MSIX is Microsoft's new package format for the installation of software. It could replace MSI, EXE-Setup, and App-V in the future. Organizations do not have to wait for developers to provide their programs in this format. Instead, admins can migrate existing installers with the MSIX Packaging Tool.

Microsoft cites a whole range of advantages of MSIX, stating why it should be the package format of choice. These include the fact that applications run in a container, separated from the operating system. This should increase the rate of successful installation and ensure clean removal.

Packages for distribution via the cloud

MSIX was developed with software distribution over the cloud, such as through app stores. As with UWP apps, the installation is per user and follows the model of mobile devices.

Running the MSIX installer after a successful migration; in this example, the installation is for Notepad++

Running the MSIX installer after a successful migration; in this example, the installation is for Notepad++

To accelerate the migration to MSIX, Microsoft does not leave it up to the developers alone to provide the software in this format. With the free MSIX Packaging Tool, IT pros can convert all common setup packages and even proprietary installation scripts.

Preparations for repackaging

Before you start, you should ensure a few prerequisites are met. These include, above all, setting up a repackaging environment similar to the one in which the software will later run.

The source system must have the same processor architecture as the target computers (i.e., Intel versus ARM and 32- versus 64-bit). Microsoft recommends using a pristine Windows installation because the packaging tool, like the sequencer from App-V, records all changes to the system that the original setup makes to it.

For this purpose, Microsoft offers a virtual machine with an evaluation version of Windows 10 via the Hyper-V quick creation feature, which already contains the latest version of the MSIX Packaging Tool. If you have set up a VM for this purpose yourself, you can install the tool from the Microsoft Store.

Since it is a store app and its execution requires administrative rights, you should log on to Windows with a privileged account and install the tool in this context.

Creating a new package

The home screen shows icons for creating a new package, modifying an existing one, and launching the package editor. To migrate a traditional installer, click Application package. This starts a wizard that will guide you through the entire process.

Start screen of the MSIX Packaging Tool

Start screen of the MSIX Packaging Tool

The first step is to specify whether to create the package on the local computer, on a remote computer, or on a virtual machine. In this example, we will choose the first option, which will probably be the most common one.

The tool can create packages locally, on a remote computer, or on a VM

The tool can create packages locally, on a remote computer, or on a VM

The second dialog box shows whether the computer is ready to capture the package. The first time the tool is opened, it installs the required driver and temporarily disables Windows Update so that the system is not modified during the setup by an update.

The MSIX Packaging Tool requires its own driver and disables Windows Update during installer migration

The MSIX Packaging Tool requires its own driver and disables Windows Update during installer migration

Then you select the conventional installation package the application is shipped with and add parameters to the command line if necessary. The MSIX Packaging Tool can save these in a template, so that you do not have to reenter them if needed (for updates, for example).

Selecting the traditional installer and method for signing the package

Selecting the traditional installer and method for signing the package

One important aspect is the signing of MSIX packages; otherwise, they cannot be executed. The most common variant here is signing with a certificate (.pfx), which is usually purchased from an external certification authority.

Issuing a certificate for code signing

If the installation package is for internal use only, you can issue a certificate for code signing via a Windows CA. To do this, start mmc.exe and add the snapin certificates under File.

In the context of the Current User, execute the command All Tasks > Request New Certificate from the Action menu. This starts a wizard where you select the certificate registration policy in the first dialog box; this is usually the one for Active Directory.

Request a new code signing certificate

Request a new code signing certificate

Then you activate the Code Signing template, open Details there, and click Properties. In the dialog box that appears, enter the subject name under Subject. Then switch to the Private Key tab and select the Make private key exportable option.

Select the code signing template and make the private key exportable

Select the code signing template and make the private key exportable

After you have exported the new certificate, you can open it in the MSIX Packaging Tool.

Recording the installation process

In the next dialog box, enter information for the package, including the name, the version of the application, or the installation path.

Package information for the new MSIX

Package information for the new MSIX

If you click Next, the original installation routine (MSI, EXE, etc.) starts, and the packaging tool records all its actions.

The MSIX Packaging Tool starts the original installation program and records all its changes to the OS

The MSIX Packaging Tool starts the original installation program and records all its changes to the OS

This includes capturing all unpacked files to transfer them into the MSIX container. It also detects all entries written to the registry so that it can copy them to the virtual registry database within the container.

After completing this phase, the tool displays the name of the installed program in the next dialog box and asks you to launch it from there to customize it if needed.

After the installation is complete, you can restart the program to make further adjustments

After the installation is complete, you can restart the program to make further adjustments

During this phase, you change certain settings within the software; these are saved either in the registry or in a configuration file. The MSIX tool recognizes this and incorporates the changes in the package.

As a final point, the wizard ensures that you include the name of the Windows services required by the application if there are any to be activated.

If the recently installed software requires a Windows service, the MSIX tool displays it here

If the recently installed software requires a Windows service, the MSIX tool displays it here

Finally, enter the path where the MSIX should be saved and finish the process by clicking Create.

Finally, save the MSIX package

Finally, save the MSIX package

Installing the package

Now the new package should be ready for installation. In older versions of Windows 10, it may be necessary to allow apps to be sideloaded in the Settings app under Update and Security > For developers.

Subscribe to 4sysops newsletter!

It may be necessary to allow apps to be sideloaded

It may be necessary to allow apps to be sideloaded

Microsoft not only provides SCCM or Intune for the distribution of MSIX packages, but also the store for business or a self-hosted website for downloading the apps.

avataravatar
1 Comment
  1. Ryan 2 years ago

    Very helpful. Thanks!

Leave a reply

Your email address will not be published.

*

© 4sysops 2006 - 2023

CONTACT US

Please ask IT administration questions in the forums. Any other messages are welcome.

Sending

Log in with your credentials

or    

Forgot your details?

Create Account