Transcription
RM Seminars Spring2013CC4 Packages withoutpackaging
RM Technical Seminars spring 2013CC4 packages without packagingIntroductionCommunity Connect 4 uses Microsoft Windows Installer Packages to deployand install applications on to Community Connect 4 managed clients.A Windows Installer Package is a database that contains instructions on how apiece of software should be installed and, when no longer required, removed froma computer. In this session we will look at what a Windows Installer Package is andthe parts that make up a package.Historically, you may have used the tools provided with Community Connect 4,namely RM Application Wizard and WinInstall Discover, part of WinInstall LE, tocreate these packages so you could manage the software installations on yourcomputers.In this session we will look at what these tools did and why you may haveencountered problems when using Application Wizard and why you probably don’teven need to create your own packages. We will look at how you can test setupexecutable and Windows Installer Packages created by the software vendorsthemselves to see if they can be used to deploy the software to your CommunityConnect 4 computers.If an installer provided by the software vendor doesn’t install and configure a pieceof software the way you want it on your computers we will look at editing toolswhich allow you to achieve your aim.Finally we will be looking at the next version of RM Package Blueprint and how youcan use the new version to keep pieces of software, which are often updated,current on your network.What is a Windows Installer Package?Windows Installer is a software component used for the installation, maintenanceand removal of software in Microsoft Windows . The installation information, andoften the files themselves, are packaged in installation packages that are looselyrelational databases structured as COM Structured Storages and commonly knownas ‘MSI files’, because of their file extension. Windows Installer was positioned byMicrosoft as an alternative to standalone executable installers in order to provide areliable, robust installation framework that allowed for reliable uninstallation ofapplications when they were no longer needed.Microsoft encourages third parties to use Windows Installer as the basis forinstallations, so that they synchronise correctly with other installers and keep theinternal database of installed products consistent. Important features such as 2013 RM EducationPage 2
RM Technical Seminars spring 2013CC4 packages without packagingrollback and versioning depend on a consistent internal database for reliableoperation. Furthermore, Windows Installer facilitates the principle of least privilegeby performing software installations by proxy for unprivileged users. This meansthat even if a student user (or no user at all) is logged on to a Community Connect4 client, a piece of software can still be installed using the Windows Installerservice, which is a core part of Windows since Windows 2000.The logical structure of packagesA package describes the installation of one or more full products and is universallyidentified by a GUID. When a Windows Installer Package is examined we can seethis GUID in the ProductCode property in the Property table of the WindowsInstaller Package, as the screenshot below shows.We will look at this utility, Microsoft Orca, later in this paper and how it can be usedto change the behaviour of a Windows Installer package when it is used to install anapplication on to a computer.A product is made up of two further parts: FeaturesComponentsFeaturesA feature is a hierarchical group of components—a feature can contain any numberof components and other features (a feature contained in another feature is calleda ‘subfeature’). Many software packages only involve one feature. More complexinstallation programs usually display a ‘custom setup’ dialog box as part of the setup 2013 RM EducationPage 3
RM Technical Seminars spring 2013CC4 packages without packagingwizard, from which the user installing the application can select which features toinstall.The package author defines the product features. For example, a word processingprogram might provide features for the main application executable, theapplications help files and optional features such as spell checker and stationerymodules.ComponentsA component is the basic unit of a product; each component is treated byWindows Installer as a unit. Components can contain files, directories, COMcomponents, registry keys, shortcuts and other data. When installing a piece ofsoftware, the user doesn’t interact with components as they would with Productsand Features; the Windows Installer service manages these.Components are identified globally by GUIDs, and because of this the samecomponent can be shared among several features of the same package or multiplepackages. Similarly, if a component is used by multiple packages, it can’t beremoved by one of the packages because it is identified as being used by anotherapplication.What does a Windows Installer Package do?Windows Installer Packages are used by the Windows Installer Service (calledmsiexec.exe). This is a service which has been a core part in the operating systemsince Microsoft Windows 2000 (although it was available for installation on otherversions of Microsoft Windows as it was included as an installer with MicrosoftOffice 2000) and the most current version is v5.0.9200.16384 which is part ofMicrosoft Windows 8. When an application is to be installed by the WindowsInstaller service, the location and the name of the Windows Installer Package arepassed to the Windows Installer Service along with any switches needed duringpackage installation. Later in this paper we will look at what these switches are as 2013 RM EducationPage 4
RM Technical Seminars spring 2013CC4 packages without packagingthey are useful when using a third party Windows Installer Package on aCommunity Connect 4 network.When a package is assigned to a managed client using the RM ManagementConsole, the details of the Windows Installer Package location and any switchesare passed to the Windows Installer Service. One of the switches passed tells theservice to install the application silently. We wouldn’t want an application’s setupinterface to be displayed during installation that would disrupt the user. Sometimes,for various reasons, despite these arguments being passed to the Windows InstallerService, the setup may still be displayed on screen. This is known as the installation‘going interactive’ and there may be other options we need to pass to the WindowsInstaller Service to prevent this from happening. These options will be exploredlater in this paper.Installing applications on a Community Connect 4clientMost applications are centrally deployed using the RM Management Console todeploy, on the main, Windows Installer Packages. It is possible to also use setupexecutables to centrally deploy an application. There are a few more things weneed the executable to support that needs to be checked before deployingthrough the RM Management Console which will be examined later in this paper.On the properties of a package in the RM Management Console, you can seewhether an application is installed using a Windows Installer Package or anexecutable.The Community Connect 4 components that manage installations of applicationsinclude: CompManComputer Manager gets the details of computers that a package is going to 2013 RM EducationPage 5
RM Technical Seminars spring 2013CC4 packages without packagingbe assigned to. RepoManRepository Manager manages the package repository, the ‘master’ repositoryon the Community Connect 4 First server. Installation AgentInstallation Agent manages the installation of the package. PackManPackage Manager is used to manage a local database on each computerwhich records the package installation state. This information is then passedback to the CC4 database so that we can accurately see the installationstatus of the package work. LocManLocation Manager is used to gather information about the location thecomputer exists in. During computer build, Location Manager gets theinformation for the packages assigned at the location level. JobManJob Manager does what it says on the tin; it creates and manages thepackage job. It uses some Microsoft technology at this point which we lookat later when we create a package assignment task. CommandExecThe Command Executor runs and manages the package assignment tasks,calling other CC4 components (like Installation Agent) when necessary SiteManSite Manager is used where a Community Connect 4 network is ‘multi-site’,where we have the network split over disparate locations and packages arecopied from one server to another, at another site, to allow packageassignment to take place at remote locations.This component receives the installation task from the Command Executor whichreports it progress (which it in turn receives from the Windows Installer service),which is then reported back so the network support team can view the packageinstallation status in the RM Management Console. In this white paper we won’t beexamining the package installation process Community Connect 4 goes through,however slides are available in the RM Knowledge Library for the autumn 2011 2013 RM EducationPage 6
RM Technical Seminars spring 2013CC4 packages without packagingsession ‘CC4 Package Troubleshooting’ which can be downloaded from thefollowing RM Knowledge Library asp?cref DWN2312640What does RM Application Wizard do?We have seen that applications are installed on to Community Connect 4 managedclients using Windows Installer Packages (the majority of the time) and the toolsthat are provided with Community Connect 4 allow you to create your ownpackages. The tools that we provide are:-RM Application WizardOnDemand Discover (This is part of an application suite called WinInstall LE.)RM Application Wizard is a simplified front end for OnDemand Discover. Because alot of the information that Discover requires is the same, RM Application Wizardsimply pre-populates that information and prompts you for the dynamic data, suchas the name and description of the package and its location.RM Application Wizard is actually a repackaging tool. Because of the way it works,using snapshots, it simply repackages an application in to a Windows InstallerPackage. This can be a disadvantage because the installer that OnDemandDiscover creates doesn’t contain any logic – you could say it is flat because itsimply takes files, registry settings, .ini file entries, and so on, and copies them tothe target computer. It doesn’t handle any logic.For example, a Windows Installer Package created with a professional packagingtool could contain the logic:“If QuickTime is installed on the computer then don’t install it as part of thisoperation”.Whereas this logic is lost in a package created with OnDemand Discover. Its logic isvery simple:“Copy the files and settings from the source to the destination.”Meaning that if QuickTime was captured when we created the package, it wouldstill be installed regardless of whether it was already on the destination computer ornot.When creating packages the network support team have to be extra careful aboutwhat they do in between the snapshots, when the ‘Warning! Package build inprogress.’ dialog box is displayed. 2013 RM EducationPage 7
RM Technical Seminars spring 2013CC4 packages without packagingAnything that is carried out on the computer whilst this dialog is being displayedruns the risk of changing files or settings, which can then become part of thefinished package.You can help to minimise the risk of this by:1. Before creating the package, install the application locally to familiariseyourself with it. Namely, where it installs, what it installs and anything youwould need to configure in between the snapshots taken by the OnDemandDiscover tool.2. Following RM best practice by creating the package using a clean computer.3. Using the PackageBuilder user account to create the package, which shouldhave had its profile cleaned prior to beginning the repackaging process.4. Prior to starting the package creation process, ensure any file and registrylocations which may change during the package creation process which youdon’t want to be part of the finished package be added to the files.xcp andreg.xcp files in the Windows folder on the computer. (We modify this file toexclude folders and areas of the registry to be excluded on a CommunityConnect 4 computer.)5. Only running the setup program after the first snapshot has been taken.Despite following all of the above it is inevitable that unwanted files and settings arelikely to be captured. Post package creation, the Windows Installer Package that hasbeen created can be cleaned using another tool supplied on Community Connect4 networks, the OnDemand Software Console, however in most cases this veryrarely happens. 2013 RM EducationPage 8
RM Technical Seminars spring 2013CC4 packages without packagingThe OnDemand Software Console allows you to modify the contents of aWindows Installer Package created with the Discover tool. Specifically, it allowedyou to remove Features and Components from a package you had created. Toremove any of these you had to do this by removing the GUID for what youwanted to remove, which meant you had to manually search through the packageto locate this identifier – there isn’t the ability to search a package for a filename, forexample. This was one of the reasons why Windows Installer Packages were neveredited once they had been completed.As we will see in this paper there are often better, and easier, ways to addapplication installers to your Community Connect 4 network without having torepackage the setup program using RM Application Wizard and OnDemandDiscover.64-bit operating systems and RM Application WizardWindows 7 Professional 64-bit is now available for Community Connect 4networks. In early 2013 we will also be releasing Community Connect 4.4, whichoffers Windows 8 Professional and Windows 8 Enterprise operating systems as afull computer build option. Many schools are looking to move to a 64-bit operatingsystem because it offers many advantages:-The ability to have far more RAM installed in computers.-Applications written for a 64-bit CPU can run quicker than the same softwarewritten for a 32-bit operating system. This is often advantageous where anapplication requires a lot of processing power, for example graphicsapplications.-Kernel Patch Protection is available in the 64-bit operating system. KernelPatch Protection prevents another application modifying the Windows 2013 RM EducationPage 9
RM Technical Seminars spring 2013CC4 packages without packagingKernel. This feature works by helping to prevent a kernel-mode driver fromextending or replacing other kernel services. Also, this feature helps preventthird party programs from updating (patching) any part of the kernel.An important consideration if you are looking to move to 64-bit operating systemsin your school is related to repackaging applications. The tools that are part ofWinInstall LE that RM Application Wizard uses to repackage software will not workon a 64-bit operating system.This isn’t to say packages that have been created using the OnDemand tools won’twork on a computer running a 64-bit version of Windows; it is only the repackagingtools that don’t work.If you are looking to move to 64-bit operating systems then you may want toconsider running two computers with a 32-bit version of Windows so that thesecan be used to repackage applications. Of course, the option to build computerswith a 32-bit operating system will still be available in Community Connect 4, butyou will have to build this time in to the repackaging process when you want to addnew applications to your network. Later in this paper we will look at an alternativerepackaging tool which, while not working with RM Application Wizard, will allowyou to repackage an application on a computer running a 64-bit operating system.Centrally deploying applications with an executableMany applications can be installed using an executable, usually called setup.exe.When the executable is launched, a setup wizard guides you through installing theapplication on to a computer.It may be possible to use this executable to deploy the application to CommunityConnect 4 computers rather than repackaging it, however the executable has toinstall the application the way users will want to use it and be configured correctlyfor the Community Connect 4 computer. Common settings that should beconfigured include: Does the application install in to the Program Files folder?Community Connect 4 computers are configured to allow all applications tolaunch from the Program Files folder. As we are not controlling this weshould note where the application installs. Ideally we want it to install in tothis location, but if it doesn’t this is an insurmountable problem because wecan modify the Software Restrictions Policy to allow the application to run –an easier task then repackaging the entire application! 2013 RM EducationPage 10
RM Technical Seminars spring 2013 CC4 packages without packagingAny files opened or saved to the user’s home folder.The application can obtain these settings from the registry because on aCommunity Connect 4 computer we have configured the home folder (MyDocuments or Documents) to be the N: drive. If the application doesn’tdefault to this location for opening and saving files, you may be able tooverride the default settings by making a change to the shortcut to theapplication and changing the ‘Start in’ property of the shortcut to the N:drive. The language should be UK English.Many applications have the language set to US English but again, if thesesettings are taken from Windows then they should be configured to use thecorrect language. It shouldn’t overwrite file associations.The application shouldn’t overwrite file associations for applications whichare already installed (unless of course you want them to). For example, mostschools use Microsoft Word and use that application to open .doc and.docx files. It is unlikely that we would want another application to openthese files. Additional applications shouldn’t also be installed.Many applications, particularly multimedia ones, have applicationdependencies. An application dependency is an additional piece of softwarethe application you are adding to the network needs in order to runcorrectly. These dependencies should be managed separately and wellmade setup programs should detect that this piece of software is alreadyinstalled rather than simply installing it. This is an example of the logic thatshould be built in to the setup program. It may be that you have to ensurethe application dependency is already installed on the computer beforeassigning the package containing the executable you have added to theCommunity Connect 4 network.The above list isn’t exhaustive and this highlights the need to test that theexecutable you want to add to Community Connect 4 as a package behaves asyou would expect so that in the long term this saves you time. 2013 RM EducationPage 11
RM Technical Seminars spring 2013CC4 packages without packagingWindows Installer Packages bundled with executablesIt is more and more common to see a Windows Installer Package bundled within asetup executable. There is a quick tip to identify if a setup executable contains a.msi file. When you launch the setup executable, if you see the following dialog boxbefore the setup wizard starts:Then the setup executable has extracted a Windows Installer Package. You may beable to use this Windows Installer Package in Community Connect 4 to centrallydeploy the application, rather than repackaging it or using the setup executable youare currently looking at.Extracting a Windows Installer Package from a setup executableThere are at least two ways you can extract a Windows Installer Package from asetup executable.In most scenarios, a Windows Installer Package that is contained within a setupexecutable is extracted to the following temporary folder:C:\Users\ username \AppData\TempYou can quickly browse this folder by typing in the Windows Explorer address bar:%temp%Note: You can confirm where the temporary folder is by opening a commandprompt and typing in:echo%temp%You can extract the Windows Installer Package from the setup executable byfollowing these steps:1.Launch the setup executable from the installation location.2.When the setup wizard starts, browse to the temporary folder location%temp% and explore any folders in there, which have the name of aGUID. 2013 RM EducationPage 12
RM Technical Seminars spring 2013CC4 packages without packaging3.Locate the Windows Installer Package and copy it to a new location, forexample your home folder.4.In the setup wizard, cancel the installation.If you still have Windows Explorer open you will notice the folder that containedthe Windows Installer Package disappears. This is another benefit of WindowsInstaller setups, they remove any temporary installation file once the installationcompletes or is cancelled. You can now attempt to use this Windows InstallerPackage to deploy the software using the RM Management Console to othercomputers on your network.If for some reason you are unable to locate the Windows Installer Package in atemporary folder then you may be able to extract it using a file compressionprogram.7-zip is one of the most popular file compression utilities available today. It is a freeutility and can be downloaded using the following URL:http://www.7-zip.org7-zip allows you to open a setup executable and browse its contents. Using 7-zipyou may be able to open the setup executable which is supplied to install anapplication and then extract the Windows Installer Package to another locationwhere you can then begin to test whether it can be used to deploy the applicationusing the RM Management Console.Using a setup executable to deploy applicationsOf course, not every setup executable includes a Windows Installer Package insideit and it is the executable itself that performs the installation of an application. Thisdoesn’t necessarily mean we have to repackage the executable so it can bedeployed using the RM Management Console because Community Connect 4 caninstall applications using an executable, but our key concern should be preventingany executables used to install applications not going interactive. Remember thatwhen an installation goes interactive it either displays something on screen orexpects an input from the user. Because Community Connect 4 installsapplications silently in the background, an application could be installed while astudent or teacher is logged on to the computer. Additionally, the network supportteam do not want to have to visit every computer on the network to enter therequired information in to the setup program. 2013 RM EducationPage 13
RM Technical Seminars spring 2013CC4 packages without packagingSetup program switchesMany setup executables allow you to pass switches, or parameters to them.Parameters manipulate what happens during the installation, for example whetherto install the application silently or to pass additional information, such as a productkey, to the setup program.You can check if a setup executable supports switches by following these steps:1.On a computer, log on as an administrative level user and open acommand prompt.2.Navigate to the location where the setup program is located and type in: Pathtoexecutable \ SetupProgramName .exe/?E.g.:N:\Application\Setup.exe/?Any supported switches, and their description will be displayed in thecommand prompt window.Setup programs and switches – an exampleLet’s take a look at how we can use a setup program on a Community Connect 4network to centrally deploy and install an application.Microsoft Silverlight is a multimedia plugin which allows rich media to be playedin a web browser in a similar way to Adobe Flash Player. Silverlight can bedownloaded from the following URL:http://www.microsoft.com/silverlight/And from this website you can download the Silverlight installer which is anexecutable, available as a 32-bit or 64-bit version for Microsoft Windows (a versionis also available for Mac OS X).You could attempt to repackage the installation executable using RM ApplicationWizard and OnDemand Discover, however when the installer is launched from acommand prompt using the /? Switch, then the following dialog is displayed: 2013 RM EducationPage 14
RM Technical Seminars spring 2013CC4 packages without packagingWe can see there are two switches that can be used with the installer:/qInstalls Silverlight silently without requiring any user interaction./quPerforms a silent uninstall of Silverlight, again without the need of anyinteraction with a user.We will look at the silent uninstall option later because this is relevant if we want toremove Silverlight from a computer.Testing silent installations using an executableIt is always important that before adding an executable installer to CommunityConnect 4 for centralised deployment, we test that when an application is installedsilently it installs the application as we want it to be installed on the CommunityConnect 4 client. You should never simply add this to Community Connect 4 usingthe RM Management Console and deploy it to all the computers – this could havean unexpected consequence and could cause damage to the computers it isinstalled on and, in a worse case scenario, require them to be rebuilt.Testing a silent install is quite simple on a Community Connect 4 computer, open acommand prompt and enter the name of the installer and the switch to perform asilent install.Note: It may be advantageous to take a restore image of the computer you aretesting the installer on so that, should the computer require rebuilding, it canbe restored in a far shorter period of time.Using Silverlight as an example, from a command prompt you would enter:Silverlight.exe/qIf the silent install works as expected, there shouldn’t be any information displayedon the screen of the computer during installation. During normal deployment thiswould be fine, however in this testing phase we need to make sure that theapplication has installed correctly. If this is an application that users will launch fromthe Start menu then you can simply launch the application and test that it works asexpected. As Silverlight is a plugin there isn’t any way to launch the application 2013 RM EducationPage 15
RM Technical Seminars spring 2013CC4 packages without packagingitself. It is possible to check that Silverlight is installed on a computer by visiting thefollowing t-started/install/If Silverlight has installed correctly, the following will be displayed showing theversion of Silverlight that is installed on the computer:Adding a setup executable to Community Connect 4Once it has been confirmed an application can be installed silently using thesupplied executable, we can now add it to Community Connect 4 so it can becentrally deployed to CC4 managed clients using the RM Management Console.We can add an executable to Community Connect 4 using the Import Packagemethod available in the RM Management Console. This method allows you toimport packages from either a Community Connect 4 or Community Connect 3network; however we can also tell the RM Management Console to import anexecutable.Before using this method you need to make sure that the setup executable and anyfiles that this needs are in a folder on their own. The reason why you need to makesure you do this is that when the executable is imported in to the CommunityConnect 4 package repository, it performs a file copy of the executable itself, andany other files that are in the same folder as the setup program. If the executablewas in the SystemAdmin’s home folder when the executable was imported, itwould also add the entire contents of the home folder as well – probably not whatwe want to happen!I would also recommend you create a ‘package.ini’ file and add that to the folderwhere you have copied the setup executable and any associated files. The reasonyou create this is you can give the package a meaningful name in the RMManagement Console. Without the .ini file, the package name in the RMManagement Console will be the name of the setup executable, which would befine if its name was ‘Application.exe’ however often it will have a generic name, forexample ‘Setuup.exe’.A package .ini file for an executable looks like this: 2013 RM EducationPage 16
RM Technical Seminars spring 2013CC4 packages without packaging[Package]Name The name of the application.Description A meaningful description of the application.Version 1.0.0.0OS 5.WS,6.WSEXEFile The name of the setup executable .exeYou can create this file using Notepad and then save it as a .ini file by saving thefilename in speech marks. For example:“MS Maths.ini”Note: The name of the package is taken from the file name of the .ini file.To add an executable to Community Connect 4, follow these steps:1.In the RM Management Console, from the File menu, choose Import andthen Package.2.In the Import Package dialog box, select Community Connect 3 from thePackage Type options.3.Click on the Browse button, which will display the Open window.By default, the Open dialog box will only display CC3 Metadata files. Ifyou have created a .ini file then select this and move to step 5.4.From the File Type drop-down box, select All Files (*.*).The dialog box will now display all the files in the selected folder.5.Browse to the location where the setup executable (and optionally .inifile) is located. Select it and click the Open button.6.Place a tick in ‘Show package pr
- OnDemand Discover (This is part of an application suite called WinInstall LE.) RM Application Wizard is a simplified front end for OnDemand Discover. Because a lot of the information that Discover requires is the same, RM Application Wizard simply pre-populates that information and prompts you for the dynamic data, such
