GMSC Discussions

GeoMedia Smart Client community discussion board is where you can create, contribute and share information and knowledge in regards to configuring as well as working with GeoMedia Smart Client. Find your answers, share your knowledge and help build a strong GeoMedia Smart Client community.
Showing results for 
Search instead for 
Do you mean 
Reply
Highlighted
Occasional Contributor
Posts: 9
Registered: ‎11-10-2015
Accepted Solution

AppLauncher and the Windows 10 AppLocker

Spoiler
 

We have the situation, that some customers with restricted settings of Windows 10 AppLocker see the problem, that java.exe - which is launched from %USERS%\AppData\Local\Hexagon\App Launcher\cache is blocked by AppLocker.

This effect is independant of where the AppLauncher was installed to. 

Is this the standard behaviour, that java.exe is beeing copied into the %USERS%-Directory? Whats the reason therefor?

Highlighted
Community Manager
Posts: 302
Registered: ‎02-08-2016

Re: AppLauncher and the Windows 10 AppLocker

Hello,

 

AppLocker is specificaly for applicaton control so an IT department can restrict what applications be used on a Windows 10 machine.

If the IT does not allow for Java.exe to be executed, and the customer has the requirement to run the AppLauncher / Java then an exception has to made by the IT department.

 

AppLocker is doing it's job by restricting the execuition of a an application that is not permitted to run by the IT policies.

 

Thanks,

Marc

Highlighted
Occasional Contributor
Posts: 9
Registered: ‎11-10-2015

Re: AppLauncher and the Windows 10 AppLocker

Ok, nothing against the AppLocker from my side. But from my point of view, it's hard to understand, why we copy the whole OpenJDK Binaries into c:\%user%\AppData\Local and execute java.exe from there. Especially because we have the opportunity to install the AppLauncher (silent and by params) into a directory of free choice (where we need Admin rights to install, but where we have no further restrictions by some policies).

Highlighted
Staff
Posts: 1,119
Registered: ‎10-18-2015

Re: AppLauncher and the Windows 10 AppLocker

the reason is to not require administrative priviliges, like stated in the last comment here:

https://community.hexagongeospatial.com/t5/M-App-Enterprise-Tutorials/M-App-Enterprise-2018-Hexagon-...

 

if the customer's IT decides to add additional security levels, we cannot do much.

Stefano Turcato
Presale Engineer
Hexagon Geospatial
Highlighted
Occasional Contributor
Posts: 9
Registered: ‎11-10-2015

Re: AppLauncher and the Windows 10 AppLocker

One follow up question keeps me still busy: We installed AppLauncher into a custom directory (f.e. C:\Hexagon\AppLauncher). If I launch GMSC I see, that the initialized Java Runtime is the one which is installed in %USERS%\AppData and not the one which is located in the custom configured AppLauncher Directory. The problem is, that we need another exception rule for the Windows10 AppLocker, even though we have a java.exe in the ordinary place.

Thanks for your ideas and hints.

Highlighted
Visitor
Posts: 1
Registered: ‎03-12-2020

Re: AppLauncher and the Windows 10 AppLocker

@olivergrimm Did you find a way around this issue?

 

We are currently experiencing the same issue with our customer. They have installed the AppLauncher to C:\Program Files, but when the client launches it downloads all of the files to \AppData\Local\Hexagon which means that the AppLocker blocks the process again (or something does)

 

Is there anyway of changing where the extra files are downloaded too, to ensure that the user always has the right level of access?

Highlighted
Community Manager
Posts: 302
Registered: ‎02-08-2016

Re: AppLauncher and the Windows 10 AppLocker

Hello DA226694, olivergrimm.

 

The reason we use the \AppData\Local\Hexagon is so the user does not require admin privileges to run the App launcher but it also insures that the java and App launcher can be upgraded with each release of the App launcher thus guaranteeing the App launcher is using the correct version of java and in a supported configuration.

Before App Launcher, the management of supported Java versions was one of the biggest impacts to our customers generating a large amount support issue's every time a new Java version was released or if there was a change to the Java configuration.

This eliminates any need to manage Java versions and insures the App launcher is running in a supported configuration. 

 

Also note that Microsoft has defined %USERS%\AppData for such use of applications and if your IT department decides to block applications with AppLocker then you will need to work with your IT department.

Please also note a configuration that does not use %USERS%\AppData is not a supported configuration.

 

Thank You,

Marc