Enable NTLM SSO for Firefox with Group Policy

My company has a lot of people using Firefox, and we are in the process of deploying several Sharepoint sites.  We want to implement a solution that will prevent them from having to enter their active directory credentials in the browser when accessing these Sharepoint sites.

If I go into Firefox about:config > network.automatic-ntlm-auth.trusted-uris, and add the Sharepoint URLs, then SSO works.  The issue is how to do this efficiently across all computers in the organization.

I found a VBScript (URL below) that will add a specified list or URLs to that setting in the prefs.js file, but I need a way to run that VBScript on all computers.

http://sivel.net/2007/05/firefox-ntlm-sso/

I thought about using GPP, but as far as I can tell, that only works for controlling settings that are contained in the registry.

I have previously been doing this with a login script, but the issue with that approach is that I have a lot of remote users who use a software VPN client, so they do not connect to our network until after they have logged into their PC, so they do not run login scripts.

It seems group policy is the answer, but I can't seem to figure out how to get group policy to run a VBS file.
LVL 3
FWestonAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

PaulNSWCommented:
Try the following

go to \\domain.local\netlogon

copy your vbs script there
create another file, firefoxSSO.bat

and in it have

@echo off
wscript %0\..\your.vbs

Then set the .bat file as the user logon script or startup script
0
FWestonAuthor Commented:
Paul,

For the script, are you talking about setting it under:

User > Policies > Windows Settings > Scripts

and

Computer > Policies > Windows Settings > Scripts

?

If so, will those run periodically or only at startup / login?  The concern I have is that the computer will not have access to the domain controller when it boots up or the user logs in since it is remote.

Thanks.
0
PaulNSWCommented:
It's for every user profile, so you would need to use the User Policy section of GPO

Try using this as a guide: http://community.spiceworks.com/how_to/show/990

its for 2003, but the same concept applies for 2008

The script will only run at user login.  However I would assume, once this preference has been set, it will stick unless a user manually reverts the settings.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
FWestonAuthor Commented:
Hi Paul,

That seems like it will work for folks that are on our corporate network at login, but I don't think this will solve the problem for remote users because they won't be able to access the DC at login.

I know the other user policies update at the predefined group policy refresh intervals, so remote users do get the settings from group policy, it seems now I just need to figure out a way to specify a policy that somehow modifies the prefs.js file without relying on a login script.

I wonder if a logoff script would do it...theoretically they should have access to the network at logoff.  I'll test that.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.