Use a Group’s SID Rather than Group Name For ThinApp Deployments
Note: This article was originally written on reich-consulting.net. Reich Web Consulting has narrowed its focus to the web and no longer offers tech support services, so we’ve moved all of our tech support content off-site. We hope you find this article useful. It is provided as-is, and we will no longer provide support on this topic.
When I deploy applications with VMWare’s ThinApp, I like to limit the users that can use the application by specifying a single group via the PermittedGroups option in the package.ini file. Then i can control deployment by adding and removing users from the group in Active Directory.
When I’ve discovered is that your applications become useless if you rename the group after you build the application package. I didn’t find this out until I started standardizing our group naming conventions and began adding a prefix to all groups that control application deployment.
Fortunately PermittedGroups also supports the use of group SIDs, which never change regardless of the name of the group. I’ll get the group’s SID using PowerShell, then paste it into the PermittedGroups line in package.ini, then rebuild. After that I can do anything I want to the group (other than delete it) and it’s ability to assign the ThinApp will be affected.
# Return the SID of an Active Directory group
[string](Get-ADGroup “Paste Group Name here”).SID