001: PolicyPak: What Does it Do?

PolicyPak is the next generation of how to manage your desktop applications. It’s not an ADM file, it’s not the Group Policy Preferences. It goes beyond that. IT’s a real management system for your desktop applications to ensure that users won’t work around your settings — even when offline.

PolicyPak: What Does it Do video transcript

Hi, this is Jeremy Moskowitz, former Group Policy MVP and Founder of PolicyPak Software. In this video, we’re going to learn what PolicyPak does.

Let’s get right to it. Imagine you’ve got applications that your users use every day, like “WinZip,” “Acrobat Reader” which is here and also “Firefox.” I’m just picking three applications that you may or may not use right now, but we’re going to start with these.

Users every day love to just mess up their settings and try to work around what you configure for them. So the idea is that even if you’ve put very important key settings in your build image or you’ve baked them in or you’re otherwise getting those settings to them, they love to work around and screw up all these possible settings.

What we’re going to do is we’re going to deliver key settings using PolicyPak and our PreConfigured PolicyPaks. We’ll go ahead and close out these three apps. I just wanted to prove that I had them on this machine, because that’s one of the key things about PolicyPak. We don’t care how the applications get there. There are a lot of great ways to get your applications out there. That’s not what PolicyPak does. PolicyPak’s job is to deliver the applications settings and lock them down.

Let’s get started with “Lock down key applications.” We’re using Group Policy and linking it over to all of our “East Sales Users.” We’re locking down these key applications. We could do this in one Group Policy Object or multiple GPOs. That’s fine.

I’ve already pre-staged this demo by taking some of our “PreConfigured PolicyPaks” and just copying those files into the place that we need to in order to make PolicyPak manage those applications. I cover how to do that in our other quick start videos.

What we’ll do now is we’ll dive down under “PolicyPak/Applications/New/Application.” Let’s go ahead and configure. Let’s start off with “WinZip 14 and 15” right here. Let’s just get right to it. For WinZip here, for “Passwords,” we’ll go ahead and check all these key important bits off. You’ll notice that the application settings inside of PolicyPak look just like the actual application itself.

We’ll also do something that, well, the old Group Policy stuff in the box can’t do. It can’t “Hide corresponding control in target application” or “Disable corresponding control in target application.” We can. So we’re going to “Hide corresponding control in target application” that guy. We’ll “Disable corresponding control in target application” this guy.

We’ll also jam this up to “11” and also “Disable corresponding control in target application” that. So we’re setting the settings and disabling it. We can also, for some key settings, “Disable whole tab in target application.” We’re going to just deliver those settings just like that. That’s it for WinZip.

Let’s go ahead and move on to our next application, which is going to be Acrobat Reader, “PolicyPak for Adobe Reader X.” In Acrobat Reader, “Adobe Reader X,” we’ll go ahead and we’ll set up some key settings here as well.

What we’re looking to do here is, for instance, on “JavaScript,” we want to make sure that we want this setting unchecked. In other words, we don’t want this nasty security bug to bite us, so we’re going to uncheck that setting and also “Disable corresponding control in target application,” literally gray it out.

We could do that for a lot of other ones as well. Actually, why not? We’re here for “Updater” since we’re here as well, we can also if we want to “Do not download or install updates automatically.” We’re going to prevent this application from updating. That’s a very common and popular PolicyPak feature that a lot of people like to do is to disable updates.

For the last application, for “PolicyPak for Mozilla Firefox,” Firefox doesn’t store its stuff in the registry. It happens to store its stuff in a very bizarre file type in a very bizarre location. But that’s OK, because PolicyPak can handle it. We’re going to make the “Home Page” “www.PolicyPak.com.” That’s great.

Then while we’re here as well, we can go to“Security.” We want to guarantee that these checkboxes are checked. So even if a user tries to go ahead and change the homepage, the very next time they rerun the application it will be guaranteed. Let’s go ahead and click “OK.”

Now that we’ve set the settings inside of Group Policy, we’ll go to our machine. All we need to do is to wait for 90 minutes, that’s the normal background Group Policy refresh. We could also type “gpupdate,” and Group Policy will refresh in the background. We could also log off or log back on or change machines.

This is important because if a user might use multiple machines – like a desktop, a laptop, terminal server or VDI – well, no matter where they roam, the settings that you set are what they’re going to get. That is the important part. It doesn’t matter if they get a new machine or you’re changing operating systems from, say, XP to Windows 7. The settings that are important enough for your machine are going to be there.

Now that that’s updated here, all we’re going to do is run each application one by one. Let’s go ahead and click on “WinZip” first. We’ll go to “Options/Configuration…” here. Go over to “Passwords.” You can see that we’ve set all those settings. Those settings are deployed, and some are locked out. We only decided to lock out some of them. Also the “Cameras” tab is neatly locked out as well.

Let’s move on to the next application, which was “Acrobat Reader.” We went to “Edit/Preferences…” here. We want to go to the “JavaScript” tab. Look at that. We unchecked it and we grayed it out. In fact, they’re all grayed out, which is super nice.

If we go to “Updater,” “Do not download or install updates automatically.” We don’t even need to gray this out, because a user can’t change it without user account control. That’s good news for us. So it will stay the state that we decided to set it, which in this case was locked out.

Let’s finish up with “Firefox” here. There we go. The default is “www.PolicyPak.com.” If they decided to do something that they shouldn’t do, like go to “Options” here and they change this to something maybe they shouldn’t, which is no problem. We’ll go to “www.google.com” here.

We could also go and set these “Security” things and uncheck them. OK, remember what we did in our PolicyPak. We deployed these very important security settings. If they try to unset them, the very next time they go into “Firefox,” it gets reset back. We go to “Firefox/Options,” and those “Security” settings are delivered again and also the “Home Page.”

That is what PolicyPak does in a nutshell. We also are able to keep these settings offline as well. If the user is disconnected from the network and they change their settings, not a problem. We are able to maintain these settings even while the user is offline.

For more information, well, since we’re looking at the PolicyPak homepage anyway, you’ll find lots of information here under “Products.” We have a little video for just about every one of our “PreConfigured PolicyPaks.”

Alsowhen you’re ready, you can also use our “PolicyPak Design Studio” application, which is here, to design your own PolicyPaks for your homegrown or in-house applications or anything else that you download. That is covered in another video, which you should find, again, right here on “www.PolicyPak.com.”

Thank you very much for understanding how PolicyPak works, and we look forward to getting you a trial of it.

Take care. Bye-bye.

  • 514
  • 26-Jun-2019