Review: Windows workplace security solution PolicyPak

Product: PolicyPak

Product Homepage: click here

Free Trial: click here

Over the last couple of decades, Group Policy has been the go to mechanism for locking down Windows machines in corporate environments. In spite of its longevity however, Group Policy is really beginning to show its age. After all, Group Policy was designed as a tool for securing domain-joined Windows PCs, but today workplace computing is far more diverse. Most organizations use a mixture of domain joined and non-domain-joined devices, running a variety of operating systems. Furthermore, users often work from their own personal devices. Unfortunately, Group Policy is ill-equipped to secure all of these devices.

PolicyPak has designed a solution that is designed to overcome the limitations that are inherent in Group Policy. Not only does PolicyPak work across platforms, and allow non-domain joined devices to be secured, it also supports application level security.

PolicyPak Products

As I began to look into PolicyPak, the first thing that I discovered is that the company offers a variety of solutions that offer the same basic functionality, but that are designed to accommodate differing needs. PolicyPak Group Policy Edition is designed to work with existing Group Policy resources, and on premises management tools such as Microsoft’s System Center Configuration Manager. PolicyPak Cloud Edition delivers policy settings across the Internet to machines, even if they are not domain joined (BYOD machines are also supported). Finally, PolicyPak MDM Edition is similar to PolicyPak Cloud Edition, except that it is designed to work with your existing mobile device management (MDM) service, like Intune, Workspace One, or Mobileiron among others.

Deployment Process

I began my deployment by logging into the PolicyPak customer portal so that I could download the necessary bits. Even though I was evaluating a cloud based solution, I have been told that the easiest way to do so is set up an on premises machine, and assemble the policy settings on that machine, and then export the settings to the cloud.

Upon reaching the download area, I found that PolicyPak offers a huge collection of packs for managing various applications and operating systems. Rather than requiring you to download all of these packs individually, the company provides a convenient download everything button that lets you get everything that you need in a single download. In case you are wondering, the download is about half a gigabyte in size, and you can download the bits as either an ISO file or as a ZIP file. Installing the software was simply a matter of running an MSI file.

The installation process only took a couple of minutes to complete. Once it was done, I opened the Group Policy Editor (by using the GPEdit.msc command), and discovered that a PolicyPak container had been added to both the Computer Configuration and the User Configuration containers. You can see what this looks like in the figure below.

Two PolicyPak containers have been added to the Group Policy Editor.

PolicyPak components

Before I delve into the functionality that is exposed through the PolicyPak containers, I want to take a step back for a moment and talk about the basic components that make up PolicyPak. These include:

  • Application Settings Manager is a tool for locking down application specific settings.
  • Least Privilege Manager can be used to remove local admin rights, provide elevation to specific scripts or applications, block ransomware, and prevent unknown code from running.
  • Browser Router can map specific Websites to specific browsers.
  • Java Enterprise Rules Manager lets you map specific websites (including internal sites) to specific Java versions.
  • File Associations Manager can be used to map specific file extensions or protocols to Acrobat and Outlook.
  • Start Screen and Taskbar Manager is a tool for controlling the layout of the desktop and the Start menu.
  • Admin Templates Manager allows administrators to manage, consolidate, and deploy Group Policy administrative templates.
  • PolicyPak Scripts Manager is a tool that allows you to run a PowerShell, JavaScript, or Visual Basic script on targeted systems.
  • Security Settings Manager allows you to deliver Group Policy settings, independently of the Group Policy. These settings can be applied to domain joined and to non-domain joined systems.
  • Feature Manager for Windows allows you to enable or disable various Windows features for Windows 10.
  • Preferences Manager allows you to enforce operating system preferences, even when the system is offline.

Group Policy Editor

Now that I have mentioned the various tools that are included within PolicyPak, take a look in the screenshot below at what happens when I expand the PolicyPak container within the Group Policy Editor. As you can see in the figure, these tools are all directly accessible through the Group Policy Editor.

All of the previously mentioned tools are accessible through the Group Policy Editor.

Once the console is in place, you can begin importing packs into the console. That allows you to begin configuring settings, and you can export these settings to the cloud if you so desire. In case you are wondering, there is a separate pack for each application or operating system, and there are currently well over 500 packs available. This means that PolicyPak is capable of securing a huge number of applications.

Out of curiosity, I decided to import the pack for WinZip, since WinZip is an application that is probably familiar to most people. The figure below shows how the WinZip settings are exposed through the Group Policy Editor, and some of the WinZip-related policy settings that are available.

These are the policy settings that exist for WinZip.

The Verdict

Whenever I write a review for this site, I like to wrap things up by giving the product a star rating, ranging from zero to five stars. I actually had a tough time deciding what rating to give to PolicyPak, but ultimately, I decided to go with a gold star rating of 4.9 stars.

My experience in working with PolicyPak is that the software does exactly what it is supposed to do. I didn’t run into any bugs during my evaluation, nor were there any red flags, such as security holes.

The reason why I was conflicted over what score to give to PolicyPak was that the product’s biggest weakness is also its greatest strength. One of the things that I always look for when evaluating an application is how intuitive it is to use. What I found with PolicyPak however, was that it isn’t the sort of thing that most people are going to be able to immediately use without reading the instructions. There is definitely a learning curve associated with the software.

Although I would ordinarily give a software product a lower score for having a sharp learning curve, I decided that it would not be fair for me to lower PolicyPak’s score based on its learning curve. There are a few different reasons why I say this:

  1. PolicyPak by its very nature is complex. As previously mentioned, PolicyPak includes a variety of tools and a huge number of packs, so complexity is to be expected. I would actually worry if PolicyPak were not complex.
  2. PolicyPak has created a tremendous library of helpful videos that do a great job of helping you with anything that you need to do. For example, I mentioned earlier the need for importing packs. Here is the video that walked me through the process.
  3. When I did reach out to PolicyPak with a question, I had an answer within just a few minutes.

Overall, I think that PolicyPak is an excellent tool for modernizing Group Policy. Yes, there is a bit of a learning curve, but the software isn’t difficult to use once you get it set up and master the basics. Besides, the PolicyPak Website is jam-packed full of helpful resources, so the learning curve is kind of a nonissue.

One of the main reasons why I opted to give PolicyPak such a high score is because of the software’s usefulness. PolicyPak is about much more than just enforcing policy settings. Organizations can use PolicyPak for example, to prevent ransomware infections, or to stop users from being able to run unauthorized software. The software can also make an organization more secure by helping the administrative staff with its least privilege management efforts.

On top of that, I think that PolicyPak could be an excellent tool for network modernization. An organization that currently depends solely on Group Policy for instance, could conceivably use PolicyPak as a tool for transitioning to a mobile device management model. Additionally, I could even envision a scenario in which an organization uses PolicyPak as a tool for assisting in a migration to Windows 10.

Given the vast number of features and capabilities that are baked into PolicyPak, I’m sure that this review does not even come close to doing the product justice. Regardless, I am absolutely convinced that PolicyPak is an awesome tool for getting a handle on the security challenges posed by today’s multidevice / multiplatform environments.


Rating 4.9/5

About The Author

2 thoughts on “Review: Windows workplace security solution PolicyPak”

  1. This might be a great solution for large companies but it is a fail for MSP’s. The 100 license minimum is not supportive of the MSP or Channel business model. Great product but a fail for channel/MSP solution.

    1. Even solo MSP’s would struggle to survive on under 100 endpoints. I don’t understand how the 100 license minimum would be a problem for MSPs?

      I’m seeing this as opposite of what you’re saying. The per endpoint cost would add up in larges orgs, so it would likely be better for them to dedicate internal staff to maintaining GPOs. Policypak is probably a better fit for midsize companies. For MSPs the value is in being able to duplicate and stanardize policies across clients.

Leave a Comment

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top