Customizing Microsoft Windows Services for UNIX Installation
Abstract
Microsoft® Windows® Services for UNIX provides a broad range of features that help IT administrators integrate Windows and UNIX networks. To ensure consistent and appropriate configuration of network computers, it may be desirable to control the Windows Services for UNIX components that can be installed on each computer. This paper provides tools and describes techniques that give IT administrators the ability to limit the components available for installation.
.gif){kind=icon}
Introduction
Intended Audience and Pre-requisite Reading
Overview of Windows Services for UNIX Installation
When and How to Customize Windows Services for UNIX Installation
Conclusion
Appendix
Windows Services for UNIX version 3.0 provides a wide range of connectivity tools to help you integrate networks consisting of Windows-based clients, servers and UNIX-based computers. Windows Services for UNIX components make it easy for users of Windows-based computers to access files on UNIX-based Network File System (NFS) servers, and to give UNIX users access to files on Windows servers. Windows Services for UNIX components can simplify network management by automatically synchronizing users' passwords on Windows and UNIX computers, and to administer Windows 2000 domains and Network Information Service (NIS) domains together. The integration of Interix components in this version of Windows Services for UNIX helps in UNIX-style scripting and application development.
Because the selection of connectivity tools provided by Windows Services for UNIX is so extensive, most organizations will not need every component. When installing Windows Services for UNIX, it's easy to select just the components needed. Since Windows Services for UNIX uses Windows Installer, it's easy to add or remove components later as your needs change.
This flexibility may have a down side for some organizations that have a central information technology (IT) department that controls all of the network components.
For example, the IT department might want to deploy one Windows Services for UNIX component to many servers throughout the network but not permit the administrators of those servers to install other Windows Services for UNIX components.
This paper explains how to install and use tools to create a custom Windows Services for UNIX installation that makes specific components available for installation.
This white paper is intended for IT managers and system/network administrators who wish to deploy different components of Services for UNIX in different installation scenarios. Administrators can use the techniques outlined in this paper to create customized network installation points for Windows Services for UNIX that make available only those components that are to be deployed for a particular application.
End users whose requirement is to only use one or more features provided by Services for UNIX need not read this white paper. The contents described here will not be of much help to people who use the product for purposes like accessing shares in a heterogeneous environment or developing UNIX-style applications.
The following white papers are a recommended read prior to reading this white paper.
Introduction to Services for UNIX
General Services for UNIX White Paper
New Features in Services for UNIX 3.0
Windows Services for UNIX 3.0 makes use of Windows Installer to install the product. Windows Installer provides a consistent, easy-to-use method for installing software on Windows-based computers. Windows Installer is built into Windows 2000 and is available in Windows NT 4.0 service packs. When installing Windows Services for UNIX on a Windows NT computer that does not have Windows Installer, the Windows Services for UNIX setup application installs Windows Installer and then invokes it to perform the actual installation of Windows Services for UNIX.
When installing Windows Services for UNIX, you can either choose the Standard Installation mode to install a default set of components (which vary, depending on your computer's operating system), or you can select the Custom Installation mode, which allows you to pick components you want to install. Depending on whether you are installing Windows Services for UNIX on a computer running Windows NT Workstation, Windows NT Server, Windows 2000 Professional, Windows 2000 Server, or Windows XP Professional and depending on whether the server is a domain controller, you can choose to install any of the components listed in Table 1. An X indicates whether a component is available on a given platform; a bold X indicates whether the component is included in the default installation for the given platform.
Note: You must install at least one of the components listed in Table 1. In addition to these optional components, the Windows Installer installs Windows Services for UNIX Administration (the management console for Windows Services for UNIX), Windows Services for UNIX Help and Release Notes.
Table 1 System configurations requirements for each component.
Component |
Required System Configuration |
|
|
|
|
|---|---|---|---|---|---|
|
Windows NT 4.0 Workstation (Service Pack 6a or later) |
Windows NT 4.0 Server (Service Pack 6a or later) |
Windows 2000 Professional |
Windows 2000 Server / Advanced Server |
Windows XP Professional |
Base Utilities |
X |
X |
X |
X |
X |
UNIX Perl |
X |
X |
X |
X |
X |
Interix GNU Utilities |
X |
X |
X |
X |
X |
Interix GNU SDK |
X |
X |
X |
X |
X |
Client for NFS |
X |
X |
X |
X |
X |
Server for NFS |
X |
X |
X |
X |
X |
Gateway for NFS |
|
X |
|
X |
|
Server for NIS |
|
|
|
X (DC only) |
|
Password Synchronization |
X |
X |
X |
X |
X |
Telnet Server |
X |
X |
X |
X |
|
Windows Remote Shell Service |
X |
X |
X |
X |
X |
User Name Mapping |
X |
X |
X |
X |
X |
Server for NFS Authentication |
X |
X |
X |
X |
X |
Server for PCNFS |
X |
X |
X |
X |
X |
Interix SDK |
X |
X |
X |
X |
X |
ActiveState ActivePerl |
X |
X |
X |
X |
X |
Note: Password Synchronization and User Name Mapping are installed by default on a Windows 2000 Server / Advanced Server only if the machine is a Domain Controller (DC).
You can make a custom installation available for installing Windows Services for UNIX components. For example, if you want to install certain components on desktop or server computers without making other components available for installation.
IT administrators can create a custom package that they want to deploy without users having to make complicated decisions about what subset of the product they need for their business use. The custom package can then either be rolled out in a controlled manner, or end users can choose to install this at their convenience.
Typical scenarios include:
Installing client software on desktop computers
Installing server software on network servers
Installing UNIX shell and utilities to provide for remote administration
SFU 3.0 comprises a galaxy of features that empower a user to seamlessly interoperate in a heterogeneous networking environment. These include
Interix Components that help in UNIX-style application development
NFS Components that help users access shares using the Network File System (NFS) protocol
Password Synchronization to synchronize UNIX and Windows user passwords
Server for NIS that helps in user and group management
User Name Mapping to map Windows users to the UNIX domain and vice-versa, etc.
Remote Access Tools like Remote Shell Service and Telnet Server
Server for PCNFS to support PCNFS authentication
Perl for scripting support
This release of Windows Services for UNIX incorporates all the Interix components that were previously part of the Interix 2.2 product. These components are divided into five categories.
Base Utilities - As the name indicates, constitute the set of basic UNIX utilities and some additional services like the Cron Service, the Telnet Client, etc. The Base Utilities are installed by default whenever any of the other four Interix Components are installed.
UNIX Perl - UNIX Perl provides Perl scripting in the Interix environment.
Interix SDK - Interix SDK installs headers, libraries and utilities used to build UNIX and X11R5 applications on Interix.
Interix GNU Utilities - The Interix GNU Utilities are covered by the GNU General Public License (GPL).
Interix GNU SDK - The Interix GNU SDK are covered by the GNU Library General Public License (LGPL). The Interix GNU SDK requires Interix GNU Utilities and Interix SDK and installs these two components by default.
Another interesting category of components that are part of SFU 3.0 are the NFS components.
NFS Client – Allows Windows based desktops to browse and access files on UNIX NFS servers.
NFS Servers – Allows UNIX clients to access files that are shared out using NFS on Windows desktops.
NFS Gateway – Allows Windows computers without NFS Client software installed to access files on UNIX NFS servers by exposing the UNIX shares as Windows shares.
Component Dependencies
Before discussing the actual customization part, there are a few component selection restrictions that you should know.
You cannot install Client for NFS and Gateway for NFS together on the same computer.
You cannot install Server for NFS without selecting the Server for NFS Authentication component.
To install the Interix subsystem, which is not a separate component by itself, you need to install Base Utilities.
Installation of UNIX Perl will install Base Utilities.
Installation of Interix SDK will install Base Utilities.
Installation of GNU Utilities will install Base Utilities.
Installation of GNU SDK will install both GNU Utilities and Interix SDK.
One of the features of Windows Installer is the ability to easily remove or add components to an existing Windows Services for UNIX installation. While most often a benefit, this feature may be a disadvantage for organizations in which IT managers need to control which software is installed on network servers and clients.
For example, consider a case where two companies merge, one whose computer network was UNIX-based, while the second company's computer network used Windows servers and desktops exclusively. Until the networks can be more fully integrated, the IT department of the newly formed company wants departmental server administrators to use Gateway for NFS to provide transparent access to NFS servers by Windows-based clients, and to use Server for NFS to provide transparent access to Windows file shares by NFS clients. However, for reasons of security, the IT department wants to make sure that the Windows Remote Shell Service cannot be installed on the servers.
If you need to prevent computer administrators from adding certain components to a Windows Services for UNIX installation, you can use tools described in this paper to create a custom installation that excludes selected components from the Windows Services for UNIX installation.
Windows Services for UNIX provides a Microsoft Windows Installer package that makes all Windows Services for UNIX components available for installation. You can modify this package to remove one or more components from the default package to make sure that only the components you want installed are available for installation.
One method for modifying a Windows Installer package is by applying a transform. A transform adds or replaces elements in the original package. In the case of Windows Services for UNIX, you can use transforms described in this paper to remove components from the Windows Services for UNIX package. You can create multiple, custom packages suitable for installing various components for different applications. Click here to download the transforms.
Installing the Window Services for UNIX Transforms
Before you install the transforms, you should first copy the entire contents of the Windows Services for UNIX CD-ROM disc to a shared folder. To install the transforms, copy the .mst files that were extracted with this white paper to the shared folder.
Choosing the Transforms You Need
Each of the transforms you installed can be used to remove a single component from the Windows Services for UNIX Installer package. Table 2 lists the available transforms and the component that each one removes.
Table 2 Transforms for removing components
Component |
Transform to Remove |
|---|---|
ActiveState Perl |
SfuNoPerl.mst |
Base Utilities |
SfuNoUtils.mst |
Client for NFS |
SfuNoCNFS.mst |
Gateway for NFS |
SfuNoGNFS.mst |
Interix GNU Utilities |
SfuNoGUtils.mst |
Interix GNU SDK |
SfuNoGSDK.mst |
Interix SDK |
SfuNoSDK.mst |
Password Synchronization |
SfuNoPwdSync.mst |
Server for NFS |
SfuNoSNFS.mst |
Server for NFS Authentication |
SfuNoSNFSAuth.mst |
Server for NIS |
SfuNoSNIS.mst |
Server for PCNFS |
SfuNoSPCNFS.mst |
Telnet Server |
SfuNoTS.mst |
UNIX Perl |
SfuNoUPerl.mst |
User Name Mapping |
SfuNoUNMapping.mst |
Windows Remote Shell Service |
SfuNoRshSvc.mst |
Note: Choosing a transform that removes a particular component will remove all other components that are dependent on it.
Applying the Transforms
Once you have selected the components you want to remove and the transforms used to remove them, you can either temporarily apply the transforms to the existing Installer package or create a new Installer package by applying each of the transforms to the existing package.
To temporarily apply the chosen transforms, run the Installer package in the following manner from the shared folder where you have copied the contents of the Windows Services for UNIX CD-ROM.
MSIEXEC.EXE /i SfuSetup.msi TRANSFORMS=<list of transform files>
The procedure to apply the transforms permanently and generate a new Installer package is explained in the Appendix.
The sample transforms that are provided with this whitepaper are created using AdminStudio from InstallShield®. A tool within InstallShield called the Tuner, helps in subsetting an installation by creating transforms. More information on the usage and availability of the tool can be found at https://www.installshield.com/isas/. Please look this up if you require to create other customization transforms for specific scenarios.
Windows Installer gives IT administrators powerful tools for creating customized setups that meet the specific requirements of their site. By taking advantage of Windows Installer's capabilities, IT administrators can ensure that the administrators of individual servers and workstations are able to install exactly those Windows Services for UNIX components that are required for their systems. This can promote network supportability by ensuring consistent and appropriate configurations for all systems on the network.
For the latest information on Windows Services for UNIX 3.0, check out our Web site at https://www.microsoft.com/windows/sfu/.
- SFU Best Practices Global Deployment White Paper.
Once you have selected the components you want to remove and the transforms used to remove them, you can create a new Installer package by applying each of the transforms to an existing package.
The first step in creating a new Installer package is to create a copy of an existing Installer package (.msi) file to which you will apply the transforms. In this case, you must copy and rename Sfusetup.msi, the Windows Services for UNIX Installer package file, and place it in the same folder as Sfusetup.msi.
For example, to copy Sfusetup.msi, start a command prompt, change the current directory to the folder containing Sfusetup.msi, and then type the following at the command prompt:
copy Sfusetup.msi Sfucustom.msi
Next, customize the Installer package by applying transforms using the msitran utility. (You can obtain the msitran utility by installing Windows Installer tools from the Microsoft Developers Network). The following shows the msitran syntax for applying a transform.
msitran –a transform_filedatabase_file errors_suppressed
The transform_file parameter specifies the transform that is to be applied to the Installer package specified by the database_file parameter. The errors_suppressed parameter specifies types of errors that msitran should ignore. When applying the transforms supplied with this paper, you must specify b for the errors_suppressed parameter.
For example, to remove Server for NIS and Password Synchronization from the copy of the Windows Services for UNIX Installer package, type the following at the command prompt.
msitran –a SfuNoSNIS.mst Sfucustom.msi b
msitran –a SfuNoPwdSync.mst Sfucustom.msi b
This creates a customized Windows Services for UNIX Installer package that makes all Windows Services for UNIX components available for installation except Server for NIS and Password Synchronization.
Regardless of which transforms you use to remove components from the standard Windows Services for UNIX Installer package, Windows Services for UNIX Administration, Windows Services for UNIX Help and Release Notes are always installed.