Netwrix Endpoint Policy Manager Version 25.10 Released

Products Endpoint Policy Manager News
,
1

announcement-2025-10-23T18-34-21-974Z
announcement-2025-10-23T18-34-21-974Z1000×600 75.8 KB

Netwrix is pleased to announce the general availability of Netwrix Endpoint Policy Manager build number 25.10. This release includes a number of updates for for the CSE, MMC, EPM Cloud, and more!

Download Endpoint Policy Manager 25.10 here!

Endpoint Policy Manager CSE

PPRESULTS Reports

Now you can get a GPRESULTS-style report by using the PPRESULTS command line. You can use the following command line switches:

  • /PPCLOUD - Use PPCloud data for reports (based on gpresult report).
  • /PPXML - Use PPXML user, group, and computer data for reports (based on gpresult report).
  • /PPALL - Use all available data for reports (based on gpresult report).

Example output using /PPXML (which would usually be used in conjunction with the MDM deployment method):

c7dfe155f2b70a58abc9e15f3f2e4d0c
c7dfe155f2b70a58abc9e15f3f2e4d0c1963×1214 132 KB

Endpoint Privilege Manager for Windows Improvements & Fixes

Admin Approval Updates

Admin Approval is now updated to help you match a “Session code”. In this way if you’re attempting to field multiple requests, you can easily match the response to the request.

d03466e5e03e442a6cc7a2a0340d9d0f
d03466e5e03e442a6cc7a2a0340d9d0f1138×833 138 KB

image
image975×819 238 KB

ADMX setting for Non-Secure Desktop with Netwrix Privilege Secure

If desired, you can have your EPM Client interactions with Netwrix Privilege Secure be on the non-secure desktop; this is not recommended, but was a customer request.

image
image975×664 244 KB

MMC Updates

Many improvements on MMC history. First, if desired, you can bypass the saving of history when using the MMC using ADMX “Do not store History.”

image
image975×638 134 KB

Beyond that, you may also now “Delete all history for the whole snapin” and/or “Delete all history for the selected policy(-ies).”

image
image975×504 170 KB

Additionally, you can now compare different versions and see the XML changes with “Compare revisions.”

image
image975×345 93.8 KB

As well as “Show HTML report” (shown here) and “Export this version to XML”.

image
image975×537 116 KB

Lastly, you can “Reset to this revision” (Reverts all changes after selected version) or “Revert these changes” which will revert only one particular selected change.

image
image975×408 104 KB

Misc Endpoint Policy Manager for Windows Fixes & Updates:

Resolved Issues in This Release

We are pleased to announce the following fixes and improvements in this release of Netwrix Endpoint Privilege Manager:

  • Improved CSE Resilience after attempted uninstall: The MSI is updated to be more resilient something intentionally or unintentionally wipes out the PolicyPak CSE. Occasionally the CSE MSI would be end up in a “zombie” state; and this fix attempts to ensure that at least MSI Repair succeeds when our binaries are missing. The MSI repair will now succeed when the files inside %ProgramFiles%\PolicyPak and/or the files %ProgramFiles(x86)%\PolicyPak are missing either partially or completely.
  • Windows 11 Right-click improvements: We’ve had a few reports that the EPM right-click menu doesn’t always appear. There’s a bug in Windows Explorer we’re trying to work around and this should improve things.

Endpoint Policy Manager Cloud

Auto-Retirement of Computers

Update: 11/10/2025: Note this feature “kicks in” on Nov 15th. Meaning that on or around Nov 15th, when this checkbox is checked, that computers which are X days of inactivity will then automatically transition to DELETED state. You will not see movement from computers before this date. If you check this checkbox AFTER Nov 15th, 2025 and then apply, then computers which are X days of inactivity will immediately transition to DELETE state. (Typical motion is every 10 minutes, up to 500 computers per batch.)

A much requested feature (especially for larger customers, but great for everyone) is a way to “Auto Retire” computers which haven’t checked in based upon a time period.

To activate, go to “Company Details" tab. In the “Computer auto-retirement” section Turn ON checkbox “Auto-retirement of inactive computers” and click to “Save” button. Default is 90 days.

Computers will then transition to Deleted. If you also want them permanently expunged, also select the “Delete retired computers permanently” checkbox.

image
image975×359 65.8 KB

For more details, go to “Company Details” tab and in the “Action” panel you click to “Computers to be retired” link and “Customer Log.”

image
image540×623 93.7 KB

In the “Computer to retired” window you can see computers that will be retired:

image
image975×600 118 KB

And in “Company Details | Customer log” link in the “Action” panel and view computers that was retired “ComputerWasDeletedPermanently” for logging of this transition.

image
image975×359 108 KB

Clone Group

Clone Group feature lets you take an existing group and all linked policies and…. Clone it !

Then you can tweak this cloned group (and policies) with updates to policies to do pre-flight testing before you move computers into your original group.

In this way, you can have copies of groups, with no computers for some testing and know your policies are going to work when you make your changes to your existing group(s).

To see this feature, go to “Computer groups” tab and select any Group with policies and click to “Clone group” link in the “Action panel”

image
image975×400 162 KB

Enter Name and choose “Parent group” ->click to “Clone” button !

image
image772×319 31.1 KB

The new Group is created with all policies linked to source group with the same order.

image
image477×786 107 KB

New Bulk Add/Move option: “Also remove from existing source group(s)”

With this new option, you can also remove added or moved computers from the original source groups.

To see this function, go to “Computer Group” tab and select any Group in the list. Then click to “Bulk add/move computer(s) to Group” link in the “Action” menu.

image
image975×465 145 KB

New option will appear as follows:

image
image578×725 68.5 KB

Computers moved to another group result show Status: MOVED like this

image
image975×209 28.3 KB

Event Viewing: Selecting Rows for Copy and Paste

You can now select a row and Copy to Clipboard…

image
image975×512 109 KB

Result pasting into Excel for example…

image
image975×110 21.5 KB

Event Selecting: Now easier to select events

You can now select specific event types, instead of having to look up the events and type them in manually.

image
image975×557 88.7 KB

Endpoint Policy Manager for Mac Fixes & Updates

Deprecated SUDO policy replaced with SUDOERS policy in EPM Cloud like what’s seen here.

image
image975×554 79.8 KB

Customers must transition these SUDO (deprecated) policies in 30 days from SUDO (deprecated) to SUDOERS policy type. These policies will be automatically removed from your EPM Cloud instance at the 30 day period WITHOUT additional notice.

Note: Existing SUDO (deprecated) policies may be ENABLED or DISABLED but not CREATED or MODIFIED due to this change. The idea is that you can:

  • Enable the SUDO (deprecated) policies and apply to a machine or two to see CURRENT behavior
  • Craft your new SUDOERS policy type and apply to DIFFERENT machines to reproduce the same effect with the new policy type
  • Delete the SUDO (deprecated) policies after your SUDOERS policy is sufficiently tested.

Again: SUDO (deprecated) policies will be automatically removed from your EPM Cloud instance at the 30 day period WITHOUT additional notice.

Learn to use the new SUDOERs policy type with the following four videos:

Video 1: Understanding SUDOERS and Configuration file Locally (without EPM involvement) for BASIC rules. Link.

Video 2: Using EPM Cloud for BASIC SUDOERS rules. Link.

Video 3: Understanding SUDOERS and Configuration file locally (without EPM involvement) for FULL rules. Link.

Video 4: Using EPM Cloud for FULL SUDOERS rules. Link.

Things we say with every major announcement…

Always back up your GPOs and or Cloud XMLs:

Remember that Endpoint Policy Manager acts as part of the operating system and you should do SMALL SCALE to LARGE SCALE testing with RINGS before rolling it out broadly.

Updating both the CSE and MMC snap-in up to date is recommended for all customers.

Specific upgrade guidance based upon your circumstances:

How to use the Community for Netwrix Endpoint Policy Manager…

Please use the Netwrix Community for the following items:

  • Ideas to improve Endpoint Policy Manager
  • General non-support / How-do-I questions

The URL for Endpoint Policy Manager Community is here: https://community.netwrix.com/c/products/endpoint-policy-manager/discussions-questions/131

How to get support for Netwrix Endpoint Policy Manager…

For help on specific support issues you are welcome to open support cases. Use our Support Portal (www.netwrix.com/support.html) to submit a case. Please refer to our Support Reference Guide (www.netwrix.com/download/documents/customer_support_program_guide.pdf) for details on the support process, including available contact methods, SLAs, and case severity guidelines.

Thank you for being a Netwrix Endpoint Policy Manager customer!

Need help with this update?

There are many different ways to get help with our products!

Situation Action
If you feel the product is broken and not working as intended… Contact Support
If you have a question you’d like to ask other experts… Create a discussion in the community: Auditor > Discussions & Questions
If you have a feature request… Let our product team know directly: Endpoint Policy Manager > Ideas
If you have something cool to show… Show everyone what you built: Endpoint Policy Manager > Show & Tell

What are your thoughts?

We are always happy to hear from our users on what you like, and what you hope to see in the future. Please, share your thoughts below!

2 Likes