Manualshelf

User`s guide

ManualsBrandsAutostart ManualsRemote StarterAS-1252V
11121314151617181920
Configuring Isolation 5
ThinApp isolation parameters determine the read and write access to the file system and registry keys
This chapter includes the following topics:
n
“DirectoryIsolationMode Parameter,” on page 19
n
“RegistryIsolationMode Parameter,” on page 20
DirectoryIsolationMode Parameter
The DirectoryIsolationMode parameter specifies the level of read and write access for directories to the
physical file system.
The capture process sets the initial value of the DirectoryIsolationMode parameter in the Package.ini file. This
parameter controls the default isolation mode for the files created by the virtual application, except when you
specify a different isolation mode in the ##Attributes.ini file for an individual directory. Any unspecified
directories, such as C:\myfolder , inherit the isolation mode from the Package.ini file.
ThinApp provides only the Merged and WriteCopy isolation mode options in the capture process. You can use
the Full isolation mode outside the setup capture wizard to secure the virtual environment.
With Merged isolation mode, applications can read and modify elements on the physical file system outside
of the virtual package. Some applications rely on reading DLLs and registry information in the local system
image. The advantage of using Merged mode is that documents that users save appear on the physical system
in the location that users expect, instead of in the sandbox. The disadvantage is that this mode might clutter
the system image. An example of the clutter might be first-execution markers by shareware applications written
to random computer locations as part of the licensing process.
With WriteCopy isolation mode, ThinApp can intercept write operations and redirect them to the sandbox.
You can use WriteCopy isolation mode for legacy or untrusted applications. Although this mode might make
it difficult to find user data files that reside in the sandbox instead of the physical system, the mode is useful
for locked-down desktops where you want to prevent users from affecting the local file system.
With Full isolation mode, ThinApp blocks visibility to system elements outside the virtual application package.
This mode restricts any changes to files or registry keys to the sandbox and ensures that no interaction exists
with the environment outside the virtual application package. Full isolation prevents application conflict
between the virtual application and applications installed on the physical system. Do not use the Full isolation
mode in the Package.ini file because that mode blocks the ability to detect and load system DLLs. You can use
Full isolation mode as an override mechanism in the ##Attributes.ini files.
ThinApp caches the isolation modes for the registry and the file system at runtime in the sandbox. If you change
the isolation mode for the project and rebuild the executable file, you might delete the sandbox for the change
to take effect.
VMware, Inc.
19