Dangers of Current User Keys left in Terminal Server packages?
Hi All,
As the post says, I am working at an organisation where before I arrived the previous company managing the project have been deploying packages to terminal servers with the Current User registry information still in the package. These packages are now on some live servers. We are about to start building some more servers for new departments and I was just checking the packages to make sure they were ok. Unfortunately the more I dig the more bad news i seem to find.
I know that when packaging applications for Terminal Servers that you need to install any Current User registry information to the shadow keys.
I do not like deploying bad packages that go against best practices and so want to advise management that they should consider repackaing these "bad" msi's. However, I will be asked what the danger is in deploying these packages with Current User information to the Terminal Servers so I was hoping that someone could tell me what the dangers are in deploying these packages and whether I should push for these to be repackaged correctly. My gut feeling is telling me we need to repackage these msi's.
What do you think? Any help or advice is much appreciated.
Rgds,
Mark
As the post says, I am working at an organisation where before I arrived the previous company managing the project have been deploying packages to terminal servers with the Current User registry information still in the package. These packages are now on some live servers. We are about to start building some more servers for new departments and I was just checking the packages to make sure they were ok. Unfortunately the more I dig the more bad news i seem to find.
I know that when packaging applications for Terminal Servers that you need to install any Current User registry information to the shadow keys.
I do not like deploying bad packages that go against best practices and so want to advise management that they should consider repackaing these "bad" msi's. However, I will be asked what the danger is in deploying these packages with Current User information to the Terminal Servers so I was hoping that someone could tell me what the dangers are in deploying these packages and whether I should push for these to be repackaged correctly. My gut feeling is telling me we need to repackage these msi's.
What do you think? Any help or advice is much appreciated.
Rgds,
Mark
0 Comments
[ + ] Show comments
Answers (2)
Please log in to answer
Posted by:
cygan
14 years ago
as per your concerns
I am working on a citrix migration project creating msi's for citrix presentation server 4.5
It is acceptable to install per-user registry information at setup time (for terminal server /citrix apps) as long as none of the keys contain user information (e.g. contains %USERPROFILE% or %USERNAME%).
For applications to be Terminal Server /citrix compliant, they must be able to work for multiple users concurrently. They cannot be CPU intensive or write user information to any shared files or registry keys.
also remove all advertising info and put them in the registry table as I am sure you don't want to trigger any kind of self repair on your servers.
and also do not advertise your features/ shortcuts
I am working on a citrix migration project creating msi's for citrix presentation server 4.5
It is acceptable to install per-user registry information at setup time (for terminal server /citrix apps) as long as none of the keys contain user information (e.g. contains %USERPROFILE% or %USERNAME%).
For applications to be Terminal Server /citrix compliant, they must be able to work for multiple users concurrently. They cannot be CPU intensive or write user information to any shared files or registry keys.
also remove all advertising info and put them in the registry table as I am sure you don't want to trigger any kind of self repair on your servers.
and also do not advertise your features/ shortcuts
Posted by:
MSIPackager
14 years ago
There is no problem having current user keys in your MSI packages destined for thin client servers - we do however remove keypaths for current user components to avoid the risk of kicking off a self repair. Some also like to diable advertising of shortcuts as cygan suggests.
The shadowing you refer to is done automatically, as long as the server is put into install mode (change user /install) before the installation and execute mode (change user /execute) after.
Doesnt meant to say there aren't other issues with the packages you are looking at, but on the face of it I don't consider this to be one.
Regards,
Rob.
The shadowing you refer to is done automatically, as long as the server is put into install mode (change user /install) before the installation and execute mode (change user /execute) after.
Doesnt meant to say there aren't other issues with the packages you are looking at, but on the face of it I don't consider this to be one.
Regards,
Rob.
Rating comments in this legacy AppDeploy message board thread won't reorder them,so that the conversation will remain readable.
