PolicyPak is sunsetting one of our components, PolicyPak VPN Manager. This is notice to all customers who may be using PolicyPak VPN Manager about what they must do before the end of the year.
We’ve determined that the resources to maintain and support PolicyPak VPN manager outweigh the usefulness that customers have with the software.
If you know you are not using PolicyPak VPN manager policies you can safely ignore emails about the sunsetting of PolicyPak VPN Manager. However, you might want to double-check by performing the steps in the “How do I know if I’m using PolicyPak VPN Manager Policies?” section.
On-Prem, Cloud and MDM customers who are using PolicyPak VPN manager policies are affected.
No. This is not a security concern.
For on-prem users, you can use the PolicyPak Powershell module to look for GPOs which contain PolicyPak VPN Manager directives.
First, refer to the PolicyPak Powershell module KB. https://kb.policypak.com/kb/article/290-how-can-i-use-the-policypak-powershell-module-to-know-which-gpos-have-any-policypak-data-or-directives/
Then, as a specific set of instructions you can run these commands to see if you have any PolicyPak VPN Manager policies within any GPOs.
cd 'C:\Program Files (x86)\PolicyPak\Tools\Modules\PolicyPak\'
Import-Module .\policypak.psd1
get-ppgpos -cse "PolicyPak VPN Manager"
Note: That you will always likely at least get a positive hit in the Licensing Group Policy Object which is enabling PolicyPak VPN Manager component.
Example results can be seen here:
For PolicyPak Cloud, use the XML Data Files tab then Filter for “PolicyPak VPN Manager” XML type. If PolicyPak VPN Manager isn’t listed, you don’t have any policies of that type.
It is expected that the next shipping version of PolicyPak MMC snap in will have the PolicyPak VPN Manager node removed. However the CSE will continue to process existing PolicyPak VPN Manager directives for some time.
Then the first build after Jan 1, 2024 will have PolicyPak VPN manager CSE stop processing.
Remember that PolicyPak VPN manager will continue to process existing directives until the CSE is updated to a version where the processing part is removed, so you have some time to transition. Again the timeline is Jan 1, 2024 or soon thereafter.
In the meantime, for Microsoft Intune customers, you can use the in-Intune Always on VPN connection type: https://learn.microsoft.com/en-us/windows-server/remote/remote-access/how-to-aovpn-client-intune.
Additionally, you may transition to a different third party tool to perform Always on VPN over GPOs. You can learn about an option at this non-Netwrix PolicyPak blog: https://directaccess.richardhicks.com/2022/03/07/always-on-vpn-with-active-directory-group-policy/
If you have any other questions which are not answered here, please open a support ticket https://www.netwrix.com/sign_in.html?rf=tickets.html#/open-a-ticket