Messing with a ThinApp's Registry for Fun and Profit!

When you install ThinApp, it includes several utilities that are very useful for manipulating and troubleshooting your ThinApp packages. One of them is vregtool, which I’m going to discuss today. Vregtool allows you to examine and manipulate the registry for a ThinApp. Why would you need this when you can simply embed Regedit inside your package and use a tool with which you’re already familiar? Well, vregtool can be used to examine .tvr files, like the registry change files that get stored in the sandbox.
What this means is that you can start up a ThinApp, change some setting and then examine exactly what registry change was made to reflect that setting change. That can make it very easy to cherry pick the application settings that you want to embed within your package, vs. those that you want to leave out. Perhaps the concrete example of my use case will help this to make sense.
A customer recently had me package Office 2007 for use in their VDI environment. Office 2007 is nothing special to ThinApp, but we wanted the initial launch to be as smooth as possible. We used the Office 2007 Admin Templates in Group Policy to enable auto configuration based on primary SMTP Address as well as a few other settings (pretty much like we do for Office 2010) and it was largely smooth sailing. However, because we have Windows Search disabled, Outlook ‘helpfully’ warns us that “The Windows Search Engine is currently disabled. Outlook will not be able to provide fast search results…” with a checkbox to suppress the message in the future. Ultimately, that’s not that big of an annoyance, but everything that we can do to improve that first user experience is worth examining, so I set about disabling that message.
Just disabling the message on my capture box before the post scan was problematic. That message doesn’t come up until Outlook configures an inbox. I really didn’t want to have lingering bits of my own inbox configuration in my ThinApp package, so I didn’t like the idea of doing it that way. I know that you can delete a mailbox from Outlook after the fact, but I’m not sure about what other bits might hang around and cause subtle issues down the line. Instead, I decided to use vregtool to look at what’s actually happening when I suppress that message and then push that change only.
First, I used my knowledge of ThinApp Sandbox Locations (first Self-Referential Link!) to get myself a clean sandbox location. I then started up Outlook and clicked “ok” on the message without checking the box to suppress future notifications. Then I shutdown Outlook. That gave me a good “control” registry differential file, so that all of the junk that Outlook sets on first run would be part of my baseline. I copied my Registry.rw.tvr file (and renamed it to Baseline-Registry.rw.tvr) to a persistent location so that I could analyze it later and then prepared my modified registry file. To do that, I just opened up Outlook again and this time I checked the box to suppress future notifications about the Windows Search functionality. I then closed Outlook and copied my new Registry.rw.tvr as Set-Registry.rw.tvr to that same persistent location. Now, it’s time to pull out some data.
I went to my packaging machine and then, to make everything easier at the command line, I copied both of my *-Registry.rw.tvr files into my “C:\Program Files\VMware\VMware ThinApp” directory. Vregtool needs to know some stuff about how these registry files were generated and so I also put a copy of my Package.ini file in there. With the stage prepped, I opened a command prompt and navigated to that same directory. Then, using the commands:
Vregtool.exe Baseline-Registry.rw.tvr PrintKeys –ShowValues –ShowData –ExpandMacros > Reg-Base.txt
And
Vregtool.exe Set-Registry.rw.tvr PrintKeys –ShowValues –ShowData –ExpandMacros > Reg-Set.txt

I exported my Registry differential files into text files. These files are not insignificant (each is over 100k of text), so searching through them by hand wasn’t really feasible. A bit of google-fu revealed the Windows equivalent of “diff” and so I used the following command to narrow my search:
Fc Reg-Base.txt Reg-Set.txt > Reg-Diff.txt

FC (File Compare) listed all of the differences between the two files and only came up with a 19k text file. That’s better, especially when you consider that FC outputs the lines from both files so that you can easily compare them, as well as the preceding and proceeding lines from each changed block. All told, my diff resulted in 23 changed blocks of text between the two files. With those changes identified, it came down to a bit of guess and check around which one(s) were responsible for the setting that I actually wanted changed. Fortunately, I was able to eliminate a lot of the changed blocks based on their names and where they were in the registry (the stuff from Installer and from ThinStall\RunTimeObjects, for example, didn’t seem like probable candidates for my target change). I came down to a handfull likely changes that I determined to test.
I once again cleared out my sandbox, and this time I opened up my embedded RegEdit (vregtool could have done this too, but RegEdit was just easier for this particular task) and I made the first of my probable changes and then started up Outlook. No dice, so I shut it down and implemented my next change. On the third probable change, I was no longer harassed by that notification. To determine if it was a combination of my changes or if it was just that third change, I cleared out my sandbox once again and then only made that third change – success!
Now, with my change identified, I decided to bake it into the main package. I just opened up my “HKEY_CURRENT_USER.txt” file in the Office 2007 build folder and added the following 3 lines (they shouldn't be numbered in the file, I just did that to avoid confusion from wrapped lines in the web browser) in order to make the change:
  1. Isolation_full HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Outlook\Options\General
  2. Value=PONT_STRING
  3. REG_SZ~53,#2300

And I was good to go! For those of you who haven’t spent a bunch of time poking around those text files, that’s basically adding a String value named “PONT_STRING” to the HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Outlook\Options\General key and putting “53,” in its data. I’m not sure why there’s that comma after the 53, but hey, that’s what it did when I checked that box and so that’s what I’ve added to my package. After a quick rebuild, I ran the package and the message was correctly suppressed.

Comments

  1. UnknownJanuary 20, 2013 at 10:42 PM

    Hi Again,
    M Having some problems in deploying Registry-based Utilities. For example,when I build Advanced Systemcare(ASC) into a package ,everything works fine except the Registry Defrag feature.When the Registry Defrrager tries to defrag Registry,the process ends with an xx.exe not working message.The greater part of ASC's case is that Registry Cleaner of Asc works as it should but Registry Defrag fails...In RevoUninstaller the part where the program scans for old Reg. items makes the program end as in Asc's case...In Mz Registry Defrag,the program ends when the Defragging starts..
    So,What should I Do?
    I Have tried RegistryIsolationMode=Merged in Asc's and Revo's case but nothing more than a crash is achieved...Please Help!

    ReplyDelete
  2. Jason ColemanJanuary 21, 2013 at 10:20 AM

    I've never used Advanced Systemcare so I can't comment directly on that software, but it sounds like the ThinApp's sandbox is probably causing your problem. I think that you're onto the right path with running it in Merged mode. Are there any keys that are set as exceptions to the package's default mode? Look in the "Configuring an exception to the default RegistryIsolationMode" section of http://kb.vmware.com/kb/1017265 for some examples of that setting. Otherwise, this might be a good time to pull out Process Monitor (http://technet.microsoft.com/en-us/sysinternals/bb896645.aspx) and take a look at what that .exe is doing before it crashes. It might point you at a specific registry key or folder that the executable must access in order to do its job.

    ReplyDelete

Post a Comment

Sorry guys, I've been getting a lot of spam recently, so I've had to turn on comment moderation. I'll do my best to moderate them swiftly after they're submitted,

Popular posts from this blog

PowerShell Sorting by Multiple Columns

PowerShell's Sort-Object cmdlet is super useful, especially when preparing output for human consumption.  A few people have found my blog while looking for more information about its use, specifically while looking for how to sort by multiple columns (well, properties, technically).  I've never done so (much less written about it), so I hope those folks found answers elsewhere.  But, it got me curious... and it turns out that it's really easy. The Technet article on Sort-Object has the answer directly spelled out: just use commas to create a list of properties to sort by (in order to precedence).  Let's look at some examples!  First, prepare a variable with some good sortable data: $myData = get-eventlog System -newest 25 And then we can get to sorting!  Say you want to sort primarily by EntryType (Warning, Information, Error) and then by Source.  Easy-peasy: $myData | sort EntryType,Source How about if you want it to be in descending order?  Yeah, there&
Read more

Clone a Standard vSwitch from one ESXi Host to Another

One of my customers is standardizing the configurations on their HP C7000 enclosures (they've been set up at various sites by various administrators with varying involvement from the architecture team).  As such, we need to stand up some temporary resources so that we can take down the main enclosure for reconfiguration.  That's fine, we can easily ship a smaller enclosure to each site for temporary compute resources.  Some of the sites are using Standard vSwitches, so we need to be able to quickly copy the networking configuration over from their existing blades to these new, slightly different blades.  As I see it, we had 2 good options: 1) Capture a Host Profile with the desired vSwitch configuration.  Delete every other component of the Host Profile so that only the networking section is applied; design the new ESXi hosts so that the vSwitches'll work with the old vmnic-to-vswitch configurations. 2) Write a script to clone the vSwitch from ones ESXi host to another.
Read more

Deleting Orphaned (AKA Zombie) VMDK Files

A problem that most Virtualization Administrators need to deal with is Orphaned VMDK files (or Zombie VMDK files, as some people call them).  These are Virtual Machine hard drive files that are just hanging out, taking up storage, but are attached to no VMs.  How can this happen?  Well, the most common way is when an administrator needs to delete a VMDK but isn't quite ready to commit... so, after pressing "remove", they select "remove from virtual machine" rather than "remove and delete files".  The intent is always good: "I want to be able to restore this if it turns out to be necessary... so I'll just come back and delete it next week if nothing breaks!"  But, of course, next week something else happens and the file doesn't get deleted.  After a little while, it turns into "which files did I rename, again?" and nothing seems to happen. So, how do you deal with these orphaned files?  Well, a few years ago I found a scrip
Read more