One of our applications is VB6 app, which requires Tabctl32.ocx.
So I added "tabctl32.msm" (which contained it with the version 6.1.97.82) to per-machine based Wix. When I ran this per-machine MSI, it installed that OCX and the application worked fine when I as an admin logged in and launched the VB app.
However, if any person with a standard user privileges logged in and launched this VB app for the first time, it triggered an MSI self-repair. Once the self-repair completed for that user, it worked and didn't trigger the self-repair any more for that user. This self-repair didn't occur for the admin users.
When I examined the MSI with Orca, in "ModuleDependency" table, this tabctl32 module had the dependencies with COMCAT msm and OLEAUT32 msm, we installed them with the merge modules as well.
I don't understand why the self-repair doesn't happen for the admin-users but for the standard users?
Can anyone explain what's going on here?
It may be nothing to do with standard users or admin users or OCXs - it may just be different users.
If there is any resource in the MSI that is owned by a particular user (such as a user-oriented file in Personal folders or others, or registry entry in HKCU) then the first install will install all of these for the installing user.
If another user logs in and uses the app (installed per machine, hopefully) then repair triggers (such as using a shortcut) will notice that these user items are missing for this particular user and will install them. This should happen only once - it the repair happens repeatedly for the same user then it's something more serious.
In any case, the application event log should have an MsiInstaller log entry with some data about the product and the missing component.
This may also depend on the VB6 app - it's old, has no manifest, and so may be interacting with UAC in strange ways. For example, if its behavior is virtualized to use a \VirtualStore location for the system folder then it may well need to reinstall the tab control into that virtualized system folder. Admin users wouldn't have the same issue.
Related
I want to deploy a Software with a .msi Installation in System context and copy configuration files for every users appdata that will login to a machine.
Msi installation isn’t a Problem. But how do I deploy system and user context in a single collection?
You have to create two different Applications one that is deployed per machine and one that is deployed once per user (if it is an application you can just set the detection method right and it will be installed once for every user, if it is a program you have to set it to "run once for each user that logs into the computer".
You can deploy both those applications to the same collection without problem. There is no limit as to how many applications can be deployed to the same collection. If for some reason the user part has to be run after the machine part you can set the one application as dependency of the other (or for a program use "run another program first")
I know this is very old but I couldn't leave it like this.
Syberdoor's answer is misguided, owing to a misunderstanding of how MSIs work. There's no need for 2 applications at all.
In the MSI, rearrange the feature so that the feature containing the user-level component becomes a parent of a feature containing an advertised component. Normally, this will be the shortcut to the EXE. For vendor-supplied MSIs - remember, we never mess with vendor's MSIs - use a transform to make these changes.
Now, when the user clicks the shortcut, the feature-checking in the MSI will trigger self-healing, because the user's profile won't contain the relevant component.
I created a Windows installer for a Client-Server program by using VS 2013 and InstallShield LE 2015.
I log in to a computer as Admin and run the installer. All works fine.
Then I modify the registry for Local_Machine for some keys to define the database location etc. for the program (this was done by the installation initially as well, but due to certain issues discussed in At each login the program tries to configure installation parameters in the HKEY_LOCAL_MACHINE registry, I removed the registry modifying section from the installer).
I then run the program by double-clicking the shortcut placed by the installer on the desktop and test it. All works well.
Then I log off the computer.
Another user with admin rights logins and clicks on the shortcut, and the problem comes: the program starts to reinstall itself!
Then it fixes itself and runs fine.
But If the first user logins afterward, she experiences the same reinstall operation so does the first user afterward ad nauseam!
So, even though the installer does not create any registry items by itself, somehow, as soon as the program accesses the registry, or whatever it thinks broken, the Windows OS intervenes and tries to repair whatever needs fixing.
The InstallShield LE does not allow setting shortcuts to be "Advertised Shortcut", or
I delete the shortcut created by the installer and recreate it manually after the installation and yet experience the same problem. So the nature of the shortcut possibly is not the cause.
This problem only happens for multiple logins to the computer. If many people login by using the same credentials, it never happens.
So, what's wrong? I studied many StackOverflow answers to resolve this issue with no success. Any help would be highly appreciated.
Stein gives a good set of instructions on how to diagnose problems with MSI programs in this StackOverflow answer. When I followed his instructions, I was able to check which component of my MSI program has a problem. It turns out, the serial bus controller library, MScomm32.ocx could not register under Win 10 properly. Once, I implemented the solution in this link, the above problem resolved and I could log in as two different users without initiating a reinstall process whenever the program icon was double-clicked to run.
Looking for suggestions on how to go about the following, i.e what would be the best language to do it in etc, third party tools are a no :(
I've been tasked to create some sort of windows shell/command line interface that will allow a standard users to install a specific set of applications (configurable by administrators) (installation requires Admin/UAC elevation) due to security restrictions the user cannot have elevated privileges so they'll be able to run the shell as a standard user and it would have hidden/encrypted credentials built in to run the installs as.
Some of the requirements are as follows:
It would need to work on Server 2008 R2, 2012 r1 and 2012 r2
The credentials used to perform the install would have to be hidden (encrypted) from the end user.
Ideally it could work by us providing some config to it prior to handing that server over to the customer and limit what it could be used to install to a particular .exe or .msi (so we know of a need to install an app, we are advised of the name of the install and can logon and can enter it into a form maybe so only that app can be installed, then hand the server over to the customer who runs the same utility or shell extension or whatever and can then install their app.
Even more ideally it was more intelligent than that and some means of ensuring any .msi was indeed installing the application that the msi name related to (seems unlikely but just in case a normal user created an .msi to grant himself further admin access as per http://blogs.technet.com/b/fdcc/archive/2011/01/25/alwaysinstallelevated-is-equivalent-to-granting-administrative-rights.aspx )
Ideally its lifespan would be limited in terms of time (unsure if this could be for example to x number of days).
Any pointers on how to go about this, seems like a good challenge :)
Thanks for reading all that!
Mike
Thanks for the responses,
I managed to do this in C#, with no prior experience in the language :)
The application has 2 parts to it, a GUI and a service. It works by having the application send an install command via IPC to it's counterpart elevated service. (Thanks Hans Passant for pointing me in the right direction there). The service initiates the installer under it's own elevated account but displays the installer GUI on the users session. Files are HMACSHA1 checksum validated prior to install, on both the app and the service.
Thanks,
Mike
If a user requires the ability to install application in the Program Files folder, then instruct the domain administrator to give Full Control of the Program Files folder to Everyone:
Just because the default setting forbids standard users from modifying programs, doesn't mean you have to keep it that way. Windows is a secure operating system that gives you the capability to keep it secure.
If your administrator only wants some users to be able to modify the contents of the Program Files folder, then only give that permission to certain users.
The better solution is to re-design the applications so that they do not install in a (by default) protected location. Have them instead install in:
%APPDATA_LOCAL%\Contoso\Frobber\Grob.exe
e.g.
D:\Users\Ian\AppData\Local\Contoso\Frobber\Grob.exe
A user is always allowed to write anything in their own profile folder.
When I launch an application, a windows installer from a previously installed program keeps popping up. The program still exeists in the Server and it's working fine. The installer popup, after clicking "cancel" will eventually dissapear.
I'm not interested in solving this problem, I'm just wondering how does the windows installer decides what to install? I mean to say, what's the mechanism? How and who triggers the windows installer?
Thanks for any reply!
This is the self-repair mechanism triggered automatically by the OS. Along with the above enumerated reasons it can also be triggered if:
A feature having been installed as advertised/install on first use/install when required
Files inappropriately shared between components, features, or products, which can lead to the resource being uninstalled while a product is still using it
A product with per-user data having been installed on a multi-user system by one user and then launched by another user
To investigate the resource whose absence triggers self-repair, look in the Application section of the system's event log. Self-repair events are displayed with source "MsiInstaller".
If the installer is indeed trying to add a resource required by another application the best solution would be to let it finish, and it should no longer appear after that.
Usually this behaviour appears when one of the following is true:
the install process was not completed successfuly
the registry entries for this program were deleted / corrupted
(not finding an appropriate registry entry is a trigger)
the install program's updatemanager was corrupted / disconfigured / cancelled on the previous run
The solution usually is to completely uninstall the program, to check that all folders and registry entries were indeed removed and then to re-install the program.
I have published two programs to users through active directory. This first allows non-administrative users to install with no problems. The second, Flash Player's latest version, fails for non-administrators.
The user exists in the OU and the group policy is enabled. The .MSI file rests on a shared network drive that everyone has access to.
Is there another location to set permissions for published msi installers?
MSI packages don't use permissions for the installation process. It all depends on their configuration.
It seems that the Flash Player MSI uses a per-machine installation, so non-Administrators cannot install it. Also, this cannot be changed without converting normal user accounts into Administrators.
A solution is to deploy it only to Administrator users.