Rolling Out Mozilla in an Organization?

jdclucidly asks: "I am a network administrator for a small non-profit (about 50 employees). I would like to roll Mozilla 1.2.1 out to all of our desktops. We don't have a single ghost image because the computers on site are too varied. Yes, I did my Googling. The source for the installer is just huge and mind boggling. Is there something like a Mozilla Administration Kit that will generate custom Mozilla installers? If not, would people on Slashdot be interested in starting a new project to make such a kit?" If you were going to deploy a "branded" version of Mozilla, company-wide, how would you do it, especially if you had to worry about a mixed OS environment?

"Here's what I want to do:

• Install everything but Quality Feedback Agent
• Set Mozilla as the default browser
• Disable 'Open Unrequested Windows' (kill pop-ups)
• Install Elveraldo's Crystal-Classic theme as default
• Set Google as the default search engine
• Set 'Georgia' as the default Serif font for Western and Unicode
• Enable HTTP Pipelining
• Enable FIPS internal cryptography
• Set toolbar to 'Pictures only'
• Set Home Page to my organization's intranet site
• Set start page to 'Blank page'
• Disable 'Hide the tab bar'
• Enable Middle-click for new tab
• Enable control+enter for new tab
• Default downloads to 'open a progress dialog'
• Disable Javascript and Plugins for Mail & News
• Enable quicklaunch
• Create an additional shortcut on the desktop and in quicklaunch that uses chrome/icons/mailnew.ico as it's source and points to 'mozilla.exe -mail'

As you can imagine, doing this on 50 computers (and making sure I got each of these) would be quite tedious. Are, there others out there that want to do the same thing. I checked the Mozilla newgroups. I checked the CCK Project page at Mozilla.org -- it appears to be pretty inactive. I checked out the Netscape 7 CCK, which is pretty robust but doesn't do everything I want and it's proprietary -- plus, I don't want all the NS7 proprietary crap on my network.

I installed Mozilla on my machine using the stub installer and had it save all of the .XPI components to a folder. I went in and extracted the .XPI's and examined them. It seems possible to do these things but not without learning XUL, JavaScript, XML and Mozilla.org's own stuffings -- not to mention setting up a Visual C++/Cygwin compiling farm for every next Mozilla release. Can I:

• Directly modify the defaults/prefs/all.js file to incorporate my preference defaults above and then recompress the .XPI?
• Add to the installer Crystal-Classic.jar somehow? Where are those changes made?
• Make the installer NOT allow the user to change any of this?
• Make the installer create the above mentioned shortcut?"

just copy the directory

just copy the directory, mozilla doesn't need registry entries.. it stores all its settings in some whacky xml files

Re:just copy the directory

[MikeFM]

Copying the directory is pretty much what I'd suggest. Configure one browser for each platform and make a tarball for Linux, a zip installer for Windows, etc and just copy your settings over. For 50 machines it wouldn't be worth the effort of using a client customization kit or anything like that. As far as keeping users from changing their settings that's easy enough in Linux but am not sure how you'd do it in Windows or MacOS. Just change the owner of the config files away from the user and give them read but not write permissions to those files.

Re:just copy the directory

[SnowDeath]

Dont forget to copy the registry.dat when you copy Mozilla from Application data so that Mozilla knows where you are storing the Mozilla profile. As long as you are using 2000/XP (NT could work too, that's what I had have to use at work right now), just make all of your profile directories/files ready only *EXCEPT* the parent salted directory, they need read/delete to that for the lock file.

The way I have Mozilla set on our NT4 machines is to use the profile editor (name?), delete the default, create my own (named modlang, being that I run the modlang computer lab) profile, put it under mozilla.org in the program files directory, set everything to the way I want (popup blocking, default homepage, etc) and then simply copy mozilla.org directory (with mozilla already being installed on the profile creating machine) to each target machine.

The tricky part was figuring out that I needed to copy the registry.dat to default user's application data directory, after figuring that out it is cake.

Re:Don't use Mozilla

[pavera]

everyone is always praising phoenix, however, on my machine it uses more RAM (about 26MB compared to 20 for mozilla) it isn't noticably faster, and there isn't an option to ctrl+enter in the location bar to open a new tab, ctrl+enter in phoenix does the same as in IE (adds http://www. to the front and .com to the end of whatever is in the location bar) which is a nice shortcut, but I'm too addicted to ctrl+enter creating a new tab, so phoenix's usability suffers for me, and I don't get alot of speed increases anyway...

Uhh... this is what you DON'T want to do

[cscx]

This is 100% the wrong way to go about things, bud. What you want to do is use something like Microsoft Systems Management Server, Veritas WinInstall, or Novell ZenWorks SnAPPShot to monitor the install on your install test-bed PC (you DO have one, don't you?), make all those oodles of changes you want to, then redistribute it identically to your clients. If you don't have these, I would buy one of the packages -- the money you spend will save you $$$ in man-hours trying to come up with a hackneyed, crappy homebrew solution in the long run. Once you start using these distribution apps, they will become your next best friend.

Re:Uhh... this is what you DON'T want to do

[FatherOfONe]

I agree with you, and am a HUGE fan of WinInstall, but there is a couple of issues.

1. WinInstall handles win9x and winnt/2k/XP clients differently.

2. All the systems you mentioned cost money. A significant amount of money.

3. SMS will only work with Microsoft stuff and it kinda sucks, although I heard the new version is ok. Just expect vendor lock-in.

4. Novell Zenworks will require an NT server or a Novell server, and the version that I used put all the files in NDS. You couldn't edit them or do much with them after you did a scan. WinInstall blew them out of the water.

The core reason you use an unatended install is the EXCACT reason this guy wants one and WinInstall isn't such a good option. He has 50 desktops probably all different. Some have multiple drives some don't. If you made a WinInstall or SMS or ZenWorks package to do this type of install, you better be great a building those packages, because you will be using your "test" machine as a template for all the desktops in the organization. If for some reason that test machine had a DLL that the other 40 didn't have...

The easy way...

[DaveOnNet]

Just prohibit the use of Mozilla in your organization and then make sure employees have access to the Internet. They're bound to set it up themselves that way.

It' won't be easy...

[weave]

I tried, went through hell. I assume you're doing this in a Windows environment. If so, be aware of some real killer limitations.

First of all, Mozilla doesn't understand UNC paths. If your GPO redirects %appdata%, you're screwed. Quit now. The mozilla registry.dat file goes in %appdata%\mozilla and if %appdata% is in a UNC of DFS share, it won't find it.

Then ... if you allow users to create profiles in the default location, below %appdata%\mozilla, expect profiles to go missing. Windows has a nasty habit of duplicating roaming profiles, like profiles\user, profiles\user.domain, profiles\user.domain.000, etc... Since your profile location is a hardcoded path in registry.dat, Mozilla will find it, but will try to load the profile in the stale profile location. If that doesn't exist now, it'll throw up a profile manager asking you to recreate one.

The solution to above is to create the profile manually via a command like:

mozilla.exe -CreateProfile "default z:\mozilla"

That will move the bulk of the profile (except registry.dat) to a fixed location out of the roaming profile.

For a lot more detail and my rant, read bug #162025, comment #28.

We have done a lot to get it working finally, including some logon vbscripts to create the profiles, repair prefs.js file, have some mandatory prefs.js entries that are replaced during logon if user changes them (like home page for us), etc...

We've been through hell but think we finally have it licked by working around mozilla bugs. We intend to post a page on our experiences, but not in the next 12 hours (the effective life of a slashdot story)

When it's ready, I'll e-mail you or feel free to contact me if you want the scripts as they stand now (we are still debugging some things).

Re:It' won't be easy...

[BlueUnderwear]

Windows has a nasty habit of duplicating roaming profiles, like profiles\user, profiles\user.domain, profiles\user.domain.000, etc...

We have seen this behaviour too. However, apparently, as far as we could see, it would only happen on Win2k, on NTFS partitions. Win2k + FAT32 was ok. So, what we did was create a small D: partition as FAT32, and configured Windows to store the cached user profile on that partition. From then on, our "multiple profiles" problem was gone.

Since your profile location is a hardcoded path in registry.dat, Mozilla will find it, but will try to load the profile in the stale profile location. If that doesn't exist now, it'll throw up a profile manager asking you to recreate one.

Or just store the profile somewhere on the user's home directory (H:\Mozilla\)

...repair prefs.js file, have some mandatory prefs.js entries that are replaced during logon if user changes them (like home page for us), etc...

No need to bother with vbscript. Just use locked settings in the mozilla.cfg file. This page described how. Just insert entries such as the following into your mozilla.cfg.txt:

lockPref("browser.startup.homepage", "http://my.home.page/");

Then encrypt the file to mozilla.cfg using this program (with an offset of 13). N.B. The mozilla.cfg.txt file must start with a comment (two slashes), and be referenced from all.js or else it will be ignored by mozilla. After having set up a mozilla.cfg, the user can no longer change the relevant settings (they are greyed out), and even if he does manually edit his prefs.js, mozilla will fix prefs.js the next time it starts up.

Web Browser Kiosk Build-Experience

[VoidEngineer]

Ah, I used to do something similar at the Department of Networking Services & Information Technologies, at the University of Chicago, were I used to work. Setup up webkiosks and the like for the campus.

Your probably already know this, but I'll point out the obvious:

1. Set up a Ghost server for yourself. Maybe even look at a copy of Alteris LabExpert.

2. Backup often.

3. Set yourself a timeline with mile markers. Give yourself a few months, so you don't pull out your hair or have a mental break down. Plan a reasonable project timeline, such as 3 months.

4. Set up testing workstations. Get all of your networking issues out of the way before you start on Mozilla. TCP/IP or other protocol stacks should already be installed. All device drivers should already be installed.

5. Take the list which you've already made, and make the changes to the box. When you get the change to work, backup the box with your image server. Keep detailed notes of what you've just accomplished.

6. Repeat step 5 until all items are completed.

7. When step 6 is completed, backup the workstation, diff the image if needed, and push it onto workstations of similar hardware configuration. Either package the image as an application (tar, zip), an application image (ZenWorks, Active Directory resource, Ghost, etc), or an operating system image (SMS, Alteris, Ghost).

Once you get into the groove of the project, it'll go quickly.

Sorry for stating the obvious, but you're talking about a fairly complex network engineering task. Don't expect it to happen next week or even next month. Just make sure you have an imaging server and that you take good notes, and the project will go fine.

Some simple ideas.

[The+Creator]

First install mozilla on one machine. Then obtain the source, find where the signal handler(i think that is what it is called) for the meny ithem edit->preferences is set and comment that out, compile. Now you should have a version of mozilla that the user cannot configure.

Use the first installation(full version) to generate all the files that contain the settings you want for each machine. And copy them to each machine after installing the crippled mozilla on them.

You should be able to achiave your goals like this, if each machine requires uniqe settings(email and such) then you have some work to do, but it should'nt be impossible.

Re:Question...

[SlashdotLemming]

So let me get this straight, the "end user" sitting in front of the machine 99% of the time should use the personal preferences of the grumpy SA. Makes sense. I hope those idiots keep their chairs at the proper height for you too. I mean, you need to be able to do *YOUR* job without distraction.

A genius in a sea of stupidity. How do you deal with it?

Don't ignore the question

[frankie]

* Install everything but Quality Feedback Agent
* Disable Javascript and Plugins for Mail & News
* Create an additional shortcut on the desktop and in quicklaunch that uses chrome/icons/mailnew.ico as it's source and points to 'mozilla.exe -mail'

I would use its leaner & meaner cousin, Phoenix

Knee, meet Jerk. Jerk, meet Knee. Apparently neither Vallon nor his 3 or 4 moderators bothered to read the freaking question. The IT guy specifically wants to use the mail client as well as the browser, and probably NNTP too.

Just because Phoenix is small and 1337 doesn't mean it's the answer to world peace, minty fresh breath, or every question that contains the word "Mozilla".

Re:Question...

[Bake]

Do you put a picture of the family on your desk?
Now why would you do that? The desk is not for your personal use, it's the property of the company, if you didn't pay for it, it ain't yours.

Do you fiddle with the settings on your office chair?
Now why would you do that? The chair is not for your personal use, it's the property of the company. It isn't any of the company's business what settings on the chair are most comfortable for you. Personalisation does not benefit the company.

I wish more end users would remember that.

(</sarcastic-rant> for those who need it)

The computer, just like any other accessory you use in your workplace must allow for some personalisation.
As an IT drone, it is not your job to dictate what background picture/colour I have. If having BIG white letters on a black background increases my productivity, you, on behalf of the company, should be happy, even though it means you'll get to spend a few more minutes with me in the event that I need some help.

Dispite what you may have read when reading the BOFH archives, the system administrator should NOT get to dictate every single detail about the computing environment in the workplace.

Stick with Moz not Phoenix

Phoenix development has died. Hyatt is now working on Safaria full time(he couldn't be happier), Blake(high schooler busy with getting ready for college) is MIA and Asa as usual doesn't comment on such things even when they seem grim. It looks like Phoenix as a project is dying/dead. No work has been done on Phoenix since December, and a critical bug has prevented anyone from using themes/extensions with new nightly versions since 12/28. This most basic bug pretty much shows the state of the project and how the developers involved have either a)lost interest or b) simply moved on. I know Blake had talked how eventually even he would get bored and move on(let any dev would), but it would have been nice if he had at least given some sort of warning.

Also the Mozilla development staff has been axed as well, so it too has slowed down at a very critical time when there have been a ton of regressions.

I'm a big fan of Mozilla(its all I use), so I hate to say these things which some people will undoubtably call FUD. But its not FUD and if you follow the project closely you'll know I'm not making this stuff up. Right now Mozilla is going through a very tough time and I really hope some new blood can come in to save it.

You'll excuse me for being a coward and not signing my name, but sorry that the way this has to be.

*These machines are not for your display of power*

[Kjella]

As an employee, it's not "your computer". It's the property of the company. I wish more end users would remember that. "Why are you messing with *my* computer? I've got it just the way I like it!" Sorry. Pink fonts in Monotype Corsiva on a light blue background makes it tough for me to troubleshoot. Don't put your kid's picture up as wallpaper (less of a gripe, I don't really care, but give an inch...). Don't install the "little program" you brought from home.

Those machines are also not there for the IT staff to use for some kind of power trip. Those machines are there to provide value to the company, which they presumably do when the users are working on them, not you. If the customizations they do make them work more effectively (translation: more motivated), that is good for the company. Certainly if they install viruses and stuff that creates trouble you need to take action, but the whining about text and background images is pathetic.

Somehow I thought that kind of tayloristic management (your desktop will show in 0.04 seconds faster if you don't have a background image) became almost extinct long ago. If you treat people like machines, they also react very cynical - and do as little work as possible without getting fired. Since there's an economic downturn I guess people will stick around - but if all your best men leave when it starts going up, I can't say I'm surprised. I wouldn't want to stick around at least...

Kjella

Good point!

[iamacat]

As an employee, it's not your network. I wish more system administrators would remember that. "Why are you messing with *my* data center? I've got it just the way I like it". Sorry. SSH and VNC are SECURITY HOLES. Any HACKER can DOWNLOAD the source code ON THE INTERNET and BREAK IN. Microsoft spent millions of dollars and countless man-hours designing remote administation tools. Just keep a cart with a keyboard and monitor, connect it to the server in the rack that stops responding and click Ok on that message box. Also, If I find any non-approved scripting language like Perl, it (and you) are gone. Microsoft already has batch files and you have no reason to muck around.

What, you just said you are going to use Mozilla? You will trust our company security to some FREEWARE when Microsoft has made security the company's first priority for the whole year??? Right here I have a resume of a Visual Basic programmer who wants to migrate our e-commerce server to IIS, SQL server and server-side VBSCript, using Microsoft passport security architecture. I think I would give him a call. Certainly PROPRIETORY SOFTWARE is better than all the FREE-WARE you installed on our network...

It needs registry for Quicklaunch and dflt browser

[BlueUnderwear]

There is one thing where Mozilla does need the registry, namely quicklaunch mode. Quicklaunch mode is quite handy if you have impatient users: this launches all lengthy startup stuff in the background as soon as you log in to your workstation. When you then click on the Mozilla icon, Mozilla is there in under a second. Here is the required registry entry (in regedit format, just put this into a .reg file, and load it using regedit -s)

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Curr entVersion\Run]
"Mozilla Quick Launch"="\"C:\\PROGRA~1\\MOZILLA.ORG\\MOZILLA\\MOZ ILLA.EXE\" -turbo"

Other registry entries might be necessary to set Mozilla as the default browser.

Other handy tips for mozilla configuration (such as locked config items, automatically generated personal config, etc) can be found at http://www.alain.knaff.lu/howto/MozillaCustomizati on/

This is used in the schools participating in the LLL project.

Some Highlights:

• Any configuration options accessible in prefs.js can be stored in a locate mozilla.cfg file (optionnally locked in such a way that it can no longer be overridden by the user):
  • Disable 'Open Unrequested Windows' (kill pop-ups),
  • Enable HTTP Pipelining,
  • Set toolbar to 'Pictures only',
  • Set Home Page to my organization's intranet site,
  • Set start page to 'Blank page',
  • Enable Middle-click for new tab,
  • Enable control+enter for new tab,
  • Default downloads to 'open a progress dialog',
  • Disable Javascript and Plugins for Mail & News
• Using mozilla's own registry (%USERPROFILE%\Application Data\Mozilla\registry.dat) set the profile directory (which contains prefs.js et al.) to be on the user's home directory (H:\). That way, you can have a personalized configuration (Mail & News) automatically created by a script. When the user first logs in, he doesn't need to set his email address, server name, etc for using Mail & News, everything is already done for him!
• Disabling of the bulky XUL.mfl file (whose sizes quickly add up if you have thousands of users): just create a directory named XUL.mfl, and Mozilla will be unable to create that file, and it will still work correctly!
• Automatical loading of the needed registry entries as soon as user logs in, using a netlogon script

At LLL, we deploy our machines using Udpcast, which might not be appropriate in your case (all your machines are different), but as other posters have pointed out, most of the client-side installation options can also be handled by a Zipfile plus a small install script to put stuff into the correct place.