On Tuesday, I released version 2.10 of IAP Desktop. This new version brings a few smallish new features and some under-the-hood changes.
Code signing and AppLocker compatibility
All IAP Desktop binaries are now Authenticode code-signed. Signing application binaries is not only a good practice in general, it’s also required to meet Microsoft’s Certification requirements for Windows Desktop Apps. And more importantly, code-signing the binaries makes it substantially easier to configure AppLocker rules to whitelist IAP Desktop.
You can configure AppLocker to whitelist IAP Desktop by configuring two rules:
Under Executable rules, create an Allow rule that uses a publisher condition and configure it to capture all binaries published by Google LLC that use the product name
Under Windows Installer Rules, create another Allow rule that uses a publisher condition and configure it to capture all packages published by Google LLC that use the product name
In previous versions of IAP Desktop, only the MSI package was code-signed. Allowing all binaries to be
signed required some significant refactoring of the build process, which is now based on
As a .NET application, IAP Desktop automatically applies the proxy settings that you’ve configured in
Internet Explorer or the Windows control panel (
inetcpl.cpl). These settings might specify a proxy
server (hostname, port) or they might specify that proxy auto-configuration (based on WPAD or PAC) should be used.
In most scenarios, relying on the system-provided proxy settings works fine. There are however some scenarios where explicit proxy configuration is needed:
- You’re using a proxy server that requires authentication.
- You want IAP Desktop to use a different proxy server than other applications.
- You’re running IAP Desktop in a Citrix environment or other environments where the system-provided settings are either unavailable or not applicable.
To support these scenarios, version 2.8 introduced the ability to explicitly configure a proxy server under Tools > Options > Network. In the latest release, these settings have been extended to also let you provide a proxy auto-configuration (PAC) URL:
Open in Cloud Console
IAP Desktop does not try to replace the Cloud Console – so jumping back and forth between these two tools is not uncommon. To make this process a little easier, the context menus of project, zone, and VM nodes in the Project Explorer now let you jump to the right section of the Cloud Console:
You can find the source code and all releases of IAP Desktop on the project’s GitHub page.