Well, I was going to post this as a comment over on Robert Accettura’s Fun With Wordage blog. It’s really long. So now it’s here, with a link :-) (Since I remembered my password to this blog and have a bit of time…I suppose I’ll have to post some more now, it’s been a while!)
Read this post first as this is a reply (originally written as a comment on his site, addressed to Robert directly, and moved directly here due to length):
Interesting post, given that I spent a decent chunk of time investigating similar solutions for the church where I’m the Network and Systems Manager! I found some good info, not relating to updates necessarily, but on MSI installs in particular since I want to deploy with Active Directory.
It took me some Googling, but I ended up at a really useful page called Firefox:2.0 Institutional Deployment. I tried implementing nearly all of the MSI-related options on this page today to some extent. The documentation of details (an FAQ) for each solution is pretty sparse in general so I had to test to see it in action.
The most fully developed solution for deployment seems to come from Front Motion, with their two releases, Mozilla Firefox MSI, which is an AD-deployable MSI of the straight Firefox install (just a repackage), although it has some really nice features, such as (pulled from their site):
* It’s both deployable and upgradeable through AD
* Desktop Icon and Shell integration similar to IE (icon on desktop you can right-click to edit options/safe mode/profiles etc.)
* Set Default browser as an option (INSTALLLEVEL=1000)
* Macromedia Flash plug-in preinstalled
* Detect and upgrades non-MSI installs. (This is really big if you’ve got a big unmanaged base of Firefox installs to deal with!)
* Can upgrade some 3rd-party Firefox MSI repackages, too
* Able to properly perform uninstalls and restores system associations (yay!)
This is pretty sweet, and you can use this MSI and control it after it’s deployed using some of other tools from the first link above (I tried FirefoxADM and WetDog and found plusses and minuses to both although both work very similarly).
FrontMotion also has a more customized version called FrontMotion Firefox Community Edition. It installs as above, with a renamed desktop icon (“FrontMotion Firefox”) that you can “fix” using Microsoft’s Orca (from the Platform SDK for Win Server 2003, and you can download the Web Setup of the Platform SDK if you want to select just the Windows Installer SDK and not download everything and the kitchen sink) MSI tool to create a transform (.mst) or a transformed .msi file with your customized names :-)
The coolest part about FrontMotion Firefox CE is that they’ve modified it to take direction right out of the Windows registry, which you can of course modify and make mandantory using the provided .adm Active Directory Administrative Templates! You can use Per Computer Configuration and Per User Configuration options if you import the firefox.adm that they provide into a Group Policy object; Computer config options lock down the settings and User config options modify the settings but allow the user to change them. This is really cool but there could be more settings for full customization. Well, there are, in mozilla.adm, which imports just into the Per Computer Customization Administrative Templates, and gives you the full range of Firefox preferences to configure; this is however computer-wide and locked down. I would like to see these extended options made at available at the user level, and would like the option to lock some of them down per-user rather than per-computer as we have multi-use computers that I would like to specify restrictions on by username.
The other two options (FirefoxADM and WetDog) provide more customzations in a more user-friendly interface (but not as many as the mozilla.adm, which is less user-friendly but more complete, although you can manually extend the former to add any preferences you wish if you edit the .adm files) within Group Policy (the additional piece being the script/.exe file to run on Startup/Logon via GP to translate the registry settings to Firefox), but they have the same lockdown vs. default for computer vs. user characteristics as FrontMotion CE.
Anyway, I haven’t decided which of these to go with, or if I should wait for an official MSI build, or what. It was definitely a learning experience for sure! Just the ability to deploy Firefox (whether FrontMotion CE or just their repackaged MSI) from Active Directory is a huge step in the right direction but it’s still pretty geeky and technical to do any forced customization.
This doesn’t have anything to do with MSI from what I can tell, and it’s complex enough I don’t want to get near it with a 10-foot pole :-) And there are some other non-MSI options out there as well it looks like.
Interestingly, I looked at the blog from the guy who made FirefoxADM, and it looks like he has another tool called Group Policy Extension for Firefox 1.x that I need to check out! He also has a thought-provoking article called Firefox: Not fit for Enterprise? that’s right on track with your post but has some huge cautions, especially as it relates to change-tracking and third-party versions such as the above MSIs. Good thought-fodder…and good timing on my part checking back in on your blog after a while! :-)
While looking up references for this comment, I also found a cool MSI Tips site you might want to check out :-)
UPDATE: I found an interesting extension, the Firefox Client Customization Kit (CCK), which looks promising if not directly MSI-related. I’ll have to check this out!