Home > Blogs > VMware ThinApp Blog


ThinApp and Group Policy

I'm often being asked if a ThinApped application honors GPOs (Group Policy Objects). The answer is yes and no. It is up to you as the packager.



The background is that any conflicts (element exist both on the physical client and in the virtual environment of the package) will be won by the virtual environment. GPO is registry keys, which means if you create conflicting registry keys or fully isolate the GPO part of the registry either you can hard code the GPO settings or you will simply hide GPO setting for the packaged application.

I used this the other week to make an old legacy application run on Citrix where C: drive was moved to M: and A-D drive was hidden for the users with the help of GPO. I simply created a virtual A drive (was needed by the application) and a virtual C drive (application had to be installed in the root of C:) and to make the package able to see these drives did I have to disable the GPO settings but just for this package. I did it by simply applying my standard "get rid of GPO settings" reg keys.

In HKEY_CURRENT_USER.txt add:
isolation_full HKEY_CURRENT_USER\Software\Policies

isolation_full HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies

In HKEY_LOCAL_MACHINE.txt add:
isolation_full HKEY_LOCAL_MACHINE\Software\Policies

isolation_full HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies

(Yes, you need one line break between the two keys)

If you want to make sure GPOs are being honored by you packaged application make sure you do not capture any GPO settings during Setup Capture. Easiest done is of course to make sure you capture on a none domain member.

One thought on “ThinApp and Group Policy

  1. Cievo

    Great post Peter ๐Ÿ™‚

Comments are closed.