IAP Desktop 2.10

On Tuesday, I released version 2.10 of IAP Desktop. This new version brings a few smallish new features and some under-the-hood changes.

Code signing and AppLocker compatibility

All IAP Desktop binaries are now Authenticode code-signed. Signing application binaries is not only a good practice in general, it’s also required to meet Microsoft’s Certification requirements for Windows Desktop Apps. And more importantly, code-signing the binaries makes it substantially easier to configure AppLocker rules to whitelist IAP Desktop.

You can configure AppLocker to whitelist IAP Desktop by configuring two rules:

  1. Under Executable rules, create an Allow rule that uses a publisher condition and configure it to capture all binaries published by Google LLC that use the product name IAP DESKTOP:

    Executable rule

  2. Under Windows Installer Rules, create another Allow rule that uses a publisher condition and configure it to capture all packages published by Google LLC that use the product name IAP DESKTOP:

    Windows Installer rule

In previous versions of IAP Desktop, only the MSI package was code-signed. Allowing all binaries to be signed required some significant refactoring of the build process, which is now based on nmake.

Proxy auto-configuration

As a .NET application, IAP Desktop automatically applies the proxy settings that you’ve configured in Internet Explorer or the Windows control panel (inetcpl.cpl). These settings might specify a proxy server (hostname, port) or they might specify that proxy auto-configuration (based on WPAD or PAC) should be used.

In most scenarios, relying on the system-provided proxy settings works fine. There are however some scenarios where explicit proxy configuration is needed:

  1. You’re using a proxy server that requires authentication.
  2. You want IAP Desktop to use a different proxy server than other applications.
  3. You’re running IAP Desktop in a Citrix environment or other environments where the system-provided settings are either unavailable or not applicable.

To support these scenarios, version 2.8 introduced the ability to explicitly configure a proxy server under Tools > Options > Network. In the latest release, these settings have been extended to also let you provide a proxy auto-configuration (PAC) URL:

Proxy settings

Open in Cloud Console

IAP Desktop does not try to replace the Cloud Console – so jumping back and forth between these two tools is not uncommon. To make this process a little easier, the context menus of project, zone, and VM nodes in the Project Explorer now let you jump to the right section of the Cloud Console:

Context menu

You can find the source code and all releases of IAP Desktop on the project’s GitHub page.

Any opinions expressed on this blog are Johannes' own. Refer to the respective vendor’s product documentation for authoritative information.
« Back to home