23.09.2021 17:00:47
Guideline
Formats and Architectures Format selection Based on sources provided for package creation following procedures are available: • Transformation of existing vendor MSI. • Creation of MSI by repackaging legacy installer or from the scratch. • Usage of legacy setup. • Package Virtualization (App-V/ThinApp/MSIX) General packaging best practices are given below.
An original vendor MSI may not be changed. Adjustments must always be made by MST. The original MSI Databases should Vendor MSI not be modified. In exceptional cases if transform creation is not possible or fixing of vendor MSI is not possible in acceptable timeframe, the setup capture may be performed. Vendor If vendor specific customization tool (e.g. Adobe InstallTuner, Microsoft Office Customization Tool) is available for original customization tool package, it should be used. More than one If original application contains more than one vendor MSI from different vendors, the packaging task should be divided for vendor MSI from separate tasks for each vendor MSI. different vendors
Advantages and Disadvantages Application Virtualization Virtualizing applications (e.g. in App-V/MSIX) can offer customers advantages, but also disadvantages: Advantages Applications are installed and uninstalled correctly There are no conflicts between applications Multiple versions of the same application can be installed in parallel Advantages when rolling out applications Applications can be assigned per user (e.g. for VDI or Citrix)
Disadvantages Virtualized versions of applications are not offered by the vendor The virtualized application must be rebuilt by the vendor for each version update Sequencing usually results in loss of warranty coverage from the vendor Incompatibilities prevent App-V packages from being created There remains a mix of Classic Applications with Virtualized Applications, which must be reconciled
Strategies for Application Virtualization Aggressive Application Virtualization In this strategy, the customer tries to virtualize the highest possible percentage of his applications. This gives him the advantage of being able to use his VDI or TS environment at the highest level of sophistication. Each user can log on to their thin client and have all their applications available. There is no need to have permanent virtual clients available. Case-based application virtualization Here only applications are virtualized, which make sense project-related. This strategy does not attempt to virtualize all applications in general. This could be that a set of applications need to work on VDI or need to be deployed to private devices via MSI-X. Another example might be deploying the application on the same device in a different version.
Guideline Page 1 of 23 23.09.2021 17:00:47
Advantages and disadvantages of the snapshot process With the snapshot technique, the installation of an application can be recorded and converted to a Windows Installer package (msi), for example. This gives the customer all the advantages of the installer technique (repair, machines/user parts separated, advertised shortcuts, standardization), but at the same time the support by the manufacturer expires. The responsibility for the package now lies with the creator of this snapshot and can thus also trigger negative effects (e.g. functional errors, corrupt uninstallations). The snapshot usually has to be completely recreated with every version update from the vendor. We only recommend the snapshot technique if either there is no installation routine from the manufacturer or the quality of the supplied manufacturer routine is incorrect (e.g. no silent uninstall or problematic parameters).
Technical explanation about the formats
Classic formats Virtual formats App-X, MSI-X Universal Apps Dockers / Containers
MSI, Legacy, third- App-V, Portable Hyper-V and party snapshots. Apps, Symantec App-X, MSI-X UWP Windows Container VSA, ThinApp.
Registry, Filesystem Native (partially Virtual Virtual Virtual Virtual virtual through UAC)
Services, driver Yes No (AppV can Services) No No Yes supported CPU Virtualization Native Native Native No Yes
May require admin Yes Yes No No Yes privileges
Runs on ARM or No No No Yes No Broadcom
Business Store No No Yes Yes No (Azure) from Win7, Win10 OS Required WinXP and above (1607) no longer need from Win10 (1607) as of Win10 as of Win10 (1607) a license
Suitable for user No Yes Yes (mandatory) Yes (mandatory) No deployment
Suitable for VDI and Apps can be Complete Full manufacturer resolving installation published in the store, Application must be independence of Comments support, maximum conflicts, not always no installation compiled as UWP, no containers among compatibility compatible (e.g. conflicts, not always conversion possible. themselves, needs hardware). compatible more CPU and memory.
Architecture Application and operating system There are two criteria for architectures, there is the architecture of the operating system and the architecture of the application that is to be executed. Windows architecture
Operating system/application Win x86 Win x64 Win Arm Win Arm64 Windows 7/8/10 x86 OK not OK not OK not OK Windows 7/8/10 x64 OK not OK not OK Windows 8.1 arm (Windows RT) not OK not OK OK not OK
Guideline Page 2 of 23 23.09.2021 17:00:47
Windows 8/10 arm64 (Surface X) OK ** OK (beta) OK OK
MacOS architecture
Operating system/application MacOS x64 MacOS M1 MacOS x64 (Intel) OK not OK MacOS M1 (Apple Silicon) OK ** OK
** Except drivers and hardware related programs
Interfaces to OS Overview Applications have different interfaces to the operating system, which are created with the installation. These interfaces are registered to a large extent in the registry under CLASSES_ROOT. Below the individual interfaces are described. https://blogs.windows.com/windowsdeveloper/2017/04/13/com-server-ole-document-support-desktop-bridge/
Start Menu The Start menu is the most well-known entry point in Windows, where users can find their programs. The entries in the start menu were before Windows 8 completely under %ProgramData%\Microsoft\Windows\Start Menu\ stored as .lnk files. Additionally they were combined with the corresponding user directory. As of Windows 8, MSIX apps are also designated in the Start menu.
Classic Save path %ProgramData%\Microsoft\Windows\Start Menu\*.lnk %APPDATA%\Microsoft\Windows\Start Menu\*.lnk Uninstall without problems Yes Change on minor update No
App-V Save path %ProgramData%\Microsoft\Windows\Start Menu\*.lnk %APPDATA%\Microsoft\Windows\Start Menu\*.lnk Uninstall without problems Yes Change on minor update Yes
MSIX Save path %ProgramFiles%\WindowsApps\...\appxmanifest.xml HKCR\AppX...\Application Uninstall without problems Yes Change on minor update Automatic
Desktop As with the Start menu, desktop shortcuts are created using a Windows directory (%PUBLIC%\Desktop) as .lnk files, again combining the directory from the corresponding user directory. In addition, certain predefined icons such as the trashcan are added from the operating system.
Interfaces to OS Page 3 of 23 23.09.2021 17:00:47
. Classic Save path %PUBLIC%\Desktop\*.lnk %USERPROFILE%\Desktop\*.lnk Uninstall without problems Yes Change on minor update No
App-V Save path %PUBLIC%\Desktop\*.lnk %USERPROFILE%\Desktop\*.lnk Uninstall without problems Yes Change on minor update Yes
MSIX Storage path not supported Uninstall problem-free not supported Change on minor update not supported
File Transfer Associations (FTA) In Windows, file associations (file extensions) date back to DOS times. Windows recognizes file types by the extension of the file name. These extensions are defined in legacy packages via Classes_Root, in the root of the tree, they always start with a dot (.).
Classic Save path HKCR\.* Uninstallation Problem-free No Change on minor update No
App-V Save path HKCR\.* Uninstallation Problem-free No Change on minor update Yes
MSIX Save path HKCR\.*\OpenWithProgids Uninstallation Problem-free Yes Change on minor update Automatic
ProgID File links point to a ProgId in classic Windows, rather than directly to the exe. The ProgId contains information about where the program is located and what parameters should be used to start it. ProgId entries are also supported by WebBrowsers, for example the following entry is possible: txtfile://myparameter .
Interfaces to OS Page 4 of 23 23.09.2021 17:00:47
https://docs.microsoft.com/en-gb/windows/win32/com/-progid--key Classic Save path HKCR\* Uninstallation Problem-free No Change on minor update No
App-V Save path HKCR\* Uninstallation Problem-free No Change on minor update Yes
MSIX Storage path Not supported (except compatibility) Uninstallation Problem-free Yes Change on minor update Automatic
Verbs Verbs describe the context menu when "right-clicking" on a file .
Mime Types The Internet Media Type, also called MIME-Type (after the Multipurpose Internet Mail Extensions specification) or Content-Type (after the name of the field), classifies the data in the body of a message on the Internet. As explained in the MIME standard, for example, an HTTP transmission tells a browser what data the web server is sending - whether it is a plain text document, an HTML document, or a PNG image, for example. In email, too, the "Content-Type" header field is used to classify the different data. https://developer.mozilla.org/en-US/docs/Web/HTTP/Basics_of_HTTP/MIME_types/Common_types https://de.wikipedia.org/wiki/Internet_Media_Type
Classes (CLSID) A CLSID is a Globally Unique Identifier that identifies a com class object. If your server or container allows linking to the embedded objects, you must register a CLSID for each supported object class. Each coclass from the COM server has at least one entry under this key, which specifies the CLSID and the ProgID. The CLSID is a GUID that uniquely identifies the class, and the ProgID (programmatic identifier) is a string that identifies the class in a more readable form. https://docs.microsoft.com/en-gb/windows/win32/com/clsid-key-hklm https://mariusbancila.ro/blog/2010/06/01/com-and-registry/
Classic Save path HKCR\CLSID\* HKEY_CURRENT_USER\Software\Classes Uninstall without problems Yes (because of GUID) Change on minor update No
Interfaces to OS Page 5 of 23 23.09.2021 17:00:47
App-V Save path HKCR\CLSID\* HKEY_CURRENT_USER\Software\Classes Uninstall without problems Yes (because of GUID) Change on minor update Yes
MSIX Save path HKCR\CLSID\* HKEY_CURRENT_USER\Software\Classes Uninstall without problems Yes (because of GUID) Change on minor update Automatic
TypeLibs Each type library has a key under HKEY_CLASSES_ROOT\TypeLib, with the name of the LIBID. The subkeys provide information about the physical location of the type library file (.tlb file) and others, such as flags (FLAGS key) the directory that contains the help file for the type library (HELPDIR key). A LIBID is a GUID that uniquely identifies a type library. A *.TLB file is a binary version of an IDL file. This is used by languages such as VB, Java, Javascript and many others to be able to use COM objects.
Classic Save path HKCR\TypeLib\* Uninstall without problems Yes (because of GUID) Change on minor update No
App-V Storage path HKCR\TypeLib\* Uninstall without problems Yes (because of GUID) Change on minor update Yes
MSIX Memory path HKCR\TypeLib\* Uninstall without problems Yes (because of GUID) Change on minor update Automatic
Interfaces The information for all interfaces defined in an IDL file (type library) must be added in the registry. There must be a key with the IID of the interface under HKEY_CLASSES_ROOT\Interface. The IID (Interface Identifier) is a GUID that uniquely identifies an interface.
Classic Save path HKCR\Interface\* Uninstall without problems Yes (because of GUID) Change on minor update No
App-V Save path HKCR\Interface\* Uninstall without problems Yes (because of GUID)
Interfaces to OS Page 6 of 23 23.09.2021 17:00:47
Change on minor update Yes
MSIX Memory path HKCR\Interface\* Uninstallation Problem-free Yes (because of GUID) Change on minor update Automatic
AppIds An AppID (Application Identifier) is a GUID that uniquely identifies a COM server and is used to describe security and activation settings; it is used for out-of-proc scenarios (local or remote). Usually, the AppID is identical to the CLSID of a coclass of the COM server (with no risk of collision, since the CLSID and the AppID serve different purposes). .
Classic Save path HKCR\AppID\* Uninstall without problems Yes (because of GUID) Change on minor update No
App-V Save path HKCR\AppID\* Uninstall without problems Yes (because of GUID) Change on minor update Yes
MSIX Save path HKCR\AppID\* Uninstall without problems Yes (because of GUID) Change on minor update Automatic
AppPath When the ShellExecuteEx function is called with the name of an executable file in the lpfile parameter, there are several places where the function looks for the file. It is recommended to register the application in the App paths registry subkey. This eliminates the need for applications to change the system path environment variable. The file is searched in the following locations: 1. The current working directory . 2. Only the Windows directory (no subdirectories are searched). 3. The Windows\system32 directory. 4. Directories listed in the PATH environment variable. 5. Recommended: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\AppPath https://docs.microsoft.com/en-us/windows/win32/shell/app-registration Classic Save path HKLM\Software\Microsoft\Windows\CurrentVersion\AppPath Uninstall Problem Free Yes Change on minor update No
Interfaces to OS Page 7 of 23 23.09.2021 17:00:47
App-V Save path HKLM\Software\Microsoft\Windows\CurrentVersion\AppPath Uninstall Problem Free Yes Change on minor update Automatic
MSIX Save path HKLM\Software\Microsoft\Windows\CurrentVersion\AppPath Uninstall Problem Free Yes Change on minor update Automatic
General Guidelines Interaction The package must be installed fully automatically and without user input. All dialogs or splash screens that appear on application start should be disabled if nothing else is given. User Settings User settings must be set automatically. Shortcuts Shortcuts on the desktop are always removed Shortcuts named "Uninstall" or "ReadMe" are always removed Shortcuts are additionally recorded in the
General Guidelines Page 8 of 23 23.09.2021 17:00:47
(to replace hardcodes, etc.). Security Permissions have to be set for local users group (if other is not described in installation documentation). Access permissions for files, folders, registry keys and services (if required) are set by custom section in deploy.xml to run after the installation. SECEDIT or icacls utilities should be used. Overwriting files On a Windows operating system there are certain files that have a special meaning and therefore cannot be overwritten, but only edited or appended. The following files can never be overwritten, but only merged or appended: %Windir%\System32\drivers\etc\Hosts %Windir%\System32\drivers\etc\Lmhosts %Windir%\System32\drivers\etc\Services %Windir%\Win.ini %Windir%\System.ini
Uninstallation The default uninstall behavior is to remove all components placed on the operating system by the MSI. This is also dependent on the counter value of the shared DLL. Permanent, shared and modified components are not removed. Setting a component to shared or permanent is done by creating the Components table in the MSI file. An uninstall action must leave data and user-defined settings and files unchanged. Parameters All configurable application settings (server names, serial keys) that could be changed during deployment stage should be set as variables. Application Publishing Windows registers applications in the registry, with are later used for the context menu "Open With", which can be searched in the start menu and which are used for the PATH variable. Publishing can be enabled during integration. https://helgeklein.com/blog/2010/08/how-the-app-paths-registry-key-makes-windows-both-faster-and-safer/ Firewall Settings During integration of the package, you can enable Software firewall settings directly inside the package or export them as external files AppLocker and VirusScanner Export your Settings as external files during integration of the package.
Create Legacy Package Overview For the creation of a legacy package is made only if no MSI file provides. Since the legacy format does not know any standardization, the creation is a bit more complicated. Creation It must first be clarified whether the manufacturer provides parameters for both installation and uninstallation, so that the software can be installed in the "background" Installation procedure
Create Legacy Package Page 9 of 23 23.09.2021 17:00:47
The installation process always follows the same pattern 1. Check if the software to be installed is already installed locally, this is a safety measure in case the package may have already been installed manually or the job has been set incorrectly. 2. All processes from the program folder of the software to be installed are deleted 3. Known processes of the application will be deleted 4. Installation Setup.exe with silent parameters 5. Subsequent setting of settings (e.g. language, server name, ...) 6. Changes to default system security settings (files, folders, registry, services) needs to be investigated 7. Optional feedback if a reboot is necessary 8. Check for a registry key or file, whether the installation has gone through correctly Uninstallation procedure 1. Check if the software to be installed is already installed locally 2. Deletes all processes from the program folder of the software to be installed 3. Known processes of the application are deleted 4. Uninstall with silent parameters (uninstall.exe) 5. Eventually revoking additional permissions on the file system or registry 6. Optional feedback if a reboot is necessary 7. Check for a registry key or file, whether the installation has gone through correctly Repair 1. Check if the software to be installed is already installed locally 2. Deletes all processes from the program folder of the software to be installed 3. All processes from the "File Table" of the MSI are deleted 4. Uninstallation with silent parameters (uninstall.exe) 5. Install Setup.exe with silent parameters 6. Subsequently set the settings (eg language, server name, ...) 7. Eventually assigning additional rights on the file system or registry 8. Optional feedback if a reboot is necessary 9. Check for a registry key or file, whether the installation has gone through correctly Shortcuts The shortcuts are additionally recorded in the
Create MSI Package Overview For the creation of a MSI package it is of course mandatory that the manufacturer provides a MSI file. Since the file is available as a database, we can use FastWrapper to read a great deal of information directly. Therefore, it is unnecessary to manually search for the uninstall key, for example. Technical References https://docs.microsoft.com/en-us/windows/win32/msi/windows-installer-portal Installation procedure The installation process always follows the same pattern 1. Check if the software to be installed is already installed locally, this is a safety measure in case the package may have already been installed manually or the job has been set incorrectly.
Create MSI Package Page 10 of 23 23.09.2021 17:00:47
2. All processes from the program folder of the software to be installed are deleted 3. All processes from the "File Table" of the MSI are deleted 4. Installation of the MSI, usually in combination with the MST 5. Subsequent setting of the settings (eg. E.g. language, server name, ...) 6. Eventually granting additional rights on the file system or the registry 7. Optional feedback, whether a reboot is necessary 8. Checking for a registry key or a file, whether the installation has gone through correctly Uninstallation procedure Generally all resources, which were installed during installation, should be removed during uninstall. This is the default behavior the MSI technology. The exceptions are files, which were installed over components that are shared with other installed packages. Files and INI entries, which have been created after the software installation, by default are not removed during uninstall. The application folder remains on the computer with some created content. User specific Files and Registry entries should not be deleted. 1. Check if the software to be installed is already installed locally 2. Deletes all processes from the program folder of the software to be installed 3. All processes from the "File Table" of the MSI are deleted 4. Uninstallation of the MSI 5. Eventually revoke additional permissions on the file system or registry 6. Optional feedback on whether a reboot is necessary 7. Check for a registry key or file if the installation went through correctly Repair 1. Check if the software to be installed is already installed locally 2. Deletes all processes from the program folder of the software to be installed 3. All processes from the "File Table" of the MSI are deleted 4. Repair of the MSI 5. Eventually repair additional permissions on the file system or registry 6. Optional feedback on whether a reboot is necessary 7. Check for a registry key or file if the installation went through correctly Properties Following properties can be set as command line parameters in the deploy.xml.
ALLUSERS 1 Per-machine installation using folders in "All Users" profile. ARPNOMODIFY 1 Disables modify functionality in ARP One ARP entry for each msi. In case if msi installs more than one ARP entry, ARPSYSTEMCOMPONENT No entry ARPSYSTEMCOMPONENT = 1 may be set via Registry table to hide additional APR entry. It should be deleted on package de-installation. LIMITUI 1 The user interface (UI) level used when installing the package is restricted to Basic. MSIDISABLERMRESTART 1 Windows Restart Manager: The property is ignored if the Restart Manager is unavailable or disabled. MSIRESTARTMANAGERCONTROL Disable Windows Restart Manager: Disables restart manager. MSIRMSHUTDOWN 2 Windows Restart Manager: The property is ignored if the Restart Manager is unavailable or disabled. REBOOT ReallySuppress Suppress all reboots and reboot prompts initiated by ForceReboot during the installation. ROOTDRIVE C:\ Specifies the default drive for the destination directory of the installation. Features The layout of features should not be changed, if not required. Components Components of a Vendor MSI can be left unchanged. Components added via MST should conform to the regulations for Repackaged MSI. Current User Entries If the package was created correctly by the vendor, the user part is negligible in this case because it is triggered by the MSI via selfhealing.
Create MSI Package Page 11 of 23 23.09.2021 17:00:47
In exceptional cases, however, the
Create MSI Package Page 12 of 23 23.09.2021 17:00:47
Special guidelines 1. ProductCode should never be changed 2. LaunchConditions are always removed 3. General manipulations are always done in the MST 4. Dynamic manipulations (server names, serial keys) are done in Deploy.xml Package Validation MSI Validation is the process of checking the consistency and referential integrity of the MSI file database. This is done using so-called ICE tests (Internal Consistency Evaluators). Standard validation using “Full MSI Validation Suite” must be used. ICE Errors in the „Vendor MSI” can be ignored. Errors from 3rd Party Merge Modules or that comes from certified Merge Modules can also be ignored. All “Warnings” Messages can be ignored.
Snapshot as MSI Overview MSI snapshots are only created if the manufacturer does not provide an installation source of sufficient quality. There are various commercial products for creating these packages. Installation procedure The MSI snapshot installation is a standardized procedure that does not require any special customization. Uninstallation Procedure Generally all resources, which were installed during installation, should be removed during uninstall. This is the default behavior the MSI technology. The exceptions are files, which were installed over components that are shared with other installed packages. Files and INI entries, which have been created after the software installation, by default are not removed during uninstall. The application folder remains on the computer with some created content. It should be recognized by the packager and corrected. User specific Files and Registry entries should not be deleted. The MSI Snapshot uninstallation is a standardized process that requires no special customization. Repair Procedure The MSI Snapshot repair is a standardized procedure that does not require any special customization. Summary Information Stream Title = Installation Database Author = ClueBiz Subject = PackageName Comments = left empty Keywords = Install,MSI Platform = Intel or x64 Installation Directory Default vendor application installation directory is used. If nothing different is given, all applications should be installed under the directory “%ProgramFiles%” or “%ProgramFiles(x86)%”. Shared files are installed under %CommonProgramFiles%\
Snapshot as MSI Page 13 of 23 23.09.2021 17:00:47
Shortcuts to Help files should be only removed if the target help file can be launched from the application (for example by pressing F1). All shortcuts should be advertised, except shortcuts to a folder and shortcut to an external file. Properties
ALLUSERS 1 Per-machine installation using folders in "All Users" profile. ARPNOMODIFY 1 Disables modify functionality in ARP ARPPRODUCTICON file.ico Entry from Icon table LIMITUI 1 The user interface (UI) level used when installing the package is restricted to Basic Manufacturer Name of the manufacturer of the application OR If the manufacturer is unknown, set the value = ClueBiz MSIDISABLERMRESTART 1 Windows Restart Manager: The property is ignored if the Restart Manager is unavailable or disabled. MSIRESTARTMANAGERCONTROL Disable Windows Restart Manager: Disables restart manager MSIRMSHUTDOWN 2 Windows Restart Manager: The property is ignored if the Restart Manager is unavailable or disabled. ProductName Name of the application according with the entry in ARP ProductVersion Version of the application in ARP REBOOT ReallySuppress Suppress all reboots and reboot prompts initiated by ForceReboot during the installation. ROOTDRIVE C:\ Specifies the default drive for the destination directory of the installation. Special Guidelines ICE Errors ICE Errors that have a technical impact on machine/user separation should be fixed These are allowed ICE Errors ICE03 (Error): Only errors stating “String overflow (greater than length permitted in column)” ICE33 (Warning) ICE48 (Warning) ICE49 (Warning) ICE51 (Warning) ICE60 (Warning) ICE90 (Warning) ICE91 (Warning) Features If the installation package contains a user-specific configuration, which is to be performed by a MSI entry point when the application is launched, it should be added with all relevant advertisements in the feature " UserPart ". “UserPart” should be the parent feature of the main application feature Reason: For very large applications, this structuring contributes to a much faster implementation of the configuration.
Feature UserPart Feature_Parent Title UserPart Description Display 0 Level 1 Directory_ Attributes 32
The main feature should be filled in as follows:
Feature Productname without blanks and points Feature_Parent UserPart Title Productname without blanks and points Description
Snapshot as MSI Page 14 of 23 23.09.2021 17:00:47
Display 0 Level 1 Directory_ Attributes 32
Components Components installing files of type DLL, OCX, EXE, SYS, TLB, CHM into the system folders like system32 or %CommonProgramFiles% should have option "Always increment shared .DLL count" (Attribute value of the component = 8 or higher). All the components, except „CreateFolder“, „INIFiles“ and „RemoveFiles“, must have a Keypath. If a component contains DLL, OCX, EXE, SYS, or TLB file, this file must be a key path of the component. These components must not contain more than one file. If INI or Registry entries are required for a DLL, OCX, SYS, or TLB file, these entries and the file should be stored in the same component. Mark components for 64Bit parts correctly (attribute 256 + additional e.g. 8). Lowercase letters in GUID are forbidden. A new component must have a new GUID generated. Per-machine and per-user data in the same component are forbidden. Empty components must be removed from the package. Current Users Entries When a package contains Current User entries, make sure that those entries are really necessary. If not, they can be removed from the package. If possible, all per-user data should belong to the component named CurrentUser. The key path for a per-user component must be registry entry under HKCU that’s unique for every package (e.g. usage of PackageCode) to grant functionality of self-repair. Dummy key example:
Root Key Name Value 1 SOFTWARE\[Manufacturer]\[ProductName]\[ProductVersion]\[PackageCode] CurrentUser [ProductCode] Active Setup In case of non-Advertised Shortcuts or if the per-user data must be updated and cannot be updated correctly with standard MSI means, an Active Setup has to be included in the Package. The section can be used here, this automatically creates an "ActiveSetup.vbs" in the main directory of the program, which is executed directly during the installation for all logged-in users, but is also triggered for all subsequent logins via the ActiveSetup.vbs. Files All *.log, uninstall* update* files should be removed from the package. Also all references to the removed files in the Registry and Shortcut table also should be removed. Media/CABs Single external CAB file should be used. External CAB should be named .cab.
INI files INI files should be installed through the IniFile table. However, if a file has INI extension and incorrect internal structure, the file should be installed directly via the File table. In exceptional cases: If the order of INI file entries is relevant and IniFile table mechanism of MSI is providing inappropriate results, it is allowed to deploy ini files by using in conjunction MSI file table and IniFile table. If INI file entries are required for DLL, OCX, SYS, or TLB file, these entries and the file should be stored in the same component. Hardcoded values are substituted by properties. Custom properties added to the package (to replace hardcodes, etc.). Registry All registry entries should be installed via Registry table. The exception is the registry entries that can be installed under HKEY_CLASSES_ROOT via Class, ProgId, Extension table etc. Usage of TypeLib table is not recommended. All HKCR\CLSID, HKCR\TypeLib, HKCR\Interface records should belong to the corresponding DLL/OCX component name. Ensure to install registry keys for 64Bit registry hive by using a 64Bit component. Otherwise they will be installed into 32Bit registry hive. Keys are to be examined for hard coded entries, e.g.: Computer names, IP addresses, port numbers etc. These entries should be replaced with MSI properties. Usage of the SelfReg table in the setup capture is prohibited.
Snapshot as MSI Page 15 of 23 23.09.2021 17:00:47
File Associations Association of file extensions has to been done via MSI standard mechanism (Extension table). Corresponding entries in registry table has to been removed. Environment Variables Append values if environment variable already exist. Environment variable created during installation has to be removed during removal of package. For example: *=-Path Services Services should be installed using the appropriate tables (ServiceControl and ServiceInstall) and not through installing the registry settings directly. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services should only be changed if the application requires service parameters that are not delivered with the MSI service tables themselves. During the Uninstall of the application, installed services should be stopped and removed. ODBC ODBC-entries should be installed using the appropriate tables, and not through installing the registry settings directly. ODBC- entries for 64Bit have to be marked via component properties. Otherwise the ODBC-entries are written into 32Bit instead. It is also allowed to install ODBC entries through Registry table. Custom Actions Custom actions can be used only in exceptional cases. All required extended actions should be implemented through the Deploy.xml. Security Permissions Access permissions for files, folders, registry keys and services (if required) are set by instructions in deploy.xml to run after the installation. SECEDIT or icacls utilities should be used. LockPermissions, MsiLockPermissionsEx table are forbidden. Package Validation MSI Validation is the process of checking the consistency and referential integrity of the MSI file database. This is done using so-called ICE tests (Internal Consistency Evaluators). Standard validation using “Full MSI Validation Suite” must be used. Validation should be performing using the Full Windows Validation Suite (All ICE tests should be run), no ERRORS should be existing in the MSI file and only certain warnings should be allowed. Following is a list of allowed errors/warnings in an ICE validation: ICE03 (Error): Only errors stating “String overflow (greater than length permitted in column)” ICE33 (Warning) ICE48 (Warning) ICE49 (Warning) ICE51 (Warning) ICE60 (Warning) ICE90 (Warning) ICE91 (Warning)
Convert to App-V Overview App-V packages are created on demand for the customer if they have this technology in use. App-V packages are especially suitable for parallel installations and error-free installation/uninstallation. Because App-V packages are completely rebuilt, however, support from the manufacturer expires in most cases. Microsoft Application Virtualization (App-V) is an application virtualization solution from Microsoft. It helps businesses to provide their end- users with access to virtually any application, anywhere without installing applications directly on their computers. By leveraging App-V technology, technical departments can effectively manage software deployment and precise distribution for a stable and productive user environment.
Convert to App-V Page 16 of 23 23.09.2021 17:00:47
What is the purpose virtualization? It provides the agility, scalability, cost-saving required in today’s business scenarios. It reduces: •Infrastructure downtime. •Saves time and resources that are spend deploying/providing operating systems to users. •Saves troubleshooting time for application installations. •Multiple versions of the same application can be deployed on the same machine. App-V packages are created on demand for the customer if they have this technology in use. App-V packages are especially suitable for parallel installations and error-free installation/uninstallation. Technical references https://docs.microsoft.com/en-us/microsoft-desktop-optimization-pack/appv-v5/technical-reference-for-app-v-51 http://download.microsoft.com/download/F/7/8/F784A197-73BE-48FF-83DA-4102C05A6D44/App-V%205.0%20Sequencing%20Guide.docx Installation procedure App-V installation is a standardized process that requires no special customization. Uninstallation Procedure The App-V uninstallation is a standardized flow that does not require any special customization. Repair Procedure The App-V repair is a standardized process that requires no special customization. Shortcuts Shortcuts are extracted directly and automatically from the .manifest file Compatibility Not all applications can be sequenced due to App-V limitations: Restriction Description Applications that start services at boot time App-V requires a logged-in user to initiate the start of an application. App-V cannot virtualize drivers. It is possible to work around this problem and install Applications that require device drivers the driver locally on the target computer. This includes antivirus software, VPN clients, personal firewalls, and disk and volume mount utilities. Some user-mode device drivers can be virtualized. Applications that are part of the operating system For example, Internet Explorer Applications that use COM+ Because COM+ is dynamic and happens at runtime, there is no way for the sequencer to capture this information. COM DLL surrogate virtualization For example, DLLs running in Dllhost.exe Application groups, VBScripts, updates, PVAD The application root directory is marked as "opaque", this ensures that there is no conflict with a physical installation on the host system Full access to VFS is enabled only on demand PVAD is not used
Convert to MSIX Overview MSIX is a package format for Windows apps that provides a modern packaging interface for all Windows app. The MSIX package preserves the functionality of existing app packages and/or installation files, and enables new, modern packaging and deployment features for Win32, WPF,
Convert to MSIX Page 17 of 23 23.09.2021 17:00:47
and Windows Forms apps. MSIX enables organizations to stay current and ensure their applications are always up to date. It enables IT professionals and developers to deliver a user-centric solution while lowering the total cost of ownership of the application by reducing the need for repackaging. References https://docs.microsoft.com/en-us/windows/msix/ https://store.rg-adguard.net/ Creation MSIX packages are created automatically using root packages. The procedure is described below: 1. The vendor sources must be available either as msi, zip or exe 2. The manufacturer sources must be temporarily unpacked locally, for MSI this is an administrative installation, for exe this can be achieved either via parameters or via 7Zip. In the worst case, the sources must be unpacked via a physical installation. 3. A folder mapping must be created, where will the unpacked directories appear later in the App-V (e.g. PFiles\Firefox -> [ProgramFilesX64]\Firefox 4. Shortcuts and customizations must be present in the root package 5. Extensions, ProgID and Verbs must be manually captured in the root package or imported via an MSI 6. Packaging happens fully automatically afterwards via the robot
In exceptional cases, an application can also be created via Microsoft's Sequencer, but the automated procedure is preferred, as it is considerably faster and does not contain any residual traces from the sequencing machine. The created AppV file can then be converted to an MSIX by the robot. Installation procedure . The MSIX installation is a standardized procedure that does not require any special customization. Uninstallation Procedure The MSIX uninstallation is a standardized procedure that does not require any special customization. Repair Procedure The MSIX repair is a standardized procedure that does not require any special customization. Compatibility The same restrictions apply as for App-V, but in addition: 1. If the application requires administrative privileges, it cannot be deployed as MSIX 2. Only one shortcut can be created Distribution MSI-X update mechanism Each time the software is called, the web server checks if a new version is already available. The update is automatically downloaded and installed. Local Installation The software can be installed directly on the device via the Deliveries_Setup.exe
Convert to PSFX
Convert to PSFX Page 18 of 23 23.09.2021 17:00:47
Overview The PSFX framework from Cluebiz is an extension to existing MSIX packages. Possible applications include: Drivers Services Whole native installations such as VPN software
Download https://productive.cluebiz.ch/fragments2/CluebizData/clients/e2ef5b9c-2757-4399-94b3-9042134c3284/msix/256b7e9d-dade-483b-a224- 37bcf938b109-x64-MUI-1.1.0.0.msix Application 1. Create an "externalscripts" directory in the root of your MSIX package. 2. Now create a powershell "install.ps1" in this directory
3. Add the desired code to your powershell, this will later be executed with elevated privileges by the service outside the container 4. Also create an "uninstall.ps1" if you want to remove the components again
Execution 1. Install the PSFX service 2. Then install your MSIX package 3. A directory c:\ProgramData\PSFXService\%packagename% will be created automatically 4. The install.ps1 file is automatically executed from c:\ProgramData\PSFXService\%packagename% 5. Check the %TEMP% directory for a log file 6. Now uninstall your MSIX package 7. The uninstall.ps1 file will be automatically executed by c:\ProgramData\PSFXService\%packagename% 8. The directory c:\ProgramData\PSFXService\%packagename% will be deleted
Create Docker Snapshot Overview Docker is an open source project for automating the deployment of apps as mobile, self-contained containers that can run in the cloud or locally. Docker is also a company that promotes and develops this technology and works with cloud, Linux and Windows vendors, including Microsoft. References https://docs.microsoft.com/en-us/dotnet/architecture/microservices/container-docker-introduction/ Creation https://blog.sixeyed.com/how-to-dockerize-windows-applications/ Installation procedure The Docker installation is a standardized process that requires no special customization. Uninstallation flow The Docker uninstallation is a standardized flow that requires no special customization. Repair flow
Create Docker Snapshot Page 19 of 23 23.09.2021 17:00:47
Docker repair is a standardized process that requires no special customization .
Create UEV Profile Overview Capture and centralize your users' application settings and Windows operating system settings by implementing Microsoft User Experience Virtualization (UE-V) 2.0 or 2.1. Then apply those settings to the devices users access in your organization, such as desktops, laptops, or Virtual Desktop Infrastructure (VDI) sessions. References https://docs.microsoft.com/en-us/microsoft-desktop-optimization-pack/uev-v2/ Creation UE-V files can be created directly from the root package. They will be added automatically during download.
Create MacOS Package Overview The Deliveries_Setup wrapper supports MacOS and Linux operating systems in addition to Windows. A prerequisite is the installation of .net 5 Runtime from Microsoft, which is available at this link. https://dotnet.microsoft.com/download/dotnet-core/3.1 Creation In the following example, two main variants are described, installation by copying to the Application directory or installation via a PKG file.
Installation via the Applications directory (e.g. VLC Player).
Create UEV Profile Page 20 of 23 23.09.2021 17:00:47
Installation via a pkg file (e.g. Google Earth).
After installation, the command . pkgutil --pkgs the uninstall key can be identified .
To check where the program was installed, the command can now be used. pkgutil --files com.Google.GoogleEarthPro . can be executed, this will list all the directories that need to be removed during uninstallation.
Create Linux Package Overview The Deliveries_Setup wrapper supports MacOS and Linux operating systems in addition to Windows. A prerequisite is the installation of .net 5 runtime from Microsoft, which is available at this link. . https://dotnet.microsoft.com/download/dotnet-core/3.1 Creation
Installation via an offline file
Create Linux Package Page 21 of 23 23.09.2021 17:00:47
.
Create Scripting Package Overview
Installation procedure Actions are executed via a script . Uninstallation flow Optional. Repair Procedure Optional.
Create Driver Package Overview Driver packages are used during the basic installation of Windows for the respective machine type. Technical References https://docs.microsoft.com/en-us/windows-hardware/drivers/install/driver-packages
Installation procedure All inf files are installed first via the PNP function, then other commands can be executed via the deploy.xml.
Create Scripting Package Page 22 of 23 23.09.2021 17:00:47
Uninstallation flow There is no uninstallation. Repair Procedure There is no repair.
Download Download
German English
Download Page 23 of 23