cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
John-H
Level 3

Setup /a does not digitally sign msi file

I am creating a CD-ROM compressed installation with InstallShield 2009 Express. I have digitally signed the exe, dll, setup.exe & msi files. On the cd image these (and the cab file) are all signed correctly.

However if I subequently use "setup.exe /a" for an administrator install to a server folder the setup installs correctly but the msi file on the server is NOT digitally signed (all the exe and dll files are)

Anyone have an idea how I can get the msi on the server to be signed as this is the msi that will be used for all network client installations, many of which are Vista?

John
Labels (1)
0 Kudos
6 Replies
thepeter
Level 7

When you perform an administrative install, the .msi file changes size, therefore, loses digital watermark. I would recommend building an uncompressed release and sign the .msi file.
0 Kudos
John-H
Level 3

Thanks for the suggestion. I have tried building the release uncompressed this but unfortunately it results in the same problem.

The msi is signed in the CD image but not when installed with setup /a. The file sizes of these two msi files are the same to the nearest KB but the timestamps are different.
0 Kudos
John-H
Level 3

I suppose I could just manually copy the uncompressed CD image to the server folder but wouldn't that defeat the idea of an administrative install? I thought the advantage of an administrative install was that it ran with the privileges of the user that ran the setup /a rather than the client user.
0 Kudos
MichaelU
Level 12 Flexeran
Level 12 Flexeran

The latter sounds more like an advertised install which, outside of group policy or other deployment, must be run on each machine. An administrative install is run once and just creates an uncompressed copy of the files that can be more easily accessed e.g. for a network share from which each machine can launch the install (or advertise it).

Going from compressed to uncompressed, the administrative install has to modify the Media table of the MSI; I'm not sure what exactly changes it for the uncompressed to uncompressed case, but it's all behavior of Windows Installer itself.
0 Kudos
John-H
Level 3

Thanks for everyone's help.

Yes Michael, my aim is to be able to install to network client pcs from the server folder, either through group policy or direct client action but when that client is running Vista I don't want it to receive a message that it is running software from an unknown publisher.

This is not actually a problem within our own organization but we are a software development company and I am currently writing a customer installation guide for our customers and need to detail for them how to achieve a trouble-free installation, or at least flag up any potential problems and document a work around.

I think I understand the setup process better now.

John
0 Kudos
John-H
Level 3

I just found this Microsoft article that confirms Michael's comment that this is a Windows Installer "feature".

http://msdn.microsoft.com/en-us/library/aa368289(VS.85).aspx
0 Kudos