I do agree with your comments. However, I have a client that would like to automate this process as much as possible. BUT, this isn't for a MF environment. It's for their locked down desktops. The users obviously don't have the necessary rights to install ActiveX controls. They want their users to send in a request for the ActiveX control. If approved, they would distribute it to their clients. I'm sure that someone out there has attempted this before, right? Chris > -----Original Message----- > From: thin-bounce@xxxxxxxxxxxxx > [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of Braebaum, Neil > Sent: Thursday, April 29, 2004 1:28 AM > To: thin@xxxxxxxxxxxxx > Subject: [THIN] Re: Rolling out/Packaging IE Plugins > > Well as for the imaging thing, surely it's something you > could do before the sysprep and the image? > > I suppose there may be mileage in trying to automate it - but > it would likely need some runtime parameters, too. > > It's always going to be a bespoke thing, though, because it's > likely that each ActiveX control / plugin for LOB apps tends > to be quite specific. So anyone likely who has solved it, > will have only likely solved it for what they've got to do, I > don't think there's necessarily any general / generic > solution, as it's nearly always a slightly variable feast. > > As for runtime - you're going to have the same issues as you > have for a normal user accessing active content / plugins > during a session, aren't you. > > For me it's not much of an overhead - it's a couple of > minutes during build time of a server. > > The only time I need to make any changes, if for cert changes > - in which case it's the login script, or should anything > change regarding the control SID. > > Neil > > > -----Original Message----- > > From: thin-bounce@xxxxxxxxxxxxx > > [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of Chris Lynch > > Sent: 28 April 2004 20:00 > > To: thin@xxxxxxxxxxxxx > > Subject: [THIN] Re: Rolling out/Packaging IE Plugins > > > > Both. > > > > > -----Original Message----- > > > From: thin-bounce@xxxxxxxxxxxxx > > > [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of Braebaum, Neil > > > Sent: Wednesday, April 28, 2004 8:54 AM > > > To: thin@xxxxxxxxxxxxx > > > Subject: [THIN] Re: Rolling out/Packaging IE Plugins > > > > > > When you say "package" or automate - do you mean from a imaging a > > > server perspective (so automating the build process). > > > > > > Or merely something for runtime? > > > > > > Neil > > > > > > > -----Original Message----- > > > > From: thin-bounce@xxxxxxxxxxxxx > > [mailto:thin-bounce@xxxxxxxxxxxxx] > > > > On Behalf Of Chris Lynch > > > > Sent: 28 April 2004 16:50 > > > > To: thin@xxxxxxxxxxxxx > > > > Subject: [THIN] Re: Rolling out/Packaging IE Plugins > > > > > > > > That's a pretty good process. But, how would you go about > > > automating > > > > the process? I would image that you could create a > package (using > > > > Wise Installer, or even InstallShield)? Has anyone > > attempted this > > > > with success? > > > > > > > > > -----Original Message----- > > > > > From: thin-bounce@xxxxxxxxxxxxx > > [mailto:thin-bounce@xxxxxxxxxxxxx] > > > > > On Behalf Of Braebaum, Neil > > > > > Sent: Wednesday, April 28, 2004 7:21 AM > > > > > To: thin@xxxxxxxxxxxxx > > > > > Subject: [THIN] Re: Rolling out/Packaging IE Plugins > > > > > > > > > > I've done this with ActiveX and Java plugins for some > > > years, for my > > > > > terminal server / Citrix users. > > > > > > > > > > Bearing in mind I use mandatory profiles, and quite > locked down > > > > > servers > > > > > - so all local drives hidden, and protected by DACLs such > > > that users > > > > > cannot write to any of the local server drives, and users > > > are only > > > > > normal users, therefore have no permissions to be > able to update > > > > > central parts of the registry... > > > > > > > > > > What I did was:- > > > > > > > > > > 1. Edited the values in > > > > > HKLM\Software\Microsoft\Windows\CurrentVersion\Internet > > > > > Settings\ActiveXCache *and* > > > > > HKLM\Software\Microsoft\Windows\CurrentVersion\Internet > > > > > Settings\ActiveX Cache\0 to contain > > > "H:\WINDOWS\Downloaded Program > > > > > Files" > > > > > > > > > > 2. Whilst logged in as admin, subst'd h: to point to > the admin's > > > > > (local) profile directory. And under there, created a > directory > > > > > "WINDOWS\Downloaded Program Files" (this will make more sense > > > > > later...) > > > > > > > > > > 3. Ran the IE app that uses the ActiveX control. This > > > will download > > > > > the ActiveX control files to the directory above, created > > > the class > > > > > keys in HKCR. > > > > > > > > > > 4. Saved these ActiveX control files to %systemroot%\system32 > > > > > (again, this will make more sense later). > > > > > > > > > > So by this point, the ActiveX control has been > registered and is > > > > > installed on the machine. > > > > > > > > > > 5. Create a login script that pre-installs the digital > > > certificate > > > > > that the ActiveX control is signed with, into the users' HKCU. > > > > > > > > > > 6. Have the login script copy the ActiveX control files from > > > > > %systemroot%\system32 to the users h:\WINDOWS\Downloaded > > > > Program Files > > > > > directory (otherwise, I think (it's been a > > > > > while) the system probably thought this was required > again (the > > > > > download of the control) and would probably think it had > > > to do the > > > > > whole HKCR rigmarole again). > > > > > > > > > > The Java applet is signed with the same certificate, > so step 5 > > > > > covers this. The Java classes get dragged to somewhere under > > > > > %systemroot%\java (if my memory serves me) and once > > there there, > > > > > it's a done deal. > > > > > > > > > > I seem to remember having to correct some of the paths in > > > > > HKCR\CLSID\<control ID> under InprocServer32 for the > > > controls used. > > > > > > > > > > Bearing in mind much of the above is coloured by > having fairly > > > > > tightly locked servers (in terms of filesystem, registry and > > > > > mandatory profiles), and also, will be heavily > affected by the > > > > > specifics of the individual controls used by my line of > > business > > > > > application. > > > > > > > > > > As no doubt you will have gathered, regmon and filemon > > > were pretty > > > > > essential in me working all that out. > > > > > > > > > > As it stands the ActiveX and Java use by the app is > seamless for > > > > > these users - because it's all pre-empted. It also > means I have > > > > > control - they cannot download other ActiveX or Java > because of > > > > > security settings, and their level of access and permissions. > > > > > > > > > > If the ActiveX control (or Java) gets modified, and / or > > > > signed with a > > > > > new(er) / different digital certificate, then I *may* > > > need to do the > > > > > admin running of the app stage again - or simply > amend the login > > > > > script details with the adding of the digital cert to > > each users > > > > > (transient - mandatory profiles) HKCU). > > > > > > > > > > <phew...> That's how I do it, anyways. > > > > > > > > > > Neil > > > > > > > > > > > -----Original Message----- > > > > > > From: thin-bounce@xxxxxxxxxxxxx > > > > [mailto:thin-bounce@xxxxxxxxxxxxx] > > > > > > On Behalf Of Monahan, Thomas > > > > > > Sent: 28 April 2004 13:06 > > > > > > To: 'thin@xxxxxxxxxxxxx' > > > > > > Subject: [THIN] Re: Rolling out/Packaging IE Plugins > > > > > > > > > > > > I was talking more in the general terms, but at the moment > > > > > I have an > > > > > > activeX control that needs to be rolled out to > > multiple servers. > > > > > > > > > > > > Any ideas? > > > > > > > > > > > > > -----Original Message----- > > > > > > > From: Braebaum, Neil > > [SMTP:Neil.Braebaum@xxxxxxxxxxxxxxxxx] > > > > > > > Sent: 28 April 2004 09:39 > > > > > > > To: thin@xxxxxxxxxxxxx > > > > > > > Subject: [THIN] Re: Rolling out/Packaging IE Plugins > > > > > > > > > > > > > > What sort of plugin? > > > > > > > > > > > > > > Neil > > > > > > > > > > > > > > > -----Original Message----- > > > > > > > > From: thin-bounce@xxxxxxxxxxxxx > > > > > > > > [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of > > > > Monahan, Thomas > > > > > > > > Sent: 27 April 2004 17:55 > > > > > > > > To: thin@xxxxxxxxxxxxx > > > > > > > > Subject: [THIN] Rolling out/Packaging IE Plugins > > > > > > > > > > > > > > > > Hi, > > > > > > > > > > > > > > > > How do you all roll out IE plugins onto your servers? I > > > > > just tried > > > > > > > > to package one there but its failing to install. I was > > > > > wondering > > > > > > > > how you guys to it? > > *********************************************** > This e-mail and its attachments are confidential and are > intended for the above named recipient only. If this has come > to you in error, please notify the sender immediately and > delete this e-mail from your system. > You must take no action based on this, nor must you copy or > disclose it or any part of its contents to any person or organisation. > Statements and opinions contained in this email may not > necessarily represent those of Littlewoods. > Please note that e-mail communications may be monitored. > The registered office of Littlewoods Limited and its > subsidiaries is 100 Old Hall Street, Liverpool, L70 1AB. > Registered number of Littlewoods Limited is 262152. > ************************************************ > > ******************************************************** > This week's sponsor - Emergent Online > Emergent delivers end-to-end solutions for private and public > sector clients. From centralized application management, > business continuity, outsourcing, to application development, > security, and messaging solutions. > http://www.go-eol.com/index.asp > ********************************************************** > Useful Thin Client Computing Links are available at: > http://thin.net/links.cfm > *********************************************************** > For Archives, to Unsubscribe, Subscribe or set Digest or > Vacation mode use the below link: > http://thin.net/citrixlist.cfm > ******************************************************** This week's sponsor - Emergent Online Emergent delivers end-to-end solutions for private and public sector clients. From centralized application management, business continuity, outsourcing, to application development, security, and messaging solutions. http://www.go-eol.com/index.asp ********************************************************** Useful Thin Client Computing Links are available at: http://thin.net/links.cfm *********************************************************** For Archives, to Unsubscribe, Subscribe or set Digest or Vacation mode use the below link: http://thin.net/citrixlist.cfm