Application repackaging – Active Setup & Windows Installer Repair

If you repackage or deploy applications you need to know about Active Setup and Windows Installer Repair

The best methods are documented first, but also other alternative ways.

Method I

Active Setup Method:

This is one of the best practices in MSI Packaging which uses the native Active Setup behavior of Windows and Windows Installer HKCU keys repair techniques.

One should follow these specific steps while using this method:

  1. Make sure all HKCU keys in the MSI Package that we are creating are under structured component names like CurrentUser, CurrentUser1, etc.
  2. The Package author should be able to judge and set the key path for that Component properly.
  3. As per Microsoft Component guidelines, make sure the components containing HKCU keys are as few in count as possible, for example only one component (CurrentUser) with all HKCU keys with best key path set is the best practice.
  4. Create the following registry keys under the main hive:
  1. HKLMSoftwareMicrosoftActive SetupInstalled Components{GUID of the MSI}
  2. ComponentID=PackageName_ComponentName
  3. StubPath=[SystemFolder]msiexec.exe /fu {Product Code of the MSI} /q
  4. Version=ProductVersion

The principle of Active Setup behavior is when a new user logs on for the first time, then the Active Setup will perform a checksum between HKLMSoftwareMicrosoftActive SetupInstalled Components{GUID of the MSI} and HKCUSoftwareMicrosoftActive SetupInstalled Components{GUID of the MSI}; and if the GUID is not present under HKCU, then it performs all actions which are under that main hive (StubPath, Version) and populates the GUID under HKCU. The main Advantage of Active Setup is it performs an action only once per User with the Checksum behavior by matching the entries under HKLM and HKCU.

Method II

Active Setup Method:

This method can be used for both MSIs and Non-MSIs

Create a silent SMS script or Wise Script (for eg:-Script.exe) which will create the needed HKCU registry entries for the application. Then place that EXE in the Application [INSTALLDIR] in your MSI Pkg or Executable binary memory.

Then create the following additional registry entries in the MSI Package or within the Script whichever is applicable:

HKLMSoftwareMicrosoftActive SetupInstalled Components{GUID or AppName}

ComponentID=PackageName_ComponentName

StubPath=”[INSTALLDIR]Script.exe”

Version=ProductVersion

 

The Active Setup performs the regular checksum (comparison of entries under) HKLM and HKCU and if the respective unique GUID or AppName is not present under HKCU hive, then it will perform all actions (StubPath, Version) and populates the GUID or AppName under HKCU hive too. This is only once per user — for the first time — to populate HKCU hive.

Method I and method II use the Active Setup feature, and One should understand the advantages of one over the other. Method I requires source resiliency to populate HKCU keys, where as method II does not require this as the Script.exe does everything.

Method I and method II can be used in any scenarios like if Advertised entry points are present or NOT present.

Method III

Windows Installer repair method

Typically the body of the script will be;

Check for the existence of a Flag key under
HKCUSoftwareCompany NameApplications{ProductName][productversion]
Installed=True

If the key exists then quit else initiate the Windows Installer repair to populate HKCU keys:

Msiexec /fu {Product Code of the MSI} /q

 

And edit and create registry key (Basically a Flag Key which can be any key which your firm adopts)
HKCUSoftwareXYZ*Applications{ProductName][productversion]
Installed=True
End
* XYZ= Name of the organization Company
And keep this script exe in HKLMSoftwareMicrosoftWindowsCurrentVersionRun.

One should keep in mind that the /p switch can also be used to repair files (populate) user-specific data (Profile data) with the following syntax:

Msiexec /fup {Product Code Of the MSI) /q

 

Method IV

Silent empty exe with valid shortcut:

Create a silent empty exe and its Advertised shortcut and place both of them in the Application [INSTALLDIR]. And use them as entry points to trigger healing to populate HKCU keys.

ATEA Essentials – AdminAccess

Allowing a known user to elevate specific applications or tasks on demand

http://www.youtube.com/watch?v=-ZrL_rbqYlI

In the video we are logged on a workstation with the TestUser
TestUser is not member of the Local Administrators group
TestUser is member of the custom created local group AdminAccess

When requesting local administrators access using the tray icon, it will verify that we are a know user that is a member of the local group AdminAccess. If we are member of the local group we will be elevated for a predefined number of minutes (2 minutes in the example)

When elevated, we can click on any application and RunAs Administrator – we will as always be prompted for our logged on credentials, but this time the application is running with local administration privileges.

When the timer hits 2 minutes, our administration privileges are expired.

This will make it possbile ONLY to elevated, when needed and not having to load the full profile with administrative privileges

The tray icon does not require addtional rights to run
A local system service will handle all requests
All options are configurable through gpo and/or registry

Download the Windows Assessment and Deployment Kit (ADK) for Windows 8.1

The Windows Assessment and Deployment Kit (Windows ADK) is a collection of tools that you can use to customize, assess, and deploy Windows operating systems to new computers.

Supported Operating System

To install the Windows ADK, your computer must be running one of the following operating systems:

• Windows 8.1
• Windows 8
• Windows 7
• Windows Server 2012 R2
• Windows Server 2012
• Windows Server 2008 R2

Direct Download Link: http://download.microsoft.com/download/6/A/E/6AEA92B0-A412-4622-983E-5B305D2EBE56/adk/adksetup.exe

After installing IE10, sysprep fail with error: SYSPRP LaunchDll:Could not load DLL C:WindowsSysWOW64iesysprep.dll[gle=0x000000c1]

This took me quite some time to figure out.

When running a build and capture task sequece from ConfigMgr, it won’t give any errors

Even after the image is captured and ready for re-deployment, the error appears when trying to run Setup Windows and Configmgr from a deployment task sequence. It would just break/stop right in the middel of that process, leaving your with pretty mush a useless deployment

Solution:

Set permission for group Administrators ( Full Control ) to

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionSetupSysprepCleanup

Value Name

{EC9FE15D-99DD-4FB9-90D5-5B56E42A0F80}

Value Data

C:WindowsSysWOW64iesysprep.dll,Sysprep_Cleanup_IE

replace with

C:WindowsSystem32iesysprep.dll,Sysprep_Cleanup_IE

Set permission for group Administrators ( Full Control ) to

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionSetupSysprepGeneralize

Value Name

{EC9FE15D-99DD-4FB9-90D5-CE53C91AB9A1}

Value Data

C:WindowsSysWOW64iesysprep.dll,Sysprep_Generalize_IE

replace with

C:WindowsSystem32iesysprep.dll,Sysprep_Cleanup_IE

Set permission for group Administrators ( Full Control ) to

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionSetupSysprepSpecialize

Value Name

{EC9FE15D-99DD-4FB9-90D5-676C338DC1DA}

Value Data

C:WindowsSysWOW64iesysprep.dll,Sysprep_Cleanup_IE

replace with

C:WindowsSystem32iesysprep.dll,Sysprep_Cleanup_IE

setting this from a batch file:

IEhotfix.cmd:

regini -m \%computername% iesysprep.dll.txt  reg add HKLMSOFTWAREMicrosoftWindowsCurrentVersionSetupSysprepCleanup /v {EC9FE15D-99DD-4FB9-90D5-5B56E42A0F80} /t REG_SZ /d “C:WindowsSystem32iesysprep.dll,Sysprep_Cleanup_IE” /f  reg add HKLMSOFTWAREMicrosoftWindowsCurrentVersionSetupSysprepGeneralize /v {EC9FE15D-99DD-4FB9-90D5-CE53C91AB9A1} /t REG_SZ /d “C:WindowsSystem32iesysprep.dll,Sysprep_Cleanup_IE” /f  reg add HKLMSOFTWAREMicrosoftWindowsCurrentVersionSetupSysprepSpecialize /v {EC9FE15D-99DD-4FB9-90D5-676C338DC1DA} /t REG_SZ /d “C:WindowsSystem32iesysprep.dll,Sysprep_Cleanup_IE” /f

iesysprep.dll.txt

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionSetupSysprepCleanup [1] HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionSetupSysprepGeneralize [1] HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionSetupSysprepSpecialize [1]

Microsoft Deployment Toolkit 2013 Preview Now Available

MDT 2013 Preview includes:

  • Support for the Windows Assessment and Deployment Kit (ADK) for Windows 8.1 Preview. (The Windows ADK for Windows 8.1 Preview is available on the Microsoft Download Center.)´
  • Support for deployment of Windows 8.1 Preview and Windows Server 2012 R2 Preview, as well as Windows 7 and Windows 8 families of operating systems.
  • Support for zero-touch integration (ZTI) with System Center 2012 R2 Configuration Manager Preview.

Dont forget to sign up for the Client Management program on Connect in the MDT group.

 

http://connect.microsoft.com/ConfigurationManagervnext/Downloads/DownloadDetails.aspx?DownloadID=50082

 

 

PowerCFG – a bit further….

A bit further using PowerCFG…

Found this nice list on Richard Smiths blog

sets the power configuration to High Performance
powercfg -setactive 8c5e7fda-e8bf-4a96-9a85-a6e23a8c635c

tweaks the basic power settings
powercfg -change -hibernate-timeout-ac 0
powercfg -change -hibernate-timeout-dc 0

turns hibernation off
powercfg -hibernate OFF

require password when console wakes up (0=false, 1=true)
powercfg -setacvalueindex 8c5e7fda-e8bf-4a96-9a85-a6e23a8c635c fea3413e-7e05-4911-9a71-700331f1c294 0e796bdb-100d-47d6-a2d5-f7d2daa51f51 0
powercfg -setdcvalueindex 8c5e7fda-e8bf-4a96-9a85-a6e23a8c635c fea3413e-7e05-4911-9a71-700331f1c294 0e796bdb-100d-47d6-a2d5-f7d2daa51f51 0

also needed to show up on Power Menus…
powercfg -setacvalueindex 381b4222-f694-41f0-9685-ff5bb260df2e fea3413e-7e05-4911-9a71-700331f1c294 0e796bdb-100d-47d6-a2d5-f7d2daa51f51 0
powercfg -setdcvalueindex 381b4222-f694-41f0-9685-ff5bb260df2e fea3413e-7e05-4911-9a71-700331f1c294 0e796bdb-100d-47d6-a2d5-f7d2daa51f51 0

power plan type (0=power saver, 1=high performance, 2=balanced)
powercfg -setacvalueindex 8c5e7fda-e8bf-4a96-9a85-a6e23a8c635c fea3413e-7e05-4911-9a71-700331f1c294 245d8541-3943-4422-b025-13a784f679b7 1
powercfg -setdcvalueindex 8c5e7fda-e8bf-4a96-9a85-a6e23a8c635c fea3413e-7e05-4911-9a71-700331f1c294 245d8541-3943-4422-b025-13a784f679b7 1

hard disk timeout
powercfg -setacvalueindex 8c5e7fda-e8bf-4a96-9a85-a6e23a8c635c 0012ee47-9041-4b5d-9b77-535fba8b1442 6738e2c4-e8a5-4a42-b16a-e040e769756e 0
powercfg -setdcvalueindex 8c5e7fda-e8bf-4a96-9a85-a6e23a8c635c 0012ee47-9041-4b5d-9b77-535fba8b1442 6738e2c4-e8a5-4a42-b16a-e040e769756e 0

wireless adapter power (0=max perf, 1=low power saving, 2=med power saving, 3=max power saving)
powercfg -setacvalueindex 8c5e7fda-e8bf-4a96-9a85-a6e23a8c635c 19cbb8fa-5279-450e-9fac-8a3d5fedd0c1 12bbebe6-58d6-4636-95bb-3217ef867c1a 0
powercfg -setdcvalueindex 8c5e7fda-e8bf-4a96-9a85-a6e23a8c635c 19cbb8fa-5279-450e-9fac-8a3d5fedd0c1 12bbebe6-58d6-4636-95bb-3217ef867c1a 0

sleep timeout
powercfg -setacvalueindex 8c5e7fda-e8bf-4a96-9a85-a6e23a8c635c 238c9fa8-0aad-41ed-83f4-97be242c8f20 29f6c1db-86da-48c5-9fdb-f2b67b1f44da 0
powercfg -setdcvalueindex 8c5e7fda-e8bf-4a96-9a85-a6e23a8c635c 238c9fa8-0aad-41ed-83f4-97be242c8f20 29f6c1db-86da-48c5-9fdb-f2b67b1f44da 0

close action (0=do nothing, 1=sleep, 2=hibernate, 3=shutdown)
powercfg -setacvalueindex 8c5e7fda-e8bf-4a96-9a85-a6e23a8c635c 4f971e89-eebd-4455-a8de-9e59040e7347 5ca83367-6e45-459f-a27b-476b1d01c936 0
powercfg -setdcvalueindex 8c5e7fda-e8bf-4a96-9a85-a6e23a8c635c 4f971e89-eebd-4455-a8de-9e59040e7347 5ca83367-6e45-459f-a27b-476b1d01c936 0

also needed to show up on Power Menus…
powercfg -setacvalueindex 381b4222-f694-41f0-9685-ff5bb260df2e 4f971e89-eebd-4455-a8de-9e59040e7347 5ca83367-6e45-459f-a27b-476b1d01c936 0
powercfg -setdcvalueindex 381b4222-f694-41f0-9685-ff5bb260df2e 4f971e89-eebd-4455-a8de-9e59040e7347 5ca83367-6e45-459f-a27b-476b1d01c936 0

processor power cstate (0,1=power saver, 2,3=balanced, 4,5=high perf)
powercfg -setacvalueindex 8c5e7fda-e8bf-4a96-9a85-a6e23a8c635c 54533251-82be-4824-96c1-47b60b740d00 68f262a7-f621-4069-b9a5-4874169be23c 4
powercfg -setdcvalueindex 8c5e7fda-e8bf-4a96-9a85-a6e23a8c635c 54533251-82be-4824-96c1-47b60b740d00 68f262a7-f621-4069-b9a5-4874169be23c 4

minimum processor state
powercfg -setacvalueindex 8c5e7fda-e8bf-4a96-9a85-a6e23a8c635c 54533251-82be-4824-96c1-47b60b740d00 893dee8e-2bef-41e0-89c6-b55d0929964c 100
powercfg -setdcvalueindex 8c5e7fda-e8bf-4a96-9a85-a6e23a8c635c 54533251-82be-4824-96c1-47b60b740d00 893dee8e-2bef-41e0-89c6-b55d0929964c 100

processor power perfstate settings
powercfg -setacvalueindex 8c5e7fda-e8bf-4a96-9a85-a6e23a8c635c 54533251-82be-4824-96c1-47b60b740d00 bbdc3814-18e9-4463-8a55-d197327c45c0 4
powercfg -setdcvalueindex 8c5e7fda-e8bf-4a96-9a85-a6e23a8c635c 54533251-82be-4824-96c1-47b60b740d00 bbdc3814-18e9-4463-8a55-d197327c45c0 4

monitor timeout
powercfg -setacvalueindex 8c5e7fda-e8bf-4a96-9a85-a6e23a8c635c 7516b95f-f776-4464-8c53-06167f40cc99 3c0bc021-c8a8-4e07-a973-6b14cbcb2b7e 0
powercfg -setdcvalueindex 8c5e7fda-e8bf-4a96-9a85-a6e23a8c635c 7516b95f-f776-4464-8c53-06167f40cc99 3c0bc021-c8a8-4e07-a973-6b14cbcb2b7e 0

multimedia settings (0=take no action, 1=prevent computer from sleeping, 2=enable away mode)
powercfg -setacvalueindex 8c5e7fda-e8bf-4a96-9a85-a6e23a8c635c 9596fb26-9850-41fd-ac3e-f7c3c00afd4b 03680956-93bc-4294-bba6-4e0f09bb717f 2
powercfg -setdcvalueindex 8c5e7fda-e8bf-4a96-9a85-a6e23a8c635c 9596fb26-9850-41fd-ac3e-f7c3c00afd4b 03680956-93bc-4294-bba6-4e0f09bb717f 2

set the absentia power scheme (the scheme used when no one is logged in)
powercfg -setabsentia 8c5e7fda-e8bf-4a96-9a85-a6e23a8c635c

New Features WinPe 3.1

New features in Windows PE 3.1:

  • The number in the Version registry value is 3.1 to reflect the new Windows PE version.
  • The Windows PE 3.1 base image contains Remote Network Driver Interface Specification (RNDIS) binaries. These binaries are also available for Windows PE 3.0 as a hotfix. For more information, see Knowledge Base Article ID: 979265.
  • Windows PE 3.1 includes 802.1x binaries as an optional component. The file name of this package is WinPE-Dot3Svc.cab. This optional component is also available for Windows PE 3.0 as a hotfix. For more information, see Knowledge Base Article ID 972831.
  • The Windows PE 3.1 base image contains fixes that are related to 4k/512e drive support. These fixes are also available for Windows PE 3.0 as a hotfix. For more information, see Knowledge Base Article ID: 982018.
  • Windows PE 3.1 includes bug fixes that are related to the Windows PE version that is included with Windows 7 SP1.

Windows Automated Installation Kit for Windows 7 SP1 can be downloaded from Microsoft Download Center, or directly using the direct download link: waik_supplement_en-us.iso (English).

To install the WinPE 3.1 for Windows 7 SP1 supplement, mount the ISO image and copy the content on the DVD ISO image to replace the Windows AIKToolsPETools folder.