locked
[AppV 4.6SP1] How to override local policy within the bubble? RRS feed

  • Question

  • Hello all,

    On the local system there are - for example - 2 sites defined in the 'trusted sites'. This is done via GPO:

    In the bubble I add - for example - https://c.intranet.

    On a machine where the GPO is not applied: if I go to https://c.intranet I see the 'trusted sites' symbol.

    On a machine where the GPO has been applied: if I go to https://c.intranet I do not see the 'trusted sites' symbol.

    Internet Explorer has been started within the bubble.

    I have done the following (with no luck):

    • Played with the 'merge with local registry' and 'override local registry' from the hive USER -> %SFT_SID% -> Software -> Microsoft -> Windows -> CurrentVersion -> Internet Settings
    • LOCAL_INTERACTION_ALLOWED from FALSE to TRUE.
    • Googled a lot.

    For your reference I have added to OSD File:

    <?xml version="1.0" standalone="no"?>
    <SOFTPKG GUID="69935148-6BED-482A-8D88-E4C8CFE54316" NAME="Steelwedge 5.2 (On Demand)" VERSION="1.00.02">
    	<IMPLEMENTATION>
    		<CODEBASE HREF="RTSP://%SFT_SOFTGRIDSERVER%:554/SteelWedge_TangoPlugin_2.0.0.48_ENG.100/SteelWedge_TangoPlugin_2.0.0.48_ENG_5.sft" GUID="53408DB7-A822-4E04-AA9A-28FB59B775FB" PARAMETERS="https://whatsoever.steelwedge.com" FILENAME="%CSIDL_PROGRAM_FILES%\Internet Explorer\iexplore.exe" SYSGUARDFILE="SteelWedge_TangoPlugin_2.0.0.48_ENG.100\osguard.cp" SIZE="4155258"/>
    		<VIRTUALENV TERMINATECHILDREN="FALSE">
    			<POLICIES>
    				<LOCAL_INTERACTION_ALLOWED>TRUE</LOCAL_INTERACTION_ALLOWED>
    			</POLICIES>
    			<ENVLIST/>
    		</VIRTUALENV>
    		<WORKINGDIR>%CSIDL_PROGRAM_FILES%\Internet Explorer</WORKINGDIR>
    		<VM VALUE="Win32">
    			<SUBSYSTEM VALUE="windows"/>
    		</VM>
    	</IMPLEMENTATION>
    	<DEPENDENCY>
    		<CLIENTVERSION VERSION="4.6.0.0"/>
    	</DEPENDENCY>
    	<PACKAGE NAME="SteelWedge_TangoPlugin_2.0.0.48_ENG"/>
    	<ABSTRACT/>
    	<MGMT_SHORTCUTLIST>
    		<SHORTCUT LOCATION="%CSIDL_PROGRAMS%" FILENAME="" OVERRIDDEN="TRUE" DISPLAY="Steelwedge 5.2 (On Demand)" ICON="%SFT_MIME_SOURCE%/SteelWedge_TangoPlugin_2.0.0.48_ENG Icons/SteelWedge_TangoPlugin_2.0.0.48_ENG.ico"/>
    	</MGMT_SHORTCUTLIST>
    	<MGMT_FILEASSOCIATIONS>
    		<PROGIDLIST/>
    		<FILEEXTENSIONLIST/>
    	</MGMT_FILEASSOCIATIONS>
    </SOFTPKG>

    Any help is appreciated.

    With kind regards,

    Willem-Jan


    Monday, March 19, 2012 8:54 AM

Answers

  • Hello all,

    I was not able to solve this one in a short time. Therefore I added the trusted site to the GPO. And then it is applied in the bubble.

    If I add the hive 'HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains' to the package (both as 'override local key' and 'merge with local key') it is completely ignored. If I try to add it manually (via regedit) outside the bubble I get an access denied error message.

    So that is why I think it is impossible.

    But as always: I am open for other suggestions.

    With kind regards,

    Willem-Jan

    • Marked as answer by WillemPiloot Tuesday, March 20, 2012 8:19 AM
    Tuesday, March 20, 2012 8:19 AM

All replies

  • Hello,

    Which registry keys does the Group Policy modify?

    Nicke Källén | The Knack| Twitter: @Znackattack

    Monday, March 19, 2012 8:55 AM
  • Hello Nicke,

    The policy writes its information to (regardig the trusted sites):

    [HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]

    The application puts the information (regarding the trusted sites):

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]

    Is it an idea to move all the registry information from 'HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains' to 'HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains'? However: on a machine where the policy has not been applied the information is correct.

    With kind regards,

    Willem-Jan

    Monday, March 19, 2012 9:14 AM
  • Thanks for the URLs. I will have a look.
    • Marked as answer by WillemPiloot Tuesday, March 20, 2012 8:19 AM
    • Unmarked as answer by WillemPiloot Tuesday, March 20, 2012 8:19 AM
    Monday, March 19, 2012 10:19 AM
  • Hello all,

    I was not able to solve this one in a short time. Therefore I added the trusted site to the GPO. And then it is applied in the bubble.

    If I add the hive 'HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains' to the package (both as 'override local key' and 'merge with local key') it is completely ignored. If I try to add it manually (via regedit) outside the bubble I get an access denied error message.

    So that is why I think it is impossible.

    But as always: I am open for other suggestions.

    With kind regards,

    Willem-Jan

    • Marked as answer by WillemPiloot Tuesday, March 20, 2012 8:19 AM
    Tuesday, March 20, 2012 8:19 AM