If you follow the 5 Bytes Podcast you’ll have noticed I have covered MSIX in multiple episodes. Having spent so much time working with MSI, App-V and other application packaging and deployment tools this is something I have a great interest in. If you’d like to read my thoughts on the potential of MSIX and my conclusions from testing, check out this article.
In this article, I’ll take you through taking an existing Win32 application and repackaging it into the new MSI format.
This article will focus on the MSIX Packaging Tool which is currently in Preview right now. In order to try it for yourself, you must be signed up to Windows Insider. You must have an MSA account and you’ll need at least Windows 10 version 17701.
Install the MSIX Packaging Tool Preview from the Windows 10 Store on a VM. Just like with App-V and other install capture tools, you’ll want to disable any chatty services like Windows Update and Windows Search. If you don’t disable in your snapshot, you will get prompted by the tool to allow it to disable the services for you. I’ll show this behavior in this article.
You’ll need a certificate. This is something you may not be use to as an Application Packager but if you’ve worked with a lot of enterprise systems you may be familiar with certs and signing. You can use OpenSSL to create a self signed cert (You can find an example HERE but one difference than this example is that you’ll have to export as pfx).
You could also create a Self-Signed Certificate from a Windows Server with Internet Information Services (IIS).
You can also use the New-SelfSignedCertificate PowerShell cmdlet. In the above, I put this cert in my Personal cert set as a Code Signing Cert and used Microsoft Enhanced RSA and AES Cryptographic Provider as provider but when using the cmdlet, you can auto-populate to find other providers.
When you’ve got your cert created with whatever means you choose, you can export the private key through CertMgr (MMC snap-in, if you’re not familiar with this check out the video at the end of this article) in Windows.
Or you could use one of my favorite cert provider’s free tool. The DigiCert Certificate Utility.
You may want to setup a test machine too. You’ll want it to be Windows 10 17701 or later in the Windows Insider program.
For your test client machine, you may want to set Developer mode. For my testing I am not deploying via the store or Intune. I set Developer mode to allow install of any trusted apps. This is also my development testing machine.
Also on your test machine, ensure to import your cert into the Computer’s Trusted Root Certification Authorities.
Repackage MSI into MSIX
On your clean VM snapshot. Launch MSIX Packaging Tool.
Choose whether or not to send diagnostic data to Microsoft. Since it’s a preview, be a good egg and select Yes then click OK.
Click Application Package
Browse to your installer OR you could just click Next, if you’d like to just manually install your application yourself. When ready click Next.
If you browsed to an installer, which was an MSI. Many of the fields in the above dialog will get auto populated BUT that doesn’t mean it will populate with acceptable values. First off, Package name cannot contain spaces or underscores. For this I use no spaces with CamelCase. Publisher name must match the subject used when creating your cert. Publisher name will appear in the installation dialog so, I suggest keeping it as the source which in this case is me. Versioning must follow the industry accepted 22.214.171.124 format.
When complete, click Next.
If you did not disable the services as recommended in the prerequisites section, check the names of the services above which are active and click Disable selected and then when ready. Click Next.
If you browsed to the installer, it will automatically launch. Go through the install.
When everything is installed and configured as you wish, click Next.
Much like App-V, you can launch the app during the capture process or at this point of the flow. I do this selectively. In most cases, it’s a good idea to do this. This is such a small standalone app that I’m familiar with, that I don’t bother launching.
Click Yes, move on.
In this dialog there isn’t much to see here. A quick sanity to check to say the package is ready and a coming soon feature. The improvements will likely be app\feature based fixes provided by Microsoft or others using the Package Support Framework.
Choose a path to save the MSIX file to. Browse to the .pfx you exported during the pre-requisites section. Enter the password you set when exporting the private key. When entered, click Create.
That’s it! You’re all set. Click Close.
You can set application capabilities to let your user’s know what the application will access. Similar to mobile apps today which flag access to your contacts, pictures, location etc.
In the package editor, you’ll notice the registry is very similar to that in your App-V packages, in fact you can even see an AppV prefix.
You’ll notice similarities with the files and App-V too. There’s a VFS and directories prefixed with AppV.
You’ll now have your .msix file. Much like with App-V, you can rename the .msix to .zip, extract the app and look at it’s contents. You’ll see a registry.dat, VFS and a manifest. Clearly MSIX follows the AppV and AppX Universal package standard.
When you launch your MSIX on your test machine, you’ll see you install dialog. It’s not really a wizard since it’s much more simplified than a traditional Windows install wizard. You just install. Since MSIX adheres to a container model. Installs should be streamlined and predictable, as should uninstalls. Uninstall should also always be clean! Hooray.
To see a Demo of an install and use of my Win32 apps as MSIX, check out the above video demo.
Please try this out for yourself and provide any and all feedback. As stated this is in a preview state right now. With good feedback, Microsoft can make this tool great. You can provide Feedback by going to the cog icon in the top right corner of the tool and then clicking Feedback. Login with your account and post away. Check out my opinion piece and I may post another complimentary article showing deployment through the Windows Store and Intune (MAYBE 🙂 )