PolicyPak Browser Router and PolicyPak File Associations Manager will generally still work as expected.
However, since the Feb24/March24 Monthly windows patches KB5035845, Edge appears to “take over and won’t let go” of:
Therefore…
What will work:
What won’t work:
Note: You will also get the same experience if you attempt to use PolicyPak File Associations Manager to change HTTP or HTTPS, even if you’re not using PolicyPak Browser Router (https://kb.policypak.com/kb/article/418-can-i-use-policypak-browser-router-and-or-policypak-file-associations-manager-to-set-the-default-browser/).
Troubleshooting:
Here’s an example log output:
The ppSwitched_onLogon log file shows “Default Browser: MicrosoftEdge.EXE
Agent Display Name: 'Managed by your organization (Browser Name)
Use actual default browser icon: true
Later in that file it shows an error:
Updating system settings and registry entries
{
Loaded browser router policies state for user
'sxr'. Active: true
Loaded browser router policies state for any user.
Active: true
Updating 'Browser Router' browser settings
{
Going to apply user side settings.
Going to save default browser selected by
user.
Default browser selected by user:
'MSEdgeHTM'
Default browser selected by user:
'MSEdgeHTM'
Changing program associations
{
Error: Couldn't write
association for 'http'. ProgId: 'PPBRNURL', Error code: 5
Error: Couldn't write
association for 'https'. ProgId: 'PPBRNURL', Error code:
5
} // End of Changing program associations,
elapsed time: 00:00:00.078
However, there is a workaround for both scenarios if your computers are DOMAIN JOINED.
You can Revert to Legacy methods which have some detractors. Read the Explain/Help text for each of these two policy settings to decide if you want to revert back one or both products to Legacy method.
Warning: The LEGACY methods will NOT work if your endpoints are ONLY using PolicyPak Cloud or ONLY using an MDM service like Intune. Legacy mode only works when the machine is DOMAIN JOINED.
Note: After setting these settings and the policy refresh occurs to get these policies, endpoints may still need two logoffs and/or reboots for this to kick in.
Update 4/8/2024:
It was identified that UCPD.sys driver is causing the issue with default file association for .PDF and protocol association for HTTP/HTTPS.
UCPD.sys affects the following registry paths responsible for the associations to file extensions and protocols:
To fix the issue, you need to perform two steps:
Create a Powershell script which will disable the UCPD.sys driver via registry.
New-ItemProperty -Path
“HKLM:\SYSTEM\CurrentControlSet\Services\UCPD” -Name
“Start” -Value 4 -PropertyType DWORD -Force
#This script is setting value 4 to UCPD service to be disabled.
Unregister-ScheduledTask -TaskName "UCPD velocity"
#This part will unregister the scheduled task to check and re-deploy
UCPD service at startup.
For your convenience, we will attach this script here.
Deploy the script via PolicyPak Scripts Manager using the hints from the screenshot below
You may also use Microsoft fsLogix if already installed on servers or workstations. You may use the following redirect rules which should overcome the concern.
Note: not to use both Workaround 1 and 2 at the same time.
