Title: Customizing Installers for OpenAFS and MIT Kerberos for Windows
1Customizing Installers for OpenAFS and MIT
Kerberos for Windows
- Asanka C Herath
- Secure Endpoints Inc.
2Why transforms?
3Original installer.msi
Transform 1.mst
Customized Installer 1.msi
Original installer.msi
Transform 2.mst
Customized Installer 2.msi
New installer.msi
Transform 1.mst
Customized New Installer 1.msi
4Transforms are
- Packaged customizations
- Can be applied to newer installers
- Manage and document
- Supported
- Used with Group Policy software assignment
5Essential windows installer
- Not a complete Windows Installer guide
6Refer to the Windows Installer documentation
onMicrosoft Developer Network or the Windows
Platform SDK Documentation for more details
7Windows Installer Packages are
- Based on a relational database model
- Each installer database contains information
and data files used to install a product - Declarative
- Organized into features and components
8A Component
A piece of an application that is versioned and
installed as a coherent whole.
9A Component
E353AA81-667F-44a1-8C04-133FCDD42E5E
Identified by a GUID
10A Component
E353AA81-667F-44a1-8C04-133FCDD42E5E
File A
Registry setting 1
Registry setting 2
Can contain a single file, a group of files, a
file and a group of registry settings, a single
registry setting, a shortcut, etc
11A Component
E353AA81-667F-44a1-8C04-133FCDD42E5E
File A
Registry setting 1
Registry setting 2
Has a key path
12A Component
Can be shared across features, products and
companies
13A Component
Has rules (In brief, from Windows Installer
Components, Microsoft Developer Network Library)
- Each component must be stored in a single
directory. - No file, registry entry, shortcut, or other
resources should ever be shipped as a member of
more than one component. This applies across
products, product versions and companies.
14A Feature
A high-level user-visible hierarchical grouping
of components and other features
15Features and Components
afsd_service.exe
Service install for TransarcAFSDaemon
afslogon.dll
HKLM\...\WinLogon\Notify\..., DLLName
HKLM\...\WinLogon\Notify\..., Startup
16Properties
- Are strings
- Can be specified at runtime or via a transform
- Only public properties can be specified at
runtime - Can be used to condition the installation of
components
17Transforms
18How transforms work
- Installer databases consist of a
relational-type database and an associated file
storage. - OpenAFS for Windows and MIT Kerberos for Windows
use cabinets. - A transform is a set of changes that is made to
the database contents. - The file storage is unaffected.
19Making a transform
- Make a copy of the original
- Make any required changes to the copy
- Diff the twoor
- Use ORCA.exe to edit and generate the transform
20Ingredients
- Windows Installer SDK (Part of the Windows SDK)
- ORCA.exe
- MsiTran.exe (optional)
- MsiDb.exe (optional)
- WiLstXfm.vbs (optional)
- Original MSI installers
21Customization using properties
221/3
232/3
243/3
25Original installer.msi
Transform.mst
26Modified installer.msi
Original Installer.msi
Transform.mst
msitran -g OriginalInstaller.msi
ModifiedInstaller.msi Transform.mst
Modified Installer.msi
Original installer.msi
Transform.mst
copy OriginalInstaller.msi ModifiedInstaller.msi m
sitran -a Transform.mst ModifiedInstaller.msi
27Adding registry keys
28Overview
- OpenAFS
- Add a set of domain specific registry keys to
enable integrated logon for EXAMPLE.COM realm.
29HKLM\...\TransarcAFSDaemon\NetworkProvider\Domain\
EXAMPLE.COM LogonOptions 1
According to Appendix A section 2.1 of the
OpenAFS for Windows Release Notes.
30HKLM\...\TransarcAFSDaemon\NetworkProvider\Domain\
EXAMPLE.COM (Create key)
HKLM\...\TransarcAFSDaemon\NetworkProvider\Domain\
EXAMPLE.COM LogonOptions 1
Creating the key becomes a separate registry
entry.
31HKLM\...\TransarcAFSDaemon\NetworkProvider\Domain\
EXAMPLE.COM (Create key)
HKLM\...\TransarcAFSDaemon\NetworkProvider\Domain\
EXAMPLE.COM LogonOptions 1
We need a component to hold the registry
entries. (Dont forget the key path and GUID)
32HKLM\...\Domain\EXAMPLE.COM (Create key)
HKLM\...\Domain\EXAMPLE.COM LogonOptions 1
Create a new feature to keep our component
separate from the rest of the feature-component
hierarchy.
33OpenAFS
Client
HKLM\...\Domain\EXAMPLE.COM (Create key)
HKLM\...\Domain\EXAMPLE.COM LogonOptions 1
Attach the feature to the rest of the
feature-component hierarchy.
34HKLM\...\Domain\EXAMPLE.COM (Create key)
HKLM\...\Domain\EXAMPLE.COM LogonOptions 1
And again from the top, but this time with
Windows Installer tables
35HKLM\...\Domain\EXAMPLE.COM (Create key)
HKLM\...\Domain\EXAMPLE.COM LogonOptions 1
Component (Attributes value 4
msidbComponentAttributesRegistryKeyPath)
36HKLM\...\Domain\EXAMPLE.COM (Create key)
HKLM\...\Domain\EXAMPLE.COM LogonOptions 1
FeatureComponents
37OpenAFS
Client
HKLM\...\Domain\EXAMPLE.COM (Create key)
HKLM\...\Domain\EXAMPLE.COM LogonOptions 1
Feature (Attribute value 10 msidbFeatureAttribut
esFollowParent msidbFeatureAttributesDisallowAdv
ertise)
38Replacing configuration files
39Overview
- OpenAFS
- Replace the CellServDB in the installer with a
custom file.
40A problem
- Since Windows Installer transforms do not change
the embedded cabinet or source files, we cant
change the CellServDB that is included in the
installer.
41A solution
- Block the CellServDB file in the installer
- Include a new CellServDB file
- We can either embed the new CellServDB file in
the installer or we can place it in the same
location as the installer.
42The Condition column
43- Non-existent or empty properties evaluate to
FALSE.
44(No Transcript)
45OpenAFS
Client
CellServDB
File table (Attribute 8192msidbFileAttributesNonc
ompressed)
46OpenAFS
Client
CellServDB
Component table (Attributes value 144
msidbComponentAttributesPermanent
msidbComponentAttributesNeverOverwrite)
47OpenAFS
Client
CellServDB
Media table (LastSequence sequence number of
last file in media. The value of 1000 makes this
the source media for the newly added CellServDB
file.)
48Resources
49Useful Resources
- Windows Installer documentation
- OpenAFS for Windows release notes
- MIT Kerberos for Windows MSI Deployment Guide
50Q?
51Thank you
Asanka C. Herath Secure Endpoints Inc.
52(No Transcript)