1 # Unix SMB/CIFS implementation. Tests for smb manipulation
2 # Copyright (C) David Mulder <dmulder@suse.com> 2018
4 # This program is free software; you can redistribute it and/or modify
5 # it under the terms of the GNU General Public License as published by
6 # the Free Software Foundation; either version 3 of the License, or
7 # (at your option) any later version.
9 # This program is distributed in the hope that it will be useful,
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 # GNU General Public License for more details.
14 # You should have received a copy of the GNU General Public License
15 # along with this program. If not, see <http://www.gnu.org/licenses/>.
17 import os
, grp
, pwd
, re
19 from samba
import gpo
, tests
20 from samba
.gp
.gpclass
import register_gp_extension
, list_gp_extensions
, \
21 unregister_gp_extension
, GPOStorage
, get_gpo_list
22 from samba
.param
import LoadParm
23 from samba
.gp
.gpclass
import check_refresh_gpo_list
, check_safe_path
, \
24 check_guid
, parse_gpext_conf
, atomic_write_conf
, get_deleted_gpos_list
25 from subprocess
import Popen
, PIPE
26 from tempfile
import NamedTemporaryFile
, TemporaryDirectory
27 from samba
.gp
import gpclass
28 # Disable privilege dropping for testing
29 gpclass
.drop_privileges
= lambda _
, func
, *args
: func(*args
)
30 from samba
.gp
.gp_sec_ext
import gp_krb_ext
31 from samba
.gp
.gp_scripts_ext
import gp_scripts_ext
, gp_user_scripts_ext
32 from samba
.gp
.gp_sudoers_ext
import gp_sudoers_ext
33 from samba
.gp
.vgp_sudoers_ext
import vgp_sudoers_ext
34 from samba
.gp
.vgp_symlink_ext
import vgp_symlink_ext
35 from samba
.gp
.gpclass
import gp_inf_ext
36 from samba
.gp
.gp_smb_conf_ext
import gp_smb_conf_ext
37 from samba
.gp
.vgp_files_ext
import vgp_files_ext
38 from samba
.gp
.vgp_openssh_ext
import vgp_openssh_ext
39 from samba
.gp
.vgp_startup_scripts_ext
import vgp_startup_scripts_ext
40 from samba
.gp
.vgp_motd_ext
import vgp_motd_ext
41 from samba
.gp
.vgp_issue_ext
import vgp_issue_ext
42 from samba
.gp
.vgp_access_ext
import vgp_access_ext
43 from samba
.gp
.gp_gnome_settings_ext
import gp_gnome_settings_ext
44 from samba
.gp
import gp_cert_auto_enroll_ext
as cae
45 from samba
.gp
.gp_firefox_ext
import gp_firefox_ext
46 from samba
.gp
.gp_chromium_ext
import gp_chromium_ext
47 from samba
.gp
.gp_firewalld_ext
import gp_firewalld_ext
48 from samba
.credentials
import Credentials
49 from samba
.gp
.gp_msgs_ext
import gp_msgs_ext
50 from samba
.gp
.gp_centrify_sudoers_ext
import gp_centrify_sudoers_ext
51 from samba
.gp
.gp_centrify_crontab_ext
import gp_centrify_crontab_ext
, \
52 gp_user_centrify_crontab_ext
53 from samba
.gp
.gp_drive_maps_ext
import gp_drive_maps_user_ext
54 from samba
.common
import get_bytes
55 from samba
.dcerpc
import preg
56 from samba
.ndr
import ndr_pack
58 from shutil
import copyfile
59 import xml
.etree
.ElementTree
as etree
61 from samba
.gp_parse
.gp_pol
import GPPolParser
63 from configparser
import ConfigParser
64 from samba
.gp
.gpclass
import get_dc_hostname
, expand_pref_variables
67 from samba
.auth
import system_session
69 from shutil
import which
71 from cryptography
import x509
72 from cryptography
.hazmat
.primitives
import hashes
73 from cryptography
.hazmat
.backends
import default_backend
74 from cryptography
.hazmat
.primitives
.asymmetric
import rsa
75 from cryptography
.hazmat
.primitives
.serialization
import Encoding
76 from datetime
import datetime
, timedelta
, timezone
77 from samba
.samba3
import param
as s3param
79 def dummy_certificate():
81 x509
.NameAttribute(x509
.NameOID
.COMMON_NAME
,
82 os
.environ
.get('SERVER'))
84 cons
= x509
.BasicConstraints(ca
=True, path_length
=0)
85 now
= datetime
.now(tz
=timezone
.utc
)
87 key
= rsa
.generate_private_key(public_exponent
=65537, key_size
=2048,
88 backend
=default_backend())
91 x509
.CertificateBuilder()
94 .public_key(key
.public_key())
96 .not_valid_before(now
)
97 .not_valid_after(now
+ timedelta(seconds
=300))
98 .add_extension(cons
, False)
99 .sign(key
, hashes
.SHA256(), default_backend())
102 return cert
.public_bytes(encoding
=Encoding
.DER
)
104 # Dummy requests structure for Certificate Auto Enrollment
105 class dummy_requests(object):
106 class exceptions(object):
107 ConnectionError
= Exception
109 def __init__(self
, want_exception
=False):
110 self
.want_exception
= want_exception
112 def get(self
, url
=None, params
=None):
113 if self
.want_exception
:
114 raise self
.exceptions
.ConnectionError
116 dummy
= requests
.Response()
117 dummy
._content
= dummy_certificate()
118 dummy
.headers
= {'Content-Type': 'application/x-x509-ca-cert'}
121 realm
= os
.environ
.get('REALM')
122 policies
= realm
+ '/POLICIES'
123 realm
= realm
.lower()
124 poldir
= r
'\\{0}\sysvol\{0}\Policies'.format(realm
)
125 # the first part of the base DN varies by testenv. Work it out from the realm
126 base_dn
= 'DC={0},DC=samba,DC=example,DC=com'.format(realm
.split('.')[0])
127 dspath
= 'CN=Policies,CN=System,' + base_dn
128 gpt_data
= '[General]\nVersion=%d'
130 gnome_test_reg_pol
= \
132 <?xml version="1.0" encoding="utf-8"?>
133 <PolFile num_entries="26" signature="PReg" version="1">
134 <Entry type="4" type_name="REG_DWORD">
135 <Key>GNOME Settings\Lock Down Settings</Key>
136 <ValueName>Lock Down Enabled Extensions</ValueName>
139 <Entry type="4" type_name="REG_DWORD">
140 <Key>GNOME Settings\Lock Down Settings</Key>
141 <ValueName>Lock Down Specific Settings</ValueName>
144 <Entry type="4" type_name="REG_DWORD">
145 <Key>GNOME Settings\Lock Down Settings</Key>
146 <ValueName>Disable Printing</ValueName>
149 <Entry type="4" type_name="REG_DWORD">
150 <Key>GNOME Settings\Lock Down Settings</Key>
151 <ValueName>Disable File Saving</ValueName>
154 <Entry type="4" type_name="REG_DWORD">
155 <Key>GNOME Settings\Lock Down Settings</Key>
156 <ValueName>Disable Command-Line Access</ValueName>
159 <Entry type="4" type_name="REG_DWORD">
160 <Key>GNOME Settings\Lock Down Settings</Key>
161 <ValueName>Disallow Login Using a Fingerprint</ValueName>
164 <Entry type="4" type_name="REG_DWORD">
165 <Key>GNOME Settings\Lock Down Settings</Key>
166 <ValueName>Disable User Logout</ValueName>
169 <Entry type="4" type_name="REG_DWORD">
170 <Key>GNOME Settings\Lock Down Settings</Key>
171 <ValueName>Disable User Switching</ValueName>
174 <Entry type="4" type_name="REG_DWORD">
175 <Key>GNOME Settings\Lock Down Settings</Key>
176 <ValueName>Disable Repartitioning</ValueName>
179 <Entry type="4" type_name="REG_DWORD">
180 <Key>GNOME Settings\Lock Down Settings</Key>
181 <ValueName>Whitelisted Online Accounts</ValueName>
184 <Entry type="4" type_name="REG_DWORD">
185 <Key>GNOME Settings\Lock Down Settings</Key>
186 <ValueName>Compose Key</ValueName>
189 <Entry type="4" type_name="REG_DWORD">
190 <Key>GNOME Settings\Lock Down Settings</Key>
191 <ValueName>Dim Screen when User is Idle</ValueName>
194 <Entry type="4" type_name="REG_DWORD">
195 <Key>GNOME Settings\Lock Down Settings</Key>
196 <ValueName>Enabled Extensions</ValueName>
199 <Entry type="1" type_name="REG_SZ">
200 <Key>GNOME Settings\Lock Down Settings\Compose Key</Key>
201 <ValueName>Key Name</ValueName>
202 <Value>Right Alt</Value>
204 <Entry type="4" type_name="REG_DWORD">
205 <Key>GNOME Settings\Lock Down Settings\Dim Screen when User is Idle</Key>
206 <ValueName>Delay</ValueName>
209 <Entry type="4" type_name="REG_DWORD">
210 <Key>GNOME Settings\Lock Down Settings\Dim Screen when User is Idle</Key>
211 <ValueName>Dim Idle Brightness</ValueName>
214 <Entry type="1" type_name="REG_SZ">
215 <Key>GNOME Settings\Lock Down Settings\Enabled Extensions</Key>
216 <ValueName>**delvals.</ValueName>
219 <Entry type="1" type_name="REG_SZ">
220 <Key>GNOME Settings\Lock Down Settings\Enabled Extensions</Key>
221 <ValueName>myextension1@myname.example.com</ValueName>
222 <Value>myextension1@myname.example.com</Value>
224 <Entry type="1" type_name="REG_SZ">
225 <Key>GNOME Settings\Lock Down Settings\Enabled Extensions</Key>
226 <ValueName>myextension2@myname.example.com</ValueName>
227 <Value>myextension2@myname.example.com</Value>
229 <Entry type="1" type_name="REG_SZ">
230 <Key>GNOME Settings\Lock Down Settings\Lock Down Specific Settings</Key>
231 <ValueName>**delvals.</ValueName>
234 <Entry type="1" type_name="REG_SZ">
235 <Key>GNOME Settings\Lock Down Settings\Lock Down Specific Settings</Key>
236 <ValueName>/org/gnome/desktop/background/picture-uri</ValueName>
237 <Value>/org/gnome/desktop/background/picture-uri</Value>
239 <Entry type="1" type_name="REG_SZ">
240 <Key>GNOME Settings\Lock Down Settings\Lock Down Specific Settings</Key>
241 <ValueName>/org/gnome/desktop/background/picture-options</ValueName>
242 <Value>/org/gnome/desktop/background/picture-options</Value>
244 <Entry type="1" type_name="REG_SZ">
245 <Key>GNOME Settings\Lock Down Settings\Lock Down Specific Settings</Key>
246 <ValueName>/org/gnome/desktop/background/primary-color</ValueName>
247 <Value>/org/gnome/desktop/background/primary-color</Value>
249 <Entry type="1" type_name="REG_SZ">
250 <Key>GNOME Settings\Lock Down Settings\Lock Down Specific Settings</Key>
251 <ValueName>/org/gnome/desktop/background/secondary-color</ValueName>
252 <Value>/org/gnome/desktop/background/secondary-color</Value>
254 <Entry type="1" type_name="REG_SZ">
255 <Key>GNOME Settings\Lock Down Settings\Whitelisted Online Accounts</Key>
256 <ValueName>**delvals.</ValueName>
259 <Entry type="1" type_name="REG_SZ">
260 <Key>GNOME Settings\Lock Down Settings\Whitelisted Online Accounts</Key>
261 <ValueName>google</ValueName>
262 <Value>google</Value>
267 auto_enroll_reg_pol
= \
269 <?xml version="1.0" encoding="utf-8"?>
270 <PolFile num_entries="3" signature="PReg" version="1">
271 <Entry type="4" type_name="REG_DWORD">
272 <Key>Software\Policies\Microsoft\Cryptography\AutoEnrollment</Key>
273 <ValueName>AEPolicy</ValueName>
276 <Entry type="4" type_name="REG_DWORD">
277 <Key>Software\Policies\Microsoft\Cryptography\AutoEnrollment</Key>
278 <ValueName>OfflineExpirationPercent</ValueName>
281 <Entry type="1" type_name="REG_SZ">
282 <Key>Software\Policies\Microsoft\Cryptography\AutoEnrollment</Key>
283 <ValueName>OfflineExpirationStoreNames</ValueName>
289 auto_enroll_unchecked_reg_pol
= \
291 <?xml version="1.0" encoding="utf-8"?>
292 <PolFile num_entries="3" signature="PReg" version="1">
293 <Entry type="4" type_name="REG_DWORD">
294 <Key>Software\Policies\Microsoft\Cryptography\AutoEnrollment</Key>
295 <ValueName>AEPolicy</ValueName>
298 <Entry type="4" type_name="REG_DWORD">
299 <Key>Software\Policies\Microsoft\Cryptography\AutoEnrollment</Key>
300 <ValueName>OfflineExpirationPercent</ValueName>
303 <Entry type="1" type_name="REG_SZ">
304 <Key>Software\Policies\Microsoft\Cryptography\AutoEnrollment</Key>
305 <ValueName>OfflineExpirationStoreNames</ValueName>
311 advanced_enroll_reg_pol
= \
313 <?xml version="1.0" encoding="utf-8"?>
314 <PolFile num_entries="30" signature="PReg" version="1">
315 <Entry type="1" type_name="REG_SZ">
316 <Key>Software\Policies\Microsoft\Cryptography</Key>
317 <ValueName>**DeleteKeys</ValueName>
318 <Value>Software\Policies\Microsoft\Cryptography\PolicyServers</Value>
320 <Entry type="4" type_name="REG_DWORD">
321 <Key>Software\Policies\Microsoft\Cryptography\AutoEnrollment</Key>
322 <ValueName>AEPolicy</ValueName>
325 <Entry type="4" type_name="REG_DWORD">
326 <Key>Software\Policies\Microsoft\Cryptography\AutoEnrollment</Key>
327 <ValueName>OfflineExpirationPercent</ValueName>
330 <Entry type="1" type_name="REG_SZ">
331 <Key>Software\Policies\Microsoft\Cryptography\AutoEnrollment</Key>
332 <ValueName>OfflineExpirationStoreNames</ValueName>
335 <Entry type="1" type_name="REG_SZ">
336 <Key>Software\Policies\Microsoft\Cryptography\PolicyServers</Key>
338 <Value>{5AD0BE6D-3393-4940-BFC3-6E19555A8919}</Value>
340 <Entry type="4" type_name="REG_DWORD">
341 <Key>Software\Policies\Microsoft\Cryptography\PolicyServers</Key>
342 <ValueName>Flags</ValueName>
345 <Entry type="1" type_name="REG_SZ">
346 <Key>Software\Policies\Microsoft\Cryptography\PolicyServers\37c9dc30f207f27f61a2f7c3aed598a6e2920b54</Key>
347 <ValueName>URL</ValueName>
350 <Entry type="1" type_name="REG_SZ">
351 <Key>Software\Policies\Microsoft\Cryptography\PolicyServers\37c9dc30f207f27f61a2f7c3aed598a6e2920b54</Key>
352 <ValueName>PolicyID</ValueName>
355 <Entry type="1" type_name="REG_SZ">
356 <Key>Software\Policies\Microsoft\Cryptography\PolicyServers\37c9dc30f207f27f61a2f7c3aed598a6e2920b54</Key>
357 <ValueName>FriendlyName</ValueName>
358 <Value>Example</Value>
360 <Entry type="4" type_name="REG_DWORD">
361 <Key>Software\Policies\Microsoft\Cryptography\PolicyServers\37c9dc30f207f27f61a2f7c3aed598a6e2920b54</Key>
362 <ValueName>Flags</ValueName>
365 <Entry type="4" type_name="REG_DWORD">
366 <Key>Software\Policies\Microsoft\Cryptography\PolicyServers\37c9dc30f207f27f61a2f7c3aed598a6e2920b54</Key>
367 <ValueName>AuthFlags</ValueName>
370 <Entry type="4" type_name="REG_DWORD">
371 <Key>Software\Policies\Microsoft\Cryptography\PolicyServers\37c9dc30f207f27f61a2f7c3aed598a6e2920b54</Key>
372 <ValueName>Cost</ValueName>
373 <Value>2147483645</Value>
375 <Entry type="1" type_name="REG_SZ">
376 <Key>Software\Policies\Microsoft\Cryptography\PolicyServers\144bdbb8e4717c26e408f3c9a0cb8d6cfacbcbbe</Key>
377 <ValueName>URL</ValueName>
378 <Value>https://example2.com/ADPolicyProvider_CEP_Certificate/service.svc/CEP</Value>
380 <Entry type="1" type_name="REG_SZ">
381 <Key>Software\Policies\Microsoft\Cryptography\PolicyServers\144bdbb8e4717c26e408f3c9a0cb8d6cfacbcbbe</Key>
382 <ValueName>PolicyID</ValueName>
385 <Entry type="1" type_name="REG_SZ">
386 <Key>Software\Policies\Microsoft\Cryptography\PolicyServers\144bdbb8e4717c26e408f3c9a0cb8d6cfacbcbbe</Key>
387 <ValueName>FriendlyName</ValueName>
388 <Value>Example2</Value>
390 <Entry type="4" type_name="REG_DWORD">
391 <Key>Software\Policies\Microsoft\Cryptography\PolicyServers\144bdbb8e4717c26e408f3c9a0cb8d6cfacbcbbe</Key>
392 <ValueName>Flags</ValueName>
395 <Entry type="4" type_name="REG_DWORD">
396 <Key>Software\Policies\Microsoft\Cryptography\PolicyServers\144bdbb8e4717c26e408f3c9a0cb8d6cfacbcbbe</Key>
397 <ValueName>AuthFlags</ValueName>
400 <Entry type="4" type_name="REG_DWORD">
401 <Key>Software\Policies\Microsoft\Cryptography\PolicyServers\144bdbb8e4717c26e408f3c9a0cb8d6cfacbcbbe</Key>
402 <ValueName>Cost</ValueName>
405 <Entry type="1" type_name="REG_SZ">
406 <Key>Software\Policies\Microsoft\Cryptography\PolicyServers\20d46e856e9b9746c0b1265c328f126a7b3283a9</Key>
407 <ValueName>URL</ValueName>
408 <Value>https://example0.com/ADPolicyProvider_CEP_Kerberos/service.svc/CEP</Value>
410 <Entry type="1" type_name="REG_SZ">
411 <Key>Software\Policies\Microsoft\Cryptography\PolicyServers\20d46e856e9b9746c0b1265c328f126a7b3283a9</Key>
412 <ValueName>PolicyID</ValueName>
415 <Entry type="1" type_name="REG_SZ">
416 <Key>Software\Policies\Microsoft\Cryptography\PolicyServers\20d46e856e9b9746c0b1265c328f126a7b3283a9</Key>
417 <ValueName>FriendlyName</ValueName>
418 <Value>Example0</Value>
420 <Entry type="4" type_name="REG_DWORD">
421 <Key>Software\Policies\Microsoft\Cryptography\PolicyServers\20d46e856e9b9746c0b1265c328f126a7b3283a9</Key>
422 <ValueName>Flags</ValueName>
425 <Entry type="4" type_name="REG_DWORD">
426 <Key>Software\Policies\Microsoft\Cryptography\PolicyServers\20d46e856e9b9746c0b1265c328f126a7b3283a9</Key>
427 <ValueName>AuthFlags</ValueName>
430 <Entry type="4" type_name="REG_DWORD">
431 <Key>Software\Policies\Microsoft\Cryptography\PolicyServers\20d46e856e9b9746c0b1265c328f126a7b3283a9</Key>
432 <ValueName>Cost</ValueName>
435 <Entry type="1" type_name="REG_SZ">
436 <Key>Software\Policies\Microsoft\Cryptography\PolicyServers\855b5246433a48402ac4f5c3427566df26ccc9ac</Key>
437 <ValueName>URL</ValueName>
438 <Value>https://example1.com/ADPolicyProvider_CEP_Kerberos/service.svc/CEP</Value>
440 <Entry type="1" type_name="REG_SZ">
441 <Key>Software\Policies\Microsoft\Cryptography\PolicyServers\855b5246433a48402ac4f5c3427566df26ccc9ac</Key>
442 <ValueName>PolicyID</ValueName>
445 <Entry type="1" type_name="REG_SZ">
446 <Key>Software\Policies\Microsoft\Cryptography\PolicyServers\855b5246433a48402ac4f5c3427566df26ccc9ac</Key>
447 <ValueName>FriendlyName</ValueName>
448 <Value>Example1</Value>
450 <Entry type="4" type_name="REG_DWORD">
451 <Key>Software\Policies\Microsoft\Cryptography\PolicyServers\855b5246433a48402ac4f5c3427566df26ccc9ac</Key>
452 <ValueName>Flags</ValueName>
455 <Entry type="4" type_name="REG_DWORD">
456 <Key>Software\Policies\Microsoft\Cryptography\PolicyServers\855b5246433a48402ac4f5c3427566df26ccc9ac</Key>
457 <ValueName>AuthFlags</ValueName>
460 <Entry type="4" type_name="REG_DWORD">
461 <Key>Software\Policies\Microsoft\Cryptography\PolicyServers\855b5246433a48402ac4f5c3427566df26ccc9ac</Key>
462 <ValueName>Cost</ValueName>
470 <?xml version="1.0" encoding="utf-8"?>
471 <PolFile num_entries="241" signature="PReg" version="1">
472 <Entry type="7" type_name="REG_MULTI_SZ">
473 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
474 <ValueName>ExtensionSettings</ValueName>
475 <Value>{ "*": { "blocked_install_message": "Custom error message.", "install_sources": ["about:addons","https://addons.mozilla.org/"], "installation_mode": "blocked", "allowed_types": ["extension"] }, "uBlock0@raymondhill.net": { "installation_mode": "force_installed", "install_url": "https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi" }, "https-everywhere@eff.org": { "installation_mode": "allowed" } }</Value>
477 <Entry type="4" type_name="REG_DWORD">
478 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
479 <ValueName>ExtensionUpdate</ValueName>
482 <Entry type="4" type_name="REG_DWORD">
483 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
484 <ValueName>SearchSuggestEnabled</ValueName>
487 <Entry type="4" type_name="REG_DWORD">
488 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
489 <ValueName>AppAutoUpdate</ValueName>
492 <Entry type="1" type_name="REG_SZ">
493 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
494 <ValueName>AppUpdateURL</ValueName>
495 <Value>https://yoursite.com</Value>
497 <Entry type="4" type_name="REG_DWORD">
498 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
499 <ValueName>BlockAboutAddons</ValueName>
502 <Entry type="4" type_name="REG_DWORD">
503 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
504 <ValueName>BlockAboutConfig</ValueName>
507 <Entry type="4" type_name="REG_DWORD">
508 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
509 <ValueName>BlockAboutProfiles</ValueName>
512 <Entry type="4" type_name="REG_DWORD">
513 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
514 <ValueName>BlockAboutSupport</ValueName>
517 <Entry type="4" type_name="REG_DWORD">
518 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
519 <ValueName>CaptivePortal</ValueName>
522 <Entry type="2" type_name="REG_EXPAND_SZ">
523 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
524 <ValueName>DefaultDownloadDirectory</ValueName>
525 <Value>${home}/Downloads</Value>
527 <Entry type="4" type_name="REG_DWORD">
528 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
529 <ValueName>DisableAppUpdate</ValueName>
532 <Entry type="4" type_name="REG_DWORD">
533 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
534 <ValueName>DisableBuiltinPDFViewer</ValueName>
537 <Entry type="4" type_name="REG_DWORD">
538 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
539 <ValueName>DisableDefaultBrowserAgent</ValueName>
542 <Entry type="4" type_name="REG_DWORD">
543 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
544 <ValueName>DisableDeveloperTools</ValueName>
547 <Entry type="4" type_name="REG_DWORD">
548 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
549 <ValueName>DisableFeedbackCommands</ValueName>
552 <Entry type="4" type_name="REG_DWORD">
553 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
554 <ValueName>DisableFirefoxAccounts</ValueName>
557 <Entry type="4" type_name="REG_DWORD">
558 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
559 <ValueName>DisableFirefoxScreenshots</ValueName>
562 <Entry type="4" type_name="REG_DWORD">
563 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
564 <ValueName>DisableFirefoxStudies</ValueName>
567 <Entry type="4" type_name="REG_DWORD">
568 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
569 <ValueName>DisableForgetButton</ValueName>
572 <Entry type="4" type_name="REG_DWORD">
573 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
574 <ValueName>DisableFormHistory</ValueName>
577 <Entry type="4" type_name="REG_DWORD">
578 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
579 <ValueName>DisableMasterPasswordCreation</ValueName>
582 <Entry type="4" type_name="REG_DWORD">
583 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
584 <ValueName>DisablePasswordReveal</ValueName>
587 <Entry type="4" type_name="REG_DWORD">
588 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
589 <ValueName>DisablePocket</ValueName>
592 <Entry type="4" type_name="REG_DWORD">
593 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
594 <ValueName>DisablePrivateBrowsing</ValueName>
597 <Entry type="4" type_name="REG_DWORD">
598 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
599 <ValueName>DisableProfileImport</ValueName>
602 <Entry type="4" type_name="REG_DWORD">
603 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
604 <ValueName>DisableProfileRefresh</ValueName>
607 <Entry type="4" type_name="REG_DWORD">
608 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
609 <ValueName>DisableSafeMode</ValueName>
612 <Entry type="4" type_name="REG_DWORD">
613 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
614 <ValueName>DisableSetDesktopBackground</ValueName>
617 <Entry type="4" type_name="REG_DWORD">
618 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
619 <ValueName>DisableSystemAddonUpdate</ValueName>
622 <Entry type="4" type_name="REG_DWORD">
623 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
624 <ValueName>DisableTelemetry</ValueName>
627 <Entry type="4" type_name="REG_DWORD">
628 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
629 <ValueName>DisplayBookmarksToolbar</ValueName>
632 <Entry type="1" type_name="REG_SZ">
633 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
634 <ValueName>DisplayMenuBar</ValueName>
635 <Value>default-on</Value>
637 <Entry type="4" type_name="REG_DWORD">
638 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
639 <ValueName>DontCheckDefaultBrowser</ValueName>
642 <Entry type="2" type_name="REG_EXPAND_SZ">
643 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
644 <ValueName>DownloadDirectory</ValueName>
645 <Value>${home}/Downloads</Value>
647 <Entry type="7" type_name="REG_MULTI_SZ">
648 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
649 <ValueName>Handlers</ValueName>
650 <Value>{ "mimeTypes": { "application/msword": { "action": "useSystemDefault", "ask": true } }, "schemes": { "mailto": { "action": "useHelperApp", "ask": true, "handlers": [{ "name": "Gmail", "uriTemplate": "https://mail.google.com/mail/?extsrc=mailto&url=%s" }] } }, "extensions": { "pdf": { "action": "useHelperApp", "ask": true, "handlers": [{ "name": "Adobe Acrobat", "path": "/usr/bin/acroread" }] } } }</Value>
652 <Entry type="4" type_name="REG_DWORD">
653 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
654 <ValueName>HardwareAcceleration</ValueName>
657 <Entry type="7" type_name="REG_MULTI_SZ">
658 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
659 <ValueName>ManagedBookmarks</ValueName>
660 <Value>[ { "toplevel_name": "My managed bookmarks folder" }, { "url": "example.com", "name": "Example" }, { "name": "Mozilla links", "children": [ { "url": "https://mozilla.org", "name": "Mozilla.org" }, { "url": "https://support.mozilla.org/", "name": "SUMO" } ] } ]</Value>
662 <Entry type="4" type_name="REG_DWORD">
663 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
664 <ValueName>NetworkPrediction</ValueName>
667 <Entry type="4" type_name="REG_DWORD">
668 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
669 <ValueName>NewTabPage</ValueName>
672 <Entry type="4" type_name="REG_DWORD">
673 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
674 <ValueName>NoDefaultBookmarks</ValueName>
677 <Entry type="4" type_name="REG_DWORD">
678 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
679 <ValueName>OfferToSaveLogins</ValueName>
682 <Entry type="4" type_name="REG_DWORD">
683 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
684 <ValueName>OfferToSaveLoginsDefault</ValueName>
687 <Entry type="1" type_name="REG_SZ">
688 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
689 <ValueName>OverrideFirstRunPage</ValueName>
690 <Value>http://example.org</Value>
692 <Entry type="1" type_name="REG_SZ">
693 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
694 <ValueName>OverridePostUpdatePage</ValueName>
695 <Value>http://example.org</Value>
697 <Entry type="4" type_name="REG_DWORD">
698 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
699 <ValueName>PasswordManagerEnabled</ValueName>
702 <Entry type="7" type_name="REG_MULTI_SZ">
703 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
704 <ValueName>Preferences</ValueName>
705 <Value>{ "accessibility.force_disabled": { "Value": 1, "Status": "default" }, "browser.cache.disk.parent_directory": { "Value": "SOME_NATIVE_PATH", "Status": "user" }, "browser.tabs.warnOnClose": { "Value": false, "Status": "locked" } }</Value>
707 <Entry type="4" type_name="REG_DWORD">
708 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
709 <ValueName>PrimaryPassword</ValueName>
712 <Entry type="4" type_name="REG_DWORD">
713 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
714 <ValueName>PromptForDownloadLocation</ValueName>
717 <Entry type="1" type_name="REG_SZ">
718 <Key>Software\\Policies\\Mozilla\\Firefox\\RequestedLocales</Key>
719 <ValueName>**delvals.</ValueName>
722 <Entry type="1" type_name="REG_SZ">
723 <Key>Software\\Policies\\Mozilla\\Firefox\\RequestedLocales</Key>
724 <ValueName>1</ValueName>
727 <Entry type="1" type_name="REG_SZ">
728 <Key>Software\\Policies\\Mozilla\\Firefox\\RequestedLocales</Key>
729 <ValueName>2</ValueName>
732 <Entry type="1" type_name="REG_SZ">
733 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
734 <ValueName>SSLVersionMax</ValueName>
735 <Value>tls1.3</Value>
737 <Entry type="1" type_name="REG_SZ">
738 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
739 <ValueName>SSLVersionMin</ValueName>
740 <Value>tls1.3</Value>
742 <Entry type="1" type_name="REG_SZ">
743 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
744 <ValueName>SearchBar</ValueName>
745 <Value>unified</Value>
747 <Entry type="4" type_name="REG_DWORD">
748 <Key>Software\\Policies\\Mozilla\\Firefox\\Authentication</Key>
749 <ValueName>Locked</ValueName>
752 <Entry type="4" type_name="REG_DWORD">
753 <Key>Software\\Policies\\Mozilla\\Firefox\\Authentication</Key>
754 <ValueName>PrivateBrowsing</ValueName>
757 <Entry type="4" type_name="REG_DWORD">
758 <Key>Software\\Policies\\Mozilla\\Firefox\\Authentication\\AllowNonFQDN</Key>
759 <ValueName>NTLM</ValueName>
762 <Entry type="4" type_name="REG_DWORD">
763 <Key>Software\\Policies\\Mozilla\\Firefox\\Authentication\\AllowNonFQDN</Key>
764 <ValueName>SPNEGO</ValueName>
767 <Entry type="4" type_name="REG_DWORD">
768 <Key>Software\\Policies\\Mozilla\\Firefox\\Authentication\\AllowProxies</Key>
769 <ValueName>NTLM</ValueName>
772 <Entry type="4" type_name="REG_DWORD">
773 <Key>Software\\Policies\\Mozilla\\Firefox\\Authentication\\AllowProxies</Key>
774 <ValueName>SPNEGO</ValueName>
777 <Entry type="1" type_name="REG_SZ">
778 <Key>Software\\Policies\\Mozilla\\Firefox\\Authentication\\Delegated</Key>
779 <ValueName>**delvals.</ValueName>
782 <Entry type="1" type_name="REG_SZ">
783 <Key>Software\\Policies\\Mozilla\\Firefox\\Authentication\\Delegated</Key>
784 <ValueName>1</ValueName>
785 <Value>mydomain.com</Value>
787 <Entry type="1" type_name="REG_SZ">
788 <Key>Software\\Policies\\Mozilla\\Firefox\\Authentication\\Delegated</Key>
789 <ValueName>1</ValueName>
790 <Value>https://myotherdomain.com</Value>
792 <Entry type="1" type_name="REG_SZ">
793 <Key>Software\\Policies\\Mozilla\\Firefox\\Authentication\\NTLM</Key>
794 <ValueName>**delvals.</ValueName>
797 <Entry type="1" type_name="REG_SZ">
798 <Key>Software\\Policies\\Mozilla\\Firefox\\Authentication\\NTLM</Key>
799 <ValueName>1</ValueName>
800 <Value>mydomain.com</Value>
802 <Entry type="1" type_name="REG_SZ">
803 <Key>Software\\Policies\\Mozilla\\Firefox\\Authentication\\NTLM</Key>
804 <ValueName>1</ValueName>
805 <Value>https://myotherdomain.com</Value>
807 <Entry type="1" type_name="REG_SZ">
808 <Key>Software\\Policies\\Mozilla\\Firefox\\Authentication\\SPNEGO</Key>
809 <ValueName>**delvals.</ValueName>
812 <Entry type="1" type_name="REG_SZ">
813 <Key>Software\\Policies\\Mozilla\\Firefox\\Authentication\\SPNEGO</Key>
814 <ValueName>1</ValueName>
815 <Value>mydomain.com</Value>
817 <Entry type="1" type_name="REG_SZ">
818 <Key>Software\\Policies\\Mozilla\\Firefox\\Authentication\\SPNEGO</Key>
819 <ValueName>1</ValueName>
820 <Value>https://myotherdomain.com</Value>
822 <Entry type="1" type_name="REG_SZ">
823 <Key>Software\\Policies\\Mozilla\\Firefox\\Bookmarks\\1</Key>
824 <ValueName>Title</ValueName>
825 <Value>Example</Value>
827 <Entry type="1" type_name="REG_SZ">
828 <Key>Software\\Policies\\Mozilla\\Firefox\\Bookmarks\\1</Key>
829 <ValueName>URL</ValueName>
830 <Value>https://example.com</Value>
832 <Entry type="1" type_name="REG_SZ">
833 <Key>Software\\Policies\\Mozilla\\Firefox\\Bookmarks\\1</Key>
834 <ValueName>Favicon</ValueName>
835 <Value>https://example.com/favicon.ico</Value>
837 <Entry type="1" type_name="REG_SZ">
838 <Key>Software\\Policies\\Mozilla\\Firefox\\Bookmarks\\1</Key>
839 <ValueName>Placement</ValueName>
842 <Entry type="1" type_name="REG_SZ">
843 <Key>Software\\Policies\\Mozilla\\Firefox\\Bookmarks\\1</Key>
844 <ValueName>Folder</ValueName>
845 <Value>FolderName</Value>
847 <Entry type="1" type_name="REG_SZ">
848 <Key>Software\\Policies\\Mozilla\\Firefox\\Bookmarks\\10</Key>
849 <ValueName>Title</ValueName>
852 <Entry type="1" type_name="REG_SZ">
853 <Key>Software\\Policies\\Mozilla\\Firefox\\Bookmarks\\10</Key>
854 <ValueName>URL</ValueName>
855 <Value>www.samba.org</Value>
857 <Entry type="1" type_name="REG_SZ">
858 <Key>Software\\Policies\\Mozilla\\Firefox\\Bookmarks\\10</Key>
859 <ValueName>Favicon</ValueName>
862 <Entry type="1" type_name="REG_SZ">
863 <Key>Software\\Policies\\Mozilla\\Firefox\\Bookmarks\\10</Key>
864 <ValueName>Placement</ValueName>
865 <Value>toolbar</Value>
867 <Entry type="1" type_name="REG_SZ">
868 <Key>Software\\Policies\\Mozilla\\Firefox\\Bookmarks\\10</Key>
869 <ValueName>Folder</ValueName>
872 <Entry type="1" type_name="REG_SZ">
873 <Key>Software\\Policies\\Mozilla\\Firefox\\Cookies</Key>
874 <ValueName>AcceptThirdParty</ValueName>
877 <Entry type="4" type_name="REG_DWORD">
878 <Key>Software\\Policies\\Mozilla\\Firefox\\Cookies</Key>
879 <ValueName>Default</ValueName>
882 <Entry type="4" type_name="REG_DWORD">
883 <Key>Software\\Policies\\Mozilla\\Firefox\\Cookies</Key>
884 <ValueName>ExpireAtSessionEnd</ValueName>
887 <Entry type="4" type_name="REG_DWORD">
888 <Key>Software\\Policies\\Mozilla\\Firefox\\Cookies</Key>
889 <ValueName>Locked</ValueName>
892 <Entry type="4" type_name="REG_DWORD">
893 <Key>Software\\Policies\\Mozilla\\Firefox\\Cookies</Key>
894 <ValueName>RejectTracker</ValueName>
897 <Entry type="1" type_name="REG_SZ">
898 <Key>Software\\Policies\\Mozilla\\Firefox\\Cookies\\Allow</Key>
899 <ValueName>**delvals.</ValueName>
902 <Entry type="1" type_name="REG_SZ">
903 <Key>Software\\Policies\\Mozilla\\Firefox\\Cookies\\Allow</Key>
904 <ValueName>1</ValueName>
905 <Value>http://example.org/</Value>
907 <Entry type="1" type_name="REG_SZ">
908 <Key>Software\\Policies\\Mozilla\\Firefox\\Cookies\\AllowSession</Key>
909 <ValueName>**delvals.</ValueName>
912 <Entry type="1" type_name="REG_SZ">
913 <Key>Software\\Policies\\Mozilla\\Firefox\\Cookies\\AllowSession</Key>
914 <ValueName>1</ValueName>
915 <Value>http://example.edu/</Value>
917 <Entry type="1" type_name="REG_SZ">
918 <Key>Software\\Policies\\Mozilla\\Firefox\\Cookies\\Block</Key>
919 <ValueName>**delvals.</ValueName>
922 <Entry type="1" type_name="REG_SZ">
923 <Key>Software\\Policies\\Mozilla\\Firefox\\Cookies\\Block</Key>
924 <ValueName>1</ValueName>
925 <Value>http://example.edu/</Value>
927 <Entry type="4" type_name="REG_DWORD">
928 <Key>Software\\Policies\\Mozilla\\Firefox\\DisabledCiphers</Key>
929 <ValueName>TLS_DHE_RSA_WITH_AES_128_CBC_SHA</ValueName>
932 <Entry type="4" type_name="REG_DWORD">
933 <Key>Software\\Policies\\Mozilla\\Firefox\\DisabledCiphers</Key>
934 <ValueName>TLS_DHE_RSA_WITH_AES_256_CBC_SHA</ValueName>
937 <Entry type="4" type_name="REG_DWORD">
938 <Key>Software\\Policies\\Mozilla\\Firefox\\DisabledCiphers</Key>
939 <ValueName>TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256</ValueName>
942 <Entry type="4" type_name="REG_DWORD">
943 <Key>Software\\Policies\\Mozilla\\Firefox\\DisabledCiphers</Key>
944 <ValueName>TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA</ValueName>
947 <Entry type="4" type_name="REG_DWORD">
948 <Key>Software\\Policies\\Mozilla\\Firefox\\DisabledCiphers</Key>
949 <ValueName>TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256</ValueName>
952 <Entry type="4" type_name="REG_DWORD">
953 <Key>Software\\Policies\\Mozilla\\Firefox\\DisabledCiphers</Key>
954 <ValueName>TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA</ValueName>
957 <Entry type="4" type_name="REG_DWORD">
958 <Key>Software\\Policies\\Mozilla\\Firefox\\DisabledCiphers</Key>
959 <ValueName>TLS_RSA_WITH_3DES_EDE_CBC_SHA</ValueName>
962 <Entry type="4" type_name="REG_DWORD">
963 <Key>Software\\Policies\\Mozilla\\Firefox\\DisabledCiphers</Key>
964 <ValueName>TLS_RSA_WITH_AES_128_CBC_SHA</ValueName>
967 <Entry type="4" type_name="REG_DWORD">
968 <Key>Software\\Policies\\Mozilla\\Firefox\\DisabledCiphers</Key>
969 <ValueName>TLS_RSA_WITH_AES_128_GCM_SHA256</ValueName>
972 <Entry type="4" type_name="REG_DWORD">
973 <Key>Software\\Policies\\Mozilla\\Firefox\\DisabledCiphers</Key>
974 <ValueName>TLS_RSA_WITH_AES_256_CBC_SHA</ValueName>
977 <Entry type="4" type_name="REG_DWORD">
978 <Key>Software\\Policies\\Mozilla\\Firefox\\DisabledCiphers</Key>
979 <ValueName>TLS_RSA_WITH_AES_256_GCM_SHA384</ValueName>
982 <Entry type="4" type_name="REG_DWORD">
983 <Key>Software\\Policies\\Mozilla\\Firefox\\DisableSecurityBypass</Key>
984 <ValueName>InvalidCertificate</ValueName>
987 <Entry type="4" type_name="REG_DWORD">
988 <Key>Software\\Policies\\Mozilla\\Firefox\\DisableSecurityBypass</Key>
989 <ValueName>SafeBrowsing</ValueName>
992 <Entry type="4" type_name="REG_DWORD">
993 <Key>Software\\Policies\\Mozilla\\Firefox\\DNSOverHTTPS</Key>
994 <ValueName>Enabled</ValueName>
997 <Entry type="4" type_name="REG_DWORD">
998 <Key>Software\\Policies\\Mozilla\\Firefox\\DNSOverHTTPS</Key>
999 <ValueName>Locked</ValueName>
1002 <Entry type="1" type_name="REG_SZ">
1003 <Key>Software\\Policies\\Mozilla\\Firefox\\DNSOverHTTPS</Key>
1004 <ValueName>ProviderURL</ValueName>
1005 <Value>URL_TO_ALTERNATE_PROVIDER</Value>
1007 <Entry type="1" type_name="REG_SZ">
1008 <Key>Software\\Policies\\Mozilla\\Firefox\\DNSOverHTTPS\\ExcludedDomains</Key>
1009 <ValueName>**delvals.</ValueName>
1012 <Entry type="1" type_name="REG_SZ">
1013 <Key>Software\\Policies\\Mozilla\\Firefox\\DNSOverHTTPS\\ExcludedDomains</Key>
1014 <ValueName>1</ValueName>
1015 <Value>example.com</Value>
1017 <Entry type="4" type_name="REG_DWORD">
1018 <Key>Software\\Policies\\Mozilla\\Firefox\\EnableTrackingProtection</Key>
1019 <ValueName>Value</ValueName>
1022 <Entry type="4" type_name="REG_DWORD">
1023 <Key>Software\\Policies\\Mozilla\\Firefox\\EnableTrackingProtection</Key>
1024 <ValueName>Cryptomining</ValueName>
1027 <Entry type="4" type_name="REG_DWORD">
1028 <Key>Software\\Policies\\Mozilla\\Firefox\\EnableTrackingProtection</Key>
1029 <ValueName>Fingerprinting</ValueName>
1032 <Entry type="4" type_name="REG_DWORD">
1033 <Key>Software\\Policies\\Mozilla\\Firefox\\EnableTrackingProtection</Key>
1034 <ValueName>Locked</ValueName>
1037 <Entry type="1" type_name="REG_SZ">
1038 <Key>Software\\Policies\\Mozilla\\Firefox\\EnableTrackingProtection\\Exceptions</Key>
1039 <ValueName>**delvals.</ValueName>
1042 <Entry type="1" type_name="REG_SZ">
1043 <Key>Software\\Policies\\Mozilla\\Firefox\\EnableTrackingProtection\\Exceptions</Key>
1044 <ValueName>1</ValueName>
1045 <Value>https://example.com</Value>
1047 <Entry type="4" type_name="REG_DWORD">
1048 <Key>Software\\Policies\\Mozilla\\Firefox\\EncryptedMediaExtensions</Key>
1049 <ValueName>Enabled</ValueName>
1052 <Entry type="4" type_name="REG_DWORD">
1053 <Key>Software\\Policies\\Mozilla\\Firefox\\EncryptedMediaExtensions</Key>
1054 <ValueName>Locked</ValueName>
1057 <Entry type="1" type_name="REG_SZ">
1058 <Key>Software\\Policies\\Mozilla\\Firefox\\Extensions\\Install</Key>
1059 <ValueName>**delvals.</ValueName>
1062 <Entry type="2" type_name="REG_EXPAND_SZ">
1063 <Key>Software\\Policies\\Mozilla\\Firefox\\Extensions\\Install</Key>
1064 <ValueName>1</ValueName>
1065 <Value>https://addons.mozilla.org/firefox/downloads/somefile.xpi</Value>
1067 <Entry type="2" type_name="REG_EXPAND_SZ">
1068 <Key>Software\\Policies\\Mozilla\\Firefox\\Extensions\\Install</Key>
1069 <ValueName>2</ValueName>
1070 <Value>//path/to/xpi</Value>
1072 <Entry type="1" type_name="REG_SZ">
1073 <Key>Software\\Policies\\Mozilla\\Firefox\\Extensions\\Locked</Key>
1074 <ValueName>**delvals.</ValueName>
1077 <Entry type="1" type_name="REG_SZ">
1078 <Key>Software\\Policies\\Mozilla\\Firefox\\Extensions\\Locked</Key>
1079 <ValueName>1</ValueName>
1080 <Value>addon_id@mozilla.org</Value>
1082 <Entry type="1" type_name="REG_SZ">
1083 <Key>Software\\Policies\\Mozilla\\Firefox\\Extensions\\Uninstall</Key>
1084 <ValueName>**delvals.</ValueName>
1087 <Entry type="1" type_name="REG_SZ">
1088 <Key>Software\\Policies\\Mozilla\\Firefox\\Extensions\\Uninstall</Key>
1089 <ValueName>1</ValueName>
1090 <Value>bad_addon_id@mozilla.org</Value>
1092 <Entry type="4" type_name="REG_DWORD">
1093 <Key>Software\\Policies\\Mozilla\\Firefox\\FirefoxHome</Key>
1094 <ValueName>Search</ValueName>
1097 <Entry type="4" type_name="REG_DWORD">
1098 <Key>Software\\Policies\\Mozilla\\Firefox\\FirefoxHome</Key>
1099 <ValueName>TopSites</ValueName>
1102 <Entry type="4" type_name="REG_DWORD">
1103 <Key>Software\\Policies\\Mozilla\\Firefox\\FirefoxHome</Key>
1104 <ValueName>Highlights</ValueName>
1107 <Entry type="4" type_name="REG_DWORD">
1108 <Key>Software\\Policies\\Mozilla\\Firefox\\FirefoxHome</Key>
1109 <ValueName>Pocket</ValueName>
1112 <Entry type="4" type_name="REG_DWORD">
1113 <Key>Software\\Policies\\Mozilla\\Firefox\\FirefoxHome</Key>
1114 <ValueName>Snippets</ValueName>
1117 <Entry type="4" type_name="REG_DWORD">
1118 <Key>Software\\Policies\\Mozilla\\Firefox\\FirefoxHome</Key>
1119 <ValueName>Locked</ValueName>
1122 <Entry type="4" type_name="REG_DWORD">
1123 <Key>Software\\Policies\\Mozilla\\Firefox\\FlashPlugin</Key>
1124 <ValueName>Default</ValueName>
1127 <Entry type="4" type_name="REG_DWORD">
1128 <Key>Software\\Policies\\Mozilla\\Firefox\\FlashPlugin</Key>
1129 <ValueName>Locked</ValueName>
1132 <Entry type="1" type_name="REG_SZ">
1133 <Key>Software\\Policies\\Mozilla\\Firefox\\FlashPlugin\\Allow</Key>
1134 <ValueName>**delvals.</ValueName>
1137 <Entry type="1" type_name="REG_SZ">
1138 <Key>Software\\Policies\\Mozilla\\Firefox\\FlashPlugin\\Allow</Key>
1139 <ValueName>1</ValueName>
1140 <Value>http://example.org/</Value>
1142 <Entry type="1" type_name="REG_SZ">
1143 <Key>Software\\Policies\\Mozilla\\Firefox\\FlashPlugin\\Block</Key>
1144 <ValueName>**delvals.</ValueName>
1147 <Entry type="1" type_name="REG_SZ">
1148 <Key>Software\\Policies\\Mozilla\\Firefox\\FlashPlugin\\Block</Key>
1149 <ValueName>1</ValueName>
1150 <Value>http://example.edu/</Value>
1152 <Entry type="1" type_name="REG_SZ">
1153 <Key>Software\\Policies\\Mozilla\\Firefox\\Homepage</Key>
1154 <ValueName>StartPage</ValueName>
1155 <Value>homepage</Value>
1157 <Entry type="1" type_name="REG_SZ">
1158 <Key>Software\\Policies\\Mozilla\\Firefox\\Homepage</Key>
1159 <ValueName>URL</ValueName>
1160 <Value>http://example.com/</Value>
1162 <Entry type="4" type_name="REG_DWORD">
1163 <Key>Software\\Policies\\Mozilla\\Firefox\\Homepage</Key>
1164 <ValueName>Locked</ValueName>
1167 <Entry type="1" type_name="REG_SZ">
1168 <Key>Software\\Policies\\Mozilla\\Firefox\\Homepage\\Additional</Key>
1169 <ValueName>**delvals.</ValueName>
1172 <Entry type="1" type_name="REG_SZ">
1173 <Key>Software\\Policies\\Mozilla\\Firefox\\Homepage\\Additional</Key>
1174 <ValueName>1</ValueName>
1175 <Value>http://example.org/</Value>
1177 <Entry type="1" type_name="REG_SZ">
1178 <Key>Software\\Policies\\Mozilla\\Firefox\\Homepage\\Additional</Key>
1179 <ValueName>2</ValueName>
1180 <Value>http://example.edu/</Value>
1182 <Entry type="4" type_name="REG_DWORD">
1183 <Key>Software\\Policies\\Mozilla\\Firefox\\InstallAddonsPermission</Key>
1184 <ValueName>Default</ValueName>
1187 <Entry type="1" type_name="REG_SZ">
1188 <Key>Software\\Policies\\Mozilla\\Firefox\\InstallAddonsPermission\\Allow</Key>
1189 <ValueName>**delvals.</ValueName>
1192 <Entry type="1" type_name="REG_SZ">
1193 <Key>Software\\Policies\\Mozilla\\Firefox\\InstallAddonsPermission\\Allow</Key>
1194 <ValueName>1</ValueName>
1195 <Value>http://example.org/</Value>
1197 <Entry type="1" type_name="REG_SZ">
1198 <Key>Software\\Policies\\Mozilla\\Firefox\\InstallAddonsPermission\\Allow</Key>
1199 <ValueName>2</ValueName>
1200 <Value>http://example.edu/</Value>
1202 <Entry type="1" type_name="REG_SZ">
1203 <Key>Software\\Policies\\Mozilla\\Firefox\\LocalFileLinks</Key>
1204 <ValueName>**delvals.</ValueName>
1207 <Entry type="1" type_name="REG_SZ">
1208 <Key>Software\\Policies\\Mozilla\\Firefox\\LocalFileLinks</Key>
1209 <ValueName>1</ValueName>
1210 <Value>http://example.org/</Value>
1212 <Entry type="1" type_name="REG_SZ">
1213 <Key>Software\\Policies\\Mozilla\\Firefox\\LocalFileLinks</Key>
1214 <ValueName>2</ValueName>
1215 <Value>http://example.edu/</Value>
1217 <Entry type="4" type_name="REG_DWORD">
1218 <Key>Software\\Policies\\Mozilla\\Firefox\\PDFjs</Key>
1219 <ValueName>EnablePermissions</ValueName>
1222 <Entry type="4" type_name="REG_DWORD">
1223 <Key>Software\\Policies\\Mozilla\\Firefox\\PDFjs</Key>
1224 <ValueName>Enabled</ValueName>
1227 <Entry type="1" type_name="REG_SZ">
1228 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Autoplay</Key>
1229 <ValueName>Default</ValueName>
1230 <Value>block-audio</Value>
1232 <Entry type="4" type_name="REG_DWORD">
1233 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Autoplay</Key>
1234 <ValueName>Locked</ValueName>
1237 <Entry type="1" type_name="REG_SZ">
1238 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Autoplay\\Allow</Key>
1239 <ValueName>**delvals.</ValueName>
1242 <Entry type="1" type_name="REG_SZ">
1243 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Autoplay\\Allow</Key>
1244 <ValueName>1</ValueName>
1245 <Value>https://example.org</Value>
1247 <Entry type="1" type_name="REG_SZ">
1248 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Autoplay\\Block</Key>
1249 <ValueName>**delvals.</ValueName>
1252 <Entry type="1" type_name="REG_SZ">
1253 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Autoplay\\Block</Key>
1254 <ValueName>1</ValueName>
1255 <Value>https://example.edu</Value>
1257 <Entry type="4" type_name="REG_DWORD">
1258 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Camera</Key>
1259 <ValueName>BlockNewRequests</ValueName>
1262 <Entry type="4" type_name="REG_DWORD">
1263 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Camera</Key>
1264 <ValueName>Locked</ValueName>
1267 <Entry type="1" type_name="REG_SZ">
1268 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Camera\\Allow</Key>
1269 <ValueName>**delvals.</ValueName>
1272 <Entry type="1" type_name="REG_SZ">
1273 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Camera\\Allow</Key>
1274 <ValueName>1</ValueName>
1275 <Value>https://example.org</Value>
1277 <Entry type="1" type_name="REG_SZ">
1278 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Camera\\Allow</Key>
1279 <ValueName>2</ValueName>
1280 <Value>https://example.org:1234</Value>
1282 <Entry type="1" type_name="REG_SZ">
1283 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Camera\\Block</Key>
1284 <ValueName>**delvals.</ValueName>
1287 <Entry type="1" type_name="REG_SZ">
1288 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Camera\\Block</Key>
1289 <ValueName>1</ValueName>
1290 <Value>https://example.edu</Value>
1292 <Entry type="4" type_name="REG_DWORD">
1293 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Location</Key>
1294 <ValueName>BlockNewRequests</ValueName>
1297 <Entry type="4" type_name="REG_DWORD">
1298 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Location</Key>
1299 <ValueName>Locked</ValueName>
1302 <Entry type="1" type_name="REG_SZ">
1303 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Location\\Allow</Key>
1304 <ValueName>**delvals.</ValueName>
1307 <Entry type="1" type_name="REG_SZ">
1308 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Location\\Allow</Key>
1309 <ValueName>1</ValueName>
1310 <Value>https://example.org</Value>
1312 <Entry type="1" type_name="REG_SZ">
1313 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Location\\Block</Key>
1314 <ValueName>**delvals.</ValueName>
1317 <Entry type="1" type_name="REG_SZ">
1318 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Location\\Block</Key>
1319 <ValueName>1</ValueName>
1320 <Value>https://example.edu</Value>
1322 <Entry type="4" type_name="REG_DWORD">
1323 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Microphone</Key>
1324 <ValueName>BlockNewRequests</ValueName>
1327 <Entry type="4" type_name="REG_DWORD">
1328 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Microphone</Key>
1329 <ValueName>Locked</ValueName>
1332 <Entry type="1" type_name="REG_SZ">
1333 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Microphone\\Allow</Key>
1334 <ValueName>**delvals.</ValueName>
1337 <Entry type="1" type_name="REG_SZ">
1338 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Microphone\\Allow</Key>
1339 <ValueName>1</ValueName>
1340 <Value>https://example.org</Value>
1342 <Entry type="1" type_name="REG_SZ">
1343 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Microphone\\Block</Key>
1344 <ValueName>**delvals.</ValueName>
1347 <Entry type="1" type_name="REG_SZ">
1348 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Microphone\\Block</Key>
1349 <ValueName>1</ValueName>
1350 <Value>https://example.edu</Value>
1352 <Entry type="4" type_name="REG_DWORD">
1353 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Notifications</Key>
1354 <ValueName>BlockNewRequests</ValueName>
1357 <Entry type="4" type_name="REG_DWORD">
1358 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Notifications</Key>
1359 <ValueName>Locked</ValueName>
1362 <Entry type="1" type_name="REG_SZ">
1363 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Notifications\\Allow</Key>
1364 <ValueName>**delvals.</ValueName>
1367 <Entry type="1" type_name="REG_SZ">
1368 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Notifications\\Allow</Key>
1369 <ValueName>1</ValueName>
1370 <Value>https://example.org</Value>
1372 <Entry type="1" type_name="REG_SZ">
1373 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Notifications\\Block</Key>
1374 <ValueName>**delvals.</ValueName>
1377 <Entry type="1" type_name="REG_SZ">
1378 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Notifications\\Block</Key>
1379 <ValueName>1</ValueName>
1380 <Value>https://example.edu</Value>
1382 <Entry type="4" type_name="REG_DWORD">
1383 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\VirtualReality</Key>
1384 <ValueName>BlockNewRequests</ValueName>
1387 <Entry type="4" type_name="REG_DWORD">
1388 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\VirtualReality</Key>
1389 <ValueName>Locked</ValueName>
1392 <Entry type="1" type_name="REG_SZ">
1393 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\VirtualReality\\Allow</Key>
1394 <ValueName>**delvals.</ValueName>
1397 <Entry type="1" type_name="REG_SZ">
1398 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\VirtualReality\\Allow</Key>
1399 <ValueName>1</ValueName>
1400 <Value>https://example.org</Value>
1402 <Entry type="1" type_name="REG_SZ">
1403 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\VirtualReality\\Block</Key>
1404 <ValueName>**delvals.</ValueName>
1407 <Entry type="1" type_name="REG_SZ">
1408 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\VirtualReality\\Block</Key>
1409 <ValueName>1</ValueName>
1410 <Value>https://example.edu</Value>
1412 <Entry type="4" type_name="REG_DWORD">
1413 <Key>Software\\Policies\\Mozilla\\Firefox\\PictureInPicture</Key>
1414 <ValueName>Enabled</ValueName>
1417 <Entry type="4" type_name="REG_DWORD">
1418 <Key>Software\\Policies\\Mozilla\\Firefox\\PictureInPicture</Key>
1419 <ValueName>Locked</ValueName>
1422 <Entry type="4" type_name="REG_DWORD">
1423 <Key>Software\\Policies\\Mozilla\\Firefox\\PopupBlocking</Key>
1424 <ValueName>Default</ValueName>
1427 <Entry type="4" type_name="REG_DWORD">
1428 <Key>Software\\Policies\\Mozilla\\Firefox\\PopupBlocking</Key>
1429 <ValueName>Locked</ValueName>
1432 <Entry type="1" type_name="REG_SZ">
1433 <Key>Software\\Policies\\Mozilla\\Firefox\\PopupBlocking\\Allow</Key>
1434 <ValueName>**delvals.</ValueName>
1437 <Entry type="1" type_name="REG_SZ">
1438 <Key>Software\\Policies\\Mozilla\\Firefox\\PopupBlocking\\Allow</Key>
1439 <ValueName>1</ValueName>
1440 <Value>http://example.org/</Value>
1442 <Entry type="1" type_name="REG_SZ">
1443 <Key>Software\\Policies\\Mozilla\\Firefox\\PopupBlocking\\Allow</Key>
1444 <ValueName>2</ValueName>
1445 <Value>http://example.edu/</Value>
1447 <Entry type="4" type_name="REG_DWORD">
1448 <Key>Software\\Policies\\Mozilla\\Firefox\\Proxy</Key>
1449 <ValueName>Locked</ValueName>
1452 <Entry type="1" type_name="REG_SZ">
1453 <Key>Software\\Policies\\Mozilla\\Firefox\\Proxy</Key>
1454 <ValueName>Mode</ValueName>
1455 <Value>autoDetect</Value>
1457 <Entry type="1" type_name="REG_SZ">
1458 <Key>Software\\Policies\\Mozilla\\Firefox\\Proxy</Key>
1459 <ValueName>HTTPProxy</ValueName>
1460 <Value>hostname</Value>
1462 <Entry type="4" type_name="REG_DWORD">
1463 <Key>Software\\Policies\\Mozilla\\Firefox\\Proxy</Key>
1464 <ValueName>UseHTTPProxyForAllProtocols</ValueName>
1467 <Entry type="1" type_name="REG_SZ">
1468 <Key>Software\\Policies\\Mozilla\\Firefox\\Proxy</Key>
1469 <ValueName>SSLProxy</ValueName>
1470 <Value>hostname</Value>
1472 <Entry type="1" type_name="REG_SZ">
1473 <Key>Software\\Policies\\Mozilla\\Firefox\\Proxy</Key>
1474 <ValueName>FTPProxy</ValueName>
1475 <Value>hostname</Value>
1477 <Entry type="1" type_name="REG_SZ">
1478 <Key>Software\\Policies\\Mozilla\\Firefox\\Proxy</Key>
1479 <ValueName>SOCKSProxy</ValueName>
1480 <Value>hostname</Value>
1482 <Entry type="4" type_name="REG_DWORD">
1483 <Key>Software\\Policies\\Mozilla\\Firefox\\Proxy</Key>
1484 <ValueName>SOCKSVersion</ValueName>
1487 <Entry type="1" type_name="REG_SZ">
1488 <Key>Software\\Policies\\Mozilla\\Firefox\\Proxy</Key>
1489 <ValueName>Passthrough</ValueName>
1490 <Value><local></Value>
1492 <Entry type="1" type_name="REG_SZ">
1493 <Key>Software\\Policies\\Mozilla\\Firefox\\Proxy</Key>
1494 <ValueName>AutoConfigURL</ValueName>
1495 <Value>URL_TO_AUTOCONFIG</Value>
1497 <Entry type="4" type_name="REG_DWORD">
1498 <Key>Software\\Policies\\Mozilla\\Firefox\\Proxy</Key>
1499 <ValueName>AutoLogin</ValueName>
1502 <Entry type="4" type_name="REG_DWORD">
1503 <Key>Software\\Policies\\Mozilla\\Firefox\\Proxy</Key>
1504 <ValueName>UseProxyForDNS</ValueName>
1507 <Entry type="4" type_name="REG_DWORD">
1508 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
1509 <ValueName>SanitizeOnShutdown</ValueName>
1512 <Entry type="1" type_name="REG_SZ">
1513 <Key>Software\\Policies\\Mozilla\\Firefox\\SearchEngines</Key>
1514 <ValueName>Default</ValueName>
1515 <Value>Google</Value>
1517 <Entry type="4" type_name="REG_DWORD">
1518 <Key>Software\\Policies\\Mozilla\\Firefox\\SearchEngines</Key>
1519 <ValueName>PreventInstalls</ValueName>
1522 <Entry type="1" type_name="REG_SZ">
1523 <Key>Software\\Policies\\Mozilla\\Firefox\\SearchEngines\\Add\\1</Key>
1524 <ValueName>Name</ValueName>
1525 <Value>Example1</Value>
1527 <Entry type="1" type_name="REG_SZ">
1528 <Key>Software\\Policies\\Mozilla\\Firefox\\SearchEngines\\Add\\1</Key>
1529 <ValueName>URLTemplate</ValueName>
1530 <Value>https://www.example.org/q={searchTerms}</Value>
1532 <Entry type="1" type_name="REG_SZ">
1533 <Key>Software\\Policies\\Mozilla\\Firefox\\SearchEngines\\Add\\1</Key>
1534 <ValueName>Method</ValueName>
1537 <Entry type="1" type_name="REG_SZ">
1538 <Key>Software\\Policies\\Mozilla\\Firefox\\SearchEngines\\Add\\1</Key>
1539 <ValueName>IconURL</ValueName>
1540 <Value>https://www.example.org/favicon.ico</Value>
1542 <Entry type="1" type_name="REG_SZ">
1543 <Key>Software\\Policies\\Mozilla\\Firefox\\SearchEngines\\Add\\1</Key>
1544 <ValueName>Alias</ValueName>
1545 <Value>example</Value>
1547 <Entry type="1" type_name="REG_SZ">
1548 <Key>Software\\Policies\\Mozilla\\Firefox\\SearchEngines\\Add\\1</Key>
1549 <ValueName>Description</ValueName>
1550 <Value>Description</Value>
1552 <Entry type="1" type_name="REG_SZ">
1553 <Key>Software\\Policies\\Mozilla\\Firefox\\SearchEngines\\Add\\1</Key>
1554 <ValueName>SuggestURLTemplate</ValueName>
1555 <Value>https://www.example.org/suggestions/q={searchTerms}</Value>
1557 <Entry type="1" type_name="REG_SZ">
1558 <Key>Software\\Policies\\Mozilla\\Firefox\\SearchEngines\\Add\\1</Key>
1559 <ValueName>PostData</ValueName>
1560 <Value>name=value&q={searchTerms}</Value>
1562 <Entry type="1" type_name="REG_SZ">
1563 <Key>Software\\Policies\\Mozilla\\Firefox\\SearchEngines\\Remove</Key>
1564 <ValueName>**delvals.</ValueName>
1567 <Entry type="1" type_name="REG_SZ">
1568 <Key>Software\\Policies\\Mozilla\\Firefox\\SearchEngines\\Remove</Key>
1569 <ValueName>1</ValueName>
1572 <Entry type="1" type_name="REG_SZ">
1573 <Key>Software\\Policies\\Mozilla\\Firefox\\SupportMenu</Key>
1574 <ValueName>Title</ValueName>
1575 <Value>Support Menu</Value>
1577 <Entry type="1" type_name="REG_SZ">
1578 <Key>Software\\Policies\\Mozilla\\Firefox\\SupportMenu</Key>
1579 <ValueName>URL</ValueName>
1580 <Value>http://example.com/support</Value>
1582 <Entry type="1" type_name="REG_SZ">
1583 <Key>Software\\Policies\\Mozilla\\Firefox\\SupportMenu</Key>
1584 <ValueName>AccessKey</ValueName>
1587 <Entry type="4" type_name="REG_DWORD">
1588 <Key>Software\\Policies\\Mozilla\\Firefox\\UserMessaging</Key>
1589 <ValueName>ExtensionRecommendations</ValueName>
1592 <Entry type="4" type_name="REG_DWORD">
1593 <Key>Software\\Policies\\Mozilla\\Firefox\\UserMessaging</Key>
1594 <ValueName>FeatureRecommendations</ValueName>
1597 <Entry type="4" type_name="REG_DWORD">
1598 <Key>Software\\Policies\\Mozilla\\Firefox\\UserMessaging</Key>
1599 <ValueName>WhatsNew</ValueName>
1602 <Entry type="4" type_name="REG_DWORD">
1603 <Key>Software\\Policies\\Mozilla\\Firefox\\UserMessaging</Key>
1604 <ValueName>UrlbarInterventions</ValueName>
1607 <Entry type="4" type_name="REG_DWORD">
1608 <Key>Software\\Policies\\Mozilla\\Firefox\\UserMessaging</Key>
1609 <ValueName>SkipOnboarding</ValueName>
1612 <Entry type="1" type_name="REG_SZ">
1613 <Key>Software\\Policies\\Mozilla\\Firefox\\WebsiteFilter\\Block</Key>
1614 <ValueName>**delvals.</ValueName>
1617 <Entry type="1" type_name="REG_SZ">
1618 <Key>Software\\Policies\\Mozilla\\Firefox\\WebsiteFilter\\Block</Key>
1619 <ValueName>1</ValueName>
1620 <Value><all_urls></Value>
1622 <Entry type="1" type_name="REG_SZ">
1623 <Key>Software\\Policies\\Mozilla\\Firefox\\WebsiteFilter\\Exceptions</Key>
1624 <ValueName>**delvals.</ValueName>
1627 <Entry type="1" type_name="REG_SZ">
1628 <Key>Software\\Policies\\Mozilla\\Firefox\\WebsiteFilter\\Exceptions</Key>
1629 <ValueName>1</ValueName>
1630 <Value>http://example.org/*</Value>
1632 <Entry type="1" type_name="REG_SZ">
1633 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
1634 <ValueName>AllowedDomainsForApps</ValueName>
1635 <Value>managedfirefox.com,example.com</Value>
1637 <Entry type="4" type_name="REG_DWORD">
1638 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
1639 <ValueName>BackgroundAppUpdate</ValueName>
1642 <Entry type="4" type_name="REG_DWORD">
1643 <Key>Software\\Policies\\Mozilla\\Firefox\\Certificates</Key>
1644 <ValueName>ImportEnterpriseRoots</ValueName>
1647 <Entry type="1" type_name="REG_SZ">
1648 <Key>Software\\Policies\\Mozilla\\Firefox\\Certificates\\Install</Key>
1649 <ValueName>**delvals.</ValueName>
1652 <Entry type="1" type_name="REG_SZ">
1653 <Key>Software\\Policies\\Mozilla\\Firefox\\Certificates\\Install</Key>
1654 <ValueName>1</ValueName>
1655 <Value>cert1.der</Value>
1657 <Entry type="1" type_name="REG_SZ">
1658 <Key>Software\\Policies\\Mozilla\\Firefox\\Certificates\\Install</Key>
1659 <ValueName>2</ValueName>
1660 <Value>/home/username/cert2.pem</Value>
1662 <Entry type="1" type_name="REG_SZ">
1663 <Key>Software\\Policies\\Mozilla\\Firefox\\SecurityDevices</Key>
1664 <ValueName>NAME_OF_DEVICE</ValueName>
1665 <Value>PATH_TO_LIBRARY_FOR_DEVICE</Value>
1667 <Entry type="4" type_name="REG_DWORD">
1668 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
1669 <ValueName>ShowHomeButton</ValueName>
1672 <Entry type="7" type_name="REG_MULTI_SZ">
1673 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
1674 <ValueName>AutoLaunchProtocolsFromOrigins</ValueName>
1675 <Value>[{"protocol": "zoommtg", "allowed_origins": ["https://somesite.zoom.us"]}]</Value>
1680 firefox_json_expected
= \
1684 "AppAutoUpdate": true,
1685 "AllowedDomainsForApps": "managedfirefox.com,example.com",
1686 "AppUpdateURL": "https://yoursite.com",
1690 "https://myotherdomain.com"
1694 "https://myotherdomain.com"
1698 "https://myotherdomain.com"
1709 "PrivateBrowsing": true
1711 "AutoLaunchProtocolsFromOrigins": [
1713 "protocol": "zoommtg",
1714 "allowed_origins": [
1715 "https://somesite.zoom.us"
1719 "BackgroundAppUpdate": true,
1720 "BlockAboutAddons": true,
1721 "BlockAboutConfig": true,
1722 "BlockAboutProfiles": true,
1723 "BlockAboutSupport": true,
1727 "URL": "https://example.com",
1728 "Favicon": "https://example.com/favicon.ico",
1729 "Placement": "menu",
1730 "Folder": "FolderName"
1734 "URL": "www.samba.org",
1736 "Placement": "toolbar",
1740 "CaptivePortal": true,
1742 "ImportEnterpriseRoots": true,
1745 "/home/username/cert2.pem"
1750 "http://example.org/"
1753 "http://example.edu/"
1756 "http://example.edu/"
1759 "AcceptThirdParty": "never",
1760 "ExpireAtSessionEnd": true,
1761 "RejectTracker": true,
1764 "DisableSetDesktopBackground": true,
1765 "DisableMasterPasswordCreation": true,
1766 "DisableAppUpdate": true,
1767 "DisableBuiltinPDFViewer": true,
1768 "DisabledCiphers": {
1769 "TLS_DHE_RSA_WITH_AES_128_CBC_SHA": true,
1770 "TLS_DHE_RSA_WITH_AES_256_CBC_SHA": true,
1771 "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA": true,
1772 "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA": true,
1773 "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256": true,
1774 "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256": true,
1775 "TLS_RSA_WITH_AES_128_CBC_SHA": true,
1776 "TLS_RSA_WITH_AES_256_CBC_SHA": true,
1777 "TLS_RSA_WITH_3DES_EDE_CBC_SHA": true,
1778 "TLS_RSA_WITH_AES_128_GCM_SHA256": true,
1779 "TLS_RSA_WITH_AES_256_GCM_SHA384": true
1781 "DisableDefaultBrowserAgent": true,
1782 "DisableDeveloperTools": true,
1783 "DisableFeedbackCommands": true,
1784 "DisableFirefoxScreenshots": true,
1785 "DisableFirefoxAccounts": true,
1786 "DisableFirefoxStudies": true,
1787 "DisableForgetButton": true,
1788 "DisableFormHistory": true,
1789 "DisablePasswordReveal": true,
1790 "DisablePocket": true,
1791 "DisablePrivateBrowsing": true,
1792 "DisableProfileImport": true,
1793 "DisableProfileRefresh": true,
1794 "DisableSafeMode": true,
1795 "DisableSecurityBypass": {
1796 "InvalidCertificate": true,
1797 "SafeBrowsing": true
1799 "DisableSystemAddonUpdate": true,
1800 "DisableTelemetry": true,
1801 "DisplayBookmarksToolbar": true,
1802 "DisplayMenuBar": "default-on",
1805 "ProviderURL": "URL_TO_ALTERNATE_PROVIDER",
1807 "ExcludedDomains": [
1811 "DontCheckDefaultBrowser": true,
1812 "EnableTrackingProtection": {
1815 "Cryptomining": true,
1816 "Fingerprinting": true,
1818 "https://example.com"
1821 "EncryptedMediaExtensions": {
1827 "https://addons.mozilla.org/firefox/downloads/somefile.xpi",
1831 "bad_addon_id@mozilla.org"
1834 "addon_id@mozilla.org"
1837 "ExtensionSettings": {
1839 "blocked_install_message": "Custom error message.",
1840 "install_sources": [
1842 "https://addons.mozilla.org/"
1844 "installation_mode": "blocked",
1849 "uBlock0@raymondhill.net": {
1850 "installation_mode": "force_installed",
1851 "install_url": "https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi"
1853 "https-everywhere@eff.org": {
1854 "installation_mode": "allowed"
1857 "ExtensionUpdate": true,
1860 "http://example.org/"
1863 "http://example.edu/"
1870 "application/msword": {
1871 "action": "useSystemDefault",
1877 "action": "useHelperApp",
1882 "uriTemplate": "https://mail.google.com/mail/?extsrc=mailto&url=%s"
1889 "action": "useHelperApp",
1893 "name": "Adobe Acrobat",
1894 "path": "/usr/bin/acroread"
1908 "HardwareAcceleration": true,
1910 "URL": "http://example.com/",
1913 "http://example.org/",
1914 "http://example.edu/"
1916 "StartPage": "homepage"
1918 "InstallAddonsPermission": {
1920 "http://example.org/",
1921 "http://example.edu/"
1926 "http://example.org/",
1927 "http://example.edu/"
1929 "ManagedBookmarks": [
1931 "toplevel_name": "My managed bookmarks folder"
1934 "url": "example.com",
1938 "name": "Mozilla links",
1941 "url": "https://mozilla.org",
1942 "name": "Mozilla.org"
1945 "url": "https://support.mozilla.org/",
1951 "PrimaryPassword": true,
1952 "NoDefaultBookmarks": true,
1953 "OfferToSaveLogins": true,
1954 "OfferToSaveLoginsDefault": true,
1955 "OverrideFirstRunPage": "http://example.org",
1956 "OverridePostUpdatePage": "http://example.org",
1957 "PasswordManagerEnabled": true,
1960 "EnablePermissions": true
1965 "https://example.org",
1966 "https://example.org:1234"
1969 "https://example.edu"
1971 "BlockNewRequests": true,
1976 "https://example.org"
1979 "https://example.edu"
1981 "BlockNewRequests": true,
1986 "https://example.org"
1989 "https://example.edu"
1991 "BlockNewRequests": true,
1996 "https://example.org"
1999 "https://example.edu"
2001 "BlockNewRequests": true,
2006 "https://example.org"
2009 "https://example.edu"
2011 "Default": "block-audio",
2016 "https://example.org"
2019 "https://example.edu"
2021 "BlockNewRequests": true,
2025 "PictureInPicture": {
2031 "http://example.org/",
2032 "http://example.edu/"
2038 "accessibility.force_disabled": {
2042 "browser.cache.disk.parent_directory": {
2043 "Value": "SOME_NATIVE_PATH",
2046 "browser.tabs.warnOnClose": {
2051 "PromptForDownloadLocation": true,
2053 "Mode": "autoDetect",
2055 "HTTPProxy": "hostname",
2056 "UseHTTPProxyForAllProtocols": true,
2057 "SSLProxy": "hostname",
2058 "FTPProxy": "hostname",
2059 "SOCKSProxy": "hostname",
2061 "Passthrough": "<local>",
2062 "AutoConfigURL": "URL_TO_AUTOCONFIG",
2064 "UseProxyForDNS": true
2066 "SanitizeOnShutdown": true,
2071 "URLTemplate": "https://www.example.org/q={searchTerms}",
2073 "IconURL": "https://www.example.org/favicon.ico",
2075 "Description": "Description",
2076 "PostData": "name=value&q={searchTerms}",
2077 "SuggestURLTemplate": "https://www.example.org/suggestions/q={searchTerms}"
2083 "Default": "Google",
2084 "PreventInstalls": true
2086 "SearchSuggestEnabled": true,
2087 "SecurityDevices": {
2088 "NAME_OF_DEVICE": "PATH_TO_LIBRARY_FOR_DEVICE"
2090 "ShowHomeButton": true,
2091 "SSLVersionMax": "tls1.3",
2092 "SSLVersionMin": "tls1.3",
2094 "Title": "Support Menu",
2095 "URL": "http://example.com/support",
2100 "ExtensionRecommendations": true,
2101 "FeatureRecommendations": true,
2102 "UrlbarInterventions": true,
2103 "SkipOnboarding": true
2110 "http://example.org/*"
2113 "DefaultDownloadDirectory": "${home}/Downloads",
2114 "DownloadDirectory": "${home}/Downloads",
2115 "NetworkPrediction": true,
2117 "RequestedLocales": ["de", "en-US"],
2118 "SearchBar": "unified"
2123 chromium_reg_pol
= \
2125 <?xml version="1.0" encoding="utf-8"?>
2126 <PolFile num_entries="418" signature="PReg" version="1">
2127 <Entry type="4" type_name="REG_DWORD">
2128 <Key>Software\Policies\Google\Chrome</Key>
2129 <ValueName>AbusiveExperienceInterventionEnforce</ValueName>
2132 <Entry type="4" type_name="REG_DWORD">
2133 <Key>Software\Policies\Google\Chrome</Key>
2134 <ValueName>AccessibilityImageLabelsEnabled</ValueName>
2137 <Entry type="4" type_name="REG_DWORD">
2138 <Key>Software\Policies\Google\Chrome</Key>
2139 <ValueName>AdditionalDnsQueryTypesEnabled</ValueName>
2142 <Entry type="4" type_name="REG_DWORD">
2143 <Key>Software\Policies\Google\Chrome</Key>
2144 <ValueName>AdsSettingForIntrusiveAdsSites</ValueName>
2147 <Entry type="4" type_name="REG_DWORD">
2148 <Key>Software\Policies\Google\Chrome</Key>
2149 <ValueName>AdvancedProtectionAllowed</ValueName>
2152 <Entry type="4" type_name="REG_DWORD">
2153 <Key>Software\Policies\Google\Chrome</Key>
2154 <ValueName>AllowCrossOriginAuthPrompt</ValueName>
2157 <Entry type="4" type_name="REG_DWORD">
2158 <Key>Software\Policies\Google\Chrome</Key>
2159 <ValueName>AllowDeletingBrowserHistory</ValueName>
2162 <Entry type="4" type_name="REG_DWORD">
2163 <Key>Software\Policies\Google\Chrome</Key>
2164 <ValueName>AllowDinosaurEasterEgg</ValueName>
2167 <Entry type="4" type_name="REG_DWORD">
2168 <Key>Software\Policies\Google\Chrome</Key>
2169 <ValueName>AllowFileSelectionDialogs</ValueName>
2172 <Entry type="4" type_name="REG_DWORD">
2173 <Key>Software\Policies\Google\Chrome</Key>
2174 <ValueName>AllowSyncXHRInPageDismissal</ValueName>
2177 <Entry type="1" type_name="REG_SZ">
2178 <Key>Software\Policies\Google\Chrome</Key>
2179 <ValueName>AllowedDomainsForApps</ValueName>
2180 <Value>managedchrome.com,example.com</Value>
2182 <Entry type="4" type_name="REG_DWORD">
2183 <Key>Software\Policies\Google\Chrome</Key>
2184 <ValueName>AlternateErrorPagesEnabled</ValueName>
2187 <Entry type="1" type_name="REG_SZ">
2188 <Key>Software\Policies\Google\Chrome</Key>
2189 <ValueName>AlternativeBrowserPath</ValueName>
2190 <Value>${ie}</Value>
2192 <Entry type="4" type_name="REG_DWORD">
2193 <Key>Software\Policies\Google\Chrome</Key>
2194 <ValueName>AlwaysOpenPdfExternally</ValueName>
2197 <Entry type="4" type_name="REG_DWORD">
2198 <Key>Software\Policies\Google\Chrome</Key>
2199 <ValueName>AmbientAuthenticationInPrivateModesEnabled</ValueName>
2202 <Entry type="4" type_name="REG_DWORD">
2203 <Key>Software\Policies\Google\Chrome</Key>
2204 <ValueName>AppCacheForceEnabled</ValueName>
2207 <Entry type="1" type_name="REG_SZ">
2208 <Key>Software\Policies\Google\Chrome</Key>
2209 <ValueName>ApplicationLocaleValue</ValueName>
2212 <Entry type="4" type_name="REG_DWORD">
2213 <Key>Software\Policies\Google\Chrome</Key>
2214 <ValueName>AudioCaptureAllowed</ValueName>
2217 <Entry type="4" type_name="REG_DWORD">
2218 <Key>Software\Policies\Google\Chrome</Key>
2219 <ValueName>AudioProcessHighPriorityEnabled</ValueName>
2222 <Entry type="4" type_name="REG_DWORD">
2223 <Key>Software\Policies\Google\Chrome</Key>
2224 <ValueName>AudioSandboxEnabled</ValueName>
2227 <Entry type="1" type_name="REG_SZ">
2228 <Key>Software\Policies\Google\Chrome</Key>
2229 <ValueName>AuthNegotiateDelegateAllowlist</ValueName>
2230 <Value>foobar.example.com</Value>
2232 <Entry type="1" type_name="REG_SZ">
2233 <Key>Software\Policies\Google\Chrome</Key>
2234 <ValueName>AuthSchemes</ValueName>
2235 <Value>basic,digest,ntlm,negotiate</Value>
2237 <Entry type="1" type_name="REG_SZ">
2238 <Key>Software\Policies\Google\Chrome</Key>
2239 <ValueName>AuthServerAllowlist</ValueName>
2240 <Value>*.example.com,example.com</Value>
2242 <Entry type="1" type_name="REG_SZ">
2243 <Key>Software\Policies\Google\Chrome</Key>
2244 <ValueName>AutoLaunchProtocolsFromOrigins</ValueName>
2245 <Value>[{"allowed_origins": ["example.com", "http://www.example.com:8080"], "protocol": "spotify"}, {"allowed_origins": ["https://example.com", "https://.mail.example.com"], "protocol": "teams"}, {"allowed_origins": ["*"], "protocol": "outlook"}]</Value>
2247 <Entry type="4" type_name="REG_DWORD">
2248 <Key>Software\Policies\Google\Chrome</Key>
2249 <ValueName>AutofillAddressEnabled</ValueName>
2252 <Entry type="4" type_name="REG_DWORD">
2253 <Key>Software\Policies\Google\Chrome</Key>
2254 <ValueName>AutofillCreditCardEnabled</ValueName>
2257 <Entry type="4" type_name="REG_DWORD">
2258 <Key>Software\Policies\Google\Chrome</Key>
2259 <ValueName>AutoplayAllowed</ValueName>
2262 <Entry type="4" type_name="REG_DWORD">
2263 <Key>Software\Policies\Google\Chrome</Key>
2264 <ValueName>BackgroundModeEnabled</ValueName>
2267 <Entry type="4" type_name="REG_DWORD">
2268 <Key>Software\Policies\Google\Chrome</Key>
2269 <ValueName>BasicAuthOverHttpEnabled</ValueName>
2272 <Entry type="4" type_name="REG_DWORD">
2273 <Key>Software\Policies\Google\Chrome</Key>
2274 <ValueName>BlockExternalExtensions</ValueName>
2277 <Entry type="4" type_name="REG_DWORD">
2278 <Key>Software\Policies\Google\Chrome</Key>
2279 <ValueName>BlockThirdPartyCookies</ValueName>
2282 <Entry type="4" type_name="REG_DWORD">
2283 <Key>Software\Policies\Google\Chrome</Key>
2284 <ValueName>BookmarkBarEnabled</ValueName>
2287 <Entry type="4" type_name="REG_DWORD">
2288 <Key>Software\Policies\Google\Chrome</Key>
2289 <ValueName>BrowserAddPersonEnabled</ValueName>
2292 <Entry type="4" type_name="REG_DWORD">
2293 <Key>Software\Policies\Google\Chrome</Key>
2294 <ValueName>BrowserGuestModeEnabled</ValueName>
2297 <Entry type="4" type_name="REG_DWORD">
2298 <Key>Software\Policies\Google\Chrome</Key>
2299 <ValueName>BrowserGuestModeEnforced</ValueName>
2302 <Entry type="4" type_name="REG_DWORD">
2303 <Key>Software\Policies\Google\Chrome</Key>
2304 <ValueName>BrowserLabsEnabled</ValueName>
2307 <Entry type="4" type_name="REG_DWORD">
2308 <Key>Software\Policies\Google\Chrome</Key>
2309 <ValueName>BrowserNetworkTimeQueriesEnabled</ValueName>
2312 <Entry type="4" type_name="REG_DWORD">
2313 <Key>Software\Policies\Google\Chrome</Key>
2314 <ValueName>BrowserSignin</ValueName>
2317 <Entry type="1" type_name="REG_SZ">
2318 <Key>Software\Policies\Google\Chrome</Key>
2319 <ValueName>BrowserSwitcherChromePath</ValueName>
2320 <Value>${chrome}</Value>
2322 <Entry type="4" type_name="REG_DWORD">
2323 <Key>Software\Policies\Google\Chrome</Key>
2324 <ValueName>BrowserSwitcherDelay</ValueName>
2325 <Value>10000</Value>
2327 <Entry type="4" type_name="REG_DWORD">
2328 <Key>Software\Policies\Google\Chrome</Key>
2329 <ValueName>BrowserSwitcherEnabled</ValueName>
2332 <Entry type="1" type_name="REG_SZ">
2333 <Key>Software\Policies\Google\Chrome</Key>
2334 <ValueName>BrowserSwitcherExternalGreylistUrl</ValueName>
2335 <Value>http://example.com/greylist.xml</Value>
2337 <Entry type="1" type_name="REG_SZ">
2338 <Key>Software\Policies\Google\Chrome</Key>
2339 <ValueName>BrowserSwitcherExternalSitelistUrl</ValueName>
2340 <Value>http://example.com/sitelist.xml</Value>
2342 <Entry type="4" type_name="REG_DWORD">
2343 <Key>Software\Policies\Google\Chrome</Key>
2344 <ValueName>BrowserSwitcherKeepLastChromeTab</ValueName>
2347 <Entry type="4" type_name="REG_DWORD">
2348 <Key>Software\Policies\Google\Chrome</Key>
2349 <ValueName>BrowserSwitcherUseIeSitelist</ValueName>
2352 <Entry type="1" type_name="REG_SZ">
2353 <Key>Software\Policies\Google\Chrome</Key>
2354 <ValueName>BrowserThemeColor</ValueName>
2355 <Value>#FFFFFF</Value>
2357 <Entry type="1" type_name="REG_SZ">
2358 <Key>Software\Policies\Google\Chrome</Key>
2359 <ValueName>BrowsingDataLifetime</ValueName>
2360 <Value>[{"data_types": ["browsing_history"], "time_to_live_in_hours": 24}, {"data_types": ["password_signin", "autofill"], "time_to_live_in_hours": 12}]</Value>
2362 <Entry type="4" type_name="REG_DWORD">
2363 <Key>Software\Policies\Google\Chrome</Key>
2364 <ValueName>BuiltInDnsClientEnabled</ValueName>
2367 <Entry type="4" type_name="REG_DWORD">
2368 <Key>Software\Policies\Google\Chrome</Key>
2369 <ValueName>CECPQ2Enabled</ValueName>
2372 <Entry type="4" type_name="REG_DWORD">
2373 <Key>Software\Policies\Google\Chrome</Key>
2374 <ValueName>ChromeCleanupEnabled</ValueName>
2377 <Entry type="4" type_name="REG_DWORD">
2378 <Key>Software\Policies\Google\Chrome</Key>
2379 <ValueName>ChromeCleanupReportingEnabled</ValueName>
2382 <Entry type="4" type_name="REG_DWORD">
2383 <Key>Software\Policies\Google\Chrome</Key>
2384 <ValueName>ChromeVariations</ValueName>
2387 <Entry type="4" type_name="REG_DWORD">
2388 <Key>Software\Policies\Google\Chrome</Key>
2389 <ValueName>ClickToCallEnabled</ValueName>
2392 <Entry type="4" type_name="REG_DWORD">
2393 <Key>Software\Policies\Google\Chrome</Key>
2394 <ValueName>CloudManagementEnrollmentMandatory</ValueName>
2397 <Entry type="1" type_name="REG_SZ">
2398 <Key>Software\Policies\Google\Chrome</Key>
2399 <ValueName>CloudManagementEnrollmentToken</ValueName>
2400 <Value>37185d02-e055-11e7-80c1-9a214cf093ae</Value>
2402 <Entry type="4" type_name="REG_DWORD">
2403 <Key>Software\Policies\Google\Chrome</Key>
2404 <ValueName>CloudPolicyOverridesPlatformPolicy</ValueName>
2407 <Entry type="4" type_name="REG_DWORD">
2408 <Key>Software\Policies\Google\Chrome</Key>
2409 <ValueName>CloudPrintProxyEnabled</ValueName>
2412 <Entry type="4" type_name="REG_DWORD">
2413 <Key>Software\Policies\Google\Chrome</Key>
2414 <ValueName>CloudPrintSubmitEnabled</ValueName>
2417 <Entry type="4" type_name="REG_DWORD">
2418 <Key>Software\Policies\Google\Chrome</Key>
2419 <ValueName>CloudUserPolicyMerge</ValueName>
2422 <Entry type="4" type_name="REG_DWORD">
2423 <Key>Software\Policies\Google\Chrome</Key>
2424 <ValueName>CommandLineFlagSecurityWarningsEnabled</ValueName>
2427 <Entry type="4" type_name="REG_DWORD">
2428 <Key>Software\Policies\Google\Chrome</Key>
2429 <ValueName>ComponentUpdatesEnabled</ValueName>
2432 <Entry type="4" type_name="REG_DWORD">
2433 <Key>Software\Policies\Google\Chrome</Key>
2434 <ValueName>DNSInterceptionChecksEnabled</ValueName>
2437 <Entry type="4" type_name="REG_DWORD">
2438 <Key>Software\Policies\Google\Chrome</Key>
2439 <ValueName>DefaultBrowserSettingEnabled</ValueName>
2442 <Entry type="4" type_name="REG_DWORD">
2443 <Key>Software\Policies\Google\Chrome</Key>
2444 <ValueName>DefaultCookiesSetting</ValueName>
2447 <Entry type="4" type_name="REG_DWORD">
2448 <Key>Software\Policies\Google\Chrome</Key>
2449 <ValueName>DefaultFileHandlingGuardSetting</ValueName>
2452 <Entry type="4" type_name="REG_DWORD">
2453 <Key>Software\Policies\Google\Chrome</Key>
2454 <ValueName>DefaultFileSystemReadGuardSetting</ValueName>
2457 <Entry type="4" type_name="REG_DWORD">
2458 <Key>Software\Policies\Google\Chrome</Key>
2459 <ValueName>DefaultFileSystemWriteGuardSetting</ValueName>
2462 <Entry type="4" type_name="REG_DWORD">
2463 <Key>Software\Policies\Google\Chrome</Key>
2464 <ValueName>DefaultGeolocationSetting</ValueName>
2467 <Entry type="4" type_name="REG_DWORD">
2468 <Key>Software\Policies\Google\Chrome</Key>
2469 <ValueName>DefaultImagesSetting</ValueName>
2472 <Entry type="4" type_name="REG_DWORD">
2473 <Key>Software\Policies\Google\Chrome</Key>
2474 <ValueName>DefaultInsecureContentSetting</ValueName>
2477 <Entry type="4" type_name="REG_DWORD">
2478 <Key>Software\Policies\Google\Chrome</Key>
2479 <ValueName>DefaultJavaScriptSetting</ValueName>
2482 <Entry type="4" type_name="REG_DWORD">
2483 <Key>Software\Policies\Google\Chrome</Key>
2484 <ValueName>DefaultNotificationsSetting</ValueName>
2487 <Entry type="4" type_name="REG_DWORD">
2488 <Key>Software\Policies\Google\Chrome</Key>
2489 <ValueName>DefaultPopupsSetting</ValueName>
2492 <Entry type="1" type_name="REG_SZ">
2493 <Key>Software\Policies\Google\Chrome</Key>
2494 <ValueName>DefaultPrinterSelection</ValueName>
2495 <Value>{ "kind": "cloud", "idPattern": ".*public", "namePattern": ".*Color" }</Value>
2497 <Entry type="4" type_name="REG_DWORD">
2498 <Key>Software\Policies\Google\Chrome</Key>
2499 <ValueName>DefaultSearchProviderContextMenuAccessAllowed</ValueName>
2502 <Entry type="4" type_name="REG_DWORD">
2503 <Key>Software\Policies\Google\Chrome</Key>
2504 <ValueName>DefaultSearchProviderEnabled</ValueName>
2507 <Entry type="1" type_name="REG_SZ">
2508 <Key>Software\Policies\Google\Chrome</Key>
2509 <ValueName>DefaultSearchProviderIconURL</ValueName>
2510 <Value>https://search.my.company/favicon.ico</Value>
2512 <Entry type="1" type_name="REG_SZ">
2513 <Key>Software\Policies\Google\Chrome</Key>
2514 <ValueName>DefaultSearchProviderImageURL</ValueName>
2515 <Value>https://search.my.company/searchbyimage/upload</Value>
2517 <Entry type="1" type_name="REG_SZ">
2518 <Key>Software\Policies\Google\Chrome</Key>
2519 <ValueName>DefaultSearchProviderImageURLPostParams</ValueName>
2520 <Value>content={imageThumbnail},url={imageURL},sbisrc={SearchSource}</Value>
2522 <Entry type="1" type_name="REG_SZ">
2523 <Key>Software\Policies\Google\Chrome</Key>
2524 <ValueName>DefaultSearchProviderKeyword</ValueName>
2527 <Entry type="1" type_name="REG_SZ">
2528 <Key>Software\Policies\Google\Chrome</Key>
2529 <ValueName>DefaultSearchProviderName</ValueName>
2530 <Value>My Intranet Search</Value>
2532 <Entry type="1" type_name="REG_SZ">
2533 <Key>Software\Policies\Google\Chrome</Key>
2534 <ValueName>DefaultSearchProviderNewTabURL</ValueName>
2535 <Value>https://search.my.company/newtab</Value>
2537 <Entry type="1" type_name="REG_SZ">
2538 <Key>Software\Policies\Google\Chrome</Key>
2539 <ValueName>DefaultSearchProviderSearchURL</ValueName>
2540 <Value>https://search.my.company/search?q={searchTerms}</Value>
2542 <Entry type="1" type_name="REG_SZ">
2543 <Key>Software\Policies\Google\Chrome</Key>
2544 <ValueName>DefaultSearchProviderSearchURLPostParams</ValueName>
2545 <Value>q={searchTerms},ie=utf-8,oe=utf-8</Value>
2547 <Entry type="1" type_name="REG_SZ">
2548 <Key>Software\Policies\Google\Chrome</Key>
2549 <ValueName>DefaultSearchProviderSuggestURL</ValueName>
2550 <Value>https://search.my.company/suggest?q={searchTerms}</Value>
2552 <Entry type="1" type_name="REG_SZ">
2553 <Key>Software\Policies\Google\Chrome</Key>
2554 <ValueName>DefaultSearchProviderSuggestURLPostParams</ValueName>
2555 <Value>q={searchTerms},ie=utf-8,oe=utf-8</Value>
2557 <Entry type="4" type_name="REG_DWORD">
2558 <Key>Software\Policies\Google\Chrome</Key>
2559 <ValueName>DefaultSensorsSetting</ValueName>
2562 <Entry type="4" type_name="REG_DWORD">
2563 <Key>Software\Policies\Google\Chrome</Key>
2564 <ValueName>DefaultSerialGuardSetting</ValueName>
2567 <Entry type="4" type_name="REG_DWORD">
2568 <Key>Software\Policies\Google\Chrome</Key>
2569 <ValueName>DefaultWebBluetoothGuardSetting</ValueName>
2572 <Entry type="4" type_name="REG_DWORD">
2573 <Key>Software\Policies\Google\Chrome</Key>
2574 <ValueName>DefaultWebUsbGuardSetting</ValueName>
2577 <Entry type="4" type_name="REG_DWORD">
2578 <Key>Software\Policies\Google\Chrome</Key>
2579 <ValueName>DeveloperToolsAvailability</ValueName>
2582 <Entry type="4" type_name="REG_DWORD">
2583 <Key>Software\Policies\Google\Chrome</Key>
2584 <ValueName>Disable3DAPIs</ValueName>
2587 <Entry type="4" type_name="REG_DWORD">
2588 <Key>Software\Policies\Google\Chrome</Key>
2589 <ValueName>DisableAuthNegotiateCnameLookup</ValueName>
2592 <Entry type="4" type_name="REG_DWORD">
2593 <Key>Software\Policies\Google\Chrome</Key>
2594 <ValueName>DisablePrintPreview</ValueName>
2597 <Entry type="4" type_name="REG_DWORD">
2598 <Key>Software\Policies\Google\Chrome</Key>
2599 <ValueName>DisableSafeBrowsingProceedAnyway</ValueName>
2602 <Entry type="4" type_name="REG_DWORD">
2603 <Key>Software\Policies\Google\Chrome</Key>
2604 <ValueName>DisableScreenshots</ValueName>
2607 <Entry type="1" type_name="REG_SZ">
2608 <Key>Software\Policies\Google\Chrome</Key>
2609 <ValueName>DiskCacheDir</ValueName>
2610 <Value>${user_home}/Chrome_cache</Value>
2612 <Entry type="4" type_name="REG_DWORD">
2613 <Key>Software\Policies\Google\Chrome</Key>
2614 <ValueName>DiskCacheSize</ValueName>
2615 <Value>104857600</Value>
2617 <Entry type="1" type_name="REG_SZ">
2618 <Key>Software\Policies\Google\Chrome</Key>
2619 <ValueName>DnsOverHttpsMode</ValueName>
2622 <Entry type="1" type_name="REG_SZ">
2623 <Key>Software\Policies\Google\Chrome</Key>
2624 <ValueName>DnsOverHttpsTemplates</ValueName>
2625 <Value>https://dns.example.net/dns-query{?dns}</Value>
2627 <Entry type="1" type_name="REG_SZ">
2628 <Key>Software\Policies\Google\Chrome</Key>
2629 <ValueName>DownloadDirectory</ValueName>
2630 <Value>/home/${user_name}/Downloads</Value>
2632 <Entry type="4" type_name="REG_DWORD">
2633 <Key>Software\Policies\Google\Chrome</Key>
2634 <ValueName>DownloadRestrictions</ValueName>
2637 <Entry type="4" type_name="REG_DWORD">
2638 <Key>Software\Policies\Google\Chrome</Key>
2639 <ValueName>EditBookmarksEnabled</ValueName>
2642 <Entry type="4" type_name="REG_DWORD">
2643 <Key>Software\Policies\Google\Chrome</Key>
2644 <ValueName>EnableAuthNegotiatePort</ValueName>
2647 <Entry type="4" type_name="REG_DWORD">
2648 <Key>Software\Policies\Google\Chrome</Key>
2649 <ValueName>EnableDeprecatedPrivetPrinting</ValueName>
2652 <Entry type="4" type_name="REG_DWORD">
2653 <Key>Software\Policies\Google\Chrome</Key>
2654 <ValueName>EnableMediaRouter</ValueName>
2657 <Entry type="4" type_name="REG_DWORD">
2658 <Key>Software\Policies\Google\Chrome</Key>
2659 <ValueName>EnableOnlineRevocationChecks</ValueName>
2662 <Entry type="4" type_name="REG_DWORD">
2663 <Key>Software\Policies\Google\Chrome</Key>
2664 <ValueName>EnterpriseHardwarePlatformAPIEnabled</ValueName>
2667 <Entry type="1" type_name="REG_SZ">
2668 <Key>Software\Policies\Google\Chrome</Key>
2669 <ValueName>ExtensionSettings</ValueName>
2670 <Value>{"*": {"allowed_types": ["hosted_app"], "blocked_install_message": "Custom error message.", "blocked_permissions": ["downloads", "bookmarks"], "install_sources": ["https://company-intranet/chromeapps"], "installation_mode": "blocked", "runtime_allowed_hosts": ["*://good.example.com"], "runtime_blocked_hosts": ["*://*.example.com"]}, "abcdefghijklmnopabcdefghijklmnop": {"blocked_permissions": ["history"], "installation_mode": "allowed", "minimum_version_required": "1.0.1", "toolbar_pin": "force_pinned"}, "bcdefghijklmnopabcdefghijklmnopa": {"allowed_permissions": ["downloads"], "installation_mode": "force_installed", "runtime_allowed_hosts": ["*://good.example.com"], "runtime_blocked_hosts": ["*://*.example.com"], "update_url": "https://example.com/update_url"}, "cdefghijklmnopabcdefghijklmnopab": {"blocked_install_message": "Custom error message.", "installation_mode": "blocked"}, "defghijklmnopabcdefghijklmnopabc,efghijklmnopabcdefghijklmnopabcd": {"blocked_install_message": "Custom error message.", "installation_mode": "blocked"}, "fghijklmnopabcdefghijklmnopabcde": {"blocked_install_message": "Custom removal message.", "installation_mode": "removed"}, "ghijklmnopabcdefghijklmnopabcdef": {"installation_mode": "force_installed", "override_update_url": true, "update_url": "https://example.com/update_url"}, "update_url:https://www.example.com/update.xml": {"allowed_permissions": ["downloads"], "blocked_permissions": ["wallpaper"], "installation_mode": "allowed"}}</Value>
2672 <Entry type="4" type_name="REG_DWORD">
2673 <Key>Software\Policies\Google\Chrome</Key>
2674 <ValueName>ExternalProtocolDialogShowAlwaysOpenCheckbox</ValueName>
2677 <Entry type="4" type_name="REG_DWORD">
2678 <Key>Software\Policies\Google\Chrome</Key>
2679 <ValueName>FetchKeepaliveDurationSecondsOnShutdown</ValueName>
2682 <Entry type="4" type_name="REG_DWORD">
2683 <Key>Software\Policies\Google\Chrome</Key>
2684 <ValueName>ForceEphemeralProfiles</ValueName>
2687 <Entry type="4" type_name="REG_DWORD">
2688 <Key>Software\Policies\Google\Chrome</Key>
2689 <ValueName>ForceGoogleSafeSearch</ValueName>
2692 <Entry type="4" type_name="REG_DWORD">
2693 <Key>Software\Policies\Google\Chrome</Key>
2694 <ValueName>ForceYouTubeRestrict</ValueName>
2697 <Entry type="4" type_name="REG_DWORD">
2698 <Key>Software\Policies\Google\Chrome</Key>
2699 <ValueName>FullscreenAllowed</ValueName>
2702 <Entry type="4" type_name="REG_DWORD">
2703 <Key>Software\Policies\Google\Chrome</Key>
2704 <ValueName>GloballyScopeHTTPAuthCacheEnabled</ValueName>
2707 <Entry type="4" type_name="REG_DWORD">
2708 <Key>Software\Policies\Google\Chrome</Key>
2709 <ValueName>HardwareAccelerationModeEnabled</ValueName>
2712 <Entry type="4" type_name="REG_DWORD">
2713 <Key>Software\Policies\Google\Chrome</Key>
2714 <ValueName>HeadlessMode</ValueName>
2717 <Entry type="4" type_name="REG_DWORD">
2718 <Key>Software\Policies\Google\Chrome</Key>
2719 <ValueName>HideWebStoreIcon</ValueName>
2722 <Entry type="4" type_name="REG_DWORD">
2723 <Key>Software\Policies\Google\Chrome</Key>
2724 <ValueName>HomepageIsNewTabPage</ValueName>
2727 <Entry type="1" type_name="REG_SZ">
2728 <Key>Software\Policies\Google\Chrome</Key>
2729 <ValueName>HomepageLocation</ValueName>
2730 <Value>https://www.chromium.org</Value>
2732 <Entry type="4" type_name="REG_DWORD">
2733 <Key>Software\Policies\Google\Chrome</Key>
2734 <ValueName>ImportAutofillFormData</ValueName>
2737 <Entry type="4" type_name="REG_DWORD">
2738 <Key>Software\Policies\Google\Chrome</Key>
2739 <ValueName>ImportBookmarks</ValueName>
2742 <Entry type="4" type_name="REG_DWORD">
2743 <Key>Software\Policies\Google\Chrome</Key>
2744 <ValueName>ImportHistory</ValueName>
2747 <Entry type="4" type_name="REG_DWORD">
2748 <Key>Software\Policies\Google\Chrome</Key>
2749 <ValueName>ImportHomepage</ValueName>
2752 <Entry type="4" type_name="REG_DWORD">
2753 <Key>Software\Policies\Google\Chrome</Key>
2754 <ValueName>ImportSavedPasswords</ValueName>
2757 <Entry type="4" type_name="REG_DWORD">
2758 <Key>Software\Policies\Google\Chrome</Key>
2759 <ValueName>ImportSearchEngine</ValueName>
2762 <Entry type="4" type_name="REG_DWORD">
2763 <Key>Software\Policies\Google\Chrome</Key>
2764 <ValueName>IncognitoModeAvailability</ValueName>
2767 <Entry type="4" type_name="REG_DWORD">
2768 <Key>Software\Policies\Google\Chrome</Key>
2769 <ValueName>InsecureFormsWarningsEnabled</ValueName>
2772 <Entry type="4" type_name="REG_DWORD">
2773 <Key>Software\Policies\Google\Chrome</Key>
2774 <ValueName>InsecurePrivateNetworkRequestsAllowed</ValueName>
2777 <Entry type="4" type_name="REG_DWORD">
2778 <Key>Software\Policies\Google\Chrome</Key>
2779 <ValueName>IntensiveWakeUpThrottlingEnabled</ValueName>
2782 <Entry type="4" type_name="REG_DWORD">
2783 <Key>Software\Policies\Google\Chrome</Key>
2784 <ValueName>IntranetRedirectBehavior</ValueName>
2787 <Entry type="1" type_name="REG_SZ">
2788 <Key>Software\Policies\Google\Chrome</Key>
2789 <ValueName>IsolateOrigins</ValueName>
2790 <Value>https://example.com/,https://othersite.org/</Value>
2792 <Entry type="1" type_name="REG_SZ">
2793 <Key>Software\Policies\Google\Chrome</Key>
2794 <ValueName>ManagedBookmarks</ValueName>
2795 <Value>[{"toplevel_name": "My managed bookmarks folder"}, {"name": "Google", "url": "google.com"}, {"name": "Youtube", "url": "youtube.com"}, {"children": [{"name": "Chromium", "url": "chromium.org"}, {"name": "Chromium Developers", "url": "dev.chromium.org"}], "name": "Chrome links"}]</Value>
2797 <Entry type="1" type_name="REG_SZ">
2798 <Key>Software\Policies\Google\Chrome</Key>
2799 <ValueName>ManagedConfigurationPerOrigin</ValueName>
2800 <Value>[{"managed_configuration_hash": "asd891jedasd12ue9h", "managed_configuration_url": "https://gstatic.google.com/configuration.json", "origin": "https://www.google.com"}, {"managed_configuration_hash": "djio12easd89u12aws", "managed_configuration_url": "https://gstatic.google.com/configuration2.json", "origin": "https://www.example.com"}]</Value>
2802 <Entry type="4" type_name="REG_DWORD">
2803 <Key>Software\Policies\Google\Chrome</Key>
2804 <ValueName>MaxConnectionsPerProxy</ValueName>
2807 <Entry type="4" type_name="REG_DWORD">
2808 <Key>Software\Policies\Google\Chrome</Key>
2809 <ValueName>MaxInvalidationFetchDelay</ValueName>
2810 <Value>10000</Value>
2812 <Entry type="4" type_name="REG_DWORD">
2813 <Key>Software\Policies\Google\Chrome</Key>
2814 <ValueName>MediaRecommendationsEnabled</ValueName>
2817 <Entry type="4" type_name="REG_DWORD">
2818 <Key>Software\Policies\Google\Chrome</Key>
2819 <ValueName>MediaRouterCastAllowAllIPs</ValueName>
2822 <Entry type="4" type_name="REG_DWORD">
2823 <Key>Software\Policies\Google\Chrome</Key>
2824 <ValueName>MetricsReportingEnabled</ValueName>
2827 <Entry type="4" type_name="REG_DWORD">
2828 <Key>Software\Policies\Google\Chrome</Key>
2829 <ValueName>NTPCardsVisible</ValueName>
2832 <Entry type="4" type_name="REG_DWORD">
2833 <Key>Software\Policies\Google\Chrome</Key>
2834 <ValueName>NTPCustomBackgroundEnabled</ValueName>
2837 <Entry type="4" type_name="REG_DWORD">
2838 <Key>Software\Policies\Google\Chrome</Key>
2839 <ValueName>NativeMessagingUserLevelHosts</ValueName>
2842 <Entry type="4" type_name="REG_DWORD">
2843 <Key>Software\Policies\Google\Chrome</Key>
2844 <ValueName>NetworkPredictionOptions</ValueName>
2847 <Entry type="1" type_name="REG_SZ">
2848 <Key>Software\Policies\Google\Chrome</Key>
2849 <ValueName>NewTabPageLocation</ValueName>
2850 <Value>https://www.chromium.org</Value>
2852 <Entry type="4" type_name="REG_DWORD">
2853 <Key>Software\Policies\Google\Chrome</Key>
2854 <ValueName>PasswordLeakDetectionEnabled</ValueName>
2857 <Entry type="4" type_name="REG_DWORD">
2858 <Key>Software\Policies\Google\Chrome</Key>
2859 <ValueName>PasswordManagerEnabled</ValueName>
2862 <Entry type="1" type_name="REG_SZ">
2863 <Key>Software\Policies\Google\Chrome</Key>
2864 <ValueName>PasswordProtectionChangePasswordURL</ValueName>
2865 <Value>https://mydomain.com/change_password.html</Value>
2867 <Entry type="4" type_name="REG_DWORD">
2868 <Key>Software\Policies\Google\Chrome</Key>
2869 <ValueName>PasswordProtectionWarningTrigger</ValueName>
2872 <Entry type="4" type_name="REG_DWORD">
2873 <Key>Software\Policies\Google\Chrome</Key>
2874 <ValueName>PaymentMethodQueryEnabled</ValueName>
2877 <Entry type="4" type_name="REG_DWORD">
2878 <Key>Software\Policies\Google\Chrome</Key>
2879 <ValueName>PolicyAtomicGroupsEnabled</ValueName>
2882 <Entry type="4" type_name="REG_DWORD">
2883 <Key>Software\Policies\Google\Chrome</Key>
2884 <ValueName>PolicyRefreshRate</ValueName>
2885 <Value>3600000</Value>
2887 <Entry type="4" type_name="REG_DWORD">
2888 <Key>Software\Policies\Google\Chrome</Key>
2889 <ValueName>PrintHeaderFooter</ValueName>
2892 <Entry type="4" type_name="REG_DWORD">
2893 <Key>Software\Policies\Google\Chrome</Key>
2894 <ValueName>PrintPreviewUseSystemDefaultPrinter</ValueName>
2897 <Entry type="4" type_name="REG_DWORD">
2898 <Key>Software\Policies\Google\Chrome</Key>
2899 <ValueName>PrintRasterizationMode</ValueName>
2902 <Entry type="1" type_name="REG_SZ">
2903 <Key>Software\Policies\Google\Chrome</Key>
2904 <ValueName>PrintingAllowedBackgroundGraphicsModes</ValueName>
2905 <Value>enabled</Value>
2907 <Entry type="1" type_name="REG_SZ">
2908 <Key>Software\Policies\Google\Chrome</Key>
2909 <ValueName>PrintingBackgroundGraphicsDefault</ValueName>
2910 <Value>enabled</Value>
2912 <Entry type="4" type_name="REG_DWORD">
2913 <Key>Software\Policies\Google\Chrome</Key>
2914 <ValueName>PrintingEnabled</ValueName>
2917 <Entry type="1" type_name="REG_SZ">
2918 <Key>Software\Policies\Google\Chrome</Key>
2919 <ValueName>PrintingPaperSizeDefault</ValueName>
2920 <Value>{"custom_size": {"height": 297000, "width": 210000}, "name": "custom"}</Value>
2922 <Entry type="4" type_name="REG_DWORD">
2923 <Key>Software\Policies\Google\Chrome</Key>
2924 <ValueName>ProfilePickerOnStartupAvailability</ValueName>
2927 <Entry type="4" type_name="REG_DWORD">
2928 <Key>Software\Policies\Google\Chrome</Key>
2929 <ValueName>PromotionalTabsEnabled</ValueName>
2932 <Entry type="4" type_name="REG_DWORD">
2933 <Key>Software\Policies\Google\Chrome</Key>
2934 <ValueName>PromptForDownloadLocation</ValueName>
2937 <Entry type="1" type_name="REG_SZ">
2938 <Key>Software\Policies\Google\Chrome</Key>
2939 <ValueName>ProxySettings</ValueName>
2940 <Value>{"ProxyBypassList": "https://www.example1.com,https://www.example2.com,https://internalsite/", "ProxyMode": "direct", "ProxyPacUrl": "https://internal.site/example.pac", "ProxyServer": "123.123.123.123:8080", "ProxyServerMode": 2}</Value>
2942 <Entry type="4" type_name="REG_DWORD">
2943 <Key>Software\Policies\Google\Chrome</Key>
2944 <ValueName>QuicAllowed</ValueName>
2947 <Entry type="4" type_name="REG_DWORD">
2948 <Key>Software\Policies\Google\Chrome</Key>
2949 <ValueName>RelaunchNotification</ValueName>
2952 <Entry type="4" type_name="REG_DWORD">
2953 <Key>Software\Policies\Google\Chrome</Key>
2954 <ValueName>RelaunchNotificationPeriod</ValueName>
2955 <Value>604800000</Value>
2957 <Entry type="4" type_name="REG_DWORD">
2958 <Key>Software\Policies\Google\Chrome</Key>
2959 <ValueName>RemoteAccessHostAllowClientPairing</ValueName>
2962 <Entry type="4" type_name="REG_DWORD">
2963 <Key>Software\Policies\Google\Chrome</Key>
2964 <ValueName>RemoteAccessHostAllowFileTransfer</ValueName>
2967 <Entry type="4" type_name="REG_DWORD">
2968 <Key>Software\Policies\Google\Chrome</Key>
2969 <ValueName>RemoteAccessHostAllowRelayedConnection</ValueName>
2972 <Entry type="4" type_name="REG_DWORD">
2973 <Key>Software\Policies\Google\Chrome</Key>
2974 <ValueName>RemoteAccessHostAllowRemoteAccessConnections</ValueName>
2977 <Entry type="4" type_name="REG_DWORD">
2978 <Key>Software\Policies\Google\Chrome</Key>
2979 <ValueName>RemoteAccessHostAllowUiAccessForRemoteAssistance</ValueName>
2982 <Entry type="4" type_name="REG_DWORD">
2983 <Key>Software\Policies\Google\Chrome</Key>
2984 <ValueName>RemoteAccessHostFirewallTraversal</ValueName>
2987 <Entry type="4" type_name="REG_DWORD">
2988 <Key>Software\Policies\Google\Chrome</Key>
2989 <ValueName>RemoteAccessHostMaximumSessionDurationMinutes</ValueName>
2992 <Entry type="4" type_name="REG_DWORD">
2993 <Key>Software\Policies\Google\Chrome</Key>
2994 <ValueName>RemoteAccessHostRequireCurtain</ValueName>
2997 <Entry type="1" type_name="REG_SZ">
2998 <Key>Software\Policies\Google\Chrome</Key>
2999 <ValueName>RemoteAccessHostUdpPortRange</ValueName>
3000 <Value>12400-12409</Value>
3002 <Entry type="4" type_name="REG_DWORD">
3003 <Key>Software\Policies\Google\Chrome</Key>
3004 <ValueName>RendererCodeIntegrityEnabled</ValueName>
3007 <Entry type="4" type_name="REG_DWORD">
3008 <Key>Software\Policies\Google\Chrome</Key>
3009 <ValueName>RequireOnlineRevocationChecksForLocalAnchors</ValueName>
3012 <Entry type="4" type_name="REG_DWORD">
3013 <Key>Software\Policies\Google\Chrome</Key>
3014 <ValueName>RestoreOnStartup</ValueName>
3017 <Entry type="1" type_name="REG_SZ">
3018 <Key>Software\Policies\Google\Chrome</Key>
3019 <ValueName>RestrictSigninToPattern</ValueName>
3020 <Value>.*@example\.com</Value>
3022 <Entry type="1" type_name="REG_SZ">
3023 <Key>Software\Policies\Google\Chrome</Key>
3024 <ValueName>RoamingProfileLocation</ValueName>
3025 <Value>${roaming_app_data}\chrome-profile</Value>
3027 <Entry type="4" type_name="REG_DWORD">
3028 <Key>Software\Policies\Google\Chrome</Key>
3029 <ValueName>RoamingProfileSupportEnabled</ValueName>
3032 <Entry type="4" type_name="REG_DWORD">
3033 <Key>Software\Policies\Google\Chrome</Key>
3034 <ValueName>SSLErrorOverrideAllowed</ValueName>
3037 <Entry type="1" type_name="REG_SZ">
3038 <Key>Software\Policies\Google\Chrome</Key>
3039 <ValueName>SSLVersionMin</ValueName>
3042 <Entry type="4" type_name="REG_DWORD">
3043 <Key>Software\Policies\Google\Chrome</Key>
3044 <ValueName>SafeBrowsingExtendedReportingEnabled</ValueName>
3047 <Entry type="4" type_name="REG_DWORD">
3048 <Key>Software\Policies\Google\Chrome</Key>
3049 <ValueName>SafeBrowsingForTrustedSourcesEnabled</ValueName>
3052 <Entry type="4" type_name="REG_DWORD">
3053 <Key>Software\Policies\Google\Chrome</Key>
3054 <ValueName>SafeBrowsingProtectionLevel</ValueName>
3057 <Entry type="4" type_name="REG_DWORD">
3058 <Key>Software\Policies\Google\Chrome</Key>
3059 <ValueName>SafeSitesFilterBehavior</ValueName>
3062 <Entry type="4" type_name="REG_DWORD">
3063 <Key>Software\Policies\Google\Chrome</Key>
3064 <ValueName>SavingBrowserHistoryDisabled</ValueName>
3067 <Entry type="4" type_name="REG_DWORD">
3068 <Key>Software\Policies\Google\Chrome</Key>
3069 <ValueName>ScreenCaptureAllowed</ValueName>
3072 <Entry type="4" type_name="REG_DWORD">
3073 <Key>Software\Policies\Google\Chrome</Key>
3074 <ValueName>ScrollToTextFragmentEnabled</ValueName>
3077 <Entry type="4" type_name="REG_DWORD">
3078 <Key>Software\Policies\Google\Chrome</Key>
3079 <ValueName>SearchSuggestEnabled</ValueName>
3082 <Entry type="4" type_name="REG_DWORD">
3083 <Key>Software\Policies\Google\Chrome</Key>
3084 <ValueName>SharedArrayBufferUnrestrictedAccessAllowed</ValueName>
3087 <Entry type="4" type_name="REG_DWORD">
3088 <Key>Software\Policies\Google\Chrome</Key>
3089 <ValueName>SharedClipboardEnabled</ValueName>
3092 <Entry type="4" type_name="REG_DWORD">
3093 <Key>Software\Policies\Google\Chrome</Key>
3094 <ValueName>ShowAppsShortcutInBookmarkBar</ValueName>
3097 <Entry type="4" type_name="REG_DWORD">
3098 <Key>Software\Policies\Google\Chrome</Key>
3099 <ValueName>ShowCastIconInToolbar</ValueName>
3102 <Entry type="4" type_name="REG_DWORD">
3103 <Key>Software\Policies\Google\Chrome</Key>
3104 <ValueName>ShowFullUrlsInAddressBar</ValueName>
3107 <Entry type="4" type_name="REG_DWORD">
3108 <Key>Software\Policies\Google\Chrome</Key>
3109 <ValueName>ShowHomeButton</ValueName>
3112 <Entry type="4" type_name="REG_DWORD">
3113 <Key>Software\Policies\Google\Chrome</Key>
3114 <ValueName>SignedHTTPExchangeEnabled</ValueName>
3117 <Entry type="4" type_name="REG_DWORD">
3118 <Key>Software\Policies\Google\Chrome</Key>
3119 <ValueName>SigninInterceptionEnabled</ValueName>
3122 <Entry type="4" type_name="REG_DWORD">
3123 <Key>Software\Policies\Google\Chrome</Key>
3124 <ValueName>SitePerProcess</ValueName>
3127 <Entry type="4" type_name="REG_DWORD">
3128 <Key>Software\Policies\Google\Chrome</Key>
3129 <ValueName>SpellCheckServiceEnabled</ValueName>
3132 <Entry type="4" type_name="REG_DWORD">
3133 <Key>Software\Policies\Google\Chrome</Key>
3134 <ValueName>SpellcheckEnabled</ValueName>
3137 <Entry type="4" type_name="REG_DWORD">
3138 <Key>Software\Policies\Google\Chrome</Key>
3139 <ValueName>SuppressDifferentOriginSubframeDialogs</ValueName>
3142 <Entry type="4" type_name="REG_DWORD">
3143 <Key>Software\Policies\Google\Chrome</Key>
3144 <ValueName>SuppressUnsupportedOSWarning</ValueName>
3147 <Entry type="4" type_name="REG_DWORD">
3148 <Key>Software\Policies\Google\Chrome</Key>
3149 <ValueName>SyncDisabled</ValueName>
3152 <Entry type="4" type_name="REG_DWORD">
3153 <Key>Software\Policies\Google\Chrome</Key>
3154 <ValueName>TargetBlankImpliesNoOpener</ValueName>
3157 <Entry type="4" type_name="REG_DWORD">
3158 <Key>Software\Policies\Google\Chrome</Key>
3159 <ValueName>TaskManagerEndProcessEnabled</ValueName>
3162 <Entry type="4" type_name="REG_DWORD">
3163 <Key>Software\Policies\Google\Chrome</Key>
3164 <ValueName>ThirdPartyBlockingEnabled</ValueName>
3167 <Entry type="4" type_name="REG_DWORD">
3168 <Key>Software\Policies\Google\Chrome</Key>
3169 <ValueName>TotalMemoryLimitMb</ValueName>
3172 <Entry type="4" type_name="REG_DWORD">
3173 <Key>Software\Policies\Google\Chrome</Key>
3174 <ValueName>TranslateEnabled</ValueName>
3177 <Entry type="4" type_name="REG_DWORD">
3178 <Key>Software\Policies\Google\Chrome</Key>
3179 <ValueName>TripleDESEnabled</ValueName>
3182 <Entry type="4" type_name="REG_DWORD">
3183 <Key>Software\Policies\Google\Chrome</Key>
3184 <ValueName>UrlKeyedAnonymizedDataCollectionEnabled</ValueName>
3187 <Entry type="4" type_name="REG_DWORD">
3188 <Key>Software\Policies\Google\Chrome</Key>
3189 <ValueName>UserAgentClientHintsEnabled</ValueName>
3192 <Entry type="1" type_name="REG_SZ">
3193 <Key>Software\Policies\Google\Chrome</Key>
3194 <ValueName>UserDataDir</ValueName>
3195 <Value>${users}/${user_name}/Chrome</Value>
3197 <Entry type="4" type_name="REG_DWORD">
3198 <Key>Software\Policies\Google\Chrome</Key>
3199 <ValueName>UserDataSnapshotRetentionLimit</ValueName>
3202 <Entry type="4" type_name="REG_DWORD">
3203 <Key>Software\Policies\Google\Chrome</Key>
3204 <ValueName>UserFeedbackAllowed</ValueName>
3207 <Entry type="4" type_name="REG_DWORD">
3208 <Key>Software\Policies\Google\Chrome</Key>
3209 <ValueName>VideoCaptureAllowed</ValueName>
3212 <Entry type="4" type_name="REG_DWORD">
3213 <Key>Software\Policies\Google\Chrome</Key>
3214 <ValueName>WPADQuickCheckEnabled</ValueName>
3217 <Entry type="1" type_name="REG_SZ">
3218 <Key>Software\Policies\Google\Chrome</Key>
3219 <ValueName>WebAppInstallForceList</ValueName>
3220 <Value>[{"create_desktop_shortcut": true, "default_launch_container": "window", "url": "https://www.google.com/maps"}, {"default_launch_container": "tab", "url": "https://docs.google.com"}, {"default_launch_container": "window", "fallback_app_name": "Editor", "url": "https://docs.google.com/editor"}]</Value>
3222 <Entry type="4" type_name="REG_DWORD">
3223 <Key>Software\Policies\Google\Chrome</Key>
3224 <ValueName>WebRtcAllowLegacyTLSProtocols</ValueName>
3227 <Entry type="4" type_name="REG_DWORD">
3228 <Key>Software\Policies\Google\Chrome</Key>
3229 <ValueName>WebRtcEventLogCollectionAllowed</ValueName>
3232 <Entry type="1" type_name="REG_SZ">
3233 <Key>Software\Policies\Google\Chrome</Key>
3234 <ValueName>WebRtcIPHandling</ValueName>
3235 <Value>default</Value>
3237 <Entry type="1" type_name="REG_SZ">
3238 <Key>Software\Policies\Google\Chrome</Key>
3239 <ValueName>WebRtcUdpPortRange</ValueName>
3240 <Value>10000-11999</Value>
3242 <Entry type="1" type_name="REG_SZ">
3243 <Key>Software\Policies\Google\Chrome</Key>
3244 <ValueName>WebUsbAllowDevicesForUrls</ValueName>
3245 <Value>[{"devices": [{"product_id": 5678, "vendor_id": 1234}], "urls": ["https://google.com"]}]</Value>
3247 <Entry type="4" type_name="REG_DWORD">
3248 <Key>Software\Policies\Google\Chrome</Key>
3249 <ValueName>WindowOcclusionEnabled</ValueName>
3252 <Entry type="1" type_name="REG_SZ">
3253 <Key>Software\Policies\Google\Chrome\AlternativeBrowserParameters</Key>
3254 <ValueName>1</ValueName>
3255 <Value>-foreground</Value>
3257 <Entry type="1" type_name="REG_SZ">
3258 <Key>Software\Policies\Google\Chrome\AlternativeBrowserParameters</Key>
3259 <ValueName>2</ValueName>
3260 <Value>-new-window</Value>
3262 <Entry type="1" type_name="REG_SZ">
3263 <Key>Software\Policies\Google\Chrome\AlternativeBrowserParameters</Key>
3264 <ValueName>3</ValueName>
3265 <Value>${url}</Value>
3267 <Entry type="1" type_name="REG_SZ">
3268 <Key>Software\Policies\Google\Chrome\AlternativeBrowserParameters</Key>
3269 <ValueName>4</ValueName>
3270 <Value>-profile</Value>
3272 <Entry type="1" type_name="REG_SZ">
3273 <Key>Software\Policies\Google\Chrome\AlternativeBrowserParameters</Key>
3274 <ValueName>5</ValueName>
3275 <Value>%HOME%\browser_profile</Value>
3277 <Entry type="1" type_name="REG_SZ">
3278 <Key>Software\Policies\Google\Chrome\AudioCaptureAllowedUrls</Key>
3279 <ValueName>1</ValueName>
3280 <Value>https://www.example.com/</Value>
3282 <Entry type="1" type_name="REG_SZ">
3283 <Key>Software\Policies\Google\Chrome\AudioCaptureAllowedUrls</Key>
3284 <ValueName>2</ValueName>
3285 <Value>https://[*.]example.edu/</Value>
3287 <Entry type="1" type_name="REG_SZ">
3288 <Key>Software\Policies\Google\Chrome\AutoOpenAllowedForURLs</Key>
3289 <ValueName>1</ValueName>
3290 <Value>example.com</Value>
3292 <Entry type="1" type_name="REG_SZ">
3293 <Key>Software\Policies\Google\Chrome\AutoOpenAllowedForURLs</Key>
3294 <ValueName>2</ValueName>
3295 <Value>https://ssl.server.com</Value>
3297 <Entry type="1" type_name="REG_SZ">
3298 <Key>Software\Policies\Google\Chrome\AutoOpenAllowedForURLs</Key>
3299 <ValueName>3</ValueName>
3300 <Value>hosting.com/good_path</Value>
3302 <Entry type="1" type_name="REG_SZ">
3303 <Key>Software\Policies\Google\Chrome\AutoOpenAllowedForURLs</Key>
3304 <ValueName>4</ValueName>
3305 <Value>https://server:8080/path</Value>
3307 <Entry type="1" type_name="REG_SZ">
3308 <Key>Software\Policies\Google\Chrome\AutoOpenAllowedForURLs</Key>
3309 <ValueName>5</ValueName>
3310 <Value>.exact.hostname.com</Value>
3312 <Entry type="1" type_name="REG_SZ">
3313 <Key>Software\Policies\Google\Chrome\AutoOpenFileTypes</Key>
3314 <ValueName>1</ValueName>
3317 <Entry type="1" type_name="REG_SZ">
3318 <Key>Software\Policies\Google\Chrome\AutoOpenFileTypes</Key>
3319 <ValueName>2</ValueName>
3322 <Entry type="1" type_name="REG_SZ">
3323 <Key>Software\Policies\Google\Chrome\AutoSelectCertificateForUrls</Key>
3324 <ValueName>1</ValueName>
3325 <Value>{"pattern":"https://www.example.com","filter":{"ISSUER":{"CN":"certificate issuer name", "L": "certificate issuer location", "O": "certificate issuer org", "OU": "certificate issuer org unit"}, "SUBJECT":{"CN":"certificate subject name", "L": "certificate subject location", "O": "certificate subject org", "OU": "certificate subject org unit"}}}</Value>
3327 <Entry type="1" type_name="REG_SZ">
3328 <Key>Software\Policies\Google\Chrome\AutoplayAllowlist</Key>
3329 <ValueName>1</ValueName>
3330 <Value>https://www.example.com</Value>
3332 <Entry type="1" type_name="REG_SZ">
3333 <Key>Software\Policies\Google\Chrome\AutoplayAllowlist</Key>
3334 <ValueName>2</ValueName>
3335 <Value>[*.]example.edu</Value>
3337 <Entry type="1" type_name="REG_SZ">
3338 <Key>Software\Policies\Google\Chrome\BrowserSwitcherChromeParameters</Key>
3339 <ValueName>1</ValueName>
3340 <Value>--force-dark-mode</Value>
3342 <Entry type="1" type_name="REG_SZ">
3343 <Key>Software\Policies\Google\Chrome\BrowserSwitcherUrlGreylist</Key>
3344 <ValueName>1</ValueName>
3345 <Value>ie.com</Value>
3347 <Entry type="1" type_name="REG_SZ">
3348 <Key>Software\Policies\Google\Chrome\BrowserSwitcherUrlGreylist</Key>
3349 <ValueName>2</ValueName>
3350 <Value>!open-in-chrome.ie.com</Value>
3352 <Entry type="1" type_name="REG_SZ">
3353 <Key>Software\Policies\Google\Chrome\BrowserSwitcherUrlGreylist</Key>
3354 <ValueName>3</ValueName>
3355 <Value>foobar.com/ie-only/</Value>
3357 <Entry type="1" type_name="REG_SZ">
3358 <Key>Software\Policies\Google\Chrome\BrowserSwitcherUrlList</Key>
3359 <ValueName>1</ValueName>
3360 <Value>ie.com</Value>
3362 <Entry type="1" type_name="REG_SZ">
3363 <Key>Software\Policies\Google\Chrome\BrowserSwitcherUrlList</Key>
3364 <ValueName>2</ValueName>
3365 <Value>!open-in-chrome.ie.com</Value>
3367 <Entry type="1" type_name="REG_SZ">
3368 <Key>Software\Policies\Google\Chrome\BrowserSwitcherUrlList</Key>
3369 <ValueName>3</ValueName>
3370 <Value>foobar.com/ie-only/</Value>
3372 <Entry type="1" type_name="REG_SZ">
3373 <Key>Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForCas</Key>
3374 <ValueName>1</ValueName>
3375 <Value>sha256/AAAAAAAAAAAAAAAAAAAAAA==</Value>
3377 <Entry type="1" type_name="REG_SZ">
3378 <Key>Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForCas</Key>
3379 <ValueName>2</ValueName>
3380 <Value>sha256//////////////////////w==</Value>
3382 <Entry type="1" type_name="REG_SZ">
3383 <Key>Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForLegacyCas</Key>
3384 <ValueName>1</ValueName>
3385 <Value>sha256/AAAAAAAAAAAAAAAAAAAAAA==</Value>
3387 <Entry type="1" type_name="REG_SZ">
3388 <Key>Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForLegacyCas</Key>
3389 <ValueName>2</ValueName>
3390 <Value>sha256//////////////////////w==</Value>
3392 <Entry type="1" type_name="REG_SZ">
3393 <Key>Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls</Key>
3394 <ValueName>1</ValueName>
3395 <Value>example.com</Value>
3397 <Entry type="1" type_name="REG_SZ">
3398 <Key>Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls</Key>
3399 <ValueName>2</ValueName>
3400 <Value>.example.com</Value>
3402 <Entry type="1" type_name="REG_SZ">
3403 <Key>Software\Policies\Google\Chrome\ClearBrowsingDataOnExitList</Key>
3404 <ValueName>1</ValueName>
3405 <Value>browsing_history</Value>
3407 <Entry type="1" type_name="REG_SZ">
3408 <Key>Software\Policies\Google\Chrome\ClearBrowsingDataOnExitList</Key>
3409 <ValueName>2</ValueName>
3410 <Value>download_history</Value>
3412 <Entry type="1" type_name="REG_SZ">
3413 <Key>Software\Policies\Google\Chrome\ClearBrowsingDataOnExitList</Key>
3414 <ValueName>3</ValueName>
3415 <Value>cookies_and_other_site_data</Value>
3417 <Entry type="1" type_name="REG_SZ">
3418 <Key>Software\Policies\Google\Chrome\ClearBrowsingDataOnExitList</Key>
3419 <ValueName>4</ValueName>
3420 <Value>cached_images_and_files</Value>
3422 <Entry type="1" type_name="REG_SZ">
3423 <Key>Software\Policies\Google\Chrome\ClearBrowsingDataOnExitList</Key>
3424 <ValueName>5</ValueName>
3425 <Value>password_signin</Value>
3427 <Entry type="1" type_name="REG_SZ">
3428 <Key>Software\Policies\Google\Chrome\ClearBrowsingDataOnExitList</Key>
3429 <ValueName>6</ValueName>
3430 <Value>autofill</Value>
3432 <Entry type="1" type_name="REG_SZ">
3433 <Key>Software\Policies\Google\Chrome\ClearBrowsingDataOnExitList</Key>
3434 <ValueName>7</ValueName>
3435 <Value>site_settings</Value>
3437 <Entry type="1" type_name="REG_SZ">
3438 <Key>Software\Policies\Google\Chrome\ClearBrowsingDataOnExitList</Key>
3439 <ValueName>8</ValueName>
3440 <Value>hosted_app_data</Value>
3442 <Entry type="1" type_name="REG_SZ">
3443 <Key>Software\Policies\Google\Chrome\CookiesAllowedForUrls</Key>
3444 <ValueName>1</ValueName>
3445 <Value>https://www.example.com</Value>
3447 <Entry type="1" type_name="REG_SZ">
3448 <Key>Software\Policies\Google\Chrome\CookiesAllowedForUrls</Key>
3449 <ValueName>2</ValueName>
3450 <Value>[*.]example.edu</Value>
3452 <Entry type="1" type_name="REG_SZ">
3453 <Key>Software\Policies\Google\Chrome\CookiesBlockedForUrls</Key>
3454 <ValueName>1</ValueName>
3455 <Value>https://www.example.com</Value>
3457 <Entry type="1" type_name="REG_SZ">
3458 <Key>Software\Policies\Google\Chrome\CookiesBlockedForUrls</Key>
3459 <ValueName>2</ValueName>
3460 <Value>[*.]example.edu</Value>
3462 <Entry type="1" type_name="REG_SZ">
3463 <Key>Software\Policies\Google\Chrome\CookiesSessionOnlyForUrls</Key>
3464 <ValueName>1</ValueName>
3465 <Value>https://www.example.com</Value>
3467 <Entry type="1" type_name="REG_SZ">
3468 <Key>Software\Policies\Google\Chrome\CookiesSessionOnlyForUrls</Key>
3469 <ValueName>2</ValueName>
3470 <Value>[*.]example.edu</Value>
3472 <Entry type="1" type_name="REG_SZ">
3473 <Key>Software\Policies\Google\Chrome\DefaultSearchProviderAlternateURLs</Key>
3474 <ValueName>1</ValueName>
3475 <Value>https://search.my.company/suggest#q={searchTerms}</Value>
3477 <Entry type="1" type_name="REG_SZ">
3478 <Key>Software\Policies\Google\Chrome\DefaultSearchProviderAlternateURLs</Key>
3479 <ValueName>2</ValueName>
3480 <Value>https://search.my.company/suggest/search#q={searchTerms}</Value>
3482 <Entry type="1" type_name="REG_SZ">
3483 <Key>Software\Policies\Google\Chrome\DefaultSearchProviderEncodings</Key>
3484 <ValueName>1</ValueName>
3485 <Value>UTF-8</Value>
3487 <Entry type="1" type_name="REG_SZ">
3488 <Key>Software\Policies\Google\Chrome\DefaultSearchProviderEncodings</Key>
3489 <ValueName>2</ValueName>
3490 <Value>UTF-16</Value>
3492 <Entry type="1" type_name="REG_SZ">
3493 <Key>Software\Policies\Google\Chrome\DefaultSearchProviderEncodings</Key>
3494 <ValueName>3</ValueName>
3495 <Value>GB2312</Value>
3497 <Entry type="1" type_name="REG_SZ">
3498 <Key>Software\Policies\Google\Chrome\DefaultSearchProviderEncodings</Key>
3499 <ValueName>4</ValueName>
3500 <Value>ISO-8859-1</Value>
3502 <Entry type="1" type_name="REG_SZ">
3503 <Key>Software\Policies\Google\Chrome\EnableExperimentalPolicies</Key>
3504 <ValueName>1</ValueName>
3505 <Value>ExtensionInstallAllowlist</Value>
3507 <Entry type="1" type_name="REG_SZ">
3508 <Key>Software\Policies\Google\Chrome\EnableExperimentalPolicies</Key>
3509 <ValueName>2</ValueName>
3510 <Value>ExtensionInstallBlocklist</Value>
3512 <Entry type="1" type_name="REG_SZ">
3513 <Key>Software\Policies\Google\Chrome\ExplicitlyAllowedNetworkPorts</Key>
3514 <ValueName>1</ValueName>
3515 <Value>10080</Value>
3517 <Entry type="1" type_name="REG_SZ">
3518 <Key>Software\Policies\Google\Chrome\ExtensionAllowedTypes</Key>
3519 <ValueName>1</ValueName>
3520 <Value>hosted_app</Value>
3522 <Entry type="1" type_name="REG_SZ">
3523 <Key>Software\Policies\Google\Chrome\ExtensionInstallAllowlist</Key>
3524 <ValueName>1</ValueName>
3525 <Value>extension_id1</Value>
3527 <Entry type="1" type_name="REG_SZ">
3528 <Key>Software\Policies\Google\Chrome\ExtensionInstallAllowlist</Key>
3529 <ValueName>2</ValueName>
3530 <Value>extension_id2</Value>
3532 <Entry type="1" type_name="REG_SZ">
3533 <Key>Software\Policies\Google\Chrome\ExtensionInstallBlocklist</Key>
3534 <ValueName>1</ValueName>
3535 <Value>extension_id1</Value>
3537 <Entry type="1" type_name="REG_SZ">
3538 <Key>Software\Policies\Google\Chrome\ExtensionInstallBlocklist</Key>
3539 <ValueName>2</ValueName>
3540 <Value>extension_id2</Value>
3542 <Entry type="1" type_name="REG_SZ">
3543 <Key>Software\Policies\Google\Chrome\ExtensionInstallForcelist</Key>
3544 <ValueName>1</ValueName>
3545 <Value>aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa;https://clients2.google.com/service/update2/crx</Value>
3547 <Entry type="1" type_name="REG_SZ">
3548 <Key>Software\Policies\Google\Chrome\ExtensionInstallForcelist</Key>
3549 <ValueName>2</ValueName>
3550 <Value>abcdefghijklmnopabcdefghijklmnop</Value>
3552 <Entry type="1" type_name="REG_SZ">
3553 <Key>Software\Policies\Google\Chrome\ExtensionInstallSources</Key>
3554 <ValueName>1</ValueName>
3555 <Value>https://corp.mycompany.com/*</Value>
3557 <Entry type="1" type_name="REG_SZ">
3558 <Key>Software\Policies\Google\Chrome\FileHandlingAllowedForUrls</Key>
3559 <ValueName>1</ValueName>
3560 <Value>https://www.example.com</Value>
3562 <Entry type="1" type_name="REG_SZ">
3563 <Key>Software\Policies\Google\Chrome\FileHandlingAllowedForUrls</Key>
3564 <ValueName>2</ValueName>
3565 <Value>[*.]example.edu</Value>
3567 <Entry type="1" type_name="REG_SZ">
3568 <Key>Software\Policies\Google\Chrome\FileHandlingBlockedForUrls</Key>
3569 <ValueName>1</ValueName>
3570 <Value>https://www.example.com</Value>
3572 <Entry type="1" type_name="REG_SZ">
3573 <Key>Software\Policies\Google\Chrome\FileHandlingBlockedForUrls</Key>
3574 <ValueName>2</ValueName>
3575 <Value>[*.]example.edu</Value>
3577 <Entry type="1" type_name="REG_SZ">
3578 <Key>Software\Policies\Google\Chrome\FileSystemReadAskForUrls</Key>
3579 <ValueName>1</ValueName>
3580 <Value>https://www.example.com</Value>
3582 <Entry type="1" type_name="REG_SZ">
3583 <Key>Software\Policies\Google\Chrome\FileSystemReadAskForUrls</Key>
3584 <ValueName>2</ValueName>
3585 <Value>[*.]example.edu</Value>
3587 <Entry type="1" type_name="REG_SZ">
3588 <Key>Software\Policies\Google\Chrome\FileSystemReadBlockedForUrls</Key>
3589 <ValueName>1</ValueName>
3590 <Value>https://www.example.com</Value>
3592 <Entry type="1" type_name="REG_SZ">
3593 <Key>Software\Policies\Google\Chrome\FileSystemReadBlockedForUrls</Key>
3594 <ValueName>2</ValueName>
3595 <Value>[*.]example.edu</Value>
3597 <Entry type="1" type_name="REG_SZ">
3598 <Key>Software\Policies\Google\Chrome\FileSystemWriteAskForUrls</Key>
3599 <ValueName>1</ValueName>
3600 <Value>https://www.example.com</Value>
3602 <Entry type="1" type_name="REG_SZ">
3603 <Key>Software\Policies\Google\Chrome\FileSystemWriteAskForUrls</Key>
3604 <ValueName>2</ValueName>
3605 <Value>[*.]example.edu</Value>
3607 <Entry type="1" type_name="REG_SZ">
3608 <Key>Software\Policies\Google\Chrome\FileSystemWriteBlockedForUrls</Key>
3609 <ValueName>1</ValueName>
3610 <Value>https://www.example.com</Value>
3612 <Entry type="1" type_name="REG_SZ">
3613 <Key>Software\Policies\Google\Chrome\FileSystemWriteBlockedForUrls</Key>
3614 <ValueName>2</ValueName>
3615 <Value>[*.]example.edu</Value>
3617 <Entry type="1" type_name="REG_SZ">
3618 <Key>Software\Policies\Google\Chrome\ForcedLanguages</Key>
3619 <ValueName>1</ValueName>
3620 <Value>en-US</Value>
3622 <Entry type="1" type_name="REG_SZ">
3623 <Key>Software\Policies\Google\Chrome\HSTSPolicyBypassList</Key>
3624 <ValueName>1</ValueName>
3627 <Entry type="1" type_name="REG_SZ">
3628 <Key>Software\Policies\Google\Chrome\ImagesAllowedForUrls</Key>
3629 <ValueName>1</ValueName>
3630 <Value>https://www.example.com</Value>
3632 <Entry type="1" type_name="REG_SZ">
3633 <Key>Software\Policies\Google\Chrome\ImagesAllowedForUrls</Key>
3634 <ValueName>2</ValueName>
3635 <Value>[*.]example.edu</Value>
3637 <Entry type="1" type_name="REG_SZ">
3638 <Key>Software\Policies\Google\Chrome\ImagesBlockedForUrls</Key>
3639 <ValueName>1</ValueName>
3640 <Value>https://www.example.com</Value>
3642 <Entry type="1" type_name="REG_SZ">
3643 <Key>Software\Policies\Google\Chrome\ImagesBlockedForUrls</Key>
3644 <ValueName>2</ValueName>
3645 <Value>[*.]example.edu</Value>
3647 <Entry type="1" type_name="REG_SZ">
3648 <Key>Software\Policies\Google\Chrome\InsecureContentAllowedForUrls</Key>
3649 <ValueName>1</ValueName>
3650 <Value>https://www.example.com</Value>
3652 <Entry type="1" type_name="REG_SZ">
3653 <Key>Software\Policies\Google\Chrome\InsecureContentAllowedForUrls</Key>
3654 <ValueName>2</ValueName>
3655 <Value>[*.]example.edu</Value>
3657 <Entry type="1" type_name="REG_SZ">
3658 <Key>Software\Policies\Google\Chrome\InsecureContentBlockedForUrls</Key>
3659 <ValueName>1</ValueName>
3660 <Value>https://www.example.com</Value>
3662 <Entry type="1" type_name="REG_SZ">
3663 <Key>Software\Policies\Google\Chrome\InsecureContentBlockedForUrls</Key>
3664 <ValueName>2</ValueName>
3665 <Value>[*.]example.edu</Value>
3667 <Entry type="1" type_name="REG_SZ">
3668 <Key>Software\Policies\Google\Chrome\InsecurePrivateNetworkRequestsAllowedForUrls</Key>
3669 <ValueName>1</ValueName>
3670 <Value>http://www.example.com:8080</Value>
3672 <Entry type="1" type_name="REG_SZ">
3673 <Key>Software\Policies\Google\Chrome\InsecurePrivateNetworkRequestsAllowedForUrls</Key>
3674 <ValueName>2</ValueName>
3675 <Value>[*.]example.edu</Value>
3677 <Entry type="1" type_name="REG_SZ">
3678 <Key>Software\Policies\Google\Chrome\JavaScriptAllowedForUrls</Key>
3679 <ValueName>1</ValueName>
3680 <Value>https://www.example.com</Value>
3682 <Entry type="1" type_name="REG_SZ">
3683 <Key>Software\Policies\Google\Chrome\JavaScriptAllowedForUrls</Key>
3684 <ValueName>2</ValueName>
3685 <Value>[*.]example.edu</Value>
3687 <Entry type="1" type_name="REG_SZ">
3688 <Key>Software\Policies\Google\Chrome\JavaScriptBlockedForUrls</Key>
3689 <ValueName>1</ValueName>
3690 <Value>https://www.example.com</Value>
3692 <Entry type="1" type_name="REG_SZ">
3693 <Key>Software\Policies\Google\Chrome\JavaScriptBlockedForUrls</Key>
3694 <ValueName>2</ValueName>
3695 <Value>[*.]example.edu</Value>
3697 <Entry type="1" type_name="REG_SZ">
3698 <Key>Software\Policies\Google\Chrome\LegacySameSiteCookieBehaviorEnabledForDomainList</Key>
3699 <ValueName>1</ValueName>
3700 <Value>www.example.com</Value>
3702 <Entry type="1" type_name="REG_SZ">
3703 <Key>Software\Policies\Google\Chrome\LegacySameSiteCookieBehaviorEnabledForDomainList</Key>
3704 <ValueName>2</ValueName>
3705 <Value>[*.]example.edu</Value>
3707 <Entry type="1" type_name="REG_SZ">
3708 <Key>Software\Policies\Google\Chrome\LookalikeWarningAllowlistDomains</Key>
3709 <ValueName>1</ValueName>
3710 <Value>foo.example.com</Value>
3712 <Entry type="1" type_name="REG_SZ">
3713 <Key>Software\Policies\Google\Chrome\LookalikeWarningAllowlistDomains</Key>
3714 <ValueName>2</ValueName>
3715 <Value>example.org</Value>
3717 <Entry type="1" type_name="REG_SZ">
3718 <Key>Software\Policies\Google\Chrome\NativeMessagingAllowlist</Key>
3719 <ValueName>1</ValueName>
3720 <Value>com.native.messaging.host.name1</Value>
3722 <Entry type="1" type_name="REG_SZ">
3723 <Key>Software\Policies\Google\Chrome\NativeMessagingAllowlist</Key>
3724 <ValueName>2</ValueName>
3725 <Value>com.native.messaging.host.name2</Value>
3727 <Entry type="1" type_name="REG_SZ">
3728 <Key>Software\Policies\Google\Chrome\NativeMessagingBlocklist</Key>
3729 <ValueName>1</ValueName>
3730 <Value>com.native.messaging.host.name1</Value>
3732 <Entry type="1" type_name="REG_SZ">
3733 <Key>Software\Policies\Google\Chrome\NativeMessagingBlocklist</Key>
3734 <ValueName>2</ValueName>
3735 <Value>com.native.messaging.host.name2</Value>
3737 <Entry type="1" type_name="REG_SZ">
3738 <Key>Software\Policies\Google\Chrome\NotificationsAllowedForUrls</Key>
3739 <ValueName>1</ValueName>
3740 <Value>https://www.example.com</Value>
3742 <Entry type="1" type_name="REG_SZ">
3743 <Key>Software\Policies\Google\Chrome\NotificationsAllowedForUrls</Key>
3744 <ValueName>2</ValueName>
3745 <Value>[*.]example.edu</Value>
3747 <Entry type="1" type_name="REG_SZ">
3748 <Key>Software\Policies\Google\Chrome\NotificationsBlockedForUrls</Key>
3749 <ValueName>1</ValueName>
3750 <Value>https://www.example.com</Value>
3752 <Entry type="1" type_name="REG_SZ">
3753 <Key>Software\Policies\Google\Chrome\NotificationsBlockedForUrls</Key>
3754 <ValueName>2</ValueName>
3755 <Value>[*.]example.edu</Value>
3757 <Entry type="1" type_name="REG_SZ">
3758 <Key>Software\Policies\Google\Chrome\OverrideSecurityRestrictionsOnInsecureOrigin</Key>
3759 <ValueName>1</ValueName>
3760 <Value>http://testserver.example.com/</Value>
3762 <Entry type="1" type_name="REG_SZ">
3763 <Key>Software\Policies\Google\Chrome\OverrideSecurityRestrictionsOnInsecureOrigin</Key>
3764 <ValueName>2</ValueName>
3765 <Value>*.example.org</Value>
3767 <Entry type="1" type_name="REG_SZ">
3768 <Key>Software\Policies\Google\Chrome\PasswordProtectionLoginURLs</Key>
3769 <ValueName>1</ValueName>
3770 <Value>https://mydomain.com/login.html</Value>
3772 <Entry type="1" type_name="REG_SZ">
3773 <Key>Software\Policies\Google\Chrome\PasswordProtectionLoginURLs</Key>
3774 <ValueName>2</ValueName>
3775 <Value>https://login.mydomain.com</Value>
3777 <Entry type="1" type_name="REG_SZ">
3778 <Key>Software\Policies\Google\Chrome\PolicyDictionaryMultipleSourceMergeList</Key>
3779 <ValueName>1</ValueName>
3780 <Value>ExtensionSettings</Value>
3782 <Entry type="1" type_name="REG_SZ">
3783 <Key>Software\Policies\Google\Chrome\PolicyListMultipleSourceMergeList</Key>
3784 <ValueName>1</ValueName>
3785 <Value>ExtensionInstallAllowlist</Value>
3787 <Entry type="1" type_name="REG_SZ">
3788 <Key>Software\Policies\Google\Chrome\PolicyListMultipleSourceMergeList</Key>
3789 <ValueName>2</ValueName>
3790 <Value>ExtensionInstallBlocklist</Value>
3792 <Entry type="1" type_name="REG_SZ">
3793 <Key>Software\Policies\Google\Chrome\PopupsAllowedForUrls</Key>
3794 <ValueName>1</ValueName>
3795 <Value>https://www.example.com</Value>
3797 <Entry type="1" type_name="REG_SZ">
3798 <Key>Software\Policies\Google\Chrome\PopupsAllowedForUrls</Key>
3799 <ValueName>2</ValueName>
3800 <Value>[*.]example.edu</Value>
3802 <Entry type="1" type_name="REG_SZ">
3803 <Key>Software\Policies\Google\Chrome\PopupsBlockedForUrls</Key>
3804 <ValueName>1</ValueName>
3805 <Value>https://www.example.com</Value>
3807 <Entry type="1" type_name="REG_SZ">
3808 <Key>Software\Policies\Google\Chrome\PopupsBlockedForUrls</Key>
3809 <ValueName>2</ValueName>
3810 <Value>[*.]example.edu</Value>
3812 <Entry type="1" type_name="REG_SZ">
3813 <Key>Software\Policies\Google\Chrome\PrinterTypeDenyList</Key>
3814 <ValueName>1</ValueName>
3815 <Value>cloud</Value>
3817 <Entry type="1" type_name="REG_SZ">
3818 <Key>Software\Policies\Google\Chrome\PrinterTypeDenyList</Key>
3819 <ValueName>2</ValueName>
3820 <Value>privet</Value>
3822 <Entry type="1" type_name="REG_SZ">
3823 <Key>Software\Policies\Google\Chrome\RemoteAccessHostClientDomainList</Key>
3824 <ValueName>1</ValueName>
3825 <Value>my-awesome-domain.com</Value>
3827 <Entry type="1" type_name="REG_SZ">
3828 <Key>Software\Policies\Google\Chrome\RemoteAccessHostClientDomainList</Key>
3829 <ValueName>2</ValueName>
3830 <Value>my-auxiliary-domain.com</Value>
3832 <Entry type="1" type_name="REG_SZ">
3833 <Key>Software\Policies\Google\Chrome\RemoteAccessHostDomainList</Key>
3834 <ValueName>1</ValueName>
3835 <Value>my-awesome-domain.com</Value>
3837 <Entry type="1" type_name="REG_SZ">
3838 <Key>Software\Policies\Google\Chrome\RemoteAccessHostDomainList</Key>
3839 <ValueName>2</ValueName>
3840 <Value>my-auxiliary-domain.com</Value>
3842 <Entry type="1" type_name="REG_SZ">
3843 <Key>Software\Policies\Google\Chrome\RestoreOnStartupURLs</Key>
3844 <ValueName>1</ValueName>
3845 <Value>https://example.com</Value>
3847 <Entry type="1" type_name="REG_SZ">
3848 <Key>Software\Policies\Google\Chrome\RestoreOnStartupURLs</Key>
3849 <ValueName>2</ValueName>
3850 <Value>https://www.chromium.org</Value>
3852 <Entry type="1" type_name="REG_SZ">
3853 <Key>Software\Policies\Google\Chrome\SSLErrorOverrideAllowedForOrigins</Key>
3854 <ValueName>1</ValueName>
3855 <Value>https://www.example.com</Value>
3857 <Entry type="1" type_name="REG_SZ">
3858 <Key>Software\Policies\Google\Chrome\SSLErrorOverrideAllowedForOrigins</Key>
3859 <ValueName>2</ValueName>
3860 <Value>[*.]example.edu</Value>
3862 <Entry type="1" type_name="REG_SZ">
3863 <Key>Software\Policies\Google\Chrome\SafeBrowsingAllowlistDomains</Key>
3864 <ValueName>1</ValueName>
3865 <Value>mydomain.com</Value>
3867 <Entry type="1" type_name="REG_SZ">
3868 <Key>Software\Policies\Google\Chrome\SafeBrowsingAllowlistDomains</Key>
3869 <ValueName>2</ValueName>
3870 <Value>myuniversity.edu</Value>
3872 <Entry type="1" type_name="REG_SZ">
3873 <Key>Software\Policies\Google\Chrome\SecurityKeyPermitAttestation</Key>
3874 <ValueName>1</ValueName>
3875 <Value>https://example.com</Value>
3877 <Entry type="1" type_name="REG_SZ">
3878 <Key>Software\Policies\Google\Chrome\SensorsAllowedForUrls</Key>
3879 <ValueName>1</ValueName>
3880 <Value>https://www.example.com</Value>
3882 <Entry type="1" type_name="REG_SZ">
3883 <Key>Software\Policies\Google\Chrome\SensorsAllowedForUrls</Key>
3884 <ValueName>2</ValueName>
3885 <Value>[*.]example.edu</Value>
3887 <Entry type="1" type_name="REG_SZ">
3888 <Key>Software\Policies\Google\Chrome\SensorsBlockedForUrls</Key>
3889 <ValueName>1</ValueName>
3890 <Value>https://www.example.com</Value>
3892 <Entry type="1" type_name="REG_SZ">
3893 <Key>Software\Policies\Google\Chrome\SensorsBlockedForUrls</Key>
3894 <ValueName>2</ValueName>
3895 <Value>[*.]example.edu</Value>
3897 <Entry type="1" type_name="REG_SZ">
3898 <Key>Software\Policies\Google\Chrome\SerialAskForUrls</Key>
3899 <ValueName>1</ValueName>
3900 <Value>https://www.example.com</Value>
3902 <Entry type="1" type_name="REG_SZ">
3903 <Key>Software\Policies\Google\Chrome\SerialAskForUrls</Key>
3904 <ValueName>2</ValueName>
3905 <Value>[*.]example.edu</Value>
3907 <Entry type="1" type_name="REG_SZ">
3908 <Key>Software\Policies\Google\Chrome\SerialBlockedForUrls</Key>
3909 <ValueName>1</ValueName>
3910 <Value>https://www.example.com</Value>
3912 <Entry type="1" type_name="REG_SZ">
3913 <Key>Software\Policies\Google\Chrome\SerialBlockedForUrls</Key>
3914 <ValueName>2</ValueName>
3915 <Value>[*.]example.edu</Value>
3917 <Entry type="1" type_name="REG_SZ">
3918 <Key>Software\Policies\Google\Chrome\SpellcheckLanguage</Key>
3919 <ValueName>1</ValueName>
3922 <Entry type="1" type_name="REG_SZ">
3923 <Key>Software\Policies\Google\Chrome\SpellcheckLanguage</Key>
3924 <ValueName>2</ValueName>
3927 <Entry type="1" type_name="REG_SZ">
3928 <Key>Software\Policies\Google\Chrome\SpellcheckLanguageBlocklist</Key>
3929 <ValueName>1</ValueName>
3932 <Entry type="1" type_name="REG_SZ">
3933 <Key>Software\Policies\Google\Chrome\SpellcheckLanguageBlocklist</Key>
3934 <ValueName>2</ValueName>
3937 <Entry type="1" type_name="REG_SZ">
3938 <Key>Software\Policies\Google\Chrome\SyncTypesListDisabled</Key>
3939 <ValueName>1</ValueName>
3940 <Value>bookmarks</Value>
3942 <Entry type="1" type_name="REG_SZ">
3943 <Key>Software\Policies\Google\Chrome\URLAllowlist</Key>
3944 <ValueName>1</ValueName>
3945 <Value>example.com</Value>
3947 <Entry type="1" type_name="REG_SZ">
3948 <Key>Software\Policies\Google\Chrome\URLAllowlist</Key>
3949 <ValueName>2</ValueName>
3950 <Value>https://ssl.server.com</Value>
3952 <Entry type="1" type_name="REG_SZ">
3953 <Key>Software\Policies\Google\Chrome\URLAllowlist</Key>
3954 <ValueName>3</ValueName>
3955 <Value>hosting.com/good_path</Value>
3957 <Entry type="1" type_name="REG_SZ">
3958 <Key>Software\Policies\Google\Chrome\URLAllowlist</Key>
3959 <ValueName>4</ValueName>
3960 <Value>https://server:8080/path</Value>
3962 <Entry type="1" type_name="REG_SZ">
3963 <Key>Software\Policies\Google\Chrome\URLAllowlist</Key>
3964 <ValueName>5</ValueName>
3965 <Value>.exact.hostname.com</Value>
3967 <Entry type="1" type_name="REG_SZ">
3968 <Key>Software\Policies\Google\Chrome\URLBlocklist</Key>
3969 <ValueName>1</ValueName>
3970 <Value>example.com</Value>
3972 <Entry type="1" type_name="REG_SZ">
3973 <Key>Software\Policies\Google\Chrome\URLBlocklist</Key>
3974 <ValueName>2</ValueName>
3975 <Value>https://ssl.server.com</Value>
3977 <Entry type="1" type_name="REG_SZ">
3978 <Key>Software\Policies\Google\Chrome\URLBlocklist</Key>
3979 <ValueName>3</ValueName>
3980 <Value>hosting.com/bad_path</Value>
3982 <Entry type="1" type_name="REG_SZ">
3983 <Key>Software\Policies\Google\Chrome\URLBlocklist</Key>
3984 <ValueName>4</ValueName>
3985 <Value>https://server:8080/path</Value>
3987 <Entry type="1" type_name="REG_SZ">
3988 <Key>Software\Policies\Google\Chrome\URLBlocklist</Key>
3989 <ValueName>5</ValueName>
3990 <Value>.exact.hostname.com</Value>
3992 <Entry type="1" type_name="REG_SZ">
3993 <Key>Software\Policies\Google\Chrome\URLBlocklist</Key>
3994 <ValueName>6</ValueName>
3995 <Value>file://*</Value>
3997 <Entry type="1" type_name="REG_SZ">
3998 <Key>Software\Policies\Google\Chrome\URLBlocklist</Key>
3999 <ValueName>7</ValueName>
4000 <Value>custom_scheme:*</Value>
4002 <Entry type="1" type_name="REG_SZ">
4003 <Key>Software\Policies\Google\Chrome\URLBlocklist</Key>
4004 <ValueName>8</ValueName>
4007 <Entry type="1" type_name="REG_SZ">
4008 <Key>Software\Policies\Google\Chrome\VideoCaptureAllowedUrls</Key>
4009 <ValueName>1</ValueName>
4010 <Value>https://www.example.com/</Value>
4012 <Entry type="1" type_name="REG_SZ">
4013 <Key>Software\Policies\Google\Chrome\VideoCaptureAllowedUrls</Key>
4014 <ValueName>2</ValueName>
4015 <Value>https://[*.]example.edu/</Value>
4017 <Entry type="1" type_name="REG_SZ">
4018 <Key>Software\Policies\Google\Chrome\WebRtcLocalIpsAllowedUrls</Key>
4019 <ValueName>1</ValueName>
4020 <Value>https://www.example.com</Value>
4022 <Entry type="1" type_name="REG_SZ">
4023 <Key>Software\Policies\Google\Chrome\WebRtcLocalIpsAllowedUrls</Key>
4024 <ValueName>2</ValueName>
4025 <Value>*example.com*</Value>
4027 <Entry type="1" type_name="REG_SZ">
4028 <Key>Software\Policies\Google\Chrome\WebUsbAskForUrls</Key>
4029 <ValueName>1</ValueName>
4030 <Value>https://www.example.com</Value>
4032 <Entry type="1" type_name="REG_SZ">
4033 <Key>Software\Policies\Google\Chrome\WebUsbAskForUrls</Key>
4034 <ValueName>2</ValueName>
4035 <Value>[*.]example.edu</Value>
4037 <Entry type="1" type_name="REG_SZ">
4038 <Key>Software\Policies\Google\Chrome\WebUsbBlockedForUrls</Key>
4039 <ValueName>1</ValueName>
4040 <Value>https://www.example.com</Value>
4042 <Entry type="1" type_name="REG_SZ">
4043 <Key>Software\Policies\Google\Chrome\WebUsbBlockedForUrls</Key>
4044 <ValueName>2</ValueName>
4045 <Value>[*.]example.edu</Value>
4047 <Entry type="4" type_name="REG_DWORD">
4048 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4049 <ValueName>AlternateErrorPagesEnabled</ValueName>
4052 <Entry type="1" type_name="REG_SZ">
4053 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4054 <ValueName>ApplicationLocaleValue</ValueName>
4057 <Entry type="4" type_name="REG_DWORD">
4058 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4059 <ValueName>AutofillAddressEnabled</ValueName>
4062 <Entry type="4" type_name="REG_DWORD">
4063 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4064 <ValueName>AutofillCreditCardEnabled</ValueName>
4067 <Entry type="4" type_name="REG_DWORD">
4068 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4069 <ValueName>BackgroundModeEnabled</ValueName>
4072 <Entry type="4" type_name="REG_DWORD">
4073 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4074 <ValueName>BlockThirdPartyCookies</ValueName>
4077 <Entry type="4" type_name="REG_DWORD">
4078 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4079 <ValueName>BookmarkBarEnabled</ValueName>
4082 <Entry type="1" type_name="REG_SZ">
4083 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4084 <ValueName>DefaultDownloadDirectory</ValueName>
4085 <Value>/home/${user_name}/Downloads</Value>
4087 <Entry type="1" type_name="REG_SZ">
4088 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4089 <ValueName>DownloadDirectory</ValueName>
4090 <Value>/home/${user_name}/Downloads</Value>
4092 <Entry type="4" type_name="REG_DWORD">
4093 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4094 <ValueName>DownloadRestrictions</ValueName>
4097 <Entry type="4" type_name="REG_DWORD">
4098 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4099 <ValueName>HomepageIsNewTabPage</ValueName>
4102 <Entry type="1" type_name="REG_SZ">
4103 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4104 <ValueName>HomepageLocation</ValueName>
4105 <Value>https://www.chromium.org</Value>
4107 <Entry type="4" type_name="REG_DWORD">
4108 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4109 <ValueName>ImportAutofillFormData</ValueName>
4112 <Entry type="4" type_name="REG_DWORD">
4113 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4114 <ValueName>ImportBookmarks</ValueName>
4117 <Entry type="4" type_name="REG_DWORD">
4118 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4119 <ValueName>ImportHistory</ValueName>
4122 <Entry type="4" type_name="REG_DWORD">
4123 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4124 <ValueName>ImportSavedPasswords</ValueName>
4127 <Entry type="4" type_name="REG_DWORD">
4128 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4129 <ValueName>ImportSearchEngine</ValueName>
4132 <Entry type="4" type_name="REG_DWORD">
4133 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4134 <ValueName>MetricsReportingEnabled</ValueName>
4137 <Entry type="4" type_name="REG_DWORD">
4138 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4139 <ValueName>NetworkPredictionOptions</ValueName>
4142 <Entry type="4" type_name="REG_DWORD">
4143 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4144 <ValueName>PasswordLeakDetectionEnabled</ValueName>
4147 <Entry type="4" type_name="REG_DWORD">
4148 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4149 <ValueName>PasswordManagerEnabled</ValueName>
4152 <Entry type="4" type_name="REG_DWORD">
4153 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4154 <ValueName>PrintHeaderFooter</ValueName>
4157 <Entry type="4" type_name="REG_DWORD">
4158 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4159 <ValueName>PrintPreviewUseSystemDefaultPrinter</ValueName>
4162 <Entry type="1" type_name="REG_SZ">
4163 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4164 <ValueName>RegisteredProtocolHandlers</ValueName>
4165 <Value>[{"default": true, "protocol": "mailto", "url": "https://mail.google.com/mail/?extsrc=mailto&url=%s"}]</Value>
4167 <Entry type="4" type_name="REG_DWORD">
4168 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4169 <ValueName>RestoreOnStartup</ValueName>
4172 <Entry type="4" type_name="REG_DWORD">
4173 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4174 <ValueName>SafeBrowsingForTrustedSourcesEnabled</ValueName>
4177 <Entry type="4" type_name="REG_DWORD">
4178 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4179 <ValueName>SafeBrowsingProtectionLevel</ValueName>
4182 <Entry type="4" type_name="REG_DWORD">
4183 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4184 <ValueName>SearchSuggestEnabled</ValueName>
4187 <Entry type="4" type_name="REG_DWORD">
4188 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4189 <ValueName>ShowFullUrlsInAddressBar</ValueName>
4192 <Entry type="4" type_name="REG_DWORD">
4193 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4194 <ValueName>ShowHomeButton</ValueName>
4197 <Entry type="4" type_name="REG_DWORD">
4198 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4199 <ValueName>SpellCheckServiceEnabled</ValueName>
4202 <Entry type="4" type_name="REG_DWORD">
4203 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4204 <ValueName>TranslateEnabled</ValueName>
4207 <Entry type="1" type_name="REG_SZ">
4208 <Key>Software\Policies\Google\Chrome\Recommended\RestoreOnStartupURLs</Key>
4209 <ValueName>1</ValueName>
4210 <Value>https://example.com</Value>
4212 <Entry type="1" type_name="REG_SZ">
4213 <Key>Software\Policies\Google\Chrome\Recommended\RestoreOnStartupURLs</Key>
4214 <ValueName>2</ValueName>
4215 <Value>https://www.chromium.org</Value>
4220 chromium_json_expected_managed
= \
4223 "FileSystemWriteAskForUrls": [
4224 "https://www.example.com",
4227 "InsecureContentBlockedForUrls": [
4228 "https://www.example.com",
4231 "DefaultSearchProviderImageURLPostParams": "content={imageThumbnail},url={imageURL},sbisrc={SearchSource}",
4232 "BrowserAddPersonEnabled": true,
4233 "DefaultSearchProviderImageURL": "https://search.my.company/searchbyimage/upload",
4234 "ShowHomeButton": true,
4235 "ClearBrowsingDataOnExitList": [
4238 "cookies_and_other_site_data",
4239 "cached_images_and_files",
4245 "JavaScriptAllowedForUrls": [
4246 "https://www.example.com",
4249 "AmbientAuthenticationInPrivateModesEnabled": 0,
4250 "AllowFileSelectionDialogs": true,
4251 "PrintingAllowedBackgroundGraphicsModes": "enabled",
4252 "DnsOverHttpsTemplates": "https://dns.example.net/dns-query{?dns}",
4253 "ComponentUpdatesEnabled": true,
4254 "RemoteAccessHostAllowRemoteAccessConnections": false,
4255 "WindowOcclusionEnabled": true,
4256 "PrintPreviewUseSystemDefaultPrinter": false,
4257 "AutoLaunchProtocolsFromOrigins": [
4259 "allowed_origins": [
4261 "http://www.example.com:8080"
4263 "protocol": "spotify"
4266 "allowed_origins": [
4267 "https://example.com",
4268 "https://.mail.example.com"
4273 "allowed_origins": [
4276 "protocol": "outlook"
4279 "ManagedConfigurationPerOrigin": [
4281 "origin": "https://www.google.com",
4282 "managed_configuration_hash": "asd891jedasd12ue9h",
4283 "managed_configuration_url": "https://gstatic.google.com/configuration.json"
4286 "origin": "https://www.example.com",
4287 "managed_configuration_hash": "djio12easd89u12aws",
4288 "managed_configuration_url": "https://gstatic.google.com/configuration2.json"
4291 "SyncTypesListDisabled": [
4294 "SecurityKeyPermitAttestation": [
4295 "https://example.com"
4297 "DefaultSearchProviderSearchURL": "https://search.my.company/search?q={searchTerms}",
4298 "MetricsReportingEnabled": true,
4299 "MaxInvalidationFetchDelay": 10000,
4300 "AudioProcessHighPriorityEnabled": true,
4301 "ExtensionInstallForcelist": [
4302 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa;https://clients2.google.com/service/update2/crx",
4303 "abcdefghijklmnopabcdefghijklmnop"
4305 "ExternalProtocolDialogShowAlwaysOpenCheckbox": true,
4306 "CookiesBlockedForUrls": [
4307 "https://www.example.com",
4310 "BrowserSwitcherExternalSitelistUrl": "http://example.com/sitelist.xml",
4311 "AudioCaptureAllowedUrls": [
4312 "https://www.example.com/",
4313 "https://[*.]example.edu/"
4315 "NTPCustomBackgroundEnabled": true,
4316 "BlockExternalExtensions": true,
4317 "BrowserSwitcherChromeParameters": [
4320 "SafeSitesFilterBehavior": 0,
4321 "EnableOnlineRevocationChecks": false,
4322 "ImagesBlockedForUrls": [
4323 "https://www.example.com",
4326 "InsecureFormsWarningsEnabled": true,
4327 "RelaunchNotificationPeriod": 604800000,
4328 "TotalMemoryLimitMb": 2048,
4329 "CloudManagementEnrollmentMandatory": true,
4330 "ClickToCallEnabled": true,
4331 "AppCacheForceEnabled": false,
4332 "UrlKeyedAnonymizedDataCollectionEnabled": true,
4333 "FullscreenAllowed": true,
4334 "AuthSchemes": "basic,digest,ntlm,negotiate",
4335 "PasswordLeakDetectionEnabled": true,
4336 "AuthServerAllowlist": "*.example.com,example.com",
4337 "AllowSyncXHRInPageDismissal": false,
4338 "PasswordProtectionChangePasswordURL": "https://mydomain.com/change_password.html",
4339 "MaxConnectionsPerProxy": 32,
4340 "RemoteAccessHostMaximumSessionDurationMinutes": 1200,
4341 "RemoteAccessHostAllowFileTransfer": false,
4342 "PrintRasterizationMode": 1,
4343 "CertificateTransparencyEnforcementDisabledForLegacyCas": [
4344 "sha256/AAAAAAAAAAAAAAAAAAAAAA==",
4345 "sha256//////////////////////w=="
4347 "DefaultWebBluetoothGuardSetting": 2,
4348 "AutoplayAllowed": true,
4349 "BrowserSwitcherUrlList": [
4351 "!open-in-chrome.ie.com",
4352 "foobar.com/ie-only/"
4354 "CertificateTransparencyEnforcementDisabledForUrls": [
4358 "SpellcheckLanguageBlocklist": [
4362 "PrintHeaderFooter": false,
4363 "ShowAppsShortcutInBookmarkBar": false,
4364 "SerialAskForUrls": [
4365 "https://www.example.com",
4368 "ImagesAllowedForUrls": [
4369 "https://www.example.com",
4372 "ProfilePickerOnStartupAvailability": 0,
4373 "CommandLineFlagSecurityWarningsEnabled": true,
4374 "QuicAllowed": true,
4375 "IntensiveWakeUpThrottlingEnabled": true,
4376 "WPADQuickCheckEnabled": true,
4377 "SensorsAllowedForUrls": [
4378 "https://www.example.com",
4381 "NTPCardsVisible": true,
4382 "DefaultSearchProviderAlternateURLs": [
4383 "https://search.my.company/suggest#q={searchTerms}",
4384 "https://search.my.company/suggest/search#q={searchTerms}"
4386 "DisableSafeBrowsingProceedAnyway": true,
4387 "DefaultFileSystemWriteGuardSetting": 2,
4388 "DefaultSearchProviderSuggestURL": "https://search.my.company/suggest?q={searchTerms}",
4389 "SSLErrorOverrideAllowed": true,
4390 "CloudPrintProxyEnabled": true,
4391 "BrowserSwitcherUrlGreylist": [
4393 "!open-in-chrome.ie.com",
4394 "foobar.com/ie-only/"
4396 "BrowserNetworkTimeQueriesEnabled": true,
4397 "WebUsbAllowDevicesForUrls": [
4400 "https://google.com"
4410 "TaskManagerEndProcessEnabled": true,
4411 "SuppressDifferentOriginSubframeDialogs": true,
4412 "UserDataDir": "${users}/${user_name}/Chrome",
4413 "CookiesAllowedForUrls": [
4414 "https://www.example.com",
4417 "SuppressUnsupportedOSWarning": true,
4418 "RequireOnlineRevocationChecksForLocalAnchors": false,
4419 "BrowsingDataLifetime": [
4424 "time_to_live_in_hours": 24
4431 "time_to_live_in_hours": 12
4434 "FileHandlingBlockedForUrls": [
4435 "https://www.example.com",
4438 "AudioCaptureAllowed": false,
4439 "PromotionalTabsEnabled": false,
4440 "ShowFullUrlsInAddressBar": false,
4441 "EnableMediaRouter": true,
4442 "BrowserSwitcherDelay": 10000,
4443 "AllowDinosaurEasterEgg": false,
4444 "ImportSearchEngine": true,
4445 "PrintingBackgroundGraphicsDefault": "enabled",
4446 "TripleDESEnabled": false,
4447 "AutoplayAllowlist": [
4448 "https://www.example.com",
4451 "RemoteAccessHostUdpPortRange": "12400-12409",
4452 "DefaultSearchProviderIconURL": "https://search.my.company/favicon.ico",
4453 "BrowserSwitcherChromePath": "${chrome}",
4454 "InsecureContentAllowedForUrls": [
4455 "https://www.example.com",
4458 "DefaultSearchProviderSearchURLPostParams": "q={searchTerms},ie=utf-8,oe=utf-8",
4459 "ForceGoogleSafeSearch": false,
4460 "UserFeedbackAllowed": true,
4461 "ForceYouTubeRestrict": 0,
4462 "ApplicationLocaleValue": "en",
4463 "RoamingProfileSupportEnabled": true,
4464 "AlternativeBrowserPath": "${ie}",
4465 "AlternativeBrowserParameters": [
4470 "%HOME%\\\\browser_profile"
4472 "AdvancedProtectionAllowed": true,
4473 "EditBookmarksEnabled": false,
4474 "DefaultPrinterSelection": "{ \\"kind\\": \\"cloud\\", \\"idPattern\\": \\".*public\\", \\"namePattern\\": \\".*Color\\" }",
4475 "SSLVersionMin": "tls1",
4476 "SharedArrayBufferUnrestrictedAccessAllowed": true,
4477 "DefaultSerialGuardSetting": 2,
4478 "DefaultPopupsSetting": 1,
4479 "IntranetRedirectBehavior": 1,
4480 "RendererCodeIntegrityEnabled": false,
4481 "BrowserGuestModeEnforced": true,
4482 "HSTSPolicyBypassList": [
4485 "DefaultWebUsbGuardSetting": 2,
4486 "CECPQ2Enabled": true,
4487 "RemoteAccessHostDomainList": [
4488 "my-awesome-domain.com",
4489 "my-auxiliary-domain.com"
4493 "https://ssl.server.com",
4494 "hosting.com/bad_path",
4495 "https://server:8080/path",
4496 ".exact.hostname.com",
4501 "IsolateOrigins": "https://example.com/,https://othersite.org/",
4502 "ExtensionAllowedTypes": [
4505 "NativeMessagingBlocklist": [
4506 "com.native.messaging.host.name1",
4507 "com.native.messaging.host.name2"
4509 "ExtensionSettings": {
4510 "abcdefghijklmnopabcdefghijklmnop": {
4511 "blocked_permissions": [
4514 "minimum_version_required": "1.0.1",
4515 "toolbar_pin": "force_pinned",
4516 "installation_mode": "allowed"
4518 "bcdefghijklmnopabcdefghijklmnopa": {
4519 "runtime_blocked_hosts": [
4522 "allowed_permissions": [
4525 "update_url": "https://example.com/update_url",
4526 "runtime_allowed_hosts": [
4527 "*://good.example.com"
4529 "installation_mode": "force_installed"
4531 "update_url:https://www.example.com/update.xml": {
4532 "allowed_permissions": [
4535 "blocked_permissions": [
4538 "installation_mode": "allowed"
4540 "cdefghijklmnopabcdefghijklmnopab": {
4541 "blocked_install_message": "Custom error message.",
4542 "installation_mode": "blocked"
4545 "blocked_permissions": [
4549 "installation_mode": "blocked",
4550 "runtime_blocked_hosts": [
4553 "blocked_install_message": "Custom error message.",
4557 "runtime_allowed_hosts": [
4558 "*://good.example.com"
4560 "install_sources": [
4561 "https://company-intranet/chromeapps"
4564 "defghijklmnopabcdefghijklmnopabc,efghijklmnopabcdefghijklmnopabcd": {
4565 "blocked_install_message": "Custom error message.",
4566 "installation_mode": "blocked"
4568 "fghijklmnopabcdefghijklmnopabcde": {
4569 "blocked_install_message": "Custom removal message.",
4570 "installation_mode": "removed"
4572 "ghijklmnopabcdefghijklmnopabcdef": {
4573 "update_url": "https://example.com/update_url",
4574 "override_update_url": true,
4575 "installation_mode": "force_installed"
4578 "FileSystemReadAskForUrls": [
4579 "https://www.example.com",
4582 "SpellCheckServiceEnabled": false,
4583 "ExtensionInstallSources": [
4584 "https://corp.mycompany.com/*"
4586 "PrinterTypeDenyList": [
4590 "SharedClipboardEnabled": true,
4591 "BlockThirdPartyCookies": false,
4592 "MediaRouterCastAllowAllIPs": false,
4593 "DnsOverHttpsMode": "off",
4594 "SyncDisabled": true,
4595 "LookalikeWarningAllowlistDomains": [
4599 "UserDataSnapshotRetentionLimit": 3,
4600 "SafeBrowsingProtectionLevel": 2,
4601 "ScrollToTextFragmentEnabled": false,
4602 "ImportBookmarks": true,
4603 "DefaultBrowserSettingEnabled": true,
4604 "DefaultSearchProviderEnabled": true,
4605 "AdditionalDnsQueryTypesEnabled": true,
4606 "PolicyRefreshRate": 3600000,
4607 "PrintingPaperSizeDefault": {
4614 "RestoreOnStartup": 4,
4615 "PasswordProtectionWarningTrigger": 1,
4616 "ChromeCleanupEnabled": true,
4617 "AbusiveExperienceInterventionEnforce": true,
4618 "BasicAuthOverHttpEnabled": false,
4619 "EnableAuthNegotiatePort": false,
4620 "DefaultGeolocationSetting": 1,
4621 "PolicyDictionaryMultipleSourceMergeList": [
4624 "AllowedDomainsForApps": "managedchrome.com,example.com",
4625 "DisableAuthNegotiateCnameLookup": false,
4626 "IncognitoModeAvailability": 1,
4627 "ChromeVariations": 1,
4628 "DefaultSearchProviderNewTabURL": "https://search.my.company/newtab",
4629 "SavingBrowserHistoryDisabled": true,
4630 "SpellcheckEnabled": false,
4631 "FileSystemWriteBlockedForUrls": [
4632 "https://www.example.com",
4635 "BuiltInDnsClientEnabled": true,
4636 "SSLErrorOverrideAllowedForOrigins": [
4637 "https://www.example.com",
4640 "WebRtcIPHandling": "default",
4641 "DefaultNotificationsSetting": 2,
4642 "PopupsAllowedForUrls": [
4643 "https://www.example.com",
4646 "TranslateEnabled": true,
4647 "DefaultSearchProviderEncodings": [
4653 "DownloadRestrictions": 2,
4654 "PromptForDownloadLocation": false,
4655 "DisablePrintPreview": false,
4656 "NetworkPredictionOptions": 1,
4657 "FileSystemReadBlockedForUrls": [
4658 "https://www.example.com",
4661 "AutoOpenFileTypes": [
4665 "DownloadDirectory": "/home/${user_name}/Downloads",
4666 "ImportHomepage": true,
4667 "GloballyScopeHTTPAuthCacheEnabled": false,
4668 "CloudManagementEnrollmentToken": "37185d02-e055-11e7-80c1-9a214cf093ae",
4669 "ThirdPartyBlockingEnabled": false,
4670 "AdsSettingForIntrusiveAdsSites": 1,
4671 "FetchKeepaliveDurationSecondsOnShutdown": 1,
4672 "BookmarkBarEnabled": true,
4673 "DisableScreenshots": true,
4674 "AccessibilityImageLabelsEnabled": false,
4675 "RemoteAccessHostAllowUiAccessForRemoteAssistance": true,
4676 "PopupsBlockedForUrls": [
4677 "https://www.example.com",
4680 "DefaultFileSystemReadGuardSetting": 2,
4682 "WebRtcAllowLegacyTLSProtocols": false,
4683 "PasswordManagerEnabled": true,
4684 "SafeBrowsingExtendedReportingEnabled": true,
4685 "CloudPolicyOverridesPlatformPolicy": false,
4686 "InsecurePrivateNetworkRequestsAllowedForUrls": [
4687 "http://www.example.com:8080",
4690 "RelaunchNotification": 1,
4691 "AlwaysOpenPdfExternally": true,
4692 "DefaultFileHandlingGuardSetting": 2,
4693 "ForceEphemeralProfiles": true,
4694 "PasswordProtectionLoginURLs": [
4695 "https://mydomain.com/login.html",
4696 "https://login.mydomain.com"
4698 "BrowserSwitcherExternalGreylistUrl": "http://example.com/greylist.xml",
4699 "BrowserGuestModeEnabled": true,
4700 "MediaRecommendationsEnabled": true,
4701 "WebRtcLocalIpsAllowedUrls": [
4702 "https://www.example.com",
4705 "DeveloperToolsAvailability": 2,
4706 "DNSInterceptionChecksEnabled": true,
4707 "DefaultSearchProviderContextMenuAccessAllowed": true,
4708 "RemoteAccessHostRequireCurtain": false,
4709 "PaymentMethodQueryEnabled": true,
4710 "HomepageLocation": "https://www.chromium.org",
4711 "WebUsbAskForUrls": [
4712 "https://www.example.com",
4715 "RemoteAccessHostAllowClientPairing": false,
4717 "ProxyMode": "direct",
4718 "ProxyPacUrl": "https://internal.site/example.pac",
4719 "ProxyServer": "123.123.123.123:8080",
4720 "ProxyServerMode": 2,
4721 "ProxyBypassList": "https://www.example1.com,https://www.example2.com,https://internalsite/"
4723 "AutofillCreditCardEnabled": false,
4724 "FileHandlingAllowedForUrls": [
4725 "https://www.example.com",
4728 "ChromeCleanupReportingEnabled": true,
4729 "AlternateErrorPagesEnabled": true,
4730 "WebRtcEventLogCollectionAllowed": true,
4731 "AutoSelectCertificateForUrls": [
4732 "{\\"pattern\\":\\"https://www.example.com\\",\\"filter\\":{\\"ISSUER\\":{\\"CN\\":\\"certificate issuer name\\", \\"L\\": \\"certificate issuer location\\", \\"O\\": \\"certificate issuer org\\", \\"OU\\": \\"certificate issuer org unit\\"}, \\"SUBJECT\\":{\\"CN\\":\\"certificate subject name\\", \\"L\\": \\"certificate subject location\\", \\"O\\": \\"certificate subject org\\", \\"OU\\": \\"certificate subject org unit\\"}}}"
4734 "PolicyListMultipleSourceMergeList": [
4735 "ExtensionInstallAllowlist",
4736 "ExtensionInstallBlocklist"
4738 "CertificateTransparencyEnforcementDisabledForCas": [
4739 "sha256/AAAAAAAAAAAAAAAAAAAAAA==",
4740 "sha256//////////////////////w=="
4742 "CookiesSessionOnlyForUrls": [
4743 "https://www.example.com",
4746 "SitePerProcess": true,
4747 "RemoteAccessHostFirewallTraversal": false,
4748 "DefaultSearchProviderSuggestURLPostParams": "q={searchTerms},ie=utf-8,oe=utf-8",
4749 "BackgroundModeEnabled": true,
4750 "DefaultJavaScriptSetting": 1,
4751 "ForcedLanguages": [
4754 "ManagedBookmarks": [
4756 "toplevel_name": "My managed bookmarks folder"
4759 "url": "google.com",
4763 "url": "youtube.com",
4769 "url": "chromium.org",
4773 "url": "dev.chromium.org",
4774 "name": "Chromium Developers"
4777 "name": "Chrome links"
4780 "Disable3DAPIs": false,
4781 "CloudPrintSubmitEnabled": true,
4782 "DefaultCookiesSetting": 1,
4783 "ExtensionInstallBlocklist": [
4789 "https://ssl.server.com",
4790 "hosting.com/good_path",
4791 "https://server:8080/path",
4792 ".exact.hostname.com"
4794 "ExplicitlyAllowedNetworkPorts": [
4797 "HomepageIsNewTabPage": true,
4798 "SensorsBlockedForUrls": [
4799 "https://www.example.com",
4802 "BrowserLabsEnabled": false,
4803 "NotificationsAllowedForUrls": [
4804 "https://www.example.com",
4807 "NativeMessagingUserLevelHosts": false,
4808 "AuthNegotiateDelegateAllowlist": "foobar.example.com",
4809 "CloudUserPolicyMerge": true,
4810 "OverrideSecurityRestrictionsOnInsecureOrigin": [
4811 "http://testserver.example.com/",
4814 "HideWebStoreIcon": true,
4815 "SafeBrowsingForTrustedSourcesEnabled": false,
4816 "NewTabPageLocation": "https://www.chromium.org",
4817 "DiskCacheSize": 104857600,
4818 "BrowserSwitcherUseIeSitelist": true,
4819 "WebRtcUdpPortRange": "10000-11999",
4820 "EnterpriseHardwarePlatformAPIEnabled": true,
4821 "AutoOpenAllowedForURLs": [
4823 "https://ssl.server.com",
4824 "hosting.com/good_path",
4825 "https://server:8080/path",
4826 ".exact.hostname.com"
4828 "NativeMessagingAllowlist": [
4829 "com.native.messaging.host.name1",
4830 "com.native.messaging.host.name2"
4832 "DefaultSearchProviderName": "My Intranet Search",
4833 "JavaScriptBlockedForUrls": [
4834 "https://www.example.com",
4837 "EnableExperimentalPolicies": [
4838 "ExtensionInstallAllowlist",
4839 "ExtensionInstallBlocklist"
4841 "SafeBrowsingAllowlistDomains": [
4845 "AutofillAddressEnabled": false,
4846 "AllowCrossOriginAuthPrompt": false,
4847 "SpellcheckLanguage": [
4851 "VideoCaptureAllowed": false,
4852 "ScreenCaptureAllowed": false,
4853 "VideoCaptureAllowedUrls": [
4854 "https://www.example.com/",
4855 "https://[*.]example.edu/"
4857 "ImportHistory": true,
4858 "ShowCastIconInToolbar": false,
4859 "RestoreOnStartupURLs": [
4860 "https://example.com",
4861 "https://www.chromium.org"
4863 "LegacySameSiteCookieBehaviorEnabledForDomainList": [
4867 "PrintingEnabled": true,
4868 "ImportSavedPasswords": true,
4869 "EnableDeprecatedPrivetPrinting": true,
4870 "InsecurePrivateNetworkRequestsAllowed": false,
4872 "PolicyAtomicGroupsEnabled": true,
4873 "HardwareAccelerationModeEnabled": true,
4874 "AllowDeletingBrowserHistory": true,
4875 "DefaultSearchProviderKeyword": "mis",
4876 "ExtensionInstallAllowlist": [
4880 "WebAppInstallForceList": [
4882 "url": "https://www.google.com/maps",
4883 "create_desktop_shortcut": true,
4884 "default_launch_container": "window"
4887 "url": "https://docs.google.com",
4888 "default_launch_container": "tab"
4891 "url": "https://docs.google.com/editor",
4892 "fallback_app_name": "Editor",
4893 "default_launch_container": "window"
4896 "DiskCacheDir": "${user_home}/Chrome_cache",
4897 "SignedHTTPExchangeEnabled": true,
4898 "SearchSuggestEnabled": true,
4899 "BrowserThemeColor": "#FFFFFF",
4900 "RestrictSigninToPattern": ".*@example\\\\.com",
4901 "DefaultInsecureContentSetting": 2,
4902 "DefaultSensorsSetting": 2,
4903 "AudioSandboxEnabled": true,
4904 "RemoteAccessHostAllowRelayedConnection": false,
4905 "RoamingProfileLocation": "${roaming_app_data}\\\\chrome-profile",
4906 "UserAgentClientHintsEnabled": true,
4907 "TargetBlankImpliesNoOpener": false,
4908 "BrowserSwitcherKeepLastChromeTab": false,
4909 "RemoteAccessHostClientDomainList": [
4910 "my-awesome-domain.com",
4911 "my-auxiliary-domain.com"
4913 "NotificationsBlockedForUrls": [
4914 "https://www.example.com",
4917 "SerialBlockedForUrls": [
4918 "https://www.example.com",
4921 "DefaultImagesSetting": 1,
4922 "SigninInterceptionEnabled": true,
4923 "WebUsbBlockedForUrls": [
4924 "https://www.example.com",
4927 "ImportAutofillFormData": true,
4928 "BrowserSwitcherEnabled": true
4932 chromium_json_expected_recommended
= \
4935 "BackgroundModeEnabled": true,
4936 "RestoreOnStartup": 4,
4937 "RegisteredProtocolHandlers": [
4940 "url": "https://mail.google.com/mail/?extsrc=mailto&url=%s",
4941 "protocol": "mailto"
4944 "ShowHomeButton": true,
4945 "PrintHeaderFooter": false,
4946 "SafeBrowsingForTrustedSourcesEnabled": false,
4947 "ShowFullUrlsInAddressBar": false,
4948 "MetricsReportingEnabled": true,
4949 "SpellCheckServiceEnabled": false,
4950 "ImportSearchEngine": true,
4951 "DownloadRestrictions": 2,
4952 "NetworkPredictionOptions": 1,
4953 "DownloadDirectory": "/home/${user_name}/Downloads",
4954 "TranslateEnabled": true,
4955 "AutofillAddressEnabled": false,
4956 "BookmarkBarEnabled": true,
4957 "PrintPreviewUseSystemDefaultPrinter": false,
4958 "ApplicationLocaleValue": "en",
4959 "ImportHistory": true,
4960 "RestoreOnStartupURLs": [
4961 "https://example.com",
4962 "https://www.chromium.org"
4964 "PasswordManagerEnabled": true,
4965 "ImportSavedPasswords": true,
4966 "DefaultDownloadDirectory": "/home/${user_name}/Downloads",
4967 "PasswordLeakDetectionEnabled": true,
4968 "SearchSuggestEnabled": true,
4969 "AlternateErrorPagesEnabled": true,
4970 "HomepageIsNewTabPage": true,
4971 "ImportAutofillFormData": true,
4972 "BlockThirdPartyCookies": false,
4973 "AutofillCreditCardEnabled": false,
4974 "HomepageLocation": "https://www.chromium.org",
4975 "SafeBrowsingProtectionLevel": 2,
4976 "ImportBookmarks": true
4980 firewalld_reg_pol
= \
4982 <?xml version="1.0" encoding="utf-8"?>
4983 <PolFile num_entries="6" signature="PReg" version="1">
4984 <Entry type="4" type_name="REG_DWORD">
4985 <Key>Software\Policies\Samba\Unix Settings\Firewalld</Key>
4986 <ValueName>Zones</ValueName>
4989 <Entry type="4" type_name="REG_DWORD">
4990 <Key>Software\Policies\Samba\Unix Settings\Firewalld</Key>
4991 <ValueName>Rules</ValueName>
4994 <Entry type="1" type_name="REG_SZ">
4995 <Key>Software\Policies\Samba\Unix Settings\Firewalld\Rules</Key>
4996 <ValueName>Rules</ValueName>
4997 <Value>{"work": [{"rule": {"family": "ipv4"}, "source address": "172.25.1.7", "service name": "ftp", "reject": {}}]}</Value>
4999 <Entry type="1" type_name="REG_SZ">
5000 <Key>Software\Policies\Samba\Unix Settings\Firewalld\Zones</Key>
5001 <ValueName>**delvals.</ValueName>
5004 <Entry type="1" type_name="REG_SZ">
5005 <Key>Software\Policies\Samba\Unix Settings\Firewalld\Zones</Key>
5006 <ValueName>work</ValueName>
5009 <Entry type="1" type_name="REG_SZ">
5010 <Key>Software\Policies\Samba\Unix Settings\Firewalld\Zones</Key>
5011 <ValueName>home</ValueName>
5017 drive_maps_xml
= b
"""<?xml version="1.0" encoding="utf-8"?>
5018 <Drives clsid="{8FDDCC1A-0C3C-43cd-A6B4-71A6DF20DA8C}"><Drive clsid="{935D1B74-9CB8-4e3c-9914-7DD559B7A417}" name="A:" status="A:" image="2" changed="2023-03-08 19:23:02" uid="{1641E121-DEF3-418D-A428-2D8DF4749504}" bypassErrors="1"><Properties action="U" thisDrive="NOCHANGE" allDrives="NOCHANGE" userName="" path="\\\\example.com\\test" label="TEST" persistent="1" useLetter="0" letter="A"/></Drive>
5022 empty_multi_sz_reg_pol
= \
5024 <?xml version="1.0" encoding="utf-8"?>
5025 <PolFile num_entries="1" signature="PReg" version="1">
5026 <Entry type="7" type_name="REG_MULTI_SZ">
5028 <ValueName>ValueName</ValueName>
5034 multiple_values_multi_sz_reg_pol
= \
5036 <?xml version="1.0" encoding="utf-8"?>
5037 <PolFile num_entries="1" signature="PReg" version="1">
5038 <Entry type="7" type_name="REG_MULTI_SZ">
5040 <ValueName>ValueName</ValueName>
5041 <Value>Value1</Value>
5042 <Value>Value2</Value>
5043 <Value>Value3</Value>
5048 def days2rel_nttime(val
):
5053 return -(val
* seconds
* minutes
* hours
* sam_add
)
5055 def gpupdate(lp
, arg
):
5056 gpupdate
= lp
.get('gpo update command')
5057 gpupdate
.append(arg
)
5059 p
= Popen(gpupdate
, stdout
=PIPE
, stderr
=PIPE
)
5060 stdoutdata
, stderrdata
= p
.communicate()
5064 def gpupdate_force(lp
):
5065 return gpupdate(lp
, '--force')
5067 def gpupdate_unapply(lp
):
5068 return gpupdate(lp
, '--unapply')
5071 return gpupdate(lp
, '--rsop')
5073 def stage_file(path
, data
):
5074 dirname
= os
.path
.dirname(path
)
5075 if not os
.path
.exists(dirname
):
5077 os
.makedirs(dirname
)
5078 except OSError as e
:
5079 if not (e
.errno
== errno
.EEXIST
and os
.path
.isdir(dirname
)):
5081 if os
.path
.exists(path
):
5082 os
.rename(path
, '%s.bak' % path
)
5083 with
NamedTemporaryFile(delete
=False, dir=os
.path
.dirname(path
)) as f
:
5084 f
.write(get_bytes(data
))
5085 os
.rename(f
.name
, path
)
5086 os
.chmod(path
, 0o644)
5089 def unstage_file(path
):
5090 backup
= '%s.bak' % path
5091 if os
.path
.exists(backup
):
5092 os
.rename(backup
, path
)
5093 elif os
.path
.exists(path
):
5096 class GPOTests(tests
.TestCase
):
5099 self
.server
= os
.environ
["SERVER"]
5100 self
.dc_account
= self
.server
.upper() + '$'
5101 self
.lp
= s3param
.get_context()
5102 self
.lp
.load_default()
5103 self
.creds
= self
.insta_creds(template
=self
.get_credentials())
5105 def test_gpo_list(self
):
5106 global poldir
, dspath
5107 gpos
= get_gpo_list(self
.server
, self
.creds
, self
.lp
,
5108 self
.creds
.get_username())
5109 guid
= '{31B2F340-016D-11D2-945F-00C04FB984F9}'
5110 names
= ['Local Policy', guid
]
5111 file_sys_paths
= [None, '%s\\%s' % (poldir
, guid
)]
5112 ds_paths
= [None, 'CN=%s,%s' % (guid
, dspath
)]
5113 for i
in range(0, len(gpos
)):
5114 self
.assertEqual(gpos
[i
].name
, names
[i
],
5115 'The gpo name did not match expected name %s' % gpos
[i
].name
)
5116 self
.assertEqual(gpos
[i
].file_sys_path
, file_sys_paths
[i
],
5117 'file_sys_path did not match expected %s' % gpos
[i
].file_sys_path
)
5118 self
.assertEqual(gpos
[i
].ds_path
, ds_paths
[i
],
5119 'ds_path did not match expected %s' % gpos
[i
].ds_path
)
5121 def test_gpt_version(self
):
5123 local_path
= self
.lp
.cache_path('gpo_cache')
5124 guid
= '{31B2F340-016D-11D2-945F-00C04FB984F9}'
5125 gpo_path
= os
.path
.join(local_path
, policies
, guid
)
5126 old_vers
= gpo
.gpo_get_sysvol_gpt_version(gpo_path
)[1]
5128 with
open(os
.path
.join(gpo_path
, 'GPT.INI'), 'w') as gpt
:
5129 gpt
.write(gpt_data
% 42)
5130 self
.assertEqual(gpo
.gpo_get_sysvol_gpt_version(gpo_path
)[1], 42,
5131 'gpo_get_sysvol_gpt_version() did not return the expected version')
5133 with
open(os
.path
.join(gpo_path
, 'GPT.INI'), 'w') as gpt
:
5134 gpt
.write(gpt_data
% old_vers
)
5135 self
.assertEqual(gpo
.gpo_get_sysvol_gpt_version(gpo_path
)[1], old_vers
,
5136 'gpo_get_sysvol_gpt_version() did not return the expected version')
5138 def test_check_refresh_gpo_list(self
):
5139 cache
= self
.lp
.cache_path('gpo_cache')
5140 gpos
= get_gpo_list(self
.server
, self
.creds
, self
.lp
,
5141 self
.creds
.get_username())
5142 check_refresh_gpo_list(self
.server
, self
.lp
, self
.creds
, gpos
)
5144 self
.assertTrue(os
.path
.exists(cache
),
5145 'GPO cache %s was not created' % cache
)
5147 guid
= '{31B2F340-016D-11D2-945F-00C04FB984F9}'
5148 gpt_ini
= os
.path
.join(cache
, policies
,
5150 self
.assertTrue(os
.path
.exists(gpt_ini
),
5151 'GPT.INI was not cached for %s' % guid
)
5153 def test_check_refresh_gpo_list_malicious_paths(self
):
5154 # the path cannot contain ..
5155 path
= '/usr/local/samba/var/locks/sysvol/../../../../../../root/'
5156 self
.assertRaises(OSError, check_safe_path
, path
)
5158 self
.assertEqual(check_safe_path('/etc/passwd'), 'etc/passwd')
5159 self
.assertEqual(check_safe_path('\\\\etc/\\passwd'), 'etc/passwd')
5161 # there should be no backslashes used to delineate paths
5162 before
= 'sysvol/' + realm
+ '\\Policies/' \
5163 '{31B2F340-016D-11D2-945F-00C04FB984F9}\\GPT.INI'
5164 after
= realm
+ '/Policies/' \
5165 '{31B2F340-016D-11D2-945F-00C04FB984F9}/GPT.INI'
5166 result
= check_safe_path(before
)
5167 self
.assertEqual(result
, after
, 'check_safe_path() didn\'t'
5168 ' correctly convert \\ to /')
5170 def test_check_safe_path_typesafe_name(self
):
5171 path
= '\\\\toady.suse.de\\SysVol\\toady.suse.de\\Policies\\' \
5172 '{31B2F340-016D-11D2-945F-00C04FB984F9}\\GPT.INI'
5173 expected_path
= 'toady.suse.de/Policies/' \
5174 '{31B2F340-016D-11D2-945F-00C04FB984F9}/GPT.INI'
5176 result
= check_safe_path(path
)
5177 self
.assertEqual(result
, expected_path
,
5178 'check_safe_path unable to detect variable case sysvol components')
5180 def test_gpt_ext_register(self
):
5181 this_path
= os
.path
.dirname(os
.path
.realpath(__file__
))
5182 samba_path
= os
.path
.realpath(os
.path
.join(this_path
, '../../../'))
5183 ext_path
= os
.path
.join(samba_path
, 'python/samba/gp/gp_sec_ext.py')
5184 ext_guid
= '{827D319E-6EAC-11D2-A4EA-00C04F79F83A}'
5185 ret
= register_gp_extension(ext_guid
, 'gp_access_ext', ext_path
,
5186 smb_conf
=self
.lp
.configfile
,
5187 machine
=True, user
=False)
5188 self
.assertTrue(ret
, 'Failed to register a gp ext')
5189 gp_exts
= list_gp_extensions(self
.lp
.configfile
)
5190 self
.assertTrue(ext_guid
in gp_exts
.keys(),
5191 'Failed to list gp exts')
5192 self
.assertEqual(gp_exts
[ext_guid
]['DllName'], ext_path
,
5193 'Failed to list gp exts')
5195 unregister_gp_extension(ext_guid
)
5196 gp_exts
= list_gp_extensions(self
.lp
.configfile
)
5197 self
.assertTrue(ext_guid
not in gp_exts
.keys(),
5198 'Failed to unregister gp exts')
5200 self
.assertTrue(check_guid(ext_guid
), 'Failed to parse valid guid')
5201 self
.assertFalse(check_guid('AAAAAABBBBBBBCCC'), 'Parsed invalid guid')
5203 lp
, parser
= parse_gpext_conf(self
.lp
.configfile
)
5204 self
.assertTrue(lp
and parser
, 'parse_gpext_conf() invalid return')
5205 parser
.add_section('test_section')
5206 parser
.set('test_section', 'test_var', ext_guid
)
5207 atomic_write_conf(lp
, parser
)
5209 lp
, parser
= parse_gpext_conf(self
.lp
.configfile
)
5210 self
.assertTrue('test_section' in parser
.sections(),
5211 'test_section not found in gpext.conf')
5212 self
.assertEqual(parser
.get('test_section', 'test_var'), ext_guid
,
5213 'Failed to find test variable in gpext.conf')
5214 parser
.remove_section('test_section')
5215 atomic_write_conf(lp
, parser
)
5217 def test_gp_log_get_applied(self
):
5218 local_path
= self
.lp
.get('path', 'sysvol')
5219 guids
= ['{31B2F340-016D-11D2-945F-00C04FB984F9}',
5220 '{6AC1786C-016F-11D2-945F-00C04FB984F9}']
5221 gpofile
= '%s/' + realm
+ '/Policies/%s/MACHINE/Microsoft/' \
5222 'Windows NT/SecEdit/GptTmpl.inf'
5223 stage
= '[System Access]\nMinimumPasswordAge = 998\n'
5224 cache_dir
= self
.lp
.get('cache directory')
5225 store
= GPOStorage(os
.path
.join(cache_dir
, 'gpo.tdb'))
5227 gpttmpl
= gpofile
% (local_path
, guid
)
5228 ret
= stage_file(gpttmpl
, stage
)
5229 self
.assertTrue(ret
, 'Could not create the target %s' % gpttmpl
)
5231 ret
= gpupdate_force(self
.lp
)
5232 self
.assertEqual(ret
, 0, 'gpupdate force failed')
5234 gp_db
= store
.get_gplog(self
.dc_account
)
5236 applied_guids
= gp_db
.get_applied_guids()
5237 self
.assertEqual(len(applied_guids
), 2, 'The guids were not found')
5238 self
.assertIn(guids
[0], applied_guids
,
5239 '%s not in applied guids' % guids
[0])
5240 self
.assertIn(guids
[1], applied_guids
,
5241 '%s not in applied guids' % guids
[1])
5243 applied_settings
= gp_db
.get_applied_settings(applied_guids
)
5244 for policy
in applied_settings
:
5245 self
.assertIn('System Access', policy
[1],
5246 'System Access policies not set')
5247 self
.assertIn('minPwdAge', policy
[1]['System Access'],
5248 'minPwdAge policy not set')
5249 if policy
[0] == guids
[0]:
5250 self
.assertEqual(int(policy
[1]['System Access']['minPwdAge']),
5252 'minPwdAge policy not set')
5253 elif policy
[0] == guids
[1]:
5254 self
.assertEqual(int(policy
[1]['System Access']['minPwdAge']),
5255 days2rel_nttime(998),
5256 'minPwdAge policy not set')
5258 gpos
= get_gpo_list(self
.server
, self
.creds
, self
.lp
,
5260 del_gpos
= get_deleted_gpos_list(gp_db
, gpos
[:-1])
5261 self
.assertEqual(len(del_gpos
), 1, 'Returned delete gpos is incorrect')
5262 self
.assertEqual(guids
[-1], del_gpos
[0][0],
5263 'GUID for delete gpo is incorrect')
5264 self
.assertIn('System Access', del_gpos
[0][1],
5265 'System Access policies not set for removal')
5266 self
.assertIn('minPwdAge', del_gpos
[0][1]['System Access'],
5267 'minPwdAge policy not set for removal')
5270 gpttmpl
= gpofile
% (local_path
, guid
)
5271 unstage_file(gpttmpl
)
5273 ret
= gpupdate_unapply(self
.lp
)
5274 self
.assertEqual(ret
, 0, 'gpupdate unapply failed')
5276 def test_process_group_policy(self
):
5277 local_path
= self
.lp
.cache_path('gpo_cache')
5278 guids
= ['{31B2F340-016D-11D2-945F-00C04FB984F9}',
5279 '{6AC1786C-016F-11D2-945F-00C04FB984F9}']
5280 gpofile
= '%s/' + policies
+ '/%s/MACHINE/MICROSOFT/' \
5281 'WINDOWS NT/SECEDIT/GPTTMPL.INF'
5282 cache_dir
= self
.lp
.get('cache directory')
5283 store
= GPOStorage(os
.path
.join(cache_dir
, 'gpo.tdb'))
5285 machine_creds
= Credentials()
5286 machine_creds
.guess(self
.lp
)
5287 machine_creds
.set_machine_account()
5289 # Initialize the group policy extension
5290 ext
= gp_krb_ext(self
.lp
, machine_creds
,
5291 machine_creds
.get_username(), store
)
5293 gpos
= get_gpo_list(self
.server
, machine_creds
, self
.lp
,
5294 machine_creds
.get_username())
5296 # Include MaxClockSkew to ensure we don't fail on a key we ignore
5297 stage
= '[Kerberos Policy]\nMaxTicketAge = %d\nMaxClockSkew = 5'
5299 for i
in range(0, 2):
5300 gpttmpl
= gpofile
% (local_path
, guids
[i
])
5301 ret
= stage_file(gpttmpl
, stage
% opts
[i
])
5302 self
.assertTrue(ret
, 'Could not create the target %s' % gpttmpl
)
5305 ext
.process_group_policy([], gpos
)
5307 ret
= store
.get_int('kdc:user_ticket_lifetime')
5308 self
.assertEqual(ret
, opts
[1], 'Higher priority policy was not set')
5311 gp_db
= store
.get_gplog(machine_creds
.get_username())
5312 del_gpos
= get_deleted_gpos_list(gp_db
, [])
5313 ext
.process_group_policy(del_gpos
, [])
5315 ret
= store
.get_int('kdc:user_ticket_lifetime')
5316 self
.assertEqual(ret
, None, 'MaxTicketAge should not have applied')
5318 # Process just the first gpo
5319 ext
.process_group_policy([], gpos
[:-1])
5321 ret
= store
.get_int('kdc:user_ticket_lifetime')
5322 self
.assertEqual(ret
, opts
[0], 'Lower priority policy was not set')
5325 ext
.process_group_policy(del_gpos
, [])
5328 gpttmpl
= gpofile
% (local_path
, guid
)
5329 unstage_file(gpttmpl
)
5331 def test_gp_scripts(self
):
5332 local_path
= self
.lp
.cache_path('gpo_cache')
5333 guid
= '{31B2F340-016D-11D2-945F-00C04FB984F9}'
5334 reg_pol
= os
.path
.join(local_path
, policies
, guid
,
5335 'MACHINE/REGISTRY.POL')
5336 cache_dir
= self
.lp
.get('cache directory')
5337 store
= GPOStorage(os
.path
.join(cache_dir
, 'gpo.tdb'))
5339 machine_creds
= Credentials()
5340 machine_creds
.guess(self
.lp
)
5341 machine_creds
.set_machine_account()
5343 # Initialize the group policy extension
5344 ext
= gp_scripts_ext(self
.lp
, machine_creds
,
5345 machine_creds
.get_username(), store
)
5347 gpos
= get_gpo_list(self
.server
, machine_creds
, self
.lp
,
5348 machine_creds
.get_username())
5350 reg_key
= b
'Software\\Policies\\Samba\\Unix Settings'
5351 sections
= { b
'%s\\Daily Scripts' % reg_key
: '.cron.daily',
5352 b
'%s\\Monthly Scripts' % reg_key
: '.cron.monthly',
5353 b
'%s\\Weekly Scripts' % reg_key
: '.cron.weekly',
5354 b
'%s\\Hourly Scripts' % reg_key
: '.cron.hourly' }
5355 for keyname
in sections
.keys():
5356 # Stage the Registry.pol file with test data
5360 e
.valuename
= b
'Software\\Policies\\Samba\\Unix Settings'
5362 e
.data
= b
'echo hello world'
5363 stage
.num_entries
= 1
5365 ret
= stage_file(reg_pol
, ndr_pack(stage
))
5366 self
.assertTrue(ret
, 'Could not create the target %s' % reg_pol
)
5368 # Process all gpos, with temp output directory
5369 with
TemporaryDirectory(sections
[keyname
]) as dname
:
5370 ext
.process_group_policy([], gpos
, dname
)
5371 scripts
= os
.listdir(dname
)
5372 self
.assertEqual(len(scripts
), 1,
5373 'The %s script was not created' % keyname
.decode())
5374 out
, _
= Popen([os
.path
.join(dname
, scripts
[0])], stdout
=PIPE
).communicate()
5375 self
.assertIn(b
'hello world', out
,
5376 '%s script execution failed' % keyname
.decode())
5378 # Check that a call to gpupdate --rsop also succeeds
5380 self
.assertEqual(ret
, 0, 'gpupdate --rsop failed!')
5383 gp_db
= store
.get_gplog(machine_creds
.get_username())
5384 del_gpos
= get_deleted_gpos_list(gp_db
, [])
5385 ext
.process_group_policy(del_gpos
, [])
5386 self
.assertEqual(len(os
.listdir(dname
)), 0,
5387 'Unapply failed to cleanup scripts')
5389 # Unstage the Registry.pol file
5390 unstage_file(reg_pol
)
5392 def test_gp_sudoers(self
):
5393 local_path
= self
.lp
.cache_path('gpo_cache')
5394 guid
= '{31B2F340-016D-11D2-945F-00C04FB984F9}'
5395 reg_pol
= os
.path
.join(local_path
, policies
, guid
,
5396 'MACHINE/REGISTRY.POL')
5397 cache_dir
= self
.lp
.get('cache directory')
5398 store
= GPOStorage(os
.path
.join(cache_dir
, 'gpo.tdb'))
5400 machine_creds
= Credentials()
5401 machine_creds
.guess(self
.lp
)
5402 machine_creds
.set_machine_account()
5404 # Initialize the group policy extension
5405 ext
= gp_sudoers_ext(self
.lp
, machine_creds
,
5406 machine_creds
.get_username(), store
)
5408 gpos
= get_gpo_list(self
.server
, machine_creds
, self
.lp
,
5409 machine_creds
.get_username())
5411 # Stage the Registry.pol file with test data
5414 e
.keyname
= b
'Software\\Policies\\Samba\\Unix Settings\\Sudo Rights'
5415 e
.valuename
= b
'Software\\Policies\\Samba\\Unix Settings'
5417 e
.data
= b
'fakeu ALL=(ALL) NOPASSWD: ALL'
5418 stage
.num_entries
= 1
5420 ret
= stage_file(reg_pol
, ndr_pack(stage
))
5421 self
.assertTrue(ret
, 'Could not create the target %s' % reg_pol
)
5423 # Process all gpos, with temp output directory
5424 with
TemporaryDirectory() as dname
:
5425 ext
.process_group_policy([], gpos
, dname
)
5426 sudoers
= os
.listdir(dname
)
5427 self
.assertEqual(len(sudoers
), 1, 'The sudoer file was not created')
5428 self
.assertIn(e
.data
,
5429 open(os
.path
.join(dname
, sudoers
[0]), 'r').read(),
5430 'The sudoers entry was not applied')
5432 # Check that a call to gpupdate --rsop also succeeds
5434 self
.assertEqual(ret
, 0, 'gpupdate --rsop failed!')
5437 gp_db
= store
.get_gplog(machine_creds
.get_username())
5438 del_gpos
= get_deleted_gpos_list(gp_db
, [])
5439 ext
.process_group_policy(del_gpos
, [])
5440 self
.assertEqual(len(os
.listdir(dname
)), 0,
5441 'Unapply failed to cleanup scripts')
5443 # Unstage the Registry.pol file
5444 unstage_file(reg_pol
)
5446 def test_vgp_sudoers(self
):
5447 local_path
= self
.lp
.cache_path('gpo_cache')
5448 guid
= '{31B2F340-016D-11D2-945F-00C04FB984F9}'
5449 manifest
= os
.path
.join(local_path
, policies
, guid
, 'MACHINE',
5450 'VGP/VTLA/SUDO/SUDOERSCONFIGURATION/MANIFEST.XML')
5451 cache_dir
= self
.lp
.get('cache directory')
5452 store
= GPOStorage(os
.path
.join(cache_dir
, 'gpo.tdb'))
5454 machine_creds
= Credentials()
5455 machine_creds
.guess(self
.lp
)
5456 machine_creds
.set_machine_account()
5458 # Initialize the group policy extension
5459 ext
= vgp_sudoers_ext(self
.lp
, machine_creds
,
5460 machine_creds
.get_username(), store
)
5462 gpos
= get_gpo_list(self
.server
, machine_creds
, self
.lp
,
5463 machine_creds
.get_username())
5465 # Stage the manifest.xml file with test data
5466 stage
= etree
.Element('vgppolicy')
5467 policysetting
= etree
.Element('policysetting')
5468 stage
.append(policysetting
)
5469 version
= etree
.Element('version')
5471 policysetting
.append(version
)
5472 data
= etree
.Element('data')
5473 sudoers_entry
= etree
.Element('sudoers_entry')
5474 command
= etree
.Element('command')
5475 command
.text
= 'ALL'
5476 sudoers_entry
.append(command
)
5477 user
= etree
.Element('user')
5479 sudoers_entry
.append(user
)
5480 principal_list
= etree
.Element('listelement')
5481 principal
= etree
.Element('principal')
5482 principal
.text
= 'fakeu'
5483 principal
.attrib
['type'] = 'user'
5484 group
= etree
.Element('principal')
5485 group
.text
= 'fakeg'
5486 group
.attrib
['type'] = 'group'
5487 principal_list
.append(principal
)
5488 principal_list
.append(group
)
5489 sudoers_entry
.append(principal_list
)
5490 data
.append(sudoers_entry
)
5491 # Ensure an empty principal doesn't cause a crash
5492 sudoers_entry
= etree
.SubElement(data
, 'sudoers_entry')
5493 command
= etree
.SubElement(sudoers_entry
, 'command')
5494 command
.text
= 'ALL'
5495 user
= etree
.SubElement(sudoers_entry
, 'user')
5497 # Ensure having dispersed principals still works
5498 sudoers_entry
= etree
.SubElement(data
, 'sudoers_entry')
5499 command
= etree
.SubElement(sudoers_entry
, 'command')
5500 command
.text
= 'ALL'
5501 user
= etree
.SubElement(sudoers_entry
, 'user')
5503 listelement
= etree
.SubElement(sudoers_entry
, 'listelement')
5504 principal
= etree
.SubElement(listelement
, 'principal')
5505 principal
.text
= 'fakeu2'
5506 principal
.attrib
['type'] = 'user'
5507 listelement
= etree
.SubElement(sudoers_entry
, 'listelement')
5508 group
= etree
.SubElement(listelement
, 'principal')
5509 group
.text
= 'fakeg2'
5510 group
.attrib
['type'] = 'group'
5511 policysetting
.append(data
)
5512 ret
= stage_file(manifest
, etree
.tostring(stage
))
5513 self
.assertTrue(ret
, 'Could not create the target %s' % manifest
)
5515 # Process all gpos, with temp output directory
5516 data
= 'fakeu,fakeg% ALL=(ALL) NOPASSWD: ALL'
5517 data2
= 'fakeu2,fakeg2% ALL=(ALL) NOPASSWD: ALL'
5518 data_no_principal
= 'ALL ALL=(ALL) NOPASSWD: ALL'
5519 with
TemporaryDirectory() as dname
:
5520 ext
.process_group_policy([], gpos
, dname
)
5521 sudoers
= os
.listdir(dname
)
5522 self
.assertEqual(len(sudoers
), 3, 'The sudoer file was not created')
5523 output
= open(os
.path
.join(dname
, sudoers
[0]), 'r').read() + \
5524 open(os
.path
.join(dname
, sudoers
[1]), 'r').read() + \
5525 open(os
.path
.join(dname
, sudoers
[2]), 'r').read()
5526 self
.assertIn(data
, output
,
5527 'The sudoers entry was not applied')
5528 self
.assertIn(data2
, output
,
5529 'The sudoers entry was not applied')
5530 self
.assertIn(data_no_principal
, output
,
5531 'The sudoers entry was not applied')
5533 # Check that a call to gpupdate --rsop also succeeds
5535 self
.assertEqual(ret
, 0, 'gpupdate --rsop failed!')
5538 gp_db
= store
.get_gplog(machine_creds
.get_username())
5539 del_gpos
= get_deleted_gpos_list(gp_db
, [])
5540 ext
.process_group_policy(del_gpos
, [])
5541 self
.assertEqual(len(os
.listdir(dname
)), 0,
5542 'Unapply failed to cleanup scripts')
5544 # Unstage the Registry.pol file
5545 unstage_file(manifest
)
5547 def test_gp_inf_ext_utf(self
):
5548 cache_dir
= self
.lp
.get('cache directory')
5549 store
= GPOStorage(os
.path
.join(cache_dir
, 'gpo.tdb'))
5551 machine_creds
= Credentials()
5552 machine_creds
.guess(self
.lp
)
5553 machine_creds
.set_machine_account()
5555 ext
= gp_inf_ext(self
.lp
, machine_creds
,
5556 machine_creds
.get_username(), store
)
5557 test_data
= '[Kerberos Policy]\nMaxTicketAge = 99\n'
5559 with
NamedTemporaryFile() as f
:
5560 with codecs
.open(f
.name
, 'w', 'utf-16') as w
:
5563 inf_conf
= ext
.read(f
.name
)
5564 except UnicodeDecodeError:
5565 self
.fail('Failed to parse utf-16')
5566 self
.assertIn('Kerberos Policy', inf_conf
.keys(),
5567 'Kerberos Policy was not read from the file')
5568 self
.assertEqual(inf_conf
.get('Kerberos Policy', 'MaxTicketAge'),
5569 '99', 'MaxTicketAge was not read from the file')
5571 with
NamedTemporaryFile() as f
:
5572 with codecs
.open(f
.name
, 'w', 'utf-8') as w
:
5574 inf_conf
= ext
.read(f
.name
)
5575 self
.assertIn('Kerberos Policy', inf_conf
.keys(),
5576 'Kerberos Policy was not read from the file')
5577 self
.assertEqual(inf_conf
.get('Kerberos Policy', 'MaxTicketAge'),
5578 '99', 'MaxTicketAge was not read from the file')
5580 def test_rsop(self
):
5581 cache_dir
= self
.lp
.get('cache directory')
5582 local_path
= self
.lp
.cache_path('gpo_cache')
5583 store
= GPOStorage(os
.path
.join(cache_dir
, 'gpo.tdb'))
5585 machine_creds
= Credentials()
5586 machine_creds
.guess(self
.lp
)
5587 machine_creds
.set_machine_account()
5589 gpos
= get_gpo_list(self
.server
, machine_creds
, self
.lp
,
5590 machine_creds
.get_username())
5593 gp_extensions
.append(gp_krb_ext
)
5594 gp_extensions
.append(gp_scripts_ext
)
5595 gp_extensions
.append(gp_sudoers_ext
)
5596 gp_extensions
.append(gp_smb_conf_ext
)
5597 gp_extensions
.append(gp_msgs_ext
)
5599 # Create registry stage data
5600 reg_pol
= os
.path
.join(local_path
, policies
, '%s/MACHINE/REGISTRY.POL')
5601 reg_stage
= preg
.file()
5603 e
.keyname
= b
'Software\\Policies\\Samba\\Unix Settings\\Daily Scripts'
5604 e
.valuename
= b
'Software\\Policies\\Samba\\Unix Settings'
5606 e
.data
= b
'echo hello world'
5608 e2
.keyname
= b
'Software\\Policies\\Samba\\Unix Settings\\Sudo Rights'
5609 e2
.valuename
= b
'Software\\Policies\\Samba\\Unix Settings'
5611 e2
.data
= b
'fakeu ALL=(ALL) NOPASSWD: ALL'
5613 e3
.keyname
= 'Software\\Policies\\Samba\\smb_conf\\apply group policies'
5616 e3
.valuename
= 'apply group policies'
5618 e4
.keyname
= b
'Software\\Policies\\Samba\\Unix Settings\\Messages'
5619 e4
.valuename
= b
'issue'
5621 e4
.data
= b
'Welcome to \\s \\r \\l'
5622 reg_stage
.num_entries
= 4
5623 reg_stage
.entries
= [e
, e2
, e3
, e4
]
5625 # Create krb stage date
5626 gpofile
= os
.path
.join(local_path
, policies
, '%s/MACHINE/MICROSOFT/' \
5627 'WINDOWS NT/SECEDIT/GPTTMPL.INF')
5628 krb_stage
= '[Kerberos Policy]\nMaxTicketAge = 99\n' \
5629 '[System Access]\nMinimumPasswordAge = 998\n'
5631 for g
in [g
for g
in gpos
if g
.file_sys_path
]:
5632 ret
= stage_file(gpofile
% g
.name
, krb_stage
)
5633 self
.assertTrue(ret
, 'Could not create the target %s' %
5635 ret
= stage_file(reg_pol
% g
.name
, ndr_pack(reg_stage
))
5636 self
.assertTrue(ret
, 'Could not create the target %s' %
5638 for ext
in gp_extensions
:
5639 ext
= ext(self
.lp
, machine_creds
,
5640 machine_creds
.get_username(), store
)
5642 self
.assertEqual(len(ret
.keys()), 1,
5643 'A single policy should have been displayed')
5645 # Check the Security Extension
5646 if type(ext
) == gp_krb_ext
:
5647 self
.assertIn('Kerberos Policy', ret
.keys(),
5648 'Kerberos Policy not found')
5649 self
.assertIn('MaxTicketAge', ret
['Kerberos Policy'],
5650 'MaxTicketAge setting not found')
5651 self
.assertEqual(ret
['Kerberos Policy']['MaxTicketAge'], '99',
5652 'MaxTicketAge was not set to 99')
5653 # Check the Scripts Extension
5654 elif type(ext
) == gp_scripts_ext
:
5655 self
.assertIn('Daily Scripts', ret
.keys(),
5656 'Daily Scripts not found')
5657 self
.assertIn('echo hello world', ret
['Daily Scripts'],
5658 'Daily script was not created')
5659 # Check the Sudoers Extension
5660 elif type(ext
) == gp_sudoers_ext
:
5661 self
.assertIn('Sudo Rights', ret
.keys(),
5662 'Sudoers not found')
5663 self
.assertIn('fakeu ALL=(ALL) NOPASSWD: ALL',
5665 'Sudoers policy not created')
5666 # Check the smb.conf Extension
5667 elif type(ext
) == gp_smb_conf_ext
:
5668 self
.assertIn('smb.conf', ret
.keys(),
5669 'apply group policies was not applied')
5670 self
.assertIn(e3
.valuename
, ret
['smb.conf'],
5671 'apply group policies was not applied')
5672 self
.assertEqual(ret
['smb.conf'][e3
.valuename
], e3
.data
,
5673 'apply group policies was not set')
5674 # Check the Messages Extension
5675 elif type(ext
) == gp_msgs_ext
:
5676 self
.assertIn('/etc/issue', ret
,
5677 'Login Prompt Message not applied')
5678 self
.assertEqual(ret
['/etc/issue'], e4
.data
,
5679 'Login Prompt Message not set')
5681 # Check that a call to gpupdate --rsop also succeeds
5683 self
.assertEqual(ret
, 0, 'gpupdate --rsop failed!')
5685 unstage_file(gpofile
% g
.name
)
5686 unstage_file(reg_pol
% g
.name
)
5688 def test_gp_unapply(self
):
5689 cache_dir
= self
.lp
.get('cache directory')
5690 local_path
= self
.lp
.cache_path('gpo_cache')
5691 guid
= '{31B2F340-016D-11D2-945F-00C04FB984F9}'
5692 store
= GPOStorage(os
.path
.join(cache_dir
, 'gpo.tdb'))
5694 machine_creds
= Credentials()
5695 machine_creds
.guess(self
.lp
)
5696 machine_creds
.set_machine_account()
5698 gpos
= get_gpo_list(self
.server
, machine_creds
, self
.lp
,
5699 machine_creds
.get_username())
5702 gp_extensions
.append(gp_krb_ext
)
5703 gp_extensions
.append(gp_scripts_ext
)
5704 gp_extensions
.append(gp_sudoers_ext
)
5706 # Create registry stage data
5707 reg_pol
= os
.path
.join(local_path
, policies
, '%s/MACHINE/REGISTRY.POL')
5708 reg_stage
= preg
.file()
5710 e
.keyname
= b
'Software\\Policies\\Samba\\Unix Settings\\Daily Scripts'
5711 e
.valuename
= b
'Software\\Policies\\Samba\\Unix Settings'
5713 e
.data
= b
'echo hello world'
5715 e2
.keyname
= b
'Software\\Policies\\Samba\\Unix Settings\\Sudo Rights'
5716 e2
.valuename
= b
'Software\\Policies\\Samba\\Unix Settings'
5718 e2
.data
= b
'fakeu ALL=(ALL) NOPASSWD: ALL'
5719 reg_stage
.num_entries
= 2
5720 reg_stage
.entries
= [e
, e2
]
5722 # Create krb stage date
5723 gpofile
= os
.path
.join(local_path
, policies
, '%s/MACHINE/MICROSOFT/' \
5724 'WINDOWS NT/SECEDIT/GPTTMPL.INF')
5725 krb_stage
= '[Kerberos Policy]\nMaxTicketAge = 99\n'
5727 ret
= stage_file(gpofile
% guid
, krb_stage
)
5728 self
.assertTrue(ret
, 'Could not create the target %s' %
5730 ret
= stage_file(reg_pol
% guid
, ndr_pack(reg_stage
))
5731 self
.assertTrue(ret
, 'Could not create the target %s' %
5734 # Process all gpos, with temp output directory
5736 with
TemporaryDirectory() as dname
:
5737 for ext
in gp_extensions
:
5738 ext
= ext(self
.lp
, machine_creds
,
5739 machine_creds
.get_username(), store
)
5740 if type(ext
) == gp_krb_ext
:
5741 ext
.process_group_policy([], gpos
)
5742 ret
= store
.get_int('kdc:user_ticket_lifetime')
5743 self
.assertEqual(ret
, 99, 'Kerberos policy was not set')
5744 elif type(ext
) in [gp_scripts_ext
, gp_sudoers_ext
]:
5745 ext
.process_group_policy([], gpos
, dname
)
5746 gp_db
= store
.get_gplog(machine_creds
.get_username())
5747 applied_settings
= gp_db
.get_applied_settings([guid
])
5748 for _
, fname
in applied_settings
[-1][-1][str(ext
)].items():
5749 fname
= fname
.split(':')[-1]
5750 self
.assertIn(dname
, fname
,
5751 'Test file not created in tmp dir')
5752 self
.assertTrue(os
.path
.exists(fname
),
5753 'Test file not created')
5754 remove
.append(fname
)
5756 # Unapply policy, and ensure policies are removed
5757 gpupdate_unapply(self
.lp
)
5759 for fname
in remove
:
5760 self
.assertFalse(os
.path
.exists(fname
),
5761 'Unapply did not remove test file')
5762 ret
= store
.get_int('kdc:user_ticket_lifetime')
5763 self
.assertNotEqual(ret
, 99, 'Kerberos policy was not unapplied')
5765 unstage_file(gpofile
% guid
)
5766 unstage_file(reg_pol
% guid
)
5768 def test_smb_conf_ext(self
):
5769 local_path
= self
.lp
.cache_path('gpo_cache')
5770 guids
= ['{31B2F340-016D-11D2-945F-00C04FB984F9}',
5771 '{6AC1786C-016F-11D2-945F-00C04FB984F9}']
5772 reg_pol
= os
.path
.join(local_path
, policies
, guids
[0],
5773 'MACHINE/REGISTRY.POL')
5774 reg_pol2
= os
.path
.join(local_path
, policies
, guids
[1],
5775 'MACHINE/REGISTRY.POL')
5776 cache_dir
= self
.lp
.get('cache directory')
5777 store
= GPOStorage(os
.path
.join(cache_dir
, 'gpo.tdb'))
5779 machine_creds
= Credentials()
5780 machine_creds
.guess(self
.lp
)
5781 machine_creds
.set_machine_account()
5783 gpos
= get_gpo_list(self
.server
, machine_creds
, self
.lp
,
5784 machine_creds
.get_username())
5788 e
.keyname
= 'Software\\Policies\\Samba\\smb_conf\\template homedir'
5790 e
.data
= '/home/samba/%D/%U'
5791 e
.valuename
= 'template homedir'
5794 e
.keyname
= 'Software\\Policies\\Samba\\smb_conf\\apply group policies'
5797 e
.valuename
= 'apply group policies'
5800 e
.keyname
= 'Software\\Policies\\Samba\\smb_conf\\ldap timeout'
5803 e
.valuename
= 'ldap timeout'
5806 stage
.num_entries
= len(entries
)
5807 stage
.entries
= entries
5809 ret
= stage_file(reg_pol
, ndr_pack(stage
))
5810 self
.assertTrue(ret
, 'Failed to create the Registry.pol file')
5812 # Stage the other Registry.pol
5815 e
.keyname
= 'Software\\Policies\\Samba\\smb_conf\\apply group policies'
5818 e
.valuename
= 'apply group policies'
5821 stage
.num_entries
= len(entries
)
5822 stage
.entries
= entries
5823 ret
= stage_file(reg_pol2
, ndr_pack(stage
))
5824 self
.assertTrue(ret
, 'Failed to create the Registry.pol file')
5826 with
NamedTemporaryFile(suffix
='_smb.conf') as f
:
5827 copyfile(self
.lp
.configfile
, f
.name
)
5828 lp
= LoadParm(f
.name
)
5830 # Initialize the group policy extension
5831 ext
= gp_smb_conf_ext(lp
, machine_creds
,
5832 machine_creds
.get_username(), store
)
5833 ext
.process_group_policy([], gpos
)
5834 lp
= LoadParm(f
.name
)
5836 template_homedir
= lp
.get('template homedir')
5837 self
.assertEqual(template_homedir
, '/home/samba/%D/%U',
5838 'template homedir was not applied')
5839 apply_group_policies
= lp
.get('apply group policies')
5840 self
.assertFalse(apply_group_policies
,
5841 'apply group policies was not applied')
5842 ldap_timeout
= lp
.get('ldap timeout')
5843 self
.assertEqual(ldap_timeout
, 9999, 'ldap timeout was not applied')
5845 # Force apply with removal of second GPO
5846 gp_db
= store
.get_gplog(machine_creds
.get_username())
5847 del_gpos
= gp_db
.get_applied_settings([guids
[1]])
5848 gpos
= [gpo
for gpo
in gpos
if gpo
.name
!= guids
[1]]
5849 ext
.process_group_policy(del_gpos
, gpos
)
5850 lp
= LoadParm(f
.name
)
5852 template_homedir
= lp
.get('template homedir')
5853 self
.assertEqual(template_homedir
, '/home/samba/%D/%U',
5854 'template homedir was not applied')
5855 apply_group_policies
= lp
.get('apply group policies')
5856 self
.assertTrue(apply_group_policies
,
5857 'apply group policies was not applied')
5858 ldap_timeout
= lp
.get('ldap timeout')
5859 self
.assertEqual(ldap_timeout
, 9999, 'ldap timeout was not applied')
5861 # Check that a call to gpupdate --rsop also succeeds
5863 self
.assertEqual(ret
, 0, 'gpupdate --rsop failed!')
5866 del_gpos
= get_deleted_gpos_list(gp_db
, [])
5867 ext
.process_group_policy(del_gpos
, [])
5869 lp
= LoadParm(f
.name
)
5871 template_homedir
= lp
.get('template homedir')
5872 self
.assertEqual(template_homedir
, self
.lp
.get('template homedir'),
5873 'template homedir was not unapplied')
5874 apply_group_policies
= lp
.get('apply group policies')
5875 self
.assertEqual(apply_group_policies
, self
.lp
.get('apply group policies'),
5876 'apply group policies was not unapplied')
5877 ldap_timeout
= lp
.get('ldap timeout')
5878 self
.assertEqual(ldap_timeout
, self
.lp
.get('ldap timeout'),
5879 'ldap timeout was not unapplied')
5881 # Unstage the Registry.pol file
5882 unstage_file(reg_pol
)
5884 def test_gp_motd(self
):
5885 local_path
= self
.lp
.cache_path('gpo_cache')
5886 guids
= ['{31B2F340-016D-11D2-945F-00C04FB984F9}',
5887 '{6AC1786C-016F-11D2-945F-00C04FB984F9}']
5888 reg_pol
= os
.path
.join(local_path
, policies
, guids
[0],
5889 'MACHINE/REGISTRY.POL')
5890 reg_pol2
= os
.path
.join(local_path
, policies
, guids
[1],
5891 'MACHINE/REGISTRY.POL')
5892 cache_dir
= self
.lp
.get('cache directory')
5893 store
= GPOStorage(os
.path
.join(cache_dir
, 'gpo.tdb'))
5895 machine_creds
= Credentials()
5896 machine_creds
.guess(self
.lp
)
5897 machine_creds
.set_machine_account()
5899 # Initialize the group policy extension
5900 ext
= gp_msgs_ext(self
.lp
, machine_creds
,
5901 machine_creds
.get_username(), store
)
5903 gpos
= get_gpo_list(self
.server
, machine_creds
, self
.lp
,
5904 machine_creds
.get_username())
5906 # Stage the Registry.pol file with test data
5909 e1
.keyname
= b
'Software\\Policies\\Samba\\Unix Settings\\Messages'
5910 e1
.valuename
= b
'motd'
5912 e1
.data
= b
'Have a lot of fun!'
5913 stage
.num_entries
= 2
5915 e2
.keyname
= b
'Software\\Policies\\Samba\\Unix Settings\\Messages'
5916 e2
.valuename
= b
'issue'
5918 e2
.data
= b
'Welcome to \\s \\r \\l'
5919 stage
.entries
= [e1
, e2
]
5920 ret
= stage_file(reg_pol
, ndr_pack(stage
))
5921 self
.assertTrue(ret
, 'Could not create the target %s' % reg_pol
)
5923 # Stage the other Registry.pol
5926 e3
.keyname
= b
'Software\\Policies\\Samba\\Unix Settings\\Messages'
5927 e3
.valuename
= b
'motd'
5929 e3
.data
= b
'This should overwrite the first policy'
5930 stage
.num_entries
= 1
5931 stage
.entries
= [e3
]
5932 ret
= stage_file(reg_pol2
, ndr_pack(stage
))
5933 self
.assertTrue(ret
, 'Could not create the target %s' % reg_pol2
)
5935 # Process all gpos, with temp output directory
5936 with
TemporaryDirectory() as dname
:
5937 ext
.process_group_policy([], gpos
, dname
)
5938 motd_file
= os
.path
.join(dname
, 'motd')
5939 self
.assertTrue(os
.path
.exists(motd_file
),
5940 'Message of the day file not created')
5941 data
= open(motd_file
, 'r').read()
5942 self
.assertEqual(data
, e3
.data
, 'Message of the day not applied')
5943 issue_file
= os
.path
.join(dname
, 'issue')
5944 self
.assertTrue(os
.path
.exists(issue_file
),
5945 'Login Prompt Message file not created')
5946 data
= open(issue_file
, 'r').read()
5947 self
.assertEqual(data
, e2
.data
, 'Login Prompt Message not applied')
5949 # Force apply with removal of second GPO
5950 gp_db
= store
.get_gplog(machine_creds
.get_username())
5951 del_gpos
= gp_db
.get_applied_settings([guids
[1]])
5952 gpos
= [gpo
for gpo
in gpos
if gpo
.name
!= guids
[1]]
5953 ext
.process_group_policy(del_gpos
, gpos
, dname
)
5955 self
.assertTrue(os
.path
.exists(motd_file
),
5956 'Message of the day file not created')
5957 data
= open(motd_file
, 'r').read()
5958 self
.assertEqual(data
, e1
.data
, 'Message of the day not applied')
5959 issue_file
= os
.path
.join(dname
, 'issue')
5960 self
.assertTrue(os
.path
.exists(issue_file
),
5961 'Login Prompt Message file not created')
5962 data
= open(issue_file
, 'r').read()
5963 self
.assertEqual(data
, e2
.data
, 'Login Prompt Message not applied')
5965 # Check that a call to gpupdate --rsop also succeeds
5967 self
.assertEqual(ret
, 0, 'gpupdate --rsop failed!')
5969 # Unapply policy, and ensure the test files are removed
5970 del_gpos
= get_deleted_gpos_list(gp_db
, [])
5971 ext
.process_group_policy(del_gpos
, [], dname
)
5972 data
= open(motd_file
, 'r').read()
5973 self
.assertFalse(data
, 'Message of the day file not removed')
5974 data
= open(issue_file
, 'r').read()
5975 self
.assertFalse(data
, 'Login Prompt Message file not removed')
5977 # Unstage the Registry.pol file
5978 unstage_file(reg_pol
)
5980 def test_vgp_symlink(self
):
5981 local_path
= self
.lp
.cache_path('gpo_cache')
5982 guid
= '{31B2F340-016D-11D2-945F-00C04FB984F9}'
5983 manifest
= os
.path
.join(local_path
, policies
, guid
, 'MACHINE',
5984 'VGP/VTLA/UNIX/SYMLINK/MANIFEST.XML')
5985 cache_dir
= self
.lp
.get('cache directory')
5986 store
= GPOStorage(os
.path
.join(cache_dir
, 'gpo.tdb'))
5988 machine_creds
= Credentials()
5989 machine_creds
.guess(self
.lp
)
5990 machine_creds
.set_machine_account()
5992 # Initialize the group policy extension
5993 ext
= vgp_symlink_ext(self
.lp
, machine_creds
,
5994 machine_creds
.get_username(), store
)
5996 gpos
= get_gpo_list(self
.server
, machine_creds
, self
.lp
,
5997 machine_creds
.get_username())
5999 with
TemporaryDirectory() as dname
:
6000 test_source
= os
.path
.join(dname
, 'test.source')
6001 test_target
= os
.path
.join(dname
, 'test.target')
6003 # Stage the manifest.xml file with test data
6004 stage
= etree
.Element('vgppolicy')
6005 policysetting
= etree
.Element('policysetting')
6006 stage
.append(policysetting
)
6007 version
= etree
.Element('version')
6009 policysetting
.append(version
)
6010 data
= etree
.Element('data')
6011 file_properties
= etree
.Element('file_properties')
6012 source
= etree
.Element('source')
6013 source
.text
= test_source
6014 file_properties
.append(source
)
6015 target
= etree
.Element('target')
6016 target
.text
= test_target
6017 file_properties
.append(target
)
6018 data
.append(file_properties
)
6019 policysetting
.append(data
)
6020 ret
= stage_file(manifest
, etree
.tostring(stage
))
6021 self
.assertTrue(ret
, 'Could not create the target %s' % manifest
)
6023 # Create test source
6024 test_source_data
= 'hello world!'
6025 with
open(test_source
, 'w') as w
:
6026 w
.write(test_source_data
)
6028 # Process all gpos, with temp output directory
6029 ext
.process_group_policy([], gpos
)
6030 self
.assertTrue(os
.path
.exists(test_target
),
6031 'The test symlink was not created')
6032 self
.assertTrue(os
.path
.islink(test_target
),
6033 'The test file is not a symlink')
6034 self
.assertIn(test_source_data
, open(test_target
, 'r').read(),
6035 'Reading from symlink does not produce source data')
6037 # Unapply the policy, ensure removal
6038 gp_db
= store
.get_gplog(machine_creds
.get_username())
6039 del_gpos
= get_deleted_gpos_list(gp_db
, [])
6040 ext
.process_group_policy(del_gpos
, [])
6041 self
.assertFalse(os
.path
.exists(test_target
),
6042 'The test symlink was not delete')
6045 ret
= ext
.rsop([g
for g
in gpos
if g
.name
== guid
][0])
6046 self
.assertIn('ln -s %s %s' % (test_source
, test_target
),
6047 list(ret
.values())[0])
6049 # Check that a call to gpupdate --rsop also succeeds
6051 self
.assertEqual(ret
, 0, 'gpupdate --rsop failed!')
6053 # Unstage the manifest.xml file
6054 unstage_file(manifest
)
6056 def test_vgp_files(self
):
6057 local_path
= self
.lp
.cache_path('gpo_cache')
6058 guid
= '{31B2F340-016D-11D2-945F-00C04FB984F9}'
6059 manifest
= os
.path
.join(local_path
, policies
, guid
, 'MACHINE',
6060 'VGP/VTLA/UNIX/FILES/MANIFEST.XML')
6061 source_file
= os
.path
.join(os
.path
.dirname(manifest
), 'TEST.SOURCE')
6062 source_data
= '#!/bin/sh\necho hello world'
6063 ret
= stage_file(source_file
, source_data
)
6064 self
.assertTrue(ret
, 'Could not create the target %s' % source_file
)
6065 cache_dir
= self
.lp
.get('cache directory')
6066 store
= GPOStorage(os
.path
.join(cache_dir
, 'gpo.tdb'))
6068 machine_creds
= Credentials()
6069 machine_creds
.guess(self
.lp
)
6070 machine_creds
.set_machine_account()
6072 # Initialize the group policy extension
6073 ext
= vgp_files_ext(self
.lp
, machine_creds
,
6074 machine_creds
.get_username(), store
)
6076 gpos
= get_gpo_list(self
.server
, machine_creds
, self
.lp
,
6077 machine_creds
.get_username())
6079 # Stage the manifest.xml file with test data
6080 with
TemporaryDirectory() as dname
:
6081 stage
= etree
.Element('vgppolicy')
6082 policysetting
= etree
.Element('policysetting')
6083 stage
.append(policysetting
)
6084 version
= etree
.Element('version')
6086 policysetting
.append(version
)
6087 data
= etree
.Element('data')
6088 file_properties
= etree
.SubElement(data
, 'file_properties')
6089 source
= etree
.SubElement(file_properties
, 'source')
6090 source
.text
= os
.path
.basename(source_file
).lower()
6091 target
= etree
.SubElement(file_properties
, 'target')
6092 target
.text
= os
.path
.join(dname
, 'test.target')
6093 user
= etree
.SubElement(file_properties
, 'user')
6094 user
.text
= pwd
.getpwuid(os
.getuid()).pw_name
6095 group
= etree
.SubElement(file_properties
, 'group')
6096 group
.text
= grp
.getgrgid(os
.getgid()).gr_name
6097 # Request permissions of 755
6098 permissions
= etree
.SubElement(file_properties
, 'permissions')
6099 permissions
.set('type', 'user')
6100 etree
.SubElement(permissions
, 'read')
6101 etree
.SubElement(permissions
, 'write')
6102 etree
.SubElement(permissions
, 'execute')
6103 permissions
= etree
.SubElement(file_properties
, 'permissions')
6104 permissions
.set('type', 'group')
6105 etree
.SubElement(permissions
, 'read')
6106 etree
.SubElement(permissions
, 'execute')
6107 permissions
= etree
.SubElement(file_properties
, 'permissions')
6108 permissions
.set('type', 'other')
6109 etree
.SubElement(permissions
, 'read')
6110 etree
.SubElement(permissions
, 'execute')
6111 policysetting
.append(data
)
6112 ret
= stage_file(manifest
, etree
.tostring(stage
))
6113 self
.assertTrue(ret
, 'Could not create the target %s' % manifest
)
6115 # Process all gpos, with temp output directory
6116 ext
.process_group_policy([], gpos
)
6117 self
.assertTrue(os
.path
.exists(target
.text
),
6118 'The target file does not exist')
6119 self
.assertEqual(os
.stat(target
.text
).st_mode
& 0o777, 0o755,
6120 'The target file permissions are incorrect')
6121 self
.assertEqual(open(target
.text
).read(), source_data
,
6122 'The target file contents are incorrect')
6125 gp_db
= store
.get_gplog(machine_creds
.get_username())
6126 del_gpos
= get_deleted_gpos_list(gp_db
, [])
6127 ext
.process_group_policy(del_gpos
, [])
6128 self
.assertFalse(os
.path
.exists(target
.text
),
6129 'The target file was not removed')
6132 g
= [g
for g
in gpos
if g
.name
== guid
][0]
6134 self
.assertIn(target
.text
, list(ret
.values())[0][0],
6135 'The target file was not listed by rsop')
6136 self
.assertIn('-rwxr-xr-x', list(ret
.values())[0][0],
6137 'The target permissions were not listed by rsop')
6139 # Check that a call to gpupdate --rsop also succeeds
6141 self
.assertEqual(ret
, 0, 'gpupdate --rsop failed!')
6143 # Unstage the manifest and source files
6144 unstage_file(manifest
)
6145 unstage_file(source_file
)
6147 def test_vgp_openssh(self
):
6148 local_path
= self
.lp
.cache_path('gpo_cache')
6149 guid
= '{31B2F340-016D-11D2-945F-00C04FB984F9}'
6150 manifest
= os
.path
.join(local_path
, policies
, guid
, 'MACHINE',
6151 'VGP/VTLA/SSHCFG/SSHD/MANIFEST.XML')
6152 cache_dir
= self
.lp
.get('cache directory')
6153 store
= GPOStorage(os
.path
.join(cache_dir
, 'gpo.tdb'))
6155 machine_creds
= Credentials()
6156 machine_creds
.guess(self
.lp
)
6157 machine_creds
.set_machine_account()
6159 # Initialize the group policy extension
6160 ext
= vgp_openssh_ext(self
.lp
, machine_creds
,
6161 machine_creds
.get_username(), store
)
6163 gpos
= get_gpo_list(self
.server
, machine_creds
, self
.lp
,
6164 machine_creds
.get_username())
6166 # Stage the manifest.xml file with test data
6167 stage
= etree
.Element('vgppolicy')
6168 policysetting
= etree
.Element('policysetting')
6169 stage
.append(policysetting
)
6170 version
= etree
.Element('version')
6172 policysetting
.append(version
)
6173 data
= etree
.Element('data')
6174 configfile
= etree
.Element('configfile')
6175 configsection
= etree
.Element('configsection')
6176 sectionname
= etree
.Element('sectionname')
6177 configsection
.append(sectionname
)
6178 kvpair
= etree
.Element('keyvaluepair')
6179 key
= etree
.Element('key')
6180 key
.text
= 'AddressFamily'
6182 value
= etree
.Element('value')
6183 value
.text
= 'inet6'
6184 kvpair
.append(value
)
6185 configsection
.append(kvpair
)
6186 configfile
.append(configsection
)
6187 data
.append(configfile
)
6188 policysetting
.append(data
)
6189 ret
= stage_file(manifest
, etree
.tostring(stage
))
6190 self
.assertTrue(ret
, 'Could not create the target %s' % manifest
)
6192 # Process all gpos, with temp output directory
6193 data
= 'AddressFamily inet6'
6194 with
TemporaryDirectory() as dname
:
6195 ext
.process_group_policy([], gpos
, dname
)
6196 conf
= os
.listdir(dname
)
6197 self
.assertEqual(len(conf
), 1, 'The conf file was not created')
6198 gp_cfg
= os
.path
.join(dname
, conf
[0])
6199 self
.assertIn(data
, open(gp_cfg
, 'r').read(),
6200 'The sshd_config entry was not applied')
6202 # Check that a call to gpupdate --rsop also succeeds
6204 self
.assertEqual(ret
, 0, 'gpupdate --rsop failed!')
6207 gp_db
= store
.get_gplog(machine_creds
.get_username())
6208 del_gpos
= get_deleted_gpos_list(gp_db
, [])
6209 ext
.process_group_policy(del_gpos
, [], dname
)
6210 self
.assertFalse(os
.path
.exists(gp_cfg
),
6211 'Unapply failed to cleanup config')
6213 # Unstage the Registry.pol file
6214 unstage_file(manifest
)
6216 def test_vgp_startup_scripts(self
):
6217 local_path
= self
.lp
.cache_path('gpo_cache')
6218 guid
= '{31B2F340-016D-11D2-945F-00C04FB984F9}'
6219 manifest
= os
.path
.join(local_path
, policies
, guid
, 'MACHINE',
6220 'VGP/VTLA/UNIX/SCRIPTS/STARTUP/MANIFEST.XML')
6221 test_script
= os
.path
.join(os
.path
.dirname(manifest
), 'TEST.SH')
6222 test_data
= '#!/bin/sh\necho $@ hello world'
6223 ret
= stage_file(test_script
, test_data
)
6224 self
.assertTrue(ret
, 'Could not create the target %s' % test_script
)
6225 cache_dir
= self
.lp
.get('cache directory')
6226 store
= GPOStorage(os
.path
.join(cache_dir
, 'gpo.tdb'))
6228 machine_creds
= Credentials()
6229 machine_creds
.guess(self
.lp
)
6230 machine_creds
.set_machine_account()
6232 # Initialize the group policy extension
6233 ext
= vgp_startup_scripts_ext(self
.lp
, machine_creds
,
6234 machine_creds
.get_username(), store
)
6236 gpos
= get_gpo_list(self
.server
, machine_creds
, self
.lp
,
6237 machine_creds
.get_username())
6239 # Stage the manifest.xml file with test data
6240 stage
= etree
.Element('vgppolicy')
6241 policysetting
= etree
.SubElement(stage
, 'policysetting')
6242 version
= etree
.SubElement(policysetting
, 'version')
6244 data
= etree
.SubElement(policysetting
, 'data')
6245 listelement
= etree
.SubElement(data
, 'listelement')
6246 script
= etree
.SubElement(listelement
, 'script')
6247 script
.text
= os
.path
.basename(test_script
).lower()
6248 parameters
= etree
.SubElement(listelement
, 'parameters')
6249 parameters
.text
= '-n'
6250 hash = etree
.SubElement(listelement
, 'hash')
6252 hashlib
.md5(open(test_script
, 'rb').read()).hexdigest().upper()
6253 run_as
= etree
.SubElement(listelement
, 'run_as')
6254 run_as
.text
= 'root'
6255 ret
= stage_file(manifest
, etree
.tostring(stage
))
6256 self
.assertTrue(ret
, 'Could not create the target %s' % manifest
)
6258 # Process all gpos, with temp output directory
6259 with
TemporaryDirectory() as dname
:
6260 ext
.process_group_policy([], gpos
, dname
)
6261 files
= os
.listdir(dname
)
6262 self
.assertEqual(len(files
), 1,
6263 'The target script was not created')
6264 entry
= '@reboot %s %s %s' % (run_as
.text
, test_script
,
6266 self
.assertIn(entry
,
6267 open(os
.path
.join(dname
, files
[0]), 'r').read(),
6268 'The test entry was not found')
6271 gp_db
= store
.get_gplog(machine_creds
.get_username())
6272 del_gpos
= get_deleted_gpos_list(gp_db
, [])
6273 ext
.process_group_policy(del_gpos
, [])
6274 files
= os
.listdir(dname
)
6275 self
.assertEqual(len(files
), 0,
6276 'The target script was not removed')
6279 g
= [g
for g
in gpos
if g
.name
== guid
][0]
6281 self
.assertIn(entry
, list(ret
.values())[0][0],
6282 'The target entry was not listed by rsop')
6284 # Check that a call to gpupdate --rsop also succeeds
6286 self
.assertEqual(ret
, 0, 'gpupdate --rsop failed!')
6288 # Unstage the manifest.xml and script files
6289 unstage_file(manifest
)
6291 # Stage the manifest.xml file for run once scripts
6292 etree
.SubElement(listelement
, 'run_once')
6293 run_as
.text
= pwd
.getpwuid(os
.getuid()).pw_name
6294 ret
= stage_file(manifest
, etree
.tostring(stage
))
6295 self
.assertTrue(ret
, 'Could not create the target %s' % manifest
)
6297 # Process all gpos, with temp output directory
6298 # A run once script will be executed immediately,
6299 # instead of creating a cron job
6300 with
TemporaryDirectory() as dname
:
6301 test_file
= '%s/TESTING.txt' % dname
6302 test_data
= '#!/bin/sh\ntouch %s' % test_file
6303 ret
= stage_file(test_script
, test_data
)
6304 self
.assertTrue(ret
, 'Could not create the target %s' % test_script
)
6306 ext
.process_group_policy([], gpos
, dname
)
6307 files
= os
.listdir(dname
)
6308 self
.assertEqual(len(files
), 1,
6309 'The test file was not created')
6310 self
.assertEqual(files
[0], os
.path
.basename(test_file
),
6311 'The test file was not created')
6313 # Unlink the test file and ensure that processing
6314 # policy again does not recreate it.
6315 os
.unlink(test_file
)
6316 ext
.process_group_policy([], gpos
, dname
)
6317 files
= os
.listdir(dname
)
6318 self
.assertEqual(len(files
), 0,
6319 'The test file should not have been created')
6322 gp_db
= store
.get_gplog(machine_creds
.get_username())
6323 del_gpos
= get_deleted_gpos_list(gp_db
, [])
6324 ext
.process_group_policy(del_gpos
, [])
6327 entry
= 'Run once as: %s `%s %s`' % (run_as
.text
, test_script
,
6329 g
= [g
for g
in gpos
if g
.name
== guid
][0]
6331 self
.assertIn(entry
, list(ret
.values())[0][0],
6332 'The target entry was not listed by rsop')
6334 # Check that a call to gpupdate --rsop also succeeds
6336 self
.assertEqual(ret
, 0, 'gpupdate --rsop failed!')
6338 # Unstage the manifest.xml and script files
6339 unstage_file(manifest
)
6341 # Stage the manifest.xml file for a script without parameters
6342 stage
= etree
.Element('vgppolicy')
6343 policysetting
= etree
.SubElement(stage
, 'policysetting')
6344 version
= etree
.SubElement(policysetting
, 'version')
6346 data
= etree
.SubElement(policysetting
, 'data')
6347 listelement
= etree
.SubElement(data
, 'listelement')
6348 script
= etree
.SubElement(listelement
, 'script')
6349 script
.text
= os
.path
.basename(test_script
).lower()
6350 hash = etree
.SubElement(listelement
, 'hash')
6352 hashlib
.md5(open(test_script
, 'rb').read()).hexdigest().upper()
6353 run_as
= etree
.SubElement(listelement
, 'run_as')
6354 run_as
.text
= 'root'
6355 ret
= stage_file(manifest
, etree
.tostring(stage
))
6356 self
.assertTrue(ret
, 'Could not create the target %s' % manifest
)
6358 # Process all gpos, with temp output directory
6359 with
TemporaryDirectory() as dname
:
6361 ext
.process_group_policy([], gpos
, dname
)
6362 except Exception as e
:
6364 files
= os
.listdir(dname
)
6365 self
.assertEqual(len(files
), 1,
6366 'The target script was not created')
6367 entry
= '@reboot %s %s' % (run_as
.text
, test_script
)
6368 self
.assertIn(entry
,
6369 open(os
.path
.join(dname
, files
[0]), 'r').read(),
6370 'The test entry was not found')
6373 gp_db
= store
.get_gplog(machine_creds
.get_username())
6374 del_gpos
= get_deleted_gpos_list(gp_db
, [])
6375 ext
.process_group_policy(del_gpos
, [])
6376 files
= os
.listdir(dname
)
6377 self
.assertEqual(len(files
), 0,
6378 'The target script was not removed')
6381 g
= [g
for g
in gpos
if g
.name
== guid
][0]
6383 self
.assertIn(entry
, list(ret
.values())[0][0],
6384 'The target entry was not listed by rsop')
6386 # Check that a call to gpupdate --rsop also succeeds
6388 self
.assertEqual(ret
, 0, 'gpupdate --rsop failed!')
6390 # Unstage the manifest.xml and script files
6391 unstage_file(manifest
)
6392 unstage_file(test_script
)
6394 def test_vgp_motd(self
):
6395 local_path
= self
.lp
.cache_path('gpo_cache')
6396 guids
= ['{31B2F340-016D-11D2-945F-00C04FB984F9}',
6397 '{6AC1786C-016F-11D2-945F-00C04FB984F9}']
6398 manifest
= os
.path
.join(local_path
, policies
, guids
[0], 'MACHINE',
6399 'VGP/VTLA/UNIX/MOTD/MANIFEST.XML')
6400 manifest2
= os
.path
.join(local_path
, policies
, guids
[1], 'MACHINE',
6401 'VGP/VTLA/UNIX/MOTD/MANIFEST.XML')
6402 cache_dir
= self
.lp
.get('cache directory')
6403 store
= GPOStorage(os
.path
.join(cache_dir
, 'gpo.tdb'))
6405 machine_creds
= Credentials()
6406 machine_creds
.guess(self
.lp
)
6407 machine_creds
.set_machine_account()
6409 # Initialize the group policy extension
6410 ext
= vgp_motd_ext(self
.lp
, machine_creds
,
6411 machine_creds
.get_username(), store
)
6413 gpos
= get_gpo_list(self
.server
, machine_creds
, self
.lp
,
6414 machine_creds
.get_username())
6416 # Stage the manifest.xml file with test data
6417 stage
= etree
.Element('vgppolicy')
6418 policysetting
= etree
.SubElement(stage
, 'policysetting')
6419 version
= etree
.SubElement(policysetting
, 'version')
6421 data
= etree
.SubElement(policysetting
, 'data')
6422 filename
= etree
.SubElement(data
, 'filename')
6423 filename
.text
= 'motd'
6424 text
= etree
.SubElement(data
, 'text')
6425 text
.text
= 'This is the message of the day'
6426 ret
= stage_file(manifest
, etree
.tostring(stage
))
6427 self
.assertTrue(ret
, 'Could not create the target %s' % manifest
)
6429 # Stage the other manifest.xml
6430 stage
= etree
.Element('vgppolicy')
6431 policysetting
= etree
.SubElement(stage
, 'policysetting')
6432 version
= etree
.SubElement(policysetting
, 'version')
6434 data
= etree
.SubElement(policysetting
, 'data')
6435 filename
= etree
.SubElement(data
, 'filename')
6436 filename
.text
= 'motd'
6437 text2
= etree
.SubElement(data
, 'text')
6438 text2
.text
= 'This should overwrite the first policy'
6439 ret
= stage_file(manifest2
, etree
.tostring(stage
))
6440 self
.assertTrue(ret
, 'Could not create the target %s' % manifest2
)
6442 # Process all gpos, with temp output directory
6443 with
NamedTemporaryFile() as f
:
6444 ext
.process_group_policy([], gpos
, f
.name
)
6445 self
.assertTrue(os
.path
.exists(f
.name
),
6446 'Message of the day file not created')
6447 data
= open(f
.name
, 'r').read()
6448 self
.assertEqual(data
, text2
.text
, 'Message of the day not applied')
6450 # Force apply with removal of second GPO
6451 gp_db
= store
.get_gplog(machine_creds
.get_username())
6452 del_gpos
= gp_db
.get_applied_settings([guids
[1]])
6453 gpos
= [gpo
for gpo
in gpos
if gpo
.name
!= guids
[1]]
6454 ext
.process_group_policy(del_gpos
, gpos
, f
.name
)
6456 self
.assertEqual(open(f
.name
, 'r').read(), text
.text
,
6457 'The motd was not applied')
6459 # Check that a call to gpupdate --rsop also succeeds
6461 self
.assertEqual(ret
, 0, 'gpupdate --rsop failed!')
6464 del_gpos
= get_deleted_gpos_list(gp_db
, [])
6465 ext
.process_group_policy(del_gpos
, [], f
.name
)
6466 self
.assertNotEqual(open(f
.name
, 'r').read(), text
.text
,
6467 'The motd was not unapplied')
6469 # Unstage the manifest files
6470 unstage_file(manifest
)
6471 unstage_file(manifest2
)
6473 def test_vgp_issue(self
):
6474 local_path
= self
.lp
.cache_path('gpo_cache')
6475 guids
= ['{31B2F340-016D-11D2-945F-00C04FB984F9}',
6476 '{6AC1786C-016F-11D2-945F-00C04FB984F9}']
6477 manifest
= os
.path
.join(local_path
, policies
, guids
[0], 'MACHINE',
6478 'VGP/VTLA/UNIX/ISSUE/MANIFEST.XML')
6479 manifest2
= os
.path
.join(local_path
, policies
, guids
[1], 'MACHINE',
6480 'VGP/VTLA/UNIX/ISSUE/MANIFEST.XML')
6481 cache_dir
= self
.lp
.get('cache directory')
6482 store
= GPOStorage(os
.path
.join(cache_dir
, 'gpo.tdb'))
6484 machine_creds
= Credentials()
6485 machine_creds
.guess(self
.lp
)
6486 machine_creds
.set_machine_account()
6488 # Initialize the group policy extension
6489 ext
= vgp_issue_ext(self
.lp
, machine_creds
,
6490 machine_creds
.get_username(), store
)
6492 gpos
= get_gpo_list(self
.server
, machine_creds
, self
.lp
,
6493 machine_creds
.get_username())
6495 # Stage the manifest.xml file with test data
6496 stage
= etree
.Element('vgppolicy')
6497 policysetting
= etree
.SubElement(stage
, 'policysetting')
6498 version
= etree
.SubElement(policysetting
, 'version')
6500 data
= etree
.SubElement(policysetting
, 'data')
6501 filename
= etree
.SubElement(data
, 'filename')
6502 filename
.text
= 'issue'
6503 text
= etree
.SubElement(data
, 'text')
6504 text
.text
= 'Welcome to Samba!'
6505 ret
= stage_file(manifest
, etree
.tostring(stage
))
6506 self
.assertTrue(ret
, 'Could not create the target %s' % manifest
)
6508 # Stage the other manifest.xml
6509 stage
= etree
.Element('vgppolicy')
6510 policysetting
= etree
.SubElement(stage
, 'policysetting')
6511 version
= etree
.SubElement(policysetting
, 'version')
6513 data
= etree
.SubElement(policysetting
, 'data')
6514 filename
= etree
.SubElement(data
, 'filename')
6515 filename
.text
= 'issue'
6516 text2
= etree
.SubElement(data
, 'text')
6517 text2
.text
= 'This test message overwrites the first'
6518 ret
= stage_file(manifest2
, etree
.tostring(stage
))
6519 self
.assertTrue(ret
, 'Could not create the target %s' % manifest2
)
6521 # Process all gpos, with temp output directory
6522 with
NamedTemporaryFile() as f
:
6523 ext
.process_group_policy([], gpos
, f
.name
)
6524 self
.assertEqual(open(f
.name
, 'r').read(), text2
.text
,
6525 'The issue was not applied')
6527 # Force apply with removal of second GPO
6528 gp_db
= store
.get_gplog(machine_creds
.get_username())
6529 del_gpos
= gp_db
.get_applied_settings([guids
[1]])
6530 gpos
= [gpo
for gpo
in gpos
if gpo
.name
!= guids
[1]]
6531 ext
.process_group_policy(del_gpos
, gpos
, f
.name
)
6533 self
.assertEqual(open(f
.name
, 'r').read(), text
.text
,
6534 'The issue was not applied')
6536 # Check that a call to gpupdate --rsop also succeeds
6538 self
.assertEqual(ret
, 0, 'gpupdate --rsop failed!')
6541 del_gpos
= get_deleted_gpos_list(gp_db
, [])
6542 ext
.process_group_policy(del_gpos
, [], f
.name
)
6543 self
.assertNotEqual(open(f
.name
, 'r').read(), text
.text
,
6544 'The issue was not unapplied')
6546 # Unstage the manifest.xml file
6547 unstage_file(manifest
)
6549 def test_vgp_access(self
):
6550 local_path
= self
.lp
.cache_path('gpo_cache')
6551 guid
= '{31B2F340-016D-11D2-945F-00C04FB984F9}'
6552 allow
= os
.path
.join(local_path
, policies
, guid
, 'MACHINE',
6553 'VGP/VTLA/VAS/HOSTACCESSCONTROL/ALLOW/MANIFEST.XML')
6554 deny
= os
.path
.join(local_path
, policies
, guid
, 'MACHINE',
6555 'VGP/VTLA/VAS/HOSTACCESSCONTROL/DENY/MANIFEST.XML')
6556 cache_dir
= self
.lp
.get('cache directory')
6557 store
= GPOStorage(os
.path
.join(cache_dir
, 'gpo.tdb'))
6559 machine_creds
= Credentials()
6560 machine_creds
.guess(self
.lp
)
6561 machine_creds
.set_machine_account()
6563 # Initialize the group policy extension
6564 winbind_sep
= self
.lp
.get('winbind separator')
6565 self
.addCleanup(self
.lp
.set, 'winbind separator', winbind_sep
)
6566 self
.lp
.set('winbind separator', '+')
6567 ext
= vgp_access_ext(self
.lp
, machine_creds
,
6568 machine_creds
.get_username(), store
)
6570 gpos
= get_gpo_list(self
.server
, machine_creds
, self
.lp
,
6571 machine_creds
.get_username())
6573 # Stage the manifest.xml allow file
6574 stage
= etree
.Element('vgppolicy')
6575 policysetting
= etree
.SubElement(stage
, 'policysetting')
6576 version
= etree
.SubElement(policysetting
, 'version')
6578 apply_mode
= etree
.SubElement(policysetting
, 'apply_mode')
6579 apply_mode
.text
= 'merge'
6580 data
= etree
.SubElement(policysetting
, 'data')
6581 # Add an allowed user
6582 listelement
= etree
.SubElement(data
, 'listelement')
6583 otype
= etree
.SubElement(listelement
, 'type')
6585 entry
= etree
.SubElement(listelement
, 'entry')
6586 entry
.text
= 'goodguy@%s' % realm
6587 adobject
= etree
.SubElement(listelement
, 'adobject')
6588 name
= etree
.SubElement(adobject
, 'name')
6589 name
.text
= 'goodguy'
6590 domain
= etree
.SubElement(adobject
, 'domain')
6592 otype
= etree
.SubElement(adobject
, 'type')
6594 # Add an allowed group
6595 groupattr
= etree
.SubElement(data
, 'groupattr')
6596 groupattr
.text
= 'samAccountName'
6597 listelement
= etree
.SubElement(data
, 'listelement')
6598 otype
= etree
.SubElement(listelement
, 'type')
6599 otype
.text
= 'GROUP'
6600 entry
= etree
.SubElement(listelement
, 'entry')
6601 entry
.text
= '%s\\goodguys' % realm
6602 dn
= etree
.SubElement(listelement
, 'dn')
6603 dn
.text
= 'CN=goodguys,CN=Users,%s' % base_dn
6604 adobject
= etree
.SubElement(listelement
, 'adobject')
6605 name
= etree
.SubElement(adobject
, 'name')
6606 name
.text
= 'goodguys'
6607 domain
= etree
.SubElement(adobject
, 'domain')
6609 otype
= etree
.SubElement(adobject
, 'type')
6610 otype
.text
= 'group'
6611 ret
= stage_file(allow
, etree
.tostring(stage
))
6612 self
.assertTrue(ret
, 'Could not create the target %s' % allow
)
6614 # Stage the manifest.xml deny file
6615 stage
= etree
.Element('vgppolicy')
6616 policysetting
= etree
.SubElement(stage
, 'policysetting')
6617 version
= etree
.SubElement(policysetting
, 'version')
6619 apply_mode
= etree
.SubElement(policysetting
, 'apply_mode')
6620 apply_mode
.text
= 'merge'
6621 data
= etree
.SubElement(policysetting
, 'data')
6623 listelement
= etree
.SubElement(data
, 'listelement')
6624 otype
= etree
.SubElement(listelement
, 'type')
6626 entry
= etree
.SubElement(listelement
, 'entry')
6627 entry
.text
= 'badguy@%s' % realm
6628 adobject
= etree
.SubElement(listelement
, 'adobject')
6629 name
= etree
.SubElement(adobject
, 'name')
6630 name
.text
= 'badguy'
6631 domain
= etree
.SubElement(adobject
, 'domain')
6633 otype
= etree
.SubElement(adobject
, 'type')
6635 # Add a denied group
6636 groupattr
= etree
.SubElement(data
, 'groupattr')
6637 groupattr
.text
= 'samAccountName'
6638 listelement
= etree
.SubElement(data
, 'listelement')
6639 otype
= etree
.SubElement(listelement
, 'type')
6640 otype
.text
= 'GROUP'
6641 entry
= etree
.SubElement(listelement
, 'entry')
6642 entry
.text
= '%s\\badguys' % realm
6643 dn
= etree
.SubElement(listelement
, 'dn')
6644 dn
.text
= 'CN=badguys,CN=Users,%s' % base_dn
6645 adobject
= etree
.SubElement(listelement
, 'adobject')
6646 name
= etree
.SubElement(adobject
, 'name')
6647 name
.text
= 'badguys'
6648 domain
= etree
.SubElement(adobject
, 'domain')
6650 otype
= etree
.SubElement(adobject
, 'type')
6651 otype
.text
= 'group'
6652 ret
= stage_file(deny
, etree
.tostring(stage
))
6653 self
.assertTrue(ret
, 'Could not create the target %s' % deny
)
6655 # Process all gpos, with temp output directory
6656 with
TemporaryDirectory() as dname
:
6657 ext
.process_group_policy([], gpos
, dname
)
6658 conf
= os
.listdir(dname
)
6659 # There will be 2 files, the policy file and the deny file
6660 self
.assertEqual(len(conf
), 2, 'The conf file was not created')
6661 # Ignore the DENY_ALL conf file
6662 gp_cfg
= os
.path
.join(dname
,
6663 [c
for c
in conf
if '_gp_DENY_ALL.conf' not in c
][0])
6665 # Check the access config for the correct access.conf entries
6666 print('Config file %s found' % gp_cfg
)
6667 data
= open(gp_cfg
, 'r').read()
6668 self
.assertIn('+:%s+goodguy:ALL' % realm
, data
)
6669 self
.assertIn('+:%s+goodguys:ALL' % realm
, data
)
6670 self
.assertIn('-:%s+badguy:ALL' % realm
, data
)
6671 self
.assertIn('-:%s+badguys:ALL' % realm
, data
)
6673 # Check that a call to gpupdate --rsop also succeeds
6675 self
.assertEqual(ret
, 0, 'gpupdate --rsop failed!')
6678 gp_db
= store
.get_gplog(machine_creds
.get_username())
6679 del_gpos
= get_deleted_gpos_list(gp_db
, [])
6680 ext
.process_group_policy(del_gpos
, [], dname
)
6681 self
.assertFalse(os
.path
.exists(gp_cfg
),
6682 'Unapply failed to cleanup config')
6684 # Unstage the manifest.pol files
6688 def test_gnome_settings(self
):
6689 local_path
= self
.lp
.cache_path('gpo_cache')
6690 guid
= '{31B2F340-016D-11D2-945F-00C04FB984F9}'
6691 reg_pol
= os
.path
.join(local_path
, policies
, guid
,
6692 'MACHINE/REGISTRY.POL')
6693 cache_dir
= self
.lp
.get('cache directory')
6694 store
= GPOStorage(os
.path
.join(cache_dir
, 'gpo.tdb'))
6696 machine_creds
= Credentials()
6697 machine_creds
.guess(self
.lp
)
6698 machine_creds
.set_machine_account()
6700 # Initialize the group policy extension
6701 ext
= gp_gnome_settings_ext(self
.lp
, machine_creds
,
6702 machine_creds
.get_username(), store
)
6704 gpos
= get_gpo_list(self
.server
, machine_creds
, self
.lp
,
6705 machine_creds
.get_username())
6707 # Stage the Registry.pol file with test data
6708 parser
= GPPolParser()
6709 parser
.load_xml(etree
.fromstring(gnome_test_reg_pol
.strip()))
6710 ret
= stage_file(reg_pol
, ndr_pack(parser
.pol_file
))
6711 self
.assertTrue(ret
, 'Could not create the target %s' % reg_pol
)
6713 with
TemporaryDirectory() as dname
:
6714 ext
.process_group_policy([], gpos
, dname
)
6716 local_db
= os
.path
.join(dname
, 'etc/dconf/db/local.d')
6717 self
.assertTrue(os
.path
.isdir(local_db
),
6718 'Local db dir not created')
6719 def db_check(name
, data
, count
=1):
6720 db
= glob(os
.path
.join(local_db
, '*-%s' % name
))
6721 self
.assertEqual(len(db
), count
, '%s not created' % name
)
6722 file_contents
= ConfigParser()
6723 file_contents
.read(db
)
6724 for key
in data
.keys():
6725 self
.assertTrue(file_contents
.has_section(key
),
6726 'Section %s not found' % key
)
6728 for k
, v
in options
.items():
6729 v_content
= file_contents
.get(key
, k
)
6730 self
.assertEqual(v_content
, v
,
6731 '%s: %s != %s' % (key
, v_content
, v
))
6733 def del_db_check(name
):
6734 db
= glob(os
.path
.join(local_db
, '*-%s' % name
))
6735 self
.assertEqual(len(db
), 0, '%s not deleted' % name
)
6737 locks
= os
.path
.join(local_db
, 'locks')
6738 self
.assertTrue(os
.path
.isdir(local_db
), 'Locks dir not created')
6739 def lock_check(name
, items
, count
=1):
6740 lock
= glob(os
.path
.join(locks
, '*%s' % name
))
6741 self
.assertEqual(len(lock
), count
,
6742 '%s lock not created' % name
)
6744 for i
in range(count
):
6745 file_contents
.extend(open(lock
[i
], 'r').read().split('\n'))
6747 self
.assertIn(data
, file_contents
,
6748 '%s lock not created' % data
)
6750 def del_lock_check(name
):
6751 lock
= glob(os
.path
.join(locks
, '*%s' % name
))
6752 self
.assertEqual(len(lock
), 0, '%s lock not deleted' % name
)
6754 # Check the user profile
6755 user_profile
= os
.path
.join(dname
, 'etc/dconf/profile/user')
6756 self
.assertTrue(os
.path
.exists(user_profile
),
6757 'User profile not created')
6759 # Enable the compose key
6760 data
= { 'org/gnome/desktop/input-sources':
6761 { 'xkb-options': '[\'compose:ralt\']' }
6763 db_check('input-sources', data
)
6764 items
= ['/org/gnome/desktop/input-sources/xkb-options']
6765 lock_check('input-sources', items
)
6767 # Dim screen when user is idle
6768 data
= { 'org/gnome/settings-daemon/plugins/power':
6769 { 'idle-dim': 'true',
6770 'idle-brightness': '30'
6773 db_check('power', data
)
6774 data
= { 'org/gnome/desktop/session':
6775 { 'idle-delay': 'uint32 300' }
6777 db_check('session', data
)
6778 items
= ['/org/gnome/settings-daemon/plugins/power/idle-dim',
6779 '/org/gnome/settings-daemon/plugins/power/idle-brightness',
6780 '/org/gnome/desktop/session/idle-delay']
6781 lock_check('power-saving', items
)
6783 # Lock down specific settings
6784 bg_locks
= ['/org/gnome/desktop/background/picture-uri',
6785 '/org/gnome/desktop/background/picture-options',
6786 '/org/gnome/desktop/background/primary-color',
6787 '/org/gnome/desktop/background/secondary-color']
6788 lock_check('group-policy', bg_locks
)
6790 # Lock down enabled extensions
6791 data
= { 'org/gnome/shell':
6792 { 'enabled-extensions':
6793 '[\'myextension1@myname.example.com\', \'myextension2@myname.example.com\']',
6794 'development-tools': 'false' }
6796 db_check('extensions', data
)
6797 items
= [ '/org/gnome/shell/enabled-extensions',
6798 '/org/gnome/shell/development-tools' ]
6799 lock_check('extensions', items
)
6801 # Disallow login using a fingerprint
6802 data
= { 'org/gnome/login-screen':
6803 { 'enable-fingerprint-authentication': 'false' }
6805 db_check('fingerprintreader', data
)
6806 items
= ['/org/gnome/login-screen/enable-fingerprint-authentication']
6807 lock_check('fingerprintreader', items
)
6809 # Disable user logout and user switching
6810 data
= { 'org/gnome/desktop/lockdown':
6811 { 'disable-log-out': 'true',
6812 'disable-user-switching': 'true' }
6814 db_check('logout', data
, 2)
6815 items
= ['/org/gnome/desktop/lockdown/disable-log-out',
6816 '/org/gnome/desktop/lockdown/disable-user-switching']
6817 lock_check('logout', items
, 2)
6819 # Disable repartitioning
6820 actions
= os
.path
.join(dname
, 'etc/share/polkit-1/actions')
6821 udisk2
= glob(os
.path
.join(actions
,
6822 'org.freedesktop.[u|U][d|D]isks2.policy'))
6823 self
.assertEqual(len(udisk2
), 1, 'udisk2 policy not created')
6824 udisk2_tree
= etree
.fromstring(open(udisk2
[0], 'r').read())
6825 actions
= udisk2_tree
.findall('action')
6826 md
= 'org.freedesktop.udisks2.modify-device'
6827 action
= [a
for a
in actions
if a
.attrib
['id'] == md
]
6828 self
.assertEqual(len(action
), 1, 'modify-device not found')
6829 defaults
= action
[0].find('defaults')
6830 self
.assertTrue(defaults
is not None,
6831 'modify-device defaults not found')
6832 allow_any
= defaults
.find('allow_any').text
6833 self
.assertEqual(allow_any
, 'no',
6834 'modify-device allow_any not set to no')
6835 allow_inactive
= defaults
.find('allow_inactive').text
6836 self
.assertEqual(allow_inactive
, 'no',
6837 'modify-device allow_inactive not set to no')
6838 allow_active
= defaults
.find('allow_active').text
6839 self
.assertEqual(allow_active
, 'yes',
6840 'modify-device allow_active not set to yes')
6843 data
= { 'org/gnome/desktop/lockdown':
6844 { 'disable-printing': 'true' }
6846 db_check('printing', data
)
6847 items
= ['/org/gnome/desktop/lockdown/disable-printing']
6848 lock_check('printing', items
)
6850 # Disable file saving
6851 data
= { 'org/gnome/desktop/lockdown':
6852 { 'disable-save-to-disk': 'true' }
6854 db_check('filesaving', data
)
6855 items
= ['/org/gnome/desktop/lockdown/disable-save-to-disk']
6856 lock_check('filesaving', items
)
6858 # Disable command-line access
6859 data
= { 'org/gnome/desktop/lockdown':
6860 { 'disable-command-line': 'true' }
6862 db_check('cmdline', data
)
6863 items
= ['/org/gnome/desktop/lockdown/disable-command-line']
6864 lock_check('cmdline', items
)
6866 # Allow or disallow online accounts
6867 data
= { 'org/gnome/online-accounts':
6868 { 'whitelisted-providers': '[\'google\']' }
6870 db_check('goa', data
)
6871 items
= ['/org/gnome/online-accounts/whitelisted-providers']
6872 lock_check('goa', items
)
6874 # Verify RSOP does not fail
6875 ext
.rsop([g
for g
in gpos
if g
.name
== guid
][0])
6877 # Check that a call to gpupdate --rsop also succeeds
6879 self
.assertEqual(ret
, 0, 'gpupdate --rsop failed!')
6882 gp_db
= store
.get_gplog(machine_creds
.get_username())
6883 del_gpos
= get_deleted_gpos_list(gp_db
, [])
6884 ext
.process_group_policy(del_gpos
, [], dname
)
6885 del_db_check('input-sources')
6886 del_lock_check('input-sources')
6887 del_db_check('power')
6888 del_db_check('session')
6889 del_lock_check('power-saving')
6890 del_lock_check('group-policy')
6891 del_db_check('extensions')
6892 del_lock_check('extensions')
6893 del_db_check('fingerprintreader')
6894 del_lock_check('fingerprintreader')
6895 del_db_check('logout')
6896 del_lock_check('logout')
6897 actions
= os
.path
.join(dname
, 'etc/share/polkit-1/actions')
6898 udisk2
= glob(os
.path
.join(actions
,
6899 'org.freedesktop.[u|U][d|D]isks2.policy'))
6900 self
.assertEqual(len(udisk2
), 0, 'udisk2 policy not deleted')
6901 del_db_check('printing')
6902 del_lock_check('printing')
6903 del_db_check('filesaving')
6904 del_lock_check('filesaving')
6905 del_db_check('cmdline')
6906 del_lock_check('cmdline')
6908 del_lock_check('goa')
6910 # Unstage the Registry.pol file
6911 unstage_file(reg_pol
)
6913 def test_gp_cert_auto_enroll_ext_without_ndes(self
):
6914 local_path
= self
.lp
.cache_path('gpo_cache')
6915 guid
= '{31B2F340-016D-11D2-945F-00C04FB984F9}'
6916 reg_pol
= os
.path
.join(local_path
, policies
, guid
,
6917 'MACHINE/REGISTRY.POL')
6918 cache_dir
= self
.lp
.get('cache directory')
6919 store
= GPOStorage(os
.path
.join(cache_dir
, 'gpo.tdb'))
6921 machine_creds
= Credentials()
6922 machine_creds
.guess(self
.lp
)
6923 machine_creds
.set_machine_account()
6925 # Initialize the group policy extension
6926 cae
.requests
= dummy_requests(want_exception
=True)
6927 ext
= cae
.gp_cert_auto_enroll_ext(self
.lp
, machine_creds
,
6928 machine_creds
.get_username(), store
)
6930 gpos
= get_gpo_list(self
.server
, machine_creds
, self
.lp
,
6931 machine_creds
.get_username())
6933 # Stage the Registry.pol file with test data
6934 parser
= GPPolParser()
6935 parser
.load_xml(etree
.fromstring(auto_enroll_reg_pol
.strip()))
6936 ret
= stage_file(reg_pol
, ndr_pack(parser
.pol_file
))
6937 self
.assertTrue(ret
, 'Could not create the target %s' % reg_pol
)
6939 # Write the dummy CA entry, Enrollment Services, and Templates Entries
6940 admin_creds
= Credentials()
6941 admin_creds
.set_username(os
.environ
.get('DC_USERNAME'))
6942 admin_creds
.set_password(os
.environ
.get('DC_PASSWORD'))
6943 admin_creds
.set_realm(os
.environ
.get('REALM'))
6944 hostname
= get_dc_hostname(machine_creds
, self
.lp
)
6945 url
= 'ldap://%s' % hostname
6946 ldb
= Ldb(url
=url
, session_info
=system_session(),
6947 lp
=self
.lp
, credentials
=admin_creds
)
6948 # Write the dummy CA
6949 confdn
= 'CN=Public Key Services,CN=Services,CN=Configuration,%s' % base_dn
6950 ca_cn
= '%s-CA' % hostname
.replace('.', '-')
6951 certa_dn
= 'CN=%s,CN=Certification Authorities,%s' % (ca_cn
, confdn
)
6952 ldb
.add({'dn': certa_dn
,
6953 'objectClass': 'certificationAuthority',
6954 'authorityRevocationList': ['XXX'],
6955 'cACertificate': dummy_certificate(),
6956 'certificateRevocationList': ['XXX'],
6958 # Write the dummy pKIEnrollmentService
6959 enroll_dn
= 'CN=%s,CN=Enrollment Services,%s' % (ca_cn
, confdn
)
6960 ldb
.add({'dn': enroll_dn
,
6961 'objectClass': 'pKIEnrollmentService',
6962 'cACertificate': dummy_certificate(),
6963 'certificateTemplates': ['Machine'],
6964 'dNSHostName': hostname
,
6966 # Write the dummy pKICertificateTemplate
6967 template_dn
= 'CN=Machine,CN=Certificate Templates,%s' % confdn
6968 ldb
.add({'dn': template_dn
,
6969 'objectClass': 'pKICertificateTemplate',
6972 with
TemporaryDirectory() as dname
:
6974 ext
.process_group_policy([], gpos
, dname
, dname
)
6975 except Exception as e
:
6978 ca_crt
= os
.path
.join(dname
, '%s.crt' % ca_cn
)
6979 self
.assertTrue(os
.path
.exists(ca_crt
),
6980 'Root CA certificate was not requested')
6981 machine_crt
= os
.path
.join(dname
, '%s.Machine.crt' % ca_cn
)
6982 self
.assertTrue(os
.path
.exists(machine_crt
),
6983 'Machine certificate was not requested')
6984 machine_key
= os
.path
.join(dname
, '%s.Machine.key' % ca_cn
)
6985 self
.assertTrue(os
.path
.exists(machine_key
),
6986 'Machine key was not generated')
6988 # Verify RSOP does not fail
6989 ext
.rsop([g
for g
in gpos
if g
.name
== guid
][0])
6991 # Check that a call to gpupdate --rsop also succeeds
6993 self
.assertEqual(ret
, 0, 'gpupdate --rsop failed!')
6996 gp_db
= store
.get_gplog(machine_creds
.get_username())
6997 del_gpos
= get_deleted_gpos_list(gp_db
, [])
6998 ext
.process_group_policy(del_gpos
, [], dname
)
6999 self
.assertFalse(os
.path
.exists(ca_crt
),
7000 'Root CA certificate was not removed')
7001 self
.assertFalse(os
.path
.exists(machine_crt
),
7002 'Machine certificate was not removed')
7003 self
.assertFalse(os
.path
.exists(machine_key
),
7004 'Machine key was not removed')
7005 out
, _
= Popen(['getcert', 'list-cas'], stdout
=PIPE
).communicate()
7006 self
.assertNotIn(get_bytes(ca_cn
), out
, 'CA was not removed')
7007 out
, _
= Popen(['getcert', 'list'], stdout
=PIPE
).communicate()
7008 self
.assertNotIn(b
'Machine', out
,
7009 'Machine certificate not removed')
7010 self
.assertNotIn(b
'Workstation', out
,
7011 'Workstation certificate not removed')
7013 # Remove the dummy CA, pKIEnrollmentService, and pKICertificateTemplate
7014 ldb
.delete(certa_dn
)
7015 ldb
.delete(enroll_dn
)
7016 ldb
.delete(template_dn
)
7018 # Unstage the Registry.pol file
7019 unstage_file(reg_pol
)
7021 def test_gp_cert_auto_enroll_ext(self
):
7022 local_path
= self
.lp
.cache_path('gpo_cache')
7023 guid
= '{31B2F340-016D-11D2-945F-00C04FB984F9}'
7024 reg_pol
= os
.path
.join(local_path
, policies
, guid
,
7025 'MACHINE/REGISTRY.POL')
7026 cache_dir
= self
.lp
.get('cache directory')
7027 store
= GPOStorage(os
.path
.join(cache_dir
, 'gpo.tdb'))
7029 machine_creds
= Credentials()
7030 machine_creds
.guess(self
.lp
)
7031 machine_creds
.set_machine_account()
7033 # Initialize the group policy extension
7034 cae
.requests
= dummy_requests()
7035 ext
= cae
.gp_cert_auto_enroll_ext(self
.lp
, machine_creds
,
7036 machine_creds
.get_username(), store
)
7038 gpos
= get_gpo_list(self
.server
, machine_creds
, self
.lp
,
7039 machine_creds
.get_username())
7041 # Stage the Registry.pol file with test data
7042 parser
= GPPolParser()
7043 parser
.load_xml(etree
.fromstring(auto_enroll_reg_pol
.strip()))
7044 ret
= stage_file(reg_pol
, ndr_pack(parser
.pol_file
))
7045 self
.assertTrue(ret
, 'Could not create the target %s' % reg_pol
)
7047 # Write the dummy CA entry, Enrollment Services, and Templates Entries
7048 admin_creds
= Credentials()
7049 admin_creds
.set_username(os
.environ
.get('DC_USERNAME'))
7050 admin_creds
.set_password(os
.environ
.get('DC_PASSWORD'))
7051 admin_creds
.set_realm(os
.environ
.get('REALM'))
7052 hostname
= get_dc_hostname(machine_creds
, self
.lp
)
7053 url
= 'ldap://%s' % hostname
7054 ldb
= Ldb(url
=url
, session_info
=system_session(),
7055 lp
=self
.lp
, credentials
=admin_creds
)
7056 # Write the dummy CA
7057 confdn
= 'CN=Public Key Services,CN=Services,CN=Configuration,%s' % base_dn
7058 ca_cn
= '%s-CA' % hostname
.replace('.', '-')
7059 certa_dn
= 'CN=%s,CN=Certification Authorities,%s' % (ca_cn
, confdn
)
7060 ldb
.add({'dn': certa_dn
,
7061 'objectClass': 'certificationAuthority',
7062 'authorityRevocationList': ['XXX'],
7063 'cACertificate': b
'0\x82\x03u0\x82\x02]\xa0\x03\x02\x01\x02\x02\x10I',
7064 'certificateRevocationList': ['XXX'],
7066 # Write the dummy pKIEnrollmentService
7067 enroll_dn
= 'CN=%s,CN=Enrollment Services,%s' % (ca_cn
, confdn
)
7068 ldb
.add({'dn': enroll_dn
,
7069 'objectClass': 'pKIEnrollmentService',
7070 'cACertificate': b
'0\x82\x03u0\x82\x02]\xa0\x03\x02\x01\x02\x02\x10I',
7071 'certificateTemplates': ['Machine'],
7072 'dNSHostName': hostname
,
7074 # Write the dummy pKICertificateTemplate
7075 template_dn
= 'CN=Machine,CN=Certificate Templates,%s' % confdn
7076 ldb
.add({'dn': template_dn
,
7077 'objectClass': 'pKICertificateTemplate',
7080 with
TemporaryDirectory() as dname
:
7081 ext
.process_group_policy([], gpos
, dname
, dname
)
7082 ca_crt
= os
.path
.join(dname
, '%s.crt' % ca_cn
)
7083 self
.assertTrue(os
.path
.exists(ca_crt
),
7084 'Root CA certificate was not requested')
7085 machine_crt
= os
.path
.join(dname
, '%s.Machine.crt' % ca_cn
)
7086 self
.assertTrue(os
.path
.exists(machine_crt
),
7087 'Machine certificate was not requested')
7088 machine_key
= os
.path
.join(dname
, '%s.Machine.key' % ca_cn
)
7089 self
.assertTrue(os
.path
.exists(machine_key
),
7090 'Machine key was not generated')
7092 # Subsequent apply should react to new certificate templates
7093 os
.environ
['CEPCES_SUBMIT_SUPPORTED_TEMPLATES'] = 'Machine,Workstation'
7094 self
.addCleanup(os
.environ
.pop
, 'CEPCES_SUBMIT_SUPPORTED_TEMPLATES')
7095 ext
.process_group_policy([], gpos
, dname
, dname
)
7096 self
.assertTrue(os
.path
.exists(ca_crt
),
7097 'Root CA certificate was not requested')
7098 self
.assertTrue(os
.path
.exists(machine_crt
),
7099 'Machine certificate was not requested')
7100 self
.assertTrue(os
.path
.exists(machine_key
),
7101 'Machine key was not generated')
7102 workstation_crt
= os
.path
.join(dname
, '%s.Workstation.crt' % ca_cn
)
7103 self
.assertTrue(os
.path
.exists(workstation_crt
),
7104 'Workstation certificate was not requested')
7105 workstation_key
= os
.path
.join(dname
, '%s.Workstation.key' % ca_cn
)
7106 self
.assertTrue(os
.path
.exists(workstation_key
),
7107 'Workstation key was not generated')
7109 # Verify RSOP does not fail
7110 ext
.rsop([g
for g
in gpos
if g
.name
== guid
][0])
7112 # Check that a call to gpupdate --rsop also succeeds
7114 self
.assertEqual(ret
, 0, 'gpupdate --rsop failed!')
7116 # Remove policy by staging pol file with auto-enroll unchecked
7117 parser
.load_xml(etree
.fromstring(auto_enroll_unchecked_reg_pol
.strip()))
7118 ret
= stage_file(reg_pol
, ndr_pack(parser
.pol_file
))
7119 self
.assertTrue(ret
, 'Could not create the target %s' % reg_pol
)
7120 ext
.process_group_policy([], gpos
, dname
, dname
)
7121 self
.assertFalse(os
.path
.exists(ca_crt
),
7122 'Root CA certificate was not removed')
7123 self
.assertFalse(os
.path
.exists(machine_crt
),
7124 'Machine certificate was not removed')
7125 self
.assertFalse(os
.path
.exists(machine_key
),
7126 'Machine key was not removed')
7127 self
.assertFalse(os
.path
.exists(workstation_crt
),
7128 'Workstation certificate was not removed')
7129 self
.assertFalse(os
.path
.exists(workstation_key
),
7130 'Workstation key was not removed')
7132 # Reapply policy by staging the enabled pol file
7133 parser
.load_xml(etree
.fromstring(auto_enroll_reg_pol
.strip()))
7134 ret
= stage_file(reg_pol
, ndr_pack(parser
.pol_file
))
7135 self
.assertTrue(ret
, 'Could not create the target %s' % reg_pol
)
7136 ext
.process_group_policy([], gpos
, dname
, dname
)
7137 self
.assertTrue(os
.path
.exists(ca_crt
),
7138 'Root CA certificate was not requested')
7139 self
.assertTrue(os
.path
.exists(machine_crt
),
7140 'Machine certificate was not requested')
7141 self
.assertTrue(os
.path
.exists(machine_key
),
7142 'Machine key was not generated')
7143 self
.assertTrue(os
.path
.exists(workstation_crt
),
7144 'Workstation certificate was not requested')
7145 self
.assertTrue(os
.path
.exists(workstation_key
),
7146 'Workstation key was not generated')
7149 gp_db
= store
.get_gplog(machine_creds
.get_username())
7150 del_gpos
= get_deleted_gpos_list(gp_db
, [])
7151 ext
.process_group_policy(del_gpos
, [], dname
)
7152 self
.assertFalse(os
.path
.exists(ca_crt
),
7153 'Root CA certificate was not removed')
7154 self
.assertFalse(os
.path
.exists(machine_crt
),
7155 'Machine certificate was not removed')
7156 self
.assertFalse(os
.path
.exists(machine_key
),
7157 'Machine key was not removed')
7158 self
.assertFalse(os
.path
.exists(workstation_crt
),
7159 'Workstation certificate was not removed')
7160 self
.assertFalse(os
.path
.exists(workstation_key
),
7161 'Workstation key was not removed')
7162 out
, _
= Popen(['getcert', 'list-cas'], stdout
=PIPE
).communicate()
7163 self
.assertNotIn(get_bytes(ca_cn
), out
, 'CA was not removed')
7164 out
, _
= Popen(['getcert', 'list'], stdout
=PIPE
).communicate()
7165 self
.assertNotIn(b
'Machine', out
,
7166 'Machine certificate not removed')
7167 self
.assertNotIn(b
'Workstation', out
,
7168 'Workstation certificate not removed')
7170 # Remove the dummy CA, pKIEnrollmentService, and pKICertificateTemplate
7171 ldb
.delete(certa_dn
)
7172 ldb
.delete(enroll_dn
)
7173 ldb
.delete(template_dn
)
7175 # Unstage the Registry.pol file
7176 unstage_file(reg_pol
)
7178 def test_gp_user_scripts_ext(self
):
7179 local_path
= self
.lp
.cache_path('gpo_cache')
7180 guids
= ['{31B2F340-016D-11D2-945F-00C04FB984F9}',
7181 '{6AC1786C-016F-11D2-945F-00C04FB984F9}']
7182 reg_pol
= os
.path
.join(local_path
, policies
, guids
[0],
7183 'USER/REGISTRY.POL')
7184 reg_pol2
= os
.path
.join(local_path
, policies
, guids
[1],
7185 'USER/REGISTRY.POL')
7186 cache_dir
= self
.lp
.get('cache directory')
7187 store
= GPOStorage(os
.path
.join(cache_dir
, 'gpo.tdb'))
7189 machine_creds
= Credentials()
7190 machine_creds
.guess(self
.lp
)
7191 machine_creds
.set_machine_account()
7193 # Initialize the group policy extension
7194 ext
= gp_user_scripts_ext(self
.lp
, machine_creds
,
7195 os
.environ
.get('DC_USERNAME'), store
)
7197 gpos
= get_gpo_list(self
.server
, machine_creds
, self
.lp
,
7198 machine_creds
.get_username())
7200 reg_key
= b
'Software\\Policies\\Samba\\Unix Settings'
7201 sections
= { b
'%s\\Daily Scripts' % reg_key
: b
'@daily',
7202 b
'%s\\Monthly Scripts' % reg_key
: b
'@monthly',
7203 b
'%s\\Weekly Scripts' % reg_key
: b
'@weekly',
7204 b
'%s\\Hourly Scripts' % reg_key
: b
'@hourly' }
7205 for keyname
in sections
.keys():
7206 # Stage the Registry.pol file with test data
7210 e
.valuename
= b
'Software\\Policies\\Samba\\Unix Settings'
7212 e
.data
= b
'echo hello world'
7213 stage
.num_entries
= 1
7215 ret
= stage_file(reg_pol
, ndr_pack(stage
))
7216 self
.assertTrue(ret
, 'Could not create the target %s' % reg_pol
)
7218 # Stage the other Registry.pol
7221 e2
.keyname
= keyname
7222 e2
.valuename
= b
'Software\\Policies\\Samba\\Unix Settings'
7224 e2
.data
= b
'echo this is a second policy'
7225 stage
.num_entries
= 1
7226 stage
.entries
= [e2
]
7227 ret
= stage_file(reg_pol2
, ndr_pack(stage
))
7228 self
.assertTrue(ret
, 'Could not create the target %s' % reg_pol2
)
7230 # Process all gpos, intentionally skipping the privilege drop
7231 ext
.process_group_policy([], gpos
)
7232 # Dump the fake crontab setup for testing
7233 p
= Popen(['crontab', '-l'], stdout
=PIPE
)
7234 crontab
, _
= p
.communicate()
7235 entry
= b
'%s %s' % (sections
[keyname
], e
.data
.encode())
7236 self
.assertIn(entry
, crontab
,
7237 'The crontab entry was not installed')
7238 entry2
= b
'%s %s' % (sections
[keyname
], e2
.data
.encode())
7239 self
.assertIn(entry2
, crontab
,
7240 'The crontab entry was not installed')
7242 # Force apply with removal of second GPO
7243 gp_db
= store
.get_gplog(os
.environ
.get('DC_USERNAME'))
7244 del_gpos
= gp_db
.get_applied_settings([guids
[1]])
7245 rgpos
= [gpo
for gpo
in gpos
if gpo
.name
!= guids
[1]]
7246 ext
.process_group_policy(del_gpos
, rgpos
)
7248 # Dump the fake crontab setup for testing
7249 p
= Popen(['crontab', '-l'], stdout
=PIPE
)
7250 crontab
, _
= p
.communicate()
7252 # Ensure the first entry remains, and the second entry is removed
7253 self
.assertIn(entry
, crontab
,
7254 'The first crontab entry was not found')
7255 self
.assertNotIn(entry2
, crontab
,
7256 'The second crontab entry was still present')
7258 # Check that a call to gpupdate --rsop also succeeds
7260 self
.assertEqual(ret
, 0, 'gpupdate --rsop failed!')
7263 del_gpos
= get_deleted_gpos_list(gp_db
, [])
7264 ext
.process_group_policy(del_gpos
, [])
7265 # Dump the fake crontab setup for testing
7266 p
= Popen(['crontab', '-l'], stdout
=PIPE
)
7267 crontab
, _
= p
.communicate()
7268 self
.assertNotIn(entry
, crontab
,
7269 'Unapply failed to cleanup crontab entry')
7271 # Unstage the Registry.pol files
7272 unstage_file(reg_pol
)
7273 unstage_file(reg_pol2
)
7275 def test_gp_firefox_ext(self
):
7276 local_path
= self
.lp
.cache_path('gpo_cache')
7277 guid
= '{31B2F340-016D-11D2-945F-00C04FB984F9}'
7278 reg_pol
= os
.path
.join(local_path
, policies
, guid
,
7279 'MACHINE/REGISTRY.POL')
7280 cache_dir
= self
.lp
.get('cache directory')
7281 store
= GPOStorage(os
.path
.join(cache_dir
, 'gpo.tdb'))
7283 machine_creds
= Credentials()
7284 machine_creds
.guess(self
.lp
)
7285 machine_creds
.set_machine_account()
7287 # Initialize the group policy extension
7288 ext
= gp_firefox_ext(self
.lp
, machine_creds
,
7289 machine_creds
.get_username(), store
)
7291 gpos
= get_gpo_list(self
.server
, machine_creds
, self
.lp
,
7292 machine_creds
.get_username())
7294 # Stage the Registry.pol file with test data
7295 parser
= GPPolParser()
7296 parser
.load_xml(etree
.fromstring(firefox_reg_pol
.strip()))
7297 ret
= stage_file(reg_pol
, ndr_pack(parser
.pol_file
))
7298 self
.assertTrue(ret
, 'Could not create the target %s' % reg_pol
)
7300 with
TemporaryDirectory() as dname
:
7301 ext
.process_group_policy([], gpos
, dname
)
7302 policies_file
= os
.path
.join(dname
, 'policies.json')
7303 with
open(policies_file
, 'r') as r
:
7304 policy_data
= json
.load(r
)
7305 expected_policy_data
= json
.loads(firefox_json_expected
)
7306 self
.assertIn('policies', policy_data
, 'Policies were not applied')
7307 self
.assertEqual(expected_policy_data
['policies'].keys(),
7308 policy_data
['policies'].keys(),
7309 'Firefox policies are missing')
7310 for name
in expected_policy_data
['policies'].keys():
7311 self
.assertEqual(expected_policy_data
['policies'][name
],
7312 policy_data
['policies'][name
],
7313 'Policies were not applied')
7315 # Check that modifying the policy will enforce the correct settings
7316 entries
= [e
for e
in parser
.pol_file
.entries
7317 if e
.valuename
!= 'AppUpdateURL']
7319 if e
.valuename
== 'AppAutoUpdate':
7321 parser
.pol_file
.entries
= entries
7322 parser
.pol_file
.num_entries
= len(entries
)
7323 # Stage the Registry.pol file with altered test data
7324 unstage_file(reg_pol
)
7325 ret
= stage_file(reg_pol
, ndr_pack(parser
.pol_file
))
7326 self
.assertTrue(ret
, 'Could not create the target %s' % reg_pol
)
7328 # Enforce the altered policy
7329 ext
.process_group_policy([], gpos
)
7331 # Check that the App Update policy was altered
7332 with
open(policies_file
, 'r') as r
:
7333 policy_data
= json
.load(r
)
7334 self
.assertIn('policies', policy_data
, 'Policies were not applied')
7335 keys
= list(expected_policy_data
['policies'].keys())
7336 keys
.remove('AppUpdateURL')
7338 policy_keys
= list(policy_data
['policies'].keys())
7340 self
.assertEqual(keys
, policy_keys
, 'Firefox policies are incorrect')
7341 for name
in policy_data
['policies'].keys():
7342 self
.assertNotEqual(name
, 'AppUpdateURL',
7343 'Failed to remove AppUpdateURL policy')
7344 if name
== 'AppAutoUpdate':
7345 self
.assertEqual(False, policy_data
['policies'][name
],
7346 'Failed to alter AppAutoUpdate policy')
7348 self
.assertEqual(expected_policy_data
['policies'][name
],
7349 policy_data
['policies'][name
],
7350 'Policies were not applied')
7352 # Verify RSOP does not fail
7353 ext
.rsop([g
for g
in gpos
if g
.name
== guid
][0])
7355 # Check that a call to gpupdate --rsop also succeeds
7357 self
.assertEqual(ret
, 0, 'gpupdate --rsop failed!')
7359 # Unapply the policy
7360 gp_db
= store
.get_gplog(machine_creds
.get_username())
7361 del_gpos
= get_deleted_gpos_list(gp_db
, [])
7362 ext
.process_group_policy(del_gpos
, [], dname
)
7363 if os
.path
.exists(policies_file
):
7364 data
= json
.load(open(policies_file
, 'r'))
7365 if 'policies' in data
.keys():
7366 self
.assertEqual(len(data
['policies'].keys()), 0,
7367 'The policy was not unapplied')
7369 # Initialize the cache with old style existing policies,
7370 # ensure they are overwritten.
7371 old_cache
= {'policies': {}}
7372 ext
.cache_add_attribute(guid
, 'policies.json',
7373 json
.dumps(old_cache
))
7374 with
open(policies_file
, 'w') as w
:
7375 w
.write(firefox_json_expected
)
7378 ext
.process_group_policy([], gpos
)
7380 # Check that policy was overwritten
7381 with
open(policies_file
, 'r') as r
:
7382 policy_data
= json
.load(r
)
7383 self
.assertIn('policies', policy_data
, 'Policies were not applied')
7384 policy_keys
= list(policy_data
['policies'].keys())
7386 self
.assertEqual(keys
, policy_keys
, 'Firefox policies are incorrect')
7387 for name
in policy_data
['policies'].keys():
7388 self
.assertNotEqual(name
, 'AppUpdateURL',
7389 'Failed to remove AppUpdateURL policy')
7390 if name
== 'AppAutoUpdate':
7391 self
.assertEqual(False, policy_data
['policies'][name
],
7392 'Failed to overwrite AppAutoUpdate policy')
7394 self
.assertEqual(expected_policy_data
['policies'][name
],
7395 policy_data
['policies'][name
],
7396 'Policies were not applied')
7398 # Unapply the policy
7399 gp_db
= store
.get_gplog(machine_creds
.get_username())
7400 del_gpos
= get_deleted_gpos_list(gp_db
, [])
7401 ext
.process_group_policy(del_gpos
, [], dname
)
7402 if os
.path
.exists(policies_file
):
7403 data
= json
.load(open(policies_file
, 'r'))
7404 if 'policies' in data
.keys():
7405 self
.assertEqual(len(data
['policies'].keys()), 0,
7406 'The policy was not unapplied')
7408 # Unstage the Registry.pol file
7409 unstage_file(reg_pol
)
7411 def test_gp_chromium_ext(self
):
7412 local_path
= self
.lp
.cache_path('gpo_cache')
7413 guid
= '{31B2F340-016D-11D2-945F-00C04FB984F9}'
7414 reg_pol
= os
.path
.join(local_path
, policies
, guid
,
7415 'MACHINE/REGISTRY.POL')
7416 cache_dir
= self
.lp
.get('cache directory')
7417 store
= GPOStorage(os
.path
.join(cache_dir
, 'gpo.tdb'))
7419 machine_creds
= Credentials()
7420 machine_creds
.guess(self
.lp
)
7421 machine_creds
.set_machine_account()
7423 # Initialize the group policy extension
7424 ext
= gp_chromium_ext(self
.lp
, machine_creds
,
7425 machine_creds
.get_username(), store
)
7427 gpos
= get_gpo_list(self
.server
, machine_creds
, self
.lp
,
7428 machine_creds
.get_username())
7430 # Stage the Registry.pol file with test data
7431 parser
= GPPolParser()
7432 parser
.load_xml(etree
.fromstring(chromium_reg_pol
.strip()))
7433 ret
= stage_file(reg_pol
, ndr_pack(parser
.pol_file
))
7434 self
.assertTrue(ret
, 'Could not create the target %s' % reg_pol
)
7436 with
TemporaryDirectory() as dname
:
7437 ext
.process_group_policy([], gpos
, dname
)
7438 managed
= os
.path
.join(dname
, 'managed')
7439 managed_files
= os
.listdir(managed
)
7440 self
.assertEqual(len(managed_files
), 1,
7441 'Chromium policies are missing')
7442 managed_file
= os
.path
.join(managed
, managed_files
[0])
7443 with
open(managed_file
, 'r') as r
:
7444 managed_data
= json
.load(r
)
7445 recommended
= os
.path
.join(dname
, 'recommended')
7446 recommended_files
= os
.listdir(recommended
)
7447 self
.assertEqual(len(recommended_files
), 1,
7448 'Chromium policies are missing')
7449 recommended_file
= os
.path
.join(recommended
, recommended_files
[0])
7450 with
open(recommended_file
, 'r') as r
:
7451 recommended_data
= json
.load(r
)
7452 expected_managed_data
= json
.loads(chromium_json_expected_managed
)
7453 expected_recommended_data
= \
7454 json
.loads(chromium_json_expected_recommended
)
7456 self
.assertEqual(sorted(expected_managed_data
.keys()),
7457 sorted(managed_data
.keys()),
7458 'Chromium policies are missing')
7459 for name
in expected_managed_data
.keys():
7460 self
.assertEqual(expected_managed_data
[name
],
7462 'Policies were not applied')
7463 self
.assertEqual(expected_recommended_data
.keys(),
7464 recommended_data
.keys(),
7465 'Chromium policies are missing')
7466 for name
in expected_recommended_data
.keys():
7467 self
.assertEqual(expected_recommended_data
[name
],
7468 recommended_data
[name
],
7469 'Policies were not applied')
7471 # Ensure modifying the policy does not generate extra policy files
7472 unstage_file(reg_pol
)
7473 # Change a managed entry:
7474 parser
.pol_file
.entries
[0].data
= 0
7475 # Change a recommended entry:
7476 parser
.pol_file
.entries
[-1].data
= b
'https://google.com'
7477 ret
= stage_file(reg_pol
, ndr_pack(parser
.pol_file
))
7478 self
.assertTrue(ret
, 'Could not create the target %s' % reg_pol
)
7480 ext
.process_group_policy([], gpos
, dname
)
7481 managed_files
= os
.listdir(managed
)
7482 self
.assertEqual(len(managed_files
), 1,
7483 'Number of Chromium policies is incorrect')
7484 omanaged_file
= managed_file
7485 managed_file
= os
.path
.join(managed
, managed_files
[0])
7486 self
.assertNotEqual(omanaged_file
, managed_file
,
7487 'The managed Chromium file did not change')
7489 recommended_files
= os
.listdir(recommended
)
7490 self
.assertEqual(len(recommended_files
), 1,
7491 'Number of Chromium policies is incorrect')
7492 orecommended_file
= recommended_file
7493 recommended_file
= os
.path
.join(recommended
, recommended_files
[0])
7494 self
.assertNotEqual(orecommended_file
, recommended_file
,
7495 'The recommended Chromium file did not change')
7497 # Verify RSOP does not fail
7498 ext
.rsop([g
for g
in gpos
if g
.name
== guid
][0])
7500 # Check that a call to gpupdate --rsop also succeeds
7502 self
.assertEqual(ret
, 0, 'gpupdate --rsop failed!')
7504 # Unapply the policy
7505 gp_db
= store
.get_gplog(machine_creds
.get_username())
7506 del_gpos
= get_deleted_gpos_list(gp_db
, [])
7507 ext
.process_group_policy(del_gpos
, [], dname
)
7508 managed
= os
.path
.join(managed
, managed_files
[0])
7509 if os
.path
.exists(managed
):
7510 data
= json
.load(open(managed
, 'r'))
7511 self
.assertEqual(len(data
.keys()), 0,
7512 'The policy was not unapplied')
7513 recommended
= os
.path
.join(recommended
, recommended_files
[0])
7514 if os
.path
.exists(recommended
):
7515 data
= json
.load(open(recommended
, 'r'))
7516 self
.assertEqual(len(data
.keys()), 0,
7517 'The policy was not unapplied')
7519 # Unstage the Registry.pol file
7520 unstage_file(reg_pol
)
7522 def test_gp_firewalld_ext(self
):
7523 local_path
= self
.lp
.cache_path('gpo_cache')
7524 guid
= '{31B2F340-016D-11D2-945F-00C04FB984F9}'
7525 reg_pol
= os
.path
.join(local_path
, policies
, guid
,
7526 'MACHINE/REGISTRY.POL')
7527 cache_dir
= self
.lp
.get('cache directory')
7528 store
= GPOStorage(os
.path
.join(cache_dir
, 'gpo.tdb'))
7530 machine_creds
= Credentials()
7531 machine_creds
.guess(self
.lp
)
7532 machine_creds
.set_machine_account()
7534 # Initialize the group policy extension
7535 ext
= gp_firewalld_ext(self
.lp
, machine_creds
,
7536 machine_creds
.get_username(), store
)
7538 gpos
= get_gpo_list(self
.server
, machine_creds
, self
.lp
,
7539 machine_creds
.get_username())
7541 # Stage the Registry.pol file with test data
7542 parser
= GPPolParser()
7543 parser
.load_xml(etree
.fromstring(firewalld_reg_pol
.strip()))
7544 ret
= stage_file(reg_pol
, ndr_pack(parser
.pol_file
))
7545 self
.assertTrue(ret
, 'Could not create the target %s' % reg_pol
)
7547 ext
.process_group_policy([], gpos
)
7549 # Check that the policy was applied
7550 firewall_cmd
= which('firewall-cmd')
7551 cmd
= [firewall_cmd
, '--get-zones']
7552 p
= Popen(cmd
, stdout
=PIPE
, stderr
=PIPE
)
7553 out
, err
= p
.communicate()
7554 self
.assertIn(b
'work', out
, 'Failed to apply zones')
7555 self
.assertIn(b
'home', out
, 'Failed to apply zones')
7557 cmd
= [firewall_cmd
, '--zone=work', '--list-interfaces']
7558 p
= Popen(cmd
, stdout
=PIPE
, stderr
=PIPE
)
7559 out
, err
= p
.communicate()
7560 self
.assertIn(b
'eth0', out
, 'Failed to set interface on zone')
7562 cmd
= [firewall_cmd
, '--zone=home', '--list-interfaces']
7563 p
= Popen(cmd
, stdout
=PIPE
, stderr
=PIPE
)
7564 out
, err
= p
.communicate()
7565 self
.assertIn(b
'eth0', out
, 'Failed to set interface on zone')
7567 cmd
= [firewall_cmd
, '--zone=work', '--list-rich-rules']
7568 p
= Popen(cmd
, stdout
=PIPE
, stderr
=PIPE
)
7569 out
, err
= p
.communicate()
7570 # Firewalld will report the rule one of two ways:
7571 rules
= [b
'rule family=ipv4 source address=172.25.1.7 ' +
7572 b
'service name=ftp reject',
7573 b
'rule family="ipv4" source address="172.25.1.7" ' +
7574 b
'service name="ftp" reject']
7575 self
.assertIn(out
.strip(), rules
, 'Failed to set rich rule')
7577 # Check that modifying the policy will enforce the correct settings
7578 entries
= [e
for e
in parser
.pol_file
.entries
if e
.data
!= 'home']
7579 self
.assertEqual(len(entries
), len(parser
.pol_file
.entries
)-1,
7580 'Failed to remove the home zone entry')
7581 parser
.pol_file
.entries
= entries
7582 parser
.pol_file
.num_entries
= len(entries
)
7583 # Stage the Registry.pol file with altered test data
7584 unstage_file(reg_pol
)
7585 ret
= stage_file(reg_pol
, ndr_pack(parser
.pol_file
))
7586 self
.assertTrue(ret
, 'Could not create the target %s' % reg_pol
)
7588 # Enforce the altered policy
7589 ext
.process_group_policy([], gpos
)
7591 # Check that the home zone was removed
7592 cmd
= [firewall_cmd
, '--get-zones']
7593 p
= Popen(cmd
, stdout
=PIPE
, stderr
=PIPE
)
7594 out
, err
= p
.communicate()
7595 self
.assertIn(b
'work', out
, 'Failed to apply zones')
7596 self
.assertNotIn(b
'home', out
, 'Failed to apply zones')
7598 # Verify RSOP does not fail
7599 ext
.rsop([g
for g
in gpos
if g
.name
== guid
][0])
7601 # Check that a call to gpupdate --rsop also succeeds
7603 self
.assertEqual(ret
, 0, 'gpupdate --rsop failed!')
7605 # Unapply the policy
7606 gp_db
= store
.get_gplog(machine_creds
.get_username())
7607 del_gpos
= get_deleted_gpos_list(gp_db
, [])
7608 ext
.process_group_policy(del_gpos
, [])
7610 # Check that the policy was unapplied
7611 cmd
= [firewall_cmd
, '--get-zones']
7612 p
= Popen(cmd
, stdout
=PIPE
, stderr
=PIPE
)
7613 out
, err
= p
.communicate()
7614 self
.assertNotIn(b
'work', out
, 'Failed to unapply zones')
7615 self
.assertNotIn(b
'home', out
, 'Failed to unapply zones')
7617 # Unstage the Registry.pol file
7618 unstage_file(reg_pol
)
7620 def test_advanced_gp_cert_auto_enroll_ext(self
):
7621 local_path
= self
.lp
.cache_path('gpo_cache')
7622 guid
= '{31B2F340-016D-11D2-945F-00C04FB984F9}'
7623 reg_pol
= os
.path
.join(local_path
, policies
, guid
,
7624 'MACHINE/REGISTRY.POL')
7625 cache_dir
= self
.lp
.get('cache directory')
7626 store
= GPOStorage(os
.path
.join(cache_dir
, 'gpo.tdb'))
7628 machine_creds
= Credentials()
7629 machine_creds
.guess(self
.lp
)
7630 machine_creds
.set_machine_account()
7632 # Initialize the group policy extension
7633 cae
.requests
= dummy_requests()
7634 ext
= cae
.gp_cert_auto_enroll_ext(self
.lp
, machine_creds
,
7635 machine_creds
.get_username(), store
)
7637 gpos
= get_gpo_list(self
.server
, machine_creds
, self
.lp
,
7638 machine_creds
.get_username())
7640 admin_creds
= Credentials()
7641 admin_creds
.set_username(os
.environ
.get('DC_USERNAME'))
7642 admin_creds
.set_password(os
.environ
.get('DC_PASSWORD'))
7643 admin_creds
.set_realm(os
.environ
.get('REALM'))
7644 hostname
= get_dc_hostname(machine_creds
, self
.lp
)
7645 url
= 'ldap://%s' % hostname
7646 ldb
= Ldb(url
=url
, session_info
=system_session(),
7647 lp
=self
.lp
, credentials
=admin_creds
)
7649 # Stage the Registry.pol file with test data
7650 res
= ldb
.search('', _ldb
.SCOPE_BASE
, '(objectClass=*)',
7651 ['rootDomainNamingContext'])
7652 self
.assertTrue(len(res
) == 1, 'rootDomainNamingContext not found')
7653 res2
= ldb
.search(res
[0]['rootDomainNamingContext'][0],
7654 _ldb
.SCOPE_BASE
, '(objectClass=*)', ['objectGUID'])
7655 self
.assertTrue(len(res2
) == 1, 'objectGUID not found')
7656 objectGUID
= b
'{%s}' % \
7657 cae
.octet_string_to_objectGUID(res2
[0]['objectGUID'][0]).upper().encode()
7658 parser
= GPPolParser()
7659 parser
.load_xml(etree
.fromstring(advanced_enroll_reg_pol
.strip() %
7660 (objectGUID
, objectGUID
, objectGUID
, objectGUID
)))
7661 ret
= stage_file(reg_pol
, ndr_pack(parser
.pol_file
))
7662 self
.assertTrue(ret
, 'Could not create the target %s' % reg_pol
)
7664 # Write the dummy CA entry
7665 confdn
= 'CN=Public Key Services,CN=Services,CN=Configuration,%s' % base_dn
7666 ca_cn
= '%s-CA' % hostname
.replace('.', '-')
7667 certa_dn
= 'CN=%s,CN=Certification Authorities,%s' % (ca_cn
, confdn
)
7668 ldb
.add({'dn': certa_dn
,
7669 'objectClass': 'certificationAuthority',
7670 'authorityRevocationList': ['XXX'],
7671 'cACertificate': b
'0\x82\x03u0\x82\x02]\xa0\x03\x02\x01\x02\x02\x10I',
7672 'certificateRevocationList': ['XXX'],
7674 # Write the dummy pKIEnrollmentService
7675 enroll_dn
= 'CN=%s,CN=Enrollment Services,%s' % (ca_cn
, confdn
)
7676 ldb
.add({'dn': enroll_dn
,
7677 'objectClass': 'pKIEnrollmentService',
7678 'cACertificate': b
'0\x82\x03u0\x82\x02]\xa0\x03\x02\x01\x02\x02\x10I',
7679 'certificateTemplates': ['Machine'],
7680 'dNSHostName': hostname
,
7682 # Write the dummy pKICertificateTemplate
7683 template_dn
= 'CN=Machine,CN=Certificate Templates,%s' % confdn
7684 ldb
.add({'dn': template_dn
,
7685 'objectClass': 'pKICertificateTemplate',
7688 with
TemporaryDirectory() as dname
:
7689 ext
.process_group_policy([], gpos
, dname
, dname
)
7690 ca_list
= [ca_cn
, 'example0-com-CA', 'example1-com-CA',
7693 ca_crt
= os
.path
.join(dname
, '%s.crt' % ca
)
7694 self
.assertTrue(os
.path
.exists(ca_crt
),
7695 'Root CA certificate was not requested')
7696 machine_crt
= os
.path
.join(dname
, '%s.Machine.crt' % ca
)
7697 self
.assertTrue(os
.path
.exists(machine_crt
),
7698 'Machine certificate was not requested')
7699 machine_key
= os
.path
.join(dname
, '%s.Machine.key' % ca
)
7700 self
.assertTrue(os
.path
.exists(machine_key
),
7701 'Machine key was not generated')
7703 # Subsequent apply should react to new certificate templates
7704 os
.environ
['CEPCES_SUBMIT_SUPPORTED_TEMPLATES'] = 'Machine,Workstation'
7705 self
.addCleanup(os
.environ
.pop
, 'CEPCES_SUBMIT_SUPPORTED_TEMPLATES')
7706 ext
.process_group_policy([], gpos
, dname
, dname
)
7708 self
.assertTrue(os
.path
.exists(ca_crt
),
7709 'Root CA certificate was not requested')
7710 self
.assertTrue(os
.path
.exists(machine_crt
),
7711 'Machine certificate was not requested')
7712 self
.assertTrue(os
.path
.exists(machine_key
),
7713 'Machine key was not generated')
7715 workstation_crt
= os
.path
.join(dname
, '%s.Workstation.crt' % ca
)
7716 self
.assertTrue(os
.path
.exists(workstation_crt
),
7717 'Workstation certificate was not requested')
7718 workstation_key
= os
.path
.join(dname
, '%s.Workstation.key' % ca
)
7719 self
.assertTrue(os
.path
.exists(workstation_key
),
7720 'Workstation key was not generated')
7722 # Verify RSOP does not fail
7723 ext
.rsop([g
for g
in gpos
if g
.name
== guid
][0])
7725 # Check that a call to gpupdate --rsop also succeeds
7727 self
.assertEqual(ret
, 0, 'gpupdate --rsop failed!')
7730 gp_db
= store
.get_gplog(machine_creds
.get_username())
7731 del_gpos
= get_deleted_gpos_list(gp_db
, [])
7732 ext
.process_group_policy(del_gpos
, [], dname
)
7733 self
.assertFalse(os
.path
.exists(ca_crt
),
7734 'Root CA certificate was not removed')
7735 self
.assertFalse(os
.path
.exists(machine_crt
),
7736 'Machine certificate was not removed')
7737 self
.assertFalse(os
.path
.exists(machine_key
),
7738 'Machine key was not removed')
7739 self
.assertFalse(os
.path
.exists(workstation_crt
),
7740 'Workstation certificate was not removed')
7741 self
.assertFalse(os
.path
.exists(workstation_key
),
7742 'Workstation key was not removed')
7743 out
, _
= Popen(['getcert', 'list-cas'], stdout
=PIPE
).communicate()
7745 self
.assertNotIn(get_bytes(ca
), out
, 'CA was not removed')
7746 out
, _
= Popen(['getcert', 'list'], stdout
=PIPE
).communicate()
7747 self
.assertNotIn(b
'Machine', out
,
7748 'Machine certificate not removed')
7749 self
.assertNotIn(b
'Workstation', out
,
7750 'Workstation certificate not removed')
7752 # Remove the dummy CA, pKIEnrollmentService, and pKICertificateTemplate
7753 ldb
.delete(certa_dn
)
7754 ldb
.delete(enroll_dn
)
7755 ldb
.delete(template_dn
)
7757 # Unstage the Registry.pol file
7758 unstage_file(reg_pol
)
7760 def test_gp_centrify_sudoers_ext(self
):
7761 local_path
= self
.lp
.cache_path('gpo_cache')
7762 guid
= '{31B2F340-016D-11D2-945F-00C04FB984F9}'
7763 reg_pol
= os
.path
.join(local_path
, policies
, guid
,
7764 'MACHINE/REGISTRY.POL')
7765 cache_dir
= self
.lp
.get('cache directory')
7766 store
= GPOStorage(os
.path
.join(cache_dir
, 'gpo.tdb'))
7768 machine_creds
= Credentials()
7769 machine_creds
.guess(self
.lp
)
7770 machine_creds
.set_machine_account()
7772 # Initialize the group policy extension
7773 ext
= gp_centrify_sudoers_ext(self
.lp
, machine_creds
,
7774 machine_creds
.get_username(), store
)
7776 gpos
= get_gpo_list(self
.server
, machine_creds
, self
.lp
,
7777 machine_creds
.get_username())
7779 # Stage the Registry.pol file with test data
7782 e1
.keyname
= b
'Software\\Policies\\Centrify\\UnixSettings'
7783 e1
.valuename
= b
'sudo.enabled'
7787 e2
.keyname
= b
'Software\\Policies\\Centrify\\UnixSettings\\SuDo'
7790 e2
.data
= b
'fakeu ALL=(ALL) NOPASSWD: ALL'
7791 stage
.num_entries
= 2
7792 stage
.entries
= [e1
, e2
]
7793 ret
= stage_file(reg_pol
, ndr_pack(stage
))
7794 self
.assertTrue(ret
, 'Could not create the target %s' % reg_pol
)
7796 # Process all gpos, with temp output directory
7797 with
TemporaryDirectory() as dname
:
7798 ext
.process_group_policy([], gpos
, dname
)
7799 sudoers
= os
.listdir(dname
)
7800 self
.assertEqual(len(sudoers
), 1, 'The sudoer file was not created')
7801 sudoers_file
= os
.path
.join(dname
, sudoers
[0])
7802 self
.assertIn(e2
.data
, open(sudoers_file
, 'r').read(),
7803 'The sudoers entry was not applied')
7805 # Remove the sudoers file, and make sure a re-apply puts it back
7806 os
.unlink(sudoers_file
)
7807 ext
.process_group_policy([], gpos
, dname
)
7808 sudoers
= os
.listdir(dname
)
7809 self
.assertEqual(len(sudoers
), 1,
7810 'The sudoer file was not recreated')
7811 sudoers_file
= os
.path
.join(dname
, sudoers
[0])
7812 self
.assertIn(e2
.data
, open(sudoers_file
, 'r').read(),
7813 'The sudoers entry was not reapplied')
7815 # Check that a call to gpupdate --rsop also succeeds
7817 self
.assertEqual(ret
, 0, 'gpupdate --rsop failed!')
7820 gp_db
= store
.get_gplog(machine_creds
.get_username())
7821 del_gpos
= get_deleted_gpos_list(gp_db
, [])
7822 ext
.process_group_policy(del_gpos
, [])
7823 self
.assertEqual(len(os
.listdir(dname
)), 0,
7824 'Unapply failed to cleanup scripts')
7826 # Unstage the Registry.pol file
7827 unstage_file(reg_pol
)
7829 def test_gp_centrify_crontab_ext(self
):
7830 local_path
= self
.lp
.cache_path('gpo_cache')
7831 guid
= '{31B2F340-016D-11D2-945F-00C04FB984F9}'
7832 reg_pol
= os
.path
.join(local_path
, policies
, guid
,
7833 'MACHINE/REGISTRY.POL')
7834 cache_dir
= self
.lp
.get('cache directory')
7835 store
= GPOStorage(os
.path
.join(cache_dir
, 'gpo.tdb'))
7837 machine_creds
= Credentials()
7838 machine_creds
.guess(self
.lp
)
7839 machine_creds
.set_machine_account()
7841 # Initialize the group policy extension
7842 ext
= gp_centrify_crontab_ext(self
.lp
, machine_creds
,
7843 machine_creds
.get_username(), store
)
7845 gpos
= get_gpo_list(self
.server
, machine_creds
, self
.lp
,
7846 machine_creds
.get_username())
7848 # Stage the Registry.pol file with test data
7852 b
'Software\\Policies\\Centrify\\UnixSettings\\CrontabEntries'
7853 e
.valuename
= b
'Command1'
7855 e
.data
= b
'17 * * * * root echo hello world'
7856 stage
.num_entries
= 1
7858 ret
= stage_file(reg_pol
, ndr_pack(stage
))
7859 self
.assertTrue(ret
, 'Could not create the target %s' % reg_pol
)
7861 # Process all gpos, with temp output directory
7862 with
TemporaryDirectory() as dname
:
7863 ext
.process_group_policy([], gpos
, dname
)
7864 cron_entries
= os
.listdir(dname
)
7865 self
.assertEqual(len(cron_entries
), 1, 'Cron entry not created')
7866 fname
= os
.path
.join(dname
, cron_entries
[0])
7867 data
= open(fname
, 'rb').read()
7868 self
.assertIn(get_bytes(e
.data
), data
, 'Cron entry is missing')
7870 # Check that a call to gpupdate --rsop also succeeds
7872 self
.assertEqual(ret
, 0, 'gpupdate --rsop failed!')
7875 gp_db
= store
.get_gplog(machine_creds
.get_username())
7876 del_gpos
= get_deleted_gpos_list(gp_db
, [])
7877 ext
.process_group_policy(del_gpos
, [])
7878 self
.assertEqual(len(os
.listdir(dname
)), 0,
7879 'Unapply failed to cleanup script')
7881 # Unstage the Registry.pol file
7882 unstage_file(reg_pol
)
7884 def test_gp_user_centrify_crontab_ext(self
):
7885 local_path
= self
.lp
.cache_path('gpo_cache')
7886 guids
= ['{31B2F340-016D-11D2-945F-00C04FB984F9}',
7887 '{6AC1786C-016F-11D2-945F-00C04FB984F9}']
7888 reg_pol
= os
.path
.join(local_path
, policies
, guids
[0],
7889 'USER/REGISTRY.POL')
7890 reg_pol2
= os
.path
.join(local_path
, policies
, guids
[1],
7891 'USER/REGISTRY.POL')
7892 cache_dir
= self
.lp
.get('cache directory')
7893 store
= GPOStorage(os
.path
.join(cache_dir
, 'gpo.tdb'))
7895 machine_creds
= Credentials()
7896 machine_creds
.guess(self
.lp
)
7897 machine_creds
.set_machine_account()
7899 # Initialize the group policy extension
7900 ext
= gp_user_centrify_crontab_ext(self
.lp
, machine_creds
,
7901 os
.environ
.get('DC_USERNAME'),
7904 gpos
= get_gpo_list(self
.server
, machine_creds
, self
.lp
,
7905 machine_creds
.get_username())
7907 # Stage the Registry.pol file with test data
7911 b
'Software\\Policies\\Centrify\\UnixSettings\\CrontabEntries'
7912 e
.valuename
= b
'Command1'
7914 e
.data
= b
'17 * * * * echo hello world'
7915 stage
.num_entries
= 1
7917 ret
= stage_file(reg_pol
, ndr_pack(stage
))
7918 self
.assertTrue(ret
, 'Could not create the target %s' % reg_pol
)
7920 # Stage the other Registry.pol
7924 b
'Software\\Policies\\Centrify\\UnixSettings\\CrontabEntries'
7925 e2
.valuename
= b
'Command1'
7927 e2
.data
= b
'17 * * * * echo this is a second policy'
7928 stage
.num_entries
= 1
7929 stage
.entries
= [e2
]
7930 ret
= stage_file(reg_pol2
, ndr_pack(stage
))
7931 self
.assertTrue(ret
, 'Could not create the target %s' % reg_pol2
)
7933 # Process all gpos, intentionally skipping the privilege drop
7934 ext
.process_group_policy([], gpos
)
7935 # Dump the fake crontab setup for testing
7936 p
= Popen(['crontab', '-l'], stdout
=PIPE
)
7937 crontab
, _
= p
.communicate()
7938 self
.assertIn(get_bytes(e
.data
), crontab
,
7939 'The crontab entry was not installed')
7940 self
.assertIn(get_bytes(e2
.data
), crontab
,
7941 'The crontab entry was not installed')
7943 # Force apply with removal of second GPO
7944 gp_db
= store
.get_gplog(os
.environ
.get('DC_USERNAME'))
7945 del_gpos
= gp_db
.get_applied_settings([guids
[1]])
7946 gpos
= [gpo
for gpo
in gpos
if gpo
.name
!= guids
[1]]
7947 ext
.process_group_policy(del_gpos
, gpos
)
7949 # Dump the fake crontab setup for testing
7950 p
= Popen(['crontab', '-l'], stdout
=PIPE
)
7951 crontab
, _
= p
.communicate()
7953 # Ensure the first entry remains, and the second entry is removed
7954 self
.assertIn(get_bytes(e
.data
), crontab
,
7955 'The first crontab entry was not found')
7956 self
.assertNotIn(get_bytes(e2
.data
), crontab
,
7957 'The second crontab entry was still present')
7959 # Check that a call to gpupdate --rsop also succeeds
7961 self
.assertEqual(ret
, 0, 'gpupdate --rsop failed!')
7964 del_gpos
= get_deleted_gpos_list(gp_db
, [])
7965 ext
.process_group_policy(del_gpos
, [])
7966 # Dump the fake crontab setup for testing
7967 p
= Popen(['crontab', '-l'], stdout
=PIPE
)
7968 crontab
, _
= p
.communicate()
7969 self
.assertNotIn(get_bytes(e
.data
), crontab
,
7970 'Unapply failed to cleanup crontab entry')
7972 # Unstage the Registry.pol files
7973 unstage_file(reg_pol
)
7974 unstage_file(reg_pol2
)
7976 def test_gp_drive_maps_user_ext(self
):
7977 local_path
= self
.lp
.cache_path('gpo_cache')
7978 guid
= '{31B2F340-016D-11D2-945F-00C04FB984F9}'
7979 xml_path
= os
.path
.join(local_path
, policies
, guid
,
7980 'USER/PREFERENCES/DRIVES/DRIVES.XML')
7981 cache_dir
= self
.lp
.get('cache directory')
7982 store
= GPOStorage(os
.path
.join(cache_dir
, 'gpo.tdb'))
7984 machine_creds
= Credentials()
7985 machine_creds
.guess(self
.lp
)
7986 machine_creds
.set_machine_account()
7988 # Initialize the group policy extension
7989 ext
= gp_drive_maps_user_ext(self
.lp
, machine_creds
,
7990 os
.environ
.get('DC_USERNAME'), store
)
7992 ads
= gpo
.ADS_STRUCT(self
.server
, self
.lp
, machine_creds
)
7994 gpos
= ads
.get_gpo_list(machine_creds
.get_username())
7996 # Stage the Drives.xml file with test data
7997 ret
= stage_file(xml_path
, drive_maps_xml
)
7998 self
.assertTrue(ret
, 'Could not create the target %s' % xml_path
)
8000 # Process all gpos, intentionally skipping the privilege drop
8001 ext
.process_group_policy([], gpos
)
8002 # Dump the fake crontab setup for testing
8003 p
= Popen(['crontab', '-l'], stdout
=PIPE
)
8004 crontab
, _
= p
.communicate()
8005 entry
= b
'@hourly gio mount smb://example.com/test'
8006 self
.assertIn(entry
, crontab
,
8007 'The crontab entry was not installed')
8009 # Check that a call to gpupdate --rsop also succeeds
8011 self
.assertEqual(ret
, 0, 'gpupdate --rsop failed!')
8013 # Unstage the Drives.xml
8014 unstage_file(xml_path
)
8016 # Modify the policy and ensure it is updated
8017 xml_conf
= etree
.fromstring(drive_maps_xml
.strip())
8018 drives
= xml_conf
.findall('Drive')
8019 props
= drives
[0].find('Properties')
8020 props
.attrib
['action'] = 'D'
8021 ret
= stage_file(xml_path
,
8022 etree
.tostring(xml_conf
, encoding
='unicode'))
8023 self
.assertTrue(ret
, 'Could not create the target %s' % xml_path
)
8025 # Process all gpos, intentionally skipping the privilege drop
8026 ext
.process_group_policy([], gpos
)
8027 # Dump the fake crontab setup for testing
8028 p
= Popen(['crontab', '-l'], stdout
=PIPE
)
8029 crontab
, _
= p
.communicate()
8030 self
.assertNotIn(entry
+b
'\n', crontab
,
8031 'The old crontab entry was not removed')
8032 entry
= entry
+ b
' --unmount'
8033 self
.assertIn(entry
, crontab
,
8034 'The crontab entry was not installed')
8037 gp_db
= store
.get_gplog(os
.environ
.get('DC_USERNAME'))
8038 del_gpos
= get_deleted_gpos_list(gp_db
, [])
8039 ext
.process_group_policy(del_gpos
, [])
8040 # Dump the fake crontab setup for testing
8041 p
= Popen(['crontab', '-l'], stdout
=PIPE
)
8042 crontab
, _
= p
.communicate()
8043 self
.assertNotIn(entry
, crontab
,
8044 'Unapply failed to cleanup crontab entry')
8046 # Unstage the Drives.xml
8047 unstage_file(xml_path
)
8049 # Modify the policy to set 'run once', ensure there is no cron entry
8050 xml_conf
= etree
.fromstring(drive_maps_xml
.strip())
8051 drives
= xml_conf
.findall('Drive')
8052 filters
= etree
.SubElement(drives
[0], 'Filters')
8053 etree
.SubElement(filters
, 'FilterRunOnce')
8054 ret
= stage_file(xml_path
,
8055 etree
.tostring(xml_conf
, encoding
='unicode'))
8056 self
.assertTrue(ret
, 'Could not create the target %s' % xml_path
)
8058 # Process all gpos, intentionally skipping the privilege drop
8059 ext
.process_group_policy([], gpos
)
8060 # Dump the fake crontab setup for testing
8061 p
= Popen(['crontab', '-l'], stdout
=PIPE
)
8062 crontab
, _
= p
.communicate()
8063 entry
= b
'@hourly gio mount smb://example.com/test'
8064 self
.assertNotIn(entry
, crontab
,
8065 'The crontab entry was added despite run-once request')
8068 gp_db
= store
.get_gplog(os
.environ
.get('DC_USERNAME'))
8069 del_gpos
= get_deleted_gpos_list(gp_db
, [])
8070 ext
.process_group_policy(del_gpos
, [])
8072 # Unstage the Drives.xml
8073 unstage_file(xml_path
)
8075 def test_expand_pref_variables(self
):
8076 cache_path
= self
.lp
.cache_path(os
.path
.join('gpo_cache'))
8078 username
= 'test_uname'
8079 test_vars
= { 'AppDataDir': os
.path
.expanduser('~/.config'),
8080 'ComputerName': self
.lp
.get('netbios name'),
8081 'DesktopDir': os
.path
.expanduser('~/Desktop'),
8082 'DomainName': self
.lp
.get('realm'),
8083 'GptPath': os
.path
.join(cache_path
,
8084 check_safe_path(gpt_path
).upper()),
8085 'LogonDomain': self
.lp
.get('realm'),
8086 'LogonUser': username
,
8090 for exp_var
, val
in test_vars
.items():
8091 self
.assertEqual(expand_pref_variables('%%%s%%' % exp_var
,
8095 val
, 'Failed to expand variable %s' % exp_var
)
8096 # With the time variables, we can't test for an exact time, so let's do
8097 # simple checks instead.
8098 time_vars
= ['DateTime', 'DateTimeEx', 'LocalTime',
8099 'LocalTimeEx', 'TimeStamp']
8100 for time_var
in time_vars
:
8101 self
.assertNotEqual(expand_pref_variables('%%%s%%' % time_var
,
8105 None, 'Failed to expand variable %s' % time_var
)
8107 # Here we test to ensure undefined preference variables cause an error.
8108 # The reason for testing these is to ensure we don't apply nonsense
8109 # policies when they can't be defined. Also, these tests will fail if
8110 # one of these is implemented in the future (forcing us to write a test
8111 # anytime these are implemented).
8112 undef_vars
= ['BinaryComputerSid',
8116 'CommonFavoritesDir',
8117 'CommonProgramsDir',
8119 'CurrentProccessId',
8123 'GroupPolicyVersion',
8136 'RecentDocumentsDir',
8139 'ReversedComputerSid',
8148 for undef_var
in undef_vars
:
8150 expand_pref_variables('%%%s%%' % undef_var
, gpt_path
, self
.lp
)
8154 self
.fail('Undefined variable %s caused no error' % undef_var
)
8156 def test_parser_roundtrip_empty_multi_sz(self
):
8157 with
TemporaryDirectory() as dname
:
8158 reg_pol_xml
= os
.path
.join(dname
, 'REGISTRY.POL.XML')
8160 parser
= GPPolParser()
8162 parser
.load_xml(etree
.fromstring(empty_multi_sz_reg_pol
.strip()))
8163 except Exception as e
:
8165 parser
.write_xml(reg_pol_xml
)
8167 with
open(reg_pol_xml
, 'r') as f
:
8168 pol_xml_data
= f
.read()
8170 # Strip whitespace characters due to indentation differences
8171 expected_xml_data
= re
.sub(r
"\s+", "", empty_multi_sz_reg_pol
.decode(), flags
=re
.UNICODE
)
8172 actual_xml_data
= re
.sub(r
"\s+", "", pol_xml_data
, flags
=re
.UNICODE
)
8173 self
.assertEqual(expected_xml_data
, actual_xml_data
, 'XML data mismatch')
8175 def test_parser_roundtrip_multiple_values_multi_sz(self
):
8176 with
TemporaryDirectory() as dname
:
8177 reg_pol_xml
= os
.path
.join(dname
, 'REGISTRY.POL.XML')
8179 parser
= GPPolParser()
8181 parser
.load_xml(etree
.fromstring(multiple_values_multi_sz_reg_pol
.strip()))
8182 except Exception as e
:
8184 parser
.write_xml(reg_pol_xml
)
8186 with
open(reg_pol_xml
, 'r') as f
:
8187 pol_xml_data
= f
.read()
8189 # Strip whitespace characters due to indentation differences
8190 expected_xml_data
= re
.sub(r
"\s+", "", multiple_values_multi_sz_reg_pol
.decode(), flags
=re
.UNICODE
)
8191 actual_xml_data
= re
.sub(r
"\s+", "", pol_xml_data
, flags
=re
.UNICODE
)
8192 self
.assertEqual(expected_xml_data
, actual_xml_data
, 'XML data mismatch')