5.1
Table Of Contents
- ThinApp User’s Guide
- Contents
- About This Book
- Installing ThinApp
- Capturing Applications
- Phases of the Capture Process
- Preparing to Capture Applications
- Capturing Applications with the Setup Capture Wizard
- Create a System Image Before the Application Installation
- Rescan the System with the Installed Application
- Defining Entry Points as Shortcuts into the Virtual Environment
- Set Entry Points
- Manage with VMware Horizon Application Manager
- Set User Groups
- Defining Isolation Modes for the Physical File System
- Set File System Isolation Modes
- Storing Application Changes in the Sandbox
- Customize the Sandbox Location
- Send Anonymous Statistics to VMware
- Customize ThinApp Project Settings
- Defining Package Settings
- Customize Package Settings
- Opening Project and Parameter Files
- Build Virtual Applications
- Advanced Package Configuration
- Capturing Internet Explorer 6 on Windows XP
- Capturing Multiple Application Installers with ThinApp Converter
- ThinApp Package Management
- Deploying Applications
- ThinApp Deployment Options
- Establishing File Type Associations with the thinreg.exe Utility
- Building an MSI Database
- Controlling Application Access with Active Directory
- Starting and Stopping Virtual Services
- Using ThinApp Packages Streamed from the Network
- Using Captured Applications with Other System Components
- Performing Paste Operations
- Accessing Printers
- Accessing Drivers
- Accessing the Local Disk, the Removable Disk, and Network Shares
- Accessing the System Registry
- Accessing Networking and Sockets
- Using Shared Memory and Named Pipes
- Using COM, DCOM, and Out-of-Process COM Components
- Starting Services
- Using File Type Associations
- Sample Isolation Mode Configuration Depending on Deployment Context
- Updating and Linking Applications
- Application Updates That the End User Triggers
- Application Sync Updates
- Using Application Sync in a Managed or Unmanaged Environment
- Update Firefox 2.0.0.3 to Firefox 3 with Application Sync
- Fix an Incorrect Update with Application Sync
- Application Sync Effect on Entry Point Executable Files
- Updating thinreg.exe Registrations with Application Sync
- Maintaining the Primary Data Container Name with Application Sync
- Completing the Application Sync Process When Applications Create Child Processes
- Application Link Updates
- View of the Application using Application Link
- Link a Base Application to the Microsoft .NET Framework
- Set Up Nested Links with Application Link
- Affecting Isolation Modes with Application Link
- PermittedGroups Effect on Linked Packages
- Sandbox Changes for Standalone and Linked Packages
- Import Order for Linked Packages
- File and Registry Collisions in Linked Packages
- VBScript Collisions in Linked Packages
- VBScript Function Order in Linked Packages
- Storing Multiple Versions of a Linked Application in the Same Directory
- Using Application Sync for a Base Application and Linked Packages
- Application Sync Updates
- Application Updates That the Administrator Triggers
- Automatic Application Updates
- Upgrading Running Applications on a Network Share
- Application Synchronization Using Group Policy Object
- Sandbox Considerations for Upgraded Applications
- Updating the ThinApp Version of Packages
- Application Updates That the End User Triggers
- Locating the ThinApp Sandbox
- Creating ThinApp Snapshots and Projects from the Command Line
- ThinApp File System Formats and Macros
- Creating ThinApp Scripts
- Callback Functions
- Implement Scripts in a ThinApp Environment
- API Functions
- Monitoring and Troubleshooting ThinApp
- Glossary
- Index
ThinApp User’s Guide
18 VMware, Inc.
Set User Groups
ThinApp can use Active Directory groups to authorize access to the virtual application. You can restrict access
to an application to ensure that users do not pass it to unauthorized users.
Active Directory Domain Services define security groups and distribution groups. ThinApp can only support
nested security groups.
Set user groups in the Setup Capture wizard
1On the Groups page, limit the user access to the application.
a Select Only the following Active Directory groups.
bClick Add to specify Active Directory object and location information.
2 (Optional) Change the message that appears for users that ThinApp cannot authorize.
Defining Isolation Modes for the Physical File System
Isolation modes determine the level of read and write access to the native file system outside of the virtual
environment. You might adjust isolation mode settings depending on the application and the requirements to
protect the physical system from changes.
The selection of isolation modes in the capture process determines the value of the DirectoryIsolationMode
parameter in the Package.ini file. This parameter controls the default isolation mode for the files created by
the virtual application except when you specify a different isolation mode in the ##Attributes.ini file for
an individual directory.
The selection of a directory isolation mode does not affect the following areas:
ThinApp treats write operations to network drives according to the SandboxNetworkDrives parameter
in the Package.ini file. This parameter has a default value that directs write operations to the physical
drive. ThinApp treats write operations to removable disks according to the SandboxRemovableDisk
parameter in the Package.ini file. This parameter has a default value that directs write operations to the
physical drive.
If you save documents to the desktop or My Documents folder, ThinApp saves the documents to the
physical system. ThinApp sets the isolation mode in the ##Attributes.ini files in %Personal% and
%Desktop% to Merged even when you select WriteCopy isolation mode.
Applying Merged Isolation Mode for Modifications Outside the Package
With Merged isolation mode, applications can read and modify elements on the physical file system outside
of the virtual package. Some applications rely on reading DLLs and registry information in the local system
image.
The advantage of using Merged mode is that documents that users save appear on the physical system in the
location that users expect, instead of in the sandbox. The disadvantage is that this mode might clutter the
system image. An example of the clutter might be first-execution markers by shareware applications written
to random computer locations as part of the licensing process.
Option Description
Object Types Specifies objects.
Locations Specifies a location in the forest.
Check Names Verify object names.
Advanced Locates user names in the Active Directory forest.
Common Queries (under Advanced) Searches for groups according to names, descriptions, disabled accounts,
passwords, and days since last login.