Group policy and registry settings

Overview

OpenFin provides desktop owner administrators the ability to customize the Runtime environment to manage controls around specific API features. These controls over the Runtime and RVM (v 2.5.1+) enable application providers to use all API features, but give their customers (on a case by case basis), the option to turn them off via group policy. These additional settings are an extension of the Chromium base Group Policy flags.

OpenFin supports all policies that are managed in Chromium and supported on Windows. For the list of these policies and their settings, refer to the Chrome Enterprise policy list.

We’ve created templates for desktop owners to simplify the process of setting up group policy for users. These can be found in the following repos:

Runtime group policy template RVM group policy template

Locations

There are two main base paths where the RVM looks to read settings keys from, which can exist in both HKEY_CURRENT_USER and HKEY_LOCAL_MACHINE.

  • Group policy registry base path: Software\Microsoft\Windows\CurrentVersion\Policies\OpenFin\RVM
  • Registry base path: Software\OpenFin\RVM

Key precedence

If the same key value (for example, rvmInstallDirectory) exists in multiple locations, the key value that is actually used is based on the following rules:

Desktop owner settings > HKEY_CURRENT_USER > HKEY_LOCAL_MACHINE > Group policy registry > Registry > App manifest

That is, a value for a key in desktop owner settings takes precedence over a value in HKEY_CURRENT_USER, etc. Note that some keys must be defined in the registry; this includes DesktopOwnerSettings, for the location of a desktop owner settings file.

For example, for the key “rvmInstallDirectory”, the following order is used to determine which value is applied:

  1. Desktop owner settings: "deployment" : { "rvmInstallDirectory" : "value" }
  2. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\OpenFin\RVM\Settings\rvmInstallDirectory
  3. HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\OpenFin\RVM\Settings\rvmInstallDirectory
  4. HKEY_CURRENT_USER\Software\OpenFin\RVM\Settings\rvmInstallDirectory
  5. HKEY_LOCAL_MACHINE\Software\OpenFin\RVM\Settings\rvmInstallDirectory
  6. Application manifest: "rvmInstallDirectory"
  7. OpenFin default rvmInstallDirectory

OpenFin Group Policy Settings


assetsUrl

Globally sets a URL for retrieving application assets.
Data type: String (REG_SZ)
Expected value: A URL to the server that is hosting the assets.
Default value: https://cdn.openfin.co/release
Key: HKEY_LOCAL_MACHINE\SOFTWARE\OpenFIn\RVM\Settings\assetsUrl
Example value: http://YourAssetServer.com
Result: RVM and Runtime assets are retrieved from your specified asset server as opposed to the OpenFin asset repository.
DOS example


cleanUnusedRuntimes

Globally determines whether the RVM cleans up runtime and runtime cache folders that are no longer referenced by any installed applications. By default, the RVM does clean up unused runtimes.
Data type: DWORD (REG_DWORD)
Expected value: 0 or 1
Default value: 1 — The RVM cleans up unused runtimes.
Key: HKEY_LOCAL_MACHINE\Software\OpenFin\RVM\Settings\cleanUnusedRuntimes
Example value: 0
Result: Runtime and runtime cache folders are not cleaned up when when no applications reference them.
DOS example


crashReporterUrl

The endpoint URL to which the RVM sends crash reports.
Date type: String
Expected value: A URL to a server that can accept crash reports.
Default value: https://dl.openfin.co/services/crash-report-v2"`
Key: HKEY_CURRENT_USER\SOFTWARE\OpenFin\RVM\Settings\crashReporterUrl
Example value: " http://example.com/crash-reporter"
Result: The RVM sends crash reports to the specified URL instead of to OpenFin's crash report server.


createShortcutsForAllUsers

Whether to create shortcuts in the public shortcuts folder for all users.
Data type: DWORD (REG_DWORD)
Expected value: 0 or 1
Default value: 0x0
Key: HKEY_LOCAL_MACHINE\Software\OpenFin\RVM\Settings\createShortcutsForAllUsers
Example value: 1
Result: The RVM creates shortcuts for all users.
Note: This setting cannot be overridden by a desktop owner setting.


DesktopOwnerSettings

Globally sets the path or URL to the desktop owner settings configuration file.
Data type: String
Expected value: A path or URL to a JSON file containing desktop owner settings.
Default value: none
Key: HKEY_LOCAL_MACHINE\Software\OpenFin\RVM\Settings\DesktopOwnerSettings
Example value: "https://example.com/company/files/end-user-desktop-owner-settings.json"
Result: The RVM reads the desktop owner settings from the specified URL, using the settings in the file and overriding any settings that were defined in the registry.
Note: This setting cannot be overridden by a desktop owner setting.


desktopOwnerSettingsMandatory

Whether to require that the file at the DesktopOwnerSettings location must be used. If required, and the location is not reachable, the RVM does not load.
Data type: DWORD (REG_DWORD)
Expected value: 0 or 1
Default value: 0
Key: HKEY_LOCAL_MACHINE\Software\OpenFin\RVM\Settings\desktopOwnerSettings
Example value: 1
Result: If the RVM cannot read the file at DesktopOwnerSettings, it exits without continuing.
Note: This setting cannot be overridden by a desktop owner setting.


disableShortcutCreation

Whether to globally prevent all applications installed through the RVM from creating shortcuts. The desktop owner can choose to be responsible for shortcut creation.
Data type: DWORD (REG_DWORD)
Expected value: 0 or 1
Default value: 0 — Applications installed through the RVM install their shortcuts.
Key: HKEY_LOCAL_MACHINE\Software\OpenFin\RVM\Settings\disableShortcutCreation
*Example value: 1
Result: When an application is installed through the RVM, shortcuts for the application are not created.
DOS example**


enableRuntimeDiagnostics

Whether to enable reporting Runtime diagnostics information to OpenFin. (RVM 4.2.0.35+, Runtime v20+)
Data type: DWORD (REG_DWORD)
Expected value: 0 or 1
Default value: 1
Key: HKEY_LOCAL_MACHINE\Software\OpenFin\RVM\Settings\enableRuntimeDiagnostics
Example value: 0
Result: The RVM does not report diagnostic information about the Runtime session to OpenFin.


enableSBDLocalhostTrusted

Whether secured APIs should be automatically allowed for applications hosted on http://localhost. This setting can be convenient during application development, but desktop owners might prefer to disable it for ordinary users of production applications.
Data type: DWORD (REG_DWORD)
Expected value: 0 or 1
Default value: 1
Key: HKEY_LOCAL_MACHINE\Software\OpenFin\RVM\Settings\enableSBDLocalhostTrusted
Example value: 0
Result: The RVM follows the API security permissions defined in desktop owner settings regardless of where the application is hosted.


lrsUrl

Globally sets the license relay server (LRS) URL for all applications. The RVM sends all licensing information to the specified server instead of directly to the OpenFin default server.
Data type: String (REG_SZ)
Expected value: A URL to a server that is running a hosted LRS service.
Default value: https://dl.openfin.co/services
Key: HKEY_LOCAL_MACHINE\Software\OpenFin\RVM\Settings\lrsUrl
Example value: https://example.com/license-services
Result: The RVM sends all licensing information to the specified URL.
DOS example


maxAppLogFileSizeMB

The maximum log file size in megabytes for an application-specific log. Note that the RVM uses the base-2 definition: 1MB = 1048576 bytes. (RVM 4.2.0.35+)
Data type: DWORD (REG_DWORD)
Expected value: A DWORD representing the max app log file size in megabytes.
Default value: none (unlimited)
Key: HKEY_LOCAL_MACHINE\Software\OpenFin\RVM\Settings\ApplicationLogging\maxAppLogFileSizeMB
Example value: 0x00000400 (1024 MB)
Result: The RVM does not let application logs grow over this size.
DOS example


maxAppLogFiles

The maximum number of archived log files for an application that uses application logging.
Data type: DWORD (REG_DWORD)
Expected value: A DWORD representing the maximum number of archived application logs.
Default value: 0 (unlimited)
Key: HKEY_LOCAL_MACHINE\Software\OpenFin\RVM\Settings\ApplicationLogging\maxAppLogFiles
Example value: 10
Result: The RVM only keeps the youngest zipped log files and delete the oldest zipped log files, without exceeding the number specified in this setting.
DOS example


noUi

Whether to disable user interface elements generated by the RVM, such as error dialog boxes, splash screen, etc.
Data type: DWORD (REG_DWORD)
Expected value: 0 or 1
Default value: 0x0
Key: HKEY_LOCAL_MACHINE\Software\OpenFin\Settings\noUi
Example value: 1
Result: The RVM suppresses all UI elements.
Note**: This setting cannot be overridden by a desktop owner setting.


runtimeArgs

Globally add runtime arguments to apply for all applications.
Data type: String (REG_SZ)
Expected value: A string containing any number of desired runtime flags, separated by spaces.
Default value: The runtime arguments specified in the application configuration.
Key: HKEY_LOCAL_MACHINE\Software\OpenFin\RVM\runtimeArgs
Example value: –user-data-dir=”%localappdata%custom_cache_directory
Result: All applications utilizing the RVM specify –user-data-dir runtime flag when they are launched. This specific runtime flag can be used to set a custom directory where the runtime writes its cache information.
Note: This setting cannot be overridden by a desktop owner setting.


runtimeCache

The Runtime writes any cache data here. This is a global setting that overrides any application configuration. (RVM 2.8+)
Data type: String (REG_SZ)
Expected value: A folder path where you want the RVM to write cache data.
Default value: %rvmInstallDirectory%/cache
Key: \Software\OpenFin\RVM\Settings\Deployment\runtimeCache
Value: %LOCALAPPDATA%\RuntimeCache
Result: The runtime writes its cache data to this folder.
DOS example


runtimeDirectory

The Runtime binaries are stored here. (RVM 2.8+)
Data type: String (REG_SZ)
Expected value: A folder path where you want the Runtime binaries to be stored.
Default value: %rvmInstallDirectory%/runtime
Key: HKEY_LOCAL_MACHINE\Software\OpenFin\RVM\Settings\Deployment\runtimeDirectory
Example value: %LOCALAPPDATA%\CustomDir
Result: The RVM uses this folder to read and write runtime binaries.
DOS example


rvmInstallDirectory

The RVM copies itself and operates from this directory. (RVM 2.8+)
Data type: String (REG_SZ)
Expected value: A folder path where you want the RVM to copy itself from.
Default value: %LOCALAPPDATA%\OpenFin
Key: HKEY_LOCAL_MACHINE\Software\OpenFin\RVM\Settings\Deployment\rvmInstallDirectory
Example value: %LOCALAPPDATA%\CustomFolder
Result: If the RVM executes from a different folder, it copies itself to the custom folder and re-runs from there.
DOS example


secureAPIDefaultPermission

Defines the default permission for secured APIs, when no matching permission definition is found.
Data type: RG_SZ
Expected value: one of "allow", "deny", or "prompt"
Default value: "prompt"
Key: HKEY_LOCAL_MACHINE\Software\OpenFin\RVM\Settings\Deployment\secureAPIDefaultPermission
Example value: "deny"
Result: Secured APIs whose permissions are not explicitly defined are denied access to run.


shortcutPointsToOriginalInstall

Whether shortcuts created by the RVM point to the original installation location of the RVM, and not the rvmInstallDirectory location. This can be useful in environments that wipe the %localappdata% folder, such as Citrix.
Data type: DWORD (REG_DWORD)
Expected value: 0 or 1
Default value: 0
Key: HKEY_LOCAL_MACHINE\Software\OpenFin\RVM\Settings\Deployment\shortcutPointsToOriginalInstall
Example value: 1
Result: The RVM creates shortcuts that point to the original installation location. The RVM re-installs itself every time it runs.


startMenuRootFolder

Globally sets root folder(s) for applications start menu shortcuts.
Data type: String (REG_SZ)
Expected value: A path of custom folders where you want start menu shortcuts to be placed.
Default value: The standard Windows start menu shortcut folder.
Key: HKEY_LOCAL_MACHINE\Software\OpenFin\RVM\Settings\startMenuRootFolder
Example value: custom_folder_name
Result: Start menu shortcuts are placed in “custom_folder_name," for all applications installed through the RVM that specify start menu shortcuts. The custom folder is inside the default Windows start menu folder.
[DOS example]doc:desktop-owner-settings#section-example)


trackBetaAutoUpdates

Whether the RVM automatically updates to the latest beta release of the RVM; the version number is maintained at https://cdn.openfin.co/release/rvm/betaVersion.
Data type: DWORD (REG_DWORD)
Expected value: 0 or 1
Default value: 0
Key: HKEY_CURRENT_USER\Software\OpenFin\RVM\Settings\trackBetaAutoUpdates
Example value: 1
Result: When the RVM is launched, it updates to the latest beta release.


unusedRuntimeExpirationInMinutes

The amount of time after which the RVM removes a downloaded runtime and its corresponding runtime cache folder(s). The RVM keeps track of the last time a downloaded runtime was launched. After an amount of time based on the value of unusedRuntimeExpirationInMinutes has elapsed since the runtime was last launched, the RVM removes that runtime and its corresponding cache folder(s) the next time the RVM exits. Note that this does not apply to runtimes that are not downloaded through the RVM (for example, runtimes that are copied to the /runtime folder via MSI installers or other means). (RVM 3.5.1.0+)
Data type: DWORD (REG_DWORD)
Expected value: A DWORD representing a number of minutes.
Default value: 0x0000a8c0 (43,200 minutes, or 30 days)
Key: HKEY_LOCAL_MACHINE\Software\OpenFin\RVM\Settings\unusedRuntimeExpirationInMinutes
Example value: 0x00003840
Result: The RVM deletes the downloaded runtime after 14400 minutes (10 days) after the last time the runtime is launched.
DOS example


Advanced group policy settings

Use these settings only in specialized circumstances.

protocolHandlerLocation

Location from which fin and fins links launch the RVM. This setting takes precedence over rvmInstallDirectory. Use only in situations where this location needs to be explicitly set, such as when the default location in a virtual environment is periodically emptied.
Data type: String (REG_SZ)
Expected value: Path to the directory containing the RVM that should be launched by fin and fins links.
Default value: Same as rvmInstallDirectory.
Key: HKEY_LOCAL_MACHINE\Software\OpenFin\RVM\SettingsprotocolHandlerLocation
Example value: %LOCALAPPDATA%\CustomFolder
Result: When the user clicks a link with a fin or fins protocol, the RVM in the specified folder is launched.


Refer to this page for a complete list of Chromium group policy settings.

Have questions? Get in touch with us at [email protected].


Did this page help you?