I am working with our internal Self-Service Software Distribution team to roll out KNIME Analytics Platform. We are facing a dilemma regarding the installation directory and would appreciate expert advice on best practices for restricted environments.
The Challenge:
-
Read-Only Installation (
C:\Program Files): If we deploy here, users cannot modify theknime.inito adjust their Heap Size (-Xmx) based on their hardware, nor can they install required extensions because the directory is write-protected. -
User-Writable Location: If we allow installation in a writable folder (like
%AppData%), users gain the ability to re-enable blocked features (e.g., K-AI, external Update Sites, Workflow Coach) by modifying the.inior preferences, which violates our Security Team’s requirements.
Our Questions:
-
How do we allow users to adjust Heap Size (-Xmx) without giving them write access to the main installation folder or the master
knime.ini? Is there a way to point KNIME to a “User-level”.ini -
What is the best way to handle Extensions? Can we redirect the extension installation folder to a writable user path while keeping the main app directory locked?
-
Configuration Locking: How can we enforce “Mandatory Preferences” (like disabling AI Assistant and Workflow Coach) so that even if a user has write access to their workspace, they cannot override these specific security settings?
We are looking for a “locked-down” but functional deployment model.