AppREPACK

Friday, 22 June 2012

how to get MSI property value from within a deferred custom action

Background

A Basic MSI installation program does not use an explicit script to drive the installation, but instead uses sequences of actions to determine the dialog boxes and operations the installation program should display and perform. In this sense, MSI actions are analogous to function calls in a typical programming language.

There are two sequences used by a typical installation program: the User Interface sequence and the Execute sequence. The User Interface sequence displays dialog boxes and queries the target system, but does not make any system changes. The Execute sequence performs system changes, but does not display a user interface.

Analogous to variables in a programming language are Windows Installer properties. Windows Installer defines dozens of predefined properties, and an installation author can define custom properties to store any extra data needed at run time. A property can, for example, be set by the user in a dialog box, and then later be written to the registry.

Property names are case sensitive. Two classes of MSI properties are public properties, which have names containing only uppercase letters (examples are USERNAME and INSTALLDIR); and private properties, whose names contain at least one lowercase letter (as in AdminUser and ProgramFilesFolder). The values of public properties can be set at the command line, and their values are preserved when execution switches from the User Interface sequence to the Execute sequence. Private properties, on the other hand, cannot have their values set at the command line, and are reset to their default values when execution switches from the User Interface sequence to the Execute sequence.

During installation, the Execute sequence runs in two stages, immediate mode and deferred mode. Immediate mode walks through the actions in the Execute sequence, generating an internal, hidden installation script; this script contains, for example, instructions for what files, registry data, shortcuts, and so forth, to install. Immediate mode does not touch the target system. Note that the User Interface sequence runs only in immediate mode.

The second stage of the Execute sequence, deferred mode, carries out the system changes described by this internal installation script. (Strictly speaking, deferred mode is performed only for actions between the built-in actions InstallInitialize and InstallFinalize.) During deferred execution, MSI property values are fixed and cannot be changed. Moreover, the values of only a handful of MSI properties can explicitly be read during deferred execution.

Getting Property Values in Custom Actions

When you need to extend the behavior of an installation program, you can write one or more custom actions. MSI supports custom actions that launch executables, set MSI property values, and call various types of DLL and script functions.

During immediate execution, a VBScript custom action can read the value of an MSI property using the Property property of the Session object. For example:

' get a property value during immediate mode
MsgBox "Right now, USERNAME is: " & Session.Property("USERNAME")

Similarly, a C or C++ DLL or an InstallScript custom action can call the MsiGetProperty API function to read the value of a property.

As mentioned above, however, getting the value of an MSI property during deferred execution is somewhat more difficult, as deferred actions have access to only a very few built-in properties: ProductCode, UserSID, and CustomActionData. (Note that this statement is untrue for built-in types of actions that use property values as arguments. For example, a deferred launch-an-EXE action that uses "[INSTALLDIR]Readme.txt" as its argument will have the INSTALLDIR property resolved during immediate mode and fixed during deferred mode. It is only custom actions that explicitly read a property value using Session.Property or MsiGetProperty that need to use the technique described here.)

It is this last property, CustomActionData, that is used to read a property value in a script during deferred mode. For an example, suppose you have a deferred VBScript custom action called "ReadPropDeferred", in which you want to read the value of the USERNAME property. The steps involved in populating this property are the following:

Create an immediate-mode set-a-property custom action that sets a property called ReadPropDeferred to the value of the USERNAME property. That is, in the Custom Actions view, create a set-a-property action with property nameReadPropDeferred and value [USERNAME], and schedule the action somewhere before the ReadPropDeferred action. The main idea is that the property name here is the same as your deferred action name.
In the deferred VBScript code of the ReadPropDeferred action, use Session.Property("CustomActionData") to read the desired value:

At run time, the immediate action that sets the ReadPropDeferred property populates CustomActionData for that specific deferred action; and the deferred ReadPropDeferred action reads CustomActionData (instead of USERNAME) to determine the desired data. Of course, this same technique can be used with DLL custom actions that use MsiGetProperty to read property values.

As mentioned above, during deferred execution the installation script is fixed, and therefore property values cannot be set from within a deferred custom action.

Thursday, 21 June 2012

AppV Client Logging

The App-V client logs information to both the Windows Event log and to a local log file. Both of these logging options can be adjusted to change the type of information that is captured. The local file based log can only be accessed by a local administrator of the machine or the SYSTEM account on the machine.

File Log

The local cache is located in profiles \All Users(Public on Vista)\Application Data\Microsoft\Application Virtualization Client\sftlog.txt. The settings for this file can be modified using the registry at the following location:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SoftGrid\4.5\Configuration

Value	Default	Description
LogFileName	CSIDL_COMMON_APPDATA\Microsoft\Application Virtualization Client\	Client log file. Can be modified to change the log file location. You must restart the sftlist service after changing this value.
LogMinSeverity	4, Informational	Controls which messages are written to the log. The value indicates a threshold of what is logged – everything at and below that value is logged. For example, a value of 0x3 (Warning) indicates that Warnings (0x3), Errors (0x2), and Critical Errors (0x1) are logged. Value Range: 0x0 == None, 0x1 == Critical, 0x2 == Error, 0x3 == Warning, 0x4 == Information (Default), 0x5 == Verbose
LogRolloverCount	4	Defines the number of backup copies that are kept of the log file, sftlog.txt when it is reset. The valid range is 0-9999. The default is 4. A value of 0 means no copies will be kept.
LogMaxSize	256	Defines the size in megabytes that the log file can reach before being reset. The default size is 256 MB. When this size is reached, a log reset will be forced on the next write attempt.

System Event Log Level

The system event logging level can be configured using the App-V Client Management Console by right clicking the root node and going to properties.

Managing the event logging that will be recorded can also be modified by using the following registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SoftGrid\Client\CurrentVersion\Configuration\

This registry value indicates the logging level at which App-V log messages will get written to the NT event log. The value indicates a threshold of what is logged – everything at and below that value is logged. For example, a value of 0x3 (Warning) indicates that Warnings (0x3), Errors (0x2), and Critical Errors (0x1) are logged.

Value	Default	Recommend Management Server Configuration
SystemEventLogLevel	4 (Information)	· 0 == None · 1 == Critical · 2 == Error · 3 == Warning · 4 == Information · 5 == Verbose

AppV Per-Package File System Container Volumes

The per-package file system container volumes store changes that are made to packages made by users or system processes. These changes allow for users and the machine to make setting and configuration changes to the base package, without affecting it. These changes are stored in several PKG files that are described below. The files are individual for each package and stored in unique directories that are created by combining the Package Root directory name where the package was installed on the sequencer and the first portion of the package GUID. An example for Microsoft Office 2007 where the Package Root is OFF2K7.V1 and the package GUID for office is 5C99B562-F61F-4009-AB16-B38E16093AE4 the resulting directory would be OFF2K7.V1-5C99B562-F61F-4009. Two directories for each package will be created, one for the user’s profile and one for the machine at the following locations:

Windows XP

· Per-user at: %USERPROFILE%\Application Data\SoftGrid Client

· Per-machine at: All Users\Documents\SoftGrid Client\AppFS Storage

Windows Vista

· Per-user at: %USERPROFILE%\AppData\Roaming\SoftGrid Client\ and %userprofile%\AppData\Local\SoftGrid Client\

· Per-machine at: Public\Documents\SoftGrid Client\AppFS Storage

NOTE: Due to changes in profiles in Windows Vista a third directory is created for the temporary version of the PKG file while the application is in use.

The following description of the files describes how data is populated into these files and will be covered in further detail in a Package and Data Management section of this document.

User Location

The usrvol_sftfs_v1.pkg file contains user-specific files that are modified or new files that are created by any user process in the virtual environment. This volume also contains the virtual environment configuration as modified by the user.

System Locations

UsrVol_sftfs_v1.pkg contains new or modified user-specific data from a system process that is not associated with a specific user context but is associated with a specific package.

GlblVol_sftfs_v1_<SID>.pkgcontains application-specific files that are modified by any user process in the virtual environment. The SID of the user is appended to the volume name to uniquely identify it.

GlblVol_sftfs_v1_S-1-5-20.pkg contains any application-specific data that is modified by a system process. The well-known SID for system is appended to the volume. In SoftGrid 4.0 and 4.1, this volume was used for all modified application data; in 4.2 and 4.5 modifications are separated into those made by system processes such as the Listener, and those made by user application processes. User modifications go instead to the Application Data Isolation Volume. The global package volume also contains the virtual environment configuration for system processes.

Will packages created in App-V 4.x work on App-V 5.0?

No. Packages have to be converted into the new format.

Disadvantages of PerUser installation

There are several common scenarios that an arise when the choice of “Per-User” versus “Per-Machine” is given to the user:

Major Upgrades can Fail

If you use the Upgrade code feature of Windows Installer to perform a major upgrade the detection of the existing software will fail if: (a) the original software was installed with ALLUSERS=”" and the new software has ALLUSERS=1 in its Property table or passed on the command line or (b) the original software was installed with ALLUSERS=1 and the new software has ALLUSERS=”" or ALLUSERS is not defined in the Property table or on the command line.
Uninstall Problems

If two different users on the system install the software with ALLUSERS=”" they will both have their own shortcuts and Add/Remove Programs entries made (which is fine and is by design). However, if some of the files are installed to a shared location (such as ProgramFilesFolder) and one of the users uninstalls the software, the other user will not be able to use the software even though their shortcuts and Add/Remove Programs entries are still intact. In other words, the two installed instances of the software will not “know” about each other.
Support Issues

Installing to locations the user has the ability to alter might reduce the confidence the package producer has for the integrity of the install. This can affect support costs as well as computational correctness under a regulatory environment (lawyers, accounts, food and drug companies, government agencies, etc)
Multiple instances of an install means there is duplicate copies of binaries on the machine which wastes disk space. A “Per-Machine” install creates a single copy of common binaries for all users thus saving space.
Software is less secure because updating behavior has to be done for each user on the machine. In other words, the occasional user on the machine can made the machine vulnerable because they are not on the machine often enough to keep the software they use up to date.
IT departments want programs in locations users can’t tamper with. User tampering is a major source of support costs.
Centralized install, servicing, and uninstall from a central IT department are all more challenging when the apps are just in the users profile. There are numerous conditions where it is known not to work at all

PerUser vs PerMachine Installation

There is a MSI property that can be placed within the application package that allows the application setup to announce to Windows Installer that it wants to be installed “Per-User”.

Windows XP

The ALLUSERS MSI property can be set so that the application package will be run in the “Per-User” context. Both by the absence of the ALLUSERS property or the property is present but the value is set to NULL (ALLUSERS=”") will force the installation package to be run in the “Per-User” context.

Vista

On Vista, you could still force the installation package to be run as “Per-User” as we have discussed. Note that the user’s privileges are immaterial when running in the “Per-User” context – but once the decision is made that the install will be run in the “Per-User” context (By setting the ALLUSERS=”" or not having the property), the User rights issue makes no difference. But remember, the install starts but it WILL FAILif the user doesn’t have Admin rights and the install tries to write to any machine-wide resources.

If a user has Admin rights, but the install is run in the “Per-User” context, with the Admin rights, any accidental writing to machine-wide resources will be allowed.

Windows 7

On Windows 7, the ability to run as “Per-User” is constrained by the specifics of the package. Essentially these points are important for an application setup to be eligible for a “Per-User” installation context:

All files are installed to Per-User folders, such as
- “C:\Documents and Settings\$User\Local Settings\Application Data” on WinXP
- “C:\Users\$User\AppData\Roaming” on Windows 7
All Shortcuts and the Add/Remove Control Panel entry are only seen by that user
All registry entries (Application data and registration) are made to HKEY_CURRENT_USER hive.
No registry entries are made to machine-wide registry keys, such as HKEY_LOCAL_MACHINE or HKEY_CLASSES_ROOT hives
The installation package cannot allow the user performing the installation package to select destination directories that are machine-wide, such as “c:\Program Files”
All application binary file (EXE, DLL) need to be digitally signed to be allowed to be installed by “Per-User” for Windows 7.

On Windows 7, if any of the above constraints are not met, the package will be installed “Per-Machine” – this means that a “Per-User” will not be allowed!