4.5
Table Of Contents
- ThinApp User’s Guide
- Contents
- About This Book
- Installing ThinApp
- Capturing Applications
- Phases of the Capture Process
- Preparing to Capture Applications
- Capturing Applications with the Setup Capture Wizard
- Create a System Image Before the Application Installation
- Rescan the System with the Installed Application
- Defining Entry Points as Shortcuts into the Virtual Environment
- Set Entry Points
- Set User Groups
- Defining Isolation Modes for the Physical File System
- Set File System Isolation Modes
- Storing Application Changes in the Sandbox
- Customize the Sandbox Location
- Send Anonymous Statistics to VMware
- Customize ThinApp Project Settings
- Defining Package Settings
- Customize Package Settings
- Opening Project and Parameter Files
- Build Virtual Applications
- Advanced Package Configuration
- Guidelines for Packaging Microsoft Office 2007
- Deploying Applications
- ThinApp Deployment Options
- Establishing File Type Associations with the thinreg.exe Utility
- Building an MSI Database
- Controlling Application Access with Active Directory
- Starting and Stopping Virtual Services
- Using ThinApp Packages Streamed from the Network
- Using Captured Applications with Other System Components
- Performing Paste Operations
- Accessing Printers
- Accessing Drivers
- Accessing the Local Disk, the Removable Disk, and Network Shares
- Accessing the System Registry
- Accessing Networking and Sockets
- Using Shared Memory and Named Pipes
- Using COM, DCOM, and Out-of-Process COM Components
- Starting Services
- Using File Type Associations
- Sample Isolation Mode Configuration Depending on Deployment Context
- Updating and Linking Applications
- Application Updates That the End User Triggers
- Application Sync Updates
- Using Application Sync in a Managed or Unmanaged Environment
- Update Firefox 2.0.0.3 to Firefox 3 with Application Sync
- Fix an Incorrect Update with Application Sync
- Application Sync Effect on Entry Point Executable Files
- Updating thinreg.exe Registrations with Application Sync
- Maintaining the Primary Data Container Name with Application Sync
- Completing the Application Sync Process When Applications Create Child Processes
- Application Link Updates
- View of the Application using Application Link
- Link a Base Application to the Microsoft .NET Framework
- Set up Nested Links with Application Link
- Affecting Isolation Modes with Application Link
- PermittedGroups Effect on Linked Packages
- Sandbox Changes for Standalone and Linked Packages
- Import Order for Linked Packages
- File and Registry Collisions in Linked Packages
- VBScript Collisions in Linked Packages
- VBScript Function Order in Linked Packages
- Storing Multiple Versions of a Linked Application in the Same Directory
- Using Application Sync For a Base Application and Linked Packages
- Application Sync Updates
- Application Updates That the Administrator Triggers
- Automatic Application Updates
- Upgrading Running Applications on a Network Share
- Sandbox Considerations for Upgraded Applications
- Updating the ThinApp Version of Packages
- Application Updates That the End User Triggers
- Configuring Package Parameters
- Package.ini File Structure
- Parameters that Apply to Package.ini or ##Attributes.ini Files
- Configuring the ThinApp Runtime
- Configuring Isolation
- Configuring File and Protocol Associations
- Configuring Build Output
- Configuring Permissions
- Configuring Objects and DLL Files
- Configuring File Storage
- Configuring Processes and Services
- Configuring Sizes
- Configuring Logging
- Configuring Versions
- Configuring Locales
- Configuring Individual Applications
- Configuring Dependent Applications with Application Link
- Configuring Application Updates with Application Sync
- Configuring MSI Files
- Configuring Sandbox Storage and Inventory Names
- Locating the ThinApp Sandbox
- Creating ThinApp Snapshots and Projects from the Command Line
- ThinApp File System Formats and Macros
- Creating ThinApp Scripts
- Callback Functions
- Implement Scripts in a ThinApp Environment
- API Functions
- Monitoring and Troubleshooting ThinApp
- Glossary
- Index
VMware, Inc. 35
Chapter 3 Deploying Applications
Deploying MSI Files on Microsoft Vista
WhenyoudeployMSIfilesonVista,youmustindicatewhetheraninstallerneedselevatedprivileges.Typical
individualuserinstallationsdonotrequireelevatedprivilegesbutindividualmachineinstallationsrequire
suchprivileges.
ThinAppprovidestheMSIRequireElevatedPrivilegesparameterinthePackage.inifilethatspecifies
theneedforelevatedprivilegeswhenthevalue
issetto1.Specifyingavalueof1forthisparameterorforcing
anindividualuserinstallationfromthecommandlinecangenerateUACprompts.Specifyingavalueof0for
thisparameterpreventsUACpromptsbutthedeploymentfailsformachine‐wideinstallations.
Controlling Application Access with Active Directory
YoucancontrolaccesstoapplicationsusingActiveDirectorygroups.
Whenyoubuildapackage,ThinA pp convertsActiv eDirectorygroupnamesintoSecurityIdentifier(SID)
values.ASIDisasmallbinaryvaluethatuniquelyidentifiesanobject.SIDvaluesarenotuniqueforafew
groups,suchastheadministrator
group.BecauseThinAppstoresSIDvaluesinpackagesforfuturevalidation,
thefollowingconsiderationsapplytoActiveDirectoryuse:
YoumustbeconnectedtoyourActiveDirectorydomainduringthebuildprocessandthegroupsyou
specifymustexist.ThinApplooksuptheSIDvalueduringthebuild.
Ifyoudeleteagroupandrecreateit,theSIDmightchange.Inthiscase,rebuildthepackageto
authenticateagainstthenewgroup.
Whenusersareoffline,ThinAppcanauthenticatethemusingcachedcredentials.Iftheuserscanloginto
theirmachines,authenticationstillworks.Useagrouppolicytosettheperiodwhencachedcredentials
arevalid.
CachedcredentialsmightnotrefreshonclientsuntilthenextActiveDirectoryrefreshcycle.Youcanforce
agrouppolicyonaclientbyusingthegpupdatecommand.Thiscommandrefresheslocalgrouppolicy,
grouppolicy,andsecuritysettingsstoredinActiveDirectory.YoumightlogoutbeforeActiveDirectory
credentials
arerecached.
Certaingroups,suchastheAdministratorsgroupandEveryonegroup,havethesameSIDonevery
ActiveDirectorydomainandworkgroup.Othergroupsyoucreatehaveadomain‐specificSID.Users
cannotcreatetheirownlocalgroupwiththesamenametobypassauthentication.
ActiveDirectoryDomainServicesdefinesecuritygroupsanddistributiongroups.Ifyouusenested
groups,ThinAppcanonlysupportnestedsecuritygroups.
Package.ini Entries for Active Directory Access Control
ThinAppprovidesthePermittedGroupsparameterinthePackage.inifiletocontrolActiveDirectory
access.
Whenyoustartacapturedapplication,thePermittedGroupsparametercheckswhetherauserisamember
ofaspecifiedActiveDirectorygroup.IftheuserisnotamemberoftheActiveDirectorygroup,Thinappdoes
not
starttheapplication.ForinformationaboutrestrictingpackagestoActiv eDirectorygroups,see
“PermittedGroups”onpage 63.
InthefollowingPackage.inientry,App1andApp2inheritPermittedGroupsvalues.
[BuildOptions]
PermittedGroups=Administrators;OfficeUsers
[App1.exe]
...
..
[App2.exe]
...
...