ThinApp User's Guide
Set User Groups
ThinApp can use Active Directory groups to authorize access to the virtual application. You can restrict access
to an application to ensure that users do not pass it to unauthorized users.
Active Directory Domain Services define security groups and distribution groups. ThinApp can only support
nested security groups.
Set user groups in the Setup Capture wizard
1
On the Groups page, limit the user access to the application.
a
Select Only the following Active Directory groups.
b
Click Add to specify Active Directory object and location information.
Option
Object Types
Locations
Check Names
Advanced
Common Queries (under Advanced)
2
(Optional) Change the message that appears for users that ThinApp cannot authorize.
Defining Isolation Modes for the Physical File System
Isolation modes determine the level of read and write access to the native file system outside of the virtual
environment. You might adjust isolation mode settings depending on the application and the requirements to
protect the physical system from changes.
The selection of isolation modes in the capture process determines the value of the DirectoryIsolationMode
parameter in the Package.ini file. This parameter controls the default isolation mode for the files created by
the virtual application except when you specify a different isolation mode in the ##Attributes.ini file for
an individual directory.
The selection of a directory isolation mode does not affect the following areas:
ThinApp treats write operations to network drives according to the SandboxNetworkDrives parameter
in the Package.ini file. This parameter has a default value that directs write operations to the physical
drive. ThinApp treats write operations to removable disks according to the SandboxRemovableDisk
parameter in the Package.ini file. This parameter has a default value that directs write operations to the
physical drive.
If you save documents to the desktop or My Documents folder, ThinApp saves the documents to the
physical system. ThinApp sets the isolation mode in the ##Attributes.ini files in %Personal% and
%Desktop% to Merged even when you select WriteCopy isolation mode.
Applying Merged Isolation Mode for Modifications Outside the Package
With Merged isolation mode, applications can read and modify elements on the physical file system outside
of the virtual package. Some applications rely on reading DLLs and registry information in the local system
image.
The advantage of using Merged mode is that documents that users save appear on the physical system in the
location that users expect, instead of in the sandbox. The disadvantage is that this mode might clutter the
system image. An example of the clutter might be first‐execution markers by shareware applications written
to random computer locations as part of the licensing process.
18
Description
Specifies objects.
Specifies a location in the forest.
Verify object names.
Locates user names in the Active Directory forest.
Searches for groups according to names, descriptions, disabled accounts,
passwords, and days since last login.
VMware, Inc.