Group policy (GPO) for MagicURL (link switch)

If the MagicURL (link switch) utility is used for TightGate-Pro and the user administration is carried out via an Active Directory (Kerberos), it can be helpful to distribute the registry entries required for the proper operation of MagicURL via a group policy.
Since Microsoft (especially from Windows 10 onwards) regularly resets many settings to default values during major updates, MagicURL usually no longer works afterwards and must be reinitialised.
The remedy is to use a group policy that sets the required registry entries for the MagicURL. The following instructions describe how to create a corresponding group policy.

  1. Open the group policy administration and create a new GPO by right-clicking on the corresponding domain and selecting Create and link group policy object here…
    gpo_1.jpg
  2. Then assign a name and click create.
    gpo_2.jpg
  1. Right-click on the created GPO in the subfolder Group Policy Objects (subfolder of the domain) and then click on Edit…
    gpo_3.jpg
  2. In the window that opens, navigate to User Configuration > Settings > Windows Settings > Registry.
  3. Download the sample collection item (https://ftp.m-privacy.de/TG-Pro_MagicURL/Windows/GPO/MagiURL_Registriy-Werte_fuer_GPO.xml) and paste it into the free space on the right-hand side.
    gpo_4.jpg
  4. For each of the imported registry values, you now need to adjust the target group assignment (Note: Search&Replace in the XML file does not always work.). Double-click the values and select the button Target group addressing in Common options in the lower area then the button with the "…" and assign the desired group.
    gpo_5.jpg
  1. To set MagicURL, the file browserchoice_def.xml is required.
    gpo_6.jpg
    This file must be readable from all computers in the domain (client PCs). The file should therefore be stored in a central location, but it is also possible to copy this file to the individual client PCs (Note: In the last tests, this was even necessary.). It is recommended to activate file sharing on the AD server, preferably via the SYSVOL directory of the AD server, as this is often used for GPO distribution.
    gpo_7.jpg
  2. The GPO for MagicURL is then processed further. First, the File Explorer is selected under Computer Configuration > Policies > Administrative Templates > Windows Components and the menu item Set Configuration for Default Assignment is edited there.
    gpo_8.jpg
    Make sure that the correct path to the file browserchoice_def.xml is specified.

In the last step, the authorised persons for whom the newly created group policy is to apply must be assigned.
gpo_9.jpg
Care should be taken to ensure that only users, groups and PCs that use TightGate-Pro execute the group policy. In our example we have used the following groups:
TGProUser - only users in this group can use the TightGate viewer and
TGPro user PCs - here all PCs are integrated on which the TightGate viewer is installed.
After all security filters have been set in the last step, the group policy can be distributed.
gpo_10.jpg
After distributing the group policy, all affected computers must be rebooted once and the users must be logged in again for the group policy to take effect.