[THIN] Re: Rolling out/Packaging IE Plugins
- From: "Braebaum, Neil" <Neil.Braebaum@xxxxxxxxxxxxxxxxx>
- To: <thin@xxxxxxxxxxxxx>
- Date: Wed, 28 Apr 2004 15:21:05 +0100
I've done this with ActiveX and Java plugins for some years, for my
terminal server / Citrix users.
Bearing in mind I use mandatory profiles, and quite locked down servers
- so all local drives hidden, and protected by DACLs such that users
cannot write to any of the local server drives, and users are only
normal users, therefore have no permissions to be able to update central
parts of the registry...
What I did was:-
1. Edited the values in
HKLM\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\ActiveXCache *and*
HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ActiveX
Cache\0 to contain "H:\WINDOWS\Downloaded Program Files"
2. Whilst logged in as admin, subst'd h: to point to the admin's (local)
profile directory. And under there, created a directory
"WINDOWS\Downloaded Program Files" (this will make more sense later...)
3. Ran the IE app that uses the ActiveX control. This will download the
ActiveX control files to the directory above, created the class keys in
HKCR.
4. Saved these ActiveX control files to %systemroot%\system32 (again,
this will make more sense later).
So by this point, the ActiveX control has been registered and is
installed on the machine.
5. Create a login script that pre-installs the digital certificate that
the ActiveX control is signed with, into the users' HKCU.
6. Have the login script copy the ActiveX control files from
%systemroot%\system32 to the users h:\WINDOWS\Downloaded Program Files
directory (otherwise, I think (it's been a while) the system probably
thought this was required again (the download of the control) and would
probably think it had to do the whole HKCR rigmarole again).
The Java applet is signed with the same certificate, so step 5 covers
this. The Java classes get dragged to somewhere under %systemroot%\java
(if my memory serves me) and once there there, it's a done deal.
I seem to remember having to correct some of the paths in
HKCR\CLSID\<control ID> under InprocServer32 for the controls used.
Bearing in mind much of the above is coloured by having fairly tightly
locked servers (in terms of filesystem, registry and mandatory
profiles), and also, will be heavily affected by the specifics of the
individual controls used by my line of business application.
As no doubt you will have gathered, regmon and filemon were pretty
essential in me working all that out.
As it stands the ActiveX and Java use by the app is seamless for these
users - because it's all pre-empted. It also means I have control - they
cannot download other ActiveX or Java because of security settings, and
their level of access and permissions.
If the ActiveX control (or Java) gets modified, and / or signed with a
new(er) / different digital certificate, then I *may* need to do the
admin running of the app stage again - or simply amend the login script
details with the adding of the digital cert to each users (transient -
mandatory profiles) HKCU).
<phew...> That's how I do it, anyways.
Neil
> -----Original Message-----
> From: thin-bounce@xxxxxxxxxxxxx
> [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of Monahan, Thomas
> Sent: 28 April 2004 13:06
> To: 'thin@xxxxxxxxxxxxx'
> Subject: [THIN] Re: Rolling out/Packaging IE Plugins
>
> I was talking more in the general terms, but at the moment I
> have an activeX control that needs to be rolled out to
> multiple servers.
>
> Any ideas?
>
> > -----Original Message-----
> > From: Braebaum, Neil [SMTP:Neil.Braebaum@xxxxxxxxxxxxxxxxx]
> > Sent: 28 April 2004 09:39
> > To: thin@xxxxxxxxxxxxx
> > Subject: [THIN] Re: Rolling out/Packaging IE Plugins
> >
> > What sort of plugin?
> >
> > Neil
> >
> > > -----Original Message-----
> > > From: thin-bounce@xxxxxxxxxxxxx
> > > [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of Monahan, Thomas
> > > Sent: 27 April 2004 17:55
> > > To: thin@xxxxxxxxxxxxx
> > > Subject: [THIN] Rolling out/Packaging IE Plugins
> > >
> > > Hi,
> > >
> > > How do you all roll out IE plugins onto your servers? I just
> > > tried to package one there but its failing to install. I was
> > > wondering how you guys to it?
***********************************************
This e-mail and its attachments are confidential
and are intended for the above named recipient
only. If this has come to you in error, please
notify the sender immediately and delete this
e-mail from your system.
You must take no action based on this, nor must
you copy or disclose it or any part of its contents
to any person or organisation.
Statements and opinions contained in this email may
not necessarily represent those of Littlewoods.
Please note that e-mail communications may be monitored.
The registered office of Littlewoods Limited and its
subsidiaries is 100 Old Hall Street, Liverpool, L70 1AB.
Registered number of Littlewoods Limited is 262152.
************************************************
********************************************************
This week's sponsor - Emergent Online
Emergent delivers end-to-end solutions for private and public sector clients.
From centralized application management, business continuity, outsourcing, to
application development, security, and messaging solutions.
http://www.go-eol.com/index.asp
**********************************************************
Useful Thin Client Computing Links are available at:
http://thin.net/links.cfm
***********************************************************
For Archives, to Unsubscribe, Subscribe or
set Digest or Vacation mode use the below link:
http://thin.net/citrixlist.cfm
Other related posts:
