customizing installers for openafs and mit kerberos for windows asanka c herath secure endpoints inc
TRANSCRIPT
![Page 1: Customizing Installers for OpenAFS and MIT Kerberos for Windows Asanka C Herath Secure Endpoints Inc](https://reader036.vdocuments.net/reader036/viewer/2022062715/56649d925503460f94a79599/html5/thumbnails/1.jpg)
Customizing Installers for OpenAFS and MIT Kerberos for Windows
Asanka C HerathSecure Endpoints Inc.
![Page 2: Customizing Installers for OpenAFS and MIT Kerberos for Windows Asanka C Herath Secure Endpoints Inc](https://reader036.vdocuments.net/reader036/viewer/2022062715/56649d925503460f94a79599/html5/thumbnails/2.jpg)
WHY TRANSFORMS?
![Page 3: Customizing Installers for OpenAFS and MIT Kerberos for Windows Asanka C Herath Secure Endpoints Inc](https://reader036.vdocuments.net/reader036/viewer/2022062715/56649d925503460f94a79599/html5/thumbnails/3.jpg)
Originalinstaller.msi
Transform 1.mst CustomizedInstaller 1.msi
Transform 2.mst CustomizedInstaller 2.msi
Newinstaller.msi
Transform 1.mst CustomizedNew Installer 1.msi
Originalinstaller.msi
![Page 4: Customizing Installers for OpenAFS and MIT Kerberos for Windows Asanka C Herath Secure Endpoints Inc](https://reader036.vdocuments.net/reader036/viewer/2022062715/56649d925503460f94a79599/html5/thumbnails/4.jpg)
Transforms are …
• Packaged customizations– Can be applied to newer installers– Manage and document
• Supported– Used with Group Policy software assignment
![Page 5: Customizing Installers for OpenAFS and MIT Kerberos for Windows Asanka C Herath Secure Endpoints Inc](https://reader036.vdocuments.net/reader036/viewer/2022062715/56649d925503460f94a79599/html5/thumbnails/5.jpg)
ESSENTIAL WINDOWS INSTALLERNot a complete Windows Installer guide
![Page 6: Customizing Installers for OpenAFS and MIT Kerberos for Windows Asanka C Herath Secure Endpoints Inc](https://reader036.vdocuments.net/reader036/viewer/2022062715/56649d925503460f94a79599/html5/thumbnails/6.jpg)
Refer to the Windows Installer documentation onMicrosoft Developer Network or the
Windows Platform SDK Documentation for more details
![Page 7: Customizing Installers for OpenAFS and MIT Kerberos for Windows Asanka C Herath Secure Endpoints Inc](https://reader036.vdocuments.net/reader036/viewer/2022062715/56649d925503460f94a79599/html5/thumbnails/7.jpg)
Windows Installer Packages are …
• Based on a relational database model– Each installer ‘database’ contains information and
data files used to install a product
• Declarative• Organized into features and components
![Page 8: Customizing Installers for OpenAFS and MIT Kerberos for Windows Asanka C Herath Secure Endpoints Inc](https://reader036.vdocuments.net/reader036/viewer/2022062715/56649d925503460f94a79599/html5/thumbnails/8.jpg)
A Component
A piece of an application that is versioned and installed as a coherent whole.
![Page 9: Customizing Installers for OpenAFS and MIT Kerberos for Windows Asanka C Herath Secure Endpoints Inc](https://reader036.vdocuments.net/reader036/viewer/2022062715/56649d925503460f94a79599/html5/thumbnails/9.jpg)
A Component
Identified by a GUID
{E353AA81-667F-44a1-8C04-133FCDD42E5E}{E353AA81-667F-44a1-8C04-133FCDD42E5E}
![Page 10: Customizing Installers for OpenAFS and MIT Kerberos for Windows Asanka C Herath Secure Endpoints Inc](https://reader036.vdocuments.net/reader036/viewer/2022062715/56649d925503460f94a79599/html5/thumbnails/10.jpg)
A Component
Can contain a single file, a group of files, a file and a group of registry settings, a single registry setting, a
shortcut, etc…
File A
Registry setting 1
Registry setting 2
{E353AA81-667F-44a1-8C04-133FCDD42E5E}{E353AA81-667F-44a1-8C04-133FCDD42E5E}
![Page 11: Customizing Installers for OpenAFS and MIT Kerberos for Windows Asanka C Herath Secure Endpoints Inc](https://reader036.vdocuments.net/reader036/viewer/2022062715/56649d925503460f94a79599/html5/thumbnails/11.jpg)
A Component
Has a “key path”
File A
Registry setting 1
Registry setting 2
{E353AA81-667F-44a1-8C04-133FCDD42E5E}{E353AA81-667F-44a1-8C04-133FCDD42E5E}
![Page 12: Customizing Installers for OpenAFS and MIT Kerberos for Windows Asanka C Herath Secure Endpoints Inc](https://reader036.vdocuments.net/reader036/viewer/2022062715/56649d925503460f94a79599/html5/thumbnails/12.jpg)
A Component
Can be shared across features, products and companies
![Page 13: Customizing Installers for OpenAFS and MIT Kerberos for Windows Asanka C Herath Secure Endpoints Inc](https://reader036.vdocuments.net/reader036/viewer/2022062715/56649d925503460f94a79599/html5/thumbnails/13.jpg)
A ComponentHas rules …
(In brief, from ‘Windows Installer Components’, Microsoft Developer Network Library)
1. Each component must be stored in a single directory.
2. No file, registry entry, shortcut, or other resources should ever be shipped as a member of more than one component. This applies across products, product versions and companies.
1. Each component must be stored in a single directory.
2. No file, registry entry, shortcut, or other resources should ever be shipped as a member of more than one component. This applies across products, product versions and companies.
![Page 14: Customizing Installers for OpenAFS and MIT Kerberos for Windows Asanka C Herath Secure Endpoints Inc](https://reader036.vdocuments.net/reader036/viewer/2022062715/56649d925503460f94a79599/html5/thumbnails/14.jpg)
A Feature
A high-level user-visible hierarchical grouping of components and other features
![Page 15: Customizing Installers for OpenAFS and MIT Kerberos for Windows Asanka C Herath Secure Endpoints Inc](https://reader036.vdocuments.net/reader036/viewer/2022062715/56649d925503460f94a79599/html5/thumbnails/15.jpg)
Features and Components
afsd_service.exe
afslogon.dll
Service install for TransarcAFSDaemon
HKLM\...\WinLogon\Notify\..., DLLNameHKLM\...\WinLogon\Notify\..., Startup
![Page 16: Customizing Installers for OpenAFS and MIT Kerberos for Windows Asanka C Herath Secure Endpoints Inc](https://reader036.vdocuments.net/reader036/viewer/2022062715/56649d925503460f94a79599/html5/thumbnails/16.jpg)
Properties
• Are strings• Can be specified at runtime or via a transform– Only “public” properties can be specified at
runtime
• Can be used to condition the installation of components
![Page 17: Customizing Installers for OpenAFS and MIT Kerberos for Windows Asanka C Herath Secure Endpoints Inc](https://reader036.vdocuments.net/reader036/viewer/2022062715/56649d925503460f94a79599/html5/thumbnails/17.jpg)
TRANSFORMSCustomization via
![Page 18: Customizing Installers for OpenAFS and MIT Kerberos for Windows Asanka C Herath Secure Endpoints Inc](https://reader036.vdocuments.net/reader036/viewer/2022062715/56649d925503460f94a79599/html5/thumbnails/18.jpg)
How transforms work
• Installer databases consist of a ‘relational-type’ database and an associated file storage.– OpenAFS for Windows and MIT Kerberos for
Windows use cabinets.
• A transform is a set of changes that is made to the database contents.
• The file storage is unaffected.
![Page 19: Customizing Installers for OpenAFS and MIT Kerberos for Windows Asanka C Herath Secure Endpoints Inc](https://reader036.vdocuments.net/reader036/viewer/2022062715/56649d925503460f94a79599/html5/thumbnails/19.jpg)
Making a transform
• Make a copy of the original• Make any required changes to the copy• ‘Diff’ the two
or• Use ORCA.exe to edit and generate the
transform…
![Page 20: Customizing Installers for OpenAFS and MIT Kerberos for Windows Asanka C Herath Secure Endpoints Inc](https://reader036.vdocuments.net/reader036/viewer/2022062715/56649d925503460f94a79599/html5/thumbnails/20.jpg)
Ingredients
• Windows Installer SDK (Part of the Windows SDK)– ORCA.exe– MsiTran.exe (optional)– MsiDb.exe (optional)– WiLstXfm.vbs (optional)
• Original MSI installers
![Page 21: Customizing Installers for OpenAFS and MIT Kerberos for Windows Asanka C Herath Secure Endpoints Inc](https://reader036.vdocuments.net/reader036/viewer/2022062715/56649d925503460f94a79599/html5/thumbnails/21.jpg)
CUSTOMIZATION USING PROPERTIES
A walkthrough
![Page 22: Customizing Installers for OpenAFS and MIT Kerberos for Windows Asanka C Herath Secure Endpoints Inc](https://reader036.vdocuments.net/reader036/viewer/2022062715/56649d925503460f94a79599/html5/thumbnails/22.jpg)
1/3
![Page 23: Customizing Installers for OpenAFS and MIT Kerberos for Windows Asanka C Herath Secure Endpoints Inc](https://reader036.vdocuments.net/reader036/viewer/2022062715/56649d925503460f94a79599/html5/thumbnails/23.jpg)
2/3
![Page 24: Customizing Installers for OpenAFS and MIT Kerberos for Windows Asanka C Herath Secure Endpoints Inc](https://reader036.vdocuments.net/reader036/viewer/2022062715/56649d925503460f94a79599/html5/thumbnails/24.jpg)
3/3
![Page 25: Customizing Installers for OpenAFS and MIT Kerberos for Windows Asanka C Herath Secure Endpoints Inc](https://reader036.vdocuments.net/reader036/viewer/2022062715/56649d925503460f94a79599/html5/thumbnails/25.jpg)
Originalinstaller.msi
Transform.mst
![Page 26: Customizing Installers for OpenAFS and MIT Kerberos for Windows Asanka C Herath Secure Endpoints Inc](https://reader036.vdocuments.net/reader036/viewer/2022062715/56649d925503460f94a79599/html5/thumbnails/26.jpg)
Modifiedinstaller.msi
Transform.mstOriginalInstaller.msi
Transform.mst ModifiedInstaller.msi
Originalinstaller.msi
msitran -g OriginalInstaller.msi ModifiedInstaller.msi Transform.mstmsitran -g OriginalInstaller.msi ModifiedInstaller.msi Transform.mst
copy OriginalInstaller.msi ModifiedInstaller.msimsitran -a Transform.mst ModifiedInstaller.msicopy OriginalInstaller.msi ModifiedInstaller.msimsitran -a Transform.mst ModifiedInstaller.msi
![Page 27: Customizing Installers for OpenAFS and MIT Kerberos for Windows Asanka C Herath Secure Endpoints Inc](https://reader036.vdocuments.net/reader036/viewer/2022062715/56649d925503460f94a79599/html5/thumbnails/27.jpg)
ADDING REGISTRY KEYSA walkthrough
![Page 28: Customizing Installers for OpenAFS and MIT Kerberos for Windows Asanka C Herath Secure Endpoints Inc](https://reader036.vdocuments.net/reader036/viewer/2022062715/56649d925503460f94a79599/html5/thumbnails/28.jpg)
Overview
• OpenAFS– Add a set of domain specific registry keys to
enable integrated logon for EXAMPLE.COM realm.
![Page 29: Customizing Installers for OpenAFS and MIT Kerberos for Windows Asanka C Herath Secure Endpoints Inc](https://reader036.vdocuments.net/reader036/viewer/2022062715/56649d925503460f94a79599/html5/thumbnails/29.jpg)
HKLM\...\TransarcAFSDaemon\NetworkProvider\Domain\EXAMPLE.COMLogonOptions = 1
According to Appendix A section 2.1 of the OpenAFS for Windows Release Notes.
![Page 30: Customizing Installers for OpenAFS and MIT Kerberos for Windows Asanka C Herath Secure Endpoints Inc](https://reader036.vdocuments.net/reader036/viewer/2022062715/56649d925503460f94a79599/html5/thumbnails/30.jpg)
HKLM\...\TransarcAFSDaemon\NetworkProvider\Domain\EXAMPLE.COMLogonOptions = 1
Creating the key becomes a separate registry entry.
HKLM\...\TransarcAFSDaemon\NetworkProvider\Domain\EXAMPLE.COM(Create key)
![Page 31: Customizing Installers for OpenAFS and MIT Kerberos for Windows Asanka C Herath Secure Endpoints Inc](https://reader036.vdocuments.net/reader036/viewer/2022062715/56649d925503460f94a79599/html5/thumbnails/31.jpg)
HKLM\...\TransarcAFSDaemon\NetworkProvider\Domain\EXAMPLE.COMLogonOptions = 1
We need a component to hold the registry entries.(Don’t forget the key path and GUID)
HKLM\...\TransarcAFSDaemon\NetworkProvider\Domain\EXAMPLE.COM(Create key)
![Page 32: Customizing Installers for OpenAFS and MIT Kerberos for Windows Asanka C Herath Secure Endpoints Inc](https://reader036.vdocuments.net/reader036/viewer/2022062715/56649d925503460f94a79599/html5/thumbnails/32.jpg)
HKLM\...\Domain\EXAMPLE.COMLogonOptions = 1
Create a new feature to keep our component separate from the rest of the feature-component hierarchy.
HKLM\...\Domain\EXAMPLE.COM(Create key)
![Page 33: Customizing Installers for OpenAFS and MIT Kerberos for Windows Asanka C Herath Secure Endpoints Inc](https://reader036.vdocuments.net/reader036/viewer/2022062715/56649d925503460f94a79599/html5/thumbnails/33.jpg)
HKLM\...\Domain\EXAMPLE.COMLogonOptions = 1
Attach the feature to the rest of the feature-component hierarchy.
HKLM\...\Domain\EXAMPLE.COM(Create key)
Client
OpenAFS
![Page 34: Customizing Installers for OpenAFS and MIT Kerberos for Windows Asanka C Herath Secure Endpoints Inc](https://reader036.vdocuments.net/reader036/viewer/2022062715/56649d925503460f94a79599/html5/thumbnails/34.jpg)
HKLM\...\Domain\EXAMPLE.COMLogonOptions = 1
And again from the top, but this time with Windows Installer tables …
HKLM\...\Domain\EXAMPLE.COM(Create key)
![Page 35: Customizing Installers for OpenAFS and MIT Kerberos for Windows Asanka C Herath Secure Endpoints Inc](https://reader036.vdocuments.net/reader036/viewer/2022062715/56649d925503460f94a79599/html5/thumbnails/35.jpg)
HKLM\...\Domain\EXAMPLE.COMLogonOptions = 1
Component(Attributes value 4 = msidbComponentAttributesRegistryKeyPath)
HKLM\...\Domain\EXAMPLE.COM(Create key)
![Page 36: Customizing Installers for OpenAFS and MIT Kerberos for Windows Asanka C Herath Secure Endpoints Inc](https://reader036.vdocuments.net/reader036/viewer/2022062715/56649d925503460f94a79599/html5/thumbnails/36.jpg)
HKLM\...\Domain\EXAMPLE.COMLogonOptions = 1
FeatureComponents
HKLM\...\Domain\EXAMPLE.COM(Create key)
![Page 37: Customizing Installers for OpenAFS and MIT Kerberos for Windows Asanka C Herath Secure Endpoints Inc](https://reader036.vdocuments.net/reader036/viewer/2022062715/56649d925503460f94a79599/html5/thumbnails/37.jpg)
HKLM\...\Domain\EXAMPLE.COMLogonOptions = 1
Feature(Attribute value 10 = msidbFeatureAttributesFollowParent + msidbFeatureAttributesDisallowAdvertise)
HKLM\...\Domain\EXAMPLE.COM(Create key)
Client
OpenAFS
![Page 38: Customizing Installers for OpenAFS and MIT Kerberos for Windows Asanka C Herath Secure Endpoints Inc](https://reader036.vdocuments.net/reader036/viewer/2022062715/56649d925503460f94a79599/html5/thumbnails/38.jpg)
REPLACING CONFIGURATION FILESA walkthrough
![Page 39: Customizing Installers for OpenAFS and MIT Kerberos for Windows Asanka C Herath Secure Endpoints Inc](https://reader036.vdocuments.net/reader036/viewer/2022062715/56649d925503460f94a79599/html5/thumbnails/39.jpg)
Overview
• OpenAFS– Replace the CellServDB in the installer with a
custom file.
![Page 40: Customizing Installers for OpenAFS and MIT Kerberos for Windows Asanka C Herath Secure Endpoints Inc](https://reader036.vdocuments.net/reader036/viewer/2022062715/56649d925503460f94a79599/html5/thumbnails/40.jpg)
A problem
• Since Windows Installer transforms do not change the embedded cabinet or source files, we can’t change the CellServDB that is included in the installer.
![Page 41: Customizing Installers for OpenAFS and MIT Kerberos for Windows Asanka C Herath Secure Endpoints Inc](https://reader036.vdocuments.net/reader036/viewer/2022062715/56649d925503460f94a79599/html5/thumbnails/41.jpg)
A solution
• Block the CellServDB file in the installer• Include a new CellServDB file– We can either embed the new CellServDB file in
the installer or we can place it in the same location as the installer.
![Page 42: Customizing Installers for OpenAFS and MIT Kerberos for Windows Asanka C Herath Secure Endpoints Inc](https://reader036.vdocuments.net/reader036/viewer/2022062715/56649d925503460f94a79599/html5/thumbnails/42.jpg)
The ‘Condition’ column
![Page 43: Customizing Installers for OpenAFS and MIT Kerberos for Windows Asanka C Herath Secure Endpoints Inc](https://reader036.vdocuments.net/reader036/viewer/2022062715/56649d925503460f94a79599/html5/thumbnails/43.jpg)
• Non-existent or empty properties evaluate to FALSE.
![Page 44: Customizing Installers for OpenAFS and MIT Kerberos for Windows Asanka C Herath Secure Endpoints Inc](https://reader036.vdocuments.net/reader036/viewer/2022062715/56649d925503460f94a79599/html5/thumbnails/44.jpg)
![Page 45: Customizing Installers for OpenAFS and MIT Kerberos for Windows Asanka C Herath Secure Endpoints Inc](https://reader036.vdocuments.net/reader036/viewer/2022062715/56649d925503460f94a79599/html5/thumbnails/45.jpg)
Client
OpenAFS
CellServDB
File table(Attribute 8192=msidbFileAttributesNoncompressed)
![Page 46: Customizing Installers for OpenAFS and MIT Kerberos for Windows Asanka C Herath Secure Endpoints Inc](https://reader036.vdocuments.net/reader036/viewer/2022062715/56649d925503460f94a79599/html5/thumbnails/46.jpg)
Client
OpenAFS
CellServDB
Component table(Attributes value 144 = msidbComponentAttributesPermanent +
msidbComponentAttributesNeverOverwrite)
![Page 47: Customizing Installers for OpenAFS and MIT Kerberos for Windows Asanka C Herath Secure Endpoints Inc](https://reader036.vdocuments.net/reader036/viewer/2022062715/56649d925503460f94a79599/html5/thumbnails/47.jpg)
Client
OpenAFS
CellServDB
Media table(LastSequence = sequence number of last file in media. The value of 1000 makes this the source media
for the newly added CellServDB file.)
![Page 48: Customizing Installers for OpenAFS and MIT Kerberos for Windows Asanka C Herath Secure Endpoints Inc](https://reader036.vdocuments.net/reader036/viewer/2022062715/56649d925503460f94a79599/html5/thumbnails/48.jpg)
RESOURCESUseful
![Page 49: Customizing Installers for OpenAFS and MIT Kerberos for Windows Asanka C Herath Secure Endpoints Inc](https://reader036.vdocuments.net/reader036/viewer/2022062715/56649d925503460f94a79599/html5/thumbnails/49.jpg)
Useful Resources
• Windows Installer documentation• OpenAFS for Windows release notes• MIT Kerberos for Windows MSI Deployment
Guide
![Page 50: Customizing Installers for OpenAFS and MIT Kerberos for Windows Asanka C Herath Secure Endpoints Inc](https://reader036.vdocuments.net/reader036/viewer/2022062715/56649d925503460f94a79599/html5/thumbnails/50.jpg)
Q?
![Page 51: Customizing Installers for OpenAFS and MIT Kerberos for Windows Asanka C Herath Secure Endpoints Inc](https://reader036.vdocuments.net/reader036/viewer/2022062715/56649d925503460f94a79599/html5/thumbnails/51.jpg)
THANK YOUAsanka C. Herath
Secure Endpoints Inc.
![Page 52: Customizing Installers for OpenAFS and MIT Kerberos for Windows Asanka C Herath Secure Endpoints Inc](https://reader036.vdocuments.net/reader036/viewer/2022062715/56649d925503460f94a79599/html5/thumbnails/52.jpg)