4.7.3
Table Of Contents
- ThinApp Package.ini Parameters Reference Guide
- Contents
- About This Guide
- Configuring Package Parameters
- Package.ini File Structure
- Package.ini or ##Attributes.ini Files That Override Package.ini Settings
- Configuring the ThinApp Runtime
- Configuring Isolation
- Configuring File and Protocol Associations
- Configuring Build Output
- Configuring Permissions
- Configuring Objects and DLL Files
- ExternalCOMObjects Parameter
- ExternalDLLs Parameter
- ForcedVirtualLoadPaths Parameter
- IsolatedMemoryObjects Parameter
- IsolatedSynchronizationObjects Parameter
- NotificationDLLs Parameter
- NotificationDLLSignature Parameter
- ObjectTypes Parameter
- SandboxCOMObjects Parameter
- VirtualizeExternalOutOfProcessCOM Parameter
- Configuring File Storage
- Configuring Processes and Services
- Configuring Sizes
- Configuring Logging
- Configuring Versions
- Configuring Locales
- Configuring Individual Applications
- Configuring Dependent Applications Using the Application Utility
- Configuring Application Updates with the Application Sync Utility
- Configuring MSI Files
- Configuring Sandbox Storage and Inventory Names
- Other Configuration Parameters
- Locating the ThinApp Sandbox
- Controlling the Sandbox Location
- Sandbox Structure
- Creating ThinApp Snapshots and Projects from the Command Line
- Index
Configuring Permissions 8
You can modify parameters for security tasks that define user access to packages and change Data Execution
Prevention (DEP) protection.
Permissions parameters are generally specified under the [build options] section.
This chapter includes the following topics:
n
“AccessDeniedMsg Parameter,” on page 29
n
“AddPageExecutePermission Parameter,” on page 29
n
“PermittedGroups Parameter,” on page 30
n
“UACRequestedPrivilegesLevel Parameter,” on page 31
n
“UACRequestedPrivilegesUIAccess Parameter,” on page 31
AccessDeniedMsg Parameter
The AccessDeniedMsg parameter contains an error message to display to users who do not have permission to
run a package.
ThinApp sets an default message that notifies the user to contact the administrator.
Example: Adding a Contact Number
You can modify the AccessDeniedMsg parameter to add a technical support number.
[BuildOptions]
PermittedGroups=Administrator;OfficeUsers
AccessDeniedMsg=You do not have permission to execute this application, please call support
@1-800-822-2992
AddPageExecutePermission Parameter
The AddPageExecutePermission parameter supports applications that do not work in a DEP environment.
The DEP feature of Windows XP SP2, Windows Server 2003, and later operating system versions protects
against some security exploits that occur with buffer overflow.
This feature creates compatibility issues. Windows turns off the feature by default on Windows XP SP2, and
you use a machine-specific opt-in or opt-out list to specify to which of the applications to apply DEP protection.
Opt-in and opt-out policies can be difficult to manage when a large number of machines and applications are
involved.
VMware, Inc.
29