PolicyPak MDM: Managing File Associations

Got PDF? And don’t want Edge to open it? Or MP4, and don’t want the built-in movie player to open it? How about protocols like MAILTO: .. want to map those to Outlook? It’s drop-dead easy.. with PolicyPak File Associations Manager. Trying to manage with “Set a default associations configuration” is for the birds, and isn’t flexible. Instead, manage it quickly using Group Policy, and PolicyPak.

PolicyPak MDM: Managing File Associations

Hi, this is Whitney with PolicyPak Software. In this video, we’re going to learn how to use the PolicyPak File Associations Manager component to associate file extensions and protocols with particular applications. We’re going to then wrap those directives up in an MSI and deploy it using an MDM solution. In this particular video, I will be using AirWatch, but you can use whatever you have, whether it be MobileIron or Intune or some other system.

Let’s start off with the most important thing you need to know. In order for File Associations Manager to work, your MDM enrolled machine has to be domain joined. There is no way around this. It’s a self-imposed limitation by Windows. This is just something you have to be aware of. The rest of the components can be on a non-domain joined machine, and that’s totally fine. But this one has to be on domain joined machines. The File Associations Manager has to be domain joined.

Let’s go look right here. We’re going to see that I am “Connected to AirWatch MDM” service. Again, you can use whatever you have. I’m just using AirWatch for this video. And it let’s me know that, indeed, I am domain joined: “Connected to FABRIKAM AD domain.”

The other important factor is that I already have the “PolicyPak Client-Side Extension” and the “PolicyPak MDM Licenses for PolicyPak” installed on this machine, deployed through the MDM service. These are the two moving parts that you have to have on your machine in order for the directives that you create later to work.

The problem with file associations in Windows 10 is that it is particularly difficult and it is not particularly dynamic. So if you go through all the trouble to create the file associations that you need but then you need to change something, you have to go through all of that trouble again. There’s no really quick point-and-click.

Let’s go ahead and look at some of the default associations that Windows 10 gives me. If I go to a MAILTO: link that I click on, it’s going to open up in this ridiculous Metro app that Windows 10 has, this mail program here. If I go to a PDF, it’s going to open up in Edge just by default. There we go. Then when we open a video, it opens in “Movies & TV” here.

But what if we don’t want any of those associations? What if we want MAILTO: to open in Claws Mail? What if we want the PDFs to open in Acrobat Reader and we want the videos to open in VLC Media Player? What are we’re going to do?

We’re going to go over here to our management station now, and we’re going to create a new GPO that we’re then going to export as XML, wrap it up in an MSI, and then deploy it to our machine. We’re going to create a “New GPO.” We’ll just call it “FAM Settings,” and we will “Edit” this.

Now even though our machine is domain joined, we don’t have to deploy this using Group Policy. We could still deploy this using our MDM solution, which in this case I’m using AirWatch but, again, you use whatever you have.

Now that we’re going to edit this GPO here, I’d like to point out that the File Associations Manager has to be done on a per computer basis. So you’re going to go to “Computer Configuration” and then to the “PolicyPak” node rather than computer or user side.

Let’s go over to the “File Associations Manager for Windows 10.” We’re going to start with “ADD NEW COLLECTION” because we’re eventually going to export this and I would rather export a single collection rather than several different policies. I’m just going to leave that as “Collection 1.”

I’m going to get inside of here and “ADD NEW POLICY.” Once we do that, we have the “Filter Type” of “File Type,” “Network Protocol” or “Windows 10 Category.” We’re actually going to do all three. Let’s start with “pdf to Acrobat Reader.”

Then I’m going to tell it which “File Extension” that I want to use. We’re going to use just letters, no punctuation or periods or anything like that. We’ll go “pdf” and select that. When I go here to “Select Program,” it’s going to look on my machine for programs that can handle PDFs.

Now we recommend that you have the same applications on your management station as you do on your endpoint when you’re doing these file associations. However, if you can’t do that, we have a utility that will help you and we’ll look at that in the next video.

All right, I have “Adobe Acrobat Reader DC” on both my management station and my endpoint. I’m going to double click on that, and I’m going to tell it “OK.”

We’re going to go ahead and do the same thing for our MAILTO: so we’re going to say “mailto to ClawsMail.” We will choose “Network Protocol.” Again, we’re only putting letters in here, so I’m going to say “mailto.” I’m going to “Select Program.” It’s going to come up with everything that can handle a MAILTO: and “Claws-Mail” is one of them. So that’s the one I want to use. Double click again. Add that.

Finally, I’m going to say I want “Video to VLC.” I’m going to choose a “Windows 10 Category,” and I’m going to choose that I want my “Video Player” to be VLC. I’m going to “Select Program” and, once again, it’s coming up with anything that can handle basically any type of video. But I’ve got “VLC media player” right here, so I double click on that and tell it “OK.”

Those are our three associations that we wanted to make. So I’m going to go ahead and come back to “Collection 1” here, and I’m going to right click and “Export Collections as XML.” Let me do this. I’m going to put it right on the “Desktop.” I’m just going to call it “FAM Settings.” There it is right there on the desktop.

We’re almost there. We just need to wrap this XML up in an MSI. In order to do that, we want to use the PolicyPak Exporter Tool which installs on your management station alongside the admin console MSI. A lot of times, you may see it up here at the top with the “Recently added.” If it’s not there, you’ll scroll down and find the “PolicyPak” folder, and it will be right in there.

We’re going to look at that “PolicyPak Exporter Tool.” We’re going to “Create a new MSI installer.” This actually does a few different things, but this is what we need it to do right now. I’ll click “Next.” I’m going to “Add Existing Files.” I want to add this XML that we just created here. When I do that, I have the option to choose that.

We’re going to “Install For” “Computer” with a “Target” of “All Users.” We’ll click “Next.” We can give it a “Product Name.” I’m going to go with “PPFAM Settings.” We have a “Product Version” already. We can add “Comments” if we want and click “Next.”

Now it’s going to ask us where we want to install. I’m just going to throw it on the “Desktop.” I’m going to call it “FAM Settings” as before. Let’s “Save” that, and we should see it pop up. There we go. There’s that.

All right, so the next thing I need to do is upload this to my MDM service so that it can then get deployed to my endpoint. Once again, I’m using AirWatch. You can use yours, whatever that happens to be. You’ll notice that I already have this “PolicyPak Client-Side Extension” and “PolicyPak MDM Licenses” as I showed you that got already installed on my endpoint. Again, that’s very important.

However, since it takes a little bit of time to get this uploaded and deployed, I’m going to pause the video right now and get that uploaded and deployed to my endpoints. Then we’ll go back and show you what the results of our deployment were. We’ll be right back.

And we’re back. If we come over here and look at our programs, we see that we have those “PPFAM Settings” installed on this machine. And you can see that these icons have actually changed to reflect the new file extension associations.

Now this did not happen the first time I deployed that MSI. I had to log out and log back on in order to see those associations take effect. That is what happens any time you change associations. You’ll need to receive the MSI, and then you’ll need to log out and log back on or restart, whichever.

Let’s go ahead and look at these associations. The MAILTO: used to be the Windows Mail app. Now if I click on this, it’s going to take me to Claws Mail just like I asked it to. If I go look at this, you can see that the icon reflects the Acrobat Reader. But we can go ahead and see demonstrated that it is, in fact, working. Finally, we can open up that little Lego demo in the VLC player just by double clicking on it. So we’ll see that happen, and there we go.

We’ve managed to set three separate types of file associations using the File Associations Manager on our MDM enrolled and domain joined machine. If this is of interest to you, let us know and we can get you started with a free trial right away.

If you’re interested in seeing how to associate file extensions to a program that you don’t have on your management station, then join me in the next video.

Thanks!

Back