There is some minor changes in Java 8u171 for SWV.
Use the following cmd installscript:
This is my own personal blog about Application Deployment, Packaging and Virtualization using ITMS(Altiris), Symantec Endpoint Virtualization(SWS/SWV), MSI, MSIX,APPX & APP-V. The opinions and solutions which I provide here are entirely my own ideas and does not reflect the opinion or view of my employer.
# System Deployment Properties # Disable Sponsor offers like ASK Toolbar install.disable.sponsor.offers=true install.disable.sponsor.offers.locked # Mixed code (sandbox vs. trusted) security verification deployment.security.mixcode=HIDE_RUN # Security Level deployment.security.level=HIGH # Security Execution Environment\Enable granting elevated access to signed apps # aka. Allow user to grant permissions to signed content deployment.security.askgrantdialog.show=true # Enable Java content in the browser deployment.webjava.enabled=true # JNLP File/MIME Association deployment.javaws.associations=0 deployment.javaws.autodownload=NEVER deployment.javaws.autodownload.locked # Shortcut Creation deployment.javaws.shortcut=NEVER # Prompt: Your Java version is insecure. or Your Java version is out of date deployment.expiration.check.enabled=false deployment.expiration.check.enabled.locked # Exception sites file location deployment.user.security.exception.sites=C:\\WINDOWS\\Sun\\Java\\Deployment\\exception.sites # Java Console - Options for show, disable or hide the Java Console deployment.console.startup.mode=HIDE # This settings make Java all JNPL sites work with virtual Appv and SWV deployment.security.use.insecure.launcher=true
INSTALL_SILENT=Enable
STATIC=Disable
AUTO_UPDATE=Disable
WEB_JAVA=Enable
WEB_JAVA_SECURITY_LEVEL=H
WEB_ANALYTICS=Disable
EULA=Disable
REBOOT=Disable
NOSTARTMENU=Enable
SPONSORS=Disable
REMOVEOUTOFDATEJRES=1
When Java is installed, it adds a bunch of COM registrations pointing to the current version it is installing. Sun (now Oracle) changes the GUID in a predictable way and adds or updates all of the old GUIDs to also point to the new version. Thus any software trying to access the old version will get the new version. Which in theory is great, except that so much Java code ends up being version specific (or more to the point, when new Java versions come out that are not concerned enough with backward compatibility).Due to security concerns, if you deploy Java natively on operating systems you always want to be patching to the latest version. Virtualizing any old version of Java that you require for an app that needs a specific version using this technique, will allow the app running inside that virtual environment to only see this version of Java, no matter what version might be natively installed. And since that version of Java probably has well known security vulnerabilities, you only want the user to use that crusty version of Java when running the app that requires it, not for general web surfing. You can combine the dependent app in the java package directly, or package separately and use a connection group. You probably create a special shortcut in the package for your app, and you probably also remove the browsing bar from the UI of the web browser in this package so they can't go climbing in those dangerous places. They can do that from the non-virtualized browser.You also don't have to deploy Java natively. This solution works great anyway. And it might be time to be removing from systems except when absolutely needed anyway.
'reg add "hklm\software\wow6432node\companyname\Appv\' & $PackageName & '" /v AddPackage /t reg_sz /d ' & $Version & "/" & $PackageID & "/" & $VersionID & " /f") into our cmd files.
We just call them AddPackage.cmd, PublishPackage.cmd, UnpublishPackage.cmd and RemovePackage.cmd.
Settings is like this:
Package Scripts:
On adding package:
In machine context: YES
- Script:%windir%\system32\cmd.exe
- Parameters: /c AddPackage.cmd
- Wait for App-V Client to Complete: YES
- Do not use encoded executable paths: YES
- Script timeout: 999 seconds
On package publish:
In machine context: YES
- Script:%windir%\system32\cmd.exe
- Parameters: /c PublishPackage.cmd
- Wait for App-V Client to Complete: YES
- Do not use encoded executable paths: YES
- Script timeout: 999 seconds
On Package unpublish:
In machine context: YES
- Script:%windir%\system32\cmd.exe
- Parameters: /c UnpublishPackage.cmd
- Wait for App-V Client to Complete: YES
- Do not use encoded executable paths: YES
- Script timeout: 999 seconds
On removing package:
In machine context: YES
- Script:%windir%\system32\cmd.exe
- Parameters: /c RemovePackage.cmd
- Wait for App-V Client to Complete: YES
- Do not use encoded executable paths: YES
- Script timeout: 999 seconds
And voila, your “new” version of the package will have the needed detection rules. The rest of the code needed is not available for sharing, but it should be easy enough if you can script/program. ;twc
add-Scriptfile AddPackage.cmd
add-Scriptfile RemovePackage.cmd
add-Scriptfile PublishPackage.cmd
add-Scriptfile UnPublishPackage.cmd
New-Element AppxManifest.xml -elementname "appv:MachineScripts" -namespaceURI "http://schemas.microsoft.com/appv/2010/manifest" -createifnotexist
New-Element AppxManifest.xml -xpath "appv:MachineScripts" -elementname "appv:AddPackage" -namespaceURI "http://schemas.microsoft.com/appv/2010/manifest" -createifnotexist
New-Element AppxManifest.xml -xpath "appv:MachineScripts/appv:AddPackage" -elementname "appv:Path" -elementtext "Cmd.exe" -namespaceURI "http://schemas.microsoft.com/appv/2010/manifest" -createifnotexist
New-Element AppxManifest.xml -xpath "appv:MachineScripts/appv:AddPackage" -elementname "appv:Arguments" -elementtext "/c AddPackage.cmd" -namespaceURI "http://schemas.microsoft.com/appv/2010/manifest" -createifnotexist
New-Element AppxManifest.xml -xpath "appv:MachineScripts/appv:AddPackage" -elementname "appv:Wait" -elementtext " " -namespaceURI "http://schemas.microsoft.com/appv/2010/manifest" -createifnotexist
Set-ElementAttribute AppxManifest.xml -xpath "appv:MachineScripts/appv:AddPackage/appv:Wait" -attributename "RollbackOnError" -attributevalue "true"
Set-ElementAttribute AppxManifest.xml -xpath "appv:MachineScripts/appv:AddPackage/appv:Wait" -attributename "Timeout" -attributevalue "999"
New-Element AppxManifest.xml -elementname "appv:MachineScripts" -namespaceURI "http://schemas.microsoft.com/appv/2010/manifest" -createifnotexist
New-Element AppxManifest.xml -xpath "appv:MachineScripts" -elementname "appv:RemovePackage" -namespaceURI "http://schemas.microsoft.com/appv/2010/manifest" -createifnotexist
New-Element AppxManifest.xml -xpath "appv:MachineScripts/appv:RemovePackage" -elementname "appv:Path" -elementtext "Cmd.exe" -namespaceURI "http://schemas.microsoft.com/appv/2010/manifest" -createifnotexist
New-Element AppxManifest.xml -xpath "appv:MachineScripts/appv:RemovePackage" -elementname "appv:Arguments" -elementtext "/c RemovePackage.cmd" -namespaceURI "http://schemas.microsoft.com/appv/2010/manifest" -createifnotexist
New-Element AppxManifest.xml -xpath "appv:MachineScripts/appv:RemovePackage" -elementname "appv:Wait" -elementtext " " -namespaceURI "http://schemas.microsoft.com/appv/2010/manifest" -createifnotexist
Set-ElementAttribute AppxManifest.xml -xpath "appv:MachineScripts/appv:RemovePackage/appv:Wait" -attributename "RollbackOnError" -attributevalue "true"
Set-ElementAttribute AppxManifest.xml -xpath "appv:MachineScripts/appv:RemovePackage/appv:Wait" -attributename "Timeout" -attributevalue "999"
New-Element AppxManifest.xml -elementname "appv:MachineScripts" -namespaceURI "http://schemas.microsoft.com/appv/2010/manifest" -createifnotexist
New-Element AppxManifest.xml -xpath "appv:MachineScripts" -elementname "appv:PublishPackage" -namespaceURI "http://schemas.microsoft.com/appv/2010/manifest" -createifnotexist
New-Element AppxManifest.xml -xpath "appv:MachineScripts/appv:PublishPackage" -elementname "appv:Path" -elementtext "Cmd.exe" -namespaceURI "http://schemas.microsoft.com/appv/2010/manifest" -createifnotexist
New-Element AppxManifest.xml -xpath "appv:MachineScripts/appv:PublishPackage" -elementname "appv:Arguments" -elementtext "/c PublishPackage.cmd" -namespaceURI "http://schemas.microsoft.com/appv/2010/manifest" -createifnotexist
New-Element AppxManifest.xml -xpath "appv:MachineScripts/appv:PublishPackage" -elementname "appv:Wait" -elementtext " " -namespaceURI "http://schemas.microsoft.com/appv/2010/manifest" -createifnotexist
Set-ElementAttribute AppxManifest.xml -xpath "appv:MachineScripts/appv:PublishPackage/appv:Wait" -attributename "RollbackOnError" -attributevalue "true"
Set-ElementAttribute AppxManifest.xml -xpath "appv:MachineScripts/appv:PublishPackage/appv:Wait" -attributename "Timeout" -attributevalue "999"
New-Element AppxManifest.xml -elementname "appv:MachineScripts" -namespaceURI "http://schemas.microsoft.com/appv/2010/manifest" -createifnotexist
New-Element AppxManifest.xml -xpath "appv:MachineScripts" -elementname "appv:UnpublishPackage" -namespaceURI "http://schemas.microsoft.com/appv/2010/manifest" -createifnotexist
New-Element AppxManifest.xml -xpath "appv:MachineScripts/appv:UnpublishPackage" -elementname "appv:Path" -elementtext "Cmd.exe" -namespaceURI "http://schemas.microsoft.com/appv/2010/manifest" -createifnotexist
New-Element AppxManifest.xml -xpath "appv:MachineScripts/appv:UnpublishPackage" -elementname "appv:Arguments" -elementtext "/c UnpublishPackage.cmd" -namespaceURI "http://schemas.microsoft.com/appv/2010/manifest" -createifnotexist
New-Element AppxManifest.xml -xpath "appv:MachineScripts/appv:UnpublishPackage" -elementname "appv:Wait" -elementtext " " -namespaceURI "http://schemas.microsoft.com/appv/2010/manifest" -createifnotexist
Set-ElementAttribute AppxManifest.xml -xpath "appv:MachineScripts/appv:UnpublishPackage/appv:Wait" -attributename "RollbackOnError" -attributevalue "true"
Set-ElementAttribute AppxManifest.xml -xpath "appv:MachineScripts/appv:UnpublishPackage/appv:Wait" -attributename "Timeout" -attributevalue "999"
<MachineScripts>
<PublishPackage>
<Path>Scriptrunner.exe</Path>
<Arguments>
-appvscript cmd.exe /c "[{AppVPackageRoot}]\..\Scripts\PublishPackage.cmd –appvscriptrunnerparameters –wait –timeout=99 – rollbackonerror
</Arguments>
</PublishPackage>
<UnpublishPackage>
<Path>Scriptrunner.exe</Path>
<Arguments>
-appvscript cmd.exe /c "[{AppVPackageRoot}]\..\Scripts\UnpublishPackage.cmd –appvscriptrunnerparameters –wait –timeout=99 – rollbackonerror
</Arguments>
</UnpublishPackage>
<AddPackage>
<Path>Scriptrunner.exe</Path>
<Arguments>
-appvscript cmd.exe /c "[{AppVPackageRoot}]\..\Scripts\AddPackage.cmd –appvscriptrunnerparameters –wait –timeout=99 – rollbackonerror
</Arguments>
</AddPackage>
<RemovePackage>
<Path>Scriptrunner.exe</Path>
<Arguments>
-appvscript cmd.exe /c "[{AppVPackageRoot}]\..\Scripts\RemovePackage.cmd –appvscriptrunnerparameters –wait –timeout=99 – rollbackonerror
</Arguments>
</RemovePackage>
</MachineScripts>
[ini]
iniVersion=29.11.2017-01
[Forbidden]
001=C:\Program Files (x86)\test\test1.exe
[Rv_oracle]
001=C:\Program Files (x86)\test\test.exe
Our next version of this script will be perfected and running as a Windows task schedule, a schedule can run as a normal AD user, making it possible to copy our ini file from a dfs share. If the dfs is not available it will use the local copy.Function Get-IniContent {
<#
.Synopsis
Gets the content of an INI file
.Description
Gets the content of an INI file and returns it as a hashtable
.Notes
Author : Oliver Lipkau <oliver@lipkau.net>
Blog : http://oliver.lipkau.net/blog/
Source : https://github.com/lipkau/PsIni
http://gallery.technet.microsoft.com/scriptcenter/...
Version : 1.0 - 2010/03/12 - Initial release
1.1 - 2014/12/11 - Typo (Thx SLDR)
Typo (Thx Dave Stiff)
#Requires -Version 2.0
.Inputs
System.String
.Outputs
System.Collections.Hashtable
.Parameter FilePath
Specifies the path to the input file.
.Example
$FileContent = Get-IniContent "C:\myinifile.ini"
-----------
Description
Saves the content of the c:\myinifile.ini in a hashtable called $FileContent
.Example
$inifilepath | $FileContent = Get-IniContent
-----------
Description
Gets the content of the ini file passed through the pipe into a hashtable called $FileContent
.Example
C:\PS>$FileContent = Get-IniContent "c:\settings.ini"
C:\PS>$FileContent["Section"]["Key"]
-----------
Description
Returns the key "Key" of the section "Section" from the C:\settings.ini file
.Link
Out-IniFile
C:\ProgramData\Microsoft\AppV\Client\Catalog\PackageGroups\{GroupId}\{VersionId}\
PackageGroupDescriptor.xml
PackageGroupDescriptorTemplate.xml
So this makes it possible to see if it is imported and not enabled, or removed completely if no files exist here.UserPackageGroupDescriptor.xml
powershell.exe "Add-AppvClientPackage -Path 'package.appv' | Publish-AppvClientPackage –Global | Mount-AppvClientPackage"
powershell.exe "Add-AppvClientPackage -Path 'package.appv' | Mount-AppvClientPackage"
powershell.exe "Publish-AppvClientPackage -Name 'package' –Global | Mount-AppvClientPackage"
powershell.exe "Unpublish-AppvClientPackage -Name 'package' -Global | Remove-AppVClientPackage"
powershell.exe "Unpublish-AppvClientPackage -Name 'package' -Global"