AppREPACK

XCACLS Command line syntax

Xcacls.exe syntax

xcacls file name [/T] [/E] [/C] [/G user:perm;spec] [/R user] [/P user:perm;spec [...]] [/D user [...]] [/Y]
where file name indicates the name of the file or folder to which the ACL or access control entry (ACE) is typically applied. All standard wildcard characters can be used.

/T recursively walks through the current folder and all of its subfolders, applying the chosen access rights to the matching files or folders.

/E edits the ACL instead of replacing it. For example, only the administrator will have access to the Test.dat file if you run the XCACLS test.dat /G Administrator:F command. All ACEs applied earlier are lost.

/C causes Xcacls.exe to continue if an "access denied" error message occurs. If /C is not specified, Xcacls.exe stops on this error.

/G user:perm;spec grants a user access to the matching file or folder.
·       The perm (permission) variable applies the specified access right to files and represents the special file-access-right mask for folders. The perm variable accepts the following values:
o       R Read
o       C Change (write)
o       F Full Control
o       P Change Permissions (special access)
o       O Take Ownership (special access)
o       X EXecute (special access)
o       E REad (Special access)
o       W Write (Special access)
o       D Delete (Special access)
·       The spec (special access) variable applies only to folders and accepts the same values as perm, with the addition of the following special value:
o       T Not Specified. Sets an ACE for the directory itself without specifying an ACE that is applied to new files created in that directory. At least one access right has to follow. Entries between a semicolon (;) and T are ignored.

Notes
§       The access options for files (for folders, special file and folder access) are identical. For detailed explanations of these options, see the Windows 2000 operating system documentation.
§       All other options, which can also be set in Windows Explorer, are subsets of all possible combinations of the basic access rights. Because of this, there are no special options for folder access rights, such as LIST or READ.

/R user revokes all access rights for the specified user.

/P user:perm;spec replaces access rights for user. The rules for specifying perm and spec are the same as for the /G option. See the "Xcacls.exe examples" section.

/D user denies user access to the file or directory.

/Y disables confirmation when replacing user access rights. By default, CACLS asks for confirmation. Because of this feature, when CACLS is used in a batch routine, the routine stops responding until the right answer is entered. The /Y option was introduced to avoid this confirmation, so that Xcacls.exe can be used in batch mode.

Setup.exe Silent Switches

Perhaps there is some undocumented process you can uncover. Below are some command lines found to work, try "setup.exe /?" first then go through the list below- you may get lucky!

setup.exe /q
setup.exe /qn
setup.exe /silent
setup.exe /s
setup.exe /NoUserInput
setup.exe /unattended
setup.exe /CreateAnswerFile
setup.exe /quiet
setup.exe /passive
setup.exe /NoUI
setup.exe -s
setup.exe -silent
setup.exe /VerySilent
setup.exe -r (Creates response file in Windows directory with name setup.iss)

What is SystemGuard

SystemGuard tracks and analyses configuration repositories and resources used by the application and intercepts the use of these resources, redirecting them to the virtualized instances of the resources.

The Microsoft App-V Application Virtualization Platform‘s heart is SystemGuard, a patented technology which enables applications to run without installing them locally—and without altering the client‘s operating system.

SystemGuard eliminates common application deployment and management problems:

Application Conflicts: Almost any application will run on any client at any time.

Version Incompatibilities: Different versions of the same application will run simultaneously on the same computer.

Multi-User Access: Applications that were previously unable to run in multi-user mode and therefore could not run within Citrix MetaFrame or Windows Terminal Services, will now do so and function correctly for multiple users.

Multi-Tenancy Issues: Instances of the same application using different database paths will run on the same computer at the same time.

Server Siloing and N-Way Regression Testing: The need for many separate server farms and time-intensive regression testing for application conflicts is eliminated.

Check if Registry hive exists

Following script checks if HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft hive exists

const HKEY_LOCAL_MACHINE = &H80000002
strComputer = "."

Set oReg=GetObject("winmgmts:{impersonationLevel=impersonate}!\\" &_
strComputer & "\root\default:StdRegProv")

strKeyPath = "SOFTWARE"
oReg.EnumKey HKEY_LOCAL_MACHINE, strKeyPath, arrSubKeys

For Each subkey In arrSubKeys

If subkey = "Microsoft" Then
Exit For
End If
Next

MSGBOX subkey

ThinApp MSI Generation Template

In the Vmware ThinApp folder you will find the file Template.msi. You can customize this template to ensure the .msi files generated by ThinApp adhere to company deployment procedures and standards. For example, you can add registry settings that you want ThinApp to add to client computers as part of the installation.

Can ThinApp MSIs be installed by Regular Users

Of course!

Simply put, the MSI settings are straight form Microsoft Installer requirements, and the PACKAGE.INI file only shows those specific settings pertaining to a virtualized application. Remembering the four things which occur during a ThinApp package registration (either through the SDK, THINREG, or a ThinApp MSI), they are...

Shortcut Creation on the desktop, start menu, or elsewhere (taskbar or quick launch bar).
File Type Association so when a user double-clicks on a file associated to the virtualized app, the virtualized application starts and opens the file.
Protocol Association, so when a user clicks on a link with an associated protocol (i.e. HTTP, HTTPS, FTP, MAILTO, NOTES, etc.) the appropriate virtualized application opens and conducts the associated action with that protocol.
COM Object Association, so when a user initiates an action with an associated object the appropriate virtualized application opens and conducts the associated action with the object.

The registration process just assigns these items to the user or system based upon the commands within the registration process. For THINREG, using a "/A" switch tells ThinApp to assign the aforementioned four items within the application to the entire system (by default, THINREG only registers these for the user).

The same goes for MSI settings, however, it's default is to register the virtualized app to the entire system due to the default settings below:

MSIDefaultInstallAllUsers=1
MSIRequireElevatedPrivileges=1

Changing the above settings to "0" will allow the MSI to be installed by a regular user and only register the components to the user executing the MSI.

MSIDefaultInstallAllUsers=0
MSIRequireElevatedPrivileges=0

NOTE: Don't forget to save the PACKAGE.INI and rebuild with BUILD.BAT.

So now, not only will your apps run under regular user permissions, but they can also be installed and uninstalled by regular users! This means, you can remove Local Admin permissions and reduce your overall desktop security risks!

VMWare ThinApp Factory Released

ThinApp Factory is a virtual appliance which can be used to automate the packaging of legacy Windows applications with VMware ThinApp.

The virtual appliance is a Debian Linux vApp which can be installed on VMware vSphere 4.1 or higher or VMware Workstation 8.x and higher. It has a TomCat web based interface and built into it is an enhanced ThinApp package editor and basic web based store for users to install their own applications.

It can pull from manually uploaded installers, regular file share repositories (something very common amongst IT shops), as well as RSS-style app-installer feeds using the JSON format.

For more information on ThinApp Factory, please visit vmware blog

http://blogs.vmware.com/thinapp/2012/06/thinapp-factory-released.html