ctdb-scripts: Improve update and listing code
[samba4-gss.git] / python / samba / tests / gpo.py
blob9177eef5afaa2bdf64582d7908199fd98b4181f3
1 # Unix SMB/CIFS implementation. Tests for smb manipulation
2 # Copyright (C) David Mulder <dmulder@suse.com> 2018
4 # This program is free software; you can redistribute it and/or modify
5 # it under the terms of the GNU General Public License as published by
6 # the Free Software Foundation; either version 3 of the License, or
7 # (at your option) any later version.
9 # This program is distributed in the hope that it will be useful,
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 # GNU General Public License for more details.
14 # You should have received a copy of the GNU General Public License
15 # along with this program. If not, see <http://www.gnu.org/licenses/>.
17 import os, grp, pwd, re
18 import errno
19 from samba import gpo, tests
20 from samba.gp.gpclass import register_gp_extension, list_gp_extensions, \
21 unregister_gp_extension, GPOStorage, get_gpo_list
22 from samba.param import LoadParm
23 from samba.gp.gpclass import check_refresh_gpo_list, check_safe_path, \
24 check_guid, parse_gpext_conf, atomic_write_conf, get_deleted_gpos_list
25 from subprocess import Popen, PIPE
26 from tempfile import NamedTemporaryFile, TemporaryDirectory
27 from samba.gp import gpclass
28 # Disable privilege dropping for testing
29 gpclass.drop_privileges = lambda _, func, *args : func(*args)
30 from samba.gp.gp_sec_ext import gp_krb_ext
31 from samba.gp.gp_scripts_ext import gp_scripts_ext, gp_user_scripts_ext
32 from samba.gp.gp_sudoers_ext import gp_sudoers_ext
33 from samba.gp.vgp_sudoers_ext import vgp_sudoers_ext
34 from samba.gp.vgp_symlink_ext import vgp_symlink_ext
35 from samba.gp.gpclass import gp_inf_ext
36 from samba.gp.gp_smb_conf_ext import gp_smb_conf_ext
37 from samba.gp.vgp_files_ext import vgp_files_ext
38 from samba.gp.vgp_openssh_ext import vgp_openssh_ext
39 from samba.gp.vgp_startup_scripts_ext import vgp_startup_scripts_ext
40 from samba.gp.vgp_motd_ext import vgp_motd_ext
41 from samba.gp.vgp_issue_ext import vgp_issue_ext
42 from samba.gp.vgp_access_ext import vgp_access_ext
43 from samba.gp.gp_gnome_settings_ext import gp_gnome_settings_ext
44 from samba.gp import gp_cert_auto_enroll_ext as cae
45 from samba.gp.gp_firefox_ext import gp_firefox_ext
46 from samba.gp.gp_chromium_ext import gp_chromium_ext
47 from samba.gp.gp_firewalld_ext import gp_firewalld_ext
48 from samba.credentials import Credentials
49 from samba.gp.gp_msgs_ext import gp_msgs_ext
50 from samba.gp.gp_centrify_sudoers_ext import gp_centrify_sudoers_ext
51 from samba.gp.gp_centrify_crontab_ext import gp_centrify_crontab_ext, \
52 gp_user_centrify_crontab_ext
53 from samba.gp.gp_drive_maps_ext import gp_drive_maps_user_ext
54 from samba.common import get_bytes
55 from samba.dcerpc import preg
56 from samba.ndr import ndr_pack
57 import codecs
58 from shutil import copyfile
59 import xml.etree.ElementTree as etree
60 import hashlib
61 from samba.gp_parse.gp_pol import GPPolParser
62 from glob import glob
63 from configparser import ConfigParser
64 from samba.gp.gpclass import get_dc_hostname, expand_pref_variables
65 from samba import Ldb
66 import ldb as _ldb
67 from samba.auth import system_session
68 import json
69 from shutil import which
70 import requests
71 from cryptography import x509
72 from cryptography.hazmat.primitives import hashes
73 from cryptography.hazmat.backends import default_backend
74 from cryptography.hazmat.primitives.asymmetric import rsa
75 from cryptography.hazmat.primitives.serialization import Encoding
76 from datetime import datetime, timedelta, timezone
77 from samba.samba3 import param as s3param
79 def dummy_certificate():
80 name = x509.Name([
81 x509.NameAttribute(x509.NameOID.COMMON_NAME,
82 os.environ.get('SERVER'))
84 cons = x509.BasicConstraints(ca=True, path_length=0)
85 now = datetime.now(tz=timezone.utc)
87 key = rsa.generate_private_key(public_exponent=65537, key_size=2048,
88 backend=default_backend())
90 cert = (
91 x509.CertificateBuilder()
92 .subject_name(name)
93 .issuer_name(name)
94 .public_key(key.public_key())
95 .serial_number(1000)
96 .not_valid_before(now)
97 .not_valid_after(now + timedelta(seconds=300))
98 .add_extension(cons, False)
99 .sign(key, hashes.SHA256(), default_backend())
102 return cert.public_bytes(encoding=Encoding.DER)
104 # Dummy requests structure for Certificate Auto Enrollment
105 class dummy_requests(object):
106 class exceptions(object):
107 ConnectionError = Exception
109 def __init__(self, want_exception=False):
110 self.want_exception = want_exception
112 def get(self, url=None, params=None):
113 if self.want_exception:
114 raise self.exceptions.ConnectionError
116 dummy = requests.Response()
117 dummy._content = dummy_certificate()
118 dummy.headers = {'Content-Type': 'application/x-x509-ca-cert'}
119 return dummy
121 realm = os.environ.get('REALM')
122 policies = realm + '/POLICIES'
123 realm = realm.lower()
124 poldir = r'\\{0}\sysvol\{0}\Policies'.format(realm)
125 # the first part of the base DN varies by testenv. Work it out from the realm
126 base_dn = 'DC={0},DC=samba,DC=example,DC=com'.format(realm.split('.')[0])
127 dspath = 'CN=Policies,CN=System,' + base_dn
128 gpt_data = '[General]\nVersion=%d'
130 gnome_test_reg_pol = \
131 br"""
132 <?xml version="1.0" encoding="utf-8"?>
133 <PolFile num_entries="26" signature="PReg" version="1">
134 <Entry type="4" type_name="REG_DWORD">
135 <Key>GNOME Settings\Lock Down Settings</Key>
136 <ValueName>Lock Down Enabled Extensions</ValueName>
137 <Value>1</Value>
138 </Entry>
139 <Entry type="4" type_name="REG_DWORD">
140 <Key>GNOME Settings\Lock Down Settings</Key>
141 <ValueName>Lock Down Specific Settings</ValueName>
142 <Value>1</Value>
143 </Entry>
144 <Entry type="4" type_name="REG_DWORD">
145 <Key>GNOME Settings\Lock Down Settings</Key>
146 <ValueName>Disable Printing</ValueName>
147 <Value>1</Value>
148 </Entry>
149 <Entry type="4" type_name="REG_DWORD">
150 <Key>GNOME Settings\Lock Down Settings</Key>
151 <ValueName>Disable File Saving</ValueName>
152 <Value>1</Value>
153 </Entry>
154 <Entry type="4" type_name="REG_DWORD">
155 <Key>GNOME Settings\Lock Down Settings</Key>
156 <ValueName>Disable Command-Line Access</ValueName>
157 <Value>1</Value>
158 </Entry>
159 <Entry type="4" type_name="REG_DWORD">
160 <Key>GNOME Settings\Lock Down Settings</Key>
161 <ValueName>Disallow Login Using a Fingerprint</ValueName>
162 <Value>1</Value>
163 </Entry>
164 <Entry type="4" type_name="REG_DWORD">
165 <Key>GNOME Settings\Lock Down Settings</Key>
166 <ValueName>Disable User Logout</ValueName>
167 <Value>1</Value>
168 </Entry>
169 <Entry type="4" type_name="REG_DWORD">
170 <Key>GNOME Settings\Lock Down Settings</Key>
171 <ValueName>Disable User Switching</ValueName>
172 <Value>1</Value>
173 </Entry>
174 <Entry type="4" type_name="REG_DWORD">
175 <Key>GNOME Settings\Lock Down Settings</Key>
176 <ValueName>Disable Repartitioning</ValueName>
177 <Value>1</Value>
178 </Entry>
179 <Entry type="4" type_name="REG_DWORD">
180 <Key>GNOME Settings\Lock Down Settings</Key>
181 <ValueName>Whitelisted Online Accounts</ValueName>
182 <Value>1</Value>
183 </Entry>
184 <Entry type="4" type_name="REG_DWORD">
185 <Key>GNOME Settings\Lock Down Settings</Key>
186 <ValueName>Compose Key</ValueName>
187 <Value>1</Value>
188 </Entry>
189 <Entry type="4" type_name="REG_DWORD">
190 <Key>GNOME Settings\Lock Down Settings</Key>
191 <ValueName>Dim Screen when User is Idle</ValueName>
192 <Value>1</Value>
193 </Entry>
194 <Entry type="4" type_name="REG_DWORD">
195 <Key>GNOME Settings\Lock Down Settings</Key>
196 <ValueName>Enabled Extensions</ValueName>
197 <Value>1</Value>
198 </Entry>
199 <Entry type="1" type_name="REG_SZ">
200 <Key>GNOME Settings\Lock Down Settings\Compose Key</Key>
201 <ValueName>Key Name</ValueName>
202 <Value>Right Alt</Value>
203 </Entry>
204 <Entry type="4" type_name="REG_DWORD">
205 <Key>GNOME Settings\Lock Down Settings\Dim Screen when User is Idle</Key>
206 <ValueName>Delay</ValueName>
207 <Value>300</Value>
208 </Entry>
209 <Entry type="4" type_name="REG_DWORD">
210 <Key>GNOME Settings\Lock Down Settings\Dim Screen when User is Idle</Key>
211 <ValueName>Dim Idle Brightness</ValueName>
212 <Value>30</Value>
213 </Entry>
214 <Entry type="1" type_name="REG_SZ">
215 <Key>GNOME Settings\Lock Down Settings\Enabled Extensions</Key>
216 <ValueName>**delvals.</ValueName>
217 <Value> </Value>
218 </Entry>
219 <Entry type="1" type_name="REG_SZ">
220 <Key>GNOME Settings\Lock Down Settings\Enabled Extensions</Key>
221 <ValueName>myextension1@myname.example.com</ValueName>
222 <Value>myextension1@myname.example.com</Value>
223 </Entry>
224 <Entry type="1" type_name="REG_SZ">
225 <Key>GNOME Settings\Lock Down Settings\Enabled Extensions</Key>
226 <ValueName>myextension2@myname.example.com</ValueName>
227 <Value>myextension2@myname.example.com</Value>
228 </Entry>
229 <Entry type="1" type_name="REG_SZ">
230 <Key>GNOME Settings\Lock Down Settings\Lock Down Specific Settings</Key>
231 <ValueName>**delvals.</ValueName>
232 <Value> </Value>
233 </Entry>
234 <Entry type="1" type_name="REG_SZ">
235 <Key>GNOME Settings\Lock Down Settings\Lock Down Specific Settings</Key>
236 <ValueName>/org/gnome/desktop/background/picture-uri</ValueName>
237 <Value>/org/gnome/desktop/background/picture-uri</Value>
238 </Entry>
239 <Entry type="1" type_name="REG_SZ">
240 <Key>GNOME Settings\Lock Down Settings\Lock Down Specific Settings</Key>
241 <ValueName>/org/gnome/desktop/background/picture-options</ValueName>
242 <Value>/org/gnome/desktop/background/picture-options</Value>
243 </Entry>
244 <Entry type="1" type_name="REG_SZ">
245 <Key>GNOME Settings\Lock Down Settings\Lock Down Specific Settings</Key>
246 <ValueName>/org/gnome/desktop/background/primary-color</ValueName>
247 <Value>/org/gnome/desktop/background/primary-color</Value>
248 </Entry>
249 <Entry type="1" type_name="REG_SZ">
250 <Key>GNOME Settings\Lock Down Settings\Lock Down Specific Settings</Key>
251 <ValueName>/org/gnome/desktop/background/secondary-color</ValueName>
252 <Value>/org/gnome/desktop/background/secondary-color</Value>
253 </Entry>
254 <Entry type="1" type_name="REG_SZ">
255 <Key>GNOME Settings\Lock Down Settings\Whitelisted Online Accounts</Key>
256 <ValueName>**delvals.</ValueName>
257 <Value> </Value>
258 </Entry>
259 <Entry type="1" type_name="REG_SZ">
260 <Key>GNOME Settings\Lock Down Settings\Whitelisted Online Accounts</Key>
261 <ValueName>google</ValueName>
262 <Value>google</Value>
263 </Entry>
264 </PolFile>
267 auto_enroll_reg_pol = \
268 br"""
269 <?xml version="1.0" encoding="utf-8"?>
270 <PolFile num_entries="3" signature="PReg" version="1">
271 <Entry type="4" type_name="REG_DWORD">
272 <Key>Software\Policies\Microsoft\Cryptography\AutoEnrollment</Key>
273 <ValueName>AEPolicy</ValueName>
274 <Value>7</Value>
275 </Entry>
276 <Entry type="4" type_name="REG_DWORD">
277 <Key>Software\Policies\Microsoft\Cryptography\AutoEnrollment</Key>
278 <ValueName>OfflineExpirationPercent</ValueName>
279 <Value>10</Value>
280 </Entry>
281 <Entry type="1" type_name="REG_SZ">
282 <Key>Software\Policies\Microsoft\Cryptography\AutoEnrollment</Key>
283 <ValueName>OfflineExpirationStoreNames</ValueName>
284 <Value>MY</Value>
285 </Entry>
286 </PolFile>
289 auto_enroll_unchecked_reg_pol = \
290 br"""
291 <?xml version="1.0" encoding="utf-8"?>
292 <PolFile num_entries="3" signature="PReg" version="1">
293 <Entry type="4" type_name="REG_DWORD">
294 <Key>Software\Policies\Microsoft\Cryptography\AutoEnrollment</Key>
295 <ValueName>AEPolicy</ValueName>
296 <Value>0</Value>
297 </Entry>
298 <Entry type="4" type_name="REG_DWORD">
299 <Key>Software\Policies\Microsoft\Cryptography\AutoEnrollment</Key>
300 <ValueName>OfflineExpirationPercent</ValueName>
301 <Value>10</Value>
302 </Entry>
303 <Entry type="1" type_name="REG_SZ">
304 <Key>Software\Policies\Microsoft\Cryptography\AutoEnrollment</Key>
305 <ValueName>OfflineExpirationStoreNames</ValueName>
306 <Value>MY</Value>
307 </Entry>
308 </PolFile>
311 advanced_enroll_reg_pol = \
312 br"""
313 <?xml version="1.0" encoding="utf-8"?>
314 <PolFile num_entries="30" signature="PReg" version="1">
315 <Entry type="1" type_name="REG_SZ">
316 <Key>Software\Policies\Microsoft\Cryptography</Key>
317 <ValueName>**DeleteKeys</ValueName>
318 <Value>Software\Policies\Microsoft\Cryptography\PolicyServers</Value>
319 </Entry>
320 <Entry type="4" type_name="REG_DWORD">
321 <Key>Software\Policies\Microsoft\Cryptography\AutoEnrollment</Key>
322 <ValueName>AEPolicy</ValueName>
323 <Value>7</Value>
324 </Entry>
325 <Entry type="4" type_name="REG_DWORD">
326 <Key>Software\Policies\Microsoft\Cryptography\AutoEnrollment</Key>
327 <ValueName>OfflineExpirationPercent</ValueName>
328 <Value>25</Value>
329 </Entry>
330 <Entry type="1" type_name="REG_SZ">
331 <Key>Software\Policies\Microsoft\Cryptography\AutoEnrollment</Key>
332 <ValueName>OfflineExpirationStoreNames</ValueName>
333 <Value>MY</Value>
334 </Entry>
335 <Entry type="1" type_name="REG_SZ">
336 <Key>Software\Policies\Microsoft\Cryptography\PolicyServers</Key>
337 <ValueName/>
338 <Value>{5AD0BE6D-3393-4940-BFC3-6E19555A8919}</Value>
339 </Entry>
340 <Entry type="4" type_name="REG_DWORD">
341 <Key>Software\Policies\Microsoft\Cryptography\PolicyServers</Key>
342 <ValueName>Flags</ValueName>
343 <Value>0</Value>
344 </Entry>
345 <Entry type="1" type_name="REG_SZ">
346 <Key>Software\Policies\Microsoft\Cryptography\PolicyServers\37c9dc30f207f27f61a2f7c3aed598a6e2920b54</Key>
347 <ValueName>URL</ValueName>
348 <Value>LDAP:</Value>
349 </Entry>
350 <Entry type="1" type_name="REG_SZ">
351 <Key>Software\Policies\Microsoft\Cryptography\PolicyServers\37c9dc30f207f27f61a2f7c3aed598a6e2920b54</Key>
352 <ValueName>PolicyID</ValueName>
353 <Value>%s</Value>
354 </Entry>
355 <Entry type="1" type_name="REG_SZ">
356 <Key>Software\Policies\Microsoft\Cryptography\PolicyServers\37c9dc30f207f27f61a2f7c3aed598a6e2920b54</Key>
357 <ValueName>FriendlyName</ValueName>
358 <Value>Example</Value>
359 </Entry>
360 <Entry type="4" type_name="REG_DWORD">
361 <Key>Software\Policies\Microsoft\Cryptography\PolicyServers\37c9dc30f207f27f61a2f7c3aed598a6e2920b54</Key>
362 <ValueName>Flags</ValueName>
363 <Value>16</Value>
364 </Entry>
365 <Entry type="4" type_name="REG_DWORD">
366 <Key>Software\Policies\Microsoft\Cryptography\PolicyServers\37c9dc30f207f27f61a2f7c3aed598a6e2920b54</Key>
367 <ValueName>AuthFlags</ValueName>
368 <Value>2</Value>
369 </Entry>
370 <Entry type="4" type_name="REG_DWORD">
371 <Key>Software\Policies\Microsoft\Cryptography\PolicyServers\37c9dc30f207f27f61a2f7c3aed598a6e2920b54</Key>
372 <ValueName>Cost</ValueName>
373 <Value>2147483645</Value>
374 </Entry>
375 <Entry type="1" type_name="REG_SZ">
376 <Key>Software\Policies\Microsoft\Cryptography\PolicyServers\144bdbb8e4717c26e408f3c9a0cb8d6cfacbcbbe</Key>
377 <ValueName>URL</ValueName>
378 <Value>https://example2.com/ADPolicyProvider_CEP_Certificate/service.svc/CEP</Value>
379 </Entry>
380 <Entry type="1" type_name="REG_SZ">
381 <Key>Software\Policies\Microsoft\Cryptography\PolicyServers\144bdbb8e4717c26e408f3c9a0cb8d6cfacbcbbe</Key>
382 <ValueName>PolicyID</ValueName>
383 <Value>%s</Value>
384 </Entry>
385 <Entry type="1" type_name="REG_SZ">
386 <Key>Software\Policies\Microsoft\Cryptography\PolicyServers\144bdbb8e4717c26e408f3c9a0cb8d6cfacbcbbe</Key>
387 <ValueName>FriendlyName</ValueName>
388 <Value>Example2</Value>
389 </Entry>
390 <Entry type="4" type_name="REG_DWORD">
391 <Key>Software\Policies\Microsoft\Cryptography\PolicyServers\144bdbb8e4717c26e408f3c9a0cb8d6cfacbcbbe</Key>
392 <ValueName>Flags</ValueName>
393 <Value>16</Value>
394 </Entry>
395 <Entry type="4" type_name="REG_DWORD">
396 <Key>Software\Policies\Microsoft\Cryptography\PolicyServers\144bdbb8e4717c26e408f3c9a0cb8d6cfacbcbbe</Key>
397 <ValueName>AuthFlags</ValueName>
398 <Value>8</Value>
399 </Entry>
400 <Entry type="4" type_name="REG_DWORD">
401 <Key>Software\Policies\Microsoft\Cryptography\PolicyServers\144bdbb8e4717c26e408f3c9a0cb8d6cfacbcbbe</Key>
402 <ValueName>Cost</ValueName>
403 <Value>10</Value>
404 </Entry>
405 <Entry type="1" type_name="REG_SZ">
406 <Key>Software\Policies\Microsoft\Cryptography\PolicyServers\20d46e856e9b9746c0b1265c328f126a7b3283a9</Key>
407 <ValueName>URL</ValueName>
408 <Value>https://example0.com/ADPolicyProvider_CEP_Kerberos/service.svc/CEP</Value>
409 </Entry>
410 <Entry type="1" type_name="REG_SZ">
411 <Key>Software\Policies\Microsoft\Cryptography\PolicyServers\20d46e856e9b9746c0b1265c328f126a7b3283a9</Key>
412 <ValueName>PolicyID</ValueName>
413 <Value>%s</Value>
414 </Entry>
415 <Entry type="1" type_name="REG_SZ">
416 <Key>Software\Policies\Microsoft\Cryptography\PolicyServers\20d46e856e9b9746c0b1265c328f126a7b3283a9</Key>
417 <ValueName>FriendlyName</ValueName>
418 <Value>Example0</Value>
419 </Entry>
420 <Entry type="4" type_name="REG_DWORD">
421 <Key>Software\Policies\Microsoft\Cryptography\PolicyServers\20d46e856e9b9746c0b1265c328f126a7b3283a9</Key>
422 <ValueName>Flags</ValueName>
423 <Value>16</Value>
424 </Entry>
425 <Entry type="4" type_name="REG_DWORD">
426 <Key>Software\Policies\Microsoft\Cryptography\PolicyServers\20d46e856e9b9746c0b1265c328f126a7b3283a9</Key>
427 <ValueName>AuthFlags</ValueName>
428 <Value>2</Value>
429 </Entry>
430 <Entry type="4" type_name="REG_DWORD">
431 <Key>Software\Policies\Microsoft\Cryptography\PolicyServers\20d46e856e9b9746c0b1265c328f126a7b3283a9</Key>
432 <ValueName>Cost</ValueName>
433 <Value>1</Value>
434 </Entry>
435 <Entry type="1" type_name="REG_SZ">
436 <Key>Software\Policies\Microsoft\Cryptography\PolicyServers\855b5246433a48402ac4f5c3427566df26ccc9ac</Key>
437 <ValueName>URL</ValueName>
438 <Value>https://example1.com/ADPolicyProvider_CEP_Kerberos/service.svc/CEP</Value>
439 </Entry>
440 <Entry type="1" type_name="REG_SZ">
441 <Key>Software\Policies\Microsoft\Cryptography\PolicyServers\855b5246433a48402ac4f5c3427566df26ccc9ac</Key>
442 <ValueName>PolicyID</ValueName>
443 <Value>%s</Value>
444 </Entry>
445 <Entry type="1" type_name="REG_SZ">
446 <Key>Software\Policies\Microsoft\Cryptography\PolicyServers\855b5246433a48402ac4f5c3427566df26ccc9ac</Key>
447 <ValueName>FriendlyName</ValueName>
448 <Value>Example1</Value>
449 </Entry>
450 <Entry type="4" type_name="REG_DWORD">
451 <Key>Software\Policies\Microsoft\Cryptography\PolicyServers\855b5246433a48402ac4f5c3427566df26ccc9ac</Key>
452 <ValueName>Flags</ValueName>
453 <Value>16</Value>
454 </Entry>
455 <Entry type="4" type_name="REG_DWORD">
456 <Key>Software\Policies\Microsoft\Cryptography\PolicyServers\855b5246433a48402ac4f5c3427566df26ccc9ac</Key>
457 <ValueName>AuthFlags</ValueName>
458 <Value>2</Value>
459 </Entry>
460 <Entry type="4" type_name="REG_DWORD">
461 <Key>Software\Policies\Microsoft\Cryptography\PolicyServers\855b5246433a48402ac4f5c3427566df26ccc9ac</Key>
462 <ValueName>Cost</ValueName>
463 <Value>1</Value>
464 </Entry>
465 </PolFile>
468 firefox_reg_pol = \
469 b"""
470 <?xml version="1.0" encoding="utf-8"?>
471 <PolFile num_entries="241" signature="PReg" version="1">
472 <Entry type="7" type_name="REG_MULTI_SZ">
473 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
474 <ValueName>ExtensionSettings</ValueName>
475 <Value>{ &quot;*&quot;: { &quot;blocked_install_message&quot;: &quot;Custom error message.&quot;, &quot;install_sources&quot;: [&quot;about:addons&quot;,&quot;https://addons.mozilla.org/&quot;], &quot;installation_mode&quot;: &quot;blocked&quot;, &quot;allowed_types&quot;: [&quot;extension&quot;] }, &quot;uBlock0@raymondhill.net&quot;: { &quot;installation_mode&quot;: &quot;force_installed&quot;, &quot;install_url&quot;: &quot;https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi&quot; }, &quot;https-everywhere@eff.org&quot;: { &quot;installation_mode&quot;: &quot;allowed&quot; } }</Value>
476 </Entry>
477 <Entry type="4" type_name="REG_DWORD">
478 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
479 <ValueName>ExtensionUpdate</ValueName>
480 <Value>1</Value>
481 </Entry>
482 <Entry type="4" type_name="REG_DWORD">
483 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
484 <ValueName>SearchSuggestEnabled</ValueName>
485 <Value>1</Value>
486 </Entry>
487 <Entry type="4" type_name="REG_DWORD">
488 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
489 <ValueName>AppAutoUpdate</ValueName>
490 <Value>1</Value>
491 </Entry>
492 <Entry type="1" type_name="REG_SZ">
493 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
494 <ValueName>AppUpdateURL</ValueName>
495 <Value>https://yoursite.com</Value>
496 </Entry>
497 <Entry type="4" type_name="REG_DWORD">
498 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
499 <ValueName>BlockAboutAddons</ValueName>
500 <Value>1</Value>
501 </Entry>
502 <Entry type="4" type_name="REG_DWORD">
503 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
504 <ValueName>BlockAboutConfig</ValueName>
505 <Value>1</Value>
506 </Entry>
507 <Entry type="4" type_name="REG_DWORD">
508 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
509 <ValueName>BlockAboutProfiles</ValueName>
510 <Value>1</Value>
511 </Entry>
512 <Entry type="4" type_name="REG_DWORD">
513 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
514 <ValueName>BlockAboutSupport</ValueName>
515 <Value>1</Value>
516 </Entry>
517 <Entry type="4" type_name="REG_DWORD">
518 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
519 <ValueName>CaptivePortal</ValueName>
520 <Value>1</Value>
521 </Entry>
522 <Entry type="2" type_name="REG_EXPAND_SZ">
523 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
524 <ValueName>DefaultDownloadDirectory</ValueName>
525 <Value>${home}/Downloads</Value>
526 </Entry>
527 <Entry type="4" type_name="REG_DWORD">
528 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
529 <ValueName>DisableAppUpdate</ValueName>
530 <Value>1</Value>
531 </Entry>
532 <Entry type="4" type_name="REG_DWORD">
533 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
534 <ValueName>DisableBuiltinPDFViewer</ValueName>
535 <Value>1</Value>
536 </Entry>
537 <Entry type="4" type_name="REG_DWORD">
538 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
539 <ValueName>DisableDefaultBrowserAgent</ValueName>
540 <Value>1</Value>
541 </Entry>
542 <Entry type="4" type_name="REG_DWORD">
543 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
544 <ValueName>DisableDeveloperTools</ValueName>
545 <Value>1</Value>
546 </Entry>
547 <Entry type="4" type_name="REG_DWORD">
548 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
549 <ValueName>DisableFeedbackCommands</ValueName>
550 <Value>1</Value>
551 </Entry>
552 <Entry type="4" type_name="REG_DWORD">
553 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
554 <ValueName>DisableFirefoxAccounts</ValueName>
555 <Value>1</Value>
556 </Entry>
557 <Entry type="4" type_name="REG_DWORD">
558 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
559 <ValueName>DisableFirefoxScreenshots</ValueName>
560 <Value>1</Value>
561 </Entry>
562 <Entry type="4" type_name="REG_DWORD">
563 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
564 <ValueName>DisableFirefoxStudies</ValueName>
565 <Value>1</Value>
566 </Entry>
567 <Entry type="4" type_name="REG_DWORD">
568 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
569 <ValueName>DisableForgetButton</ValueName>
570 <Value>1</Value>
571 </Entry>
572 <Entry type="4" type_name="REG_DWORD">
573 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
574 <ValueName>DisableFormHistory</ValueName>
575 <Value>1</Value>
576 </Entry>
577 <Entry type="4" type_name="REG_DWORD">
578 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
579 <ValueName>DisableMasterPasswordCreation</ValueName>
580 <Value>1</Value>
581 </Entry>
582 <Entry type="4" type_name="REG_DWORD">
583 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
584 <ValueName>DisablePasswordReveal</ValueName>
585 <Value>1</Value>
586 </Entry>
587 <Entry type="4" type_name="REG_DWORD">
588 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
589 <ValueName>DisablePocket</ValueName>
590 <Value>1</Value>
591 </Entry>
592 <Entry type="4" type_name="REG_DWORD">
593 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
594 <ValueName>DisablePrivateBrowsing</ValueName>
595 <Value>1</Value>
596 </Entry>
597 <Entry type="4" type_name="REG_DWORD">
598 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
599 <ValueName>DisableProfileImport</ValueName>
600 <Value>1</Value>
601 </Entry>
602 <Entry type="4" type_name="REG_DWORD">
603 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
604 <ValueName>DisableProfileRefresh</ValueName>
605 <Value>1</Value>
606 </Entry>
607 <Entry type="4" type_name="REG_DWORD">
608 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
609 <ValueName>DisableSafeMode</ValueName>
610 <Value>1</Value>
611 </Entry>
612 <Entry type="4" type_name="REG_DWORD">
613 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
614 <ValueName>DisableSetDesktopBackground</ValueName>
615 <Value>1</Value>
616 </Entry>
617 <Entry type="4" type_name="REG_DWORD">
618 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
619 <ValueName>DisableSystemAddonUpdate</ValueName>
620 <Value>1</Value>
621 </Entry>
622 <Entry type="4" type_name="REG_DWORD">
623 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
624 <ValueName>DisableTelemetry</ValueName>
625 <Value>1</Value>
626 </Entry>
627 <Entry type="4" type_name="REG_DWORD">
628 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
629 <ValueName>DisplayBookmarksToolbar</ValueName>
630 <Value>1</Value>
631 </Entry>
632 <Entry type="1" type_name="REG_SZ">
633 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
634 <ValueName>DisplayMenuBar</ValueName>
635 <Value>default-on</Value>
636 </Entry>
637 <Entry type="4" type_name="REG_DWORD">
638 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
639 <ValueName>DontCheckDefaultBrowser</ValueName>
640 <Value>1</Value>
641 </Entry>
642 <Entry type="2" type_name="REG_EXPAND_SZ">
643 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
644 <ValueName>DownloadDirectory</ValueName>
645 <Value>${home}/Downloads</Value>
646 </Entry>
647 <Entry type="7" type_name="REG_MULTI_SZ">
648 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
649 <ValueName>Handlers</ValueName>
650 <Value>{ &quot;mimeTypes&quot;: { &quot;application/msword&quot;: { &quot;action&quot;: &quot;useSystemDefault&quot;, &quot;ask&quot;: true } }, &quot;schemes&quot;: { &quot;mailto&quot;: { &quot;action&quot;: &quot;useHelperApp&quot;, &quot;ask&quot;: true, &quot;handlers&quot;: [{ &quot;name&quot;: &quot;Gmail&quot;, &quot;uriTemplate&quot;: &quot;https://mail.google.com/mail/?extsrc=mailto&amp;url=%s&quot; }] } }, &quot;extensions&quot;: { &quot;pdf&quot;: { &quot;action&quot;: &quot;useHelperApp&quot;, &quot;ask&quot;: true, &quot;handlers&quot;: [{ &quot;name&quot;: &quot;Adobe Acrobat&quot;, &quot;path&quot;: &quot;/usr/bin/acroread&quot; }] } } }</Value>
651 </Entry>
652 <Entry type="4" type_name="REG_DWORD">
653 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
654 <ValueName>HardwareAcceleration</ValueName>
655 <Value>1</Value>
656 </Entry>
657 <Entry type="7" type_name="REG_MULTI_SZ">
658 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
659 <ValueName>ManagedBookmarks</ValueName>
660 <Value>[ { &quot;toplevel_name&quot;: &quot;My managed bookmarks folder&quot; }, { &quot;url&quot;: &quot;example.com&quot;, &quot;name&quot;: &quot;Example&quot; }, { &quot;name&quot;: &quot;Mozilla links&quot;, &quot;children&quot;: [ { &quot;url&quot;: &quot;https://mozilla.org&quot;, &quot;name&quot;: &quot;Mozilla.org&quot; }, { &quot;url&quot;: &quot;https://support.mozilla.org/&quot;, &quot;name&quot;: &quot;SUMO&quot; } ] } ]</Value>
661 </Entry>
662 <Entry type="4" type_name="REG_DWORD">
663 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
664 <ValueName>NetworkPrediction</ValueName>
665 <Value>1</Value>
666 </Entry>
667 <Entry type="4" type_name="REG_DWORD">
668 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
669 <ValueName>NewTabPage</ValueName>
670 <Value>1</Value>
671 </Entry>
672 <Entry type="4" type_name="REG_DWORD">
673 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
674 <ValueName>NoDefaultBookmarks</ValueName>
675 <Value>1</Value>
676 </Entry>
677 <Entry type="4" type_name="REG_DWORD">
678 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
679 <ValueName>OfferToSaveLogins</ValueName>
680 <Value>1</Value>
681 </Entry>
682 <Entry type="4" type_name="REG_DWORD">
683 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
684 <ValueName>OfferToSaveLoginsDefault</ValueName>
685 <Value>1</Value>
686 </Entry>
687 <Entry type="1" type_name="REG_SZ">
688 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
689 <ValueName>OverrideFirstRunPage</ValueName>
690 <Value>http://example.org</Value>
691 </Entry>
692 <Entry type="1" type_name="REG_SZ">
693 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
694 <ValueName>OverridePostUpdatePage</ValueName>
695 <Value>http://example.org</Value>
696 </Entry>
697 <Entry type="4" type_name="REG_DWORD">
698 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
699 <ValueName>PasswordManagerEnabled</ValueName>
700 <Value>1</Value>
701 </Entry>
702 <Entry type="7" type_name="REG_MULTI_SZ">
703 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
704 <ValueName>Preferences</ValueName>
705 <Value>{ &quot;accessibility.force_disabled&quot;: { &quot;Value&quot;: 1, &quot;Status&quot;: &quot;default&quot; }, &quot;browser.cache.disk.parent_directory&quot;: { &quot;Value&quot;: &quot;SOME_NATIVE_PATH&quot;, &quot;Status&quot;: &quot;user&quot; }, &quot;browser.tabs.warnOnClose&quot;: { &quot;Value&quot;: false, &quot;Status&quot;: &quot;locked&quot; } }</Value>
706 </Entry>
707 <Entry type="4" type_name="REG_DWORD">
708 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
709 <ValueName>PrimaryPassword</ValueName>
710 <Value>1</Value>
711 </Entry>
712 <Entry type="4" type_name="REG_DWORD">
713 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
714 <ValueName>PromptForDownloadLocation</ValueName>
715 <Value>1</Value>
716 </Entry>
717 <Entry type="1" type_name="REG_SZ">
718 <Key>Software\\Policies\\Mozilla\\Firefox\\RequestedLocales</Key>
719 <ValueName>**delvals.</ValueName>
720 <Value> </Value>
721 </Entry>
722 <Entry type="1" type_name="REG_SZ">
723 <Key>Software\\Policies\\Mozilla\\Firefox\\RequestedLocales</Key>
724 <ValueName>1</ValueName>
725 <Value>de</Value>
726 </Entry>
727 <Entry type="1" type_name="REG_SZ">
728 <Key>Software\\Policies\\Mozilla\\Firefox\\RequestedLocales</Key>
729 <ValueName>2</ValueName>
730 <Value>en-US</Value>
731 </Entry>
732 <Entry type="1" type_name="REG_SZ">
733 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
734 <ValueName>SSLVersionMax</ValueName>
735 <Value>tls1.3</Value>
736 </Entry>
737 <Entry type="1" type_name="REG_SZ">
738 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
739 <ValueName>SSLVersionMin</ValueName>
740 <Value>tls1.3</Value>
741 </Entry>
742 <Entry type="1" type_name="REG_SZ">
743 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
744 <ValueName>SearchBar</ValueName>
745 <Value>unified</Value>
746 </Entry>
747 <Entry type="4" type_name="REG_DWORD">
748 <Key>Software\\Policies\\Mozilla\\Firefox\\Authentication</Key>
749 <ValueName>Locked</ValueName>
750 <Value>1</Value>
751 </Entry>
752 <Entry type="4" type_name="REG_DWORD">
753 <Key>Software\\Policies\\Mozilla\\Firefox\\Authentication</Key>
754 <ValueName>PrivateBrowsing</ValueName>
755 <Value>1</Value>
756 </Entry>
757 <Entry type="4" type_name="REG_DWORD">
758 <Key>Software\\Policies\\Mozilla\\Firefox\\Authentication\\AllowNonFQDN</Key>
759 <ValueName>NTLM</ValueName>
760 <Value>1</Value>
761 </Entry>
762 <Entry type="4" type_name="REG_DWORD">
763 <Key>Software\\Policies\\Mozilla\\Firefox\\Authentication\\AllowNonFQDN</Key>
764 <ValueName>SPNEGO</ValueName>
765 <Value>1</Value>
766 </Entry>
767 <Entry type="4" type_name="REG_DWORD">
768 <Key>Software\\Policies\\Mozilla\\Firefox\\Authentication\\AllowProxies</Key>
769 <ValueName>NTLM</ValueName>
770 <Value>1</Value>
771 </Entry>
772 <Entry type="4" type_name="REG_DWORD">
773 <Key>Software\\Policies\\Mozilla\\Firefox\\Authentication\\AllowProxies</Key>
774 <ValueName>SPNEGO</ValueName>
775 <Value>1</Value>
776 </Entry>
777 <Entry type="1" type_name="REG_SZ">
778 <Key>Software\\Policies\\Mozilla\\Firefox\\Authentication\\Delegated</Key>
779 <ValueName>**delvals.</ValueName>
780 <Value> </Value>
781 </Entry>
782 <Entry type="1" type_name="REG_SZ">
783 <Key>Software\\Policies\\Mozilla\\Firefox\\Authentication\\Delegated</Key>
784 <ValueName>1</ValueName>
785 <Value>mydomain.com</Value>
786 </Entry>
787 <Entry type="1" type_name="REG_SZ">
788 <Key>Software\\Policies\\Mozilla\\Firefox\\Authentication\\Delegated</Key>
789 <ValueName>1</ValueName>
790 <Value>https://myotherdomain.com</Value>
791 </Entry>
792 <Entry type="1" type_name="REG_SZ">
793 <Key>Software\\Policies\\Mozilla\\Firefox\\Authentication\\NTLM</Key>
794 <ValueName>**delvals.</ValueName>
795 <Value> </Value>
796 </Entry>
797 <Entry type="1" type_name="REG_SZ">
798 <Key>Software\\Policies\\Mozilla\\Firefox\\Authentication\\NTLM</Key>
799 <ValueName>1</ValueName>
800 <Value>mydomain.com</Value>
801 </Entry>
802 <Entry type="1" type_name="REG_SZ">
803 <Key>Software\\Policies\\Mozilla\\Firefox\\Authentication\\NTLM</Key>
804 <ValueName>1</ValueName>
805 <Value>https://myotherdomain.com</Value>
806 </Entry>
807 <Entry type="1" type_name="REG_SZ">
808 <Key>Software\\Policies\\Mozilla\\Firefox\\Authentication\\SPNEGO</Key>
809 <ValueName>**delvals.</ValueName>
810 <Value> </Value>
811 </Entry>
812 <Entry type="1" type_name="REG_SZ">
813 <Key>Software\\Policies\\Mozilla\\Firefox\\Authentication\\SPNEGO</Key>
814 <ValueName>1</ValueName>
815 <Value>mydomain.com</Value>
816 </Entry>
817 <Entry type="1" type_name="REG_SZ">
818 <Key>Software\\Policies\\Mozilla\\Firefox\\Authentication\\SPNEGO</Key>
819 <ValueName>1</ValueName>
820 <Value>https://myotherdomain.com</Value>
821 </Entry>
822 <Entry type="1" type_name="REG_SZ">
823 <Key>Software\\Policies\\Mozilla\\Firefox\\Bookmarks\\1</Key>
824 <ValueName>Title</ValueName>
825 <Value>Example</Value>
826 </Entry>
827 <Entry type="1" type_name="REG_SZ">
828 <Key>Software\\Policies\\Mozilla\\Firefox\\Bookmarks\\1</Key>
829 <ValueName>URL</ValueName>
830 <Value>https://example.com</Value>
831 </Entry>
832 <Entry type="1" type_name="REG_SZ">
833 <Key>Software\\Policies\\Mozilla\\Firefox\\Bookmarks\\1</Key>
834 <ValueName>Favicon</ValueName>
835 <Value>https://example.com/favicon.ico</Value>
836 </Entry>
837 <Entry type="1" type_name="REG_SZ">
838 <Key>Software\\Policies\\Mozilla\\Firefox\\Bookmarks\\1</Key>
839 <ValueName>Placement</ValueName>
840 <Value>menu</Value>
841 </Entry>
842 <Entry type="1" type_name="REG_SZ">
843 <Key>Software\\Policies\\Mozilla\\Firefox\\Bookmarks\\1</Key>
844 <ValueName>Folder</ValueName>
845 <Value>FolderName</Value>
846 </Entry>
847 <Entry type="1" type_name="REG_SZ">
848 <Key>Software\\Policies\\Mozilla\\Firefox\\Bookmarks\\10</Key>
849 <ValueName>Title</ValueName>
850 <Value>Samba</Value>
851 </Entry>
852 <Entry type="1" type_name="REG_SZ">
853 <Key>Software\\Policies\\Mozilla\\Firefox\\Bookmarks\\10</Key>
854 <ValueName>URL</ValueName>
855 <Value>www.samba.org</Value>
856 </Entry>
857 <Entry type="1" type_name="REG_SZ">
858 <Key>Software\\Policies\\Mozilla\\Firefox\\Bookmarks\\10</Key>
859 <ValueName>Favicon</ValueName>
860 <Value/>
861 </Entry>
862 <Entry type="1" type_name="REG_SZ">
863 <Key>Software\\Policies\\Mozilla\\Firefox\\Bookmarks\\10</Key>
864 <ValueName>Placement</ValueName>
865 <Value>toolbar</Value>
866 </Entry>
867 <Entry type="1" type_name="REG_SZ">
868 <Key>Software\\Policies\\Mozilla\\Firefox\\Bookmarks\\10</Key>
869 <ValueName>Folder</ValueName>
870 <Value/>
871 </Entry>
872 <Entry type="1" type_name="REG_SZ">
873 <Key>Software\\Policies\\Mozilla\\Firefox\\Cookies</Key>
874 <ValueName>AcceptThirdParty</ValueName>
875 <Value>never</Value>
876 </Entry>
877 <Entry type="4" type_name="REG_DWORD">
878 <Key>Software\\Policies\\Mozilla\\Firefox\\Cookies</Key>
879 <ValueName>Default</ValueName>
880 <Value>1</Value>
881 </Entry>
882 <Entry type="4" type_name="REG_DWORD">
883 <Key>Software\\Policies\\Mozilla\\Firefox\\Cookies</Key>
884 <ValueName>ExpireAtSessionEnd</ValueName>
885 <Value>1</Value>
886 </Entry>
887 <Entry type="4" type_name="REG_DWORD">
888 <Key>Software\\Policies\\Mozilla\\Firefox\\Cookies</Key>
889 <ValueName>Locked</ValueName>
890 <Value>1</Value>
891 </Entry>
892 <Entry type="4" type_name="REG_DWORD">
893 <Key>Software\\Policies\\Mozilla\\Firefox\\Cookies</Key>
894 <ValueName>RejectTracker</ValueName>
895 <Value>1</Value>
896 </Entry>
897 <Entry type="1" type_name="REG_SZ">
898 <Key>Software\\Policies\\Mozilla\\Firefox\\Cookies\\Allow</Key>
899 <ValueName>**delvals.</ValueName>
900 <Value> </Value>
901 </Entry>
902 <Entry type="1" type_name="REG_SZ">
903 <Key>Software\\Policies\\Mozilla\\Firefox\\Cookies\\Allow</Key>
904 <ValueName>1</ValueName>
905 <Value>http://example.org/</Value>
906 </Entry>
907 <Entry type="1" type_name="REG_SZ">
908 <Key>Software\\Policies\\Mozilla\\Firefox\\Cookies\\AllowSession</Key>
909 <ValueName>**delvals.</ValueName>
910 <Value> </Value>
911 </Entry>
912 <Entry type="1" type_name="REG_SZ">
913 <Key>Software\\Policies\\Mozilla\\Firefox\\Cookies\\AllowSession</Key>
914 <ValueName>1</ValueName>
915 <Value>http://example.edu/</Value>
916 </Entry>
917 <Entry type="1" type_name="REG_SZ">
918 <Key>Software\\Policies\\Mozilla\\Firefox\\Cookies\\Block</Key>
919 <ValueName>**delvals.</ValueName>
920 <Value> </Value>
921 </Entry>
922 <Entry type="1" type_name="REG_SZ">
923 <Key>Software\\Policies\\Mozilla\\Firefox\\Cookies\\Block</Key>
924 <ValueName>1</ValueName>
925 <Value>http://example.edu/</Value>
926 </Entry>
927 <Entry type="4" type_name="REG_DWORD">
928 <Key>Software\\Policies\\Mozilla\\Firefox\\DisabledCiphers</Key>
929 <ValueName>TLS_DHE_RSA_WITH_AES_128_CBC_SHA</ValueName>
930 <Value>1</Value>
931 </Entry>
932 <Entry type="4" type_name="REG_DWORD">
933 <Key>Software\\Policies\\Mozilla\\Firefox\\DisabledCiphers</Key>
934 <ValueName>TLS_DHE_RSA_WITH_AES_256_CBC_SHA</ValueName>
935 <Value>1</Value>
936 </Entry>
937 <Entry type="4" type_name="REG_DWORD">
938 <Key>Software\\Policies\\Mozilla\\Firefox\\DisabledCiphers</Key>
939 <ValueName>TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256</ValueName>
940 <Value>1</Value>
941 </Entry>
942 <Entry type="4" type_name="REG_DWORD">
943 <Key>Software\\Policies\\Mozilla\\Firefox\\DisabledCiphers</Key>
944 <ValueName>TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA</ValueName>
945 <Value>1</Value>
946 </Entry>
947 <Entry type="4" type_name="REG_DWORD">
948 <Key>Software\\Policies\\Mozilla\\Firefox\\DisabledCiphers</Key>
949 <ValueName>TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256</ValueName>
950 <Value>1</Value>
951 </Entry>
952 <Entry type="4" type_name="REG_DWORD">
953 <Key>Software\\Policies\\Mozilla\\Firefox\\DisabledCiphers</Key>
954 <ValueName>TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA</ValueName>
955 <Value>1</Value>
956 </Entry>
957 <Entry type="4" type_name="REG_DWORD">
958 <Key>Software\\Policies\\Mozilla\\Firefox\\DisabledCiphers</Key>
959 <ValueName>TLS_RSA_WITH_3DES_EDE_CBC_SHA</ValueName>
960 <Value>1</Value>
961 </Entry>
962 <Entry type="4" type_name="REG_DWORD">
963 <Key>Software\\Policies\\Mozilla\\Firefox\\DisabledCiphers</Key>
964 <ValueName>TLS_RSA_WITH_AES_128_CBC_SHA</ValueName>
965 <Value>1</Value>
966 </Entry>
967 <Entry type="4" type_name="REG_DWORD">
968 <Key>Software\\Policies\\Mozilla\\Firefox\\DisabledCiphers</Key>
969 <ValueName>TLS_RSA_WITH_AES_128_GCM_SHA256</ValueName>
970 <Value>1</Value>
971 </Entry>
972 <Entry type="4" type_name="REG_DWORD">
973 <Key>Software\\Policies\\Mozilla\\Firefox\\DisabledCiphers</Key>
974 <ValueName>TLS_RSA_WITH_AES_256_CBC_SHA</ValueName>
975 <Value>1</Value>
976 </Entry>
977 <Entry type="4" type_name="REG_DWORD">
978 <Key>Software\\Policies\\Mozilla\\Firefox\\DisabledCiphers</Key>
979 <ValueName>TLS_RSA_WITH_AES_256_GCM_SHA384</ValueName>
980 <Value>1</Value>
981 </Entry>
982 <Entry type="4" type_name="REG_DWORD">
983 <Key>Software\\Policies\\Mozilla\\Firefox\\DisableSecurityBypass</Key>
984 <ValueName>InvalidCertificate</ValueName>
985 <Value>1</Value>
986 </Entry>
987 <Entry type="4" type_name="REG_DWORD">
988 <Key>Software\\Policies\\Mozilla\\Firefox\\DisableSecurityBypass</Key>
989 <ValueName>SafeBrowsing</ValueName>
990 <Value>1</Value>
991 </Entry>
992 <Entry type="4" type_name="REG_DWORD">
993 <Key>Software\\Policies\\Mozilla\\Firefox\\DNSOverHTTPS</Key>
994 <ValueName>Enabled</ValueName>
995 <Value>1</Value>
996 </Entry>
997 <Entry type="4" type_name="REG_DWORD">
998 <Key>Software\\Policies\\Mozilla\\Firefox\\DNSOverHTTPS</Key>
999 <ValueName>Locked</ValueName>
1000 <Value>1</Value>
1001 </Entry>
1002 <Entry type="1" type_name="REG_SZ">
1003 <Key>Software\\Policies\\Mozilla\\Firefox\\DNSOverHTTPS</Key>
1004 <ValueName>ProviderURL</ValueName>
1005 <Value>URL_TO_ALTERNATE_PROVIDER</Value>
1006 </Entry>
1007 <Entry type="1" type_name="REG_SZ">
1008 <Key>Software\\Policies\\Mozilla\\Firefox\\DNSOverHTTPS\\ExcludedDomains</Key>
1009 <ValueName>**delvals.</ValueName>
1010 <Value> </Value>
1011 </Entry>
1012 <Entry type="1" type_name="REG_SZ">
1013 <Key>Software\\Policies\\Mozilla\\Firefox\\DNSOverHTTPS\\ExcludedDomains</Key>
1014 <ValueName>1</ValueName>
1015 <Value>example.com</Value>
1016 </Entry>
1017 <Entry type="4" type_name="REG_DWORD">
1018 <Key>Software\\Policies\\Mozilla\\Firefox\\EnableTrackingProtection</Key>
1019 <ValueName>Value</ValueName>
1020 <Value>1</Value>
1021 </Entry>
1022 <Entry type="4" type_name="REG_DWORD">
1023 <Key>Software\\Policies\\Mozilla\\Firefox\\EnableTrackingProtection</Key>
1024 <ValueName>Cryptomining</ValueName>
1025 <Value>1</Value>
1026 </Entry>
1027 <Entry type="4" type_name="REG_DWORD">
1028 <Key>Software\\Policies\\Mozilla\\Firefox\\EnableTrackingProtection</Key>
1029 <ValueName>Fingerprinting</ValueName>
1030 <Value>1</Value>
1031 </Entry>
1032 <Entry type="4" type_name="REG_DWORD">
1033 <Key>Software\\Policies\\Mozilla\\Firefox\\EnableTrackingProtection</Key>
1034 <ValueName>Locked</ValueName>
1035 <Value>1</Value>
1036 </Entry>
1037 <Entry type="1" type_name="REG_SZ">
1038 <Key>Software\\Policies\\Mozilla\\Firefox\\EnableTrackingProtection\\Exceptions</Key>
1039 <ValueName>**delvals.</ValueName>
1040 <Value> </Value>
1041 </Entry>
1042 <Entry type="1" type_name="REG_SZ">
1043 <Key>Software\\Policies\\Mozilla\\Firefox\\EnableTrackingProtection\\Exceptions</Key>
1044 <ValueName>1</ValueName>
1045 <Value>https://example.com</Value>
1046 </Entry>
1047 <Entry type="4" type_name="REG_DWORD">
1048 <Key>Software\\Policies\\Mozilla\\Firefox\\EncryptedMediaExtensions</Key>
1049 <ValueName>Enabled</ValueName>
1050 <Value>1</Value>
1051 </Entry>
1052 <Entry type="4" type_name="REG_DWORD">
1053 <Key>Software\\Policies\\Mozilla\\Firefox\\EncryptedMediaExtensions</Key>
1054 <ValueName>Locked</ValueName>
1055 <Value>1</Value>
1056 </Entry>
1057 <Entry type="1" type_name="REG_SZ">
1058 <Key>Software\\Policies\\Mozilla\\Firefox\\Extensions\\Install</Key>
1059 <ValueName>**delvals.</ValueName>
1060 <Value> </Value>
1061 </Entry>
1062 <Entry type="2" type_name="REG_EXPAND_SZ">
1063 <Key>Software\\Policies\\Mozilla\\Firefox\\Extensions\\Install</Key>
1064 <ValueName>1</ValueName>
1065 <Value>https://addons.mozilla.org/firefox/downloads/somefile.xpi</Value>
1066 </Entry>
1067 <Entry type="2" type_name="REG_EXPAND_SZ">
1068 <Key>Software\\Policies\\Mozilla\\Firefox\\Extensions\\Install</Key>
1069 <ValueName>2</ValueName>
1070 <Value>//path/to/xpi</Value>
1071 </Entry>
1072 <Entry type="1" type_name="REG_SZ">
1073 <Key>Software\\Policies\\Mozilla\\Firefox\\Extensions\\Locked</Key>
1074 <ValueName>**delvals.</ValueName>
1075 <Value> </Value>
1076 </Entry>
1077 <Entry type="1" type_name="REG_SZ">
1078 <Key>Software\\Policies\\Mozilla\\Firefox\\Extensions\\Locked</Key>
1079 <ValueName>1</ValueName>
1080 <Value>addon_id@mozilla.org</Value>
1081 </Entry>
1082 <Entry type="1" type_name="REG_SZ">
1083 <Key>Software\\Policies\\Mozilla\\Firefox\\Extensions\\Uninstall</Key>
1084 <ValueName>**delvals.</ValueName>
1085 <Value> </Value>
1086 </Entry>
1087 <Entry type="1" type_name="REG_SZ">
1088 <Key>Software\\Policies\\Mozilla\\Firefox\\Extensions\\Uninstall</Key>
1089 <ValueName>1</ValueName>
1090 <Value>bad_addon_id@mozilla.org</Value>
1091 </Entry>
1092 <Entry type="4" type_name="REG_DWORD">
1093 <Key>Software\\Policies\\Mozilla\\Firefox\\FirefoxHome</Key>
1094 <ValueName>Search</ValueName>
1095 <Value>1</Value>
1096 </Entry>
1097 <Entry type="4" type_name="REG_DWORD">
1098 <Key>Software\\Policies\\Mozilla\\Firefox\\FirefoxHome</Key>
1099 <ValueName>TopSites</ValueName>
1100 <Value>1</Value>
1101 </Entry>
1102 <Entry type="4" type_name="REG_DWORD">
1103 <Key>Software\\Policies\\Mozilla\\Firefox\\FirefoxHome</Key>
1104 <ValueName>Highlights</ValueName>
1105 <Value>1</Value>
1106 </Entry>
1107 <Entry type="4" type_name="REG_DWORD">
1108 <Key>Software\\Policies\\Mozilla\\Firefox\\FirefoxHome</Key>
1109 <ValueName>Pocket</ValueName>
1110 <Value>1</Value>
1111 </Entry>
1112 <Entry type="4" type_name="REG_DWORD">
1113 <Key>Software\\Policies\\Mozilla\\Firefox\\FirefoxHome</Key>
1114 <ValueName>Snippets</ValueName>
1115 <Value>1</Value>
1116 </Entry>
1117 <Entry type="4" type_name="REG_DWORD">
1118 <Key>Software\\Policies\\Mozilla\\Firefox\\FirefoxHome</Key>
1119 <ValueName>Locked</ValueName>
1120 <Value>1</Value>
1121 </Entry>
1122 <Entry type="4" type_name="REG_DWORD">
1123 <Key>Software\\Policies\\Mozilla\\Firefox\\FlashPlugin</Key>
1124 <ValueName>Default</ValueName>
1125 <Value>1</Value>
1126 </Entry>
1127 <Entry type="4" type_name="REG_DWORD">
1128 <Key>Software\\Policies\\Mozilla\\Firefox\\FlashPlugin</Key>
1129 <ValueName>Locked</ValueName>
1130 <Value>1</Value>
1131 </Entry>
1132 <Entry type="1" type_name="REG_SZ">
1133 <Key>Software\\Policies\\Mozilla\\Firefox\\FlashPlugin\\Allow</Key>
1134 <ValueName>**delvals.</ValueName>
1135 <Value> </Value>
1136 </Entry>
1137 <Entry type="1" type_name="REG_SZ">
1138 <Key>Software\\Policies\\Mozilla\\Firefox\\FlashPlugin\\Allow</Key>
1139 <ValueName>1</ValueName>
1140 <Value>http://example.org/</Value>
1141 </Entry>
1142 <Entry type="1" type_name="REG_SZ">
1143 <Key>Software\\Policies\\Mozilla\\Firefox\\FlashPlugin\\Block</Key>
1144 <ValueName>**delvals.</ValueName>
1145 <Value> </Value>
1146 </Entry>
1147 <Entry type="1" type_name="REG_SZ">
1148 <Key>Software\\Policies\\Mozilla\\Firefox\\FlashPlugin\\Block</Key>
1149 <ValueName>1</ValueName>
1150 <Value>http://example.edu/</Value>
1151 </Entry>
1152 <Entry type="1" type_name="REG_SZ">
1153 <Key>Software\\Policies\\Mozilla\\Firefox\\Homepage</Key>
1154 <ValueName>StartPage</ValueName>
1155 <Value>homepage</Value>
1156 </Entry>
1157 <Entry type="1" type_name="REG_SZ">
1158 <Key>Software\\Policies\\Mozilla\\Firefox\\Homepage</Key>
1159 <ValueName>URL</ValueName>
1160 <Value>http://example.com/</Value>
1161 </Entry>
1162 <Entry type="4" type_name="REG_DWORD">
1163 <Key>Software\\Policies\\Mozilla\\Firefox\\Homepage</Key>
1164 <ValueName>Locked</ValueName>
1165 <Value>1</Value>
1166 </Entry>
1167 <Entry type="1" type_name="REG_SZ">
1168 <Key>Software\\Policies\\Mozilla\\Firefox\\Homepage\\Additional</Key>
1169 <ValueName>**delvals.</ValueName>
1170 <Value> </Value>
1171 </Entry>
1172 <Entry type="1" type_name="REG_SZ">
1173 <Key>Software\\Policies\\Mozilla\\Firefox\\Homepage\\Additional</Key>
1174 <ValueName>1</ValueName>
1175 <Value>http://example.org/</Value>
1176 </Entry>
1177 <Entry type="1" type_name="REG_SZ">
1178 <Key>Software\\Policies\\Mozilla\\Firefox\\Homepage\\Additional</Key>
1179 <ValueName>2</ValueName>
1180 <Value>http://example.edu/</Value>
1181 </Entry>
1182 <Entry type="4" type_name="REG_DWORD">
1183 <Key>Software\\Policies\\Mozilla\\Firefox\\InstallAddonsPermission</Key>
1184 <ValueName>Default</ValueName>
1185 <Value>1</Value>
1186 </Entry>
1187 <Entry type="1" type_name="REG_SZ">
1188 <Key>Software\\Policies\\Mozilla\\Firefox\\InstallAddonsPermission\\Allow</Key>
1189 <ValueName>**delvals.</ValueName>
1190 <Value> </Value>
1191 </Entry>
1192 <Entry type="1" type_name="REG_SZ">
1193 <Key>Software\\Policies\\Mozilla\\Firefox\\InstallAddonsPermission\\Allow</Key>
1194 <ValueName>1</ValueName>
1195 <Value>http://example.org/</Value>
1196 </Entry>
1197 <Entry type="1" type_name="REG_SZ">
1198 <Key>Software\\Policies\\Mozilla\\Firefox\\InstallAddonsPermission\\Allow</Key>
1199 <ValueName>2</ValueName>
1200 <Value>http://example.edu/</Value>
1201 </Entry>
1202 <Entry type="1" type_name="REG_SZ">
1203 <Key>Software\\Policies\\Mozilla\\Firefox\\LocalFileLinks</Key>
1204 <ValueName>**delvals.</ValueName>
1205 <Value> </Value>
1206 </Entry>
1207 <Entry type="1" type_name="REG_SZ">
1208 <Key>Software\\Policies\\Mozilla\\Firefox\\LocalFileLinks</Key>
1209 <ValueName>1</ValueName>
1210 <Value>http://example.org/</Value>
1211 </Entry>
1212 <Entry type="1" type_name="REG_SZ">
1213 <Key>Software\\Policies\\Mozilla\\Firefox\\LocalFileLinks</Key>
1214 <ValueName>2</ValueName>
1215 <Value>http://example.edu/</Value>
1216 </Entry>
1217 <Entry type="4" type_name="REG_DWORD">
1218 <Key>Software\\Policies\\Mozilla\\Firefox\\PDFjs</Key>
1219 <ValueName>EnablePermissions</ValueName>
1220 <Value>1</Value>
1221 </Entry>
1222 <Entry type="4" type_name="REG_DWORD">
1223 <Key>Software\\Policies\\Mozilla\\Firefox\\PDFjs</Key>
1224 <ValueName>Enabled</ValueName>
1225 <Value>1</Value>
1226 </Entry>
1227 <Entry type="1" type_name="REG_SZ">
1228 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Autoplay</Key>
1229 <ValueName>Default</ValueName>
1230 <Value>block-audio</Value>
1231 </Entry>
1232 <Entry type="4" type_name="REG_DWORD">
1233 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Autoplay</Key>
1234 <ValueName>Locked</ValueName>
1235 <Value>1</Value>
1236 </Entry>
1237 <Entry type="1" type_name="REG_SZ">
1238 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Autoplay\\Allow</Key>
1239 <ValueName>**delvals.</ValueName>
1240 <Value> </Value>
1241 </Entry>
1242 <Entry type="1" type_name="REG_SZ">
1243 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Autoplay\\Allow</Key>
1244 <ValueName>1</ValueName>
1245 <Value>https://example.org</Value>
1246 </Entry>
1247 <Entry type="1" type_name="REG_SZ">
1248 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Autoplay\\Block</Key>
1249 <ValueName>**delvals.</ValueName>
1250 <Value> </Value>
1251 </Entry>
1252 <Entry type="1" type_name="REG_SZ">
1253 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Autoplay\\Block</Key>
1254 <ValueName>1</ValueName>
1255 <Value>https://example.edu</Value>
1256 </Entry>
1257 <Entry type="4" type_name="REG_DWORD">
1258 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Camera</Key>
1259 <ValueName>BlockNewRequests</ValueName>
1260 <Value>1</Value>
1261 </Entry>
1262 <Entry type="4" type_name="REG_DWORD">
1263 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Camera</Key>
1264 <ValueName>Locked</ValueName>
1265 <Value>1</Value>
1266 </Entry>
1267 <Entry type="1" type_name="REG_SZ">
1268 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Camera\\Allow</Key>
1269 <ValueName>**delvals.</ValueName>
1270 <Value> </Value>
1271 </Entry>
1272 <Entry type="1" type_name="REG_SZ">
1273 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Camera\\Allow</Key>
1274 <ValueName>1</ValueName>
1275 <Value>https://example.org</Value>
1276 </Entry>
1277 <Entry type="1" type_name="REG_SZ">
1278 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Camera\\Allow</Key>
1279 <ValueName>2</ValueName>
1280 <Value>https://example.org:1234</Value>
1281 </Entry>
1282 <Entry type="1" type_name="REG_SZ">
1283 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Camera\\Block</Key>
1284 <ValueName>**delvals.</ValueName>
1285 <Value> </Value>
1286 </Entry>
1287 <Entry type="1" type_name="REG_SZ">
1288 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Camera\\Block</Key>
1289 <ValueName>1</ValueName>
1290 <Value>https://example.edu</Value>
1291 </Entry>
1292 <Entry type="4" type_name="REG_DWORD">
1293 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Location</Key>
1294 <ValueName>BlockNewRequests</ValueName>
1295 <Value>1</Value>
1296 </Entry>
1297 <Entry type="4" type_name="REG_DWORD">
1298 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Location</Key>
1299 <ValueName>Locked</ValueName>
1300 <Value>1</Value>
1301 </Entry>
1302 <Entry type="1" type_name="REG_SZ">
1303 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Location\\Allow</Key>
1304 <ValueName>**delvals.</ValueName>
1305 <Value> </Value>
1306 </Entry>
1307 <Entry type="1" type_name="REG_SZ">
1308 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Location\\Allow</Key>
1309 <ValueName>1</ValueName>
1310 <Value>https://example.org</Value>
1311 </Entry>
1312 <Entry type="1" type_name="REG_SZ">
1313 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Location\\Block</Key>
1314 <ValueName>**delvals.</ValueName>
1315 <Value> </Value>
1316 </Entry>
1317 <Entry type="1" type_name="REG_SZ">
1318 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Location\\Block</Key>
1319 <ValueName>1</ValueName>
1320 <Value>https://example.edu</Value>
1321 </Entry>
1322 <Entry type="4" type_name="REG_DWORD">
1323 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Microphone</Key>
1324 <ValueName>BlockNewRequests</ValueName>
1325 <Value>1</Value>
1326 </Entry>
1327 <Entry type="4" type_name="REG_DWORD">
1328 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Microphone</Key>
1329 <ValueName>Locked</ValueName>
1330 <Value>1</Value>
1331 </Entry>
1332 <Entry type="1" type_name="REG_SZ">
1333 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Microphone\\Allow</Key>
1334 <ValueName>**delvals.</ValueName>
1335 <Value> </Value>
1336 </Entry>
1337 <Entry type="1" type_name="REG_SZ">
1338 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Microphone\\Allow</Key>
1339 <ValueName>1</ValueName>
1340 <Value>https://example.org</Value>
1341 </Entry>
1342 <Entry type="1" type_name="REG_SZ">
1343 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Microphone\\Block</Key>
1344 <ValueName>**delvals.</ValueName>
1345 <Value> </Value>
1346 </Entry>
1347 <Entry type="1" type_name="REG_SZ">
1348 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Microphone\\Block</Key>
1349 <ValueName>1</ValueName>
1350 <Value>https://example.edu</Value>
1351 </Entry>
1352 <Entry type="4" type_name="REG_DWORD">
1353 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Notifications</Key>
1354 <ValueName>BlockNewRequests</ValueName>
1355 <Value>1</Value>
1356 </Entry>
1357 <Entry type="4" type_name="REG_DWORD">
1358 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Notifications</Key>
1359 <ValueName>Locked</ValueName>
1360 <Value>1</Value>
1361 </Entry>
1362 <Entry type="1" type_name="REG_SZ">
1363 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Notifications\\Allow</Key>
1364 <ValueName>**delvals.</ValueName>
1365 <Value> </Value>
1366 </Entry>
1367 <Entry type="1" type_name="REG_SZ">
1368 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Notifications\\Allow</Key>
1369 <ValueName>1</ValueName>
1370 <Value>https://example.org</Value>
1371 </Entry>
1372 <Entry type="1" type_name="REG_SZ">
1373 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Notifications\\Block</Key>
1374 <ValueName>**delvals.</ValueName>
1375 <Value> </Value>
1376 </Entry>
1377 <Entry type="1" type_name="REG_SZ">
1378 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\Notifications\\Block</Key>
1379 <ValueName>1</ValueName>
1380 <Value>https://example.edu</Value>
1381 </Entry>
1382 <Entry type="4" type_name="REG_DWORD">
1383 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\VirtualReality</Key>
1384 <ValueName>BlockNewRequests</ValueName>
1385 <Value>1</Value>
1386 </Entry>
1387 <Entry type="4" type_name="REG_DWORD">
1388 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\VirtualReality</Key>
1389 <ValueName>Locked</ValueName>
1390 <Value>1</Value>
1391 </Entry>
1392 <Entry type="1" type_name="REG_SZ">
1393 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\VirtualReality\\Allow</Key>
1394 <ValueName>**delvals.</ValueName>
1395 <Value> </Value>
1396 </Entry>
1397 <Entry type="1" type_name="REG_SZ">
1398 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\VirtualReality\\Allow</Key>
1399 <ValueName>1</ValueName>
1400 <Value>https://example.org</Value>
1401 </Entry>
1402 <Entry type="1" type_name="REG_SZ">
1403 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\VirtualReality\\Block</Key>
1404 <ValueName>**delvals.</ValueName>
1405 <Value> </Value>
1406 </Entry>
1407 <Entry type="1" type_name="REG_SZ">
1408 <Key>Software\\Policies\\Mozilla\\Firefox\\Permissions\\VirtualReality\\Block</Key>
1409 <ValueName>1</ValueName>
1410 <Value>https://example.edu</Value>
1411 </Entry>
1412 <Entry type="4" type_name="REG_DWORD">
1413 <Key>Software\\Policies\\Mozilla\\Firefox\\PictureInPicture</Key>
1414 <ValueName>Enabled</ValueName>
1415 <Value>1</Value>
1416 </Entry>
1417 <Entry type="4" type_name="REG_DWORD">
1418 <Key>Software\\Policies\\Mozilla\\Firefox\\PictureInPicture</Key>
1419 <ValueName>Locked</ValueName>
1420 <Value>1</Value>
1421 </Entry>
1422 <Entry type="4" type_name="REG_DWORD">
1423 <Key>Software\\Policies\\Mozilla\\Firefox\\PopupBlocking</Key>
1424 <ValueName>Default</ValueName>
1425 <Value>1</Value>
1426 </Entry>
1427 <Entry type="4" type_name="REG_DWORD">
1428 <Key>Software\\Policies\\Mozilla\\Firefox\\PopupBlocking</Key>
1429 <ValueName>Locked</ValueName>
1430 <Value>1</Value>
1431 </Entry>
1432 <Entry type="1" type_name="REG_SZ">
1433 <Key>Software\\Policies\\Mozilla\\Firefox\\PopupBlocking\\Allow</Key>
1434 <ValueName>**delvals.</ValueName>
1435 <Value> </Value>
1436 </Entry>
1437 <Entry type="1" type_name="REG_SZ">
1438 <Key>Software\\Policies\\Mozilla\\Firefox\\PopupBlocking\\Allow</Key>
1439 <ValueName>1</ValueName>
1440 <Value>http://example.org/</Value>
1441 </Entry>
1442 <Entry type="1" type_name="REG_SZ">
1443 <Key>Software\\Policies\\Mozilla\\Firefox\\PopupBlocking\\Allow</Key>
1444 <ValueName>2</ValueName>
1445 <Value>http://example.edu/</Value>
1446 </Entry>
1447 <Entry type="4" type_name="REG_DWORD">
1448 <Key>Software\\Policies\\Mozilla\\Firefox\\Proxy</Key>
1449 <ValueName>Locked</ValueName>
1450 <Value>1</Value>
1451 </Entry>
1452 <Entry type="1" type_name="REG_SZ">
1453 <Key>Software\\Policies\\Mozilla\\Firefox\\Proxy</Key>
1454 <ValueName>Mode</ValueName>
1455 <Value>autoDetect</Value>
1456 </Entry>
1457 <Entry type="1" type_name="REG_SZ">
1458 <Key>Software\\Policies\\Mozilla\\Firefox\\Proxy</Key>
1459 <ValueName>HTTPProxy</ValueName>
1460 <Value>hostname</Value>
1461 </Entry>
1462 <Entry type="4" type_name="REG_DWORD">
1463 <Key>Software\\Policies\\Mozilla\\Firefox\\Proxy</Key>
1464 <ValueName>UseHTTPProxyForAllProtocols</ValueName>
1465 <Value>1</Value>
1466 </Entry>
1467 <Entry type="1" type_name="REG_SZ">
1468 <Key>Software\\Policies\\Mozilla\\Firefox\\Proxy</Key>
1469 <ValueName>SSLProxy</ValueName>
1470 <Value>hostname</Value>
1471 </Entry>
1472 <Entry type="1" type_name="REG_SZ">
1473 <Key>Software\\Policies\\Mozilla\\Firefox\\Proxy</Key>
1474 <ValueName>FTPProxy</ValueName>
1475 <Value>hostname</Value>
1476 </Entry>
1477 <Entry type="1" type_name="REG_SZ">
1478 <Key>Software\\Policies\\Mozilla\\Firefox\\Proxy</Key>
1479 <ValueName>SOCKSProxy</ValueName>
1480 <Value>hostname</Value>
1481 </Entry>
1482 <Entry type="4" type_name="REG_DWORD">
1483 <Key>Software\\Policies\\Mozilla\\Firefox\\Proxy</Key>
1484 <ValueName>SOCKSVersion</ValueName>
1485 <Value>5</Value>
1486 </Entry>
1487 <Entry type="1" type_name="REG_SZ">
1488 <Key>Software\\Policies\\Mozilla\\Firefox\\Proxy</Key>
1489 <ValueName>Passthrough</ValueName>
1490 <Value>&lt;local&gt;</Value>
1491 </Entry>
1492 <Entry type="1" type_name="REG_SZ">
1493 <Key>Software\\Policies\\Mozilla\\Firefox\\Proxy</Key>
1494 <ValueName>AutoConfigURL</ValueName>
1495 <Value>URL_TO_AUTOCONFIG</Value>
1496 </Entry>
1497 <Entry type="4" type_name="REG_DWORD">
1498 <Key>Software\\Policies\\Mozilla\\Firefox\\Proxy</Key>
1499 <ValueName>AutoLogin</ValueName>
1500 <Value>1</Value>
1501 </Entry>
1502 <Entry type="4" type_name="REG_DWORD">
1503 <Key>Software\\Policies\\Mozilla\\Firefox\\Proxy</Key>
1504 <ValueName>UseProxyForDNS</ValueName>
1505 <Value>1</Value>
1506 </Entry>
1507 <Entry type="4" type_name="REG_DWORD">
1508 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
1509 <ValueName>SanitizeOnShutdown</ValueName>
1510 <Value>1</Value>
1511 </Entry>
1512 <Entry type="1" type_name="REG_SZ">
1513 <Key>Software\\Policies\\Mozilla\\Firefox\\SearchEngines</Key>
1514 <ValueName>Default</ValueName>
1515 <Value>Google</Value>
1516 </Entry>
1517 <Entry type="4" type_name="REG_DWORD">
1518 <Key>Software\\Policies\\Mozilla\\Firefox\\SearchEngines</Key>
1519 <ValueName>PreventInstalls</ValueName>
1520 <Value>1</Value>
1521 </Entry>
1522 <Entry type="1" type_name="REG_SZ">
1523 <Key>Software\\Policies\\Mozilla\\Firefox\\SearchEngines\\Add\\1</Key>
1524 <ValueName>Name</ValueName>
1525 <Value>Example1</Value>
1526 </Entry>
1527 <Entry type="1" type_name="REG_SZ">
1528 <Key>Software\\Policies\\Mozilla\\Firefox\\SearchEngines\\Add\\1</Key>
1529 <ValueName>URLTemplate</ValueName>
1530 <Value>https://www.example.org/q={searchTerms}</Value>
1531 </Entry>
1532 <Entry type="1" type_name="REG_SZ">
1533 <Key>Software\\Policies\\Mozilla\\Firefox\\SearchEngines\\Add\\1</Key>
1534 <ValueName>Method</ValueName>
1535 <Value>POST</Value>
1536 </Entry>
1537 <Entry type="1" type_name="REG_SZ">
1538 <Key>Software\\Policies\\Mozilla\\Firefox\\SearchEngines\\Add\\1</Key>
1539 <ValueName>IconURL</ValueName>
1540 <Value>https://www.example.org/favicon.ico</Value>
1541 </Entry>
1542 <Entry type="1" type_name="REG_SZ">
1543 <Key>Software\\Policies\\Mozilla\\Firefox\\SearchEngines\\Add\\1</Key>
1544 <ValueName>Alias</ValueName>
1545 <Value>example</Value>
1546 </Entry>
1547 <Entry type="1" type_name="REG_SZ">
1548 <Key>Software\\Policies\\Mozilla\\Firefox\\SearchEngines\\Add\\1</Key>
1549 <ValueName>Description</ValueName>
1550 <Value>Description</Value>
1551 </Entry>
1552 <Entry type="1" type_name="REG_SZ">
1553 <Key>Software\\Policies\\Mozilla\\Firefox\\SearchEngines\\Add\\1</Key>
1554 <ValueName>SuggestURLTemplate</ValueName>
1555 <Value>https://www.example.org/suggestions/q={searchTerms}</Value>
1556 </Entry>
1557 <Entry type="1" type_name="REG_SZ">
1558 <Key>Software\\Policies\\Mozilla\\Firefox\\SearchEngines\\Add\\1</Key>
1559 <ValueName>PostData</ValueName>
1560 <Value>name=value&amp;q={searchTerms}</Value>
1561 </Entry>
1562 <Entry type="1" type_name="REG_SZ">
1563 <Key>Software\\Policies\\Mozilla\\Firefox\\SearchEngines\\Remove</Key>
1564 <ValueName>**delvals.</ValueName>
1565 <Value> </Value>
1566 </Entry>
1567 <Entry type="1" type_name="REG_SZ">
1568 <Key>Software\\Policies\\Mozilla\\Firefox\\SearchEngines\\Remove</Key>
1569 <ValueName>1</ValueName>
1570 <Value>Bing</Value>
1571 </Entry>
1572 <Entry type="1" type_name="REG_SZ">
1573 <Key>Software\\Policies\\Mozilla\\Firefox\\SupportMenu</Key>
1574 <ValueName>Title</ValueName>
1575 <Value>Support Menu</Value>
1576 </Entry>
1577 <Entry type="1" type_name="REG_SZ">
1578 <Key>Software\\Policies\\Mozilla\\Firefox\\SupportMenu</Key>
1579 <ValueName>URL</ValueName>
1580 <Value>http://example.com/support</Value>
1581 </Entry>
1582 <Entry type="1" type_name="REG_SZ">
1583 <Key>Software\\Policies\\Mozilla\\Firefox\\SupportMenu</Key>
1584 <ValueName>AccessKey</ValueName>
1585 <Value>S</Value>
1586 </Entry>
1587 <Entry type="4" type_name="REG_DWORD">
1588 <Key>Software\\Policies\\Mozilla\\Firefox\\UserMessaging</Key>
1589 <ValueName>ExtensionRecommendations</ValueName>
1590 <Value>1</Value>
1591 </Entry>
1592 <Entry type="4" type_name="REG_DWORD">
1593 <Key>Software\\Policies\\Mozilla\\Firefox\\UserMessaging</Key>
1594 <ValueName>FeatureRecommendations</ValueName>
1595 <Value>1</Value>
1596 </Entry>
1597 <Entry type="4" type_name="REG_DWORD">
1598 <Key>Software\\Policies\\Mozilla\\Firefox\\UserMessaging</Key>
1599 <ValueName>WhatsNew</ValueName>
1600 <Value>1</Value>
1601 </Entry>
1602 <Entry type="4" type_name="REG_DWORD">
1603 <Key>Software\\Policies\\Mozilla\\Firefox\\UserMessaging</Key>
1604 <ValueName>UrlbarInterventions</ValueName>
1605 <Value>1</Value>
1606 </Entry>
1607 <Entry type="4" type_name="REG_DWORD">
1608 <Key>Software\\Policies\\Mozilla\\Firefox\\UserMessaging</Key>
1609 <ValueName>SkipOnboarding</ValueName>
1610 <Value>1</Value>
1611 </Entry>
1612 <Entry type="1" type_name="REG_SZ">
1613 <Key>Software\\Policies\\Mozilla\\Firefox\\WebsiteFilter\\Block</Key>
1614 <ValueName>**delvals.</ValueName>
1615 <Value> </Value>
1616 </Entry>
1617 <Entry type="1" type_name="REG_SZ">
1618 <Key>Software\\Policies\\Mozilla\\Firefox\\WebsiteFilter\\Block</Key>
1619 <ValueName>1</ValueName>
1620 <Value>&lt;all_urls&gt;</Value>
1621 </Entry>
1622 <Entry type="1" type_name="REG_SZ">
1623 <Key>Software\\Policies\\Mozilla\\Firefox\\WebsiteFilter\\Exceptions</Key>
1624 <ValueName>**delvals.</ValueName>
1625 <Value> </Value>
1626 </Entry>
1627 <Entry type="1" type_name="REG_SZ">
1628 <Key>Software\\Policies\\Mozilla\\Firefox\\WebsiteFilter\\Exceptions</Key>
1629 <ValueName>1</ValueName>
1630 <Value>http://example.org/*</Value>
1631 </Entry>
1632 <Entry type="1" type_name="REG_SZ">
1633 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
1634 <ValueName>AllowedDomainsForApps</ValueName>
1635 <Value>managedfirefox.com,example.com</Value>
1636 </Entry>
1637 <Entry type="4" type_name="REG_DWORD">
1638 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
1639 <ValueName>BackgroundAppUpdate</ValueName>
1640 <Value>1</Value>
1641 </Entry>
1642 <Entry type="4" type_name="REG_DWORD">
1643 <Key>Software\\Policies\\Mozilla\\Firefox\\Certificates</Key>
1644 <ValueName>ImportEnterpriseRoots</ValueName>
1645 <Value>1</Value>
1646 </Entry>
1647 <Entry type="1" type_name="REG_SZ">
1648 <Key>Software\\Policies\\Mozilla\\Firefox\\Certificates\\Install</Key>
1649 <ValueName>**delvals.</ValueName>
1650 <Value> </Value>
1651 </Entry>
1652 <Entry type="1" type_name="REG_SZ">
1653 <Key>Software\\Policies\\Mozilla\\Firefox\\Certificates\\Install</Key>
1654 <ValueName>1</ValueName>
1655 <Value>cert1.der</Value>
1656 </Entry>
1657 <Entry type="1" type_name="REG_SZ">
1658 <Key>Software\\Policies\\Mozilla\\Firefox\\Certificates\\Install</Key>
1659 <ValueName>2</ValueName>
1660 <Value>/home/username/cert2.pem</Value>
1661 </Entry>
1662 <Entry type="1" type_name="REG_SZ">
1663 <Key>Software\\Policies\\Mozilla\\Firefox\\SecurityDevices</Key>
1664 <ValueName>NAME_OF_DEVICE</ValueName>
1665 <Value>PATH_TO_LIBRARY_FOR_DEVICE</Value>
1666 </Entry>
1667 <Entry type="4" type_name="REG_DWORD">
1668 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
1669 <ValueName>ShowHomeButton</ValueName>
1670 <Value>1</Value>
1671 </Entry>
1672 <Entry type="7" type_name="REG_MULTI_SZ">
1673 <Key>Software\\Policies\\Mozilla\\Firefox</Key>
1674 <ValueName>AutoLaunchProtocolsFromOrigins</ValueName>
1675 <Value>[{&quot;protocol&quot;: &quot;zoommtg&quot;, &quot;allowed_origins&quot;: [&quot;https://somesite.zoom.us&quot;]}]</Value>
1676 </Entry>
1677 </PolFile>
1680 firefox_json_expected = \
1683 "policies": {
1684 "AppAutoUpdate": true,
1685 "AllowedDomainsForApps": "managedfirefox.com,example.com",
1686 "AppUpdateURL": "https://yoursite.com",
1687 "Authentication": {
1688 "SPNEGO": [
1689 "mydomain.com",
1690 "https://myotherdomain.com"
1692 "Delegated": [
1693 "mydomain.com",
1694 "https://myotherdomain.com"
1696 "NTLM": [
1697 "mydomain.com",
1698 "https://myotherdomain.com"
1700 "AllowNonFQDN": {
1701 "SPNEGO": true,
1702 "NTLM": true
1704 "AllowProxies": {
1705 "SPNEGO": true,
1706 "NTLM": true
1708 "Locked": true,
1709 "PrivateBrowsing": true
1711 "AutoLaunchProtocolsFromOrigins": [
1713 "protocol": "zoommtg",
1714 "allowed_origins": [
1715 "https://somesite.zoom.us"
1719 "BackgroundAppUpdate": true,
1720 "BlockAboutAddons": true,
1721 "BlockAboutConfig": true,
1722 "BlockAboutProfiles": true,
1723 "BlockAboutSupport": true,
1724 "Bookmarks": [
1726 "Title": "Example",
1727 "URL": "https://example.com",
1728 "Favicon": "https://example.com/favicon.ico",
1729 "Placement": "menu",
1730 "Folder": "FolderName"
1733 "Title": "Samba",
1734 "URL": "www.samba.org",
1735 "Favicon": "",
1736 "Placement": "toolbar",
1737 "Folder": ""
1740 "CaptivePortal": true,
1741 "Certificates": {
1742 "ImportEnterpriseRoots": true,
1743 "Install": [
1744 "cert1.der",
1745 "/home/username/cert2.pem"
1748 "Cookies": {
1749 "Allow": [
1750 "http://example.org/"
1752 "AllowSession": [
1753 "http://example.edu/"
1755 "Block": [
1756 "http://example.edu/"
1758 "Default": true,
1759 "AcceptThirdParty": "never",
1760 "ExpireAtSessionEnd": true,
1761 "RejectTracker": true,
1762 "Locked": true
1764 "DisableSetDesktopBackground": true,
1765 "DisableMasterPasswordCreation": true,
1766 "DisableAppUpdate": true,
1767 "DisableBuiltinPDFViewer": true,
1768 "DisabledCiphers": {
1769 "TLS_DHE_RSA_WITH_AES_128_CBC_SHA": true,
1770 "TLS_DHE_RSA_WITH_AES_256_CBC_SHA": true,
1771 "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA": true,
1772 "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA": true,
1773 "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256": true,
1774 "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256": true,
1775 "TLS_RSA_WITH_AES_128_CBC_SHA": true,
1776 "TLS_RSA_WITH_AES_256_CBC_SHA": true,
1777 "TLS_RSA_WITH_3DES_EDE_CBC_SHA": true,
1778 "TLS_RSA_WITH_AES_128_GCM_SHA256": true,
1779 "TLS_RSA_WITH_AES_256_GCM_SHA384": true
1781 "DisableDefaultBrowserAgent": true,
1782 "DisableDeveloperTools": true,
1783 "DisableFeedbackCommands": true,
1784 "DisableFirefoxScreenshots": true,
1785 "DisableFirefoxAccounts": true,
1786 "DisableFirefoxStudies": true,
1787 "DisableForgetButton": true,
1788 "DisableFormHistory": true,
1789 "DisablePasswordReveal": true,
1790 "DisablePocket": true,
1791 "DisablePrivateBrowsing": true,
1792 "DisableProfileImport": true,
1793 "DisableProfileRefresh": true,
1794 "DisableSafeMode": true,
1795 "DisableSecurityBypass": {
1796 "InvalidCertificate": true,
1797 "SafeBrowsing": true
1799 "DisableSystemAddonUpdate": true,
1800 "DisableTelemetry": true,
1801 "DisplayBookmarksToolbar": true,
1802 "DisplayMenuBar": "default-on",
1803 "DNSOverHTTPS": {
1804 "Enabled": true,
1805 "ProviderURL": "URL_TO_ALTERNATE_PROVIDER",
1806 "Locked": true,
1807 "ExcludedDomains": [
1808 "example.com"
1811 "DontCheckDefaultBrowser": true,
1812 "EnableTrackingProtection": {
1813 "Value": true,
1814 "Locked": true,
1815 "Cryptomining": true,
1816 "Fingerprinting": true,
1817 "Exceptions": [
1818 "https://example.com"
1821 "EncryptedMediaExtensions": {
1822 "Enabled": true,
1823 "Locked": true
1825 "Extensions": {
1826 "Install": [
1827 "https://addons.mozilla.org/firefox/downloads/somefile.xpi",
1828 "//path/to/xpi"
1830 "Uninstall": [
1831 "bad_addon_id@mozilla.org"
1833 "Locked": [
1834 "addon_id@mozilla.org"
1837 "ExtensionSettings": {
1838 "*": {
1839 "blocked_install_message": "Custom error message.",
1840 "install_sources": [
1841 "about:addons",
1842 "https://addons.mozilla.org/"
1844 "installation_mode": "blocked",
1845 "allowed_types": [
1846 "extension"
1849 "uBlock0@raymondhill.net": {
1850 "installation_mode": "force_installed",
1851 "install_url": "https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi"
1853 "https-everywhere@eff.org": {
1854 "installation_mode": "allowed"
1857 "ExtensionUpdate": true,
1858 "FlashPlugin": {
1859 "Allow": [
1860 "http://example.org/"
1862 "Block": [
1863 "http://example.edu/"
1865 "Default": true,
1866 "Locked": true
1868 "Handlers": {
1869 "mimeTypes": {
1870 "application/msword": {
1871 "action": "useSystemDefault",
1872 "ask": true
1875 "schemes": {
1876 "mailto": {
1877 "action": "useHelperApp",
1878 "ask": true,
1879 "handlers": [
1881 "name": "Gmail",
1882 "uriTemplate": "https://mail.google.com/mail/?extsrc=mailto&url=%s"
1887 "extensions": {
1888 "pdf": {
1889 "action": "useHelperApp",
1890 "ask": true,
1891 "handlers": [
1893 "name": "Adobe Acrobat",
1894 "path": "/usr/bin/acroread"
1900 "FirefoxHome": {
1901 "Search": true,
1902 "TopSites": true,
1903 "Highlights": true,
1904 "Pocket": true,
1905 "Snippets": true,
1906 "Locked": true
1908 "HardwareAcceleration": true,
1909 "Homepage": {
1910 "URL": "http://example.com/",
1911 "Locked": true,
1912 "Additional": [
1913 "http://example.org/",
1914 "http://example.edu/"
1916 "StartPage": "homepage"
1918 "InstallAddonsPermission": {
1919 "Allow": [
1920 "http://example.org/",
1921 "http://example.edu/"
1923 "Default": true
1925 "LocalFileLinks": [
1926 "http://example.org/",
1927 "http://example.edu/"
1929 "ManagedBookmarks": [
1931 "toplevel_name": "My managed bookmarks folder"
1934 "url": "example.com",
1935 "name": "Example"
1938 "name": "Mozilla links",
1939 "children": [
1941 "url": "https://mozilla.org",
1942 "name": "Mozilla.org"
1945 "url": "https://support.mozilla.org/",
1946 "name": "SUMO"
1951 "PrimaryPassword": true,
1952 "NoDefaultBookmarks": true,
1953 "OfferToSaveLogins": true,
1954 "OfferToSaveLoginsDefault": true,
1955 "OverrideFirstRunPage": "http://example.org",
1956 "OverridePostUpdatePage": "http://example.org",
1957 "PasswordManagerEnabled": true,
1958 "PSFjs": {
1959 "Enabled": true,
1960 "EnablePermissions": true
1962 "Permissions": {
1963 "Camera": {
1964 "Allow": [
1965 "https://example.org",
1966 "https://example.org:1234"
1968 "Block": [
1969 "https://example.edu"
1971 "BlockNewRequests": true,
1972 "Locked": true
1974 "Microphone": {
1975 "Allow": [
1976 "https://example.org"
1978 "Block": [
1979 "https://example.edu"
1981 "BlockNewRequests": true,
1982 "Locked": true
1984 "Location": {
1985 "Allow": [
1986 "https://example.org"
1988 "Block": [
1989 "https://example.edu"
1991 "BlockNewRequests": true,
1992 "Locked": true
1994 "Notifications": {
1995 "Allow": [
1996 "https://example.org"
1998 "Block": [
1999 "https://example.edu"
2001 "BlockNewRequests": true,
2002 "Locked": true
2004 "Autoplay": {
2005 "Allow": [
2006 "https://example.org"
2008 "Block": [
2009 "https://example.edu"
2011 "Default": "block-audio",
2012 "Locked": true
2014 "VirtualReality": {
2015 "Allow": [
2016 "https://example.org"
2018 "Block": [
2019 "https://example.edu"
2021 "BlockNewRequests": true,
2022 "Locked": true
2025 "PictureInPicture": {
2026 "Enabled": true,
2027 "Locked": true
2029 "PopupBlocking": {
2030 "Allow": [
2031 "http://example.org/",
2032 "http://example.edu/"
2034 "Default": true,
2035 "Locked": true
2037 "Preferences": {
2038 "accessibility.force_disabled": {
2039 "Value": 1,
2040 "Status": "default"
2042 "browser.cache.disk.parent_directory": {
2043 "Value": "SOME_NATIVE_PATH",
2044 "Status": "user"
2046 "browser.tabs.warnOnClose": {
2047 "Value": false,
2048 "Status": "locked"
2051 "PromptForDownloadLocation": true,
2052 "Proxy": {
2053 "Mode": "autoDetect",
2054 "Locked": true,
2055 "HTTPProxy": "hostname",
2056 "UseHTTPProxyForAllProtocols": true,
2057 "SSLProxy": "hostname",
2058 "FTPProxy": "hostname",
2059 "SOCKSProxy": "hostname",
2060 "SOCKSVersion": 5,
2061 "Passthrough": "<local>",
2062 "AutoConfigURL": "URL_TO_AUTOCONFIG",
2063 "AutoLogin": true,
2064 "UseProxyForDNS": true
2066 "SanitizeOnShutdown": true,
2067 "SearchEngines": {
2068 "Add": [
2070 "Name": "Example1",
2071 "URLTemplate": "https://www.example.org/q={searchTerms}",
2072 "Method": "POST",
2073 "IconURL": "https://www.example.org/favicon.ico",
2074 "Alias": "example",
2075 "Description": "Description",
2076 "PostData": "name=value&q={searchTerms}",
2077 "SuggestURLTemplate": "https://www.example.org/suggestions/q={searchTerms}"
2080 "Remove": [
2081 "Bing"
2083 "Default": "Google",
2084 "PreventInstalls": true
2086 "SearchSuggestEnabled": true,
2087 "SecurityDevices": {
2088 "NAME_OF_DEVICE": "PATH_TO_LIBRARY_FOR_DEVICE"
2090 "ShowHomeButton": true,
2091 "SSLVersionMax": "tls1.3",
2092 "SSLVersionMin": "tls1.3",
2093 "SupportMenu": {
2094 "Title": "Support Menu",
2095 "URL": "http://example.com/support",
2096 "AccessKey": "S"
2098 "UserMessaging": {
2099 "WhatsNew": true,
2100 "ExtensionRecommendations": true,
2101 "FeatureRecommendations": true,
2102 "UrlbarInterventions": true,
2103 "SkipOnboarding": true
2105 "WebsiteFilter": {
2106 "Block": [
2107 "<all_urls>"
2109 "Exceptions": [
2110 "http://example.org/*"
2113 "DefaultDownloadDirectory": "${home}/Downloads",
2114 "DownloadDirectory": "${home}/Downloads",
2115 "NetworkPrediction": true,
2116 "NewTabPage": true,
2117 "RequestedLocales": ["de", "en-US"],
2118 "SearchBar": "unified"
2123 chromium_reg_pol = \
2124 br"""
2125 <?xml version="1.0" encoding="utf-8"?>
2126 <PolFile num_entries="418" signature="PReg" version="1">
2127 <Entry type="4" type_name="REG_DWORD">
2128 <Key>Software\Policies\Google\Chrome</Key>
2129 <ValueName>AbusiveExperienceInterventionEnforce</ValueName>
2130 <Value>1</Value>
2131 </Entry>
2132 <Entry type="4" type_name="REG_DWORD">
2133 <Key>Software\Policies\Google\Chrome</Key>
2134 <ValueName>AccessibilityImageLabelsEnabled</ValueName>
2135 <Value>0</Value>
2136 </Entry>
2137 <Entry type="4" type_name="REG_DWORD">
2138 <Key>Software\Policies\Google\Chrome</Key>
2139 <ValueName>AdditionalDnsQueryTypesEnabled</ValueName>
2140 <Value>1</Value>
2141 </Entry>
2142 <Entry type="4" type_name="REG_DWORD">
2143 <Key>Software\Policies\Google\Chrome</Key>
2144 <ValueName>AdsSettingForIntrusiveAdsSites</ValueName>
2145 <Value>1</Value>
2146 </Entry>
2147 <Entry type="4" type_name="REG_DWORD">
2148 <Key>Software\Policies\Google\Chrome</Key>
2149 <ValueName>AdvancedProtectionAllowed</ValueName>
2150 <Value>1</Value>
2151 </Entry>
2152 <Entry type="4" type_name="REG_DWORD">
2153 <Key>Software\Policies\Google\Chrome</Key>
2154 <ValueName>AllowCrossOriginAuthPrompt</ValueName>
2155 <Value>0</Value>
2156 </Entry>
2157 <Entry type="4" type_name="REG_DWORD">
2158 <Key>Software\Policies\Google\Chrome</Key>
2159 <ValueName>AllowDeletingBrowserHistory</ValueName>
2160 <Value>1</Value>
2161 </Entry>
2162 <Entry type="4" type_name="REG_DWORD">
2163 <Key>Software\Policies\Google\Chrome</Key>
2164 <ValueName>AllowDinosaurEasterEgg</ValueName>
2165 <Value>0</Value>
2166 </Entry>
2167 <Entry type="4" type_name="REG_DWORD">
2168 <Key>Software\Policies\Google\Chrome</Key>
2169 <ValueName>AllowFileSelectionDialogs</ValueName>
2170 <Value>1</Value>
2171 </Entry>
2172 <Entry type="4" type_name="REG_DWORD">
2173 <Key>Software\Policies\Google\Chrome</Key>
2174 <ValueName>AllowSyncXHRInPageDismissal</ValueName>
2175 <Value>0</Value>
2176 </Entry>
2177 <Entry type="1" type_name="REG_SZ">
2178 <Key>Software\Policies\Google\Chrome</Key>
2179 <ValueName>AllowedDomainsForApps</ValueName>
2180 <Value>managedchrome.com,example.com</Value>
2181 </Entry>
2182 <Entry type="4" type_name="REG_DWORD">
2183 <Key>Software\Policies\Google\Chrome</Key>
2184 <ValueName>AlternateErrorPagesEnabled</ValueName>
2185 <Value>1</Value>
2186 </Entry>
2187 <Entry type="1" type_name="REG_SZ">
2188 <Key>Software\Policies\Google\Chrome</Key>
2189 <ValueName>AlternativeBrowserPath</ValueName>
2190 <Value>${ie}</Value>
2191 </Entry>
2192 <Entry type="4" type_name="REG_DWORD">
2193 <Key>Software\Policies\Google\Chrome</Key>
2194 <ValueName>AlwaysOpenPdfExternally</ValueName>
2195 <Value>1</Value>
2196 </Entry>
2197 <Entry type="4" type_name="REG_DWORD">
2198 <Key>Software\Policies\Google\Chrome</Key>
2199 <ValueName>AmbientAuthenticationInPrivateModesEnabled</ValueName>
2200 <Value>0</Value>
2201 </Entry>
2202 <Entry type="4" type_name="REG_DWORD">
2203 <Key>Software\Policies\Google\Chrome</Key>
2204 <ValueName>AppCacheForceEnabled</ValueName>
2205 <Value>0</Value>
2206 </Entry>
2207 <Entry type="1" type_name="REG_SZ">
2208 <Key>Software\Policies\Google\Chrome</Key>
2209 <ValueName>ApplicationLocaleValue</ValueName>
2210 <Value>en</Value>
2211 </Entry>
2212 <Entry type="4" type_name="REG_DWORD">
2213 <Key>Software\Policies\Google\Chrome</Key>
2214 <ValueName>AudioCaptureAllowed</ValueName>
2215 <Value>0</Value>
2216 </Entry>
2217 <Entry type="4" type_name="REG_DWORD">
2218 <Key>Software\Policies\Google\Chrome</Key>
2219 <ValueName>AudioProcessHighPriorityEnabled</ValueName>
2220 <Value>1</Value>
2221 </Entry>
2222 <Entry type="4" type_name="REG_DWORD">
2223 <Key>Software\Policies\Google\Chrome</Key>
2224 <ValueName>AudioSandboxEnabled</ValueName>
2225 <Value>1</Value>
2226 </Entry>
2227 <Entry type="1" type_name="REG_SZ">
2228 <Key>Software\Policies\Google\Chrome</Key>
2229 <ValueName>AuthNegotiateDelegateAllowlist</ValueName>
2230 <Value>foobar.example.com</Value>
2231 </Entry>
2232 <Entry type="1" type_name="REG_SZ">
2233 <Key>Software\Policies\Google\Chrome</Key>
2234 <ValueName>AuthSchemes</ValueName>
2235 <Value>basic,digest,ntlm,negotiate</Value>
2236 </Entry>
2237 <Entry type="1" type_name="REG_SZ">
2238 <Key>Software\Policies\Google\Chrome</Key>
2239 <ValueName>AuthServerAllowlist</ValueName>
2240 <Value>*.example.com,example.com</Value>
2241 </Entry>
2242 <Entry type="1" type_name="REG_SZ">
2243 <Key>Software\Policies\Google\Chrome</Key>
2244 <ValueName>AutoLaunchProtocolsFromOrigins</ValueName>
2245 <Value>[{&quot;allowed_origins&quot;: [&quot;example.com&quot;, &quot;http://www.example.com:8080&quot;], &quot;protocol&quot;: &quot;spotify&quot;}, {&quot;allowed_origins&quot;: [&quot;https://example.com&quot;, &quot;https://.mail.example.com&quot;], &quot;protocol&quot;: &quot;teams&quot;}, {&quot;allowed_origins&quot;: [&quot;*&quot;], &quot;protocol&quot;: &quot;outlook&quot;}]</Value>
2246 </Entry>
2247 <Entry type="4" type_name="REG_DWORD">
2248 <Key>Software\Policies\Google\Chrome</Key>
2249 <ValueName>AutofillAddressEnabled</ValueName>
2250 <Value>0</Value>
2251 </Entry>
2252 <Entry type="4" type_name="REG_DWORD">
2253 <Key>Software\Policies\Google\Chrome</Key>
2254 <ValueName>AutofillCreditCardEnabled</ValueName>
2255 <Value>0</Value>
2256 </Entry>
2257 <Entry type="4" type_name="REG_DWORD">
2258 <Key>Software\Policies\Google\Chrome</Key>
2259 <ValueName>AutoplayAllowed</ValueName>
2260 <Value>1</Value>
2261 </Entry>
2262 <Entry type="4" type_name="REG_DWORD">
2263 <Key>Software\Policies\Google\Chrome</Key>
2264 <ValueName>BackgroundModeEnabled</ValueName>
2265 <Value>1</Value>
2266 </Entry>
2267 <Entry type="4" type_name="REG_DWORD">
2268 <Key>Software\Policies\Google\Chrome</Key>
2269 <ValueName>BasicAuthOverHttpEnabled</ValueName>
2270 <Value>0</Value>
2271 </Entry>
2272 <Entry type="4" type_name="REG_DWORD">
2273 <Key>Software\Policies\Google\Chrome</Key>
2274 <ValueName>BlockExternalExtensions</ValueName>
2275 <Value>1</Value>
2276 </Entry>
2277 <Entry type="4" type_name="REG_DWORD">
2278 <Key>Software\Policies\Google\Chrome</Key>
2279 <ValueName>BlockThirdPartyCookies</ValueName>
2280 <Value>0</Value>
2281 </Entry>
2282 <Entry type="4" type_name="REG_DWORD">
2283 <Key>Software\Policies\Google\Chrome</Key>
2284 <ValueName>BookmarkBarEnabled</ValueName>
2285 <Value>1</Value>
2286 </Entry>
2287 <Entry type="4" type_name="REG_DWORD">
2288 <Key>Software\Policies\Google\Chrome</Key>
2289 <ValueName>BrowserAddPersonEnabled</ValueName>
2290 <Value>1</Value>
2291 </Entry>
2292 <Entry type="4" type_name="REG_DWORD">
2293 <Key>Software\Policies\Google\Chrome</Key>
2294 <ValueName>BrowserGuestModeEnabled</ValueName>
2295 <Value>1</Value>
2296 </Entry>
2297 <Entry type="4" type_name="REG_DWORD">
2298 <Key>Software\Policies\Google\Chrome</Key>
2299 <ValueName>BrowserGuestModeEnforced</ValueName>
2300 <Value>1</Value>
2301 </Entry>
2302 <Entry type="4" type_name="REG_DWORD">
2303 <Key>Software\Policies\Google\Chrome</Key>
2304 <ValueName>BrowserLabsEnabled</ValueName>
2305 <Value>0</Value>
2306 </Entry>
2307 <Entry type="4" type_name="REG_DWORD">
2308 <Key>Software\Policies\Google\Chrome</Key>
2309 <ValueName>BrowserNetworkTimeQueriesEnabled</ValueName>
2310 <Value>1</Value>
2311 </Entry>
2312 <Entry type="4" type_name="REG_DWORD">
2313 <Key>Software\Policies\Google\Chrome</Key>
2314 <ValueName>BrowserSignin</ValueName>
2315 <Value>2</Value>
2316 </Entry>
2317 <Entry type="1" type_name="REG_SZ">
2318 <Key>Software\Policies\Google\Chrome</Key>
2319 <ValueName>BrowserSwitcherChromePath</ValueName>
2320 <Value>${chrome}</Value>
2321 </Entry>
2322 <Entry type="4" type_name="REG_DWORD">
2323 <Key>Software\Policies\Google\Chrome</Key>
2324 <ValueName>BrowserSwitcherDelay</ValueName>
2325 <Value>10000</Value>
2326 </Entry>
2327 <Entry type="4" type_name="REG_DWORD">
2328 <Key>Software\Policies\Google\Chrome</Key>
2329 <ValueName>BrowserSwitcherEnabled</ValueName>
2330 <Value>1</Value>
2331 </Entry>
2332 <Entry type="1" type_name="REG_SZ">
2333 <Key>Software\Policies\Google\Chrome</Key>
2334 <ValueName>BrowserSwitcherExternalGreylistUrl</ValueName>
2335 <Value>http://example.com/greylist.xml</Value>
2336 </Entry>
2337 <Entry type="1" type_name="REG_SZ">
2338 <Key>Software\Policies\Google\Chrome</Key>
2339 <ValueName>BrowserSwitcherExternalSitelistUrl</ValueName>
2340 <Value>http://example.com/sitelist.xml</Value>
2341 </Entry>
2342 <Entry type="4" type_name="REG_DWORD">
2343 <Key>Software\Policies\Google\Chrome</Key>
2344 <ValueName>BrowserSwitcherKeepLastChromeTab</ValueName>
2345 <Value>0</Value>
2346 </Entry>
2347 <Entry type="4" type_name="REG_DWORD">
2348 <Key>Software\Policies\Google\Chrome</Key>
2349 <ValueName>BrowserSwitcherUseIeSitelist</ValueName>
2350 <Value>1</Value>
2351 </Entry>
2352 <Entry type="1" type_name="REG_SZ">
2353 <Key>Software\Policies\Google\Chrome</Key>
2354 <ValueName>BrowserThemeColor</ValueName>
2355 <Value>#FFFFFF</Value>
2356 </Entry>
2357 <Entry type="1" type_name="REG_SZ">
2358 <Key>Software\Policies\Google\Chrome</Key>
2359 <ValueName>BrowsingDataLifetime</ValueName>
2360 <Value>[{&quot;data_types&quot;: [&quot;browsing_history&quot;], &quot;time_to_live_in_hours&quot;: 24}, {&quot;data_types&quot;: [&quot;password_signin&quot;, &quot;autofill&quot;], &quot;time_to_live_in_hours&quot;: 12}]</Value>
2361 </Entry>
2362 <Entry type="4" type_name="REG_DWORD">
2363 <Key>Software\Policies\Google\Chrome</Key>
2364 <ValueName>BuiltInDnsClientEnabled</ValueName>
2365 <Value>1</Value>
2366 </Entry>
2367 <Entry type="4" type_name="REG_DWORD">
2368 <Key>Software\Policies\Google\Chrome</Key>
2369 <ValueName>CECPQ2Enabled</ValueName>
2370 <Value>1</Value>
2371 </Entry>
2372 <Entry type="4" type_name="REG_DWORD">
2373 <Key>Software\Policies\Google\Chrome</Key>
2374 <ValueName>ChromeCleanupEnabled</ValueName>
2375 <Value>1</Value>
2376 </Entry>
2377 <Entry type="4" type_name="REG_DWORD">
2378 <Key>Software\Policies\Google\Chrome</Key>
2379 <ValueName>ChromeCleanupReportingEnabled</ValueName>
2380 <Value>1</Value>
2381 </Entry>
2382 <Entry type="4" type_name="REG_DWORD">
2383 <Key>Software\Policies\Google\Chrome</Key>
2384 <ValueName>ChromeVariations</ValueName>
2385 <Value>1</Value>
2386 </Entry>
2387 <Entry type="4" type_name="REG_DWORD">
2388 <Key>Software\Policies\Google\Chrome</Key>
2389 <ValueName>ClickToCallEnabled</ValueName>
2390 <Value>1</Value>
2391 </Entry>
2392 <Entry type="4" type_name="REG_DWORD">
2393 <Key>Software\Policies\Google\Chrome</Key>
2394 <ValueName>CloudManagementEnrollmentMandatory</ValueName>
2395 <Value>1</Value>
2396 </Entry>
2397 <Entry type="1" type_name="REG_SZ">
2398 <Key>Software\Policies\Google\Chrome</Key>
2399 <ValueName>CloudManagementEnrollmentToken</ValueName>
2400 <Value>37185d02-e055-11e7-80c1-9a214cf093ae</Value>
2401 </Entry>
2402 <Entry type="4" type_name="REG_DWORD">
2403 <Key>Software\Policies\Google\Chrome</Key>
2404 <ValueName>CloudPolicyOverridesPlatformPolicy</ValueName>
2405 <Value>0</Value>
2406 </Entry>
2407 <Entry type="4" type_name="REG_DWORD">
2408 <Key>Software\Policies\Google\Chrome</Key>
2409 <ValueName>CloudPrintProxyEnabled</ValueName>
2410 <Value>1</Value>
2411 </Entry>
2412 <Entry type="4" type_name="REG_DWORD">
2413 <Key>Software\Policies\Google\Chrome</Key>
2414 <ValueName>CloudPrintSubmitEnabled</ValueName>
2415 <Value>1</Value>
2416 </Entry>
2417 <Entry type="4" type_name="REG_DWORD">
2418 <Key>Software\Policies\Google\Chrome</Key>
2419 <ValueName>CloudUserPolicyMerge</ValueName>
2420 <Value>1</Value>
2421 </Entry>
2422 <Entry type="4" type_name="REG_DWORD">
2423 <Key>Software\Policies\Google\Chrome</Key>
2424 <ValueName>CommandLineFlagSecurityWarningsEnabled</ValueName>
2425 <Value>1</Value>
2426 </Entry>
2427 <Entry type="4" type_name="REG_DWORD">
2428 <Key>Software\Policies\Google\Chrome</Key>
2429 <ValueName>ComponentUpdatesEnabled</ValueName>
2430 <Value>1</Value>
2431 </Entry>
2432 <Entry type="4" type_name="REG_DWORD">
2433 <Key>Software\Policies\Google\Chrome</Key>
2434 <ValueName>DNSInterceptionChecksEnabled</ValueName>
2435 <Value>1</Value>
2436 </Entry>
2437 <Entry type="4" type_name="REG_DWORD">
2438 <Key>Software\Policies\Google\Chrome</Key>
2439 <ValueName>DefaultBrowserSettingEnabled</ValueName>
2440 <Value>1</Value>
2441 </Entry>
2442 <Entry type="4" type_name="REG_DWORD">
2443 <Key>Software\Policies\Google\Chrome</Key>
2444 <ValueName>DefaultCookiesSetting</ValueName>
2445 <Value>1</Value>
2446 </Entry>
2447 <Entry type="4" type_name="REG_DWORD">
2448 <Key>Software\Policies\Google\Chrome</Key>
2449 <ValueName>DefaultFileHandlingGuardSetting</ValueName>
2450 <Value>2</Value>
2451 </Entry>
2452 <Entry type="4" type_name="REG_DWORD">
2453 <Key>Software\Policies\Google\Chrome</Key>
2454 <ValueName>DefaultFileSystemReadGuardSetting</ValueName>
2455 <Value>2</Value>
2456 </Entry>
2457 <Entry type="4" type_name="REG_DWORD">
2458 <Key>Software\Policies\Google\Chrome</Key>
2459 <ValueName>DefaultFileSystemWriteGuardSetting</ValueName>
2460 <Value>2</Value>
2461 </Entry>
2462 <Entry type="4" type_name="REG_DWORD">
2463 <Key>Software\Policies\Google\Chrome</Key>
2464 <ValueName>DefaultGeolocationSetting</ValueName>
2465 <Value>1</Value>
2466 </Entry>
2467 <Entry type="4" type_name="REG_DWORD">
2468 <Key>Software\Policies\Google\Chrome</Key>
2469 <ValueName>DefaultImagesSetting</ValueName>
2470 <Value>1</Value>
2471 </Entry>
2472 <Entry type="4" type_name="REG_DWORD">
2473 <Key>Software\Policies\Google\Chrome</Key>
2474 <ValueName>DefaultInsecureContentSetting</ValueName>
2475 <Value>2</Value>
2476 </Entry>
2477 <Entry type="4" type_name="REG_DWORD">
2478 <Key>Software\Policies\Google\Chrome</Key>
2479 <ValueName>DefaultJavaScriptSetting</ValueName>
2480 <Value>1</Value>
2481 </Entry>
2482 <Entry type="4" type_name="REG_DWORD">
2483 <Key>Software\Policies\Google\Chrome</Key>
2484 <ValueName>DefaultNotificationsSetting</ValueName>
2485 <Value>2</Value>
2486 </Entry>
2487 <Entry type="4" type_name="REG_DWORD">
2488 <Key>Software\Policies\Google\Chrome</Key>
2489 <ValueName>DefaultPopupsSetting</ValueName>
2490 <Value>1</Value>
2491 </Entry>
2492 <Entry type="1" type_name="REG_SZ">
2493 <Key>Software\Policies\Google\Chrome</Key>
2494 <ValueName>DefaultPrinterSelection</ValueName>
2495 <Value>{ &quot;kind&quot;: &quot;cloud&quot;, &quot;idPattern&quot;: &quot;.*public&quot;, &quot;namePattern&quot;: &quot;.*Color&quot; }</Value>
2496 </Entry>
2497 <Entry type="4" type_name="REG_DWORD">
2498 <Key>Software\Policies\Google\Chrome</Key>
2499 <ValueName>DefaultSearchProviderContextMenuAccessAllowed</ValueName>
2500 <Value>1</Value>
2501 </Entry>
2502 <Entry type="4" type_name="REG_DWORD">
2503 <Key>Software\Policies\Google\Chrome</Key>
2504 <ValueName>DefaultSearchProviderEnabled</ValueName>
2505 <Value>1</Value>
2506 </Entry>
2507 <Entry type="1" type_name="REG_SZ">
2508 <Key>Software\Policies\Google\Chrome</Key>
2509 <ValueName>DefaultSearchProviderIconURL</ValueName>
2510 <Value>https://search.my.company/favicon.ico</Value>
2511 </Entry>
2512 <Entry type="1" type_name="REG_SZ">
2513 <Key>Software\Policies\Google\Chrome</Key>
2514 <ValueName>DefaultSearchProviderImageURL</ValueName>
2515 <Value>https://search.my.company/searchbyimage/upload</Value>
2516 </Entry>
2517 <Entry type="1" type_name="REG_SZ">
2518 <Key>Software\Policies\Google\Chrome</Key>
2519 <ValueName>DefaultSearchProviderImageURLPostParams</ValueName>
2520 <Value>content={imageThumbnail},url={imageURL},sbisrc={SearchSource}</Value>
2521 </Entry>
2522 <Entry type="1" type_name="REG_SZ">
2523 <Key>Software\Policies\Google\Chrome</Key>
2524 <ValueName>DefaultSearchProviderKeyword</ValueName>
2525 <Value>mis</Value>
2526 </Entry>
2527 <Entry type="1" type_name="REG_SZ">
2528 <Key>Software\Policies\Google\Chrome</Key>
2529 <ValueName>DefaultSearchProviderName</ValueName>
2530 <Value>My Intranet Search</Value>
2531 </Entry>
2532 <Entry type="1" type_name="REG_SZ">
2533 <Key>Software\Policies\Google\Chrome</Key>
2534 <ValueName>DefaultSearchProviderNewTabURL</ValueName>
2535 <Value>https://search.my.company/newtab</Value>
2536 </Entry>
2537 <Entry type="1" type_name="REG_SZ">
2538 <Key>Software\Policies\Google\Chrome</Key>
2539 <ValueName>DefaultSearchProviderSearchURL</ValueName>
2540 <Value>https://search.my.company/search?q={searchTerms}</Value>
2541 </Entry>
2542 <Entry type="1" type_name="REG_SZ">
2543 <Key>Software\Policies\Google\Chrome</Key>
2544 <ValueName>DefaultSearchProviderSearchURLPostParams</ValueName>
2545 <Value>q={searchTerms},ie=utf-8,oe=utf-8</Value>
2546 </Entry>
2547 <Entry type="1" type_name="REG_SZ">
2548 <Key>Software\Policies\Google\Chrome</Key>
2549 <ValueName>DefaultSearchProviderSuggestURL</ValueName>
2550 <Value>https://search.my.company/suggest?q={searchTerms}</Value>
2551 </Entry>
2552 <Entry type="1" type_name="REG_SZ">
2553 <Key>Software\Policies\Google\Chrome</Key>
2554 <ValueName>DefaultSearchProviderSuggestURLPostParams</ValueName>
2555 <Value>q={searchTerms},ie=utf-8,oe=utf-8</Value>
2556 </Entry>
2557 <Entry type="4" type_name="REG_DWORD">
2558 <Key>Software\Policies\Google\Chrome</Key>
2559 <ValueName>DefaultSensorsSetting</ValueName>
2560 <Value>2</Value>
2561 </Entry>
2562 <Entry type="4" type_name="REG_DWORD">
2563 <Key>Software\Policies\Google\Chrome</Key>
2564 <ValueName>DefaultSerialGuardSetting</ValueName>
2565 <Value>2</Value>
2566 </Entry>
2567 <Entry type="4" type_name="REG_DWORD">
2568 <Key>Software\Policies\Google\Chrome</Key>
2569 <ValueName>DefaultWebBluetoothGuardSetting</ValueName>
2570 <Value>2</Value>
2571 </Entry>
2572 <Entry type="4" type_name="REG_DWORD">
2573 <Key>Software\Policies\Google\Chrome</Key>
2574 <ValueName>DefaultWebUsbGuardSetting</ValueName>
2575 <Value>2</Value>
2576 </Entry>
2577 <Entry type="4" type_name="REG_DWORD">
2578 <Key>Software\Policies\Google\Chrome</Key>
2579 <ValueName>DeveloperToolsAvailability</ValueName>
2580 <Value>2</Value>
2581 </Entry>
2582 <Entry type="4" type_name="REG_DWORD">
2583 <Key>Software\Policies\Google\Chrome</Key>
2584 <ValueName>Disable3DAPIs</ValueName>
2585 <Value>0</Value>
2586 </Entry>
2587 <Entry type="4" type_name="REG_DWORD">
2588 <Key>Software\Policies\Google\Chrome</Key>
2589 <ValueName>DisableAuthNegotiateCnameLookup</ValueName>
2590 <Value>0</Value>
2591 </Entry>
2592 <Entry type="4" type_name="REG_DWORD">
2593 <Key>Software\Policies\Google\Chrome</Key>
2594 <ValueName>DisablePrintPreview</ValueName>
2595 <Value>0</Value>
2596 </Entry>
2597 <Entry type="4" type_name="REG_DWORD">
2598 <Key>Software\Policies\Google\Chrome</Key>
2599 <ValueName>DisableSafeBrowsingProceedAnyway</ValueName>
2600 <Value>1</Value>
2601 </Entry>
2602 <Entry type="4" type_name="REG_DWORD">
2603 <Key>Software\Policies\Google\Chrome</Key>
2604 <ValueName>DisableScreenshots</ValueName>
2605 <Value>1</Value>
2606 </Entry>
2607 <Entry type="1" type_name="REG_SZ">
2608 <Key>Software\Policies\Google\Chrome</Key>
2609 <ValueName>DiskCacheDir</ValueName>
2610 <Value>${user_home}/Chrome_cache</Value>
2611 </Entry>
2612 <Entry type="4" type_name="REG_DWORD">
2613 <Key>Software\Policies\Google\Chrome</Key>
2614 <ValueName>DiskCacheSize</ValueName>
2615 <Value>104857600</Value>
2616 </Entry>
2617 <Entry type="1" type_name="REG_SZ">
2618 <Key>Software\Policies\Google\Chrome</Key>
2619 <ValueName>DnsOverHttpsMode</ValueName>
2620 <Value>off</Value>
2621 </Entry>
2622 <Entry type="1" type_name="REG_SZ">
2623 <Key>Software\Policies\Google\Chrome</Key>
2624 <ValueName>DnsOverHttpsTemplates</ValueName>
2625 <Value>https://dns.example.net/dns-query{?dns}</Value>
2626 </Entry>
2627 <Entry type="1" type_name="REG_SZ">
2628 <Key>Software\Policies\Google\Chrome</Key>
2629 <ValueName>DownloadDirectory</ValueName>
2630 <Value>/home/${user_name}/Downloads</Value>
2631 </Entry>
2632 <Entry type="4" type_name="REG_DWORD">
2633 <Key>Software\Policies\Google\Chrome</Key>
2634 <ValueName>DownloadRestrictions</ValueName>
2635 <Value>2</Value>
2636 </Entry>
2637 <Entry type="4" type_name="REG_DWORD">
2638 <Key>Software\Policies\Google\Chrome</Key>
2639 <ValueName>EditBookmarksEnabled</ValueName>
2640 <Value>0</Value>
2641 </Entry>
2642 <Entry type="4" type_name="REG_DWORD">
2643 <Key>Software\Policies\Google\Chrome</Key>
2644 <ValueName>EnableAuthNegotiatePort</ValueName>
2645 <Value>0</Value>
2646 </Entry>
2647 <Entry type="4" type_name="REG_DWORD">
2648 <Key>Software\Policies\Google\Chrome</Key>
2649 <ValueName>EnableDeprecatedPrivetPrinting</ValueName>
2650 <Value>1</Value>
2651 </Entry>
2652 <Entry type="4" type_name="REG_DWORD">
2653 <Key>Software\Policies\Google\Chrome</Key>
2654 <ValueName>EnableMediaRouter</ValueName>
2655 <Value>1</Value>
2656 </Entry>
2657 <Entry type="4" type_name="REG_DWORD">
2658 <Key>Software\Policies\Google\Chrome</Key>
2659 <ValueName>EnableOnlineRevocationChecks</ValueName>
2660 <Value>0</Value>
2661 </Entry>
2662 <Entry type="4" type_name="REG_DWORD">
2663 <Key>Software\Policies\Google\Chrome</Key>
2664 <ValueName>EnterpriseHardwarePlatformAPIEnabled</ValueName>
2665 <Value>1</Value>
2666 </Entry>
2667 <Entry type="1" type_name="REG_SZ">
2668 <Key>Software\Policies\Google\Chrome</Key>
2669 <ValueName>ExtensionSettings</ValueName>
2670 <Value>{&quot;*&quot;: {&quot;allowed_types&quot;: [&quot;hosted_app&quot;], &quot;blocked_install_message&quot;: &quot;Custom error message.&quot;, &quot;blocked_permissions&quot;: [&quot;downloads&quot;, &quot;bookmarks&quot;], &quot;install_sources&quot;: [&quot;https://company-intranet/chromeapps&quot;], &quot;installation_mode&quot;: &quot;blocked&quot;, &quot;runtime_allowed_hosts&quot;: [&quot;*://good.example.com&quot;], &quot;runtime_blocked_hosts&quot;: [&quot;*://*.example.com&quot;]}, &quot;abcdefghijklmnopabcdefghijklmnop&quot;: {&quot;blocked_permissions&quot;: [&quot;history&quot;], &quot;installation_mode&quot;: &quot;allowed&quot;, &quot;minimum_version_required&quot;: &quot;1.0.1&quot;, &quot;toolbar_pin&quot;: &quot;force_pinned&quot;}, &quot;bcdefghijklmnopabcdefghijklmnopa&quot;: {&quot;allowed_permissions&quot;: [&quot;downloads&quot;], &quot;installation_mode&quot;: &quot;force_installed&quot;, &quot;runtime_allowed_hosts&quot;: [&quot;*://good.example.com&quot;], &quot;runtime_blocked_hosts&quot;: [&quot;*://*.example.com&quot;], &quot;update_url&quot;: &quot;https://example.com/update_url&quot;}, &quot;cdefghijklmnopabcdefghijklmnopab&quot;: {&quot;blocked_install_message&quot;: &quot;Custom error message.&quot;, &quot;installation_mode&quot;: &quot;blocked&quot;}, &quot;defghijklmnopabcdefghijklmnopabc,efghijklmnopabcdefghijklmnopabcd&quot;: {&quot;blocked_install_message&quot;: &quot;Custom error message.&quot;, &quot;installation_mode&quot;: &quot;blocked&quot;}, &quot;fghijklmnopabcdefghijklmnopabcde&quot;: {&quot;blocked_install_message&quot;: &quot;Custom removal message.&quot;, &quot;installation_mode&quot;: &quot;removed&quot;}, &quot;ghijklmnopabcdefghijklmnopabcdef&quot;: {&quot;installation_mode&quot;: &quot;force_installed&quot;, &quot;override_update_url&quot;: true, &quot;update_url&quot;: &quot;https://example.com/update_url&quot;}, &quot;update_url:https://www.example.com/update.xml&quot;: {&quot;allowed_permissions&quot;: [&quot;downloads&quot;], &quot;blocked_permissions&quot;: [&quot;wallpaper&quot;], &quot;installation_mode&quot;: &quot;allowed&quot;}}</Value>
2671 </Entry>
2672 <Entry type="4" type_name="REG_DWORD">
2673 <Key>Software\Policies\Google\Chrome</Key>
2674 <ValueName>ExternalProtocolDialogShowAlwaysOpenCheckbox</ValueName>
2675 <Value>1</Value>
2676 </Entry>
2677 <Entry type="4" type_name="REG_DWORD">
2678 <Key>Software\Policies\Google\Chrome</Key>
2679 <ValueName>FetchKeepaliveDurationSecondsOnShutdown</ValueName>
2680 <Value>1</Value>
2681 </Entry>
2682 <Entry type="4" type_name="REG_DWORD">
2683 <Key>Software\Policies\Google\Chrome</Key>
2684 <ValueName>ForceEphemeralProfiles</ValueName>
2685 <Value>1</Value>
2686 </Entry>
2687 <Entry type="4" type_name="REG_DWORD">
2688 <Key>Software\Policies\Google\Chrome</Key>
2689 <ValueName>ForceGoogleSafeSearch</ValueName>
2690 <Value>0</Value>
2691 </Entry>
2692 <Entry type="4" type_name="REG_DWORD">
2693 <Key>Software\Policies\Google\Chrome</Key>
2694 <ValueName>ForceYouTubeRestrict</ValueName>
2695 <Value>0</Value>
2696 </Entry>
2697 <Entry type="4" type_name="REG_DWORD">
2698 <Key>Software\Policies\Google\Chrome</Key>
2699 <ValueName>FullscreenAllowed</ValueName>
2700 <Value>1</Value>
2701 </Entry>
2702 <Entry type="4" type_name="REG_DWORD">
2703 <Key>Software\Policies\Google\Chrome</Key>
2704 <ValueName>GloballyScopeHTTPAuthCacheEnabled</ValueName>
2705 <Value>0</Value>
2706 </Entry>
2707 <Entry type="4" type_name="REG_DWORD">
2708 <Key>Software\Policies\Google\Chrome</Key>
2709 <ValueName>HardwareAccelerationModeEnabled</ValueName>
2710 <Value>1</Value>
2711 </Entry>
2712 <Entry type="4" type_name="REG_DWORD">
2713 <Key>Software\Policies\Google\Chrome</Key>
2714 <ValueName>HeadlessMode</ValueName>
2715 <Value>2</Value>
2716 </Entry>
2717 <Entry type="4" type_name="REG_DWORD">
2718 <Key>Software\Policies\Google\Chrome</Key>
2719 <ValueName>HideWebStoreIcon</ValueName>
2720 <Value>1</Value>
2721 </Entry>
2722 <Entry type="4" type_name="REG_DWORD">
2723 <Key>Software\Policies\Google\Chrome</Key>
2724 <ValueName>HomepageIsNewTabPage</ValueName>
2725 <Value>1</Value>
2726 </Entry>
2727 <Entry type="1" type_name="REG_SZ">
2728 <Key>Software\Policies\Google\Chrome</Key>
2729 <ValueName>HomepageLocation</ValueName>
2730 <Value>https://www.chromium.org</Value>
2731 </Entry>
2732 <Entry type="4" type_name="REG_DWORD">
2733 <Key>Software\Policies\Google\Chrome</Key>
2734 <ValueName>ImportAutofillFormData</ValueName>
2735 <Value>1</Value>
2736 </Entry>
2737 <Entry type="4" type_name="REG_DWORD">
2738 <Key>Software\Policies\Google\Chrome</Key>
2739 <ValueName>ImportBookmarks</ValueName>
2740 <Value>1</Value>
2741 </Entry>
2742 <Entry type="4" type_name="REG_DWORD">
2743 <Key>Software\Policies\Google\Chrome</Key>
2744 <ValueName>ImportHistory</ValueName>
2745 <Value>1</Value>
2746 </Entry>
2747 <Entry type="4" type_name="REG_DWORD">
2748 <Key>Software\Policies\Google\Chrome</Key>
2749 <ValueName>ImportHomepage</ValueName>
2750 <Value>1</Value>
2751 </Entry>
2752 <Entry type="4" type_name="REG_DWORD">
2753 <Key>Software\Policies\Google\Chrome</Key>
2754 <ValueName>ImportSavedPasswords</ValueName>
2755 <Value>1</Value>
2756 </Entry>
2757 <Entry type="4" type_name="REG_DWORD">
2758 <Key>Software\Policies\Google\Chrome</Key>
2759 <ValueName>ImportSearchEngine</ValueName>
2760 <Value>1</Value>
2761 </Entry>
2762 <Entry type="4" type_name="REG_DWORD">
2763 <Key>Software\Policies\Google\Chrome</Key>
2764 <ValueName>IncognitoModeAvailability</ValueName>
2765 <Value>1</Value>
2766 </Entry>
2767 <Entry type="4" type_name="REG_DWORD">
2768 <Key>Software\Policies\Google\Chrome</Key>
2769 <ValueName>InsecureFormsWarningsEnabled</ValueName>
2770 <Value>1</Value>
2771 </Entry>
2772 <Entry type="4" type_name="REG_DWORD">
2773 <Key>Software\Policies\Google\Chrome</Key>
2774 <ValueName>InsecurePrivateNetworkRequestsAllowed</ValueName>
2775 <Value>0</Value>
2776 </Entry>
2777 <Entry type="4" type_name="REG_DWORD">
2778 <Key>Software\Policies\Google\Chrome</Key>
2779 <ValueName>IntensiveWakeUpThrottlingEnabled</ValueName>
2780 <Value>1</Value>
2781 </Entry>
2782 <Entry type="4" type_name="REG_DWORD">
2783 <Key>Software\Policies\Google\Chrome</Key>
2784 <ValueName>IntranetRedirectBehavior</ValueName>
2785 <Value>1</Value>
2786 </Entry>
2787 <Entry type="1" type_name="REG_SZ">
2788 <Key>Software\Policies\Google\Chrome</Key>
2789 <ValueName>IsolateOrigins</ValueName>
2790 <Value>https://example.com/,https://othersite.org/</Value>
2791 </Entry>
2792 <Entry type="1" type_name="REG_SZ">
2793 <Key>Software\Policies\Google\Chrome</Key>
2794 <ValueName>ManagedBookmarks</ValueName>
2795 <Value>[{&quot;toplevel_name&quot;: &quot;My managed bookmarks folder&quot;}, {&quot;name&quot;: &quot;Google&quot;, &quot;url&quot;: &quot;google.com&quot;}, {&quot;name&quot;: &quot;Youtube&quot;, &quot;url&quot;: &quot;youtube.com&quot;}, {&quot;children&quot;: [{&quot;name&quot;: &quot;Chromium&quot;, &quot;url&quot;: &quot;chromium.org&quot;}, {&quot;name&quot;: &quot;Chromium Developers&quot;, &quot;url&quot;: &quot;dev.chromium.org&quot;}], &quot;name&quot;: &quot;Chrome links&quot;}]</Value>
2796 </Entry>
2797 <Entry type="1" type_name="REG_SZ">
2798 <Key>Software\Policies\Google\Chrome</Key>
2799 <ValueName>ManagedConfigurationPerOrigin</ValueName>
2800 <Value>[{&quot;managed_configuration_hash&quot;: &quot;asd891jedasd12ue9h&quot;, &quot;managed_configuration_url&quot;: &quot;https://gstatic.google.com/configuration.json&quot;, &quot;origin&quot;: &quot;https://www.google.com&quot;}, {&quot;managed_configuration_hash&quot;: &quot;djio12easd89u12aws&quot;, &quot;managed_configuration_url&quot;: &quot;https://gstatic.google.com/configuration2.json&quot;, &quot;origin&quot;: &quot;https://www.example.com&quot;}]</Value>
2801 </Entry>
2802 <Entry type="4" type_name="REG_DWORD">
2803 <Key>Software\Policies\Google\Chrome</Key>
2804 <ValueName>MaxConnectionsPerProxy</ValueName>
2805 <Value>32</Value>
2806 </Entry>
2807 <Entry type="4" type_name="REG_DWORD">
2808 <Key>Software\Policies\Google\Chrome</Key>
2809 <ValueName>MaxInvalidationFetchDelay</ValueName>
2810 <Value>10000</Value>
2811 </Entry>
2812 <Entry type="4" type_name="REG_DWORD">
2813 <Key>Software\Policies\Google\Chrome</Key>
2814 <ValueName>MediaRecommendationsEnabled</ValueName>
2815 <Value>1</Value>
2816 </Entry>
2817 <Entry type="4" type_name="REG_DWORD">
2818 <Key>Software\Policies\Google\Chrome</Key>
2819 <ValueName>MediaRouterCastAllowAllIPs</ValueName>
2820 <Value>0</Value>
2821 </Entry>
2822 <Entry type="4" type_name="REG_DWORD">
2823 <Key>Software\Policies\Google\Chrome</Key>
2824 <ValueName>MetricsReportingEnabled</ValueName>
2825 <Value>1</Value>
2826 </Entry>
2827 <Entry type="4" type_name="REG_DWORD">
2828 <Key>Software\Policies\Google\Chrome</Key>
2829 <ValueName>NTPCardsVisible</ValueName>
2830 <Value>1</Value>
2831 </Entry>
2832 <Entry type="4" type_name="REG_DWORD">
2833 <Key>Software\Policies\Google\Chrome</Key>
2834 <ValueName>NTPCustomBackgroundEnabled</ValueName>
2835 <Value>1</Value>
2836 </Entry>
2837 <Entry type="4" type_name="REG_DWORD">
2838 <Key>Software\Policies\Google\Chrome</Key>
2839 <ValueName>NativeMessagingUserLevelHosts</ValueName>
2840 <Value>0</Value>
2841 </Entry>
2842 <Entry type="4" type_name="REG_DWORD">
2843 <Key>Software\Policies\Google\Chrome</Key>
2844 <ValueName>NetworkPredictionOptions</ValueName>
2845 <Value>1</Value>
2846 </Entry>
2847 <Entry type="1" type_name="REG_SZ">
2848 <Key>Software\Policies\Google\Chrome</Key>
2849 <ValueName>NewTabPageLocation</ValueName>
2850 <Value>https://www.chromium.org</Value>
2851 </Entry>
2852 <Entry type="4" type_name="REG_DWORD">
2853 <Key>Software\Policies\Google\Chrome</Key>
2854 <ValueName>PasswordLeakDetectionEnabled</ValueName>
2855 <Value>1</Value>
2856 </Entry>
2857 <Entry type="4" type_name="REG_DWORD">
2858 <Key>Software\Policies\Google\Chrome</Key>
2859 <ValueName>PasswordManagerEnabled</ValueName>
2860 <Value>1</Value>
2861 </Entry>
2862 <Entry type="1" type_name="REG_SZ">
2863 <Key>Software\Policies\Google\Chrome</Key>
2864 <ValueName>PasswordProtectionChangePasswordURL</ValueName>
2865 <Value>https://mydomain.com/change_password.html</Value>
2866 </Entry>
2867 <Entry type="4" type_name="REG_DWORD">
2868 <Key>Software\Policies\Google\Chrome</Key>
2869 <ValueName>PasswordProtectionWarningTrigger</ValueName>
2870 <Value>1</Value>
2871 </Entry>
2872 <Entry type="4" type_name="REG_DWORD">
2873 <Key>Software\Policies\Google\Chrome</Key>
2874 <ValueName>PaymentMethodQueryEnabled</ValueName>
2875 <Value>1</Value>
2876 </Entry>
2877 <Entry type="4" type_name="REG_DWORD">
2878 <Key>Software\Policies\Google\Chrome</Key>
2879 <ValueName>PolicyAtomicGroupsEnabled</ValueName>
2880 <Value>1</Value>
2881 </Entry>
2882 <Entry type="4" type_name="REG_DWORD">
2883 <Key>Software\Policies\Google\Chrome</Key>
2884 <ValueName>PolicyRefreshRate</ValueName>
2885 <Value>3600000</Value>
2886 </Entry>
2887 <Entry type="4" type_name="REG_DWORD">
2888 <Key>Software\Policies\Google\Chrome</Key>
2889 <ValueName>PrintHeaderFooter</ValueName>
2890 <Value>0</Value>
2891 </Entry>
2892 <Entry type="4" type_name="REG_DWORD">
2893 <Key>Software\Policies\Google\Chrome</Key>
2894 <ValueName>PrintPreviewUseSystemDefaultPrinter</ValueName>
2895 <Value>0</Value>
2896 </Entry>
2897 <Entry type="4" type_name="REG_DWORD">
2898 <Key>Software\Policies\Google\Chrome</Key>
2899 <ValueName>PrintRasterizationMode</ValueName>
2900 <Value>1</Value>
2901 </Entry>
2902 <Entry type="1" type_name="REG_SZ">
2903 <Key>Software\Policies\Google\Chrome</Key>
2904 <ValueName>PrintingAllowedBackgroundGraphicsModes</ValueName>
2905 <Value>enabled</Value>
2906 </Entry>
2907 <Entry type="1" type_name="REG_SZ">
2908 <Key>Software\Policies\Google\Chrome</Key>
2909 <ValueName>PrintingBackgroundGraphicsDefault</ValueName>
2910 <Value>enabled</Value>
2911 </Entry>
2912 <Entry type="4" type_name="REG_DWORD">
2913 <Key>Software\Policies\Google\Chrome</Key>
2914 <ValueName>PrintingEnabled</ValueName>
2915 <Value>1</Value>
2916 </Entry>
2917 <Entry type="1" type_name="REG_SZ">
2918 <Key>Software\Policies\Google\Chrome</Key>
2919 <ValueName>PrintingPaperSizeDefault</ValueName>
2920 <Value>{&quot;custom_size&quot;: {&quot;height&quot;: 297000, &quot;width&quot;: 210000}, &quot;name&quot;: &quot;custom&quot;}</Value>
2921 </Entry>
2922 <Entry type="4" type_name="REG_DWORD">
2923 <Key>Software\Policies\Google\Chrome</Key>
2924 <ValueName>ProfilePickerOnStartupAvailability</ValueName>
2925 <Value>0</Value>
2926 </Entry>
2927 <Entry type="4" type_name="REG_DWORD">
2928 <Key>Software\Policies\Google\Chrome</Key>
2929 <ValueName>PromotionalTabsEnabled</ValueName>
2930 <Value>0</Value>
2931 </Entry>
2932 <Entry type="4" type_name="REG_DWORD">
2933 <Key>Software\Policies\Google\Chrome</Key>
2934 <ValueName>PromptForDownloadLocation</ValueName>
2935 <Value>0</Value>
2936 </Entry>
2937 <Entry type="1" type_name="REG_SZ">
2938 <Key>Software\Policies\Google\Chrome</Key>
2939 <ValueName>ProxySettings</ValueName>
2940 <Value>{&quot;ProxyBypassList&quot;: &quot;https://www.example1.com,https://www.example2.com,https://internalsite/&quot;, &quot;ProxyMode&quot;: &quot;direct&quot;, &quot;ProxyPacUrl&quot;: &quot;https://internal.site/example.pac&quot;, &quot;ProxyServer&quot;: &quot;123.123.123.123:8080&quot;, &quot;ProxyServerMode&quot;: 2}</Value>
2941 </Entry>
2942 <Entry type="4" type_name="REG_DWORD">
2943 <Key>Software\Policies\Google\Chrome</Key>
2944 <ValueName>QuicAllowed</ValueName>
2945 <Value>1</Value>
2946 </Entry>
2947 <Entry type="4" type_name="REG_DWORD">
2948 <Key>Software\Policies\Google\Chrome</Key>
2949 <ValueName>RelaunchNotification</ValueName>
2950 <Value>1</Value>
2951 </Entry>
2952 <Entry type="4" type_name="REG_DWORD">
2953 <Key>Software\Policies\Google\Chrome</Key>
2954 <ValueName>RelaunchNotificationPeriod</ValueName>
2955 <Value>604800000</Value>
2956 </Entry>
2957 <Entry type="4" type_name="REG_DWORD">
2958 <Key>Software\Policies\Google\Chrome</Key>
2959 <ValueName>RemoteAccessHostAllowClientPairing</ValueName>
2960 <Value>0</Value>
2961 </Entry>
2962 <Entry type="4" type_name="REG_DWORD">
2963 <Key>Software\Policies\Google\Chrome</Key>
2964 <ValueName>RemoteAccessHostAllowFileTransfer</ValueName>
2965 <Value>0</Value>
2966 </Entry>
2967 <Entry type="4" type_name="REG_DWORD">
2968 <Key>Software\Policies\Google\Chrome</Key>
2969 <ValueName>RemoteAccessHostAllowRelayedConnection</ValueName>
2970 <Value>0</Value>
2971 </Entry>
2972 <Entry type="4" type_name="REG_DWORD">
2973 <Key>Software\Policies\Google\Chrome</Key>
2974 <ValueName>RemoteAccessHostAllowRemoteAccessConnections</ValueName>
2975 <Value>0</Value>
2976 </Entry>
2977 <Entry type="4" type_name="REG_DWORD">
2978 <Key>Software\Policies\Google\Chrome</Key>
2979 <ValueName>RemoteAccessHostAllowUiAccessForRemoteAssistance</ValueName>
2980 <Value>1</Value>
2981 </Entry>
2982 <Entry type="4" type_name="REG_DWORD">
2983 <Key>Software\Policies\Google\Chrome</Key>
2984 <ValueName>RemoteAccessHostFirewallTraversal</ValueName>
2985 <Value>0</Value>
2986 </Entry>
2987 <Entry type="4" type_name="REG_DWORD">
2988 <Key>Software\Policies\Google\Chrome</Key>
2989 <ValueName>RemoteAccessHostMaximumSessionDurationMinutes</ValueName>
2990 <Value>1200</Value>
2991 </Entry>
2992 <Entry type="4" type_name="REG_DWORD">
2993 <Key>Software\Policies\Google\Chrome</Key>
2994 <ValueName>RemoteAccessHostRequireCurtain</ValueName>
2995 <Value>0</Value>
2996 </Entry>
2997 <Entry type="1" type_name="REG_SZ">
2998 <Key>Software\Policies\Google\Chrome</Key>
2999 <ValueName>RemoteAccessHostUdpPortRange</ValueName>
3000 <Value>12400-12409</Value>
3001 </Entry>
3002 <Entry type="4" type_name="REG_DWORD">
3003 <Key>Software\Policies\Google\Chrome</Key>
3004 <ValueName>RendererCodeIntegrityEnabled</ValueName>
3005 <Value>0</Value>
3006 </Entry>
3007 <Entry type="4" type_name="REG_DWORD">
3008 <Key>Software\Policies\Google\Chrome</Key>
3009 <ValueName>RequireOnlineRevocationChecksForLocalAnchors</ValueName>
3010 <Value>0</Value>
3011 </Entry>
3012 <Entry type="4" type_name="REG_DWORD">
3013 <Key>Software\Policies\Google\Chrome</Key>
3014 <ValueName>RestoreOnStartup</ValueName>
3015 <Value>4</Value>
3016 </Entry>
3017 <Entry type="1" type_name="REG_SZ">
3018 <Key>Software\Policies\Google\Chrome</Key>
3019 <ValueName>RestrictSigninToPattern</ValueName>
3020 <Value>.*@example\.com</Value>
3021 </Entry>
3022 <Entry type="1" type_name="REG_SZ">
3023 <Key>Software\Policies\Google\Chrome</Key>
3024 <ValueName>RoamingProfileLocation</ValueName>
3025 <Value>${roaming_app_data}\chrome-profile</Value>
3026 </Entry>
3027 <Entry type="4" type_name="REG_DWORD">
3028 <Key>Software\Policies\Google\Chrome</Key>
3029 <ValueName>RoamingProfileSupportEnabled</ValueName>
3030 <Value>1</Value>
3031 </Entry>
3032 <Entry type="4" type_name="REG_DWORD">
3033 <Key>Software\Policies\Google\Chrome</Key>
3034 <ValueName>SSLErrorOverrideAllowed</ValueName>
3035 <Value>1</Value>
3036 </Entry>
3037 <Entry type="1" type_name="REG_SZ">
3038 <Key>Software\Policies\Google\Chrome</Key>
3039 <ValueName>SSLVersionMin</ValueName>
3040 <Value>tls1</Value>
3041 </Entry>
3042 <Entry type="4" type_name="REG_DWORD">
3043 <Key>Software\Policies\Google\Chrome</Key>
3044 <ValueName>SafeBrowsingExtendedReportingEnabled</ValueName>
3045 <Value>1</Value>
3046 </Entry>
3047 <Entry type="4" type_name="REG_DWORD">
3048 <Key>Software\Policies\Google\Chrome</Key>
3049 <ValueName>SafeBrowsingForTrustedSourcesEnabled</ValueName>
3050 <Value>0</Value>
3051 </Entry>
3052 <Entry type="4" type_name="REG_DWORD">
3053 <Key>Software\Policies\Google\Chrome</Key>
3054 <ValueName>SafeBrowsingProtectionLevel</ValueName>
3055 <Value>2</Value>
3056 </Entry>
3057 <Entry type="4" type_name="REG_DWORD">
3058 <Key>Software\Policies\Google\Chrome</Key>
3059 <ValueName>SafeSitesFilterBehavior</ValueName>
3060 <Value>0</Value>
3061 </Entry>
3062 <Entry type="4" type_name="REG_DWORD">
3063 <Key>Software\Policies\Google\Chrome</Key>
3064 <ValueName>SavingBrowserHistoryDisabled</ValueName>
3065 <Value>1</Value>
3066 </Entry>
3067 <Entry type="4" type_name="REG_DWORD">
3068 <Key>Software\Policies\Google\Chrome</Key>
3069 <ValueName>ScreenCaptureAllowed</ValueName>
3070 <Value>0</Value>
3071 </Entry>
3072 <Entry type="4" type_name="REG_DWORD">
3073 <Key>Software\Policies\Google\Chrome</Key>
3074 <ValueName>ScrollToTextFragmentEnabled</ValueName>
3075 <Value>0</Value>
3076 </Entry>
3077 <Entry type="4" type_name="REG_DWORD">
3078 <Key>Software\Policies\Google\Chrome</Key>
3079 <ValueName>SearchSuggestEnabled</ValueName>
3080 <Value>1</Value>
3081 </Entry>
3082 <Entry type="4" type_name="REG_DWORD">
3083 <Key>Software\Policies\Google\Chrome</Key>
3084 <ValueName>SharedArrayBufferUnrestrictedAccessAllowed</ValueName>
3085 <Value>1</Value>
3086 </Entry>
3087 <Entry type="4" type_name="REG_DWORD">
3088 <Key>Software\Policies\Google\Chrome</Key>
3089 <ValueName>SharedClipboardEnabled</ValueName>
3090 <Value>1</Value>
3091 </Entry>
3092 <Entry type="4" type_name="REG_DWORD">
3093 <Key>Software\Policies\Google\Chrome</Key>
3094 <ValueName>ShowAppsShortcutInBookmarkBar</ValueName>
3095 <Value>0</Value>
3096 </Entry>
3097 <Entry type="4" type_name="REG_DWORD">
3098 <Key>Software\Policies\Google\Chrome</Key>
3099 <ValueName>ShowCastIconInToolbar</ValueName>
3100 <Value>0</Value>
3101 </Entry>
3102 <Entry type="4" type_name="REG_DWORD">
3103 <Key>Software\Policies\Google\Chrome</Key>
3104 <ValueName>ShowFullUrlsInAddressBar</ValueName>
3105 <Value>0</Value>
3106 </Entry>
3107 <Entry type="4" type_name="REG_DWORD">
3108 <Key>Software\Policies\Google\Chrome</Key>
3109 <ValueName>ShowHomeButton</ValueName>
3110 <Value>1</Value>
3111 </Entry>
3112 <Entry type="4" type_name="REG_DWORD">
3113 <Key>Software\Policies\Google\Chrome</Key>
3114 <ValueName>SignedHTTPExchangeEnabled</ValueName>
3115 <Value>1</Value>
3116 </Entry>
3117 <Entry type="4" type_name="REG_DWORD">
3118 <Key>Software\Policies\Google\Chrome</Key>
3119 <ValueName>SigninInterceptionEnabled</ValueName>
3120 <Value>1</Value>
3121 </Entry>
3122 <Entry type="4" type_name="REG_DWORD">
3123 <Key>Software\Policies\Google\Chrome</Key>
3124 <ValueName>SitePerProcess</ValueName>
3125 <Value>1</Value>
3126 </Entry>
3127 <Entry type="4" type_name="REG_DWORD">
3128 <Key>Software\Policies\Google\Chrome</Key>
3129 <ValueName>SpellCheckServiceEnabled</ValueName>
3130 <Value>0</Value>
3131 </Entry>
3132 <Entry type="4" type_name="REG_DWORD">
3133 <Key>Software\Policies\Google\Chrome</Key>
3134 <ValueName>SpellcheckEnabled</ValueName>
3135 <Value>0</Value>
3136 </Entry>
3137 <Entry type="4" type_name="REG_DWORD">
3138 <Key>Software\Policies\Google\Chrome</Key>
3139 <ValueName>SuppressDifferentOriginSubframeDialogs</ValueName>
3140 <Value>1</Value>
3141 </Entry>
3142 <Entry type="4" type_name="REG_DWORD">
3143 <Key>Software\Policies\Google\Chrome</Key>
3144 <ValueName>SuppressUnsupportedOSWarning</ValueName>
3145 <Value>1</Value>
3146 </Entry>
3147 <Entry type="4" type_name="REG_DWORD">
3148 <Key>Software\Policies\Google\Chrome</Key>
3149 <ValueName>SyncDisabled</ValueName>
3150 <Value>1</Value>
3151 </Entry>
3152 <Entry type="4" type_name="REG_DWORD">
3153 <Key>Software\Policies\Google\Chrome</Key>
3154 <ValueName>TargetBlankImpliesNoOpener</ValueName>
3155 <Value>0</Value>
3156 </Entry>
3157 <Entry type="4" type_name="REG_DWORD">
3158 <Key>Software\Policies\Google\Chrome</Key>
3159 <ValueName>TaskManagerEndProcessEnabled</ValueName>
3160 <Value>1</Value>
3161 </Entry>
3162 <Entry type="4" type_name="REG_DWORD">
3163 <Key>Software\Policies\Google\Chrome</Key>
3164 <ValueName>ThirdPartyBlockingEnabled</ValueName>
3165 <Value>0</Value>
3166 </Entry>
3167 <Entry type="4" type_name="REG_DWORD">
3168 <Key>Software\Policies\Google\Chrome</Key>
3169 <ValueName>TotalMemoryLimitMb</ValueName>
3170 <Value>2048</Value>
3171 </Entry>
3172 <Entry type="4" type_name="REG_DWORD">
3173 <Key>Software\Policies\Google\Chrome</Key>
3174 <ValueName>TranslateEnabled</ValueName>
3175 <Value>1</Value>
3176 </Entry>
3177 <Entry type="4" type_name="REG_DWORD">
3178 <Key>Software\Policies\Google\Chrome</Key>
3179 <ValueName>TripleDESEnabled</ValueName>
3180 <Value>0</Value>
3181 </Entry>
3182 <Entry type="4" type_name="REG_DWORD">
3183 <Key>Software\Policies\Google\Chrome</Key>
3184 <ValueName>UrlKeyedAnonymizedDataCollectionEnabled</ValueName>
3185 <Value>1</Value>
3186 </Entry>
3187 <Entry type="4" type_name="REG_DWORD">
3188 <Key>Software\Policies\Google\Chrome</Key>
3189 <ValueName>UserAgentClientHintsEnabled</ValueName>
3190 <Value>1</Value>
3191 </Entry>
3192 <Entry type="1" type_name="REG_SZ">
3193 <Key>Software\Policies\Google\Chrome</Key>
3194 <ValueName>UserDataDir</ValueName>
3195 <Value>${users}/${user_name}/Chrome</Value>
3196 </Entry>
3197 <Entry type="4" type_name="REG_DWORD">
3198 <Key>Software\Policies\Google\Chrome</Key>
3199 <ValueName>UserDataSnapshotRetentionLimit</ValueName>
3200 <Value>3</Value>
3201 </Entry>
3202 <Entry type="4" type_name="REG_DWORD">
3203 <Key>Software\Policies\Google\Chrome</Key>
3204 <ValueName>UserFeedbackAllowed</ValueName>
3205 <Value>1</Value>
3206 </Entry>
3207 <Entry type="4" type_name="REG_DWORD">
3208 <Key>Software\Policies\Google\Chrome</Key>
3209 <ValueName>VideoCaptureAllowed</ValueName>
3210 <Value>0</Value>
3211 </Entry>
3212 <Entry type="4" type_name="REG_DWORD">
3213 <Key>Software\Policies\Google\Chrome</Key>
3214 <ValueName>WPADQuickCheckEnabled</ValueName>
3215 <Value>1</Value>
3216 </Entry>
3217 <Entry type="1" type_name="REG_SZ">
3218 <Key>Software\Policies\Google\Chrome</Key>
3219 <ValueName>WebAppInstallForceList</ValueName>
3220 <Value>[{&quot;create_desktop_shortcut&quot;: true, &quot;default_launch_container&quot;: &quot;window&quot;, &quot;url&quot;: &quot;https://www.google.com/maps&quot;}, {&quot;default_launch_container&quot;: &quot;tab&quot;, &quot;url&quot;: &quot;https://docs.google.com&quot;}, {&quot;default_launch_container&quot;: &quot;window&quot;, &quot;fallback_app_name&quot;: &quot;Editor&quot;, &quot;url&quot;: &quot;https://docs.google.com/editor&quot;}]</Value>
3221 </Entry>
3222 <Entry type="4" type_name="REG_DWORD">
3223 <Key>Software\Policies\Google\Chrome</Key>
3224 <ValueName>WebRtcAllowLegacyTLSProtocols</ValueName>
3225 <Value>0</Value>
3226 </Entry>
3227 <Entry type="4" type_name="REG_DWORD">
3228 <Key>Software\Policies\Google\Chrome</Key>
3229 <ValueName>WebRtcEventLogCollectionAllowed</ValueName>
3230 <Value>1</Value>
3231 </Entry>
3232 <Entry type="1" type_name="REG_SZ">
3233 <Key>Software\Policies\Google\Chrome</Key>
3234 <ValueName>WebRtcIPHandling</ValueName>
3235 <Value>default</Value>
3236 </Entry>
3237 <Entry type="1" type_name="REG_SZ">
3238 <Key>Software\Policies\Google\Chrome</Key>
3239 <ValueName>WebRtcUdpPortRange</ValueName>
3240 <Value>10000-11999</Value>
3241 </Entry>
3242 <Entry type="1" type_name="REG_SZ">
3243 <Key>Software\Policies\Google\Chrome</Key>
3244 <ValueName>WebUsbAllowDevicesForUrls</ValueName>
3245 <Value>[{&quot;devices&quot;: [{&quot;product_id&quot;: 5678, &quot;vendor_id&quot;: 1234}], &quot;urls&quot;: [&quot;https://google.com&quot;]}]</Value>
3246 </Entry>
3247 <Entry type="4" type_name="REG_DWORD">
3248 <Key>Software\Policies\Google\Chrome</Key>
3249 <ValueName>WindowOcclusionEnabled</ValueName>
3250 <Value>1</Value>
3251 </Entry>
3252 <Entry type="1" type_name="REG_SZ">
3253 <Key>Software\Policies\Google\Chrome\AlternativeBrowserParameters</Key>
3254 <ValueName>1</ValueName>
3255 <Value>-foreground</Value>
3256 </Entry>
3257 <Entry type="1" type_name="REG_SZ">
3258 <Key>Software\Policies\Google\Chrome\AlternativeBrowserParameters</Key>
3259 <ValueName>2</ValueName>
3260 <Value>-new-window</Value>
3261 </Entry>
3262 <Entry type="1" type_name="REG_SZ">
3263 <Key>Software\Policies\Google\Chrome\AlternativeBrowserParameters</Key>
3264 <ValueName>3</ValueName>
3265 <Value>${url}</Value>
3266 </Entry>
3267 <Entry type="1" type_name="REG_SZ">
3268 <Key>Software\Policies\Google\Chrome\AlternativeBrowserParameters</Key>
3269 <ValueName>4</ValueName>
3270 <Value>-profile</Value>
3271 </Entry>
3272 <Entry type="1" type_name="REG_SZ">
3273 <Key>Software\Policies\Google\Chrome\AlternativeBrowserParameters</Key>
3274 <ValueName>5</ValueName>
3275 <Value>%HOME%\browser_profile</Value>
3276 </Entry>
3277 <Entry type="1" type_name="REG_SZ">
3278 <Key>Software\Policies\Google\Chrome\AudioCaptureAllowedUrls</Key>
3279 <ValueName>1</ValueName>
3280 <Value>https://www.example.com/</Value>
3281 </Entry>
3282 <Entry type="1" type_name="REG_SZ">
3283 <Key>Software\Policies\Google\Chrome\AudioCaptureAllowedUrls</Key>
3284 <ValueName>2</ValueName>
3285 <Value>https://[*.]example.edu/</Value>
3286 </Entry>
3287 <Entry type="1" type_name="REG_SZ">
3288 <Key>Software\Policies\Google\Chrome\AutoOpenAllowedForURLs</Key>
3289 <ValueName>1</ValueName>
3290 <Value>example.com</Value>
3291 </Entry>
3292 <Entry type="1" type_name="REG_SZ">
3293 <Key>Software\Policies\Google\Chrome\AutoOpenAllowedForURLs</Key>
3294 <ValueName>2</ValueName>
3295 <Value>https://ssl.server.com</Value>
3296 </Entry>
3297 <Entry type="1" type_name="REG_SZ">
3298 <Key>Software\Policies\Google\Chrome\AutoOpenAllowedForURLs</Key>
3299 <ValueName>3</ValueName>
3300 <Value>hosting.com/good_path</Value>
3301 </Entry>
3302 <Entry type="1" type_name="REG_SZ">
3303 <Key>Software\Policies\Google\Chrome\AutoOpenAllowedForURLs</Key>
3304 <ValueName>4</ValueName>
3305 <Value>https://server:8080/path</Value>
3306 </Entry>
3307 <Entry type="1" type_name="REG_SZ">
3308 <Key>Software\Policies\Google\Chrome\AutoOpenAllowedForURLs</Key>
3309 <ValueName>5</ValueName>
3310 <Value>.exact.hostname.com</Value>
3311 </Entry>
3312 <Entry type="1" type_name="REG_SZ">
3313 <Key>Software\Policies\Google\Chrome\AutoOpenFileTypes</Key>
3314 <ValueName>1</ValueName>
3315 <Value>exe</Value>
3316 </Entry>
3317 <Entry type="1" type_name="REG_SZ">
3318 <Key>Software\Policies\Google\Chrome\AutoOpenFileTypes</Key>
3319 <ValueName>2</ValueName>
3320 <Value>txt</Value>
3321 </Entry>
3322 <Entry type="1" type_name="REG_SZ">
3323 <Key>Software\Policies\Google\Chrome\AutoSelectCertificateForUrls</Key>
3324 <ValueName>1</ValueName>
3325 <Value>{&quot;pattern&quot;:&quot;https://www.example.com&quot;,&quot;filter&quot;:{&quot;ISSUER&quot;:{&quot;CN&quot;:&quot;certificate issuer name&quot;, &quot;L&quot;: &quot;certificate issuer location&quot;, &quot;O&quot;: &quot;certificate issuer org&quot;, &quot;OU&quot;: &quot;certificate issuer org unit&quot;}, &quot;SUBJECT&quot;:{&quot;CN&quot;:&quot;certificate subject name&quot;, &quot;L&quot;: &quot;certificate subject location&quot;, &quot;O&quot;: &quot;certificate subject org&quot;, &quot;OU&quot;: &quot;certificate subject org unit&quot;}}}</Value>
3326 </Entry>
3327 <Entry type="1" type_name="REG_SZ">
3328 <Key>Software\Policies\Google\Chrome\AutoplayAllowlist</Key>
3329 <ValueName>1</ValueName>
3330 <Value>https://www.example.com</Value>
3331 </Entry>
3332 <Entry type="1" type_name="REG_SZ">
3333 <Key>Software\Policies\Google\Chrome\AutoplayAllowlist</Key>
3334 <ValueName>2</ValueName>
3335 <Value>[*.]example.edu</Value>
3336 </Entry>
3337 <Entry type="1" type_name="REG_SZ">
3338 <Key>Software\Policies\Google\Chrome\BrowserSwitcherChromeParameters</Key>
3339 <ValueName>1</ValueName>
3340 <Value>--force-dark-mode</Value>
3341 </Entry>
3342 <Entry type="1" type_name="REG_SZ">
3343 <Key>Software\Policies\Google\Chrome\BrowserSwitcherUrlGreylist</Key>
3344 <ValueName>1</ValueName>
3345 <Value>ie.com</Value>
3346 </Entry>
3347 <Entry type="1" type_name="REG_SZ">
3348 <Key>Software\Policies\Google\Chrome\BrowserSwitcherUrlGreylist</Key>
3349 <ValueName>2</ValueName>
3350 <Value>!open-in-chrome.ie.com</Value>
3351 </Entry>
3352 <Entry type="1" type_name="REG_SZ">
3353 <Key>Software\Policies\Google\Chrome\BrowserSwitcherUrlGreylist</Key>
3354 <ValueName>3</ValueName>
3355 <Value>foobar.com/ie-only/</Value>
3356 </Entry>
3357 <Entry type="1" type_name="REG_SZ">
3358 <Key>Software\Policies\Google\Chrome\BrowserSwitcherUrlList</Key>
3359 <ValueName>1</ValueName>
3360 <Value>ie.com</Value>
3361 </Entry>
3362 <Entry type="1" type_name="REG_SZ">
3363 <Key>Software\Policies\Google\Chrome\BrowserSwitcherUrlList</Key>
3364 <ValueName>2</ValueName>
3365 <Value>!open-in-chrome.ie.com</Value>
3366 </Entry>
3367 <Entry type="1" type_name="REG_SZ">
3368 <Key>Software\Policies\Google\Chrome\BrowserSwitcherUrlList</Key>
3369 <ValueName>3</ValueName>
3370 <Value>foobar.com/ie-only/</Value>
3371 </Entry>
3372 <Entry type="1" type_name="REG_SZ">
3373 <Key>Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForCas</Key>
3374 <ValueName>1</ValueName>
3375 <Value>sha256/AAAAAAAAAAAAAAAAAAAAAA==</Value>
3376 </Entry>
3377 <Entry type="1" type_name="REG_SZ">
3378 <Key>Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForCas</Key>
3379 <ValueName>2</ValueName>
3380 <Value>sha256//////////////////////w==</Value>
3381 </Entry>
3382 <Entry type="1" type_name="REG_SZ">
3383 <Key>Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForLegacyCas</Key>
3384 <ValueName>1</ValueName>
3385 <Value>sha256/AAAAAAAAAAAAAAAAAAAAAA==</Value>
3386 </Entry>
3387 <Entry type="1" type_name="REG_SZ">
3388 <Key>Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForLegacyCas</Key>
3389 <ValueName>2</ValueName>
3390 <Value>sha256//////////////////////w==</Value>
3391 </Entry>
3392 <Entry type="1" type_name="REG_SZ">
3393 <Key>Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls</Key>
3394 <ValueName>1</ValueName>
3395 <Value>example.com</Value>
3396 </Entry>
3397 <Entry type="1" type_name="REG_SZ">
3398 <Key>Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls</Key>
3399 <ValueName>2</ValueName>
3400 <Value>.example.com</Value>
3401 </Entry>
3402 <Entry type="1" type_name="REG_SZ">
3403 <Key>Software\Policies\Google\Chrome\ClearBrowsingDataOnExitList</Key>
3404 <ValueName>1</ValueName>
3405 <Value>browsing_history</Value>
3406 </Entry>
3407 <Entry type="1" type_name="REG_SZ">
3408 <Key>Software\Policies\Google\Chrome\ClearBrowsingDataOnExitList</Key>
3409 <ValueName>2</ValueName>
3410 <Value>download_history</Value>
3411 </Entry>
3412 <Entry type="1" type_name="REG_SZ">
3413 <Key>Software\Policies\Google\Chrome\ClearBrowsingDataOnExitList</Key>
3414 <ValueName>3</ValueName>
3415 <Value>cookies_and_other_site_data</Value>
3416 </Entry>
3417 <Entry type="1" type_name="REG_SZ">
3418 <Key>Software\Policies\Google\Chrome\ClearBrowsingDataOnExitList</Key>
3419 <ValueName>4</ValueName>
3420 <Value>cached_images_and_files</Value>
3421 </Entry>
3422 <Entry type="1" type_name="REG_SZ">
3423 <Key>Software\Policies\Google\Chrome\ClearBrowsingDataOnExitList</Key>
3424 <ValueName>5</ValueName>
3425 <Value>password_signin</Value>
3426 </Entry>
3427 <Entry type="1" type_name="REG_SZ">
3428 <Key>Software\Policies\Google\Chrome\ClearBrowsingDataOnExitList</Key>
3429 <ValueName>6</ValueName>
3430 <Value>autofill</Value>
3431 </Entry>
3432 <Entry type="1" type_name="REG_SZ">
3433 <Key>Software\Policies\Google\Chrome\ClearBrowsingDataOnExitList</Key>
3434 <ValueName>7</ValueName>
3435 <Value>site_settings</Value>
3436 </Entry>
3437 <Entry type="1" type_name="REG_SZ">
3438 <Key>Software\Policies\Google\Chrome\ClearBrowsingDataOnExitList</Key>
3439 <ValueName>8</ValueName>
3440 <Value>hosted_app_data</Value>
3441 </Entry>
3442 <Entry type="1" type_name="REG_SZ">
3443 <Key>Software\Policies\Google\Chrome\CookiesAllowedForUrls</Key>
3444 <ValueName>1</ValueName>
3445 <Value>https://www.example.com</Value>
3446 </Entry>
3447 <Entry type="1" type_name="REG_SZ">
3448 <Key>Software\Policies\Google\Chrome\CookiesAllowedForUrls</Key>
3449 <ValueName>2</ValueName>
3450 <Value>[*.]example.edu</Value>
3451 </Entry>
3452 <Entry type="1" type_name="REG_SZ">
3453 <Key>Software\Policies\Google\Chrome\CookiesBlockedForUrls</Key>
3454 <ValueName>1</ValueName>
3455 <Value>https://www.example.com</Value>
3456 </Entry>
3457 <Entry type="1" type_name="REG_SZ">
3458 <Key>Software\Policies\Google\Chrome\CookiesBlockedForUrls</Key>
3459 <ValueName>2</ValueName>
3460 <Value>[*.]example.edu</Value>
3461 </Entry>
3462 <Entry type="1" type_name="REG_SZ">
3463 <Key>Software\Policies\Google\Chrome\CookiesSessionOnlyForUrls</Key>
3464 <ValueName>1</ValueName>
3465 <Value>https://www.example.com</Value>
3466 </Entry>
3467 <Entry type="1" type_name="REG_SZ">
3468 <Key>Software\Policies\Google\Chrome\CookiesSessionOnlyForUrls</Key>
3469 <ValueName>2</ValueName>
3470 <Value>[*.]example.edu</Value>
3471 </Entry>
3472 <Entry type="1" type_name="REG_SZ">
3473 <Key>Software\Policies\Google\Chrome\DefaultSearchProviderAlternateURLs</Key>
3474 <ValueName>1</ValueName>
3475 <Value>https://search.my.company/suggest#q={searchTerms}</Value>
3476 </Entry>
3477 <Entry type="1" type_name="REG_SZ">
3478 <Key>Software\Policies\Google\Chrome\DefaultSearchProviderAlternateURLs</Key>
3479 <ValueName>2</ValueName>
3480 <Value>https://search.my.company/suggest/search#q={searchTerms}</Value>
3481 </Entry>
3482 <Entry type="1" type_name="REG_SZ">
3483 <Key>Software\Policies\Google\Chrome\DefaultSearchProviderEncodings</Key>
3484 <ValueName>1</ValueName>
3485 <Value>UTF-8</Value>
3486 </Entry>
3487 <Entry type="1" type_name="REG_SZ">
3488 <Key>Software\Policies\Google\Chrome\DefaultSearchProviderEncodings</Key>
3489 <ValueName>2</ValueName>
3490 <Value>UTF-16</Value>
3491 </Entry>
3492 <Entry type="1" type_name="REG_SZ">
3493 <Key>Software\Policies\Google\Chrome\DefaultSearchProviderEncodings</Key>
3494 <ValueName>3</ValueName>
3495 <Value>GB2312</Value>
3496 </Entry>
3497 <Entry type="1" type_name="REG_SZ">
3498 <Key>Software\Policies\Google\Chrome\DefaultSearchProviderEncodings</Key>
3499 <ValueName>4</ValueName>
3500 <Value>ISO-8859-1</Value>
3501 </Entry>
3502 <Entry type="1" type_name="REG_SZ">
3503 <Key>Software\Policies\Google\Chrome\EnableExperimentalPolicies</Key>
3504 <ValueName>1</ValueName>
3505 <Value>ExtensionInstallAllowlist</Value>
3506 </Entry>
3507 <Entry type="1" type_name="REG_SZ">
3508 <Key>Software\Policies\Google\Chrome\EnableExperimentalPolicies</Key>
3509 <ValueName>2</ValueName>
3510 <Value>ExtensionInstallBlocklist</Value>
3511 </Entry>
3512 <Entry type="1" type_name="REG_SZ">
3513 <Key>Software\Policies\Google\Chrome\ExplicitlyAllowedNetworkPorts</Key>
3514 <ValueName>1</ValueName>
3515 <Value>10080</Value>
3516 </Entry>
3517 <Entry type="1" type_name="REG_SZ">
3518 <Key>Software\Policies\Google\Chrome\ExtensionAllowedTypes</Key>
3519 <ValueName>1</ValueName>
3520 <Value>hosted_app</Value>
3521 </Entry>
3522 <Entry type="1" type_name="REG_SZ">
3523 <Key>Software\Policies\Google\Chrome\ExtensionInstallAllowlist</Key>
3524 <ValueName>1</ValueName>
3525 <Value>extension_id1</Value>
3526 </Entry>
3527 <Entry type="1" type_name="REG_SZ">
3528 <Key>Software\Policies\Google\Chrome\ExtensionInstallAllowlist</Key>
3529 <ValueName>2</ValueName>
3530 <Value>extension_id2</Value>
3531 </Entry>
3532 <Entry type="1" type_name="REG_SZ">
3533 <Key>Software\Policies\Google\Chrome\ExtensionInstallBlocklist</Key>
3534 <ValueName>1</ValueName>
3535 <Value>extension_id1</Value>
3536 </Entry>
3537 <Entry type="1" type_name="REG_SZ">
3538 <Key>Software\Policies\Google\Chrome\ExtensionInstallBlocklist</Key>
3539 <ValueName>2</ValueName>
3540 <Value>extension_id2</Value>
3541 </Entry>
3542 <Entry type="1" type_name="REG_SZ">
3543 <Key>Software\Policies\Google\Chrome\ExtensionInstallForcelist</Key>
3544 <ValueName>1</ValueName>
3545 <Value>aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa;https://clients2.google.com/service/update2/crx</Value>
3546 </Entry>
3547 <Entry type="1" type_name="REG_SZ">
3548 <Key>Software\Policies\Google\Chrome\ExtensionInstallForcelist</Key>
3549 <ValueName>2</ValueName>
3550 <Value>abcdefghijklmnopabcdefghijklmnop</Value>
3551 </Entry>
3552 <Entry type="1" type_name="REG_SZ">
3553 <Key>Software\Policies\Google\Chrome\ExtensionInstallSources</Key>
3554 <ValueName>1</ValueName>
3555 <Value>https://corp.mycompany.com/*</Value>
3556 </Entry>
3557 <Entry type="1" type_name="REG_SZ">
3558 <Key>Software\Policies\Google\Chrome\FileHandlingAllowedForUrls</Key>
3559 <ValueName>1</ValueName>
3560 <Value>https://www.example.com</Value>
3561 </Entry>
3562 <Entry type="1" type_name="REG_SZ">
3563 <Key>Software\Policies\Google\Chrome\FileHandlingAllowedForUrls</Key>
3564 <ValueName>2</ValueName>
3565 <Value>[*.]example.edu</Value>
3566 </Entry>
3567 <Entry type="1" type_name="REG_SZ">
3568 <Key>Software\Policies\Google\Chrome\FileHandlingBlockedForUrls</Key>
3569 <ValueName>1</ValueName>
3570 <Value>https://www.example.com</Value>
3571 </Entry>
3572 <Entry type="1" type_name="REG_SZ">
3573 <Key>Software\Policies\Google\Chrome\FileHandlingBlockedForUrls</Key>
3574 <ValueName>2</ValueName>
3575 <Value>[*.]example.edu</Value>
3576 </Entry>
3577 <Entry type="1" type_name="REG_SZ">
3578 <Key>Software\Policies\Google\Chrome\FileSystemReadAskForUrls</Key>
3579 <ValueName>1</ValueName>
3580 <Value>https://www.example.com</Value>
3581 </Entry>
3582 <Entry type="1" type_name="REG_SZ">
3583 <Key>Software\Policies\Google\Chrome\FileSystemReadAskForUrls</Key>
3584 <ValueName>2</ValueName>
3585 <Value>[*.]example.edu</Value>
3586 </Entry>
3587 <Entry type="1" type_name="REG_SZ">
3588 <Key>Software\Policies\Google\Chrome\FileSystemReadBlockedForUrls</Key>
3589 <ValueName>1</ValueName>
3590 <Value>https://www.example.com</Value>
3591 </Entry>
3592 <Entry type="1" type_name="REG_SZ">
3593 <Key>Software\Policies\Google\Chrome\FileSystemReadBlockedForUrls</Key>
3594 <ValueName>2</ValueName>
3595 <Value>[*.]example.edu</Value>
3596 </Entry>
3597 <Entry type="1" type_name="REG_SZ">
3598 <Key>Software\Policies\Google\Chrome\FileSystemWriteAskForUrls</Key>
3599 <ValueName>1</ValueName>
3600 <Value>https://www.example.com</Value>
3601 </Entry>
3602 <Entry type="1" type_name="REG_SZ">
3603 <Key>Software\Policies\Google\Chrome\FileSystemWriteAskForUrls</Key>
3604 <ValueName>2</ValueName>
3605 <Value>[*.]example.edu</Value>
3606 </Entry>
3607 <Entry type="1" type_name="REG_SZ">
3608 <Key>Software\Policies\Google\Chrome\FileSystemWriteBlockedForUrls</Key>
3609 <ValueName>1</ValueName>
3610 <Value>https://www.example.com</Value>
3611 </Entry>
3612 <Entry type="1" type_name="REG_SZ">
3613 <Key>Software\Policies\Google\Chrome\FileSystemWriteBlockedForUrls</Key>
3614 <ValueName>2</ValueName>
3615 <Value>[*.]example.edu</Value>
3616 </Entry>
3617 <Entry type="1" type_name="REG_SZ">
3618 <Key>Software\Policies\Google\Chrome\ForcedLanguages</Key>
3619 <ValueName>1</ValueName>
3620 <Value>en-US</Value>
3621 </Entry>
3622 <Entry type="1" type_name="REG_SZ">
3623 <Key>Software\Policies\Google\Chrome\HSTSPolicyBypassList</Key>
3624 <ValueName>1</ValueName>
3625 <Value>meet</Value>
3626 </Entry>
3627 <Entry type="1" type_name="REG_SZ">
3628 <Key>Software\Policies\Google\Chrome\ImagesAllowedForUrls</Key>
3629 <ValueName>1</ValueName>
3630 <Value>https://www.example.com</Value>
3631 </Entry>
3632 <Entry type="1" type_name="REG_SZ">
3633 <Key>Software\Policies\Google\Chrome\ImagesAllowedForUrls</Key>
3634 <ValueName>2</ValueName>
3635 <Value>[*.]example.edu</Value>
3636 </Entry>
3637 <Entry type="1" type_name="REG_SZ">
3638 <Key>Software\Policies\Google\Chrome\ImagesBlockedForUrls</Key>
3639 <ValueName>1</ValueName>
3640 <Value>https://www.example.com</Value>
3641 </Entry>
3642 <Entry type="1" type_name="REG_SZ">
3643 <Key>Software\Policies\Google\Chrome\ImagesBlockedForUrls</Key>
3644 <ValueName>2</ValueName>
3645 <Value>[*.]example.edu</Value>
3646 </Entry>
3647 <Entry type="1" type_name="REG_SZ">
3648 <Key>Software\Policies\Google\Chrome\InsecureContentAllowedForUrls</Key>
3649 <ValueName>1</ValueName>
3650 <Value>https://www.example.com</Value>
3651 </Entry>
3652 <Entry type="1" type_name="REG_SZ">
3653 <Key>Software\Policies\Google\Chrome\InsecureContentAllowedForUrls</Key>
3654 <ValueName>2</ValueName>
3655 <Value>[*.]example.edu</Value>
3656 </Entry>
3657 <Entry type="1" type_name="REG_SZ">
3658 <Key>Software\Policies\Google\Chrome\InsecureContentBlockedForUrls</Key>
3659 <ValueName>1</ValueName>
3660 <Value>https://www.example.com</Value>
3661 </Entry>
3662 <Entry type="1" type_name="REG_SZ">
3663 <Key>Software\Policies\Google\Chrome\InsecureContentBlockedForUrls</Key>
3664 <ValueName>2</ValueName>
3665 <Value>[*.]example.edu</Value>
3666 </Entry>
3667 <Entry type="1" type_name="REG_SZ">
3668 <Key>Software\Policies\Google\Chrome\InsecurePrivateNetworkRequestsAllowedForUrls</Key>
3669 <ValueName>1</ValueName>
3670 <Value>http://www.example.com:8080</Value>
3671 </Entry>
3672 <Entry type="1" type_name="REG_SZ">
3673 <Key>Software\Policies\Google\Chrome\InsecurePrivateNetworkRequestsAllowedForUrls</Key>
3674 <ValueName>2</ValueName>
3675 <Value>[*.]example.edu</Value>
3676 </Entry>
3677 <Entry type="1" type_name="REG_SZ">
3678 <Key>Software\Policies\Google\Chrome\JavaScriptAllowedForUrls</Key>
3679 <ValueName>1</ValueName>
3680 <Value>https://www.example.com</Value>
3681 </Entry>
3682 <Entry type="1" type_name="REG_SZ">
3683 <Key>Software\Policies\Google\Chrome\JavaScriptAllowedForUrls</Key>
3684 <ValueName>2</ValueName>
3685 <Value>[*.]example.edu</Value>
3686 </Entry>
3687 <Entry type="1" type_name="REG_SZ">
3688 <Key>Software\Policies\Google\Chrome\JavaScriptBlockedForUrls</Key>
3689 <ValueName>1</ValueName>
3690 <Value>https://www.example.com</Value>
3691 </Entry>
3692 <Entry type="1" type_name="REG_SZ">
3693 <Key>Software\Policies\Google\Chrome\JavaScriptBlockedForUrls</Key>
3694 <ValueName>2</ValueName>
3695 <Value>[*.]example.edu</Value>
3696 </Entry>
3697 <Entry type="1" type_name="REG_SZ">
3698 <Key>Software\Policies\Google\Chrome\LegacySameSiteCookieBehaviorEnabledForDomainList</Key>
3699 <ValueName>1</ValueName>
3700 <Value>www.example.com</Value>
3701 </Entry>
3702 <Entry type="1" type_name="REG_SZ">
3703 <Key>Software\Policies\Google\Chrome\LegacySameSiteCookieBehaviorEnabledForDomainList</Key>
3704 <ValueName>2</ValueName>
3705 <Value>[*.]example.edu</Value>
3706 </Entry>
3707 <Entry type="1" type_name="REG_SZ">
3708 <Key>Software\Policies\Google\Chrome\LookalikeWarningAllowlistDomains</Key>
3709 <ValueName>1</ValueName>
3710 <Value>foo.example.com</Value>
3711 </Entry>
3712 <Entry type="1" type_name="REG_SZ">
3713 <Key>Software\Policies\Google\Chrome\LookalikeWarningAllowlistDomains</Key>
3714 <ValueName>2</ValueName>
3715 <Value>example.org</Value>
3716 </Entry>
3717 <Entry type="1" type_name="REG_SZ">
3718 <Key>Software\Policies\Google\Chrome\NativeMessagingAllowlist</Key>
3719 <ValueName>1</ValueName>
3720 <Value>com.native.messaging.host.name1</Value>
3721 </Entry>
3722 <Entry type="1" type_name="REG_SZ">
3723 <Key>Software\Policies\Google\Chrome\NativeMessagingAllowlist</Key>
3724 <ValueName>2</ValueName>
3725 <Value>com.native.messaging.host.name2</Value>
3726 </Entry>
3727 <Entry type="1" type_name="REG_SZ">
3728 <Key>Software\Policies\Google\Chrome\NativeMessagingBlocklist</Key>
3729 <ValueName>1</ValueName>
3730 <Value>com.native.messaging.host.name1</Value>
3731 </Entry>
3732 <Entry type="1" type_name="REG_SZ">
3733 <Key>Software\Policies\Google\Chrome\NativeMessagingBlocklist</Key>
3734 <ValueName>2</ValueName>
3735 <Value>com.native.messaging.host.name2</Value>
3736 </Entry>
3737 <Entry type="1" type_name="REG_SZ">
3738 <Key>Software\Policies\Google\Chrome\NotificationsAllowedForUrls</Key>
3739 <ValueName>1</ValueName>
3740 <Value>https://www.example.com</Value>
3741 </Entry>
3742 <Entry type="1" type_name="REG_SZ">
3743 <Key>Software\Policies\Google\Chrome\NotificationsAllowedForUrls</Key>
3744 <ValueName>2</ValueName>
3745 <Value>[*.]example.edu</Value>
3746 </Entry>
3747 <Entry type="1" type_name="REG_SZ">
3748 <Key>Software\Policies\Google\Chrome\NotificationsBlockedForUrls</Key>
3749 <ValueName>1</ValueName>
3750 <Value>https://www.example.com</Value>
3751 </Entry>
3752 <Entry type="1" type_name="REG_SZ">
3753 <Key>Software\Policies\Google\Chrome\NotificationsBlockedForUrls</Key>
3754 <ValueName>2</ValueName>
3755 <Value>[*.]example.edu</Value>
3756 </Entry>
3757 <Entry type="1" type_name="REG_SZ">
3758 <Key>Software\Policies\Google\Chrome\OverrideSecurityRestrictionsOnInsecureOrigin</Key>
3759 <ValueName>1</ValueName>
3760 <Value>http://testserver.example.com/</Value>
3761 </Entry>
3762 <Entry type="1" type_name="REG_SZ">
3763 <Key>Software\Policies\Google\Chrome\OverrideSecurityRestrictionsOnInsecureOrigin</Key>
3764 <ValueName>2</ValueName>
3765 <Value>*.example.org</Value>
3766 </Entry>
3767 <Entry type="1" type_name="REG_SZ">
3768 <Key>Software\Policies\Google\Chrome\PasswordProtectionLoginURLs</Key>
3769 <ValueName>1</ValueName>
3770 <Value>https://mydomain.com/login.html</Value>
3771 </Entry>
3772 <Entry type="1" type_name="REG_SZ">
3773 <Key>Software\Policies\Google\Chrome\PasswordProtectionLoginURLs</Key>
3774 <ValueName>2</ValueName>
3775 <Value>https://login.mydomain.com</Value>
3776 </Entry>
3777 <Entry type="1" type_name="REG_SZ">
3778 <Key>Software\Policies\Google\Chrome\PolicyDictionaryMultipleSourceMergeList</Key>
3779 <ValueName>1</ValueName>
3780 <Value>ExtensionSettings</Value>
3781 </Entry>
3782 <Entry type="1" type_name="REG_SZ">
3783 <Key>Software\Policies\Google\Chrome\PolicyListMultipleSourceMergeList</Key>
3784 <ValueName>1</ValueName>
3785 <Value>ExtensionInstallAllowlist</Value>
3786 </Entry>
3787 <Entry type="1" type_name="REG_SZ">
3788 <Key>Software\Policies\Google\Chrome\PolicyListMultipleSourceMergeList</Key>
3789 <ValueName>2</ValueName>
3790 <Value>ExtensionInstallBlocklist</Value>
3791 </Entry>
3792 <Entry type="1" type_name="REG_SZ">
3793 <Key>Software\Policies\Google\Chrome\PopupsAllowedForUrls</Key>
3794 <ValueName>1</ValueName>
3795 <Value>https://www.example.com</Value>
3796 </Entry>
3797 <Entry type="1" type_name="REG_SZ">
3798 <Key>Software\Policies\Google\Chrome\PopupsAllowedForUrls</Key>
3799 <ValueName>2</ValueName>
3800 <Value>[*.]example.edu</Value>
3801 </Entry>
3802 <Entry type="1" type_name="REG_SZ">
3803 <Key>Software\Policies\Google\Chrome\PopupsBlockedForUrls</Key>
3804 <ValueName>1</ValueName>
3805 <Value>https://www.example.com</Value>
3806 </Entry>
3807 <Entry type="1" type_name="REG_SZ">
3808 <Key>Software\Policies\Google\Chrome\PopupsBlockedForUrls</Key>
3809 <ValueName>2</ValueName>
3810 <Value>[*.]example.edu</Value>
3811 </Entry>
3812 <Entry type="1" type_name="REG_SZ">
3813 <Key>Software\Policies\Google\Chrome\PrinterTypeDenyList</Key>
3814 <ValueName>1</ValueName>
3815 <Value>cloud</Value>
3816 </Entry>
3817 <Entry type="1" type_name="REG_SZ">
3818 <Key>Software\Policies\Google\Chrome\PrinterTypeDenyList</Key>
3819 <ValueName>2</ValueName>
3820 <Value>privet</Value>
3821 </Entry>
3822 <Entry type="1" type_name="REG_SZ">
3823 <Key>Software\Policies\Google\Chrome\RemoteAccessHostClientDomainList</Key>
3824 <ValueName>1</ValueName>
3825 <Value>my-awesome-domain.com</Value>
3826 </Entry>
3827 <Entry type="1" type_name="REG_SZ">
3828 <Key>Software\Policies\Google\Chrome\RemoteAccessHostClientDomainList</Key>
3829 <ValueName>2</ValueName>
3830 <Value>my-auxiliary-domain.com</Value>
3831 </Entry>
3832 <Entry type="1" type_name="REG_SZ">
3833 <Key>Software\Policies\Google\Chrome\RemoteAccessHostDomainList</Key>
3834 <ValueName>1</ValueName>
3835 <Value>my-awesome-domain.com</Value>
3836 </Entry>
3837 <Entry type="1" type_name="REG_SZ">
3838 <Key>Software\Policies\Google\Chrome\RemoteAccessHostDomainList</Key>
3839 <ValueName>2</ValueName>
3840 <Value>my-auxiliary-domain.com</Value>
3841 </Entry>
3842 <Entry type="1" type_name="REG_SZ">
3843 <Key>Software\Policies\Google\Chrome\RestoreOnStartupURLs</Key>
3844 <ValueName>1</ValueName>
3845 <Value>https://example.com</Value>
3846 </Entry>
3847 <Entry type="1" type_name="REG_SZ">
3848 <Key>Software\Policies\Google\Chrome\RestoreOnStartupURLs</Key>
3849 <ValueName>2</ValueName>
3850 <Value>https://www.chromium.org</Value>
3851 </Entry>
3852 <Entry type="1" type_name="REG_SZ">
3853 <Key>Software\Policies\Google\Chrome\SSLErrorOverrideAllowedForOrigins</Key>
3854 <ValueName>1</ValueName>
3855 <Value>https://www.example.com</Value>
3856 </Entry>
3857 <Entry type="1" type_name="REG_SZ">
3858 <Key>Software\Policies\Google\Chrome\SSLErrorOverrideAllowedForOrigins</Key>
3859 <ValueName>2</ValueName>
3860 <Value>[*.]example.edu</Value>
3861 </Entry>
3862 <Entry type="1" type_name="REG_SZ">
3863 <Key>Software\Policies\Google\Chrome\SafeBrowsingAllowlistDomains</Key>
3864 <ValueName>1</ValueName>
3865 <Value>mydomain.com</Value>
3866 </Entry>
3867 <Entry type="1" type_name="REG_SZ">
3868 <Key>Software\Policies\Google\Chrome\SafeBrowsingAllowlistDomains</Key>
3869 <ValueName>2</ValueName>
3870 <Value>myuniversity.edu</Value>
3871 </Entry>
3872 <Entry type="1" type_name="REG_SZ">
3873 <Key>Software\Policies\Google\Chrome\SecurityKeyPermitAttestation</Key>
3874 <ValueName>1</ValueName>
3875 <Value>https://example.com</Value>
3876 </Entry>
3877 <Entry type="1" type_name="REG_SZ">
3878 <Key>Software\Policies\Google\Chrome\SensorsAllowedForUrls</Key>
3879 <ValueName>1</ValueName>
3880 <Value>https://www.example.com</Value>
3881 </Entry>
3882 <Entry type="1" type_name="REG_SZ">
3883 <Key>Software\Policies\Google\Chrome\SensorsAllowedForUrls</Key>
3884 <ValueName>2</ValueName>
3885 <Value>[*.]example.edu</Value>
3886 </Entry>
3887 <Entry type="1" type_name="REG_SZ">
3888 <Key>Software\Policies\Google\Chrome\SensorsBlockedForUrls</Key>
3889 <ValueName>1</ValueName>
3890 <Value>https://www.example.com</Value>
3891 </Entry>
3892 <Entry type="1" type_name="REG_SZ">
3893 <Key>Software\Policies\Google\Chrome\SensorsBlockedForUrls</Key>
3894 <ValueName>2</ValueName>
3895 <Value>[*.]example.edu</Value>
3896 </Entry>
3897 <Entry type="1" type_name="REG_SZ">
3898 <Key>Software\Policies\Google\Chrome\SerialAskForUrls</Key>
3899 <ValueName>1</ValueName>
3900 <Value>https://www.example.com</Value>
3901 </Entry>
3902 <Entry type="1" type_name="REG_SZ">
3903 <Key>Software\Policies\Google\Chrome\SerialAskForUrls</Key>
3904 <ValueName>2</ValueName>
3905 <Value>[*.]example.edu</Value>
3906 </Entry>
3907 <Entry type="1" type_name="REG_SZ">
3908 <Key>Software\Policies\Google\Chrome\SerialBlockedForUrls</Key>
3909 <ValueName>1</ValueName>
3910 <Value>https://www.example.com</Value>
3911 </Entry>
3912 <Entry type="1" type_name="REG_SZ">
3913 <Key>Software\Policies\Google\Chrome\SerialBlockedForUrls</Key>
3914 <ValueName>2</ValueName>
3915 <Value>[*.]example.edu</Value>
3916 </Entry>
3917 <Entry type="1" type_name="REG_SZ">
3918 <Key>Software\Policies\Google\Chrome\SpellcheckLanguage</Key>
3919 <ValueName>1</ValueName>
3920 <Value>fr</Value>
3921 </Entry>
3922 <Entry type="1" type_name="REG_SZ">
3923 <Key>Software\Policies\Google\Chrome\SpellcheckLanguage</Key>
3924 <ValueName>2</ValueName>
3925 <Value>es</Value>
3926 </Entry>
3927 <Entry type="1" type_name="REG_SZ">
3928 <Key>Software\Policies\Google\Chrome\SpellcheckLanguageBlocklist</Key>
3929 <ValueName>1</ValueName>
3930 <Value>fr</Value>
3931 </Entry>
3932 <Entry type="1" type_name="REG_SZ">
3933 <Key>Software\Policies\Google\Chrome\SpellcheckLanguageBlocklist</Key>
3934 <ValueName>2</ValueName>
3935 <Value>es</Value>
3936 </Entry>
3937 <Entry type="1" type_name="REG_SZ">
3938 <Key>Software\Policies\Google\Chrome\SyncTypesListDisabled</Key>
3939 <ValueName>1</ValueName>
3940 <Value>bookmarks</Value>
3941 </Entry>
3942 <Entry type="1" type_name="REG_SZ">
3943 <Key>Software\Policies\Google\Chrome\URLAllowlist</Key>
3944 <ValueName>1</ValueName>
3945 <Value>example.com</Value>
3946 </Entry>
3947 <Entry type="1" type_name="REG_SZ">
3948 <Key>Software\Policies\Google\Chrome\URLAllowlist</Key>
3949 <ValueName>2</ValueName>
3950 <Value>https://ssl.server.com</Value>
3951 </Entry>
3952 <Entry type="1" type_name="REG_SZ">
3953 <Key>Software\Policies\Google\Chrome\URLAllowlist</Key>
3954 <ValueName>3</ValueName>
3955 <Value>hosting.com/good_path</Value>
3956 </Entry>
3957 <Entry type="1" type_name="REG_SZ">
3958 <Key>Software\Policies\Google\Chrome\URLAllowlist</Key>
3959 <ValueName>4</ValueName>
3960 <Value>https://server:8080/path</Value>
3961 </Entry>
3962 <Entry type="1" type_name="REG_SZ">
3963 <Key>Software\Policies\Google\Chrome\URLAllowlist</Key>
3964 <ValueName>5</ValueName>
3965 <Value>.exact.hostname.com</Value>
3966 </Entry>
3967 <Entry type="1" type_name="REG_SZ">
3968 <Key>Software\Policies\Google\Chrome\URLBlocklist</Key>
3969 <ValueName>1</ValueName>
3970 <Value>example.com</Value>
3971 </Entry>
3972 <Entry type="1" type_name="REG_SZ">
3973 <Key>Software\Policies\Google\Chrome\URLBlocklist</Key>
3974 <ValueName>2</ValueName>
3975 <Value>https://ssl.server.com</Value>
3976 </Entry>
3977 <Entry type="1" type_name="REG_SZ">
3978 <Key>Software\Policies\Google\Chrome\URLBlocklist</Key>
3979 <ValueName>3</ValueName>
3980 <Value>hosting.com/bad_path</Value>
3981 </Entry>
3982 <Entry type="1" type_name="REG_SZ">
3983 <Key>Software\Policies\Google\Chrome\URLBlocklist</Key>
3984 <ValueName>4</ValueName>
3985 <Value>https://server:8080/path</Value>
3986 </Entry>
3987 <Entry type="1" type_name="REG_SZ">
3988 <Key>Software\Policies\Google\Chrome\URLBlocklist</Key>
3989 <ValueName>5</ValueName>
3990 <Value>.exact.hostname.com</Value>
3991 </Entry>
3992 <Entry type="1" type_name="REG_SZ">
3993 <Key>Software\Policies\Google\Chrome\URLBlocklist</Key>
3994 <ValueName>6</ValueName>
3995 <Value>file://*</Value>
3996 </Entry>
3997 <Entry type="1" type_name="REG_SZ">
3998 <Key>Software\Policies\Google\Chrome\URLBlocklist</Key>
3999 <ValueName>7</ValueName>
4000 <Value>custom_scheme:*</Value>
4001 </Entry>
4002 <Entry type="1" type_name="REG_SZ">
4003 <Key>Software\Policies\Google\Chrome\URLBlocklist</Key>
4004 <ValueName>8</ValueName>
4005 <Value>*</Value>
4006 </Entry>
4007 <Entry type="1" type_name="REG_SZ">
4008 <Key>Software\Policies\Google\Chrome\VideoCaptureAllowedUrls</Key>
4009 <ValueName>1</ValueName>
4010 <Value>https://www.example.com/</Value>
4011 </Entry>
4012 <Entry type="1" type_name="REG_SZ">
4013 <Key>Software\Policies\Google\Chrome\VideoCaptureAllowedUrls</Key>
4014 <ValueName>2</ValueName>
4015 <Value>https://[*.]example.edu/</Value>
4016 </Entry>
4017 <Entry type="1" type_name="REG_SZ">
4018 <Key>Software\Policies\Google\Chrome\WebRtcLocalIpsAllowedUrls</Key>
4019 <ValueName>1</ValueName>
4020 <Value>https://www.example.com</Value>
4021 </Entry>
4022 <Entry type="1" type_name="REG_SZ">
4023 <Key>Software\Policies\Google\Chrome\WebRtcLocalIpsAllowedUrls</Key>
4024 <ValueName>2</ValueName>
4025 <Value>*example.com*</Value>
4026 </Entry>
4027 <Entry type="1" type_name="REG_SZ">
4028 <Key>Software\Policies\Google\Chrome\WebUsbAskForUrls</Key>
4029 <ValueName>1</ValueName>
4030 <Value>https://www.example.com</Value>
4031 </Entry>
4032 <Entry type="1" type_name="REG_SZ">
4033 <Key>Software\Policies\Google\Chrome\WebUsbAskForUrls</Key>
4034 <ValueName>2</ValueName>
4035 <Value>[*.]example.edu</Value>
4036 </Entry>
4037 <Entry type="1" type_name="REG_SZ">
4038 <Key>Software\Policies\Google\Chrome\WebUsbBlockedForUrls</Key>
4039 <ValueName>1</ValueName>
4040 <Value>https://www.example.com</Value>
4041 </Entry>
4042 <Entry type="1" type_name="REG_SZ">
4043 <Key>Software\Policies\Google\Chrome\WebUsbBlockedForUrls</Key>
4044 <ValueName>2</ValueName>
4045 <Value>[*.]example.edu</Value>
4046 </Entry>
4047 <Entry type="4" type_name="REG_DWORD">
4048 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4049 <ValueName>AlternateErrorPagesEnabled</ValueName>
4050 <Value>1</Value>
4051 </Entry>
4052 <Entry type="1" type_name="REG_SZ">
4053 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4054 <ValueName>ApplicationLocaleValue</ValueName>
4055 <Value>en</Value>
4056 </Entry>
4057 <Entry type="4" type_name="REG_DWORD">
4058 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4059 <ValueName>AutofillAddressEnabled</ValueName>
4060 <Value>0</Value>
4061 </Entry>
4062 <Entry type="4" type_name="REG_DWORD">
4063 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4064 <ValueName>AutofillCreditCardEnabled</ValueName>
4065 <Value>0</Value>
4066 </Entry>
4067 <Entry type="4" type_name="REG_DWORD">
4068 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4069 <ValueName>BackgroundModeEnabled</ValueName>
4070 <Value>1</Value>
4071 </Entry>
4072 <Entry type="4" type_name="REG_DWORD">
4073 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4074 <ValueName>BlockThirdPartyCookies</ValueName>
4075 <Value>0</Value>
4076 </Entry>
4077 <Entry type="4" type_name="REG_DWORD">
4078 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4079 <ValueName>BookmarkBarEnabled</ValueName>
4080 <Value>1</Value>
4081 </Entry>
4082 <Entry type="1" type_name="REG_SZ">
4083 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4084 <ValueName>DefaultDownloadDirectory</ValueName>
4085 <Value>/home/${user_name}/Downloads</Value>
4086 </Entry>
4087 <Entry type="1" type_name="REG_SZ">
4088 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4089 <ValueName>DownloadDirectory</ValueName>
4090 <Value>/home/${user_name}/Downloads</Value>
4091 </Entry>
4092 <Entry type="4" type_name="REG_DWORD">
4093 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4094 <ValueName>DownloadRestrictions</ValueName>
4095 <Value>2</Value>
4096 </Entry>
4097 <Entry type="4" type_name="REG_DWORD">
4098 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4099 <ValueName>HomepageIsNewTabPage</ValueName>
4100 <Value>1</Value>
4101 </Entry>
4102 <Entry type="1" type_name="REG_SZ">
4103 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4104 <ValueName>HomepageLocation</ValueName>
4105 <Value>https://www.chromium.org</Value>
4106 </Entry>
4107 <Entry type="4" type_name="REG_DWORD">
4108 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4109 <ValueName>ImportAutofillFormData</ValueName>
4110 <Value>1</Value>
4111 </Entry>
4112 <Entry type="4" type_name="REG_DWORD">
4113 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4114 <ValueName>ImportBookmarks</ValueName>
4115 <Value>1</Value>
4116 </Entry>
4117 <Entry type="4" type_name="REG_DWORD">
4118 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4119 <ValueName>ImportHistory</ValueName>
4120 <Value>1</Value>
4121 </Entry>
4122 <Entry type="4" type_name="REG_DWORD">
4123 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4124 <ValueName>ImportSavedPasswords</ValueName>
4125 <Value>1</Value>
4126 </Entry>
4127 <Entry type="4" type_name="REG_DWORD">
4128 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4129 <ValueName>ImportSearchEngine</ValueName>
4130 <Value>1</Value>
4131 </Entry>
4132 <Entry type="4" type_name="REG_DWORD">
4133 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4134 <ValueName>MetricsReportingEnabled</ValueName>
4135 <Value>1</Value>
4136 </Entry>
4137 <Entry type="4" type_name="REG_DWORD">
4138 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4139 <ValueName>NetworkPredictionOptions</ValueName>
4140 <Value>1</Value>
4141 </Entry>
4142 <Entry type="4" type_name="REG_DWORD">
4143 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4144 <ValueName>PasswordLeakDetectionEnabled</ValueName>
4145 <Value>1</Value>
4146 </Entry>
4147 <Entry type="4" type_name="REG_DWORD">
4148 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4149 <ValueName>PasswordManagerEnabled</ValueName>
4150 <Value>1</Value>
4151 </Entry>
4152 <Entry type="4" type_name="REG_DWORD">
4153 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4154 <ValueName>PrintHeaderFooter</ValueName>
4155 <Value>0</Value>
4156 </Entry>
4157 <Entry type="4" type_name="REG_DWORD">
4158 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4159 <ValueName>PrintPreviewUseSystemDefaultPrinter</ValueName>
4160 <Value>0</Value>
4161 </Entry>
4162 <Entry type="1" type_name="REG_SZ">
4163 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4164 <ValueName>RegisteredProtocolHandlers</ValueName>
4165 <Value>[{&quot;default&quot;: true, &quot;protocol&quot;: &quot;mailto&quot;, &quot;url&quot;: &quot;https://mail.google.com/mail/?extsrc=mailto&amp;url=%s&quot;}]</Value>
4166 </Entry>
4167 <Entry type="4" type_name="REG_DWORD">
4168 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4169 <ValueName>RestoreOnStartup</ValueName>
4170 <Value>4</Value>
4171 </Entry>
4172 <Entry type="4" type_name="REG_DWORD">
4173 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4174 <ValueName>SafeBrowsingForTrustedSourcesEnabled</ValueName>
4175 <Value>0</Value>
4176 </Entry>
4177 <Entry type="4" type_name="REG_DWORD">
4178 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4179 <ValueName>SafeBrowsingProtectionLevel</ValueName>
4180 <Value>2</Value>
4181 </Entry>
4182 <Entry type="4" type_name="REG_DWORD">
4183 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4184 <ValueName>SearchSuggestEnabled</ValueName>
4185 <Value>1</Value>
4186 </Entry>
4187 <Entry type="4" type_name="REG_DWORD">
4188 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4189 <ValueName>ShowFullUrlsInAddressBar</ValueName>
4190 <Value>0</Value>
4191 </Entry>
4192 <Entry type="4" type_name="REG_DWORD">
4193 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4194 <ValueName>ShowHomeButton</ValueName>
4195 <Value>1</Value>
4196 </Entry>
4197 <Entry type="4" type_name="REG_DWORD">
4198 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4199 <ValueName>SpellCheckServiceEnabled</ValueName>
4200 <Value>0</Value>
4201 </Entry>
4202 <Entry type="4" type_name="REG_DWORD">
4203 <Key>Software\Policies\Google\Chrome\Recommended</Key>
4204 <ValueName>TranslateEnabled</ValueName>
4205 <Value>1</Value>
4206 </Entry>
4207 <Entry type="1" type_name="REG_SZ">
4208 <Key>Software\Policies\Google\Chrome\Recommended\RestoreOnStartupURLs</Key>
4209 <ValueName>1</ValueName>
4210 <Value>https://example.com</Value>
4211 </Entry>
4212 <Entry type="1" type_name="REG_SZ">
4213 <Key>Software\Policies\Google\Chrome\Recommended\RestoreOnStartupURLs</Key>
4214 <ValueName>2</ValueName>
4215 <Value>https://www.chromium.org</Value>
4216 </Entry>
4217 </PolFile>
4220 chromium_json_expected_managed = \
4221 b"""
4223 "FileSystemWriteAskForUrls": [
4224 "https://www.example.com",
4225 "[*.]example.edu"
4227 "InsecureContentBlockedForUrls": [
4228 "https://www.example.com",
4229 "[*.]example.edu"
4231 "DefaultSearchProviderImageURLPostParams": "content={imageThumbnail},url={imageURL},sbisrc={SearchSource}",
4232 "BrowserAddPersonEnabled": true,
4233 "DefaultSearchProviderImageURL": "https://search.my.company/searchbyimage/upload",
4234 "ShowHomeButton": true,
4235 "ClearBrowsingDataOnExitList": [
4236 "browsing_history",
4237 "download_history",
4238 "cookies_and_other_site_data",
4239 "cached_images_and_files",
4240 "password_signin",
4241 "autofill",
4242 "site_settings",
4243 "hosted_app_data"
4245 "JavaScriptAllowedForUrls": [
4246 "https://www.example.com",
4247 "[*.]example.edu"
4249 "AmbientAuthenticationInPrivateModesEnabled": 0,
4250 "AllowFileSelectionDialogs": true,
4251 "PrintingAllowedBackgroundGraphicsModes": "enabled",
4252 "DnsOverHttpsTemplates": "https://dns.example.net/dns-query{?dns}",
4253 "ComponentUpdatesEnabled": true,
4254 "RemoteAccessHostAllowRemoteAccessConnections": false,
4255 "WindowOcclusionEnabled": true,
4256 "PrintPreviewUseSystemDefaultPrinter": false,
4257 "AutoLaunchProtocolsFromOrigins": [
4259 "allowed_origins": [
4260 "example.com",
4261 "http://www.example.com:8080"
4263 "protocol": "spotify"
4266 "allowed_origins": [
4267 "https://example.com",
4268 "https://.mail.example.com"
4270 "protocol": "teams"
4273 "allowed_origins": [
4276 "protocol": "outlook"
4279 "ManagedConfigurationPerOrigin": [
4281 "origin": "https://www.google.com",
4282 "managed_configuration_hash": "asd891jedasd12ue9h",
4283 "managed_configuration_url": "https://gstatic.google.com/configuration.json"
4286 "origin": "https://www.example.com",
4287 "managed_configuration_hash": "djio12easd89u12aws",
4288 "managed_configuration_url": "https://gstatic.google.com/configuration2.json"
4291 "SyncTypesListDisabled": [
4292 "bookmarks"
4294 "SecurityKeyPermitAttestation": [
4295 "https://example.com"
4297 "DefaultSearchProviderSearchURL": "https://search.my.company/search?q={searchTerms}",
4298 "MetricsReportingEnabled": true,
4299 "MaxInvalidationFetchDelay": 10000,
4300 "AudioProcessHighPriorityEnabled": true,
4301 "ExtensionInstallForcelist": [
4302 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa;https://clients2.google.com/service/update2/crx",
4303 "abcdefghijklmnopabcdefghijklmnop"
4305 "ExternalProtocolDialogShowAlwaysOpenCheckbox": true,
4306 "CookiesBlockedForUrls": [
4307 "https://www.example.com",
4308 "[*.]example.edu"
4310 "BrowserSwitcherExternalSitelistUrl": "http://example.com/sitelist.xml",
4311 "AudioCaptureAllowedUrls": [
4312 "https://www.example.com/",
4313 "https://[*.]example.edu/"
4315 "NTPCustomBackgroundEnabled": true,
4316 "BlockExternalExtensions": true,
4317 "BrowserSwitcherChromeParameters": [
4318 "--force-dark-mode"
4320 "SafeSitesFilterBehavior": 0,
4321 "EnableOnlineRevocationChecks": false,
4322 "ImagesBlockedForUrls": [
4323 "https://www.example.com",
4324 "[*.]example.edu"
4326 "InsecureFormsWarningsEnabled": true,
4327 "RelaunchNotificationPeriod": 604800000,
4328 "TotalMemoryLimitMb": 2048,
4329 "CloudManagementEnrollmentMandatory": true,
4330 "ClickToCallEnabled": true,
4331 "AppCacheForceEnabled": false,
4332 "UrlKeyedAnonymizedDataCollectionEnabled": true,
4333 "FullscreenAllowed": true,
4334 "AuthSchemes": "basic,digest,ntlm,negotiate",
4335 "PasswordLeakDetectionEnabled": true,
4336 "AuthServerAllowlist": "*.example.com,example.com",
4337 "AllowSyncXHRInPageDismissal": false,
4338 "PasswordProtectionChangePasswordURL": "https://mydomain.com/change_password.html",
4339 "MaxConnectionsPerProxy": 32,
4340 "RemoteAccessHostMaximumSessionDurationMinutes": 1200,
4341 "RemoteAccessHostAllowFileTransfer": false,
4342 "PrintRasterizationMode": 1,
4343 "CertificateTransparencyEnforcementDisabledForLegacyCas": [
4344 "sha256/AAAAAAAAAAAAAAAAAAAAAA==",
4345 "sha256//////////////////////w=="
4347 "DefaultWebBluetoothGuardSetting": 2,
4348 "AutoplayAllowed": true,
4349 "BrowserSwitcherUrlList": [
4350 "ie.com",
4351 "!open-in-chrome.ie.com",
4352 "foobar.com/ie-only/"
4354 "CertificateTransparencyEnforcementDisabledForUrls": [
4355 "example.com",
4356 ".example.com"
4358 "SpellcheckLanguageBlocklist": [
4359 "fr",
4360 "es"
4362 "PrintHeaderFooter": false,
4363 "ShowAppsShortcutInBookmarkBar": false,
4364 "SerialAskForUrls": [
4365 "https://www.example.com",
4366 "[*.]example.edu"
4368 "ImagesAllowedForUrls": [
4369 "https://www.example.com",
4370 "[*.]example.edu"
4372 "ProfilePickerOnStartupAvailability": 0,
4373 "CommandLineFlagSecurityWarningsEnabled": true,
4374 "QuicAllowed": true,
4375 "IntensiveWakeUpThrottlingEnabled": true,
4376 "WPADQuickCheckEnabled": true,
4377 "SensorsAllowedForUrls": [
4378 "https://www.example.com",
4379 "[*.]example.edu"
4381 "NTPCardsVisible": true,
4382 "DefaultSearchProviderAlternateURLs": [
4383 "https://search.my.company/suggest#q={searchTerms}",
4384 "https://search.my.company/suggest/search#q={searchTerms}"
4386 "DisableSafeBrowsingProceedAnyway": true,
4387 "DefaultFileSystemWriteGuardSetting": 2,
4388 "DefaultSearchProviderSuggestURL": "https://search.my.company/suggest?q={searchTerms}",
4389 "SSLErrorOverrideAllowed": true,
4390 "CloudPrintProxyEnabled": true,
4391 "BrowserSwitcherUrlGreylist": [
4392 "ie.com",
4393 "!open-in-chrome.ie.com",
4394 "foobar.com/ie-only/"
4396 "BrowserNetworkTimeQueriesEnabled": true,
4397 "WebUsbAllowDevicesForUrls": [
4399 "urls": [
4400 "https://google.com"
4402 "devices": [
4404 "vendor_id": 1234,
4405 "product_id": 5678
4410 "TaskManagerEndProcessEnabled": true,
4411 "SuppressDifferentOriginSubframeDialogs": true,
4412 "UserDataDir": "${users}/${user_name}/Chrome",
4413 "CookiesAllowedForUrls": [
4414 "https://www.example.com",
4415 "[*.]example.edu"
4417 "SuppressUnsupportedOSWarning": true,
4418 "RequireOnlineRevocationChecksForLocalAnchors": false,
4419 "BrowsingDataLifetime": [
4421 "data_types": [
4422 "browsing_history"
4424 "time_to_live_in_hours": 24
4427 "data_types": [
4428 "password_signin",
4429 "autofill"
4431 "time_to_live_in_hours": 12
4434 "FileHandlingBlockedForUrls": [
4435 "https://www.example.com",
4436 "[*.]example.edu"
4438 "AudioCaptureAllowed": false,
4439 "PromotionalTabsEnabled": false,
4440 "ShowFullUrlsInAddressBar": false,
4441 "EnableMediaRouter": true,
4442 "BrowserSwitcherDelay": 10000,
4443 "AllowDinosaurEasterEgg": false,
4444 "ImportSearchEngine": true,
4445 "PrintingBackgroundGraphicsDefault": "enabled",
4446 "TripleDESEnabled": false,
4447 "AutoplayAllowlist": [
4448 "https://www.example.com",
4449 "[*.]example.edu"
4451 "RemoteAccessHostUdpPortRange": "12400-12409",
4452 "DefaultSearchProviderIconURL": "https://search.my.company/favicon.ico",
4453 "BrowserSwitcherChromePath": "${chrome}",
4454 "InsecureContentAllowedForUrls": [
4455 "https://www.example.com",
4456 "[*.]example.edu"
4458 "DefaultSearchProviderSearchURLPostParams": "q={searchTerms},ie=utf-8,oe=utf-8",
4459 "ForceGoogleSafeSearch": false,
4460 "UserFeedbackAllowed": true,
4461 "ForceYouTubeRestrict": 0,
4462 "ApplicationLocaleValue": "en",
4463 "RoamingProfileSupportEnabled": true,
4464 "AlternativeBrowserPath": "${ie}",
4465 "AlternativeBrowserParameters": [
4466 "-foreground",
4467 "-new-window",
4468 "${url}",
4469 "-profile",
4470 "%HOME%\\\\browser_profile"
4472 "AdvancedProtectionAllowed": true,
4473 "EditBookmarksEnabled": false,
4474 "DefaultPrinterSelection": "{ \\"kind\\": \\"cloud\\", \\"idPattern\\": \\".*public\\", \\"namePattern\\": \\".*Color\\" }",
4475 "SSLVersionMin": "tls1",
4476 "SharedArrayBufferUnrestrictedAccessAllowed": true,
4477 "DefaultSerialGuardSetting": 2,
4478 "DefaultPopupsSetting": 1,
4479 "IntranetRedirectBehavior": 1,
4480 "RendererCodeIntegrityEnabled": false,
4481 "BrowserGuestModeEnforced": true,
4482 "HSTSPolicyBypassList": [
4483 "meet"
4485 "DefaultWebUsbGuardSetting": 2,
4486 "CECPQ2Enabled": true,
4487 "RemoteAccessHostDomainList": [
4488 "my-awesome-domain.com",
4489 "my-auxiliary-domain.com"
4491 "URLBlocklist": [
4492 "example.com",
4493 "https://ssl.server.com",
4494 "hosting.com/bad_path",
4495 "https://server:8080/path",
4496 ".exact.hostname.com",
4497 "file://*",
4498 "custom_scheme:*",
4501 "IsolateOrigins": "https://example.com/,https://othersite.org/",
4502 "ExtensionAllowedTypes": [
4503 "hosted_app"
4505 "NativeMessagingBlocklist": [
4506 "com.native.messaging.host.name1",
4507 "com.native.messaging.host.name2"
4509 "ExtensionSettings": {
4510 "abcdefghijklmnopabcdefghijklmnop": {
4511 "blocked_permissions": [
4512 "history"
4514 "minimum_version_required": "1.0.1",
4515 "toolbar_pin": "force_pinned",
4516 "installation_mode": "allowed"
4518 "bcdefghijklmnopabcdefghijklmnopa": {
4519 "runtime_blocked_hosts": [
4520 "*://*.example.com"
4522 "allowed_permissions": [
4523 "downloads"
4525 "update_url": "https://example.com/update_url",
4526 "runtime_allowed_hosts": [
4527 "*://good.example.com"
4529 "installation_mode": "force_installed"
4531 "update_url:https://www.example.com/update.xml": {
4532 "allowed_permissions": [
4533 "downloads"
4535 "blocked_permissions": [
4536 "wallpaper"
4538 "installation_mode": "allowed"
4540 "cdefghijklmnopabcdefghijklmnopab": {
4541 "blocked_install_message": "Custom error message.",
4542 "installation_mode": "blocked"
4544 "*": {
4545 "blocked_permissions": [
4546 "downloads",
4547 "bookmarks"
4549 "installation_mode": "blocked",
4550 "runtime_blocked_hosts": [
4551 "*://*.example.com"
4553 "blocked_install_message": "Custom error message.",
4554 "allowed_types": [
4555 "hosted_app"
4557 "runtime_allowed_hosts": [
4558 "*://good.example.com"
4560 "install_sources": [
4561 "https://company-intranet/chromeapps"
4564 "defghijklmnopabcdefghijklmnopabc,efghijklmnopabcdefghijklmnopabcd": {
4565 "blocked_install_message": "Custom error message.",
4566 "installation_mode": "blocked"
4568 "fghijklmnopabcdefghijklmnopabcde": {
4569 "blocked_install_message": "Custom removal message.",
4570 "installation_mode": "removed"
4572 "ghijklmnopabcdefghijklmnopabcdef": {
4573 "update_url": "https://example.com/update_url",
4574 "override_update_url": true,
4575 "installation_mode": "force_installed"
4578 "FileSystemReadAskForUrls": [
4579 "https://www.example.com",
4580 "[*.]example.edu"
4582 "SpellCheckServiceEnabled": false,
4583 "ExtensionInstallSources": [
4584 "https://corp.mycompany.com/*"
4586 "PrinterTypeDenyList": [
4587 "cloud",
4588 "privet"
4590 "SharedClipboardEnabled": true,
4591 "BlockThirdPartyCookies": false,
4592 "MediaRouterCastAllowAllIPs": false,
4593 "DnsOverHttpsMode": "off",
4594 "SyncDisabled": true,
4595 "LookalikeWarningAllowlistDomains": [
4596 "foo.example.com",
4597 "example.org"
4599 "UserDataSnapshotRetentionLimit": 3,
4600 "SafeBrowsingProtectionLevel": 2,
4601 "ScrollToTextFragmentEnabled": false,
4602 "ImportBookmarks": true,
4603 "DefaultBrowserSettingEnabled": true,
4604 "DefaultSearchProviderEnabled": true,
4605 "AdditionalDnsQueryTypesEnabled": true,
4606 "PolicyRefreshRate": 3600000,
4607 "PrintingPaperSizeDefault": {
4608 "custom_size": {
4609 "width": 210000,
4610 "height": 297000
4612 "name": "custom"
4614 "RestoreOnStartup": 4,
4615 "PasswordProtectionWarningTrigger": 1,
4616 "ChromeCleanupEnabled": true,
4617 "AbusiveExperienceInterventionEnforce": true,
4618 "BasicAuthOverHttpEnabled": false,
4619 "EnableAuthNegotiatePort": false,
4620 "DefaultGeolocationSetting": 1,
4621 "PolicyDictionaryMultipleSourceMergeList": [
4622 "ExtensionSettings"
4624 "AllowedDomainsForApps": "managedchrome.com,example.com",
4625 "DisableAuthNegotiateCnameLookup": false,
4626 "IncognitoModeAvailability": 1,
4627 "ChromeVariations": 1,
4628 "DefaultSearchProviderNewTabURL": "https://search.my.company/newtab",
4629 "SavingBrowserHistoryDisabled": true,
4630 "SpellcheckEnabled": false,
4631 "FileSystemWriteBlockedForUrls": [
4632 "https://www.example.com",
4633 "[*.]example.edu"
4635 "BuiltInDnsClientEnabled": true,
4636 "SSLErrorOverrideAllowedForOrigins": [
4637 "https://www.example.com",
4638 "[*.]example.edu"
4640 "WebRtcIPHandling": "default",
4641 "DefaultNotificationsSetting": 2,
4642 "PopupsAllowedForUrls": [
4643 "https://www.example.com",
4644 "[*.]example.edu"
4646 "TranslateEnabled": true,
4647 "DefaultSearchProviderEncodings": [
4648 "UTF-8",
4649 "UTF-16",
4650 "GB2312",
4651 "ISO-8859-1"
4653 "DownloadRestrictions": 2,
4654 "PromptForDownloadLocation": false,
4655 "DisablePrintPreview": false,
4656 "NetworkPredictionOptions": 1,
4657 "FileSystemReadBlockedForUrls": [
4658 "https://www.example.com",
4659 "[*.]example.edu"
4661 "AutoOpenFileTypes": [
4662 "exe",
4663 "txt"
4665 "DownloadDirectory": "/home/${user_name}/Downloads",
4666 "ImportHomepage": true,
4667 "GloballyScopeHTTPAuthCacheEnabled": false,
4668 "CloudManagementEnrollmentToken": "37185d02-e055-11e7-80c1-9a214cf093ae",
4669 "ThirdPartyBlockingEnabled": false,
4670 "AdsSettingForIntrusiveAdsSites": 1,
4671 "FetchKeepaliveDurationSecondsOnShutdown": 1,
4672 "BookmarkBarEnabled": true,
4673 "DisableScreenshots": true,
4674 "AccessibilityImageLabelsEnabled": false,
4675 "RemoteAccessHostAllowUiAccessForRemoteAssistance": true,
4676 "PopupsBlockedForUrls": [
4677 "https://www.example.com",
4678 "[*.]example.edu"
4680 "DefaultFileSystemReadGuardSetting": 2,
4681 "BrowserSignin": 2,
4682 "WebRtcAllowLegacyTLSProtocols": false,
4683 "PasswordManagerEnabled": true,
4684 "SafeBrowsingExtendedReportingEnabled": true,
4685 "CloudPolicyOverridesPlatformPolicy": false,
4686 "InsecurePrivateNetworkRequestsAllowedForUrls": [
4687 "http://www.example.com:8080",
4688 "[*.]example.edu"
4690 "RelaunchNotification": 1,
4691 "AlwaysOpenPdfExternally": true,
4692 "DefaultFileHandlingGuardSetting": 2,
4693 "ForceEphemeralProfiles": true,
4694 "PasswordProtectionLoginURLs": [
4695 "https://mydomain.com/login.html",
4696 "https://login.mydomain.com"
4698 "BrowserSwitcherExternalGreylistUrl": "http://example.com/greylist.xml",
4699 "BrowserGuestModeEnabled": true,
4700 "MediaRecommendationsEnabled": true,
4701 "WebRtcLocalIpsAllowedUrls": [
4702 "https://www.example.com",
4703 "*example.com*"
4705 "DeveloperToolsAvailability": 2,
4706 "DNSInterceptionChecksEnabled": true,
4707 "DefaultSearchProviderContextMenuAccessAllowed": true,
4708 "RemoteAccessHostRequireCurtain": false,
4709 "PaymentMethodQueryEnabled": true,
4710 "HomepageLocation": "https://www.chromium.org",
4711 "WebUsbAskForUrls": [
4712 "https://www.example.com",
4713 "[*.]example.edu"
4715 "RemoteAccessHostAllowClientPairing": false,
4716 "ProxySettings": {
4717 "ProxyMode": "direct",
4718 "ProxyPacUrl": "https://internal.site/example.pac",
4719 "ProxyServer": "123.123.123.123:8080",
4720 "ProxyServerMode": 2,
4721 "ProxyBypassList": "https://www.example1.com,https://www.example2.com,https://internalsite/"
4723 "AutofillCreditCardEnabled": false,
4724 "FileHandlingAllowedForUrls": [
4725 "https://www.example.com",
4726 "[*.]example.edu"
4728 "ChromeCleanupReportingEnabled": true,
4729 "AlternateErrorPagesEnabled": true,
4730 "WebRtcEventLogCollectionAllowed": true,
4731 "AutoSelectCertificateForUrls": [
4732 "{\\"pattern\\":\\"https://www.example.com\\",\\"filter\\":{\\"ISSUER\\":{\\"CN\\":\\"certificate issuer name\\", \\"L\\": \\"certificate issuer location\\", \\"O\\": \\"certificate issuer org\\", \\"OU\\": \\"certificate issuer org unit\\"}, \\"SUBJECT\\":{\\"CN\\":\\"certificate subject name\\", \\"L\\": \\"certificate subject location\\", \\"O\\": \\"certificate subject org\\", \\"OU\\": \\"certificate subject org unit\\"}}}"
4734 "PolicyListMultipleSourceMergeList": [
4735 "ExtensionInstallAllowlist",
4736 "ExtensionInstallBlocklist"
4738 "CertificateTransparencyEnforcementDisabledForCas": [
4739 "sha256/AAAAAAAAAAAAAAAAAAAAAA==",
4740 "sha256//////////////////////w=="
4742 "CookiesSessionOnlyForUrls": [
4743 "https://www.example.com",
4744 "[*.]example.edu"
4746 "SitePerProcess": true,
4747 "RemoteAccessHostFirewallTraversal": false,
4748 "DefaultSearchProviderSuggestURLPostParams": "q={searchTerms},ie=utf-8,oe=utf-8",
4749 "BackgroundModeEnabled": true,
4750 "DefaultJavaScriptSetting": 1,
4751 "ForcedLanguages": [
4752 "en-US"
4754 "ManagedBookmarks": [
4756 "toplevel_name": "My managed bookmarks folder"
4759 "url": "google.com",
4760 "name": "Google"
4763 "url": "youtube.com",
4764 "name": "Youtube"
4767 "children": [
4769 "url": "chromium.org",
4770 "name": "Chromium"
4773 "url": "dev.chromium.org",
4774 "name": "Chromium Developers"
4777 "name": "Chrome links"
4780 "Disable3DAPIs": false,
4781 "CloudPrintSubmitEnabled": true,
4782 "DefaultCookiesSetting": 1,
4783 "ExtensionInstallBlocklist": [
4784 "extension_id1",
4785 "extension_id2"
4787 "URLAllowlist": [
4788 "example.com",
4789 "https://ssl.server.com",
4790 "hosting.com/good_path",
4791 "https://server:8080/path",
4792 ".exact.hostname.com"
4794 "ExplicitlyAllowedNetworkPorts": [
4795 "10080"
4797 "HomepageIsNewTabPage": true,
4798 "SensorsBlockedForUrls": [
4799 "https://www.example.com",
4800 "[*.]example.edu"
4802 "BrowserLabsEnabled": false,
4803 "NotificationsAllowedForUrls": [
4804 "https://www.example.com",
4805 "[*.]example.edu"
4807 "NativeMessagingUserLevelHosts": false,
4808 "AuthNegotiateDelegateAllowlist": "foobar.example.com",
4809 "CloudUserPolicyMerge": true,
4810 "OverrideSecurityRestrictionsOnInsecureOrigin": [
4811 "http://testserver.example.com/",
4812 "*.example.org"
4814 "HideWebStoreIcon": true,
4815 "SafeBrowsingForTrustedSourcesEnabled": false,
4816 "NewTabPageLocation": "https://www.chromium.org",
4817 "DiskCacheSize": 104857600,
4818 "BrowserSwitcherUseIeSitelist": true,
4819 "WebRtcUdpPortRange": "10000-11999",
4820 "EnterpriseHardwarePlatformAPIEnabled": true,
4821 "AutoOpenAllowedForURLs": [
4822 "example.com",
4823 "https://ssl.server.com",
4824 "hosting.com/good_path",
4825 "https://server:8080/path",
4826 ".exact.hostname.com"
4828 "NativeMessagingAllowlist": [
4829 "com.native.messaging.host.name1",
4830 "com.native.messaging.host.name2"
4832 "DefaultSearchProviderName": "My Intranet Search",
4833 "JavaScriptBlockedForUrls": [
4834 "https://www.example.com",
4835 "[*.]example.edu"
4837 "EnableExperimentalPolicies": [
4838 "ExtensionInstallAllowlist",
4839 "ExtensionInstallBlocklist"
4841 "SafeBrowsingAllowlistDomains": [
4842 "mydomain.com",
4843 "myuniversity.edu"
4845 "AutofillAddressEnabled": false,
4846 "AllowCrossOriginAuthPrompt": false,
4847 "SpellcheckLanguage": [
4848 "fr",
4849 "es"
4851 "VideoCaptureAllowed": false,
4852 "ScreenCaptureAllowed": false,
4853 "VideoCaptureAllowedUrls": [
4854 "https://www.example.com/",
4855 "https://[*.]example.edu/"
4857 "ImportHistory": true,
4858 "ShowCastIconInToolbar": false,
4859 "RestoreOnStartupURLs": [
4860 "https://example.com",
4861 "https://www.chromium.org"
4863 "LegacySameSiteCookieBehaviorEnabledForDomainList": [
4864 "www.example.com",
4865 "[*.]example.edu"
4867 "PrintingEnabled": true,
4868 "ImportSavedPasswords": true,
4869 "EnableDeprecatedPrivetPrinting": true,
4870 "InsecurePrivateNetworkRequestsAllowed": false,
4871 "HeadlessMode": 2,
4872 "PolicyAtomicGroupsEnabled": true,
4873 "HardwareAccelerationModeEnabled": true,
4874 "AllowDeletingBrowserHistory": true,
4875 "DefaultSearchProviderKeyword": "mis",
4876 "ExtensionInstallAllowlist": [
4877 "extension_id1",
4878 "extension_id2"
4880 "WebAppInstallForceList": [
4882 "url": "https://www.google.com/maps",
4883 "create_desktop_shortcut": true,
4884 "default_launch_container": "window"
4887 "url": "https://docs.google.com",
4888 "default_launch_container": "tab"
4891 "url": "https://docs.google.com/editor",
4892 "fallback_app_name": "Editor",
4893 "default_launch_container": "window"
4896 "DiskCacheDir": "${user_home}/Chrome_cache",
4897 "SignedHTTPExchangeEnabled": true,
4898 "SearchSuggestEnabled": true,
4899 "BrowserThemeColor": "#FFFFFF",
4900 "RestrictSigninToPattern": ".*@example\\\\.com",
4901 "DefaultInsecureContentSetting": 2,
4902 "DefaultSensorsSetting": 2,
4903 "AudioSandboxEnabled": true,
4904 "RemoteAccessHostAllowRelayedConnection": false,
4905 "RoamingProfileLocation": "${roaming_app_data}\\\\chrome-profile",
4906 "UserAgentClientHintsEnabled": true,
4907 "TargetBlankImpliesNoOpener": false,
4908 "BrowserSwitcherKeepLastChromeTab": false,
4909 "RemoteAccessHostClientDomainList": [
4910 "my-awesome-domain.com",
4911 "my-auxiliary-domain.com"
4913 "NotificationsBlockedForUrls": [
4914 "https://www.example.com",
4915 "[*.]example.edu"
4917 "SerialBlockedForUrls": [
4918 "https://www.example.com",
4919 "[*.]example.edu"
4921 "DefaultImagesSetting": 1,
4922 "SigninInterceptionEnabled": true,
4923 "WebUsbBlockedForUrls": [
4924 "https://www.example.com",
4925 "[*.]example.edu"
4927 "ImportAutofillFormData": true,
4928 "BrowserSwitcherEnabled": true
4932 chromium_json_expected_recommended = \
4933 b"""
4935 "BackgroundModeEnabled": true,
4936 "RestoreOnStartup": 4,
4937 "RegisteredProtocolHandlers": [
4939 "default": true,
4940 "url": "https://mail.google.com/mail/?extsrc=mailto&url=%s",
4941 "protocol": "mailto"
4944 "ShowHomeButton": true,
4945 "PrintHeaderFooter": false,
4946 "SafeBrowsingForTrustedSourcesEnabled": false,
4947 "ShowFullUrlsInAddressBar": false,
4948 "MetricsReportingEnabled": true,
4949 "SpellCheckServiceEnabled": false,
4950 "ImportSearchEngine": true,
4951 "DownloadRestrictions": 2,
4952 "NetworkPredictionOptions": 1,
4953 "DownloadDirectory": "/home/${user_name}/Downloads",
4954 "TranslateEnabled": true,
4955 "AutofillAddressEnabled": false,
4956 "BookmarkBarEnabled": true,
4957 "PrintPreviewUseSystemDefaultPrinter": false,
4958 "ApplicationLocaleValue": "en",
4959 "ImportHistory": true,
4960 "RestoreOnStartupURLs": [
4961 "https://example.com",
4962 "https://www.chromium.org"
4964 "PasswordManagerEnabled": true,
4965 "ImportSavedPasswords": true,
4966 "DefaultDownloadDirectory": "/home/${user_name}/Downloads",
4967 "PasswordLeakDetectionEnabled": true,
4968 "SearchSuggestEnabled": true,
4969 "AlternateErrorPagesEnabled": true,
4970 "HomepageIsNewTabPage": true,
4971 "ImportAutofillFormData": true,
4972 "BlockThirdPartyCookies": false,
4973 "AutofillCreditCardEnabled": false,
4974 "HomepageLocation": "https://www.chromium.org",
4975 "SafeBrowsingProtectionLevel": 2,
4976 "ImportBookmarks": true
4980 firewalld_reg_pol = \
4981 br"""
4982 <?xml version="1.0" encoding="utf-8"?>
4983 <PolFile num_entries="6" signature="PReg" version="1">
4984 <Entry type="4" type_name="REG_DWORD">
4985 <Key>Software\Policies\Samba\Unix Settings\Firewalld</Key>
4986 <ValueName>Zones</ValueName>
4987 <Value>1</Value>
4988 </Entry>
4989 <Entry type="4" type_name="REG_DWORD">
4990 <Key>Software\Policies\Samba\Unix Settings\Firewalld</Key>
4991 <ValueName>Rules</ValueName>
4992 <Value>1</Value>
4993 </Entry>
4994 <Entry type="1" type_name="REG_SZ">
4995 <Key>Software\Policies\Samba\Unix Settings\Firewalld\Rules</Key>
4996 <ValueName>Rules</ValueName>
4997 <Value>{&quot;work&quot;: [{&quot;rule&quot;: {&quot;family&quot;: &quot;ipv4&quot;}, &quot;source address&quot;: &quot;172.25.1.7&quot;, &quot;service name&quot;: &quot;ftp&quot;, &quot;reject&quot;: {}}]}</Value>
4998 </Entry>
4999 <Entry type="1" type_name="REG_SZ">
5000 <Key>Software\Policies\Samba\Unix Settings\Firewalld\Zones</Key>
5001 <ValueName>**delvals.</ValueName>
5002 <Value> </Value>
5003 </Entry>
5004 <Entry type="1" type_name="REG_SZ">
5005 <Key>Software\Policies\Samba\Unix Settings\Firewalld\Zones</Key>
5006 <ValueName>work</ValueName>
5007 <Value>work</Value>
5008 </Entry>
5009 <Entry type="1" type_name="REG_SZ">
5010 <Key>Software\Policies\Samba\Unix Settings\Firewalld\Zones</Key>
5011 <ValueName>home</ValueName>
5012 <Value>home</Value>
5013 </Entry>
5014 </PolFile>
5017 drive_maps_xml = b"""<?xml version="1.0" encoding="utf-8"?>
5018 <Drives clsid="{8FDDCC1A-0C3C-43cd-A6B4-71A6DF20DA8C}"><Drive clsid="{935D1B74-9CB8-4e3c-9914-7DD559B7A417}" name="A:" status="A:" image="2" changed="2023-03-08 19:23:02" uid="{1641E121-DEF3-418D-A428-2D8DF4749504}" bypassErrors="1"><Properties action="U" thisDrive="NOCHANGE" allDrives="NOCHANGE" userName="" path="\\\\example.com\\test" label="TEST" persistent="1" useLetter="0" letter="A"/></Drive>
5019 </Drives>
5022 empty_multi_sz_reg_pol = \
5023 br"""
5024 <?xml version="1.0" encoding="utf-8"?>
5025 <PolFile num_entries="1" signature="PReg" version="1">
5026 <Entry type="7" type_name="REG_MULTI_SZ">
5027 <Key>KeyName</Key>
5028 <ValueName>ValueName</ValueName>
5029 <Value/>
5030 </Entry>
5031 </PolFile>
5034 multiple_values_multi_sz_reg_pol = \
5035 br"""
5036 <?xml version="1.0" encoding="utf-8"?>
5037 <PolFile num_entries="1" signature="PReg" version="1">
5038 <Entry type="7" type_name="REG_MULTI_SZ">
5039 <Key>KeyName</Key>
5040 <ValueName>ValueName</ValueName>
5041 <Value>Value1</Value>
5042 <Value>Value2</Value>
5043 <Value>Value3</Value>
5044 </Entry>
5045 </PolFile>
5048 def days2rel_nttime(val):
5049 seconds = 60
5050 minutes = 60
5051 hours = 24
5052 sam_add = 10000000
5053 return -(val * seconds * minutes * hours * sam_add)
5055 def gpupdate(lp, arg):
5056 gpupdate = lp.get('gpo update command')
5057 gpupdate.append(arg)
5059 p = Popen(gpupdate, stdout=PIPE, stderr=PIPE)
5060 stdoutdata, stderrdata = p.communicate()
5061 print(stderrdata)
5062 return p.returncode
5064 def gpupdate_force(lp):
5065 return gpupdate(lp, '--force')
5067 def gpupdate_unapply(lp):
5068 return gpupdate(lp, '--unapply')
5070 def rsop(lp):
5071 return gpupdate(lp, '--rsop')
5073 def stage_file(path, data):
5074 dirname = os.path.dirname(path)
5075 if not os.path.exists(dirname):
5076 try:
5077 os.makedirs(dirname)
5078 except OSError as e:
5079 if not (e.errno == errno.EEXIST and os.path.isdir(dirname)):
5080 return False
5081 if os.path.exists(path):
5082 os.rename(path, '%s.bak' % path)
5083 with NamedTemporaryFile(delete=False, dir=os.path.dirname(path)) as f:
5084 f.write(get_bytes(data))
5085 os.rename(f.name, path)
5086 os.chmod(path, 0o644)
5087 return True
5089 def unstage_file(path):
5090 backup = '%s.bak' % path
5091 if os.path.exists(backup):
5092 os.rename(backup, path)
5093 elif os.path.exists(path):
5094 os.remove(path)
5096 class GPOTests(tests.TestCase):
5097 def setUp(self):
5098 super().setUp()
5099 self.server = os.environ["SERVER"]
5100 self.dc_account = self.server.upper() + '$'
5101 self.lp = s3param.get_context()
5102 self.lp.load_default()
5103 self.creds = self.insta_creds(template=self.get_credentials())
5105 def test_gpo_list(self):
5106 global poldir, dspath
5107 gpos = get_gpo_list(self.server, self.creds, self.lp,
5108 self.creds.get_username())
5109 guid = '{31B2F340-016D-11D2-945F-00C04FB984F9}'
5110 names = ['Local Policy', guid]
5111 file_sys_paths = [None, '%s\\%s' % (poldir, guid)]
5112 ds_paths = [None, 'CN=%s,%s' % (guid, dspath)]
5113 for i in range(0, len(gpos)):
5114 self.assertEqual(gpos[i].name, names[i],
5115 'The gpo name did not match expected name %s' % gpos[i].name)
5116 self.assertEqual(gpos[i].file_sys_path, file_sys_paths[i],
5117 'file_sys_path did not match expected %s' % gpos[i].file_sys_path)
5118 self.assertEqual(gpos[i].ds_path, ds_paths[i],
5119 'ds_path did not match expected %s' % gpos[i].ds_path)
5121 def test_gpt_version(self):
5122 global gpt_data
5123 local_path = self.lp.cache_path('gpo_cache')
5124 guid = '{31B2F340-016D-11D2-945F-00C04FB984F9}'
5125 gpo_path = os.path.join(local_path, policies, guid)
5126 old_vers = gpo.gpo_get_sysvol_gpt_version(gpo_path)[1]
5128 with open(os.path.join(gpo_path, 'GPT.INI'), 'w') as gpt:
5129 gpt.write(gpt_data % 42)
5130 self.assertEqual(gpo.gpo_get_sysvol_gpt_version(gpo_path)[1], 42,
5131 'gpo_get_sysvol_gpt_version() did not return the expected version')
5133 with open(os.path.join(gpo_path, 'GPT.INI'), 'w') as gpt:
5134 gpt.write(gpt_data % old_vers)
5135 self.assertEqual(gpo.gpo_get_sysvol_gpt_version(gpo_path)[1], old_vers,
5136 'gpo_get_sysvol_gpt_version() did not return the expected version')
5138 def test_check_refresh_gpo_list(self):
5139 cache = self.lp.cache_path('gpo_cache')
5140 gpos = get_gpo_list(self.server, self.creds, self.lp,
5141 self.creds.get_username())
5142 check_refresh_gpo_list(self.server, self.lp, self.creds, gpos)
5144 self.assertTrue(os.path.exists(cache),
5145 'GPO cache %s was not created' % cache)
5147 guid = '{31B2F340-016D-11D2-945F-00C04FB984F9}'
5148 gpt_ini = os.path.join(cache, policies,
5149 guid, 'GPT.INI')
5150 self.assertTrue(os.path.exists(gpt_ini),
5151 'GPT.INI was not cached for %s' % guid)
5153 def test_check_refresh_gpo_list_malicious_paths(self):
5154 # the path cannot contain ..
5155 path = '/usr/local/samba/var/locks/sysvol/../../../../../../root/'
5156 self.assertRaises(OSError, check_safe_path, path)
5158 self.assertEqual(check_safe_path('/etc/passwd'), 'etc/passwd')
5159 self.assertEqual(check_safe_path('\\\\etc/\\passwd'), 'etc/passwd')
5161 # there should be no backslashes used to delineate paths
5162 before = 'sysvol/' + realm + '\\Policies/' \
5163 '{31B2F340-016D-11D2-945F-00C04FB984F9}\\GPT.INI'
5164 after = realm + '/Policies/' \
5165 '{31B2F340-016D-11D2-945F-00C04FB984F9}/GPT.INI'
5166 result = check_safe_path(before)
5167 self.assertEqual(result, after, 'check_safe_path() didn\'t'
5168 ' correctly convert \\ to /')
5170 def test_check_safe_path_typesafe_name(self):
5171 path = '\\\\toady.suse.de\\SysVol\\toady.suse.de\\Policies\\' \
5172 '{31B2F340-016D-11D2-945F-00C04FB984F9}\\GPT.INI'
5173 expected_path = 'toady.suse.de/Policies/' \
5174 '{31B2F340-016D-11D2-945F-00C04FB984F9}/GPT.INI'
5176 result = check_safe_path(path)
5177 self.assertEqual(result, expected_path,
5178 'check_safe_path unable to detect variable case sysvol components')
5180 def test_gpt_ext_register(self):
5181 this_path = os.path.dirname(os.path.realpath(__file__))
5182 samba_path = os.path.realpath(os.path.join(this_path, '../../../'))
5183 ext_path = os.path.join(samba_path, 'python/samba/gp/gp_sec_ext.py')
5184 ext_guid = '{827D319E-6EAC-11D2-A4EA-00C04F79F83A}'
5185 ret = register_gp_extension(ext_guid, 'gp_access_ext', ext_path,
5186 smb_conf=self.lp.configfile,
5187 machine=True, user=False)
5188 self.assertTrue(ret, 'Failed to register a gp ext')
5189 gp_exts = list_gp_extensions(self.lp.configfile)
5190 self.assertTrue(ext_guid in gp_exts.keys(),
5191 'Failed to list gp exts')
5192 self.assertEqual(gp_exts[ext_guid]['DllName'], ext_path,
5193 'Failed to list gp exts')
5195 unregister_gp_extension(ext_guid)
5196 gp_exts = list_gp_extensions(self.lp.configfile)
5197 self.assertTrue(ext_guid not in gp_exts.keys(),
5198 'Failed to unregister gp exts')
5200 self.assertTrue(check_guid(ext_guid), 'Failed to parse valid guid')
5201 self.assertFalse(check_guid('AAAAAABBBBBBBCCC'), 'Parsed invalid guid')
5203 lp, parser = parse_gpext_conf(self.lp.configfile)
5204 self.assertTrue(lp and parser, 'parse_gpext_conf() invalid return')
5205 parser.add_section('test_section')
5206 parser.set('test_section', 'test_var', ext_guid)
5207 atomic_write_conf(lp, parser)
5209 lp, parser = parse_gpext_conf(self.lp.configfile)
5210 self.assertTrue('test_section' in parser.sections(),
5211 'test_section not found in gpext.conf')
5212 self.assertEqual(parser.get('test_section', 'test_var'), ext_guid,
5213 'Failed to find test variable in gpext.conf')
5214 parser.remove_section('test_section')
5215 atomic_write_conf(lp, parser)
5217 def test_gp_log_get_applied(self):
5218 local_path = self.lp.get('path', 'sysvol')
5219 guids = ['{31B2F340-016D-11D2-945F-00C04FB984F9}',
5220 '{6AC1786C-016F-11D2-945F-00C04FB984F9}']
5221 gpofile = '%s/' + realm + '/Policies/%s/MACHINE/Microsoft/' \
5222 'Windows NT/SecEdit/GptTmpl.inf'
5223 stage = '[System Access]\nMinimumPasswordAge = 998\n'
5224 cache_dir = self.lp.get('cache directory')
5225 store = GPOStorage(os.path.join(cache_dir, 'gpo.tdb'))
5226 for guid in guids:
5227 gpttmpl = gpofile % (local_path, guid)
5228 ret = stage_file(gpttmpl, stage)
5229 self.assertTrue(ret, 'Could not create the target %s' % gpttmpl)
5231 ret = gpupdate_force(self.lp)
5232 self.assertEqual(ret, 0, 'gpupdate force failed')
5234 gp_db = store.get_gplog(self.dc_account)
5236 applied_guids = gp_db.get_applied_guids()
5237 self.assertEqual(len(applied_guids), 2, 'The guids were not found')
5238 self.assertIn(guids[0], applied_guids,
5239 '%s not in applied guids' % guids[0])
5240 self.assertIn(guids[1], applied_guids,
5241 '%s not in applied guids' % guids[1])
5243 applied_settings = gp_db.get_applied_settings(applied_guids)
5244 for policy in applied_settings:
5245 self.assertIn('System Access', policy[1],
5246 'System Access policies not set')
5247 self.assertIn('minPwdAge', policy[1]['System Access'],
5248 'minPwdAge policy not set')
5249 if policy[0] == guids[0]:
5250 self.assertEqual(int(policy[1]['System Access']['minPwdAge']),
5251 days2rel_nttime(1),
5252 'minPwdAge policy not set')
5253 elif policy[0] == guids[1]:
5254 self.assertEqual(int(policy[1]['System Access']['minPwdAge']),
5255 days2rel_nttime(998),
5256 'minPwdAge policy not set')
5258 gpos = get_gpo_list(self.server, self.creds, self.lp,
5259 self.dc_account)
5260 del_gpos = get_deleted_gpos_list(gp_db, gpos[:-1])
5261 self.assertEqual(len(del_gpos), 1, 'Returned delete gpos is incorrect')
5262 self.assertEqual(guids[-1], del_gpos[0][0],
5263 'GUID for delete gpo is incorrect')
5264 self.assertIn('System Access', del_gpos[0][1],
5265 'System Access policies not set for removal')
5266 self.assertIn('minPwdAge', del_gpos[0][1]['System Access'],
5267 'minPwdAge policy not set for removal')
5269 for guid in guids:
5270 gpttmpl = gpofile % (local_path, guid)
5271 unstage_file(gpttmpl)
5273 ret = gpupdate_unapply(self.lp)
5274 self.assertEqual(ret, 0, 'gpupdate unapply failed')
5276 def test_process_group_policy(self):
5277 local_path = self.lp.cache_path('gpo_cache')
5278 guids = ['{31B2F340-016D-11D2-945F-00C04FB984F9}',
5279 '{6AC1786C-016F-11D2-945F-00C04FB984F9}']
5280 gpofile = '%s/' + policies + '/%s/MACHINE/MICROSOFT/' \
5281 'WINDOWS NT/SECEDIT/GPTTMPL.INF'
5282 cache_dir = self.lp.get('cache directory')
5283 store = GPOStorage(os.path.join(cache_dir, 'gpo.tdb'))
5285 machine_creds = Credentials()
5286 machine_creds.guess(self.lp)
5287 machine_creds.set_machine_account()
5289 # Initialize the group policy extension
5290 ext = gp_krb_ext(self.lp, machine_creds,
5291 machine_creds.get_username(), store)
5293 gpos = get_gpo_list(self.server, machine_creds, self.lp,
5294 machine_creds.get_username())
5296 # Include MaxClockSkew to ensure we don't fail on a key we ignore
5297 stage = '[Kerberos Policy]\nMaxTicketAge = %d\nMaxClockSkew = 5'
5298 opts = [100, 200]
5299 for i in range(0, 2):
5300 gpttmpl = gpofile % (local_path, guids[i])
5301 ret = stage_file(gpttmpl, stage % opts[i])
5302 self.assertTrue(ret, 'Could not create the target %s' % gpttmpl)
5304 # Process all gpos
5305 ext.process_group_policy([], gpos)
5307 ret = store.get_int('kdc:user_ticket_lifetime')
5308 self.assertEqual(ret, opts[1], 'Higher priority policy was not set')
5310 # Remove policy
5311 gp_db = store.get_gplog(machine_creds.get_username())
5312 del_gpos = get_deleted_gpos_list(gp_db, [])
5313 ext.process_group_policy(del_gpos, [])
5315 ret = store.get_int('kdc:user_ticket_lifetime')
5316 self.assertEqual(ret, None, 'MaxTicketAge should not have applied')
5318 # Process just the first gpo
5319 ext.process_group_policy([], gpos[:-1])
5321 ret = store.get_int('kdc:user_ticket_lifetime')
5322 self.assertEqual(ret, opts[0], 'Lower priority policy was not set')
5324 # Remove policy
5325 ext.process_group_policy(del_gpos, [])
5327 for guid in guids:
5328 gpttmpl = gpofile % (local_path, guid)
5329 unstage_file(gpttmpl)
5331 def test_gp_scripts(self):
5332 local_path = self.lp.cache_path('gpo_cache')
5333 guid = '{31B2F340-016D-11D2-945F-00C04FB984F9}'
5334 reg_pol = os.path.join(local_path, policies, guid,
5335 'MACHINE/REGISTRY.POL')
5336 cache_dir = self.lp.get('cache directory')
5337 store = GPOStorage(os.path.join(cache_dir, 'gpo.tdb'))
5339 machine_creds = Credentials()
5340 machine_creds.guess(self.lp)
5341 machine_creds.set_machine_account()
5343 # Initialize the group policy extension
5344 ext = gp_scripts_ext(self.lp, machine_creds,
5345 machine_creds.get_username(), store)
5347 gpos = get_gpo_list(self.server, machine_creds, self.lp,
5348 machine_creds.get_username())
5350 reg_key = b'Software\\Policies\\Samba\\Unix Settings'
5351 sections = { b'%s\\Daily Scripts' % reg_key : '.cron.daily',
5352 b'%s\\Monthly Scripts' % reg_key : '.cron.monthly',
5353 b'%s\\Weekly Scripts' % reg_key : '.cron.weekly',
5354 b'%s\\Hourly Scripts' % reg_key : '.cron.hourly' }
5355 for keyname in sections.keys():
5356 # Stage the Registry.pol file with test data
5357 stage = preg.file()
5358 e = preg.entry()
5359 e.keyname = keyname
5360 e.valuename = b'Software\\Policies\\Samba\\Unix Settings'
5361 e.type = 1
5362 e.data = b'echo hello world'
5363 stage.num_entries = 1
5364 stage.entries = [e]
5365 ret = stage_file(reg_pol, ndr_pack(stage))
5366 self.assertTrue(ret, 'Could not create the target %s' % reg_pol)
5368 # Process all gpos, with temp output directory
5369 with TemporaryDirectory(sections[keyname]) as dname:
5370 ext.process_group_policy([], gpos, dname)
5371 scripts = os.listdir(dname)
5372 self.assertEqual(len(scripts), 1,
5373 'The %s script was not created' % keyname.decode())
5374 out, _ = Popen([os.path.join(dname, scripts[0])], stdout=PIPE).communicate()
5375 self.assertIn(b'hello world', out,
5376 '%s script execution failed' % keyname.decode())
5378 # Check that a call to gpupdate --rsop also succeeds
5379 ret = rsop(self.lp)
5380 self.assertEqual(ret, 0, 'gpupdate --rsop failed!')
5382 # Remove policy
5383 gp_db = store.get_gplog(machine_creds.get_username())
5384 del_gpos = get_deleted_gpos_list(gp_db, [])
5385 ext.process_group_policy(del_gpos, [])
5386 self.assertEqual(len(os.listdir(dname)), 0,
5387 'Unapply failed to cleanup scripts')
5389 # Unstage the Registry.pol file
5390 unstage_file(reg_pol)
5392 def test_gp_sudoers(self):
5393 local_path = self.lp.cache_path('gpo_cache')
5394 guid = '{31B2F340-016D-11D2-945F-00C04FB984F9}'
5395 reg_pol = os.path.join(local_path, policies, guid,
5396 'MACHINE/REGISTRY.POL')
5397 cache_dir = self.lp.get('cache directory')
5398 store = GPOStorage(os.path.join(cache_dir, 'gpo.tdb'))
5400 machine_creds = Credentials()
5401 machine_creds.guess(self.lp)
5402 machine_creds.set_machine_account()
5404 # Initialize the group policy extension
5405 ext = gp_sudoers_ext(self.lp, machine_creds,
5406 machine_creds.get_username(), store)
5408 gpos = get_gpo_list(self.server, machine_creds, self.lp,
5409 machine_creds.get_username())
5411 # Stage the Registry.pol file with test data
5412 stage = preg.file()
5413 e = preg.entry()
5414 e.keyname = b'Software\\Policies\\Samba\\Unix Settings\\Sudo Rights'
5415 e.valuename = b'Software\\Policies\\Samba\\Unix Settings'
5416 e.type = 1
5417 e.data = b'fakeu ALL=(ALL) NOPASSWD: ALL'
5418 stage.num_entries = 1
5419 stage.entries = [e]
5420 ret = stage_file(reg_pol, ndr_pack(stage))
5421 self.assertTrue(ret, 'Could not create the target %s' % reg_pol)
5423 # Process all gpos, with temp output directory
5424 with TemporaryDirectory() as dname:
5425 ext.process_group_policy([], gpos, dname)
5426 sudoers = os.listdir(dname)
5427 self.assertEqual(len(sudoers), 1, 'The sudoer file was not created')
5428 self.assertIn(e.data,
5429 open(os.path.join(dname, sudoers[0]), 'r').read(),
5430 'The sudoers entry was not applied')
5432 # Check that a call to gpupdate --rsop also succeeds
5433 ret = rsop(self.lp)
5434 self.assertEqual(ret, 0, 'gpupdate --rsop failed!')
5436 # Remove policy
5437 gp_db = store.get_gplog(machine_creds.get_username())
5438 del_gpos = get_deleted_gpos_list(gp_db, [])
5439 ext.process_group_policy(del_gpos, [])
5440 self.assertEqual(len(os.listdir(dname)), 0,
5441 'Unapply failed to cleanup scripts')
5443 # Unstage the Registry.pol file
5444 unstage_file(reg_pol)
5446 def test_vgp_sudoers(self):
5447 local_path = self.lp.cache_path('gpo_cache')
5448 guid = '{31B2F340-016D-11D2-945F-00C04FB984F9}'
5449 manifest = os.path.join(local_path, policies, guid, 'MACHINE',
5450 'VGP/VTLA/SUDO/SUDOERSCONFIGURATION/MANIFEST.XML')
5451 cache_dir = self.lp.get('cache directory')
5452 store = GPOStorage(os.path.join(cache_dir, 'gpo.tdb'))
5454 machine_creds = Credentials()
5455 machine_creds.guess(self.lp)
5456 machine_creds.set_machine_account()
5458 # Initialize the group policy extension
5459 ext = vgp_sudoers_ext(self.lp, machine_creds,
5460 machine_creds.get_username(), store)
5462 gpos = get_gpo_list(self.server, machine_creds, self.lp,
5463 machine_creds.get_username())
5465 # Stage the manifest.xml file with test data
5466 stage = etree.Element('vgppolicy')
5467 policysetting = etree.Element('policysetting')
5468 stage.append(policysetting)
5469 version = etree.Element('version')
5470 version.text = '1'
5471 policysetting.append(version)
5472 data = etree.Element('data')
5473 sudoers_entry = etree.Element('sudoers_entry')
5474 command = etree.Element('command')
5475 command.text = 'ALL'
5476 sudoers_entry.append(command)
5477 user = etree.Element('user')
5478 user.text = 'ALL'
5479 sudoers_entry.append(user)
5480 principal_list = etree.Element('listelement')
5481 principal = etree.Element('principal')
5482 principal.text = 'fakeu'
5483 principal.attrib['type'] = 'user'
5484 group = etree.Element('principal')
5485 group.text = 'fakeg'
5486 group.attrib['type'] = 'group'
5487 principal_list.append(principal)
5488 principal_list.append(group)
5489 sudoers_entry.append(principal_list)
5490 data.append(sudoers_entry)
5491 # Ensure an empty principal doesn't cause a crash
5492 sudoers_entry = etree.SubElement(data, 'sudoers_entry')
5493 command = etree.SubElement(sudoers_entry, 'command')
5494 command.text = 'ALL'
5495 user = etree.SubElement(sudoers_entry, 'user')
5496 user.text = 'ALL'
5497 # Ensure having dispersed principals still works
5498 sudoers_entry = etree.SubElement(data, 'sudoers_entry')
5499 command = etree.SubElement(sudoers_entry, 'command')
5500 command.text = 'ALL'
5501 user = etree.SubElement(sudoers_entry, 'user')
5502 user.text = 'ALL'
5503 listelement = etree.SubElement(sudoers_entry, 'listelement')
5504 principal = etree.SubElement(listelement, 'principal')
5505 principal.text = 'fakeu2'
5506 principal.attrib['type'] = 'user'
5507 listelement = etree.SubElement(sudoers_entry, 'listelement')
5508 group = etree.SubElement(listelement, 'principal')
5509 group.text = 'fakeg2'
5510 group.attrib['type'] = 'group'
5511 policysetting.append(data)
5512 ret = stage_file(manifest, etree.tostring(stage))
5513 self.assertTrue(ret, 'Could not create the target %s' % manifest)
5515 # Process all gpos, with temp output directory
5516 data = 'fakeu,fakeg% ALL=(ALL) NOPASSWD: ALL'
5517 data2 = 'fakeu2,fakeg2% ALL=(ALL) NOPASSWD: ALL'
5518 data_no_principal = 'ALL ALL=(ALL) NOPASSWD: ALL'
5519 with TemporaryDirectory() as dname:
5520 ext.process_group_policy([], gpos, dname)
5521 sudoers = os.listdir(dname)
5522 self.assertEqual(len(sudoers), 3, 'The sudoer file was not created')
5523 output = open(os.path.join(dname, sudoers[0]), 'r').read() + \
5524 open(os.path.join(dname, sudoers[1]), 'r').read() + \
5525 open(os.path.join(dname, sudoers[2]), 'r').read()
5526 self.assertIn(data, output,
5527 'The sudoers entry was not applied')
5528 self.assertIn(data2, output,
5529 'The sudoers entry was not applied')
5530 self.assertIn(data_no_principal, output,
5531 'The sudoers entry was not applied')
5533 # Check that a call to gpupdate --rsop also succeeds
5534 ret = rsop(self.lp)
5535 self.assertEqual(ret, 0, 'gpupdate --rsop failed!')
5537 # Remove policy
5538 gp_db = store.get_gplog(machine_creds.get_username())
5539 del_gpos = get_deleted_gpos_list(gp_db, [])
5540 ext.process_group_policy(del_gpos, [])
5541 self.assertEqual(len(os.listdir(dname)), 0,
5542 'Unapply failed to cleanup scripts')
5544 # Unstage the Registry.pol file
5545 unstage_file(manifest)
5547 def test_gp_inf_ext_utf(self):
5548 cache_dir = self.lp.get('cache directory')
5549 store = GPOStorage(os.path.join(cache_dir, 'gpo.tdb'))
5551 machine_creds = Credentials()
5552 machine_creds.guess(self.lp)
5553 machine_creds.set_machine_account()
5555 ext = gp_inf_ext(self.lp, machine_creds,
5556 machine_creds.get_username(), store)
5557 test_data = '[Kerberos Policy]\nMaxTicketAge = 99\n'
5559 with NamedTemporaryFile() as f:
5560 with codecs.open(f.name, 'w', 'utf-16') as w:
5561 w.write(test_data)
5562 try:
5563 inf_conf = ext.read(f.name)
5564 except UnicodeDecodeError:
5565 self.fail('Failed to parse utf-16')
5566 self.assertIn('Kerberos Policy', inf_conf.keys(),
5567 'Kerberos Policy was not read from the file')
5568 self.assertEqual(inf_conf.get('Kerberos Policy', 'MaxTicketAge'),
5569 '99', 'MaxTicketAge was not read from the file')
5571 with NamedTemporaryFile() as f:
5572 with codecs.open(f.name, 'w', 'utf-8') as w:
5573 w.write(test_data)
5574 inf_conf = ext.read(f.name)
5575 self.assertIn('Kerberos Policy', inf_conf.keys(),
5576 'Kerberos Policy was not read from the file')
5577 self.assertEqual(inf_conf.get('Kerberos Policy', 'MaxTicketAge'),
5578 '99', 'MaxTicketAge was not read from the file')
5580 def test_rsop(self):
5581 cache_dir = self.lp.get('cache directory')
5582 local_path = self.lp.cache_path('gpo_cache')
5583 store = GPOStorage(os.path.join(cache_dir, 'gpo.tdb'))
5585 machine_creds = Credentials()
5586 machine_creds.guess(self.lp)
5587 machine_creds.set_machine_account()
5589 gpos = get_gpo_list(self.server, machine_creds, self.lp,
5590 machine_creds.get_username())
5592 gp_extensions = []
5593 gp_extensions.append(gp_krb_ext)
5594 gp_extensions.append(gp_scripts_ext)
5595 gp_extensions.append(gp_sudoers_ext)
5596 gp_extensions.append(gp_smb_conf_ext)
5597 gp_extensions.append(gp_msgs_ext)
5599 # Create registry stage data
5600 reg_pol = os.path.join(local_path, policies, '%s/MACHINE/REGISTRY.POL')
5601 reg_stage = preg.file()
5602 e = preg.entry()
5603 e.keyname = b'Software\\Policies\\Samba\\Unix Settings\\Daily Scripts'
5604 e.valuename = b'Software\\Policies\\Samba\\Unix Settings'
5605 e.type = 1
5606 e.data = b'echo hello world'
5607 e2 = preg.entry()
5608 e2.keyname = b'Software\\Policies\\Samba\\Unix Settings\\Sudo Rights'
5609 e2.valuename = b'Software\\Policies\\Samba\\Unix Settings'
5610 e2.type = 1
5611 e2.data = b'fakeu ALL=(ALL) NOPASSWD: ALL'
5612 e3 = preg.entry()
5613 e3.keyname = 'Software\\Policies\\Samba\\smb_conf\\apply group policies'
5614 e3.type = 4
5615 e3.data = 1
5616 e3.valuename = 'apply group policies'
5617 e4 = preg.entry()
5618 e4.keyname = b'Software\\Policies\\Samba\\Unix Settings\\Messages'
5619 e4.valuename = b'issue'
5620 e4.type = 1
5621 e4.data = b'Welcome to \\s \\r \\l'
5622 reg_stage.num_entries = 4
5623 reg_stage.entries = [e, e2, e3, e4]
5625 # Create krb stage date
5626 gpofile = os.path.join(local_path, policies, '%s/MACHINE/MICROSOFT/' \
5627 'WINDOWS NT/SECEDIT/GPTTMPL.INF')
5628 krb_stage = '[Kerberos Policy]\nMaxTicketAge = 99\n' \
5629 '[System Access]\nMinimumPasswordAge = 998\n'
5631 for g in [g for g in gpos if g.file_sys_path]:
5632 ret = stage_file(gpofile % g.name, krb_stage)
5633 self.assertTrue(ret, 'Could not create the target %s' %
5634 (gpofile % g.name))
5635 ret = stage_file(reg_pol % g.name, ndr_pack(reg_stage))
5636 self.assertTrue(ret, 'Could not create the target %s' %
5637 (reg_pol % g.name))
5638 for ext in gp_extensions:
5639 ext = ext(self.lp, machine_creds,
5640 machine_creds.get_username(), store)
5641 ret = ext.rsop(g)
5642 self.assertEqual(len(ret.keys()), 1,
5643 'A single policy should have been displayed')
5645 # Check the Security Extension
5646 if type(ext) == gp_krb_ext:
5647 self.assertIn('Kerberos Policy', ret.keys(),
5648 'Kerberos Policy not found')
5649 self.assertIn('MaxTicketAge', ret['Kerberos Policy'],
5650 'MaxTicketAge setting not found')
5651 self.assertEqual(ret['Kerberos Policy']['MaxTicketAge'], '99',
5652 'MaxTicketAge was not set to 99')
5653 # Check the Scripts Extension
5654 elif type(ext) == gp_scripts_ext:
5655 self.assertIn('Daily Scripts', ret.keys(),
5656 'Daily Scripts not found')
5657 self.assertIn('echo hello world', ret['Daily Scripts'],
5658 'Daily script was not created')
5659 # Check the Sudoers Extension
5660 elif type(ext) == gp_sudoers_ext:
5661 self.assertIn('Sudo Rights', ret.keys(),
5662 'Sudoers not found')
5663 self.assertIn('fakeu ALL=(ALL) NOPASSWD: ALL',
5664 ret['Sudo Rights'],
5665 'Sudoers policy not created')
5666 # Check the smb.conf Extension
5667 elif type(ext) == gp_smb_conf_ext:
5668 self.assertIn('smb.conf', ret.keys(),
5669 'apply group policies was not applied')
5670 self.assertIn(e3.valuename, ret['smb.conf'],
5671 'apply group policies was not applied')
5672 self.assertEqual(ret['smb.conf'][e3.valuename], e3.data,
5673 'apply group policies was not set')
5674 # Check the Messages Extension
5675 elif type(ext) == gp_msgs_ext:
5676 self.assertIn('/etc/issue', ret,
5677 'Login Prompt Message not applied')
5678 self.assertEqual(ret['/etc/issue'], e4.data,
5679 'Login Prompt Message not set')
5681 # Check that a call to gpupdate --rsop also succeeds
5682 ret = rsop(self.lp)
5683 self.assertEqual(ret, 0, 'gpupdate --rsop failed!')
5685 unstage_file(gpofile % g.name)
5686 unstage_file(reg_pol % g.name)
5688 def test_gp_unapply(self):
5689 cache_dir = self.lp.get('cache directory')
5690 local_path = self.lp.cache_path('gpo_cache')
5691 guid = '{31B2F340-016D-11D2-945F-00C04FB984F9}'
5692 store = GPOStorage(os.path.join(cache_dir, 'gpo.tdb'))
5694 machine_creds = Credentials()
5695 machine_creds.guess(self.lp)
5696 machine_creds.set_machine_account()
5698 gpos = get_gpo_list(self.server, machine_creds, self.lp,
5699 machine_creds.get_username())
5701 gp_extensions = []
5702 gp_extensions.append(gp_krb_ext)
5703 gp_extensions.append(gp_scripts_ext)
5704 gp_extensions.append(gp_sudoers_ext)
5706 # Create registry stage data
5707 reg_pol = os.path.join(local_path, policies, '%s/MACHINE/REGISTRY.POL')
5708 reg_stage = preg.file()
5709 e = preg.entry()
5710 e.keyname = b'Software\\Policies\\Samba\\Unix Settings\\Daily Scripts'
5711 e.valuename = b'Software\\Policies\\Samba\\Unix Settings'
5712 e.type = 1
5713 e.data = b'echo hello world'
5714 e2 = preg.entry()
5715 e2.keyname = b'Software\\Policies\\Samba\\Unix Settings\\Sudo Rights'
5716 e2.valuename = b'Software\\Policies\\Samba\\Unix Settings'
5717 e2.type = 1
5718 e2.data = b'fakeu ALL=(ALL) NOPASSWD: ALL'
5719 reg_stage.num_entries = 2
5720 reg_stage.entries = [e, e2]
5722 # Create krb stage date
5723 gpofile = os.path.join(local_path, policies, '%s/MACHINE/MICROSOFT/' \
5724 'WINDOWS NT/SECEDIT/GPTTMPL.INF')
5725 krb_stage = '[Kerberos Policy]\nMaxTicketAge = 99\n'
5727 ret = stage_file(gpofile % guid, krb_stage)
5728 self.assertTrue(ret, 'Could not create the target %s' %
5729 (gpofile % guid))
5730 ret = stage_file(reg_pol % guid, ndr_pack(reg_stage))
5731 self.assertTrue(ret, 'Could not create the target %s' %
5732 (reg_pol % guid))
5734 # Process all gpos, with temp output directory
5735 remove = []
5736 with TemporaryDirectory() as dname:
5737 for ext in gp_extensions:
5738 ext = ext(self.lp, machine_creds,
5739 machine_creds.get_username(), store)
5740 if type(ext) == gp_krb_ext:
5741 ext.process_group_policy([], gpos)
5742 ret = store.get_int('kdc:user_ticket_lifetime')
5743 self.assertEqual(ret, 99, 'Kerberos policy was not set')
5744 elif type(ext) in [gp_scripts_ext, gp_sudoers_ext]:
5745 ext.process_group_policy([], gpos, dname)
5746 gp_db = store.get_gplog(machine_creds.get_username())
5747 applied_settings = gp_db.get_applied_settings([guid])
5748 for _, fname in applied_settings[-1][-1][str(ext)].items():
5749 fname = fname.split(':')[-1]
5750 self.assertIn(dname, fname,
5751 'Test file not created in tmp dir')
5752 self.assertTrue(os.path.exists(fname),
5753 'Test file not created')
5754 remove.append(fname)
5756 # Unapply policy, and ensure policies are removed
5757 gpupdate_unapply(self.lp)
5759 for fname in remove:
5760 self.assertFalse(os.path.exists(fname),
5761 'Unapply did not remove test file')
5762 ret = store.get_int('kdc:user_ticket_lifetime')
5763 self.assertNotEqual(ret, 99, 'Kerberos policy was not unapplied')
5765 unstage_file(gpofile % guid)
5766 unstage_file(reg_pol % guid)
5768 def test_smb_conf_ext(self):
5769 local_path = self.lp.cache_path('gpo_cache')
5770 guids = ['{31B2F340-016D-11D2-945F-00C04FB984F9}',
5771 '{6AC1786C-016F-11D2-945F-00C04FB984F9}']
5772 reg_pol = os.path.join(local_path, policies, guids[0],
5773 'MACHINE/REGISTRY.POL')
5774 reg_pol2 = os.path.join(local_path, policies, guids[1],
5775 'MACHINE/REGISTRY.POL')
5776 cache_dir = self.lp.get('cache directory')
5777 store = GPOStorage(os.path.join(cache_dir, 'gpo.tdb'))
5779 machine_creds = Credentials()
5780 machine_creds.guess(self.lp)
5781 machine_creds.set_machine_account()
5783 gpos = get_gpo_list(self.server, machine_creds, self.lp,
5784 machine_creds.get_username())
5786 entries = []
5787 e = preg.entry()
5788 e.keyname = 'Software\\Policies\\Samba\\smb_conf\\template homedir'
5789 e.type = 1
5790 e.data = '/home/samba/%D/%U'
5791 e.valuename = 'template homedir'
5792 entries.append(e)
5793 e = preg.entry()
5794 e.keyname = 'Software\\Policies\\Samba\\smb_conf\\apply group policies'
5795 e.type = 4
5796 e.data = 1
5797 e.valuename = 'apply group policies'
5798 entries.append(e)
5799 e = preg.entry()
5800 e.keyname = 'Software\\Policies\\Samba\\smb_conf\\ldap timeout'
5801 e.type = 4
5802 e.data = 9999
5803 e.valuename = 'ldap timeout'
5804 entries.append(e)
5805 stage = preg.file()
5806 stage.num_entries = len(entries)
5807 stage.entries = entries
5809 ret = stage_file(reg_pol, ndr_pack(stage))
5810 self.assertTrue(ret, 'Failed to create the Registry.pol file')
5812 # Stage the other Registry.pol
5813 entries = []
5814 e = preg.entry()
5815 e.keyname = 'Software\\Policies\\Samba\\smb_conf\\apply group policies'
5816 e.type = 4
5817 e.data = 0
5818 e.valuename = 'apply group policies'
5819 entries.append(e)
5820 stage = preg.file()
5821 stage.num_entries = len(entries)
5822 stage.entries = entries
5823 ret = stage_file(reg_pol2, ndr_pack(stage))
5824 self.assertTrue(ret, 'Failed to create the Registry.pol file')
5826 with NamedTemporaryFile(suffix='_smb.conf') as f:
5827 copyfile(self.lp.configfile, f.name)
5828 lp = LoadParm(f.name)
5830 # Initialize the group policy extension
5831 ext = gp_smb_conf_ext(lp, machine_creds,
5832 machine_creds.get_username(), store)
5833 ext.process_group_policy([], gpos)
5834 lp = LoadParm(f.name)
5836 template_homedir = lp.get('template homedir')
5837 self.assertEqual(template_homedir, '/home/samba/%D/%U',
5838 'template homedir was not applied')
5839 apply_group_policies = lp.get('apply group policies')
5840 self.assertFalse(apply_group_policies,
5841 'apply group policies was not applied')
5842 ldap_timeout = lp.get('ldap timeout')
5843 self.assertEqual(ldap_timeout, 9999, 'ldap timeout was not applied')
5845 # Force apply with removal of second GPO
5846 gp_db = store.get_gplog(machine_creds.get_username())
5847 del_gpos = gp_db.get_applied_settings([guids[1]])
5848 gpos = [gpo for gpo in gpos if gpo.name != guids[1]]
5849 ext.process_group_policy(del_gpos, gpos)
5850 lp = LoadParm(f.name)
5852 template_homedir = lp.get('template homedir')
5853 self.assertEqual(template_homedir, '/home/samba/%D/%U',
5854 'template homedir was not applied')
5855 apply_group_policies = lp.get('apply group policies')
5856 self.assertTrue(apply_group_policies,
5857 'apply group policies was not applied')
5858 ldap_timeout = lp.get('ldap timeout')
5859 self.assertEqual(ldap_timeout, 9999, 'ldap timeout was not applied')
5861 # Check that a call to gpupdate --rsop also succeeds
5862 ret = rsop(self.lp)
5863 self.assertEqual(ret, 0, 'gpupdate --rsop failed!')
5865 # Remove policy
5866 del_gpos = get_deleted_gpos_list(gp_db, [])
5867 ext.process_group_policy(del_gpos, [])
5869 lp = LoadParm(f.name)
5871 template_homedir = lp.get('template homedir')
5872 self.assertEqual(template_homedir, self.lp.get('template homedir'),
5873 'template homedir was not unapplied')
5874 apply_group_policies = lp.get('apply group policies')
5875 self.assertEqual(apply_group_policies, self.lp.get('apply group policies'),
5876 'apply group policies was not unapplied')
5877 ldap_timeout = lp.get('ldap timeout')
5878 self.assertEqual(ldap_timeout, self.lp.get('ldap timeout'),
5879 'ldap timeout was not unapplied')
5881 # Unstage the Registry.pol file
5882 unstage_file(reg_pol)
5884 def test_gp_motd(self):
5885 local_path = self.lp.cache_path('gpo_cache')
5886 guids = ['{31B2F340-016D-11D2-945F-00C04FB984F9}',
5887 '{6AC1786C-016F-11D2-945F-00C04FB984F9}']
5888 reg_pol = os.path.join(local_path, policies, guids[0],
5889 'MACHINE/REGISTRY.POL')
5890 reg_pol2 = os.path.join(local_path, policies, guids[1],
5891 'MACHINE/REGISTRY.POL')
5892 cache_dir = self.lp.get('cache directory')
5893 store = GPOStorage(os.path.join(cache_dir, 'gpo.tdb'))
5895 machine_creds = Credentials()
5896 machine_creds.guess(self.lp)
5897 machine_creds.set_machine_account()
5899 # Initialize the group policy extension
5900 ext = gp_msgs_ext(self.lp, machine_creds,
5901 machine_creds.get_username(), store)
5903 gpos = get_gpo_list(self.server, machine_creds, self.lp,
5904 machine_creds.get_username())
5906 # Stage the Registry.pol file with test data
5907 stage = preg.file()
5908 e1 = preg.entry()
5909 e1.keyname = b'Software\\Policies\\Samba\\Unix Settings\\Messages'
5910 e1.valuename = b'motd'
5911 e1.type = 1
5912 e1.data = b'Have a lot of fun!'
5913 stage.num_entries = 2
5914 e2 = preg.entry()
5915 e2.keyname = b'Software\\Policies\\Samba\\Unix Settings\\Messages'
5916 e2.valuename = b'issue'
5917 e2.type = 1
5918 e2.data = b'Welcome to \\s \\r \\l'
5919 stage.entries = [e1, e2]
5920 ret = stage_file(reg_pol, ndr_pack(stage))
5921 self.assertTrue(ret, 'Could not create the target %s' % reg_pol)
5923 # Stage the other Registry.pol
5924 stage = preg.file()
5925 e3 = preg.entry()
5926 e3.keyname = b'Software\\Policies\\Samba\\Unix Settings\\Messages'
5927 e3.valuename = b'motd'
5928 e3.type = 1
5929 e3.data = b'This should overwrite the first policy'
5930 stage.num_entries = 1
5931 stage.entries = [e3]
5932 ret = stage_file(reg_pol2, ndr_pack(stage))
5933 self.assertTrue(ret, 'Could not create the target %s' % reg_pol2)
5935 # Process all gpos, with temp output directory
5936 with TemporaryDirectory() as dname:
5937 ext.process_group_policy([], gpos, dname)
5938 motd_file = os.path.join(dname, 'motd')
5939 self.assertTrue(os.path.exists(motd_file),
5940 'Message of the day file not created')
5941 data = open(motd_file, 'r').read()
5942 self.assertEqual(data, e3.data, 'Message of the day not applied')
5943 issue_file = os.path.join(dname, 'issue')
5944 self.assertTrue(os.path.exists(issue_file),
5945 'Login Prompt Message file not created')
5946 data = open(issue_file, 'r').read()
5947 self.assertEqual(data, e2.data, 'Login Prompt Message not applied')
5949 # Force apply with removal of second GPO
5950 gp_db = store.get_gplog(machine_creds.get_username())
5951 del_gpos = gp_db.get_applied_settings([guids[1]])
5952 gpos = [gpo for gpo in gpos if gpo.name != guids[1]]
5953 ext.process_group_policy(del_gpos, gpos, dname)
5955 self.assertTrue(os.path.exists(motd_file),
5956 'Message of the day file not created')
5957 data = open(motd_file, 'r').read()
5958 self.assertEqual(data, e1.data, 'Message of the day not applied')
5959 issue_file = os.path.join(dname, 'issue')
5960 self.assertTrue(os.path.exists(issue_file),
5961 'Login Prompt Message file not created')
5962 data = open(issue_file, 'r').read()
5963 self.assertEqual(data, e2.data, 'Login Prompt Message not applied')
5965 # Check that a call to gpupdate --rsop also succeeds
5966 ret = rsop(self.lp)
5967 self.assertEqual(ret, 0, 'gpupdate --rsop failed!')
5969 # Unapply policy, and ensure the test files are removed
5970 del_gpos = get_deleted_gpos_list(gp_db, [])
5971 ext.process_group_policy(del_gpos, [], dname)
5972 data = open(motd_file, 'r').read()
5973 self.assertFalse(data, 'Message of the day file not removed')
5974 data = open(issue_file, 'r').read()
5975 self.assertFalse(data, 'Login Prompt Message file not removed')
5977 # Unstage the Registry.pol file
5978 unstage_file(reg_pol)
5980 def test_vgp_symlink(self):
5981 local_path = self.lp.cache_path('gpo_cache')
5982 guid = '{31B2F340-016D-11D2-945F-00C04FB984F9}'
5983 manifest = os.path.join(local_path, policies, guid, 'MACHINE',
5984 'VGP/VTLA/UNIX/SYMLINK/MANIFEST.XML')
5985 cache_dir = self.lp.get('cache directory')
5986 store = GPOStorage(os.path.join(cache_dir, 'gpo.tdb'))
5988 machine_creds = Credentials()
5989 machine_creds.guess(self.lp)
5990 machine_creds.set_machine_account()
5992 # Initialize the group policy extension
5993 ext = vgp_symlink_ext(self.lp, machine_creds,
5994 machine_creds.get_username(), store)
5996 gpos = get_gpo_list(self.server, machine_creds, self.lp,
5997 machine_creds.get_username())
5999 with TemporaryDirectory() as dname:
6000 test_source = os.path.join(dname, 'test.source')
6001 test_target = os.path.join(dname, 'test.target')
6003 # Stage the manifest.xml file with test data
6004 stage = etree.Element('vgppolicy')
6005 policysetting = etree.Element('policysetting')
6006 stage.append(policysetting)
6007 version = etree.Element('version')
6008 version.text = '1'
6009 policysetting.append(version)
6010 data = etree.Element('data')
6011 file_properties = etree.Element('file_properties')
6012 source = etree.Element('source')
6013 source.text = test_source
6014 file_properties.append(source)
6015 target = etree.Element('target')
6016 target.text = test_target
6017 file_properties.append(target)
6018 data.append(file_properties)
6019 policysetting.append(data)
6020 ret = stage_file(manifest, etree.tostring(stage))
6021 self.assertTrue(ret, 'Could not create the target %s' % manifest)
6023 # Create test source
6024 test_source_data = 'hello world!'
6025 with open(test_source, 'w') as w:
6026 w.write(test_source_data)
6028 # Process all gpos, with temp output directory
6029 ext.process_group_policy([], gpos)
6030 self.assertTrue(os.path.exists(test_target),
6031 'The test symlink was not created')
6032 self.assertTrue(os.path.islink(test_target),
6033 'The test file is not a symlink')
6034 self.assertIn(test_source_data, open(test_target, 'r').read(),
6035 'Reading from symlink does not produce source data')
6037 # Unapply the policy, ensure removal
6038 gp_db = store.get_gplog(machine_creds.get_username())
6039 del_gpos = get_deleted_gpos_list(gp_db, [])
6040 ext.process_group_policy(del_gpos, [])
6041 self.assertFalse(os.path.exists(test_target),
6042 'The test symlink was not delete')
6044 # Verify RSOP
6045 ret = ext.rsop([g for g in gpos if g.name == guid][0])
6046 self.assertIn('ln -s %s %s' % (test_source, test_target),
6047 list(ret.values())[0])
6049 # Check that a call to gpupdate --rsop also succeeds
6050 ret = rsop(self.lp)
6051 self.assertEqual(ret, 0, 'gpupdate --rsop failed!')
6053 # Unstage the manifest.xml file
6054 unstage_file(manifest)
6056 def test_vgp_files(self):
6057 local_path = self.lp.cache_path('gpo_cache')
6058 guid = '{31B2F340-016D-11D2-945F-00C04FB984F9}'
6059 manifest = os.path.join(local_path, policies, guid, 'MACHINE',
6060 'VGP/VTLA/UNIX/FILES/MANIFEST.XML')
6061 source_file = os.path.join(os.path.dirname(manifest), 'TEST.SOURCE')
6062 source_data = '#!/bin/sh\necho hello world'
6063 ret = stage_file(source_file, source_data)
6064 self.assertTrue(ret, 'Could not create the target %s' % source_file)
6065 cache_dir = self.lp.get('cache directory')
6066 store = GPOStorage(os.path.join(cache_dir, 'gpo.tdb'))
6068 machine_creds = Credentials()
6069 machine_creds.guess(self.lp)
6070 machine_creds.set_machine_account()
6072 # Initialize the group policy extension
6073 ext = vgp_files_ext(self.lp, machine_creds,
6074 machine_creds.get_username(), store)
6076 gpos = get_gpo_list(self.server, machine_creds, self.lp,
6077 machine_creds.get_username())
6079 # Stage the manifest.xml file with test data
6080 with TemporaryDirectory() as dname:
6081 stage = etree.Element('vgppolicy')
6082 policysetting = etree.Element('policysetting')
6083 stage.append(policysetting)
6084 version = etree.Element('version')
6085 version.text = '1'
6086 policysetting.append(version)
6087 data = etree.Element('data')
6088 file_properties = etree.SubElement(data, 'file_properties')
6089 source = etree.SubElement(file_properties, 'source')
6090 source.text = os.path.basename(source_file).lower()
6091 target = etree.SubElement(file_properties, 'target')
6092 target.text = os.path.join(dname, 'test.target')
6093 user = etree.SubElement(file_properties, 'user')
6094 user.text = pwd.getpwuid(os.getuid()).pw_name
6095 group = etree.SubElement(file_properties, 'group')
6096 group.text = grp.getgrgid(os.getgid()).gr_name
6097 # Request permissions of 755
6098 permissions = etree.SubElement(file_properties, 'permissions')
6099 permissions.set('type', 'user')
6100 etree.SubElement(permissions, 'read')
6101 etree.SubElement(permissions, 'write')
6102 etree.SubElement(permissions, 'execute')
6103 permissions = etree.SubElement(file_properties, 'permissions')
6104 permissions.set('type', 'group')
6105 etree.SubElement(permissions, 'read')
6106 etree.SubElement(permissions, 'execute')
6107 permissions = etree.SubElement(file_properties, 'permissions')
6108 permissions.set('type', 'other')
6109 etree.SubElement(permissions, 'read')
6110 etree.SubElement(permissions, 'execute')
6111 policysetting.append(data)
6112 ret = stage_file(manifest, etree.tostring(stage))
6113 self.assertTrue(ret, 'Could not create the target %s' % manifest)
6115 # Process all gpos, with temp output directory
6116 ext.process_group_policy([], gpos)
6117 self.assertTrue(os.path.exists(target.text),
6118 'The target file does not exist')
6119 self.assertEqual(os.stat(target.text).st_mode & 0o777, 0o755,
6120 'The target file permissions are incorrect')
6121 self.assertEqual(open(target.text).read(), source_data,
6122 'The target file contents are incorrect')
6124 # Remove policy
6125 gp_db = store.get_gplog(machine_creds.get_username())
6126 del_gpos = get_deleted_gpos_list(gp_db, [])
6127 ext.process_group_policy(del_gpos, [])
6128 self.assertFalse(os.path.exists(target.text),
6129 'The target file was not removed')
6131 # Test rsop
6132 g = [g for g in gpos if g.name == guid][0]
6133 ret = ext.rsop(g)
6134 self.assertIn(target.text, list(ret.values())[0][0],
6135 'The target file was not listed by rsop')
6136 self.assertIn('-rwxr-xr-x', list(ret.values())[0][0],
6137 'The target permissions were not listed by rsop')
6139 # Check that a call to gpupdate --rsop also succeeds
6140 ret = rsop(self.lp)
6141 self.assertEqual(ret, 0, 'gpupdate --rsop failed!')
6143 # Unstage the manifest and source files
6144 unstage_file(manifest)
6145 unstage_file(source_file)
6147 def test_vgp_openssh(self):
6148 local_path = self.lp.cache_path('gpo_cache')
6149 guid = '{31B2F340-016D-11D2-945F-00C04FB984F9}'
6150 manifest = os.path.join(local_path, policies, guid, 'MACHINE',
6151 'VGP/VTLA/SSHCFG/SSHD/MANIFEST.XML')
6152 cache_dir = self.lp.get('cache directory')
6153 store = GPOStorage(os.path.join(cache_dir, 'gpo.tdb'))
6155 machine_creds = Credentials()
6156 machine_creds.guess(self.lp)
6157 machine_creds.set_machine_account()
6159 # Initialize the group policy extension
6160 ext = vgp_openssh_ext(self.lp, machine_creds,
6161 machine_creds.get_username(), store)
6163 gpos = get_gpo_list(self.server, machine_creds, self.lp,
6164 machine_creds.get_username())
6166 # Stage the manifest.xml file with test data
6167 stage = etree.Element('vgppolicy')
6168 policysetting = etree.Element('policysetting')
6169 stage.append(policysetting)
6170 version = etree.Element('version')
6171 version.text = '1'
6172 policysetting.append(version)
6173 data = etree.Element('data')
6174 configfile = etree.Element('configfile')
6175 configsection = etree.Element('configsection')
6176 sectionname = etree.Element('sectionname')
6177 configsection.append(sectionname)
6178 kvpair = etree.Element('keyvaluepair')
6179 key = etree.Element('key')
6180 key.text = 'AddressFamily'
6181 kvpair.append(key)
6182 value = etree.Element('value')
6183 value.text = 'inet6'
6184 kvpair.append(value)
6185 configsection.append(kvpair)
6186 configfile.append(configsection)
6187 data.append(configfile)
6188 policysetting.append(data)
6189 ret = stage_file(manifest, etree.tostring(stage))
6190 self.assertTrue(ret, 'Could not create the target %s' % manifest)
6192 # Process all gpos, with temp output directory
6193 data = 'AddressFamily inet6'
6194 with TemporaryDirectory() as dname:
6195 ext.process_group_policy([], gpos, dname)
6196 conf = os.listdir(dname)
6197 self.assertEqual(len(conf), 1, 'The conf file was not created')
6198 gp_cfg = os.path.join(dname, conf[0])
6199 self.assertIn(data, open(gp_cfg, 'r').read(),
6200 'The sshd_config entry was not applied')
6202 # Check that a call to gpupdate --rsop also succeeds
6203 ret = rsop(self.lp)
6204 self.assertEqual(ret, 0, 'gpupdate --rsop failed!')
6206 # Remove policy
6207 gp_db = store.get_gplog(machine_creds.get_username())
6208 del_gpos = get_deleted_gpos_list(gp_db, [])
6209 ext.process_group_policy(del_gpos, [], dname)
6210 self.assertFalse(os.path.exists(gp_cfg),
6211 'Unapply failed to cleanup config')
6213 # Unstage the Registry.pol file
6214 unstage_file(manifest)
6216 def test_vgp_startup_scripts(self):
6217 local_path = self.lp.cache_path('gpo_cache')
6218 guid = '{31B2F340-016D-11D2-945F-00C04FB984F9}'
6219 manifest = os.path.join(local_path, policies, guid, 'MACHINE',
6220 'VGP/VTLA/UNIX/SCRIPTS/STARTUP/MANIFEST.XML')
6221 test_script = os.path.join(os.path.dirname(manifest), 'TEST.SH')
6222 test_data = '#!/bin/sh\necho $@ hello world'
6223 ret = stage_file(test_script, test_data)
6224 self.assertTrue(ret, 'Could not create the target %s' % test_script)
6225 cache_dir = self.lp.get('cache directory')
6226 store = GPOStorage(os.path.join(cache_dir, 'gpo.tdb'))
6228 machine_creds = Credentials()
6229 machine_creds.guess(self.lp)
6230 machine_creds.set_machine_account()
6232 # Initialize the group policy extension
6233 ext = vgp_startup_scripts_ext(self.lp, machine_creds,
6234 machine_creds.get_username(), store)
6236 gpos = get_gpo_list(self.server, machine_creds, self.lp,
6237 machine_creds.get_username())
6239 # Stage the manifest.xml file with test data
6240 stage = etree.Element('vgppolicy')
6241 policysetting = etree.SubElement(stage, 'policysetting')
6242 version = etree.SubElement(policysetting, 'version')
6243 version.text = '1'
6244 data = etree.SubElement(policysetting, 'data')
6245 listelement = etree.SubElement(data, 'listelement')
6246 script = etree.SubElement(listelement, 'script')
6247 script.text = os.path.basename(test_script).lower()
6248 parameters = etree.SubElement(listelement, 'parameters')
6249 parameters.text = '-n'
6250 hash = etree.SubElement(listelement, 'hash')
6251 hash.text = \
6252 hashlib.md5(open(test_script, 'rb').read()).hexdigest().upper()
6253 run_as = etree.SubElement(listelement, 'run_as')
6254 run_as.text = 'root'
6255 ret = stage_file(manifest, etree.tostring(stage))
6256 self.assertTrue(ret, 'Could not create the target %s' % manifest)
6258 # Process all gpos, with temp output directory
6259 with TemporaryDirectory() as dname:
6260 ext.process_group_policy([], gpos, dname)
6261 files = os.listdir(dname)
6262 self.assertEqual(len(files), 1,
6263 'The target script was not created')
6264 entry = '@reboot %s %s %s' % (run_as.text, test_script,
6265 parameters.text)
6266 self.assertIn(entry,
6267 open(os.path.join(dname, files[0]), 'r').read(),
6268 'The test entry was not found')
6270 # Remove policy
6271 gp_db = store.get_gplog(machine_creds.get_username())
6272 del_gpos = get_deleted_gpos_list(gp_db, [])
6273 ext.process_group_policy(del_gpos, [])
6274 files = os.listdir(dname)
6275 self.assertEqual(len(files), 0,
6276 'The target script was not removed')
6278 # Test rsop
6279 g = [g for g in gpos if g.name == guid][0]
6280 ret = ext.rsop(g)
6281 self.assertIn(entry, list(ret.values())[0][0],
6282 'The target entry was not listed by rsop')
6284 # Check that a call to gpupdate --rsop also succeeds
6285 ret = rsop(self.lp)
6286 self.assertEqual(ret, 0, 'gpupdate --rsop failed!')
6288 # Unstage the manifest.xml and script files
6289 unstage_file(manifest)
6291 # Stage the manifest.xml file for run once scripts
6292 etree.SubElement(listelement, 'run_once')
6293 run_as.text = pwd.getpwuid(os.getuid()).pw_name
6294 ret = stage_file(manifest, etree.tostring(stage))
6295 self.assertTrue(ret, 'Could not create the target %s' % manifest)
6297 # Process all gpos, with temp output directory
6298 # A run once script will be executed immediately,
6299 # instead of creating a cron job
6300 with TemporaryDirectory() as dname:
6301 test_file = '%s/TESTING.txt' % dname
6302 test_data = '#!/bin/sh\ntouch %s' % test_file
6303 ret = stage_file(test_script, test_data)
6304 self.assertTrue(ret, 'Could not create the target %s' % test_script)
6306 ext.process_group_policy([], gpos, dname)
6307 files = os.listdir(dname)
6308 self.assertEqual(len(files), 1,
6309 'The test file was not created')
6310 self.assertEqual(files[0], os.path.basename(test_file),
6311 'The test file was not created')
6313 # Unlink the test file and ensure that processing
6314 # policy again does not recreate it.
6315 os.unlink(test_file)
6316 ext.process_group_policy([], gpos, dname)
6317 files = os.listdir(dname)
6318 self.assertEqual(len(files), 0,
6319 'The test file should not have been created')
6321 # Remove policy
6322 gp_db = store.get_gplog(machine_creds.get_username())
6323 del_gpos = get_deleted_gpos_list(gp_db, [])
6324 ext.process_group_policy(del_gpos, [])
6326 # Test rsop
6327 entry = 'Run once as: %s `%s %s`' % (run_as.text, test_script,
6328 parameters.text)
6329 g = [g for g in gpos if g.name == guid][0]
6330 ret = ext.rsop(g)
6331 self.assertIn(entry, list(ret.values())[0][0],
6332 'The target entry was not listed by rsop')
6334 # Check that a call to gpupdate --rsop also succeeds
6335 ret = rsop(self.lp)
6336 self.assertEqual(ret, 0, 'gpupdate --rsop failed!')
6338 # Unstage the manifest.xml and script files
6339 unstage_file(manifest)
6341 # Stage the manifest.xml file for a script without parameters
6342 stage = etree.Element('vgppolicy')
6343 policysetting = etree.SubElement(stage, 'policysetting')
6344 version = etree.SubElement(policysetting, 'version')
6345 version.text = '1'
6346 data = etree.SubElement(policysetting, 'data')
6347 listelement = etree.SubElement(data, 'listelement')
6348 script = etree.SubElement(listelement, 'script')
6349 script.text = os.path.basename(test_script).lower()
6350 hash = etree.SubElement(listelement, 'hash')
6351 hash.text = \
6352 hashlib.md5(open(test_script, 'rb').read()).hexdigest().upper()
6353 run_as = etree.SubElement(listelement, 'run_as')
6354 run_as.text = 'root'
6355 ret = stage_file(manifest, etree.tostring(stage))
6356 self.assertTrue(ret, 'Could not create the target %s' % manifest)
6358 # Process all gpos, with temp output directory
6359 with TemporaryDirectory() as dname:
6360 try:
6361 ext.process_group_policy([], gpos, dname)
6362 except Exception as e:
6363 self.fail(str(e))
6364 files = os.listdir(dname)
6365 self.assertEqual(len(files), 1,
6366 'The target script was not created')
6367 entry = '@reboot %s %s' % (run_as.text, test_script)
6368 self.assertIn(entry,
6369 open(os.path.join(dname, files[0]), 'r').read(),
6370 'The test entry was not found')
6372 # Remove policy
6373 gp_db = store.get_gplog(machine_creds.get_username())
6374 del_gpos = get_deleted_gpos_list(gp_db, [])
6375 ext.process_group_policy(del_gpos, [])
6376 files = os.listdir(dname)
6377 self.assertEqual(len(files), 0,
6378 'The target script was not removed')
6380 # Test rsop
6381 g = [g for g in gpos if g.name == guid][0]
6382 ret = ext.rsop(g)
6383 self.assertIn(entry, list(ret.values())[0][0],
6384 'The target entry was not listed by rsop')
6386 # Check that a call to gpupdate --rsop also succeeds
6387 ret = rsop(self.lp)
6388 self.assertEqual(ret, 0, 'gpupdate --rsop failed!')
6390 # Unstage the manifest.xml and script files
6391 unstage_file(manifest)
6392 unstage_file(test_script)
6394 def test_vgp_motd(self):
6395 local_path = self.lp.cache_path('gpo_cache')
6396 guids = ['{31B2F340-016D-11D2-945F-00C04FB984F9}',
6397 '{6AC1786C-016F-11D2-945F-00C04FB984F9}']
6398 manifest = os.path.join(local_path, policies, guids[0], 'MACHINE',
6399 'VGP/VTLA/UNIX/MOTD/MANIFEST.XML')
6400 manifest2 = os.path.join(local_path, policies, guids[1], 'MACHINE',
6401 'VGP/VTLA/UNIX/MOTD/MANIFEST.XML')
6402 cache_dir = self.lp.get('cache directory')
6403 store = GPOStorage(os.path.join(cache_dir, 'gpo.tdb'))
6405 machine_creds = Credentials()
6406 machine_creds.guess(self.lp)
6407 machine_creds.set_machine_account()
6409 # Initialize the group policy extension
6410 ext = vgp_motd_ext(self.lp, machine_creds,
6411 machine_creds.get_username(), store)
6413 gpos = get_gpo_list(self.server, machine_creds, self.lp,
6414 machine_creds.get_username())
6416 # Stage the manifest.xml file with test data
6417 stage = etree.Element('vgppolicy')
6418 policysetting = etree.SubElement(stage, 'policysetting')
6419 version = etree.SubElement(policysetting, 'version')
6420 version.text = '1'
6421 data = etree.SubElement(policysetting, 'data')
6422 filename = etree.SubElement(data, 'filename')
6423 filename.text = 'motd'
6424 text = etree.SubElement(data, 'text')
6425 text.text = 'This is the message of the day'
6426 ret = stage_file(manifest, etree.tostring(stage))
6427 self.assertTrue(ret, 'Could not create the target %s' % manifest)
6429 # Stage the other manifest.xml
6430 stage = etree.Element('vgppolicy')
6431 policysetting = etree.SubElement(stage, 'policysetting')
6432 version = etree.SubElement(policysetting, 'version')
6433 version.text = '1'
6434 data = etree.SubElement(policysetting, 'data')
6435 filename = etree.SubElement(data, 'filename')
6436 filename.text = 'motd'
6437 text2 = etree.SubElement(data, 'text')
6438 text2.text = 'This should overwrite the first policy'
6439 ret = stage_file(manifest2, etree.tostring(stage))
6440 self.assertTrue(ret, 'Could not create the target %s' % manifest2)
6442 # Process all gpos, with temp output directory
6443 with NamedTemporaryFile() as f:
6444 ext.process_group_policy([], gpos, f.name)
6445 self.assertTrue(os.path.exists(f.name),
6446 'Message of the day file not created')
6447 data = open(f.name, 'r').read()
6448 self.assertEqual(data, text2.text, 'Message of the day not applied')
6450 # Force apply with removal of second GPO
6451 gp_db = store.get_gplog(machine_creds.get_username())
6452 del_gpos = gp_db.get_applied_settings([guids[1]])
6453 gpos = [gpo for gpo in gpos if gpo.name != guids[1]]
6454 ext.process_group_policy(del_gpos, gpos, f.name)
6456 self.assertEqual(open(f.name, 'r').read(), text.text,
6457 'The motd was not applied')
6459 # Check that a call to gpupdate --rsop also succeeds
6460 ret = rsop(self.lp)
6461 self.assertEqual(ret, 0, 'gpupdate --rsop failed!')
6463 # Remove policy
6464 del_gpos = get_deleted_gpos_list(gp_db, [])
6465 ext.process_group_policy(del_gpos, [], f.name)
6466 self.assertNotEqual(open(f.name, 'r').read(), text.text,
6467 'The motd was not unapplied')
6469 # Unstage the manifest files
6470 unstage_file(manifest)
6471 unstage_file(manifest2)
6473 def test_vgp_issue(self):
6474 local_path = self.lp.cache_path('gpo_cache')
6475 guids = ['{31B2F340-016D-11D2-945F-00C04FB984F9}',
6476 '{6AC1786C-016F-11D2-945F-00C04FB984F9}']
6477 manifest = os.path.join(local_path, policies, guids[0], 'MACHINE',
6478 'VGP/VTLA/UNIX/ISSUE/MANIFEST.XML')
6479 manifest2 = os.path.join(local_path, policies, guids[1], 'MACHINE',
6480 'VGP/VTLA/UNIX/ISSUE/MANIFEST.XML')
6481 cache_dir = self.lp.get('cache directory')
6482 store = GPOStorage(os.path.join(cache_dir, 'gpo.tdb'))
6484 machine_creds = Credentials()
6485 machine_creds.guess(self.lp)
6486 machine_creds.set_machine_account()
6488 # Initialize the group policy extension
6489 ext = vgp_issue_ext(self.lp, machine_creds,
6490 machine_creds.get_username(), store)
6492 gpos = get_gpo_list(self.server, machine_creds, self.lp,
6493 machine_creds.get_username())
6495 # Stage the manifest.xml file with test data
6496 stage = etree.Element('vgppolicy')
6497 policysetting = etree.SubElement(stage, 'policysetting')
6498 version = etree.SubElement(policysetting, 'version')
6499 version.text = '1'
6500 data = etree.SubElement(policysetting, 'data')
6501 filename = etree.SubElement(data, 'filename')
6502 filename.text = 'issue'
6503 text = etree.SubElement(data, 'text')
6504 text.text = 'Welcome to Samba!'
6505 ret = stage_file(manifest, etree.tostring(stage))
6506 self.assertTrue(ret, 'Could not create the target %s' % manifest)
6508 # Stage the other manifest.xml
6509 stage = etree.Element('vgppolicy')
6510 policysetting = etree.SubElement(stage, 'policysetting')
6511 version = etree.SubElement(policysetting, 'version')
6512 version.text = '1'
6513 data = etree.SubElement(policysetting, 'data')
6514 filename = etree.SubElement(data, 'filename')
6515 filename.text = 'issue'
6516 text2 = etree.SubElement(data, 'text')
6517 text2.text = 'This test message overwrites the first'
6518 ret = stage_file(manifest2, etree.tostring(stage))
6519 self.assertTrue(ret, 'Could not create the target %s' % manifest2)
6521 # Process all gpos, with temp output directory
6522 with NamedTemporaryFile() as f:
6523 ext.process_group_policy([], gpos, f.name)
6524 self.assertEqual(open(f.name, 'r').read(), text2.text,
6525 'The issue was not applied')
6527 # Force apply with removal of second GPO
6528 gp_db = store.get_gplog(machine_creds.get_username())
6529 del_gpos = gp_db.get_applied_settings([guids[1]])
6530 gpos = [gpo for gpo in gpos if gpo.name != guids[1]]
6531 ext.process_group_policy(del_gpos, gpos, f.name)
6533 self.assertEqual(open(f.name, 'r').read(), text.text,
6534 'The issue was not applied')
6536 # Check that a call to gpupdate --rsop also succeeds
6537 ret = rsop(self.lp)
6538 self.assertEqual(ret, 0, 'gpupdate --rsop failed!')
6540 # Remove policy
6541 del_gpos = get_deleted_gpos_list(gp_db, [])
6542 ext.process_group_policy(del_gpos, [], f.name)
6543 self.assertNotEqual(open(f.name, 'r').read(), text.text,
6544 'The issue was not unapplied')
6546 # Unstage the manifest.xml file
6547 unstage_file(manifest)
6549 def test_vgp_access(self):
6550 local_path = self.lp.cache_path('gpo_cache')
6551 guid = '{31B2F340-016D-11D2-945F-00C04FB984F9}'
6552 allow = os.path.join(local_path, policies, guid, 'MACHINE',
6553 'VGP/VTLA/VAS/HOSTACCESSCONTROL/ALLOW/MANIFEST.XML')
6554 deny = os.path.join(local_path, policies, guid, 'MACHINE',
6555 'VGP/VTLA/VAS/HOSTACCESSCONTROL/DENY/MANIFEST.XML')
6556 cache_dir = self.lp.get('cache directory')
6557 store = GPOStorage(os.path.join(cache_dir, 'gpo.tdb'))
6559 machine_creds = Credentials()
6560 machine_creds.guess(self.lp)
6561 machine_creds.set_machine_account()
6563 # Initialize the group policy extension
6564 winbind_sep = self.lp.get('winbind separator')
6565 self.addCleanup(self.lp.set, 'winbind separator', winbind_sep)
6566 self.lp.set('winbind separator', '+')
6567 ext = vgp_access_ext(self.lp, machine_creds,
6568 machine_creds.get_username(), store)
6570 gpos = get_gpo_list(self.server, machine_creds, self.lp,
6571 machine_creds.get_username())
6573 # Stage the manifest.xml allow file
6574 stage = etree.Element('vgppolicy')
6575 policysetting = etree.SubElement(stage, 'policysetting')
6576 version = etree.SubElement(policysetting, 'version')
6577 version.text = '2'
6578 apply_mode = etree.SubElement(policysetting, 'apply_mode')
6579 apply_mode.text = 'merge'
6580 data = etree.SubElement(policysetting, 'data')
6581 # Add an allowed user
6582 listelement = etree.SubElement(data, 'listelement')
6583 otype = etree.SubElement(listelement, 'type')
6584 otype.text = 'USER'
6585 entry = etree.SubElement(listelement, 'entry')
6586 entry.text = 'goodguy@%s' % realm
6587 adobject = etree.SubElement(listelement, 'adobject')
6588 name = etree.SubElement(adobject, 'name')
6589 name.text = 'goodguy'
6590 domain = etree.SubElement(adobject, 'domain')
6591 domain.text = realm
6592 otype = etree.SubElement(adobject, 'type')
6593 otype.text = 'user'
6594 # Add an allowed group
6595 groupattr = etree.SubElement(data, 'groupattr')
6596 groupattr.text = 'samAccountName'
6597 listelement = etree.SubElement(data, 'listelement')
6598 otype = etree.SubElement(listelement, 'type')
6599 otype.text = 'GROUP'
6600 entry = etree.SubElement(listelement, 'entry')
6601 entry.text = '%s\\goodguys' % realm
6602 dn = etree.SubElement(listelement, 'dn')
6603 dn.text = 'CN=goodguys,CN=Users,%s' % base_dn
6604 adobject = etree.SubElement(listelement, 'adobject')
6605 name = etree.SubElement(adobject, 'name')
6606 name.text = 'goodguys'
6607 domain = etree.SubElement(adobject, 'domain')
6608 domain.text = realm
6609 otype = etree.SubElement(adobject, 'type')
6610 otype.text = 'group'
6611 ret = stage_file(allow, etree.tostring(stage))
6612 self.assertTrue(ret, 'Could not create the target %s' % allow)
6614 # Stage the manifest.xml deny file
6615 stage = etree.Element('vgppolicy')
6616 policysetting = etree.SubElement(stage, 'policysetting')
6617 version = etree.SubElement(policysetting, 'version')
6618 version.text = '2'
6619 apply_mode = etree.SubElement(policysetting, 'apply_mode')
6620 apply_mode.text = 'merge'
6621 data = etree.SubElement(policysetting, 'data')
6622 # Add a denied user
6623 listelement = etree.SubElement(data, 'listelement')
6624 otype = etree.SubElement(listelement, 'type')
6625 otype.text = 'USER'
6626 entry = etree.SubElement(listelement, 'entry')
6627 entry.text = 'badguy@%s' % realm
6628 adobject = etree.SubElement(listelement, 'adobject')
6629 name = etree.SubElement(adobject, 'name')
6630 name.text = 'badguy'
6631 domain = etree.SubElement(adobject, 'domain')
6632 domain.text = realm
6633 otype = etree.SubElement(adobject, 'type')
6634 otype.text = 'user'
6635 # Add a denied group
6636 groupattr = etree.SubElement(data, 'groupattr')
6637 groupattr.text = 'samAccountName'
6638 listelement = etree.SubElement(data, 'listelement')
6639 otype = etree.SubElement(listelement, 'type')
6640 otype.text = 'GROUP'
6641 entry = etree.SubElement(listelement, 'entry')
6642 entry.text = '%s\\badguys' % realm
6643 dn = etree.SubElement(listelement, 'dn')
6644 dn.text = 'CN=badguys,CN=Users,%s' % base_dn
6645 adobject = etree.SubElement(listelement, 'adobject')
6646 name = etree.SubElement(adobject, 'name')
6647 name.text = 'badguys'
6648 domain = etree.SubElement(adobject, 'domain')
6649 domain.text = realm
6650 otype = etree.SubElement(adobject, 'type')
6651 otype.text = 'group'
6652 ret = stage_file(deny, etree.tostring(stage))
6653 self.assertTrue(ret, 'Could not create the target %s' % deny)
6655 # Process all gpos, with temp output directory
6656 with TemporaryDirectory() as dname:
6657 ext.process_group_policy([], gpos, dname)
6658 conf = os.listdir(dname)
6659 # There will be 2 files, the policy file and the deny file
6660 self.assertEqual(len(conf), 2, 'The conf file was not created')
6661 # Ignore the DENY_ALL conf file
6662 gp_cfg = os.path.join(dname,
6663 [c for c in conf if '_gp_DENY_ALL.conf' not in c][0])
6665 # Check the access config for the correct access.conf entries
6666 print('Config file %s found' % gp_cfg)
6667 data = open(gp_cfg, 'r').read()
6668 self.assertIn('+:%s+goodguy:ALL' % realm, data)
6669 self.assertIn('+:%s+goodguys:ALL' % realm, data)
6670 self.assertIn('-:%s+badguy:ALL' % realm, data)
6671 self.assertIn('-:%s+badguys:ALL' % realm, data)
6673 # Check that a call to gpupdate --rsop also succeeds
6674 ret = rsop(self.lp)
6675 self.assertEqual(ret, 0, 'gpupdate --rsop failed!')
6677 # Remove policy
6678 gp_db = store.get_gplog(machine_creds.get_username())
6679 del_gpos = get_deleted_gpos_list(gp_db, [])
6680 ext.process_group_policy(del_gpos, [], dname)
6681 self.assertFalse(os.path.exists(gp_cfg),
6682 'Unapply failed to cleanup config')
6684 # Unstage the manifest.pol files
6685 unstage_file(allow)
6686 unstage_file(deny)
6688 def test_gnome_settings(self):
6689 local_path = self.lp.cache_path('gpo_cache')
6690 guid = '{31B2F340-016D-11D2-945F-00C04FB984F9}'
6691 reg_pol = os.path.join(local_path, policies, guid,
6692 'MACHINE/REGISTRY.POL')
6693 cache_dir = self.lp.get('cache directory')
6694 store = GPOStorage(os.path.join(cache_dir, 'gpo.tdb'))
6696 machine_creds = Credentials()
6697 machine_creds.guess(self.lp)
6698 machine_creds.set_machine_account()
6700 # Initialize the group policy extension
6701 ext = gp_gnome_settings_ext(self.lp, machine_creds,
6702 machine_creds.get_username(), store)
6704 gpos = get_gpo_list(self.server, machine_creds, self.lp,
6705 machine_creds.get_username())
6707 # Stage the Registry.pol file with test data
6708 parser = GPPolParser()
6709 parser.load_xml(etree.fromstring(gnome_test_reg_pol.strip()))
6710 ret = stage_file(reg_pol, ndr_pack(parser.pol_file))
6711 self.assertTrue(ret, 'Could not create the target %s' % reg_pol)
6713 with TemporaryDirectory() as dname:
6714 ext.process_group_policy([], gpos, dname)
6716 local_db = os.path.join(dname, 'etc/dconf/db/local.d')
6717 self.assertTrue(os.path.isdir(local_db),
6718 'Local db dir not created')
6719 def db_check(name, data, count=1):
6720 db = glob(os.path.join(local_db, '*-%s' % name))
6721 self.assertEqual(len(db), count, '%s not created' % name)
6722 file_contents = ConfigParser()
6723 file_contents.read(db)
6724 for key in data.keys():
6725 self.assertTrue(file_contents.has_section(key),
6726 'Section %s not found' % key)
6727 options = data[key]
6728 for k, v in options.items():
6729 v_content = file_contents.get(key, k)
6730 self.assertEqual(v_content, v,
6731 '%s: %s != %s' % (key, v_content, v))
6733 def del_db_check(name):
6734 db = glob(os.path.join(local_db, '*-%s' % name))
6735 self.assertEqual(len(db), 0, '%s not deleted' % name)
6737 locks = os.path.join(local_db, 'locks')
6738 self.assertTrue(os.path.isdir(local_db), 'Locks dir not created')
6739 def lock_check(name, items, count=1):
6740 lock = glob(os.path.join(locks, '*%s' % name))
6741 self.assertEqual(len(lock), count,
6742 '%s lock not created' % name)
6743 file_contents = []
6744 for i in range(count):
6745 file_contents.extend(open(lock[i], 'r').read().split('\n'))
6746 for data in items:
6747 self.assertIn(data, file_contents,
6748 '%s lock not created' % data)
6750 def del_lock_check(name):
6751 lock = glob(os.path.join(locks, '*%s' % name))
6752 self.assertEqual(len(lock), 0, '%s lock not deleted' % name)
6754 # Check the user profile
6755 user_profile = os.path.join(dname, 'etc/dconf/profile/user')
6756 self.assertTrue(os.path.exists(user_profile),
6757 'User profile not created')
6759 # Enable the compose key
6760 data = { 'org/gnome/desktop/input-sources':
6761 { 'xkb-options': '[\'compose:ralt\']' }
6763 db_check('input-sources', data)
6764 items = ['/org/gnome/desktop/input-sources/xkb-options']
6765 lock_check('input-sources', items)
6767 # Dim screen when user is idle
6768 data = { 'org/gnome/settings-daemon/plugins/power':
6769 { 'idle-dim': 'true',
6770 'idle-brightness': '30'
6773 db_check('power', data)
6774 data = { 'org/gnome/desktop/session':
6775 { 'idle-delay': 'uint32 300' }
6777 db_check('session', data)
6778 items = ['/org/gnome/settings-daemon/plugins/power/idle-dim',
6779 '/org/gnome/settings-daemon/plugins/power/idle-brightness',
6780 '/org/gnome/desktop/session/idle-delay']
6781 lock_check('power-saving', items)
6783 # Lock down specific settings
6784 bg_locks = ['/org/gnome/desktop/background/picture-uri',
6785 '/org/gnome/desktop/background/picture-options',
6786 '/org/gnome/desktop/background/primary-color',
6787 '/org/gnome/desktop/background/secondary-color']
6788 lock_check('group-policy', bg_locks)
6790 # Lock down enabled extensions
6791 data = { 'org/gnome/shell':
6792 { 'enabled-extensions':
6793 '[\'myextension1@myname.example.com\', \'myextension2@myname.example.com\']',
6794 'development-tools': 'false' }
6796 db_check('extensions', data)
6797 items = [ '/org/gnome/shell/enabled-extensions',
6798 '/org/gnome/shell/development-tools' ]
6799 lock_check('extensions', items)
6801 # Disallow login using a fingerprint
6802 data = { 'org/gnome/login-screen':
6803 { 'enable-fingerprint-authentication': 'false' }
6805 db_check('fingerprintreader', data)
6806 items = ['/org/gnome/login-screen/enable-fingerprint-authentication']
6807 lock_check('fingerprintreader', items)
6809 # Disable user logout and user switching
6810 data = { 'org/gnome/desktop/lockdown':
6811 { 'disable-log-out': 'true',
6812 'disable-user-switching': 'true' }
6814 db_check('logout', data, 2)
6815 items = ['/org/gnome/desktop/lockdown/disable-log-out',
6816 '/org/gnome/desktop/lockdown/disable-user-switching']
6817 lock_check('logout', items, 2)
6819 # Disable repartitioning
6820 actions = os.path.join(dname, 'etc/share/polkit-1/actions')
6821 udisk2 = glob(os.path.join(actions,
6822 'org.freedesktop.[u|U][d|D]isks2.policy'))
6823 self.assertEqual(len(udisk2), 1, 'udisk2 policy not created')
6824 udisk2_tree = etree.fromstring(open(udisk2[0], 'r').read())
6825 actions = udisk2_tree.findall('action')
6826 md = 'org.freedesktop.udisks2.modify-device'
6827 action = [a for a in actions if a.attrib['id'] == md]
6828 self.assertEqual(len(action), 1, 'modify-device not found')
6829 defaults = action[0].find('defaults')
6830 self.assertTrue(defaults is not None,
6831 'modify-device defaults not found')
6832 allow_any = defaults.find('allow_any').text
6833 self.assertEqual(allow_any, 'no',
6834 'modify-device allow_any not set to no')
6835 allow_inactive = defaults.find('allow_inactive').text
6836 self.assertEqual(allow_inactive, 'no',
6837 'modify-device allow_inactive not set to no')
6838 allow_active = defaults.find('allow_active').text
6839 self.assertEqual(allow_active, 'yes',
6840 'modify-device allow_active not set to yes')
6842 # Disable printing
6843 data = { 'org/gnome/desktop/lockdown':
6844 { 'disable-printing': 'true' }
6846 db_check('printing', data)
6847 items = ['/org/gnome/desktop/lockdown/disable-printing']
6848 lock_check('printing', items)
6850 # Disable file saving
6851 data = { 'org/gnome/desktop/lockdown':
6852 { 'disable-save-to-disk': 'true' }
6854 db_check('filesaving', data)
6855 items = ['/org/gnome/desktop/lockdown/disable-save-to-disk']
6856 lock_check('filesaving', items)
6858 # Disable command-line access
6859 data = { 'org/gnome/desktop/lockdown':
6860 { 'disable-command-line': 'true' }
6862 db_check('cmdline', data)
6863 items = ['/org/gnome/desktop/lockdown/disable-command-line']
6864 lock_check('cmdline', items)
6866 # Allow or disallow online accounts
6867 data = { 'org/gnome/online-accounts':
6868 { 'whitelisted-providers': '[\'google\']' }
6870 db_check('goa', data)
6871 items = ['/org/gnome/online-accounts/whitelisted-providers']
6872 lock_check('goa', items)
6874 # Verify RSOP does not fail
6875 ext.rsop([g for g in gpos if g.name == guid][0])
6877 # Check that a call to gpupdate --rsop also succeeds
6878 ret = rsop(self.lp)
6879 self.assertEqual(ret, 0, 'gpupdate --rsop failed!')
6881 # Remove policy
6882 gp_db = store.get_gplog(machine_creds.get_username())
6883 del_gpos = get_deleted_gpos_list(gp_db, [])
6884 ext.process_group_policy(del_gpos, [], dname)
6885 del_db_check('input-sources')
6886 del_lock_check('input-sources')
6887 del_db_check('power')
6888 del_db_check('session')
6889 del_lock_check('power-saving')
6890 del_lock_check('group-policy')
6891 del_db_check('extensions')
6892 del_lock_check('extensions')
6893 del_db_check('fingerprintreader')
6894 del_lock_check('fingerprintreader')
6895 del_db_check('logout')
6896 del_lock_check('logout')
6897 actions = os.path.join(dname, 'etc/share/polkit-1/actions')
6898 udisk2 = glob(os.path.join(actions,
6899 'org.freedesktop.[u|U][d|D]isks2.policy'))
6900 self.assertEqual(len(udisk2), 0, 'udisk2 policy not deleted')
6901 del_db_check('printing')
6902 del_lock_check('printing')
6903 del_db_check('filesaving')
6904 del_lock_check('filesaving')
6905 del_db_check('cmdline')
6906 del_lock_check('cmdline')
6907 del_db_check('goa')
6908 del_lock_check('goa')
6910 # Unstage the Registry.pol file
6911 unstage_file(reg_pol)
6913 def test_gp_cert_auto_enroll_ext_without_ndes(self):
6914 local_path = self.lp.cache_path('gpo_cache')
6915 guid = '{31B2F340-016D-11D2-945F-00C04FB984F9}'
6916 reg_pol = os.path.join(local_path, policies, guid,
6917 'MACHINE/REGISTRY.POL')
6918 cache_dir = self.lp.get('cache directory')
6919 store = GPOStorage(os.path.join(cache_dir, 'gpo.tdb'))
6921 machine_creds = Credentials()
6922 machine_creds.guess(self.lp)
6923 machine_creds.set_machine_account()
6925 # Initialize the group policy extension
6926 cae.requests = dummy_requests(want_exception=True)
6927 ext = cae.gp_cert_auto_enroll_ext(self.lp, machine_creds,
6928 machine_creds.get_username(), store)
6930 gpos = get_gpo_list(self.server, machine_creds, self.lp,
6931 machine_creds.get_username())
6933 # Stage the Registry.pol file with test data
6934 parser = GPPolParser()
6935 parser.load_xml(etree.fromstring(auto_enroll_reg_pol.strip()))
6936 ret = stage_file(reg_pol, ndr_pack(parser.pol_file))
6937 self.assertTrue(ret, 'Could not create the target %s' % reg_pol)
6939 # Write the dummy CA entry, Enrollment Services, and Templates Entries
6940 admin_creds = Credentials()
6941 admin_creds.set_username(os.environ.get('DC_USERNAME'))
6942 admin_creds.set_password(os.environ.get('DC_PASSWORD'))
6943 admin_creds.set_realm(os.environ.get('REALM'))
6944 hostname = get_dc_hostname(machine_creds, self.lp)
6945 url = 'ldap://%s' % hostname
6946 ldb = Ldb(url=url, session_info=system_session(),
6947 lp=self.lp, credentials=admin_creds)
6948 # Write the dummy CA
6949 confdn = 'CN=Public Key Services,CN=Services,CN=Configuration,%s' % base_dn
6950 ca_cn = '%s-CA' % hostname.replace('.', '-')
6951 certa_dn = 'CN=%s,CN=Certification Authorities,%s' % (ca_cn, confdn)
6952 ldb.add({'dn': certa_dn,
6953 'objectClass': 'certificationAuthority',
6954 'authorityRevocationList': ['XXX'],
6955 'cACertificate': dummy_certificate(),
6956 'certificateRevocationList': ['XXX'],
6958 # Write the dummy pKIEnrollmentService
6959 enroll_dn = 'CN=%s,CN=Enrollment Services,%s' % (ca_cn, confdn)
6960 ldb.add({'dn': enroll_dn,
6961 'objectClass': 'pKIEnrollmentService',
6962 'cACertificate': dummy_certificate(),
6963 'certificateTemplates': ['Machine'],
6964 'dNSHostName': hostname,
6966 # Write the dummy pKICertificateTemplate
6967 template_dn = 'CN=Machine,CN=Certificate Templates,%s' % confdn
6968 ldb.add({'dn': template_dn,
6969 'objectClass': 'pKICertificateTemplate',
6972 with TemporaryDirectory() as dname:
6973 try:
6974 ext.process_group_policy([], gpos, dname, dname)
6975 except Exception as e:
6976 self.fail(str(e))
6978 ca_crt = os.path.join(dname, '%s.crt' % ca_cn)
6979 self.assertTrue(os.path.exists(ca_crt),
6980 'Root CA certificate was not requested')
6981 machine_crt = os.path.join(dname, '%s.Machine.crt' % ca_cn)
6982 self.assertTrue(os.path.exists(machine_crt),
6983 'Machine certificate was not requested')
6984 machine_key = os.path.join(dname, '%s.Machine.key' % ca_cn)
6985 self.assertTrue(os.path.exists(machine_key),
6986 'Machine key was not generated')
6988 # Verify RSOP does not fail
6989 ext.rsop([g for g in gpos if g.name == guid][0])
6991 # Check that a call to gpupdate --rsop also succeeds
6992 ret = rsop(self.lp)
6993 self.assertEqual(ret, 0, 'gpupdate --rsop failed!')
6995 # Remove policy
6996 gp_db = store.get_gplog(machine_creds.get_username())
6997 del_gpos = get_deleted_gpos_list(gp_db, [])
6998 ext.process_group_policy(del_gpos, [], dname)
6999 self.assertFalse(os.path.exists(ca_crt),
7000 'Root CA certificate was not removed')
7001 self.assertFalse(os.path.exists(machine_crt),
7002 'Machine certificate was not removed')
7003 self.assertFalse(os.path.exists(machine_key),
7004 'Machine key was not removed')
7005 out, _ = Popen(['getcert', 'list-cas'], stdout=PIPE).communicate()
7006 self.assertNotIn(get_bytes(ca_cn), out, 'CA was not removed')
7007 out, _ = Popen(['getcert', 'list'], stdout=PIPE).communicate()
7008 self.assertNotIn(b'Machine', out,
7009 'Machine certificate not removed')
7010 self.assertNotIn(b'Workstation', out,
7011 'Workstation certificate not removed')
7013 # Remove the dummy CA, pKIEnrollmentService, and pKICertificateTemplate
7014 ldb.delete(certa_dn)
7015 ldb.delete(enroll_dn)
7016 ldb.delete(template_dn)
7018 # Unstage the Registry.pol file
7019 unstage_file(reg_pol)
7021 def test_gp_cert_auto_enroll_ext(self):
7022 local_path = self.lp.cache_path('gpo_cache')
7023 guid = '{31B2F340-016D-11D2-945F-00C04FB984F9}'
7024 reg_pol = os.path.join(local_path, policies, guid,
7025 'MACHINE/REGISTRY.POL')
7026 cache_dir = self.lp.get('cache directory')
7027 store = GPOStorage(os.path.join(cache_dir, 'gpo.tdb'))
7029 machine_creds = Credentials()
7030 machine_creds.guess(self.lp)
7031 machine_creds.set_machine_account()
7033 # Initialize the group policy extension
7034 cae.requests = dummy_requests()
7035 ext = cae.gp_cert_auto_enroll_ext(self.lp, machine_creds,
7036 machine_creds.get_username(), store)
7038 gpos = get_gpo_list(self.server, machine_creds, self.lp,
7039 machine_creds.get_username())
7041 # Stage the Registry.pol file with test data
7042 parser = GPPolParser()
7043 parser.load_xml(etree.fromstring(auto_enroll_reg_pol.strip()))
7044 ret = stage_file(reg_pol, ndr_pack(parser.pol_file))
7045 self.assertTrue(ret, 'Could not create the target %s' % reg_pol)
7047 # Write the dummy CA entry, Enrollment Services, and Templates Entries
7048 admin_creds = Credentials()
7049 admin_creds.set_username(os.environ.get('DC_USERNAME'))
7050 admin_creds.set_password(os.environ.get('DC_PASSWORD'))
7051 admin_creds.set_realm(os.environ.get('REALM'))
7052 hostname = get_dc_hostname(machine_creds, self.lp)
7053 url = 'ldap://%s' % hostname
7054 ldb = Ldb(url=url, session_info=system_session(),
7055 lp=self.lp, credentials=admin_creds)
7056 # Write the dummy CA
7057 confdn = 'CN=Public Key Services,CN=Services,CN=Configuration,%s' % base_dn
7058 ca_cn = '%s-CA' % hostname.replace('.', '-')
7059 certa_dn = 'CN=%s,CN=Certification Authorities,%s' % (ca_cn, confdn)
7060 ldb.add({'dn': certa_dn,
7061 'objectClass': 'certificationAuthority',
7062 'authorityRevocationList': ['XXX'],
7063 'cACertificate': b'0\x82\x03u0\x82\x02]\xa0\x03\x02\x01\x02\x02\x10I',
7064 'certificateRevocationList': ['XXX'],
7066 # Write the dummy pKIEnrollmentService
7067 enroll_dn = 'CN=%s,CN=Enrollment Services,%s' % (ca_cn, confdn)
7068 ldb.add({'dn': enroll_dn,
7069 'objectClass': 'pKIEnrollmentService',
7070 'cACertificate': b'0\x82\x03u0\x82\x02]\xa0\x03\x02\x01\x02\x02\x10I',
7071 'certificateTemplates': ['Machine'],
7072 'dNSHostName': hostname,
7074 # Write the dummy pKICertificateTemplate
7075 template_dn = 'CN=Machine,CN=Certificate Templates,%s' % confdn
7076 ldb.add({'dn': template_dn,
7077 'objectClass': 'pKICertificateTemplate',
7080 with TemporaryDirectory() as dname:
7081 ext.process_group_policy([], gpos, dname, dname)
7082 ca_crt = os.path.join(dname, '%s.crt' % ca_cn)
7083 self.assertTrue(os.path.exists(ca_crt),
7084 'Root CA certificate was not requested')
7085 machine_crt = os.path.join(dname, '%s.Machine.crt' % ca_cn)
7086 self.assertTrue(os.path.exists(machine_crt),
7087 'Machine certificate was not requested')
7088 machine_key = os.path.join(dname, '%s.Machine.key' % ca_cn)
7089 self.assertTrue(os.path.exists(machine_key),
7090 'Machine key was not generated')
7092 # Subsequent apply should react to new certificate templates
7093 os.environ['CEPCES_SUBMIT_SUPPORTED_TEMPLATES'] = 'Machine,Workstation'
7094 self.addCleanup(os.environ.pop, 'CEPCES_SUBMIT_SUPPORTED_TEMPLATES')
7095 ext.process_group_policy([], gpos, dname, dname)
7096 self.assertTrue(os.path.exists(ca_crt),
7097 'Root CA certificate was not requested')
7098 self.assertTrue(os.path.exists(machine_crt),
7099 'Machine certificate was not requested')
7100 self.assertTrue(os.path.exists(machine_key),
7101 'Machine key was not generated')
7102 workstation_crt = os.path.join(dname, '%s.Workstation.crt' % ca_cn)
7103 self.assertTrue(os.path.exists(workstation_crt),
7104 'Workstation certificate was not requested')
7105 workstation_key = os.path.join(dname, '%s.Workstation.key' % ca_cn)
7106 self.assertTrue(os.path.exists(workstation_key),
7107 'Workstation key was not generated')
7109 # Verify RSOP does not fail
7110 ext.rsop([g for g in gpos if g.name == guid][0])
7112 # Check that a call to gpupdate --rsop also succeeds
7113 ret = rsop(self.lp)
7114 self.assertEqual(ret, 0, 'gpupdate --rsop failed!')
7116 # Remove policy by staging pol file with auto-enroll unchecked
7117 parser.load_xml(etree.fromstring(auto_enroll_unchecked_reg_pol.strip()))
7118 ret = stage_file(reg_pol, ndr_pack(parser.pol_file))
7119 self.assertTrue(ret, 'Could not create the target %s' % reg_pol)
7120 ext.process_group_policy([], gpos, dname, dname)
7121 self.assertFalse(os.path.exists(ca_crt),
7122 'Root CA certificate was not removed')
7123 self.assertFalse(os.path.exists(machine_crt),
7124 'Machine certificate was not removed')
7125 self.assertFalse(os.path.exists(machine_key),
7126 'Machine key was not removed')
7127 self.assertFalse(os.path.exists(workstation_crt),
7128 'Workstation certificate was not removed')
7129 self.assertFalse(os.path.exists(workstation_key),
7130 'Workstation key was not removed')
7132 # Reapply policy by staging the enabled pol file
7133 parser.load_xml(etree.fromstring(auto_enroll_reg_pol.strip()))
7134 ret = stage_file(reg_pol, ndr_pack(parser.pol_file))
7135 self.assertTrue(ret, 'Could not create the target %s' % reg_pol)
7136 ext.process_group_policy([], gpos, dname, dname)
7137 self.assertTrue(os.path.exists(ca_crt),
7138 'Root CA certificate was not requested')
7139 self.assertTrue(os.path.exists(machine_crt),
7140 'Machine certificate was not requested')
7141 self.assertTrue(os.path.exists(machine_key),
7142 'Machine key was not generated')
7143 self.assertTrue(os.path.exists(workstation_crt),
7144 'Workstation certificate was not requested')
7145 self.assertTrue(os.path.exists(workstation_key),
7146 'Workstation key was not generated')
7148 # Remove policy
7149 gp_db = store.get_gplog(machine_creds.get_username())
7150 del_gpos = get_deleted_gpos_list(gp_db, [])
7151 ext.process_group_policy(del_gpos, [], dname)
7152 self.assertFalse(os.path.exists(ca_crt),
7153 'Root CA certificate was not removed')
7154 self.assertFalse(os.path.exists(machine_crt),
7155 'Machine certificate was not removed')
7156 self.assertFalse(os.path.exists(machine_key),
7157 'Machine key was not removed')
7158 self.assertFalse(os.path.exists(workstation_crt),
7159 'Workstation certificate was not removed')
7160 self.assertFalse(os.path.exists(workstation_key),
7161 'Workstation key was not removed')
7162 out, _ = Popen(['getcert', 'list-cas'], stdout=PIPE).communicate()
7163 self.assertNotIn(get_bytes(ca_cn), out, 'CA was not removed')
7164 out, _ = Popen(['getcert', 'list'], stdout=PIPE).communicate()
7165 self.assertNotIn(b'Machine', out,
7166 'Machine certificate not removed')
7167 self.assertNotIn(b'Workstation', out,
7168 'Workstation certificate not removed')
7170 # Remove the dummy CA, pKIEnrollmentService, and pKICertificateTemplate
7171 ldb.delete(certa_dn)
7172 ldb.delete(enroll_dn)
7173 ldb.delete(template_dn)
7175 # Unstage the Registry.pol file
7176 unstage_file(reg_pol)
7178 def test_gp_user_scripts_ext(self):
7179 local_path = self.lp.cache_path('gpo_cache')
7180 guids = ['{31B2F340-016D-11D2-945F-00C04FB984F9}',
7181 '{6AC1786C-016F-11D2-945F-00C04FB984F9}']
7182 reg_pol = os.path.join(local_path, policies, guids[0],
7183 'USER/REGISTRY.POL')
7184 reg_pol2 = os.path.join(local_path, policies, guids[1],
7185 'USER/REGISTRY.POL')
7186 cache_dir = self.lp.get('cache directory')
7187 store = GPOStorage(os.path.join(cache_dir, 'gpo.tdb'))
7189 machine_creds = Credentials()
7190 machine_creds.guess(self.lp)
7191 machine_creds.set_machine_account()
7193 # Initialize the group policy extension
7194 ext = gp_user_scripts_ext(self.lp, machine_creds,
7195 os.environ.get('DC_USERNAME'), store)
7197 gpos = get_gpo_list(self.server, machine_creds, self.lp,
7198 machine_creds.get_username())
7200 reg_key = b'Software\\Policies\\Samba\\Unix Settings'
7201 sections = { b'%s\\Daily Scripts' % reg_key : b'@daily',
7202 b'%s\\Monthly Scripts' % reg_key : b'@monthly',
7203 b'%s\\Weekly Scripts' % reg_key : b'@weekly',
7204 b'%s\\Hourly Scripts' % reg_key : b'@hourly' }
7205 for keyname in sections.keys():
7206 # Stage the Registry.pol file with test data
7207 stage = preg.file()
7208 e = preg.entry()
7209 e.keyname = keyname
7210 e.valuename = b'Software\\Policies\\Samba\\Unix Settings'
7211 e.type = 1
7212 e.data = b'echo hello world'
7213 stage.num_entries = 1
7214 stage.entries = [e]
7215 ret = stage_file(reg_pol, ndr_pack(stage))
7216 self.assertTrue(ret, 'Could not create the target %s' % reg_pol)
7218 # Stage the other Registry.pol
7219 stage = preg.file()
7220 e2 = preg.entry()
7221 e2.keyname = keyname
7222 e2.valuename = b'Software\\Policies\\Samba\\Unix Settings'
7223 e2.type = 1
7224 e2.data = b'echo this is a second policy'
7225 stage.num_entries = 1
7226 stage.entries = [e2]
7227 ret = stage_file(reg_pol2, ndr_pack(stage))
7228 self.assertTrue(ret, 'Could not create the target %s' % reg_pol2)
7230 # Process all gpos, intentionally skipping the privilege drop
7231 ext.process_group_policy([], gpos)
7232 # Dump the fake crontab setup for testing
7233 p = Popen(['crontab', '-l'], stdout=PIPE)
7234 crontab, _ = p.communicate()
7235 entry = b'%s %s' % (sections[keyname], e.data.encode())
7236 self.assertIn(entry, crontab,
7237 'The crontab entry was not installed')
7238 entry2 = b'%s %s' % (sections[keyname], e2.data.encode())
7239 self.assertIn(entry2, crontab,
7240 'The crontab entry was not installed')
7242 # Force apply with removal of second GPO
7243 gp_db = store.get_gplog(os.environ.get('DC_USERNAME'))
7244 del_gpos = gp_db.get_applied_settings([guids[1]])
7245 rgpos = [gpo for gpo in gpos if gpo.name != guids[1]]
7246 ext.process_group_policy(del_gpos, rgpos)
7248 # Dump the fake crontab setup for testing
7249 p = Popen(['crontab', '-l'], stdout=PIPE)
7250 crontab, _ = p.communicate()
7252 # Ensure the first entry remains, and the second entry is removed
7253 self.assertIn(entry, crontab,
7254 'The first crontab entry was not found')
7255 self.assertNotIn(entry2, crontab,
7256 'The second crontab entry was still present')
7258 # Check that a call to gpupdate --rsop also succeeds
7259 ret = rsop(self.lp)
7260 self.assertEqual(ret, 0, 'gpupdate --rsop failed!')
7262 # Remove policy
7263 del_gpos = get_deleted_gpos_list(gp_db, [])
7264 ext.process_group_policy(del_gpos, [])
7265 # Dump the fake crontab setup for testing
7266 p = Popen(['crontab', '-l'], stdout=PIPE)
7267 crontab, _ = p.communicate()
7268 self.assertNotIn(entry, crontab,
7269 'Unapply failed to cleanup crontab entry')
7271 # Unstage the Registry.pol files
7272 unstage_file(reg_pol)
7273 unstage_file(reg_pol2)
7275 def test_gp_firefox_ext(self):
7276 local_path = self.lp.cache_path('gpo_cache')
7277 guid = '{31B2F340-016D-11D2-945F-00C04FB984F9}'
7278 reg_pol = os.path.join(local_path, policies, guid,
7279 'MACHINE/REGISTRY.POL')
7280 cache_dir = self.lp.get('cache directory')
7281 store = GPOStorage(os.path.join(cache_dir, 'gpo.tdb'))
7283 machine_creds = Credentials()
7284 machine_creds.guess(self.lp)
7285 machine_creds.set_machine_account()
7287 # Initialize the group policy extension
7288 ext = gp_firefox_ext(self.lp, machine_creds,
7289 machine_creds.get_username(), store)
7291 gpos = get_gpo_list(self.server, machine_creds, self.lp,
7292 machine_creds.get_username())
7294 # Stage the Registry.pol file with test data
7295 parser = GPPolParser()
7296 parser.load_xml(etree.fromstring(firefox_reg_pol.strip()))
7297 ret = stage_file(reg_pol, ndr_pack(parser.pol_file))
7298 self.assertTrue(ret, 'Could not create the target %s' % reg_pol)
7300 with TemporaryDirectory() as dname:
7301 ext.process_group_policy([], gpos, dname)
7302 policies_file = os.path.join(dname, 'policies.json')
7303 with open(policies_file, 'r') as r:
7304 policy_data = json.load(r)
7305 expected_policy_data = json.loads(firefox_json_expected)
7306 self.assertIn('policies', policy_data, 'Policies were not applied')
7307 self.assertEqual(expected_policy_data['policies'].keys(),
7308 policy_data['policies'].keys(),
7309 'Firefox policies are missing')
7310 for name in expected_policy_data['policies'].keys():
7311 self.assertEqual(expected_policy_data['policies'][name],
7312 policy_data['policies'][name],
7313 'Policies were not applied')
7315 # Check that modifying the policy will enforce the correct settings
7316 entries = [e for e in parser.pol_file.entries
7317 if e.valuename != 'AppUpdateURL']
7318 for e in entries:
7319 if e.valuename == 'AppAutoUpdate':
7320 e.data = 0
7321 parser.pol_file.entries = entries
7322 parser.pol_file.num_entries = len(entries)
7323 # Stage the Registry.pol file with altered test data
7324 unstage_file(reg_pol)
7325 ret = stage_file(reg_pol, ndr_pack(parser.pol_file))
7326 self.assertTrue(ret, 'Could not create the target %s' % reg_pol)
7328 # Enforce the altered policy
7329 ext.process_group_policy([], gpos)
7331 # Check that the App Update policy was altered
7332 with open(policies_file, 'r') as r:
7333 policy_data = json.load(r)
7334 self.assertIn('policies', policy_data, 'Policies were not applied')
7335 keys = list(expected_policy_data['policies'].keys())
7336 keys.remove('AppUpdateURL')
7337 keys.sort()
7338 policy_keys = list(policy_data['policies'].keys())
7339 policy_keys.sort()
7340 self.assertEqual(keys, policy_keys, 'Firefox policies are incorrect')
7341 for name in policy_data['policies'].keys():
7342 self.assertNotEqual(name, 'AppUpdateURL',
7343 'Failed to remove AppUpdateURL policy')
7344 if name == 'AppAutoUpdate':
7345 self.assertEqual(False, policy_data['policies'][name],
7346 'Failed to alter AppAutoUpdate policy')
7347 continue
7348 self.assertEqual(expected_policy_data['policies'][name],
7349 policy_data['policies'][name],
7350 'Policies were not applied')
7352 # Verify RSOP does not fail
7353 ext.rsop([g for g in gpos if g.name == guid][0])
7355 # Check that a call to gpupdate --rsop also succeeds
7356 ret = rsop(self.lp)
7357 self.assertEqual(ret, 0, 'gpupdate --rsop failed!')
7359 # Unapply the policy
7360 gp_db = store.get_gplog(machine_creds.get_username())
7361 del_gpos = get_deleted_gpos_list(gp_db, [])
7362 ext.process_group_policy(del_gpos, [], dname)
7363 if os.path.exists(policies_file):
7364 data = json.load(open(policies_file, 'r'))
7365 if 'policies' in data.keys():
7366 self.assertEqual(len(data['policies'].keys()), 0,
7367 'The policy was not unapplied')
7369 # Initialize the cache with old style existing policies,
7370 # ensure they are overwritten.
7371 old_cache = {'policies': {}}
7372 ext.cache_add_attribute(guid, 'policies.json',
7373 json.dumps(old_cache))
7374 with open(policies_file, 'w') as w:
7375 w.write(firefox_json_expected)
7377 # Overwrite policy
7378 ext.process_group_policy([], gpos)
7380 # Check that policy was overwritten
7381 with open(policies_file, 'r') as r:
7382 policy_data = json.load(r)
7383 self.assertIn('policies', policy_data, 'Policies were not applied')
7384 policy_keys = list(policy_data['policies'].keys())
7385 policy_keys.sort()
7386 self.assertEqual(keys, policy_keys, 'Firefox policies are incorrect')
7387 for name in policy_data['policies'].keys():
7388 self.assertNotEqual(name, 'AppUpdateURL',
7389 'Failed to remove AppUpdateURL policy')
7390 if name == 'AppAutoUpdate':
7391 self.assertEqual(False, policy_data['policies'][name],
7392 'Failed to overwrite AppAutoUpdate policy')
7393 continue
7394 self.assertEqual(expected_policy_data['policies'][name],
7395 policy_data['policies'][name],
7396 'Policies were not applied')
7398 # Unapply the policy
7399 gp_db = store.get_gplog(machine_creds.get_username())
7400 del_gpos = get_deleted_gpos_list(gp_db, [])
7401 ext.process_group_policy(del_gpos, [], dname)
7402 if os.path.exists(policies_file):
7403 data = json.load(open(policies_file, 'r'))
7404 if 'policies' in data.keys():
7405 self.assertEqual(len(data['policies'].keys()), 0,
7406 'The policy was not unapplied')
7408 # Unstage the Registry.pol file
7409 unstage_file(reg_pol)
7411 def test_gp_chromium_ext(self):
7412 local_path = self.lp.cache_path('gpo_cache')
7413 guid = '{31B2F340-016D-11D2-945F-00C04FB984F9}'
7414 reg_pol = os.path.join(local_path, policies, guid,
7415 'MACHINE/REGISTRY.POL')
7416 cache_dir = self.lp.get('cache directory')
7417 store = GPOStorage(os.path.join(cache_dir, 'gpo.tdb'))
7419 machine_creds = Credentials()
7420 machine_creds.guess(self.lp)
7421 machine_creds.set_machine_account()
7423 # Initialize the group policy extension
7424 ext = gp_chromium_ext(self.lp, machine_creds,
7425 machine_creds.get_username(), store)
7427 gpos = get_gpo_list(self.server, machine_creds, self.lp,
7428 machine_creds.get_username())
7430 # Stage the Registry.pol file with test data
7431 parser = GPPolParser()
7432 parser.load_xml(etree.fromstring(chromium_reg_pol.strip()))
7433 ret = stage_file(reg_pol, ndr_pack(parser.pol_file))
7434 self.assertTrue(ret, 'Could not create the target %s' % reg_pol)
7436 with TemporaryDirectory() as dname:
7437 ext.process_group_policy([], gpos, dname)
7438 managed = os.path.join(dname, 'managed')
7439 managed_files = os.listdir(managed)
7440 self.assertEqual(len(managed_files), 1,
7441 'Chromium policies are missing')
7442 managed_file = os.path.join(managed, managed_files[0])
7443 with open(managed_file, 'r') as r:
7444 managed_data = json.load(r)
7445 recommended = os.path.join(dname, 'recommended')
7446 recommended_files = os.listdir(recommended)
7447 self.assertEqual(len(recommended_files), 1,
7448 'Chromium policies are missing')
7449 recommended_file = os.path.join(recommended, recommended_files[0])
7450 with open(recommended_file, 'r') as r:
7451 recommended_data = json.load(r)
7452 expected_managed_data = json.loads(chromium_json_expected_managed)
7453 expected_recommended_data = \
7454 json.loads(chromium_json_expected_recommended)
7455 self.maxDiff = None
7456 self.assertEqual(sorted(expected_managed_data.keys()),
7457 sorted(managed_data.keys()),
7458 'Chromium policies are missing')
7459 for name in expected_managed_data.keys():
7460 self.assertEqual(expected_managed_data[name],
7461 managed_data[name],
7462 'Policies were not applied')
7463 self.assertEqual(expected_recommended_data.keys(),
7464 recommended_data.keys(),
7465 'Chromium policies are missing')
7466 for name in expected_recommended_data.keys():
7467 self.assertEqual(expected_recommended_data[name],
7468 recommended_data[name],
7469 'Policies were not applied')
7471 # Ensure modifying the policy does not generate extra policy files
7472 unstage_file(reg_pol)
7473 # Change a managed entry:
7474 parser.pol_file.entries[0].data = 0
7475 # Change a recommended entry:
7476 parser.pol_file.entries[-1].data = b'https://google.com'
7477 ret = stage_file(reg_pol, ndr_pack(parser.pol_file))
7478 self.assertTrue(ret, 'Could not create the target %s' % reg_pol)
7480 ext.process_group_policy([], gpos, dname)
7481 managed_files = os.listdir(managed)
7482 self.assertEqual(len(managed_files), 1,
7483 'Number of Chromium policies is incorrect')
7484 omanaged_file = managed_file
7485 managed_file = os.path.join(managed, managed_files[0])
7486 self.assertNotEqual(omanaged_file, managed_file,
7487 'The managed Chromium file did not change')
7489 recommended_files = os.listdir(recommended)
7490 self.assertEqual(len(recommended_files), 1,
7491 'Number of Chromium policies is incorrect')
7492 orecommended_file = recommended_file
7493 recommended_file = os.path.join(recommended, recommended_files[0])
7494 self.assertNotEqual(orecommended_file, recommended_file,
7495 'The recommended Chromium file did not change')
7497 # Verify RSOP does not fail
7498 ext.rsop([g for g in gpos if g.name == guid][0])
7500 # Check that a call to gpupdate --rsop also succeeds
7501 ret = rsop(self.lp)
7502 self.assertEqual(ret, 0, 'gpupdate --rsop failed!')
7504 # Unapply the policy
7505 gp_db = store.get_gplog(machine_creds.get_username())
7506 del_gpos = get_deleted_gpos_list(gp_db, [])
7507 ext.process_group_policy(del_gpos, [], dname)
7508 managed = os.path.join(managed, managed_files[0])
7509 if os.path.exists(managed):
7510 data = json.load(open(managed, 'r'))
7511 self.assertEqual(len(data.keys()), 0,
7512 'The policy was not unapplied')
7513 recommended = os.path.join(recommended, recommended_files[0])
7514 if os.path.exists(recommended):
7515 data = json.load(open(recommended, 'r'))
7516 self.assertEqual(len(data.keys()), 0,
7517 'The policy was not unapplied')
7519 # Unstage the Registry.pol file
7520 unstage_file(reg_pol)
7522 def test_gp_firewalld_ext(self):
7523 local_path = self.lp.cache_path('gpo_cache')
7524 guid = '{31B2F340-016D-11D2-945F-00C04FB984F9}'
7525 reg_pol = os.path.join(local_path, policies, guid,
7526 'MACHINE/REGISTRY.POL')
7527 cache_dir = self.lp.get('cache directory')
7528 store = GPOStorage(os.path.join(cache_dir, 'gpo.tdb'))
7530 machine_creds = Credentials()
7531 machine_creds.guess(self.lp)
7532 machine_creds.set_machine_account()
7534 # Initialize the group policy extension
7535 ext = gp_firewalld_ext(self.lp, machine_creds,
7536 machine_creds.get_username(), store)
7538 gpos = get_gpo_list(self.server, machine_creds, self.lp,
7539 machine_creds.get_username())
7541 # Stage the Registry.pol file with test data
7542 parser = GPPolParser()
7543 parser.load_xml(etree.fromstring(firewalld_reg_pol.strip()))
7544 ret = stage_file(reg_pol, ndr_pack(parser.pol_file))
7545 self.assertTrue(ret, 'Could not create the target %s' % reg_pol)
7547 ext.process_group_policy([], gpos)
7549 # Check that the policy was applied
7550 firewall_cmd = which('firewall-cmd')
7551 cmd = [firewall_cmd, '--get-zones']
7552 p = Popen(cmd, stdout=PIPE, stderr=PIPE)
7553 out, err = p.communicate()
7554 self.assertIn(b'work', out, 'Failed to apply zones')
7555 self.assertIn(b'home', out, 'Failed to apply zones')
7557 cmd = [firewall_cmd, '--zone=work', '--list-interfaces']
7558 p = Popen(cmd, stdout=PIPE, stderr=PIPE)
7559 out, err = p.communicate()
7560 self.assertIn(b'eth0', out, 'Failed to set interface on zone')
7562 cmd = [firewall_cmd, '--zone=home', '--list-interfaces']
7563 p = Popen(cmd, stdout=PIPE, stderr=PIPE)
7564 out, err = p.communicate()
7565 self.assertIn(b'eth0', out, 'Failed to set interface on zone')
7567 cmd = [firewall_cmd, '--zone=work', '--list-rich-rules']
7568 p = Popen(cmd, stdout=PIPE, stderr=PIPE)
7569 out, err = p.communicate()
7570 # Firewalld will report the rule one of two ways:
7571 rules = [b'rule family=ipv4 source address=172.25.1.7 ' +
7572 b'service name=ftp reject',
7573 b'rule family="ipv4" source address="172.25.1.7" ' +
7574 b'service name="ftp" reject']
7575 self.assertIn(out.strip(), rules, 'Failed to set rich rule')
7577 # Check that modifying the policy will enforce the correct settings
7578 entries = [e for e in parser.pol_file.entries if e.data != 'home']
7579 self.assertEqual(len(entries), len(parser.pol_file.entries)-1,
7580 'Failed to remove the home zone entry')
7581 parser.pol_file.entries = entries
7582 parser.pol_file.num_entries = len(entries)
7583 # Stage the Registry.pol file with altered test data
7584 unstage_file(reg_pol)
7585 ret = stage_file(reg_pol, ndr_pack(parser.pol_file))
7586 self.assertTrue(ret, 'Could not create the target %s' % reg_pol)
7588 # Enforce the altered policy
7589 ext.process_group_policy([], gpos)
7591 # Check that the home zone was removed
7592 cmd = [firewall_cmd, '--get-zones']
7593 p = Popen(cmd, stdout=PIPE, stderr=PIPE)
7594 out, err = p.communicate()
7595 self.assertIn(b'work', out, 'Failed to apply zones')
7596 self.assertNotIn(b'home', out, 'Failed to apply zones')
7598 # Verify RSOP does not fail
7599 ext.rsop([g for g in gpos if g.name == guid][0])
7601 # Check that a call to gpupdate --rsop also succeeds
7602 ret = rsop(self.lp)
7603 self.assertEqual(ret, 0, 'gpupdate --rsop failed!')
7605 # Unapply the policy
7606 gp_db = store.get_gplog(machine_creds.get_username())
7607 del_gpos = get_deleted_gpos_list(gp_db, [])
7608 ext.process_group_policy(del_gpos, [])
7610 # Check that the policy was unapplied
7611 cmd = [firewall_cmd, '--get-zones']
7612 p = Popen(cmd, stdout=PIPE, stderr=PIPE)
7613 out, err = p.communicate()
7614 self.assertNotIn(b'work', out, 'Failed to unapply zones')
7615 self.assertNotIn(b'home', out, 'Failed to unapply zones')
7617 # Unstage the Registry.pol file
7618 unstage_file(reg_pol)
7620 def test_advanced_gp_cert_auto_enroll_ext(self):
7621 local_path = self.lp.cache_path('gpo_cache')
7622 guid = '{31B2F340-016D-11D2-945F-00C04FB984F9}'
7623 reg_pol = os.path.join(local_path, policies, guid,
7624 'MACHINE/REGISTRY.POL')
7625 cache_dir = self.lp.get('cache directory')
7626 store = GPOStorage(os.path.join(cache_dir, 'gpo.tdb'))
7628 machine_creds = Credentials()
7629 machine_creds.guess(self.lp)
7630 machine_creds.set_machine_account()
7632 # Initialize the group policy extension
7633 cae.requests = dummy_requests()
7634 ext = cae.gp_cert_auto_enroll_ext(self.lp, machine_creds,
7635 machine_creds.get_username(), store)
7637 gpos = get_gpo_list(self.server, machine_creds, self.lp,
7638 machine_creds.get_username())
7640 admin_creds = Credentials()
7641 admin_creds.set_username(os.environ.get('DC_USERNAME'))
7642 admin_creds.set_password(os.environ.get('DC_PASSWORD'))
7643 admin_creds.set_realm(os.environ.get('REALM'))
7644 hostname = get_dc_hostname(machine_creds, self.lp)
7645 url = 'ldap://%s' % hostname
7646 ldb = Ldb(url=url, session_info=system_session(),
7647 lp=self.lp, credentials=admin_creds)
7649 # Stage the Registry.pol file with test data
7650 res = ldb.search('', _ldb.SCOPE_BASE, '(objectClass=*)',
7651 ['rootDomainNamingContext'])
7652 self.assertTrue(len(res) == 1, 'rootDomainNamingContext not found')
7653 res2 = ldb.search(res[0]['rootDomainNamingContext'][0],
7654 _ldb.SCOPE_BASE, '(objectClass=*)', ['objectGUID'])
7655 self.assertTrue(len(res2) == 1, 'objectGUID not found')
7656 objectGUID = b'{%s}' % \
7657 cae.octet_string_to_objectGUID(res2[0]['objectGUID'][0]).upper().encode()
7658 parser = GPPolParser()
7659 parser.load_xml(etree.fromstring(advanced_enroll_reg_pol.strip() %
7660 (objectGUID, objectGUID, objectGUID, objectGUID)))
7661 ret = stage_file(reg_pol, ndr_pack(parser.pol_file))
7662 self.assertTrue(ret, 'Could not create the target %s' % reg_pol)
7664 # Write the dummy CA entry
7665 confdn = 'CN=Public Key Services,CN=Services,CN=Configuration,%s' % base_dn
7666 ca_cn = '%s-CA' % hostname.replace('.', '-')
7667 certa_dn = 'CN=%s,CN=Certification Authorities,%s' % (ca_cn, confdn)
7668 ldb.add({'dn': certa_dn,
7669 'objectClass': 'certificationAuthority',
7670 'authorityRevocationList': ['XXX'],
7671 'cACertificate': b'0\x82\x03u0\x82\x02]\xa0\x03\x02\x01\x02\x02\x10I',
7672 'certificateRevocationList': ['XXX'],
7674 # Write the dummy pKIEnrollmentService
7675 enroll_dn = 'CN=%s,CN=Enrollment Services,%s' % (ca_cn, confdn)
7676 ldb.add({'dn': enroll_dn,
7677 'objectClass': 'pKIEnrollmentService',
7678 'cACertificate': b'0\x82\x03u0\x82\x02]\xa0\x03\x02\x01\x02\x02\x10I',
7679 'certificateTemplates': ['Machine'],
7680 'dNSHostName': hostname,
7682 # Write the dummy pKICertificateTemplate
7683 template_dn = 'CN=Machine,CN=Certificate Templates,%s' % confdn
7684 ldb.add({'dn': template_dn,
7685 'objectClass': 'pKICertificateTemplate',
7688 with TemporaryDirectory() as dname:
7689 ext.process_group_policy([], gpos, dname, dname)
7690 ca_list = [ca_cn, 'example0-com-CA', 'example1-com-CA',
7691 'example2-com-CA']
7692 for ca in ca_list:
7693 ca_crt = os.path.join(dname, '%s.crt' % ca)
7694 self.assertTrue(os.path.exists(ca_crt),
7695 'Root CA certificate was not requested')
7696 machine_crt = os.path.join(dname, '%s.Machine.crt' % ca)
7697 self.assertTrue(os.path.exists(machine_crt),
7698 'Machine certificate was not requested')
7699 machine_key = os.path.join(dname, '%s.Machine.key' % ca)
7700 self.assertTrue(os.path.exists(machine_key),
7701 'Machine key was not generated')
7703 # Subsequent apply should react to new certificate templates
7704 os.environ['CEPCES_SUBMIT_SUPPORTED_TEMPLATES'] = 'Machine,Workstation'
7705 self.addCleanup(os.environ.pop, 'CEPCES_SUBMIT_SUPPORTED_TEMPLATES')
7706 ext.process_group_policy([], gpos, dname, dname)
7707 for ca in ca_list:
7708 self.assertTrue(os.path.exists(ca_crt),
7709 'Root CA certificate was not requested')
7710 self.assertTrue(os.path.exists(machine_crt),
7711 'Machine certificate was not requested')
7712 self.assertTrue(os.path.exists(machine_key),
7713 'Machine key was not generated')
7715 workstation_crt = os.path.join(dname, '%s.Workstation.crt' % ca)
7716 self.assertTrue(os.path.exists(workstation_crt),
7717 'Workstation certificate was not requested')
7718 workstation_key = os.path.join(dname, '%s.Workstation.key' % ca)
7719 self.assertTrue(os.path.exists(workstation_key),
7720 'Workstation key was not generated')
7722 # Verify RSOP does not fail
7723 ext.rsop([g for g in gpos if g.name == guid][0])
7725 # Check that a call to gpupdate --rsop also succeeds
7726 ret = rsop(self.lp)
7727 self.assertEqual(ret, 0, 'gpupdate --rsop failed!')
7729 # Remove policy
7730 gp_db = store.get_gplog(machine_creds.get_username())
7731 del_gpos = get_deleted_gpos_list(gp_db, [])
7732 ext.process_group_policy(del_gpos, [], dname)
7733 self.assertFalse(os.path.exists(ca_crt),
7734 'Root CA certificate was not removed')
7735 self.assertFalse(os.path.exists(machine_crt),
7736 'Machine certificate was not removed')
7737 self.assertFalse(os.path.exists(machine_key),
7738 'Machine key was not removed')
7739 self.assertFalse(os.path.exists(workstation_crt),
7740 'Workstation certificate was not removed')
7741 self.assertFalse(os.path.exists(workstation_key),
7742 'Workstation key was not removed')
7743 out, _ = Popen(['getcert', 'list-cas'], stdout=PIPE).communicate()
7744 for ca in ca_list:
7745 self.assertNotIn(get_bytes(ca), out, 'CA was not removed')
7746 out, _ = Popen(['getcert', 'list'], stdout=PIPE).communicate()
7747 self.assertNotIn(b'Machine', out,
7748 'Machine certificate not removed')
7749 self.assertNotIn(b'Workstation', out,
7750 'Workstation certificate not removed')
7752 # Remove the dummy CA, pKIEnrollmentService, and pKICertificateTemplate
7753 ldb.delete(certa_dn)
7754 ldb.delete(enroll_dn)
7755 ldb.delete(template_dn)
7757 # Unstage the Registry.pol file
7758 unstage_file(reg_pol)
7760 def test_gp_centrify_sudoers_ext(self):
7761 local_path = self.lp.cache_path('gpo_cache')
7762 guid = '{31B2F340-016D-11D2-945F-00C04FB984F9}'
7763 reg_pol = os.path.join(local_path, policies, guid,
7764 'MACHINE/REGISTRY.POL')
7765 cache_dir = self.lp.get('cache directory')
7766 store = GPOStorage(os.path.join(cache_dir, 'gpo.tdb'))
7768 machine_creds = Credentials()
7769 machine_creds.guess(self.lp)
7770 machine_creds.set_machine_account()
7772 # Initialize the group policy extension
7773 ext = gp_centrify_sudoers_ext(self.lp, machine_creds,
7774 machine_creds.get_username(), store)
7776 gpos = get_gpo_list(self.server, machine_creds, self.lp,
7777 machine_creds.get_username())
7779 # Stage the Registry.pol file with test data
7780 stage = preg.file()
7781 e1 = preg.entry()
7782 e1.keyname = b'Software\\Policies\\Centrify\\UnixSettings'
7783 e1.valuename = b'sudo.enabled'
7784 e1.type = 4
7785 e1.data = 1
7786 e2 = preg.entry()
7787 e2.keyname = b'Software\\Policies\\Centrify\\UnixSettings\\SuDo'
7788 e2.valuename = b'1'
7789 e2.type = 1
7790 e2.data = b'fakeu ALL=(ALL) NOPASSWD: ALL'
7791 stage.num_entries = 2
7792 stage.entries = [e1, e2]
7793 ret = stage_file(reg_pol, ndr_pack(stage))
7794 self.assertTrue(ret, 'Could not create the target %s' % reg_pol)
7796 # Process all gpos, with temp output directory
7797 with TemporaryDirectory() as dname:
7798 ext.process_group_policy([], gpos, dname)
7799 sudoers = os.listdir(dname)
7800 self.assertEqual(len(sudoers), 1, 'The sudoer file was not created')
7801 sudoers_file = os.path.join(dname, sudoers[0])
7802 self.assertIn(e2.data, open(sudoers_file, 'r').read(),
7803 'The sudoers entry was not applied')
7805 # Remove the sudoers file, and make sure a re-apply puts it back
7806 os.unlink(sudoers_file)
7807 ext.process_group_policy([], gpos, dname)
7808 sudoers = os.listdir(dname)
7809 self.assertEqual(len(sudoers), 1,
7810 'The sudoer file was not recreated')
7811 sudoers_file = os.path.join(dname, sudoers[0])
7812 self.assertIn(e2.data, open(sudoers_file, 'r').read(),
7813 'The sudoers entry was not reapplied')
7815 # Check that a call to gpupdate --rsop also succeeds
7816 ret = rsop(self.lp)
7817 self.assertEqual(ret, 0, 'gpupdate --rsop failed!')
7819 # Remove policy
7820 gp_db = store.get_gplog(machine_creds.get_username())
7821 del_gpos = get_deleted_gpos_list(gp_db, [])
7822 ext.process_group_policy(del_gpos, [])
7823 self.assertEqual(len(os.listdir(dname)), 0,
7824 'Unapply failed to cleanup scripts')
7826 # Unstage the Registry.pol file
7827 unstage_file(reg_pol)
7829 def test_gp_centrify_crontab_ext(self):
7830 local_path = self.lp.cache_path('gpo_cache')
7831 guid = '{31B2F340-016D-11D2-945F-00C04FB984F9}'
7832 reg_pol = os.path.join(local_path, policies, guid,
7833 'MACHINE/REGISTRY.POL')
7834 cache_dir = self.lp.get('cache directory')
7835 store = GPOStorage(os.path.join(cache_dir, 'gpo.tdb'))
7837 machine_creds = Credentials()
7838 machine_creds.guess(self.lp)
7839 machine_creds.set_machine_account()
7841 # Initialize the group policy extension
7842 ext = gp_centrify_crontab_ext(self.lp, machine_creds,
7843 machine_creds.get_username(), store)
7845 gpos = get_gpo_list(self.server, machine_creds, self.lp,
7846 machine_creds.get_username())
7848 # Stage the Registry.pol file with test data
7849 stage = preg.file()
7850 e = preg.entry()
7851 e.keyname = \
7852 b'Software\\Policies\\Centrify\\UnixSettings\\CrontabEntries'
7853 e.valuename = b'Command1'
7854 e.type = 1
7855 e.data = b'17 * * * * root echo hello world'
7856 stage.num_entries = 1
7857 stage.entries = [e]
7858 ret = stage_file(reg_pol, ndr_pack(stage))
7859 self.assertTrue(ret, 'Could not create the target %s' % reg_pol)
7861 # Process all gpos, with temp output directory
7862 with TemporaryDirectory() as dname:
7863 ext.process_group_policy([], gpos, dname)
7864 cron_entries = os.listdir(dname)
7865 self.assertEqual(len(cron_entries), 1, 'Cron entry not created')
7866 fname = os.path.join(dname, cron_entries[0])
7867 data = open(fname, 'rb').read()
7868 self.assertIn(get_bytes(e.data), data, 'Cron entry is missing')
7870 # Check that a call to gpupdate --rsop also succeeds
7871 ret = rsop(self.lp)
7872 self.assertEqual(ret, 0, 'gpupdate --rsop failed!')
7874 # Remove policy
7875 gp_db = store.get_gplog(machine_creds.get_username())
7876 del_gpos = get_deleted_gpos_list(gp_db, [])
7877 ext.process_group_policy(del_gpos, [])
7878 self.assertEqual(len(os.listdir(dname)), 0,
7879 'Unapply failed to cleanup script')
7881 # Unstage the Registry.pol file
7882 unstage_file(reg_pol)
7884 def test_gp_user_centrify_crontab_ext(self):
7885 local_path = self.lp.cache_path('gpo_cache')
7886 guids = ['{31B2F340-016D-11D2-945F-00C04FB984F9}',
7887 '{6AC1786C-016F-11D2-945F-00C04FB984F9}']
7888 reg_pol = os.path.join(local_path, policies, guids[0],
7889 'USER/REGISTRY.POL')
7890 reg_pol2 = os.path.join(local_path, policies, guids[1],
7891 'USER/REGISTRY.POL')
7892 cache_dir = self.lp.get('cache directory')
7893 store = GPOStorage(os.path.join(cache_dir, 'gpo.tdb'))
7895 machine_creds = Credentials()
7896 machine_creds.guess(self.lp)
7897 machine_creds.set_machine_account()
7899 # Initialize the group policy extension
7900 ext = gp_user_centrify_crontab_ext(self.lp, machine_creds,
7901 os.environ.get('DC_USERNAME'),
7902 store)
7904 gpos = get_gpo_list(self.server, machine_creds, self.lp,
7905 machine_creds.get_username())
7907 # Stage the Registry.pol file with test data
7908 stage = preg.file()
7909 e = preg.entry()
7910 e.keyname = \
7911 b'Software\\Policies\\Centrify\\UnixSettings\\CrontabEntries'
7912 e.valuename = b'Command1'
7913 e.type = 1
7914 e.data = b'17 * * * * echo hello world'
7915 stage.num_entries = 1
7916 stage.entries = [e]
7917 ret = stage_file(reg_pol, ndr_pack(stage))
7918 self.assertTrue(ret, 'Could not create the target %s' % reg_pol)
7920 # Stage the other Registry.pol
7921 stage = preg.file()
7922 e2 = preg.entry()
7923 e2.keyname = \
7924 b'Software\\Policies\\Centrify\\UnixSettings\\CrontabEntries'
7925 e2.valuename = b'Command1'
7926 e2.type = 1
7927 e2.data = b'17 * * * * echo this is a second policy'
7928 stage.num_entries = 1
7929 stage.entries = [e2]
7930 ret = stage_file(reg_pol2, ndr_pack(stage))
7931 self.assertTrue(ret, 'Could not create the target %s' % reg_pol2)
7933 # Process all gpos, intentionally skipping the privilege drop
7934 ext.process_group_policy([], gpos)
7935 # Dump the fake crontab setup for testing
7936 p = Popen(['crontab', '-l'], stdout=PIPE)
7937 crontab, _ = p.communicate()
7938 self.assertIn(get_bytes(e.data), crontab,
7939 'The crontab entry was not installed')
7940 self.assertIn(get_bytes(e2.data), crontab,
7941 'The crontab entry was not installed')
7943 # Force apply with removal of second GPO
7944 gp_db = store.get_gplog(os.environ.get('DC_USERNAME'))
7945 del_gpos = gp_db.get_applied_settings([guids[1]])
7946 gpos = [gpo for gpo in gpos if gpo.name != guids[1]]
7947 ext.process_group_policy(del_gpos, gpos)
7949 # Dump the fake crontab setup for testing
7950 p = Popen(['crontab', '-l'], stdout=PIPE)
7951 crontab, _ = p.communicate()
7953 # Ensure the first entry remains, and the second entry is removed
7954 self.assertIn(get_bytes(e.data), crontab,
7955 'The first crontab entry was not found')
7956 self.assertNotIn(get_bytes(e2.data), crontab,
7957 'The second crontab entry was still present')
7959 # Check that a call to gpupdate --rsop also succeeds
7960 ret = rsop(self.lp)
7961 self.assertEqual(ret, 0, 'gpupdate --rsop failed!')
7963 # Remove policy
7964 del_gpos = get_deleted_gpos_list(gp_db, [])
7965 ext.process_group_policy(del_gpos, [])
7966 # Dump the fake crontab setup for testing
7967 p = Popen(['crontab', '-l'], stdout=PIPE)
7968 crontab, _ = p.communicate()
7969 self.assertNotIn(get_bytes(e.data), crontab,
7970 'Unapply failed to cleanup crontab entry')
7972 # Unstage the Registry.pol files
7973 unstage_file(reg_pol)
7974 unstage_file(reg_pol2)
7976 def test_gp_drive_maps_user_ext(self):
7977 local_path = self.lp.cache_path('gpo_cache')
7978 guid = '{31B2F340-016D-11D2-945F-00C04FB984F9}'
7979 xml_path = os.path.join(local_path, policies, guid,
7980 'USER/PREFERENCES/DRIVES/DRIVES.XML')
7981 cache_dir = self.lp.get('cache directory')
7982 store = GPOStorage(os.path.join(cache_dir, 'gpo.tdb'))
7984 machine_creds = Credentials()
7985 machine_creds.guess(self.lp)
7986 machine_creds.set_machine_account()
7988 # Initialize the group policy extension
7989 ext = gp_drive_maps_user_ext(self.lp, machine_creds,
7990 os.environ.get('DC_USERNAME'), store)
7992 ads = gpo.ADS_STRUCT(self.server, self.lp, machine_creds)
7993 if ads.connect():
7994 gpos = ads.get_gpo_list(machine_creds.get_username())
7996 # Stage the Drives.xml file with test data
7997 ret = stage_file(xml_path, drive_maps_xml)
7998 self.assertTrue(ret, 'Could not create the target %s' % xml_path)
8000 # Process all gpos, intentionally skipping the privilege drop
8001 ext.process_group_policy([], gpos)
8002 # Dump the fake crontab setup for testing
8003 p = Popen(['crontab', '-l'], stdout=PIPE)
8004 crontab, _ = p.communicate()
8005 entry = b'@hourly gio mount smb://example.com/test'
8006 self.assertIn(entry, crontab,
8007 'The crontab entry was not installed')
8009 # Check that a call to gpupdate --rsop also succeeds
8010 ret = rsop(self.lp)
8011 self.assertEqual(ret, 0, 'gpupdate --rsop failed!')
8013 # Unstage the Drives.xml
8014 unstage_file(xml_path)
8016 # Modify the policy and ensure it is updated
8017 xml_conf = etree.fromstring(drive_maps_xml.strip())
8018 drives = xml_conf.findall('Drive')
8019 props = drives[0].find('Properties')
8020 props.attrib['action'] = 'D'
8021 ret = stage_file(xml_path,
8022 etree.tostring(xml_conf, encoding='unicode'))
8023 self.assertTrue(ret, 'Could not create the target %s' % xml_path)
8025 # Process all gpos, intentionally skipping the privilege drop
8026 ext.process_group_policy([], gpos)
8027 # Dump the fake crontab setup for testing
8028 p = Popen(['crontab', '-l'], stdout=PIPE)
8029 crontab, _ = p.communicate()
8030 self.assertNotIn(entry+b'\n', crontab,
8031 'The old crontab entry was not removed')
8032 entry = entry + b' --unmount'
8033 self.assertIn(entry, crontab,
8034 'The crontab entry was not installed')
8036 # Remove policy
8037 gp_db = store.get_gplog(os.environ.get('DC_USERNAME'))
8038 del_gpos = get_deleted_gpos_list(gp_db, [])
8039 ext.process_group_policy(del_gpos, [])
8040 # Dump the fake crontab setup for testing
8041 p = Popen(['crontab', '-l'], stdout=PIPE)
8042 crontab, _ = p.communicate()
8043 self.assertNotIn(entry, crontab,
8044 'Unapply failed to cleanup crontab entry')
8046 # Unstage the Drives.xml
8047 unstage_file(xml_path)
8049 # Modify the policy to set 'run once', ensure there is no cron entry
8050 xml_conf = etree.fromstring(drive_maps_xml.strip())
8051 drives = xml_conf.findall('Drive')
8052 filters = etree.SubElement(drives[0], 'Filters')
8053 etree.SubElement(filters, 'FilterRunOnce')
8054 ret = stage_file(xml_path,
8055 etree.tostring(xml_conf, encoding='unicode'))
8056 self.assertTrue(ret, 'Could not create the target %s' % xml_path)
8058 # Process all gpos, intentionally skipping the privilege drop
8059 ext.process_group_policy([], gpos)
8060 # Dump the fake crontab setup for testing
8061 p = Popen(['crontab', '-l'], stdout=PIPE)
8062 crontab, _ = p.communicate()
8063 entry = b'@hourly gio mount smb://example.com/test'
8064 self.assertNotIn(entry, crontab,
8065 'The crontab entry was added despite run-once request')
8067 # Remove policy
8068 gp_db = store.get_gplog(os.environ.get('DC_USERNAME'))
8069 del_gpos = get_deleted_gpos_list(gp_db, [])
8070 ext.process_group_policy(del_gpos, [])
8072 # Unstage the Drives.xml
8073 unstage_file(xml_path)
8075 def test_expand_pref_variables(self):
8076 cache_path = self.lp.cache_path(os.path.join('gpo_cache'))
8077 gpt_path = 'TEST'
8078 username = 'test_uname'
8079 test_vars = { 'AppDataDir': os.path.expanduser('~/.config'),
8080 'ComputerName': self.lp.get('netbios name'),
8081 'DesktopDir': os.path.expanduser('~/Desktop'),
8082 'DomainName': self.lp.get('realm'),
8083 'GptPath': os.path.join(cache_path,
8084 check_safe_path(gpt_path).upper()),
8085 'LogonDomain': self.lp.get('realm'),
8086 'LogonUser': username,
8087 'SystemDrive': '/',
8088 'TempDir': '/tmp'
8090 for exp_var, val in test_vars.items():
8091 self.assertEqual(expand_pref_variables('%%%s%%' % exp_var,
8092 gpt_path,
8093 self.lp,
8094 username),
8095 val, 'Failed to expand variable %s' % exp_var)
8096 # With the time variables, we can't test for an exact time, so let's do
8097 # simple checks instead.
8098 time_vars = ['DateTime', 'DateTimeEx', 'LocalTime',
8099 'LocalTimeEx', 'TimeStamp']
8100 for time_var in time_vars:
8101 self.assertNotEqual(expand_pref_variables('%%%s%%' % time_var,
8102 gpt_path,
8103 self.lp,
8104 username),
8105 None, 'Failed to expand variable %s' % time_var)
8107 # Here we test to ensure undefined preference variables cause an error.
8108 # The reason for testing these is to ensure we don't apply nonsense
8109 # policies when they can't be defined. Also, these tests will fail if
8110 # one of these is implemented in the future (forcing us to write a test
8111 # anytime these are implemented).
8112 undef_vars = ['BinaryComputerSid',
8113 'BinaryUserSid',
8114 'CommonAppdataDir',
8115 'CommonDesktopDir',
8116 'CommonFavoritesDir',
8117 'CommonProgramsDir',
8118 'CommonStartUpDir',
8119 'CurrentProccessId',
8120 'CurrentThreadId',
8121 'FavoritesDir',
8122 'GphPath',
8123 'GroupPolicyVersion',
8124 'LastDriveMapped',
8125 'LastError',
8126 'LastErrorText',
8127 'LdapComputerSid',
8128 'LdapUserSid',
8129 'LogonServer',
8130 'LogonUserSid',
8131 'MacAddress',
8132 'NetPlacesDir',
8133 'OsVersion',
8134 'ProgramFilesDir',
8135 'ProgramsDir',
8136 'RecentDocumentsDir',
8137 'ResultCode',
8138 'ResultText',
8139 'ReversedComputerSid',
8140 'ReversedUserSid',
8141 'SendToDir',
8142 'StartMenuDir',
8143 'StartUpDir',
8144 'SystemDir',
8145 'TraceFile',
8146 'WindowsDir'
8148 for undef_var in undef_vars:
8149 try:
8150 expand_pref_variables('%%%s%%' % undef_var, gpt_path, self.lp)
8151 except NameError:
8152 pass
8153 else:
8154 self.fail('Undefined variable %s caused no error' % undef_var)
8156 def test_parser_roundtrip_empty_multi_sz(self):
8157 with TemporaryDirectory() as dname:
8158 reg_pol_xml = os.path.join(dname, 'REGISTRY.POL.XML')
8160 parser = GPPolParser()
8161 try:
8162 parser.load_xml(etree.fromstring(empty_multi_sz_reg_pol.strip()))
8163 except Exception as e:
8164 self.fail(str(e))
8165 parser.write_xml(reg_pol_xml)
8167 with open(reg_pol_xml, 'r') as f:
8168 pol_xml_data = f.read()
8170 # Strip whitespace characters due to indentation differences
8171 expected_xml_data = re.sub(r"\s+", "", empty_multi_sz_reg_pol.decode(), flags=re.UNICODE)
8172 actual_xml_data = re.sub(r"\s+", "", pol_xml_data, flags=re.UNICODE)
8173 self.assertEqual(expected_xml_data, actual_xml_data, 'XML data mismatch')
8175 def test_parser_roundtrip_multiple_values_multi_sz(self):
8176 with TemporaryDirectory() as dname:
8177 reg_pol_xml = os.path.join(dname, 'REGISTRY.POL.XML')
8179 parser = GPPolParser()
8180 try:
8181 parser.load_xml(etree.fromstring(multiple_values_multi_sz_reg_pol.strip()))
8182 except Exception as e:
8183 self.fail(str(e))
8184 parser.write_xml(reg_pol_xml)
8186 with open(reg_pol_xml, 'r') as f:
8187 pol_xml_data = f.read()
8189 # Strip whitespace characters due to indentation differences
8190 expected_xml_data = re.sub(r"\s+", "", multiple_values_multi_sz_reg_pol.decode(), flags=re.UNICODE)
8191 actual_xml_data = re.sub(r"\s+", "", pol_xml_data, flags=re.UNICODE)
8192 self.assertEqual(expected_xml_data, actual_xml_data, 'XML data mismatch')