[THIN] Re: Rolling out/Packaging IE Plugins
- From: "Chris Lynch" <lynch00@xxxxxxx>
- To: <thin@xxxxxxxxxxxxx>
- Date: Thu, 29 Apr 2004 12:53:54 -0700
I do agree with your comments. However, I have a client that would like to
automate this process as much as possible. BUT, this isn't for a MF
environment. It's for their locked down desktops. The users obviously
don't have the necessary rights to install ActiveX controls. They want
their users to send in a request for the ActiveX control. If approved, they
would distribute it to their clients.
I'm sure that someone out there has attempted this before, right?
Chris
> -----Original Message-----
> From: thin-bounce@xxxxxxxxxxxxx
> [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of Braebaum, Neil
> Sent: Thursday, April 29, 2004 1:28 AM
> To: thin@xxxxxxxxxxxxx
> Subject: [THIN] Re: Rolling out/Packaging IE Plugins
>
> Well as for the imaging thing, surely it's something you
> could do before the sysprep and the image?
>
> I suppose there may be mileage in trying to automate it - but
> it would likely need some runtime parameters, too.
>
> It's always going to be a bespoke thing, though, because it's
> likely that each ActiveX control / plugin for LOB apps tends
> to be quite specific. So anyone likely who has solved it,
> will have only likely solved it for what they've got to do, I
> don't think there's necessarily any general / generic
> solution, as it's nearly always a slightly variable feast.
>
> As for runtime - you're going to have the same issues as you
> have for a normal user accessing active content / plugins
> during a session, aren't you.
>
> For me it's not much of an overhead - it's a couple of
> minutes during build time of a server.
>
> The only time I need to make any changes, if for cert changes
> - in which case it's the login script, or should anything
> change regarding the control SID.
>
> Neil
>
> > -----Original Message-----
> > From: thin-bounce@xxxxxxxxxxxxx
> > [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of Chris Lynch
> > Sent: 28 April 2004 20:00
> > To: thin@xxxxxxxxxxxxx
> > Subject: [THIN] Re: Rolling out/Packaging IE Plugins
> >
> > Both.
> >
> > > -----Original Message-----
> > > From: thin-bounce@xxxxxxxxxxxxx
> > > [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of Braebaum, Neil
> > > Sent: Wednesday, April 28, 2004 8:54 AM
> > > To: thin@xxxxxxxxxxxxx
> > > Subject: [THIN] Re: Rolling out/Packaging IE Plugins
> > >
> > > When you say "package" or automate - do you mean from a imaging a
> > > server perspective (so automating the build process).
> > >
> > > Or merely something for runtime?
> > >
> > > Neil
> > >
> > > > -----Original Message-----
> > > > From: thin-bounce@xxxxxxxxxxxxx
> > [mailto:thin-bounce@xxxxxxxxxxxxx]
> > > > On Behalf Of Chris Lynch
> > > > Sent: 28 April 2004 16:50
> > > > To: thin@xxxxxxxxxxxxx
> > > > Subject: [THIN] Re: Rolling out/Packaging IE Plugins
> > > >
> > > > That's a pretty good process. But, how would you go about
> > > automating
> > > > the process? I would image that you could create a
> package (using
> > > > Wise Installer, or even InstallShield)? Has anyone
> > attempted this
> > > > with success?
> > > >
> > > > > -----Original Message-----
> > > > > From: thin-bounce@xxxxxxxxxxxxx
> > [mailto:thin-bounce@xxxxxxxxxxxxx]
> > > > > On Behalf Of Braebaum, Neil
> > > > > Sent: Wednesday, April 28, 2004 7:21 AM
> > > > > To: thin@xxxxxxxxxxxxx
> > > > > Subject: [THIN] Re: Rolling out/Packaging IE Plugins
> > > > >
> > > > > I've done this with ActiveX and Java plugins for some
> > > years, for my
> > > > > terminal server / Citrix users.
> > > > >
> > > > > Bearing in mind I use mandatory profiles, and quite
> locked down
> > > > > servers
> > > > > - so all local drives hidden, and protected by DACLs such
> > > that users
> > > > > cannot write to any of the local server drives, and users
> > > are only
> > > > > normal users, therefore have no permissions to be
> able to update
> > > > > central parts of the registry...
> > > > >
> > > > > What I did was:-
> > > > >
> > > > > 1. Edited the values in
> > > > > HKLM\Software\Microsoft\Windows\CurrentVersion\Internet
> > > > > Settings\ActiveXCache *and*
> > > > > HKLM\Software\Microsoft\Windows\CurrentVersion\Internet
> > > > > Settings\ActiveX Cache\0 to contain
> > > "H:\WINDOWS\Downloaded Program
> > > > > Files"
> > > > >
> > > > > 2. Whilst logged in as admin, subst'd h: to point to
> the admin's
> > > > > (local) profile directory. And under there, created a
> directory
> > > > > "WINDOWS\Downloaded Program Files" (this will make more sense
> > > > > later...)
> > > > >
> > > > > 3. Ran the IE app that uses the ActiveX control. This
> > > will download
> > > > > the ActiveX control files to the directory above, created
> > > the class
> > > > > keys in HKCR.
> > > > >
> > > > > 4. Saved these ActiveX control files to %systemroot%\system32
> > > > > (again, this will make more sense later).
> > > > >
> > > > > So by this point, the ActiveX control has been
> registered and is
> > > > > installed on the machine.
> > > > >
> > > > > 5. Create a login script that pre-installs the digital
> > > certificate
> > > > > that the ActiveX control is signed with, into the users' HKCU.
> > > > >
> > > > > 6. Have the login script copy the ActiveX control files from
> > > > > %systemroot%\system32 to the users h:\WINDOWS\Downloaded
> > > > Program Files
> > > > > directory (otherwise, I think (it's been a
> > > > > while) the system probably thought this was required
> again (the
> > > > > download of the control) and would probably think it had
> > > to do the
> > > > > whole HKCR rigmarole again).
> > > > >
> > > > > The Java applet is signed with the same certificate,
> so step 5
> > > > > covers this. The Java classes get dragged to somewhere under
> > > > > %systemroot%\java (if my memory serves me) and once
> > there there,
> > > > > it's a done deal.
> > > > >
> > > > > I seem to remember having to correct some of the paths in
> > > > > HKCR\CLSID\<control ID> under InprocServer32 for the
> > > controls used.
> > > > >
> > > > > Bearing in mind much of the above is coloured by
> having fairly
> > > > > tightly locked servers (in terms of filesystem, registry and
> > > > > mandatory profiles), and also, will be heavily
> affected by the
> > > > > specifics of the individual controls used by my line of
> > business
> > > > > application.
> > > > >
> > > > > As no doubt you will have gathered, regmon and filemon
> > > were pretty
> > > > > essential in me working all that out.
> > > > >
> > > > > As it stands the ActiveX and Java use by the app is
> seamless for
> > > > > these users - because it's all pre-empted. It also
> means I have
> > > > > control - they cannot download other ActiveX or Java
> because of
> > > > > security settings, and their level of access and permissions.
> > > > >
> > > > > If the ActiveX control (or Java) gets modified, and / or
> > > > signed with a
> > > > > new(er) / different digital certificate, then I *may*
> > > need to do the
> > > > > admin running of the app stage again - or simply
> amend the login
> > > > > script details with the adding of the digital cert to
> > each users
> > > > > (transient - mandatory profiles) HKCU).
> > > > >
> > > > > <phew...> That's how I do it, anyways.
> > > > >
> > > > > Neil
> > > > >
> > > > > > -----Original Message-----
> > > > > > From: thin-bounce@xxxxxxxxxxxxx
> > > > [mailto:thin-bounce@xxxxxxxxxxxxx]
> > > > > > On Behalf Of Monahan, Thomas
> > > > > > Sent: 28 April 2004 13:06
> > > > > > To: 'thin@xxxxxxxxxxxxx'
> > > > > > Subject: [THIN] Re: Rolling out/Packaging IE Plugins
> > > > > >
> > > > > > I was talking more in the general terms, but at the moment
> > > > > I have an
> > > > > > activeX control that needs to be rolled out to
> > multiple servers.
> > > > > >
> > > > > > Any ideas?
> > > > > >
> > > > > > > -----Original Message-----
> > > > > > > From: Braebaum, Neil
> > [SMTP:Neil.Braebaum@xxxxxxxxxxxxxxxxx]
> > > > > > > Sent: 28 April 2004 09:39
> > > > > > > To: thin@xxxxxxxxxxxxx
> > > > > > > Subject: [THIN] Re: Rolling out/Packaging IE Plugins
> > > > > > >
> > > > > > > What sort of plugin?
> > > > > > >
> > > > > > > Neil
> > > > > > >
> > > > > > > > -----Original Message-----
> > > > > > > > From: thin-bounce@xxxxxxxxxxxxx
> > > > > > > > [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of
> > > > Monahan, Thomas
> > > > > > > > Sent: 27 April 2004 17:55
> > > > > > > > To: thin@xxxxxxxxxxxxx
> > > > > > > > Subject: [THIN] Rolling out/Packaging IE Plugins
> > > > > > > >
> > > > > > > > Hi,
> > > > > > > >
> > > > > > > > How do you all roll out IE plugins onto your servers? I
> > > > > just tried
> > > > > > > > to package one there but its failing to install. I was
> > > > > wondering
> > > > > > > > how you guys to it?
>
> ***********************************************
> This e-mail and its attachments are confidential and are
> intended for the above named recipient only. If this has come
> to you in error, please notify the sender immediately and
> delete this e-mail from your system.
> You must take no action based on this, nor must you copy or
> disclose it or any part of its contents to any person or organisation.
> Statements and opinions contained in this email may not
> necessarily represent those of Littlewoods.
> Please note that e-mail communications may be monitored.
> The registered office of Littlewoods Limited and its
> subsidiaries is 100 Old Hall Street, Liverpool, L70 1AB.
> Registered number of Littlewoods Limited is 262152.
> ************************************************
>
> ********************************************************
> This week's sponsor - Emergent Online
> Emergent delivers end-to-end solutions for private and public
> sector clients. From centralized application management,
> business continuity, outsourcing, to application development,
> security, and messaging solutions.
> http://www.go-eol.com/index.asp
> **********************************************************
> Useful Thin Client Computing Links are available at:
> http://thin.net/links.cfm
> ***********************************************************
> For Archives, to Unsubscribe, Subscribe or set Digest or
> Vacation mode use the below link:
> http://thin.net/citrixlist.cfm
>
********************************************************
This week's sponsor - Emergent Online
Emergent delivers end-to-end solutions for private and public sector clients.
From centralized application management, business continuity, outsourcing, to
application development, security, and messaging solutions.
http://www.go-eol.com/index.asp
**********************************************************
Useful Thin Client Computing Links are available at:
http://thin.net/links.cfm
***********************************************************
For Archives, to Unsubscribe, Subscribe or
set Digest or Vacation mode use the below link:
http://thin.net/citrixlist.cfm
Other related posts: