Welcome to MSDN Blogs Sign in | Join | Help
Thursday, May 01, 2008 2:10 PM

What changed in Windows Installer 4.5?

Apart from the feature work that we did in Windows Installer 4.5, we made a few changes to Windows Installer to address some user feedback or pain points. Here's some of the important issues that were addressed:

  1. Added SeBackupPrivilige back to the Windows Installer service. This sould help any custom actions that needed this privilige like the ones that were reported on the Vista Compatability Team blog.
  2. Some case sensitive service name comparisions in InstallValidate used to result in an unnecessary files-in-use message on Vista. This is now fixed in Windows Installer 4.5.
  3. When a patch added new content in the form of a new component and that patch was being uninstalled, we used to remove that content, even if that content is shared by other products. This is now fixed in Windows Installer 4.5.

In addition to this, since Windows Installer 4.5 is the latest release of Windows Installer, it will have all the fixes and feature work that we did till Vista SP1.

[Author: Hemchander  Sannidhanam]
This posting is provided "AS IS" with no warranties, and confers no rights. Use of included script samples are subject to the terms specified at http://www.microsoft.com/info/cpyright.htm.

Posted by Windows Installer Team | 2 Comments
Filed under:
Tuesday, April 29, 2008 3:53 PM

What changed in Windows Installer (MSI) in Windows Vista Service Pack 1?

Stefan Krueger met with us a few weeks ago for the Microsoft MVP Global Summit. Among the many topics we discussed was a suggestion from Stefan that we use the team’s blog to communicate relevant bug fixes that we make in our releases. This posting is the result of that suggestion. (Thanks, Stefan!)

 

Windows Vista Service Pack 1 was recently released and you may have noticed that the version of MSI on the system has incremented to 4.0.6001.18000. Below you will find a list of the most important issues that we addressed in Service Pack 1 and the SDK.

 

Updates that can be found in Windows Vista Service Pack 1:

 

·         User Shortcuts in Redirected Start Menu Do Not Get Removed On App Uninstall

If you attempt to uninstall an application that was installed for a roaming user, you may receive error 1910 and the shortcuts from the start menu will not get removed.

·         Win32_product does not work on vista when more than one per-user application is installed

Queries to the Win32_Product WMI class will fail if the machine has at least 2 per-user applications installed with a generic failure error.

 

Updates that can be found in the Windows SDK for Windows Server 2008:

 

·         PatchWiz 4.0 ignores the IgnoreMissingSrcFile property

This property in the TargetImages Table is often used to reduce the time necessary to generate a patch, but the property was ignored in patchwiz 4.0 that was included in the Windows Vista SDK.

·         Patchwiz 4.0 does not recreate the Patch table if dropped

Previous versions of patchwiz would automatically recreate critical tables (eg: Patch, PatchPackage) if they were dropped in the patch. Patchwiz 4.0 did not include this behavior, which caused failures in some cases.

·         PatchWiz 4.0 does not support authoring of OptimizeCA MsiPatchMetadata property

The OptimizeCA property can be included in the MsiPatchMetadata of a MSP to restrict custom action usage and improve performance during patch application. Using this property with patchwiz 4.0 caused a build failure.

·         PatchWiz 4.0 is unable to build patch for products with large number of files (>32767)

Previous versions of patchwiz supported building patches with a large number of files, but patchwiz 4.0 did not.

·         Orca crashes when a transform is generated and a row is deleted from the current table

Orca crashes if the user attempts to generate a new transform and deletes a row from an existing table.  (Using Orca, select New Transform, then delete a row from a table).

·         ICE30 does not display all ICE errors

ICE30 only detects a subset of the total number of SFN/LFN collisions for components that contain files.

 

[Author: Tyler Robinson]
This posting is provided "AS IS" with no warranties, and confers no rights. Use of included script samples are subject to the terms specified at http://www.microsoft.com/info/cpyright.htm.

Posted by Windows Installer Team | 5 Comments
Saturday, April 26, 2008 2:05 PM

We're Hiring!

The Windows Installer (MSI) team is part of the rapidly-growing Windows Application Platform (WAP) team here at Microsoft. We currently have several openings for talented Program Managers with real-world knowledge of the Application Deployment, Platform and/or related Tools space.

 

The positions we have open are job codes 225586, 225368, 228382, 223260, and 226806. (Please go to the Microsoft Career web site and log in before clicking on these links.) If you think you might be a good fit for any of these positions, please apply through Microsoft’s Career web site.

[Author: Tyler Robinson]
This posting is provided "AS IS" with no warranties, and confers no rights. Use of included script samples are subject to the terms specified at http://www.microsoft.com/info/cpyright.htm.

Posted by Windows Installer Team | 0 Comments
Filed under:
Friday, April 25, 2008 10:55 AM

Join us at TechEd 2008!

Hello Everyone --

The schedules for Microsoft TechEd 2008 in sunny Orlando, Florida have recently been posted and I am pleased to announce that we will have FOUR Windows Installer-related sessions: two during the Developers Conference June 3-6 and two during the IT Professionals Conference June 10-13.

IT Professionals Conference Sessions:

Session Title

Track

Level

Type

Speaker

Software Packaging and Deployment with Windows Installer (MSI) 4.x

Join Windows Installer Lead Program Manager Tyler Robinson, as he discusses the latest release of Windows Installer: version 4.5. In this session, the servicing and packaging agility improvements in Windows Installer 4.5 are discussed, along with their impact on common corporate deployment scenarios. Additionally, tips and tricks for deploying all types of Windows Installer (MSI) packages are discussed, with plenty of time for Q & A at the end.

Windows Client

200

BRK

Tyler Robinson

Advanced Software Distribution Tricks with Windows Installer (MSI) 4.x

Windows Installer Test Engineer Ken Wong and Lead Program Manager Tyler Robinson discuss the tools that Windows Installer 4.x adds to a system administrator’s arsenal for distributing software inside their corporation. This deep dive compliment to the “Software Packaging and Deployment with Windows Installer (MSI) 4.5” session is designed to be interactive, so please come ready with questions to be answered during the session.

Windows Client

300

TLC

Ken Wong

 

Developers Conference Sessions:

Session Title

Track

Level

Type

Speaker

Demystifying Installation Requirements of the Certified for Windows Logo

With the Windows Vista and Windows Server 2008 "Certified for Windows" logo program, Windows is now requiring either ClickOnce or Windows Installer as the application packaging technology. While application installation is among the top application compatibility issues for users moving to the latest Windows platform, users see fewer issues when developers have packaged their applications with an application packaging technology native to the platform. In consultation with both application installation users and subject matter experts, the Certified for Windows logo has added the most requested items to the installation requirements and test cases. In this session, former Windows Application Deployment Team (home of Windows Installer and ClickOnce) program manager Robert Flaming discusses the justification for some of the "Certified for Windows" requirements and walks through some common issues that users have had to tackle as they prepare to get their "Certified for Windows" logo.

Windows and Frameworks

300

TLC

Robert Flaming

Designing within Windows Installer (MSI) Architecture: Embracing User Account Control, Multi-Package Transaction, and Other Windows Advances via Windows Installer

User Account Control has created new challenges for ISVs creating packages for Windows. Windows Installer 4.0 and 4.5 has extended its architecture to account for the new User Account Control experiences for the most seamless integration on Windows Vista (and above). This session discusses the Windows Installer architecture and how ISVs can build packages that appropriately take advantage the architecture. This session is designed to be interactive, so please come ready with questions to be answered.

Windows and Frameworks

300

TLC

Hemchander Sannidhanam

If you plan to attend TechEd, please attend our sessions and say HI to myself, Ken, Hem and Robert!

[Author: Tyler Robinson]
This posting is provided "AS IS" with no warranties, and confers no rights. Use of included script samples are subject to the terms specified at http://www.microsoft.com/info/cpyright.htm.

Posted by Windows Installer Team | 0 Comments
Filed under: ,
Monday, April 21, 2008 11:28 AM

Issues with Patchwiz.dll v4.0

Issue Description

Performing any of the following operations using patchwiz.dll v4.0 could result in data loss in the root directory:

1.       UiCreatePatchPackage is called with the hwndStatus parameter set to NULL OR

2.       UiCreatePatchPackageEx is called with the hwndStatus parameter set to NULL and dwFlags set to 0x8000 OR

3.       Using msimsp.exe v3.0 to create Windows Installer patches while using patchwiz.dll v4.0.

Cause

When invalid parameters are supplied to UiCreatePatchPackageEx API, it bails out with an error code. However, while returning, the API erroneously uses partially initialized data to clean up the temporary directory. This partially initialized data results in deleting the writeable data in the root drive.

Resolutions

There are four resolutions for this issue currently:

1.       Do not use patchwiz.dll v4.0 to call UiCreatePatchPackage and UiCreatePatchPackageEx with these parameters.

2.       Get the latest patchwiz.dll v4.5 from the Windows Installer 4.5 Beta program. The latest version of patchwiz.dll there fixes the data loss issue mentioned in this blog. However, the call to UiCreatePatchPackage with hwndStatus parameter set to NULL will fail to create a patch. We understand that this is a regression. It will be fixed in Windows Installer 4.5 RTM.

3.       Use patchwiz.dll v3.1.

4.       Use msimsp.exe v4.0 to create Windows Installer patches while using patchwiz.dll v4.0 or higher.

[Author: Hemchander  Sannidhanam]
This posting is provided "AS IS" with no warranties, and confers no rights. Use of included script samples are subject to the terms specified at http://www.microsoft.com/info/cpyright.htm.

Posted by Windows Installer Team | 2 Comments
Filed under: ,
Thursday, April 03, 2008 6:49 PM

Windows Installer 4.5 Multi Package Transaction and UAC

What does this blog cover?

With Windows Installer 4.5 support for multi package transaction, the Windows Installer transaction boundary can span more than a single package. Additionally, UAC credential prompts are tied to a package trust boundary. This means, there can be more than one UAC credential prompt per transaction. If you want to use multi-package transactions and don’t want more than one credential prompt, then this blog is for you.

How do I author my packages to not get more than one UAC credential prompt per transaction?

Here’s what you got to do:

1.       Author MsiPackageCertificate table into the package that will be installed first in your multi-package transaction.

2.       Sign all the subsequent packages with one of the certificates listed in the MsiPackageCertificate table.

How does the MsiPackageCertificate table look like?

The MsiPackageCertificate table identifies the possible signer certificates used to digitally sign packages that are part of this product install and do not need separate UAC credential prompt to acquire admin approval. Using this table, setup authors can list the digital certificates that the packages that constitute this product will be signed with.

The table definition is listed below:

Column

Type

Key

Nullable

PackageCertificate

Identifier

Y

N

DigitalCertificate_

Identifier

 

N

Columns

PackageCertificate
The unique identifier for this row in the MsiPackageCertificate Table.

DigitalCertificate_
An external key into the first column of the MsiDigitalCertificate Table. The row indicated in the MsiDigitalCertificate Table contains the binary representation of the signer certificate.

Could you please walk me through on how all of this fits together?

1.       User clicks on a setup.exe.

2.       Setup.exe calls MsiBeginTransaction.

3.       Setup.exe calls MsiInstallProduct to install First.msi that carries an MsiPackageCertificate table that lists the certificates that this package trusts.

4.       Windows Installer puts up a credential prompt for administrator’s consent to install First.msi.

5.       Upon admin consent, Windows Installer goes about installing the product.

6.       Setup.exe calls MsiInstallProduct to install second.msi that is signed by a certificate listed in First.msi package’s MsiPackageCertificate table. Since:

a.       Administrator trusted First.msi and

b.      Second.msi is signed by a certificate trusted by First.msi,

Windows Installer doesn’t put up any credential prompt for second.msi.

7.       Setup.exe finally calls MsiEndTransaction and commits the transaction.

FAQ

Q: Can a package that is not the first one to be installed as part of the transaction, add more trusted digital certificates for this transaction?

A: Yes. As long as the package was consented explicitly (via UAC prompt) or implicitly (trusted because it is signed by one of the trusted certificates)

Q: What will be the content of the Consent UI? Will it display the package information of the transaction information?

A: It will display just the package information. This is analogous to our behavior vis-à-vis MsiPatchCertificate table.

Q: What happens if a certificate listed in the MsiPackageCertificate table is revoked or expired?

A: Packages signed with revoked certificates will result in separate UAC prompts and cached credentials will not be used for those package installs. This is analogous to our behavior vis-à-vis MsiPatchCertificate table.

Q: Does the same behavior exist during uninstalls and re-cache reinstalls?

A: Yes. If a package carrying MsiPackageCertificate table is accepted as trusted by a UAC credential prompt then any subsequent packages (launched by embedded chainer or otherwise) signed by one of those certificates will also be considered as trusted.

Q: Can a patch add/delete certificates listed in the MsiPackageCertificate table?

A: Yes.

Q: Can a UAC compliant package add certificates?

A: No. UAC compliant packages are considered to be per-user packages; hence do not require admin credentials. So, they do not have the ability to add certificates.

Q: Can you uninstall multiple packages in a transaction with just one UAC prompt?

A: Yes. If you use the new MsiPackageCertificate table to chain trust across packages. However, there is a caveat to that. If the package has an embedded CAB then that will be stripped when it is cached on to the user's machine. As a result, the certificate that was used to sign that package is no more valid. So, the certificates from MsiPackageCertificate table are not valid anymore and the chain of trust is broken. This is the reason why during uninstall, credential prompt is displayed for all the packages that carried embedded CABs. We do understand this limitation.

[Author: Hemchander  Sannidhanam]
This posting is provided "AS IS" with no warranties, and confers no rights. Use of included script samples are subject to the terms specified at http://www.microsoft.com/info/cpyright.htm.

Posted by Windows Installer Team | 2 Comments
Filed under:
Thursday, April 03, 2008 4:59 PM

Windows Installer 4.5 Transaction Enhancements: Multi Package Transaction

Why Multi Package Transaction?

Application vendors who compose their applications from multiple MSI packages should find this blog interesting. Currently Windows Installer does not provide a mechanism for installing multiple packages in a single transaction. This blog will talk about how Windows Installer has exposed the ability for multiple packages and patches to be part of a single transaction. Please go through the attached slide deck to get a high level overview of what problem space this new functionality addresses.

Overview of Windows Installer Transaction Terminology

Acquisition Phase

During this phase, Windows Installer analyzes the MSI package and the machine state and composes the list of operations that need to be performed to the system to install the package. Costing is an example of an activity that is run during this phase.

Execution Phase

During this phase, Windows Installer uses the list of operations created in the acquisition phase to change the system. As it is making those changes, it also creates a list of undo operations that it can use if the install fails. Copying the files, updating the registry keys and such are the activities performed in execution phase.

Commit Phase

This is the time when the transaction is committed to the system. For example, committing the assemblies to the GAC, or running the commit custom actions constitute this phase. Note that this is a point of no return. Any failures here are not guaranteed to be undone.

Rollback

Windows Installer supports transactional installs because it can rollback a transaction upon failure. That’s primarily because, it stores off undo operations for any changes that it makes to the system.

How can I use it?

In this section I will use several walkthroughs to bring forth how the new MsiBeginTransaction and MsiEndTransaction API work.

A simple walkthrough

1.       A setup author who wants to install multiple MSI packages as part of installing a single logical product, would request the Windows Installer service to start a transaction by calling the new MsiBeginTransaction API. By calling this API, the setup author requests Windows Installer to install subsequent packages as part of the transaction that was started by the call to MsiBeginTransaction.

2.       The setup.exe that started the transaction now calls MsiInstallProduct.

3.       Windows Installer runs the acquisition and execution phases to the MSI package that was requested to be installed. The net effect of this is:

a.       Costing actions like CostInitialize, FileCost, CostFinalize, InstallValidate are run on a per-package basis.

b.      When script execution actions like InstallExecute, InstallExecuteAgain, or InstallFinalize are run, the machine state is altered, files are copied/patched/upgraded, registry keys installed/modified and the product is published.

4.       Windows Installer defers the commit phase for the package until a later point of time. What this means is that if there are any assemblies or commit custom actions in this package, they will not be run now.

5.       The setup.exe can queue up more packages/patches to this transaction by calling API like MsiInstallProduct, MsiApplyMultiplePatches, etc.

6.       If the setup.exe is done with installing the product, it then calls MsiEndTransaction to commit and complete the transaction. At this point the commit phases of each of the packages is run in the order in which their install requests were made in steps 2 and 5 above.

This walkthrough summarizes the following aspects a multi-package transaction:

1.       Acquisition and execution phases are run on a per-package basis.

2.       Acquisition and execution happens right away. I.e., when a call to MsiInstallProduct returns successfully while running a multi-package transaction, you know that acquisition and execution phases were complete for that package.

3.       Commit level dependencies cannot exist between packages that are part of a multi-package transaction.

4.       Commit phases of all the packages that are part of a transaction are run in FIFO order. i.e., commit phase of the first package on which MsiInstallProduct was called will be run first before moving onto the commit phase of the second package.

A rollback walkthrough

1.       A setup.exe calls MsiBeginTransaction API.

2.       The setup.exe that started the transaction now calls MsiInstallProduct to install Required.msi. Let us assume this call succeeded.

3.       Setup.exe now calls MsiInstallProduct to install AnotherRequired.msi. Let us assume this call also succeeds.

4.       Now while doing some other work on its own, let us assume that the setup.exe determines that it should rollback the transaction. At this point, Setup.exe calls MsiEndTransaction to rollback and end the transaction.

5.       At this point, Windows Installer will run the rollback operations of both AnotherRequired.msi and Required.msi in that order.

This walkthrough summarizes that:

1.       Rollback can be deferred.

2.       Rollback operations are executed in LIFO order.

 Optional Package Failures

1.       A setup.exe calls MsiBeginTransaction API.

2.       The setup.exe that started the transaction now calls MsiInstallProduct to install Required.msi. Let us assume this call succeeded.

3.       The same setup.exe now calls MsiInstallProduct to install optional.msi.

4.       While installing optional.msi, let us assume Windows Installer encounters an error. This error could be either because, user canceled the install or because of some other reason altogether. In any case, Windows Installer rolls back the install of optional.msi.

5.       Based on the return code from MsiInstallProduct, Setup.exe learns that there was a failure while installing optional.msi. However, it chooses to continue the product install and disregard the failure due to the optional package.

6.       Setup.exe now calls MsiInstallProduct to install AnotherRequired.msi. Let us assume this call succeeds.

7.       When Setup.exe is done with installing the product, it calls MsiEndTransaction to commit the transaction. At this point, Windows Installer will run the commit phases of both Required.msi and AnotherRequired.msi.

This walkthrough summarizes that every package/patch install run during a multi-package transaction is optional. Failures in those API will not rollback the entire transaction.

Subsequent blogs will attempt to capture other areas of the multi-package transaction.

[Author: Hemchander  Sannidhanam]
This posting is provided "AS IS" with no warranties, and confers no rights. Use of included script samples are subject to the terms specified at http://www.microsoft.com/info/cpyright.htm.

Posted by Windows Installer Team | 1 Comments
Filed under:

Attachment(s): Windows Installer Multi Package Transaction.ppt
Tuesday, April 01, 2008 10:50 AM

Windows Installer (MSI) 4.5 Technical Chat

Windows Installer 4.5 chat is due in another two days. The MSDN Technical Chat is scheduled on April 3, 2008 at 10:00 AM (Pacific). Click here to add the chat to your calendar so you don't miss it!

[Author: Hemchander  Sannidhanam]
This posting is provided "AS IS" with no warranties, and confers no rights. Use of included script samples are subject to the terms specified at http://www.microsoft.com/info/cpyright.htm.

Posted by Windows Installer Team | 2 Comments
Filed under:
Tuesday, April 01, 2008 10:13 AM

Windows Installer 4.5 UI Enhancements: Embedded UI

Why Embedded UI?

Windows Installer’s existing internal UI does not provide the flexibility necessary for unique setups or complex scenarios. Setup authors, who want a UI experience that Windows Installer’s internal UI doesn’t support, use MsiSetExternalUI/MsiSetExternalUIRecord to initialize and use their custom UI.

However, the custom UI can only be used from an external process that initializes the external UI before the install begins. Because of this requirement, the OS natively has an extremely limited set of scenarios in which external UI can be used. Repairs from ARP, admin installs, installations via shortcut activation never use external UI. For many teams wanting to use external UI, the bootstrapper requirement, is an onerous requirement itself. Use of the bootstrapper can also break some deployment scenarios, as software distribution has much richer support for native deployment of MSI files than for bootstrapper executables.

Windows Installer 4.5 provides support for embedded UI. This provides the package author enhanced control of the Windows Installer user interface through custom code which is bundled with the MSI file itself and without requiring complex and bug-prone workarounds to handle the various activation paths which can trigger an install. Regardless of the activation method of the installer operation, MSI will use the custom embedded UI provided within the package.

The PPT slide deck attached to this blog provides an overview of the workings of Windows Installer’s internal, external and embedded UI.

How to use it?

A setup author who wishes to use embedded UI provides a DLL that exports the InitializeEmbeddedUI, EmbeddedUIHandler, and ShutdownEmbeddedUI functions. The setup author should then include MsiEmbeddedUI table containing information about the custom DLL that handles the Windows Installer messages.

An Example

In this section we will walk through the steps involved in creating a package that uses embedded UI.

Create a Embedded UI DLL

Similar to external UI, a setup UI developer should provide an embedded UI handler. Such an embedded UI handler should export InitializeEmbeddedUI, EmbeddedUIHandler, and ShutdownEmbeddedUI functions. A template implementation of each of these functions is provided below:

int __stdcall InitializeEmbeddedUI(MSIHANDLE hInstall, LPCWSTR szResourcePath, LPDWORD pdwInternalUILevel)

{

                // Use hInstall to query the install type. Ex: Is it product/patch install/uninstall?

                // Use the resource patch provided in the parameter szResourcePath to read any UI resources

                // Use the pdwInternalUILevel to read/write the internal UI level

                if(MsiGetMode(hInstall, MSIRUNMODE_MAINTENANCE))

                {

                                // Put up maintenance UI

                }

                if(ERROR_SUCCESS == MsiGetProperty(hInstall, TEXT("PATCH"), rgchValueBuf, &dwValueBuf))

                {

                                if(dwValueBuf > 0)

                                                // Put up patching UI

                }

 

                // Embedded UI handler will handle all the Windows Installer messages and I do not

                // want to display Windows Installer’s internal UI

                *pdwInternalUILevel = INSTALLUILEVEL_NONE;

 

                return ERROR_SUCCESS;

}

 

// EmbeddedUIHandler is very similar to the callback provided to