It's a while since i've needed to secure this browser for a specific environment in our organisation and i want to update the machines and version of firefox in the deployment. Currently i have several challenges with this browser. The environment talks to a WAN for RDP and a local server for a webpage, there is a csp for internet filtering and this in itself shouldn't be an issue the issue is the browser itself. So in the past we used two extensions, public fox and easy whitelist. This setup was pretty much perfect, the machines use their rdp with no hassle, users have no access to the browser and the whitelist does it's thing to lock them to the intranet site. Further to this Public Fox looks like they threw in the towel as it's riddled with holes on new versions of ff and easy whitelist has been completely removed. Moving to the newer Firefox and ho boy here's where the fun begins, firstly extensions are a joke starting the browser in safe mode disables them and allows for their removal - yay. secondly and this has always been a firefox bug it always asks for proxy settings even when it has them already and you check the box that says don't bug me. That said even if you put them in they are through the previous bug removable. Serious question, how does anyone outside of standalone, unrestricted users use this browser? Now I'm reading there are some policies, i don't know if they will help i could use a local security policy if needed but i'm unsure if this is the path i should go down. any suggestions from people who may be in a similar boat? The TLDR, i want to restrict access to any and all settings - and the browser should be locked to one intranet site. Come at me. ok, maybe i will look at the gp stuff, seems to have a few things. see if it covers my needs. https://www.ghacks.net/2018/03/10/firefox-60-ships-with-windows-group-policy-support/ yep looks like this might get me there. if anyone has any feedback i'll still take it on board though.