locked
ObjExclusion & LOCAL_INTERACTION_ALLOWED RRS feed

  • Question

  • Hi all,

    I am looking for some advice on the benefits and downfalls of doing the following.

    Addition of a Registry key to modify the 'local interaction' behaviour or APP-V.
    (Will create the following registry information:
    Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SoftGrid\4.5\SystemGuard\ObjExclusions
    Valuename: 94
    Datatype: REG_SZ
    Data: *
    )

    Firstly, a bit of backgorund. We have some locally installed applications which need to interact with any virtualised application. The locally installed software is magnification software and screen reading software which is required for people with sight and hearing impairments.

    The problem is that the screen reading software is not reading the data inside the Virtualised applications window. We have implemented the type of fix written about by Dan Oxley here - http://blogs.technet.com/b/deploymentguys/archive/2011/07/05/allowing-better-interaction-to-app-v-virtual-applications.aspx. However, this doesn't seem to work for the next iteration of the software and also we have discovered some more software that needs to read from the other APPV bubbles.

    I know that setting LOCAL_INTERACTION_ALLOWED for each APP-V application would solve my issue but we are not going to revisit all of our applications and make this change. Also, this is a bit of a sledghammer approach in my view. So, Dan Oxley's approach of setting the relevant registry keys in the ObjExclusion registry key is the way forward. To find these for the working application we used ProcessExplorer and the process described above.

    My question is this, why would you not set the registry key to a wildcard - "*"?
    What are the disadvantages of doing this? Setting this registry key to "*" has fixed some of our applications but I'm afraid it will cause further problems with other applications and how applications interact with eachother. Any input/advice would be greatly appreciated.

    Cheers,
    Sparks

    Tuesday, April 1, 2014 11:08 AM

Answers

  • Hi There,

    Firstly setting LOCAL_INTERACTION_ALLOWED to TRUE does not necessarily allow your local applications to view your virtual applications. It allows certain components of the virtual applications to be accessible by the locally installed applications and system. Namely COM components. These will run with a less restrictive form of isolation. Have you already confirmed that this will work for sure? Have you tested in a Dev environment?

    The risk is introducing conflicts. The benefit of isolation is meant to be that it removes the risk of application conflicts, if you have a virtual application with something in it that's also on the local system and it attempts to run outside the virtual bubble, it might stomp all over the already running local instance and throw some errors.


    PLEASE MARK ANY ANSWERS TO HELP OTHERS Blog: rorymon.com Twitter: @Rorymon

    Tuesday, April 1, 2014 3:14 PM

All replies

  • Hi There,

    Firstly setting LOCAL_INTERACTION_ALLOWED to TRUE does not necessarily allow your local applications to view your virtual applications. It allows certain components of the virtual applications to be accessible by the locally installed applications and system. Namely COM components. These will run with a less restrictive form of isolation. Have you already confirmed that this will work for sure? Have you tested in a Dev environment?

    The risk is introducing conflicts. The benefit of isolation is meant to be that it removes the risk of application conflicts, if you have a virtual application with something in it that's also on the local system and it attempts to run outside the virtual bubble, it might stomp all over the already running local instance and throw some errors.


    PLEASE MARK ANY ANSWERS TO HELP OTHERS Blog: rorymon.com Twitter: @Rorymon

    Tuesday, April 1, 2014 3:14 PM
  • Thanks for your reply Rorymon,

    I have tested setting LOCAL_INTERACTION_ALLOWED to TRUE and you are correct, it does not have the desired effect. In fact it makes things worse and causes some Active X issues.

    Likewise, when setting the registry key to a wildcard value "*", I get application crashes and more Active X issues so it seems that this setting can be detremental. I have used ProcessExplorer to identify the BaseNamedObjects which need to be added to the Client's registry and these have worked so for now I will be avoiding the use of the wildcard character.

    Like you say the risk of introducing conflicts is too great and I have proven as much.

    Cheers

    Wednesday, April 2, 2014 6:41 AM