The DirectoryIsolationMode parameter specifies the level of read and write access for directories to the physical file system.
The capture process sets the initial value of the DirectoryIsolationMode parameter in the
Package.ini file. This parameter controls the default isolation mode for the files created by the virtual application except when you specify a different isolation mode in the
##Attributes.ini file for an individual directory. Any unspecified directories, such as
C:\myfolder, inherit the isolation mode from the
Package.ini file.
With Merged isolation mode, applications can read and modify elements on the physical file system outside of the virtual package. Some applications rely on reading DLLs and registry information in the local system image. The advantage of using Merged mode is that documents that users save appear on the physical system in the location that users expect, instead of in the sandbox. The disadvantage is that this mode might clutter the system image. An example of the clutter might be first-execution markers by shareware applications written to random computer locations as part of the licensing process.
With WriteCopy isolation mode, ThinApp can intercept write operations and redirect them to the sandbox. You can use WriteCopy isolation mode for legacy or untrusted applications. Although this mode might make it difficult to find user data files that reside in the sandbox instead of the physical system, this mode is useful for locked down desktops where you want to prevent users from affecting the local file system.
With Full isolation mode, ThinApp blocks visibility to system elements outside the virtual application package. This mode restricts any changes to files or registry keys to the sandbox and ensures that no interaction exists with the environment outside the virtual application package. Full isolation prevents application conflict between the virtual application and applications installed on the physical system. Do not use the Full isolation mode in the
Package.ini file because that mode blocks the ability to detect and load system DLLs. You can use Full isolation mode as an override mechanism in the
##Attributes.ini files.
ThinApp caches the isolation modes for the registry and the file system at runtime in the sandbox. If you change the isolation mode for the project and rebuild the executable file, you might delete the sandbox for the change to take effect.
You can modify the DirectoryIsolationMode parameter with WriteCopy isolation to ensure that the application can read resources on the local machine, but not write to the host computer. This is the default setting for the
snapshot.exe utility. You must place the parameter under an
[Isolation] heading.
You can assign Merged isolation mode to ensure that the application can read resources on and write to any location on the computer except where the package specifies otherwise. This is the default setting for the Setup Capture wizard.
