PolicyPak Cloud: Deploy GP Security settings to domain joined and non-domain joined PCs
Hi. This is Jeremy Moskowitz, former Group Policy MVP and Founder of PolicyPak Software. In this video, I’m going to show you how you can take real Group Policy security settings and deploy them over the Internet to both domain joined and non-domain joined machines using PolicyPak Cloud.
To get started, you have to have a real GPO already with some actual settings in it. By way of example, I have a setting to “Rename guest account.” I also have something here under “User Rights Assignments” to “Deny log on locally.” I think I have something also here under “Password Policy.”
Once you’ve defined what settings you want to get through the Internet, you’re then going to use the “PolicyPak” node. I’ll simply right click and select “Export this GPO’s Computer-Side Security Settings for PolicyPak Exporter and PolicyPak Cloud,” PolicyPak Cloud being the operative word. You can see what settings are not actively supported. Most settings are in fact supported. Once you click “Next” here, we’ll tell you what things are in fact discovered and “Exportable.” You’ll click “Next.”
You can filter and decide what computers specifically that these should affect. For instance, if you only want to affect certain computers on an “IP Address Range” or “Operating System” type or if they had something particularly installed, you could do that. I’m going to not to do this for now, but it’s an option if you’re so inclined. We’ll go ahead and click “Next.” Then I’m going to go right to my “Desktop” here and pick “PP SEC Directives” as the folder. I’ll call this “PPSEC-Export1.”
Now that I have this here and saved, I’m going to go over to PolicyPak Cloud. Here I am in the PolicyPak Cloud service. You can see we have some existing “XML Data Files” as examples for you to use, but I’m going to simply “Upload XML Data File.” I’ll “Browse” for the folder, pick the file, give it a name: “PolicyPak Security Settings 123” is certainly fine. I’ll click “Add” here and click “Close.”
If you go over to “Computer Groups,” you can link this XML file over to one of our “Built-in Groups.” For instance, “All” would affect all of your computers. Or you can create your own groups for either branch offices or maybe your individual customers. I’ll click “All” for now, and I’ll “Link XML Data files to Computer Group.” I’ll look for the “PolicyPak Security Settings 123” right there, click “Add” and that’s it.
Let’s go over to our target machine, which is right here. The first thing I want to show you is that he’s actually not domain joined. To prove I’m not pulling a fast one on you here, if I run “gpedit.msc,” let’s take a look at the settings before I get the directive.
If I take a look at computer side, “Windows Settings/Security Settings,” if I look at “Local Policies/Security Options,” there’s nothing that I can’t do at this point because I’m logged on as a local admin and none of those policy settings are taking effect. You can see that none of those things that I set are currently here.
But if I then go to the “PolicyPak Cloud Client,” this is going to make contact, join PolicyPak Cloud, download those XML directives and perform the work. Once this is done, like I said, it’s downloading the XML directives. You could be downloading any Group Policy directives. We support everything inside a Group Policy Object practically now. In this example, I’m doing security settings. We’ll go ahead, and you can see that now we’ve joined the group called “All.” We’ll go ahead and click “Close.”
Now let’s re-run “gpedit.msc” here. Let’s take a look. Did we get those settings? Let’s take a look. If we go over to computer side, “Windows Settings/Security Settings” and if we go to “Local Policies/Security Options,” “Rename guest account,” you can see that, that got a special icon from Group Policy and it’s now not changeable. If we take a look “User Rights Assignment,” there it is: “Deny log on locally.” We got that through PolicyPak Cloud. Lastly, if we look at “Password Policy,” it has “Enforce password history” and so on and so forth.
So pretty much every security setting that you want inside a Group Policy Object can be exported using the PolicyPak “Security Manager” export wizard. You then create an XML file, you upload it to PolicyPak Cloud, the computer joins PolicyPak Cloud and because of its membership, it will download the directive and perform the work.
If you like getting Group Policy through the Internet, we’ll get you the bits and you can get started right away.
Thanks so much for watching, and we’ll talk to you soon.