Customizing Installers for OpenAFS and MIT Kerberos for Windows Asanka C Herath Secure Endpoints Inc.

Slides:



Advertisements
Similar presentations
Module 5: Creating and Configuring Group Policy
Advertisements

System Center Configuration Manager Push Software By, Teresa Behm.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 9: Implementing and Using Group Policy.
Chapter 9 Chapter 9: Managing Groups, Folders, Files, and Object Security.
3.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory.
11.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.
Hands-On Microsoft Windows Server 2003 Administration Chapter 4 Managing Group Policy.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 9: Implementing and Using Group Policy.
Hands-On Microsoft Windows Server 2003 Administration Chapter 5 Administering File Resources.
Administering Active Directory
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 10: Server Administration.
Lesson 18: Configuring Application Restriction Policies
3.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory.
1 of 5 This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS DOCUMENT. © 2006 Microsoft Corporation.
Application Repackaging - Naushad Ali T Doddamani.
© N. Ganesan, Ph.D., All rights reserved. Active Directory Nanda Ganesan, Ph.D.
Performing Software Installation with Group Policy
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 7 Configuring File Services in Windows Server 2008.
Advanced Deployment Topics – MSI Enhancements Om Sharma Program Manager, Windows Installer Microsoft Corporation.
Understanding Active Directory
Office Deployment – Notes from the Field Richard Smith Solution Architect – Services Client Solutions Microsoft Corporation OSP340.
Group Policy in Microsoft Windows Active Directory.
Laboratory Exercise # 3 – Basic File Management Office Productivity Tools 1 Laboratory Exercise # 3 Basic File Management Objectives: At the end of the.
ADVANCED MICROSOFT ACTIVE DIRECTORY CONCEPTS
Overview of Active Directory Domain Services Lesson 1.
(ITI310) SESSIONS : Active Directory By Eng. BASSEM ALSAID.
9.1 © 2004 Pearson Education, Inc. Lesson 9: Implementing Group Policy in Windows 2000 Server Exam Microsoft® Windows® 2000 Directory Services Infrastructure.
9.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.
© 2006 Global Knowledge Training LLC All rights reserved. Deploying Outlook 2003 Configuring Clients Outlook 2003 Security and Performance New Outlook.
Corso referenti S.I.R.A. – Modulo 2 07 – Group Policy 20/11 – 27/11 – 05/12 11/12 – 13/12 (gruppo 1) 12/12 – 15/12 (gruppo 2) Cristiano Gentili, Massimiliano.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 9: Implementing and Using Group Policy.
Module 13: Configuring Availability of Network Resources and Content.
Section 10: Assigning and Publishing Software Packages Using MSI Packages to Distribute Software Using Group Policy as a Software Deployment Method Deploying.
70-411: Administering Windows Server 2012
11 MANAGING AND DISTRIBUTING SOFTWARE BY USING GROUP POLICY Chapter 5.
Managing User Desktops with Group Policy
September 18, 2002 Windows 2000 Server Active Directory By Jerry Haggard.
Introduction to Microsoft Management Console (MMC) MMC is a common console framework for management applications. MMC provides a common environment for.
Performing Software Installation with Group Policy Lesson 9.
1 Chapter Overview Publishing Resources in Active Directory Service Redirecting Folders Using Group Policies Deploying Applications Using Group Policies.
Module 6: Configuring User Environments Using Group Policy.
Performing Software Installation with Group Policy BAI516.
EHR Deployment Network Share Setup Updater Service Deployment
Creating Manageable Setups With The Windows ® Installer (Part 1 Of 2) Rob Collie, Program Manager Windows Installer Microsoft Corporation Jim Masson, Program.
Lesson 11: Looking at Files and Folders what a file or folder is on the computer how to recognize a file or folder on the desktop how to recognize the.
1 Week #10Business Continuity Backing Up Data Configuring Shadow Copies Providing Server and Service Availability.
Section 4: Understanding the Architecture of Group Policy Processing Group Policy Components in AD DS Understanding the Group Policy Processing Sequence.
Module 4 Planning for Group Policy. Module Overview Planning Group Policy Application Planning Group Policy Processing Planning the Management of Group.
By Rashid Khan Lesson 6-Building a Directory Service.
CRM in Education: Raising Standards. Saving Time. Presented by: Daniel Petersen Director of Business Solutions Applied Tech.
Master Data Management & Microsoft Master Data Services Presented By: Jeff Prom Data Architect MCTS - Business Intelligence (2008), Admin (2008), Developer.
Deploying Software with Group Policy Chapter Twelve.
Module 7: Implementing Security Using Group Policy.
Introduction to Active Directory
Module 6: Configuring User Environments Using Group Policies.
MCSE Guide to Microsoft Exchange Server 2003 Administration Chapter One Introduction to Exchange Server 2003.
Windows NT ® Security Management: Extending Windows NT 5.0 Security Management Tools, Part 2 Praerit Garg Program Manager Windows NT Security Microsoft.
THE WINDOWS OPERATING SYSTEM Computer Basics 1.2.
4.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 12: Implementing Security.
Active Directory Domain Services (AD DS). Identity and Access (IDA) – An IDA infrastructure should: Store information about users, groups, computers and.
Business Objects XIr2 Windows NT Authentication Single Sign-on 18 August 2006.
Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved DISTRIBUTED SYSTEMS.
Overview of Active Directory Domain Services Lesson 1.
Module 4: Managing Access to Resources
Overview of Active Directory Domain Services
Unit 8 NT1330 Client-Server Networking II Date: 8/2/2016
Chapter 9 MANAGING SOFTWARE.
Chapter 10: Supporting and Maintaining Desktop Applications
Introduction to Group Policy
David Cleverly – Development Lead
Presentation transcript:

Customizing Installers for OpenAFS and MIT Kerberos for Windows Asanka C Herath Secure Endpoints Inc.

WHY TRANSFORMS?

Original installer.msi Transform 1.mstCustomized Installer 1.msi Transform 2.mstCustomized Installer 2.msi New installer.msi Transform 1.mstCustomized New Installer 1.msi Original installer.msi

Transforms are … Packaged customizations – Can be applied to newer installers – Manage and document Supported – Used with Group Policy software assignment

ESSENTIAL WINDOWS INSTALLER Not a complete Windows Installer guide

Refer to the Windows Installer documentation on Microsoft Developer Network or the Windows Platform SDK Documentation for more details

Windows Installer Packages are … Based on a relational database model – Each installer ‘database’ contains information and data files used to install a product Declarative Organized into features and components

A Component A piece of an application that is versioned and installed as a coherent whole.

A Component Identified by a GUID {E353AA81-667F-44a1-8C04-133FCDD42E5E}

A Component Can contain a single file, a group of files, a file and a group of registry settings, a single registry setting, a shortcut, etc… File A Registry setting 1 Registry setting 2 {E353AA81-667F-44a1-8C04-133FCDD42E5E}

A Component Has a “key path” File A Registry setting 1 Registry setting 2 {E353AA81-667F-44a1-8C04-133FCDD42E5E}

A Component Can be shared across features, products and companies

A Component Has rules … (In brief, from ‘Windows Installer Components’, Microsoft Developer Network Library) 1.Each component must be stored in a single directory. 2.No file, registry entry, shortcut, or other resources should ever be shipped as a member of more than one component. This applies across products, product versions and companies. 1.Each component must be stored in a single directory. 2.No file, registry entry, shortcut, or other resources should ever be shipped as a member of more than one component. This applies across products, product versions and companies.

A Feature A high-level user-visible hierarchical grouping of components and other features

Features and Components afsd_service.exe afslogon.dll Service install for TransarcAFSDaemon HKLM\...\WinLogon\Notify\..., DLLName HKLM\...\WinLogon\Notify\..., Startup

Properties Are strings Can be specified at runtime or via a transform – Only “public” properties can be specified at runtime Can be used to condition the installation of components

TRANSFORMS Customization via

How transforms work Installer databases consist of a ‘relational- type’ database and an associated file storage. – OpenAFS for Windows and MIT Kerberos for Windows use cabinets. A transform is a set of changes that is made to the database contents. The file storage is unaffected.

Making a transform Make a copy of the original Make any required changes to the copy ‘Diff’ the two or Use ORCA.exe to edit and generate the transform…

Ingredients Windows Installer SDK (Part of the Windows SDK) – ORCA.exe – MsiTran.exe (optional) – MsiDb.exe (optional) – WiLstXfm.vbs (optional) Original MSI installers

CUSTOMIZATION USING PROPERTIES A walkthrough

1/3

2/3

3/3

Original installer.msi Transform.mst

Modified installer.msi Transform.mst Original Installer.msi Transform.mst Modified Installer.msi Original installer.msi msitran -g OriginalInstaller.msi ModifiedInstaller.msi Transform.mst copy OriginalInstaller.msi ModifiedInstaller.msi msitran -a Transform.mst ModifiedInstaller.msi copy OriginalInstaller.msi ModifiedInstaller.msi msitran -a Transform.mst ModifiedInstaller.msi

ADDING REGISTRY KEYS A walkthrough

Overview OpenAFS – Add a set of domain specific registry keys to enable integrated logon for EXAMPLE.COM realm.

HKLM\...\TransarcAFSDaemon\NetworkProvider\Domain\EXAMPLE.COM LogonOptions = 1 According to Appendix A section 2.1 of the OpenAFS for Windows Release Notes.

HKLM\...\TransarcAFSDaemon\NetworkProvider\Domain\EXAMPLE.COM LogonOptions = 1 Creating the key becomes a separate registry entry. HKLM\...\TransarcAFSDaemon\NetworkProvider\Domain\EXAMPLE.COM (Create key)

HKLM\...\TransarcAFSDaemon\NetworkProvider\Domain\EXAMPLE.COM LogonOptions = 1 We need a component to hold the registry entries. (Don’t forget the key path and GUID) HKLM\...\TransarcAFSDaemon\NetworkProvider\Domain\EXAMPLE.COM (Create key)

HKLM\...\Domain\EXAMPLE.COM LogonOptions = 1 Create a new feature to keep our component separate from the rest of the feature-component hierarchy. HKLM\...\Domain\EXAMPLE.COM (Create key)

HKLM\...\Domain\EXAMPLE.COM LogonOptions = 1 Attach the feature to the rest of the feature-component hierarchy. HKLM\...\Domain\EXAMPLE.COM (Create key) Client OpenAFS

HKLM\...\Domain\EXAMPLE.COM LogonOptions = 1 And again from the top, but this time with Windows Installer tables … HKLM\...\Domain\EXAMPLE.COM (Create key)

HKLM\...\Domain\EXAMPLE.COM LogonOptions = 1 Component (Attributes value 4 = msidbComponentAttributesRegistryKeyPath) HKLM\...\Domain\EXAMPLE.COM (Create key)

HKLM\...\Domain\EXAMPLE.COM LogonOptions = 1 FeatureComponents HKLM\...\Domain\EXAMPLE.COM (Create key)

HKLM\...\Domain\EXAMPLE.COM LogonOptions = 1 Feature (Attribute value 10 = msidbFeatureAttributesFollowParent + msidbFeatureAttributesDisallowAdvertise) HKLM\...\Domain\EXAMPLE.COM (Create key) Client OpenAFS

REPLACING CONFIGURATION FILES A walkthrough

Overview OpenAFS – Replace the CellServDB in the installer with a custom file.

A problem Since Windows Installer transforms do not change the embedded cabinet or source files, we can’t change the CellServDB that is included in the installer.

A solution Block the CellServDB file in the installer Include a new CellServDB file – We can either embed the new CellServDB file in the installer or we can place it in the same location as the installer.

The ‘Condition’ column

Non-existent or empty properties evaluate to FALSE.

Client OpenAFS CellServDB File table (Attribute 8192=msidbFileAttributesNoncompressed)

Client OpenAFS CellServDB Component table (Attributes value 144 = msidbComponentAttributesPermanent + msidbComponentAttributesNeverOverwrite)

Client OpenAFS CellServDB Media table (LastSequence = sequence number of last file in media. The value of 1000 makes this the source media for the newly added CellServDB file.)

RESOURCES Useful

Useful Resources Windows Installer documentation OpenAFS for Windows release notes MIT Kerberos for Windows MSI Deployment Guide

Q?

THANK YOU Asanka C. Herath Secure Endpoints Inc.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.