Remember that PolicyPak acts as part of the operating system and you should do SMALL SCALE testing before rolling it out broadly.
Tip: Reminder on how to upgrade SMALL SCALE to LARGE SCALE testing and upgrades for GP and MDM with RINGS: https://kb.policypak.com/kb/article/1094-using-rings-to-test-and-update-the-policypak-client-side-extension-and-how-to-stay-supported/ and now https://kb.policypak.com/kb/article/1128-how-can-i-roll-out-latest-policypak-cse-with-active-directory-in-a-controlled-manner-using-rings/ Tip: Reminder on how to upgrade SMALL SCALE to LARGE SCALE testing and upgrades for PP Cloud with GROUPs to latest CSE in PPcloud for small scale testing: https://kb.policypak.com/kb/article/791-policypak-cloud-groups-cse-updates/7/24/2024: PolicyPak Build number 24.7.3969.1207
Removed “Self Elevation or Admin Approval on Double-Click” feature.
This feature was reported by some customers as not working when certain policies were delivered to the endpoints. As such, we’ve pulled the feature reverting back the behavior to 24.6.
Therefore this ADMX https://share.zight.com/YEuwb5Gk and this demonstration will not work on this build https://kb.policypak.com/kb/article/1342-admin-approval-vs-self-elevate-double-click-behavior-switch-by-admx/
Rollouts should be to this version 24.7.3969 and not to the previously shipped, and now unsupported 24.7.3953.
You may do an in place upgrade of any previously-supported version (say, 23.6 or 23.7.3953 to 24.7.3969.)
ONLY the CSE needs to be updated if you’re already using the 24.7 MMC snap-in / console.
Quick details are as follows:
- Bug where Admin Approval opens up Admin Approval Dialog and UAC dialog: https://share.zight.com/JruEJqb0
- Bug where Admin Approval Codes are not accepted by CSE: https://share.zight.com/v1u9p4DY
- Correct build is 24.7.3969 where Admin Approval bugs are reverted, but also the “Process Detect” feature is removed: https://share.zight.com/8LuNOn7z
Other known bugs (which are also in previous versions and not fixed in this release):
- Windows 11 Right-click “PolicyPak” Context menu may be absent: Workaround is to use Show more options like what’s seen here: https://share.zight.com/nOu7ZX97
- Windows 11 Right-Click “PolicyPak” Context menu is present, but AA dialog doesn’t accept short codes. Example: https://share.zight.com/qGubmOqr . Workaround is to use Double-click to launch AA or use Show More options.
- Windows 11 Right-click “PolicyPak Context menu is present, but clicking Show More options doesn’t show the PolicyPak options. Workaround is to use PolicyPak Context menu.
For now, if you are on a build previous to 24.7.3953, you can use your currently installed version until our next CSE is released where we hope to have rectified the above concerns.
Said another way, you don’t need to upgrade immediately from pre-24.7 builds to 24.7.3969.
Customers who are using 24.7.3953 with the known “Process Interception” bug are encouraged to transition to this release with the feature removed.
7/10/2024: PolicyPak Build number 24.7.3953
PolicyPak Least Privilege Manager
DFS Paths now fully resolved on the client.
Now the CSE will enumerate all possible servers in PolicyPak Least Privilege Manager rules.. (update: https://kb.policypak.com/kb/article/171-how-are-drive-maps-and-unc-paths-supported-in-policypak-least-privilege-manager/)
Self Elevation or Admin Approval on Double-Click (changeable by ADMX)
Now you can change the default end-user behavior if they double-click on an application which requires elevation to trigger EITHER Admin Approval (default) or Self Elevate. Here’s the ADMX setting to make this change: https://share.zight.com/YEuwb5Gk Video demo of this feature: https://kb.policypak.com/kb/article/1342-admin-approval-vs-self-elevate-double-click-behavior-switch-by-admx/
PolicyPak Device Manager
ADMX Setting to now block Device Manager operation
In case you want to be licensed by Enterprise or Enterprise Full license, but want to turn off Device Manager by ADMX you can now use this setting. Use the details from this Video demo.
Misc PolicyPak Fixes & Updates:
- EULA RTF Text is now replaced with a link to Netwrix EULA on Netwrix.com website
- PolicyPak Group Policy Compliance Reporter: Now works with non-English operating system, honors Enterprise Full licenses, requires .Net 4.8 and contains misc fixes.
- PolicyPak Network Security Manager: Fixed incorrect order of processing policies
- PolicyPak Network Security Manager: Fix CSE occasional crash
- PolicyPak Network Security Manager: Fixed error during message box presentation
- PolicyPak Network Security Manager: Fixed policies set to block port 24 causing all processes
- PolicyPak Least Privilege Manager: Fixed sparse package installation causing PolicyPak Least Privilege Manager service to crash
6/13/2024: PolicyPak Build number 24.6.3925
General & UI Updates
MMC Updates: Now see “what changed” inside a Group Policy Object + Rollback
If your policies change over time, you might be curious what changed. Or if you had a situation requiring a rollback to a particular policy or multiple policies, you would have to use backup/restore to perform a wholesale restore. Now you can view incremental changes to most PolicyPak policies and/or rollback as needed. Video demo.
Standalone Policy Editor: No GPMC? No problem.
New tool in the “Extras” folder allows those without a GPMC to create new PolicyPak Policies, and export to XML or straight to MSI. Useful for those teams which want to walk away from any attachment to GPMC and create policies on standalone machine. Some restrictions (like Item Level Targeting) still apply. Video demo.
Increase compatibility with system level software with Process Exclusions
We already have guidance about how to teach your system-level or Anti-virus software to play nicely with PolicyPak. (Here’s the link.) However, starting with this CSE, you can now go the “other direction” and teach PolicyPak how to skip over and not get entangled with specific processes. Video demo.
PolicyPak Least Privilege Manager
Create Rule from Audit Entry improvements
When using the MMC to “Create Rule from Audit Event” not every field was available. This is fixed. Old UI example here. Improved UI example here.
PolicyPak Device Manager
Email link for users to click on to request device access
Now when Device Manager kicks in, your users can request access via email.Video demo.
PolicyPak for MacOS Updates
Finder Policies now available
This policy type allows you to overcome file permissions in the Finder. The main use case is to enable a user to install a DMG or application installer file without requiring admin rights. Video demo.
Privilege Elevation Policies now available
This policy type allows you to overcome application requests for installations. For instance “helper applications” within Firefox and similar. Video demo.
PolicyPak Cloud Updates
PolicyPak Cloud Client 24.6 now available.
We sent out a special bulletin about this being available. This version has all the latest fixes and attaches your endpoints to the “go forward” backend infrastructure at PolicyPak Cloud. We recommend all new endpoints you join to PolicyPak Cloud use 24.6 and you should start updating your groups to PolicyPak Cloud Client 24.6. Reminder of how to upgrade specific groups in PolicyPak Cloud found here.
Parent Process Filter for PolicyPak Least Privilege Manager UI now available
Last iteration we shipped a new method to tie a PolicyPak Least Privilege Manager rule to a parent process. That UI is now available in PolicyPak Cloud found here.
Misc PolicyPak CSE, MMC and Tools Fixes:
- PolicyPak Package Manager now removes Teams by ID.
- PolicyPak Least Privilege Manager Validation fixing during parsing for Event
6210s - PolicyPak Least Privilege Manager Recommends best practices in main editor
and in Parent Process selector when Signature only is selected. - Copy / Paste fixed for PolicyPak Scripts editor
- PolicyPak Printers: Fix for “Error: Cannot create shared printer.”
- Lots of other fixes in many other areas.
PolicyPak for MacOS Updates & Fixes:
- Fix for user being prompted twice for credentials to install the app
- Fix for mounting in home path
- Fix for System error when trying to open system setting with Deny policy
- Fix for policies not applying when more than one in queue
PolicyPak Cloud Updates & Fixes
- PolicyPak Cloud Policy Order alongside Enforce is fixed
- Computers (Collected Events) reporting fixed
4/29/2024: PolicyPak Build number 24.4.3877
Netwrix is pleased to announce the general availability of Netwrix PolicyPak build number 24.4. With this release you will be able to benefit from the following:
MDM Method Updates
License detection improvements
This update is recommended for all customers using PolicyPak alongside an MDM provider like Intune. We’ve updated the detection method for your MDM provider; which could improve licensing detection. Again; a strong recommendation for all PolicyPak customers using MDM to immediately upgrade so that your license remains detected.
PolicyPak Least Privilege Manager
More Secure Command Line Arguments now available
While this feature may be used in a variety of uses, it was created to address a concern to help get “New Teams” installed. Please refer to this KB on how to how to use it specifically if you have Admin Approval enabled and need to upgrade to latest “New Teams” using PolicyPak Least Privilege Manager:
General & UI Updates
Big changes for CSE “Grace Period”
In previous versions of the CSE the Grace Period was bound to a pop-up that users would get alongside the Grace Period. Starting with this version of the CSE, there are very broad changes to the Grace Period and user-based pop-up. Please get familiar with the update to this CSE and onward: https://kb.policypak.com/kb/article/1250-how-do-i-make-the-grace-period-licensing-pop-up-go-away/.
- The Grace Period automatically starts if a machine transitions to unlicensed or partially licensed.
- The Pop-Up is NEVER shown to end-users unless the new ADMX is Enabled and configured (so a change from Always to Opt-in.)
- Non-Licensed and Partially-licensed state will ONLY be noted in Windows Events. (And, of course, the output of the PPUPDATE command.)
Indications to use Netwrix Support instead of previous method
Misc PolicyPak CSE, MMC and Tools Fixes:
- Automatic uninstall of the CSE fixed during an upgrade
- Fix for PolicyPak Least Privilege Manager when customer VBscripts are used with //nologo
- PolicyPak Least Privilege Manager Admin Approval Long code now works with Ctrl-V
- PolicyPak ILT improvements for WMI conditions
- MMC fixed around characters accepted to link to Netwrix Auditor
- PolicyPak Least Privilege Manager + MSI Products improved for EMC NAS
- PolicyPak Least Privilege Manager Fix for “Self Elevation Justification text is not being accepted.”
- PolicyPak Preferences Registry fix for ACL Control and Registry Keys
- PolicyPak Least Privilege Manager Improvements when user attempts to delete large files
- PolicyPak Application Settings Manager fixes alongside Mozilla Firefox and crashes and dumps
- Lots of other fixes in many other areas.
PolicyPak Cloud Updates & Fixes:
- Add Wi-Fi Category for PolicyPak Least Privilege Manager for Mac
- Fixes for mass deletion of computers from Computers group or Deleted Computers Group.
- New feature for PolicyPak Least Privilege Manager for Mac / Mount & Unmount Policies. https://kb.policypak.com/kb/article/1327-policypak-least-privilege-manager-for-mac-mount-unmount-part-i/ and https://kb.policypak.com/kb/article/1328-policypak-least-privilege-manager-for-mac-mount-unmount-part-ii/
- Fix for PolicyPak Scripts In-Cloud Editor fixes schedule based triggers
- Fixes for PolicyPak Network Security Manager validations
- Other miscellaneous fixes
3/11/2024: PolicyPak Build number 24.3.3831
Hotfix Updates:
- Problem with Java certificate growing too large.
2/28/2024: PolicyPak Build number 24.2.3821
Hotfix Updates:
- Misc security updates
- CSE Installer hangs or rolls-back during install (ppupdatew hang)
- PolicyPak Least Privilge Manager fix when customer VBscripts are used with //nologo
- PolicyPak Scripts Manager crash during shutdown
- PP Merge Helper Tool Updated when handling Microsoft Security Settings
- Rename of PPLPM ADMX Setting “Check for certificate revocation…” to “Prevent certification revocation on file signatures verification”
- PP Device Manager: Fix for filter showing only one option in the list
2/06/2024: PolicyPak Build number 24.2.3799
General & UI Updates
Netwrix PolicyPak Now Supports Windows 11 Context Menus in the CSE
By popular request, Windows 11 right-click context menus are now supported for end-users. See KB about this new feature
here. Note: Windows 10 style menus do not change on Windows 10.
Netwrix PolicyPak End of Life for PolicyPak VPN Manager
It was announced last year that the first build of 2024 would stop PolicyPak VPN Manager policies from processing. As such, this build is the first to stop processing PolicyPak VPN policies. MMC snap-in / UI elements were removed in previous builds.
Netwrix PolicyPak End of Life for Unsupported Windows OSs
It was announced last year that the first build of 2024 would prevent PolicyPak CSE from installing on non-Modern operating systems. As such, previous builds might have installed, but not all features were available. Starting with this build, only modern Windows is supported, like Windows 10 and 11 and Server 2019 and Server 2022.
PolicyPak Least Privilege Manager
Improved Self Elevate Context Menu
Self Elevate right-click flyout is improved if both Self Elevate and explicit rules would apply to the same executable. Now if Self Elevate is selected AND there is an explicit rule which would automatically perform the elevation, the explicit rule will apply (and not Self Elevate.)
PolicyPak Network Security Manager
DNS Name Support
Network Security Manager can now specify domain names to allow or block (in addition to IP addresses.).
Video demo.
Misc PolicyPak CSE Fixes:
- PolicyPak Preferences 2.0 Shortcut Item: Now creates folder on-the-fly if it doesn’t exist.
- PolicyPak Scripts & Triggers: MMC fix to always show “With elevated rights” checkbox.
- PolicyPak Scripts & Triggers: MMC fix to always show all months in Monthly trigger fixed.
- Elevating CLSID {7007ACD1-3202-11D1-AAD2-00805FC1270E} (change NIC properties) fixed.
- Some CSE upgrade scenarios from 23.10 to latest fixed.
- PolicyPak Least Privilege Manager SecureRun™ first block prompt slow is now fixed.
- PolicyPak Least Privilege Manager Right-click evaluations for very large files now fixed.
- PolicyPak Least Privilege Manager has new ADMX option to turn off Certificate Revocation Checking. This option is NOT recommended, but available if revocation checking takes too long. Screenshot here.
Misc PolicyPak Group Policy Compliance Reporter Fixes:
- PolicyPak Group Policy Compliance Reporter now honors Enterprise Full licenses.
PolicyPak Cloud Updates & Fixes
- PolicyPak Cloud + ARM installer support now available per customer. Screenshot here and here.
- PolicyPak Least Privilege Manager + PolicyPak Netwrix Privilege Secure how has “Enable certificate bypass” checkbox. Screenshot here.
- Emails coming from new email service (no action needed.)
- Mass deletion of computers now available when viewing Computers list
- PolicyPak VPN Policies retired
- PolicyPak Least Privilege Manager Policies can have user SID added
- PolicyPak Least Privilege Manager Policies can have “Force user to reauthenticate” checkbox
- Event Reporting fix for very large reports which caused CSV truncation
- Event Viewer fix for very large eventing display (>5 million records).
1/12/2024: PolicyPak Build number 24.1.3775.756
12/12/2023: PolicyPak Build number 23.12.3745.1241
General & UI Updates
Netwrix PolicyPak Now Supports ARM Processors for CSE and MMC
Netwrix PolicyPak ships with ARM support; the CSE is fully functional for all PolicyPak Components including PolicyPak Least Privilege Manager. MMC snap-in is fully functional to create PolicyPak rules as well. See demo and setup video here. See supportability statement about ARM processors here.
Note: ARM support will generally ship 4 times per year, and lag somewhat behind normal builds. The latest ARM build will always be in the download so you’ll never need to guess which one is latest. For instance, ARM support will not ship with NTFS traverse or some of the other updates mentioned in this build, since it will lag behind somewhat.
Note: ARM CSE will be supported alongside PolicyPak Cloud next iteration (Jan / Feb timeframe).
Netwrix Auditor now in MMC fly-out menus
Once PolicyPak to Netwrix Auditor connection is established, now you can quickly open Netwrix Auditor from right-click menu. Example: https://share.zight.com/E0um1wGx
PolicyPak Merge Tool Enhancements
Now you can export all settings to PolicyPak XML during the merge process instead of having to necessarily put the items into a Group Policy Object. Example: https://share.zight.com/kpuRqXPr
PolicyPak Least Privilege Manager
NTFS and ACL Traverse Policy
Now you can specify which processes can read, write, delete, etc any file, folder or registry location. For instance, let users modify the hosts file, remove files from All Users Desktops, or have your applications overcome UAC prompts when attempting to modify system registry locations. Multiple demonstration videos are here.
Additional Details now in logs
Log files are enhanced to provide which user ran the process https://share.zight.com/4guRBYyZ . New log type for event 1010 when NTFS & ACL Traverse is used. https://share.zight.com/E0um1xwx
PolicyPak RDP Manager
Digital Signing RDP Files
Now you can automatically digitally sign your RDP files. Screenshot: https://share.zight.com/nOuQZEGD Results: https://share.zight.com/geu1N85X
Misc PolicyPak CSE Fixes:
- WinGet Policies on PolicyPak Software Delivery Manager now work on Windows 10; but WinGet must be pre-updated to 1.6 on Windows 10.
- ILT Evaluations will continue even if malformed with empty computer name.
- PolicyPak Merge tool enhanced high DPI support
- MMC fix for specifying Netwrix Auditor URLs
- CSE/ Cloud policy was applying by stating wrong/old Policy Name
PolicyPak Cloud Updates & Fixes
- Immutable log items now go to the PolicyPak Cloud to Splunk Connector
- PolicyPak Cloud supports PolicyPak Software Package Manager’s Winget policies
- Computer list filter improved for massive searches
- Computer group collapse / expand feature fixed
- Fix when uploading user-side policies with ILT to PolicyPak Cloud
11/2/2023: PolicyPak Build number 23.10.3703.184
This is a hotfix release to solve for Firefox 115+ with PolicyPak Application Management and PolicyPak Browser Router.
We have an extensive KB article which is a “must read” before deploying the CSE an Firefox 115+.
Please read it here: https://kb.policypak.com/kb/article/1303-firefox-how-do-i-make-application-settings-manager-work-with-firefox-115-and-later-and-how-do-i-transition-existing-settings/
Note: We know of an issue with PolicyPak Software Package Manager and Winget policies. They were working on Windows 10 and Windows 11, but Microsoft made some kind of breaking change, and now our policies only work on Windows 11. We are working to resolve this in a future release.
And do please ask questions to [email protected] before deploying large scale testing.
10/18/2023: PolicyPak Build number 23.10.3683.1030
Netwrix is pleased to announce the general availability of Netwrix PolicyPak build number 23.10.3683.1030 With this release you will be able to benefit from the following:
General & UI Updates
Netwrix PolicyPak Integration with Netwrix Auditor
Netwrix Auditor does a great job at tracking Group Policy changes. But it was sub-optimal to specifically launch Netwrix Auditor, find the Group Policy Object and look JUST for the PolicyPak changes. With this integration, you can see your PolicyPak changes within Netwrix Auditor in one click. Demo and Setup videos here: https://kb.policypak.com/kb/section/446/ . KB with step by steps instead are here: https://kb.policypak.com/kb/article/1298-how-do-i-configure-the-mmc-snap-in-to-open-gpos-in-netwrix-auditor/
Network Security Manager MMC Snap-in Hiding
You can now use the ADMX setting to hide Network Security Manager from the MMC. See KB for details.
PPUPDATE License Expression now fixed
Licenses from multiple sources now more accurately reflected.
Drag & Drop of Collections Improved
Fix in MMC so copies are created with unique name instead of an overwrite.
PolicyPak Least Privilege Manager
Updated Logging Improvements
PolicyPak Least Privilege Manager Events of type 1000+ and 2000+ now have additional details: File Version, File Hash, Publisher, Owner Name and User Name. Example improvement screenshot.
Netwrix PolicyPak and Netwrix Privilege secure share the same client-side extension. For more details on updates to the MMC click here. For more information on upgrade paths for Netwrix Privilege Secure, click here.
Admin Approval “Wins” over SecureRun
Sometimes Admin Approval credentials didn’t work when SecureRun was also engaged. This fix ensures that Admin Approval wins over SecureRun.
Admin Approval Tool fix for HighDPI
Sometimes Admin Approval tool would be cut off and not show all fields with High DPI.
Fix for “Apply to child executables”
Sometimes PolicyPak Least Privilege Manager would apply privileges to child executables even when not desired.
MMC updates and fixes
Allow and Log rules fixed so unrelated options are automatically hidden.
Network Security Manager
Email Request to un-block a user
New option in Network Security Manager to enable customer to prompt user to send email to support desk to un-block processes restricted by Network Security Manager. Setup screenshot. Result screenshot.
8/31/2023: PolicyPak Build number 23.8.3641.753
Netwrix is pleased to announce the general availability of Netwrix PolicyPak build number 23.8.3635.722. With this release you will be able to benefit from the following:
General
PolicyPak User Interface
PolicyPak Least Privilege Manager node is now tucked within a new Top-Level node called Netwrix Privilege Secure. No PolicyPak policies are affected with the UI update. Details about the UI update and how Netwrix Privilege Secure customers can upgrade from Netwrix Privilege Secure MMC to PolicyPak MMC here.
Bug Fix for Logons
Deadlock issue resolved for the “Program blocked by Group Policy” during logon.
Bug Fix for Logouts
Fixes occasional black screen issue on logout
Network Security Manager Disablement
You can now use the ADMX setting to disable Network Security Manager. See KB for details.
Update for Unsupported Operating Systems
The current build isn’t compatible with Windows 7, 8, Server 2008 R2, or Server 2012 R2. A separate “hotfix build” is available for these OS, but it lacks the new features. For this hotfix, email [email protected]. Note that there will be no further support for these older systems. Specific support details can be found on the PolicyPak website. For more information on Windows 7 support, click here. For more details on other supported operating systems, click here.
PolicyPak MMC Updates
Netwrix Privilege Secure Node
The MMC now has a new “Netwrix Privilege Secure” node, with PolicyPak Least Privilege Manager nested within it. This UI change doesn’t impact any policies. Netwrix Privilege Secure customers can find upgrade details for the PolicyPak MMC
here.
PolicyPak VPN Manager Node Removal
The PolicyPak VPN Manager MMC snap-in has been removed. However, the CSE will process VPN Manager policies until Jan 2024. Refer to the PolicyPak VPN Manager Sunset announcement for more details.
MMC Policy Improvement
Prefixes added to duplicated policies to avoid confusion.
PolicyPak Cloud Improvements
- Brand new “PolicyPak Network Security Manager” in-Cloud Editor
- PolicyPak Scripts & Triggers In-Cloud Editor now supports “Event Triggers” editing
- Immutable log viewer now has CSV download option
- Immutable log now expresses Azure AD Access Configuration modifications
- Updated PolicyPak Cloud Client for Windows with misc improvement including improved logging with Event ids
- New MacOs Client version which utilizes new synchronization engine. Warning: You need to update your Mac clients to this version before the end of September to keep synchronization to Macs working, as we expect to turn off the old synchronization engine service at that time.
PolicyPak Product and Licensing Updates
Enterprise Full License Type
Starting with this CSE, we support the ‘Enterprise Full’ (or Enterprise+) license. Please read the entire KB here before requesting an Enterprise Full license from Support.
Enterprise Full License Instructions
Customers with PolicyPak Enterprise entitlements can request Enterprise Full license keys by emailing [email protected], using the subject “Enterprise Full Key Request for <your company name>.” Requests will typically be processed in the order they’re received. It’s essential to note that these licenses will only be valid on endpoints with CSE version 23.8.3635.722 installed. While you can request the key now, it’s recommended to install them alongside your controlled 23.8.3635.722 rollout. For further insights on licensing, refer to the updated KB article titled “How can I tell how a machine is licensed?”
PolicyPak Software Package Manager and WinGet Delivery
Winget Delivery
You can now distribute policies using WinGet, alongside GPO, Cloud and MDM joined with features like Item Level Targeting. Learn about delivering packages with WinGet, discovering interesting WinGet packages with WinGet-Run, the Software Package Manager Helper tool, and how to install WinGet on Servers if needed (Unsupported.)
AppX Fix
We’ve fixed the issue where some AppX settings failed to reach endpoints or connect to the MSSTORE catalog.
Drag and Drop Fix
Policies now maintained on drag and drop.
PolicyPak Least Privilege Manager
Netwrix Privilege Secure
Netwrix PolicyPak and Netwrix Privilege secure share the same client-side extension. For more details on updates to the MMC click here. For more information on upgrade paths for Netwrix Privilege Secure, click here.
Admin Approval Long Code Support
Full publisher details are now in the long code. Update the CSE on endpoints and the Admin Approval tool to utilize this feature. See the example result.
Admin Approval Enhancement for Untrusted Applications
You can now show admin approval dialogs for untrusted applications. See example and read KB article for more information.
Enhanced Behavior for Custom Menu Items
Text for custom menu items now displays different results depending on Admin Approval state and rule matches. KB article.
MMC Editor Updates
For certain action types, the open/save dialog is disabled to ensure a streamlined user experience.
Enhanced Guidance XML for Helper Tools
Improved digital signature for PolicyPak have resulted in modified Guidance XMLs. For a screen shot example click here. For more information, view a demo video here.
PolicyPak Cloud for Mac Client
Updated synchronization engine
Latest PolicyPak Cloud for Mac client will use newest synchronization engine to PolicyPak Cloud; as we are expected to turn off the original synchronization engine soon. All Mac customers are required to update within 15 days to the new client.
PolicyPak Group Policy Merge Utility
Enhanced Settings Management
Now you can take existing PolicyPak settings and back them out into Microsoft settings. See example here.
6/26/2023: PolicyPak Build number 23.6.3571.1043
- Fix: RDP inbound connections are now fixed.
- Known Issue: This build is known to install, but then fail to function on Windows 7 and 8. Please continue to use your already-working build until this is fixed (likely the next CSE release.)
Note: There are no other updates in this CSE version.
6/09/2023: PolicyPak Build number 23.6.3557.1230
Known Issue:
Some customers report that this build blocks inbound RDP connections. We’re actively working on a workaround or update for this known issue.
Netwrix PolicyPak General
- CSE Update: CSE update contains security improvements which are recommended for all customers. See Advisory.
- CSE and MMC update: Miscellaneous bugs and improvements (some around crashes or hangs.)
- New License Type: “Enterprise Full” (aka Enterprise+) license type supported from this CSE onward. More details will come to customers toward the end of the month, but this CSE and later supports the Enterprise Full license type. See Updated KB Article.
- Standalone ILT Validation Tool: New tool helps troubleshoot ILT evaluations on endpoints from policy XML. See Video.
New Component: PolicyPak Network Security Manager
Overview: Specify which applications can communicate with what IP addresses and ports. For instance, the QuickBooks desktop application can only communicate with the QuickBooks Server at 192.168.2.61 and Firefox can only communicate with Patient Portal at 10.10.10.12.
- Applications and Ports Management: Lock down applications by using specific IPs and ports. See Video.
- Global Settings Management: Manage Global Settings including notification options and block messages. See Video.
- Auditing Events: Enable auditing events for Network Security processes and actions. See Video.
Netwrix PolicyPak Least Privilege Manager
- Fix in MMC: File / Folder name is now correctly added to the policy name if path variable is used
- Fix in CSE: CSE had used wrong processing order on occasion.
- MMC Update: The term “SbPam” was renamed to “Netwrix Privilege Secure” in the MMC.
- MMC update: You can now create policies from 6300 events (6320, 6301) from the event log to the MMC.
- MMC and CSE update: On-Demand and Explicit rules now permit you to force users to re-authenticate and allow for Justification text. See Screenshot.
- MMC and CSE update: On-Demand Rules also allow for Global Text for Right-click Menu item. See Screenshot. For an example of when On-Demand Rules are used with Justification Text, see screenshot. For implementation instructions, see KB article.
Netwrix PolicyPak Preferences Manager
Netwrix PolicyPak Browser Router
Netwrix PolicyPak Admin Templates Manager
Netwrix PolicyPak Device Manager
- Fix: Error when adding System and Admin accounts
- Update: MMC can now import a list of serial numbers or Bitlocker Key IDs for USB devices from text files. See Screenshot.
5/16/2023: PolicyPak Build number 23.5.3533.1252
Netwrix PolicyPak General
- Misc fixes for stability
5/9/2023: PolicyPak Group Policy Compliance Reporter 23.5.3521.647
- Fix: PPGPCR: Compliance Reporter running out of memory
3/13/2023: PolicyPak Build number 23.3.3467.1199
Netwrix PolicyPak General
- PolicyPak Merge Tool Enhancement: Clearer language and support for GPPrefs Shortcuts. See Screenshot.
- MMC Fix: Ctrl-X Shortcut or “Cut” context menu now fixed
- Miscellaneous Fixes: Several bugs fixed in MMC and CSE.
Netwrix PolicyPak Cloud
- Azure Group Integration: Directly link PolicyPak Cloud XMLs over to your connected Azure Groups. See Setup
Screenshot 1. See Setup Screenshot 2. See Setup
Screenshot 3. See PP Cloud Results Screenshot. - One-click XML Download: Download all XMLs in XML Data Files and upon a specific group so you can back them
up
whenever you want. See Screenshot 1. See Screenshot 2. - Event Viewer Export: Export to CSV in Event Viewer
- Date Range Update: Now required to select data range to produce event output
- EULA Update: PPC Client EULA has been updated
- Miscellaneous Fixes: Several minor fixes and improvements have been implemented
Netwrix PolicyPak Least Privilege Manager
- Video Capture Improvement: Get enhanced video captures via Netwrix Privilege Secure
- New ADMX Setting: Change Admin Approval when installing items that contain drivers. See Screenshot 1. (Note: Requires latest CSE)
- Admin Approval Fix: Resolution for black screen when using Admin Approval + alternative credentials
- Self-Elevate Fix: Resolution for Self-Elevate with MS Update KB5022282
- Windows 11 Fix: Resolution for Windows 11 when SecureRun not blocking as expected
Netwrix PolicyPak Preferences 2.0
- Shortcut Manager: Simplify Shortcut Management. See
Screenshot. - Preference Specific Variables: Now Preferences-Specific Variables are honored in all Preferences 2.0. Just
look for the Pencil icon to open up the variables picker. See
Screenshot.
TIP: You need only ONE license called the “PolicyPak Preferences 2.0 License” (Enterprise or Pro Customers
(with the
GPO Reductions & Transitions Pak) may request the license by emailing [email protected]) which will enable DRIVE MAPS, PRINTERS, REGISTRY and
SHORTCUTS.
Netwrix PolicyPak Browser Router
- End-user UI Fix: Multi-line text now allowed in block message.
- End-user UI Enhancement: Default block messages contain robust details. See Screenshot.
- Block Message Enhancement: Use variables in block messages. See
Screenshot. - Preference Specific Variables: Now Preferences-Specific Variables are honored in all Preferences 2.0. Just
look for the Pencil icon to open up the variables picker. See
Screenshot. See
KB article
Netwrix PolicyPak Device Manager
- Bitlocker Enhancement: Bitlocker support strengthened with Serial Number included in requirement
- System User: Add SYSTEM as user if needed as person who can read/write/etc.
- MMC Fix: Error while creating policy while adding exclusions for users
- Fix in MMC: “Delete Selected’ button is now fully visible in Edit mode
- Fix in MMC / CSE: “Allow All” policy for USB devices is created correctly now for WPD device exclusions.
1/30/2023: PolicyPak Build number 23.1.3425.1079
[Reminder about impending Legacy XML Licensing Expiration Feb 28, 2023]
Legacy XML license will expire Feb 28, 2022… even if they are set to expire in some future date. Several updates in the newly shipping CSE are there to help you with the transition. Extensive up-to-date KB article with videos, tips, tricks, workarounds and validation of success here: https://kb.policypak.com/kb/article/1231-action-required-for-policypak-customers-using-legacy-licenses/
[PolicyPak Cloud]
- New: PolicyPak Cloud + MAC + Preferences support. Note not all are supported, more during the year. Screenshot: https://share.getcloudapp.com/NQu4mLzB
- New: PolicyPak Cloud + Splunk support. Screenshot: https://share.getcloudapp.com/yAuARGxv . State column to demonstrate if success: https://share.getcloudapp.com/BluReg8X . Result in Splunk: https://share.getcloudapp.com/nOu1rg0p and https://share.getcloudapp.com/yAuARPOr
- One-step dialog for Email 2fa -or- App 2fa. Screenshot: https://share.getcloudapp.com/E0uRB6dk
- In-Cloud Editors now support sbPam for Global and regular rules: https://share.getcloudapp.com/6quNpRpq
- Immutable log now shows UUID and MAC when computer leaves / unlicensed from PolicyPak Cloud
[PolicyPak Overall & Licensing]
- New: Reporting History when you use the Group Policy editor. Quickly know who modified your policies and when. KB / Video: https://kb.policypak.com/kb/article/1236-policypak-mmc-showing-history-of-items-you-create/
- New: SID Tool and various dialogs SID-enhanced for on-prem and Azure AD. Video: https://kb.policypak.com/kb/article/1237-policypak-extras-sid-exporter/
- Fix: PPUPDATE won’t report bogus COMPUTER name problem anymore. Screenshot of previous problem: https://share.getcloudapp.com/4gu48vrq
- Update: Use ADMX setting to extend LEGACY LICENSES to work another +90 days but only when you’re on this version or later of the CSE. Screenshot: https://share.getcloudapp.com/p9uL2v7Q
- Update: Use ADMX setting to prevent license is expiring message. Screenshot: https://share.getcloudapp.com/o0u9Lrkx You might want to implement this if you’re a trailer or have bridge keys and get CSE expiration pop-ups as per this existing KB https://kb.policypak.com/kb/article/230-what-happens-to-each-component-when-policypak-gets-unlicensed-or-the-gpo-or-policy-no-longer-applies/
[PolicyPak Least Privilege Manager]
- Improved: Right-click Run-As Administrator should work as expected in most cases now.
- Improved: Tuning of Right-Click Run-As Administrator via ADMX to disable “Explicit Elevation” completely and have “Run as Administrator” handed by Windows -or- “Run as Administrator with Netwrix PolicyPak” menu item (to File Explorer Only.) Screenshot: https://share.getcloudapp.com/z8uloNG4
[PolicyPak Preferences 2.0]
- Improved: Registry items now have application modes Always, Once or Once when Forced. Screenshot: https://share.getcloudapp.com/bLuObXwD .
- Fixed: Registry items drag-and-drop from various levels works as expected
- Fixed: Printers items now import from XML in MMC as expected
- TIP: You need only ONE license called the “PolicyPak Preferences 2.0 License” (Enterprise or Pro Customers (with the GPO Reductions & Transitions Pak) may request the license by emailing [email protected]) which will enable DRIVE MAPS, PRINTERS and REGISTRY (today) and others, like SHORTCUTS (future).
12/8/2022: PolicyPak Build number 22.12.3375.735
[PolicyPak Overall]
- New: Quick Right-Click Enable / Disable Implemented for all policies and collections (Except PP App Settings Manager). Screenshot examples for PPLPM but all others supported: https://share.getcloudapp.com/KounQRnA and https://share.getcloudapp.com/mXub7NbG
- Improved: PPUPDATE now shows non-licensed and multi-licensed conditions. Example: https://share.getcloudapp.com/GGuJA8Ab
- New: PPUPDATE /XMLSTATUS /OUT c:\temp outputs license status as XML
- Fix: MMC fix for missing icons after editing.
- New (Finally!): MMC Cut & Paste for most policies and collections !
- Fix: Install fixed for older OSs with “DLL Missing” error.
[PolicyPak Least Privilege Manager]
- Improved MMC: Right-click menus now streamlined and context aware
- Improved: Admin Approval Tool now has auto-close timeouts via ADMX setting Screenshot: https://share.getcloudapp.com/eDun9vOY . Note ONLY the Admin Approval tool from this build and later will support the ADMX.
- Improved: Netwrix sbPam session de-provisioning dialog
- Fix: SecureRun not properly evaluating domain group added to local administrators group
[PolicyPak Device Manager]
Improved: DEVICE_INSTANCE_PATH can be added to custom message (explaining to users which device was blocked)
[PolicyPak Browser Router]
Fix: Issues with the 5-minute timeout in Chromium were fixed in the Chrome Extension. This is meant to work latest versions of Google Chrome and Microsoft Edge (Versions 104.* and higher; current is 107.*). If you’re experiencing Chrome timeouts, update Chrome/Edge to the latest and Browser Router Extension will auto-download latest.
[PolicyPak Preferences 2.0]
- Major Feature: Registry Preferences (for GPO reduction and transition to MDM) Video: https://kb.policypak.com/kb/article/1229-policpak-preferences-consolidate-registry-items-and-also-deploy-them-via-pp-cloud-and-your-mdm-service/ .
- TIP: You need only ONE license called the “PolicyPak Preferences 2.0 License” (Enterprise or Pro Customers (with the GPO Reductions & Transitions Pak) may request the license by emailing [email protected]) which will enable DRIVE MAPS, PRINTERS and REGISTRY (today) and others, like SHORTCUTS (future).
11/11/2022: PolicyPak CSE 3335 (22.11.3335.685) and GP Compliance Reporter and PP Cloud Update
[Netwrix PolicyPak Least Privilege Manager]
- Fix for MMC: Policy Drag and Drop fix.
- Fix for MMC: Disabled collection icon fix.
- Fix for CSE: sbPam deprovisioning and video capture improvements
[GP Compliance Reporter]
- Rebranded for Netwrix GP Compliance Reporter
- Support for TLS 1.2
- Fix: Occasional service stopping.
- Fix: Auditor exception during work.
- Fix: High memory usage.
[PP Cloud]
- Improved: Automatic Scaling when PP Cloud is under load / reduced load.
- New: details when PP Cloud is under load and re-scaling. Screenshot.
- New: PolicyPak Preferences 2.0 Drive Maps – In Cloud Editor
- Fix: PolicyPak Preferences 1.0 Printer Editor now handles “Port Number” field correctly.
- Fix: PPLPM Editor now allows SHA-1 hashes plus various field fixes
- New: Additional logging to Immutable log around cryptographic exceptions causing PP Cloud clients becoming unregistered
- Fix: Event Collection record viewer fixed to handle display / query of large amounts of data
10/17/2022: PolicyPak CSE 3319 (22.10.3319.752) and PolicyPak Cloud and GP Compliance Reporter
[Netwrix PolicyPak Least Privilege Manager]
- Privileged Administrator Screen Recording: Records, archives, and plays back privileged local desktop activity when access is brokered by Netwrix SbPAM. WATCH VIDEO
- ShellExecute Least Privilege Management: Intercepts, prompts, and audits ShellExecute API style UAC prompts when explicit elevation rules are configured.
- Simplified Printer Management: Enables users to install printers securely using the native Windows 10/11 “Add Printers and Scanners” UI (Only available for CSE 22.10 or later). WATCH VIDEO
- Simplified IP Configuration Management: Enables users to edit IP settings using the native Windows 10/11 “Network and Internet Settings” UI (Only available for CSE 22.10 or later). WATCH VIDEO
- Streamlined UI for executing Netwrix SbPAM Rules: Embedded Netwrix SbPAM rules enable administrators to broker Java, Script, and other policies more easily. SEE SCREENSHOT 1. SEE SCREENSHOT 2.
- Expanded Control Panel Applet Policies: Configure and deploy least privilege management policies for standard users to access Event Viewer and Performance Monitor. SEE SCREENSHOT.
- Fix: Child Process Still Elevated while “Don’t elevate Open/Save dialog” is Enabled.
- Fix in MMC: Elevating folders now allowed again. SEE SCREENSHOT
[Netwrix PolicyPak Device Manager]
- Phone and Device Blocking: Blocks access to connected phones, music players, Windows Portable Devices (WPD), and other Picture Transfer Protocol (PTP) devices. SEE SCREENSHOT NOTE: iPhones not yet supported, but most Android devices are supported. Only works with CSE 22.10 and later. Phones will be blocked immediately upon CSE installation. To avoid phones from being blocked, update the policy and un-check phones first using the MMC snap-in. Then, update the CSE.
[Netwrix PolicyPak Preferences 2.0]
- New ADMX Setting: Explicitly un-licenses/turns off PolicyPak Preferences 2.0 CSE
- Drag & Drop Support: Supports drag & drop and other important methods for printers and drive maps from Microsoft Group Policy Preferences files. SEE SCREENSHOT.
- Reconnect Status: Reconnect status for drive map policies now visible in MMC table. SEE SCREENSHOT.
[PolicyPak Cloud]
- PolicyPak Preferences 2.0 Printers Editors: Configure and deploy printer policies from the convenience of an in-cloud editor (CSE v22.10 and later)
- Administrator Re-authentication: Forces users to re-authenticate when Netwrix SbPAM sessions are initiated (Netwrix SbPAM integration is “read-only” but seen in reporting)
- Event Collector Restrictions: Restricts events a set number per day
- Default Expiration: Sets default expiration date to 5 years for new join tokens are created
- Fix: Fixed alerts for “License is not present” when creating user policies when license not present.
- Fix: Various UI fixes for time zone issues
[Misc Fixes]
- Various ILT fixes in CSE
8/30/22: PolicyPak CSE Update and PP Cloud update 3274 (CSE 22.8.3274)
[User Interface]
- PP MMC Snap-In: Rebrand complete with Netwrix PolicyPak Red/Blue Color Scheme
- PP MMC Snap-In: We will attempt to determine license expiration from licenses within GPO and give you a warning if you’re expiring. Example: https://share.getcloudapp.com/12uz9EmQ Control via new ADMX setting: https://share.getcloudapp.com/5zuPW5lr
- PP Cloud: Rebrand complete with Netwrix PolicyPak Red/Blue Color Scheme
[PPLPM]
- New Rule Types / Integrations between PolicyPak and Netwrix SbPam: https://share.getcloudapp.com/YEuWGOv4
- New Right-click Display Name option for sbPam Integration: https://share.getcloudapp.com/kpuW1nK5 result: https://share.getcloudapp.com/qGux0Jkj . Note: You need the corresponding PPLPM license type (STANDARD or COMPLETE) to activate the rule type.
- New Feature: Force User To Re-Authenticate when starting Self-Elevate: https://kb.policypak.com/kb/article/1219-policypak-least-privilege-re-authenticate-with-self-elevate/
- New Feature: AA Method to “Open Details in Notepad”: https://kb.policypak.com/kb/article/1218-policypak-least-privilege-manager-admin-approval-email-method-with-notepad-instead/
- Fix: Paths with variables now accepted in MMC (such as %PROGRAMFILES(X86)%\Notepad++\notepad++.exe
or %TempDir%\Foxit) - Fix: “New Policy from Audit Event” wizard now works as expected.
[PPPreferences 2.0]
- New Sub-Component: PolicyPak Drive Maps https://kb.policypak.com/kb/article/1220-policypak-preferences-drive-maps/
- TIP: You need only ONE license called the “PolicyPak Preferences 2.0 License” (Enterprise or Pro Customers (with the GPO Reductions&Transitions Pak) may request the license by emailing [email protected]) which will enable DRIVE MAPS and PRINTERS (today) and others (future).
7/4/2022: PolicyPak CSE 3212 (22.6.3212.789) and PolicyPak Cloud
- All downloads and “Click to Run” applications now have unified Netwrix EULA: https://share.getcloudapp.com/DOud4eyE
- PP Cloud: Updates
- Enforced TLS 1.2 for all connections.
- Registration & Sync Improvements, fixed non-registration when mode = LOOSE and occasional failed registration in STRICT.
- PP Cloud In-Cloud Editor for PolicyPak Software Package Manager: AppX Policies
- PP Cloud support for PolicyPak Preferences 2.0 / Printers (No Editors, reports or duplication is implemented yet.)
- PP Cloud now has MACINTOSH Support for Least Privilege Manager (Customers need to REQUEST this enablement for this feature.).
- Jointoken Improvements: New “Permissions Editor” enabling granting of tokens to other admins (and Token Manager gets assigned to first admin.) https://share.getcloudapp.com/8Lu0DmDN
- PP Cloud Client EULA is updated to Netwrix EULA.
- PPCloud /pushevents works for non-admin now (latest cloud client only)
- Various in-cloud editor and misc fixes
- PP CSE and MMC Updates
- New Component: PolicyPak Preferences 2.0
- The goal is to emulate the Microsoft GPPrefs items, enabling you to consolidate items and also transfer them easily to CLOUD or MDM.
- You need to REQUEST a PolicyPak Preferences 2.0 LICENSE for ON-PREM or MDM (or both.)
- First sub-component is PolicyPak Preferences Printers where you can CONSOLIDATE and EXPORT.
- Updated Component: Software Package Manager AppX now lets you remove in-the-box Microsoft applications.
- New Integration: PolicyPak Least Priv Manager and Netwrix sbPAM
- Goal is to enable any process to be run with any Active Directory account brokered by sbPAM
- Works with either PPLPM: Standard or Complete licenses. No additional cost (once you buy Netwrix sbPam.)
- Video: https://kb.policypak.com/kb/article/1205-01-netwrix-policypak-least-privilege-manager-netwrix-sbpam/
- MMC Fixes and validations for PPATM, PPBR, and PPDevice Manager
- Core fixes with crashing bugs
- More fixes from Browser router routing from IE to Edge
- Misc CSE and MMC fixes
- New Component: PolicyPak Preferences 2.0
5/3/2022: PolicyPak CSE 3155 (22.5.3155.734)
- PP Cloud: Must use latest CSE and Cloud Client for these benefits
- PP Cloud + Events Collection (Again, this feature is experimental and we’re looking for a few customers to test. Email [email protected] to be considered.)
- Generate RULES based upon collected events: https://share.getcloudapp.com/6quZAbzX
- Select Events to collect: https://share.getcloudapp.com/ApuJoveq
- Specify how various groups interact with collection: https://share.getcloudapp.com/5zuLROp5
- In PP Cloud Client added ppcloud /pushevents (must be run as admin in this build)
- Add Download XML in Event Viewer: https://share.getcloudapp.com/7KuQwWgY
- In PP Cloud Client: Output improved with Event Collection Details. https://share.getcloudapp.com/v1ugGWlP
- PP Cloud + JoinToken: Now share Permissions between admins. At creation time https://share.getcloudapp.com/12ugdkOW or in the list. https://share.getcloudapp.com/X6uEG7zq
- PP Cloud fixes for non-registering computers
- PP Cloud fixes for non-opening Immutable log
- PP Cloud fixes for “Getting kicked out of portal”. Note: This is still a work in progress.
- PP Cloud: Editor and various fixes and improvements
- PP Device Manager: Split “Block all USB Devices” and “Block all DVD devices” in MMC editor. https://share.getcloudapp.com/OAu6dlQx
- PP Cloud + Events Collection (Again, this feature is experimental and we’re looking for a few customers to test. Email [email protected] to be considered.)
- PP CSE
- PP Device Manager: KeyID is now present in logs for Bitlocker devices
- PP Java Rules Manager: Latest Java items available in dropdown
- PP Browser Router: Only build (and later) supported when IE is removed in Windows 10.
- PP Browser Router: Support for Neutral Sites list: https://share.getcloudapp.com/7KuQwWNx. MS Details about the topic here: https://docs.microsoft.com/en-us/deployedge/edge-ie-mode-sitelist#configure-neutral-sites . Note this policy is “Last Written Wins / No Merge” between multiple policy sources.
- PP Browser Router: URLs with /#/ “fragments” are handled better in many cases.
- PP Least Priv Manager: Allow/ Block DLLs updates alongside Block Unsigned DLLs to SecureRun.
- PP Least Priv Manager: Fix crash on sometimes COM elevation
- PP Licensing Tool: Now support for 5 National Clouds of Azure. https://share.getcloudapp.com/jkuvk6n8
- PP Scripts: For SCHEDULED triggers, choose timezone of COMPUTER or SPECIFIC timezone. https://share.getcloudapp.com/04uEZdYJ Note: You may want to update existing policies to be specific and re-deploy.
- PP Scripts: Fix hang when sometimes starting process
- PP GP Export Manager: Additional export options to export ANY/ALL settings in the GPO, including all Microsoft and also all PolicyPak specific settings. https://share.getcloudapp.com/RBunDzPx
- PP Overall / Windows 7: We “sort of, but not really” support Windows 7 still. This version will install on Windows 7 with the following restrictions: https://kb.policypak.com/kb/article/1191-how-does-policypak-support-and-not-support-windows-7/
- PP Overall: PolicyPak ILT Engine fix for WMI Filter evaluation
3/14/22: PolicyPak CSE Update and PP Cloud Update CSE 3099
- PP Cloud: Now Collect PPLPM Events and report on them. REQUIRES TICKET to [email protected] to enable. REQUIRES Latest CSE 3099 to operate. NOTE: This is EXPERIMENTAL and not all customers are eligible to participate yet. Video link.
- PP Cloud: 10x faster login
- PP Cloud: PPLPM COM Class editor improvements
- PP Cloud: PPJRM Updated Java Versions in editor.
- NO OTHER FIXES or updates in the CSE. CSE is only updated to provide functionality for PP Cloud –> PPLPM Events collector.
2/4/22: PolicyPak CSE Update (First supported build for Windows 11) CSE 3068
- PPBR Fix for Windows 11: Routes should go to EDGE+IE Mode when possible. (See KB: https://kb.policypak.com/kb/article/1180-how-does-policypak-support-and-not-support-windows-11/)
- PPLPM: File Open / Save/ Common dialogs to be forced with Low Rights for MOST applications. (https://kb.policypak.com/kb/article/1170-increase-security-by-reducing-rights-on-open-save-dialogs/)
- PPLPM: For Certificate Rules, Allow Wildcards. (See Video: https://kb.policypak.com/kb/article/1181-04-policypak-least-privilege-manager-and-wildcards/)
- PPLPM: Clickable URLs now available if you create a Custom Block Message (Generating links: https://share.getcloudapp.com/llu60v1G Result of a link in UI: https://share.getcloudapp.com/GGuEKvrL)
- PPLPM: New ADMX to to force standard UAC dialog instead of Self-Elevation dialog even if Self-Elevation policy is delivered to the client: https://share.getcloudapp.com/geudRYg0
- PPDM (Device Manager): Force end user to write ONLY to Bitlocker encrypted drives. Video: https://kb.policypak.com/kb/article/1183-restrict-access-only-to-bitlocker-drives/
- PPLPM: Right-click TrustedCopy only shown when TrustedCopy rules exist (Prevents right-click Explore crash with PDFs, etc when TrustedCopy is not in use. More details: https://kb.policypak.com/kb/article/1161-how-to-fix-explorer-exe-crash-when-right-clicking-document-files-pdf-docx-xlsx-etc/ )
- PPFMW: Windows 11 Features in the Add/Remove UI.
- Rename “Windows 10 Management Pak” to “Windows 10 & 11 Management Pak” and Start Screen Manager renamed to Start Screen Manager (Windows 10 Only). https://share.getcloudapp.com/nOu9XwXr Note that TASK MANAGER part works for Windows 11.
- PP Core: If computer gets UNLICENSED for ANY REASON, keep working for 30 days and present pop-up to user at login time. Example UI for unlicensed computer: https://share.getcloudapp.com/v1uLOlo7 (Update to: https://kb.policypak.com/kb/article/230-what-happens-to-each-component-when-policypak-gets-unlicensed-or-the-gpo-or-policy-no-longer-applies/ )
- PP Core: Windows 10 / 11 Sign In options now works as expected when this CSE is installed.
- PP Core: Now using PolicyPak Item Level Targeting engine by DEFAULT. Details: https://kb.policypak.com/kb/article/1184-troubleshooting-item-level-targeting-ilt-evaluations-when-using-the-policypak-ilt-engine/
- PP Exporter: Fixed when importing Universal license
- KNOWN ISSUES: Windows 11 freezes if you click ‘Approve with alternate Admin Credentials’ link in PPLPM AA window. If you get this result, you can reduce UI security as follows: https://share.getcloudapp.com/rRuNOE0K
1/5/22: PolicyPak Tools Update Only for the Auto Rules Generator Helper Tool. NO CHANGE to the MSI or CSE build number.
12/22/21: PolicyPak Cloud ONLY update
- PPLPM “COM Policy” In-Cloud Editor: https://share.getcloudapp.com/KouYmEJl and https://share.getcloudapp.com/yAukP90x
- Fix of the computer registration duplication issue + improvement of computer registration performance
- Updated PPLPM example policy
- Password change portal policy fix
- PPLPM Editor domain usernames fix (https://share.getcloudapp.com/wbuYAL8n)
- 11/12/21 & 11/16/21: CSE 2984 and Cloud Update
- New branding: PolicyPak, now Part of Netwrix in product and in helper tools.
- PPLPM: ActiveX Elevation (video: https://kb.policypak.com/kb/article/1164-overcome-uac-prompts-for-active-x-controls/)
- PPLPM Enhancement: PPLPM will not show the same block message pop-up over and over again.
- Fix: MMC will now remember expanded nodes.
- PP Device Manager: Now allows “Safely Eject Drive”
- Various fixes in PPLPM, PP Scripts, PPBR, etc.
- PP Cloud: New “Computers list” (within Company Details) which lets you filter for computers with OLD PPC Client, OLD CSE version and possible duplicates. https://share.getcloudapp.com/NQu7WOjv. You can also remove duplicates. https://share.getcloudapp.com/Qwu28x8Y
- PP Cloud Security Fix: Customers are encouraged to update to the LATEST PolicyPak Cloud CLIENT and also latest CSE (in a controlled fashion; do not upgrade all at once) due to several features and security fixes. Basics: https://share.getcloudapp.com/Z4urnepQ and video showing how to do it in a controlled fashion. https://kb.policypak.com/kb/article/791-policypak-cloud-groups-cse-and-cloud-client-small-scale-testing-and-updates/
- PP Cloud / PPLPM Editor: Self Elevation Policy with COM as a checkbox https://share.getcloudapp.com/Wnukm1xz
- PP Cloud / PPLPM Reporting: COM type now reported (no editing yet): https://share.getcloudapp.com/rRuWgJqA
- PP Cloud: Computers MOVED now appear in immutable log
- PP Cloud: Repeated registrations will likely be blocked as duplicates now
- PP Cloud: When admin is gone, their Jointokens can now be DELETED or RE-ASSIGNED
10/11/21: CSE 2943 (21.10.2943.726)
Updates and new features!
- PP Least Priv Manager: COM Support (Complete license only). Video: https://kb.policypak.com/kb/article/1163-com-support/
- PP Least Priv Manager: DLL Support (Standard and Complete license).
Fixes:
- PP Scripts: “Once or when forced” will now execute user script corrrectly.
- PP Browser Router: Routing from Firefox ESR 91 to other browsers fixed.
- PP Helper Tool: Fix for Printers app for app crash
- PP RDP Manager: Allow blank computer name
- PPLPM + MDM: Fix SecureRun not always applying
- PP App Manager: DesignStudio + VC2019 working correctly
- PP Scripts: Fix for scripts not running at all for some customers.
- PP Scripts: Fix for “Run once” policies not running at all for some customers.
- PP GP Compliance Reporter: Auditor License issues fixed.
- PP GP Compliance Reporter: Auditor fixed data from Computer side
- PolicyPak Cloud: New In-Cloud PolicyPak Device Manager Editor !
- PolicyPak Cloud Client now can support movement via command line.
- PolicyPak Cloud: Various fixes and improvements.
9/15/21: PPGPCR 2906
– PPGPCR: Fix for Auditor with Empty RSOP data.
– PPGPCR: Fix now able to use / recognize Universal licenses when on endpoint.
– PPGPCR: Fix for “Empty” license.
8/25/21: PolicyPak CSE and Cloud Update 2905
– New PPLPM: Least Privilege Manager now has BRANDED UI with your icons, colors, etc. Video: https://kb.policypak.com/kb/article/1151-branding-the-ui-and-dialogs/
– New COMPONENT: PolicyPak Device Manager for USB and CD-ROM control.
** Note: You need to REQUEST an update license for ON-PREM or MDM. Cloud will already have license for LEGACY CLOUD customers.
Video: PolicyPak Device Manager Basics / Instantly put the smack down on USB sticks and CD-ROMs: https://kb.policypak.com/kb/article/1155-instantly-put-the-smackdown-on-usb-sticks-and-cd-roms/
Video: Allow ONE user (or group) access to USB / CD-ROMs https://kb.policypak.com/kb/article/1156-allow-one-user-or-group-access-to-usb-and-or-cd-rom-and-dvds/
Video: Authorize USB Sticks by specific VENDOR. https://kb.policypak.com/kb/article/1157-authorize-usb-sticks-by-vendor-type/
Video: Permit specific USB by SERIAL number. (COMPLETE EDITION ONLY) https://kb.policypak.com/kb/article/1158-permit-specific-devices-by-serial-number/
– FIX PP RDP Manager: Now keep RDP file signature intact when file is imported in the snap-in/PP Cloud editor.
– Update Scripts & Triggers: Updated UI for Events triggers
– FIX PPBR: policy types won’t apply if the collection doesn’t have anything else
– FIX ADMX: Newer snapins were absent in PolicyPak ADMX settings
– FIX PP Feature Manager: Collection settings when collection is empty
– FIX: Helper Service unexpectedly stopped
– FIX: PPScripts: Scripts with PowerShell would open/close Windows interactively on screen.
– Improved PP Cloud: Company-level “Password & account management & lockout” policies
– Improved PP Cloud: Policy report ( XML Delivery ) now exportable
– Improved PP Cloud: Improved LICENSED and NON-LICENSED reporting details
7/16/21: PolicyPak CSE Update 2862
– Big update for ONE Component (PolicyPak Preferences) Licensing. Please read if you are DOMAIN JOINED and might be using PolicyPak Preferences as LICENSED. (This is a small percent of customers.). Note that NON domain joined machines (CLOUD or MDM) are not affected. https://kb.policypak.com/kb/article/1143-07-why-is-policypak-preferences-original-version-forced-disabled-by-default/
– PolicyPak Start Screen & Taskbar Manager: Now enables you to have “blank” right-side of start screens as an option.
– Fix: Enforce loopback mode when GPOs are synchronized for cross-forest user logins
– Update for Java Rule Manager: MMC Editor updated for latest version of Javas.
7/12/21: PolicyPak CLOUD Update
– New in-cloud editor: PolicyPak Feature Manager for Windows https://share.getcloudapp.com/eDuyb2jE
– Improved: Edit Computer now enables you to see and edit COMPUTER Group Membership and see the Policy Forecast: https://share.getcloudapp.com/o0ue1N7D
– Policy Forecast is now downloadable: https://share.getcloudapp.com/wbu6OZXB
– Fixed: PPRDP Manager will keep RDP file signature when uploaded into PP Cloud editor
– Other various cloud fixes.
6/16/2021: PolicyPak CSE Update 2830 (21.6.2830)
– New: One big update this build. We have our own Item Level Targeting Engine which you can OPT INTO in this build. Why do we need our own Item Level Targeting Engine, and what’s changed? Before this build, we relied on the Group Policy Preferences Item Level Targeting Engine for ILT evaluation; which generally works, but sometimes has problems over VPN, slow links, and has a few bugs. When issues came up in the GPPRefs ILT engine though, we had no way to fix these issues. We put in place a few workarounds, but ultimately decided to dedicate some resources to our own PolicyPak ILT engine. Now if issues come up, we can fix our own code, providing a future path for updates and features.
Opt in with the ADMX setting: Computer Configuration | Policies | Administrative Templates | PolicyPak ADMX Settings | Client-Side Extensions | Use Item Level Targeting filters evaluation engine (Preferences vs. PolicyPak)
In a future version (expected with builds “21.9” and later; the default will simply be the PolicyPak ILT engine with the option to revert BACK to the Preferences ILT engine.)
-Updated: GPExport: Additional fields ACTION , PATH and ILT in GPExport
-Updated: Record event to the Event Log when process is elevated or allowed due to rule inheritance
– Fixed: PPLPM: Slow application launch time when Self-Elevation policy contains a bunch of individual users
– Fixed: PPLPM: Secure Copy – Incorrect validation for Network Share Source page
– Fixed: PPScripts runs script as user with elevated rights if user from Admins group
– Fixed PPRWDM: Error: Job milestone: ‘Copy’ has failed while apply dropbox policy
6/5/2021: PolicyPak Cloud Update
– New: In-Cloud TaskBar Manager Editor !!
– Improved: In-Cloud editors now allow you to ADD new policy from XML and/or Replace SELECTED or ALL XMLs ! Example: https://share.getcloudapp.com/WnuxA9BW
– Improved: In-Cloud editors enable you to REPLACE XML policy with right-click context menu “Replace selected from XML” Example: https://share.getcloudapp.com/d5uAbkAj
– Fixed: Universal license in MSI won’t replace original XML license when installing.
– Fixed: Using JoinToken with long named groups
– Updated: Explain to customer IN THE EMAIL how to adjust threshold notifications
5/17/2021: CSE 2802
– Fix for CSE when ADMX to kill a component wouldn’t work. So, now, this is expected to work regardless of license type: https://kb.policypak.com/kb/article/240-what-if-i-want-to-unlicense-one-component-like-pppreferences/
– FIX for GPO Exporter: On USER side export, we now correctly create correct USER side XML.
– Update for GPO Exporter and Preferences: Now you can see columns during export making it easier to know which items you DO and DONT want exported.
5/5/2021: CSE 2791
PP CSE, Tools, and Extras:
– New! PP Least Privilege Manager “SecureCopy(TM)”. Have a trusted READ-ONLY SHARE SOURCE for self-elevation. (Video: https://kb.policypak.com/kb/article/1122-securecopy-tm-empower-users-to-copy-then-elevate-items/ )
– New Trigger for PolicyPak Scripts & Triggers: Event Log SOURCE and/or Event IDs ! (Video: https://kb.policypak.com/kb/article/1126-policypak-scripts-triggers-events/ )
Note: GP computer-side processing bug exists when you attempt to make a trigger on a log that DOESN’T exist on the client. So… don’t do that. 🙂 We’ll fix it.
– New! GPO Export Manager MMC snap in: Quick export of GPO contents for use with PP Cloud or your MDM (Video: https://kb.policypak.com/kb/article/1125-quickly-export-this-gpos-settings-as-xmls-for-use-with-policypak-cloud-or-your-mdm/ )
– Updated: PP Browser Router: Use icon of active default browser for URL shortcuts (video: https://kb.policypak.com/kb/article/1124-set-the-links-to-icons-to-actually-show-the-default-browser/ ). Related KB on changing icons: https://kb.policypak.com/kb/article/1127-how-do-i-change-the-default-icon-for-user-created-shortcuts-for-my-default-browser/
– Updated behavior: PP Scripts will now always run regardless of PPLPM block rules (revert back to OLD behavior with ADMX setting)
– Fix: LT tool now will count ONLY Windows devices and not extra non-related devices
– Improved: Add support for RINGS elements to update.config file https://kb.policypak.com/kb/article/1128-how-can-i-roll-out-latest-policypak-cse-with-active-directory-in-a-controlled-manner-using-rings/
PP Cloud:
– New! PolicyPak Start Screen in-Cloud editor ! (Group editor: https://share.getcloudapp.com/kpuKlWmW ) (Tile editor: https://share.getcloudapp.com/2Nuwp7Br ) Note: Taskbar coming soon !
– Update: PPRDP Editor now imports more unusual .RDP files
– Update: PP Scripts + Triggers… New Triggers Editors !
– Other misc fixes
3/29/2021: CSE 2753
– Multi-domain MMC in many places (Example: https://share.getcloudapp.com/ApuY6dx9 )
– Hide Action Panel in MMC: https://share.getcloudapp.com/2Nuw1Zdq and/or do it for all snap-ins at once https://share.getcloudapp.com/8LubmzBo (and yes, we remember your choice)
– PolicyPak Admin Templates Manager (only): Quick Filters at the top https://share.getcloudapp.com/xQubd8d5
– PolicyPak Admin Templates Manager: “Add and Continue” now snaps back to same area you were just working in.
– PolicyPak Admin Templates Manager: Write the “Explaintext” whenever you edit and save a policy. “Before” behavior: https://share.getcloudapp.com/E0uYWQJ4 After behavior: https://share.getcloudapp.com/RBuY6p24 TIP: Just add any new PP Admin Template Setting (or rename a collection, etc.) Basically, make ANY change to the GPO and click SAVE.. and all the Explain Text gets re-written into the report.
– When Licensing Intune, we can license “Company Name” and don’t have to specify ALL UPN names customer is using.
– PPLPM: Fixed a situation where Admin Approval Dialog would not appear even when expected
– PPBR / CSE in general: ADMX setting to specify custom prompt to user if PPBR / CSE stops working: https://kb.policypak.com/kb/article/1106-how-can-i-present-a-custom-dialog-or-no-dialog-if-browser-router-or-the-cse-stops-working-or-crashes/
– PPLPM: Reduced startup delays caused by PPLPM CSE reading and verifying file signatures, calculating hashes, etc for big files
– PPLPM: Fixed when working with Windows 7 (unsupported!)
– PPLPM: Fix for Admin Approval Dialog starting and closing immediately
– PP CSE + Intune: Accepts “Company Name” instead of multiple UPN Names
– PP CSE: Auto-Update Feature now supports RINGS via XML files (KB: Coming soon )
3/25/2021: PolicyPak Cloud Only
– PolicyPak Cloud to support AppX Licenses, Reporting, and upload of policies
– Yearly “Post Pay” model now available for Enterprise and Professional Customers
– PolicyPak File Associations Manager In-Cloud Editor
– PolicyPak Least Privilege Manage: Command Line Conditions Editor
– Improved Admin Requester flow
– PolicyPak Portal: New On-Prem / MDM Keys we generate will be downloaded FROM the Portal
– PolicyPak Portal: New PolicyPak Cloud Manual available for download in the portal !
– PolicyPak Portal: New Manual for Software Package Manager (AppX)
3/1/2021: CSE 2725
– New Component: PolicyPak Software Package Manager (AppX Policies). Must request a license to use. Videos: https://kb.policypak.com/kb/section/366/
– Updated: Licensing Tool to make it easy to request On-Prem AD, Intune Only, or On-PremAD+Intune Hybrid (Video: https://kb.policypak.com/kb/article/1079-how-to-request-a-license-request-key/ )
– Updated: PPupdate command now shows HOW and WHAT components (Policies) you’re licensed for (Article: )
– Updated: PPLPM Global Settings Auditing now on Computer side
– Updated: PP VPN Manager / easier import of EAP XML
– Updated: PPExporter MSI Utility now wraps up new Universal licenses (Video: https://kb.policypak.com/kb/article/1080-how-to-install-universal-licenses-for-new-customers-via-gpo-sccm-or-mdm/ )
– Updated: ADMX setting to transition Command Prompt inline processes to less-secure “Legacy mode” if desired (More details on this page: https://kb.policypak.com/kb/article/1008-why-does-policypak-securerun-block-inline-commands-and-what-can-i-do-to-overcome-or-revert-the-behavior/ )
– Rename “Paks” in all the MMC UIs to coordinate with new web launch and branding (Screenshot: https://share.getcloudapp.com/WnuBmx5p )
– Fixed: Resolve hang at first login (OS upgrades or first user log on) when Admin Approval was on.
– Fixed: AppSet (old name for Paks) Compile Issue
3/1/2021: PolicyPak Cloud updates
– New In-Cloud Editor: Java Rules Manager
– New In-Cloud Editor: PPLPM Self Elevation Policy Editor
– Improved: Copy / Paste / Overwrite existing XML for quick updates (instead of creating a totally new policy)
– Improved: “Import from XML” now available in all in-cloud editors
– Fixed: Import specific RDP file format error fixed.
– Fixed: Viewing ALL group when very large fixed.
– Fixed: PP Security Settings Manager report error fixed.
– Improved: Notification editor now supports multi-delete
– Improved: PPLPM “Global Settings” Editor had missing option
– Improved: PPLPM “Global Settings” policy now has “machine” scope
– Improved: Shortcut editor bug .. no pre-population of ICON FILE PATH item.
– Improved: In-Cloud PPBR Editor now ACCEPTs URLs without HTTP and HTTPS (Adjusted to fit same behavior as MMC editor.)
1/26/2021: PPGPCR 2693
– Updated PP Group Policy Compliance Reporter
– Free license is removed. A license is now required for reporting on PolicyPak and Microsoft settings.
1/20/2021: CSE 2687
– New Component: PolicyPak VPN Manager !
-Manage your VPN and “Always On VPN” connections.
– Example videos are ready https://www.policypak.com/components/vpn-manager/
– Manual(s) are coming soon / going thru editing.
– Learn more about why this is “the best thing ever” by watching this on-demand webinar replay from Richard M. Hicks, MVP and Godfather of Always On VPN. Requires registration, but if you’re a PP Customer, don’t worry, no one is going to call you. https://www.policypak.com/resources/pp-webinars/richard-hicks-always-on-vpn-101-throw-out-your-hardware-and-scale/
– If you want the PolicyPak VPN Manager license, email [email protected] to request it. We will be cutting ONLY âoriginal / oldâ licenses at present, and not the new Universal licenses.
– New TRIGGER for PP Scripts & Triggers: Now support Fortinet !
– New Universal Licensing option released
– Update: PPLPM Licensing methods: STANARD and COMPLETE with accompanying MMC UI change https://share.getcloudapp.com/YEuQxXLJ
– Fix: Race Condition fix
– Fix: Using PPAM MMC + ILT editor on 32-bit wouldn’t open (80040154 Error)
– Fix: Scripts required for OpenVPN Connect trigger only created when OpenVPN Connect trigger is actually used.
– Fix: Multi-domain support in the CSE for various items; Note: Additional MMC updates should appear in future release.
– Fix: PPLPM: Environment variables are now fixed / honored in command line rules
– Fix: PPLPM: Background UWP processes correctly classified as background / foreground
– Fix: PPLPM Pasted Rules from Events (small fixes)
– Fix: PPLPM + PPC “Approve with Admin Creds” fixed: https://share.getcloudapp.com/v1u4Z2d4
– Fix: PPAM: Firefox 78.4.1 Certificates fixed from FF API change
– Fix: PPLPM Popup / blocking navigating to directory in Windows Explorer
– Fix: PPLPM Webex.exe file info condition wasn’t being accepted
12/8/2020: CSE 2641
– Closed security concern in PPBR. Security bulletin PP20-01.PDF available upon request and was sent to all customers on 12/8/2020 as a PDF attachment.
– SecureRun fix when PPBR is routing in Chrome / other extensions.
– Firefox + Certificates fixed in FF 78.4.1 and later.
12/8/2020: GPCR 2635
– Improved: Ability to chose parent OU alone
– Fix: Sync doesn’t remove tests after GPO links are removed
– Fix: PPGPCR Closed if sync server is unavailable
– Fix: PPGPCR Logging fix
11/27:2020: CSE 2630
– New: PP Least Priv Automatically Make rule from Audit Event
– Improved: PPBR MMC now shows “IE+Edge” in Column View. https://share.getcloudapp.com/NQuKdYWQ
– Improved: PPLPM + SecureRun + Command Line Parsing
– PP Scripts: New Trigger supports Cisco AnyConnect and also OpenVPN. Video: https://kb.policypak.com/kb/article/997-policypak-scripts-and-anyconnect-run-a-script-after-you-connect-via-vpn/
– Improved: MMC Snap-In UI naming: https://share.getcloudapp.com/geuo0pR2
– Fix: PP Taskbar Manager: Fixed misnumbering of policies
– Fix: PP Remote Work Delivery Manager: Revert now fixed when you use “Sequential” mode
– Fix: PPLPM and Elevate On-Demand fixed when attempting to do whole drive (still not recommended!)
– Fix: Unusual format in signature condition now supported.
– Fix: PPRWDM Azure Blob storage validation in MMC
– Fix: PPSCRIPTS Bug fixed when ONCE is selected, script should run exactly once instead of multiple times.
– Fix: PPC and PPOP licensed together problem.
11/26/2020: PolicyPak Cloud Changes
– New: PolicyPak Browser Router Editor ! https://share.getcloudapp.com/E0u47wly
– Improved: GPO –> PP Cloud importer !
– Improved logging for when computer licensing state changes !
– Improved PP Cloud Client Commandline for WVD and VDI scenarios: /nextstartwhenuserlogsin command line argument
– Fixed: Remote Work Delivery Manager editor now has SEQUENTIAL flag in Collection.
– Fixed: Editing and Saving ILT
– Improved: When joined to multiple Azure ADs, the ILT editor now makes it clear which one(s) you’re using
11/10/2020: CSE 2616
– CSE update only: Fixed rare, but important bug causing crash and auto-restart of the PolicyPak Services. Build 2592 had introduced a bug, now it’s fixed.
10/26/2020: CSE 2592:
NOTICE: This version has a bug in the PPLPM “Admin Approval” method where the expected end-user prompt is not showing up right away. We will fix it in next version.
– Big update: MMC Snap in GPMC now puts components together by TYPE. If you don’t like this, don’t panic. Here’s a video to show how to go back to the way it used to be. https://kb.policypak.com/kb/article/983-group-policy-mmc-ui-changes-for-2020/
– Big update: PP Remote Work Deliver Manager “Advanced” features (mass copy, with recursion, file matching, etc.) now available ! : https://kb.policypak.com/kb/article/966-mass-copy-folders-and-files-with-filters-and-recursion/
– Small update: ADMX setting “Rename Experimental Features” (disabled) renamed to “Revert to Legacy File Assoc & Browser Router Method & Features” (enabled)
– Fix: PPLPM and command line parsing improved.
– Small add: Update for ADMX setting to manage PolicyPak Event Log size.
– Medium add: ADMX now available to signify additional keywords for application installers (useful if you think you have some process with SecureRun that should be trapped for installation but isn’t.)
Other misc fixes.
10/26/2020: PPGPCR Updates:
-PPGPCR Auditor now fetches raw data from local endpoint’s WMI to avoid accessing central store and taking extra bandwidth. Therefore, more processing is now done on PPGPCR server, as opposed to workstation.
-Added ability to choose any GPOs from across the domain and put in a set.
-Added ability to choose an OU with all its GPOs and make that a set.
– Other misc fixes to server, auditor and management station.
10/18/2020: PP Cloud Changes
-**THIS IS AMAZING… “GPO to PP Cloud Easy Import Wizard”: https://kb.policypak.com/kb/article/982-how-to-import-gpos-to-policypak-cloud/
– Remaining License Notification now within Notifications configuration: https://share.getcloudapp.com/wbuP6RgB
– Logging to Immutable log when computer is JOINED, DELETED, UNLICENSED, ETC. Makes for easier troubleshooting around any specific PC in PP Cloud. https://share.getcloudapp.com/E0urj6gr
– PolicyPak Cloud + PP Least Priv + Email Policies: In-Cloud editor now available: https://share.getcloudapp.com/NQu1o2X2
– PolicyPak Cloud FIX for Reporting… If you saw unexpected Yellow / Older Versions appear in reports, this is now fixed. You will need to update to LATEST Cloud Client (not CSE) for this to work as expected. You can do this on a per-group basis.
– PolicyPak Cloud FIX for editing PPLPM Policies with Self-Elevation rule
– GPO to PP Cloud Easy Import Wizard: https://kb.policypak.com/kb/article/982-how-to-import-gpos-to-policypak-cloud/
– Remaining License Notification now within Notifications configuration: https://share.getcloudapp.com/wbuP6RgB
– Logging to Immutable log when computer is JOINED, DELETED, UNLICENSED, ETC. Makes for easier troubleshooting around any specific PC in PP Cloud. https://share.getcloudapp.com/E0urj6gr
– PolicyPak Cloud + PP Least Priv + Email Policies: In-Cloud editor now available: https://share.getcloudapp.com/NQu1o2X2
– PolicyPak Cloud FIX for Reporting… If you saw unexpected Yellow / Older Versions appear in reports, this is now fixed.
– PolicyPak Cloud FIX for editing PPLPM Policies with Self-Elevation rule
9/17:2020: CSE 2557
CSE Updates:
– PolicyPak Scripts + Triggers: New Trigger… Run a script On VPN Connect and on VPN Disconnect (Video: https://kb.policypak.com/kb/article/975-policypak-scripts-triggers-perform-scripts-on-vpn-connect-and-vpn-disconnect/ )
– PolicyPak Least Privilege Manager… SecureRun Automatic blocking of Non-Signed applications. (Video: https://kb.policypak.com/kb/article/976-least-privilege-manager-block-all-unsigned-with-securerun/ )
– Fixed: SecureRun not blocking and/or not blocking .BAT and .CMD. as expected.
– Fixed: SecureRun inadvertently blocking in-line applications.
– Fixed: PPLPM Email / Long Codes fixed with “Expires” parameter.
– Fixed: PPSCripts CSE fixed for hang on shutdown / restart.
– Fixed: PPBR Sitelist code fix for XML policy when it contains file:/// URL.
– PP Cloud:
– Cloud.PolicyPak.com now has ONE field set it in; so it works better with your password manager.
– PP Cloud Password reset page, fixed for all valid TLD domains.
– PP Remote Work Delivery Manager: More fields and a new tabbed UI for editing.
– PP RDP Manager: Import existing .RDP files.
– In-Cloud Licensing Threshold Notifications for Customers:
– Notifications / emails when licenses used hits threshold.
– Notifications / emails when non-used count hits threshold.
– Email and pop-ups when license is about to expire: 10 days, 5 days then 1 day before license expiration (but not for MONTHLY customers.)
– Emails for 2Fa and PPC Welcome email to show Company Name.
– PP Cloud Client fixed over port 443 in some cases.
– PP Cloud Client command line arguments are no longer case sensitive.
– PP Cloud Client will properly install and sync when TLS 1.0 is expressly disabled on target machine (no registry workaround required.)
9/1/2020: CSE 2543
CSE Bugfixes only:
– PP Least Privilege Manager: SecureRun fixed to correctly block .BAT / .CMD (inline commands.)
– PP Browser Router: When licensed via MDM, fixed routing fails.
– PP Browser Router: Sitelist / CSE problem when policy contains FILE:/// URL
8/21/2020: CSE 2536
New Component !: Remote Work Delivery Manager ! Deploy software and copy files from On-Prem or Web Shares. Want to deploy software to domain joined and non-domain joined machines? Now you can ! Works with On-Prem, Cloud, and MDM. See all videos here: https://www.policypak.com/products/remote-work-delivery-manager.html
New Feature: PP Least Privilege Manager + Admin Approval … with EMAIL ! Now you can know some inside details about what end-users are attempting to launch and run. They send you their request using Email, then you can approve them with “long codes.” See video: https://www.youtube.com/watch?v=s6qzARZnVGQ
New Feature: PP Scripts + Triggers… Logoff trigger! There’s no way to do “logoff scripts” with your MDM service. Now there is. Or pair it up with ILT to do a logoff script WHEN people are on laptops, etc.
Behavior change: PP Browser Router now stores user-selected browser (and other settings) in the user registry hive (which facilitates working with FSLogix and multi-Windows)
Fix: PPScripts + Triggers… Logon time delay was ignored. Now fixed.
Fix: SecureRun rule fixed for command line.
Fix: PPLPM Global Audit policies fixed reporting
Fix: Various other fixes.
PolicyPak Cloud:
New Component: Remote Work Delivery Manager is already licensed and ready to go in your tenant.
New Feature: “Lite” in Cloud Editor for Remote Work Delivery Manager. (Picture: https://share.getcloudapp.com/5zuGNevj )
New Feature: Full in-cloud RDP Link Manager editor ! (Picture: https://share.getcloudapp.com/geuzAkP0 )
New small thing: When you create policies, all options are shown at once. Saves you a click !
PolicyPak GP Compliance Reporter:
Now support for Remote Work Delivery Manager.
7/30/2020: CSE 2513
CSE Updates: New Component ! PolicyPak RDP Manager. See the video(s) at https://www.policypak.com/products/remote-desktop-protocol-manager.html
NOTE: You need to REQUEST an RDP Manager license from [email protected] !
CSE Update: New HUUUGE Feature: PolicyPak Triggers… for PolicyPak Scripts. See the video(s) at https://kb.policypak.com/kb/section/317/
CSE Update: Microsoft Teams support. See video: https://kb.policypak.com/kb/article/939-managing-teams-settings/
MMC updates: Bugfixes.
CSE Update: Other bugfixes.
PP Cloud updates:
– Emails now come from [email protected] instead from policypak.com and updates show your tenant name.
– Save state in PPC groups
– Support for PP RDP Manager (upload files only, not in cloud editors yet.)
PPGPCR updates:
– Fix for export on crash.
– Support for PP RDP Manager.
6/26/2020: CSE 2478
CSE updates:
– PPBR: IE in Edge “combined” support. STRONGLY recommended you pre-watch video for details: https://kb.policypak.com/kb/article/927-policypak-browser-router-internet-explorer-in-edge-mode/
– PPLPM: “Self Elevation” policy. https://share.getcloudapp.com/4gujPkXq STRONGLY recommended you pre-watch video before using: https://kb.policypak.com/kb/article/926-policypak-least-priv-manager-self-elevate-mode/
– PPLPM: F1 now works for SecureRun Block Message.
– Overall: If PP has a problem, the customer-message is improved.
– PPLPM: SecureRun Audit rule adjusted.
– PPBR Fix: User-selected browser is recorded better (instead of “falling thru” to IE).
PPGPCR updates:
– Added EXPAND ALL / COLLAPSE ALL functionality for large hierarchies
– Added functionality for refresh the group membership every X minutes
– Fixes for high DPI management station
– Fixes for Auditor not seeing built-in groups
PPCloud updates:
– New Cloud editor: Microsoft Restricted Groups (see video). https://kb.policypak.com/kb/article/925-policypak-cloud-restricted-groups-editor/
– Rename computer from in-cloud editor improved
– Enhanced PP Cloud Client error logging
– “IP Whitelist” renamed to “Allow current IP”
5/29/2020: CSE 2451
– Big Feature: PP Browser Router: Apply Default Browser One Time… then Drift !
– Big Feature: PP File Associations: Apply some (or all) file associations… then Drift!
– Little Feature: PP Least Priv Rename “Run as PolicyPak” to anything you like.
– Fix: PP App Manager: Firefox Addons now Disable/Enable as expected with FF ESR 68.0.1+
– Fix: File Information tool adjusts for , to .
– Fix: PPBRAgent fix with old Edge
– Other small fixes and stability issues.
– PP Cloud update (not in the CSE, but in the PP Cloud agent): Works now with VDI ! See the videos / KB, but some examples:
PPCloud.exe /sysprep
PPCloud.exe /sysprep /jointoken:AaIstqhlY/j+A9qtQjFkLFg=
PPCloud.exe /unregister
PPCloud.exe /unregister /jointoken:ARCPD+6778MfNzby1gXjJEI=
4/6/2020: CSE 2392
– No CSE update since 2362.
– MMC update for Oracle –> Java Rules Manager Import
3/6/2020: CSE 2362
PP GP & MDM editions:
– BIG FEATURE: PP File Associations Manager now works on USER SIDE (and works for non-domain joined machines with PPC and PPMDM) !
– BIG FEATURE: PPLPM Admin Approval Dialog box; now has F1 keypress to show “What’s happening.”
– BIG FIX: PP MMC snap-in now Un-furls 10x faster and fix flickering and freezing MMC issues.
– Medium feature: Disable CSE logs per CSE category via ADMX
– Updated behavior for PPLPM + non .EXE files and UNC paths.
– NOTE: Remote Drive-based rules will stop working.
– See details and updates you must perform in this KB if you’re elevating DRIVE MAPS for non-EXE rules: https://kb.policypak.com/kb/article/171-how-are-drive-maps-and-unc-paths-supported-in-policypak-least-privilege-manager/
– Update: PP Scripts unpacked location now protected from end user, and configurable via ADMX.
– FIX: PPSSM “What’s missing” icon now opens correctly in new edge.
– Update: PP Feature Manager for Windows renamed to Feature Manager for Windows 10 and Windows Server … and updated for all features in 20H1.
– FIX: PPScripts: Fix bug importing .VB and .VBS files
– New helper tool: “File Information Viewer” https://share.getcloudapp.com/Z4u5owvO
PP Compliance reporter:
– BIG FEATURE: Restrict PP GP Compliance Reporter Admin console from connecting when logged in user isn’t a member of an AD security group (requires SERVER and ADMIN CONSOLE to be updated.) VIDEO: https://kb.policypak.com/kb/article/874-enhanced-security-for-server/
– Fix: Added reporting information for unusual / unsupported policy types added PP Feature Manager and PP Scripts reporting support.
PP Cloud:
– BIG FEATURE: PP Browser Router automatically registers itself when deployed via PP Cloud !
– In Cloud Editors for PPLPM: EXE (simplified), Control Panel, SecureRun. Use the new File Information Helper tool from download to help you get signatures, etc.
2/6/2020: CSE 2339
– Improvements for PPLPM Admin Approval dialog: New support for environment and context variables in the AA dialog (clickable links, and copy-paste from the dialog.)
– MSI Product Code Output tool has been superseded by the new “File Information Tool” found in “Extras” folder.
– Fixed FF: Prevent Access to Local Files for FF 68 ESR
1/10/2020: CSE 2310
– PPBR now supports routing to and from the new Edge (also known as Chrome-Edge or “Edgium”). If BOTH OLD Edge and NEW Edge are on the machine, we route now ONLY to NEW Edge !
– It’s now possible to configure display name of how Windows 10 shows Browser Router Agent. For example, “Managed by your organization” or any other text may be displayed instead of PolicyPak Browser Router.
(Pic in Admin UI: https://share.getcloudapp.com/yAuL1KOJ )
(Pic in User UI: https://share.getcloudapp.com/P8uYQQ17 )
– Blocking of untrusted apps silently using SecureRun. So optionally show NO MESSAGE when something is not owned by someone on SecureRun list.
– Blocking of untrusted apps with custom messages using SecureRun
(Pic in UI of both of those features: https://share.getcloudapp.com/geurRRlW )
– Context variables in PPLPM custom block messages (e.g. %POLICY_NAME% or %PROCESS_EXECUTABLE_OWNER%). Pic in Admin UI: https://share.getcloudapp.com/NQuvllZG
– Clickable links (http, https and mailto) in PPLPM custom block messages
– Custom block messages are now copiable
(Pic in Admin UI: https://share.getcloudapp.com/9ZuNooXg )
(Pic in User UI: )
– PPLPM CSE now blocks most of background activities related to blocked apps silently
– PPLPM snap-in now suggests to add a File Info / Product Info condition when Signature Condition is being configured for an installer
– PPSSM and PPTBM now tries to locate the target executable in %PROGRAMFILES(x86)% when %PROGRAMFILES% is used and vice versa
– PPSSM now allows to select between a single-column and two-column Start Screen layout
(Pic in Admin UI: https://share.getcloudapp.com/E0uEyyXm )
– PPAM Firefox Pak: Bookmarks handler in PPAM now supports two new commands (Needs updated CSE)
– {Folder Path}, [{Root Folder},] remove-folder (e.g. Folder Name, remove-folder or Folder Name, toolbar, remove-folder). Please see #5916 for details
– [{Root Folder},] cleanup (e.g. cleanup or menu, cleanup or toolbar, cleanup). Please see #5972 for details
– Other Security enhancements, stability improvements and misc bugfixes
12/12/2019: CSE 2283
– One small fix for PPLPM where EXEs being run over UNC paths and removable drives would not elevate as expected
12/4/2019: CSE 2275
– One small fix for PPLPM where older EXEs without built-in manifests would not elevate as expected.
11/29/2019: CSE 2270
-An option to block apps silently when a PPLPM rule applies
-An option to block apps with a custom message when a PPLPM rule applies
-An option to disable Event Log / Audit events for an explicit rule
-Executable publisher and command line of the parent process are now logged when SecureRun or Admin Approval applies to a process
-PPFMW now allows to manage Win10 1903 and 1909 features
-PPJRM will now use the force attribute when Java 8 Update 22 or newer is available (even when an older Java version is also present)
-PPBR support for FrontMotion Firefox
-Fixed a bunch of PPATM snap-in bugs that led to incorrect results of policy processing
-Fixed two LPE vulnerabilities in PPLPM (PDF was emailed to customers.)
-Other bugfixes and stability improvements
10/18/2019: CSE 2228
– Fixed a few PPATM bugs including, customer-reported problem with ADMX / IE zone assignments. *NOTE: Both the Admin Console and CSE must be updated, and the policy must be re-created.)
– Fixed installation and removal of add-ons on FF 68 ESR. (NOTE: Now, it’s supported on FF 53 or newer.)
– Fixed crash in the PP: Programs tool when it fails to extract an icon
10/11/2019: CSE 2221
– Fixed PPMerge to run correctly on Win10 1809 or later (find GPMC naturally)
– PPAM: Now possible to make certs trusted for specific websites in PPAM pak for FF. (The syntax is C:\Certificates\Trusted.cer, 1, xyz.abc.gov:443, add-for).
– PP CSEs will now process XML policies in the alphanumeric order of the XML file names
– PPExporter allows to set Policy Layer to resolve conflicts between different “layers” of policies
– It’s now possible to run PPExporter as a non-admin user
– PPExporter now allows you to select built-in groups on NDJ machines
– PPAM: Fixed “Process this entry as user” when policies are processed by GPSVC on Win10
– Improved logging for Plaintext File Handler (e.g. used in the Java pak).
– (Need to use latest re-compiled Java Pak to use this feature.)
– Fixed a bug in the PPATM Admin Console causing REG_MULTI_SZ values to be written incorrectly for the policies exported to XML
– Fixed a bug in the PPATM Admin Console causing incorrect registry value names for ADMX list element when valuePrefix attribute is not set
– ADMX category containing PolicyPak settings has been renamed from PolicyPak to “PolicyPak ADMX Settings”
9/30/2019: CSE 2210
– Hotfix for the PPLPM crash. Caused by Action = Run with customized token and Base Token = Use the original user token.
(This is the only fix).
9/16/2019: CSE 2196
CSE and MMC update:
– The XMLDATA folder is no longer readable by users.
– PPJRM (Java Rules Manager) now allows to select the latest (as of the release date) Java versions
– PPAM (App Manager) and PPBR (Browser Router) browser extensions now work as expected on FF 68 ESR
– PPSSM & PPTBM CSE now supports Roaming User Profiles and Redirected Folders
9/16/2019: PPGPCR 2183
PPGPCR (Compliance Reporter) updates:
– Can now EXPORT results as HTML and CSV (#1 most requested feature !)
– Can now use SQL as database, instead of built-in SQLExpress (#2 most requested feature !)
– Can migrate from SQLExpress to SQL if desired. Known bug if you cancel this process; simply restart PPGPCR Service to get back to normal.
– Higher capacity of results accepted in SQL server.
– Can now scope results by OU and “Smart Filters”
– Windows 10 1903 and Server 2019 support added
– Database cleanup interval configurable via ADMX
– Test operations now faster
– Server Event logs moved to better place in Event Viewer
– Better high DPI and big monitor support
– Many bugs fixed.
8/30/2019: CSE 2177
Minor bugfixes to solve a handful of customer issues.
Fixed a few bugs in the PPSSM CSE
Fixed a PPTBM CSE resulting in a “detached”/second taskbar item for File Explorer when it runs
Fixed a bug in the GPO Converter Tool causing PPATM CSE not to process GPOs created in the tool
Fixed support of multi-line string fields (REG_MULTI_SZ) in PPATM and the GPO Converter Tool
Added ADMX policy to prevent PPExtensionService from syncing policies when user logs in
“Run with PolicyPak” context menu item will now be re-added automatically if it gets removed during Windows upgrade
7-23-2019: CSE 2141
Minor bugfixes to solve a handful of customer issues.
1. Fixed PPFAM issue when an app installed to Program Files (64-bit) is opened from a 32-bit process
2. Added ADMX policy to disable PPAM reapply on launch
3. When reapply on launch is disabled in a Pak, no code injection will be performed; effectively preventing compatibility issues if any exist.
4. PPSSM CSE will now set the StartLayout under unusual conditions.
5. PPSSM and PPBR logging improvements
6-27-2019: CSE 2109
New PP Least Privilege Manager updates !
1. Increased security for SecureRun: https://kb.policypak.com/kb/article/805-policypak-least-priv-securerun-to-block-user-and-system-executables/
2. Increased security for blocking PowerShell and other system files: https://kb.policypak.com/kb/article/792-pplpm-block-powershell-in-general-open-up-for-specific-items/
3. Increased security for elevating apps, but BLOCKING Domain Admins or other local admins: https://kb.policypak.com/kb/article/806-policypak-least-priv-elevate-apps-as-standard-user-block-other-admins/
4. Ability to “right size” SERVICE ACCOUNTS permissions: https://kb.policypak.com/kb/article/804-policypak-least-priv-manager-reduce-or-specify-service-account-rights/
Text based KB Article on all four features: https://kb.policypak.com/kb/article/807-how-when-and-why-would-i-use-the-scope-filter-section-in-policypak-least-privilege-manager/
5. PolicyPak Scripts Manager can now ELEVATE user side scripts. So if you have a script which needs to run in USER CONTEXT, but you need that script to run elevated… there’s now a magic checkbox for that!
Known issues: PP Taskbar manager might launch another unexpected process. No ETA on fix.
5-31-2019: CSE 2087 (other items, like MMC console, etc. are at build 2081)
1. A few more fixes for PP Start Screen items
2. New Helper tool: GP vs. MDM Settings Analyzer ( https://kb.policypak.com/kb/article/789-policypak-free-tool-group-policy-and-mdm-settings-analyzer/ )
3. New feature: Trim what admins see in MMC console ( https://kb.policypak.com/kb/article/786-policypak-trim-the-mmc-console-for-ou-admins/ )
4. New feature: IE Sitelist to PPBR Routes ( https://kb.policypak.com/kb/article/787-policypak-internet-explorer-to-policypak-browser-router-site-lists/ )
5-24-2019: CSE 2081
1. Stability improvements for PPBR.
2. Stability improvements for PPLPM.
3. Updated error message if PP Service has a problem.
4. Exception handling if PPLPM tools has a problem.
5-13-2019: CSE 2067
1. Stability improvements for PPSSM.
2. PPSSM bugfixes.
3. New tool: Group Policy and MDM Settings Analyzer (see PDF release notes and videos).
4. Allow snap-ins hiding with ADMX.
5. PPLPM: support for catalog-signed files.
3-14-2019: CSE 2010
Minor update to fix malformed PPLPM XML. Cloud customers on 1988 or later will automatically get this build.
3-12-2019: CSE 2007
Three big PPLPM features:
1. PPLPM “Discovery Auditing.”
2. PPLPM Block & Allow UWP applications.
3. PPLPM Manage Security of Child Processes.
2-20-2019: CSE 1988
1. PolicyPak Feature Manager for Windows
(see PDF release notes and videos).
2. PolicyPak Least Privilege Manager
(see PDF release notes and videos).
A. Admin Approval
(see PDF release notes and videos).
B. On-Demand rules
(see PDF release notes and videos).
C. Event Logs for applied rules
(when a process is Elevated or Allowed by a rule, or Blocked by a rule or SecureRun)
(see PDF release notes and videos).
D. Fixed non-working elevation when LSA protection is enabled
E. Fixed incorrect SecureRun state in ADMX reports
3. PolicyPak Browser Router
A. Open link in a new tab (Experimental)
B. Fixed non-stop routing in FF60
C. Fixed zone-based rules on VDI
4. PPJava Rules Manager
A. New Java versions available
5. Misc
A. Computer-side and switched mode PolicyPak policies will now be downloaded and processes when user logs in
B. ILT bugfixes
C. Stability improvements (fixed a bunch of crashes, issues related to handling PPCloud/MDM/XMLData policies, etc.)
12-14-2018: PPGPCR
1. PPGPCRServer failed to start.
2. PPGPCRServer install without internet.
10-11-2018: CSE and MMC update 1856
1. Added new PP Least Privilege Manager “Helper Tools”. See the videos in the Video Learning Center.
2. Fixes problem where LT doesn’t see licenses installed.
3. Adds latest version of Java within PPJRM dropdown.
4. Other misc. hotfixes for specific customers to fix specific problems.
9-27-2018: MMC update 1842
1. Added new Java versions.
9-3-2018: CSE update 1808
1. Misc fixes for PPBR.
2. Chrome now exempt from Reapply on Launch.
3. ADMX updates to block AppLock on demand.
4. Fixed PP Start Screen & Taskbar manager: Stickynotes and other interesting items.
5. Other PPSSM bugfixes.
6. Fixed misc. customer-reported crashes in PPBR and some PP Services.
7-27-2018: CSE update 1779
1. PPBR: FF61 support
2. Bugfix in PowerShell
3. Bugfix in PP Merge tool
3-28-18: CSE update 1659. (Non-critical update)
1. Added support for PPSSM + Citrix links.
2. Added support for IE links.
3. Updated PPBR Error message.
3-20-2018: CSE Update 1649: Some CSE, Admin Console, and Extras tools updates.
1. Fixed a crash in PPBR agent.
2. Bugfix in PP Merge tool.
3. Tooltip enhanced for PPBR + RegEx and wildcard.
4. GPMC/ADM Reporting fixed for PP Start Screen Manager.
5. Misc CSE bugs.
3-2-2018: CSE update 1638
1. New PolicyPak Scripts Manager Component !
2. Lots of bugfixes; around PolicyPak Browser Router.
3. Lots of other misc bugfixes.
4. Updated EULA with minor changes.
12-19-2017: CSE update 1560.
1. New PolicyPak Start Screen & Taskbar Manager Component.
2. New tool: Auto-Rules Generator for PolicyPak Least Privilege Manager !
3. New function: Launch external apps from Firefox (Like Adobe Reader) instead of Firefox’s internal viewer !
11-14-2017: CSE Update 1524 / hotfix build. So, no new big features yet. Fixes are:
1. Updated PPLOGS.EXE program to change extensions of executable and other dangerous file types (.exe, .js, .reg, etc.)
2. Fixed PPCloud + MS PowerPoint issue.
3. Fixed PPLPM elevation for users that have “powerful privileges”. For instance, if end-user had Load Driver privilege for their users, and this caused PPLPM to NOT elevate Device Manager properly.
4. Improvements for PPBR upgrade scenarios / default browser reset.
5. Fixed memory leaks in PPBR.
6. Fixed PPFAM failures when HKLM\SOFTWARE\Policies\Microsoft\Windows\System doesn’t exist
7. Improved PPWatcherSvc logoff and shutdown handling. The “This program prevents Windows from shutting down” should no longer occur, and we also changed display name from PPWatcherLogoffListenerWindow32 to PolicyPak AppLock Service.
8. PPAM logon time improvements when sync policy processing is enabled
9. Significant performance improvements in PPLPM
10. Fixed PPLPM SecureRun for local users
11. Fixed PPLPM SecureRun blocking PPBR routing to Edge
12. Fixed PPLPM MSI rule to match MSI with Lower Than {version} / Higher Than {version}
13. Fixed PPFAM support for apps with ambiguous command lines (e.g. Claws Mail, which doesn’t follow MS guidelines on app registration)
14. Logs rotation should no longer trigger “reboot pending”
15. PPAM and PPBR support for FF57 (FF Quantum)
8-17-2017: CSE Update 1434 with Major and Minor fixes:
1. See PDF for 3 pages of updates and fixes. Key features, however are:
2. PPBR: Edge Support (see video first.)
3. PPLPM: Link to COMPUTER, but now filter BY USER / USER GROUP.
4. PPBR: Chrome support for non-domain joined machines (see video first.)
5. PPAM: FF44 and FF55 Bookmark support.
Again: MANY other updates and fixes. Strong recommendation to upgrade.
7-20-2017: CSE Update 1407 with minor fixes:
1. Fix for PPLPM Certificate Rules not applying when machines were not Internet connected.
2. Fix for PPLPM + scripts with two \ chars.
3. Fix for PPBR + FF 54 not seeing each other / not working.
4. Fix for PPLPM + Citrix profiles pop-up problem.
5. Fix a Log Rotation issue.
6. SecureRun tweaked to permit MSIs, etc. to call sub-processes .BAT files during installs.
7-6-2017: MMC update fix only.
1. Fix in PPAM: Creating ADM settings reports restored.
6-21-2017: Build 1379
1. Bugfix for some customers with User side PPLPM not functioning.
2. Bugfix for one of the services being held at logoff/ reboot.
6-14-2017: Build 1371
A TON OF NEW STUFF. See the PDF. Highlights:
1. New component: PolicyPak File Associations Manager !
2. Updated: PPLPM Scripts elevation !
3. Now use PolicyPak with your MDM service (AirWatch, MobileIron, Intune.)
4. Free utility: PP GP Converter to COMPRESS / Reduce GPOs !
Videos for everything in the PDF !
4-27-2017: Build 1281
1. Fixed Firefox 53 issues with Browser Router.
2. Added feature to enable Browser Router to take command-line arguments for browsers, like –incognito and so on.
3. Misc performance and other bug fixes.
2-22-2017: Build 1260
Overall:
1. Fixed High CPU usage.
2. Fixed problem when XMLdata files are used.
PPAM:
– New ADMX setting to pre-delete registry keys before the PPAM CSE runs. – Helpful especially with Chrome Pak which will not revert correctly without this setting.
PPATM:
1. Now the policy chooser UI will stay in place until you close it; enabling you to specify multiple policies at once.>>
2. Window size and shape will persist its size and…
3. Location will persist of last location you were in the tree view state.
PPBR:
1. IE / other browsers will now come to the foreground when invoked. (Bug #1715)
2. Logging fixes and other Internal changes
PPJRM:
1. Now match on Latest available Java in family
PPLPM:
1. Support to elevate MSI applications via rule
2. Support to automatically block MSI applications via SecureRun(TM)
PPGPCR:
1. The major change is that the Auditor.exe will only run now (by default) when GP successfully processes background GP refreshes. ADMX files provided to change this behavior if desired. Please see the manual in Chapter 3 (Tuning and Troubleshooting) to understand the new behavior or revert to the original behavior.
Other features and fixes in PDF notes.
12-29-2016: Build 1204
– All products: Fix for RDS; was keeping session open at logoff in CSE.
– Item Level Targeting; fix for local admins and timing of first application of Item Level Targeting in CSE.
– Fixed “Not applying license” problem in CSE.
11-25-2016: Build 1171
– PPLPM: Elevate PowerShell Scripts
– PPLPM: MMC console lets you import from computer or user side
– PPBR: Future builds at upgrade won’t prompt or reset default browser
– PPBR: Other bug fixes
11-21-2016: Build 1167
– New Chrome “Clear Browsing Data”: http://screencast.com/t/Pyc2dmS0
– Multiple PP Browser Router Issues resolved.
– Bugfix for those with MS KB3163622 / MS 16-072
– Fix for ILT + PPLPM
– Other PPLPM fixes
– Firefox ppLockdown file fixed on TS
– Note: No new PDF for “What’s new / Build Summary”
11-3-2016: Build 1149
– New Component: PolicyPak Least Privilege Manager !
– Amazing new Firefox updates !
– Major and minor bugfixes !
9-19-2016: Build 1098.
-Fixed slowdown issue with PPBR and FF and IE.
8-25-2016: Build 1069b (MMC is 1079)
-Fixed MMC snap-in bug where PPAM wasn’t writing ADM reports
8-18-2016: Build 1069
-New features in PPBR.
-New feature for Firefox + Certificates
-Fixes for PP Preferences