New policy

From CDOT Wiki
Jump to: navigation, search


This tutorial will give a basic outline of what is required to implement an IE policy in the Active Directory code.

Technical Requirements

You should be familiar with :

  • XUL
  • Javascript
  • Registry (regedit)
  • gpedit.msc (though, may not be required)

Most of the time, you can get away with just an overlay or a preference change. But sometimes, you have to get knee deep in javascript to get what you want.


  1. When you know what policy you want to implement, you must first determine how to best manage that policy. Is it a cosmetic change like removing a button or menuitem, or is it a preference.
  2. Than you must decide the many ways to activate that policy. For example, opening a new window can be done in several ways (file menu, right-click on link, right-click on bookmark, within frames, keyboard shortcut, and a button shortcut via customize toolbars). This will give you a good understanding of how many files you have to create, as well as how much aspirin you'll need handy.
  3. Now you must find out where they policy's registry key is located in the registry. I don't know a great way of doing this other than searching manually. (disable/enable the policy, than check the registry). But here are the typical locations In either HKEY_LOCAL_MACHINE or HKEY_CURRENT_USER
    • Software\Policies\Microsoft\Internet Explorer
    • Software\Policies\Microsoft\Internet Explorer\Restrictions
    • Software\Policies\Microsoft\Internet Explorer\Control Panel
    • Software\Policies\Microsoft\Internet Explorer\Main
    • Software\Policies\Microsoft\Internet Explorer\TabbedBrowsing
    • Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions
    You may have to search in other places under Software\Policies\Microsoft\Internet Explorer to find what you need. If you have to search elsewhere, then you have to add that to paths in browser.js/preferences.js/viewSource.js/bookmarksManager.js (you'll know which paths to modify as this is explained further). I will call them the "javascript overlay loaders" from now on because they add overlays to files, and they're javascript.
  4. Once you have all that, then you can finally start getting work done. Often, in cosmetic changes you will only have to overlay browser.xul. But if your policy is also a preference, you would have to overlay preferences.xul as well. You have to create one file for each overlay. First. all your files should match the registry name (for example, NoFileNew or NoBrowserClose). However, if your filename is already taken by another policy or is generic (such as Enabled), then you can choose to call it whatever you want, but you have to add some logic to the appropriate javascript overlay loaders
  5. Create the appropriate overlay file based on the name above. If you are overlaying viewsource, than prepend VS to the end of the filename (eg. fooVS.xul), and P with preferences (fooP.xul). There is a sample overlay in the resources section.
  6. When you build the Active Directory code and launch firefox, the AD code will go through each path and gather all keys in the path. Then it tries to load all the files with that registry key name (unless you made an exception in the code, as noted two points above). An easy way to check that the overlay got loaded is to use venkman or some other extension that figures out what chrome:// files are loaded. Some overlays aren't added until you start certain components like Bookmarks manager or Preferences.
  7. Now you can finally disable the functionality you don't need, hide ui elements you no longer need, and whatever else.


This contains useful snippets of code that you can use as a starting point. This should be expanded as necessary.

Sample overlay

<?xml version="1.0"?>

<overlay id="*****YourIDhere*****"
  <script type="application/x-javascript;version=1.7">
    /* Your js code here */