com",
4833 "EnableExperimentalPolicies": [
4834 "ExtensionInstallAllowlist",
4835 "ExtensionInstallBlocklist"
4837 "SafeBrowsingAllowlistDomains": [
4841 "AutofillAddressEnabled": false,
4842 "AllowCrossOriginAuthPrompt": false,
4843 "SpellcheckLanguage": [
4847 "VideoCaptureAllowed": false,
4848 "ScreenCaptureAllowed": false,
4849 "VideoCaptureAllowedUrls": [
4850 "https://www.example.com/",
4851 "https://[*.]example.edu/"
4853 "ImportHistory": true,
4854 "ShowCastIconInToolbar": false,
4855 "RestoreOnStartupURLs": [
4856 "https://example.com",
4857 "https://www.chromium.org"
4859 "LegacySameSiteCookieBehaviorEnabledForDomainList": [
4863 "PrintingEnabled": true,
4864 "ImportSavedPasswords": true,
4865 "EnableDeprecatedPrivetPrinting": true,
4866 "InsecurePrivateNetworkRequestsAllowed": false,
4868 "PolicyAtomicGroupsEnabled": true,
4869 "HardwareAccelerationModeEnabled": true,
4870 "AllowDeletingBrowserHistory": true,
4871 "DefaultSearchProviderKeyword": "mis",
4872 "ExtensionInstallAllowlist": [
4876 "WebAppInstallForceList": [
4878 "url": "https://www.google.com/maps",
4879 "create_desktop_shortcut": true,
4880 "default_launch_container": "window"
4883 "url": "https://docs.google.com",
4884 "default_launch_container": "tab"
4887 "url": "https://docs.google.com/editor",
4888 "fallback_app_name": "Editor",
4889 "default_launch_container": "window"
4892 "DiskCacheDir": "${user_home}/Chrome_cache",
4893 "SignedHTTPExchangeEnabled": true,
4894 "SearchSuggestEnabled": true,
4895 "BrowserThemeColor": "#FFFFFF",
4896 "RestrictSigninToPattern": ".*@example\\\\.com",
4897 "DefaultInsecureContentSetting": 2,
4898 "DefaultSensorsSetting": 2,
4899 "AudioSandboxEnabled": true,
4900 "RemoteAccessHostAllowRelayedConnection": false,
4901 "RoamingProfileLocation": "${roaming_app_data}\\\\chrome-profile",
4902 "UserAgentClientHintsEnabled": true,
4903 "TargetBlankImpliesNoOpener": false,
4904 "BrowserSwitcherKeepLastChromeTab": false,
4905 "RemoteAccessHostClientDomainList": [
4906 "my-awesome-domain.com",
4907 "my-auxiliary-domain.com"
4909 "NotificationsBlockedForUrls": [
4910 "https://www.example.com",
4913 "SerialBlockedForUrls": [
4914 "https://www.example.com",
4917 "DefaultImagesSetting": 1,
4918 "SigninInterceptionEnabled": true,
4919 "WebUsbBlockedForUrls": [
4920 "https://www.example.com",
4923 "ImportAutofillFormData": true,
4924 "BrowserSwitcherEnabled": true
4928 chromium_json_expected_recommended
= \
4931 "BackgroundModeEnabled": true,
4932 "RestoreOnStartup": 4,
4933 "RegisteredProtocolHandlers": [
4936 "url": "https://mail.google.com/mail/?extsrc=mailto&url=%s",
4937 "protocol": "mailto"
4940 "ShowHomeButton": true,
4941 "PrintHeaderFooter": false,
4942 "SafeBrowsingForTrustedSourcesEnabled": false,
4943 "ShowFullUrlsInAddressBar": false,
4944 "MetricsReportingEnabled": true,
4945 "SpellCheckServiceEnabled": false,
4946 "ImportSearchEngine": true,
4947 "DownloadRestrictions": 2,
4948 "NetworkPredictionOptions": 1,
4949 "DownloadDirectory": "/home/${user_name}/Downloads",
4950 "TranslateEnabled": true,
4951 "AutofillAddressEnabled": false,
4952 "BookmarkBarEnabled": true,
4953 "PrintPreviewUseSystemDefaultPrinter": false,
4954 "ApplicationLocaleValue": "en",
4955 "ImportHistory": true,
4956 "RestoreOnStartupURLs": [
4957 "https://example.com",
4958 "https://www.chromium.org"
4960 "PasswordManagerEnabled": true,
4961 "ImportSavedPasswords": true,
4962 "DefaultDownloadDirectory": "/home/${user_name}/Downloads",
4963 "PasswordLeakDetectionEnabled": true,
4964 "SearchSuggestEnabled": true,
4965 "AlternateErrorPagesEnabled": true,
4966 "HomepageIsNewTabPage": true,
4967 "ImportAutofillFormData": true,
4968 "BlockThirdPartyCookies": false,
4969 "AutofillCreditCardEnabled": false,
4970 "HomepageLocation": "https://www.chromium.org",
4971 "SafeBrowsingProtectionLevel": 2,
4972 "ImportBookmarks": true
4976 firewalld_reg_pol
= \
4978 <?xml version="1.0" encoding="utf-8"?>
4979 <PolFile num_entries="6" signature="PReg" version="1">
4980 <Entry type="4" type_name="REG_DWORD">
4981 <Key>Software\Policies\Samba\Unix Settings\Firewalld</Key>
4982 <ValueName>Zones</ValueName>
4985 <Entry type="4" type_name="REG_DWORD">
4986 <Key>Software\Policies\Samba\Unix Settings\Firewalld</Key>
4987 <ValueName>Rules</ValueName>
4990 <Entry type="1" type_name="REG_SZ">
4991 <Key>Software\Policies\Samba\Unix Settings\Firewalld\Rules</Key>
4992 <ValueName>Rules</ValueName>
4993 <Value>{"work": [{"rule": {"family": "ipv4"}, "source address": "172.25.1.7", "service name": "ftp", "reject": {}}]}</Value>
4995 <Entry type="1" type_name="REG_SZ">
4996 <Key>Software\Policies\Samba\Unix Settings\Firewalld\Zones</Key>
4997 <ValueName>**delvals.</ValueName>
5000 <Entry type="1" type_name="REG_SZ">
5001 <Key>Software\Policies\Samba\Unix Settings\Firewalld\Zones</Key>
5002 <ValueName>work</ValueName>
5005 <Entry type="1" type_name="REG_SZ">
5006 <Key>Software\Policies\Samba\Unix Settings\Firewalld\Zones</Key>
5007 <ValueName>home</ValueName>
5013 drive_maps_xml
= b
"""<?xml version="1.0" encoding="utf-8"?>
5014 <Drives clsid="{8FDDCC1A-0C3C-43cd-A6B4-71A6DF20DA8C}"><Drive clsid="{935D1B74-9CB8-4e3c-9914-7DD559B7A417}" name="A:" status="A:" image="2" changed="2023-03-08 19:23:02" uid="{1641E121-DEF3-418D-A428-2D8DF4749504}" bypassErrors="1"><Properties action="U" thisDrive="NOCHANGE" allDrives="NOCHANGE" userName="" path="\\\\example.com\\test" label="TEST" persistent="1" useLetter="0" letter="A"/></Drive>
5018 empty_multi_sz_reg_pol
= \
5020 <?xml version="1.0" encoding="utf-8"?>
5021 <PolFile num_entries="1" signature="PReg" version="1">
5022 <Entry type="7" type_name="REG_MULTI_SZ">
5024 <ValueName>ValueName</ValueName>
5030 multiple_values_multi_sz_reg_pol
= \
5032 <?xml version="1.0" encoding="utf-8"?>
5033 <PolFile num_entries="1" signature="PReg" version="1">
5034 <Entry type="7" type_name="REG_MULTI_SZ">
5036 <ValueName>ValueName</ValueName>
5037 <Value>Value1</Value>
5038 <Value>Value2</Value>
5039 <Value>Value3</Value>
5044 def days2rel_nttime(val
):
5049 return -(val
* seconds
* minutes
* hours
* sam_add
)
5051 def gpupdate(lp
, arg
):
5052 gpupdate
= lp
.get('gpo update command')
5053 gpupdate
.append(arg
)
5055 p
= Popen(gpupdate
, stdout
=PIPE
, stderr
=PIPE
)
5056 stdoutdata
, stderrdata
= p
.communicate()
5060 def gpupdate_force(lp
):
5061 return gpupdate(lp
, '--force')
5063 def gpupdate_unapply(lp
):
5064 return gpupdate(lp
, '--unapply')
5067 return gpupdate(lp
, '--rsop')
5069 def stage_file(path
, data
):
5070 dirname
= os
.path
.dirname(path
)
5071 if not os
.path
.exists(dirname
):
5073 os
.makedirs(dirname
)
5074 except OSError as e
:
5075 if not (e
.errno
== errno
.EEXIST
and os
.path
.isdir(dirname
)):
5077 if os
.path
.exists(path
):
5078 os
.rename(path
, '%s.bak' % path
)
5079 with
NamedTemporaryFile(delete
=False, dir=os
.path
.dirname(path
)) as f
:
5080 f
.write(get_bytes(data
))
5081 os
.rename(f
.name
, path
)
5082 os
.chmod(path
, 0o644)
5085 def unstage_file(path
):
5086 backup
= '%s.bak' % path
5087 if os
.path
.exists(backup
):
5088 os
.rename(backup
, path
)
5089 elif os
.path
.exists(path
):
5092 class GPOTests(tests
.TestCase
):
5094 super(GPOTests
, self
).setUp()
5095 self
.server
= os
.environ
["SERVER"]
5096 self
.dc_account
= self
.server
.upper() + '$'
5097 self
.lp
= s3param
.get_context()
5098 self
.lp
.load_default()
5099 self
.creds
= self
.insta_creds(template
=self
.get_credentials())
5102 super(GPOTests
, self
).tearDown()
5104 def test_gpo_list(self
):
5105 global poldir
, dspath
5106 gpos
= get_gpo_list(self
.server
, self
.creds
, self
.lp
,
5107 self
.creds
.get_username())
5108 guid
= '{31B2F340-016D-11D2-945F-00C04FB984F9}'
5109 names
= ['Local Policy', guid
]
5110 file_sys_paths
= [None, '%s\\%s' % (poldir
, guid
)]
5111 ds_paths
= [None, 'CN=%s,%s' % (guid
, dspath
)]
5112 for i
in range(0, len(gpos
)):
5113 self
.assertEqual(gpos
[i
].name
, names
[i
],
5114 'The gpo name did not match expected name %s' % gpos
[i
].name
)
5115 self
.assertEqual(gpos
[i
].file_sys_path
, file_sys_paths
[i
],
5116 'file_sys_path did not match expected %s' % gpos
[i
].file_sys_path
)
5117 self
.assertEqual(gpos
[i
].ds_path
, ds_paths
[i
],
5118 'ds_path did not match expected %s' % gpos
[i
].ds_path
)
5120 def test_gpt_version(self
):
5122 local_path
= self
.lp
.cache_path('gpo_cache')
5123 guid
= '{31B2F340-016D-11D2-945F-00C04FB984F9}'
5124 gpo_path
= os
.path
.join(local_path
, policies
, guid
)
5125 old_vers
= gpo
.gpo_get_sysvol_gpt_version(gpo_path
)[1]
5127 with
open(os
.path
.join(gpo_path
, 'GPT.INI'), 'w') as gpt
:
5128 gpt
.write(gpt_data
% 42)
5129 self
.assertEqual(gpo
.gpo_get_sysvol_gpt_version(gpo_path
)[1], 42,
5130 'gpo_get_sysvol_gpt_version() did not return the expected version')
5132 with
open(os
.path
.join(gpo_path
, 'GPT.INI'), 'w') as gpt
:
5133 gpt
.write(gpt_data
% old_vers
)
5134 self
.assertEqual(gpo
.gpo_get_sysvol_gpt_version(gpo_path
)[1], old_vers
,
5135 'gpo_get_sysvol_gpt_version() did not return the expected version')
5137 def test_check_refresh_gpo_list(self
):
5138 cache
= self
.lp
.cache_path('gpo_cache')
5139 gpos
= get_gpo_list(self
.server
, self
.creds
, self
.lp
,
5140 self
.creds
.get_username())
5141 check_refresh_gpo_list(self
.server
, self
.lp
, self
.creds
, gpos
)
5143 self
.assertTrue(os
.path
.exists(cache
),
5144 'GPO cache %s was not created' % cache
)
5146 guid
= '{31B2F340-016D-11D2-945F-00C04FB984F9}'
5147 gpt_ini
= os
.path
.join(cache
, policies
,
5149 self
.assertTrue(os
.path
.exists(gpt_ini
),
5150 'GPT.INI was not cached for %s' % guid
)
5152 def test_check_refresh_gpo_list_malicious_paths(self
):
5153 # the path cannot contain ..
5154 path
= '/usr/local/samba/var/locks/sysvol/../../../../../../root/'
5155 self
.assertRaises(OSError, check_safe_path
, path
)
5157 self
.assertEqual(check_safe_path('/etc/passwd'), 'etc/passwd')
5158 self
.assertEqual(check_safe_path('\\\\etc/\\passwd'), 'etc/passwd')
5160 # there should be no backslashes used to delineate paths
5161 before
= 'sysvol/' + realm
+ '\\Policies/' \
5162 '{31B2F340-016D-11D2-945F-00C04FB984F9}\\GPT.INI'
5163 after
= realm
+ '/Policies/' \
5164 '{31B2F340-016D-11D2-945F-00C04FB984F9}/GPT.INI'
5165 result
= check_safe_path(before
)
5166 self
.assertEqual(result
, after
, 'check_safe_path() didn\'t'
5167 ' correctly convert \\ to /')
5169 def test_check_safe_path_typesafe_name(self
):
5170 path
= '\\\\toady.suse.de\\SysVol\\toady.suse.de\\Policies\\' \
5171 '{31B2F340-016D-11D2-945F-00C04FB984F9}\\GPT.INI'
5172 expected_path
= 'toady.suse.de/Policies/' \
5173 '{31B2F340-016D-11D2-945F-00C04FB984F9}/GPT.INI'
5175 result
= check_safe_path(path
)
5176 self
.assertEqual(result
, expected_path
,
5177 'check_safe_path unable to detect variable case sysvol components')
5179 def test_gpt_ext_register(self
):
5180 this_path
= os
.path
.dirname(os
.path
.realpath(__file__
))
5181 samba_path
= os
.path
.realpath(os
.path
.join(this_path
, '../../../'))
5182 ext_path
= os
.path
.join(samba_path
, 'python/samba/gp/gp_sec_ext.py')
5183 ext_guid
= '{827D319E-6EAC-11D2-A4EA-00C04F79F83A}'
5184 ret
= register_gp_extension(ext_guid
, 'gp_access_ext', ext_path
,
5185 smb_conf
=self
.lp
.configfile
,
5186 machine
=True, user
=False)
5187 self
.assertTrue(ret
, 'Failed to register a gp ext')
5188 gp_exts
= list_gp_extensions(self
.lp
.configfile
)
5189 self
.assertTrue(ext_guid
in gp_exts
.keys(),
5190 'Failed to list gp exts')
5191 self
.assertEqual(gp_exts
[ext_guid
]['DllName'], ext_path
,
5192 'Failed to list gp exts')
5194 unregister_gp_extension(ext_guid
)
5195 gp_exts
= list_gp_extensions(self
.lp
.configfile
)
5196 self
.assertTrue(ext_guid
not in gp_exts
.keys(),
5197 'Failed to unregister gp exts')
5199 self
.assertTrue(check_guid(ext_guid
), 'Failed to parse valid guid')
5200 self
.assertFalse(check_guid('AAAAAABBBBBBBCCC'), 'Parsed invalid guid')
5202 lp
, parser
= parse_gpext_conf(self
.lp
.configfile
)
5203 self
.assertTrue(lp
and parser
, 'parse_gpext_conf() invalid return')
5204 parser
.add_section('test_section')
5205 parser
.set('test_section', 'test_var', ext_guid
)
5206 atomic_write_conf(lp
, parser
)
5208 lp
, parser
= parse_gpext_conf(self
.lp
.configfile
)
5209 self
.assertTrue('test_section' in parser
.sections(),
5210 'test_section not found in gpext.conf')
5211 self
.assertEqual(parser
.get('test_section', 'test_var'), ext_guid
,
5212 'Failed to find test variable in gpext.conf')
5213 parser
.remove_section('test_section')
5214 atomic_write_conf(lp
, parser
)
5216 def test_gp_log_get_applied(self
):
5217 local_path
= self
.lp
.get('path', 'sysvol')
5218 guids
= ['{31B2F340-016D-11D2-945F-00C04FB984F9}',
5219 '{6AC1786C-016F-11D2-945F-00C04FB984F9}']
5220 gpofile
= '%s/' + realm
+ '/Policies/%s/MACHINE/Microsoft/' \
5221 'Windows NT/SecEdit/GptTmpl.inf'
5222 stage
= '[System Access]\nMinimumPasswordAge = 998\n'
5223 cache_dir
= self
.lp
.get('cache directory')
5224 store
= GPOStorage(os
.path
.join(cache_dir
, 'gpo.tdb'))
5226 gpttmpl
= gpofile
% (local_path
, guid
)
5227 ret
= stage_file(gpttmpl
, stage
)
5228 self
.assertTrue(ret
, 'Could not create the target %s' % gpttmpl
)
5230 ret
= gpupdate_force(self
.lp
)
5231 self
.assertEqual(ret
, 0, 'gpupdate force failed')
5233 gp_db
= store
.get_gplog(self
.dc_account
)
5235 applied_guids
= gp_db
.get_applied_guids()
5236 self
.assertEqual(len(applied_guids
), 2, 'The guids were not found')
5237 self
.assertIn(guids
[0], applied_guids
,
5238 '%s not in applied guids' % guids
[0])
5239 self
.assertIn(guids
[1], applied_guids
,
5240 '%s not in applied guids' % guids
[1])
5242 applied_settings
= gp_db
.get_applied_settings(applied_guids
)
5243 for policy
in applied_settings
:
5244 self
.assertIn('System Access', policy
[1],
5245 'System Access policies not set')
5246 self
.assertIn('minPwdAge', policy
[1]['System Access'],
5247 'minPwdAge policy not set')
5248 if policy
[0] == guids
[0]:
5249 self
.assertEqual(int(policy
[1]['System Access']['minPwdAge']),
5251 'minPwdAge policy not set')
5252 elif policy
[0] == guids
[1]:
5253 self
.assertEqual(int(policy
[1]['System Access']['minPwdAge']),
5254 days2rel_nttime(998),
5255 'minPwdAge policy not set')
5257 gpos
= get_gpo_list(self
.server
, self
.creds
, self
.lp
,
5259 del_gpos
= get_deleted_gpos_list(gp_db
, gpos
[:-1])
5260 self
.assertEqual(len(del_gpos
), 1, 'Returned delete gpos is incorrect')
5261 self
.assertEqual(guids
[-1], del_gpos
[0][0],
5262 'GUID for delete gpo is incorrect')
5263 self
.assertIn('System Access', del_gpos
[0][1],
5264 'System Access policies not set for removal')
5265 self
.assertIn('minPwdAge', del_gpos
[0][1]['System Access'],
5266 'minPwdAge policy not set for removal')
5269 gpttmpl
= gpofile
% (local_path
, guid
)
5270 unstage_file(gpttmpl
)
5272 ret
= gpupdate_unapply(self
.lp
)
5273 self
.assertEqual(ret
, 0, 'gpupdate unapply failed')
5275 def test_process_group_policy(self
):
5276 local_path
= self
.lp
.cache_path('gpo_cache')
5277 guids
= ['{31B2F340-016D-11D2-945F-00C04FB984F9}',
5278 '{6AC1786C-016F-11D2-945F-00C04FB984F9}']
5279 gpofile
= '%s/' + policies
+ '/%s/MACHINE/MICROSOFT/' \
5280 'WINDOWS NT/SECEDIT/GPTTMPL.INF'
5281 cache_dir
= self
.lp
.get('cache directory')
5282 store
= GPOStorage(os
.path
.join(cache_dir
, 'gpo.tdb'))
5284 machine_creds
= Credentials()
5285 machine_creds
.guess(self
.lp
)
5286 machine_creds
.set_machine_account()
5288 # Initialize the group policy extension
5289 ext
= gp_krb_ext(self
.lp
, machine_creds
,
5290 machine_creds
.get_username(), store
)
5292 gpos
= get_gpo_list(self
.server
, machine_creds
, self
.lp
,
5293 machine_creds
.get_username())
5295 # Include MaxClockSkew to ensure we don't fail on a key we ignore
5296 stage
= '[Kerberos Policy]\nMaxTicketAge = %d\nMaxClockSkew = 5'
5298 for i
in range(0, 2):
5299 gpttmpl
= gpofile
% (local_path
, guids
[i
])
5300 ret
= stage_file(gpttmpl
, stage
% opts
[i
])
5301 self
.assertTrue(ret
, 'Could not create the target %s' % gpttmpl
)
5304 ext
.process_group_policy([], gpos
)
5306 ret
= store
.get_int('kdc:user_ticket_lifetime')
5307 self
.assertEqual(ret
, opts
[1], 'Higher priority policy was not set')
5310 gp_db
= store
.get_gplog(machine_creds
.get_username())
5311 del_gpos
= get_deleted_gpos_list(gp_db
, [])
5312 ext
.process_group_policy(del_gpos
, [])
5314 ret
= store
.get_int('kdc:user_ticket_lifetime')
5315 self
.assertEqual(ret
, None, 'MaxTicketAge should not have applied')
5317 # Process just the first gpo
5318 ext
.process_group_policy([], gpos
[:-1])
5320 ret
= store
.get_int('kdc:user_ticket_lifetime')
5321 self
.assertEqual(ret
, opts
[0], 'Lower priority policy was not set')
5324 ext
.process_group_policy(del_gpos
, [])
5327 gpttmpl
= gpofile
% (local_path
, guid
)
5328 unstage_file(gpttmpl
)
5330 def test_gp_scripts(self
):
5331 local_path
= self
.lp
.cache_path('gpo_cache')
5332 guid
= '{31B2F340-016D-11D2-945F-00C04FB984F9}'
5333 reg_pol
= os
.path
.join(local_path
, policies
, guid
,
5334 'MACHINE/REGISTRY.POL')
5335 cache_dir
= self
.lp
.get('cache directory')
5336 store
= GPOStorage(os
.path
.join(cache_dir
, 'gpo.tdb'))
5338 machine_creds
= Credentials()
5339 machine_creds
.guess(self
.lp
)
5340 machine_creds
.set_machine_account()
5342 # Initialize the group policy extension
5343 ext
= gp_scripts_ext(self
.lp
, machine_creds
,
5344 machine_creds
.get_username(), store
)
5346 gpos
= get_gpo_list(self
.server
, machine_creds
, self
.lp
,
5347 machine_creds
.get_username())
5349 reg_key
= b
'Software\\Policies\\Samba\\Unix Settings'
5350 sections
= { b
'%s\\Daily Scripts' % reg_key
: '.cron.daily',
5351 b
'%s\\Monthly Scripts' % reg_key
: '.cron.monthly',
5352 b
'%s\\Weekly Scripts' % reg_key
: '.cron.weekly',
5353 b
'%s\\Hourly Scripts' % reg_key
: '.cron.hourly' }
5354 for keyname
in sections
.keys():
5355 # Stage the Registry.pol file with test data
5359 e
.valuename
= b
'Software\\Policies\\Samba\\Unix Settings'
5361 e
.data
= b
'echo hello world'
5362 stage
.num_entries
= 1
5364 ret
= stage_file(reg_pol
, ndr_pack(stage
))
5365 self
.assertTrue(ret
, 'Could not create the target %s' % reg_pol
)
5367 # Process all gpos, with temp output directory
5368 with
TemporaryDirectory(sections
[keyname
]) as dname
:
5369 ext
.process_group_policy([], gpos
, dname
)
5370 scripts
= os
.listdir(dname
)
5371 self
.assertEqual(len(scripts
), 1,
5372 'The %s script was not created' % keyname
.decode())
5373 out
, _
= Popen([os
.path
.join(dname
, scripts
[0])], stdout
=PIPE
).communicate()
5374 self
.assertIn(b
'hello world', out
,
5375 '%s script execution failed' % keyname
.decode())
5377 # Check that a call to gpupdate --rsop also succeeds
5379 self
.assertEqual(ret
, 0, 'gpupdate --rsop failed!')
5382 gp_db
= store
.get_gplog(machine_creds
.get_username())
5383 del_gpos
= get_deleted_gpos_list(gp_db
, [])
5384 ext
.process_group_policy(del_gpos
, [])
5385 self
.assertEqual(len(os
.listdir(dname
)), 0,
5386 'Unapply failed to cleanup scripts')
5388 # Unstage the Registry.pol file
5389 unstage_file(reg_pol
)
5391 def test_gp_sudoers(self
):
5392 local_path
= self
.lp
.cache_path('gpo_cache')
5393 guid
= '{31B2F340-016D-11D2-945F-00C04FB984F9}'
5394 reg_pol
= os
.path
.join(local_path
, policies
, guid
,
5395 'MACHINE/REGISTRY.POL')
5396 cache_dir
= self
.lp
.get('cache directory')
5397 store
= GPOStorage(os
.path
.join(cache_dir
, 'gpo.tdb'))
5399 machine_creds
= Credentials()
5400 machine_creds
.guess(self
.lp
)
5401 machine_creds
.set_machine_account()
5403 # Initialize the group policy extension
5404 ext
= gp_sudoers_ext(self
.lp
, machine_creds
,
5405 machine_creds
.get_username(), store
)
5407 gpos
= get_gpo_list(self
.server
, machine_creds
, self
.lp
,
5408 machine_creds
.get_username())
5410 # Stage the Registry.pol file with test data
5413 e
.keyname
= b
'Software\\Policies\\Samba\\Unix Settings\\Sudo Rights'
5414 e
.valuename
= b
'Software\\Policies\\Samba\\Unix Settings'
5416 e
.data
= b
'fakeu ALL=(ALL) NOPASSWD: ALL'
5417 stage
.num_entries
= 1
5419 ret
= stage_file(reg_pol
, ndr_pack(stage
))
5420 self
.assertTrue(ret
, 'Could not create the target %s' % reg_pol
)
5422 # Process all gpos, with temp output directory
5423 with
TemporaryDirectory() as dname
:
5424 ext
.process_group_policy([], gpos
, dname
)
5425 sudoers
= os
.listdir(dname
)
5426 self
.assertEqual(len(sudoers
), 1, 'The sudoer file was not created')
5427 self
.assertIn(e
.data
,
5428 open(os
.path
.join(dname
, sudoers
[0]), 'r').read(),
5429 'The sudoers entry was not applied')
5431 # Check that a call to gpupdate --rsop also succeeds
5433 self
.assertEqual(ret
, 0, 'gpupdate --rsop failed!')
5436 gp_db
= store
.get_gplog(machine_creds
.get_username())
5437 del_gpos
= get_deleted_gpos_list(gp_db
, [])
5438 ext
.process_group_policy(del_gpos
, [])
5439 self
.assertEqual(len(os
.listdir(dname
)), 0,
5440 'Unapply failed to cleanup scripts')
5442 # Unstage the Registry.pol file
5443 unstage_file(reg_pol
)
5445 def test_vgp_sudoers(self
):
5446 local_path
= self
.lp
.cache_path('gpo_cache')
5447 guid
= '{31B2F340-016D-11D2-945F-00C04FB984F9}'
5448 manifest
= os
.path
.join(local_path
, policies
, guid
, 'MACHINE',
5449 'VGP/VTLA/SUDO/SUDOERSCONFIGURATION/MANIFEST.XML')
5450 cache_dir
= self
.lp
.get('cache directory')
5451 store
= GPOStorage(os
.path
.join(cache_dir
, 'gpo.tdb'))
5453 machine_creds
= Credentials()
5454 machine_creds
.guess(self
.lp
)
5455 machine_creds
.set_machine_account()
5457 # Initialize the group policy extension
5458 ext
= vgp_sudoers_ext(self
.lp
, machine_creds
,
5459 machine_creds
.get_username(), store
)
5461 gpos
= get_gpo_list(self
.server
, machine_creds
, self
.lp
,
5462 machine_creds
.get_username())
5464 # Stage the manifest.xml file with test data
5465 stage
= etree
.Element('vgppolicy')
5466 policysetting
= etree
.Element('policysetting')
5467 stage
.append(policysetting
)
5468 version
= etree
.Element('version')
5470 policysetting
.append(version
)
5471 data
= etree
.Element('data')
5472 sudoers_entry
= etree
.Element('sudoers_entry')
5473 command
= etree
.Element('command')
5474 command
.text
= 'ALL'
5475 sudoers_entry
.append(command
)
5476 user
= etree
.Element('user')
5478 sudoers_entry
.append(user
)
5479 principal_list
= etree
.Element('listelement')
5480 principal
= etree
.Element('principal')
5481 principal
.text
= 'fakeu'
5482 principal
.attrib
['type'] = 'user'
5483 group
= etree
.Element('principal')
5484 group
.text
= 'fakeg'
5485 group
.attrib
['type'] = 'group'
5486 principal_list
.append(principal
)
5487 principal_list
.append(group
)
5488 sudoers_entry
.append(principal_list
)
5489 data
.append(sudoers_entry
)
5490 # Ensure an empty principal doesn't cause a crash
5491 sudoers_entry
= etree
.SubElement(data
, 'sudoers_entry')
5492 command
= etree
.SubElement(sudoers_entry
, 'command')
5493 command
.text
= 'ALL'
5494 user
= etree
.SubElement(sudoers_entry
, 'user')
5496 # Ensure having dispersed principals still works
5497 sudoers_entry
= etree
.SubElement(data
, 'sudoers_entry')
5498 command
= etree
.SubElement(sudoers_entry
, 'command')
5499 command
.text
= 'ALL'
5500 user
= etree
.SubElement(sudoers_entry
, 'user')
5502 listelement
= etree
.SubElement(sudoers_entry
, 'listelement')
5503 principal
= etree
.SubElement(listelement
, 'principal')
5504 principal
.text
= 'fakeu2'
5505 principal
.attrib
['type'] = 'user'
5506 listelement
= etree
.SubElement(sudoers_entry
, 'listelement')
5507 group
= etree
.SubElement(listelement
, 'principal')
5508 group
.text
= 'fakeg2'
5509 group
.attrib
['type'] = 'group'
5510 policysetting
.append(data
)
5511 ret
= stage_file(manifest
, etree
.tostring(stage
))
5512 self
.assertTrue(ret
, 'Could not create the target %s' % manifest
)
5514 # Process all gpos, with temp output directory
5515 data
= 'fakeu,fakeg% ALL=(ALL) NOPASSWD: ALL'
5516 data2
= 'fakeu2,fakeg2% ALL=(ALL) NOPASSWD: ALL'
5517 data_no_principal
= 'ALL ALL=(ALL) NOPASSWD: ALL'
5518 with
TemporaryDirectory() as dname
:
5519 ext
.process_group_policy([], gpos
, dname
)
5520 sudoers
= os
.listdir(dname
)
5521 self
.assertEqual(len(sudoers
), 3, 'The sudoer file was not created')
5522 output
= open(os
.path
.join(dname
, sudoers
[0]), 'r').read() + \
5523 open(os
.path
.join(dname
, sudoers
[1]), 'r').read() + \
5524 open(os
.path
.join(dname
, sudoers
[2]), 'r').read()
5525 self
.assertIn(data
, output
,
5526 'The sudoers entry was not applied')
5527 self
.assertIn(data2
, output
,
5528 'The sudoers entry was not applied')
5529 self
.assertIn(data_no_principal
, output
,
5530 'The sudoers entry was not applied')
5532 # Check that a call to gpupdate --rsop also succeeds
5534 self
.assertEqual(ret
, 0, 'gpupdate --rsop failed!')
5537 gp_db
= store
.get_gplog(machine_creds
.get_username())
5538 del_gpos
= get_deleted_gpos_list(gp_db
, [])
5539 ext
.process_group_policy(del_gpos
, [])
5540 self
.assertEqual(len(os
.listdir(dname
)), 0,
5541 'Unapply failed to cleanup scripts')
5543 # Unstage the Registry.pol file
5544 unstage_file(manifest
)
5546 def test_gp_inf_ext_utf(self
):
5547 cache_dir
= self
.lp
.get('cache directory')
5548 store
= GPOStorage(os
.path
.join(cache_dir
, 'gpo.tdb'))
5550 machine_creds
= Credentials()
5551 machine_creds
.guess(self
.lp
)
5552 machine_creds
.set_machine_account()
5554 ext
= gp_inf_ext(self
.lp
, machine_creds
,
5555 machine_creds
.get_username(), store
)
5556 test_data
= '[Kerberos Policy]\nMaxTicketAge = 99\n'
5558 with
NamedTemporaryFile() as f
:
5559 with codecs
.open(f
.name
, 'w', 'utf-16') as w
:
5562 inf_conf
= ext
.read(f
.name
)
5563 except UnicodeDecodeError:
5564 self
.fail('Failed to parse utf-16')
5565 self
.assertIn('Kerberos Policy', inf_conf
.keys(),
5566 'Kerberos Policy was not read from the file')
5567 self
.assertEqual(inf_conf
.get('Kerberos Policy', 'MaxTicketAge'),
5568 '99', 'MaxTicketAge was not read from the file')
5570 with
NamedTemporaryFile() as f
:
5571 with codecs
.open(f
.name
, 'w', 'utf-8') as w
:
5573 inf_conf
= ext
.read(f
.name
)
5574 self
.assertIn('Kerberos Policy', inf_conf
.keys(),
5575 'Kerberos Policy was not read from the file')
5576 self
.assertEqual(inf_conf
.get('Kerberos Policy', 'MaxTicketAge'),
5577 '99', 'MaxTicketAge was not read from the file')
5579 def test_rsop(self
):
5580 cache_dir
= self
.lp
.get('cache directory')
5581 local_path
= self
.lp
.cache_path('gpo_cache')
5582 store
= GPOStorage(os
.path
.join(cache_dir
, 'gpo.tdb'))
5584 machine_creds
= Credentials()
5585 machine_creds
.guess(self
.lp
)
5586 machine_creds
.set_machine_account()
5588 gpos
= get_gpo_list(self
.server
, machine_creds
, self
.lp
,
5589 machine_creds
.get_username())
5592 gp_extensions
.append(gp_krb_ext
)
5593 gp_extensions
.append(gp_scripts_ext
)
5594 gp_extensions
.append(gp_sudoers_ext
)
5595 gp_extensions
.append(gp_smb_conf_ext
)
5596 gp_extensions
.append(gp_msgs_ext
)
5598 # Create registry stage data
5599 reg_pol
= os
.path
.join(local_path
, policies
, '%s/MACHINE/REGISTRY.POL')
5600 reg_stage
= preg
.file()
5602 e
.keyname
= b
'Software\\Policies\\Samba\\Unix Settings\\Daily Scripts'
5603 e
.valuename
= b
'Software\\Policies\\Samba\\Unix Settings'
5605 e
.data
= b
'echo hello world'
5607 e2
.keyname
= b
'Software\\Policies\\Samba\\Unix Settings\\Sudo Rights'
5608 e2
.valuename
= b
'Software\\Policies\\Samba\\Unix Settings'
5610 e2
.data
= b
'fakeu ALL=(ALL) NOPASSWD: ALL'
5612 e3
.keyname
= 'Software\\Policies\\Samba\\smb_conf\\apply group policies'
5615 e3
.valuename
= 'apply group policies'
5617 e4
.keyname
= b
'Software\\Policies\\Samba\\Unix Settings\\Messages'
5618 e4
.valuename
= b
'issue'
5620 e4
.data
= b
'Welcome to \\s \\r \\l'
5621 reg_stage
.num_entries
= 4
5622 reg_stage
.entries
= [e
, e2
, e3
, e4
]
5624 # Create krb stage date
5625 gpofile
= os
.path
.join(local_path
, policies
, '%s/MACHINE/MICROSOFT/' \
5626 'WINDOWS NT/SECEDIT/GPTTMPL.INF')
5627 krb_stage
= '[Kerberos Policy]\nMaxTicketAge = 99\n' \
5628 '[System Access]\nMinimumPasswordAge = 998\n'
5630 for g
in [g
for g
in gpos
if g
.file_sys_path
]:
5631 ret
= stage_file(gpofile
% g
.name
, krb_stage
)
5632 self
.assertTrue(ret
, 'Could not create the target %s' %
5634 ret
= stage_file(reg_pol
% g
.name
, ndr_pack(reg_stage
))
5635 self
.assertTrue(ret
, 'Could not create the target %s' %
5637 for ext
in gp_extensions
:
5638 ext
= ext(self
.lp
, machine_creds
,
5639 machine_creds
.get_username(), store
)
5641 self
.assertEqual(len(ret
.keys()), 1,
5642 'A single policy should have been displayed')
5644 # Check the Security Extension
5645 if type(ext
) == gp_krb_ext
:
5646 self
.assertIn('Kerberos Policy', ret
.keys(),
5647 'Kerberos Policy not found')
5648 self
.assertIn('MaxTicketAge', ret
['Kerberos Policy'],
5649 'MaxTicketAge setting not found')
5650 self
.assertEqual(ret
['Kerberos Policy']['MaxTicketAge'], '99',
5651 'MaxTicketAge was not set to 99')
5652 # Check the Scripts Extension
5653 elif type(ext
) == gp_scripts_ext
:
5654 self
.assertIn('Daily Scripts', ret
.keys(),
5655 'Daily Scripts not found')
5656 self
.assertIn('echo hello world', ret
['Daily Scripts'],
5657 'Daily script was not created')
5658 # Check the Sudoers Extension
5659 elif type(ext
) == gp_sudoers_ext
:
5660 self
.assertIn('Sudo Rights', ret
.keys(),
5661 'Sudoers not found')
5662 self
.assertIn('fakeu ALL=(ALL) NOPASSWD: ALL',
5664 'Sudoers policy not created')
5665 # Check the smb.conf Extension
5666 elif type(ext
) == gp_smb_conf_ext
:
5667 self
.assertIn('smb.conf', ret
.keys(),
5668 'apply group policies was not applied')
5669 self
.assertIn(e3
.valuename
, ret
['smb.conf'],
5670 'apply group policies was not applied')
5671 self
.assertEqual(ret
['smb.conf'][e3
.valuename
], e3
.data
,
5672 'apply group policies was not set')
5673 # Check the Messages Extension
5674 elif type(ext
) == gp_msgs_ext
:
5675 self
.assertIn('/etc/issue', ret
,
5676 'Login Prompt Message not applied')
5677 self
.assertEqual(ret
['/etc/issue'], e4
.data
,
5678 'Login Prompt Message not set')
5680 # Check that a call to gpupdate --rsop also succeeds
5682 self
.assertEqual(ret
, 0, 'gpupdate --rsop failed!')
5684 unstage_file(gpofile
% g
.name
)
5685 unstage_file(reg_pol
% g
.name
)
5687 def test_gp_unapply(self
):
5688 cache_dir
= self
.lp
.get('cache directory')
5689 local_path
= self
.lp
.cache_path('gpo_cache')
5690 guid
= '{31B2F340-016D-11D2-945F-00C04FB984F9}'
5691 store
= GPOStorage(os
.path
.join(cache_dir
, 'gpo.tdb'))
5693 machine_creds
= Credentials()
5694 machine_creds
.guess(self
.lp
)
5695 machine_creds
.set_machine_account()
5697 gpos
= get_gpo_list(self
.server
, machine_creds
, self
.lp
,
5698 machine_creds
.get_username())
5701 gp_extensions
.append(gp_krb_ext
)
5702 gp_extensions
.append(gp_scripts_ext
)
5703 gp_extensions
.append(gp_sudoers_ext
)
5705 # Create registry stage data
5706 reg_pol
= os
.path
.join(local_path
, policies
, '%s/MACHINE/REGISTRY.POL')
5707 reg_stage
= preg
.file()
5709 e
.keyname
= b
'Software\\Policies\\Samba\\Unix Settings\\Daily Scripts'
5710 e
.valuename
= b
'Software\\Policies\\Samba\\Unix Settings'
5712 e
.data
= b
'echo hello world'
5714 e2
.keyname
= b
'Software\\Policies\\Samba\\Unix Settings\\Sudo Rights'
5715 e2
.valuename
= b
'Software\\Policies\\Samba\\Unix Settings'
5717 e2
.data
= b
'fakeu ALL=(ALL) NOPASSWD: ALL'
5718 reg_stage
.num_entries
= 2
5719 reg_stage
.entries
= [e
, e2
]
5721 # Create krb stage date
5722 gpofile
= os
.path
.join(local_path
, policies
, '%s/MACHINE/MICROSOFT/' \
5723 'WINDOWS NT/SECEDIT/GPTTMPL.INF')
5724 krb_stage
= '[Kerberos Policy]\nMaxTicketAge = 99\n'
5726 ret
= stage_file(gpofile
% guid
, krb_stage
)
5727 self
.assertTrue(ret
, 'Could not create the target %s' %
5729 ret
= stage_file(reg_pol
% guid
, ndr_pack(reg_stage
))
5730 self
.assertTrue(ret
, 'Could not create the target %s' %
5733 # Process all gpos, with temp output directory
5735 with
TemporaryDirectory() as dname
:
5736 for ext
in gp_extensions
:
5737 ext
= ext(self
.lp
, machine_creds
,
5738 machine_creds
.get_username(), store
)
5739 if type(ext
) == gp_krb_ext
:
5740 ext
.process_group_policy([], gpos
)
5741 ret
= store
.get_int('kdc:user_ticket_lifetime')
5742 self
.assertEqual(ret
, 99, 'Kerberos policy was not set')
5743 elif type(ext
) in [gp_scripts_ext
, gp_sudoers_ext
]:
5744 ext
.process_group_policy([], gpos
, dname
)
5745 gp_db
= store
.get_gplog(machine_creds
.get_username())
5746 applied_settings
= gp_db
.get_applied_settings([guid
])
5747 for _
, fname
in applied_settings
[-1][-1][str(ext
)].items():
5748 fname
= fname
.split(':')[-1]
5749 self
.assertIn(dname
, fname
,
5750 'Test file not created in tmp dir')
5751 self
.assertTrue(os
.path
.exists(fname
),
5752 'Test file not created')
5753 remove
.append(fname
)
5755 # Unapply policy, and ensure policies are removed
5756 gpupdate_unapply(self
.lp
)
5758 for fname
in remove
:
5759 self
.assertFalse(os
.path
.exists(fname
),
5760 'Unapply did not remove test file')
5761 ret
= store
.get_int('kdc:user_ticket_lifetime')
5762 self
.assertNotEqual(ret
, 99, 'Kerberos policy was not unapplied')
5764 unstage_file(gpofile
% guid
)
5765 unstage_file(reg_pol
% guid
)
5767 def test_smb_conf_ext(self
):
5768 local_path
= self
.lp
.cache_path('gpo_cache')
5769 guids
= ['{31B2F340-016D-11D2-945F-00C04FB984F9}',
5770 '{6AC1786C-016F-11D2-945F-00C04FB984F9}']
5771 reg_pol
= os
.path
.join(local_path
, policies
, guids
[0],
5772 'MACHINE/REGISTRY.POL')
5773 reg_pol2
= os
.path
.join(local_path
, policies
, guids
[1],
5774 'MACHINE/REGISTRY.POL')
5775 cache_dir
= self
.lp
.get('cache directory')
5776 store
= GPOStorage(os
.path
.join(cache_dir
, 'gpo.tdb'))
5778 machine_creds
= Credentials()
5779 machine_creds
.guess(self
.lp
)
5780 machine_creds
.set_machine_account()
5782 gpos
= get_gpo_list(self
.server
, machine_creds
, self
.lp
,
5783 machine_creds
.get_username())
5787 e
.keyname
= 'Software\\Policies\\Samba\\smb_conf\\template homedir'
5789 e
.data
= '/home/samba/%D/%U'
5790 e
.valuename
= 'template homedir'
5793 e
.keyname
= 'Software\\Policies\\Samba\\smb_conf\\apply group policies'
5796 e
.valuename
= 'apply group policies'
5799 e
.keyname
= 'Software\\Policies\\Samba\\smb_conf\\ldap timeout'
5802 e
.valuename
= 'ldap timeout'
5805 stage
.num_entries
= len(entries
)
5806 stage
.entries
= entries
5808 ret
= stage_file(reg_pol
, ndr_pack(stage
))
5809 self
.assertTrue(ret
, 'Failed to create the Registry.pol file')
5811 # Stage the other Registry.pol
5814 e
.keyname
= 'Software\\Policies\\Samba\\smb_conf\\apply group policies'
5817 e
.valuename
= 'apply group policies'
5820 stage
.num_entries
= len(entries
)
5821 stage
.entries
= entries
5822 ret
= stage_file(reg_pol2
, ndr_pack(stage
))
5823 self
.assertTrue(ret
, 'Failed to create the Registry.pol file')
5825 with
NamedTemporaryFile(suffix
='_smb.conf') as f
:
5826 copyfile(self
.lp
.configfile
, f
.name
)
5827 lp
= LoadParm(f
.name
)
5829 # Initialize the group policy extension
5830 ext
= gp_smb_conf_ext(lp
, machine_creds
,
5831 machine_creds
.get_username(), store
)
5832 ext
.process_group_policy([], gpos
)
5833 lp
= LoadParm(f
.name
)
5835 template_homedir
= lp
.get('template homedir')
5836 self
.assertEqual(template_homedir
, '/home/samba/%D/%U',
5837 'template homedir was not applied')
5838 apply_group_policies
= lp
.get('apply group policies')
5839 self
.assertFalse(apply_group_policies
,
5840 'apply group policies was not applied')
5841 ldap_timeout
= lp
.get('ldap timeout')
5842 self
.assertEqual(ldap_timeout
, 9999, 'ldap timeout was not applied')
5844 # Force apply with removal of second GPO
5845 gp_db
= store
.get_gplog(machine_creds
.get_username())
5846 del_gpos
= gp_db
.get_applied_settings([guids
[1]])
5847 gpos
= [gpo
for gpo
in gpos
if gpo
.name
!= guids
[1]]
5848 ext
.process_group_policy(del_gpos
, gpos
)
5849 lp
= LoadParm(f
.name
)
5851 template_homedir
= lp
.get('template homedir')
5852 self
.assertEqual(template_homedir
, '/home/samba/%D/%U',
5853 'template homedir was not applied')
5854 apply_group_policies
= lp
.get('apply group policies')
5855 self
.assertTrue(apply_group_policies
,
5856 'apply group policies was not applied')
5857 ldap_timeout
= lp
.get('ldap timeout')
5858 self
.assertEqual(ldap_timeout
, 9999, 'ldap timeout was not applied')
5860 # Check that a call to gpupdate --rsop also succeeds
5862 self
.assertEqual(ret
, 0, 'gpupdate --rsop failed!')
5865 del_gpos
= get_deleted_gpos_list(gp_db
, [])
5866 ext
.process_group_policy(del_gpos
, [])
5868 lp
= LoadParm(f
.name
)
5870 template_homedir
= lp
.get('template homedir')
5871 self
.assertEqual(template_homedir
, self
.lp
.get('template homedir'),
5872 'template homedir was not unapplied')
5873 apply_group_policies
= lp
.get('apply group policies')
5874 self
.assertEqual(apply_group_policies
, self
.lp
.get('apply group policies'),
5875 'apply group policies was not unapplied')
5876 ldap_timeout
= lp
.get('ldap timeout')
5877 self
.assertEqual(ldap_timeout
, self
.lp
.get('ldap timeout'),
5878 'ldap timeout was not unapplied')
5880 # Unstage the Registry.pol file
5881 unstage_file(reg_pol
)
5883 def test_gp_motd(self
):
5884 local_path
= self
.lp
.cache_path('gpo_cache')
5885 guids
= ['{31B2F340-016D-11D2-945F-00C04FB984F9}',
5886 '{6AC1786C-016F-11D2-945F-00C04FB984F9}']
5887 reg_pol
= os
.path
.join(local_path
, policies
, guids
[0],
5888 'MACHINE/REGISTRY.POL')
5889 reg_pol2
= os
.path
.join(local_path
, policies
, guids
[1],
5890 'MACHINE/REGISTRY.POL')
5891 cache_dir
= self
.lp
.get('cache directory')
5892 store
= GPOStorage(os
.path
.join(cache_dir
, 'gpo.tdb'))
5894 machine_creds
= Credentials()
5895 machine_creds
.guess(self
.lp
)
5896 machine_creds
.set_machine_account()
5898 # Initialize the group policy extension
5899 ext
= gp_msgs_ext(self
.lp
, machine_creds
,
5900 machine_creds
.get_username(), store
)
5902 gpos
= get_gpo_list(self
.server
, machine_creds
, self
.lp
,
5903 machine_creds
.get_username())
5905 # Stage the Registry.pol file with test data
5908 e1
.keyname
= b
'Software\\Policies\\Samba\\Unix Settings\\Messages'
5909 e1
.valuename
= b
'motd'
5911 e1
.data
= b
'Have a lot of fun!'
5912 stage
.num_entries
= 2
5914 e2
.keyname
= b
'Software\\Policies\\Samba\\Unix Settings\\Messages'
5915 e2
.valuename
= b
'issue'
5917 e2
.data
= b
'Welcome to \\s \\r \\l'
5918 stage
.entries
= [e1
, e2
]
5919 ret
= stage_file(reg_pol
, ndr_pack(stage
))
5920 self
.assertTrue(ret
, 'Could not create the target %s' % reg_pol
)
5922 # Stage the other Registry.pol
5925 e3
.keyname
= b
'Software\\Policies\\Samba\\Unix Settings\\Messages'
5926 e3
.valuename
= b
'motd'
5928 e3
.data
= b
'This should overwrite the first policy'
5929 stage
.num_entries
= 1
5930 stage
.entries
= [e3
]
5931 ret
= stage_file(reg_pol2
, ndr_pack(stage
))
5932 self
.assertTrue(ret
, 'Could not create the target %s' % reg_pol2
)
5934 # Process all gpos, with temp output directory
5935 with
TemporaryDirectory() as dname
:
5936 ext
.process_group_policy([], gpos
, dname
)
5937 motd_file
= os
.path
.join(dname
, 'motd')
5938 self
.assertTrue(os
.path
.exists(motd_file
),
5939 'Message of the day file not created')
5940 data
= open(motd_file
, 'r').read()
5941 self
.assertEqual(data
, e3
.data
, 'Message of the day not applied')
5942 issue_file
= os
.path
.join(dname
, 'issue')
5943 self
.assertTrue(os
.path
.exists(issue_file
),
5944 'Login Prompt Message file not created')
5945 data
= open(issue_file
, 'r').read()
5946 self
.assertEqual(data
, e2
.data
, 'Login Prompt Message not applied')
5948 # Force apply with removal of second GPO
5949 gp_db
= store
.get_gplog(machine_creds
.get_username())
5950 del_gpos
= gp_db
.get_applied_settings([guids
[1]])
5951 gpos
= [gpo
for gpo
in gpos
if gpo
.name
!= guids
[1]]
5952 ext
.process_group_policy(del_gpos
, gpos
, dname
)
5954 self
.assertTrue(os
.path
.exists(motd_file
),
5955 'Message of the day file not created')
5956 data
= open(motd_file
, 'r').read()
5957 self
.assertEqual(data
, e1
.data
, 'Message of the day not applied')
5958 issue_file
= os
.path
.join(dname
, 'issue')
5959 self
.assertTrue(os
.path
.exists(issue_file
),
5960 'Login Prompt Message file not created')
5961 data
= open(issue_file
, 'r').read()
5962 self
.assertEqual(data
, e2
.data
, 'Login Prompt Message not applied')
5964 # Check that a call to gpupdate --rsop also succeeds
5966 self
.assertEqual(ret
, 0, 'gpupdate --rsop failed!')
5968 # Unapply policy, and ensure the test files are removed
5969 del_gpos
= get_deleted_gpos_list(gp_db
, [])
5970 ext
.process_group_policy(del_gpos
, [], dname
)
5971 data
= open(motd_file
, 'r').read()
5972 self
.assertFalse(data
, 'Message of the day file not removed')
5973 data
= open(issue_file
, 'r').read()
5974 self
.assertFalse(data
, 'Login Prompt Message file not removed')
5976 # Unstage the Registry.pol file
5977 unstage_file(reg_pol
)
5979 def test_vgp_symlink(self
):
5980 local_path
= self
.lp
.cache_path('gpo_cache')
5981 guid
= '{31B2F340-016D-11D2-945F-00C04FB984F9}'
5982 manifest
= os
.path
.join(local_path
, policies
, guid
, 'MACHINE',
5983 'VGP/VTLA/UNIX/SYMLINK/MANIFEST.XML')
5984 cache_dir
= self
.lp
.get('cache directory')
5985 store
= GPOStorage(os
.path
.join(cache_dir
, 'gpo.tdb'))
5987 machine_creds
= Credentials()
5988 machine_creds
.guess(self
.lp
)
5989 machine_creds
.set_machine_account()
5991 # Initialize the group policy extension
5992 ext
= vgp_symlink_ext(self
.lp
, machine_creds
,
5993 machine_creds
.get_username(), store
)
5995 gpos
= get_gpo_list(self
.server
, machine_creds
, self
.lp
,
5996 machine_creds
.get_username())
5998 with
TemporaryDirectory() as dname
:
5999 test_source
= os
.path
.join(dname
, 'test.source')
6000 test_target
= os
.path
.join(dname
, 'test.target')
6002 # Stage the manifest.xml file with test data
6003 stage
= etree
.Element('vgppolicy')
6004 policysetting
= etree
.Element('policysetting')
6005 stage
.append(policysetting
)
6006 version
= etree
.Element('version')
6008 policysetting
.append(version
)
6009 data
= etree
.Element('data')
6010 file_properties
= etree
.Element('file_properties')
6011 source
= etree
.Element('source')
6012 source
.text
= test_source
6013 file_properties
.append(source
)
6014 target
= etree
.Element('target')
6015 target
.text
= test_target
6016 file_properties
.append(target
)
6017 data
.append(file_properties
)
6018 policysetting
.append(data
)
6019 ret
= stage_file(manifest
, etree
.tostring(stage
))
6020 self
.assertTrue(ret
, 'Could not create the target %s' % manifest
)
6022 # Create test source
6023 test_source_data
= 'hello world!'
6024 with
open(test_source
, 'w') as w
:
6025 w
.write(test_source_data
)
6027 # Process all gpos, with temp output directory
6028 ext
.process_group_policy([], gpos
)
6029 self
.assertTrue(os
.path
.exists(test_target
),
6030 'The test symlink was not created')
6031 self
.assertTrue(os
.path
.islink(test_target
),
6032 'The test file is not a symlink')
6033 self
.assertIn(test_source_data
, open(test_target
, 'r').read(),
6034 'Reading from symlink does not produce source data')
6036 # Unapply the policy, ensure removal
6037 gp_db
= store
.get_gplog(machine_creds
.get_username())
6038 del_gpos
= get_deleted_gpos_list(gp_db
, [])
6039 ext
.process_group_policy(del_gpos
, [])
6040 self
.assertFalse(os
.path
.exists(test_target
),
6041 'The test symlink was not delete')
6044 ret
= ext
.rsop([g
for g
in gpos
if g
.name
== guid
][0])
6045 self
.assertIn('ln -s %s %s' % (test_source
, test_target
),
6046 list(ret
.values())[0])
6048 # Check that a call to gpupdate --rsop also succeeds
6050 self
.assertEqual(ret
, 0, 'gpupdate --rsop failed!')
6052 # Unstage the manifest.xml file
6053 unstage_file(manifest
)
6055 def test_vgp_files(self
):
6056 local_path
= self
.lp
.cache_path('gpo_cache')
6057 guid
= '{31B2F340-016D-11D2-945F-00C04FB984F9}'
6058 manifest
= os
.path
.join(local_path
, policies
, guid
, 'MACHINE',
6059 'VGP/VTLA/UNIX/FILES/MANIFEST.XML')
6060 source_file
= os
.path
.join(os
.path
.dirname(manifest
), 'TEST.SOURCE')
6061 source_data
= '#!/bin/sh\necho hello world'
6062 ret
= stage_file(source_file
, source_data
)
6063 self
.assertTrue(ret
, 'Could not create the target %s' % source_file
)
6064 cache_dir
= self
.lp
.get('cache directory')
6065 store
= GPOStorage(os
.path
.join(cache_dir
, 'gpo.tdb'))
6067 machine_creds
= Credentials()
6068 machine_creds
.guess(self
.lp
)
6069 machine_creds
.set_machine_account()
6071 # Initialize the group policy extension
6072 ext
= vgp_files_ext(self
.lp
, machine_creds
,
6073 machine_creds
.get_username(), store
)
6075 gpos
= get_gpo_list(self
.server
, machine_creds
, self
.lp
,
6076 machine_creds
.get_username())
6078 # Stage the manifest.xml file with test data
6079 with
TemporaryDirectory() as dname
:
6080 stage
= etree
.Element('vgppolicy')
6081 policysetting
= etree
.Element('policysetting')
6082 stage
.append(policysetting
)
6083 version
= etree
.Element('version')
6085 policysetting
.append(version
)
6086 data
= etree
.Element('data')
6087 file_properties
= etree
.SubElement(data
, 'file_properties')
6088 source
= etree
.SubElement(file_properties
, 'source')
6089 source
.text
= os
.path
.basename(source_file
).lower()
6090 target
= etree
.SubElement(file_properties
, 'target')
6091 target
.text
= os
.path
.join(dname
, 'test.target')
6092 user
= etree
.SubElement(file_properties
, 'user')
6093 user
.text
= pwd
.getpwuid(os
.getuid()).pw_name
6094 group
= etree
.SubElement(file_properties
, 'group')
6095 group
.text
= grp
.getgrgid(os
.getgid()).gr_name
6096 # Request permissions of 755
6097 permissions
= etree
.SubElement(file_properties
, 'permissions')
6098 permissions
.set('type', 'user')
6099 etree
.SubElement(permissions
, 'read')
6100 etree
.SubElement(permissions
, 'write')
6101 etree
.SubElement(permissions
, 'execute')
6102 permissions
= etree
.SubElement(file_properties
, 'permissions')
6103 permissions
.set('type', 'group')
6104 etree
.SubElement(permissions
, 'read')
6105 etree
.SubElement(permissions
, 'execute')
6106 permissions
= etree
.SubElement(file_properties
, 'permissions')
6107 permissions
.set('type', 'other')
6108 etree
.SubElement(permissions
, 'read')
6109 etree
.SubElement(permissions
, 'execute')
6110 policysetting
.append(data
)
6111 ret
= stage_file(manifest
, etree
.tostring(stage
))
6112 self
.assertTrue(ret
, 'Could not create the target %s' % manifest
)
6114 # Process all gpos, with temp output directory
6115 ext
.process_group_policy([], gpos
)
6116 self
.assertTrue(os
.path
.exists(target
.text
),
6117 'The target file does not exist')
6118 self
.assertEqual(os
.stat(target
.text
).st_mode
& 0o777, 0o755,
6119 'The target file permissions are incorrect')
6120 self
.assertEqual(open(target
.text
).read(), source_data
,
6121 'The target file contents are incorrect')
6124 gp_db
= store
.get_gplog(machine_creds
.get_username())
6125 del_gpos
= get_deleted_gpos_list(gp_db
, [])
6126 ext
.process_group_policy(del_gpos
, [])
6127 self
.assertFalse(os
.path
.exists(target
.text
),
6128 'The target file was not removed')
6131 g
= [g
for g
in gpos
if g
.name
== guid
][0]
6133 self
.assertIn(target
.text
, list(ret
.values())[0][0],
6134 'The target file was not listed by rsop')
6135 self
.assertIn('-rwxr-xr-x', list(ret
.values())[0][0],
6136 'The target permissions were not listed by rsop')
6138 # Check that a call to gpupdate --rsop also succeeds
6140 self
.assertEqual(ret
, 0, 'gpupdate --rsop failed!')
6142 # Unstage the manifest and source files
6143 unstage_file(manifest
)
6144 unstage_file(source_file
)
6146 def test_vgp_openssh(self
):
6147 local_path
= self
.lp
.cache_path('gpo_cache')
6148 guid
= '{31B2F340-016D-11D2-945F-00C04FB984F9}'
6149 manifest
= os
.path
.join(local_path
, policies
, guid
, 'MACHINE',
6150 'VGP/VTLA/SSHCFG/SSHD/MANIFEST.XML')
6151 cache_dir
= self
.lp
.get('cache directory')
6152 store
= GPOStorage(os
.path
.join(cache_dir
, 'gpo.tdb'))
6154 machine_creds
= Credentials()
6155 machine_creds
.guess(self
.lp
)
6156 machine_creds
.set_machine_account()
6158 # Initialize the group policy extension
6159 ext
= vgp_openssh_ext(self
.lp
, machine_creds
,
6160 machine_creds
.get_username(), store
)
6162 gpos
= get_gpo_list(self
.server
, machine_creds
, self
.lp
,
6163 machine_creds
.get_username())
6165 # Stage the manifest.xml file with test data
6166 stage
= etree
.Element('vgppolicy')
6167 policysetting
= etree
.Element('policysetting')
6168 stage
.append(policysetting
)
6169 version
= etree
.Element('version')
6171 policysetting
.append(version
)
6172 data
= etree
.Element('data')
6173 configfile
= etree
.Element('configfile')
6174 configsection
= etree
.Element('configsection')
6175 sectionname
= etree
.Element('sectionname')
6176 configsection
.append(sectionname
)
6177 kvpair
= etree
.Element('keyvaluepair')
6178 key
= etree
.Element('key')
6179 key
.text
= 'AddressFamily'
6181 value
= etree
.Element('value')
6182 value
.text
= 'inet6'
6183 kvpair
.append(value
)
6184 configsection
.append(kvpair
)
6185 configfile
.append(configsection
)
6186 data
.append(configfile
)
6187 policysetting
.append(data
)
6188 ret
= stage_file(manifest
, etree
.tostring(stage
))
6189 self
.assertTrue(ret
, 'Could not create the target %s' % manifest
)
6191 # Process all gpos, with temp output directory
6192 data
= 'AddressFamily inet6'
6193 with
TemporaryDirectory() as dname
:
6194 ext
.process_group_policy([], gpos
, dname
)
6195 conf
= os
.listdir(dname
)
6196 self
.assertEqual(len(conf
), 1, 'The conf file was not created')
6197 gp_cfg
= os
.path
.join(dname
, conf
[0])
6198 self
.assertIn(data
, open(gp_cfg
, 'r').read(),
6199 'The sshd_config entry was not applied')
6201 # Check that a call to gpupdate --rsop also succeeds
6203 self
.assertEqual(ret
, 0, 'gpupdate --rsop failed!')
6206 gp_db
= store
.get_gplog(machine_creds
.get_username())
6207 del_gpos
= get_deleted_gpos_list(gp_db
, [])
6208 ext
.process_group_policy(del_gpos
, [], dname
)
6209 self
.assertFalse(os
.path
.exists(gp_cfg
),
6210 'Unapply failed to cleanup config')
6212 # Unstage the Registry.pol file
6213 unstage_file(manifest
)
6215 def test_vgp_startup_scripts(self
):
6216 local_path
= self
.lp
.cache_path('gpo_cache')
6217 guid
= '{31B2F340-016D-11D2-945F-00C04FB984F9}'
6218 manifest
= os
.path
.join(local_path
, policies
, guid
, 'MACHINE',
6219 'VGP/VTLA/UNIX/SCRIPTS/STARTUP/MANIFEST.XML')
6220 test_script
= os
.path
.join(os
.path
.dirname(manifest
), 'TEST.SH')
6221 test_data
= '#!/bin/sh\necho $@ hello world'
6222 ret
= stage_file(test_script
, test_data
)
6223 self
.assertTrue(ret
, 'Could not create the target %s' % test_script
)
6224 cache_dir
= self
.lp
.get('cache directory')
6225 store
= GPOStorage(os
.path
.join(cache_dir
, 'gpo.tdb'))
6227 machine_creds
= Credentials()
6228 machine_creds
.guess(self
.lp
)
6229 machine_creds
.set_machine_account()
6231 # Initialize the group policy extension
6232 ext
= vgp_startup_scripts_ext(self
.lp
, machine_creds
,
6233 machine_creds
.get_username(), store
)
6235 gpos
= get_gpo_list(self
.server
, machine_creds
, self
.lp
,
6236 machine_creds
.get_username())
6238 # Stage the manifest.xml file with test data
6239 stage
= etree
.Element('vgppolicy')
6240 policysetting
= etree
.SubElement(stage
, 'policysetting')
6241 version
= etree
.SubElement(policysetting
, 'version')
6243 data
= etree
.SubElement(policysetting
, 'data')
6244 listelement
= etree
.SubElement(data
, 'listelement')
6245 script
= etree
.SubElement(listelement
, 'script')
6246 script
.text
= os
.path
.basename(test_script
).lower()
6247 parameters
= etree
.SubElement(listelement
, 'parameters')
6248 parameters
.text
= '-n'
6249 hash = etree
.SubElement(listelement
, 'hash')
6251 hashlib
.md5(open(test_script
, 'rb').read()).hexdigest().upper()
6252 run_as
= etree
.SubElement(listelement
, 'run_as')
6253 run_as
.text
= 'root'
6254 ret
= stage_file(manifest
, etree
.tostring(stage
))
6255 self
.assertTrue(ret
, 'Could not create the target %s' % manifest
)
6257 # Process all gpos, with temp output directory
6258 with
TemporaryDirectory() as dname
:
6259 ext
.process_group_policy([], gpos
, dname
)
6260 files
= os
.listdir(dname
)
6261 self
.assertEqual(len(files
), 1,
6262 'The target script was not created')
6263 entry
= '@reboot %s %s %s' % (run_as
.text
, test_script
,
6265 self
.assertIn(entry
,
6266 open(os
.path
.join(dname
, files
[0]), 'r').read(),
6267 'The test entry was not found')
6270 gp_db
= store
.get_gplog(machine_creds
.get_username())
6271 del_gpos
= get_deleted_gpos_list(gp_db
, [])
6272 ext
.process_group_policy(del_gpos
, [])
6273 files
= os
.listdir(dname
)
6274 self
.assertEqual(len(files
), 0,
6275 'The target script was not removed')
6278 g
= [g
for g
in gpos
if g
.name
== guid
][0]
6280 self
.assertIn(entry
, list(ret
.values())[0][0],
6281 'The target entry was not listed by rsop')
6283 # Check that a call to gpupdate --rsop also succeeds
6285 self
.assertEqual(ret
, 0, 'gpupdate --rsop failed!')
6287 # Unstage the manifest.xml and script files
6288 unstage_file(manifest
)
6290 # Stage the manifest.xml file for run once scripts
6291 etree
.SubElement(listelement
, 'run_once')
6292 run_as
.text
= pwd
.getpwuid(os
.getuid()).pw_name
6293 ret
= stage_file(manifest
, etree
.tostring(stage
))
6294 self
.assertTrue(ret
, 'Could not create the target %s' % manifest
)
6296 # Process all gpos, with temp output directory
6297 # A run once script will be executed immediately,
6298 # instead of creating a cron job
6299 with
TemporaryDirectory() as dname
:
6300 test_file
= '%s/TESTING.txt' % dname
6301 test_data
= '#!/bin/sh\ntouch %s' % test_file
6302 ret
= stage_file(test_script
, test_data
)
6303 self
.assertTrue(ret
, 'Could not create the target %s' % test_script
)
6305 ext
.process_group_policy([], gpos
, dname
)
6306 files
= os
.listdir(dname
)
6307 self
.assertEqual(len(files
), 1,
6308 'The test file was not created')
6309 self
.assertEqual(files
[0], os
.path
.basename(test_file
),
6310 'The test file was not created')
6312 # Unlink the test file and ensure that processing
6313 # policy again does not recreate it.
6314 os
.unlink(test_file
)
6315 ext
.process_group_policy([], gpos
, dname
)
6316 files
= os
.listdir(dname
)
6317 self
.assertEqual(len(files
), 0,
6318 'The test file should not have been created')
6321 gp_db
= store
.get_gplog(machine_creds
.get_username())
6322 del_gpos
= get_deleted_gpos_list(gp_db
, [])
6323 ext
.process_group_policy(del_gpos
, [])
6326 entry
= 'Run once as: %s `%s %s`' % (run_as
.text
, test_script
,
6328 g
= [g
for g
in gpos
if g
.name
== guid
][0]
6330 self
.assertIn(entry
, list(ret
.values())[0][0],
6331 'The target entry was not listed by rsop')
6333 # Check that a call to gpupdate --rsop also succeeds
6335 self
.assertEqual(ret
, 0, 'gpupdate --rsop failed!')
6337 # Unstage the manifest.xml and script files
6338 unstage_file(manifest
)
6340 # Stage the manifest.xml file for a script without parameters
6341 stage
= etree
.Element('vgppolicy')
6342 policysetting
= etree
.SubElement(stage
, 'policysetting')
6343 version
= etree
.SubElement(policysetting
, 'version')
6345 data
= etree
.SubElement(policysetting
, 'data')
6346 listelement
= etree
.SubElement(data
, 'listelement')
6347 script
= etree
.SubElement(listelement
, 'script')
6348 script
.text
= os
.path
.basename(test_script
).lower()
6349 hash = etree
.SubElement(listelement
, 'hash')
6351 hashlib
.md5(open(test_script
, 'rb').read()).hexdigest().upper()
6352 run_as
= etree
.SubElement(listelement
, 'run_as')
6353 run_as
.text
= 'root'
6354 ret
= stage_file(manifest
, etree
.tostring(stage
))
6355 self
.assertTrue(ret
, 'Could not create the target %s' % manifest
)
6357 # Process all gpos, with temp output directory
6358 with
TemporaryDirectory() as dname
:
6360 ext
.process_group_policy([], gpos
, dname
)
6361 except Exception as e
:
6363 files
= os
.listdir(dname
)
6364 self
.assertEqual(len(files
), 1,
6365 'The target script was not created')
6366 entry
= '@reboot %s %s' % (run_as
.text
, test_script
)
6367 self
.assertIn(entry
,
6368 open(os
.path
.join(dname
, files
[0]), 'r').read(),
6369 'The test entry was not found')
6372 gp_db
= store
.get_gplog(machine_creds
.get_username())
6373 del_gpos
= get_deleted_gpos_list(gp_db
, [])
6374 ext
.process_group_policy(del_gpos
, [])
6375 files
= os
.listdir(dname
)
6376 self
.assertEqual(len(files
), 0,
6377 'The target script was not removed')
6380 g
= [g
for g
in gpos
if g
.name
== guid
][0]
6382 self
.assertIn(entry
, list(ret
.values())[0][0],
6383 'The target entry was not listed by rsop')
6385 # Check that a call to gpupdate --rsop also succeeds
6387 self
.assertEqual(ret
, 0, 'gpupdate --rsop failed!')
6389 # Unstage the manifest.xml and script files
6390 unstage_file(manifest
)
6391 unstage_file(test_script
)
6393 def test_vgp_motd(self
):
6394 local_path
= self
.lp
.cache_path('gpo_cache')
6395 guids
= ['{31B2F340-016D-11D2-945F-00C04FB984F9}',
6396 '{6AC1786C-016F-11D2-945F-00C04FB984F9}']
6397 manifest
= os
.path
.join(local_path
, policies
, guids
[0], 'MACHINE',
6398 'VGP/VTLA/UNIX/MOTD/MANIFEST.XML')
6399 manifest2
= os
.path
.join(local_path
, policies
, guids
[1], 'MACHINE',
6400 'VGP/VTLA/UNIX/MOTD/MANIFEST.XML')
6401 cache_dir
= self
.lp
.get('cache directory')
6402 store
= GPOStorage(os
.path
.join(cache_dir
, 'gpo.tdb'))
6404 machine_creds
= Credentials()
6405 machine_creds
.guess(self
.lp
)
6406 machine_creds
.set_machine_account()
6408 # Initialize the group policy extension
6409 ext
= vgp_motd_ext(self
.lp
, machine_creds
,
6410 machine_creds
.get_username(), store
)
6412 gpos
= get_gpo_list(self
.server
, machine_creds
, self
.lp
,
6413 machine_creds
.get_username())
6415 # Stage the manifest.xml file with test data
6416 stage
= etree
.Element('vgppolicy')
6417 policysetting
= etree
.SubElement(stage
, 'policysetting')
6418 version
= etree
.SubElement(policysetting
, 'version')
6420 data
= etree
.SubElement(policysetting
, 'data')
6421 filename
= etree
.SubElement(data
, 'filename')
6422 filename
.text
= 'motd'
6423 text
= etree
.SubElement(data
, 'text')
6424 text
.text
= 'This is the message of the day'
6425 ret
= stage_file(manifest
, etree
.tostring(stage
))
6426 self
.assertTrue(ret
, 'Could not create the target %s' % manifest
)
6428 # Stage the other manifest.xml
6429 stage
= etree
.Element('vgppolicy')
6430 policysetting
= etree
.SubElement(stage
, 'policysetting')
6431 version
= etree
.SubElement(policysetting
, 'version')
6433 data
= etree
.SubElement(policysetting
, 'data')
6434 filename
= etree
.SubElement(data
, 'filename')
6435 filename
.text
= 'motd'
6436 text2
= etree
.SubElement(data
, 'text')
6437 text2
.text
= 'This should overwrite the first policy'
6438 ret
= stage_file(manifest2
, etree
.tostring(stage
))
6439 self
.assertTrue(ret
, 'Could not create the target %s' % manifest2
)
6441 # Process all gpos, with temp output directory
6442 with
NamedTemporaryFile() as f
:
6443 ext
.process_group_policy([], gpos
, f
.name
)
6444 self
.assertTrue(os
.path
.exists(f
.name
),
6445 'Message of the day file not created')
6446 data
= open(f
.name
, 'r').read()
6447 self
.assertEqual(data
, text2
.text
, 'Message of the day not applied')
6449 # Force apply with removal of second GPO
6450 gp_db
= store
.get_gplog(machine_creds
.get_username())
6451 del_gpos
= gp_db
.get_applied_settings([guids
[1]])
6452 gpos
= [gpo
for gpo
in gpos
if gpo
.name
!= guids
[1]]
6453 ext
.process_group_policy(del_gpos
, gpos
, f
.name
)
6455 self
.assertEqual(open(f
.name
, 'r').read(), text
.text
,
6456 'The motd was not applied')
6458 # Check that a call to gpupdate --rsop also succeeds
6460 self
.assertEqual(ret
, 0, 'gpupdate --rsop failed!')
6463 del_gpos
= get_deleted_gpos_list(gp_db
, [])
6464 ext
.process_group_policy(del_gpos
, [], f
.name
)
6465 self
.assertNotEqual(open(f
.name
, 'r').read(), text
.text
,
6466 'The motd was not unapplied')
6468 # Unstage the manifest files
6469 unstage_file(manifest
)
6470 unstage_file(manifest2
)
6472 def test_vgp_issue(self
):
6473 local_path
= self
.lp
.cache_path('gpo_cache')
6474 guids
= ['{31B2F340-016D-11D2-945F-00C04FB984F9}',
6475 '{6AC1786C-016F-11D2-945F-00C04FB984F9}']
6476 manifest
= os
.path
.join(local_path
, policies
, guids
[0], 'MACHINE',
6477 'VGP/VTLA/UNIX/ISSUE/MANIFEST.XML')
6478 manifest2
= os
.path
.join(local_path
, policies
, guids
[1], 'MACHINE',
6479 'VGP/VTLA/UNIX/ISSUE/MANIFEST.XML')
6480 cache_dir
= self
.lp
.get('cache directory')
6481 store
= GPOStorage(os
.path
.join(cache_dir
, 'gpo.tdb'))
6483 machine_creds
= Credentials()
6484 machine_creds
.guess(self
.lp
)
6485 machine_creds
.set_machine_account()
6487 # Initialize the group policy extension
6488 ext
= vgp_issue_ext(self
.lp
, machine_creds
,
6489 machine_creds
.get_username(), store
)
6491 gpos
= get_gpo_list(self
.server
, machine_creds
, self
.lp
,
6492 machine_creds
.get_username())
6494 # Stage the manifest.xml file with test data
6495 stage
= etree
.Element('vgppolicy')
6496 policysetting
= etree
.SubElement(stage
, 'policysetting')
6497 version
= etree
.SubElement(policysetting
, 'version')
6499 data
= etree
.SubElement(policysetting
, 'data')
6500 filename
= etree
.SubElement(data
, 'filename')
6501 filename
.text
= 'issue'
6502 text
= etree
.SubElement(data
, 'text')
6503 text
.text
= 'Welcome to Samba!'
6504 ret
= stage_file(manifest
, etree
.tostring(stage
))
6505 self
.assertTrue(ret
, 'Could not create the target %s' % manifest
)
6507 # Stage the other manifest.xml
6508 stage
= etree
.Element('vgppolicy')
6509 policysetting
= etree
.SubElement(stage
, 'policysetting')
6510 version
= etree
.SubElement(policysetting
, 'version')
6512 data
= etree
.SubElement(policysetting
, 'data')
6513 filename
= etree
.SubElement(data
, 'filename')
6514 filename
.text
= 'issue'
6515 text2
= etree
.SubElement(data
, 'text')
6516 text2
.text
= 'This test message overwrites the first'
6517 ret
= stage_file(manifest2
, etree
.tostring(stage
))
6518 self
.assertTrue(ret
, 'Could not create the target %s' % manifest2
)
6520 # Process all gpos, with temp output directory
6521 with
NamedTemporaryFile() as f
:
6522 ext
.process_group_policy([], gpos
, f
.name
)
6523 self
.assertEqual(open(f
.name
, 'r').read(), text2
.text
,
6524 'The issue was not applied')
6526 # Force apply with removal of second GPO
6527 gp_db
= store
.get_gplog(machine_creds
.get_username())
6528 del_gpos
= gp_db
.get_applied_settings([guids
[1]])
6529 gpos
= [gpo
for gpo
in gpos
if gpo
.name
!= guids
[1]]
6530 ext
.process_group_policy(del_gpos
, gpos
, f
.name
)
6532 self
.assertEqual(open(f
.name
, 'r').read(), text
.text
,
6533 'The issue was not applied')
6535 # Check that a call to gpupdate --rsop also succeeds
6537 self
.assertEqual(ret
, 0, 'gpupdate --rsop failed!')
6540 del_gpos
= get_deleted_gpos_list(gp_db
, [])
6541 ext
.process_group_policy(del_gpos
, [], f
.name
)
6542 self
.assertNotEqual(open(f
.name
, 'r').read(), text
.text
,
6543 'The issue was not unapplied')
6545 # Unstage the manifest.xml file
6546 unstage_file(manifest
)
6548 def test_vgp_access(self
):
6549 local_path
= self
.lp
.cache_path('gpo_cache')
6550 guid
= '{31B2F340-016D-11D2-945F-00C04FB984F9}'
6551 allow
= os
.path
.join(local_path
, policies
, guid
, 'MACHINE',
6552 'VGP/VTLA/VAS/HOSTACCESSCONTROL/ALLOW/MANIFEST.XML')
6553 deny
= os
.path
.join(local_path
, policies
, guid
, 'MACHINE',
6554 'VGP/VTLA/VAS/HOSTACCESSCONTROL/DENY/MANIFEST.XML')
6555 cache_dir
= self
.lp
.get('cache directory')
6556 store
= GPOStorage(os
.path
.join(cache_dir
, 'gpo.tdb'))
6558 machine_creds
= Credentials()
6559 machine_creds
.guess(self
.lp
)
6560 machine_creds
.set_machine_account()
6562 # Initialize the group policy extension
6563 winbind_sep
= self
.lp
.get('winbind separator')
6564 self
.addCleanup(self
.lp
.set, 'winbind separator', winbind_sep
)
6565 self
.lp
.set('winbind separator', '+')
6566 ext
= vgp_access_ext(self
.lp
, machine_creds
,
6567 machine_creds
.get_username(), store
)
6569 gpos
= get_gpo_list(self
.server
, machine_creds
, self
.lp
,
6570 machine_creds
.get_username())
6572 # Stage the manifest.xml allow file
6573 stage
= etree
.Element('vgppolicy')
6574 policysetting
= etree
.SubElement(stage
, 'policysetting')
6575 version
= etree
.SubElement(policysetting
, 'version')
6577 apply_mode
= etree
.SubElement(policysetting
, 'apply_mode')
6578 apply_mode
.text
= 'merge'
6579 data
= etree
.SubElement(policysetting
, 'data')
6580 # Add an allowed user
6581 listelement
= etree
.SubElement(data
, 'listelement')
6582 otype
= etree
.SubElement(listelement
, 'type')
6584 entry
= etree
.SubElement(listelement
, 'entry')
6585 entry
.text
= 'goodguy@%s' % realm
6586 adobject
= etree
.SubElement(listelement
, 'adobject')
6587 name
= etree
.SubElement(adobject
, 'name')
6588 name
.text
= 'goodguy'
6589 domain
= etree
.SubElement(adobject
, 'domain')
6591 otype
= etree
.SubElement(adobject
, 'type')
6593 # Add an allowed group
6594 groupattr
= etree
.SubElement(data
, 'groupattr')
6595 groupattr
.text
= 'samAccountName'
6596 listelement
= etree
.SubElement(data
, 'listelement')
6597 otype
= etree
.SubElement(listelement
, 'type')
6598 otype
.text
= 'GROUP'
6599 entry
= etree
.SubElement(listelement
, 'entry')
6600 entry
.text
= '%s\\goodguys' % realm
6601 dn
= etree
.SubElement(listelement
, 'dn')
6602 dn
.text
= 'CN=goodguys,CN=Users,%s' % base_dn
6603 adobject
= etree
.SubElement(listelement
, 'adobject')
6604 name
= etree
.SubElement(adobject
, 'name')
6605 name
.text
= 'goodguys'
6606 domain
= etree
.SubElement(adobject
, 'domain')
6608 otype
= etree
.SubElement(adobject
, 'type')
6609 otype
.text
= 'group'
6610 ret
= stage_file(allow
, etree
.tostring(stage
))
6611 self
.assertTrue(ret
, 'Could not create the target %s' % allow
)
6613 # Stage the manifest.xml deny file
6614 stage
= etree
.Element('vgppolicy')
6615 policysetting
= etree
.SubElement(stage
, 'policysetting')
6616 version
= etree
.SubElement(policysetting
, 'version')
6618 apply_mode
= etree
.SubElement(policysetting
, 'apply_mode')
6619 apply_mode
.text
= 'merge'
6620 data
= etree
.SubElement(policysetting
, 'data')
6622 listelement
= etree
.SubElement(data
, 'listelement')
6623 otype
= etree
.SubElement(listelement
, 'type')
6625 entry
= etree
.SubElement(listelement
, 'entry')
6626 entry
.text
= 'badguy@%s' % realm
6627 adobject
= etree
.SubElement(listelement
, 'adobject')
6628 name
= etree
.SubElement(adobject
, 'name')
6629 name
.text
= 'badguy'
6630 domain
= etree
.SubElement(adobject
, 'domain')
6632 otype
= etree
.SubElement(adobject
, 'type')
6634 # Add a denied group
6635 groupattr
= etree
.SubElement(data
, 'groupattr')
6636 groupattr
.text
= 'samAccountName'
6637 listelement
= etree
.SubElement(data
, 'listelement')
6638 otype
= etree
.SubElement(listelement
, 'type')
6639 otype
.text
= 'GROUP'
6640 entry
= etree
.SubElement(listelement
, 'entry')
6641 entry
.text
= '%s\\badguys' % realm
6642 dn
= etree
.SubElement(listelement
, 'dn')
6643 dn
.text
= 'CN=badguys,CN=Users,%s' % base_dn
6644 adobject
= etree
.SubElement(listelement
, 'adobject')
6645 name
= etree
.SubElement(adobject
, 'name')
6646 name
.text
= 'badguys'
6647 domain
= etree
.SubElement(adobject
, 'domain')
6649 otype
= etree
.SubElement(adobject
, 'type')
6650 otype
.text
= 'group'
6651 ret
= stage_file(deny
, etree
.tostring(stage
))
6652 self
.assertTrue(ret
, 'Could not create the target %s' % deny
)
6654 # Process all gpos, with temp output directory
6655 with
TemporaryDirectory() as dname
:
6656 ext
.process_group_policy([], gpos
, dname
)
6657 conf
= os
.listdir(dname
)
6658 # There will be 2 files, the policy file and the deny file
6659 self
.assertEqual(len(conf
), 2, 'The conf file was not created')
6660 # Ignore the DENY_ALL conf file
6661 gp_cfg
= os
.path
.join(dname
,
6662 [c
for c
in conf
if '_gp_DENY_ALL.conf' not in c
][0])
6664 # Check the access config for the correct access.conf entries
6665 print('Config file %s found' % gp_cfg
)
6666 data
= open(gp_cfg
, 'r').read()
6667 self
.assertIn('+:%s+goodguy:ALL' % realm
, data
)
6668 self
.assertIn('+:%s+goodguys:ALL' % realm
, data
)
6669 self
.assertIn('-:%s+badguy:ALL' % realm
, data
)
6670 self
.assertIn('-:%s+badguys:ALL' % realm
, data
)
6672 # Check that a call to gpupdate --rsop also succeeds
6674 self
.assertEqual(ret
, 0, 'gpupdate --rsop failed!')
6677 gp_db
= store
.get_gplog(machine_creds
.get_username())
6678 del_gpos
= get_deleted_gpos_list(gp_db
, [])
6679 ext
.process_group_policy(del_gpos
, [], dname
)
6680 self
.assertFalse(os
.path
.exists(gp_cfg
),
6681 'Unapply failed to cleanup config')
6683 # Unstage the manifest.pol files
6687 def test_gnome_settings(self
):
6688 local_path
= self
.lp
.cache_path('gpo_cache')
6689 guid
= '{31B2F340-016D-11D2-945F-00C04FB984F9}'
6690 reg_pol
= os
.path
.join(local_path
, policies
, guid
,
6691 'MACHINE/REGISTRY.POL')
6692 cache_dir
= self
.lp
.get('cache directory')
6693 store
= GPOStorage(os
.path
.join(cache_dir
, 'gpo.tdb'))
6695 machine_creds
= Credentials()
6696 machine_creds
.guess(self
.lp
)
6697 machine_creds
.set_machine_account()
6699 # Initialize the group policy extension
6700 ext
= gp_gnome_settings_ext(self
.lp
, machine_creds
,
6701 machine_creds
.get_username(), store
)
6703 gpos
= get_gpo_list(self
.server
, machine_creds
, self
.lp
,
6704 machine_creds
.get_username())
6706 # Stage the Registry.pol file with test data
6707 parser
= GPPolParser()
6708 parser
.load_xml(etree
.fromstring(gnome_test_reg_pol
.strip()))
6709 ret
= stage_file(reg_pol
, ndr_pack(parser
.pol_file
))
6710 self
.assertTrue(ret
, 'Could not create the target %s' % reg_pol
)
6712 with
TemporaryDirectory() as dname
:
6713 ext
.process_group_policy([], gpos
, dname
)
6715 local_db
= os
.path
.join(dname
, 'etc/dconf/db/local.d')
6716 self
.assertTrue(os
.path
.isdir(local_db
),
6717 'Local db dir not created')
6718 def db_check(name
, data
, count
=1):
6719 db
= glob(os
.path
.join(local_db
, '*-%s' % name
))
6720 self
.assertEqual(len(db
), count
, '%s not created' % name
)
6721 file_contents
= ConfigParser()
6722 file_contents
.read(db
)
6723 for key
in data
.keys():
6724 self
.assertTrue(file_contents
.has_section(key
),
6725 'Section %s not found' % key
)
6727 for k
, v
in options
.items():
6728 v_content
= file_contents
.get(key
, k
)
6729 self
.assertEqual(v_content
, v
,
6730 '%s: %s != %s' % (key
, v_content
, v
))
6732 def del_db_check(name
):
6733 db
= glob(os
.path
.join(local_db
, '*-%s' % name
))
6734 self
.assertEqual(len(db
), 0, '%s not deleted' % name
)
6736 locks
= os
.path
.join(local_db
, 'locks')
6737 self
.assertTrue(os
.path
.isdir(local_db
), 'Locks dir not created')
6738 def lock_check(name
, items
, count
=1):
6739 lock
= glob(os
.path
.join(locks
, '*%s' % name
))
6740 self
.assertEqual(len(lock
), count
,
6741 '%s lock not created' % name
)
6743 for i
in range(count
):
6744 file_contents
.extend(open(lock
[i
], 'r').read().split('\n'))
6746 self
.assertIn(data
, file_contents
,
6747 '%s lock not created' % data
)
6749 def del_lock_check(name
):
6750 lock
= glob(os
.path
.join(locks
, '*%s' % name
))
6751 self
.assertEqual(len(lock
), 0, '%s lock not deleted' % name
)
6753 # Check the user profile
6754 user_profile
= os
.path
.join(dname
, 'etc/dconf/profile/user')
6755 self
.assertTrue(os
.path
.exists(user_profile
),
6756 'User profile not created')
6758 # Enable the compose key
6759 data
= { 'org/gnome/desktop/input-sources':
6760 { 'xkb-options': '[\'compose:ralt\']' }
6762 db_check('input-sources', data
)
6763 items
= ['/org/gnome/desktop/input-sources/xkb-options']
6764 lock_check('input-sources', items
)
6766 # Dim screen when user is idle
6767 data
= { 'org/gnome/settings-daemon/plugins/power':
6768 { 'idle-dim': 'true',
6769 'idle-brightness': '30'
6772 db_check('power', data
)
6773 data
= { 'org/gnome/desktop/session':
6774 { 'idle-delay': 'uint32 300' }
6776 db_check('session', data
)
6777 items
= ['/org/gnome/settings-daemon/plugins/power/idle-dim',
6778 '/org/gnome/settings-daemon/plugins/power/idle-brightness',
6779 '/org/gnome/desktop/session/idle-delay']
6780 lock_check('power-saving', items
)
6782 # Lock down specific settings
6783 bg_locks
= ['/org/gnome/desktop/background/picture-uri',
6784 '/org/gnome/desktop/background/picture-options',
6785 '/org/gnome/desktop/background/primary-color',
6786 '/org/gnome/desktop/background/secondary-color']
6787 lock_check('group-policy', bg_locks
)
6789 # Lock down enabled extensions
6790 data
= { 'org/gnome/shell':
6791 { 'enabled-extensions':
6792 '[\'myextension1@myname.example.com\', \'myextension2@myname.example.com\']',
6793 'development-tools': 'false' }
6795 db_check('extensions', data
)
6796 items
= [ '/org/gnome/shell/enabled-extensions',
6797 '/org/gnome/shell/development-tools' ]
6798 lock_check('extensions', items
)
6800 # Disallow login using a fingerprint
6801 data
= { 'org/gnome/login-screen':
6802 { 'enable-fingerprint-authentication': 'false' }
6804 db_check('fingerprintreader', data
)
6805 items
= ['/org/gnome/login-screen/enable-fingerprint-authentication']
6806 lock_check('fingerprintreader', items
)
6808 # Disable user logout and user switching
6809 data
= { 'org/gnome/desktop/lockdown':
6810 { 'disable-log-out': 'true',
6811 'disable-user-switching': 'true' }
6813 db_check('logout', data
, 2)
6814 items
= ['/org/gnome/desktop/lockdown/disable-log-out',
6815 '/org/gnome/desktop/lockdown/disable-user-switching']
6816 lock_check('logout', items
, 2)
6818 # Disable repartitioning
6819 actions
= os
.path
.join(dname
, 'etc/share/polkit-1/actions')
6820 udisk2
= glob(os
.path
.join(actions
,
6821 'org.freedesktop.[u|U][d|D]isks2.policy'))
6822 self
.assertEqual(len(udisk2
), 1, 'udisk2 policy not created')
6823 udisk2_tree
= etree
.fromstring(open(udisk2
[0], 'r').read())
6824 actions
= udisk2_tree
.findall('action')
6825 md
= 'org.freedesktop.udisks2.modify-device'
6826 action
= [a
for a
in actions
if a
.attrib
['id'] == md
]
6827 self
.assertEqual(len(action
), 1, 'modify-device not found')
6828 defaults
= action
[0].find('defaults')
6829 self
.assertTrue(defaults
is not None,
6830 'modify-device defaults not found')
6831 allow_any
= defaults
.find('allow_any').text
6832 self
.assertEqual(allow_any
, 'no',
6833 'modify-device allow_any not set to no')
6834 allow_inactive
= defaults
.find('allow_inactive').text
6835 self
.assertEqual(allow_inactive
, 'no',
6836 'modify-device allow_inactive not set to no')
6837 allow_active
= defaults
.find('allow_active').text
6838 self
.assertEqual(allow_active
, 'yes',
6839 'modify-device allow_active not set to yes')
6842 data
= { 'org/gnome/desktop/lockdown':
6843 { 'disable-printing': 'true' }
6845 db_check('printing', data
)
6846 items
= ['/org/gnome/desktop/lockdown/disable-printing']
6847 lock_check('printing', items
)
6849 # Disable file saving
6850 data
= { 'org/gnome/desktop/lockdown':
6851 { 'disable-save-to-disk': 'true' }
6853 db_check('filesaving', data
)
6854 items
= ['/org/gnome/desktop/lockdown/disable-save-to-disk']
6855 lock_check('filesaving', items
)
6857 # Disable command-line access
6858 data
= { 'org/gnome/desktop/lockdown':
6859 { 'disable-command-line': 'true' }
6861 db_check('cmdline', data
)
6862 items
= ['/org/gnome/desktop/lockdown/disable-command-line']
6863 lock_check('cmdline', items
)
6865 # Allow or disallow online accounts
6866 data
= { 'org/gnome/online-accounts':
6867 { 'whitelisted-providers': '[\'google\']' }
6869 db_check('goa', data
)
6870 items
= ['/org/gnome/online-accounts/whitelisted-providers']
6871 lock_check('goa', items
)
6873 # Verify RSOP does not fail
6874 ext
.rsop([g
for g
in gpos
if g
.name
== guid
][0])
6876 # Check that a call to gpupdate --rsop also succeeds
6878 self
.assertEqual(ret
, 0, 'gpupdate --rsop failed!')
6881 gp_db
= store
.get_gplog(machine_creds
.get_username())
6882 del_gpos
= get_deleted_gpos_list(gp_db
, [])
6883 ext
.process_group_policy(del_gpos
, [], dname
)
6884 del_db_check('input-sources')
6885 del_lock_check('input-sources')
6886 del_db_check('power')
6887 del_db_check('session')
6888 del_lock_check('power-saving')
6889 del_lock_check('group-policy')
6890 del_db_check('extensions')
6891 del_lock_check('extensions')
6892 del_db_check('fingerprintreader')
6893 del_lock_check('fingerprintreader')
6894 del_db_check('logout')
6895 del_lock_check('logout')
6896 actions
= os
.path
.join(dname
, 'etc/share/polkit-1/actions')
6897 udisk2
= glob(os
.path
.join(actions
,
6898 'org.freedesktop.[u|U][d|D]isks2.policy'))
6899 self
.assertEqual(len(udisk2
), 0, 'udisk2 policy not deleted')
6900 del_db_check('printing')
6901 del_lock_check('printing')
6902 del_db_check('filesaving')
6903 del_lock_check('filesaving')
6904 del_db_check('cmdline')
6905 del_lock_check('cmdline')
6907 del_lock_check('goa')
6909 # Unstage the Registry.pol file
6910 unstage_file(reg_pol
)
6912 def test_gp_cert_auto_enroll_ext(self
):
6913 local_path
= self
.lp
.cache_path('gpo_cache')
6914 guid
= '{31B2F340-016D-11D2-945F-00C04FB984F9}'
6915 reg_pol
= os
.path
.join(local_path
, policies
, guid
,
6916 'MACHINE/REGISTRY.POL')
6917 cache_dir
= self
.lp
.get('cache directory')
6918 store
= GPOStorage(os
.path
.join(cache_dir
, 'gpo.tdb'))
6920 machine_creds
= Credentials()
6921 machine_creds
.guess(self
.lp
)
6922 machine_creds
.set_machine_account()
6924 # Initialize the group policy extension
6925 ext
= cae
.gp_cert_auto_enroll_ext(self
.lp
, machine_creds
,
6926 machine_creds
.get_username(), store
)
6928 gpos
= get_gpo_list(self
.server
, machine_creds
, self
.lp
,
6929 machine_creds
.get_username())
6931 # Stage the Registry.pol file with test data
6932 parser
= GPPolParser()
6933 parser
.load_xml(etree
.fromstring(auto_enroll_reg_pol
.strip()))
6934 ret
= stage_file(reg_pol
, ndr_pack(parser
.pol_file
))
6935 self
.assertTrue(ret
, 'Could not create the target %s' % reg_pol
)
6937 # Write the dummy CA entry, Enrollment Services, and Templates Entries
6938 admin_creds
= Credentials()
6939 admin_creds
.set_username(os
.environ
.get('DC_USERNAME'))
6940 admin_creds
.set_password(os
.environ
.get('DC_PASSWORD'))
6941 admin_creds
.set_realm(os
.environ
.get('REALM'))
6942 hostname
= get_dc_hostname(machine_creds
, self
.lp
)
6943 url
= 'ldap://%s' % hostname
6944 ldb
= Ldb(url
=url
, session_info
=system_session(),
6945 lp
=self
.lp
, credentials
=admin_creds
)
6946 # Write the dummy CA
6947 confdn
= 'CN=Public Key Services,CN=Services,CN=Configuration,%s' % base_dn
6948 ca_cn
= '%s-CA' % hostname
.replace('.', '-')
6949 certa_dn
= 'CN=%s,CN=Certification Authorities,%s' % (ca_cn
, confdn
)
6950 ldb
.add({'dn': certa_dn
,
6951 'objectClass': 'certificationAuthority',
6952 'authorityRevocationList': ['XXX'],
6953 'cACertificate': b
'0\x82\x03u0\x82\x02]\xa0\x03\x02\x01\x02\x02\x10I',
6954 'certificateRevocationList': ['XXX'],
6956 # Write the dummy pKIEnrollmentService
6957 enroll_dn
= 'CN=%s,CN=Enrollment Services,%s' % (ca_cn
, confdn
)
6958 ldb
.add({'dn': enroll_dn
,
6959 'objectClass': 'pKIEnrollmentService',
6960 'cACertificate': b
'0\x82\x03u0\x82\x02]\xa0\x03\x02\x01\x02\x02\x10I',
6961 'certificateTemplates': ['Machine'],
6962 'dNSHostName': hostname
,
6964 # Write the dummy pKICertificateTemplate
6965 template_dn
= 'CN=Machine,CN=Certificate Templates,%s' % confdn
6966 ldb
.add({'dn': template_dn
,
6967 'objectClass': 'pKICertificateTemplate',
6970 with
TemporaryDirectory() as dname
:
6971 ext
.process_group_policy([], gpos
, dname
, dname
)
6972 ca_crt
= os
.path
.join(dname
, '%s.crt' % ca_cn
)
6973 self
.assertTrue(os
.path
.exists(ca_crt
),
6974 'Root CA certificate was not requested')
6975 machine_crt
= os
.path
.join(dname
, '%s.Machine.crt' % ca_cn
)
6976 self
.assertTrue(os
.path
.exists(machine_crt
),
6977 'Machine certificate was not requested')
6978 machine_key
= os
.path
.join(dname
, '%s.Machine.key' % ca_cn
)
6979 self
.assertTrue(os
.path
.exists(machine_key
),
6980 'Machine key was not generated')
6982 # Subsequent apply should react to new certificate templates
6983 os
.environ
['CEPCES_SUBMIT_SUPPORTED_TEMPLATES'] = 'Machine,Workstation'
6984 self
.addCleanup(os
.environ
.pop
, 'CEPCES_SUBMIT_SUPPORTED_TEMPLATES')
6985 ext
.process_group_policy([], gpos
, dname
, dname
)
6986 self
.assertTrue(os
.path
.exists(ca_crt
),
6987 'Root CA certificate was not requested')
6988 self
.assertTrue(os
.path
.exists(machine_crt
),
6989 'Machine certificate was not requested')
6990 self
.assertTrue(os
.path
.exists(machine_key
),
6991 'Machine key was not generated')
6992 workstation_crt
= os
.path
.join(dname
, '%s.Workstation.crt' % ca_cn
)
6993 self
.assertTrue(os
.path
.exists(workstation_crt
),
6994 'Workstation certificate was not requested')
6995 workstation_key
= os
.path
.join(dname
, '%s.Workstation.key' % ca_cn
)
6996 self
.assertTrue(os
.path
.exists(workstation_key
),
6997 'Workstation key was not generated')
6999 # Verify RSOP does not fail
7000 ext
.rsop([g
for g
in gpos
if g
.name
== guid
][0])
7002 # Check that a call to gpupdate --rsop also succeeds
7004 self
.assertEqual(ret
, 0, 'gpupdate --rsop failed!')
7006 # Remove policy by staging pol file with auto-enroll unchecked
7007 parser
.load_xml(etree
.fromstring(auto_enroll_unchecked_reg_pol
.strip()))
7008 ret
= stage_file(reg_pol
, ndr_pack(parser
.pol_file
))
7009 self
.assertTrue(ret
, 'Could not create the target %s' % reg_pol
)
7010 ext
.process_group_policy([], gpos
, dname
, dname
)
7011 self
.assertFalse(os
.path
.exists(ca_crt
),
7012 'Root CA certificate was not removed')
7013 self
.assertFalse(os
.path
.exists(machine_crt
),
7014 'Machine certificate was not removed')
7015 self
.assertFalse(os
.path
.exists(machine_key
),
7016 'Machine key was not removed')
7017 self
.assertFalse(os
.path
.exists(workstation_crt
),
7018 'Workstation certificate was not removed')
7019 self
.assertFalse(os
.path
.exists(workstation_key
),
7020 'Workstation key was not removed')
7022 # Reapply policy by staging the enabled pol file
7023 parser
.load_xml(etree
.fromstring(auto_enroll_reg_pol
.strip()))
7024 ret
= stage_file(reg_pol
, ndr_pack(parser
.pol_file
))
7025 self
.assertTrue(ret
, 'Could not create the target %s' % reg_pol
)
7026 ext
.process_group_policy([], gpos
, dname
, dname
)
7027 self
.assertTrue(os
.path
.exists(ca_crt
),
7028 'Root CA certificate was not requested')
7029 self
.assertTrue(os
.path
.exists(machine_crt
),
7030 'Machine certificate was not requested')
7031 self
.assertTrue(os
.path
.exists(machine_key
),
7032 'Machine key was not generated')
7033 self
.assertTrue(os
.path
.exists(workstation_crt
),
7034 'Workstation certificate was not requested')
7035 self
.assertTrue(os
.path
.exists(workstation_key
),
7036 'Workstation key was not generated')
7039 gp_db
= store
.get_gplog(machine_creds
.get_username())
7040 del_gpos
= get_deleted_gpos_list(gp_db
, [])
7041 ext
.process_group_policy(del_gpos
, [], dname
)
7042 self
.assertFalse(os
.path
.exists(ca_crt
),
7043 'Root CA certificate was not removed')
7044 self
.assertFalse(os
.path
.exists(machine_crt
),
7045 'Machine certificate was not removed')
7046 self
.assertFalse(os
.path
.exists(machine_key
),
7047 'Machine key was not removed')
7048 self
.assertFalse(os
.path
.exists(workstation_crt
),
7049 'Workstation certificate was not removed')
7050 self
.assertFalse(os
.path
.exists(workstation_key
),
7051 'Workstation key was not removed')
7052 out
, _
= Popen(['getcert', 'list-cas'], stdout
=PIPE
).communicate()
7053 self
.assertNotIn(get_bytes(ca_cn
), out
, 'CA was not removed')
7054 out
, _
= Popen(['getcert', 'list'], stdout
=PIPE
).communicate()
7055 self
.assertNotIn(b
'Machine', out
,
7056 'Machine certificate not removed')
7057 self
.assertNotIn(b
'Workstation', out
,
7058 'Workstation certificate not removed')
7060 # Remove the dummy CA, pKIEnrollmentService, and pKICertificateTemplate
7061 ldb
.delete(certa_dn
)
7062 ldb
.delete(enroll_dn
)
7063 ldb
.delete(template_dn
)
7065 # Unstage the Registry.pol file
7066 unstage_file(reg_pol
)
7068 def test_gp_user_scripts_ext(self
):
7069 local_path
= self
.lp
.cache_path('gpo_cache')
7070 guids
= ['{31B2F340-016D-11D2-945F-00C04FB984F9}',
7071 '{6AC1786C-016F-11D2-945F-00C04FB984F9}']
7072 reg_pol
= os
.path
.join(local_path
, policies
, guids
[0],
7073 'USER/REGISTRY.POL')
7074 reg_pol2
= os
.path
.join(local_path
, policies
, guids
[1],
7075 'USER/REGISTRY.POL')
7076 cache_dir
= self
.lp
.get('cache directory')
7077 store
= GPOStorage(os
.path
.join(cache_dir
, 'gpo.tdb'))
7079 machine_creds
= Credentials()
7080 machine_creds
.guess(self
.lp
)
7081 machine_creds
.set_machine_account()
7083 # Initialize the group policy extension
7084 ext
= gp_user_scripts_ext(self
.lp
, machine_creds
,
7085 os
.environ
.get('DC_USERNAME'), store
)
7087 gpos
= get_gpo_list(self
.server
, machine_creds
, self
.lp
,
7088 machine_creds
.get_username())
7090 reg_key
= b
'Software\\Policies\\Samba\\Unix Settings'
7091 sections
= { b
'%s\\Daily Scripts' % reg_key
: b
'@daily',
7092 b
'%s\\Monthly Scripts' % reg_key
: b
'@monthly',
7093 b
'%s\\Weekly Scripts' % reg_key
: b
'@weekly',
7094 b
'%s\\Hourly Scripts' % reg_key
: b
'@hourly' }
7095 for keyname
in sections
.keys():
7096 # Stage the Registry.pol file with test data
7100 e
.valuename
= b
'Software\\Policies\\Samba\\Unix Settings'
7102 e
.data
= b
'echo hello world'
7103 stage
.num_entries
= 1
7105 ret
= stage_file(reg_pol
, ndr_pack(stage
))
7106 self
.assertTrue(ret
, 'Could not create the target %s' % reg_pol
)
7108 # Stage the other Registry.pol
7111 e2
.keyname
= keyname
7112 e2
.valuename
= b
'Software\\Policies\\Samba\\Unix Settings'
7114 e2
.data
= b
'echo this is a second policy'
7115 stage
.num_entries
= 1
7116 stage
.entries
= [e2
]
7117 ret
= stage_file(reg_pol2
, ndr_pack(stage
))
7118 self
.assertTrue(ret
, 'Could not create the target %s' % reg_pol2
)
7120 # Process all gpos, intentionally skipping the privilege drop
7121 ext
.process_group_policy([], gpos
)
7122 # Dump the fake crontab setup for testing
7123 p
= Popen(['crontab', '-l'], stdout
=PIPE
)
7124 crontab
, _
= p
.communicate()
7125 entry
= b
'%s %s' % (sections
[keyname
], e
.data
.encode())
7126 self
.assertIn(entry
, crontab
,
7127 'The crontab entry was not installed')
7128 entry2
= b
'%s %s' % (sections
[keyname
], e2
.data
.encode())
7129 self
.assertIn(entry2
, crontab
,
7130 'The crontab entry was not installed')
7132 # Force apply with removal of second GPO
7133 gp_db
= store
.get_gplog(os
.environ
.get('DC_USERNAME'))
7134 del_gpos
= gp_db
.get_applied_settings([guids
[1]])
7135 rgpos
= [gpo
for gpo
in gpos
if gpo
.name
!= guids
[1]]
7136 ext
.process_group_policy(del_gpos
, rgpos
)
7138 # Dump the fake crontab setup for testing
7139 p
= Popen(['crontab', '-l'], stdout
=PIPE
)
7140 crontab
, _
= p
.communicate()
7142 # Ensure the first entry remains, and the second entry is removed
7143 self
.assertIn(entry
, crontab
,
7144 'The first crontab entry was not found')
7145 self
.assertNotIn(entry2
, crontab
,
7146 'The second crontab entry was still present')
7148 # Check that a call to gpupdate --rsop also succeeds
7150 self
.assertEqual(ret
, 0, 'gpupdate --rsop failed!')
7153 del_gpos
= get_deleted_gpos_list(gp_db
, [])
7154 ext
.process_group_policy(del_gpos
, [])
7155 # Dump the fake crontab setup for testing
7156 p
= Popen(['crontab', '-l'], stdout
=PIPE
)
7157 crontab
, _
= p
.communicate()
7158 self
.assertNotIn(entry
, crontab
,
7159 'Unapply failed to cleanup crontab entry')
7161 # Unstage the Registry.pol files
7162 unstage_file(reg_pol
)
7163 unstage_file(reg_pol2
)
7165 def test_gp_firefox_ext(self
):
7166 local_path
= self
.lp
.cache_path('gpo_cache')
7167 guid
= '{31B2F340-016D-11D2-945F-00C04FB984F9}'
7168 reg_pol
= os
.path
.join(local_path
, policies
, guid
,
7169 'MACHINE/REGISTRY.POL')
7170 cache_dir
= self
.lp
.get('cache directory')
7171 store
= GPOStorage(os
.path
.join(cache_dir
, 'gpo.tdb'))
7173 machine_creds
= Credentials()
7174 machine_creds
.guess(self
.lp
)
7175 machine_creds
.set_machine_account()
7177 # Initialize the group policy extension
7178 ext
= gp_firefox_ext(self
.lp
, machine_creds
,
7179 machine_creds
.get_username(), store
)
7181 gpos
= get_gpo_list(self
.server
, machine_creds
, self
.lp
,
7182 machine_creds
.get_username())
7184 # Stage the Registry.pol file with test data
7185 parser
= GPPolParser()
7186 parser
.load_xml(etree
.fromstring(firefox_reg_pol
.strip()))
7187 ret
= stage_file(reg_pol
, ndr_pack(parser
.pol_file
))
7188 self
.assertTrue(ret
, 'Could not create the target %s' % reg_pol
)
7190 with
TemporaryDirectory() as dname
:
7191 ext
.process_group_policy([], gpos
, dname
)
7192 policies_file
= os
.path
.join(dname
, 'policies.json')
7193 with
open(policies_file
, 'r') as r
:
7194 policy_data
= json
.load(r
)
7195 expected_policy_data
= json
.loads(firefox_json_expected
)
7196 self
.assertIn('policies', policy_data
, 'Policies were not applied')
7197 self
.assertEqual(expected_policy_data
['policies'].keys(),
7198 policy_data
['policies'].keys(),
7199 'Firefox policies are missing')
7200 for name
in expected_policy_data
['policies'].keys():
7201 self
.assertEqual(expected_policy_data
['policies'][name
],
7202 policy_data
['policies'][name
],
7203 'Policies were not applied')
7205 # Check that modifying the policy will enforce the correct settings
7206 entries
= [e
for e
in parser
.pol_file
.entries
7207 if e
.valuename
!= 'AppUpdateURL']
7209 if e
.valuename
== 'AppAutoUpdate':
7211 parser
.pol_file
.entries
= entries
7212 parser
.pol_file
.num_entries
= len(entries
)
7213 # Stage the Registry.pol file with altered test data
7214 unstage_file(reg_pol
)
7215 ret
= stage_file(reg_pol
, ndr_pack(parser
.pol_file
))
7216 self
.assertTrue(ret
, 'Could not create the target %s' % reg_pol
)
7218 # Enforce the altered policy
7219 ext
.process_group_policy([], gpos
)
7221 # Check that the App Update policy was altered
7222 with
open(policies_file
, 'r') as r
:
7223 policy_data
= json
.load(r
)
7224 self
.assertIn('policies', policy_data
, 'Policies were not applied')
7225 keys
= list(expected_policy_data
['policies'].keys())
7226 keys
.remove('AppUpdateURL')
7228 policy_keys
= list(policy_data
['policies'].keys())
7230 self
.assertEqual(keys
, policy_keys
, 'Firefox policies are incorrect')
7231 for name
in policy_data
['policies'].keys():
7232 self
.assertNotEqual(name
, 'AppUpdateURL',
7233 'Failed to remove AppUpdateURL policy')
7234 if name
== 'AppAutoUpdate':
7235 self
.assertEqual(False, policy_data
['policies'][name
],
7236 'Failed to alter AppAutoUpdate policy')
7238 self
.assertEqual(expected_policy_data
['policies'][name
],
7239 policy_data
['policies'][name
],
7240 'Policies were not applied')
7242 # Verify RSOP does not fail
7243 ext
.rsop([g
for g
in gpos
if g
.name
== guid
][0])
7245 # Check that a call to gpupdate --rsop also succeeds
7247 self
.assertEqual(ret
, 0, 'gpupdate --rsop failed!')
7249 # Unapply the policy
7250 gp_db
= store
.get_gplog(machine_creds
.get_username())
7251 del_gpos
= get_deleted_gpos_list(gp_db
, [])
7252 ext
.process_group_policy(del_gpos
, [], dname
)
7253 if os
.path
.exists(policies_file
):
7254 data
= json
.load(open(policies_file
, 'r'))
7255 if 'policies' in data
.keys():
7256 self
.assertEqual(len(data
['policies'].keys()), 0,
7257 'The policy was not unapplied')
7259 # Initialize the cache with old style existing policies,
7260 # ensure they are overwritten.
7261 old_cache
= {'policies': {}}
7262 ext
.cache_add_attribute(guid
, 'policies.json',
7263 json
.dumps(old_cache
))
7264 with
open(policies_file
, 'w') as w
:
7265 w
.write(firefox_json_expected
)
7268 ext
.process_group_policy([], gpos
)
7270 # Check that policy was overwritten
7271 with
open(policies_file
, 'r') as r
:
7272 policy_data
= json
.load(r
)
7273 self
.assertIn('policies', policy_data
, 'Policies were not applied')
7274 policy_keys
= list(policy_data
['policies'].keys())
7276 self
.assertEqual(keys
, policy_keys
, 'Firefox policies are incorrect')
7277 for name
in policy_data
['policies'].keys():
7278 self
.assertNotEqual(name
, 'AppUpdateURL',
7279 'Failed to remove AppUpdateURL policy')
7280 if name
== 'AppAutoUpdate':
7281 self
.assertEqual(False, policy_data
['policies'][name
],
7282 'Failed to overwrite AppAutoUpdate policy')
7284 self
.assertEqual(expected_policy_data
['policies'][name
],
7285 policy_data
['policies'][name
],
7286 'Policies were not applied')
7288 # Unapply the policy
7289 gp_db
= store
.get_gplog(machine_creds
.get_username())
7290 del_gpos
= get_deleted_gpos_list(gp_db
, [])
7291 ext
.process_group_policy(del_gpos
, [], dname
)
7292 if os
.path
.exists(policies_file
):
7293 data
= json
.load(open(policies_file
, 'r'))
7294 if 'policies' in data
.keys():
7295 self
.assertEqual(len(data
['policies'].keys()), 0,
7296 'The policy was not unapplied')
7298 # Unstage the Registry.pol file
7299 unstage_file(reg_pol
)
7301 def test_gp_chromium_ext(self
):
7302 local_path
= self
.lp
.cache_path('gpo_cache')
7303 guid
= '{31B2F340-016D-11D2-945F-00C04FB984F9}'
7304 reg_pol
= os
.path
.join(local_path
, policies
, guid
,
7305 'MACHINE/REGISTRY.POL')
7306 cache_dir
= self
.lp
.get('cache directory')
7307 store
= GPOStorage(os
.path
.join(cache_dir
, 'gpo.tdb'))
7309 machine_creds
= Credentials()
7310 machine_creds
.guess(self
.lp
)
7311 machine_creds
.set_machine_account()
7313 # Initialize the group policy extension
7314 ext
= gp_chromium_ext(self
.lp
, machine_creds
,
7315 machine_creds
.get_username(), store
)
7317 gpos
= get_gpo_list(self
.server
, machine_creds
, self
.lp
,
7318 machine_creds
.get_username())
7320 # Stage the Registry.pol file with test data
7321 parser
= GPPolParser()
7322 parser
.load_xml(etree
.fromstring(chromium_reg_pol
.strip()))
7323 ret
= stage_file(reg_pol
, ndr_pack(parser
.pol_file
))
7324 self
.assertTrue(ret
, 'Could not create the target %s' % reg_pol
)
7326 with
TemporaryDirectory() as dname
:
7327 ext
.process_group_policy([], gpos
, dname
)
7328 managed
= os
.path
.join(dname
, 'managed')
7329 managed_files
= os
.listdir(managed
)
7330 self
.assertEqual(len(managed_files
), 1,
7331 'Chromium policies are missing')
7332 managed_file
= os
.path
.join(managed
, managed_files
[0])
7333 with
open(managed_file
, 'r') as r
:
7334 managed_data
= json
.load(r
)
7335 recommended
= os
.path
.join(dname
, 'recommended')
7336 recommended_files
= os
.listdir(recommended
)
7337 self
.assertEqual(len(recommended_files
), 1,
7338 'Chromium policies are missing')
7339 recommended_file
= os
.path
.join(recommended
, recommended_files
[0])
7340 with
open(recommended_file
, 'r') as r
:
7341 recommended_data
= json
.load(r
)
7342 expected_managed_data
= json
.loads(chromium_json_expected_managed
)
7343 expected_recommended_data
= \
7344 json
.loads(chromium_json_expected_recommended
)
7346 self
.assertEqual(sorted(expected_managed_data
.keys()),
7347 sorted(managed_data
.keys()),
7348 'Chromium policies are missing')
7349 for name
in expected_managed_data
.keys():
7350 self
.assertEqual(expected_managed_data
[name
],
7352 'Policies were not applied')
7353 self
.assertEqual(expected_recommended_data
.keys(),
7354 recommended_data
.keys(),
7355 'Chromium policies are missing')
7356 for name
in expected_recommended_data
.keys():
7357 self
.assertEqual(expected_recommended_data
[name
],
7358 recommended_data
[name
],
7359 'Policies were not applied')
7361 # Ensure modifying the policy does not generate extra policy files
7362 unstage_file(reg_pol
)
7363 # Change a managed entry:
7364 parser
.pol_file
.entries
[0].data
= 0
7365 # Change a recommended entry:
7366 parser
.pol_file
.entries
[-1].data
= b
'https://google.com'
7367 ret
= stage_file(reg_pol
, ndr_pack(parser
.pol_file
))
7368 self
.assertTrue(ret
, 'Could not create the target %s' % reg_pol
)
7370 ext
.process_group_policy([], gpos
, dname
)
7371 managed_files
= os
.listdir(managed
)
7372 self
.assertEqual(len(managed_files
), 1,
7373 'Number of Chromium policies is incorrect')
7374 omanaged_file
= managed_file
7375 managed_file
= os
.path
.join(managed
, managed_files
[0])
7376 self
.assertNotEqual(omanaged_file
, managed_file
,
7377 'The managed Chromium file did not change')
7379 recommended_files
= os
.listdir(recommended
)
7380 self
.assertEqual(len(recommended_files
), 1,
7381 'Number of Chromium policies is incorrect')
7382 orecommended_file
= recommended_file
7383 recommended_file
= os
.path
.join(recommended
, recommended_files
[0])
7384 self
.assertNotEqual(orecommended_file
, recommended_file
,
7385 'The recommended Chromium file did not change')
7387 # Verify RSOP does not fail
7388 ext
.rsop([g
for g
in gpos
if g
.name
== guid
][0])
7390 # Check that a call to gpupdate --rsop also succeeds
7392 self
.assertEqual(ret
, 0, 'gpupdate --rsop failed!')
7394 # Unapply the policy
7395 gp_db
= store
.get_gplog(machine_creds
.get_username())
7396 del_gpos
= get_deleted_gpos_list(gp_db
, [])
7397 ext
.process_group_policy(del_gpos
, [], dname
)
7398 managed
= os
.path
.join(managed
, managed_files
[0])
7399 if os
.path
.exists(managed
):
7400 data
= json
.load(open(managed
, 'r'))
7401 self
.assertEqual(len(data
.keys()), 0,
7402 'The policy was not unapplied')
7403 recommended
= os
.path
.join(recommended
, recommended_files
[0])
7404 if os
.path
.exists(recommended
):
7405 data
= json
.load(open(recommended
, 'r'))
7406 self
.assertEqual(len(data
.keys()), 0,
7407 'The policy was not unapplied')
7409 # Unstage the Registry.pol file
7410 unstage_file(reg_pol
)
7412 def test_gp_firewalld_ext(self
):
7413 local_path
= self
.lp
.cache_path('gpo_cache')
7414 guid
= '{31B2F340-016D-11D2-945F-00C04FB984F9}'
7415 reg_pol
= os
.path
.join(local_path
, policies
, guid
,
7416 'MACHINE/REGISTRY.POL')
7417 cache_dir
= self
.lp
.get('cache directory')
7418 store
= GPOStorage(os
.path
.join(cache_dir
, 'gpo.tdb'))
7420 machine_creds
= Credentials()
7421 machine_creds
.guess(self
.lp
)
7422 machine_creds
.set_machine_account()
7424 # Initialize the group policy extension
7425 ext
= gp_firewalld_ext(self
.lp
, machine_creds
,
7426 machine_creds
.get_username(), store
)
7428 gpos
= get_gpo_list(self
.server
, machine_creds
, self
.lp
,
7429 machine_creds
.get_username())
7431 # Stage the Registry.pol file with test data
7432 parser
= GPPolParser()
7433 parser
.load_xml(etree
.fromstring(firewalld_reg_pol
.strip()))
7434 ret
= stage_file(reg_pol
, ndr_pack(parser
.pol_file
))
7435 self
.assertTrue(ret
, 'Could not create the target %s' % reg_pol
)
7437 ext
.process_group_policy([], gpos
)
7439 # Check that the policy was applied
7440 firewall_cmd
= which('firewall-cmd')
7441 cmd
= [firewall_cmd
, '--get-zones']
7442 p
= Popen(cmd
, stdout
=PIPE
, stderr
=PIPE
)
7443 out
, err
= p
.communicate()
7444 self
.assertIn(b
'work', out
, 'Failed to apply zones')
7445 self
.assertIn(b
'home', out
, 'Failed to apply zones')
7447 cmd
= [firewall_cmd
, '--zone=work', '--list-interfaces']
7448 p
= Popen(cmd
, stdout
=PIPE
, stderr
=PIPE
)
7449 out
, err
= p
.communicate()
7450 self
.assertIn(b
'eth0', out
, 'Failed to set interface on zone')
7452 cmd
= [firewall_cmd
, '--zone=home', '--list-interfaces']
7453 p
= Popen(cmd
, stdout
=PIPE
, stderr
=PIPE
)
7454 out
, err
= p
.communicate()
7455 self
.assertIn(b
'eth0', out
, 'Failed to set interface on zone')
7457 cmd
= [firewall_cmd
, '--zone=work', '--list-rich-rules']
7458 p
= Popen(cmd
, stdout
=PIPE
, stderr
=PIPE
)
7459 out
, err
= p
.communicate()
7460 # Firewalld will report the rule one of two ways:
7461 rules
= [b
'rule family=ipv4 source address=172.25.1.7 ' +
7462 b
'service name=ftp reject',
7463 b
'rule family="ipv4" source address="172.25.1.7" ' +
7464 b
'service name="ftp" reject']
7465 self
.assertIn(out
.strip(), rules
, 'Failed to set rich rule')
7467 # Check that modifying the policy will enforce the correct settings
7468 entries
= [e
for e
in parser
.pol_file
.entries
if e
.data
!= 'home']
7469 self
.assertEqual(len(entries
), len(parser
.pol_file
.entries
)-1,
7470 'Failed to remove the home zone entry')
7471 parser
.pol_file
.entries
= entries
7472 parser
.pol_file
.num_entries
= len(entries
)
7473 # Stage the Registry.pol file with altered test data
7474 unstage_file(reg_pol
)
7475 ret
= stage_file(reg_pol
, ndr_pack(parser
.pol_file
))
7476 self
.assertTrue(ret
, 'Could not create the target %s' % reg_pol
)
7478 # Enforce the altered policy
7479 ext
.process_group_policy([], gpos
)
7481 # Check that the home zone was removed
7482 cmd
= [firewall_cmd
, '--get-zones']
7483 p
= Popen(cmd
, stdout
=PIPE
, stderr
=PIPE
)
7484 out
, err
= p
.communicate()
7485 self
.assertIn(b
'work', out
, 'Failed to apply zones')
7486 self
.assertNotIn(b
'home', out
, 'Failed to apply zones')
7488 # Verify RSOP does not fail
7489 ext
.rsop([g
for g
in gpos
if g
.name
== guid
][0])
7491 # Check that a call to gpupdate --rsop also succeeds
7493 self
.assertEqual(ret
, 0, 'gpupdate --rsop failed!')
7495 # Unapply the policy
7496 gp_db
= store
.get_gplog(machine_creds
.get_username())
7497 del_gpos
= get_deleted_gpos_list(gp_db
, [])
7498 ext
.process_group_policy(del_gpos
, [])
7500 # Check that the policy was unapplied
7501 cmd
= [firewall_cmd
, '--get-zones']
7502 p
= Popen(cmd
, stdout
=PIPE
, stderr
=PIPE
)
7503 out
, err
= p
.communicate()
7504 self
.assertNotIn(b
'work', out
, 'Failed to unapply zones')
7505 self
.assertNotIn(b
'home', out
, 'Failed to unapply zones')
7507 # Unstage the Registry.pol file
7508 unstage_file(reg_pol
)
7510 def test_advanced_gp_cert_auto_enroll_ext(self
):
7511 local_path
= self
.lp
.cache_path('gpo_cache')
7512 guid
= '{31B2F340-016D-11D2-945F-00C04FB984F9}'
7513 reg_pol
= os
.path
.join(local_path
, policies
, guid
,
7514 'MACHINE/REGISTRY.POL')
7515 cache_dir
= self
.lp
.get('cache directory')
7516 store
= GPOStorage(os
.path
.join(cache_dir
, 'gpo.tdb'))
7518 machine_creds
= Credentials()
7519 machine_creds
.guess(self
.lp
)
7520 machine_creds
.set_machine_account()
7522 # Initialize the group policy extension
7523 ext
= cae
.gp_cert_auto_enroll_ext(self
.lp
, machine_creds
,
7524 machine_creds
.get_username(), store
)
7526 gpos
= get_gpo_list(self
.server
, machine_creds
, self
.lp
,
7527 machine_creds
.get_username())
7529 admin_creds
= Credentials()
7530 admin_creds
.set_username(os
.environ
.get('DC_USERNAME'))
7531 admin_creds
.set_password(os
.environ
.get('DC_PASSWORD'))
7532 admin_creds
.set_realm(os
.environ
.get('REALM'))
7533 hostname
= get_dc_hostname(machine_creds
, self
.lp
)
7534 url
= 'ldap://%s' % hostname
7535 ldb
= Ldb(url
=url
, session_info
=system_session(),
7536 lp
=self
.lp
, credentials
=admin_creds
)
7538 # Stage the Registry.pol file with test data
7539 res
= ldb
.search('', _ldb
.SCOPE_BASE
, '(objectClass=*)',
7540 ['rootDomainNamingContext'])
7541 self
.assertTrue(len(res
) == 1, 'rootDomainNamingContext not found')
7542 res2
= ldb
.search(res
[0]['rootDomainNamingContext'][0],
7543 _ldb
.SCOPE_BASE
, '(objectClass=*)', ['objectGUID'])
7544 self
.assertTrue(len(res2
) == 1, 'objectGUID not found')
7545 objectGUID
= b
'{%s}' % \
7546 cae
.octet_string_to_objectGUID(res2
[0]['objectGUID'][0]).upper().encode()
7547 parser
= GPPolParser()
7548 parser
.load_xml(etree
.fromstring(advanced_enroll_reg_pol
.strip() %
7549 (objectGUID
, objectGUID
, objectGUID
, objectGUID
)))
7550 ret
= stage_file(reg_pol
, ndr_pack(parser
.pol_file
))
7551 self
.assertTrue(ret
, 'Could not create the target %s' % reg_pol
)
7553 # Write the dummy CA entry
7554 confdn
= 'CN=Public Key Services,CN=Services,CN=Configuration,%s' % base_dn
7555 ca_cn
= '%s-CA' % hostname
.replace('.', '-')
7556 certa_dn
= 'CN=%s,CN=Certification Authorities,%s' % (ca_cn
, confdn
)
7557 ldb
.add({'dn': certa_dn
,
7558 'objectClass': 'certificationAuthority',
7559 'authorityRevocationList': ['XXX'],
7560 'cACertificate': b
'0\x82\x03u0\x82\x02]\xa0\x03\x02\x01\x02\x02\x10I',
7561 'certificateRevocationList': ['XXX'],
7563 # Write the dummy pKIEnrollmentService
7564 enroll_dn
= 'CN=%s,CN=Enrollment Services,%s' % (ca_cn
, confdn
)
7565 ldb
.add({'dn': enroll_dn
,
7566 'objectClass': 'pKIEnrollmentService',
7567 'cACertificate': b
'0\x82\x03u0\x82\x02]\xa0\x03\x02\x01\x02\x02\x10I',
7568 'certificateTemplates': ['Machine'],
7569 'dNSHostName': hostname
,
7571 # Write the dummy pKICertificateTemplate
7572 template_dn
= 'CN=Machine,CN=Certificate Templates,%s' % confdn
7573 ldb
.add({'dn': template_dn
,
7574 'objectClass': 'pKICertificateTemplate',
7577 with
TemporaryDirectory() as dname
:
7578 ext
.process_group_policy([], gpos
, dname
, dname
)
7579 ca_list
= [ca_cn
, 'example0-com-CA', 'example1-com-CA',
7582 ca_crt
= os
.path
.join(dname
, '%s.crt' % ca
)
7583 self
.assertTrue(os
.path
.exists(ca_crt
),
7584 'Root CA certificate was not requested')
7585 machine_crt
= os
.path
.join(dname
, '%s.Machine.crt' % ca
)
7586 self
.assertTrue(os
.path
.exists(machine_crt
),
7587 'Machine certificate was not requested')
7588 machine_key
= os
.path
.join(dname
, '%s.Machine.key' % ca
)
7589 self
.assertTrue(os
.path
.exists(machine_key
),
7590 'Machine key was not generated')
7592 # Subsequent apply should react to new certificate templates
7593 os
.environ
['CEPCES_SUBMIT_SUPPORTED_TEMPLATES'] = 'Machine,Workstation'
7594 self
.addCleanup(os
.environ
.pop
, 'CEPCES_SUBMIT_SUPPORTED_TEMPLATES')
7595 ext
.process_group_policy([], gpos
, dname
, dname
)
7597 self
.assertTrue(os
.path
.exists(ca_crt
),
7598 'Root CA certificate was not requested')
7599 self
.assertTrue(os
.path
.exists(machine_crt
),
7600 'Machine certificate was not requested')
7601 self
.assertTrue(os
.path
.exists(machine_key
),
7602 'Machine key was not generated')
7604 workstation_crt
= os
.path
.join(dname
, '%s.Workstation.crt' % ca
)
7605 self
.assertTrue(os
.path
.exists(workstation_crt
),
7606 'Workstation certificate was not requested')
7607 workstation_key
= os
.path
.join(dname
, '%s.Workstation.key' % ca
)
7608 self
.assertTrue(os
.path
.exists(workstation_key
),
7609 'Workstation key was not generated')
7611 # Verify RSOP does not fail
7612 ext
.rsop([g
for g
in gpos
if g
.name
== guid
][0])
7614 # Check that a call to gpupdate --rsop also succeeds
7616 self
.assertEqual(ret
, 0, 'gpupdate --rsop failed!')
7619 gp_db
= store
.get_gplog(machine_creds
.get_username())
7620 del_gpos
= get_deleted_gpos_list(gp_db
, [])
7621 ext
.process_group_policy(del_gpos
, [], dname
)
7622 self
.assertFalse(os
.path
.exists(ca_crt
),
7623 'Root CA certificate was not removed')
7624 self
.assertFalse(os
.path
.exists(machine_crt
),
7625 'Machine certificate was not removed')
7626 self
.assertFalse(os
.path
.exists(machine_key
),
7627 'Machine key was not removed')
7628 self
.assertFalse(os
.path
.exists(workstation_crt
),
7629 'Workstation certificate was not removed')
7630 self
.assertFalse(os
.path
.exists(workstation_key
),
7631 'Workstation key was not removed')
7632 out
, _
= Popen(['getcert', 'list-cas'], stdout
=PIPE
).communicate()
7634 self
.assertNotIn(get_bytes(ca
), out
, 'CA was not removed')
7635 out
, _
= Popen(['getcert', 'list'], stdout
=PIPE
).communicate()
7636 self
.assertNotIn(b
'Machine', out
,
7637 'Machine certificate not removed')
7638 self
.assertNotIn(b
'Workstation', out
,
7639 'Workstation certificate not removed')
7641 # Remove the dummy CA, pKIEnrollmentService, and pKICertificateTemplate
7642 ldb
.delete(certa_dn
)
7643 ldb
.delete(enroll_dn
)
7644 ldb
.delete(template_dn
)
7646 # Unstage the Registry.pol file
7647 unstage_file(reg_pol
)
7649 def test_gp_centrify_sudoers_ext(self
):
7650 local_path
= self
.lp
.cache_path('gpo_cache')
7651 guid
= '{31B2F340-016D-11D2-945F-00C04FB984F9}'
7652 reg_pol
= os
.path
.join(local_path
, policies
, guid
,
7653 'MACHINE/REGISTRY.POL')
7654 cache_dir
= self
.lp
.get('cache directory')
7655 store
= GPOStorage(os
.path
.join(cache_dir
, 'gpo.tdb'))
7657 machine_creds
= Credentials()
7658 machine_creds
.guess(self
.lp
)
7659 machine_creds
.set_machine_account()
7661 # Initialize the group policy extension
7662 ext
= gp_centrify_sudoers_ext(self
.lp
, machine_creds
,
7663 machine_creds
.get_username(), store
)
7665 gpos
= get_gpo_list(self
.server
, machine_creds
, self
.lp
,
7666 machine_creds
.get_username())
7668 # Stage the Registry.pol file with test data
7671 e1
.keyname
= b
'Software\\Policies\\Centrify\\UnixSettings'
7672 e1
.valuename
= b
'sudo.enabled'
7676 e2
.keyname
= b
'Software\\Policies\\Centrify\\UnixSettings\\SuDo'
7679 e2
.data
= b
'fakeu ALL=(ALL) NOPASSWD: ALL'
7680 stage
.num_entries
= 2
7681 stage
.entries
= [e1
, e2
]
7682 ret
= stage_file(reg_pol
, ndr_pack(stage
))
7683 self
.assertTrue(ret
, 'Could not create the target %s' % reg_pol
)
7685 # Process all gpos, with temp output directory
7686 with
TemporaryDirectory() as dname
:
7687 ext
.process_group_policy([], gpos
, dname
)
7688 sudoers
= os
.listdir(dname
)
7689 self
.assertEqual(len(sudoers
), 1, 'The sudoer file was not created')
7690 sudoers_file
= os
.path
.join(dname
, sudoers
[0])
7691 self
.assertIn(e2
.data
, open(sudoers_file
, 'r').read(),
7692 'The sudoers entry was not applied')
7694 # Remove the sudoers file, and make sure a re-apply puts it back
7695 os
.unlink(sudoers_file
)
7696 ext
.process_group_policy([], gpos
, dname
)
7697 sudoers
= os
.listdir(dname
)
7698 self
.assertEqual(len(sudoers
), 1,
7699 'The sudoer file was not recreated')
7700 sudoers_file
= os
.path
.join(dname
, sudoers
[0])
7701 self
.assertIn(e2
.data
, open(sudoers_file
, 'r').read(),
7702 'The sudoers entry was not reapplied')
7704 # Check that a call to gpupdate --rsop also succeeds
7706 self
.assertEqual(ret
, 0, 'gpupdate --rsop failed!')
7709 gp_db
= store
.get_gplog(machine_creds
.get_username())
7710 del_gpos
= get_deleted_gpos_list(gp_db
, [])
7711 ext
.process_group_policy(del_gpos
, [])
7712 self
.assertEqual(len(os
.listdir(dname
)), 0,
7713 'Unapply failed to cleanup scripts')
7715 # Unstage the Registry.pol file
7716 unstage_file(reg_pol
)
7718 def test_gp_centrify_crontab_ext(self
):
7719 local_path
= self
.lp
.cache_path('gpo_cache')
7720 guid
= '{31B2F340-016D-11D2-945F-00C04FB984F9}'
7721 reg_pol
= os
.path
.join(local_path
, policies
, guid
,
7722 'MACHINE/REGISTRY.POL')
7723 cache_dir
= self
.lp
.get('cache directory')
7724 store
= GPOStorage(os
.path
.join(cache_dir
, 'gpo.tdb'))
7726 machine_creds
= Credentials()
7727 machine_creds
.guess(self
.lp
)
7728 machine_creds
.set_machine_account()
7730 # Initialize the group policy extension
7731 ext
= gp_centrify_crontab_ext(self
.lp
, machine_creds
,
7732 machine_creds
.get_username(), store
)
7734 gpos
= get_gpo_list(self
.server
, machine_creds
, self
.lp
,
7735 machine_creds
.get_username())
7737 # Stage the Registry.pol file with test data
7741 b
'Software\\Policies\\Centrify\\UnixSettings\\CrontabEntries'
7742 e
.valuename
= b
'Command1'
7744 e
.data
= b
'17 * * * * root echo hello world'
7745 stage
.num_entries
= 1
7747 ret
= stage_file(reg_pol
, ndr_pack(stage
))
7748 self
.assertTrue(ret
, 'Could not create the target %s' % reg_pol
)
7750 # Process all gpos, with temp output directory
7751 with
TemporaryDirectory() as dname
:
7752 ext
.process_group_policy([], gpos
, dname
)
7753 cron_entries
= os
.listdir(dname
)
7754 self
.assertEqual(len(cron_entries
), 1, 'Cron entry not created')
7755 fname
= os
.path
.join(dname
, cron_entries
[0])
7756 data
= open(fname
, 'rb').read()
7757 self
.assertIn(get_bytes(e
.data
), data
, 'Cron entry is missing')
7759 # Check that a call to gpupdate --rsop also succeeds
7761 self
.assertEqual(ret
, 0, 'gpupdate --rsop failed!')
7764 gp_db
= store
.get_gplog(machine_creds
.get_username())
7765 del_gpos
= get_deleted_gpos_list(gp_db
, [])
7766 ext
.process_group_policy(del_gpos
, [])
7767 self
.assertEqual(len(os
.listdir(dname
)), 0,
7768 'Unapply failed to cleanup script')
7770 # Unstage the Registry.pol file
7771 unstage_file(reg_pol
)
7773 def test_gp_user_centrify_crontab_ext(self
):
7774 local_path
= self
.lp
.cache_path('gpo_cache')
7775 guids
= ['{31B2F340-016D-11D2-945F-00C04FB984F9}',
7776 '{6AC1786C-016F-11D2-945F-00C04FB984F9}']
7777 reg_pol
= os
.path
.join(local_path
, policies
, guids
[0],
7778 'USER/REGISTRY.POL')
7779 reg_pol2
= os
.path
.join(local_path
, policies
, guids
[1],
7780 'USER/REGISTRY.POL')
7781 cache_dir
= self
.lp
.get('cache directory')
7782 store
= GPOStorage(os
.path
.join(cache_dir
, 'gpo.tdb'))
7784 machine_creds
= Credentials()
7785 machine_creds
.guess(self
.lp
)
7786 machine_creds
.set_machine_account()
7788 # Initialize the group policy extension
7789 ext
= gp_user_centrify_crontab_ext(self
.lp
, machine_creds
,
7790 os
.environ
.get('DC_USERNAME'),
7793 gpos
= get_gpo_list(self
.server
, machine_creds
, self
.lp
,
7794 machine_creds
.get_username())
7796 # Stage the Registry.pol file with test data
7800 b
'Software\\Policies\\Centrify\\UnixSettings\\CrontabEntries'
7801 e
.valuename
= b
'Command1'
7803 e
.data
= b
'17 * * * * echo hello world'
7804 stage
.num_entries
= 1
7806 ret
= stage_file(reg_pol
, ndr_pack(stage
))
7807 self
.assertTrue(ret
, 'Could not create the target %s' % reg_pol
)
7809 # Stage the other Registry.pol
7813 b
'Software\\Policies\\Centrify\\UnixSettings\\CrontabEntries'
7814 e2
.valuename
= b
'Command1'
7816 e2
.data
= b
'17 * * * * echo this is a second policy'
7817 stage
.num_entries
= 1
7818 stage
.entries
= [e2
]
7819 ret
= stage_file(reg_pol2
, ndr_pack(stage
))
7820 self
.assertTrue(ret
, 'Could not create the target %s' % reg_pol2
)
7822 # Process all gpos, intentionally skipping the privilege drop
7823 ext
.process_group_policy([], gpos
)
7824 # Dump the fake crontab setup for testing
7825 p
= Popen(['crontab', '-l'], stdout
=PIPE
)
7826 crontab
, _
= p
.communicate()
7827 self
.assertIn(get_bytes(e
.data
), crontab
,
7828 'The crontab entry was not installed')
7829 self
.assertIn(get_bytes(e2
.data
), crontab
,
7830 'The crontab entry was not installed')
7832 # Force apply with removal of second GPO
7833 gp_db
= store
.get_gplog(os
.environ
.get('DC_USERNAME'))
7834 del_gpos
= gp_db
.get_applied_settings([guids
[1]])
7835 gpos
= [gpo
for gpo
in gpos
if gpo
.name
!= guids
[1]]
7836 ext
.process_group_policy(del_gpos
, gpos
)
7838 # Dump the fake crontab setup for testing
7839 p
= Popen(['crontab', '-l'], stdout
=PIPE
)
7840 crontab
, _
= p
.communicate()
7842 # Ensure the first entry remains, and the second entry is removed
7843 self
.assertIn(get_bytes(e
.data
), crontab
,
7844 'The first crontab entry was not found')
7845 self
.assertNotIn(get_bytes(e2
.data
), crontab
,
7846 'The second crontab entry was still present')
7848 # Check that a call to gpupdate --rsop also succeeds
7850 self
.assertEqual(ret
, 0, 'gpupdate --rsop failed!')
7853 del_gpos
= get_deleted_gpos_list(gp_db
, [])
7854 ext
.process_group_policy(del_gpos
, [])
7855 # Dump the fake crontab setup for testing
7856 p
= Popen(['crontab', '-l'], stdout
=PIPE
)
7857 crontab
, _
= p
.communicate()
7858 self
.assertNotIn(get_bytes(e
.data
), crontab
,
7859 'Unapply failed to cleanup crontab entry')
7861 # Unstage the Registry.pol files
7862 unstage_file(reg_pol
)
7863 unstage_file(reg_pol2
)
7865 def test_gp_drive_maps_user_ext(self
):
7866 local_path
= self
.lp
.cache_path('gpo_cache')
7867 guid
= '{31B2F340-016D-11D2-945F-00C04FB984F9}'
7868 xml_path
= os
.path
.join(local_path
, policies
, guid
,
7869 'USER/PREFERENCES/DRIVES/DRIVES.XML')
7870 cache_dir
= self
.lp
.get('cache directory')
7871 store
= GPOStorage(os
.path
.join(cache_dir
, 'gpo.tdb'))
7873 machine_creds
= Credentials()
7874 machine_creds
.guess(self
.lp
)
7875 machine_creds
.set_machine_account()
7877 # Initialize the group policy extension
7878 ext
= gp_drive_maps_user_ext(self
.lp
, machine_creds
,
7879 os
.environ
.get('DC_USERNAME'), store
)
7881 ads
= gpo
.ADS_STRUCT(self
.server
, self
.lp
, machine_creds
)
7883 gpos
= ads
.get_gpo_list(machine_creds
.get_username())
7885 # Stage the Drives.xml file with test data
7886 ret
= stage_file(xml_path
, drive_maps_xml
)
7887 self
.assertTrue(ret
, 'Could not create the target %s' % xml_path
)
7889 # Process all gpos, intentionally skipping the privilege drop
7890 ext
.process_group_policy([], gpos
)
7891 # Dump the fake crontab setup for testing
7892 p
= Popen(['crontab', '-l'], stdout
=PIPE
)
7893 crontab
, _
= p
.communicate()
7894 entry
= b
'@hourly gio mount smb://example.com/test'
7895 self
.assertIn(entry
, crontab
,
7896 'The crontab entry was not installed')
7898 # Check that a call to gpupdate --rsop also succeeds
7900 self
.assertEqual(ret
, 0, 'gpupdate --rsop failed!')
7902 # Unstage the Drives.xml
7903 unstage_file(xml_path
)
7905 # Modify the policy and ensure it is updated
7906 xml_conf
= etree
.fromstring(drive_maps_xml
.strip())
7907 drives
= xml_conf
.findall('Drive')
7908 props
= drives
[0].find('Properties')
7909 props
.attrib
['action'] = 'D'
7910 ret
= stage_file(xml_path
,
7911 etree
.tostring(xml_conf
, encoding
='unicode'))
7912 self
.assertTrue(ret
, 'Could not create the target %s' % xml_path
)
7914 # Process all gpos, intentionally skipping the privilege drop
7915 ext
.process_group_policy([], gpos
)
7916 # Dump the fake crontab setup for testing
7917 p
= Popen(['crontab', '-l'], stdout
=PIPE
)
7918 crontab
, _
= p
.communicate()
7919 self
.assertNotIn(entry
+b
'\n', crontab
,
7920 'The old crontab entry was not removed')
7921 entry
= entry
+ b
' --unmount'
7922 self
.assertIn(entry
, crontab
,
7923 'The crontab entry was not installed')
7926 gp_db
= store
.get_gplog(os
.environ
.get('DC_USERNAME'))
7927 del_gpos
= get_deleted_gpos_list(gp_db
, [])
7928 ext
.process_group_policy(del_gpos
, [])
7929 # Dump the fake crontab setup for testing
7930 p
= Popen(['crontab', '-l'], stdout
=PIPE
)
7931 crontab
, _
= p
.communicate()
7932 self
.assertNotIn(entry
, crontab
,
7933 'Unapply failed to cleanup crontab entry')
7935 # Unstage the Drives.xml
7936 unstage_file(xml_path
)
7938 # Modify the policy to set 'run once', ensure there is no cron entry
7939 xml_conf
= etree
.fromstring(drive_maps_xml
.strip())
7940 drives
= xml_conf
.findall('Drive')
7941 filters
= etree
.SubElement(drives
[0], 'Filters')
7942 etree
.SubElement(filters
, 'FilterRunOnce')
7943 ret
= stage_file(xml_path
,
7944 etree
.tostring(xml_conf
, encoding
='unicode'))
7945 self
.assertTrue(ret
, 'Could not create the target %s' % xml_path
)
7947 # Process all gpos, intentionally skipping the privilege drop
7948 ext
.process_group_policy([], gpos
)
7949 # Dump the fake crontab setup for testing
7950 p
= Popen(['crontab', '-l'], stdout
=PIPE
)
7951 crontab
, _
= p
.communicate()
7952 entry
= b
'@hourly gio mount smb://example.com/test'
7953 self
.assertNotIn(entry
, crontab
,
7954 'The crontab entry was added despite run-once request')
7957 gp_db
= store
.get_gplog(os
.environ
.get('DC_USERNAME'))
7958 del_gpos
= get_deleted_gpos_list(gp_db
, [])
7959 ext
.process_group_policy(del_gpos
, [])
7961 # Unstage the Drives.xml
7962 unstage_file(xml_path
)
7964 def test_expand_pref_variables(self
):
7965 cache_path
= self
.lp
.cache_path(os
.path
.join('gpo_cache'))
7967 username
= 'test_uname'
7968 test_vars
= { 'AppDataDir': os
.path
.expanduser('~/.config'),
7969 'ComputerName': self
.lp
.get('netbios name'),
7970 'DesktopDir': os
.path
.expanduser('~/Desktop'),
7971 'DomainName': self
.lp
.get('realm'),
7972 'GptPath': os
.path
.join(cache_path
,
7973 check_safe_path(gpt_path
).upper()),
7974 'LogonDomain': self
.lp
.get('realm'),
7975 'LogonUser': username
,
7979 for exp_var
, val
in test_vars
.items():
7980 self
.assertEqual(expand_pref_variables('%%%s%%' % exp_var
,
7984 val
, 'Failed to expand variable %s' % exp_var
)
7985 # With the time variables, we can't test for an exact time, so let's do
7986 # simple checks instead.
7987 time_vars
= ['DateTime', 'DateTimeEx', 'LocalTime',
7988 'LocalTimeEx', 'TimeStamp']
7989 for time_var
in time_vars
:
7990 self
.assertNotEqual(expand_pref_variables('%%%s%%' % time_var
,
7994 None, 'Failed to expand variable %s' % time_var
)
7996 # Here we test to ensure undefined preference variables cause an error.
7997 # The reason for testing these is to ensure we don't apply nonsense
7998 # policies when they can't be defined. Also, these tests will fail if
7999 # one of these is implemented in the future (forcing us to write a test
8000 # anytime these are implemented).
8001 undef_vars
= ['BinaryComputerSid',
8005 'CommonFavoritesDir',
8006 'CommonProgramsDir',
8008 'CurrentProccessId',
8012 'GroupPolicyVersion',
8025 'RecentDocumentsDir',
8028 'ReversedComputerSid',
8037 for undef_var
in undef_vars
:
8039 expand_pref_variables('%%%s%%' % undef_var
, gpt_path
, self
.lp
)
8043 self
.fail('Undefined variable %s caused no error' % undef_var
)
8045 def test_parser_roundtrip_empty_multi_sz(self
):
8046 with
TemporaryDirectory() as dname
:
8047 reg_pol_xml
= os
.path
.join(dname
, 'REGISTRY.POL.XML')
8049 parser
= GPPolParser()
8051 parser
.load_xml(etree
.fromstring(empty_multi_sz_reg_pol
.strip()))
8052 except Exception as e
:
8054 parser
.write_xml(reg_pol_xml
)
8056 with
open(reg_pol_xml
, 'r') as f
:
8057 pol_xml_data
= f
.read()
8059 # Strip whitespace characters due to indentation differences
8060 expected_xml_data
= re
.sub(r
"\s+", "", empty_multi_sz_reg_pol
.decode(), flags
=re
.UNICODE
)
8061 actual_xml_data
= re
.sub(r
"\s+", "", pol_xml_data
, flags
=re
.UNICODE
)
8062 self
.assertEqual(expected_xml_data
, actual_xml_data
, 'XML data mismatch')
8064 def test_parser_roundtrip_multiple_values_multi_sz(self
):
8065 with
TemporaryDirectory() as dname
:
8066 reg_pol_xml
= os
.path
.join(dname
, 'REGISTRY.POL.XML')
8068 parser
= GPPolParser()
8070 parser
.load_xml(etree
.fromstring(multiple_values_multi_sz_reg_pol
.strip()))
8071 except Exception as e
:
8073 parser
.write_xml(reg_pol_xml
)
8075 with
open(reg_pol_xml
, 'r') as f
:
8076 pol_xml_data
= f
.read()
8078 # Strip whitespace characters due to indentation differences
8079 expected_xml_data
= re
.sub(r
"\s+", "", multiple_values_multi_sz_reg_pol
.decode(), flags
=re
.UNICODE
)
8080 actual_xml_data
= re
.sub(r
"\s+", "", pol_xml_data
, flags
=re
.UNICODE
)
8081 self
.assertEqual(expected_xml_data
, actual_xml_data
, 'XML data mismatch')