Policy Files (snapvol.cfg)

Policy files (snapvol.cfg) contain rules that control how files and registries are virtualized (or excluded from virtualization) from the base virtual machine, Writable Volumes, and application packages. These rules are specified through name-value pairs of policy keywords and their values.

These policy files also contain rules to control if processes with a specific application name or residing within a specific directory must be excluded from virtualization.

Most of the inclusion and exclusion rules are applicable for all the application packages and Writable Volumes. These rules are placed in a policy file outside the volume-specific folders located at %SVAgent%\Config\Default\snapvol.cfg. If you want to add inclusion or exclusion rules, you must create a custom policy file at %SVAgent%\Config\Custom\snapvol.cfg and add the rules in the file.

Some of the considerations when creating or modifying the policy files at %SVAgent%\Config\Custom\snapvol.cfg are as follows:

A file system or registry “virtualize” policy keyword-based rules are specific to the Writable Volumes and application packages, so the policy files can only be created in the configuration directory for a Writable Volume or an application package.
Rules present in the custom policy files are applied in addition to the rules present in the default policy files.
Administrator privileges are required for creating or modifying the policy files.

Definition of Terms: Virtualized and Excluded from Virtualization

The terms are defined as follows:

Virtualized: When a user or an application views the contents of a folder or registry key, the content of that folder or registry key is merged at runtime (to contain unique entities) from the base virtual machine, Writable Volumes, and all the application packages assigned to the user or virtual machine. Similarly, when a user or an application tries to access the contents of a file or a registry value, the data is fetched from the highest precedence location, where Writable Volumes have the highest precedence followed by application packages and the base virtual machine.
Excluded from Virtualization: When a user or application views a file, folder, registry key, or registry value, the content of that object is only retrieved from the base virtual machine, ignoring the presence (or absence) of that object from the Writable Volumes and application packages.

Policy Keywords

To provide more information about the rules within the policy files, the following table provides a brief description on some of the frequently used rules, which can be configured to customize a Writable Volume or an application package:

Keyword	Description	Examples
`exclude_path`	During a read or write operation, App Volumes excludes looking for any file or folder in the path specified in this keyword in either the application package or the Writable Volume. Instead, if the file or folder specified in the path is present in the base image, then the read or write operation is performed in the base image. Note: Any file or folder starting with the prefix value specified in the keyword is excluded.	`exclude_path`=\ProgramData\VMware App Volumes excludes looking for VMware in either the application package or Writable Volume. Instead, if VMware is present in the base image then the read or write operation on the folder is performed in the base image.
`include_path`	App Volumes reads any file or folder in the path specified in this keyword in the following order: Writable Volumes, application package, and the base image. Any write operation in this path is performed on the Writable Volume. Note: Any file or folder starting with the prefix value specified in the keyword is included.	`include_path`=\Users App Volumes reads all subfolders of Users from all the volumes: Writable Volume, application package, and the base image. If an end user creates a folder or file within Users, then the file or folder is created on the Writable Volume.
`exclude_registry`	During a read or write operation, App Volumes excludes looking for any registry key or registry value in the path specified in this keyword in either the application package or Writable Volume. Instead, if the registry key or registry value specified in the path is present in the base image, then the read or write operation is performed in the base image. Note: Any registry key or registry value starting with the prefix value specified in the keyword is excluded.	`exclude_registry`=\REGISTRY\MACHINE\SOFTWARE\Policies App Volumes excludes looking for any registry key or registry value specified within Policies in either the application package or Writable Volume. Instead if the path is present in the base image, then the read or write operation is performed on the registry key or registry value in the base image.
`include_registry`	App Volumes reads any registry key or registry value in the path specified in this keyword in the following order: Writable Volume, application package, and the base image. Any write operation in this path is performed on the Writable Volume. Note: Any registry key or registry value starting with the prefix value specified in the keyword is included.	`include_registry`=\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Search App Volumes reads all registry keys and registry values at \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Search from all volumes: Writable Volume, application package, and base image. If a registry key or registry value is created at this path, then this operation is performed on the Writable Volume.
`exclude_process_path`	All processes that are run from an executable file in this path or subpath only see the file system and registry content from the base image. Note: This rule is not applicable to the child processes. Any process name starting with the prefix value specified in the keyword is excluded.	`exclude_process_path`=\Program Files\VMWare\AppCapture Any executable file run from the AppCapture folder or its subfolders only sees the file system and registry content from the base image. If the process spawns a new child process, the child process sees contents from the Writable Volume, AppStack, and base image.
`include_process_name`	The process specified in this keyword sees the file system and registry content from the Writable Volume, AppStack, and base image. Note: This rule is not applicable to the child processes.	`include_process_name`=SearchIndexer.exe The SearchIndexer process sees the file system and registry content from all volumes.
`exclude_process_name`	The process specified in this keyword sees the file system and registry content only from the base image. Note: This rule is not applicable to the child processes.	`exclude_process_name`=chkdsk.exe The chkdsk process sees the file system and registry content only from the base image.

The following table contains keywords that can be used to customize in the policy for Writable Volumes only:

Keyword Description Examples

Keyword	Description	Examples
`exclude_uwv_file`	App Volumes reads any file or folder in the path specified in this keyword in the following order: Writable Volume, application package, and the base image. Any write operation to the file or folder in this path is performed on the Writable Volume, which persists for that particular session, but gets deleted when the user logs off from the computer. Note: Any file or folder starting with the prefix value specified in the keyword is excluded. The path specified in this keyword must be terminated by using \\.	`exclude_uwv_file`=%USERPROFILE%\AppData\Local\Temp\\ App Volumes reads any content present within the Temp folder from all volumes: Writable Volume, application package, and base image. If an end-user creates a file example.txt within Temp, then the file persists for that session. When the end user logs off, example.txt is deleted.
`exclude_uwv_reg`	App Volumes reads any registry key or registry value in the path specified in this keyword in the following order: Writable Volume, application package, and the base image. Any write operation to the registry key or registry value in this path is performed on the Writable Volume, which persists for that particular session, but gets deleted when the user logs out from the computer. Note: Any registry key or registry value starting with the prefix value specified in the keyword is excluded. The path specified in this keyword must be terminated by using \\.	`exclude_uwv_reg`=\REGISTRY\MACHINE\SOFTWARE\McAfee\\ App Volumes reads any registry key or registry value within McAfee from all the volumes: Writable Volume, application package, and the base image. If a new registry key or registry value is created within McAfee, the new key or value persists for that particular session. When the end user logs out, the key or value is deleted.

exclude_uwv_file

App Volumes reads any file or folder in the path specified in this keyword in the following order: Writable Volume, application package, and the base image.

Any write operation to the file or folder in this path is performed on the Writable Volume, which persists for that particular session, but gets deleted when the user logs off from the computer.

Note:

Any file or folder starting with the prefix value specified in the keyword is excluded.
The path specified in this keyword must be terminated by using \\.

exclude_uwv_file=%USERPROFILE%\AppData\Local\Temp\\

App Volumes reads any content present within the Temp folder from all volumes: Writable Volume, application package, and base image.

If an end-user creates a file example.txt within Temp, then the file persists for that session. When the end user logs off, example.txt is deleted.

exclude_uwv_reg

App Volumes reads any registry key or registry value in the path specified in this keyword in the following order: Writable Volume, application package, and the base image.

Any write operation to the registry key or registry value in this path is performed on the Writable Volume, which persists for that particular session, but gets deleted when the user logs out from the computer.

Note:

Any registry key or registry value starting with the prefix value specified in the keyword is excluded.
The path specified in this keyword must be terminated by using \\.

exclude_uwv_reg=\REGISTRY\MACHINE\SOFTWARE\McAfee\\

App Volumes reads any registry key or registry value within McAfee from all the volumes: Writable Volume, application package, and the base image.

If a new registry key or registry value is created within McAfee, the new key or value persists for that particular session. When the end user logs out, the key or value is deleted.

There are a few rules which are meant for internal purposes and required for proper functioning of App Volumes might be present in a policy file. VMware does not recommend making changes to these internal rules in either the default or custom policy files. Changes to these rules are not supported. The rules are listed as follows:

virtualize
virtualize_registry
virtualize_registry_notify_change
reverse_replicate_file
delete_local_profile