Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Effective immediately, the PackageStoreAccessControl (PSAC) feature that was introduced in Microsoft Application Virtualization (App-V) 5.0 Service Pack 2 (SP2) is being deprecated in both single-user and multi-user environments.
The PSAC feature has been unsupported in multi-user environments since the first hotfix package for App-V 5.0 SP2, however PSAC deployment in single-user environments has been supported until now. If you have deployed PSAC to single-user environments, remove the configuration option from any deployments
The scope of application entitlement enforcement in App-V will be reviewed and addressed as appropriate in a future release.
To address App-V application entitlement concerns, you can leverage the following features available today in App-V 5.0 SP2:
- By default, the location in Windows where App-V stores applications, %ProgramData%, is a hidden folder that most users will not understand how to browse. You can use this hidden folder with the “Pending Unpublish” feature in App-V 5.0 SP2 to alleviate some of the entitlement concerns.
- To prevent your end users from copying shortcuts and executables from the Program Data folder, consider the following:
- User-copied shortcuts cannot be used to launch an App-V application if the user is not entitled to the package.
- Copying executables from Program Data won’t allow users to run the application outside of an App-V environment, except for simple applications without any subsystems or integration.
The App-V 5.0 Team
Get the latest System Center news on Facebook and Twitter :
System Center All Up: https://blogs.technet.com/b/systemcenter/
System Center – Configuration Manager Support Team blog: https://blogs.technet.com/configurationmgr/
System Center – Data Protection Manager Team blog: https://blogs.technet.com/dpm/
System Center – Orchestrator Support Team blog: https://blogs.technet.com/b/orchestrator/
System Center – Operations Manager Team blog: https://blogs.technet.com/momteam/
System Center – Service Manager Team blog: https://blogs.technet.com/b/servicemanager
System Center – Virtual Machine Manager Team blog: https://blogs.technet.com/scvmm
Windows Intune: https://blogs.technet.com/b/windowsintune/
WSUS Support Team blog: https://blogs.technet.com/sus/
The AD RMS blog: https://blogs.technet.com/b/rmssupp/
App-V Team blog: https://blogs.technet.com/appv/
MED-V Team blog: https://blogs.technet.com/medv/
Server App-V Team blog: https://blogs.technet.com/b/serverappv
The Forefront Endpoint Protection blog : https://blogs.technet.com/b/clientsecurity/
The Forefront Identity Manager blog : https://blogs.msdn.com/b/ms-identity-support/
The Forefront TMG blog: https://blogs.technet.com/b/isablog/
The Forefront UAG blog: https://blogs.technet.com/b/edgeaccessblog/
Comments
- Anonymous
June 16, 2014
Pingback from A closer look at App-V 5 SP2 hotfix 5 | IT Tech Log - Anonymous
June 16, 2014
Pingback from A closer look at App-V 5 SP2 hotfix 5 | IT Tech Log - Anonymous
June 16, 2014
Pingback from A closer look at App-V 5 SP2 hotfix 5 | IT Tech Log - Anonymous
June 18, 2014
Security by hidden folders.. nice. - Anonymous
August 25, 2014
"Copying executables from Program Data won’t allow users to run the application outside of an App-V environment, except for simple applications without any subsystems or integration."
How Naïve! This is a total mess and does not pass our pen-test or licensing requirements for application control.