InstallSite Blog

InstEd 1.5.3.7 released

A  new version of InstEd, the free MSI table editor, has been released. Improvements include the capability to rebuild cabs for one or more media table entries from source paths. Release note can be found at http://www.instedit.com/features2

MS Deploy - Microsoft's new tool for deploying web sites

In a session at PDC2008, a Program Manager from the Internet Information Server (IIS) team at Microsoft, acknowledged that it's complicated to deploy IIS web sites using Windows Installer (MSI). Instead of building upon and improving Windows Installer, the IIS team created a new packaging and deployment technology called "Web Deployment Tool" also known as MS Deploy. It creates a zip file or folder which contains all content and settings, even including SQL databases and SSL certificates. From this zip and a xml configuration file, IIS 7 on the target machine can set up the web site with a few clicks. See yourself:

• PC33 Microsoft Visual Studio: Easing ASP.NET Web Deployment
• ES15 Web Application Packaging and Deployment

MS Deploy can be integrated with Visual Studio 2010 and requires Internet Information Server 7.

For more information see the Microsoft Web Deployment Team Blog.

UAC in Windows 7

At PDC2008 there was a session abstract that essentially said: "there's nothing new here". But I'd still recommend viewing it, and actually it included (a little bit of) new information:

PC51 Windows 7: Best Practices for Developing for Windows Standard User
presented by Crispin Cowan, PM on the UAC team

The important takeaway is that from a programmer's perspective the UAC functionality in Windows 7 is the same as in Windows Vista. There is some fine tuning so that some actions don't require elevation anymore, like changing the DPI of your monitor. A major change is that the UAC prompt behaviour is now configurable by the user (more details below), but programs should still be created for and tested with the tightest UAC setting.

The presenter explains what problems user context switching in an "over-the-shoulder" elevation scenario can cause, how to launch an elevated process from a non-elevated process, and other design guidelines with restricted users in mind. He also explains why launching an application or readme at the end of an elevated setup can be a problem, and that per-user configuration should not be handled by the installer but by the application at first run. Finally he expresses his concerns about per-user installs.

UAC Configuration Options

Here are some screenshots from the UAC configuration dialog in Windows 7 (taken from the M3 build that was handed out to PDC attendees).

In the highest setting the UAC behavior is the same as in Windows Vista.

The second option is similar to the first one, but the UAC prompt is displayed like any other window, not on the secure desktop. According to Crispin this mode is intended for machines with problematic video drivers which cause the screen to turn black for as long as 30 seconds when switching to the secure desktop. This mode is less secure because a malicious program could remote-control the UAC prompt. It can be handy however if you want to take a screenshot of the UAC dialog.

The third option is the default (at least in this build). It gets the UAC prompt out of the way for any tasks you perform manually. So for instance a user can create a folder under Program Files without being prompted. I don't know how Windows 7 can safely distinguish between user actions and programmatic actions, and what would happen if a tool like AutoIt sent keystrokes or mouse clicks to an application.

The last option turns UAC off completely. This requires a reboot of the machine, and instantly changes your security status to red, similar to Windows Vista.

I noticed that the shield icon on buttons performing actions that require elevation is always displayed, even if the UAC prompt is set to option 3. This means that you don't actually get a UAC prompt when you click a button with a shield on it. I find that confusing.

Finally, now that taking screenshots from UAC dialogs is easier, here's the "friendly" UAC dialog that's displayed when uninstalling a digitally signed package from the Programs and Features control panel (aka ARP), which I mentioned in my previous PDC post.

Note: The screenshots in this article were taken from a pre-beta build of Windows 7, so things may look and/or behave differently in the beta or RTM.

Adobe Reader Installation Woes

Yesterday I upgraded Adobe Reader to version 9, and I encountered a couple of issues.

It started with the inevitable toolbar offering:

Google Toolbar was selected by default, and while the big yellow "Download" button is placed prominently at the top of the page, the checkbox to opt out of Google Toolbar is way down, near the fold.

Next I had to install an ActiveX control, apparently a download manager. I wonder if/how Adobe will make sure I'll receive an updated version, should there be a security issue in this ActiveX control.

The actual installation went through without major problems. The FilesInUse dialog told me to close the browser window with Adobe's download page before the installation proceeds.

When the installation was finished I had two new items on my desktop:

As usual, Adobe placed a shortcut to launch Adobe Reader on my desktop, without asking. Not good, but no surprise.

But in addition Adobe created a folder on my desktop with the setup files (Setup.exe, AcroRead.msi, Data1.cab, etc.) in it. This brings up a couple of questions and concerns:

Why don't they extract the setup files to a temp folder, or somewhere in my application data folder?

What will happen if I delete this folder? Will this break Windows Installer maintenance operations like repair?

Why does the folder have full permissions for everyone? Yes, you're reading this correctly: Adobe placed a folder on my personal desktop, without asking me, and set the permissions on the folder so that everyone in the Users group has full access.

PDC2008: Windows Installer and ClickOnce in Windows 7

This week Microsoft's Professional Developers Conference (PDC2008) took place in Los Angeles. Several new and improved products and technologies were introduced there, like Windows 7, Windows Azure (Microsoft's "cloud" operating system) and Visual Studio 2010. I wasn't there but while I'm watching the session recordings I'll blog about PDC news that I think are interesting for setup developers and application deployment.

My first PDC2008 blog post is about Windows Installer and ClickOnce in Windows 7. Tyler Robinson, Lead Program Manager in the Application Deployment team, gave one session at PDC2008, and it's available as a recording on Channel 9:

Windows 7: Deploying Your Application with Windows Installer (MSI) and ClickOnce

Here are some bits from this session...

Windows Installer 4.5

The first 25 minutes of the 85 minutes session, Tyler actually talks about MSI 4.5, which is the latest released version of Windows Installer. He explains the intention behind the changes in MSI 4.5 and mentions how they can be combined to create smarter setups, illustrated with some demos.

Tyler also mentions that MSI 4.5 will be included in the next service packs for Windows Vista and Windows Server 2008, as opposed to Vista RTM, Vista SP1 and Server 2008 RTM which come with MSI 4.0.

ClickOnce, .NET Framework 3.5 SP1 and the new Client Profile Configuration Designer

From 0:24:50 to 0:38:20 Tyler talks about the ClickOnce functionality and improvements in the .NET Framework 3.5 SP1, technologies that are already available today. He also covers the .NET Client Profile which should streamline redistribution of the .NET Framework, not only for ClickOnce but also Windows Installer or other setup technologies (but he doesn't discuss the limitations of Client Profile).

At 0:31:15 Tyler introduces the Client Profile Configuration Designer which has just been made available as beta. It's essentially a tool that can chain multiple packages such as the .NET Framework and other prerequisites, as well as ClickOnce packages, MSI based setups or even scripts. It provides a seamless and customizable user interface with one progress bar across all the packages, and can either defer reboots requests until the end, or handle reboots between packages gracefully. Optionally it can also create a combined uninstall experience instead of separate entries in the Add/Remove Programs control panel. The Client Profile Configuration Designer can be downloaded from windowsclient.net/wpf/ in the Deployment section.

MSI 5 in Windows 7, and a first look at InstallShield 2010

0:41:15 is the starting point for the second part of Tyler's session where he covers new, pre-release products. Windows 7 will include MSI 5.0 which he promises will bring up to 20% faster installation times and improved reliability.

Uninstalling a digitally signed package from the Add/Remove Programs control panel will now show the appropriate UAC dialog with the gray banner and your product name instead of the "scary" version with the yellow banner and the warning about an "unknown program" that wants to modify your computer.

The Lock Permissions and Service Configuration standard actions have been improved. Tyler mentions inheritance in the LockPermissions table but doesn't go into more details, and I've haven't had the time yet to download the new SDK documentation.

You can now add hyperlink controls on dialogs and there's built-in print functionality for the EULA dialog.

To make systems administrators' lives easier the MSI team has added functionality to perform limited Windows Installer operations on "offline" disk images in WIM format. This enables administrators to inventory the applications in the image and perform patch applicability checks without having to boot into the image.

MSI 5 will improve support for per-user applications, allowing you to create a single msi package that can be installed per-machine or per-user, and only displays the elevation prompt if per-machine is selected. This includes automatic redirection of files and registry entries to per-user locations, which are now documented in the official guidelines. For example, ProgramFilesFolder is automatically set to %localappdata%\programs if you do a per-user install. Of course, a per-user installation can't do any machine-wide modifications like installing services or GAC assemblies. In his demo at 1:04:10 Tyler uses an alpha-release of InstallShield 2010 which he expects to go into beta early next year.

There was no information if or when MSI 5.0 will be made available as a redistributable for older versions of Windows.

Q&A

Finally, starting at 1:10:25, Tyler spends 15 minutes answering questions from the audience, or in some cases deferring the reply to the Windows Installer Team Blog.

This concludes my first PDC2008 post. I plan to write more in the next days.