MSI / Windows Installer MSI / Windows Installer for NGN ‘Dummies’for NGN ‘Dummies’

Roel van BuerenRoel van Bueren

ROVABU NetWorksROVABU NetWorks

PlanningPlanning 16.00 – 16.15 – Introduction16.00 – 16.15 – Introduction 16.15 – 17.00 – Theory16.15 – 17.00 – Theory 17.00 – 17.15 – AdminStudio17.00 – 17.15 – AdminStudio 17.15 – 18.00 – Adobe Reader17.15 – 18.00 – Adobe Reader 18.00 – 18.30 – Pizza18.00 – 18.30 – Pizza 18.30 – 18.45 – Firefox18.30 – 18.45 – Firefox 18.45 – 19.00 – Java18.45 – 19.00 – Java 19.00 – 19.15 – QuickTime19.00 – 19.15 – QuickTime 19.15 – 19.30 – Adobe Flash19.15 – 19.30 – Adobe Flash 19.30 – 20.00 – “Puntjes op de ‘i’”19.30 – 20.00 – “Puntjes op de ‘i’”

IntroductionIntroduction

Who are you?Who are you? What is your experience with What is your experience with

‘Windows Installer’ and Software ‘Windows Installer’ and Software Packaging?Packaging?

What Software Distribution System do you What Software Distribution System do you use (ZENworks, SCCM, Altiris …) ?use (ZENworks, SCCM, Altiris …) ?

Which Packaging Software do you use?Which Packaging Software do you use? What’s your favorite type of pizza?What’s your favorite type of pizza?

ComparisonComparison Comparison:Comparison:

Legacy InstallerLegacy Installer Windows InstallerWindows Installer

File FormatFile Format Setup.EXESetup.EXE .MSI file.MSI file ArchitectureArchitecture ProgrammedProgrammed DatabaseDatabase ProcessProcess Single processSingle process Client/ServerClient/Server StructureStructure ProprietaryProprietary Open SchemaOpen Schema RollbackRollback -- ++ ElevationElevation -- ++ Install on DemandInstall on Demand -- ++

Windows InstallerWindows Installer

The Windows Installer (previously known as The Windows Installer (previously known as Microsoft Installer, is an engine for the Microsoft Installer, is an engine for the installation, maintenance, and removal of installation, maintenance, and removal of software on modern Microsoft Windows software on modern Microsoft Windows systems. systems.

The installation information, and often the files The installation information, and often the files themselves, are packaged in installation themselves, are packaged in installation packages, loosely relational databases packages, loosely relational databases structured as OLE Structured Storage Files and structured as OLE Structured Storage Files and commonly known as "MSI files", from their commonly known as "MSI files", from their default file extension. default file extension.

Windows InstallerWindows Installer It is also unique among installation software It is also unique among installation software

frameworks for Windows in that it is highly frameworks for Windows in that it is highly transparent. transparent.

The full API and all command-line options are The full API and all command-line options are documented; documented;

Packages are freely viewable and editable, both Packages are freely viewable and editable, both with free tools and programmatically (as with free tools and programmatically (as opposed to the proprietary and even weakly opposed to the proprietary and even weakly encrypted packages of InstallShield)encrypted packages of InstallShield)

The format for file archives is the well The format for file archives is the well documented cabinet file format.documented cabinet file format.

Windows InstallerWindows Installer

Windows Installer contains significant changes Windows Installer contains significant changes from its predecessor, Setup API.from its predecessor, Setup API.

New features include a GUI framework and New features include a GUI framework and automatic generation of the uninstallation automatic generation of the uninstallation sequence. sequence.

Windows Installer is positioned as an alternative Windows Installer is positioned as an alternative to stand-alone executable installer frameworks to stand-alone executable installer frameworks such as older versions of InstallShield and Wise such as older versions of InstallShield and Wise (later versions of both products are based on (later versions of both products are based on Windows Installer) and NSIS.Windows Installer) and NSIS.

Windows InstallerWindows Installer

Microsoft encourages third parties to use Microsoft encourages third parties to use Windows Installer as the basis for Windows Installer as the basis for installation frameworks, so that they installation frameworks, so that they synchronize correctly with other installers synchronize correctly with other installers and keep the internal database of installed and keep the internal database of installed products consistent. products consistent.

Important features such as rollback and Important features such as rollback and versioning depend on a consistent internal versioning depend on a consistent internal database for reliable operation.database for reliable operation.

Package and ProductsPackage and Products

A package describes the installation of A package describes the installation of one or more full products and is one or more full products and is universally identified by a GUID (the universally identified by a GUID (the PackageCode property). PackageCode property).

A product is made up of components, A product is made up of components, grouped into features.grouped into features.

ProductsProducts

Products: a single, installed, working program Products: a single, installed, working program (or set of programs) is a product. A product is (or set of programs) is a product. A product is identified by a unique GUID (the ProductCode identified by a unique GUID (the ProductCode property). property).

A product is not the same as a package: a single A product is not the same as a package: a single MSI package might install multiple different MSI package might install multiple different products. For example, an MSI might install products. For example, an MSI might install French and English versions of a program, each French and English versions of a program, each of which is a different product.of which is a different product.

ProductsProducts

ComponentsComponents

Components: a component is the minimal part of Components: a component is the minimal part of a product—each component is treated by a product—each component is treated by Windows Installer as a unit: the install developer Windows Installer as a unit: the install developer cannot, for example, use a condition to specify cannot, for example, use a condition to specify to install just part of a component. to install just part of a component.

Components can contain files, directories, COM Components can contain files, directories, COM components, registry keys, shortcuts, and other components, registry keys, shortcuts, and other data. The end user does not directly interact with data. The end user does not directly interact with components.components.

ComponentsComponents

Components are identified globally by Components are identified globally by GUIDs, thus the same component can be GUIDs, thus the same component can be shared among several features of the shared among several features of the same package or multiple packages, same package or multiple packages, ideally through the use of Merge Modules ideally through the use of Merge Modules (although, for this to work correctly, (although, for this to work correctly, different components should not share any different components should not share any sub-components).sub-components).

ComponentsComponents

Product

Component 1

Component 2

Component 3b

Component 3a

Component 4

Component 1

Feature 1

Feature 2

Feature 3

Feature 4

Key PathsKey Paths

Key paths: a key path is a specific file, Key paths: a key path is a specific file, registry key, or ODBC data source that the registry key, or ODBC data source that the package author specifies as critical for a package author specifies as critical for a given component. given component.

Key PathsKey Paths

Because a file is the most common type of Because a file is the most common type of key path, the term key file is commonly key path, the term key file is commonly used. A component can contain at most used. A component can contain at most one key path; if a component has no one key path; if a component has no explicit key path, the component's explicit key path, the component's destination directory is taken to be the key destination directory is taken to be the key path. path.

Key PathsKey Paths

When an MSI-based application is When an MSI-based application is launched, Windows Installer checks the launched, Windows Installer checks the existence of these critical files or registry existence of these critical files or registry keys (that is, the key paths). keys (that is, the key paths).

Key PathsKey Paths

If there is a mismatch between the current If there is a mismatch between the current system state and the value specified in the system state and the value specified in the MSI package (e.g., a key file is missing), MSI package (e.g., a key file is missing), then the related feature is re-installed. This then the related feature is re-installed. This process is also known as self-healing or process is also known as self-healing or self-repair. No two components should use self-repair. No two components should use the same key path.the same key path.

FeaturesFeatures

Features: a feature is a hierarchical group of Features: a feature is a hierarchical group of components—a feature can contain any number components—a feature can contain any number of components and other features (a feature of components and other features (a feature contained in another feature is called a contained in another feature is called a "subfeature"). "subfeature").

Many software packages only involve one Many software packages only involve one feature. More complex installation programs feature. More complex installation programs usually display a "custom setup" dialog box at usually display a "custom setup" dialog box at run time, from which the end user can select run time, from which the end user can select which features to install or remove.which features to install or remove.

FeaturesFeatures

The package author defines the product The package author defines the product features. A word-processing program, for features. A word-processing program, for example, might provide features for the example, might provide features for the main program executable, the program's main program executable, the program's help files, and optional spelling checker help files, and optional spelling checker and stationery modules.and stationery modules.

Setup PhaseSetup Phase

User InterfaceUser Interface ExecuteExecute RollbackRollback

User InterfaceUser Interface

The user interface phase typically queries The user interface phase typically queries the target system and displays an the target system and displays an installation wizard and enables the user to installation wizard and enables the user to change various options that will affect the change various options that will affect the installation.installation.

However, the user interface sequence However, the user interface sequence should not make any changes to the should not make any changes to the system. Three reasons for this are as system. Three reasons for this are as follows:follows:

User InterfaceUser Interface

1. A user can install an MSI package in 1. A user can install an MSI package in quiet mode, bypassing this phase entirely, quiet mode, bypassing this phase entirely, by running the msiexec.exe command-line by running the msiexec.exe command-line utility with the /qn (or /qb or /qr) option and utility with the /qn (or /qb or /qr) option and specifying on the command line all the specifying on the command line all the information that the wizard would normally information that the wizard would normally gather. Therefore, any actions that occur gather. Therefore, any actions that occur in the user interface sequence will not be in the user interface sequence will not be performed during a silent installation.performed during a silent installation.

User InterfaceUser Interface

2. Similarly, clicking the Remove button in 2. Similarly, clicking the Remove button in the Add or Remove Programs panel runs the Add or Remove Programs panel runs a product's uninstaller with a basic user a product's uninstaller with a basic user interface, again with the result that any interface, again with the result that any actions that occur in the user interface actions that occur in the user interface sequence will not be performed.sequence will not be performed.

User InterfaceUser Interface

3. Actions that make system changes 3. Actions that make system changes should not be scheduled in the user should not be scheduled in the user interface sequence as the user interface interface sequence as the user interface sequence runs with user privileges, and sequence runs with user privileges, and not with elevated privileges, as described not with elevated privileges, as described in the following section.in the following section.

User InterfaceUser Interface

Actions in the user interface sequence of a Actions in the user interface sequence of a normal installation are defined in the normal installation are defined in the InstallUISequenceInstallUISequence table. Similarly, there table. Similarly, there is an is an AdminUISequenceAdminUISequence in which you can in which you can place dialog boxes and actions to display place dialog boxes and actions to display and perform from within an administrative and perform from within an administrative installation wizard. installation wizard.

ExecuteExecute

When the user clicks the When the user clicks the FinishFinish or or InstallInstall button in a typical MSI installation wizard, button in a typical MSI installation wizard, installation proceeds to the Execute installation proceeds to the Execute phase, in which software components are phase, in which software components are actually installed. The Execute phase actually installed. The Execute phase makes system changes, but does not makes system changes, but does not display any user-interface elements.display any user-interface elements.

ExecuteExecute

Execute phase happens in two steps:Execute phase happens in two steps:

ExecuteExecute

Immediate mode.Immediate mode.

In this phase, Windows Installer receives In this phase, Windows Installer receives instructions, either from a user or an instructions, either from a user or an application, to install or uninstall features application, to install or uninstall features of a product. The requests cause the of a product. The requests cause the execution of execution of sequencessequences of of actionsactions, which , which query the installation database to build an query the installation database to build an internal internal scriptscript describing the execution describing the execution phase in detail.phase in detail.

ExecuteExecute

Deferred mode.Deferred mode.

In this phase, the script built in immediate mode is In this phase, the script built in immediate mode is executed in the context of the privileged Windows executed in the context of the privileged Windows Installer Installer serviceservice (specifically, the LocalSystem account). (specifically, the LocalSystem account). The script must be executed by a privileged account The script must be executed by a privileged account because of the heterogeneity of the scenarios in which a because of the heterogeneity of the scenarios in which a setup operation is initiated—for example, elevated setup operation is initiated—for example, elevated privileges are necessary to serve on-demand installation privileges are necessary to serve on-demand installation requests from non-privileged users. (In order to run with requests from non-privileged users. (In order to run with elevated privileges, however, the package must be elevated privileges, however, the package must be deployed by a local administrator or advertised by a deployed by a local administrator or advertised by a system administrator using Group Policy.)system administrator using Group Policy.)

ExecuteExecute

Execute sequence actions for a normal Execute sequence actions for a normal installation are stored in the installation are stored in the InstallExecuteSequence table. An MSI InstallExecuteSequence table. An MSI database can also contain database can also contain AdminExecuteSequence and AdminExecuteSequence and AdvtExecuteSequence tables to define AdvtExecuteSequence tables to define actions to perform for administrative and actions to perform for administrative and advertised installations. advertised installations.

RollbackRollback

All installation operations are transactional. For All installation operations are transactional. For each operation that Windows Installer performs, each operation that Windows Installer performs, it generates an equivalent undo operation that it generates an equivalent undo operation that would undo the change made to the system. would undo the change made to the system.

In case any script action fails during deferred In case any script action fails during deferred execution, or the operation is cancelled by the execution, or the operation is cancelled by the user, all the actions performed until that point user, all the actions performed until that point are rolled back, restoring the system to its are rolled back, restoring the system to its original state.original state.

RollbackRollback

Standard Windows Installer actions Standard Windows Installer actions automatically write information into a rollback automatically write information into a rollback script; package authors who create custom script; package authors who create custom actions that change the target system should actions that change the target system should also create corresponding rollback actions (as also create corresponding rollback actions (as well as uninstallation actions and uninstallation-well as uninstallation actions and uninstallation-rollback actions). This mechanism can lead to rollback actions). This mechanism can lead to the surprising situation whereby a failed uninstall the surprising situation whereby a failed uninstall leads to the application being re-installed.leads to the application being re-installed.

Customization and PatchesCustomization and Patches

Windows Installer natively supports Windows Installer natively supports patches (.msp files made out of patch patches (.msp files made out of patch creation properties) and other creation properties) and other customizations of packages through customizations of packages through manipulations (transforms or .mst files) of manipulations (transforms or .mst files) of a package's relational database.a package's relational database.

PropertiesProperties

PublicPublic PrivatePrivate

Public PropertiesPublic Properties

Public properties can be authored into the Public properties can be authored into the installation database in the same way as private installation database in the same way as private properties. properties.

In addition, the values of public properties can In addition, the values of public properties can be changed by a user or system administrator by be changed by a user or system administrator by setting the property on the command line, by setting the property on the command line, by applying a transform, or by interacting with an applying a transform, or by interacting with an authored user interface. authored user interface.

Public property names cannot contain lowercase Public property names cannot contain lowercase letters. letters.

Public PropertiesPublic Properties

Public properties are commonly set by Public properties are commonly set by users during the installation. users during the installation.

For example, the value of the ADDLOCAL For example, the value of the ADDLOCAL property is a list of features that are property is a list of features that are delimited by commas, and are to be delimited by commas, and are to be installed locally. installed locally.

To install all features locally, use To install all features locally, use ADDLOCAL=ALL on the command line. ADDLOCAL=ALL on the command line.

Private PropertiesPrivate Properties

Private properties are used internally by the Private properties are used internally by the installer and their values must be entered into installer and their values must be entered into the database by the author of the installation the database by the author of the installation package or set by the installer during the package or set by the installer during the installation to values determined by the installation to values determined by the operating environment. operating environment.

The only way a user can interact with private The only way a user can interact with private properties is through Control Events in the properties is through Control Events in the package's authored user interface. Private package's authored user interface. Private property names must include lowercase letters. property names must include lowercase letters.

Private PropertiesPrivate Properties

Private properties commonly describe the Private properties commonly describe the operating environment. operating environment.

For example, if the installation is run on a For example, if the installation is run on a Windows platform, the installer sets the Windows platform, the installer sets the WindowsFolderWindowsFolder property to the value property to the value specified in the Property table.specified in the Property table.

ICE validationICE validation

Microsoft provides a set of Internal Consistency Microsoft provides a set of Internal Consistency Evaluators, or ICEs, that can be used to detect Evaluators, or ICEs, that can be used to detect potential problems with an MSI database.[7] The potential problems with an MSI database.[7] The ICE rules are combined into CUB files, which are ICE rules are combined into CUB files, which are stripped-down MSI files containing custom stripped-down MSI files containing custom actions that test the target MSI database's actions that test the target MSI database's contents for validation warnings and errors. ICE contents for validation warnings and errors. ICE validation can be performed with the Platform validation can be performed with the Platform SDK tools Orca and msival2, or with validation SDK tools Orca and msival2, or with validation tools that ship with the various authoring tools that ship with the various authoring environments.environments.

ICE validationICE validation

For example, some of the ICE rules are:For example, some of the ICE rules are:

ICE09: Validates that any component destined for the ICE09: Validates that any component destined for the System folder is marked as being permanent.System folder is marked as being permanent.

ICE24: Validates that the product code, product version, ICE24: Validates that the product code, product version, and product language have appropriate formats.and product language have appropriate formats.

ICE33: Validates that the Registry table is not used for ICE33: Validates that the Registry table is not used for data better suited for another table (Class, Extension, data better suited for another table (Class, Extension, Verb, and so on).Verb, and so on).

Addressing ICE validation warnings and errors is an Addressing ICE validation warnings and errors is an important step in the release process.important step in the release process.

CachingCaching

To prevent requiring the original To prevent requiring the original installation source, Windows Installer installation source, Windows Installer packages and patches are cached in the packages and patches are cached in the %WinDir%\Installer directory (hidden by %WinDir%\Installer directory (hidden by default). default).

CachingCaching

If the package builder chooses to use If the package builder chooses to use Installation on Demand or Repair feature Installation on Demand or Repair feature in the package, the entire package (except in the package, the entire package (except for localization messages) and a stub .MSI for localization messages) and a stub .MSI package are copied to the %WinDir%\package are copied to the %WinDir%\Installer directory.Installer directory.

RightsRights

““How to allow users who are not administrators How to allow users who are not administrators to install MSI packages” - KB259459to install MSI packages” - KB259459

An application is called a "managed application" An application is called a "managed application" if elevated (system) privileges are used to install if elevated (system) privileges are used to install the application. the application.

A situation in which you might need to install a A situation in which you might need to install a managed application is if you are installing an managed application is if you are installing an application on Windows NT, 2K, XP or Vista and application on Windows NT, 2K, XP or Vista and do not have administrative privileges on that do not have administrative privileges on that computer. computer.

RightsRights

This article describes three methods by This article describes three methods by which an administrator can enable a non-which an administrator can enable a non-administrator user to install managed administrator user to install managed Windows Installer applications. Windows Installer applications.

RightsRights

An administrator can set the An administrator can set the AlwaysInstallElevatedAlwaysInstallElevated registry keys for registry keys for both per-user and per-machine both per-user and per-machine installations on the computer.installations on the computer.

An administrator can install or advertise An administrator can install or advertise the package on the computer for a the package on the computer for a per-machine installation per-machine installation (per-machine means that it will be (per-machine means that it will be available for all users of that computer).available for all users of that computer).

RightsRights

An administrator can advertise an An administrator can advertise an application on a user's computer by application on a user's computer by assigning or publishing the Windows assigning or publishing the Windows Installer package using application Installer package using application deployment and Group Policy or … by deployment and Group Policy or … by using any other 3using any other 3rdrd party application party application deployment solutiondeployment solution

VersionsVersions

VersionsVersions

QuestionsQuestions