The PermittedGroups parameter restricts a package to a specific set of Active Directory users.
You can specify group names, SID strings, or a mix of group names and SID strings in the same line of the PermittedGroups parameter. If you use a domain-based group name, you must connect to that domain when you build the application package. If you add a SID in the parameter value, you are not required to connect to the domain where the SID is defined.
Active Directory Domain Services define security groups and distribution groups. This parameter can only support nested security groups. For example, if a user is a member of security group A, and security group A is a member of security group B, ThinApp can detect the user as a member of security group A and security group B.
When ThinApp builds an application, ThinApp assumes any specified group names are valid and converts the names to SID values. ThinApp can resolve group ownership at runtime using cached credentials. You can continue to authenticate laptop users even when they are offline. If the user does not have access to run the package, you can customize the
AccessDeniedMsg parameter to instruct the user.
You can place the PermittedGroups parameter under the
[BuildOptions] heading to affect the package or under the
[<application>.exe] heading to affect a specific application. The
[<application>.exe] value overrides the default
[BuildOptions] value for the specific application.
You can modify the PermittedGroups parameter to specify a list of Active Directory user group names, separated by semicolons. The
[BuildOptions] parameters set global settings for the entire project.
If you do not specify a PermittedGroups setting for an application, the application inherits the global
PermittedGroups value in the
[BuildOptions] section.
