Configuring Mozilla Thunderbird in a corporate Windows environment
We will follow the principle: The less you need to configure the user, the less likely that he will break something. I think the user will cope with entering his password.
It is necessary to configure:
- The configuration file for connecting to the server.
- Directory of contacts from LDAP.
- The signature of the employee in the letter in accordance with corporate standards.
We have at the moment:
- Thunderbird installed email client on workstations using Group Policy.
- Mail on biz.mail.ru (maybe another one)
- Users in AD with a login of the form i.ivanov@domain.cn
Installing Thunderbird Using GPO
We will not download .msi files from third-party developers, I do not trust repackaged programs, especially since Thunderbird can be installed silently from the command line. We will take advantage of this advantage, and in order not to reinstall it every time the system boots, we will check the keys in the registry.
Download Thunderbird from the site and drop it into the ball (the rights must be read by all PCs in the domain)
The script itself
set VERSION=52.7.0
set SHARE="ПАПКА"
if %PROCESSOR_ARCHITECTURE% == x86 (
set REGISTRY_KEY_NAME="HKLM\SOFTWARE\Mozilla\Mozilla Thunderbird"
) else (
set REGISTRY_KEY_NAME="HKLM\SOFTWARE\Wow6432Node\Mozilla\Mozilla Thunderbird"
)
reg query %REGISTRY_KEY_NAME% /v CurrentVersion | find "%VERSION% (ru)"
if ERRORLEVEL 1 "\\%SHARE%\Thunderbird Setup %VERSION%.exe" -msIt is necessary to change the first variables. Version and folder.
The version corresponds to the file name; at the time of writing, the current version is 52.7.0.
Thunderbird Setup 52.7.0.exe File Name
We save it in the same folder, call InstallMozillaThunderbird.bat and add it to the GPO to start the script at system startup.
PS You can install Mozilla Firefox in the same way.
We configure Thunderbird at startup.
At the first start, Thunderbird generates a folder of the type 123.default in the% appdata% \ Thunderbird \ Profiles \ folder, and creates a link to this folder in the% appdata% \ Thunderbird \ profiles.ini file.
Therefore, we will create these settings earlier when the user logs in.
We go into group policies and create a policy.
User configuration => Settings => Windows configuration => INI files.
Create 5 keys
| The path to the file | Section name | Property name | Property value |
|---|---|---|---|
| % AppData% \ Thunderbird \ profiles.ini | Profile0 | Default | 1 |
| % AppData% \ Thunderbird \ profiles.ini | Profile0 | IsRelative | 1 |
| % AppData% \ Thunderbird \ profiles.ini | Profile0 | Name | % username% |
| % AppData% \ Thunderbird \ profiles.ini | Profile0 | Path | Profiles /% username% .default |
| % AppData% \ Thunderbird \ profiles.ini | General | StartWithLastProfile | 1 |
The profiles.ini file is configured, it remains to create the Profiles /% username% .default folder and fill it with configuration files.
The prefs.js file is responsible for configuring Thunderbird.
We will generate it with our data for access to IMAP, as well as to LDAP through KerberOS.
I started by writing PowerShell which we insert into the GPO when a user logs in. It is important for us to run it as a user who has logged in.
User Configuration => Policies => Windows Configuration => Scripts (login / logout) => Login => PowerShell Scripts
start.ps1
$profiledir = "$env:APPDATA\Thunderbird\Profiles\$env:UserName.default"
md $profiledir #Создаем папку для профиля.
powershell "\\domain.cn\NETLOGON\soft\new_prefs.ps1" #тут мы генерируем файлnew_prefs.ps1
#Ищем полное имя пользователя (Фамилия Имя Отчество)
$UserName = $env:username
$Filter = "(&(objectCategory=User)(samAccountName=$UserName))"
$Searcher = New-Object System.DirectoryServices.DirectorySearcher
$Searcher.Filter = $Filter
$ADUserPath = $Searcher.FindOne()
$ADUser = $ADUserPath.GetDirectoryEntry()
$ADDisplayName = $ADUser.DisplayName
############################################################################################################################
$domain="mail.ru" #Почтовый домен
$imap="imap.mail.ru" #imap сервер
$dc="dc1.domain.cn" #Контролер домена
$bdn="CN=Users,DC=domain,DC=cn" #Base DN
$file="$env:appdata\Thunderbird\Profiles\$env:username.default\prefs.js"
echo '#######################' | out-file $file -encoding UTF8
echo 'user_pref("ldap_2.autoComplete.directoryServer", "ldap_2.servers.company");' | out-file $file -encoding UTF8 -Append
echo 'user_pref("ldap_2.autoComplete.useDirectory", true);' | out-file $file -encoding UTF8 -Append
echo 'user_pref("ldap_2.servers.company.auth.dn", "");' | out-file $file -encoding UTF8 -Append
echo 'user_pref("ldap_2.servers.company.auth.saslmech", "GSSAPI");' | out-file $file -encoding UTF8 -Append
echo 'user_pref("ldap_2.servers.company.description", "company");' | out-file $file -encoding UTF8 -Append
echo 'user_pref("ldap_2.servers.company.filename", "ldap.mab");' | out-file $file -encoding UTF8 -Append
echo 'user_pref("ldap_2.servers.company.maxHits", 100);' | out-file $file -encoding UTF8 -Append
$id1 = echo 'user_pref("ldap_2.servers.company.uri", "ldap://'
$id2 = echo $dc/$bdn'??sub?(objectclass=*)");'
echo $id1$id2 | out-file $file -encoding UTF8 -Append
echo 'user_pref("mail.ab_remote_content.migrated", 1);' | out-file $file -encoding UTF8 -Append
echo 'user_pref("mail.account.account1.identities", "id1");' | out-file $file -encoding UTF8 -Append
echo 'user_pref("mail.account.account1.server", "server1");' | out-file $file -encoding UTF8 -Append
echo 'user_pref("mail.account.account2.server", "server2");' | out-file $file -encoding UTF8 -Append
echo 'user_pref("mail.account.lastKey", 2);' | out-file $file -encoding UTF8 -Append
echo 'user_pref("mail.accountmanager.accounts", "account1,account2");' | out-file $file -encoding UTF8 -Append
echo 'user_pref("mail.accountmanager.defaultaccount", "account1");' | out-file $file -encoding UTF8 -Append
echo 'user_pref("mail.accountmanager.localfoldersserver", "server2");' | out-file $file -encoding UTF8 -Append
echo 'user_pref("mail.append_preconfig_smtpservers.version", 2);' | out-file $file -encoding UTF8 -Append
echo 'user_pref("mail.attachment.store.version", 1);' | out-file $file -encoding UTF8 -Append
echo 'user_pref("mail.default_charsets.migrated", 1);' | out-file $file -encoding UTF8 -Append
echo 'user_pref("mail.folder.views.version", 1);' | out-file $file -encoding UTF8 -Append
echo 'user_pref("mail.font.windows.version", 2);' | out-file $file -encoding UTF8 -Append
$id1 = echo 'user_pref("mail.identity.id1.draft_folder", "imap://'
$id2 = echo $env:username%40$domain@$imap/Drafts'");'
echo $id1$id2 | out-file $file -encoding UTF8 -Append
echo 'user_pref("mail.identity.id1.attach_signature", true);' | out-file $file -encoding UTF8 -Append
echo 'user_pref("mail.identity.id1.drafts_folder_picker_mode", "0");' | out-file $file -encoding UTF8 -Append
$id1 = echo 'user_pref("mail.identity.id1.fcc_folder", "imap://'
$id2 = echo $env:username%40$domain@$imap/Sent'");'
echo $id1$id2 | out-file $file -encoding UTF8 -Append
echo 'user_pref("mail.identity.id1.fcc_folder_picker_mode", "0");' | out-file $file -encoding UTF8 -Append
$id1 = echo 'user_pref("mail.identity.id1.fullName", "'
$id2 = echo $ADDisplayName'");'
echo $id1$id2 | out-file $file -encoding UTF8 -Append
echo 'user_pref("mail.identity.id1.htmlSigFormat", true);' | out-file $file -encoding UTF8 -Append
echo 'user_pref("mail.identity.id1.reply_on_top", 1);' | out-file $file -encoding UTF8 -Append
$id1 = echo 'user_pref("mail.identity.id1.sig_file", "C:\\Users\\'
$id2 = echo $env:username\\AppData\\Roaming\\Thunderbird\\Profiles\\$env:username.default\\signature.htm'");'
echo $id1$id2 | out-file $file -encoding UTF8 -Append
echo 'user_pref("mail.identity.id1.sig_file-rel", "[ProfD]signature.htm");' | out-file $file -encoding UTF8 -Append
echo 'user_pref("mail.identity.id1.sign_mail", false);' | out-file $file -encoding UTF8 -Append
echo 'user_pref("mail.identity.id1.smtpServer", "smtp1");' | out-file $file -encoding UTF8 -Append
$id1 = echo 'user_pref("mail.identity.id1.stationery_folder", "imap://'
$id2 = echo $env:username%40$domain@$imap/Templates'");'
echo $id1$id2 | out-file $file -encoding UTF8 -Append
echo 'user_pref("mail.identity.id1.tmpl_folder_picker_mode", "0");' | out-file $file -encoding UTF8 -Append
$id1 = echo 'user_pref("mail.identity.id1.useremail", "'
$id2 = echo $env:username@$domain'");'
echo $id1$id2 | out-file $file -encoding UTF8 -Append
echo 'user_pref("mail.identity.id1.valid", true);' | out-file $file -encoding UTF8 -Append
echo 'user_pref("mail.openMessageBehavior.version", 1);' | out-file $file -encoding UTF8 -Append
echo 'user_pref("mail.rights.version", 1);' | out-file $file -encoding UTF8 -Append
$id1 = echo 'user_pref("mail.root.imap", "C:\\Users\\'
$id2 = echo $env:username\\AppData\\Roaming\\Thunderbird\\Profiles\\$env:username.default\\ImapMail'");'
echo $id1$id2 | out-file $file -encoding UTF8 -Append
echo 'user_pref("mail.root.imap-rel", "[ProfD]ImapMail");' | out-file $file -encoding UTF8 -Append
$id1 = echo 'user_pref("mail.root.none", "C:\\Users\\'
$id2 = echo $env:username\\AppData\\Roaming\\Thunderbird\\Profiles\\$env:username.default\\Mail'");'
echo $id1$id2 | out-file $file -encoding UTF8 -Append
echo 'user_pref("mail.root.none-rel", "[ProfD]Mail");' | out-file $file -encoding UTF8 -Append
echo 'user_pref("mail.server.server1.cacheCapa.acl", false);' | out-file $file -encoding UTF8 -Append
echo 'user_pref("mail.server.server1.cacheCapa.quota", false);' | out-file $file -encoding UTF8 -Append
echo 'user_pref("mail.server.server1.canChangeStoreType", true);' | out-file $file -encoding UTF8 -Append
echo 'user_pref("mail.server.server1.check_new_mail", true);' | out-file $file -encoding UTF8 -Append
$id1 = echo 'user_pref("mail.server.server1.directory", "C:\\Users\\'
$id2 = echo $env:username\\AppData\\Roaming\\Thunderbird\\Profiles\\$env:username.default\\ImapMail\\$imap'");'
echo $id1$id2 | out-file $file -encoding UTF8 -Append
$id1 = echo 'user_pref("mail.server.server1.directory-rel", "[ProfD]ImapMail/'
$id2 = echo $imap'");'
echo $id1$id2 | out-file $file -encoding UTF8 -Append
$id1 = echo 'user_pref("mail.server.server1.hostname", "'
$id2 = echo $imap'");'
echo $id1$id2 | out-file $file -encoding UTF8 -Append
echo 'user_pref("mail.server.server1.login_at_startup", true);' | out-file $file -encoding UTF8 -Append
echo 'user_pref("mail.server.server1.max_cached_connections", 5);' | out-file $file -encoding UTF8 -Append
$id1 = echo 'user_pref("mail.server.server1.name", "'
$id2 = echo $env:username@$domain'");'
echo $id1$id2 | out-file $file -encoding UTF8 -Append
echo 'user_pref("mail.server.server1.port", 993);' | out-file $file -encoding UTF8 -Append
echo 'user_pref("mail.server.server1.socketType", 3);' | out-file $file -encoding UTF8 -Append
$id1 = echo 'user_pref("mail.server.server1.spamActionTargetAccount", "imap://'
$id2 = echo $env:username%40$domain@$imap'");'
echo $id1$id2 | out-file $file -encoding UTF8 -Append
echo 'user_pref("mail.server.server1.storeContractID", "@mozilla.org/msgstore/berkeleystore;1");' | out-file $file -encoding UTF8 -Append
echo 'user_pref("mail.server.server1.type", "imap");' | out-file $file -encoding UTF8 -Append
$id1 = echo 'user_pref("mail.server.server1.userName", "'
$id2 = echo $env:username@$domain'");'
echo $id1$id2 | out-file $file -encoding UTF8 -Append
$id1 = echo 'user_pref("mail.server.server2.directory", "C:\\Users\\'
$id2 = echo $env:username\\AppData\\Roaming\\Thunderbird\\Profiles\\$env:username.default\\Mail\\Local Folders'");'
echo $id1$id2 | out-file $file -encoding UTF8 -Append
echo 'user_pref("mail.server.server2.directory-rel", "[ProfD]Mail/Local Folders");' | out-file $file -encoding UTF8 -Append
echo 'user_pref("mail.server.server2.hostname", "Local Folders");' | out-file $file -encoding UTF8 -Append
echo 'user_pref("mail.server.server2.name", "Локальные папки");' | out-file $file -encoding UTF8 -Append
echo 'user_pref("mail.server.server2.storeContractID", "@mozilla.org/msgstore/berkeleystore;1");' | out-file $file -encoding UTF8 -Append
echo 'user_pref("mail.server.server2.type", "none");' | out-file $file -encoding UTF8 -Append
echo 'user_pref("mail.server.server2.userName", "nobody");' | out-file $file -encoding UTF8 -Append
echo 'user_pref("mail.smtpserver.smtp1.authMethod", 3);' | out-file $file -encoding UTF8 -Append
echo 'user_pref("mail.smtpserver.smtp1.description", "mail.ru");' | out-file $file -encoding UTF8 -Append
echo 'user_pref("mail.smtpserver.smtp1.hostname", "smtp.mail.ru");' | out-file $file -encoding UTF8 -Append
echo 'user_pref("mail.smtpserver.smtp1.port", 465);' | out-file $file -encoding UTF8 -Append
echo 'user_pref("mail.smtpserver.smtp1.try_ssl", 3);' | out-file $file -encoding UTF8 -Append
$id1 = echo 'user_pref("mail.smtpserver.smtp1.username", "'
$id2 = echo $env:username@$domain'");'
echo $id1$id2 | out-file $file -encoding UTF8 -Append
echo 'user_pref("mail.smtpservers", "smtp1");' | out-file $file -encoding UTF8 -Append
echo 'user_pref("mail.spam.version", 1);' | out-file $file -encoding UTF8 -Append
echo 'user_pref("mail.taskbar.lastgroupid", "8216C80C92C4E828");' | out-file $file -encoding UTF8 -Append
echo 'user_pref("mail.ui-rdf.version", 15);' | out-file $file -encoding UTF8 -Append
echo 'user_pref("mail.winsearch.firstRunDone", true);' | out-file $file -encoding UTF8 -AppendNow, when you start Thunderbird, only the mail password will be requested.
The script definitely works with imap server imap.mail.ru. I have not tried it with others, it may be necessary to finish it.
You may have noticed during the generation of prefs.js that we indicated that the signature should be taken from the signature.htm file which is located in the same folder as prefs.js. We will now make a signature.
Configure email signature.
To create a beautiful signature, we need some kind of service where you can generate a signature and based on it we will make a signature for our users.
I used the mailsig (dot) ru service (not advertising).
You can also make a signature on the same HTML, but I was too lazy.
The output is a code
Add another line to start.ps1
powershell "\\domain.cn\NETLOGON\soft\signature.ps1" #тут мы генерируем подписьOf course, it would be possible to immediately place everything in one file, unfortunately I like when everything lies in its place. And it’s easier to understand when the file is called the same as the file that it creates.
signature.ps1
#Находим данные о пользователи из AD
$UserName = $env:username
$Filter = "(&(objectCategory=User)(samAccountName=$UserName))"
$Searcher = New-Object System.DirectoryServices.DirectorySearcher
$Searcher.Filter = $Filter
$ADUserPath = $Searcher.FindOne()
$ADUser = $ADUserPath.GetDirectoryEntry()
$ADDisplayName = $ADUser.DisplayName
$ADEmailAddress = $ADUser.mail
$ADInfo = $ADUser.otherMailbox
$ADTitle = $ADUser.title
$ADTelePhoneNumber = $ADUser.TelephoneNumber
$ADipPhone = $ADUser.ipPhone
$ADOffice = $ADUser.physicalDeliveryOfficeName #Номер Офиса
$ADСompany = $ADUser.company
$ADOffice = $ADUser.physicalDeliveryOfficeName
############################################################################################################
$Site="http://mail.ru"
$Logo="http://mail.ru/logo.png" #85*85px
$Banner="http://mail.ru/banner.png" #440*58px !Можно написать скрипт на сайте который будет рандомно выдавать картинку с предложениями (мини рекламная компания)
$BannerSite="http://mail.ru/" #Адрес куда будет вести баннер под подписью.
$Tel="84951234567"
$Fax="84951234567"
$Address="г. Москва, Красная площадь д. 3"
$signature = "$env:appdata\Thunderbird\Profiles\$env:username.default\signature.htm" #Место куда будем сохранять
$html = ''+$ADDisplayName+' '+$ADTitle+' 
Моб.: '+$ADTelePhoneNumber+' Email: '+$ADEmailAddress+' '+$ADСompany+' Офис: '+$Tel+' / Факс: '+$Fax+' '+$Address+' офис '+$ADOffice+' '+$Site+'
Информация в этом сообщении предназначена исключительно для конкретных лиц, которым она адресована. В сообщении может содержаться конфиденциальная информация, которая не может быть раскрыта или использована кем-либо, кроме адресатов. Если вы не адресат этого сообщения, то использование, переадресация, копирование или распространение содержания сообщения или его части незаконно и запрещено. Если Вы получили это сообщение ошибочно, пожалуйста, незамедлительно сообщите отправителю об этом и удалите со всем содержимым само сообщение и любые возможные его копии и приложения.
The information contained in this communication is intended solely for the use of the individual or entity to whom it is addressed and others authorized to receive it. It may contain confidential or legally privileged information. The contents may not be disclosed or used by anyone other than the addressee. If you are not the intended recipient(s), any use, disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it is prohibited and may be unlawful. If you have received this communication in error please notify us immediately by responding to this email and then delete the e-mail and all attachments and any copies thereof.'
echo $html | out-file $signature -encoding UTF8We should get 3 files.
start.ps1 - We start it when a user logs in.
new_prefs.ps1 - Creates prefs.js in the Thunderbird folder.
signature.ps1 - Creates a signature in the mail.
Depending on the PowerShell security settings, scripts may not run. If you see an error that the script does not have a digital signature, please read this manual to solve the problem.