ThinApp User’s Guide : Configuring Package Parameters : Configuring Isolation : DirectoryIsolationMode

DirectoryIsolationMode
The DirectoryIsolationMode parameter specifies the level of read and write access for directories to the physical file system.
The capture process sets the initial value of the DirectoryIsolationMode parameter in the Package.ini file. This parameter controls the default isolation mode for the files created by the virtual application except when you specify a different isolation mode in the ##Attributes.ini file for an individual directory. Any unspecified directories, such as C:\myfolder, inherit the isolation mode from the Package.ini file.
ThinApp provides only the Merged and WriteCopy isolation mode options in the capture process. You can use the Full isolation mode outside the wizard to secure the virtual environment.
With Merged isolation mode, applications can read and modify elements on the physical file system outside of the virtual package. Some applications rely on reading DLLs and registry information in the local system image. The advantage of using Merged mode is that documents that users save appear on the physical system in the location that users expect, instead of in the sandbox. The disadvantage is that this mode might clutter the system image. An example of the clutter might be first-execution markers by shareware applications written to random computer locations as part of the licensing process.
With WriteCopy isolation mode, ThinApp can intercept write operations and redirect them to the sandbox. You can use WriteCopy isolation mode for legacy or untrusted applications. Although this mode might make it difficult to find user data files that reside in the sandbox instead of the physical system, this mode is useful for locked down desktops where you want to prevent users from affecting the local file system.
With Full isolation mode, ThinApp blocks visibility to system elements outside the virtual application package. This mode restricts any changes to files or registry keys to the sandbox and ensures that no interaction exists with the environment outside the virtual application package. Full isolation prevents application conflict between the virtual application and applications installed on the physical system. Do not use the Full isolation mode in the Package.ini file because that mode blocks the ability to detect and load system DLLs. You can use Full isolation mode as an override mechanism in the ##Attributes.ini files.
ThinApp caches the isolation modes for the registry and the file system at runtime in the sandbox. If you change the isolation mode for the project and rebuild the executable file, you might delete the sandbox for the change to take effect.
For more information about the definitions and effect of isolation modes, see Defining Isolation Modes for the Physical File System.
Examples
You can modify the DirectoryIsolationMode parameter with WriteCopy isolation to ensure that the application can read resources on the local machine, but not write to the host computer. This is the default setting for the snapshot.exe utility. You must place the parameter under an [Isolation] heading.
[Isolation]
DirectoryIsolationMode=WriteCopy
You can assign Merged isolation mode to ensure that the application can read resources on and write to any location on the computer except where the package specifies otherwise. This is the default setting for the Setup Capture wizard.
[Isolation]
DirectoryIsolationMode=Merged