none
64bit setup - CustomActions and Trusted Sites RRS feed

  • Question

  • Hello,

    We have prepared setup for our product. There is no problem on 32bit machines. Problem has been located on 64bit platform with 64bit system Vista.
    1) Our setup sets Trusted sites using paths:
    MACHINE_KEY\Software\Microsoft\Windows\....
    MACHINE_KEY\Software\Wow6432node\Microsoft\Windows\...
    On 64bit system we have noticed that no entry has been added to first one (64bit registry part) only in Wow6432node part expected entries are added.
    How to force setup to make entry in MACHINE_KEY\Software\Microsoft\Windows\ not only in 32bit part MACHINE_KEY\Software\Wow6432node\Microsoft\Windows\?
    Is it because Windows recognices setup as 32bit application and do not allow to write to 64bit part of registry?


    2) Our setup uses Custom Action to add rights for our .Net framework application to execute remotely.
    As a result in WINDIR\Microsoft.Net\Framework\v2.x\CONFIG\security.config there is new entry.
    We have observed that on 64bit system there is also directory:
    WINDIR\Microsoft.Net\Framework64\... but in WINDIR\Microsoft.Net\Framework64\v2.x\CONFIG\ there is no security.config file.
    Does this mean that setup uses only 32bit framework, or 64bit framework uses settings from security.config file for 32bit framework directory, or somethings is wrong?

    If there is a need to make it as 64bit setup, can we make 64bit setup on 32bit system (what we need), or do we need 64bit system?
    Monday, September 7, 2009 10:31 AM

Answers

  • So I have solved it myself:

    CustomAction has been extended so that 64bit framework settings are handled:
    1) I am looking for: %WINDIR% + "Microsoft.Net\\Framework64\\" + <Name of directory that contains: "v2.*">
    2) then I'm looking for security.config in CONFIG dir. In file I am checking if my FullTrust informations are present.
    3) If not I am executing CasPol.exe (from 64bit framework directory) with attribute "-pp off" this makes that CasPol.exe works in silent mode, so that I do not need to detect framework language version to emulate any response from user.
    4) Because it is still launched by CustomAction it is run as setup so in Administrative mode. :-)

    • Marked as answer by _Peter_IESites Thursday, September 10, 2009 12:56 PM
    • Edited by _Peter_IESites Friday, September 11, 2009 12:46 PM clarify about what CasPol.exe is invoked
    Thursday, September 10, 2009 12:56 PM

All replies

  • Hi _Peter_IESites,

    If there is a need to make it as 64bit setup, can we make 64bit setup on 32bit system (what we need), or do we need 64bit system?

    We cannot make x64 setup on x86 OS. I would suggest you to apply x64 Operation System.

    Some clarification with you:

    Why do you want to force setup to make entry in MACHINE_KEY\Software\Microsoft\Windows\ not only in 32bit part MACHINE_KEY\Software\Wow6432node\Microsoft\Windows\?
    Does your application can be run on x64 OS?
    If it fails to run, is there any error message?

    Best regards,
    Yichun Chen
    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    Welcome to the All-In-One Code Framework! If you have any feedback, please tell us.
    Tuesday, September 8, 2009 9:43 AM
  • Thank you for your response and advices.
    Our application is written in C# in .Net 3.5 (some part in .Net 2.0).

    We would like to run application as 64bit on 64bit platform/system.

    1) Application is distributed as NoTouchDeployment, but there is a need to add rights (configure FullTrust) for .Net framework to execute our application from distribution server.
    2) Some shortcuts (URL shortcuts) for those application are added to Start Menu.
    3) Distribution server URL has to be added to IE Trusted Sites.

    Those three things are done by setup we are talking about.

    On 64-bit system we have encountered problem (more details will be available tomorrow). In registry part for Internet Explorer (x64) there are no registry entries in ZoneMap (setup application on 64-bit platform should add site do ZoneMap for 64bit and 32bit part of registry, but it doesn't - probably because setup has been created on x86 platform).

    Additionally in Framework64's CONFIG directory there is no security.config file, so there is also no configuration for FullTrust for our application domain.

    As I have told we have for today just limited error information in foreign language (minor Western European language), so we have to wait for full access to the 64bit system until tomorrow (Generally, IE opens and closes, then our application should start but it doesn't just some Microsoft Error Report request dialog is show without any tab or button to view details.
    • Edited by _Peter_IESites Tuesday, September 8, 2009 10:15 AM grammar
    Tuesday, September 8, 2009 10:12 AM
  • So here is error message window (translated in google translator):
    "Microsoft IE Execute shell has stopped functioning

    A problem caused the program to stop working correctly. Windows closes the program and notifies you if found a solution."

    Here is event log error report:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
    - <System>
      <Provider Name="Windows Error Reporting" />
      <EventID Qualifiers="0">1001</EventID>
      <Level>4</Level>
      <Task>0</Task>
      <Keywords>0x80000000000000</Keywords>
      <TimeCreated SystemTime="2009-09-09T08:33:40.000Z" />
      <EventRecordID>2744</EventRecordID>
      <Channel>Application</Channel>
      <Computer>test</Computer>
      <Security />
      </System>
    - <EventData>
      <Data>311953542</Data>
      <Data>5</Data>
      <Data>CLR20r3</Data>
      <Data>Intet</Data>
      <Data>0</Data>
      <Data>ieexec.exe</Data>
      <Data>2.0.50727.3053</Data>
      <Data>4889dd0c</Data>
      <Data>IEExecRemote</Data>
      <Data>2.0.0.0</Data>
      <Data>4889dd0a</Data>
      <Data>4</Data>
      <Data>59</Data>
      <Data>System.Security.Security</Data>
      <Data />
      <Data>C:\Users\test\AppData\Local\Temp\WER9982.tmp.version.txt</Data>
      <Data>C:\Users\test\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report16b9b674</Data>
      </EventData>
      </Event>

    • Edited by _Peter_IESites Wednesday, September 9, 2009 8:43 AM word correction
    Wednesday, September 9, 2009 8:42 AM
  • Hmmmm strange.

    So, for now, I have figure out that problem is caused by lack of security.config file in WINDIR\Microsoft.Net\Framework64\v2.xx\CONFIG directory.
    When I have copied the file from x86 (WINDIR\Microsoft.Net\Framework\...) framework folder, application works.

    I have also manually added site to trusted node in registry in 64bit part, but this was not enough, this is, I can say, neutral because when I have deleted trusted site's node in 64bit part of registry application also launches.

    So my question is how to handle problem with lack of security.config file in 64bit framework folder?
    Why there is no that file?

    Wednesday, September 9, 2009 9:17 AM
  • So my question is how to handle problem with lack of security.config file in 64bit framework folder?
    Why there is no that file?

    I have discovered that using 64bit CasPol.exe I can create security.config. So I understand that if my setup would be 64bit it could add FullTrust using 64bit interface. Because setup is 32bit it invokes in CustomAction 32bit version of framework and entry to security.config is done only in 32bit version of framework directory.

    But here I have problem, may be it will be simple. I need to get programmatically .Net framework v2 exact build version to find directory (how can I get v.2 framework location, is there any system environment?)

    Second problem when invoking CasPol.exe is that it asks question where I have to answer "Yes" in framework language version (for example in German: Ja in French: Oui ...) using: CasPol.exe -some_arguments<Yes

    How can I get framework language version?

    And
    , may be the most important, I have to run CasPol.exe programmatically as Administrator.
    How can I do that?

    Thursday, September 10, 2009 7:10 AM
  • So I have solved it myself:

    CustomAction has been extended so that 64bit framework settings are handled:
    1) I am looking for: %WINDIR% + "Microsoft.Net\\Framework64\\" + <Name of directory that contains: "v2.*">
    2) then I'm looking for security.config in CONFIG dir. In file I am checking if my FullTrust informations are present.
    3) If not I am executing CasPol.exe (from 64bit framework directory) with attribute "-pp off" this makes that CasPol.exe works in silent mode, so that I do not need to detect framework language version to emulate any response from user.
    4) Because it is still launched by CustomAction it is run as setup so in Administrative mode. :-)

    • Marked as answer by _Peter_IESites Thursday, September 10, 2009 12:56 PM
    • Edited by _Peter_IESites Friday, September 11, 2009 12:46 PM clarify about what CasPol.exe is invoked
    Thursday, September 10, 2009 12:56 PM
  • Hi _Peter_IESites,

    Sorry for delay since I got sick. I'm so glad to hear that your problem is solved. Cheer! :)

    Thank you for your kindly sharing. This will be beneficial to other community members as well.

    Have a good day!

    Best regards,
    Yichun Chen

    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    Welcome to the All-In-One Code Framework! If you have any feedback, please tell us.
    Friday, September 11, 2009 2:05 AM