- SystoLOCK in review: Logging in to Active Directory with multi-factor authentication without passwords - Tue, Dec 5 2023
- New Group Policy settings in Windows 11 23H2 - Mon, Nov 20 2023
- Windows Server 2025 will support SMB over QUIC in all editions - Fri, Nov 17 2023
Microsoft cites a whole range of advantages of MSIX, stating why it should be the package format of choice. These include the fact that applications run in a container, separated from the operating system. This should increase the rate of successful installation and ensure clean removal.
Packages for distribution via the cloud
MSIX was developed with software distribution over the cloud, such as through app stores. As with UWP apps, the installation is per user and follows the model of mobile devices.
Running the MSIX installer after a successful migration; in this example, the installation is for Notepad++
To accelerate the migration to MSIX, Microsoft does not leave it up to the developers alone to provide the software in this format. With the free MSIX Packaging Tool, IT pros can convert all common setup packages and even proprietary installation scripts.
Preparations for repackaging
Before you start, you should ensure a few prerequisites are met. These include, above all, setting up a repackaging environment similar to the one in which the software will later run.
The source system must have the same processor architecture as the target computers (i.e., Intel versus ARM and 32- versus 64-bit). Microsoft recommends using a pristine Windows installation because the packaging tool, like the sequencer from App-V, records all changes to the system that the original setup makes to it.
For this purpose, Microsoft offers a virtual machine with an evaluation version of Windows 10 via the Hyper-V quick creation feature, which already contains the latest version of the MSIX Packaging Tool. If you have set up a VM for this purpose yourself, you can install the tool from the Microsoft Store.
Since it is a store app and its execution requires administrative rights, you should log on to Windows with a privileged account and install the tool in this context.
Creating a new package
The home screen shows icons for creating a new package, modifying an existing one, and launching the package editor. To migrate a traditional installer, click Application package. This starts a wizard that will guide you through the entire process.
Start screen of the MSIX Packaging Tool
The first step is to specify whether to create the package on the local computer, on a remote computer, or on a virtual machine. In this example, we will choose the first option, which will probably be the most common one.
The tool can create packages locally, on a remote computer, or on a VM
The second dialog box shows whether the computer is ready to capture the package. The first time the tool is opened, it installs the required driver and temporarily disables Windows Update so that the system is not modified during the setup by an update.
The MSIX Packaging Tool requires its own driver and disables Windows Update during installer migration
Then you select the conventional installation package the application is shipped with and add parameters to the command line if necessary. The MSIX Packaging Tool can save these in a template, so that you do not have to reenter them if needed (for updates, for example).
Selecting the traditional installer and method for signing the package
One important aspect is the signing of MSIX packages; otherwise, they cannot be executed. The most common variant here is signing with a certificate (.pfx), which is usually purchased from an external certification authority.
Issuing a certificate for code signing
If the installation package is for internal use only, you can issue a certificate for code signing via a Windows CA. To do this, start mmc.exe and add the snapin certificates under File.
In the context of the Current User, execute the command All Tasks > Request New Certificate from the Action menu. This starts a wizard where you select the certificate registration policy in the first dialog box; this is usually the one for Active Directory.
Request a new code signing certificate
Then you activate the Code Signing template, open Details there, and click Properties. In the dialog box that appears, enter the subject name under Subject. Then switch to the Private Key tab and select the Make private key exportable option.
Select the code signing template and make the private key exportable
After you have exported the new certificate, you can open it in the MSIX Packaging Tool.
Recording the installation process
In the next dialog box, enter information for the package, including the name, the version of the application, or the installation path.
Package information for the new MSIX
If you click Next, the original installation routine (MSI, EXE, etc.) starts, and the packaging tool records all its actions.
The MSIX Packaging Tool starts the original installation program and records all its changes to the OS
This includes capturing all unpacked files to transfer them into the MSIX container. It also detects all entries written to the registry so that it can copy them to the virtual registry database within the container.
After completing this phase, the tool displays the name of the installed program in the next dialog box and asks you to launch it from there to customize it if needed.
After the installation is complete, you can restart the program to make further adjustments
During this phase, you change certain settings within the software; these are saved either in the registry or in a configuration file. The MSIX tool recognizes this and incorporates the changes in the package.
As a final point, the wizard ensures that you include the name of the Windows services required by the application if there are any to be activated.
If the recently installed software requires a Windows service, the MSIX tool displays it here
Finally, enter the path where the MSIX should be saved and finish the process by clicking Create.
Finally, save the MSIX package
Installing the package
Now the new package should be ready for installation. In older versions of Windows 10, it may be necessary to allow apps to be sideloaded in the Settings app under Update and Security > For developers.
Subscribe to 4sysops newsletter!
It may be necessary to allow apps to be sideloaded
Microsoft not only provides SCCM or Intune for the distribution of MSIX packages, but also the store for business or a self-hosted website for downloading the apps.
Read the latest IT news and community updates!
Join our IT community and read articles without ads!
Do you want to write for 4sysops? We are looking for new authors.
Very helpful. Thanks!