Adjusting policy and settings

More
2 weeks 2 days ago #347 by RoamingRob
Replied by RoamingRob on topic Adjusting policy and settings
I discovered that apparently App-V ignores the HKEY_LOCAL_MACHINE\SOFTWARE\Policies and
HKEY_CURRENT_USER\SOFTWARE\Policies Registry keys by design. I was able to overcome this issue with the info provided here:

packageology.com/app-v/overriding-group-...settings-with-app-v/

Cheers,
Rob

Please Log in or Create an account to join the conversation.

More
2 weeks 5 days ago #346 by RoamingRob
Adjusting policy and settings was created by RoamingRob
Hello,
I recently purchased a copy of TMEdit, primarily to overcome the issue described here:

www.tmurgent.com/TmBlog/?p=2957

After utilizing the tool and successfully surpassing that issue, I'm finding a new problem in play.

I've been tasked with creating an App-V version of Chrome (81) with an extremely locked down configuration. Namely, my InfoSec team wants this instance of Chrome to be accessible only to specific URLs. I have tried two methods of applying the necessary settings to the Chrome install during sequencing and both result in the same behavior when packaged and deployed.

1. Scenario one is using Group Policy to configure the required settings, create a backup of that group policy and apply the backup to local group policy on the (non-domain joined) sequencer through LGPO. This successfully applies the required policy and after sequencing Chrome behaves as intended. i.e. All URLs are blocked except the ones listed in the URLWhitelist provided. However, once I deploy this AppV package to an end point (using SCCM CB), Chrome installs successfully but the settings are no longer effective.

2. Scenario two is using Chrome's Master Preference file to configure (most of) the settings. The setting for Blacklist/Whitelist of URLs is not available in the master preference file, so I applied it using a registry command after the Chrome installer completes. Again, this method succeeds on the sequencer, but when deployed these settings are not effective.

In both cases when I view the the .appv file through TMEdit I can see the registry changes and GPO policies being flagged by the tool. I am intentionally leaving them and only "fixing" unrelated items (namely the ShortName fix) but to no avail.

I've been using AppV on and off for years with success, but have never been tasked with a package of this complexity. Are there some best practices that I should be following here? Perhaps there's another tool I'm missing on the site that would aide me?
Is there a way to ensure these policy/settings configurations are retained in the resulting .appv?

Thanks!
Rob

Please Log in or Create an account to join the conversation.

Time to create page: 0.427 seconds
Go to top