PowerShell Cmdlet and App trigger VPN

---

Hi:

In Episode (Configure Networking Part 6) your talking near the end of the show, that your using Powershell to enable or block ? Apptrigger VPN, so in a sense your limiting the amounts of apps a user can use while using VPN into a company's internal networks, is that right? I also recall in other shows, that practicing any PowerShell commands can "mess" up your computer, so having a "VirtualBox" is probably a good idea?

Dan L.

Dan,

I hope all is well. I am unsure what Show/Episode you are watching and referring to specifically, so if you want to let me know as a follow up, I can answer the first part of your question more directly.

Having said that, GENERALLY, the way that an App-Triggered VPN profile works is as follows:

VPN profiles in Windows 10 can be configured to connect automatically on the launch of a specified set of applications. You can configure desktop or Universal Windows Platform (UWP) apps to trigger a VPN connection. You can also configure per-app VPN and specify traffic rules for each app.

The app identifier for a desktop app is a file path. The app identifier for a UWP app is a package family name.

So, this is not really a mechanism that would be used to limit the amount of applications that could be used, BUT RATHER is the trigger that causes the VPN to connect automatically.

If you wanted to allow or block certain applications, then a policy based solution such as APP LOCKER would be what you will want to explore.

Take a look at the following link:

https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/applocker/what-is-AppLocker

Specific to part 2 of your question, about whether using Virtual Box, or some form of virtualization solution to run one or more VM's to give you a place to try things out, that is a great idea, and does help you to avoid issues and concerns that may arise if a command or program does something to your machine.

I hope that helps to explain what you were asking about.

Good Luck !!

Cheers,

Adam

Hey @Daniel-Loyer ,

Hope you are enjoying the shows!

App triggered VPNs are more about simplifying the process for end users than limiting them. When a user is working remotely, they might use an application that requires access to the corporate network (database access, etc). This would require the user to first establish a VPN connection to the corporate network, and then launch the app. This was an extra step that was often forgotten, and would lead to frustration and calls to the help desk. With an app triggered VPN, the operating system is made aware of when an application needs access to the corporate network. When a user tries to run the application, the OS will recognize the app, and first establish a VPN connection in the background, without user interaction. The user didn't have to remember to first establish the VPN, they simply launch the app and everything 'just works'. They are happy, and no calls to the help desk!

While you can mess things up with the wrong Powershell commands, I wouldn't worry too much about it. Just be safe and always have a recent backup :)

That being said, that's one of my favorite things about virtualization. It's so easy to take a snapshot, and roll back if (when) things go wrong!

Keep watching and asking questions!

Hi Mike :

Thanks for the reply and answers to my questions, I really like ITpro.tv I like the fact that watching the shows (video lessons) and when we (the learner) have a question we jump into the forum then a day or two we have are answers, this is totally awesome . So back to the question of App triggered VPNs is somewhat of an app that a User s clicks on (running in the background) to establish a VPN connection to a corporate office, a two step process combines into one process.

let me know if I got this right

Dan L.

@Daniel-Loyer,

An app-triggered VPN is one VPN auto-triggered profile option (name-based trigger and always on are the others).

VPN profiles in Windows 10 can be configured to connect automatically on the launch of a specified set of applications. The user does NOT have to launch a VPN first. They just run the app as normal. In the background, the VPN profile recognizes that the app has been started (based on file path to executable or package family name for modern apps) and the VPN connection is established automatically, without user interaction.

So it is a two step process combined into one.

For example, I have a reporting app that requires access to a database stored on the company network. My admin has created a vpn profile that is set to auto-trigger when I launch the reporting app. When I am at the hotel, I double-click on the reporting app. Windows recognizes this and in the background establishes a vpn connection to the company network. The app now has access to the required database and I didn't have to remember double-click the vpn connection first.

Hi :

If anyone wants to know if this is going to be on the exam, you might come across with some scenario situation regarding the APP-Triggered VPN. Today (March 31st 2019) is the last day to write the MCSA 70-698 Exam) be sure you know the Powershell Commands, and all the Windows 10 Editions, this exam is really tough
best of luck to everyone who's going for this exam

Dan L.