Windows application installer frameworks - installation

It's always seemed strange to me that downloadable applications would offer multiple types of installers. For example, sometimes you can choose either a .exe or a .msi
Do certain types of installers have advantages over others? Does it matter which one you choose? As a developer, why would I want to offer different installers to my users?

One big difference between the exe and msi:
You can EDIT an MSI file.
You can access the MSI Database directly using Orca -or- code it up through the WindowsInstaller APIs, using your favorite Windows hacking methods.
Ex. I wrote a python based builder which, amongst many other tasks, routinely edits and updates MSI packages.
A quick warning to brave souls:
Although the APIs seem well documented, a LOT of WI functionality is subtle, even cryptic - the MS Office team definitely did not chose the principle of "least surprise" when they created Windows Installer.
IF you choose to delve into the mystic world of WI, be prepared for long hours of head scratching, tedious debugging and pouring over enormous MSI log files

A big advantage of .msi over .exe is that they can be "rebundled" (I don't recall the correct term) by sysadmins for installation over the network for deployment in corporate environments.

In corporate environments, clients are often subject to a "lockdown" policy that prohibits them from downloading EXE files, but usually MSI files are OK.

the exe ones are mostly compressed ones. msi cant compress really good.
the msi file you can share/install on your computers directly with windows active directory.

Related

Combine exe and msi file in one installer

I have two setup file:
Spyder.exe
Seupt.msi
I want these two setup file to be combined in one setup file so that it can be installed simultaneously one by one in target machine. I tried NSIS but it just extracts file from the setup file but didn't install the package. Same thing done by Inno Setup.
My question is how can I make a single installer that extracts as well as installs the above both packages in another machine?
Distribution Scope?: Not sure what the overall goal is: worldwide distribution or corporate deployment, or what exactly it is
that you are doing. This has major implications for what makes sense
in terms of solutions. For corporate deployment even a batch file
might be fine. In most cases I would recommend WiX Burn (free,
capable, maintained - i.e security fixes).
Batch (or PowerShell, ActiveScripting, etc...): For corporate deployment a simple batch file can work, just to point out the obvious. It can even work in combination with deployment tools such as SCCM (which has many other ways to deploy things of course). You can probably combine a batch file with the self-extracting archive tools below as well. Not something I like to use for security reasons. Silent installation of MSI files (command line sample).
7-Zip - et al: This tool (and similar tools, such as WinRAR) can make self-extracting archives that run a command on extract. I have seen many people get problems with these tools, and often security related - or runtime dependency hiccups.
dotnetinstaller bootstrapper: Not something I know much about. It is just a bootstrapper. Runs things in sequence for you. Here it is on github.com (open source). When I tried it - briefly - I found it a bit weird. Just want to mention it.
NSIS: As suggested by Zett42 above. Note that I have seen problems with NSIS binaries with malware scanners (tool author took measures quickly when I reported it). Run the finished product by virustotal.com to check for false positives. This goes for all other tools as well though.
Inno: Again: not a tool I use, but should be capable of doing what you need.
WiX Burn: This is probably the most flexible and capable option that is free. Commercial tools will have more ease-of-use, but this framework should cover most use cases I think. Somewhat fiddly - it is complex and capable. See top colored section here for WiX Burn "how-to" links.
Commercial Options: And there are several commercial options: Advanced Installer (very advanced: conditional install of prerequisites), Installshield (screen shot of main view suite projects), etc...
Some Links:
Error Creating a 7-zip installer package
How to create windows installer
Commonly Used Deployment Tools (MSI)

How to monitor and log manual installation

I need to investigate the installation of a product that consists out of several setup.exe files, MSI installers and related prerequisites. My thoughts are; I perform the installation manually and another piece of software monitors and logs what is installed and when it is installed. So I can figure out the sequence the software is installed so I can package it.
Deployment / Installation: The better way to do this would be to install the MSI files in the correct sequence once you have extracted them all from the setup.exe files. You can then install all required components via a distribution system, or even just via a batch file.
Even without extraction you can install the different components via a batch file or a distribution system such as SCCM - if you figure out what switches to use for the setup.exe to run them reliably in silent mode (which is not always that easy - and sometimes impossible, and generally always somewhat unreliable - which is why we tend to convert legacy setup.exe files to MSI format - or App-V). Check this answer for a description of how to run various setup.exe files in silent mode (towards bottom). They are not created the same, and they support very different switches depending on what tools they were made with (WiX Burn, Installshield, Wise, Advanced Installer, PACE Suite, Wise, Inno Setup, NSIS, etc... See more on these tools below). MSI tools (includes the free, open source WiX toolkit). Non-MSI tools.
To get a rough idea of what has been installed by running your deployment operation, you could check the list of installed product in Add / Remove Programs before and after installation. Products can be installed without showing up here - which I am sure you are aware of. Working out the exact details can take quite a while. You can also check event logs and see what new shortcuts were created on the start menu, if any. You can also compare the disks (installation folders) of a clean and a deployed virtual machine. There are many tricks and ways to get an idea of what was installed. The best is often to run in interactive mode and see what each installation screen tells you about what is being installed. Also look for documentation embedded in the setups or in installation folders after installation.
Overall - if you ask me - I would say: Get on the phone and call the software vendor and ask for their documentation on the deployment of their software. They should be able to provide both documentation, examples and basic help on what is necessary to run their software solution. And the good, real-world advice that they just didn't get time to add to their documentation - or was acquired after it was written. The real solutions. If they can't, why not question the whole software solution? I have wanted to throw out dysfunctional software many times, based on their poor deployment strategies. A massive cost for clients to deal with, and sometimes impossible to fix in reliable ways.
Extract Setup.exe: I have an "organically evolved" answer here on the issue of setup.exe extraction - in other words getting the MSI files (if any) out of the wrapper setup.exe files. When I say organic, I mean that the answer has been updated so many times that it has become a structured mess, but it is still OK information if you take the time to read it (I think): Extract MSI from EXE.
Capture / Repackaging: It is possible to "capture" the installation of legacy setup.exe files and convert them to MSI format, or App-V which many corporations use as their deployment format these days. They usually use repackaging tools (list from installsite.org) to do this, and they are available as commercial tools like AdminStudio (from Installshield now Flexera), Advanced Installer Architect, PACE Suite, etc... There used to be several free capture tools out there, but they tend to disappear over time as they don't get maintained. MSI files should generally not be repackaged - it is very ill-advised to try to do so - they are almost always possible to run reliably in silent mode, barring a few relatively common design flaws (that can usually be resolved with acceptable efforts by trained packagers). If your organization uses App-V, though, then this is often what they do - repackage MSI installations - and other types of installations.

VB6 app - move server

I am supporting a vb6 application. I am trying to transfer the executable and DLL to a new server and I am prompted with component not registered errors. I have got round this by manually registering the components on the new server.
I have found two files with file extensions of 000 and 001 that have registry commands in them (registering components) Can anyone explain how these files are generated? I have experience creating installation files in vb.net to a certain extent.
Repackaging and redeployment is not a developer issue and really doesn't belong here. Such issues are more appropriate for someplace like ServerFault.
It is one thing to have lost all of the source code of an application, but even worse in some ways to have lost the deployment package. Sadly some shops fail to archive either of these.
However it was also common enough for shops to see RAD tools like VB6, Delphi, PowerBuilder, etc. as things to shove off on the worst of the worst of their developers. These poor slobs seldom got official Microsoft training that should have emphasized the importance of creating proper installers. For that matter even those courses tended to marginalize the topic. It doesn't help that the Web is full of "Mort teaching Mort" half-baked development even today, or that the pioneers who wrote many of the early serious VB programming books tended to be loose cannons and contrarians who didn't really believe deployment was a serious concern.
The end result is that lots of shops have machines with VB6 programs shoehorned onto them in a half-baked way. Often when deadlines loomed they let Old Mort install VB6 right onto the production server and let him hack away right there! So it's no wonder people get into trouble once a server needs to be replaced or its OS updated.
Those REG files with .000, .001, etc. extensions aren't anything normal that I'm aware of. For all I know they've fallen out of REGMON runs or some 3rd party packaging tool. Manual registry exports created using REGEDIT would normally have .REG extensions.
If you are actually "supporting" this application it implies that you have the source code, VB6 compiler, developer install packages for any 3rd party controls, and a writeup describing any special packaging and installation requirements (target machine DCOM/COM+ configuration, system requirements such as IIS or MSMQ or 3rd party DBMS Providers and Drivers, special folder requirements, software firewall rules, etc.).
From those it ought to be possible to compile a clean new copy of the EXE, DLLs, etc. and create a clean deployment package - even if some configuration still needs to be done manually before and after running the installer.
Without those you are a computer janitor and your question belongs over at ServerFault. It is no fun, I know. I've had to take part in such janitorial services myself all too often.

Installers: WIX or Inno Setup? [closed]

Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 3 years ago.
Improve this question
I'm comparing these two tools. The impression I have is:
Inno Setup does not produce an MSI, but can do everything WIX can do
WIX does produce an MSI, but has a steep learning curve
Do you agree with this characterization? What other differences are there? How does WIX# shake-up this story? Since Inno Setup does not use the windows installer, does it have difficulty with uninstalls? Can Inno Setup, upon command, downgrade an installation to an earlier version - or can it only install / upgrade applications?
It's been a long time since I worked with MSI, when I switched to InnoSetup I never looked back.
I did not want my installation to be a headache. I needed something where I could "Set it and forget it"
By default InnoSetup produces an uninstall.
It can handle simple or complex install and uninstall needs.
With InnoSetup You have a few different ways you can upgrade applications.
Initially we did use the overwrite method which just overwrote the existing installation.
Recently we switched an automatic uninstall of the previous version when new version was installed.
With InnoSetup downgrades are typically uninstall and reinstall the older version.
You are right about the MSI not MSI part and you are right that learning curve of MSI is steeper. But both have features others don't. Let me quote Glytzhkof on the advantages of MSI.
Glytzhkof says hi ;-). Please do read both my original answers on serverfault.com for a summary of common problems with MSI resulting from its steep learning curve. This answer here focuses on the theoretical benefits, the other answer (in the same thread) summarizes common MSI problems off the top of my head. Additions there are most welcome - I just added the most common issues.
Transparency (Open installer format)- An MSI can be reviewed and
inspected. This is a huge issue for
large corporations. With the exception
of compiled custom actions an MSI file
is a "white box". If the setup changes
something crazy such as the
system-wide network settings, you can
actually see it.
Customizability - An MSI can be customized via transforms to fit an
organization's needs and standards
whilst still allowing interoperability
with the vendor's installer updates.
You don't change the installer itself,
you create your customization in a
separate, organization-specific file
called the transform. You are free to
disable custom actions and in general
anything in the installer, and "black
box" custom actions can be approved by
contacting the vendor for explanation.
These transform files are also
sometimes used to localize an MSI file
to different languages. Several
transforms can be applied to a single
MSI.
Standardization - MSI does not lend itself to "allowing anything". It
provides a comprehensive framework for
the installer, which crucially also
includes the uninstall - all in
standard format. The installer GUI is
also standardized with built-in
features to support silent
installation and uninstallation which
can be triggered remotely.
Management and reporting - Windows Installer maintains a
comprehensive database of all items a
product has installed. You can
reliably determine if a product is
installed, what features were
installed, and what file versions were
installed. In addition you can get a
list of any patches that have been
applied to the base product, if any.
Security - following from the comprehensive installation database it
is possible to detect security
vulnerabilities in the installed
products. MSI also encompasses
"elevated rights" principles which allows a restricted user to trigger
the install of a product that requires
admin privileges to install. This is
part of the "advertisement feature"
which allows an administrator to make
installers available to users without
actually installing them on all
workstations. There is no need to mess
with temporary rights to get things
working.
Validation - MSI files can be checked with validation rules to
ensure it is in compliance with a
number of internal consistency rules
(referred to as ICE). Corporations can
create their own ICE checks to enforce
special corporate rules and
requirements. This helps greatly with
QA.
Resiliency - The Admin install feature of Windows installer
provides a standard way to extract the
source files from an MSI. These source
files can then be put on a share and
be available to all workstations for
installation. This ensures repair,
uninstall and modify operations
complete without requesting the
installation media on CD or similar.
This is particularly important for
patching and update operations which
may require access to the old versions
source files in special circumstances.
Rollback - The installation of an MSI file will normally trigger the
creation of a restore point.
Furthermore all files and registry
items replaced or overwritten during
the installation will be saved and
restored if the install fails to
complete. This ensure that the
workstation is left in a stable state
even if the install should fail. As
you might expect poorly designed MSI
files can violate the built-in
features of Windows here, see my other
post in this thread for more details.
Patching & Updates - though highly complex patching in Windows
installer is fully managed and
registered on the system so that a
systems security state can be
determined by checking what has been
installed. Updates are standardized to
a few basic variants, and this allows
updates to be performed with a higher
degree of certainty. Deployment
systems will be able to report what
updates failed and why.
Logging - Windows Installer provides a standardized logging
feature which is greatly superior to
previous incarnations, though almost
excessively verbose. Log files can be
deciphered using log analyzers, and
custom log levels can be used to
eliminate generating too large log
files with unnecessary information.
For debugging purposes verbose logging
is extremely useful. See Rob Mensching's blog for a good manual way to read an MSI log file.
I'm late to responding to this thread. I have used Inno Setup for my company's product for years. It does most things very well but the biggest hurdle for me is custom actions. In Inno Setup, one must use a variant of the Pascal language. With the WiX Toolset, I can and do use C# for my custom actions which is much more comfortable for me. Admittedly, that is a personal preference but it is the primary reason why I switched from an otherwise excellent Inno Setup platform to an also excellent WiX platform. That, and the fact that there were so many benefits from using MSIs which have already been mentioned in another response.
Frankly, for me, the learning curve of Pascal was greater than that of WiX using the book, WiX 3.6: A Developer's Guide to Windows Installer XML.
I realize this answer comes VERY late. But I ran into this post and figured one answer to the question could simply be: "Why not have both?" (eat cake and have it too) and also "Why expend the effort on implementing both when I could just expend the effort for one and get the second one for practically free?"
Toward that end, I present an Inno Setup script w/ MSI support:
https://github.com/cubiclesoft/php-app-server/blob/master/installers/win-innosetup/yourapp.iss
There are some custom Pascal functions in use here that kick in when passed /MSI={GUID} on the command-line that trigger useful changes to the script (e.g. no Uninstall icon in Start or Add/Remove Programs).
And I present a WiX script w/ support for the above Inno Setup script:
https://github.com/cubiclesoft/php-app-server/blob/master/installers/win-wix/yourapp.wxs
The WiX script wraps the Inno Setup-based installer EXE (the only payload) in a way that triggers the Inno Setup script to do things in a more MSI-compatible way and cranks out the MSI. It isn't perfect, but it saves a ton of time by letting you do things the Inno Setup way and then get most of the benefits of MSI (e.g. GPO/SCCM/DSC silent deployment) without pulling hair. This works best if mostly just deploying files to the system and a handful of registry entries (i.e. a basic app). I wouldn't recommend this approach for a larger application where there are lots and lots of components, but if you try it and it works, let me know! Having a MSI version that launches the Inno Setup EXE at least gives sysadmins doing deployments something reasonable to chew on.
Note that the WiX script depends on the custom Pascal functions on the Inno Setup side of things. You can't just take any ol' Inno Setup installer and wrap it with the WiX script and expect it to work (it probably won't). But maybe a future version of Inno Setup will natively support something similar.
We integrated both into our build system.
But we decided to promote innosetup exe files for non business customers and msi only on demand for one simple reason.
You can't ship a multi-localized version of setup program with MSI. You would need one installer for every language and this sucks huge. There might be some heavy hacking allowing you to rewrite the whole GUI but this is not well documented and no open source to steal and a lot of work.
The GUI is infact tbe worst part on WiX which otherwise is technically superior to Innosetup.
With Innosetup it's easy to ship one exe in 5 languages. We already have 6 binaries [Free,Home,Pro - each 32/64bit] so the variant explosion would be just huge and if you market a japanese version with a japanese webpage and the first thing that comes up is an english only installation it is a bad impression.
The MSI for business users who need group policies etc. is english only and thats fine for business users.

Wrapping an existing EXE into an MSI - drawbacks?

We've got an EXE which works great for installing our application. However, we have multiple customers who are requesting an MSI for ease of deployment in their current domain.
If we use our existing EXE install process, can we wrap that into an MSI and expect good results? The EXE creates an "Uninstall" that is added to the control panel's uninstall list... will the MSI also generate an uninstall point, leaving us with two entries?
Is there anything else I should watch for?
Thanks
Your customers are probably asking for MSIs so they can manipulate the MSI with the variety of tools that work only on MSIs. For example, there are deployment tools that are able to look at MSIs and only send down the changed files to a system when it gets a new version of the MSI. These work off the file table in the MSI. If you wrap your exe in a MSI, the only file in your MSI file table is the exe, which makes tools used to manipulate the files you are installing, useless.
An EXE setup file can be anything, including an MSI in a setup.exe launcher. However, in your case I don't believe that is the case. You probably have a legacy non-MSI installer.
Most big companies actually take older, legacy-style setups and repackage them as MSI themselves - whole teams exist to do this job (as mentioned by Linda). This is to benefit from a substantial number of MSI benefits for corporate use that are crucial for large scale deployment (the administration of software for many computers). See the same link for common problems with MSI files - it is definitely not an easy technology to deal with.
Wrapping your existing EXE in an MSI is not an option. This adds nothing but risk and complexity for no gain at all. In fact you will irritate application packagers in large companies by making it harder to repackage the right way.
Remaking your setup to be an MSI file is a good investment if you use good consultants to do it, or take the time to train your developers to do it right. MSI is an unusual technology, and distinctively unorthodox to deal with. Many developers feel it is impossible to understand, and for good reason. It is an entirely different installation paradigm than what used to be.
The latest and greatest for MSI is the Wix toolkit. A free open-source toolkit allowing you to create full-fledged MSI files without any expensive third-party tools. This short summary of its history and creation might be helpful to understand what MSI is about as well.
I guess the overall summary is that wrapping your software in an MSI file is no small investement with regards to the work involved, but it has major benefits when done right.
Wrapping your existing EXE inside an MSI has no value at all - it just causes new problems.

Resources