The Definitive Guidetmtm To
Windows Installer Technology for System Administrators
Darwin Sanoy and Jeremy Moskowitz Introduction
Introduction to Realtimepublishers
by Sean Daily, Series Editor
The book you are about to enjoy represents an entirely new modality of publishing and a major first in the industry. The founding concept behind Realtimepublishers.com is the idea of providing readers with high-quality books about today’s most critical technology topics—at no cost to the reader. Although this feat may sound difficult to achieve, it is made possible through the vision and generosity of a corporate sponsor who agrees to bear the book’s production expenses and host the book on its Web site for the benefit of its Web site visitors. It should be pointed out that the free nature of these publications does not in any way diminish their quality. Without reservation, I can tell you that the book that you’re now reading is the equivalent of any similar printed book you might find at your local bookstore—with the notable exception that it won’t cost you $30 to $80. The Realtimepublishers publishing model also provides other significant benefits. For example, the electronic nature of this book makes activities such as chapter updates and additions or the release of a new edition possible in a far shorter timeframe than is the case with conventional printed books. Because we publish our titles in “real-time”—that is, as chapters are written or revised by the author—you benefit from receiving the information immediately rather than having to wait months or years to receive a complete product. Finally, I’d like to note that our books are by no means paid advertisements for the sponsor. Realtimepublishers is an independent publishing company and maintains, by written agreement with the sponsor, 100 percent editorial control over the content of our titles. It is my opinion that this system of content delivery not only is of immeasurable value to readers but also will hold a significant place in the future of publishing. As the founder of Realtimepublishers, my raison d’être is to create “dream team” projects—that is, to locate and work only with the industry’s leading authors and sponsors, and publish books that help readers do their everyday jobs. To that end, I encourage and welcome your feedback on this or any other book in the Realtimepublishers.com series. If you would like to submit a comment, question, or suggestion, please send an email to [email protected], leave feedback on our Web site at http://www.realtimepublishers.com, or call us at 800-509- 0532 ext. 110. Thanks for reading, and enjoy!
Sean Daily Founder & Series Editor Realtimepublishers.com, Inc.
i Table of Contents
Introduction to Realtimepublishers...... i Chapter 1: Meet Windows Installer: Introduction, Features, and Benefits...... 1 Defining the Need for Windows Installer...... 1 Saved Time and Effort Through Automated Installs...... 1 Application and Operating System Stability...... 2 The Benefits of Windows Installer and MSI ...... 4 Your First Windows Installer Encounter ...... 6 Windows Installer Version Numbers...... 9 What Is Your Windows Installer Version Number?...... 9 The Internals of Version Numbers...... 10 Windows Installer Version 2.0 ...... 10 Windows’ Relationship to Windows Installer...... 12 Windows Installer on Downlevel Clients ...... 13 MSI File Foundations ...... 13 Setup or MSI? ...... 13 Base Installations, Transforms, and Patches...... 14 Base Installations ...... 14 Transforms ...... 15 Vendor-Supplied Transform-Generation Tools...... 16 Third-Party Transform-Generation Tools...... 17 Executing MSIs with Transforms ...... 19 Patches ...... 19 Roadmap for the Rest of the Text...... 20
Chapter 2: MSI Tools Roundup...... 21 Basics of the Repackaging Approach ...... 22 Microsoft’s Offerings...... 22 WinInstall LE...... 23 WinInstall LE Operation...... 23 SMS Installer ...... 25 The SMS Installer Repackage Installation Wizard Tool ...... 26 The SMS Installer Watch Tool ...... 27
ii Table of Contents
The SMS Installer Script Editor...... 28 Creating MSI Files with the SMS Installer...... 30 Commercial Third-Party MSI Tools...... 33 Commercial Third-Party Tools at a Glance...... 33 Wise Package Studio...... 34 AdminStudio 3.5...... 38 Prism Pack ...... 40 Added Functionality...... 42 Wise Package Studio 4.0 Repackaging Innovations...... 42 AdminStudio 3.5 Repackaging Innovations ...... 43 Shareware and Freeware Third-Party Tools ...... 43 Summary...... 44 Chapter 3: Windows Installer Internals ...... 45 Application Management Meta Data...... 45 MSI File Format...... 46 Three Streams ...... 46 The Database...... 46 “Open” File Format...... 48 How Packages Describe Software Applications and Installation Procedures ...... 48 Software Application Information ...... 49 Identification in Windows Installer ...... 49 Component Structure and Attributes ...... 50 Component Name ...... 51 Component Codes...... 52 Keypaths ...... 52 Entry Points and Advertisements...... 53 Typical Components ...... 55 Features...... 56 Package Execution Information...... 57 Standard Actions...... 57 Custom Actions...... 58 Sequences...... 58 Properties ...... 59
iii Table of Contents
Notable Properties...... 61 Self-Healing Overview ...... 62 Summary of Package Structure Concepts...... 63 Customizing Packages ...... 64 Managed Application Settings...... 66 Creating Transforms for Application Settings...... 68 Using Transforms...... 69 Administrative Installs...... 69 Building and Using Administrative Installs...... 71 Installing from an Administrative Share...... 72 Serving Applications...... 72 Security and Policies...... 73 Windows Installer Policies ...... 74 Elevated Privileges Implementation ...... 74 Managed Applications ...... 75 Always Install with Elevated Privileges (AlwaysInstallElevated) Policy ...... 76 AlwaysInstallElevated Hacking...... 76 Disable Windows Installer (DisableMSI) Policy...... 76 Cache Transforms in Secure Location on Workstation (TransformsSecure) ...... 77 Other Security-Oriented Policies ...... 77 Non-Security Policies ...... 77 Excess Recovery Options ...... 77 Logging Policy...... 78 Software Restriction Policies...... 79 Certificate Rules...... 79 Hash Rules ...... 79 Path Rules ...... 80 Zone Rules ...... 80 Combining Rules ...... 80 Summary...... 80 Chapter 4: Best Practices for Building Packages...... 81 Best Practices Formulation ...... 81 Best Practice Is Not Optional...... 83
iv Table of Contents
Darwin’s Law of Technology Sophistication ...... 83 Repackaging Best Practice Recommendations...... 84 Do Not Repackage All Types of Setup Programs ...... 85 Have a Documented Desktop Reference Configuration...... 86 Use Clean System Reloads for Testing and Packaging ...... 86 Why Clean Machines? ...... 87 Additional Management Data for Packaging...... 88 Windows Installer Best Practices...... 89 Invest in Training...... 90 Invest in Good Tools...... 90 Basic Packaging Functionality...... 91 Advanced Functionality...... 91 Peripheral Features...... 92 Administrator vs. Developer Tools...... 93 Manage Your Windows Installer Engine Version...... 93 Know How Windows Installer Interacts with Other Technologies...... 93 Configure Policies and Security...... 94 Ensure Source List Management ...... 94 Repackage Existing Packages Rather than Convert Them...... 95 Use VBScript for Custom Actions and Other MSI Scripting...... 95 Run Package Validation...... 97 Perform a Dry Run with Verbose Logging...... 97 Utilize Windows Installer’s Logging Capabilities...... 98 Formulating Your Own Processes ...... 98 Windows Installer SDK Assumptions ...... 98 Package Classifications...... 101 Package Structure Rules for Administrators...... 103 Component Rules—The Protocols for Sharing ...... 103 Scope of Distribution ...... 104 Code Management Components...... 105 Duplicate Component Definitions ...... 107 Conflicting Component Definitions...... 108 Compounded Problems...... 110
v Table of Contents
Upgrade Packages...... 110 Upgrade Processes ...... 110 Package Attributes ...... 111 Update Types ...... 112 Minor Upgrade...... 112 Small Update (Admins Need Not Apply)...... 112 Major Upgrade...... 113 Simplifying Upgrades ...... 113 Patch Packages...... 114 Generating Patches...... 114 Patching Reality Checks ...... 115 Conflict Management for Package Structure...... 116 A Word About Merge Modules ...... 116 Merge Modules in the Administrator’s World...... 117 Merge Modules as a Poor Man’s Conflict Management Tool...... 117 Replacing Repackaged Files with Merge Modules ...... 118 Administrator and In-House Developer Generated Merge Modules...... 118 Summary...... 119 Chapter 5: Windows Installer with or without Active Directory...... 120 Beware the Tide of Windows Installer ...... 120 Services Provided by Win2K Technologies ...... 121 IntelliMirror Repository Technologies Overview ...... 122 IntelliMirror Deployment Technologies Overview ...... 123 Source Lists—the Good and the Bad...... 124 Trickle Services, CD-ROM Distribution, and Source Lists ...... 126 Fixing Existing Unmanaged Sources...... 126 Designing the Package Distribution Repository...... 127 When to Choose Something Other than DFS ...... 128 DFS Functionality Alternatives ...... 129 Managed Drive Letters and Managed Environment Variables...... 130 Package Source List Management...... 135 When to Choose Something Other than FRS ...... 136 FRS Alternatives...... 136
vi Table of Contents
Directory Structure Issues...... 137 Directory Structure Considerations...... 138 Administrative Installs...... 139 Repository Availability Service Level Agreement...... 141 Package Deployment Technology Planning ...... 141 IntelliMirror Fine Print ...... 142 When to Consider Alternatives to IntelliMirror Deployment...... 143 Summary...... 144
Chapter 6: MSI Deployment Roundup ...... 145 MSI Deployment for Free...... 145 Sneakernet...... 146 Batch File Installation...... 148 Microsoft MSI Deployment with Group Policy ...... 151 MSI Deployment with Third-Party Tools...... 154 Deploying with the Assistance of Third-Party Repackaging Tools...... 154 Third-Party Distribution Methods...... 156 Microsoft SMS and MSI Deployment ...... 157 MSI Deployment and Management with Altiris Client Management Suite...... 160 MSI Deployment and Management with ON Technology’s ON Command CCM...... 162 MSI Deployment with ONDemand Software’s WinINSTALL ...... 165 MSI Deployment with Mobile Automation 2000...... 169 Summary...... 172 Content Central ...... 173 Download Additional eBooks! ...... 173
vii Copyright Statement
Copyright Statement © 2005 Realtimepublishers.com, Inc. All rights reserved. This site contains materials that have been created, developed, or commissioned by, and published with the permission of, Realtimepublishers.com, Inc. (the “Materials”) and this site and any such Materials are protected by international copyright and trademark laws. THE MATERIALS ARE PROVIDED “AS IS” WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE AND NON-INFRINGEMENT. The Materials are subject to change without notice and do not represent a commitment on the part of Realtimepublishers.com, Inc or its web site sponsors. In no event shall Realtimepublishers.com, Inc. or its web site sponsors be held liable for technical or editorial errors or omissions contained in the Materials, including without limitation, for any direct, indirect, incidental, special, exemplary or consequential damages whatsoever resulting from the use of any information contained in the Materials. The Materials (including but not limited to the text, images, audio, and/or video) may not be copied, reproduced, republished, uploaded, posted, transmitted, or distributed in any way, in whole or in part, except that one copy may be downloaded for your personal, non- commercial use on a single computer. In connection with such use, you may not modify or obscure any copyright or other proprietary notice. The Materials may contain trademarks, services marks and logos that are the property of third parties. You are not permitted to use these trademarks, services marks or logos without prior written consent of such third parties. Realtimepublishers.com and the Realtimepublishers logo are registered in the US Patent & Trademark Office. All other product or service names are the property of their respective owners. If you have any questions about these terms, or if you would like information about licensing materials from Realtimepublishers.com, please contact us via e-mail at [email protected].
viii Chapter 1
[Editor’s Note: This eBook was downloaded from Content Central. To download other eBooks on this topic, please visit http://www.realtimepublishers.com/contentcentral/.]
Chapter 1: Meet Windows Installer: Introduction, Features, and Benefits
by Jeremy Moskowitz You’re an administrator. You’re the person who comes in early to reboot the servers on Sunday. You’re the person who stays late to ensure that the backup job has really kicked off successfully. You’re setting up servers and hauling around the occasional desktop, and you’re the lucky one who all-too-frequently has the honor of losing weekends due to a poorly planned “move, add, change.” We created this book for you. If you’re familiar with the technology and history behind Windows Installer, you know that historically, discussions about this technology have had a bit of a developer slant. However, there is another side to these discussions, and the administrator’s side to the Windows Installer story is an exciting one that might get you a weekend or two back. We’re going to try hard in this book to show you why Windows Installer is useful for you—the administrator. Throughout the book, we will be getting into some of the meaty internals of Windows Installer. If you have a little bit of a developer background, that’s great; but those who do not will be just as comfortable and find much useful information. With that in mind, let’s start our journey.
Defining the Need for Windows Installer Before we dive into an introduction to Windows Installer and an exploration of how it works, let’s define the need for this technology. Why was it developed and what does it offer that will benefit you?
Saved Time and Effort Through Automated Installs How are you installing your software today? If you’re like many administrators, you’re still tracking down the installation CD-ROM media (or you’ve made the installation available on a network source), running from machine to machine, and shooing the user aside for 30 to 60 minutes to install and test the application. This method works just fine for about 10 machines but quickly falls apart once the number of users and applications starts to increase. In the past, additional manpower has been brought in to shoulder the load—more people are hired to slog from computer to computer and load applications. Although hiring more people can ease the load, you and the other administrators must still answer, for each installation, the same 10 questions—such as the location of the program files, the default location of the data files, and which portions of the application should be loaded. In addition to being a “poor administrative experience,” this tack is expensive. Imagine the figure you would come up with if you had to calculate all the time that you and your staff spent ensuring that each desktop had exactly the same hand-crafted software installation settings. Think of all the other stuff you could be doing if you and your team weren’t trotting to each desktop.
1 Chapter 1
Enter Windows Installer technology. After we’ve covered all the pieces of this technology— from the Windows Installer basics to the MSI repackaging process to the actual deployment— you’ll have gained the knowledge, skills, and tools necessary to save yourself and your staff tons of time that can then be devoted to more productive endeavors.