Blended Shortcut Access via AD Groups in App-V 5.0

Managing an App-V environment; Check-lists, Tips and Tricks, Best Practices, Videos, How to Guides

Moderators: kirk, jur, kkaminsk

Post Reply
DxD
Still installing locally
Posts: 4
Joined: Wed Jan 14, 2015 7:54 pm

Blended Shortcut Access via AD Groups in App-V 5.0

Post by DxD » Thu Feb 26, 2015 6:58 pm

Apologies if this is the wrong part of the forum or if it has been answered elsewhere.

We're doing a 4.6 to 5.0 SP3 conversion project at the moment and are getting to grips with the finer points of 5.0 in general and the Management console in particular.

In 4.6 we have the scenario with quite a few applications* where we will have one application, containing a number of OSD files with access being controlled by AD groups.

For example:

Application A
***********

OSD #1 (1 shortcut) is controlled by AD Group #1
OSD #2 (1 shortcut) is controlled by AD Group #2
OSD #3 (1 shortcut) is controlled by AD Group #3
OSD #4 (1 shortcut) is controlled by AD Group #4

If user 'A' is only a member of AD Group #1 he will get access to the OSD#1 shortcut alone.
If user ‘B’ is a member of AD Group #1 and AD Group #2 he will get access to those two shortcuts (but not those controlled by AD Group #3 and AD Group #4)
If user ‘C’ is a member of AD Group #2 and AD Group #4 he will get access to those two shortcuts (but not those controlled by AD Group #1 and AD Group #3)

....and so on.

What we can’t figure out is how to achieve the same level of coexistence/granularity in App-V 5.0. It is simple enough to create multiple _UserConfig.xml files and specify these locally with Powershell or via the Custom configuration dialogs and thereby drill down access to specific shortcuts (for example). I.e. assuming membership of AD groups is discrete we can easily control shortcut access without having to resort to generating multiple packages...

What isn’t obvious is how we can achieve what we achieved via the 4.6 console because if we grant different AD groups access to the package and point each AD group at a different _UserConfig file, what effectively happens if a user is a member of multiple groups is that ALL of the config files are ignored and the user ends up with ALL of the shortcuts!

There may be some obvious way to get around this but it isn’t self-evident (or maybe we are just a bit dim / doing it all wrong....we don't mind being told so!)

If anyone knows how we can achieve the blended results we had in 4.6 - i.e. users can be members of multiple AD groups and achieve a resultant blend of access as a result, we'd be most thankful!

* The scenario we are mostly talking about is that concering packages containing a single 'Application' of a pointer to the local IE with shortcuts to multiple targets

Tib
Guru
Posts: 219
Joined: Fri Jul 15, 2011 5:06 pm
Location: Belgium

Re: Blended Shortcut Access via AD Groups in App-V 5.0

Post by Tib » Thu Feb 26, 2015 7:19 pm

If you assign the user to multiple groups, appv detects a conflict and will apply the default config (from the embeded manifest-file).
So you have 3 options:
1) Create all possible sets of shortcuts/configs, assigns users only to 1 of these groups (this will be a hell of a job)
2) Create shortcuts with a script
3) Use a 3th party tool like AppSense or RES to deliver the shortcuts

I've had the same issue with a couple of our packages for example: package has 4 shortcuts pointing to prd /dev / tst / acc env. You want to assign 1 AD-group for each env.
I ended up removing all the shortcuts from the package, and create a Powershell script which creates the shortcuts at Publishing time depending on AD membership.
Roy Essers | Tiberivs

DxD
Still installing locally
Posts: 4
Joined: Wed Jan 14, 2015 7:54 pm

Re: Blended Shortcut Access via AD Groups in App-V 5.0

Post by DxD » Fri Feb 27, 2015 11:45 am

Thanks for the response Roy. So Microsoft has contrived to remove a piece of functionality widely used in enterprise scenarios. Hmmm...never mind.
We have AppSense so we could investigate that option. How about the PS script. Could you point us towards a good example?

seq_tim
Elder
Posts: 1218
Joined: Sat Sep 20, 2003 4:36 am
Location: Canton, MA (US)
Contact:

Re: Blended Shortcut Access via AD Groups in App-V 5.0

Post by seq_tim » Sun Mar 01, 2015 1:20 am

Separate packages for each shortcut (to the VFS location of the Exe) and a connection group using the new optional feature would also work.

Note: all packages need at least one file.
tim (Microsoft MVP for App-V)
Kahuna, TMurgent Technologies: http://www.tmurgent.com
President, Virtualization Boston: http://www.virtg.com

Post Reply

Return to “Managing”

Who is online

Users browsing this forum: No registered users and 1 guest