I intend to deploy a mini-firewall application which will block certain ports used by IM software. It's a single EXE plus runtimes and a startup entry in HKLM/Software/Microsoft/Windows/Currentversion/Run. The targets will vary in configuration (home user) and it's possible that some users will be able to delete the exe and/or the startup reg value, which we don't want.

Therefore, is it possible to cause the MSI to check it's keypaths at startup? I've read through this [url=http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dndotnet/html/wi_integration.asp]Application Resiliency[/url] article, but am still unsure. Would I need to use COM advertising? [&:]
0 Comments   [ - ] Hide Comments


Please log in to comment

Rating comments in this legacy AppDeploy message board thread won't reorder them,
so that the conversation will remain readable.
Answer this question or Comment on this question for clarity


In order for the application to trigger self-repair, you need to trigger at least one of the entry points of the application.
An entry point is most often an advertised shortcut, but can also be an entry in the Class, AppId, Extension, MIME, ProgId or Verb table in Windows Installer.
Since a registry key in HKLM/......./Run is not an entry point, that will not help here. I think maybe an advertised shortcut in the Start Menu/All Programs/Startup folder, that points to the exe is the best bet here. If you can set permissions on this, to prevent the user from deleting it, it would solve your problems. This will cause Windows Installer to first check the keypaths of ALL components in the FEATURE that the shortcut points to. This sounds like a small program, so putting everything in one feature should'nt be a problem.

You could also try a startup script, that runs "msiexec /foums <ProductCodeOfApplication>" (see msiexec /? for details). This needs to run before the firewall starts up, so you might need to trigger the exe file at the end of this script.

But if the user got full control of the machine, the only thing you can do is to put up a proxy or something in the network, that deny access to the network as long as the firewall is not installed and running.

As for using COM advertising, this is only needed if the application itself uses COM (i.e. installs registry keys to the HKCR\Classes registry hive).
Answered 02/06/2006 by: sikkert
Orange Senior Belt

Please log in to comment