VMware Horizon Community
Bpace
Contributor
Contributor
‎01-06-2010 09:12 AM

Wacky use of ThinApp???

OK, first off, I really like TA, works great.... for most things.

We have had issues with some apps not working really well, (within View) so we have gone to installing these locally on our master. No problem, they work and function just fine with the majority of our other applications that are TA'ed.

My issue is that by going local with some apps we are limited in certain features that we REALLY like about TA. Specifically the ability via AD groups to limit who sees/can access an application.

My question is, is there a way to create a "ThinApp" package that is nothing more than an entry point/icon for an application installed locally? If so we would remove any icons that point to the original locally installed EXE and use the ThinApp to point to the EXE. We could control access to the icon/ThinApp package thus hiding the application from those who shouldn't see it. I agree that it really isn't restricted and that someone could navigate directly to the EXE to launch the local application but this is more of security by obscurity.

Thanks in advance for your assistance.

0 Kudos
3 Replies
NickOn
Enthusiast
Enthusiast
‎01-06-2010 01:20 PM

I have two things to tell you.

1. Questios: What is the motivation? Do you understand all the possible issues?

2. You have two ways:

- One sandbox for ALL apps.

Just create empty project, which contains virtualised cmd.exe (entry point) and the preferences that you like. Every application can be ran with the command like

d:\virtual\cmd.exe "c:\Program File\Winamp\winamp.exe"

or any some coplicated.

- Separate sandbox for every app

The same actions but commands would be like:

d:\virtual_Winamp\cmd.exe "c:\Program File\Winamp\winamp.exe"

d:\virtual_Aimp\cmd.exe "c:\Program File\Aimp\aimp.exe"

0 Kudos
iToLo
Enthusiast
Enthusiast
‎02-09-2010 04:29 AM

I see your dilemma. I have had some trouble with certain apps myself and ended up including them in the View-image.

If I understand you correctly your problem is controlling who would have access to certain apps/shortcuts that are installed locally, and use AD-groups for permissions? I guess you could solve this problem with simple Windows file permissions on your local shortcuts.

Lets say you would like to control who is able to see Firefox:

Find the shortcut in your all-users start menu. Right click, select security tab, remove "users" group from access list, add "YourDomain\App-Firefox" group instead.

You would still have the problem with your users being able to browse to the exe though (but from your post, it seems acceptable).

/Tomas

0 Kudos
Squidly_Man
VMware Employee
VMware Employee
‎02-09-2010 08:35 AM

You may wish to review the recent blog article "How to Package a NON-Executable File Such as a Document or Spreadsheet". It doesn't directly talk to your issues but it does discuss similar types of issues and possible resolutions.

-Dean F.

-Dean F. https://www.vmware.com/support/pubs/identitymanager-pubs.html
0 Kudos