Deploy an Application Compatibility Database by Using Group Policy

  • Article

Applies To: Windows 7, Windows Server 2008 R2

This section describes how to deploy the application compatibility database fixes that were created and tested.

Note

The instructions in this section require that you have access to Microsoft Visual Studio 2008. The instructions do not include general information about how to use Visual Studio 2008 or how to create a script.

Use the following steps to deploy the application compatibility fixes by using Group Policy:

  1. Create an Installer script

  2. Create a Windows Installer package

  3. Use Authenticode to sign the Windows Installer package

  4. Test the Windows Installer package

  5. Deploy the Windows Installer package by using Group Policy

Create an Installer script

Before creating the Windows Installer package, you must create a script that will perform the custom installation. This process has to be done only once, and the same script file can be used for all other Windows Installer packages.

The following is an example of a script that can be used to perform the installation. The script uses Visual Basic, but you can use any scripting language.

'InstallSDB.vbs
Function Install
Dim WshShell
Set WshShell = CreateObject("WScript.Shell")
WshShell.Run "sdbinst.exe -q " & CHR(34) & "%ProgramFiles%\SDBFolder\SDBFile.sdb" & CHR(34), 0, true
WshShell.Run "cmd.exe /c " & CHR(34) & "del " & CHR(34) & "%ProgramFiles%\SDBFolder\SDBFile.sdb" & CHR(34) & CHR(34), 0
WshShell.Run "reg.exe delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{SDBFileGUID}.sdb /f", 0
End Function

Function UnInstall
Dim WshShell
Set WshShell = CreateObject("WScript.Shell")
WshShell.Run "sdbinst.exe -q -u -g {SDBFileGUID}", 0
End Function

Create a Windows Installer package

After creating the application compatibility database (.sdb database) and the installer script, you are ready to create the Windows Installer package.

The following example uses Microsoft Visual Studio 2008 to demonstrate how to create a Windows Installer package that can deploy the application compatibility database that you created. The instructions do not include information about how to install and use Visual Studio 2008 or how to create a script.

Other options for creating Windows Installer packages include:

Note

Create a separate Windows Installer package for each .sdb database that you created in Create an Application Compatibility Database.

To create the Windows Installer package

  1. Click Start, click All Programs, click Microsoft Visual Studio 2008, and double-click Microsoft Visual Studio 2008.

  2. In Visual Studio, click File, and then click New Project.

  3. In the left pane, double-click Other Projects, and click Setup and Deployment Project. In the right pane, click Setup Project, enter a name for the application compatibility database deployment, and then click OK.

  4. In the Solution Explorer pane, right-click the name of the deployment project, point to Add, and then click File.

  5. In Add Files, browse to the location of the .sdb database file, and then click Open.

  6. Repeat steps 4 and 5, and add the installer script file that you created previously.

  7. In the Solution Explorer pane, right-click the name of your deployment project, point to View, and then click Custom Actions.

  8. On the Custom Actions tab, right-click the Commit folder, and then click Add Custom Action.

  9. In Select Item in Project, double-click the Application folder, select the script file that you created, and then click OK.

  10. In the left pane, right-click the script file that you just added, and then click Properties.

  11. Add the following line to the CustomActionData property: [ProgramFilesFolder][Manufacturer]\[ProductName]\[FileName].sdb.

Note

Do not include a backslash () between [ProgramFilesFolder] and [Manufacturer].

  1. On the File menu, click Build, and then click Build Solution. After the build completes, the Windows Installer package will be added to the Documents\Visual Studio Projects\<ProjectName>\Debug folder.

Use Authenticode to sign the Windows Installer package

After creating the Windows Installer package, it is recommended that you use Authenticode to sign the package before deploying it by using Group Policy. This procedure assumes that a signing key has already been created for the enterprise to use to sign the deployment Windows Installer packages. The signing and verification tools used in the following examples are included in Microsoft Windows SDK for Windows 7 and .NET Framework 3.5 SP1 in the Microsoft Download Center (https://go.microsoft.com/fwlink/?LinkId=146917).

The following is an example of how to sign the Windows Installer package with the signing key for the enterprise.

signcode –v <path>YourKey.pvk –spc <path>YourKey.spc <WindowsInstallerPackage>.msi

To include a timestamp in the signature, include the following parameter on the command line.

–t http://timestamp.verisign.com/scripts/timstamp.dll

You can verify the signature with the following command.

ckhtrust <WindowsInstallerPackage>.msi

If the file validates and the signing certificate is signed by a trusted publisher certificate in your environment, chktrust.exe returns a success code.

For more information about Authenticode technology, see Authenticode in the MSDN Library (https://go.microsoft.com/fwlink/?LinkId=71361).

Test the Windows Installer package

After creating the Windows Installer package, you can test the package by copying the Windows Installer file to a target computer and double-clicking it to open the setup wizard. The following procedure is an example of how to test a Windows Installer package.

To test the Windows Installer package

  1. Locate the Windows Installer (.msi) file, and double-click it to begin the setup.

  2. On the Select Installation Folder page, select the installation folder, select whether to apply the application compatibility database to one user or everyone who uses the computer, and then click Next.

  3. On the Confirm Installation page, click Next.

  4. If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Yes.

  5. On the Installation Complete page, click Close.

  6. Click Start, click Control Panel, click Programs, and then click Programs and Features.

  7. On the Uninstall or change a program page, verify that the application compatibility database installer and application compatibility database entries are present.

Deploy the Windows Installer package by using Group Policy

This section contains the basic steps to deploy the Windows Installer package that you created by using Group Policy.

You must log on as a member of the Domain Admins group to perform this procedure.

To add a Group Policy object to the domain

  1. Place the Windows Installer deployment package on a file share that is available to all computers that should receive the application compatibility database. This can be the entire domain or restricted to organizational units (OUs). Ensure that the Windows Installer package has the proper access control list (ACL) entry on the file share to allow access only to appropriate computers.

  2. Click Start, click Administrative Tools, and then click Group Policy Management.

  3. In the Group Policy Management Console (GPMC), navigate to the domain where you want to create the new Group Policy object (GPO), right-click Group Policy Objects, and then click New.

  4. In the New GPO dialog box, type a name for the new GPO, and then click OK.

  5. In the details pane, double-click the GPO that you just added. Click the Delegation tab, and add any necessary ACLs for domain computers where the GPO will be installed. Ensure that the Read check box is selected, and then click OK.

  6. In the console tree, right-click the new GPO, click GPO Status, and then click User configuration settings disabled.

  7. In the console tree, right-click the new GPO, and then click Edit.

  8. In the Group Policy Management Editor window, double-click Computer Configuration, double-click Policies, and then double-click Software Settings.

  9. Right-click Software installation, click New, and then click Package.

  10. In the Open dialog box, navigate to and select the Windows Installer package that you created, and then click Open.

  11. In Deploy Software, click Assigned, and then click OK.

Note

The package is installed on the target computers without any user interaction required. The Windows Installer package is displayed in the GPMC.

  1. Close all open windows.

You can now verify that the deployment was successful.

To verify the deployment

  1. Restart a computer that is a member of the domain.

  2. Before the user logon screen is displayed, Group Policy automatically installs the Windows Installer package onto the computer.

  3. Log on to the computer as an administrator in Admin Approval Mode.

  4. Click Start, click Control Panel, click Programs, and then click Program and Features.

  5. Verify that the Windows Installer package and application compatibility database entry are listed.