Deploy Group Policy and PolicyPak settings using SCCM, Altiris, KACE, Intune or whatever else you use

You can take the magic of real Group Policy and PolicyPak and export these settings for use with SCCM, Altiris, KACE, Intune or whatever else you use. Check out the video.

Deploy Group Policy and PolicyPak settings using SCCM, Altiris, KACE, Intune or whatever else you us

Hi, in this video I’m going to show you how you can use PolicyPak to deliver all of your settings, policy and PolicyPak settings using non-group policy tools like SCCM, KACE, Altiris, Intune, and whatever else you might have. It starts off by you creating a real GPO and it doesn’t have to be live. This could be in a test lab or something. I’ll just call this BBB. It really doesn’t matter. What you’re going to do is use the group policy editor to create items that you might want to deploy. For instance, under the PolicyPak node, you might want to go to “applications setting manager” and create a new Firefox homepage. Something simple just for this demonstration, here. If I go to and what the heck, while I’m here I might as well lock it down. Now that you’ve done this, you can take this setting, right click and export to what we call an XML data file.


I’m going to go ahead and on the desktop, I’ll call this “exported.” I’ll call this “Firefox Export 1.” That’s the first thing; you’re creating a setting in PolicyPak land and exporting it. What about Microsoft settings? For instance, policies, Windows settings. Take a look at all of their security settings such as the local policies and security options or anything here. For instance, if you wanted to rename the guest account as “PolicyPak,” well great. You’ve done that but how do you snap this off and make it useful in, say, SCCM or your own tool? Once you’ve done the work here in the group policy editor, you can’t just right click and export as XML; that doesn’t exist but we have this thing here called the Security Settings Manager Tool.


Security settings manager gives you this wizard that lets you find the settings inside the group policy object that you’ve already done – whoops – you’ve already done and lets you export that. We’re going to go ahead and export this file to that same location as exported and we’ll call this “Exported Sec Settings.” These are real group policy settings that we’ve just exported in this XML format. Let’s create a group policy preferences item. Something that might be fun. We’ll go ahead and take a new shortcut item and we’ll create a new shortcut and we’ll make it a URL on the desktop and we’ll call this and we’ll do the target URL here and the icon path, we’ll go ahead and pick a little lock guy, here. This would normally just put a shortcut and you’d have to use group policy to get that deployed. Well, you can – a couple of choices.


Choice Number 1 is you can take that file and just – there’s my exported folder. Check this out; you just drag and drop it right there. That’s Choice Number 1 or you can use the preferences manager wizard, which will also let you export any setting that you’ve got in group policy preferences land to our format. Those are two choices. The last thing I want to do is admin templates. For instance, if you wanted to use a user side admin template setting like policies admin templates control panel and you wanted to prohibit access to the control panel, that’s great but there’s no way in regular group policy land to export that. You’re going to use our PolicyPak admin template manager node here. Right click “add a new policy.”


You’re going to take any of the zillions of amazing Microsoft settings like control panel, prohibit access to the control panel setting, and we’ll go ahead and enable that. Now that’ it’s inside the group policy object, you can – you got it – right click and export to XML and now we’ve got exported real ADMX setting, which is control panel. We’ve got our four types of settings. You can also export anything else that’s on our roster if you’ve got MDM settings or if you wanted to do browser router or anything else you can come up with. In the future, it’s the same idea. You create it in the real GPO, you export it, and then you’re ready to go. What’s next? What’s next is the PolicyPak exporter tool. The PolicyPak exporter tool lets you create a new MSI based on the files that we created earlier. We’re just going to go to our exported folder, select all of our items here, and you can see that we display what component it’s for.


We show you who it’s going to be installed for and if you don’t want to do specific users and groups, you want everybody to be affected, you select “computer” and you can also use item-level targeting if you’re familiar with that in other videos that will hone in when these settings are going to apply. For the purposes of this, I’m going to go ahead and hit “next” here. I’m going to go ahead and click “next” again here. I don’t really have any comments here. I’m going to go and give this a name. The name I’m going to give this is “PolicyPak Exports Demo 1.” It saves as an MSI so you’ll be able to use in the next step whatever tool you want. For instance, SCCM, Intune, Altiris, KACE, whatever you want in order to get this deployed. Here, you can see I’ve got SCCM 2012 and I’m simply making a new application. I’m picking the MSI and I’m installing it as system.


It’s as simple as that. If you’re using Windows Intune, it’s pretty similar. You simply upload the file to Windows Intune, point to it as managed software, and you’re ready to go. In both cases – SCCM and Windows Intune – after that, you simply target the right computers and you’re off to the races. We’re going to have to use our imagination a little bit because I don’t really have SCCM in this flash up here so we’re just going to go to Command Prompt here. We’re going to go to “My Share” here and in My Share, it’s going to have my MSI. If I take a look for *.MSI – there I go – I can see I’ve got the PolicyPak Exports Demo 1. Now, remember normally you’d be not running this by hand. I’m just doing that for an example, here.


You would normally be using SCCM running it as system or Altiris or KACE or Intune. It’ll automatically run a system. This whole thing will be quiet install, no prompts, no nothing. It’s just for the purpose of this demonstration I’m doing it by hand. I’ll go ahead and close this window. That’s it. A whole lot of nothing happened except look. We just got the PolicyPak shortcut, exactly what we expected. If we were to take a look at Firefox now, let’s see if Firefox is managed the way we expect. Yep. We get PolicyPak as the homepage and let’s see if it’s also locked down. Yep, sure enough. That’s locked down. The other setting we said was to kill the control panel. Let’s see if we got that. Yep.


We got that and, by the way, there’s a little bug that’s always been here in Windows when you do that, which is that but that’s okay. There’s no control panel that’s there anymore. The last thing we said was – and this is going to take a little bit of negotiating here – but let’s go to “Run GPedit.msc.” Oops. GPedit.msc as an admin here. Let’s take a look at the guest account. Did we successfully rename the guest account? Go to Windows Settings here. Security settings. Give this a second. There we go and we’ll go to local policy security options and there we go. Account has been renamed. To recap, you used a real GPO in order to create the settings you want.


You use the Policy Pak editors in order to do that or the group policy editors to do that. By the time it’s over, you’ve exported your settings to some XML files. You use the utility we provide, called the Policy Pak Exporter Utility; it wraps it all up into an MSI. You then use whatever deployment tool you wish. Maybe it’s SCCM, Altiris, Intune, KACE or whatever, and by the time it’s over, those settings will get deployed using not group policy method. All the best parts about group policy using whatever technique you want to get that thing out the door. I hope this has been helpful and you get a lot of value out of using PolicyPak in this way. Thanks very much and we’ll talk to you soon.