InstallSite Blog

Microsoft to "productize" WiX

Rob Mensching reports that Microsoft will include a sub-set of the Windows Installer XML toolkit (WiX) in the next version of Visual Studio, code named Rosario. WiX is an open source project for authoring of Windows Installer (MSI) setups. While Microsoft employees played an important role in the WiX project from the beginning, they did this in their free time.

But now Microsoft staffed a number of full time developers to fix bugs in WiX version 3 and to further improve its integration in Visual Studio. The work of these developers will be fed back into the open source project. With the release of "Rosario" (not before the end of 2008) Microsoft will also provide technical support for WiX.

However WiX will not replace Setup & Deployment projects in Visual Studio - at least not in this release. That's because WiX has a steep learning curve and there are currently no visual designers for WiX. So I guess a significant fraction of developers is still going to prefer the seemingly easy to use (but also quite limited) S & D projects.

Maybe it would be a good idea to have these visual designers generate WiX code, so developers can easily move to the full power of WiX when needed, without starting over. Something like the ClickThrough idea in WiX.

Applause to the WiX team who brought the project thus far (and plans to bring it even further), to the Visual Studio team for moving into the right direction, and to Microsoft for progressing their open source engagement (which I believe was not easy for the company, and in which Rob Mensching also played an important role)!

Developer Webcast: Application Deployment on Windows (December 4, 2007)

In part 5 of their "Ignite our Coding" webcast series, the MSDN team at Microsoft Canada talks about application deployment on Windows:

Now that your code is written and tested, how do you plan to deploy the working bits? There are a lot of different ways to deploy applications on the Windows –based platform, and you’ll learn all about them in this helpful session.

The live webcast will take place on December 4, 2007, at 12p.m. EST, which is equivalent to 17:00 UTC and 18:00 CET. Click here for other time zones.

Registration:
http://msevents.microsoft.com/CUI/WebCastEventDetails.aspx?EventID=1032355795

The good, the bad, and the ugly - custom action types

I'd like to add my thoughts to the recent discussion about how bad custom actions are, and which types are better or worse than others.

First of all, I believe there's a general consent that custom actions shouldn't be used for tasks that Windows Installer supports natively. Or, as Rob Mensching puts it: "Custom actions are (generally) an admission of failure" - either by the setup developer, or in the application, or by Windows Installer itself, because it's lacking some commonly required functionality.

Rob is the project leader of the open source WiX Toolset for creating Windows Installer setups. Part of the WiX project is a set of custom actions for common tasks such as interacting with IIS and SQL Server. Some people wish that such functionality would be added to Windows Installer itself, but I believe that won't happen. Alternatively the SQL, IIS, etc. teams could provide custom actions for their respective platforms, like the DIFx people did, but in most cases this hasn't happened either.

So we'll have to use custom actions, to retrieve information and set properties in the install, and to modify the target system. In general, the latter is more dangerous than the first, and requires additional effort such as creating a corresponding roll-back action.

There are even harmless types of so-called "custom actions" which are actually more like standard action: type 51 (set a property), type 35 (set a directory) and type 19 (exit with an error message).

But the discussion really is about whether EXE is worse than DLL and which programming language should be used to create custom actions. Windows Installer natively supports the following types of custom actions:

• VBScript, JScript - These don't work on some machines, if scripting is disabled. They can also make your setup look very evil if a virus scanner flags it as potential malware (think of Office macro viruses). If the script becomes complex, it's also hard to debug.
• EXE - Works, but doesn't have a way to communicate back to the install. So you can't return information in properties, you can't increment the progress bar and the only return values recognized by Windows Installer are success or failure. Robert Flaming of the Windows Installer team at Microsoft lists some caveats for EXE custom actions. Note that some of the problems he lists apply to "bad EXEs", so there is a chance to make it better. Also there are valid reasons to use EXE custom actions, e.g. you may already have a working and tested configuration tool which you want to re-use instead of rewriting it as DLL.
• DLL - Typically a very robust and versatile way to create a custom action. However you should avoid runtime dependencies.

There are third party extensions that enable you to use other types of custom actions. Christopher Painter argues that "InstallScript Custom Actions are GOOD". To the Windows Installer engine they appear as DLL (the InstallScript engine) and InstallScript is a language particularly for setup related tasks. However I believe that the tasks of a custom action often aren't typical installation tasks (copying files, accessing the registry) but require calling some APIs to interact with other applications. On the other hand, it's tempting to use InstallScript to perform tasks that actually should be left to Windows Installer's standard actions. So InstallScript custom actions, while they may be useful, should be used with care. And they add the overhead, in package size and runtime, of the InstallScript engine. In general, I think it's useful to write custom actions in the programming language you know best.

As mentioned in the beginning of this article, a custom action should never be used for tasks that Windows Installer supports natively. Unfortunately this still happens. Sometimes because the setup developer is lacking knowledge about the functionality included in the MSI engine, but probably more often because the authoring tool he's using doesn't expose the full Windows Installer functionality. This leads the developer to re-invent the hidden functionality using custom actions. Namely Setup & Deployment projects in Visual Studio suffer from this problem.

The ultimate form of such a custom action is a "wrapper msi": a msi setup that mainly consist of one custom action that runs an existing setup program. Instead of re-building the setup as true Windows Installer setup, the legacy install package is just wrapped in a msi. While this enables you to deploy the wrapped setup using corporate deployment tools, you don't get the benefits of a real Windows Installer setup, such as a transacted install with rollback, customizability with transforms, robustness by auto-repair, etc. A recent example is the MSI package created by the Internet Explorer Administration Kit.

Here are some pointers to built-in Windows Installer functionality which can help you to avoid unnecessary custom actions:

• Searching for Existing Applications, Files, Registry Entries or .ini File Entries
• MoveFile to copy or move files before the installation starts
• DuplicateFile to create copies of the files your setup installs, and to remove them on uninstall
• RemoveFile to delete files that are not included in your setup, during install or uninstall
• RemoveRegistry to delete registry information during installation
• ServiceInstall to create services and specify their start type and error handling
• ServiceControl to start, stop, or delete services

[Edit 2007-11-25:] Additional information and mitigation tips for EXE custom actions can be found in Heath Stewart's blog.

Serious issue with the .NET 3.5 installer on Windows Vista

Aaron Stebner reports an issue (some commenters call it a "nightmare") in the .NET Framework 3.5 installer that can cause a premature reboot request on Windows Vista. If the user accepts the reboot request while the framework installer or your own setup isn't completed yet, the system can end up in an unknown state.

The problem was identified in the beta of .NET 3.5, but will not be fixed in the release version. Aaron describes some workarounds to prevent this premature reboot request, and I highly recommend you add this to your prerequisite installer.

• How to avoid OS reboot prompt when installing the .NET Framework 3.5 on Windows Vista

Advanced Installer 6.0 brings XML updates and imports 3rd party MSI packages

On November 9th, 2007 Caphyon Ltd. announced the latest edition of its Windows Installer authoring tool. The new Advanced Installer enables developers and system administrators to easily build and repackage complex applications into reliable, ready to deploy MSI and EXE installers, patches and on-line updates.

Starting with the 6.0 version you can import third party MSI packages into your own Advanced Installer Projects for further editing and customization. You can also import COM+ installation MSIs into existing Advanced Installer projects.

Updating XML files is now fully supported. Insert, replace or remove elements and attributes. Register your application in XML driven frameworks, patch XML configuration files and update XML formatted information.

Advanced Installer now can cache and reuse unchanged archives, resulting in faster builds, thus reducing development time.

Other improvements in this version:

• Support for Driver Install Frameworks for Applications (DIFxApp) version 2.1
• Storing encrypted digital signature password in project (only for PFX certificates)
• Support for Unicode SQL Scripts (UTF8 with BOM, UTF16 little or big endian)
• Albanian language localization

Advanced Installer is available in four editions, starting with the Freeware community edition and offering a 30-day trial period for the other editions.

For more information about Advanced Installer 6.0 please see:

www.installsite.biz/advancedinstaller.htm

Free e-books about Virtualization

There are two e-books about virtualization available from Realtime Publishers as free download. Both books are not completed yet, new chapters being published regularly.

The Definitive Guide to Virtual Platform Management by Anil Desai covers various virtualization technologies, including OS virtualization and application virtualization. The following chapters are already available:

• Chapter 1: The Business Value of Virtualization
• Chapter 2: Virtualization Scenarios and Applications
• Chapter 3: Comparing Virtualization Approaches
• Chapter 4: Virtualization Management Challenges
• Chapter 5: Managing Heterogeneous Virtual Environments
• Chapter 6: Monitoring Virtualization Performance
• Chapter 7: Optimizing Virtualization Performance
• Chapter 8: Virtualization Management: Policies and Processes

The following chapters are still in the making:

• Chapter 9: Virtualization Management: Datacenter Automation
• Chapter 10: Evaluating Virtualization Management Solutions

This e-book is sponsored by ca.

The Shortcut Guide to Selecting the Right Virtualization Solution by Greg Shields appears to focus on operating system virtualization - from what I can see so far. Only the first chapter is available yet:

• Chapter 1: The Virtualization Assessment

The following additional chapters are planned:

• Chapter 2: Virtualization Software Options
• Chapter 3: Best Practices in Implementing Virtualization
• Chapter 4: Managing Virtualization Environments

AdminStudio 8.6 supports Thinstall and Citrix virtualization / Webinar Nov. 8

On November 1, 2007, Macrovision Corp. released a new version of AdminStudio, extending its application virtualization integration with support for the Thinstall Virtualization Suite. As an independent player, Macrovision is now partnering with two well-known virtualization vendors: Citrix and Thinstall.

• Joint press release vom Macrovision and Thinstall

On November 8, 2007 there will be two (to accomodate time zones) webinars about AdminStudio 8.6 and its support for multiple virtualization formats.

• 15:00 UTC / 7am PT / 10am ET / 3pm UK / 16:00 CET / other time zones
• 19:00 UTC / 11am PT / 2pm ET / 7pm UK / 20:00 CET / other time zones

Webinar registration page (potential privacy issue: use valid e-mail address but avoid personal data when registering)

AdminStudio and Thinstall are available in the InstallSite Shop

More on the security patch for FLEXnet Connect

Some additional information about the recently reported security vulnerability in FLEXnet Connect:

According to Secunia the vulnerability is reported in versions 5.01.100.47363 and 6.0.100.60146 of the Update Service ActiveX control (isusweb.dll), but other versions may also be affected. It is recommended that you update all machines which have versions prior to 6.0.100.65101 installed, or set the kill bit for the affected control. For more information see the advisory from VeriSign iDefense Security Intelligence Service.

A stand-alone installer to update the FLEXnet Connect Client on your end users' machines is available (Download). Unfortunately the installer isn't digitally signed, so it will display a UAC dialog with yellow title bar on Windows Vista, warning about an unidentified program. Note that this stand-alone installer will not update the redistributables on your development machine. You need to install the latest Connect SDK to do this.

To update the files in the InstallShield Redist folders on your development machine, download and install the latest version of the FLEXnet Connect SDK. I did this on a machine which has both InstallShield 12 and InstallShield 2008 installed. This updated the files in the Macrovision\IS12\Redist\Update Service folder, but not in its IS2008 counterpart. So after installing the SDK you should verify the version numbers and update the files manually as needed.