5.1
Table Of Contents
- ThinApp Package.ini Parameters Reference Guide
- Contents
- About This Guide
- Configuring Package Parameters
- Package.ini File Structure
- Package.ini or ##Attributes.ini Files That Override Package.ini Settings
- Configuring the ThinApp Runtime
- Configuring Isolation
- Configuring File and Protocol Associations
- Configuring Build Output
- Configuring Permissions
- Configuring Objects and DLL Files
- ExternalCOMObjects Parameter
- ExternalDLLs Parameter
- ForcedVirtualLoadPaths Parameter
- IsolatedMemoryObjects Parameter
- IsolatedSynchronizationObjects Parameter
- NotificationDLLs Parameter
- NotificationDLLSignature Parameter
- ObjectTypes Parameter
- SandboxCOMObjects Parameter
- VirtualizeExternalOutOfProcessCOM Parameter
- Configuring File Storage
- Configuring Processes and Services
- Configuring Sizes
- Configuring Logging
- Configuring Versions
- Configuring Locales
- Configuring Individual Applications
- Configuring Dependent Applications Using the Application Utility
- Configuring Application Updates with the Application Sync Utility
- Configuring MSI Files
- Configuring Sandbox Storage and Inventory Names
- Other Configuration Parameters
- DisableCutPaste Parameter
- LoadDotNetFromSystem Parameter
- PermittedComputers Parameter
- Services Parameter
- StatusbarDisplayName Parameter
- DisableTransactionRegistry Parameter
- PreventDLLInjection
- ProcessExternalNameBehavior Parameter
- PreventDllInjectionExceptions Parameter
- LargeAddressAware Parameter
- PermittedComputers Parameter
- PermittedComputersAccessDeniedMsg Parameter
- PermittedComputersOfflineAccess Parameter
- IgnoreDDEMessages Parameter
- Locating the ThinApp Sandbox
- Controlling the Sandbox Location
- Sandbox Structure
- Creating ThinApp Snapshots and Projects from the Command Line
- Index
Configuring Isolation 6
ThinApp isolation parameters determine the read and write access to the file system and registry keys
This chapter includes the following topics:
n
“DirectoryIsolationMode Parameter,” on page 19
n
“RegistryIsolationMode Parameter,” on page 20
DirectoryIsolationMode Parameter
The DirectoryIsolationMode parameter specifies the level of read and write access for directories to the
physical file system.
The capture process sets the initial value of the DirectoryIsolationMode parameter in the Package.ini file.
This parameter controls the default isolation mode for the files created by the virtual application, except
when you specify a different isolation mode in the ##Attributes.ini file for an individual directory. Any
unspecified directories, such as C:\myfolder , inherit the isolation mode from the Package.ini file.
ThinApp provides only the Merged and WriteCopy isolation mode options in the capture process. You can
use the Full isolation mode outside the setup capture wizard to secure the virtual environment.
With Merged isolation mode, applications can read and modify elements on the physical file system outside
of the virtual package. Some applications rely on reading DLLs and registry information in the local system
image. The advantage of using Merged mode is that documents that users save appear on the physical
system in the location that users expect, instead of in the sandbox. The disadvantage is that this mode might
clutter the system image. An example of the clutter might be first-execution markers by shareware
applications written to random computer locations as part of the licensing process.
With WriteCopy isolation mode, ThinApp can intercept write operations and redirect them to the sandbox.
You can use WriteCopy isolation mode for legacy or untrusted applications. Although this mode might
make it difficult to find user data files that reside in the sandbox instead of the physical system, the mode is
useful for locked-down desktops where you want to prevent users from affecting the local file system.
With Full isolation mode, ThinApp blocks visibility to system elements outside the virtual application
package. This mode restricts any changes to files or registry keys to the sandbox and ensures that no
interaction exists with the environment outside the virtual application package. Full isolation prevents
application conflict between the virtual application and applications installed on the physical system. Do not
use the Full isolation mode in the Package.ini file because that mode blocks the ability to detect and load
system DLLs. You can use Full isolation mode as an override mechanism in the ##Attributes.ini files.
ThinApp caches the isolation modes for the registry and the file system at runtime in the sandbox. If you
change the isolation mode for the project and rebuild the executable file, you might delete the sandbox for
the change to take effect.
VMware, Inc.
19