4.0.4
Table Of Contents
- ThinApp User’s Guide
- Contents
- About This Book
- Installing ThinApp
- Capturing Applications
- Deploying Applications
- ThinApp Deployment Options
- Establishing File Type Associations with the thinreg.exe Utility
- Building an MSI Database
- Controlling Application Access with Active Directory
- Using ThinApp Packages Streamed from the Network
- Using Captured Applications with Other System Components
- Performing Paste Operations
- Accessing Printers
- Accessing Drivers
- Accessing the Local Disk, the Removable Disk, and Network Shares
- Accessing the System Registry
- Accessing Networking and Sockets
- Using Shared Memory and Named Pipes
- Using COM, DCOM, and Out-of-Process COM Components
- Starting Services
- Using File Type Associations
- Sample Isolation Mode Configuration Depending on Deployment Context
- Updating Applications
- Application Updates That the End User Triggers
- Application Sync Updates
- Using Application Sync in a Managed or Unmanaged Environment
- Update Firefox 2.0.0.3 to Firefox 3 with Application Sync
- Fix an Incorrect Update with Application Sync
- Application Sync Effect on Entry Point Executable Files
- Updating thinreg.exe Registrations with Application Sync
- Maintaining the Primary Data Container Name with Application Sync
- Application Link Updates
- View of the Application using Application Link
- Link a Base Application to the Microsoft .NET Framework
- Set up Nested Links with Application Link
- Affecting Isolation Modes with Application Link
- PermittedGroups Effect on Linked Packages
- Sandbox Changes for Standalone and Linked Packages
- Import Order for Linked Packages
- File and Registry Collisions in Linked Packages
- VBScript Collisions in Linked Packages
- VBScript Function Order in Linked Packages
- Storing Multiple Versions of a Linked Application in the Same Directory
- Using Application Sync For a Base Application and Linked Packages
- Application Sync Updates
- Application Updates That the Administrator Triggers
- Automatic Application Updates
- Upgrading Running Applications on a Network Share
- Sandbox Considerations for Upgraded Applications
- Application Updates That the End User Triggers
- Monitoring and Troubleshooting ThinApp
- Configuring Package Parameters
- Package.ini File Structure
- Parameters that Apply to Package.ini or ##Attributes.ini Files
- Configuring the ThinApp Runtime
- Configuring File System and Registry Isolation
- Configuring File and Protocol Associations
- Configuring Build Output
- Configuring Permissions and Security
- Configuring Objects and DLL Files
- Configuring Storage
- Configuring Processes and Services
- Configuring File and Block Sizes
- Configuring Icons
- Configuring Logging
- Configuring Versions
- Configuring Locale Information
- Configuring Individual Applications
- Configuring Dependent Applications with Application Link
- Configuring Application Updates with Application Sync
- Configuring MSI Files
- Configuring Sandbox Storage and Inventory Names
- ThinApp Sandbox
- Snapshot Commands and Customization
- ThinApp Virtual File System
- ThinApp Scripts
- Callback Functions
- Use Scripts in a ThinApp Environment
- API Functions
- Glossary
- Index
VMware, Inc. 67
Appendix A Configuring Package Parameters
Examples
YoucancustomizetheAccessDeniedMsgstringwithatechnicalsupportnumber.
[BuildOptions]
PermittedGroups=Administrator;OfficeUsers
AccessDeniedMsg=You do not have permission to execute this application, please call support @
1-800-822-2992
AddPageExecutePermission
TheAddPageExecutePermissionparameteraddressesapplicationsthatdonotworkinaDataExecution
Prev ention(DEP)environment.
TheDEPfea tur eofWindowsXP SP2,WindowsServer 2003,andlateroperatingsystemversionsprotects
againstsomesecurityexploitsthatoccurwithbufferov erflow.This featurecreatessomecompatibilityissues.
Windowsturnsoffthefeaturebydefault
onWindowsXP SP2andyoucanuseamachine‐specificopt‐inor
opt‐outlistoftheapplicationstowhichtoapplyDEPprotection.Opt‐inandopt‐outpoliciescanbedifficult
tomanagewhenalargenumberofmachinesandapplicationsareinvolved.The
AddPageExecutePermissionparameterinstructsThinApp
toaddexecutionpermissiontopagesthatan
applicationallocates.TheapplicationcanrunonmachinesthathaveDEPprotectionenabledwithout
modifyingtheopt‐outlist.
Examples
ThedefaultvalueoftheAddPageExecutePermissionparameterpreventsanychangetotheDEPprotections.
[BuildOptions]
AddPageExecutionPermission=0
Youcanaddexecutionpermissiontopagesthatanapplicationallocates.ThinAppexecutescodefrommemory
pagesthattheapplicationspecifies.Thisisusefulforapplicationsthatcombinetheprogramanditsdatainto
oneareaofmemory.
[BuildOptions]
;Disable some Data Execution protections for this particular application
AddPageExecutionPermission=1
PermittedGroups
ThePermittedGroupsparameterrestrictsapackagetoaspecificsetofActiveDirectoryusers.Youcanuse
thisparameterunderthe[BuildOptions]headingtoaffectthepackageorunderthe[<application>.exe]
headingtoaffectaspecificapplication.The[<application>.exe]valueoverridesthedefault
[BuildOptions]valueforthespecificapplication.
Youcan
specifygroupnames,SIDstrings,oramixofgroupnamesandSIDstringsinthesamelineofthe
PermittedGroupsparameter.Ifyouuseadomain‐basedgroupname,youmustbeconnectedtothatdomain
whenyoubuildtheapplicationpackage.IfyouenteraSIDdirectlyinthe
parametervalue,youdonotneed
toconnecttothedomainwheretheSIDisdefined.
TheparameterdoesnotsupportnestedActiveDirectorygroups.Forexample,ifauserisamemberofgroup
A,andgroupAisamemberofgroupB,ThinAppcanonlydetecttheuser
asamemberofgroupAratherthan
groupAandgroupB.
WhenThinAppbuildsanapplication,ThinAppassumesanyspecifiedgroupnamesarevalidandconverts
thenamestoSIDvalues.ThinAppcanresolvegroupownershipatruntimeusingcachedcredentials.Youcan
continuetoauthenticatelaptopuserseven
whentheyareoffline.
Iftheuserdoesnothaveaccesstorunthepackage,youcancustomizetheAccessDeniedMsgparameterto
instructtheuser.