4.0.4

ManualsBrandsVMware ManualsApplicationsThinApp

Table Of Contents

ThinApp User’s Guide

VMware, Inc. 31

Chapter 3 Deploying Applications

To override the MSI installation directory

Fromthecommandline,typethemsiexec /i <database>.msi

INSTALLDIR=C:\<my_directory>\<my_package>command.

Deploying MSI Files on Microsoft Vista

WhenyoudeployMSIfilesonVista,youmustindicatewhetheraninstallerneedselevatedprivileges.Typical

individualuserinstallationsdonotrequireelevatedprivilegesbutindividualmachineinstallationsrequire

suchprivileges.ThinAppprovidestheMSIRequireElevatedPrivilegesparameterinthePackage.inifile

thatspecifiestheneedforelevatedprivilegeswhenthevalue

issetto1.Specifyingavalueof1forthis

parameterorforcinganindividualuserinstallationfromthecommandlinecangenerateUACprompts.

Specifyingavalueof0forthisparameterpreventsUACpromptsbutthedeploymentfailsformachine‐wide

installations.

Controlling Application Access with Active Directory

YoucancontrolaccesstoapplicationsusingActiveDirectorygroups.Whenyoubuildapackage,ThinApp

convertsActiveDirectorygroupnamesintoSecurityIdentifier(SID)values.ASIDisasmallbinaryvaluethat

uniquelyidentifiesanobject.SIDvaluesarenotuniqueforafewgroups,suchastheadministrator

group.

BecauseThinAppstoresSIDvaluesinpackagesforfuturevalidation,thefollowingconsiderationsapplyto

ActiveDirectoryuse:

 YoumustbeconnectedtoyourActiveDirectorydomainduringthebuildprocessandthegroupsyou

specifymustexist.ThinApplooksuptheSIDvalueduringthebuild.

 Ifyoudeleteagroupandrecreateit,theSIDmightchange.Inthiscase,rebuildthepackageto

authenticateagainstthenewgroup.

 Whenusersareoffline,ThinAppcanauthenticatethemusingcachedcredentials.Iftheuserscanloginto

theirmachines,authenticationstillworks.Useagrouppolicytosettheperiodwhencachedcredentials

arevalid.

 CachedcredentialsmightnotrefreshonclientsuntilthenextActiveDirectoryrefreshcycle.Youcanforce

agrouppolicyonaclientbyusingthegpupdatecommand.Thiscommandrefresheslocalgrouppolicy,

grouppolicy,andsecuritysettingsstoredinActiveDirectory.YoumightneedtologoffbeforeActive



Directorycredentialsarerecached.

 Certaingroups,suchastheAdministratorsgroupandEveryonegroup,havethesameSIDonevery

ActiveDirectorydomainandworkgroup.Othergroupsyoucreatehaveadomain‐specificSID.Users

cannotcreatetheirownlocalgroupwiththesamenametobypassauthentication.

Package.ini Entries for Active Directory Access Control

ThinAppprovidesthePermittedGroupsparameterinthePackage.inifiletocontrolActiveDirectory

access.Whenyoustartacapturedapplication,thePermittedGroupsparametercheckswhetherauserisa

memberofaspecifiedActiveDirectorygroup.IftheuserisnotamemberoftheActiveDirectorygroup,

Thinappdoesnot

starttheapplication.ForinformationaboutrestrictingpackagestoActiveDirectorygroups,

see“PermittedGroups”onpage 67.

InthefollowingPackage.inientry,App1andApp2inheritPermittedGroupsvalues.

[BuildOptions]

PermittedGroups=Administrators;OfficeUsers

[App1.exe]

...

[App2.exe]

...