November 6, 2008 - Sven Huisman
HOWTO deploy ThinApp applications with Active Directory
So our application virtualization comparison chart seems to be very popular. We get a lot of positive responses, but one thing that we get a lot is the fact that we mention ThinApp has no central management for deploying the virtualized apps, and that it can easily be done with Active Directory. Although that is true, we still say that ThinApp has no central management for deploying the apps, just to compare it with other products that do come with a central deployment tool, like InstallFree or Microsoft App-V.
Okay, so how can you distribute ThinApp Applications? There a a lot of possibilities, I will explain 2: through Active Directory and with a login script.
When you capture an application with ThinApp you have the possibility to build a MSI-file. You might wonder why you want to build an MSI, because one of the big advantages of ThinApp that it creates a single executable which doesn’t need to be installed. Well, this MSI doesn’t install the captured application. It contains the single executable and thinreg. Thinreg is a tool that creates shortcuts and file type associations. It also puts the application to the Add/remove programs list (this is also useful for software inventory tools).
When the MSI has been build, you create a Group Policy Object (GPO) and add the MSI to the software installation. Add a security group to this policy and add the users who needs this app to the security group.
After the ThinApp is “installed”, a couple of files have been copied (the executable and a couple of VB-scripts to “uninstall” the application), the shortcuts are created, file type associations are registered and the app is added to the add/remove programs list.
When doing a per-machine deployment, the default installation directory is the localized equivalent of “%ProgramFilesDir%\<InventoryName> (captured). For a per-user deployment, the default is %AppData%\<InventoryName> (captured).
So Thinreg does cool stuff like creating shortcuts and file type associations. How can this be used in a login script? Easy:
– Put your packages on a fileshare
– create a login script with the following command: ThinReg.exe “\\server\share\*.exe”
This will register all the applications for the user. If you want more control on who gets what application, you can use the PermittedGroups option. When building an ThinApp application, you can specify a security group that has rights to launch the application. Best practice is to create one group per application and add users to the specific application group.
Using Thinreg does one thing else: it doesn’t copy the executable to the local client, but only register the application. It will remain on the file share. So when a user starts the application, it will be streamed to the clients memory.
There are other ways to distribute ThinApp applications, but these 2 are free to use (when Active Directory is available or using a login script).