Daemon Tools is a scary name, but it isn’t scary at all. It’s DVD/CD Emulator. It makes it easy to work with ISO files. It’s also easy for your users to emulate your configuration settings with their own within this application and mess things up as quickly as Daemon Tools can mount an ISO virtual drive on your computer. That’s where PolicyPak comes in. We enforce and lock down the optimum settings that you, the administrator, want them to have. PolicyPak sets and enforces expectations for your users’ applications, so that they get the same experience, every time they launch it.
Manage Daemon tools
Hi. This is Jeremy Moskowitz, Group Policy MVP and Founder of PolicyPak Software. In this video, we’re going to learn how to manage and lockdown Daemon Tools Pro using PolicyPak.
I’ve already got the “DAEMON Tools Pro” installed on my target computer, and I’m just a regular user here. As you can see, I’m logged on as a guy called “EastSales User4.” If we open up this application here from the start menu and go to “Tools/Preferences,” we can see a number of settings here for a user to get in trouble with.
I’ll go to “General” where I can see how this application starts and performs updates. “Confirmations” has settings concerning the mounting and unmounting of virtual drives. Finally, in “Connection” I have important proxy and authentication settings I definitely don’t want my users messing with.
Let’s see how quickly we can ensure compliance and perform desktop management quickly using PolicyPak. I’ll go ahead and switch over to my management station computer. We’ll go ahead and we’ll right click over our “East Sales Users” and “Create a GPO in this domain, and link it here.” We’ll go ahead and call it “Lockdown Daemon Tools Pro.” This GPO is now associated with our East Sales Users.
I’ll right click over it, click “Edit” and dive down under “User Configuration/PolicyPak/Applications/New/Application.” There it is: “PolicyPak for DAMON Tools Pro Advanced” along with a lot of our other applications Paks like “Java,” “Flash,” “Firefox,” “Skype” and tons of other important desktop apps that your users utilize every day and you need to make more secure.
Let’s start with “General” where I want to do something I do for so many applications, which is make sure that the updates will not be performed. I’m going to disable “Check for updates by making sure this setting always remains unchecked. Notice that the setting became underlined as soon as the checkbox value changed. This means that the setting’s value is going to be delivered through PolicyPak. Now to make sure that it never becomes checked, I’m going to right click on it and select “Hide corresponding control in target application” so my users won’t even know that the setting even exists.
While I’m on this tab, I want to go and enforce “Automount.” I also want to make sure my users can never change this setting, so I’m going to right click and “Perform ACL Lockdown.” This is a special PolicyPak feature and ensures that the users can’t modify the setting even if they know where it lives in the registry itself.
I’ll go down to “Connection” and prevent users from configuring any proxy settings. I’ll make sure that the “Use proxy server” is unchecked as well. Then I’ll also right click and select “Disable corresponding control in target application.” Finally, I’ll go to “Confirmations” where I want to uncheck “Remove orphaned images,” and I’ll “Hide corresponding control in target application” the same way I did earlier.
I’ll go back to my client machine. We’ll get a command prompt and run “GP Update.” Now you could envision the user logging on for the first time, using a Terminal Server or a Citrix machine, using a VDI session, changing job roles or getting a new computer. I just happen to be using GP Update.
Now that that’s done, let’s go ahead and reopen the application. We can see that our desired settings for “General” have been delivered and even hidden in the case of updates. Notice that in “Connection” users cannot modify the proxy settings at all. On the “Confirmation” tab, we can see that the designated settings are hidden as well.
Now let’s pretend that this user is very, very smart and savvy and attempts to modify this setting directly through the registry. To make things a little quicker, I’ve saved the registry location for this demonstration, and you can see it here. When I try to click on it, PolicyPak ACL Lockdown thwarts the best efforts of this user even within the registry.
And that’s it. We’re done. This is how incredibly easy it is for you to use PolicyPak to manage and lockdown Daemon Tools as well as tons of your other desktop applications. If you’re looking for a trial of PolicyPak, just click on the “Webinar/Download” button on the right.
Thanks so much for watching, and get in touch with us if you’re looking to get started. Talk with you soon.