In this video learn how to verify PolicyPak cloud is working; and then create your own directives and watch them work !
PolicyPak Cloud: QuickStart
Hi. This is Whitney with PolicyPak Software. In this video, we’re going to see how super easy it is to get PolicyPak Cloud up and running in no time.
In the last video, we talked about how to promote this server to a domain controller so that we could make use of the functionality of the GPMC. We also talked about installing the PolicyPak Admin Console MSI so that when you edit your GPOs, you’ll have the PolicyPak magic that you need to make all of this work.
What we’re going to do now is we’ll go look at the “www.policypak.com” website, and we’ll look behind the curtain at the PolicyPak Cloud portal for a moment. When you first signed up for PolicyPak, you got two welcome letters.
The first one takes you to the “CUSTOMER PORTAL & CUSTOMER SUPPORT FORUM,” which is where you’ll go to download things you’ll need to make all of this work, such as the Admin Console MSI. You can also get manuals there. You can get some training. There’s a bunch going on behind that curtain.
But we’re going to check door number two here and look at the “POLICYPAK CLOUD.” You should have gotten a second welcome letter that will welcome you to the “POLICYPAK CLOUD” section. Let’s “Login” here. What you’re going to see is that PolicyPak Cloud is made up of a bunch of different components that do a whole bunch of different magic things.
Let’s go over here and look at the “XML Data Files” tab. These are where we have six prebaked directives for you that will get pushed out to all of your cloud machines until you remove them. This is just so you can have an example of what’s going on.
We have everything from managing “WinZip” settings if you have that on your machine like I do. We have PolicyPak Preferences (“PPPrefs”) where we’ll add a “Shortcut” to “All Desktops.” We’ll “Run Process Monitor” as an admin even though we’re just a standard user. We’ll change the “Screen Saver.” We’ll route certain websites to certain browsers and see all kinds of good stuff happening.
The way you’re going to make you’re endpoints join your instance of the cloud to receive these directives and eventually any directives that you create, you’ll go to the “Company Details” tab here. Scroll right down, and you’ll see that you have a couple of options here. You’ll “Download PolicyPak Cloud Client Installer,” either 32-bit, 64-bit or both “as a single Zip file.”
You’ll then deploy those in whatever way you normally would. Once the cloud client gets installed on your endpoints, it will join this instance – your instance – of the cloud and it will receive the directives that you sent out to it.
Let’s go over and look at our non-domain joined machine. Just to prove a point, let’s go check this out. We are in a “Workgroup” that is “NOT DOMAIN JOIN.” We are not domain joined here, so everything that happens today is going to be happening through the Internet over the cloud.
We talked about some of the things that were going to happen once we installed the client and joined this instance of the PolicyPak Cloud. But before we do that, let me just show you very quickly that none of these settings are being governed right now.
If we go look at “WinZip,” we have nothing in particular happening here. We can access all of these tabs. If we go look at the “guest account,” it’s just called “Guest.” We talked about elevating Process Monitor (“Procmon”). Let’s see if we can get there now. No, sure can’t. If we go try to look at a screensaver like we talked about that being an option, then we’re going to see there’s nothing in particular going on there either. Here we go. Nothing happening in particular there.
We talked about blocking Facebook and sending things like anything Mozilla goes to Firefox. Let’s open up “Google Chrome” and see what happens if we try to go to “mozilla.org.” See what happens. No, here we are, staying right in Chrome. We said we were going to block Facebook with the cloud. Let’s see if we can do that. We can sure get to Facebook right now. We talked about there also being a shortcut that was going to get delivered here, and it’s certainly not there now.
Let’s go ahead and I’m just going to hand install this little MSI right now so that you can see in real time what’s going to happen. We’ll just go through. There we go, “admin” credentials. This registers and syncs with the cloud. Now it will sync with the cloud every 60 minutes. Coming soon: the ability to change that interval yourself, but right now everything is going to be happening every 60 minutes. That’s how often it will recheck with the cloud to make sure it doesn’t have any new directives for it.
Getting started here. Now we see that the “PolicyPak Cloud Client has been successfully installed.” We have the unique ID here. We also see that “The computer is a member of the following groups: Unassigned, All.” Right here, this tells you just like I mentioned that “This computer syncs with the cloud every 60 minutes.” Again, coming soon, the chance to change that interval yourself. But until then, every 60 minutes.
In a minute, I will show you how to manually sync this yourself and also find out what directives are being received on your machine. But we’ll wait for that shortcut to pop up before we look at that particular trick. Here we are. Now we have that shortcut.
Now let’s go look at those things that we saw before. Let’s go see if we can run Process Monitor (“Procmon”). Yes, there we go, running just as expected. Let’s go look at “WinZip” and see what happens, check out those settings. “Passwords,” there go. We now have “11 characters.” We can’t even see this control anymore. This one and this one are grayed out. We can uncheck this one, but it will come right back as soon as we get back to the settings. Oh, and look. The “Cameras” tab is gone. We can’t get to that one anymore.
Now if we go look at the screensaver, for example, let’s see. I’m betting that it’s going to be 17 minutes and the Ribbons screensaver. Let’s see. There we go, being governed. You’ll notice that I can’t change any of these. There you go. See? I am clicking my heart out, and I couldn’t get to anything.
Let’s go look at that guest account and see what’s going on there. I’ve got to “Run as administrator” because, again, we are running as a standard user right here. Let’s drill down to “Windows Settings/Security Settings/Local Policies/Security Options.” There we go. Renamed the “guest account” to something innocuous. It’s just “policypakGuest.” Let’s double click. Again, trying to click around, can’t change that at all. So these settings are pretty well locked down.
Also, we looked at that browser router option. Let’s see if when we try to go to “mozilla.org” this time, let’s see if it takes us to Firefox. Let’s go to “mozilla.org” and see what happens. Just like we thought, opening that up right in Firefox. Here we are.
Now let’s see if we can get to Facebook from here. Let’s see what happens. There we go. “Facebook blocked by PolicyPak policy.” Now if we go to “policypak.com,” it should take us to Internet Explorer. Here we are in Internet Explorer just like we thought.
Now just for kicks and giggles, let’s see if we can get to Facebook from here, a different browser. It might work here. Let’s see. No, “Facebook blocked by PolicyPak policy.” You just can’t get there from here. You can’t get to Facebook anymore. We blocked that using PolicyPak Browser Router.
So you see, in 60 seconds or less we were able to manage all of those settings through the cloud to a non-domain joined machine. Certainly, these aren’t the only directives you’re going to want to use. So let’s go back and let’s look at how to add directives of your own.
Oh, wait. Before we switch back over to the portal, I promised I’d show you that trick for manually syncing your machine, so let’s go look at that. Let’s go to “Command Prompt.” Let’s do “ppcloud /sync.” It’s going to sync with the cloud manually, and that can happen immediately.
But it also let’s you know what directives are being applied to this machine. It tells you in “PolicyPak Browser Router,” in that component, you’re receiving this name of XML directive. The same with “Security Manager,” “Least Privilege Manager” and so on. So this is where you’ll be able to see all of the directives that are being applied to this machine, or it’s one of the places you can see it. That’s how you go about manually syncing your machine to the cloud.
Now let’s go back over to our DC here and let’s look at the portal here. Now I mentioned this is where the “XML Data Files” go, this tab right here. This is essentially the swimming pool. These are not necessarily linked to anything, although in this case these ones are.
Now let’s go look over at this “Computer Groups” tab. You see we have a few prebaked groups here. One is called “All.” One of them is “Unassigned.” One of them is “Deleted.” The “All” group is where all computers show up when they first get signed up to the cloud.
Now if you want to create your own groups, you’ll go over to this link right here that says “Company Groups.” We’re going to “Add company group.” We’ll call it “East Sales.” We’ll “Add” that. That essentially functions like an OU. What you want to do is to add a computer to this group, such as the one we just were working with.
You’ll go over here and you’ll “Add/Remove Computers from Group.” I have the one right here, so let’s “Add” this right here to that group. There we are. We have “1 computer” in here. We don’t have any policies here yet, but we’ve got a computer in the computer group.
Let’s go back to our GPMC and let’s talk about how to create the directive that needs to get uploaded to the cloud. We created that one you see, “PolicyPak GPO.” Since we installed that admin console MSI, we have the “PolicyPak” node right here. Let’s go to the “Application Settings Manager.”
Now that we’re here at the “Application Settings Manager,” we’ll choose “PolicyPak for Mozilla Firefox.” Let’s manage some Firefox settings. It doesn’t matter. We’re just doing a quick test here. We can choose a few things here. We’ll force a “Home Page.” Let’s go with “policypak.com.” You can, of course, manage so much more than this, but now let’s just create a little bit of directive right here.
Now what you’re going to do is right click. You’re going to “Export settings to XML Data File.” We’ll call this “Firefox.” We’ll “Save” it. You probably don’t want to just throw it on the desktop like I did, but that’s what we’re doing for now.
Let’s go over and let’s look back at this portal. Let’s go to these “XML Data Files” here. Let’s “Upload XML Data File.” We’re going to “Choose File.” There we go. Right here, it has a “Description.” You can change that name if you want to. We can say “Force HomePage in FF.” There we go. It just lets us know a little bit more about what the XML directive is going to do. Let’s “Add” that.
Go back over to our “Computer Group” here. Let’s “Link XML here.” We don’t have it linked yet, so let’s “Link XML here.” We’ll choose “Force HomePage in FF.” “Add” that. Now next time your computer syncs to the cloud, it will receive that directive and it will have that homepage forced to it.
Now you don’t have to do all of this if all you want to see is the magic of the cloud client just doing its thing and showing you the shortcut and the settings here. All you have to do if you want to that is install your client on a test machine and watch it take place.
If you’re using PolicyPak Cloud already, that’s awesome and we’d love to hear your success stories. If you’re not and you want to, you want to get a trial, get in touch with us and we’ll be more than happy to get you up and running.
Thanks, and I look forward to seeing you in some future videos.