Using the PermittedGroups Parameter for Active Directory Access Control

ThinApp provides the PermittedGroups parameter in the Package.ini file to control Active Directory access.

When you start a captured application, the PermittedGroups parameter checks whether a user is a member of a specified Active Directory group. If the user is not a member of the Active Directory group, Thinapp does not start the application.

The following sample code shows a Package.ini entry, where App1 and App2 inherit the PermittedGroups values.

[BuildOptions]
PermittedGroups=Administrators;OfficeUsers
[App1.exe]
													...
													..
[App2.exe]
													...
													...

The PermittedGroups parameter in the Package.ini file restricts use of a package to a specific set of Active Directory users and allows the administrator to customize the error message to the users if they do not have the access privileges to start the application.

In the following sample code, only users who belong to the App1Users group can use the App1.exe file. Members of the Everyone group can use the App2.exe file. The default message for denied users changes for App1Users.

[BuildOptions]
PermittedGroups=Everyone
[App1.exe]
PermittedGroups=App1Users
AccessDeniedMsg=You do not have access privileges to run this application
..
[App2.exe]
...
...