VMware Horizon Community
cbaptiste
Hot Shot
Hot Shot
Jump to solution

Disable Application Blocking

Hi,

Do you know of a way to disable Application blocking completely for a pool while have it enabled for another. Currently I am using conditions but it seems like when Application Blocking is enable it is enabled for everything. With conditions I can simply tell it what to allow or prohibit.

For example I say if this condition is met, allow C:\ so now anything that is on the local drive C is allowed. However, network paths are still blocked. I have to explicitly allow them.

Anyway to just disable it completely. Even through registry would do just fine.

1 Solution

Accepted Solutions
DEMdev
VMware Employee
VMware Employee
Jump to solution

Hi cbaptiste,

Once you enable application blocking through the Global Configuration button, it's on and only applications from the Windows folder, C:\Program Files, and C:\Program Files (x86) are allowed to run.

Having said that, that global configuration has its own conditions support, so you can have it behave differently for different pools.

pastedImage_2.png

View solution in original post

8 Replies
DEMdev
VMware Employee
VMware Employee
Jump to solution

Hi cbaptiste,

Once you enable application blocking through the Global Configuration button, it's on and only applications from the Windows folder, C:\Program Files, and C:\Program Files (x86) are allowed to run.

Having said that, that global configuration has its own conditions support, so you can have it behave differently for different pools.

pastedImage_2.png

cbaptiste
Hot Shot
Hot Shot
Jump to solution

Right. So can I then use the Global Configuration to tell it to only apply to a specific pool or pools.

Example: Horizon Client Property - Property "Pool Name" is equal to "Pool-1"

So then Pool-2 will not have it enabled?

I only really need application blocking for two specific environment out of my 20 plus environments.

Reply
0 Kudos
DEMdev
VMware Employee
VMware Employee
Jump to solution

Hi cbaptiste,

Correct, by putting pool-specific conditions on the global setting you can control which pools have application blocking enabled (further controlled by specific application blocking config files, if you wish) and which pools don't.

cbaptiste
Hot Shot
Hot Shot
Jump to solution

Last question. Can I use conditions to enable application blocking on specific pools while still being able to block application specific other pools that does not match that condition?

For example: I want to enable Application Blocking for pool-1 through Global Configuration. So I set condition if pool match Pool-1. But I also want to prevent users from launch notepad.exe on Pool-2. Only notepad. How can I do that? Is that even possible. That's actually my use cases. I didn't realize on those pools where I don't wish to block everything i am however blocking three applications.

BTW: I never noticed Application Blocking had a condition option. I am glad it was moved on newer versions. I am currently running 9.4.0. There is no condition tab. But it is on the body of the window which is not the typical location for conditions.

Reply
0 Kudos
DEMdev
VMware Employee
VMware Employee
Jump to solution

Hi cbaptiste,

I want to enable Application Blocking for pool-1 through Global Configuration. So I set condition if pool match Pool-1. But I also want to prevent users from launch notepad.exe on Pool-2. Only notepad. How can I do that? Is that even possible.

Sure. As you want to have application blocking enabled on both pools, you wouldn't be using conditions on the global configuration, but on the individual config files.

For Pool-2 you'd configure a path-based allow for C:\*, and a few path-based blocks for the various notepad.exe's in the Windows folder.

Reply
0 Kudos
cbaptiste
Hot Shot
Hot Shot
Jump to solution

Lol that is what I have currently. I have Global config without any conditions. I create specific policies to allow/prohibit applications. But then I can not find a way to allow all network paths. In one environment I want to manage what is allowed and/or prohibited. In another environment I simply want to block three applications and that is it. The users can launch anything from anywhere other than these three apps. That is my problem. And it doesn't seem like there is a way to do that.

If this is not something that is currently possible. Can it be added in future release.

DEMdev
VMware Employee
VMware Employee
Jump to solution

Ah, I see. No, there's no way right now to configure allow-everything-including-all-network-locations-but-block-these-specific-executables. I'll keep it in mind as a potential future enhancement, thanks!

cbaptiste
Hot Shot
Hot Shot
Jump to solution

Thank you sir. I believe that would be helpful. I realized I asked the question wrong so I will mark your first answer as right since it does answer the original post