Video Furnace and Windows software restriction policies
Posted by on 17 May 2012 02:41 PM
Some high security environments employ Windows software restriction policies to limit which applications can be launched on a user's PC. If the policy is configured such that access to all but specified applications is denied, the Video Furnace player will not be allowed to launch.
A rule will need to be added to allow the player to launch.
On a Windows software restriction policy, there are two methods for allowing access to a piece of software - you are free to use either as the software package itself has no involvement in the way the restriction policy is implemented:
Each time a Video Furnace InStream player is launched, two files are executed - .vftv0000000 (where 0000000 is a random number) is the Java based player launcher, this needs to be able to launch from the user's profile area, or wherever Java is set to place temporary files.
You can use a path rule to allow this, for example:
This launcher places files in the user's ‘AppData’ temporary area, which they should normally already have write access to already as this is used by many programs.
They will then need a second path rule to launch a program from this area, for example:
Or, if preferred for security reasons, a file hash rule based on the InStream.exe file. This file only exists whilst the player is running, so you will need to grab the InStream.exe whilst running the player (it will be at C:\Users\yourusername\AppData\Local\Temp\InStream00000150\InStream.app\Instream.exe).
Note that using a file rule will not be upgrade-proof, as the file will change following a system upgrade.
You could also use %userprofile%\AppData\Local\Temp\InStream00000150\InStream.app\* to make the path rule tighter, but then you will need a separate path rule for each of the back-end tools, as they launch from different locations e.g. %userprofile%\AppData\Local\Temp\VFAEditor00000150\VFAEditor.app