Knowledge Base

The VMware Knowledge Base provides support solutions, error messages and troubleshooting guides
 
Search the VMware Knowledge Base (KB)   View by Article ID
 

PermittedComputers and PermittedComputersAccessDeniedMsg parameters in ThinApp Package.ini for Active Directory Groups of computers (1030989)

Purpose

This article describes the PermittedComputers and PermittedComputersAccessDeniedMsg parameters, which can be used in the Package.ini configuration file for ThinApp projects.

Resolution

The PermittedComputers parameter allows you to limit which computers have access to the virtual application. The PermittedComputersAccessDeniedMsg parameter lets you customize the message to users who try to use the virtual application from disallowed computers.
 
PermittedComputers
 
The PermittedComputers parameter allows you to increase security by specifying a limited set of Active Directory Groups of computers that are permitted to use the virtual application.
 
The ThinApp Setup Capture wizard does not provide a user interface for the PermittedComputers parameter. You configure this parameter directly in Package.ini. During the build phase, you must be connected to the Active Directory domain if you used any Group Names in the value for PermittedComputers. This allows ThinApp to translate the Group Names to Group SIDs, which the required storage format for Groups in the virtual package.
 
Possible values
 
You can enter either an Active Directory Group Name or an Active Directory Group SID for the value of PermittedComputers. If you have more than one Group, use a semicolon (' ; ') to separate entries. You can mix Group Names and Group SIDs within a single value for PermittedComputers.
 
You cannot enter individual computer names or IP addresses for the value of PermittedComputers.
 
Default value
 
The default value of PermittedComputers is blank, so every Active Directory Group of computers is allowed to access the virtual application.
 
Use cases
 
In addition to control over which computers can access a virtual application, this parameter is useful for specifying groups of VMware View Desktops that are permitted to use the virtual application.
 
PermittedComputersAccessDeniedMsg parameter
 
The PermittedComputersAccessDeniedMsg parameter allows you to specify the message that users receive when they try to use the virtual application from a disallowed computer. This message is displayed only if you have also set a value for the PermittedComputers parameter.
 
Default value
 
The default value of PermittedComputersAccessDeniedMsg is:

Application policy does not permit execution on this computer. Contact Administrator.

Possible values

There is no limit in ThinApp to the number of characters in PermittedComputersAccessDeniedMsg, although Windows may restrict the number of characters.

Where you set these parameters in Package.ini

You can set these two parameters just in the [BuildOptions] section of Package.ini or in both [BuildOptions] and in individual entry point sections ([<AppName>.exe]).

[BuildOptions] sets the default PermittedComputers value for entry points in a project. If you set PermittedComputers within an entry point section of Package.ini ([<AppName>.exe]), this setting overrides the default setting in [BuildOptions].
 
Note: The value of PermittedComputers in an entry point section in Package.ini is not added to the value set in the [BuildOptions] section.
 
[<AppName>.exe] sections without any value for PermittedComputers inherit the value set in [BuildOptions].
 
For example, in the Package.ini file for a project:
[BuildOptions]
PermittedComputers=TalentAcquisition;ChangeManagement
PermittedComputersAccessDeniedMsg=Your computer does not have permission to use this application. Please call Support @ 1-800-822-2992.
 
This is the global setting for the entire project. Only computers in the TalentAcquisition and ChangeManagement groups can use the virtual application.
 
 
[<entrypoint1>.exe]
PermittedComputers=AccountingDesktops
PermittedComputersAccessDeniedMsg=You do not have permission to use this application. Please call Support @ 1-800-822-2992.
 
This setting overrides the global setting for PermittedComputers, for this entry point. Only computers in the AccountingDesktops group can use this entry point of the application.
 
 
[<entrypoint2>.exe]
 
No entry for PermittedComputers within an entry point means that the entry point inherits the value of PermittedComputers from [BuildOptions]. Only computers in the TalentAcquisition and ChangeManagement groups can use this entry point of the application.

Additional Information

The PermittedComputers and PermittedComputersAccessDeniedMsg parameters were unofficially supported beginning with ThinApp 4.0.1 and now are officially supported.

A related parameter, the PermittedGroups parameter, causes ThinApp to check if a user is within a specified list of Active Directory Groups who are permitted to use the virtual application. See the entries for PermittedGroups and AccessDeniedMsg in:

The ThinApp User's Guide

Request a Product Feature

To request a new product feature or to provide feedback on a VMware product, please visit the Request a Product Feature page.

Feedback

  • 0 Ratings

Did this article help you?
This article resolved my issue.
This article did not resolve my issue.
This article helped but additional information was required to resolve my issue.
What can we do to improve this information? (4000 or fewer characters)
  • 0 Ratings
Actions
KB: