Use a Group’s SID Rather than Group Name For ThinApp Deployments

Note: This article was originally written on reich-consulting.net. Reich Web Consulting has narrowed its focus to the web and no longer offers tech support services, so we’ve moved all of our tech support content off-site. We hope you find this article useful. It is provided as-is, and we will no longer provide support on this topic.

When I deploy applications with VMWare’s ThinApp, I like to limit the users that can use the application by specifying a single group via the PermittedGroups option in the package.ini file. Then i can control deployment by adding and removing users from the group in Active Directory.

When I’ve discovered is that your applications become useless if you rename the group after you build the application package. I didn’t find this out until I started standardizing our group naming conventions and began adding a prefix to all groups that control application deployment.

Fortunately PermittedGroups also supports the use of group SIDs, which never change regardless of the name of the group. I’ll get the group’s SID using PowerShell, then paste it into the PermittedGroups line in package.ini, then rebuild. After that I can do anything I want to the group (other than delete it) and it’s ability to assign the ThinApp will be affected.

[rc_codebin language=”powershell”]
# Return the SID of an Active Directory group
[string](Get-ADGroup “Paste Group Name here”).SID
[/rc_codebin]

Reich Web Consulting

Written by

Purveyor of fine web creations. Former tech support geniuses. Occasional spouter of opinions on topics of politics and ethics.

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade