5.0
Table Of Contents
- ThinApp User’s Guide
- Contents
- About This Book
- Installing ThinApp
- Capturing Applications
- Phases of the Capture Process
- Preparing to Capture Applications
- Capturing Applications with the Setup Capture Wizard
- Create a System Image Before the Application Installation
- Rescan the System with the Installed Application
- Defining Entry Points as Shortcuts into the Virtual Environment
- Set Entry Points
- Manage with VMware Horizon Application Manager
- Set User Groups
- Defining Isolation Modes for the Physical File System
- Set File System Isolation Modes
- Storing Application Changes in the Sandbox
- Customize the Sandbox Location
- Send Anonymous Statistics to VMware
- Customize ThinApp Project Settings
- Defining Package Settings
- Customize Package Settings
- Opening Project and Parameter Files
- Build Virtual Applications
- Advanced Package Configuration
- Capturing Internet Explorer on Windows XP
- Capturing Multiple Application Installers with ThinApp Converter
- Deploying Applications
- ThinApp Deployment Options
- Establishing File Type Associations with the thinreg.exe Utility
- Building an MSI Database
- Controlling Application Access with Active Directory
- Starting and Stopping Virtual Services
- Using ThinApp Packages Streamed from the Network
- Using Captured Applications with Other System Components
- Performing Paste Operations
- Accessing Printers
- Accessing Drivers
- Accessing the Local Disk, the Removable Disk, and Network Shares
- Accessing the System Registry
- Accessing Networking and Sockets
- Using Shared Memory and Named Pipes
- Using COM, DCOM, and Out-of-Process COM Components
- Starting Services
- Using File Type Associations
- Sample Isolation Mode Configuration Depending on Deployment Context
- Updating and Linking Applications
- Application Updates That the End User Triggers
- Application Sync Updates
- Using Application Sync in a Managed or Unmanaged Environment
- Update Firefox 2.0.0.3 to Firefox 3 with Application Sync
- Fix an Incorrect Update with Application Sync
- Application Sync Effect on Entry Point Executable Files
- Updating thinreg.exe Registrations with Application Sync
- Maintaining the Primary Data Container Name with Application Sync
- Completing the Application Sync Process When Applications Create Child Processes
- Application Link Updates
- View of the Application using Application Link
- Link a Base Application to the Microsoft .NET Framework
- Set Up Nested Links with Application Link
- Affecting Isolation Modes with Application Link
- PermittedGroups Effect on Linked Packages
- Sandbox Changes for Standalone and Linked Packages
- Import Order for Linked Packages
- File and Registry Collisions in Linked Packages
- VBScript Collisions in Linked Packages
- VBScript Function Order in Linked Packages
- Storing Multiple Versions of a Linked Application in the Same Directory
- Using Application Sync for a Base Application and Linked Packages
- Application Sync Updates
- Application Updates That the Administrator Triggers
- Automatic Application Updates
- Upgrading Running Applications on a Network Share
- Sandbox Considerations for Upgraded Applications
- Updating the ThinApp Version of Packages
- Application Updates That the End User Triggers
- Locating the ThinApp Sandbox
- Creating ThinApp Snapshots and Projects from the Command Line
- ThinApp File System Formats and Macros
- Creating ThinApp Scripts
- Callback Functions
- Implement Scripts in a ThinApp Environment
- API Functions
- Monitoring and Troubleshooting ThinApp
- Glossary
- Index
VMware, Inc. 39
Chapter 3 Deploying Applications
Inbothcases,youcanoverridetheinstallationdirectorybypassinganINSTALLDIRpropertytothemsiexec
command.
Override the MSI Installation Directory
Fromthecommandline,typethemsiexec /i <database>.msi
INSTALLDIR=C:\<my_directory>\<my_package>command.
Deploying MSI Files on Microsoft Vista
WhenyoudeployMSIfilesonVista,youmustindicatewhetheraninstallerneedselevatedprivileges.Typical
individualuserinstallationsdonotrequireelevatedprivilegesbutindividualmachineinstallationsrequire
suchprivileges.
ThinAppprovidestheMSIRequireElevatedPrivilegesparameterinthePackage.inifilethatspecifies
theneedforelevatedprivilegeswhenthevalue
issetto1.Specifyingavalueof1forthisparameterorforcing
anindividualuserinstallationfromthecommandlinecangenerateUACprompts.Specifyingavalueof0for
thisparameterpreventsUACpromptsbutthedeploymentfailsformachine‐wideinstallations.
Controlling Application Access with Active Directory
YoucancontrolaccesstoapplicationsusingActiveDirectorygroups.
Whenyoubuildapackage,ThinA pp convertsActiv eDirectorygroupnamesintoSecurityIdentifier(SID)
values.ASIDisasmallbinaryvaluethatuniquelyidentifiesanobject.SIDvaluesarenotuniqueforafew
groups,suchastheadministrator
group.BecauseThinAppstoresSIDvaluesinpackagesforfuturevalidation,
thefollowingconsiderationsapplytoActiveDirectoryuse:
YoumustbeconnectedtoyourActiveDirectorydomainduringthebuildprocessandthegroupsyou
specifymustexist.ThinApplooksuptheSIDvalueduringthebuild.
Ifyoudeleteagroupandre‐createit,theSIDmightchange.Inthiscase,rebuildthepackageto
authenticateagainstthenewgroup.
Whenusersareoffline,ThinAppcanauthenticatethemusingcachedcredentials.Iftheuserscanloginto
theirmachines,authenticationstillworks.Useagrouppolicytosettheperiodwhencachedcredentials
arevalid.
CachedcredentialsmightnotrefreshonclientsuntilthenextActiveDirectoryrefreshcycle.Youcanforce
agrouppolicyonaclientbyusingthegpupdatecommand.Thiscommandrefresheslocalgrouppolicy,
grouppolicy,andsecuritysettingsstoredinActiveDirectory.YoumightlogoutbeforeActiveDirectory
credentials
arerecached.
Certaingroups,suchastheAdministratorsgroupandEveryonegroup,havethesameSIDonevery
ActiveDirectorydomainandworkgroup.Othergroupsyoucreatehaveadomain‐specificSID.Users
cannotcreatetheirownlocalgroupwiththesamenametobypassauthentication.
ActiveDirectoryDomainServicesdefinesecuritygroupsanddistributiongroups.Ifyouusenested
groups,ThinAppcanonlysupportnestedsecuritygroups.
Package.ini Entries for Active Directory Access Control
ThinAppprovidesthePermittedGroupsparameterinthePackage.inifiletocontrolActiveDirectory
access.
PermittedGroups Parameter
Whenyoustartacapturedapplication,thePermittedGroupsparametercheckswhetherauserisamember
ofaspecifiedActiveDirectorygroup.IftheuserisnotamemberoftheActiveDirectorygroup,ThinAppdoes
notstarttheapplication.ForinformationaboutrestrictingpackagestoActiv eDirectorygroups,see
“PermittedGroups”
parameterinThinAppPackage.iniParametersReferenceGuide.