14

Firefox adoption in the home/personal user base seems to be growing fine, but adoption in the enterprise is not going anywhere quickly.

My view on this is because SysAdmins are not promoting it within the organisations because Internet Explorer has features which make it more acceptable to an enterprise, such as

  • Managing settings via GPO
  • Integration into the rest of the update stack
  • Support of common business applications

So what would you add to Firefox to get it more promotion by SysAdmins in the enterprise?

HopelessN00b
  • 54,273
Robert MacLean
  • 2,186

15 Answers15

30

If it came in MSI format for easy installation to Windows workstations, and could be managed by GPO and Apple Open Directory then it would be perfect. It would also need to work well with things like Sharepoint, but I suspect that's an issue for the people designing sites in Sharepoint rather than Mozilla.

I know there's currently a fork of firefox that is designed to work with GPOs, but I'm talking about having it work with the "standard" product out of the box, and being able to control and lock down and any all preferences.

As neobyte says, patch management is also an issue. Firefox's current method doesn't scale for business imho.

EDIT: Extension management - this needs to be controllable by the enterprise too, there needs to be a way to roll out and "lock" into place a standard set of extensions, regardless of whether or not you want users to be able to add their own, possibly to nominate a trusted location of your own where you publish "approved" extensions, that kind of thing.

NTLM auth - looks like there's a hack to add this to the browser anyway if you look around the web but this needs to be obviously better exposed.

jldugger
  • 14,602
Rob Moir
  • 32,154
13

It's annoying that I'm registered by can't comment until I reach a reputation of 50. Why do i need that to comment?

Anyways, to p858snake: Firefox ADM is not real GPO management, it's cheating. It's cheating by:

  1. Inject some reg keys into registry
  2. Use a .vbs as logon script to read these registries, then modify prefs.js file accordingly

As a result,

  1. You are adding one more logon script. Logon scripts are bad and need to be kept to minumum.

  2. There is no enforcing effect on what the vbs does. User can change the settings manually by going to about:config.

About how to help Firefox make it into enterprise:

  • GPO GPO GPO
  • Centralized update infrastructure

That's it!

bulaohu
  • 131
10

They need to get a group of developers at Mozilla who care about anything other than folks at home.

Let's think about the deficiencies of Firefox:

  • No good, documented way to mirror the Firefox update repository and have clients pull down updates locally when approved.
  • No good, documented way to mirror the Firefox add-on update repository and have clients pull down updates locally when approved.
  • No standard way of applying extensions.
  • No standard way of installing the application via systems management tools on platforms other than Linux. (And with Linux you're limited to whatever your distro packages)
  • A settings mechanism that's is about as manageable as Windows 95 was back in the bad old days.
  • A downright hostile attitude towards people who want to do something about these issues.

You'll see good alternatives as Safari and Chrome mature. Forget about Firefox.

duffbeer703
  • 22,305
10

You'd have to break a feature in FF to get this working but,

  • Pass through authentication of the Windows user credentials.

We have a number of web apps that use authentication and making users logon everytime in FF would just be painful.

Mike
  • 101
6

A way to remotely force upgrades. WSUS controls IE upgrades, there's no equivalent for Firefox, you just can't rely on users to keep on top of updates.

Adam Gibbins
  • 7,607
3

We've seen users sneak Firefox onto their machines, even though they are not local admins. As it doesn't "install" you just need the expanded distribution on a network share and just run firefox.exe direct over the network. They found this out themselves when they discovered that IE6 (our SOE browser) is incompatible with a growing number of apps. So it can sneak in the backdoor!

A big reason for not using Firefox is the lack of official ActiveX support. We have a number of these around the business.

PowerApp101
  • 2,634
3

Managing settings via GPO can already be done by a third party package called Firefox ADM.

p858snake
  • 449
3

These features are missing:

Manageable by group policy, especially proxy settings.

No ActiveX support, some our applications we use require this.

OWA Premium (Although this should change with next version of OWA).

A way to centrally manage Firefox Add-ons and Updates.

People here complained after upgrading from IE6 to IE7.
It's hard to force everyone to use something else.

Jindrich
  • 5,019
2

This is only my enviroment and probably does not apply to many other people, but we run in a Terminal Services enviroment. My main reason for not deploying Firefox is because of memory usage. Even in Firefox 3 we still see massive (2GB plus) Firefox browsers running. Where as IE runs in much less RAM (500-800 MB) for the same people.

Matt
  • 433
2

Firefox can be widely deployed and managed in the enterprise, given enough resources - IBM deployed and managed baseline configuration defaults through their internal workstation management tool. I know people at "enterprisey" organizations that do this with Firefox as well because the benefits over IE outweigh the negatives.

However, the biggest barrier I've heard/seen with Firefox is that many internal web applications are simply IE only. ActiveX aside, the cost of updating the web app's content (or getting the vendor to) is too high. I'm talking about HTML/CSS/JavaScript presentation stuff that can be browser dependent, and of course the ActiveX, MS-specific development tools, whatever else makes sites 'IE only'.

Also mentioned was user education. People get used to a specific software application, be it IE, MS Word or Windows itself, and they dont want to change. Or training them to use something else is too costly. It doesn't matter if we technical people can switch between applications on a whim. It doesn't even matter if the new application is pixel-for-pixel the same program, some users see a different icon and their entire world explodes.

jtimberman
  • 7,665
1

The reasons I don't push Firefox in the enterprise are:

  • Why add an additional browser to the software you manage?
  • IE can be managed through Group Policy with the rest of the OS.
  • IE is patch managed along with the OS.

I use Firefox personally, but would prefer not to deploy it across a fleet. It doesn't add enough to justify the configuration and update management.

Neobyte
  • 3,169
1

Management issues aside, I think the vast majority of non-technical users are simply just resistant to change. I've tried deploying Thunderbird and Firefox at one company, but a good proportion of the staff just couldn't get their head around the differences between Thunderbird and Outlook (no Exchange involved, just an IMAP server).

The company wasn't in a position to run training on Thunderbird (other than doing it myself there wasn't really anyone to get to do it), so the project got part implemented, with the can-do staff using one Terminal Server with Fx and Thunderbird, and the rest using another TS with Outlook and IE.

Daniel Lawson
  • 5,546
1

A couple of years ago I would have deployed FireFox were it centrally manageable, but I am now past that. We are on IE7 now, soon to go to IE8, and the security is now acceptable. Since I don't want to manage two browsers, and IE isn't going away, we will stick with IE. It ain't perfect, but it does the job.

That said, to answer the question ... the features necessary to make FireFox a good candidate for enterprise adoption are in my opinion:

1- GPO control of settings
2- centralized update control
3- the ability to control add-ins and to centrally update them.
4- passing of windows credentials

I believe #1 and possibly #4 are available through third parties or add-ins.

tomjedrz
  • 5,974
0

These enterprise issues are important but I have internal apps that will run 15 - 50 times faster on a newer browser firefox or IE8. To upgrade to IE8 we have to "certify" all apps will run on IE8, this is not a small effort so we have stayed on IE6. I am trying to pitch FireFox as a second choice to allow us to move forward in our development efforts. The push back I am getting from the software admin folks are the same mentioned above. Specificly the four by tomjedrz

1- GPO control of settings

2- centralized update control

3- the ability to control add-ins and to centrally update them.

4- passing of windows credentials

I believe #1 and possibly #4 are available through third parties or add-ins

ADMXPI for Firefox helps with issue one, what helps with issue four? Is there anything that can be done about two and three? From the enterprise management stand point is it a bad idea to get FF out there as a stop gap between now and when IE8 is deployed around here?

0

It's not about the shortcomings of Firefox, it's more about the lazy (or how is it said in a politically-correct way? "efficient"? hmm?) developers, that keep writing web apps, that, you know, give you that "Optimized for use with Microsoft Internet Explorer 6.0" message for years and years. Anything for job security, hmm?

Anyway, controlling FF settings via GPO would have been nice, but I don't see how it can happen.

shylent
  • 820