How to deliver ClickOnce applications silently, with or without AppV

Recently I did a big detective job in the organization I work for. I We wanted to find all the applications used today that utilize the old .NET Clickonce  deployment technology from Microsoft.

For those who don’t know, Clickonce is a Windows-based appinstaller format that can be installed and run with minimal user interaction. See more information about them here.

Locating all the ClickOnce applications is a pain since they are installed into a user profile when the app is started. So first I had to search through all our computers looking for content under the following folder structure:

%localappdata%\Apps\2.0\<random folder>\<random app id>.

 <random folder> is constructed from the first 11 characters from the following user registry key:

HKCU\Software\Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\ComponentStore_RandomString

 

More details about ClickOnce:

ClickOnce can be delivered using the following methods:

·         From a webpage

·         A network share,

·         Legacy medium like a CD-ROM/USB.

 The developer can specify the update behaviour to self-update by checking for new versions when the app is started or closed, and automatically replace any updated files.. A network administrator can also control update strategies, for example, marking an update as mandatory. Updates can also be rolled back to an earlier version by the end user or by an administrator. They can be locally installed so they work even if the computers are offline, or they can be in an online-only mode without permanent installing anything on the end user’s computer.

Pros:

·         Makes it easy to update applications for the developers. And best of all, only those parts of the application that have changed are downloaded, and the full, updated application is reinstalled from the new side-by-side folder.

·         Low impact to the user’s computer. Each app is self-contained and cannot interfere with other applications.

·         Security permissions: ClickOnce enables non-admin users to install and then grants only those Code Access Security permissions necessary for the application

Cons:

·         Per-User installs must be installed for every user that need that program. Not very well suited for VDI/Terminal servers since it will have to be downloaded and installed every time a new user logs into that machine. You can then think of all the wasted CPU cycles, bandwidth, disk usage and time waiting for them to be installed…

·         Can potentially create uninstall problems since they can only be removed correctly if the user who installed it is logged on to the computer, have also seen scenarios where they break and can’t be uninstalled correctly

·         No native silent install and uninstall commands

·         Not a very god candidate to virtualize with AppV for the following reason:

o   AppV won’t let you write new executable files like .EXE, .DLL or scripts into the package after sequencing is finished, so we are not in charge of the update process if the developer release a new version of the application and it tries to auto update.

o   The random number registry string can change, so it can’t be static.

 

 

How to make a silent installer and uninstaller for automating ClickOnce applications:

As mentions above, I wanted to fully automate ClickOnce installations by making them completely silent, but out of the box there is no method to deliver and uninstall them without a logged-on user clicking the Install button in the install box.

 

After some googling I found a small program on github called “SilentClickOnce” claiming to do so.

This program was derived from some old Microsoft Code. The program is even compiled as an .EXE file if you don’t know how to compile with Visual Studio.

Silent Install:

I use the Microsoft ClickOnce application Sara as an example, before you can automate ClickOnce applications you need to open the .application file in notepad.

This will reveal the following:

“https://outlookdiagnostics.azureedge.net/sarafiles/Microsoft.Sara.Prod.application?usergroup=Prod&Ring=Prod&symptomid=7DEB9E4F-B4CA-48C4-AA75-F21B4B25B888#Microsoft.Sara.application, Culture=neutral, PublicKeyToken=deffc2c208a0af39, processorArchitecture=msil

There you can see the url and the application name “Microsoft.Sara.Prod.application we will need for automating this install.

 

Install example:

SilentClickOnce.exe -i "\\192.168.1.2\apps\MyApp\MyApp.application" > MyApp.log 

A working example I made, including username in the logfile:

SilentClickOnce.exe -i "https://app/app.application" >"c:\temp\Install.appname.%username%.log"

Silent Uninstall:

I could not get the uninstall parameter -u to work as expected with silentclickonce, so again I searched the internet for a working Uninstaller, and I got lucky here:

This code was unfortunately not compiled as an .EXE file. So, you must search for someone who have compiled it or try to figure it out with Visual Studio.

Uninstall example:

ClickOnceUninstaller.exe "appname" (You must search for DisplayName in the user registry after you install your application for your "appname" parameter)

 

Working example:

 ClickOnceUninstaller.exe "appname Office" > "c:\temp\uninstall.appname Office.%username%.log"

 

Yet another Silent uninstall method:

Unfortunately, developers can choose to configure applications for “Online Only” mode, it will not create the uninstall registry key then. One way to check if the application is in online mode is by downloading Microsoft Mage.exe tool from here and open the .application url, or the .xbap file from the tool, if you look at the picture, Application Type will then say “Online Only” in the manifest file:

 

The only way I have found to remove applications from the cache when in onlinemode is to run the following command: "rundll32 %windir%\system32\dfshim.dll CleanOnlineAppCache" (same as Mage.exe -cc)

Beware that this command will remove all “Online Only” mode applications from that user’s cache, and they must be reinstalled again.

VSTO ClickOnce silent install for Office plugins:

ClickOnce can also be used to install Microsoft VSTO Office Add-ins for certain users. If we want to automate this, we can then follow the short tutorial I made.

If you want to test it yourself, there Is a plugin called spotlight hosted on amazon you can download for free and test.

How to silently install an unsigned VSTO file:

1.       On your reference computer, install the VSTO file manually.

2.       Export the following information from registry:

[HKEY_CURRENT_USER\Software\Microsoft\VSTO\Security]

Look for a GUID\NUMBER, everything like URL and Public Key must also be exported.

3.       Create a script that that applies the registry file, exported in step 2. 

REGEDIT /S REGFILE.REG

4.      Install the VSTO file with the following syntax:

"C:\Program Files (x86)\Common Files\Microsoft Shared\VSTO\10.0\VSTOInstaller.exe" /i http://PathToVSTO/Vstofile.vsto /s 

5.       Uninstall the VSTO file with the following syntax:

"C:\Program Files (x86)\Common Files\Microsoft Shared\VSTO\10.0\VSTOInstaller.exe" /uninstall http://PathToVSTO/Vstofile.vsto /s 

6.       Then you must delete the program registry key from the following registry location:

 [HKEY_CURRENT_USER\Software\Microsoft\VSTO\Security] if it exists.

 

Using AppV to deliver ClickOnce applications:

Creating pure virtual packages:

As mentioned before ClickOnce is not the best technology for pure AppV packages, mostly because of the way it can auto update, and the way install folders can randomly change. If the application tries to update executable files inside the virtual package it will fail bigtime.

And that’s because AppV packages is fully write-protected after the Sequenced virtual package is saved, even if enable VFS mode is on.

If you are lucky and have an open dialog with the vendor, they can configure the app to locally install so it works even if the computers are offline. If it’s in pure online mode, you can get a notice before they update to a new version. This way you can automate the installation of a pure virtual package with the silent install methods I wrote about before in this blogpost.

The best way doing this is to Sequence new versions using the Microsoft Autosequencer, and deploy it as fast as possible.

How to create a user publishing script to deploy the application:

If you only want to automate the silent install/uninstall part, but don’t care about files in the native OS you can just script the installation using AppV.

Upload the “SilentClickOnce.exe” into the script directory of your AppV package and created a folder in the VFS with a dummy file so the package can be saved.

I made a batch file called “Install.cmd” and pasted the silent install parameter into that file.

 SilentClickOnce.exe -i "https://url.appname.application" >"c:\temp\Install.programname.%username%.log"

All the package settings are displayed in the picture bellow. You can also make the script with PowerShell, VBS or compile it into an .EXE file if you need it completely silent.

 

How to create a user unpublishing script to remove the application:

Upload the “ClickOnceUninstaller.exe” into the script directory of your AppV package and created a folder in the VFS with a dummy file so the package can be saved.

I made a batch file called “uninstall.cmd” and pasted the silent remove parameter into that file.

 ClickOnceUninstaller.exe "Programname" > "c:\temp\uninstall.programname.%username%.log"

All the package settings are displayed in the picture bellow. You can also make the script with PowerShell, VBS or compile it into an .EXE file if you need it completely silent.

 

And when the AppV package is published to users a shortcut will magically appear on the desktop afterwards. And an unpublish would remove it just like that.

And as always, hope this will be of help to someone 😊

 

 

No comments:

Post a Comment