- Configuring Defender Antivirus: Exclusions, real-time protection, scans, and remediations - Mon, Sep 26 2022
- Get updates for Windows Server 2022 in WSUS - Mon, Sep 19 2022
- Microsoft Defender: Control updates for malware signatures using Group Policy or PowerShell - Thu, Sep 15 2022
Microsoft cites a whole range of advantages of MSIX, stating why it should be the package format of choice. These include the fact that applications run in a container, separated from the operating system. This should increase the rate of successful installation and ensure clean removal.
Packages for distribution via the cloud ^
MSIX was developed with software distribution over the cloud, such as through app stores. As with UWP apps, the installation is per user and follows the model of mobile devices.
To accelerate the migration to MSIX, Microsoft does not leave it up to the developers alone to provide the software in this format. With the free MSIX Packaging Tool, IT pros can convert all common setup packages and even proprietary installation scripts.
Preparations for repackaging ^
Before you start, you should ensure a few prerequisites are met. These include, above all, setting up a repackaging environment similar to the one in which the software will later run.
The source system must have the same processor architecture as the target computers (i.e., Intel versus ARM and 32- versus 64-bit). Microsoft recommends using a pristine Windows installation because the packaging tool, like the sequencer from App-V, records all changes to the system that the original setup makes to it.
For this purpose, Microsoft offers a virtual machine with an evaluation version of Windows 10 via the Hyper-V quick creation feature, which already contains the latest version of the MSIX Packaging Tool. If you have set up a VM for this purpose yourself, you can install the tool from the Microsoft Store.
Since it is a store app and its execution requires administrative rights, you should log on to Windows with a privileged account and install the tool in this context.
Creating a new package ^
The home screen shows icons for creating a new package, modifying an existing one, and launching the package editor. To migrate a traditional installer, click Application package. This starts a wizard that will guide you through the entire process.
The first step is to specify whether to create the package on the local computer, on a remote computer, or on a virtual machine. In this example, we will choose the first option, which will probably be the most common one.
The second dialog box shows whether the computer is ready to capture the package. The first time the tool is opened, it installs the required driver and temporarily disables Windows Update so that the system is not modified during the setup by an update.
Then you select the conventional installation package the application is shipped with and add parameters to the command line if necessary. The MSIX Packaging Tool can save these in a template, so that you do not have to reenter them if needed (for updates, for example).
One important aspect is the signing of MSIX packages; otherwise, they cannot be executed. The most common variant here is signing with a certificate (.pfx), which is usually purchased from an external certification authority.
Issuing a certificate for code signing ^
If the installation package is for internal use only, you can issue a certificate for code signing via a Windows CA. To do this, start mmc.exe and add the snapin certificates under File.
In the context of the Current User, execute the command All Tasks > Request New Certificate from the Action menu. This starts a wizard where you select the certificate registration policy in the first dialog box; this is usually the one for Active Directory.
Then you activate the Code Signing template, open Details there, and click Properties. In the dialog box that appears, enter the subject name under Subject. Then switch to the Private Key tab and select the Make private key exportable option.
After you have exported the new certificate, you can open it in the MSIX Packaging Tool.
Recording the installation process ^
In the next dialog box, enter information for the package, including the name, the version of the application, or the installation path.
If you click Next, the original installation routine (MSI, EXE, etc.) starts, and the packaging tool records all its actions.
This includes capturing all unpacked files to transfer them into the MSIX container. It also detects all entries written to the registry so that it can copy them to the virtual registry database within the container.
After completing this phase, the tool displays the name of the installed program in the next dialog box and asks you to launch it from there to customize it if needed.
During this phase, you change certain settings within the software; these are saved either in the registry or in a configuration file. The MSIX tool recognizes this and incorporates the changes in the package.
As a final point, the wizard ensures that you include the name of the Windows services required by the application if there are any to be activated.
Finally, enter the path where the MSIX should be saved and finish the process by clicking Create.
Installing the package ^
Now the new package should be ready for installation. In older versions of Windows 10, it may be necessary to allow apps to be sideloaded in the Settings app under Update and Security > For developers.
Subscribe to 4sysops newsletter!
Microsoft not only provides SCCM or Intune for the distribution of MSIX packages, but also the store for business or a self-hosted website for downloading the apps.