Remember that PolicyPak acts as part of the operating system and you should do SMALL SCALE testing before rolling it out broadly.
Tip: Reminder on how to upgrade SMALL SCALE to LARGE SCALE testing and upgrades for GP and MDM with RINGS: https://kb.policypak.com/kb/article/1094-using-rings-to-test-and-update-the-policypak-client-side-extension-and-how-to-stay-supported/ and now https://kb.policypak.com/kb/article/1128-how-can-i-roll-out-latest-policypak-cse-with-active-directory-in-a-controlled-manner-using-rings/
Tip: Reminder on how to upgrade SMALL SCALE to LARGE SCALE testing and upgrades for PP Cloud with GROUPs to latest CSE in PPcloud for small scale testing: https://kb.policypak.com/kb/article/791-policypak-cloud-groups-cse-updates/
7/24/2024: PolicyPak Build number 24.7.3969.1207
Removed “Self Elevation or Admin Approval on Double-Click” feature.

This feature was reported by some customers as not working when certain policies were delivered to the endpoints. As such, we’ve pulled the feature reverting back the behavior to 24.6.

Therefore this ADMX https://share.zight.com/YEuwb5Gk and this demonstration will not work on this build https://kb.policypak.com/kb/article/1342-admin-approval-vs-self-elevate-double-click-behavior-switch-by-admx/

Rollouts should be to this version 24.7.3969 and not to the previously shipped, and now unsupported 24.7.3953.

You may do an in place upgrade of any previously-supported version (say, 23.6 or 23.7.3953 to 24.7.3969.)

ONLY the CSE needs to be updated if you’re already using the 24.7 MMC snap-in / console.

Quick details are as follows:

Other known bugs (which are also in previous versions and not fixed in this release):

  • Windows 11 Right-click “PolicyPak” Context menu may be absent: Workaround is to use Show more options like what’s seen here: https://share.zight.com/nOu7ZX97
  • Windows 11 Right-Click “PolicyPak” Context menu is present, but AA dialog doesn’t accept short codes. Example: https://share.zight.com/qGubmOqr . Workaround is to use Double-click to launch AA or use Show More options.
  • Windows 11 Right-click “PolicyPak Context menu is present, but clicking Show More options doesn’t show the PolicyPak options. Workaround is to use PolicyPak Context menu.

For now, if you are on a build previous to 24.7.3953, you can use your currently installed version until our next CSE is released where we hope to have rectified the above concerns.

Said another way, you don’t need to upgrade immediately from pre-24.7 builds to 24.7.3969.

Customers who are using 24.7.3953 with the known “Process Interception” bug are encouraged to transition to this release with the feature removed.

7/10/2024: PolicyPak Build number 24.7.3953
PolicyPak Least Privilege Manager
DFS Paths now fully resolved on the client.

Now the CSE will enumerate all possible servers in PolicyPak Least Privilege Manager rules.. (update: https://kb.policypak.com/kb/article/171-how-are-drive-maps-and-unc-paths-supported-in-policypak-least-privilege-manager/)

Self Elevation or Admin Approval on Double-Click (changeable by ADMX)

Now you can change the default end-user behavior if they double-click on an application which requires elevation to trigger EITHER Admin Approval (default) or Self Elevate. Here’s the ADMX setting to make this change: https://share.zight.com/YEuwb5Gk Video demo of this feature: https://kb.policypak.com/kb/article/1342-admin-approval-vs-self-elevate-double-click-behavior-switch-by-admx/

PolicyPak Device Manager
ADMX Setting to now block Device Manager operation

In case you want to be licensed by Enterprise or Enterprise Full license, but want to turn off Device Manager by ADMX you can now use this setting. Use the details from this Video demo.

Misc PolicyPak Fixes & Updates:
  • EULA RTF Text is now replaced with a link to Netwrix EULA on Netwrix.com website
  • PolicyPak Group Policy Compliance Reporter: Now works with non-English operating system, honors Enterprise Full licenses, requires .Net 4.8 and contains misc fixes.
  • PolicyPak Network Security Manager: Fixed incorrect order of processing policies
  • PolicyPak Network Security Manager: Fix CSE occasional crash
  • PolicyPak Network Security Manager: Fixed error during message box presentation
  • PolicyPak Network Security Manager: Fixed policies set to block port 24 causing all processes
  • PolicyPak Least Privilege Manager: Fixed sparse package installation causing PolicyPak Least Privilege Manager service to crash
6/13/2024: PolicyPak Build number 24.6.3925
General & UI Updates
MMC Updates: Now see “what changed” inside a Group Policy Object + Rollback

If your policies change over time, you might be curious what changed. Or if you had a situation requiring a rollback to a particular policy or multiple policies, you would have to use backup/restore to perform a wholesale restore. Now you can view incremental changes to most PolicyPak policies and/or rollback as needed. Video demo.

Standalone Policy Editor: No GPMC? No problem.

New tool in the “Extras” folder allows those without a GPMC to create new PolicyPak Policies, and export to XML or straight to MSI. Useful for those teams which want to walk away from any attachment to GPMC and create policies on standalone machine. Some restrictions (like Item Level Targeting) still apply. Video demo.

Increase compatibility with system level software with Process Exclusions

We already have guidance about how to teach your system-level or Anti-virus software to play nicely with PolicyPak. (Here’s the link.) However, starting with this CSE, you can now go the “other direction” and teach PolicyPak how to skip over and not get entangled with specific processes. Video demo.

PolicyPak Least Privilege Manager
Create Rule from Audit Entry improvements

When using the MMC to “Create Rule from Audit Event” not every field was available. This is fixed. Old UI example here. Improved UI example here.

PolicyPak Device Manager
Email link for users to click on to request device access

Now when Device Manager kicks in, your users can request access via email.Video demo.

PolicyPak for MacOS Updates
Finder Policies now available

This policy type allows you to overcome file permissions in the Finder. The main use case is to enable a user to install a DMG or application installer file without requiring admin rights. Video demo.

Privilege Elevation Policies now available

This policy type allows you to overcome application requests for installations. For instance “helper applications” within Firefox and similar. Video demo.

PolicyPak Cloud Updates
PolicyPak Cloud Client 24.6 now available.

We sent out a special bulletin about this being available. This version has all the latest fixes and attaches your endpoints to the “go forward” backend infrastructure at PolicyPak Cloud. We recommend all new endpoints you join to PolicyPak Cloud use 24.6 and you should start updating your groups to PolicyPak Cloud Client 24.6. Reminder of how to upgrade specific groups in PolicyPak Cloud found here.

Parent Process Filter for PolicyPak Least Privilege Manager UI now available

Last iteration we shipped a new method to tie a PolicyPak Least Privilege Manager rule to a parent process. That UI is now available in PolicyPak Cloud found here.

Misc PolicyPak CSE, MMC and Tools Fixes:
  • PolicyPak Package Manager now removes Teams by ID.
  • PolicyPak Least Privilege Manager Validation fixing during parsing for Event
    6210s
  • PolicyPak Least Privilege Manager Recommends best practices in main editor
    and in Parent Process selector when Signature only is selected.
  • Copy / Paste fixed for PolicyPak Scripts editor
  • PolicyPak Printers: Fix for “Error: Cannot create shared printer.”
  • Lots of other fixes in many other areas.
PolicyPak for MacOS Updates & Fixes:
  • Fix for user being prompted twice for credentials to install the app
  • Fix for mounting in home path
  • Fix for System error when trying to open system setting with Deny policy
  • Fix for policies not applying when more than one in queue
PolicyPak Cloud Updates & Fixes
  • PolicyPak Cloud Policy Order alongside Enforce is fixed
  • Computers (Collected Events) reporting fixed
4/29/2024: PolicyPak Build number 24.4.3877

Netwrix is pleased to announce the general availability of Netwrix PolicyPak build number 24.4. With this release you will be able to benefit from the following:

MDM Method Updates
License detection improvements

This update is recommended for all customers using PolicyPak alongside an MDM provider like Intune. We’ve updated the detection method for your MDM provider; which could improve licensing detection. Again; a strong recommendation for all PolicyPak customers using MDM to immediately upgrade so that your license remains detected.

PolicyPak Least Privilege Manager
More Secure Command Line Arguments now available

While this feature may be used in a variety of uses, it was created to address a concern to help get “New Teams” installed. Please refer to this KB on how to how to use it specifically if you have Admin Approval enabled and need to upgrade to latest “New Teams” using PolicyPak Least Privilege Manager:

https://kb.policypak.com/kb/article/1306-upgrading-ms-teams-to-latest-version-displays-prompts-for-admin-approval/

General & UI Updates
Big changes for CSE “Grace Period”
The PolicyPak CSE has had (for years) a “Grace Period” when the CSE transitions from fully licensed to fully unlicensed or partially licensed.

In previous versions of the CSE the Grace Period was bound to a pop-up that users would get alongside the Grace Period. Starting with this version of the CSE, there are very broad changes to the Grace Period and user-based pop-up. Please get familiar with the update to this CSE and onward: https://kb.policypak.com/kb/article/1250-how-do-i-make-the-grace-period-licensing-pop-up-go-away/.

In summary, the broad changes are:
  • The Grace Period automatically starts if a machine transitions to unlicensed or partially licensed.
  • The Pop-Up is NEVER shown to end-users unless the new ADMX is Enabled and configured (so a change from Always to Opt-in.)
  • Non-Licensed and Partially-licensed state will ONLY be noted in Windows Events. (And, of course, the output of the PPUPDATE command.)
We changed this behavior to avoid very large customers getting end-user pop-ups if the license transitions from licensed to partially-licensed (for instance, dropping a particular component from use.)
As such, all customers automatically get the 30 Day Grace Period for any unlicensed component (or all components); events are noted to the event log, but to get the pop-up broadcasted to end-users, customers must manually enabled to opt-in to customer-delivered pop-ups and configure the number of days to show the pop-ups to end-users.
The combined KB explains the previous and updated behavior:
Indications to use Netwrix Support instead of previous method
This build now has in-product reminders on how to open support tickets (PPLOGS, MMC pop-ups, etc). Reminder that emails are not being accepted at the support email at PolicyPak any longer and only accepted at www.netwrix.com/support.html
Misc PolicyPak CSE, MMC and Tools Fixes:
  • Automatic uninstall of the CSE fixed during an upgrade
  • Fix for PolicyPak Least Privilege Manager when customer VBscripts are used with //nologo
  • PolicyPak Least Privilege Manager Admin Approval Long code now works with Ctrl-V
  • PolicyPak ILT improvements for WMI conditions
  • MMC fixed around characters accepted to link to Netwrix Auditor
  • PolicyPak Least Privilege Manager + MSI Products improved for EMC NAS
  • PolicyPak Least Privilege Manager Fix for “Self Elevation Justification text is not being accepted.”
  • PolicyPak Preferences Registry fix for ACL Control and Registry Keys
  • PolicyPak Least Privilege Manager Improvements when user attempts to delete large files
  • PolicyPak Application Settings Manager fixes alongside Mozilla Firefox and crashes and dumps
  • Lots of other fixes in many other areas.
PolicyPak Cloud Updates & Fixes:
3/11/2024: PolicyPak Build number 24.3.3831
Hotfix Updates:
  • Problem with Java certificate growing too large.
2/28/2024: PolicyPak Build number 24.2.3821
Hotfix Updates:
  • Misc security updates
  • CSE Installer hangs or rolls-back during install (ppupdatew hang)
  • PolicyPak Least Privilge Manager fix when customer VBscripts are used with //nologo
  • PolicyPak Scripts Manager crash during shutdown
  • PP Merge Helper Tool Updated when handling Microsoft Security Settings
  • Rename of PPLPM ADMX Setting “Check for certificate revocation…” to “Prevent certification revocation on file signatures verification”
  • PP Device Manager: Fix for filter showing only one option in the list
2/06/2024: PolicyPak Build number 24.2.3799
General & UI Updates
Netwrix PolicyPak Now Supports Windows 11 Context Menus in the CSE

By popular request, Windows 11 right-click context menus are now supported for end-users. See KB about this new feature
here. Note: Windows 10 style menus do not change on Windows 10.

Netwrix PolicyPak End of Life for PolicyPak VPN Manager

It was announced last year that the first build of 2024 would stop PolicyPak VPN Manager policies from processing. As such, this build is the first to stop processing PolicyPak VPN policies. MMC snap-in / UI elements were removed in previous builds.

Netwrix PolicyPak End of Life for Unsupported Windows OSs

It was announced last year that the first build of 2024 would prevent PolicyPak CSE from installing on non-Modern operating systems. As such, previous builds might have installed, but not all features were available. Starting with this build, only modern Windows is supported, like Windows 10 and 11 and Server 2019 and Server 2022.

PolicyPak Least Privilege Manager
Improved Self Elevate Context Menu

Self Elevate right-click flyout is improved if both Self Elevate and explicit rules would apply to the same executable. Now if Self Elevate is selected AND there is an explicit rule which would automatically perform the elevation, the explicit rule will apply (and not Self Elevate.)

PolicyPak Network Security Manager
DNS Name Support

Network Security Manager can now specify domain names to allow or block (in addition to IP addresses.).
Video demo.

Misc PolicyPak CSE Fixes:
  • PolicyPak Preferences 2.0 Shortcut Item: Now creates folder on-the-fly if it doesn’t exist.
  • PolicyPak Scripts & Triggers: MMC fix to always show “With elevated rights” checkbox.
  • PolicyPak Scripts & Triggers: MMC fix to always show all months in Monthly trigger fixed.
  • Elevating CLSID {7007ACD1-3202-11D1-AAD2-00805FC1270E} (change NIC properties) fixed.
  • Some CSE upgrade scenarios from 23.10 to latest fixed.
  • PolicyPak Least Privilege Manager SecureRun™ first block prompt slow is now fixed.
  • PolicyPak Least Privilege Manager Right-click evaluations for very large files now fixed.
  • PolicyPak Least Privilege Manager has new ADMX option to turn off Certificate Revocation Checking. This option is NOT recommended, but available if revocation checking takes too long. Screenshot here.
Misc PolicyPak Group Policy Compliance Reporter Fixes:
  • PolicyPak Group Policy Compliance Reporter now honors Enterprise Full licenses.
PolicyPak Cloud Updates & Fixes
  • PolicyPak Cloud + ARM installer support now available per customer. Screenshot here and here.
  • PolicyPak Least Privilege Manager + PolicyPak Netwrix Privilege Secure how has “Enable certificate bypass” checkbox. Screenshot here.
  • Emails coming from new email service (no action needed.)
  • Mass deletion of computers now available when viewing Computers list
  • PolicyPak VPN Policies retired
  • PolicyPak Least Privilege Manager Policies can have user SID added
  • PolicyPak Least Privilege Manager Policies can have “Force user to reauthenticate” checkbox
  • Event Reporting fix for very large reports which caused CSV truncation
  • Event Viewer fix for very large eventing display (>5 million records).
1/12/2024: PolicyPak Build number 24.1.3775.756
12/12/2023: PolicyPak Build number 23.12.3745.1241
General & UI Updates
Netwrix PolicyPak Now Supports ARM Processors for CSE and MMC

Netwrix PolicyPak ships with ARM support; the CSE is fully functional for all PolicyPak Components including PolicyPak Least Privilege Manager. MMC snap-in is fully functional to create PolicyPak rules as well. See demo and setup video here.  See supportability statement about ARM processors here.

Note: ARM support will generally ship 4 times per year, and lag somewhat behind normal builds. The latest ARM build will always be in the download so you’ll never need to guess which one is latest. For instance, ARM support will not ship with NTFS traverse or some of the other updates mentioned in this build, since it will lag behind somewhat.

Note: ARM CSE will be supported alongside PolicyPak Cloud next iteration (Jan / Feb timeframe).

Netwrix Auditor now in MMC fly-out menus

Once PolicyPak to Netwrix Auditor connection is established, now you can quickly open Netwrix Auditor from right-click menu. Example: https://share.zight.com/E0um1wGx

PolicyPak Merge Tool Enhancements

Now you can export all settings to PolicyPak XML during the merge process instead of having to necessarily put the items into a Group Policy Object. Example: https://share.zight.com/kpuRqXPr

PolicyPak Least Privilege Manager
NTFS and ACL Traverse Policy

Now you can specify which processes can read, write, delete, etc any file, folder or registry location. For instance, let users modify the hosts file, remove files from All Users Desktops, or have your applications overcome UAC prompts when attempting to modify system registry locations. Multiple demonstration videos are here.

Additional Details now in logs

Log files are enhanced to provide which user ran the process https://share.zight.com/4guRBYyZ . New log type for event 1010 when NTFS & ACL Traverse is used. https://share.zight.com/E0um1xwx

PolicyPak RDP Manager
Digital Signing RDP Files

Now you can automatically digitally sign your RDP files. Screenshot: https://share.zight.com/nOuQZEGD Results: https://share.zight.com/geu1N85X

 

Misc PolicyPak CSE Fixes:
  • WinGet Policies on PolicyPak Software Delivery Manager now work on Windows 10; but WinGet must be pre-updated to 1.6 on Windows 10.
  • ILT Evaluations will continue even if malformed with empty computer name.
  • PolicyPak Merge tool enhanced high DPI support
  • MMC fix for specifying Netwrix Auditor URLs
  • CSE/ Cloud policy was applying by stating wrong/old Policy Name

 

PolicyPak Cloud Updates & Fixes
  • Immutable log items now go to the PolicyPak Cloud to Splunk Connector
  • PolicyPak Cloud supports PolicyPak Software Package Manager’s Winget policies
  • Computer list filter improved for massive searches
  • Computer group collapse / expand feature fixed
  • Fix when uploading user-side policies with ILT to PolicyPak Cloud

 

11/2/2023: PolicyPak Build number 23.10.3703.184

This is a hotfix release to solve for Firefox 115+ with PolicyPak Application Management and PolicyPak Browser Router.

We have an extensive KB article which is a “must read” before deploying the CSE an Firefox 115+.

Please read it here: https://kb.policypak.com/kb/article/1303-firefox-how-do-i-make-application-settings-manager-work-with-firefox-115-and-later-and-how-do-i-transition-existing-settings/

Note: We know of an issue with PolicyPak Software Package Manager and Winget policies. They were working on Windows 10 and Windows 11, but Microsoft made some kind of breaking change, and now our policies only work on Windows 11. We are working to resolve this in a future release.

And do please ask questions to [email protected] before deploying large scale testing.

10/18/2023: PolicyPak Build number 23.10.3683.1030

Netwrix is pleased to announce the general availability of Netwrix PolicyPak build number 23.10.3683.1030 With this release you will be able to benefit from the following:

General & UI Updates
Netwrix PolicyPak Integration with Netwrix Auditor

Netwrix Auditor does a great job at tracking Group Policy changes. But it was sub-optimal to specifically launch Netwrix Auditor, find the Group Policy Object and look JUST for the PolicyPak changes. With this integration, you can see your PolicyPak changes within Netwrix Auditor in one click. Demo and Setup videos here: https://kb.policypak.com/kb/section/446/  . KB with step by steps instead are here: https://kb.policypak.com/kb/article/1298-how-do-i-configure-the-mmc-snap-in-to-open-gpos-in-netwrix-auditor/

Network Security Manager MMC Snap-in Hiding

You can now use the ADMX setting to hide Network Security Manager from the MMC. See KB for details.

PPUPDATE License Expression now fixed

Licenses from multiple sources now more accurately reflected.

Drag & Drop of Collections Improved

Fix in MMC so copies are created with unique name instead of an overwrite.

PolicyPak Least Privilege Manager
Updated Logging Improvements

PolicyPak Least Privilege Manager Events of type 1000+ and 2000+ now have additional details: File Version, File Hash, Publisher, Owner Name and User Name. Example improvement screenshot.

Netwrix PolicyPak and Netwrix Privilege secure share the same client-side extension. For more details on updates to the MMC click here. For more information on upgrade paths for Netwrix Privilege Secure, click here.

Admin Approval “Wins” over SecureRun

Sometimes Admin Approval credentials didn’t work when SecureRun was also engaged. This fix ensures that Admin Approval wins over SecureRun.

Admin Approval Tool fix for HighDPI

Sometimes Admin Approval tool would be cut off and not show all fields with High DPI.

Fix for “Apply to child executables”

Sometimes PolicyPak Least Privilege Manager would apply privileges to child executables even when not desired.

MMC updates and fixes

Allow and Log rules fixed so unrelated options are automatically hidden.

Network Security Manager
Email Request to un-block a user

New option in Network Security Manager to enable customer to prompt user to send email to support desk to un-block processes restricted by Network Security Manager. Setup screenshot. Result screenshot.

8/31/2023: PolicyPak Build number 23.8.3641.753

Netwrix is pleased to announce the general availability of Netwrix PolicyPak build number 23.8.3635.722. With this release you will be able to benefit from the following:

General
PolicyPak User Interface

PolicyPak Least Privilege Manager node is now tucked within a new Top-Level node called Netwrix Privilege Secure. No PolicyPak policies are affected with the UI update. Details about the UI update and how Netwrix Privilege Secure customers can upgrade from Netwrix Privilege Secure MMC to PolicyPak MMC here.

Bug Fix for Logons

Deadlock issue resolved for the “Program blocked by Group Policy” during logon.

Bug Fix for Logouts

Fixes occasional black screen issue on logout

Network Security Manager Disablement

You can now use the ADMX setting to disable Network Security Manager. See KB for details.

Update for Unsupported Operating Systems

The current build isn’t compatible with Windows 7, 8, Server 2008 R2, or Server 2012 R2. A separate “hotfix build” is available for these OS, but it lacks the new features. For this hotfix, email [email protected]. Note that there will be no further support for these older systems. Specific support details can be found on the PolicyPak website. For more information on Windows 7 support, click here. For more details on other supported operating systems, click here.

PolicyPak MMC Updates
Netwrix Privilege Secure Node

The MMC now has a new “Netwrix Privilege Secure” node, with PolicyPak Least Privilege Manager nested within it. This UI change doesn’t impact any policies. Netwrix Privilege Secure customers can find upgrade details for the PolicyPak MMC
here.

PolicyPak VPN Manager Node Removal

The PolicyPak VPN Manager MMC snap-in has been removed. However, the CSE will process VPN Manager policies until Jan 2024. Refer to the PolicyPak VPN Manager Sunset announcement for more details.

MMC Policy Improvement

Prefixes added to duplicated policies to avoid confusion.

PolicyPak Cloud Improvements
  • Brand new  “PolicyPak Network Security Manager” in-Cloud Editor
  • PolicyPak Scripts & Triggers In-Cloud Editor now supports “Event Triggers” editing
  • Immutable log viewer now has CSV download option
  • Immutable log now expresses Azure AD Access Configuration modifications
  • Updated PolicyPak Cloud Client for Windows with misc improvement including improved logging with Event ids
  • New MacOs Client version which utilizes new synchronization engine. Warning: You need to update your Mac clients to this version before the end of September to keep synchronization to Macs working, as we expect to turn off the old synchronization engine service at that time.
PolicyPak Product and Licensing Updates
Enterprise Full License Type

Starting with this CSE, we support the ‘Enterprise Full’ (or Enterprise+) license. Please read the entire KB here before requesting an Enterprise Full license from Support.

Enterprise Full License Instructions

Customers with PolicyPak Enterprise entitlements can request Enterprise Full license keys by emailing [email protected], using the subject “Enterprise Full Key Request for <your company name>.” Requests will typically be processed in the order they’re received. It’s essential to note that these licenses will only be valid on endpoints with CSE version 23.8.3635.722 installed. While you can request the key now, it’s recommended to install them alongside your controlled 23.8.3635.722 rollout. For further insights on licensing, refer to the updated KB article titled “How can I tell how a machine is licensed?”

PolicyPak Software Package Manager and WinGet Delivery
Winget Delivery

You can now distribute policies using WinGet, alongside GPO, Cloud and MDM joined with features like Item Level Targeting. Learn about delivering packages with WinGet, discovering interesting WinGet packages with WinGet-Run, the Software Package Manager Helper tool, and how to install WinGet on Servers if needed (Unsupported.)

AppX Fix

We’ve fixed the issue where some AppX settings failed to reach endpoints or connect to the MSSTORE catalog.

Drag and Drop Fix

Policies now maintained on drag and drop.

PolicyPak Least Privilege Manager
Netwrix Privilege Secure

Netwrix PolicyPak and Netwrix Privilege secure share the same client-side extension. For more details on updates to the MMC click here. For more information on upgrade paths for Netwrix Privilege Secure, click here.

Admin Approval Long Code Support

Full publisher details are now in the long code. Update the CSE on endpoints and the Admin Approval tool to utilize this feature. See the example result.

Admin Approval Enhancement for Untrusted Applications

You can now show admin approval dialogs for untrusted applications. See example and read KB article for more information.

Enhanced Behavior for Custom Menu Items

Text for custom menu items now displays different results depending on Admin Approval state and rule matches. KB article.

MMC Editor Updates

For certain action types, the open/save dialog is disabled to ensure a streamlined user experience.

Enhanced Guidance XML for Helper Tools

Improved digital signature for PolicyPak have resulted in modified Guidance XMLs. For a screen shot example click here. For more information, view a demo video here.

PolicyPak Cloud for Mac Client
Updated synchronization engine

Latest PolicyPak Cloud for Mac client will use newest synchronization engine to PolicyPak Cloud; as we are expected to turn off the original synchronization engine soon. All Mac customers are required to update within 15 days to the new client.

PolicyPak Group Policy Merge Utility
Enhanced Settings Management

Now you can take existing PolicyPak settings and back them out into Microsoft settings. See example here.

6/26/2023: PolicyPak Build number 23.6.3571.1043
  • Fix: RDP inbound connections are now fixed.
  • Known Issue: This build is known to install, but then fail to function on Windows 7 and 8. Please continue to use your already-working build until this is fixed (likely the next CSE release.)

Note: There are no other updates in this CSE version.

6/09/2023: PolicyPak Build number 23.6.3557.1230
Known Issue:

Some customers report that this build blocks inbound RDP connections. We’re actively working on a workaround or update for this known issue.

Netwrix PolicyPak General
  • CSE Update: CSE update contains security improvements which are recommended for all customers. See Advisory.
  • CSE and MMC update: Miscellaneous bugs and improvements (some around crashes or hangs.)
  • New License Type: “Enterprise Full” (aka Enterprise+) license type supported from this CSE onward. More details will come to customers toward the end of the month, but this CSE and later supports the Enterprise Full license type. See Updated KB Article.
  • Standalone ILT Validation Tool: New tool helps troubleshoot ILT evaluations on endpoints from policy XML. See Video.
New Component: PolicyPak Network Security Manager

Overview: Specify which applications can communicate with what IP addresses and ports. For instance, the QuickBooks desktop application can only communicate with the QuickBooks Server at 192.168.2.61 and Firefox can only communicate with Patient Portal at 10.10.10.12. Learn more about the Network Security Manager basics in this KB Article.

  • Applications and Ports Management: Lock down applications by using specific IPs and ports. See Video.
  • Global Settings Management: Manage Global Settings including notification options and block messages. See Video.
  • Auditing Events: Enable auditing events for Network Security processes and actions. See Video.

Tip: Enterprise Customers or PRO Customers who have already licensed the “Desktop Automation Pak” may request a license for PolicyPak Network Security Manager by emailing [email protected]. PolicyPak Cloud customers should automatically be licensed for this new component. Note PolicyPak Cloud will support upload of XML from MMC, but no in-cloud editors yet for PolicyPak Network Security Manager.

Netwrix PolicyPak Least Privilege Manager
  • Fix in MMC: File / Folder name is now correctly added to the policy name if path variable is used
  • Fix in CSE: CSE had used wrong processing order on occasion.
  • MMC Update: The term “SbPam” was renamed to “Netwrix Privilege Secure” in the MMC.
  • MMC update: You can now create policies from 6300 events (6320, 6301) from the event log to the MMC.
  • MMC and CSE update: Now wildcards are allowed for CN=* matches. See Screenshot.
  • MMC and CSE update: On-Demand and Explicit rules now permit you to force users to re-authenticate and allow for Justification text. See Screenshot.
  • MMC and CSE update: On-Demand Rules also allow for Global Text for Right-click Menu item. See Screenshot. For an example of when On-Demand Rules are used with Justification Text, see screenshot. For implementation instructions, see KB article.
Netwrix PolicyPak Preferences Manager
  • Fix in Shortcuts: CSE now creates URL policy correctly in Action:Create
Netwrix PolicyPak Browser Router
  • Deprecated: Routing to Legacy Edge.
  • Legacy PPBREdgePackage will not be present any longer in builds going forward.
Netwrix PolicyPak Admin Templates Manager
  • Fix in MMC: Allowing switch from Computer / User side in switched policies (not just once.)
Netwrix PolicyPak Device Manager
  • Fix: Error when adding System and Admin accounts
  • Update: MMC can now import a list of serial numbers or Bitlocker Key IDs for USB devices from text files. See Screenshot.
5/16/2023: PolicyPak Build number 23.5.3533.1252
Netwrix PolicyPak General
  • Misc fixes for stability
5/9/2023: PolicyPak Group Policy Compliance Reporter 23.5.3521.647
  • Fix: PPGPCR: Compliance Reporter running out of memory
3/13/2023: PolicyPak Build number 23.3.3467.1199
Netwrix PolicyPak General
  • PolicyPak Merge Tool Enhancement: Clearer language and support for GPPrefs Shortcuts. See Screenshot.
  • MMC Fix: Ctrl-X Shortcut or “Cut” context menu now fixed
  • Miscellaneous Fixes: Several bugs fixed in MMC and CSE.
Netwrix PolicyPak Cloud
Netwrix PolicyPak Least Privilege Manager
  • Video Capture Improvement: Get enhanced video captures via Netwrix Privilege Secure
  • New ADMX Setting: Change Admin Approval when installing items that contain drivers. See Screenshot 1. (Note: Requires latest CSE)
  • Admin Approval Fix: Resolution for black screen when using Admin Approval + alternative credentials
  • Self-Elevate Fix: Resolution for Self-Elevate with MS Update KB5022282
  • Windows 11 Fix: Resolution for Windows 11 when SecureRun not blocking as expected
Netwrix PolicyPak Preferences 2.0
  • Shortcut Manager: Simplify Shortcut Management. See
    Screenshot    .
  • Preference Specific Variables: Now Preferences-Specific Variables are honored in all Preferences 2.0. Just
    look for the Pencil icon to open up the variables picker. See
    Screenshot    .

TIP: You need only ONE license called the “PolicyPak Preferences 2.0 License” (Enterprise or Pro Customers
(with the
GPO Reductions & Transitions Pak) may request the license by emailing [email protected]) which will enable DRIVE MAPS, PRINTERS, REGISTRY and
SHORTCUTS.

Netwrix PolicyPak Browser Router
  • End-user UI Fix: Multi-line text now allowed in block message.
  • End-user UI Enhancement: Default block messages contain robust details. See Screenshot.
  • Block Message Enhancement: Use variables in block messages. See
    Screenshot    .
  • Preference Specific Variables: Now Preferences-Specific Variables are honored in all Preferences 2.0. Just
    look for the Pencil icon to open up the variables picker. See
    Screenshot    . See
    KB article
Netwrix PolicyPak Device Manager
  • Bitlocker Enhancement: Bitlocker support strengthened with Serial Number included in requirement
  • System User: Add SYSTEM as user if needed as person who can read/write/etc.
  • MMC Fix: Error while creating policy while adding exclusions for users
  • Fix in MMC: “Delete Selected’ button is now fully visible in Edit mode
  • Fix in MMC / CSE: “Allow All” policy for USB devices is created correctly now for WPD device exclusions.
1/30/2023: PolicyPak Build number 23.1.3425.1079

[Reminder about impending Legacy XML Licensing Expiration Feb 28, 2023]

Legacy XML license will expire Feb 28, 2022… even if they are set to expire in some future date. Several updates in the newly shipping CSE are there to help you with the transition.  Extensive up-to-date KB article with videos, tips, tricks, workarounds and validation of success here: https://kb.policypak.com/kb/article/1231-action-required-for-policypak-customers-using-legacy-licenses/

[PolicyPak Cloud]
[PolicyPak Overall & Licensing]

 

[PolicyPak Least Privilege Manager]
  • Improved: Right-click Run-As Administrator should work as expected in most cases now.
  • Improved: Tuning of Right-Click Run-As Administrator via ADMX to disable “Explicit Elevation” completely and have “Run as Administrator” handed by Windows -or- “Run as Administrator with Netwrix PolicyPak” menu item (to File Explorer Only.)  Screenshot: https://share.getcloudapp.com/z8uloNG4
[PolicyPak Preferences 2.0]
  • Improved: Registry items now have application modes Always, Once or Once when Forced. Screenshot: https://share.getcloudapp.com/bLuObXwD .
  • Fixed: Registry items drag-and-drop from various levels works as expected
  • Fixed: Printers items now import from XML in MMC as expected
  • TIP: You need only ONE license called the “PolicyPak Preferences 2.0 License” (Enterprise or Pro Customers (with the GPO Reductions & Transitions Pak) may request the license by emailing [email protected]) which will enable DRIVE MAPS, PRINTERS and REGISTRY (today) and others, like SHORTCUTS (future).
12/8/2022: PolicyPak Build number 22.12.3375.735
[PolicyPak Overall]
  • New: Quick Right-Click Enable / Disable Implemented for all policies and collections (Except PP App Settings Manager). Screenshot examples for PPLPM but all others supported: https://share.getcloudapp.com/KounQRnA and https://share.getcloudapp.com/mXub7NbG
  • Improved: PPUPDATE now shows non-licensed and multi-licensed conditions. Example: https://share.getcloudapp.com/GGuJA8Ab
  • New: PPUPDATE /XMLSTATUS /OUT c:\temp outputs license status as XML
  • Fix: MMC fix for missing icons after editing.
  • New (Finally!): MMC Cut & Paste for most policies and collections !
  • Fix: Install fixed for older OSs with “DLL Missing” error.
[PolicyPak Least Privilege Manager]
  • Improved MMC: Right-click menus now streamlined and context aware
  • Improved: Admin Approval Tool now has auto-close timeouts via ADMX setting Screenshot: https://share.getcloudapp.com/eDun9vOY . Note ONLY the Admin Approval tool from this build and later will support the ADMX.
  • Improved: Netwrix sbPam session de-provisioning dialog
  • Fix: SecureRun not properly evaluating domain group added to local administrators group
[PolicyPak Device Manager]

Improved: DEVICE_INSTANCE_PATH can be added to custom message (explaining to users which device was blocked)

[PolicyPak Browser Router]

Fix: Issues with the 5-minute timeout in Chromium were fixed in the Chrome Extension. This is meant to work latest versions of Google Chrome and Microsoft Edge (Versions 104.* and higher; current is 107.*). If you’re experiencing Chrome timeouts, update Chrome/Edge to the latest and Browser Router Extension will auto-download latest.

[PolicyPak Preferences 2.0]
11/11/2022: PolicyPak CSE 3335 (22.11.3335.685) and GP Compliance Reporter and PP Cloud Update
[Netwrix PolicyPak Least Privilege Manager]
  • Fix for MMC: Policy Drag and Drop fix.
  • Fix for MMC: Disabled collection icon fix.
  • Fix for CSE: sbPam deprovisioning and video capture improvements
[GP Compliance Reporter]
  • Rebranded for Netwrix GP Compliance Reporter
  • Support for TLS 1.2
  • Fix: Occasional service stopping.
  • Fix: Auditor exception during work.
  • Fix: High memory usage.
[PP Cloud]
  • Improved: Automatic Scaling when PP Cloud is under load / reduced load.
  • New: details when PP Cloud is under load and re-scaling. Screenshot.
  • New: PolicyPak Preferences 2.0 Drive Maps – In Cloud Editor
  • Fix: PolicyPak Preferences 1.0 Printer Editor now handles “Port Number” field correctly.
  • Fix: PPLPM Editor now allows SHA-1 hashes plus various field fixes
  • New: Additional logging to Immutable log around cryptographic exceptions causing PP Cloud clients becoming unregistered
  • Fix: Event Collection record viewer fixed to handle display / query of large amounts of data
10/17/2022: PolicyPak CSE 3319 (22.10.3319.752) and PolicyPak Cloud and GP Compliance Reporter
[Netwrix PolicyPak Least Privilege Manager]
  • Privileged Administrator Screen Recording: Records, archives, and plays back privileged local desktop activity when access is brokered by Netwrix SbPAM. WATCH VIDEO
  • ShellExecute Least Privilege Management: Intercepts, prompts, and audits ShellExecute API style UAC prompts when explicit elevation rules are configured.
  • Simplified Printer Management: Enables users to install printers securely using the native Windows 10/11 “Add Printers and Scanners” UI (Only available for CSE 22.10 or later). WATCH VIDEO
  • Simplified IP Configuration Management: Enables users to edit IP settings using the native Windows 10/11 “Network and Internet Settings” UI (Only available for CSE 22.10 or later). WATCH VIDEO
  • Streamlined UI for executing Netwrix SbPAM Rules: Embedded Netwrix SbPAM rules enable administrators to broker Java, Script, and other policies more easily. SEE SCREENSHOT 1. SEE SCREENSHOT 2.
  • Expanded Control Panel Applet Policies: Configure and deploy least privilege management policies for standard users to access Event Viewer and Performance Monitor. SEE SCREENSHOT.
  • Fix: Child Process Still Elevated while “Don’t elevate Open/Save dialog” is Enabled.
  • Fix in MMC: Elevating folders now allowed again. SEE SCREENSHOT
[Netwrix PolicyPak Device Manager]
  • Phone and Device Blocking: Blocks access to connected phones, music players, Windows Portable Devices (WPD), and other Picture Transfer Protocol (PTP) devices. SEE SCREENSHOT NOTE: iPhones not yet supported, but most Android devices are supported. Only works with CSE 22.10 and later. Phones will be blocked immediately upon CSE installation. To avoid phones from being blocked, update the policy and un-check phones first using the MMC snap-in. Then, update the CSE.
[Netwrix PolicyPak Preferences 2.0]
  • New ADMX Setting: Explicitly un-licenses/turns off PolicyPak Preferences 2.0 CSE
  • Drag & Drop Support: Supports drag & drop and other important methods for printers and drive maps from Microsoft Group Policy Preferences files. SEE SCREENSHOT.
  • Reconnect Status: Reconnect status for drive map policies now visible in MMC table. SEE SCREENSHOT.
[PolicyPak Cloud]
  • PolicyPak Preferences 2.0 Printers Editors: Configure and deploy printer policies from the convenience of an in-cloud editor (CSE v22.10 and later)
  • Administrator Re-authentication: Forces users to re-authenticate when Netwrix SbPAM sessions are initiated (Netwrix SbPAM integration is “read-only” but seen in reporting)
  • Event Collector Restrictions: Restricts events a set number per day
  • Default Expiration: Sets default expiration date to 5 years for new join tokens are created
  • Fix: Fixed alerts for “License is not present” when creating user policies when license not present.
  • Fix: Various UI fixes for time zone issues
[Misc Fixes]
  • Various ILT fixes in CSE
8/30/22: PolicyPak CSE Update and PP Cloud update 3274 (CSE 22.8.3274)
[User Interface]
  • PP MMC Snap-In: Rebrand complete with Netwrix PolicyPak Red/Blue Color Scheme
  • PP MMC Snap-In: We will attempt to determine license expiration from licenses within GPO and give you a warning if you’re expiring. Example: https://share.getcloudapp.com/12uz9EmQ Control via new ADMX setting: https://share.getcloudapp.com/5zuPW5lr
  • PP Cloud: Rebrand complete with Netwrix PolicyPak Red/Blue Color Scheme
[PPLPM]
[PPPreferences 2.0]

 

7/4/2022: PolicyPak CSE 3212 (22.6.3212.789) and PolicyPak Cloud
5/3/2022: PolicyPak CSE 3155 (22.5.3155.734)
3/14/22: PolicyPak CSE Update and PP Cloud Update CSE 3099
  • PP Cloud: Now Collect PPLPM Events and report on them. REQUIRES TICKET to [email protected] to enable. REQUIRES Latest CSE 3099 to operate. NOTE: This is EXPERIMENTAL and not all customers are eligible to participate yet.  Video link.
  • PP Cloud: 10x faster login
  • PP Cloud: PPLPM COM Class editor improvements
  • PP Cloud: PPJRM Updated Java Versions in editor.
  • NO OTHER FIXES or updates in the CSE. CSE is only updated to provide functionality for PP Cloud –> PPLPM Events collector.
2/4/22: PolicyPak CSE Update (First supported build for Windows 11) CSE 3068
1/5/22: PolicyPak Tools Update Only for the Auto Rules Generator Helper Tool. NO CHANGE to the MSI or CSE build number.
12/22/21: PolicyPak Cloud ONLY update
10/11/21: CSE 2943 (21.10.2943.726)

Updates and new features!

Fixes:

  • PP Scripts: “Once or when forced” will now execute user script corrrectly.
  • PP Browser Router: Routing from Firefox ESR 91 to other browsers fixed.
  • PP Helper Tool: Fix for Printers app for app crash
  • PP RDP Manager: Allow blank computer name
  • PPLPM + MDM: Fix SecureRun not always applying
  • PP App Manager: DesignStudio + VC2019 working correctly
  • PP Scripts: Fix for scripts not running at all for some customers.
  • PP Scripts: Fix for “Run once” policies not running at all for some customers.
  • PP GP Compliance Reporter: Auditor License issues fixed.
  • PP GP Compliance Reporter: Auditor fixed data from Computer side
  • PolicyPak Cloud: New In-Cloud PolicyPak Device Manager Editor !
  • PolicyPak Cloud Client now can support movement via command line.
  • PolicyPak Cloud: Various fixes and improvements.
9/15/21: PPGPCR 2906

– PPGPCR: Fix for Auditor with Empty RSOP data.
– PPGPCR: Fix now able to use / recognize Universal licenses when on endpoint.
– PPGPCR: Fix for “Empty” license.

8/25/21: PolicyPak CSE and Cloud Update 2905

– New PPLPM: Least Privilege Manager now has BRANDED UI with your icons, colors, etc. Video: https://kb.policypak.com/kb/article/1151-branding-the-ui-and-dialogs/

– New COMPONENT: PolicyPak Device Manager for USB and CD-ROM control.
** Note: You need to REQUEST an update license for ON-PREM or MDM. Cloud will already have license for LEGACY CLOUD customers.

Video: PolicyPak Device Manager Basics / Instantly put the smack down on USB sticks and CD-ROMs: https://kb.policypak.com/kb/article/1155-instantly-put-the-smackdown-on-usb-sticks-and-cd-roms/

Video: Allow ONE user (or group) access to USB / CD-ROMs https://kb.policypak.com/kb/article/1156-allow-one-user-or-group-access-to-usb-and-or-cd-rom-and-dvds/

Video: Authorize USB Sticks by specific VENDOR. https://kb.policypak.com/kb/article/1157-authorize-usb-sticks-by-vendor-type/

Video: Permit specific USB by SERIAL number. (COMPLETE EDITION ONLY) https://kb.policypak.com/kb/article/1158-permit-specific-devices-by-serial-number/

– FIX PP RDP Manager: Now keep RDP file signature intact when file is imported in the snap-in/PP Cloud editor.
– Update Scripts & Triggers: Updated UI for Events triggers
– FIX PPBR: policy types won’t apply if the collection doesn’t have anything else
– FIX ADMX: Newer snapins were absent in PolicyPak ADMX settings
– FIX PP Feature Manager: Collection settings when collection is empty
– FIX: Helper Service unexpectedly stopped
– FIX: PPScripts: Scripts with PowerShell would open/close Windows interactively on screen.
– Improved PP Cloud: Company-level “Password & account management & lockout” policies
– Improved PP Cloud: Policy report ( XML Delivery ) now exportable
– Improved PP Cloud: Improved LICENSED and NON-LICENSED reporting details

7/16/21: PolicyPak CSE Update 2862

– Big update for ONE Component (PolicyPak Preferences) Licensing. Please read if you are DOMAIN JOINED and might be using PolicyPak Preferences as LICENSED. (This is a small percent of customers.). Note that NON domain joined machines (CLOUD or MDM) are not affected. https://kb.policypak.com/kb/article/1143-07-why-is-policypak-preferences-original-version-forced-disabled-by-default/
– PolicyPak Start Screen & Taskbar Manager: Now enables you to have “blank” right-side of start screens as an option.
– Fix: Enforce loopback mode when GPOs are synchronized for cross-forest user logins
– Update for Java Rule Manager: MMC Editor updated for latest version of Javas.

7/12/21: PolicyPak CLOUD Update

– New in-cloud editor: PolicyPak Feature Manager for Windows https://share.getcloudapp.com/eDuyb2jE
– Improved: Edit Computer now enables you to see and edit COMPUTER Group Membership and see the Policy Forecast: https://share.getcloudapp.com/o0ue1N7D
– Policy Forecast is now downloadable: https://share.getcloudapp.com/wbu6OZXB
– Fixed: PPRDP Manager will keep RDP file signature when uploaded into PP Cloud editor
– Other various cloud fixes.

6/16/2021: PolicyPak CSE Update 2830 (21.6.2830)

– New: One big update this build. We have our own Item Level Targeting Engine which you can OPT INTO in this build. Why do we need our own Item Level Targeting Engine, and what’s changed? Before this build, we relied on the Group Policy Preferences Item Level Targeting Engine for ILT evaluation; which generally works, but sometimes has problems over VPN, slow links, and has a few bugs. When issues came up in the GPPRefs ILT engine though, we had no way to fix these issues. We put in place a few workarounds, but ultimately decided to dedicate some resources to our own PolicyPak ILT engine. Now if issues come up, we can fix our own code, providing a future path for updates and features.

Opt in with the ADMX setting: Computer Configuration | Policies | Administrative Templates | PolicyPak ADMX Settings | Client-Side Extensions | Use Item Level Targeting filters evaluation engine (Preferences vs. PolicyPak)

In a future version (expected with builds “21.9” and later; the default will simply be the PolicyPak ILT engine with the option to revert BACK to the Preferences ILT engine.)

-Updated: GPExport: Additional fields ACTION , PATH and ILT in GPExport
-Updated: Record event to the Event Log when process is elevated or allowed due to rule inheritance
– Fixed: PPLPM: Slow application launch time when Self-Elevation policy contains a bunch of individual users
– Fixed: PPLPM: Secure Copy – Incorrect validation for Network Share Source page
– Fixed: PPScripts runs script as user with elevated rights if user from Admins group
– Fixed PPRWDM: Error: Job milestone: ‘Copy’ has failed while apply dropbox policy

6/5/2021: PolicyPak Cloud Update

– New: In-Cloud TaskBar Manager Editor !!
– Improved: In-Cloud editors now allow you to ADD new policy from XML and/or Replace SELECTED or ALL XMLs ! Example: https://share.getcloudapp.com/WnuxA9BW
– Improved: In-Cloud editors enable you to REPLACE XML policy with right-click context menu “Replace selected from XML” Example: https://share.getcloudapp.com/d5uAbkAj
– Fixed: Universal license in MSI won’t replace original XML license when installing.
– Fixed: Using JoinToken with long named groups
– Updated: Explain to customer IN THE EMAIL how to adjust threshold notifications

5/17/2021: CSE 2802

– Fix for CSE when ADMX to kill a component wouldn’t work. So, now, this is expected to work regardless of license type: https://kb.policypak.com/kb/article/240-what-if-i-want-to-unlicense-one-component-like-pppreferences/
– FIX for GPO Exporter: On USER side export, we now correctly create correct USER side XML.
– Update for GPO Exporter and Preferences: Now you can see columns during export making it easier to know which items you DO and DONT want exported.

5/5/2021: CSE 2791

PP CSE, Tools, and Extras:
– New! PP Least Privilege Manager “SecureCopy(TM)”. Have a trusted READ-ONLY SHARE SOURCE for self-elevation. (Video: https://kb.policypak.com/kb/article/1122-securecopy-tm-empower-users-to-copy-then-elevate-items/ )
– New Trigger for PolicyPak Scripts & Triggers: Event Log SOURCE and/or Event IDs ! (Video: https://kb.policypak.com/kb/article/1126-policypak-scripts-triggers-events/ )
Note: GP computer-side processing bug exists when you attempt to make a trigger on a log that DOESN’T exist on the client. So… don’t do that. 🙂 We’ll fix it.
– New! GPO Export Manager MMC snap in: Quick export of GPO contents for use with PP Cloud or your MDM (Video: https://kb.policypak.com/kb/article/1125-quickly-export-this-gpos-settings-as-xmls-for-use-with-policypak-cloud-or-your-mdm/ )
– Updated: PP Browser Router: Use icon of active default browser for URL shortcuts (video: https://kb.policypak.com/kb/article/1124-set-the-links-to-icons-to-actually-show-the-default-browser/ ). Related KB on changing icons: https://kb.policypak.com/kb/article/1127-how-do-i-change-the-default-icon-for-user-created-shortcuts-for-my-default-browser/
– Updated behavior: PP Scripts will now always run regardless of PPLPM block rules (revert back to OLD behavior with ADMX setting)
– Fix: LT tool now will count ONLY Windows devices and not extra non-related devices
– Improved: Add support for RINGS elements to update.config file https://kb.policypak.com/kb/article/1128-how-can-i-roll-out-latest-policypak-cse-with-active-directory-in-a-controlled-manner-using-rings/

PP Cloud:

– New! PolicyPak Start Screen in-Cloud editor ! (Group editor: https://share.getcloudapp.com/kpuKlWmW ) (Tile editor: https://share.getcloudapp.com/2Nuwp7Br ) Note: Taskbar coming soon !
– Update: PPRDP Editor now imports more unusual .RDP files
– Update: PP Scripts + Triggers… New Triggers Editors !
– Other misc fixes

3/29/2021: CSE 2753

– Multi-domain MMC in many places (Example: https://share.getcloudapp.com/ApuY6dx9 )
– Hide Action Panel in MMC: https://share.getcloudapp.com/2Nuw1Zdq and/or do it for all snap-ins at once https://share.getcloudapp.com/8LubmzBo (and yes, we remember your choice)
– PolicyPak Admin Templates Manager (only): Quick Filters at the top https://share.getcloudapp.com/xQubd8d5
– PolicyPak Admin Templates Manager: “Add and Continue” now snaps back to same area you were just working in.
– PolicyPak Admin Templates Manager: Write the “Explaintext” whenever you edit and save a policy. “Before” behavior: https://share.getcloudapp.com/E0uYWQJ4 After behavior: https://share.getcloudapp.com/RBuY6p24 TIP: Just add any new PP Admin Template Setting (or rename a collection, etc.) Basically, make ANY change to the GPO and click SAVE.. and all the Explain Text gets re-written into the report.
– When Licensing Intune, we can license “Company Name” and don’t have to specify ALL UPN names customer is using.
– PPLPM: Fixed a situation where Admin Approval Dialog would not appear even when expected
– PPBR / CSE in general: ADMX setting to specify custom prompt to user if PPBR / CSE stops working: https://kb.policypak.com/kb/article/1106-how-can-i-present-a-custom-dialog-or-no-dialog-if-browser-router-or-the-cse-stops-working-or-crashes/
– PPLPM: Reduced startup delays caused by PPLPM CSE reading and verifying file signatures, calculating hashes, etc for big files
– PPLPM: Fixed when working with Windows 7 (unsupported!)
– PPLPM: Fix for Admin Approval Dialog starting and closing immediately
– PP CSE + Intune: Accepts “Company Name” instead of multiple UPN Names
– PP CSE: Auto-Update Feature now supports RINGS via XML files (KB: Coming soon )

3/25/2021: PolicyPak Cloud Only

– PolicyPak Cloud to support AppX Licenses, Reporting, and upload of policies
– Yearly “Post Pay” model now available for Enterprise and Professional Customers
– PolicyPak File Associations Manager In-Cloud Editor
– PolicyPak Least Privilege Manage: Command Line Conditions Editor
– Improved Admin Requester flow
– PolicyPak Portal: New On-Prem / MDM Keys we generate will be downloaded FROM the Portal
– PolicyPak Portal: New PolicyPak Cloud Manual available for download in the portal !
– PolicyPak Portal: New Manual for Software Package Manager (AppX)

3/1/2021: CSE 2725

– New Component: PolicyPak Software Package Manager (AppX Policies). Must request a license to use. Videos: https://kb.policypak.com/kb/section/366/
– Updated: Licensing Tool to make it easy to request On-Prem AD, Intune Only, or On-PremAD+Intune Hybrid (Video: https://kb.policypak.com/kb/article/1079-how-to-request-a-license-request-key/ )
– Updated: PPupdate command now shows HOW and WHAT components (Policies) you’re licensed for (Article: )
– Updated: PPLPM Global Settings Auditing now on Computer side
– Updated: PP VPN Manager / easier import of EAP XML
– Updated: PPExporter MSI Utility now wraps up new Universal licenses (Video: https://kb.policypak.com/kb/article/1080-how-to-install-universal-licenses-for-new-customers-via-gpo-sccm-or-mdm/ )
– Updated: ADMX setting to transition Command Prompt inline processes to less-secure “Legacy mode” if desired (More details on this page: https://kb.policypak.com/kb/article/1008-why-does-policypak-securerun-block-inline-commands-and-what-can-i-do-to-overcome-or-revert-the-behavior/ )
– Rename “Paks” in all the MMC UIs to coordinate with new web launch and branding (Screenshot: https://share.getcloudapp.com/WnuBmx5p )
– Fixed: Resolve hang at first login (OS upgrades or first user log on) when Admin Approval was on.
– Fixed: AppSet (old name for Paks) Compile Issue

3/1/2021: PolicyPak Cloud updates

– New In-Cloud Editor: Java Rules Manager
– New In-Cloud Editor: PPLPM Self Elevation Policy Editor
– Improved: Copy / Paste / Overwrite existing XML for quick updates (instead of creating a totally new policy)
– Improved: “Import from XML” now available in all in-cloud editors
– Fixed: Import specific RDP file format error fixed.
– Fixed: Viewing ALL group when very large fixed.
– Fixed: PP Security Settings Manager report error fixed.
– Improved: Notification editor now supports multi-delete
– Improved: PPLPM “Global Settings” Editor had missing option
– Improved: PPLPM “Global Settings” policy now has “machine” scope
– Improved: Shortcut editor bug .. no pre-population of ICON FILE PATH item.
– Improved: In-Cloud PPBR Editor now ACCEPTs URLs without HTTP and HTTPS (Adjusted to fit same behavior as MMC editor.)

1/26/2021: PPGPCR 2693

– Updated PP Group Policy Compliance Reporter
– Free license is removed. A license is now required for reporting on PolicyPak and Microsoft settings.

1/20/2021: CSE 2687

– New Component: PolicyPak VPN Manager !
-Manage your VPN and “Always On VPN” connections.
– Example videos are ready https://www.policypak.com/components/vpn-manager/
– Manual(s) are coming soon / going thru editing.
– Learn more about why this is “the best thing ever” by watching this on-demand webinar replay from Richard M. Hicks, MVP and Godfather of Always On VPN. Requires registration, but if you’re a PP Customer, don’t worry, no one is going to call you. https://www.policypak.com/resources/pp-webinars/richard-hicks-always-on-vpn-101-throw-out-your-hardware-and-scale/
– If you want the PolicyPak VPN Manager license, email [email protected] to request it. We will be cutting ONLY “original / old” licenses at present, and not the new Universal licenses.

– New TRIGGER for PP Scripts & Triggers: Now support Fortinet !
– New Universal Licensing option released
– Update: PPLPM Licensing methods: STANARD and COMPLETE with accompanying MMC UI change https://share.getcloudapp.com/YEuQxXLJ

– Fix: Race Condition fix
– Fix: Using PPAM MMC + ILT editor on 32-bit wouldn’t open (80040154 Error)
– Fix: Scripts required for OpenVPN Connect trigger only created when OpenVPN Connect trigger is actually used.
– Fix: Multi-domain support in the CSE for various items; Note: Additional MMC updates should appear in future release.
– Fix: PPLPM: Environment variables are now fixed / honored in command line rules
– Fix: PPLPM: Background UWP processes correctly classified as background / foreground
– Fix: PPLPM Pasted Rules from Events (small fixes)
– Fix: PPLPM + PPC “Approve with Admin Creds” fixed: https://share.getcloudapp.com/v1u4Z2d4
– Fix: PPAM: Firefox 78.4.1 Certificates fixed from FF API change
– Fix: PPLPM Popup / blocking navigating to directory in Windows Explorer
– Fix: PPLPM Webex.exe file info condition wasn’t being accepted

12/8/2020: CSE 2641

– Closed security concern in PPBR. Security bulletin PP20-01.PDF available upon request and was sent to all customers on 12/8/2020 as a PDF attachment.
– SecureRun fix when PPBR is routing in Chrome / other extensions.
– Firefox + Certificates fixed in FF 78.4.1 and later.

12/8/2020: GPCR 2635

– Improved: Ability to chose parent OU alone
– Fix: Sync doesn’t remove tests after GPO links are removed
– Fix: PPGPCR Closed if sync server is unavailable
– Fix: PPGPCR Logging fix

11/27:2020: CSE 2630

– New: PP Least Priv Automatically Make rule from Audit Event
– Improved: PPBR MMC now shows “IE+Edge” in Column View. https://share.getcloudapp.com/NQuKdYWQ
– Improved: PPLPM + SecureRun + Command Line Parsing
– PP Scripts: New Trigger supports Cisco AnyConnect and also OpenVPN. Video: https://kb.policypak.com/kb/article/997-policypak-scripts-and-anyconnect-run-a-script-after-you-connect-via-vpn/
– Improved: MMC Snap-In UI naming: https://share.getcloudapp.com/geuo0pR2
– Fix: PP Taskbar Manager: Fixed misnumbering of policies
– Fix: PP Remote Work Delivery Manager: Revert now fixed when you use “Sequential” mode
– Fix: PPLPM and Elevate On-Demand fixed when attempting to do whole drive (still not recommended!)
– Fix: Unusual format in signature condition now supported.
– Fix: PPRWDM Azure Blob storage validation in MMC
– Fix: PPSCRIPTS Bug fixed when ONCE is selected, script should run exactly once instead of multiple times.
– Fix: PPC and PPOP licensed together problem.

11/26/2020: PolicyPak Cloud Changes

– New: PolicyPak Browser Router Editor ! https://share.getcloudapp.com/E0u47wly
– Improved: GPO –> PP Cloud importer !
– Improved logging for when computer licensing state changes !
– Improved PP Cloud Client Commandline for WVD and VDI scenarios: /nextstartwhenuserlogsin command line argument
– Fixed: Remote Work Delivery Manager editor now has SEQUENTIAL flag in Collection.
– Fixed: Editing and Saving ILT
– Improved: When joined to multiple Azure ADs, the ILT editor now makes it clear which one(s) you’re using

11/10/2020: CSE 2616

– CSE update only: Fixed rare, but important bug causing crash and auto-restart of the PolicyPak Services. Build 2592 had introduced a bug, now it’s fixed.

10/26/2020: CSE 2592:

NOTICE: This version has a bug in the PPLPM “Admin Approval” method where the expected end-user prompt is not showing up right away. We will fix it in next version.

– Big update: MMC Snap in GPMC now puts components together by TYPE. If you don’t like this, don’t panic. Here’s a video to show how to go back to the way it used to be. https://kb.policypak.com/kb/article/983-group-policy-mmc-ui-changes-for-2020/
– Big update: PP Remote Work Deliver Manager “Advanced” features (mass copy, with recursion, file matching, etc.) now available ! : https://kb.policypak.com/kb/article/966-mass-copy-folders-and-files-with-filters-and-recursion/
– Small update: ADMX setting “Rename Experimental Features” (disabled) renamed to “Revert to Legacy File Assoc & Browser Router Method & Features” (enabled)
– Fix: PPLPM and command line parsing improved.
– Small add: Update for ADMX setting to manage PolicyPak Event Log size.
– Medium add: ADMX now available to signify additional keywords for application installers (useful if you think you have some process with SecureRun that should be trapped for installation but isn’t.)
Other misc fixes.

10/26/2020: PPGPCR Updates:

-PPGPCR Auditor now fetches raw data from local endpoint’s WMI to avoid accessing central store and taking extra bandwidth. Therefore, more processing is now done on PPGPCR server, as opposed to workstation.
-Added ability to choose any GPOs from across the domain and put in a set.
-Added ability to choose an OU with all its GPOs and make that a set.
– Other misc fixes to server, auditor and management station.

10/18/2020: PP Cloud Changes

-**THIS IS AMAZING… “GPO to PP Cloud Easy Import Wizard”: https://kb.policypak.com/kb/article/982-how-to-import-gpos-to-policypak-cloud/
– Remaining License Notification now within Notifications configuration: https://share.getcloudapp.com/wbuP6RgB
– Logging to Immutable log when computer is JOINED, DELETED, UNLICENSED, ETC. Makes for easier troubleshooting around any specific PC in PP Cloud. https://share.getcloudapp.com/E0urj6gr
– PolicyPak Cloud + PP Least Priv + Email Policies: In-Cloud editor now available: https://share.getcloudapp.com/NQu1o2X2
– PolicyPak Cloud FIX for Reporting… If you saw unexpected Yellow / Older Versions appear in reports, this is now fixed. You will need to update to LATEST Cloud Client (not CSE) for this to work as expected. You can do this on a per-group basis.
– PolicyPak Cloud FIX for editing PPLPM Policies with Self-Elevation rule

– GPO to PP Cloud Easy Import Wizard: https://kb.policypak.com/kb/article/982-how-to-import-gpos-to-policypak-cloud/
– Remaining License Notification now within Notifications configuration: https://share.getcloudapp.com/wbuP6RgB
– Logging to Immutable log when computer is JOINED, DELETED, UNLICENSED, ETC. Makes for easier troubleshooting around any specific PC in PP Cloud. https://share.getcloudapp.com/E0urj6gr
– PolicyPak Cloud + PP Least Priv + Email Policies: In-Cloud editor now available: https://share.getcloudapp.com/NQu1o2X2
– PolicyPak Cloud FIX for Reporting… If you saw unexpected Yellow / Older Versions appear in reports, this is now fixed.
– PolicyPak Cloud FIX for editing PPLPM Policies with Self-Elevation rule

9/17:2020: CSE 2557

CSE Updates:
– PolicyPak Scripts + Triggers: New Trigger… Run a script On VPN Connect and on VPN Disconnect (Video: https://kb.policypak.com/kb/article/975-policypak-scripts-triggers-perform-scripts-on-vpn-connect-and-vpn-disconnect/ )
– PolicyPak Least Privilege Manager… SecureRun Automatic blocking of Non-Signed applications. (Video: https://kb.policypak.com/kb/article/976-least-privilege-manager-block-all-unsigned-with-securerun/ )
– Fixed: SecureRun not blocking and/or not blocking .BAT and .CMD. as expected.
– Fixed: SecureRun inadvertently blocking in-line applications.
– Fixed: PPLPM Email / Long Codes fixed with “Expires” parameter.
– Fixed: PPSCripts CSE fixed for hang on shutdown / restart.
– Fixed: PPBR Sitelist code fix for XML policy when it contains file:/// URL.

– PP Cloud:
– Cloud.PolicyPak.com now has ONE field set it in; so it works better with your password manager.
– PP Cloud Password reset page, fixed for all valid TLD domains.
– PP Remote Work Delivery Manager: More fields and a new tabbed UI for editing.
– PP RDP Manager: Import existing .RDP files.
– In-Cloud Licensing Threshold Notifications for Customers:
– Notifications / emails when licenses used hits threshold.
– Notifications / emails when non-used count hits threshold.
– Email and pop-ups when license is about to expire: 10 days, 5 days then 1 day before license expiration (but not for MONTHLY customers.)
– Emails for 2Fa and PPC Welcome email to show Company Name.
– PP Cloud Client fixed over port 443 in some cases.
– PP Cloud Client command line arguments are no longer case sensitive.
– PP Cloud Client will properly install and sync when TLS 1.0 is expressly disabled on target machine (no registry workaround required.)

9/1/2020: CSE 2543

CSE Bugfixes only:
– PP Least Privilege Manager: SecureRun fixed to correctly block .BAT / .CMD (inline commands.)
– PP Browser Router: When licensed via MDM, fixed routing fails.
– PP Browser Router: Sitelist / CSE problem when policy contains FILE:/// URL

8/21/2020: CSE 2536

New Component !: Remote Work Delivery Manager ! Deploy software and copy files from On-Prem or Web Shares. Want to deploy software to domain joined and non-domain joined machines? Now you can ! Works with On-Prem, Cloud, and MDM. See all videos here: https://www.policypak.com/products/remote-work-delivery-manager.html

New Feature: PP Least Privilege Manager + Admin Approval … with EMAIL ! Now you can know some inside details about what end-users are attempting to launch and run. They send you their request using Email, then you can approve them with “long codes.” See video: https://www.youtube.com/watch?v=s6qzARZnVGQ

New Feature: PP Scripts + Triggers… Logoff trigger! There’s no way to do “logoff scripts” with your MDM service. Now there is. Or pair it up with ILT to do a logoff script WHEN people are on laptops, etc.

Behavior change: PP Browser Router now stores user-selected browser (and other settings) in the user registry hive (which facilitates working with FSLogix and multi-Windows)

Fix: PPScripts + Triggers… Logon time delay was ignored. Now fixed.
Fix: SecureRun rule fixed for command line.
Fix: PPLPM Global Audit policies fixed reporting
Fix: Various other fixes.

PolicyPak Cloud:
New Component: Remote Work Delivery Manager is already licensed and ready to go in your tenant.
New Feature: “Lite” in Cloud Editor for Remote Work Delivery Manager. (Picture: https://share.getcloudapp.com/5zuGNevj )
New Feature: Full in-cloud RDP Link Manager editor ! (Picture: https://share.getcloudapp.com/geuzAkP0 )
New small thing: When you create policies, all options are shown at once. Saves you a click !

PolicyPak GP Compliance Reporter:
Now support for Remote Work Delivery Manager.

7/30/2020: CSE 2513

CSE Updates: New Component ! PolicyPak RDP Manager. See the video(s) at https://www.policypak.com/products/remote-desktop-protocol-manager.html
NOTE: You need to REQUEST an RDP Manager license from [email protected] !
CSE Update: New HUUUGE Feature: PolicyPak Triggers… for PolicyPak Scripts. See the video(s) at https://kb.policypak.com/kb/section/317/
CSE Update: Microsoft Teams support. See video: https://kb.policypak.com/kb/article/939-managing-teams-settings/
MMC updates: Bugfixes.
CSE Update: Other bugfixes.

PP Cloud updates:
– Emails now come from [email protected] instead from policypak.com and updates show your tenant name.
– Save state in PPC groups
– Support for PP RDP Manager (upload files only, not in cloud editors yet.)

PPGPCR updates:
– Fix for export on crash.
– Support for PP RDP Manager.

6/26/2020: CSE 2478

CSE updates:
– PPBR: IE in Edge “combined” support. STRONGLY recommended you pre-watch video for details: https://kb.policypak.com/kb/article/927-policypak-browser-router-internet-explorer-in-edge-mode/
– PPLPM: “Self Elevation” policy. https://share.getcloudapp.com/4gujPkXq STRONGLY recommended you pre-watch video before using: https://kb.policypak.com/kb/article/926-policypak-least-priv-manager-self-elevate-mode/
– PPLPM: F1 now works for SecureRun Block Message.
– Overall: If PP has a problem, the customer-message is improved.
– PPLPM: SecureRun Audit rule adjusted.
– PPBR Fix: User-selected browser is recorded better (instead of “falling thru” to IE).

PPGPCR updates:
– Added EXPAND ALL / COLLAPSE ALL functionality for large hierarchies
– Added functionality for refresh the group membership every X minutes
– Fixes for high DPI management station
– Fixes for Auditor not seeing built-in groups

PPCloud updates:
– New Cloud editor: Microsoft Restricted Groups (see video). https://kb.policypak.com/kb/article/925-policypak-cloud-restricted-groups-editor/
– Rename computer from in-cloud editor improved
– Enhanced PP Cloud Client error logging
– “IP Whitelist” renamed to “Allow current IP”

5/29/2020: CSE 2451

– Big Feature: PP Browser Router: Apply Default Browser One Time… then Drift !
– Big Feature: PP File Associations: Apply some (or all) file associations… then Drift!
– Little Feature: PP Least Priv Rename “Run as PolicyPak” to anything you like.
– Fix: PP App Manager: Firefox Addons now Disable/Enable as expected with FF ESR 68.0.1+
– Fix: File Information tool adjusts for , to .
– Fix: PPBRAgent fix with old Edge
– Other small fixes and stability issues.
– PP Cloud update (not in the CSE, but in the PP Cloud agent): Works now with VDI ! See the videos / KB, but some examples:
PPCloud.exe /sysprep
PPCloud.exe /sysprep /jointoken:AaIstqhlY/j+A9qtQjFkLFg=
PPCloud.exe /unregister
PPCloud.exe /unregister /jointoken:ARCPD+6778MfNzby1gXjJEI=

4/6/2020: CSE 2392

– No CSE update since 2362.
– MMC update for Oracle –> Java Rules Manager Import

3/6/2020: CSE 2362

PP GP & MDM editions:
– BIG FEATURE: PP File Associations Manager now works on USER SIDE (and works for non-domain joined machines with PPC and PPMDM) !
– BIG FEATURE: PPLPM Admin Approval Dialog box; now has F1 keypress to show “What’s happening.”
– BIG FIX: PP MMC snap-in now Un-furls 10x faster and fix flickering and freezing MMC issues.
– Medium feature: Disable CSE logs per CSE category via ADMX
– Updated behavior for PPLPM + non .EXE files and UNC paths.
– NOTE: Remote Drive-based rules will stop working.
– See details and updates you must perform in this KB if you’re elevating DRIVE MAPS for non-EXE rules: https://kb.policypak.com/kb/article/171-how-are-drive-maps-and-unc-paths-supported-in-policypak-least-privilege-manager/
– Update: PP Scripts unpacked location now protected from end user, and configurable via ADMX.
– FIX: PPSSM “What’s missing” icon now opens correctly in new edge.
– Update: PP Feature Manager for Windows renamed to Feature Manager for Windows 10 and Windows Server … and updated for all features in 20H1.
– FIX: PPScripts: Fix bug importing .VB and .VBS files
– New helper tool: “File Information Viewer” https://share.getcloudapp.com/Z4u5owvO

PP Compliance reporter:
– BIG FEATURE: Restrict PP GP Compliance Reporter Admin console from connecting when logged in user isn’t a member of an AD security group (requires SERVER and ADMIN CONSOLE to be updated.) VIDEO: https://kb.policypak.com/kb/article/874-enhanced-security-for-server/
– Fix: Added reporting information for unusual / unsupported policy types added PP Feature Manager and PP Scripts reporting support.

PP Cloud:
– BIG FEATURE: PP Browser Router automatically registers itself when deployed via PP Cloud !
– In Cloud Editors for PPLPM: EXE (simplified), Control Panel, SecureRun. Use the new File Information Helper tool from download to help you get signatures, etc.

2/6/2020: CSE 2339

– Improvements for PPLPM Admin Approval dialog: New support for environment and context variables in the AA dialog (clickable links, and copy-paste from the dialog.)
– MSI Product Code Output tool has been superseded by the new “File Information Tool” found in “Extras” folder.
– Fixed FF: Prevent Access to Local Files for FF 68 ESR

1/10/2020: CSE 2310

– PPBR now supports routing to and from the new Edge (also known as Chrome-Edge or “Edgium”). If BOTH OLD Edge and NEW Edge are on the machine, we route now ONLY to NEW Edge !
– It’s now possible to configure display name of how Windows 10 shows Browser Router Agent. For example, “Managed by your organization” or any other text may be displayed instead of PolicyPak Browser Router.
(Pic in Admin UI: https://share.getcloudapp.com/yAuL1KOJ )
(Pic in User UI: https://share.getcloudapp.com/P8uYQQ17 )

– Blocking of untrusted apps silently using SecureRun. So optionally show NO MESSAGE when something is not owned by someone on SecureRun list.
– Blocking of untrusted apps with custom messages using SecureRun

(Pic in UI of both of those features: https://share.getcloudapp.com/geurRRlW )

– Context variables in PPLPM custom block messages (e.g. %POLICY_NAME% or %PROCESS_EXECUTABLE_OWNER%). Pic in Admin UI: https://share.getcloudapp.com/NQuvllZG
– Clickable links (http, https and mailto) in PPLPM custom block messages
– Custom block messages are now copiable

(Pic in Admin UI: https://share.getcloudapp.com/9ZuNooXg )
(Pic in User UI: )

– PPLPM CSE now blocks most of background activities related to blocked apps silently
– PPLPM snap-in now suggests to add a File Info / Product Info condition when Signature Condition is being configured for an installer
– PPSSM and PPTBM now tries to locate the target executable in %PROGRAMFILES(x86)% when %PROGRAMFILES% is used and vice versa
– PPSSM now allows to select between a single-column and two-column Start Screen layout

(Pic in Admin UI: https://share.getcloudapp.com/E0uEyyXm )

– PPAM Firefox Pak: Bookmarks handler in PPAM now supports two new commands (Needs updated CSE)
– {Folder Path}, [{Root Folder},] remove-folder (e.g. Folder Name, remove-folder or Folder Name, toolbar, remove-folder). Please see #5916 for details
– [{Root Folder},] cleanup (e.g. cleanup or menu, cleanup or toolbar, cleanup). Please see #5972 for details
– Other Security enhancements, stability improvements and misc bugfixes

12/12/2019: CSE 2283

– One small fix for PPLPM where EXEs being run over UNC paths and removable drives would not elevate as expected

12/4/2019: CSE 2275

– One small fix for PPLPM where older EXEs without built-in manifests would not elevate as expected.

11/29/2019: CSE 2270

-An option to block apps silently when a PPLPM rule applies
-An option to block apps with a custom message when a PPLPM rule applies
-An option to disable Event Log / Audit events for an explicit rule
-Executable publisher and command line of the parent process are now logged when SecureRun or Admin Approval applies to a process
-PPFMW now allows to manage Win10 1903 and 1909 features
-PPJRM will now use the force attribute when Java 8 Update 22 or newer is available (even when an older Java version is also present)
-PPBR support for FrontMotion Firefox
-Fixed a bunch of PPATM snap-in bugs that led to incorrect results of policy processing
-Fixed two LPE vulnerabilities in PPLPM (PDF was emailed to customers.)
-Other bugfixes and stability improvements

10/18/2019: CSE 2228

– Fixed a few PPATM bugs including, customer-reported problem with ADMX / IE zone assignments. *NOTE: Both the Admin Console and CSE must be updated, and the policy must be re-created.)
– Fixed installation and removal of add-ons on FF 68 ESR. (NOTE: Now, it’s supported on FF 53 or newer.)
– Fixed crash in the PP: Programs tool when it fails to extract an icon

10/11/2019: CSE 2221

– Fixed PPMerge to run correctly on Win10 1809 or later (find GPMC naturally)
– PPAM: Now possible to make certs trusted for specific websites in PPAM pak for FF. (The syntax is C:\Certificates\Trusted.cer, 1, xyz.abc.gov:443, add-for).
– PP CSEs will now process XML policies in the alphanumeric order of the XML file names
– PPExporter allows to set Policy Layer to resolve conflicts between different “layers” of policies
– It’s now possible to run PPExporter as a non-admin user
– PPExporter now allows you to select built-in groups on NDJ machines
– PPAM: Fixed “Process this entry as user” when policies are processed by GPSVC on Win10
– Improved logging for Plaintext File Handler (e.g. used in the Java pak).
– (Need to use latest re-compiled Java Pak to use this feature.)
– Fixed a bug in the PPATM Admin Console causing REG_MULTI_SZ values to be written incorrectly for the policies exported to XML
– Fixed a bug in the PPATM Admin Console causing incorrect registry value names for ADMX list element when valuePrefix attribute is not set
– ADMX category containing PolicyPak settings has been renamed from PolicyPak to “PolicyPak ADMX Settings”

9/30/2019: CSE 2210

– Hotfix for the PPLPM crash. Caused by Action = Run with customized token and Base Token = Use the original user token.
(This is the only fix).

9/16/2019: CSE 2196

CSE and MMC update:
– The XMLDATA folder is no longer readable by users.
– PPJRM (Java Rules Manager) now allows to select the latest (as of the release date) Java versions
– PPAM (App Manager) and PPBR (Browser Router) browser extensions now work as expected on FF 68 ESR
– PPSSM & PPTBM CSE now supports Roaming User Profiles and Redirected Folders

9/16/2019: PPGPCR 2183

PPGPCR (Compliance Reporter) updates:
– Can now EXPORT results as HTML and CSV (#1 most requested feature !)
– Can now use SQL as database, instead of built-in SQLExpress (#2 most requested feature !)
– Can migrate from SQLExpress to SQL if desired. Known bug if you cancel this process; simply restart PPGPCR Service to get back to normal.
– Higher capacity of results accepted in SQL server.
– Can now scope results by OU and “Smart Filters”
– Windows 10 1903 and Server 2019 support added
– Database cleanup interval configurable via ADMX
– Test operations now faster
– Server Event logs moved to better place in Event Viewer
– Better high DPI and big monitor support
– Many bugs fixed.

8/30/2019: CSE 2177

Minor bugfixes to solve a handful of customer issues.
Fixed a few bugs in the PPSSM CSE
Fixed a PPTBM CSE resulting in a “detached”/second taskbar item for File Explorer when it runs
Fixed a bug in the GPO Converter Tool causing PPATM CSE not to process GPOs created in the tool
Fixed support of multi-line string fields (REG_MULTI_SZ) in PPATM and the GPO Converter Tool
Added ADMX policy to prevent PPExtensionService from syncing policies when user logs in
“Run with PolicyPak” context menu item will now be re-added automatically if it gets removed during Windows upgrade

7-23-2019: CSE 2141

Minor bugfixes to solve a handful of customer issues.
1. Fixed PPFAM issue when an app installed to Program Files (64-bit) is opened from a 32-bit process
2. Added ADMX policy to disable PPAM reapply on launch
3. When reapply on launch is disabled in a Pak, no code injection will be performed; effectively preventing compatibility issues if any exist.
4. PPSSM CSE will now set the StartLayout under unusual conditions.
5. PPSSM and PPBR logging improvements

6-27-2019: CSE 2109

New PP Least Privilege Manager updates !

1. Increased security for SecureRun: https://kb.policypak.com/kb/article/805-policypak-least-priv-securerun-to-block-user-and-system-executables/
2. Increased security for blocking PowerShell and other system files: https://kb.policypak.com/kb/article/792-pplpm-block-powershell-in-general-open-up-for-specific-items/
3. Increased security for elevating apps, but BLOCKING Domain Admins or other local admins: https://kb.policypak.com/kb/article/806-policypak-least-priv-elevate-apps-as-standard-user-block-other-admins/
4. Ability to “right size” SERVICE ACCOUNTS permissions: https://kb.policypak.com/kb/article/804-policypak-least-priv-manager-reduce-or-specify-service-account-rights/

Text based KB Article on all four features: https://kb.policypak.com/kb/article/807-how-when-and-why-would-i-use-the-scope-filter-section-in-policypak-least-privilege-manager/

5. PolicyPak Scripts Manager can now ELEVATE user side scripts. So if you have a script which needs to run in USER CONTEXT, but you need that script to run elevated… there’s now a magic checkbox for that!

Known issues: PP Taskbar manager might launch another unexpected process. No ETA on fix.

5-31-2019: CSE 2087 (other items, like MMC console, etc. are at build 2081)

1. A few more fixes for PP Start Screen items
2. New Helper tool: GP vs. MDM Settings Analyzer ( https://kb.policypak.com/kb/article/789-policypak-free-tool-group-policy-and-mdm-settings-analyzer/ )
3. New feature: Trim what admins see in MMC console ( https://kb.policypak.com/kb/article/786-policypak-trim-the-mmc-console-for-ou-admins/ )
4. New feature: IE Sitelist to PPBR Routes ( https://kb.policypak.com/kb/article/787-policypak-internet-explorer-to-policypak-browser-router-site-lists/ )

5-24-2019: CSE 2081

1. Stability improvements for PPBR.
2. Stability improvements for PPLPM.
3. Updated error message if PP Service has a problem.
4. Exception handling if PPLPM tools has a problem.

5-13-2019: CSE 2067

1. Stability improvements for PPSSM.
2. PPSSM bugfixes.
3. New tool: Group Policy and MDM Settings Analyzer (see PDF release notes and videos).
4. Allow snap-ins hiding with ADMX.
5. PPLPM: support for catalog-signed files.

3-14-2019: CSE 2010

Minor update to fix malformed PPLPM XML. Cloud customers on 1988 or later will automatically get this build.

3-12-2019: CSE 2007

Three big PPLPM features:
1. PPLPM “Discovery Auditing.”
2. PPLPM Block & Allow UWP applications.
3. PPLPM Manage Security of Child Processes.

2-20-2019: CSE 1988

1. PolicyPak Feature Manager for Windows
(see PDF release notes and videos).
2. PolicyPak Least Privilege Manager
(see PDF release notes and videos).
A. Admin Approval
(see PDF release notes and videos).
B. On-Demand rules
(see PDF release notes and videos).
C. Event Logs for applied rules
(when a process is Elevated or Allowed by a rule, or Blocked by a rule or SecureRun)
(see PDF release notes and videos).
D. Fixed non-working elevation when LSA protection is enabled

E. Fixed incorrect SecureRun state in ADMX reports

3. PolicyPak Browser Router

A. Open link in a new tab (Experimental)

B. Fixed non-stop routing in FF60

C. Fixed zone-based rules on VDI

4. PPJava Rules Manager
A. New Java versions available

5. Misc

A. Computer-side and switched mode PolicyPak policies will now be downloaded and processes when user logs in

B. ILT bugfixes

C. Stability improvements (fixed a bunch of crashes, issues related to handling PPCloud/MDM/XMLData policies, etc.)

 

12-14-2018: PPGPCR

1. PPGPCRServer failed to start.
2. PPGPCRServer install without internet.

10-11-2018: CSE and MMC update 1856

1. Added new PP Least Privilege Manager “Helper Tools”. See the videos in the Video Learning Center.
2. Fixes problem where LT doesn’t see licenses installed.
3. Adds latest version of Java within PPJRM dropdown.
4. Other misc. hotfixes for specific customers to fix specific problems.

9-27-2018: MMC update 1842

1. Added new Java versions.

9-3-2018: CSE update 1808

1. Misc fixes for PPBR.
2. Chrome now exempt from Reapply on Launch.
3. ADMX updates to block AppLock on demand.
4. Fixed PP Start Screen & Taskbar manager: Stickynotes and other interesting items.
5. Other PPSSM bugfixes.
6. Fixed misc. customer-reported crashes in PPBR and some PP Services.

7-27-2018: CSE update 1779

1. PPBR: FF61 support
2. Bugfix in PowerShell
3. Bugfix in PP Merge tool

3-28-18: CSE update 1659. (Non-critical update)

1. Added support for PPSSM + Citrix links.
2. Added support for IE links.
3. Updated PPBR Error message.

3-20-2018: CSE Update 1649: Some CSE, Admin Console, and Extras tools updates.

1. Fixed a crash in PPBR agent.
2. Bugfix in PP Merge tool.
3. Tooltip enhanced for PPBR + RegEx and wildcard.
4. GPMC/ADM Reporting fixed for PP Start Screen Manager.
5. Misc CSE bugs.

3-2-2018: CSE update 1638

1. New PolicyPak Scripts Manager Component !
2. Lots of bugfixes; around PolicyPak Browser Router.
3. Lots of other misc bugfixes.
4. Updated EULA with minor changes.

12-19-2017: CSE update 1560.

1. New PolicyPak Start Screen & Taskbar Manager Component.
2. New tool: Auto-Rules Generator for PolicyPak Least Privilege Manager !
3. New function: Launch external apps from Firefox (Like Adobe Reader) instead of Firefox’s internal viewer !

11-14-2017: CSE Update 1524 / hotfix build. So, no new big features yet. Fixes are:

1. Updated PPLOGS.EXE program to change extensions of executable and other dangerous file types (.exe, .js, .reg, etc.)
2. Fixed PPCloud + MS PowerPoint issue.
3. Fixed PPLPM elevation for users that have “powerful privileges”. For instance, if end-user had Load Driver privilege for their users, and this caused PPLPM to NOT elevate Device Manager properly.
4. Improvements for PPBR upgrade scenarios / default browser reset.
5. Fixed memory leaks in PPBR.
6. Fixed PPFAM failures when HKLM\SOFTWARE\Policies\Microsoft\Windows\System doesn’t exist
7. Improved PPWatcherSvc logoff and shutdown handling. The “This program prevents Windows from shutting down” should no longer occur, and we also changed display name from PPWatcherLogoffListenerWindow32 to PolicyPak AppLock Service.
8. PPAM logon time improvements when sync policy processing is enabled
9. Significant performance improvements in PPLPM
10. Fixed PPLPM SecureRun for local users
11. Fixed PPLPM SecureRun blocking PPBR routing to Edge
12. Fixed PPLPM MSI rule to match MSI with Lower Than {version} / Higher Than {version}
13. Fixed PPFAM support for apps with ambiguous command lines (e.g. Claws Mail, which doesn’t follow MS guidelines on app registration)
14. Logs rotation should no longer trigger “reboot pending”
15. PPAM and PPBR support for FF57 (FF Quantum)

8-17-2017: CSE Update 1434 with Major and Minor fixes:

1. See PDF for 3 pages of updates and fixes. Key features, however are:
2. PPBR: Edge Support (see video first.)
3. PPLPM: Link to COMPUTER, but now filter BY USER / USER GROUP.
4. PPBR: Chrome support for non-domain joined machines (see video first.)
5. PPAM: FF44 and FF55 Bookmark support.
Again: MANY other updates and fixes. Strong recommendation to upgrade.

7-20-2017: CSE Update 1407 with minor fixes:

1. Fix for PPLPM Certificate Rules not applying when machines were not Internet connected.
2. Fix for PPLPM + scripts with two \ chars.
3. Fix for PPBR + FF 54 not seeing each other / not working.
4. Fix for PPLPM + Citrix profiles pop-up problem.
5. Fix a Log Rotation issue.
6. SecureRun tweaked to permit MSIs, etc. to call sub-processes .BAT files during installs.

7-6-2017: MMC update fix only.

1. Fix in PPAM: Creating ADM settings reports restored.

6-21-2017: Build 1379

1. Bugfix for some customers with User side PPLPM not functioning.
2. Bugfix for one of the services being held at logoff/ reboot.

6-14-2017: Build 1371

A TON OF NEW STUFF. See the PDF. Highlights:
1. New component: PolicyPak File Associations Manager !
2. Updated: PPLPM Scripts elevation !
3. Now use PolicyPak with your MDM service (AirWatch, MobileIron, Intune.)
4. Free utility: PP GP Converter to COMPRESS / Reduce GPOs !
Videos for everything in the PDF !

4-27-2017: Build 1281

1. Fixed Firefox 53 issues with Browser Router.
2. Added feature to enable Browser Router to take command-line arguments for browsers, like –incognito and so on.
3. Misc performance and other bug fixes.

2-22-2017: Build 1260

Overall:
1. Fixed High CPU usage.
2. Fixed problem when XMLdata files are used.

PPAM:
– New ADMX setting to pre-delete registry keys before the PPAM CSE runs. – Helpful especially with Chrome Pak which will not revert correctly without this setting.

PPATM:
1. Now the policy chooser UI will stay in place until you close it; enabling you to specify multiple policies at once.>>
2. Window size and shape will persist its size and…
3. Location will persist of last location you were in the tree view state.

PPBR:
1. IE / other browsers will now come to the foreground when invoked. (Bug #1715)
2. Logging fixes and other Internal changes

PPJRM:
1. Now match on Latest available Java in family

PPLPM:
1. Support to elevate MSI applications via rule
2. Support to automatically block MSI applications via SecureRun(TM)

PPGPCR:
1. The major change is that the Auditor.exe will only run now (by default) when GP successfully processes background GP refreshes. ADMX files provided to change this behavior if desired. Please see the manual in Chapter 3 (Tuning and Troubleshooting) to understand the new behavior or revert to the original behavior.

Other features and fixes in PDF notes.

12-29-2016: Build 1204

– All products: Fix for RDS; was keeping session open at logoff in CSE.
– Item Level Targeting; fix for local admins and timing of first application of Item Level Targeting in CSE.
– Fixed “Not applying license” problem in CSE.

11-25-2016: Build 1171

– PPLPM: Elevate PowerShell Scripts
– PPLPM: MMC console lets you import from computer or user side
– PPBR: Future builds at upgrade won’t prompt or reset default browser
– PPBR: Other bug fixes

11-21-2016: Build 1167

– New Chrome “Clear Browsing Data”: http://screencast.com/t/Pyc2dmS0
– Multiple PP Browser Router Issues resolved.
– Bugfix for those with MS KB3163622 / MS 16-072
– Fix for ILT + PPLPM
– Other PPLPM fixes
– Firefox ppLockdown file fixed on TS
– Note: No new PDF for “What’s new / Build Summary”

11-3-2016: Build 1149

– New Component: PolicyPak Least Privilege Manager !
– Amazing new Firefox updates !
– Major and minor bugfixes !

9-19-2016: Build 1098.

-Fixed slowdown issue with PPBR and FF and IE.

8-25-2016: Build 1069b (MMC is 1079)

-Fixed MMC snap-in bug where PPAM wasn’t writing ADM reports

8-18-2016: Build 1069

-New features in PPBR.
-New feature for Firefox + Certificates
-Fixes for PP Preferences