locked
[AppV 4.6SP1] How to override local policy within the bubble? RRS feed

 > 

  • Question

  • Question
    Sign in to vote
    0
    Sign in to vote

    Hello all,

    On the local system there are - for example - 2 sites defined in the 'trusted sites'. This is done via GPO:

    In the bubble I add - for example - https://c.intranet.

    On a machine where the GPO is not applied: if I go to https://c.intranet I see the 'trusted sites' symbol.

    On a machine where the GPO has been applied: if I go to https://c.intranet I do not see the 'trusted sites' symbol.

    Internet Explorer has been started within the bubble.

    I have done the following (with no luck):

    • Played with the 'merge with local registry' and 'override local registry' from the hive USER -> %SFT_SID% -> Software -> Microsoft -> Windows -> CurrentVersion -> Internet Settings
    • LOCAL_INTERACTION_ALLOWED from FALSE to TRUE.
    • Googled a lot.

    For your reference I have added to OSD File:

    <?xml version="1.0" standalone="no"?>
<SOFTPKG GUID="69935148-6BED-482A-8D88-E4C8CFE54316" NAME="Steelwedge 5.2 (On Demand)" VERSION="1.00.02">
	<IMPLEMENTATION>
		<CODEBASE HREF="RTSP://%SFT_SOFTGRIDSERVER%:554/SteelWedge_TangoPlugin_2.0.0.48_ENG.100/SteelWedge_TangoPlugin_2.0.0.48_ENG_5.sft" GUID="53408DB7-A822-4E04-AA9A-28FB59B775FB" PARAMETERS="https://whatsoever.steelwedge.com" FILENAME="%CSIDL_PROGRAM_FILES%\Internet Explorer\iexplore.exe" SYSGUARDFILE="SteelWedge_TangoPlugin_2.0.0.48_ENG.100\osguard.cp" SIZE="4155258"/>
		<VIRTUALENV TERMINATECHILDREN="FALSE">
			<POLICIES>
				<LOCAL_INTERACTION_ALLOWED>TRUE</LOCAL_INTERACTION_ALLOWED>
			</POLICIES>
			<ENVLIST/>
		</VIRTUALENV>
		<WORKINGDIR>%CSIDL_PROGRAM_FILES%\Internet Explorer</WORKINGDIR>
		<VM VALUE="Win32">
			<SUBSYSTEM VALUE="windows"/>
		</VM>
	</IMPLEMENTATION>
	<DEPENDENCY>
		<CLIENTVERSION VERSION="4.6.0.0"/>
	</DEPENDENCY>
	<PACKAGE NAME="SteelWedge_TangoPlugin_2.0.0.48_ENG"/>
	<ABSTRACT/>
	<MGMT_SHORTCUTLIST>
		<SHORTCUT LOCATION="%CSIDL_PROGRAMS%" FILENAME="" OVERRIDDEN="TRUE" DISPLAY="Steelwedge 5.2 (On Demand)" ICON="%SFT_MIME_SOURCE%/SteelWedge_TangoPlugin_2.0.0.48_ENG Icons/SteelWedge_TangoPlugin_2.0.0.48_ENG.ico"/>
	</MGMT_SHORTCUTLIST>
	<MGMT_FILEASSOCIATIONS>
		<PROGIDLIST/>
		<FILEEXTENSIONLIST/>
	</MGMT_FILEASSOCIATIONS>
</SOFTPKG>

    Any help is appreciated.

    With kind regards,

    Willem-Jan


    Monday, March 19, 2012 8:54 AM

Answers

  • Question
    Sign in to vote
    0
    Sign in to vote

    Hello all,

    I was not able to solve this one in a short time. Therefore I added the trusted site to the GPO. And then it is applied in the bubble.

    If I add the hive 'HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains' to the package (both as 'override local key' and 'merge with local key') it is completely ignored. If I try to add it manually (via regedit) outside the bubble I get an access denied error message.

    So that is why I think it is impossible.

    But as always: I am open for other suggestions.

    With kind regards,

    Willem-Jan

    • Marked as answer by WillemPiloot Tuesday, March 20, 2012 8:19 AM
    Tuesday, March 20, 2012 8:19 AM

All replies

  • Question
    Sign in to vote
    0
    Sign in to vote
    Hello,

    Which registry keys does the Group Policy modify?

    Nicke Källén | The Knack| Twitter: @Znackattack

    Monday, March 19, 2012 8:55 AM
  • Question
    Sign in to vote
    0
    Sign in to vote

    Hello Nicke,

    The policy writes its information to (regardig the trusted sites):

    [HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]

    The application puts the information (regarding the trusted sites):

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]

    Is it an idea to move all the registry information from 'HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains' to 'HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains'? However: on a machine where the policy has not been applied the information is correct.

    With kind regards,

    Willem-Jan

    Monday, March 19, 2012 9:14 AM
  • Question
    Sign in to vote
    1
    Sign in to vote

    Hello,

    I suggest you read these articles;

    http://blogs.technet.com/b/appv/archive/2009/04/23/some-insight-into-how-softgrid-and-app-v-4-5-handle-group-policies.aspx

    http://www.policypak.com/how-app-v-handles-group-policy-and-group-policy-preferences.html

    Nicke Källén | The Knack| Twitter: @Znackattack

    Monday, March 19, 2012 10:18 AM
  • Question
    Sign in to vote
    0
    Sign in to vote
    Thanks for the URLs. I will have a look.
    • Marked as answer by WillemPiloot Tuesday, March 20, 2012 8:19 AM
    • Unmarked as answer by WillemPiloot Tuesday, March 20, 2012 8:19 AM
    Monday, March 19, 2012 10:19 AM
  • Question
    Sign in to vote
    0
    Sign in to vote

    Hello all,

    I was not able to solve this one in a short time. Therefore I added the trusted site to the GPO. And then it is applied in the bubble.

    If I add the hive 'HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains' to the package (both as 'override local key' and 'merge with local key') it is completely ignored. If I try to add it manually (via regedit) outside the bubble I get an access denied error message.

    So that is why I think it is impossible.

    But as always: I am open for other suggestions.

    With kind regards,

    Willem-Jan

    • Marked as answer by WillemPiloot Tuesday, March 20, 2012 8:19 AM
    Tuesday, March 20, 2012 8:19 AM