Global MSI Software

People often ask "What is the best repackaging environment?"

The question can be answered in a variety of ways depending on how you personally prefer to work or with experience of your own findings.

Often the guidelines used around finding this perfect repackaging environment are as follows;


It's impossible to produce a reliable robust package on a machine that isn't clean. i.e. has other unwanted software installed on it or registry keys. A clean machine reduces the likelihood of the snapshot missing registry keys and files. The best basis for repackaging is to use a 'vanilla' build. This consists of the minimum operating system components that are necessary for your repackage to function correctly. Vanilla images will vary depending on what your company sees fit to have within the build. However such builds in a general term consist of the OS as previously stated, the current OS service pack, MDAC and an application to perform a snapshot.

Other applications that should not be included in a vanilla build are likely to be applications like Microsoft Office (or other suited applications for everyday office use). Antivirus software of any descripts. There are always exceptions to the rules and here is no exception, software that is reliant on other applications for example a Word Add-On. If repackaging a Word Add-On, your machine must obviously consist of the Word application for the snapshot software to pick up the hooks that tie the Add-On into Word and for all the functionality of both Word and the Add-On to be realised.

Testing of completed packages or repackages should always be done on a current base build that your organisation uses sometimes called an SOE (Standard Operating Environment) or a Gold build. It generally consists of the OS and any applications that are deemed as needed by all users. Typical examples of these applications are Microsoft Office, Adobe Reader and a compression utility such as WinZip.

These guidelines are only set out in brief and obviously go a lot deeper depending on the applications and OS your organisation uses.



Exclusion lists can be a complicated business, knowing or deciding what should be excluded and included in the package can be a tricky business. Some principles worth bearing in mind to help you identify files and registry keys to include or exclude.

Files that you might typically forget will probably not impact the functionality of your package / repackage or the end application.

Unless DLL isolation is needed (discussed later) then leave all .DLL files where they are installed to (usually the SYSTEM32 folder). Moving these files to new locations or locations specified by yourself WILL impact the application and its functionality.

Remove ALL software manufacturer uninstall routines, these are not needed because the Microsoft Windows Installer will handle the removal of the software. Leaving them on the system and available to users can cause problems if the user should select or try to run the uninstall routine.

Leave all files that are obviously related to the application, these can be files or registry keys that contain the name of the application or reside within the applications folder on the hard drive. Removing these files could result of the application not functioning correctly.


These files should generally be excluded from your package installation:

	File	Description
	Ntuser.ini	This file creates components for end users roaming profiles.
	Ntuser.dat	This file contains the registry file for the end user.
	Ntuser.dat.log	This file recovers the ntuser.dat file.
	\Favorites\Desktop.ini	This text file lets you determine how an end user views file system folders.
	\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat	This file contains the registry file for the end user.
	\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.log	UsrClass.dat uses this file as backup.
	\Application Data\desktop.ini	This text file lets you determine how an end user views file system folders.
	\Application Data\Microsoft\Internet Explorer\brndlog.txt	The brndlog.txt file is an Internet Explorer log.
	\Application Data\Microsoft\Internet Explorer\brndlog.txt.log	The brndlog.txt.log is an Internet Explorer log.
	\Application Data\Microsoft\Internet Explorer\Desktop.htt	This file contains the image for the operating system wallpaper.
	\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini	This file lets you see how an end user views a folder.
	\Cookies\index.dat	This file contains Internet usage history for the end user.
	\NetworkService\LocalSetting\Desktop.ini	This text file lets you customize a folder's behavior.

Files stored on the root are generally not important to the application and can be deleted. However caution should be used before removing every file in this location. Although developers today routinely place application specific files in the Application or System32 directories, you might periodically find application files on the root. (In the past, it was common practice to store files here.) The files listed in the table below are safe to remove from the root because they are part of the operating system.

	File	Description
	Pagefile.sys	Pagefile.sys is the memory swap file for the operating system and is exclusive to the current session.
	Boot.ini	This file contains information about the disk partitions and the location of the operating systems that are available.
	Hiberfil.sys	The operating system uses this file when it goes into hibernation (sleep mode), swapping information from RAM. Always exclude this file to avoid operating system stability issues.
	Ntldr	This file is the Windows NT loader, and loads from the hard drive boot sector that displays the WINNT Startup menu.

These files should be included in the package, because this folder is a shared area it can contain vitally important files to the running of the machine both for the operating system and your packaged/repackaged application. Exceptions to this rule are the following files; these are OS files and uninstall files

	File	Description
	SchedLgU.txt	This file is an activity log for the operating system.
	Setupapi.log	This file stores driver and key system changes for the installation. For more information about this file, go to http://www.microsoft.com/windows2000/techinfo/administration/setupapi.asp

Files store with in either of these folders should be removed with caution, they consist of sometimes vital files to the application and Operating Systems functionality. They can open to conflict because they are shared, whilst some can belong to the OS they can also be used my multiple applications at the same time.

Your file exclusion list is very important and can create volatile environments if not done correctly. If unsure about certain exclusions or inclusions, please seek professional advice before proceeding.


The machine should always be rebooted to complete a snapshot, many applications only write files and registry keys on reboot, this can be for several reasons, i.e. a file that is in use on your system needs to be unloaded from memory before it can be replaced, one of the installed files is a device driver and needs to be in memory prior to other OS files.


Some applications also write certain registry keys after the application itself is invoked. So therefore the application should be started before the after scan is performed. Another reason is that within the application there may be configurable information that is stored within the registry after configuration and not at install. If an after scan was performed without running the application it would not exist in your package. Making the package incomplete.


It's always worth bearing in mind that not everything needs to be or can be repackaged. Some software needs customising only via use of a transform. I.e. existing MSI files should not be captured using a snapshot, the installation should be changed via a transform to get the desired results.

Operating system core ware and middleware such as internet Explorer, Windows Media Player etc use command line unattended installation parameters. If applications such as these are attempted to be repackaged it is likely that to the untrained packager it will result in Windows protection errors. Only Microsoft has API that will allow some files to be successfully replaced or over written. Some packages or applications are available as merge modules from many sites and internally with the snapshot software such as MDAC. Service Packs are not usually repackaged, the main reasons being that it can prove difficult to correctly capture changes made to the OS and a large number of files are write or memory protected by Microsoft. Service pack installs however can be automated via the use of command line switches.


One of the most complicated processes when repackaging software can be deciding which registry keys should be excluded. Once you have them identified correctly it can greatly speed up the packaging process. Whilst not all eventualities are covered here, we have attempted to list the most common that it is safe to delete.


This registry key is a subset of both HKEY_LOCAL_MACHINE\Software\Classes and HKEY_CURRENT_USERS\Software\Classes. If any of the information is redundant then HKEY_LOCAL_MACHINE supersedes HKEY_CURRENT_USER. Keys under HKEY_CLASSES_ROOT relate to file associations and this area of the registry can be the most prone to registry conflicts.

E.g. During an installation, media player files overwrite .AVI file associations. Although this will not affect the machines performance it has created a conflict with other .AVI files. Thus, when a .AVI file is clicked an application other than the one the user expects could open because there are multiple file associations in the registry. Class ID is COM information in these hives added during the installation. Although you can delete Class ID information, examine it closely first so you don't accidentally remove a COM key. Applications require COM keys and without them, applications fail.


The HKEY_LOCAL_MACHINE hive contains several main keys, which are listed below. The keys in this hive contain information for machine-specific settings.

	Registry Key	Description
	HKEY_LOCAL_MACHINE\Hardware	Include this key only when you are repackaging applications that contain hardware, such as printer or scanner software. Before you begin a repackaging project, check to see if there are hardware components in the application.
	HKEY_LOCAL_MACHINE\SAM	The SAM (security accounts manager) key contains information that handles end user and group accounts and provides end user authentication to the LSA (local security authority).
	HKEY_LOCAL_MACHINE\Security	This key contains end user and group information for the domain, such as rights and passwords. If there is no domain, this key stores end user information in a workgroup.
	HKEY_LOCAL_MACHINE\Software\Microsoft\ Windows\CurrentVersion\Run	If this key is populated, the application starts after every reboot.
	HKEY_LOCAL_MACHINE\Software\Microsoft\ Windows\CurrentVersion\RunOnce	If this key is populated, the application starts after the first reboot only.
	HKEY_LOCAL_MACHINE\Software	This key contains the application settings, which are the primary files for your installation. Application vendors populate this key to include the application's version control, setting information, and folder path information.
The following sub-keys verify that the information in the keys should be populated to the rest of the installation.
	HKEY_LOCAL_MACHINE\Software\Windows\ CurrentVersion\AppPath	This file contains the program location for 32-bit software. Do not exclude this file.
	HKEY_LOCAL_MACHINE\Software\Microsoft\ Cryptography.	This file provides information for the digital signature on the destination machine.
	HKEY_LOCAL_MACHINE\Software\Microsoft\ Event System	This file provides information for the Windows NT event viewer.
	HKEY_LOCAL_MACHINE\Software\Microsoft\SMS	This file provides information for SMS and for the destination machine.
	HKEY_LOCAL_MACHINE\System\CurrentControlSet\ SessionManager\Environment\	This key contains all of the destination machine environment variables.
	HKEY_LOCAL_MACHINE\System\CurrentControlSet\ Control\SessionManager\KnownDLLs	Note: Be very careful when deleting this key. Leave this key in the registry for Windows 9x, Windows NT, Windows 2000, and Windows XP installations if you are not using isolation, which moves the file to the application directory. Isolation modifies the Windows search order. The .DLL in the application supersedes the KnownDLL keys. The KnownDLL keys load at system startup and map to the same location for all processes. These keys always load from the registered path unless they are isolated. Because of the volatility of the search order, consider using isolation when this key is populated.
	HKEY_LOCAL_MACHINE\System\CurrentControlSet001\	This file contains a backup of the Current ControlSet file.
	HKEY_LOCAL_MACHINE\System\CurrentControlSet002\	This file contains a backup of the Current ControlSet file.
	HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\ CurrentVersion\Syncmgr	This file handles configuration information for offline files.
	HKEY_LOCAL_MAHCINE\Software\Microsoft\WBEM\	This file stores the data for Web-based enterprise management and can safely be excluded.
	HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\ CurrentVersion\GroupPolicy\	This file handles configuration information for Group Policies, which does not relate to a vendor's installation.
	HKEY_LOCAL_MACHINE\Software\Microsoft\Rpc\ UuidSequenceNumber	This file relates to NetBios network settings.

The keys listed under this hive contain the end users settings, the keys listed below in the table can be safely deleted without an impact on the system, unless marked with an asterix.

	Registry Key	Description
	HKEY_CURRENT_USER\AppEvents	This key contains information for the sounds associated with events.
	HKEY_CURRENT_USER\Console	This key works with the command prompt window.
	HKEY_CURRENT_USER\SessionInformation\ ProgramCount	This key enumerates the applications that are open.
	HKEY_CURRENT_USER\Software\Microsoft\ Windows\Current Version\Applets	This key contains information about the current installation session. You must delete the subkeys listed below for the installation to function properly.
	HKEY_CURRENT_USER\Software\Microsoft\ Windows\Current Version\SessionInfo	You can safely exclude this key because it contains operating system information, not application information.
	HKEY_CURRENT_USER\Software\Microsoft\ Windows\Current Version\StreamMRU	This subkey only relates to the current state of the machine on which you are repackaging.
	HKEY_CURRENT_USER\Software\Microsoft\ Windows\Current Version\MountPoints\	This subkey contains the drive mappings on the current machine.
	HKEY_CURRENT_USER\Software\Microsoft\ Windows\Current Version\StartPage\	This subkey displays the first page when an end user opens Internet Explorer.
	HKEY_CURRENT_USER\Software\Microsoft\ Windows\Current Version\Prefetcher\	Applicable only to Windows XP, this subkey is a component that works with memory management. You can remove this key because it relates only to what is occurring on the operating system, not in the application.
	HKEY_CURRENT_USER\Software\Microsoft\ Windows\Current Version\Shell\BagMRU	Applicable only to Windows XP, this key contains the most recently used end user settings.
	HKEY_CURRENT_USER\Control Panel\ Keyboard\InitialKeyboardIndicators	This subkey controls the NumLock key. If you set this key, it changes the end user's setting to the destination computer.
	HKEY_CURRENT_USER\Software\Microsoft\ Internet Explorer\Toolbar\Shellbrowser	This subkey controls the Internet Explorer tool bar.
	HKEY_CURRENT_USER\Software\Microsoft\ Windows\Current Version\Explorer\RunMRU	This subkey is the most recently used list for the RUN command.
	HKEY_CURRENT_USER\Software\Microsoft\ Internet Explorer\Toolbar\Explorer	This subkey controls the Internet Explorer tool bar configuration.
	HKEY_CURRENT_USER\Software\Microsoft\ Windows\Currrent Version\Explorer	There are several subkeys to this key, which you use for Windows Explorer configuration.

Although it is safe to delete the two keys shown in the table below, they should be removed with caution. Some applications may contain information that is pertinent to their functionality.

	Registry Key	Description
	HKEY_CURRENT_USER\Software\Microsoft\ Windows\Current Version\Run	If this key is populated, the application starts after every reboot.
	HKEY_CURRENT_USER\Software\Microsoft\ Windows\Current Version\\RunOnce	If this key is populated, the application starts after the first reboot only.

Because this hive contains custom information for the end user only, it can be ignored.