1
0
mirror of https://github.com/TommyTran732/Microsoft-Edge-Policies synced 2024-11-22 02:11:34 -05:00

Add uBO Lite whitelist

Signed-off-by: Tommy <contact@tommytran.io>
This commit is contained in:
Tommy 2023-12-04 23:26:00 -07:00
parent d19f039c50
commit 8654a613a1
No known key found for this signature in database
GPG Key ID: D30DEC268D3FEB17
3 changed files with 23 additions and 0 deletions

View File

@ -13,6 +13,14 @@
"SpotlightExperiencesAndRecommendationsEnabled": false,
"FeatureFlagOverridesControl": 1,
"ExtensionInstallBlocklist": [ "*" ],
"ExtensionSettings": {
"ddkjiahejlhfcafbddmgiahcphecmpfh": {
"installation_mode": "allowed",
"update_url": "https://clients2.google.com/service/update2/crx",
"override_update_url": true,
"sidebar_auto_open_blocked": true
}
},
"GamerModeEnabled": false,
"WindowsHelloForHTTPAuthEnabled": false,
"ImmersiveReaderGrammarToolsEnabled": false,

View File

@ -8,6 +8,7 @@ For corporate environments, you will need make approprieate changes, including b
- Disable `DeveloperToolsAvailability`. Users can be tricked into running malicious code in the browser console otherwise.
- Set `DefaultWebUsbGuardSetting` to "Block". In most cases, the websites will never need to use this API. I need it to flash GrapheneOS and StockOS on my phones.
- Set `DefaultJavaScriptJitSetting` to "Block". This will prevent users from adding exceptions to Enhanced Security Mode.
- Remove the uBlockOrigin Lite extension whitelist. I am not aware of any way to block users from granting uBlockOrigin Lite access to all content on a website, which is a security risk. If you know of a way to enforce that the extension runs permission-less, please let me know.
- Further restrict permissions that websites can prompt for.
- Consider removing the `Disable3DAPIs` policy. Currently, WebGL is disabled in my policies and a few sites will break, so whether to do this highly depends on your organization.
- Consider mandating that `SmartScreenEnabled` is set to disabled. `TyposquattingCheckerEnabled` is also potentially invasive, though I have not confirmed this. Please make an issue to let me know of your findings.

View File

@ -34,6 +34,20 @@
<array>
<string>*</string>
</array>
<key>ExtensionSettings</key>
<dict>
<key>ddkjiahejlhfcafbddmgiahcphecmpfh</key>
<dict>
<key>installation_mode</key>
<string>allowed</string>
<key>update_url</key>
<string>https://clients2.google.com/service/update2/crx</string>
<key>override_update_url</key>
<true />
<key>sidebar_auto_open_blocked</key>
<true />
</dict>
</dict>
<key>GamerModeEnabled</key>
<false />
<key>WindowsHelloForHTTPAuthEnabled</key>