Portal Release Notes

Portal Release Notes

Remember that PolicyPak acts as part of the operating system and you should do SMALL SCALE testing before rolling it out broadly.

Tip: Reminder about impending Legacy XML Licensing Expiration Feb 28, 2023: Legacy XML license will expire Feb 28, 2023… even if they are set to expire in some future date. Several updates in the newly shipping CSE are there to help you with the transition. Extensive up-to-date KB article with videos, tips, tricks, workarounds and validation of success here: https://kb.policypak.com/kb/article/1231-action-required-for-policypak-customers-using-legacy-licenses/

Tip: Reminder on how to upgrade SMALL SCALE to LARGE SCALE testing and upgrades for GP and MDM with RINGS: https://kb.policypak.com/kb/article/1094-using-rings-to-test-and-update-the-policypak-client-side-extension-and-how-to-stay-supported/ and now https://kb.policypak.com/kb/article/1128-how-can-i-roll-out-latest-policypak-cse-with-active-directory-in-a-controlled-manner-using-rings/

Tip: Reminder on how to upgrade SMALL SCALE to LARGE SCALE testing and upgrades for PP Cloud with GROUPs to latest CSE in PPcloud for small scale testing: https://kb.policypak.com/kb/article/791-policypak-cloud-groups-cse-updates/

3/13/2023: PolicyPak Build number 23.3.3467.1199
[PolicyPak Overall]
  • Fix: MMC: Ctrl-X Shortcut or “Cut” context menu now fixed
  • Improved: Update to the PolicyPak Merge Tool; clearer language and support for GPPrefs Shortcuts. Screenshot:
  • Fix: Many misc bugs fixed in MMC and CSE.
[PolicyPak Preferences 2.0]

New Component: Shortcut Manager. Screenshot: https://share.getcloudapp.com/E0uXqdJZ
TIP: You need only ONE license called the “PolicyPak Preferences 2.0 License” (Enterprise or Pro Customers (with the GPO
Reductions & Transitions Pak) may request the license by emailing [email protected]) which will enable DRIVE

[PolicyPak Least Privilege Manager]
  • Improved: Video capture improvements with sbPam
  • New ADMX setting: Let you change Admin Approval when installing items which contain drivers. ADMX screenshot:
    https://share.getcloudapp.com/z8uGXvrB . Requires latest CSE to honor.
  • Fix: Admin Approval + Alternate Credentials getting Black Screen
  • Fix: Self-Elevate with MS Update KB5022282
  • Fix: Windows 11 fix for SecureRun not blocking as expected
[PolicyPak Browser Router]

Fix in UI to customers: Multi-line text now allowed in block message

[PolicyPak Device Manager]
  • Fix in MMC: Error while creating policy while adding exclusions for users
  • Fix in MMC: ‘Delete Selected’ button is now fully visible in Edit mode
  • Fix in MMC / CSE: “Allow All” policy for USB devices is created correctly now for WPD device excluisions
1/30/2023: PolicyPak Build number 23.1.3425.1079

[Reminder about impending Legacy XML Licensing Expiration Feb 28, 2023]
Legacy XML license will expire Feb 28, 2022… even if they are set to expire in some future date. Several updates in the newly shipping CSE are there to help you with the transition.  Extensive up-to-date KB article with videos, tips, tricks, workarounds and validation of success here: https://kb.policypak.com/kb/article/1231-action-required-for-policypak-customers-using-legacy-licenses/

[PolicyPak Cloud]
[PolicyPak Overall & Licensing]


[PolicyPak Least Privilege Manager]
  • Improved: Right-click Run-As Administrator should work as expected in most cases now.
  • Improved: Tuning of Right-Click Run-As Administrator via ADMX to disable “Explicit Elevation” completely and have “Run as Administrator” handed by Windows -or- “Run as Administrator with Netwrix PolicyPak” menu item (to File Explorer Only.)  Screenshot: https://share.getcloudapp.com/z8uloNG4
[PolicyPak Preferences 2.0]
  • Improved: Registry items now have application modes Always, Once or Once when Forced. Screenshot: https://share.getcloudapp.com/bLuObXwD .
  • Fixed: Registry items drag-and-drop from various levels works as expected
  • Fixed: Printers items now import from XML in MMC as expected
  • TIP: You need only ONE license called the “PolicyPak Preferences 2.0 License” (Enterprise or Pro Customers (with the GPO Reductions & Transitions Pak) may request the license by emailing [email protected]) which will enable DRIVE MAPS, PRINTERS and REGISTRY (today) and others, like SHORTCUTS (future).


12/8/2022: PolicyPak Build number 22.12.3375.735
[PolicyPak Overall]
  • New: Quick Right-Click Enable / Disable Implemented for all policies and collections (Except PP App Settings Manager). Screenshot examples for PPLPM but all others supported: https://share.getcloudapp.com/KounQRnA and https://share.getcloudapp.com/mXub7NbG
  • Improved: PPUPDATE now shows non-licensed and multi-licensed conditions. Example: https://share.getcloudapp.com/GGuJA8Ab
  • New: PPUPDATE /XMLSTATUS /OUT c:\temp outputs license status as XML
  • Fix: MMC fix for missing icons after editing.
  • New (Finally!): MMC Cut & Paste for most policies and collections !
  • Fix: Install fixed for older OSs with “DLL Missing” error.
[PolicyPak Least Privilege Manager]
  • Improved MMC: Right-click menus now streamlined and context aware
  • Improved: Admin Approval Tool now has auto-close timeouts via ADMX setting Screenshot: https://share.getcloudapp.com/eDun9vOY . Note ONLY the Admin Approval tool from this build and later will support the ADMX.
  • Improved: Netwrix sbPam session de-provisioning dialog
  • Fix: SecureRun not properly evaluating domain group added to local administrators group
[PolicyPak Device Manager]

Improved: DEVICE_INSTANCE_PATH can be added to custom message (explaining to users which device was blocked)

[PolicyPak Browser Router]

Fix: Issues with the 5-minute timeout in Chromium were fixed in the Chrome Extension. This is meant to work latest versions of Google Chrome and Microsoft Edge (Versions 104.* and higher; current is 107.*). If you’re experiencing Chrome timeouts, update Chrome/Edge to the latest and Browser Router Extension will auto-download latest.

[PolicyPak Preferences 2.0]
11/11/2022 & 11/28/2022: PolicyPak CSE 3335 (22.11.3335.685) and GP Compliance Reporter and PP Cloud Update
[Netwrix PolicyPak Least Privilege Manager]
  • Fix for MMC: Policy Drag and Drop fix.
  • Fix for MMC: Disabled collection icon fix.
  • Fix for CSE: sbPam deprovisioning and video capture improvements
[GP Compliance Reporter]
  • Rebranded for Netwrix GP Compliance Reporter
  • Support for TLS 1.2
  • Fix: Occasional service stopping.
  • Fix: Auditor exception during work.
  • Fix: High memory usage.
[PP Cloud]
  • Improved: Automatic Scaling when PP Cloud is under load / reduced load.
  • New: details when PP Cloud is under load and re-scaling. Screenshot.
  • New: PolicyPak Preferences 2.0 Drive Maps – In Cloud Editor
  • Fix: PolicyPak Preferences 1.0 Printer Editor now handles “Port Number” field correctly.
  • Fix: PPLPM Editor now allows SHA-1 hashes plus various field fixes
  • New: Additional logging to Immutable log around cryptographic exceptions causing PP Cloud clients becoming unregistered
  • Fix: Event Collection record viewer fixed to handle display / query of large amounts of data
10/17/2022: PolicyPak CSE 3319 (22.10.3319.752) and PolicyPak Cloud and GP Compliance Reporter
[Netwrix PolicyPak Least Privilege Manager]
  • Privileged Administrator Screen Recording: Records, archives, and plays back privileged local desktop activity when access is brokered by Netwrix SbPAM. WATCH VIDEO
  • ShellExecute Least Privilege Management: Intercepts, prompts, and audits ShellExecute API style UAC prompts when explicit elevation rules are configured.
  • Simplified Printer Management: Enables users to install printers securely using the native Windows 10/11 “Add Printers and Scanners” UI (Only available for CSE 22.10 or later). WATCH VIDEO
  • Simplified IP Configuration Management: Enables users to edit IP settings using the native Windows 10/11 “Network and Internet Settings” UI (Only available for CSE 22.10 or later). WATCH VIDEO
  • Streamlined UI for executing Netwrix SbPAM Rules: Embedded Netwrix SbPAM rules enable administrators to broker Java, Script, and other policies more easily. SEE SCREENSHOT 1. SEE SCREENSHOT 2.
  • Expanded Control Panel Applet Policies: Configure and deploy least privilege management policies for standard users to access Event Viewer and Performance Monitor. SEE SCREENSHOT.
  • Fix: Child Process Still Elevated while “Don’t elevate Open/Save dialog” is Enabled.
  • Fix in MMC: Elevating folders now allowed again. SEE SCREENSHOT
[Netwrix PolicyPak Device Manager]
  • Phone and Device Blocking: Blocks access to connected phones, music players, Windows Portable Devices (WPD), and other Picture Transfer Protocol (PTP) devices. SEE SCREENSHOT NOTE: iPhones not yet supported, but most Android devices are supported. Only works with CSE 22.10 and later. Phones will be blocked immediately upon CSE installation. To avoid phones from being blocked, update the policy and un-check phones first using the MMC snap-in. Then, update the CSE.
[Netwrix PolicyPak Preferences 2.0]
  • New ADMX Setting: Explicitly un-licenses/turns off PolicyPak Preferences 2.0 CSE
  • Drag & Drop Support: Supports drag & drop and other important methods for printers and drive maps from Microsoft Group Policy Preferences files. SEE SCREENSHOT.
  • Reconnect Status: Reconnect status for drive map policies now visible in MMC table. SEE SCREENSHOT.
[PolicyPak Cloud]
  • PolicyPak Preferences 2.0 Printers Editors: Configure and deploy printer policies from the convenience of an in-cloud editor (CSE v22.10 and later)
  • Administrator Re-authentication: Forces users to re-authenticate when Netwrix SbPAM sessions are initiated (Netwrix SbPAM integration is “read-only” but seen in reporting)
  • Event Collector Restrictions: Restricts events a set number per day
  • Default Expiration: Sets default expiration date to 5 years for new join tokens are created
  • Fix: Fixed alerts for “License is not present” when creating user policies when license not present.
  • Fix: Various UI fixes for time zone issues
[Misc Fixes]
  • Various ILT fixes in CSE


8/30/22: PolicyPak CSE Update and PP Cloud update 3274 (CSE 22.8.3274)
[User Interface]
  • PP MMC Snap-In: Rebrand complete with Netwrix PolicyPak Red/Blue Color Scheme
  • PP MMC Snap-In: We will attempt to determine license expiration from licenses within GPO and give you a warning if you’re expiring. Example: https://share.getcloudapp.com/12uz9EmQ Control via new ADMX setting: https://share.getcloudapp.com/5zuPW5lr
  • PP Cloud: Rebrand complete with Netwrix PolicyPak Red/Blue Color Scheme
[PPPreferences 2.0]


7/4/2022: PolicyPak CSE 3212 (22.6.3212.789) and PolicyPak Cloud
5/3/2022: PolicyPak CSE 3155 (22.5.3155.734)
3/14/22: PolicyPak CSE Update and PP Cloud Update CSE 3099
  • PP Cloud: Now Collect PPLPM Events and report on them. REQUIRES TICKET to [email protected] to enable. REQUIRES Latest CSE 3099 to operate. NOTE: This is EXPERIMENTAL and not all customers are eligible to participate yet.  Video link.
  • PP Cloud: 10x faster login
  • PP Cloud: PPLPM COM Class editor improvements
  • PP Cloud: PPJRM Updated Java Versions in editor.
  • NO OTHER FIXES or updates in the CSE. CSE is only updated to provide functionality for PP Cloud –> PPLPM Events collector.
2/4/22: PolicyPak CSE Update (First supported build for Windows 11) CSE 3068
1/5/22: PolicyPak Tools Update Only for the Auto Rules Generator Helper Tool. NO CHANGE to the MSI or CSE build number.
12/22/21: PolicyPak Cloud ONLY update

10/11/21 & 10/12/21: CSE 2943 (21.10.2943.726)

Updates and new features!


  • PP Scripts: “Once or when forced” will now execute user script corrrectly.
  • PP Browser Router: Routing from Firefox ESR 91 to other browsers fixed.
  • PP Helper Tool: Fix for Printers app for app crash
  • PP RDP Manager: Allow blank computer name
  • PPLPM + MDM: Fix SecureRun not always applying
  • PP App Manager: DesignStudio + VC2019 working correctly
  • PP Scripts: Fix for scripts not running at all for some customers.
  • PP Scripts: Fix for “Run once” policies not running at all for some customers.
  • PP GP Compliance Reporter: Auditor License issues fixed.
  • PP GP Compliance Reporter: Auditor fixed data from Computer side
  • PolicyPak Cloud: New In-Cloud PolicyPak Device Manager Editor !
  • PolicyPak Cloud Client now can support movement via command line.
  • PolicyPak Cloud: Various fixes and improvements.

– PPGPCR: Fix for Auditor with Empty RSOP data.
– PPGPCR: Fix now able to use / recognize Universal licenses when on endpoint.
– PPGPCR: Fix for “Empty” license.

8/25/21 & 8/27/21: PolicyPak CSE and Cloud Update 2905 and PPGPCR (2906)
– New PPLPM: Least Privilege Manager now has BRANDED UI with your icons, colors, etc. Video: https://kb.policypak.com/kb/article/1151-branding-the-ui-and-dialogs/

– New COMPONENT: PolicyPak Device Manager for USB and CD-ROM control.
** Note: You need to REQUEST an update license for ON-PREM or MDM. Cloud will already have license for LEGACY CLOUD customers.

Video: PolicyPak Device Manager Basics / Instantly put the smack down on USB sticks and CD-ROMs: https://kb.policypak.com/kb/article/1155-instantly-put-the-smackdown-on-usb-sticks-and-cd-roms/

Video: Allow ONE user (or group) access to USB / CD-ROMs https://kb.policypak.com/kb/article/1156-allow-one-user-or-group-access-to-usb-and-or-cd-rom-and-dvds/

Video: Authorize USB Sticks by specific VENDOR. https://kb.policypak.com/kb/article/1157-authorize-usb-sticks-by-vendor-type/

Video: Permit specific USB by SERIAL number. (COMPLETE EDITION ONLY) https://kb.policypak.com/kb/article/1158-permit-specific-devices-by-serial-number/

– FIX PP RDP Manager: Now keep RDP file signature intact when file is imported in the snap-in/PP Cloud editor.
– Update Scripts & Triggers: Updated UI for Events triggers
– FIX PPBR: policy types won’t apply if the collection doesn’t have anything else
– FIX ADMX: Newer snapins were absent in PolicyPak ADMX settings
– FIX PP Feature Manager: Collection settings when collection is empty
– FIX: Helper Service unexpectedly stopped
– FIX: PPScripts: Scripts with PowerShell would open/close Windows interactively on screen.
– Improved PP Cloud: Company-level “Password & account management & lockout” policies
– Improved PP Cloud: Policy report ( XML Delivery ) now exportable
– Improved PP Cloud: Improved LICENSED and NON-LICENSED reporting details

7/16/21: PolicyPak CSE Update 2862
– Big update for ONE Component (PolicyPak Preferences) Licensing. Please read if you are DOMAIN JOINED and might be using PolicyPak Preferences as LICENSED. (This is a small percent of customers.). Note that NON domain joined machines (CLOUD or MDM) are not affected. https://kb.policypak.com/kb/article/1143-07-why-is-policypak-preferences-original-version-forced-disabled-by-default/
– PolicyPak Start Screen & Taskbar Manager: Now enables you to have “blank” right-side of start screens as an option.
– Fix: Enforce loopback mode when GPOs are synchronized for cross-forest user logins
– Update for Java Rule Manager: MMC Editor updated for latest version of Javas.

7/12/21: PolicyPak CLOUD Update
– New in-cloud editor: PolicyPak Feature Manager for Windows https://share.getcloudapp.com/eDuyb2jE
– Improved: Edit Computer now enables you to see and edit COMPUTER Group Membership and see the Policy Forecast: https://share.getcloudapp.com/o0ue1N7D
– Policy Forecast is now downloadable: https://share.getcloudapp.com/wbu6OZXB
– Fixed: PPRDP Manager will keep RDP file signature when uploaded into PP Cloud editor
– Other various cloud fixes.

6/16/2021: PolicyPak CSE Update 2830 (21.6.2830)
– New: One big update this build. We have our own Item Level Targeting Engine which you can OPT INTO in this build. Why do we need our own Item Level Targeting Engine, and what’s changed? Before this build, we relied on the Group Policy Preferences Item Level Targeting Engine for ILT evaluation; which generally works, but sometimes has problems over VPN, slow links, and has a few bugs. When issues came up in the GPPRefs ILT engine though, we had no way to fix these issues. We put in place a few workarounds, but ultimately decided to dedicate some resources to our own PolicyPak ILT engine. Now if issues come up, we can fix our own code, providing a future path for updates and features.

Opt in with the ADMX setting: Computer Configuration | Policies | Administrative Templates | PolicyPak ADMX Settings | Client-Side Extensions | Use Item Level Targeting filters evaluation engine (Preferences vs. PolicyPak)

In a future version (expected with builds “21.9” and later; the default will simply be the PolicyPak ILT engine with the option to revert BACK to the Preferences ILT engine.)

-Updated: GPExport: Additional fields ACTION , PATH and ILT in GPExport
-Updated: Record event to the Event Log when process is elevated or allowed due to rule inheritance
– Fixed: PPLPM: Slow application launch time when Self-Elevation policy contains a bunch of individual users
– Fixed: PPLPM: Secure Copy – Incorrect validation for Network Share Source page
– Fixed: PPScripts runs script as user with elevated rights if user from Admins group
– Fixed PPRWDM: Error: Job milestone: ‘Copy’ has failed while apply dropbox policy

6/5/2021: PolicyPak Cloud Update
– New: In-Cloud TaskBar Manager Editor !!
– Improved: In-Cloud editors now allow you to ADD new policy from XML and/or Replace SELECTED or ALL XMLs ! Example: https://share.getcloudapp.com/WnuxA9BW
– Improved: In-Cloud editors enable you to REPLACE XML policy with right-click context menu “Replace selected from XML” Example: https://share.getcloudapp.com/d5uAbkAj
– Fixed: Universal license in MSI won’t replace original XML license when installing.
– Fixed: Using JoinToken with long named groups
– Updated: Explain to customer IN THE EMAIL how to adjust threshold notifications

5/17/2021: CSE 2802
– Fix for CSE when ADMX to kill a component wouldn’t work. So, now, this is expected to work regardless of license type: https://kb.policypak.com/kb/article/240-what-if-i-want-to-unlicense-one-component-like-pppreferences/
– FIX for GPO Exporter: On USER side export, we now correctly create correct USER side XML.
– Update for GPO Exporter and Preferences: Now you can see columns during export making it easier to know which items you DO and DONT want exported.

5/5/2021: CSE 2791

PP CSE, Tools, and Extras:
– New! PP Least Privilege Manager “SecureCopy(TM)”. Have a trusted READ-ONLY SHARE SOURCE for self-elevation. (Video: https://kb.policypak.com/kb/article/1122-securecopy-tm-empower-users-to-copy-then-elevate-items/ )
– New Trigger for PolicyPak Scripts & Triggers: Event Log SOURCE and/or Event IDs ! (Video: https://kb.policypak.com/kb/article/1126-policypak-scripts-triggers-events/ )
Note: GP computer-side processing bug exists when you attempt to make a trigger on a log that DOESN’T exist on the client. So… don’t do that. 🙂 We’ll fix it.
– New! GPO Export Manager MMC snap in: Quick export of GPO contents for use with PP Cloud or your MDM (Video: https://kb.policypak.com/kb/article/1125-quickly-export-this-gpos-settings-as-xmls-for-use-with-policypak-cloud-or-your-mdm/ )
– Updated: PP Browser Router: Use icon of active default browser for URL shortcuts (video: https://kb.policypak.com/kb/article/1124-set-the-links-to-icons-to-actually-show-the-default-browser/ ). Related KB on changing icons: https://kb.policypak.com/kb/article/1127-how-do-i-change-the-default-icon-for-user-created-shortcuts-for-my-default-browser/
– Updated behavior: PP Scripts will now always run regardless of PPLPM block rules (revert back to OLD behavior with ADMX setting)
– Fix: LT tool now will count ONLY Windows devices and not extra non-related devices
– Improved: Add support for RINGS elements to update.config file https://kb.policypak.com/kb/article/1128-how-can-i-roll-out-latest-policypak-cse-with-active-directory-in-a-controlled-manner-using-rings/

PP Cloud:

– New! PolicyPak Start Screen in-Cloud editor ! (Group editor: https://share.getcloudapp.com/kpuKlWmW ) (Tile editor: https://share.getcloudapp.com/2Nuwp7Br ) Note: Taskbar coming soon !
– Update: PPRDP Editor now imports more unusual .RDP files
– Update: PP Scripts + Triggers… New Triggers Editors !
– Other misc fixes

3/29/2021: CSE 2753
– Multi-domain MMC in many places (Example: https://share.getcloudapp.com/ApuY6dx9 )
– Hide Action Panel in MMC: https://share.getcloudapp.com/2Nuw1Zdq and/or do it for all snap-ins at once https://share.getcloudapp.com/8LubmzBo (and yes, we remember your choice)
– PolicyPak Admin Templates Manager (only): Quick Filters at the top https://share.getcloudapp.com/xQubd8d5
– PolicyPak Admin Templates Manager: “Add and Continue” now snaps back to same area you were just working in.
– PolicyPak Admin Templates Manager: Write the “Explaintext” whenever you edit and save a policy. “Before” behavior: https://share.getcloudapp.com/E0uYWQJ4 After behavior: https://share.getcloudapp.com/RBuY6p24 TIP: Just add any new PP Admin Template Setting (or rename a collection, etc.) Basically, make ANY change to the GPO and click SAVE.. and all the Explain Text gets re-written into the report.
– When Licensing Intune, we can license “Company Name” and don’t have to specify ALL UPN names customer is using.
– PPLPM: Fixed a situation where Admin Approval Dialog would not appear even when expected
– PPBR / CSE in general: ADMX setting to specify custom prompt to user if PPBR / CSE stops working: https://kb.policypak.com/kb/article/1106-how-can-i-present-a-custom-dialog-or-no-dialog-if-browser-router-or-the-cse-stops-working-or-crashes/
– PPLPM: Reduced startup delays caused by PPLPM CSE reading and verifying file signatures, calculating hashes, etc for big files
– PPLPM: Fixed when working with Windows 7 (unsupported!)
– PPLPM: Fix for Admin Approval Dialog starting and closing immediately
– PP CSE + Intune: Accepts “Company Name” instead of multiple UPN Names
– PP CSE: Auto-Update Feature now supports RINGS via XML files (KB: Coming soon )

PolicyPak Cloud Only 3/25/2021:
– PolicyPak Cloud to support AppX Licenses, Reporting, and upload of policies
– Yearly “Post Pay” model now available for Enterprise and Professional Customers
– PolicyPak File Associations Manager In-Cloud Editor
– PolicyPak Least Privilege Manage: Command Line Conditions Editor
– Improved Admin Requester flow
– PolicyPak Portal: New On-Prem / MDM Keys we generate will be downloaded FROM the Portal
– PolicyPak Portal: New PolicyPak Cloud Manual available for download in the portal !
– PolicyPak Portal: New Manual for Software Package Manager (AppX)

3/1/2021: CSE 2725
– New Component: PolicyPak Software Package Manager (AppX Policies). Must request a license to use. Videos: https://kb.policypak.com/kb/section/366/
– Updated: Licensing Tool to make it easy to request On-Prem AD, Intune Only, or On-PremAD+Intune Hybrid (Video: https://kb.policypak.com/kb/article/1079-how-to-request-a-license-request-key/ )
– Updated: PPupdate command now shows HOW and WHAT components (Policies) you’re licensed for (Article: )
– Updated: PPLPM Global Settings Auditing now on Computer side
– Updated: PP VPN Manager / easier import of EAP XML
– Updated: PPExporter MSI Utility now wraps up new Universal licenses (Video: https://kb.policypak.com/kb/article/1080-how-to-install-universal-licenses-for-new-customers-via-gpo-sccm-or-mdm/ )
– Updated: ADMX setting to transition Command Prompt inline processes to less-secure “Legacy mode” if desired (More details on this page: https://kb.policypak.com/kb/article/1008-why-does-policypak-securerun-block-inline-commands-and-what-can-i-do-to-overcome-or-revert-the-behavior/ )
– Rename “Paks” in all the MMC UIs to coordinate with new web launch and branding (Screenshot: https://share.getcloudapp.com/WnuBmx5p )
– Fixed: Resolve hang at first login (OS upgrades or first user log on) when Admin Approval was on.
– Fixed: AppSet (old name for Paks) Compile Issue

3/1/2021: PolicyPak Cloud updates
– New In-Cloud Editor: Java Rules Manager
– New In-Cloud Editor: PPLPM Self Elevation Policy Editor
– Improved: Copy / Paste / Overwrite existing XML for quick updates (instead of creating a totally new policy)
– Improved: “Import from XML” now available in all in-cloud editors
– Fixed: Import specific RDP file format error fixed.
– Fixed: Viewing ALL group when very large fixed.
– Fixed: PP Security Settings Manager report error fixed.
– Improved: Notification editor now supports multi-delete
– Improved: PPLPM “Global Settings” Editor had missing option
– Improved: PPLPM “Global Settings” policy now has “machine” scope
– Improved: Shortcut editor bug .. no pre-population of ICON FILE PATH item.
– Improved: In-Cloud PPBR Editor now ACCEPTs URLs without HTTP and HTTPS (Adjusted to fit same behavior as MMC editor.)

1/26/2021: CSE 2687 and updated PPGPCR 2693
– Updated PP Group Policy Compliance Reporter
– Free license is removed. A license is now required for reporting on PolicyPak and Microsoft settings.

1/20/2021: CSE 2687
– New Component: PolicyPak VPN Manager !
-Manage your VPN and “Always On VPN” connections.
– Example videos are ready https://www.policypak.com/components/vpn-manager/
– Manual(s) are coming soon / going thru editing.
– Learn more about why this is “the best thing ever” by watching this on-demand webinar replay from Richard M. Hicks, MVP and Godfather of Always On VPN. Requires registration, but if you’re a PP Customer, don’t worry, no one is going to call you. https://www.policypak.com/resources/pp-webinars/richard-hicks-always-on-vpn-101-throw-out-your-hardware-and-scale/
– If you want the PolicyPak VPN Manager license, email [email protected] to request it. We will be cutting ONLY “original / old” licenses at present, and not the new Universal licenses.

– New TRIGGER for PP Scripts & Triggers: Now support Fortinet !
– New Universal Licensing option released
– Update: PPLPM Licensing methods: STANARD and COMPLETE with accompanying MMC UI change https://share.getcloudapp.com/YEuQxXLJ

– Fix: Race Condition fix
– Fix: Using PPAM MMC + ILT editor on 32-bit wouldn’t open (80040154 Error)
– Fix: Scripts required for OpenVPN Connect trigger only created when OpenVPN Connect trigger is actually used.
– Fix: Multi-domain support in the CSE for various items; Note: Additional MMC updates should appear in future release.
– Fix: PPLPM: Environment variables are now fixed / honored in command line rules
– Fix: PPLPM: Background UWP processes correctly classified as background / foreground
– Fix: PPLPM Pasted Rules from Events (small fixes)
– Fix: PPLPM + PPC “Approve with Admin Creds” fixed: https://share.getcloudapp.com/v1u4Z2d4
– Fix: PPAM: Firefox 78.4.1 Certificates fixed from FF API change
– Fix: PPLPM Popup / blocking navigating to directory in Windows Explorer
– Fix: PPLPM Webex.exe file info condition wasn’t being accepted

12/8/2020: CSE 2641
– Closed security concern in PPBR. Security bulletin PP20-01.PDF available upon request and was sent to all customers on 12/8/2020 as a PDF attachment.
– SecureRun fix when PPBR is routing in Chrome / other extensions.
– Firefox + Certificates fixed in FF 78.4.1 and later.

12/8/2020: GPCR 2635
– Improved: Ability to chose parent OU alone
– Fix: Sync doesn’t remove tests after GPO links are removed
– Fix: PPGPCR Closed if sync server is unavailable
– Fix: PPGPCR Logging fix

11/27:2020: CSE 2630
– New: PP Least Priv Automatically Make rule from Audit Event
– Improved: PPBR MMC now shows “IE+Edge” in Column View. https://share.getcloudapp.com/NQuKdYWQ
– Improved: PPLPM + SecureRun + Command Line Parsing
– PP Scripts: New Trigger supports Cisco AnyConnect and also OpenVPN. Video: https://kb.policypak.com/kb/article/997-policypak-scripts-and-anyconnect-run-a-script-after-you-connect-via-vpn/
– Improved: MMC Snap-In UI naming: https://share.getcloudapp.com/geuo0pR2
– Fix: PP Taskbar Manager: Fixed misnumbering of policies
– Fix: PP Remote Work Delivery Manager: Revert now fixed when you use “Sequential” mode
– Fix: PPLPM and Elevate On-Demand fixed when attempting to do whole drive (still not recommended!)
– Fix: Unusual format in signature condition now supported.
– Fix: PPRWDM Azure Blob storage validation in MMC
– Fix: PPSCRIPTS Bug fixed when ONCE is selected, script should run exactly once instead of multiple times.
– Fix: PPC and PPOP licensed together problem.


11/26/2020: PolicyPak Cloud Changes
– New: PolicyPak Browser Router Editor ! https://share.getcloudapp.com/E0u47wly
– Improved: GPO –> PP Cloud importer !
– Improved logging for when computer licensing state changes !
– Improved PP Cloud Client Commandline for WVD and VDI scenarios: /nextstartwhenuserlogsin command line argument
– Fixed: Remote Work Delivery Manager editor now has SEQUENTIAL flag in Collection.
– Fixed: Editing and Saving ILT
– Improved: When joined to multiple Azure ADs, the ILT editor now makes it clear which one(s) you’re using

11/10/2020: CSE 2616:
– CSE update only: Fixed rare, but important bug causing crash and auto-restart of the PolicyPak Services. Build 2592 had introduced a bug, now it’s fixed.

10/26/2020: CSE 2592:

NOTICE: This version has a bug in the PPLPM “Admin Approval” method where the expected end-user prompt is not showing up right away. We will fix it in next version.

– Big update: MMC Snap in GPMC now puts components together by TYPE. If you don’t like this, don’t panic. Here’s a video to show how to go back to the way it used to be. https://kb.policypak.com/kb/article/983-group-policy-mmc-ui-changes-for-2020/
– Big update: PP Remote Work Deliver Manager “Advanced” features (mass copy, with recursion, file matching, etc.) now available ! : https://kb.policypak.com/kb/article/966-mass-copy-folders-and-files-with-filters-and-recursion/
– Small update: ADMX setting “Rename Experimental Features” (disabled) renamed to “Revert to Legacy File Assoc & Browser Router Method & Features” (enabled)
– Fix: PPLPM and command line parsing improved.
– Small add: Update for ADMX setting to manage PolicyPak Event Log size.
– Medium add: ADMX now available to signify additional keywords for application installers (useful if you think you have some process with SecureRun that should be trapped for installation but isn’t.)
Other misc fixes.

10/26/2020: PPGPCR Updates:
-PPGPCR Auditor now fetches raw data from local endpoint’s WMI to avoid accessing central store and taking extra bandwidth. Therefore, more processing is now done on PPGPCR server, as opposed to workstation.
-Added ability to choose any GPOs from across the domain and put in a set.
-Added ability to choose an OU with all its GPOs and make that a set.
– Other misc fixes to server, auditor and management station.

10/18/2020: PP Cloud Changes
-**THIS IS AMAZING… “GPO to PP Cloud Easy Import Wizard”: https://kb.policypak.com/kb/article/982-how-to-import-gpos-to-policypak-cloud/
– Remaining License Notification now within Notifications configuration: https://share.getcloudapp.com/wbuP6RgB
– Logging to Immutable log when computer is JOINED, DELETED, UNLICENSED, ETC. Makes for easier troubleshooting around any specific PC in PP Cloud. https://share.getcloudapp.com/E0urj6gr
– PolicyPak Cloud + PP Least Priv + Email Policies: In-Cloud editor now available: https://share.getcloudapp.com/NQu1o2X2
– PolicyPak Cloud FIX for Reporting… If you saw unexpected Yellow / Older Versions appear in reports, this is now fixed. You will need to update to LATEST Cloud Client (not CSE) for this to work as expected. You can do this on a per-group basis.
– PolicyPak Cloud FIX for editing PPLPM Policies with Self-Elevation rule

10/18/2020: PP Cloud Changes
– GPO to PP Cloud Easy Import Wizard: https://kb.policypak.com/kb/article/982-how-to-import-gpos-to-policypak-cloud/
– Remaining License Notification now within Notifications configuration: https://share.getcloudapp.com/wbuP6RgB
– Logging to Immutable log when computer is JOINED, DELETED, UNLICENSED, ETC. Makes for easier troubleshooting around any specific PC in PP Cloud. https://share.getcloudapp.com/E0urj6gr
– PolicyPak Cloud + PP Least Priv + Email Policies: In-Cloud editor now available: https://share.getcloudapp.com/NQu1o2X2
– PolicyPak Cloud FIX for Reporting… If you saw unexpected Yellow / Older Versions appear in reports, this is now fixed.
– PolicyPak Cloud FIX for editing PPLPM Policies with Self-Elevation rule


9/17:2020: CSE 2557
CSE Updates:
– PolicyPak Scripts + Triggers: New Trigger… Run a script On VPN Connect and on VPN Disconnect (Video: https://kb.policypak.com/kb/article/975-policypak-scripts-triggers-perform-scripts-on-vpn-connect-and-vpn-disconnect/ )
– PolicyPak Least Privilege Manager… SecureRun Automatic blocking of Non-Signed applications. (Video: https://kb.policypak.com/kb/article/976-least-privilege-manager-block-all-unsigned-with-securerun/ )
– Fixed: SecureRun not blocking and/or not blocking .BAT and .CMD. as expected.
– Fixed: SecureRun inadvertently blocking in-line applications.
– Fixed: PPLPM Email / Long Codes fixed with “Expires” parameter.
– Fixed: PPSCripts CSE fixed for hang on shutdown / restart.
– Fixed: PPBR Sitelist code fix for XML policy when it contains file:/// URL.

– PP Cloud:
– Cloud.PolicyPak.com now has ONE field set it in; so it works better with your password manager.
– PP Cloud Password reset page, fixed for all valid TLD domains.
– PP Remote Work Delivery Manager: More fields and a new tabbed UI for editing.
– PP RDP Manager: Import existing .RDP files.
– In-Cloud Licensing Threshold Notifications for Customers:
– Notifications / emails when licenses used hits threshold.
– Notifications / emails when non-used count hits threshold.
– Email and pop-ups when license is about to expire: 10 days, 5 days then 1 day before license expiration (but not for MONTHLY customers.)
– Emails for 2Fa and PPC Welcome email to show Company Name.
– PP Cloud Client fixed over port 443 in some cases.
– PP Cloud Client command line arguments are no longer case sensitive.
– PP Cloud Client will properly install and sync when TLS 1.0 is expressly disabled on target machine (no registry workaround required.)

9/1/2020: CSE 2543
CSE Bugfixes only:
– PP Least Privilege Manager: SecureRun fixed to correctly block .BAT / .CMD (inline commands.)
– PP Browser Router: When licensed via MDM, fixed routing fails.
– PP Browser Router: Sitelist / CSE problem when policy contains FILE:/// URL

8/21/2020: CSE 2536
New Component !: Remote Work Delivery Manager ! Deploy software and copy files from On-Prem or Web Shares. Want to deploy software to domain joined and non-domain joined machines? Now you can ! Works with On-Prem, Cloud, and MDM. See all videos here: https://www.policypak.com/products/remote-work-delivery-manager.html

New Feature: PP Least Privilege Manager + Admin Approval … with EMAIL ! Now you can know some inside details about what end-users are attempting to launch and run. They send you their request using Email, then you can approve them with “long codes.” See video: https://www.youtube.com/watch?v=s6qzARZnVGQ

New Feature: PP Scripts + Triggers… Logoff trigger! There’s no way to do “logoff scripts” with your MDM service. Now there is. Or pair it up with ILT to do a logoff script WHEN people are on laptops, etc.

Behavior change: PP Browser Router now stores user-selected browser (and other settings) in the user registry hive (which facilitates working with FSLogix and multi-Windows)

Fix: PPScripts + Triggers… Logon time delay was ignored. Now fixed.
Fix: SecureRun rule fixed for command line.
Fix: PPLPM Global Audit policies fixed reporting
Fix: Various other fixes.

PolicyPak Cloud:
New Component: Remote Work Delivery Manager is already licensed and ready to go in your tenant.
New Feature: “Lite” in Cloud Editor for Remote Work Delivery Manager. (Picture: https://share.getcloudapp.com/5zuGNevj )
New Feature: Full in-cloud RDP Link Manager editor ! (Picture: https://share.getcloudapp.com/geuzAkP0 )
New small thing: When you create policies, all options are shown at once. Saves you a click !

PolicyPak GP Compliance Reporter:
Now support for Remote Work Delivery Manager.

7/30/2020: CSE 2513
CSE Updates: New Component ! PolicyPak RDP Manager. See the video(s) at https://www.policypak.com/products/remote-desktop-protocol-manager.html
NOTE: You need to REQUEST an RDP Manager license from [email protected] !
CSE Update: New HUUUGE Feature: PolicyPak Triggers… for PolicyPak Scripts. See the video(s) at https://kb.policypak.com/kb/section/317/
CSE Update: Microsoft Teams support. See video: https://kb.policypak.com/kb/article/939-managing-teams-settings/
MMC updates: Bugfixes.
CSE Update: Other bugfixes.

PP Cloud updates:
– Emails now come from [email protected] instead from policypak.com and updates show your tenant name.
– Save state in PPC groups
– Support for PP RDP Manager (upload files only, not in cloud editors yet.)

PPGPCR updates:
– Fix for export on crash.
– Support for PP RDP Manager.

6/26/2020: CSE 2478
CSE updates:
– PPBR: IE in Edge “combined” support. STRONGLY recommended you pre-watch video for details: https://kb.policypak.com/kb/article/927-policypak-browser-router-internet-explorer-in-edge-mode/
– PPLPM: “Self Elevation” policy. https://share.getcloudapp.com/4gujPkXq STRONGLY recommended you pre-watch video before using: https://kb.policypak.com/kb/article/926-policypak-least-priv-manager-self-elevate-mode/
– PPLPM: F1 now works for SecureRun Block Message.
– Overall: If PP has a problem, the customer-message is improved.
– PPLPM: SecureRun Audit rule adjusted.
– PPBR Fix: User-selected browser is recorded better (instead of “falling thru” to IE).

PPGPCR updates:
– Added EXPAND ALL / COLLAPSE ALL functionality for large hierarchies
– Added functionality for refresh the group membership every X minutes
– Fixes for high DPI management station
– Fixes for Auditor not seeing built-in groups

PPCloud updates:
– New Cloud editor: Microsoft Restricted Groups (see video). https://kb.policypak.com/kb/article/925-policypak-cloud-restricted-groups-editor/
– Rename computer from in-cloud editor improved
– Enhanced PP Cloud Client error logging
– “IP Whitelist” renamed to “Allow current IP”


5/29/2020: CSE 2451
– Big Feature: PP Browser Router: Apply Default Browser One Time… then Drift !
– Big Feature: PP File Associations: Apply some (or all) file associations… then Drift!
– Little Feature: PP Least Priv Rename “Run as PolicyPak” to anything you like.
– Fix: PP App Manager: Firefox Addons now Disable/Enable as expected with FF ESR 68.0.1+
– Fix: File Information tool adjusts for , to .
– Fix: PPBRAgent fix with old Edge
– Other small fixes and stability issues.
– PP Cloud update (not in the CSE, but in the PP Cloud agent): Works now with VDI ! See the videos / KB, but some examples:
PPCloud.exe /sysprep
PPCloud.exe /sysprep /jointoken:AaIstqhlY/j+A9qtQjFkLFg=
PPCloud.exe /unregister
PPCloud.exe /unregister /jointoken:ARCPD+6778MfNzby1gXjJEI=

4/6/2020: CSE 2392
– No CSE update since 2362.
– MMC update for Oracle –> Java Rules Manager Import

3/6/2020: CSE 2362
PP GP & MDM editions:
– BIG FEATURE: PP File Associations Manager now works on USER SIDE (and works for non-domain joined machines with PPC and PPMDM) !
– BIG FEATURE: PPLPM Admin Approval Dialog box; now has F1 keypress to show “What’s happening.”
– BIG FIX: PP MMC snap-in now Un-furls 10x faster and fix flickering and freezing MMC issues.
– Medium feature: Disable CSE logs per CSE category via ADMX
– Updated behavior for PPLPM + non .EXE files and UNC paths.
– NOTE: Remote Drive-based rules will stop working.
– See details and updates you must perform in this KB if you’re elevating DRIVE MAPS for non-EXE rules: https://kb.policypak.com/kb/article/171-how-are-drive-maps-and-unc-paths-supported-in-policypak-least-privilege-manager/
– Update: PP Scripts unpacked location now protected from end user, and configurable via ADMX.
– FIX: PPSSM “What’s missing” icon now opens correctly in new edge.
– Update: PP Feature Manager for Windows renamed to Feature Manager for Windows 10 and Windows Server … and updated for all features in 20H1.
– FIX: PPScripts: Fix bug importing .VB and .VBS files
– New helper tool: “File Information Viewer” https://share.getcloudapp.com/Z4u5owvO

PP Compliance reporter:
– BIG FEATURE: Restrict PP GP Compliance Reporter Admin console from connecting when logged in user isn’t a member of an AD security group (requires SERVER and ADMIN CONSOLE to be updated.) VIDEO: https://kb.policypak.com/kb/article/874-enhanced-security-for-server/
– Fix: Added reporting information for unusual / unsupported policy types added PP Feature Manager and PP Scripts reporting support.

PP Cloud:
– BIG FEATURE: PP Browser Router automatically registers itself when deployed via PP Cloud !
– In Cloud Editors for PPLPM: EXE (simplified), Control Panel, SecureRun. Use the new File Information Helper tool from download to help you get signatures, etc.

2/6/2020: CSE 2339
– Improvements for PPLPM Admin Approval dialog: New support for environment and context variables in the AA dialog (clickable links, and copy-paste from the dialog.)
– MSI Product Code Output tool has been superseded by the new “File Information Tool” found in “Extras” folder.
– Fixed FF: Prevent Access to Local Files for FF 68 ESR

1/10/2020: CSE 2310
– PPBR now supports routing to and from the new Edge (also known as Chrome-Edge or “Edgium”). If BOTH OLD Edge and NEW Edge are on the machine, we route now ONLY to NEW Edge !
– It’s now possible to configure display name of how Windows 10 shows Browser Router Agent. For example, “Managed by your organization” or any other text may be displayed instead of PolicyPak Browser Router.
(Pic in Admin UI: https://share.getcloudapp.com/yAuL1KOJ )
(Pic in User UI: https://share.getcloudapp.com/P8uYQQ17 )

– Blocking of untrusted apps silently using SecureRun. So optionally show NO MESSAGE when something is not owned by someone on SecureRun list.
– Blocking of untrusted apps with custom messages using SecureRun

(Pic in UI of both of those features: https://share.getcloudapp.com/geurRRlW )

– Context variables in PPLPM custom block messages (e.g. %POLICY_NAME% or %PROCESS_EXECUTABLE_OWNER%). Pic in Admin UI: https://share.getcloudapp.com/NQuvllZG
– Clickable links (http, https and mailto) in PPLPM custom block messages
– Custom block messages are now copiable

(Pic in Admin UI: https://share.getcloudapp.com/9ZuNooXg )
(Pic in User UI: )

– PPLPM CSE now blocks most of background activities related to blocked apps silently
– PPLPM snap-in now suggests to add a File Info / Product Info condition when Signature Condition is being configured for an installer
– PPSSM and PPTBM now tries to locate the target executable in %PROGRAMFILES(x86)% when %PROGRAMFILES% is used and vice versa
– PPSSM now allows to select between a single-column and two-column Start Screen layout

(Pic in Admin UI: https://share.getcloudapp.com/E0uEyyXm )

– PPAM Firefox Pak: Bookmarks handler in PPAM now supports two new commands (Needs updated CSE)
– {Folder Path}, [{Root Folder},] remove-folder (e.g. Folder Name, remove-folder or Folder Name, toolbar, remove-folder). Please see #5916 for details
– [{Root Folder},] cleanup (e.g. cleanup or menu, cleanup or toolbar, cleanup). Please see #5972 for details
– Other Security enhancements, stability improvements and misc bugfixes

12/12/2019: CSE 2283
– One small fix for PPLPM where EXEs being run over UNC paths and removable drives would not elevate as expected

12/4/2019: CSE 2275
– One small fix for PPLPM where older EXEs without built-in manifests would not elevate as expected.

11/29/2019: CSE 2270
-An option to block apps silently when a PPLPM rule applies
-An option to block apps with a custom message when a PPLPM rule applies
-An option to disable Event Log / Audit events for an explicit rule
-Executable publisher and command line of the parent process are now logged when SecureRun or Admin Approval applies to a process
-PPFMW now allows to manage Win10 1903 and 1909 features
-PPJRM will now use the force attribute when Java 8 Update 22 or newer is available (even when an older Java version is also present)
-PPBR support for FrontMotion Firefox
-Fixed a bunch of PPATM snap-in bugs that led to incorrect results of policy processing
-Fixed two LPE vulnerabilities in PPLPM (PDF was emailed to customers.)
-Other bugfixes and stability improvements

10/18/2019: CSE 2228
– Fixed a few PPATM bugs including, customer-reported problem with ADMX / IE zone assignments. *NOTE: Both the Admin Console and CSE must be updated, and the policy must be re-created.)
– Fixed installation and removal of add-ons on FF 68 ESR. (NOTE: Now, it’s supported on FF 53 or newer.)
– Fixed crash in the PP: Programs tool when it fails to extract an icon

10/11/2019: CSE 2221
– Fixed PPMerge to run correctly on Win10 1809 or later (find GPMC naturally)
– PPAM: Now possible to make certs trusted for specific websites in PPAM pak for FF. (The syntax is C:\Certificates\Trusted.cer, 1, xyz.abc.gov:443, add-for).
– PP CSEs will now process XML policies in the alphanumeric order of the XML file names
– PPExporter allows to set Policy Layer to resolve conflicts between different “layers” of policies
– It’s now possible to run PPExporter as a non-admin user
– PPExporter now allows you to select built-in groups on NDJ machines
– PPAM: Fixed “Process this entry as user” when policies are processed by GPSVC on Win10
– Improved logging for Plaintext File Handler (e.g. used in the Java pak).
– (Need to use latest re-compiled Java Pak to use this feature.)
– Fixed a bug in the PPATM Admin Console causing REG_MULTI_SZ values to be written incorrectly for the policies exported to XML
– Fixed a bug in the PPATM Admin Console causing incorrect registry value names for ADMX list element when valuePrefix attribute is not set
– ADMX category containing PolicyPak settings has been renamed from PolicyPak to “PolicyPak ADMX Settings”

9/30/2019: CSE 2210
– Hotfix for the PPLPM crash. Caused by Action = Run with customized token and Base Token = Use the original user token.
(This is the only fix).

9/16/2019: CSE 2196 and PPGPCR 2183

CSE and MMC update:
– The XMLDATA folder is no longer readable by users.
– PPJRM (Java Rules Manager) now allows to select the latest (as of the release date) Java versions
– PPAM (App Manager) and PPBR (Browser Router) browser extensions now work as expected on FF 68 ESR
– PPSSM & PPTBM CSE now supports Roaming User Profiles and Redirected Folders

PPGPCR (Compliance Reporter) updates:
– Can now EXPORT results as HTML and CSV (#1 most requested feature !)
– Can now use SQL as database, instead of built-in SQLExpress (#2 most requested feature !)
– Can migrate from SQLExpress to SQL if desired. Known bug if you cancel this process; simply restart PPGPCR Service to get back to normal.
– Higher capacity of results accepted in SQL server.
– Can now scope results by OU and “Smart Filters”
– Windows 10 1903 and Server 2019 support added
– Database cleanup interval configurable via ADMX
– Test operations now faster
– Server Event logs moved to better place in Event Viewer
– Better high DPI and big monitor support
– Many bugs fixed.

8/30/2019: CSE 2177
Minor bugfixes to solve a handful of customer issues.
Fixed a few bugs in the PPSSM CSE
Fixed a PPTBM CSE resulting in a “detached”/second taskbar item for File Explorer when it runs
Fixed a bug in the GPO Converter Tool causing PPATM CSE not to process GPOs created in the tool
Fixed support of multi-line string fields (REG_MULTI_SZ) in PPATM and the GPO Converter Tool
Added ADMX policy to prevent PPExtensionService from syncing policies when user logs in
“Run with PolicyPak” context menu item will now be re-added automatically if it gets removed during Windows upgrade

7-23-2019: CSE 2141
Minor bugfixes to solve a handful of customer issues.
1. Fixed PPFAM issue when an app installed to Program Files (64-bit) is opened from a 32-bit process
2. Added ADMX policy to disable PPAM reapply on launch
3. When reapply on launch is disabled in a Pak, no code injection will be performed; effectively preventing compatibility issues if any exist.
4. PPSSM CSE will now set the StartLayout under unusual conditions.
5. PPSSM and PPBR logging improvements

6-27-2019: CSE 2109
New PP Least Privilege Manager updates !

1. Increased security for SecureRun: https://kb.policypak.com/kb/article/805-policypak-least-priv-securerun-to-block-user-and-system-executables/
2. Increased security for blocking PowerShell and other system files: https://kb.policypak.com/kb/article/792-pplpm-block-powershell-in-general-open-up-for-specific-items/
3. Increased security for elevating apps, but BLOCKING Domain Admins or other local admins: https://kb.policypak.com/kb/article/806-policypak-least-priv-elevate-apps-as-standard-user-block-other-admins/
4. Ability to “right size” SERVICE ACCOUNTS permissions: https://kb.policypak.com/kb/article/804-policypak-least-priv-manager-reduce-or-specify-service-account-rights/

Text based KB Article on all four features: https://kb.policypak.com/kb/article/807-how-when-and-why-would-i-use-the-scope-filter-section-in-policypak-least-privilege-manager/

5. PolicyPak Scripts Manager can now ELEVATE user side scripts. So if you have a script which needs to run in USER CONTEXT, but you need that script to run elevated… there’s now a magic checkbox for that!

Known issues: PP Taskbar manager might launch another unexpected process. No ETA on fix.

5-31-2019: CSE 2087 (other items, like MMC console, etc. are at build 2081)
1. A few more fixes for PP Start Screen items
2. New Helper tool: GP vs. MDM Settings Analyzer ( https://kb.policypak.com/kb/article/789-policypak-free-tool-group-policy-and-mdm-settings-analyzer/ )
3. New feature: Trim what admins see in MMC console ( https://kb.policypak.com/kb/article/786-policypak-trim-the-mmc-console-for-ou-admins/ )
4. New feature: IE Sitelist to PPBR Routes ( https://kb.policypak.com/kb/article/787-policypak-internet-explorer-to-policypak-browser-router-site-lists/ )

5-24-2019: CSE 2081
1. Stability improvements for PPBR.
2. Stability improvements for PPLPM.
3. Updated error message if PP Service has a problem.
4. Exception handling if PPLPM tools has a problem.

5-13-2019: CSE 2067
1. Stability improvements for PPSSM.
2. PPSSM bugfixes.
3. New tool: Group Policy and MDM Settings Analyzer (see PDF release notes and videos).
4. Allow snap-ins hiding with ADMX.
5. PPLPM: support for catalog-signed files.

3-14-2019: CSE 2010
Minor update to fix malformed PPLPM XML. Cloud customers on 1988 or later will automatically get this build.

3-12-2019: CSE 2007
Three big PPLPM features:
1. PPLPM “Discovery Auditing.”
2. PPLPM Block & Allow UWP applications.
3. PPLPM Manage Security of Child Processes.

2-20-2019: CSE 1988
1. PolicyPak Feature Manager for Windows
(see PDF release notes and videos).
2. PolicyPak Least Privilege Manager
(see PDF release notes and videos).
A. Admin Approval
(see PDF release notes and videos).
B. On-Demand rules
(see PDF release notes and videos).
C. Event Logs for applied rules
(when a process is Elevated or Allowed by a rule, or Blocked by a rule or SecureRun)
(see PDF release notes and videos).
D. Fixed non-working elevation when LSA protection is enabled

E. Fixed incorrect SecureRun state in ADMX reports

3. PolicyPak Browser Router

A. Open link in a new tab (Experimental)

B. Fixed non-stop routing in FF60

C. Fixed zone-based rules on VDI

4. PPJava Rules Manager
A. New Java versions available

5. Misc

A. Computer-side and switched mode PolicyPak policies will now be downloaded and processes when user logs in

B. ILT bugfixes

C. Stability improvements (fixed a bunch of crashes, issues related to handling PPCloud/MDM/XMLData policies, etc.)

12-14-2018: PPGPCR
1. PPGPCRServer failed to start.
2. PPGPCRServer install without internet.

10-11-2018: CSE and MMC update 1856
1. Added new PP Least Privilege Manager “Helper Tools”. See the videos in the Video Learning Center.
2. Fixes problem where LT doesn’t see licenses installed.
3. Adds latest version of Java within PPJRM dropdown.
4. Other misc. hotfixes for specific customers to fix specific problems.

9-27-2018: MMC update 1842
1. Added new Java versions.

9-3-2018: CSE update 1808
1. Misc fixes for PPBR.
2. Chrome now exempt from Reapply on Launch.
3. ADMX updates to block AppLock on demand.
4. Fixed PP Start Screen & Taskbar manager: Stickynotes and other interesting items.
5. Other PPSSM bugfixes.
6. Fixed misc. customer-reported crashes in PPBR and some PP Services.

7-27-2018: CSE update 1779
1. PPBR: FF61 support
2. Bugfix in PowerShell
3. Bugfix in PP Merge tool

3-28-18: CSE update 1659. (Non-critical update)
1. Added support for PPSSM + Citrix links.
2. Added support for IE links.
3. Updated PPBR Error message.

3-20-2018: CSE Update 1649: Some CSE, Admin Console, and Extras tools updates.
1. Fixed a crash in PPBR agent.
2. Bugfix in PP Merge tool.
3. Tooltip enhanced for PPBR + RegEx and wildcard.
4. GPMC/ADM Reporting fixed for PP Start Screen Manager.
5. Misc CSE bugs.

3-2-2018: CSE update 1638
1. New PolicyPak Scripts Manager Component !
2. Lots of bugfixes; around PolicyPak Browser Router.
3. Lots of other misc bugfixes.
4. Updated EULA with minor changes.

12-19-2017: CSE update 1560.
1. New PolicyPak Start Screen & Taskbar Manager Component.
2. New tool: Auto-Rules Generator for PolicyPak Least Privilege Manager !
3. New function: Launch external apps from Firefox (Like Adobe Reader) instead of Firefox’s internal viewer !

11-14-2017: CSE Update 1524 / hotfix build. So, no new big features yet. Fixes are:

1. Updated PPLOGS.EXE program to change extensions of executable and other dangerous file types (.exe, .js, .reg, etc.)
2. Fixed PPCloud + MS PowerPoint issue.
3. Fixed PPLPM elevation for users that have “powerful privileges”. For instance, if end-user had Load Driver privilege for their users, and this caused PPLPM to NOT elevate Device Manager properly.
4. Improvements for PPBR upgrade scenarios / default browser reset.
5. Fixed memory leaks in PPBR.
6. Fixed PPFAM failures when HKLM\SOFTWARE\Policies\Microsoft\Windows\System doesn’t exist
7. Improved PPWatcherSvc logoff and shutdown handling. The “This program prevents Windows from shutting down” should no longer occur, and we also changed display name from PPWatcherLogoffListenerWindow32 to PolicyPak AppLock Service.
8. PPAM logon time improvements when sync policy processing is enabled
9. Significant performance improvements in PPLPM
10. Fixed PPLPM SecureRun for local users
11. Fixed PPLPM SecureRun blocking PPBR routing to Edge
12. Fixed PPLPM MSI rule to match MSI with Lower Than {version} / Higher Than {version}
13. Fixed PPFAM support for apps with ambiguous command lines (e.g. Claws Mail, which doesn’t follow MS guidelines on app registration)
14. Logs rotation should no longer trigger “reboot pending”
15. PPAM and PPBR support for FF57 (FF Quantum)

8-17-2017: CSE Update 1434 with Major and Minor fixes:
1. See PDF for 3 pages of updates and fixes. Key features, however are:
2. PPBR: Edge Support (see video first.)
3. PPLPM: Link to COMPUTER, but now filter BY USER / USER GROUP.
4. PPBR: Chrome support for non-domain joined machines (see video first.)
5. PPAM: FF44 and FF55 Bookmark support.
Again: MANY other updates and fixes. Strong recommendation to upgrade.

7-20-2017: CSE Update 1407 with minor fixes:
1. Fix for PPLPM Certificate Rules not applying when machines were not Internet connected.
2. Fix for PPLPM + scripts with two \ chars.
3. Fix for PPBR + FF 54 not seeing each other / not working.
4. Fix for PPLPM + Citrix profiles pop-up problem.
5. Fix a Log Rotation issue.
6. SecureRun tweaked to permit MSIs, etc. to call sub-processes .BAT files during installs.

7-6-2017: MMC update fix only.
1. Fix in PPAM: Creating ADM settings reports restored.

6-21-2017: Build 1379
1. Bugfix for some customers with User side PPLPM not functioning.
2. Bugfix for one of the services being held at logoff/ reboot.

6-14-2017: Build 1371
A TON OF NEW STUFF. See the PDF. Highlights:
1. New component: PolicyPak File Associations Manager !
2. Updated: PPLPM Scripts elevation !
3. Now use PolicyPak with your MDM service (AirWatch, MobileIron, Intune.)
4. Free utility: PP GP Converter to COMPRESS / Reduce GPOs !
Videos for everything in the PDF !

4-27-2017: Build 1281
1. Fixed Firefox 53 issues with Browser Router.
2. Added feature to enable Browser Router to take command-line arguments for browsers, like –incognito and so on.
3. Misc performance and other bug fixes.

2-22-2017: Build 1260
1. Fixed High CPU usage.
2. Fixed problem when XMLdata files are used.

– New ADMX setting to pre-delete registry keys before the PPAM CSE runs. – Helpful especially with Chrome Pak which will not revert correctly without this setting.

1. Now the policy chooser UI will stay in place until you close it; enabling you to specify multiple policies at once.>>
2. Window size and shape will persist its size and…
3. Location will persist of last location you were in the tree view state.

1. IE / other browsers will now come to the foreground when invoked. (Bug #1715)
2. Logging fixes and other Internal changes

1. Now match on Latest available Java in family

1. Support to elevate MSI applications via rule
2. Support to automatically block MSI applications via SecureRun(TM)

1. The major change is that the Auditor.exe will only run now (by default) when GP successfully processes background GP refreshes. ADMX files provided to change this behavior if desired. Please see the manual in Chapter 3 (Tuning and Troubleshooting) to understand the new behavior or revert to the original behavior.

Other features and fixes in PDF notes.

12-29-2016: Build 1204
– All products: Fix for RDS; was keeping session open at logoff in CSE.
– Item Level Targeting; fix for local admins and timing of first application of Item Level Targeting in CSE.
– Fixed “Not applying license” problem in CSE.

11-25-2016: Build 1171
– PPLPM: Elevate PowerShell Scripts
– PPLPM: MMC console lets you import from computer or user side
– PPBR: Future builds at upgrade won’t prompt or reset default browser
– PPBR: Other bug fixes

11-21-2016: Build 1167
– New Chrome “Clear Browsing Data”: http://screencast.com/t/Pyc2dmS0
– Multiple PP Browser Router Issues resolved.
– Bugfix for those with MS KB3163622 / MS 16-072
– Fix for ILT + PPLPM
– Other PPLPM fixes
– Firefox ppLockdown file fixed on TS
– Note: No new PDF for “What’s new / Build Summary”

11-3-2016: Build 1149
– New Component: PolicyPak Least Privilege Manager !
– Amazing new Firefox updates !
– Major and minor bugfixes !

9-19-2016: Build 1098.
-Fixed slowdown issue with PPBR and FF and IE.

8-25-2016: Build 1069b (MMC is 1079)
-Fixed MMC snap-in bug where PPAM wasn’t writing ADM reports

8-18-2016: Build 1069
-New features in PPBR.
-New feature for Firefox + Certificates
-Fixes for PP Preferences