We lock down application settings so your users can’t meddle with them. PolicyPak delivers, enforces, remediates and locks down your users’ applications, including WinRAR, so that they get the same experience, every time they launch it. Ensure your WinRAR settings are dictated and ensured using PolicyPak. Get those settings out there using Group Policy, SCCM or your own management tool. Check out this video to see how it’s done.
Lockdown WinRAR with Group Policy video transcript
Hi, this is Jeremy Moskowitz, Group Policy MVP and Founder of PolicyPak Software. In this video, we’re going to learn how to manage and lockdown WinRAR using PolicyPak.
I’ve already got WinRAR installed on my computer, and I’m just a regular user here. As you can see, I’m logged on as a guy called “eastsalesuser4.” If we open up this application from the start menu and go to Options | Settings we see a number of settings here for a typical user to misconfigure.
I’ll go to “Integration” where I can control which file types will be associated with WinRAR. I can also manage how my users can access WinRAR and if I open “Context menu items” I can select which WinRAR menu items will appear in the Windows Explorer context menu. As a Network Administrator I am always interested in the Security tab of course.
WinRAR is a registry based application which means a registry savvy user can modify these settings and get around your desired settings. I have the registry location saved here where this standard user can simply work around your desired settings, go straight into the registry and modify the setting for “EmailOpt” 0 to 1. As you can see, standard user EastSalesUser4 has the rights to do this. No admin rights are required.
Let’s see how we can ensure compliance and perform desktop management of settings quickly using PolicyPak. I’ll go ahead and switch over to my Management Station computer.
We’ll go ahead and right click over our “East Sales Users”, “Create a GPO” and we’re going to call it “Lockdown WinRAR.” So this GPO is now associated with the “East Sales Users.” I’ll right click over it. I’ll click “Edit…” I’ll dive down under “User Configuration,” “PolicyPak/Applications/New/Application.” There it is, “PolicyPak for WinRAR” along with other applications like “Java,” “Flash” “Firefox,” “Skype” and lots of other important desktop applications that your users utilize every day (and you want to make more secure.).
Let’s start with “General” where I want enable the wizard for my users in case they want to use it so I will check “Activate Wizard on Start”. Notice how the setting became underlined as soon as the checkbox value changed. This means that the setting value is going to be delivered through PolicyPak. Now to make sure that it never becomes checked I am going to right click on it and select “Disable corresponding control in target application” so my users won’t be able to alter this setting at all.
Let’s go to “Integration” and then “Context Menu Items.” Here I want to check “Compress and Email” so my users can always rely on that option appearing in their context menu. This time I will right click on these checkboxes and select “Perform ACL Lockdown” which will totally prevent users from modifying this setting, even if they attempted to from the registry.
Finally I will go to “Security.” I want to make sure that WinRAR always wipes temporary files and I don’t want to give my users the option of selecting a virus scanner. Now to make sure that all of these settings are off limits to my users I will right click on the tab itself and select “Disable whole tab in target application.”
Now I will go back to my client machine, we’ll get a command prompt and run “gpupdate.” Now you could envision the user logging on for the very first time, using a Terminal Services or Citrix machine, using a VDI session, changing job roles, or getting a new computer. I just happen to be using gpupdate. Yes, PolicyPak performs the magic. To get the magic delivered, you can use Group Policy, SCCM, LanDesk, KACE or your own systems management software. Even if the user is offline, your settings are always preserved because PolicyPak is always working for you in the background, making the job of you the administrator, easier.
Now that that’s done, let’s go ahead and reopen the application. We can see that my setting for “Activate Wizard on Start” has been delivered and the setting can’t be accessed. Notice that I can’t even access the “Security” tab at all. If I go to “Context Menu Items” we see that “Compress and Email” is selected as we wanted.
Now let’s pretend that this user is registry savvy and attempts to modify the file association settings I configured through the registry. I have saved the registry location of this setting and as you can see here, ACL Lockdown even thwarts the best efforts of this user within the registry as well.
And we are done. That is how incredibly easy it is for you to use PolicyPak to manage and lockdown WinRAR as well as tons of other desktop applications.
If you’re looking for a trial of PolicyPak, just click on the “Webinar / Download” button on the right.
Thanks so much for watching, and get in touch with us if you’re looking to get started. Talk to you soon.