AFAIK to be able to stop this would be to make a Standard User account to prevent anyone but the Admin/Owner to install them. If your giving them the admin/Owner account access your not going to stop them from doing what they want.

See also:

• https://github.com/mozilla/policy-templates/blob/master/README.md
• https://support.mozilla.org/en-US/kb/customizing-firefox-using-policiesjson

Thanks for the replies, with the JSON policy you can force an install, uninstall or lock down extensions. This is not what we are looking for I think, what we need is the following:

All extensions are blocked by default and cannot be installed through addons.mozilla.org, only the extensions in a preconfigured list can be installed, for instance:

Lastpass Ghostery

If I put the following items in mozilla.cfg: lockPref("xpinstall.enabled", false); lockPref("extensions.enabledScopes", 0);

And the whitelisted extensions in the policies.json file: {

 "policies": {
   "Extensions": {
     "Install": ["https://addons.mozilla.org/firefox/downloads/file/1018132/lastpass_password_manager-4.15.2.17-an+fx.xpi", "//path/to/xpi"]
   }

}

Will that work? And how can I make the install url generic so future versions will also be whitelisted? Thanks again!

You can try to ask at the Firefox Enterprise forum. Mike Kaply knows a lot more about this than any of us.

• https://support.mozilla.org/en-US/questions/firefox-enterprise