You are using an unsupported browser. Please update your browser to the latest version on or before July 31, 2020.
close

01: Why is Browser Router not showing up as the OS Default Browser since Feb24/March24 Monthly windows patches KB5035845?

PolicyPak Browser Router and PolicyPak File Associations Manager will generally still work as expected. 

However, since the Feb24/March24 Monthly windows patches KB5035845, Edge appears to “take over and won’t let go” of:

  • File Association PDF.
  • Protocol: HTTP.
  • Protocol: HTTPS.

Therefore…

What will work:

  • Browser to Browser Routing
  • File Associations for everything except PDF.

What won’t work:

  • Browser Router won’t be registered as “PolicyPak Browser Router Agent” within the OS. You’ll see Edge. 
  • Browser Router “Default Policy” type is not honored as expected and anything set to “Default Browser” will be passed onward to Edge (instead of what you might have set it to, say, Firefox, Chrome, etc.) Tip: Use this article to understand “PolicyPak Browser Router Default Policy” type https://kb.policypak.com/kb/article/120-what-is-meant-by-default-browser-within-policypak-browser-router/
  • Delivering File Associations specifically for PDF for PolicyPak File Associations Manager

Note: You will also get the same experience if you attempt to use PolicyPak File Associations Manager to change HTTP or HTTPS, even if you’re not using PolicyPak Browser Router (https://kb.policypak.com/kb/article/418-can-i-use-policypak-browser-router-and-or-policypak-file-associations-manager-to-set-the-default-browser/).

Troubleshooting:

Here’s an example log output:

The ppSwitched_onLogon log file shows “Default Browser: MicrosoftEdge.EXE  

                Agent Display Name: 'Managed by your organization (Browser Name) 

                Use actual default browser icon: true

Later in that file it shows an error:

Updating system settings and registry entries

{
    Loaded browser router policies state for user 'sxr'. Active: true
    Loaded browser router policies state for any user. Active: true
    Updating 'Browser Router' browser settings
    {
      Going to apply user side settings.
      Going to save default browser selected by user.
      Default browser selected by user: 'MSEdgeHTM'
      Default browser selected by user: 'MSEdgeHTM'
      Changing program associations
      {
        Error: Couldn't write association for 'http'. ProgId: 'PPBRNURL', Error code: 5
        Error: Couldn't write association for 'https'. ProgId: 'PPBRNURL', Error code: 5
      } // End of Changing program associations, elapsed time: 00:00:00.078

However, there is a workaround for both scenarios if your computers are DOMAIN JOINED. 

You can Revert to Legacy methods which have some detractors. Read the Explain/Help text for each of these two policy settings to decide if you want to revert back one or both products to Legacy method.

Warning: The LEGACY methods will NOT work if your endpoints are ONLY using PolicyPak Cloud or ONLY using an MDM service like Intune. Legacy mode only works when the machine is DOMAIN JOINED.

Note: After setting these settings and the policy refresh occurs to get these policies, endpoints may still need two logoffs and/or reboots for this to kick in.

Update 4/8/2024:

It was identified that UCPD.sys driver is causing the issue with default file association for .PDF and protocol association for HTTP/HTTPS.

UCPD.sys affects the following registry paths responsible for the associations to file extensions and protocols:

Workaround 1 using PolicyPak Scripts & Triggers

To fix the issue, you need to perform two steps:

  1. Create a Powershell script which will disable the UCPD.sys driver via registry.

    New-ItemProperty -Path “HKLM:\SYSTEM\CurrentControlSet\Services\UCPD” -Name “Start” -Value 4 -PropertyType DWORD -Force
    #This script is setting value 4 to UCPD service to be disabled.

    Unregister-ScheduledTask -TaskName "UCPD velocity"
    #This part will unregister the scheduled task to check and re-deploy UCPD service at startup.

    For your convenience, we will attach this script here.

            
             
  2. Deploy the script via PolicyPak Scripts Manager using the hints from the screenshot below

Workaround 2 using fsLogix (Microsoft Tools)

You may also use Microsoft fsLogix if already installed on servers or workstations. You may use the following redirect rules which should overcome the concern.

Note: not to use both Workaround 1 and 2 at the same time.

  • 1326
  • 08-Apr-2024
  • 571 Views