Set User Groups; Defining Isolation Modes For The Physical File System - VMware THINAPP 4.6 Manual

Hide thumbs Also See for THINAPP 4.6:

Applications (3 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

Table of Contents

ThinApp User's Guide

Set User Groups

ThinApp can use Active Directory groups to authorize access to the virtual application. You can restrict access

to an application to ensure that users do not pass it to unauthorized users.

Active Directory Domain Services define security groups and distribution groups. ThinApp can only support

nested security groups.

Set user groups in the Setup Capture wizard

On the Groups page, limit the user access to the application.

Select Only the following Active Directory groups.

Click Add to specify Active Directory object and location information.

Option

Object Types

Locations

Check Names

Advanced

Common Queries (under Advanced)

(Optional) Change the message that appears for users that ThinApp cannot authorize.

Defining Isolation Modes for the Physical File System

Isolation modes determine the level of read and write access to the native file system outside of the virtual

environment. You might adjust isolation mode settings depending on the application and the requirements to

protect the physical system from changes.

The selection of isolation modes in the capture process determines the value of the DirectoryIsolationMode

parameter in the Package.ini file. This parameter controls the default isolation mode for the files created by

the virtual application except when you specify a different isolation mode in the ##Attributes.ini file for

an individual directory.

The selection of a directory isolation mode does not affect the following areas:



ThinApp treats write operations to network drives according to the SandboxNetworkDrives parameter

in the Package.ini file. This parameter has a default value that directs write operations to the physical

drive. ThinApp treats write operations to removable disks according to the SandboxRemovableDisk

parameter in the Package.ini file. This parameter has a default value that directs write operations to the

physical drive.



If you save documents to the desktop or My Documents folder, ThinApp saves the documents to the

physical system. ThinApp sets the isolation mode in the ##Attributes.ini files in %Personal% and

%Desktop% to Merged even when you select WriteCopy isolation mode.

Applying Merged Isolation Mode for Modifications Outside the Package

With Merged isolation mode, applications can read and modify elements on the physical file system outside

of the virtual package. Some applications rely on reading DLLs and registry information in the local system

image.

The advantage of using Merged mode is that documents that users save appear on the physical system in the

location that users expect, instead of in the sandbox. The disadvantage is that this mode might clutter the

system image. An example of the clutter might be first‐execution markers by shareware applications written

to random computer locations as part of the licensing process.

Description

Specifies objects.

Specifies a location in the forest.

Verify object names.

Locates user names in the Active Directory forest.

Searches for groups according to names, descriptions, disabled accounts,

passwords, and days since last login.

VMware, Inc.

Table of Contents

Set User Groups; Defining Isolation Modes For The Physical File System - VMware THINAPP 4.6 Manual

Set User Groups

Defining Isolation Modes for the Physical File System

Troubleshooting

Related Manuals for VMware THINAPP 4.6

Related Content for VMware THINAPP 4.6

Table of Contents