Frequently Asked Question

Cripple Edge, and Enable Firefox
Last Updated 20 hours ago

Cripple Edge, and Enable Firefox

Core Restrictive Policies for Microsoft Edge

These policies are intended to lock‑down Edge so that users cannot bypass the corporate browser choice (Firefox) or take advantage of Edge‑specific features such as the start‑up boost, sidebar search or automatic session restore.

You can enforce them either via Group Policy (gpedit.msc / GPMC) or directly in the Registry under

HKLM\SOFTWARE\Policies\Microsoft\Edge
Tip: If you manage many PCs through Active Directory, create a Group Policy Object (GPO) and link it to the appropriate OU. The GPO will automatically write the required registry values on each machine.

1. Prevent users from changing the default browser

Policy Registry name Type Recommended value What it does
DefaultBrowserSettingEnabled DefaultBrowserSettingEnabled REG_DWORD 0 Disables the “Set Microsoft Edge as default browser” option in Edge’s settings page.
DefaultBrowserSetting DefaultBrowserSetting REG_DWORD 1 Forces the system to use the policy‑managed default browser. The value 1 means “use the default set in Windows Settings”.

How to apply

  • Group Policy:
  1. Open gpedit.mscComputer Configuration → Administrative Templates → Microsoft Edge → Default browser
  2. Enable “Allow users to set Microsoft Edge as default browser” and set it to Disabled (this writes DefaultBrowserSettingEnabled = 0).
  3. Enable “Default browser setting” and choose “Policy‑managed” (writes DefaultBrowserSetting = 1).
  [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Edge]
  "DefaultBrowserSettingEnabled"=dword:00000000
  "DefaultBrowserSetting"=dword:00000001
  • Registry:

2. Block Edge’s built‑in search integration

Policy Registry name Type Value Effect
BrowserDefaultSearchProviderEnabled BrowserDefaultSearchProviderEnabled REG_DWORD 0 Removes the default search provider (Bing) from the address bar and stops Edge from sending search queries to Microsoft.

Implementation

  "BrowserDefaultSearchProviderEnabled"=dword:00000000
  • Group Policy: Computer Configuration → Administrative Templates → Microsoft Edge → Search“Allow Microsoft Edge to set a default search provider”Disabled.
  • Registry:

3. Disable the “startup boost” (pre‑launch) feature

Policy Registry name Type Value Effect
StartupBoostEnabled StartupBoostEnabled REG_DWORD 0 Stops Edge from launching a background process at Windows start‑up, which would otherwise speed up the first launch.

Implementation

  "StartupBoostEnabled"=dword:00000000
  • Group Policy: Computer Configuration → Administrative Templates → Microsoft Edge → Startup, home page and new tab page“Enable startup boost”Disabled.
  • Registry:

4. Prevent Edge from auto‑starting or restoring sessions

Policy Registry name Type Value Effect
PrelaunchOnLoginPageLoad PrelaunchOnLoginPageLoad REG_DWORD 0 Stops Edge from pre‑loading the login page when a user signs in to Windows.
RestoreOnStartup RestoreOnStartup REG_DWORD 0 Disables the “continue where you left off” behaviour; Edge will open a new tab page instead of restoring the previous session.

Implementation

  • Group Policy:
  1. Computer Configuration → Administrative Templates → Microsoft Edge → Startup, home page and new tab page“Configure pre-launch on login page load”Disabled.
  2. “Configure what happens on startup”Open the new tab page (this writes RestoreOnStartup = 0).
  "PrelaunchOnLoginPageLoad"=dword:00000000
  "RestoreOnStartup"=dword:00000000
  • Registry:

5. Extra Edge‑specific lock‑downs (useful when the above are not enough)

Policy Registry name Value Reason
SideBySideSearchEnabled SideBySideSearchEnabled 0 Removes the sidebar that can show Bing search results next to the web page.
ShowHomeButton ShowHomeButton 0 Hides the home‑button (which by default opens the Edge start page).

Add these keys under the same HKLM\SOFTWARE\Policies\Microsoft\Edge path.

6. Apply the changes

  1. Force a policy refresh on the client machine:
   gpupdate /force
  1. Log off and log back on, or restart the PC to ensure any background Edge processes are terminated.
  1. Verify the policies are active:

Open Edge and navigate to edge://policy/ – you will see a table listing every policy that Edge recognises, its source (Registry or Group Policy) and the current value.

Firefox Enforcement – Step‑by‑Step

Once Edge is locked down, the next goal is to make Firefox the default browser and keep it that way.

1. Deploy the Firefox Enterprise MSI

Action Details
Download Get the latest Firefox Enterprise MSI from Mozilla’s repository (https://www.mozilla.org/en-GB/firefox/enterprise/).
Install silently (e.g. via SCCM, Intune, or a login script): ``cmd msiexec /i "Firefox Setup Enterprise.msi" /qn /norestart``
Set as default After installation, the MSI can automatically set Firefox as the default via the /SETDEFAULT switch, or you can use the Windows Settings UI once and then lock it with the policies above.
Optional – customise Use the policies.json file (placed in C:\Program Files\Mozilla Firefox\distribution\) to enforce corporate settings (e.g. disable telemetry, enforce safe browsing).

2. Lock the default‑browser choice

Apply the Core Restrictive Policies listed earlier (DefaultBrowserSettingEnabled = 0, DefaultBrowserSetting = 1). Because the default is now set to Firefox in Windows Settings, Edge will be prevented from overriding it.

3. Block Edge‑specific UI that could tempt users

Registry value Path Value Effect
SideBySideSearchEnabled HKLM\SOFTWARE\Policies\Microsoft\Edge 0 Removes the searchable sidebar that could appear on the new‑tab page.
ShowHomeButton HKLM\SOFTWARE\Policies\Microsoft\Edge 0 Hides the home button that otherwise opens Edge’s default start page.

Add these entries the same way as the other Edge policies.

4. (Optional) Prevent Edge from being launched at all

If you want an extra safety net, you can deny execution of msedge.exe via AppLocker or Software Restriction Policies:

# AppLocker (Windows 10/11 Enterprise)
Path rule: C:\Program Files (x86)\Microsoft\Edge\msedge.exe → Deny
Path rule: C:\Program Files\Microsoft\Edge\msedge.exe → Deny
Caution: Do this only after you have confirmed Firefox works perfectly for all users, otherwise you may inadvertently block a legitimate web‑access method.

5. Test the whole chain

  1. Log on to a test workstation (not a production machine).
  2. Run edge://policy/ – verify all the Edge policies are listed and set to 0 or 1 as intended.
  3. Open Settings → Apps → Default apps – ensure Firefox is shown as the default for HTTP, HTTPS, .HTML, .HTM, etc.
  4. Attempt to change the default to Edge – the UI should be greyed out or display an error, confirming the policies are effective.
  5. Open a few URLs (e.g. http://www.bbc.co.uk) – they should launch in Firefox automatically.

Common Issues & Troubleshooting

Symptom Likely cause Fix
Edge still appears as the default in the Default apps list. DefaultBrowserSetting not set to 1 or the default was never changed to Firefox before the policy applied. First set Firefox as default manually, then re‑run gpupdate /force.
Policy values show “Not Configured” on edge://policy/. Registry keys were written to the wrong hive (e.g. HKCU instead of HKLM) or Group Policy didn’t apply. Verify the path: HKLM\SOFTWARE\Policies\Microsoft\Edge. If using GPO, run rsop.msc to see if the GPO is linked and applied.
Edge still pre‑launches at login despite StartupBoostEnabled = 0. A newer Edge version introduced a separate “BackgroundModeEnabled” policy. Add BackgroundModeEnabled = 0 under the same key.
Users can still open Edge via Start → Microsoft Edge shortcut. Shortcut is not blocked; policy only stops Edge from becoming default. Use AppLocker/Software Restriction Policies to deny execution, or remove the shortcut via a logon script.
Firefox does not stay default after a Windows update. Update resets the default‑app association. Re‑apply the GPO or run a Scheduled Task that re‑sets Firefox as default after each update (SetDefaultBrowser.exe utility from Mozilla).

Quick Reference – All Registry Entries in One Block

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Edge]
"DefaultBrowserSettingEnabled"=dword:00000000
"DefaultBrowserSetting"=dword:00000001
"BrowserDefaultSearchProviderEnabled"=dword:00000000
"StartupBoostEnabled"=dword:00000000
"PrelaunchOnLoginPageLoad"=dword:00000000
"RestoreOnStartup"=dword:00000000
"SideBySideSearchEnabled"=dword:00000000
"ShowHomeButton"=dword:00000000

Copy the above into a .reg file, double‑click on a test machine, accept the prompt, then run gpupdate /force.

Bottom line

  1. Deploy Firefox (Enterprise MSI) and set it as the system default once.
  2. Lock the default‑browser setting with DefaultBrowserSettingEnabled = 0 and DefaultBrowserSetting = 1.
  3. Apply the Edge‑restriction policies (search, startup boost, pre‑launch, restore, sidebar, home button).
  4. Force a policy refresh, verify at edge://policy/, and test the user experience.

Following these steps will give you a tightly controlled browser environment where Edge cannot be used or altered, and Firefox remains the only authorised web browser on the machine.

If you need further assistance—e.g., creating a GPO template, scripting the registry import, or integrating the settings into SCCM/Intune—feel free to get in touch. Happy configuring!

This FAQ was generated and/or edited by GAIN, GENs Artificial Intillegence Network and should not be considered 100% accurate. Always check facts and do your research, things change all the time. If you are unsure about any information provided, please raise a support ticket for clarification.
This website relies on temporary cookies to function, but no personal data is ever stored in the cookies.
OK
Powered by GEN UK CLEAN GREEN ENERGY

Loading ...