The Official Microsoft App-V Team Blog

Your official source for all the latest news and tech tips for Microsoft Application Virtualization (App-V).

Notice: PackageStoreAccessControl (PSAC) will be deprecated in App-V 5.0 SP2

Notice: PackageStoreAccessControl (PSAC) will be deprecated in App-V 5.0 SP2

  • Comments 5
  • Likes

ImportantEffective immediately, the PackageStoreAccessControl (PSAC) feature that was introduced in Microsoft Application Virtualization (App-V) 5.0 Service Pack 2 (SP2) is being deprecated in both single-user and multi-user environments.

The PSAC feature has been unsupported in multi-user environments since the first hotfix package for App-V 5.0 SP2, however  PSAC deployment in single-user environments has been supported until now. If you have deployed PSAC to single-user environments, remove the configuration option from any deployments

The scope of application entitlement enforcement in App-V will be reviewed and addressed as appropriate in a future release.

To address App-V application entitlement concerns, you can leverage the following features available today in App-V 5.0 SP2:

- By default, the location in Windows where App-V stores applications, %ProgramData%, is a hidden folder that most users will not understand how to browse. You can use this hidden folder with the “Pending Unpublish” feature in App-V 5.0 SP2 to alleviate some of the entitlement concerns.

- To prevent your end users from copying shortcuts and executables from the Program Data folder, consider the following:

  • User-copied shortcuts cannot be used to launch an App-V application if the user is not entitled to the package.
  • Copying executables from Program Data won’t allow users to run the application outside of an App-V environment, except for simple applications without any subsystems or integration.

The App-V 5.0 Team

Get the latest System Center news on Facebook and Twitter:

clip_image001 clip_image002

System Center All Up: http://blogs.technet.com/b/systemcenter/
System Center – Configuration Manager Support Team blog: http://blogs.technet.com/configurationmgr/
System Center – Data Protection Manager Team blog: http://blogs.technet.com/dpm/
System Center – Orchestrator Support Team blog: http://blogs.technet.com/b/orchestrator/
System Center – Operations Manager Team blog: http://blogs.technet.com/momteam/
System Center – Service Manager Team blog: http://blogs.technet.com/b/servicemanager
System Center – Virtual Machine Manager Team blog: http://blogs.technet.com/scvmm

Windows Intune: http://blogs.technet.com/b/windowsintune/
WSUS Support Team blog: http://blogs.technet.com/sus/
The AD RMS blog: http://blogs.technet.com/b/rmssupp/

App-V Team blog: http://blogs.technet.com/appv/
MED-V Team blog: http://blogs.technet.com/medv/
Server App-V Team blog: http://blogs.technet.com/b/serverappv

The Forefront Endpoint Protection blog : http://blogs.technet.com/b/clientsecurity/
The Forefront Identity Manager blog : http://blogs.msdn.com/b/ms-identity-support/
The Forefront TMG blog: http://blogs.technet.com/b/isablog/
The Forefront UAG blog: http://blogs.technet.com/b/edgeaccessblog/

Comments
  • Security by hidden folders.. nice.

  • "Copying executables from Program Data won’t allow users to run the application outside of an App-V environment, except for simple applications without any subsystems or integration."

    How Naïve! This is a total mess and does not pass our pen-test or licensing requirements for application control.

Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment