Windows Intune is awesome, but it doesn’t have real group policy, or extra Windows 10 desktop management features. Watch this video and learn how to use PolicyPak to deliver REAL Group Policy settings and PolicyPak’s extra settings to all your Windows Intune joined Windows 10 machines.
PolicyPak and Microsoft Intune
Hi. This is Jeremy Moskowitz, Group Policy MVP and Founder of PolicyPak Software. In this video, I’m going to answer the question: How do you get your real Group Policy settings out there using your Microsoft Intune service?
If you have real Group Policy settings like “Security Settings,” “Audit Policy,” “User Rights Assignment,” Firewall settings, AppLocker settings, all the 3,000 “Administrative Templates” settings, how to manage “Control Panel,” “Start Menu and Taskbar,” “Windows Settings” – just everything, including all the Group Policy “Preferences” items like “Local User and Groups” and “Devices” and all the stuff you see here and all the “PolicyPak” special settings like managing the heck out of applications, like you’ve got Firefox, Flash, Java, OpenOffice and so on, we’ve got a way to manage it.
If you want to map what website is going to use what browser, we can do that with “Browser Router.” If you want to map what website is going to use what version of Java, we can do that with “Java Rules Manager.” If you want to dictate who can elevate and work around UAC prompts so your local admins aren’t running with the scissors all the time, you can use “Least Privilege Manager.” We also have “File Associations Manager” to help you say when you open up a .pdf file to open it up in Acrobat Reader and so on.
So we have Microsoft Group Policy settings, Group Policy Preferences and Security settings, and PolicyPak special stuff. How do we get that deployed using our Windows Intune? The answer is marry PolicyPak to it.
There are three things you need to get to do the magic. The first is our “PolicyPak Client-Side Extension.” You get that in our PolicyPak Portal. You can see here there’s a “PolicyPak Client-Side Extension.” The second thing you’ll need is a License file. You get that from your sales team. It may look just like this, or it might have a different name. In this example, it’s called “PP-licenses-for-Intune.”
Then lastly, we also have some preconfigured examples that you might want to use. For instance, we’re using “PolicyPak Application Settings Manager” to dictate “winzip” settings. We’re using PolicyPak Admin Templates Manager to dictate “screensaver-settings” through “Microsoft Group Policy Admin Templates.” We’re marrying specific browsers to specific websites using “PolicyPak Browser Router.”
We’re elevating a particular application, “procmon,” such that standard users can elevate that application and not have to get local admin rights (using “PolicyPak Least Privilege Manager”). We’re deploying a “shortcut” on the desktop using “Microsoft Group Policy Preferences.” And we’re also doing something with security by renaming the “guest-account” (using “Microsoft Group Policy Security Settings”), doing real Group Policy and PolicyPak settings.
We’ve wrapped up these settings into an MSI file called “PolicyPak-XML-Examples,” and it’s easy to do. You simply take a real Group Policy Object that you already have, and then you right click and export the settings using the stuff we give you in the box. Once you’ve exported your real Group Policy settings or your PolicyPak settings, you then wrap them up into the MSI file. We give you a utility called the “PolicyPak Exporter Utility” to do that. There’s another video on how to do that.
Once you have all three pieces – let me say what they are again: the “PolicyPak Client-Side Extension,” the “PolicyPak-XML-Examples” and License file – you’re ready to go into Intune and upload those, which I’ve already done.
Let me start over here at the beginning again. This is “Intune” at the start here. You can click on “Apps” here, and then you can see the applications. I have just used the “Add App” wizard, gone through the wizard and specified them. Here’s the “PolicyPak Client-Side Extension,” here’s the License file and here are the “PolicyPak-Exported-Settings.” It’s as simple as that.
I’ll go over to my Windows 10 machine here. I’ll go ahead and get enrolled into my MDM service. Here we go. At this point, we’re locked and loaded. We could wait a little while. Sometimes Intune decides it wants to work right away, and other times it takes a little while.
You can try going to “Settings” here in Windows 10. You can type “mdm” and you can click on the little briefcase icon here, click “Info” and then “Sync.” This sometimes makes it go a little faster. What I’ll do is I’ll pause the camera and then come back after it’s done and show you the results.
The first thing you can see when we get back is that PolicyPak has deployed a Group Policy Preferences shortcut item right here to the desktop, which is pretty nifty. The second thing we do is if we were to go to the “Settings” here and if were to go right to the “Lock screen settings,” that’s where they hide the “Screen saver settings” nowadays. You can see PolicyPak has delivered the “Screen saver” and the number of “minutes” and the “On resume, display logon screen.”
If we were to look locally and go to “gpedit.msc” here, the “Local Group Policy Editor,” we take a look at the computer side “Windows Settings” and look at “Security Settings/Local Policies/Security Options,” you can see that PolicyPak has renamed the guest account. We changed it from “Guest” to “policypakGuest.”
The point is that, over Intune, now you can really, really – yes, really – deploy almost every single Group Policy, Group Policy Preferences and Group Policy Security item using the Windows Intune infrastructure you already have, not to mention all the amazing PolicyPak stuff, for instance like I said, managing the heck out of applications, performing mappings of websites to Java and all sorts of other amazing superpowers.
I hope this helps you out and look forward to getting you started real soon in a trial.