will visual studio automatically download extensions when installed in another machine under the same account - visual-studio-2017

I will be getting a new machine soon but I am curious if my old VS extensions will be automatically installed - I don't want this as I want a fresh system to reconfigure

It is controlled by Roaming Extension Manager. It shows all extensions you have on another machine, but doesn't automatically download them.

If you dont want your extensions to follow you to your new machine. Your best bet is to disable Automatic updates before you log out of your old machine, as desribed on this page.
Once youve signed into your account on your new machine you can check your list of extensions. If it is empty, then install what you need. If it is showing your extensions from your old account then delete at will.

Related

How to configure VS 2017 offline installer/layout so that it doesn't need an internet connection at all?

I was able to create an offline installer with a command line like:
vs_enterprise__873301792.1489161815.exe --layout %CD%\vs2017offline --lang en-US
I got about 20 GB out of this (1901 files).
but, as it is already known, the Visual Studio installer needs an internet connection at least to initialize, even with such an offline layout.
(But it doesn't need to download the packages already existing in the layout/image, so it saves really download volume.)
In the MS web documentation for VS more parameters are mentioned:
https://learn.microsoft.com/en-us/visualstudio/install/use-command-line-parameters-to-install-visual-studio
AFAIK, nobody figured out how to use them to guarantee really an offline install without internet connection (it seems quite likely to me that channel and/or catalog have to be redirected for hindering VS installer to go online).
Has anyone?
Here are the parameters, which I mean:
--channelId Optional: The ID of the channel for the instance that will be installed. This is required for the install command, ignored for other commands if --installPath is specified.
--channelUri Optional: The URI of the channel manifest. This can be used for the install command; it is ignored for other commands.
--installChannelUri Optional: The URI of the channel manifest to use for the installation. The URI specified by --channelUri (which must be specified when --installChannelUri is specified) will be used to detect updates. If updates are not desired, --channelUri must be specified without an argument. This can be used for the install command; it is ignored for other commands.
--installCatalogUri Optional: The URI of the catalog manifest to use for the installation. If specified, the channel manager will attempt to download the catalog manifest from this URI before using the URI in the install channel manifest. This parameter is used to support offline install, where the layout cache will be created with the product catalog already downloaded. This can be used for the install command; it is ignored for other commands.
In the layout directory, there exist files like catalog.json, channelmanifest.json, response.json, vs_installer_version.json among others. Any idea?
You don't need to do anything special for the offline installer to work without any Internet connection. Even though channelURI in <offline folder>\Response.json points online, it will not try to update the component list or something each time, you need to explicitly request an update for that.
The only thing you need to make sure is to select a language that you have downloaded files for on the "Language packs" tab when selecting components -- otherwise, it will try to download the missing bits.
The installer will still try to access the Net
to post telemetry to https://dc.services.visualstudio.com/v2/track and https://vortex.data.microsoft.com/collect/v1 from Microsoft.VisualStudio.Telemetry.Net35.dll that's a part of the installer
to retrieve CRLs for relevant signing certificates from https://crl.microsoft.com
but both are optional, the installer won't fail it it can't do either -- I've just successfully installed stuff with a disabled network connection.
For an offline installer to work you need to 'fake' out the installer to make it think there is an Internet connection, but with bad connectivity.
To do this you need to add various addresses to your local 'hosts' file.
See Visual Studio 2017 Enterprise Offline Installation Fails for a list of names to add to your hosts file.
I tried installing certificates, different layout parameters for cache folder but none of them worked. I solved the issue by running vs_setup.exe in the cache folder, instead of running vs_community.exe with parameters.

How to run my own C++ source files in the installation wizard?

I have created a windows install deployment for my C++ application using VS2010. However my problem is that I don't know how can I squeeze in some of my own code to the installation wizard (and is it possible at all?). The problem is that during installation I want:
ask the user to provide his installation key,
grab the hardware fingerprint (I already have an algorithm for that with WMI),
sent both keys using my own c++ communication libraries (so NOT the browser),
continue the installation after receiving a confirmation from the server.
Moreover, this would require adding custom items to the installation wizard like the input field for installation key, or pop up boxes witch error warring like:
Couldn't connect to the server. Please check your internet connection before continuing with the installation.
So it's in fact a 2 level question:
How to run my C++ source files during the installation wizard?
How to add custom element to the installation wizard GUI?
So far it has been hard to find anything helpful in Google. :/
Check Windows Installer, more specifically Custom Actions:
The developer of an installer package may write code to serve their own purpose, delivered in a DLL. This can be executed during the installation sequences, including when the user clicks a button in the user interface, or during the InstallExecuteSequence. Custom Actions typically validate product license keys, or initialise more complex services. Developers should normally provide inverse custom actions for use during uninstallation.
Msiexec provides a way to break after loading a specified custom action DLL but before invoking the action.

Creating installer for a c++ windows service Dynamically

I have created a windows service which checks for the status of the printer.
The user can download this service from a website. I need to query for the status of printers used by this user. So when the user clicks on the download button I want to store the user information in a file which my service can use. The service will use this information to fetch the printers from the database. I want to include this file in my installer. So I have to create the installer at runtime(i.e. when the user click the download button on my website).
How can I create the installer for the win service dynamically using C#?
NOTE: my win service is written in C++. I know about WIX.
quite a few years ago, when I did some work with InstallShield, it was possible to specify in the installer project which file(s) you don't want to be compressed and packed into the .cab files (or whatever they are called nowadays) when generating the installation package. Such a file would be left as-is and separate in the package, and you could later replace it with another file with the same name (I think I actually did something of the sort). So you can have a dummy file when building the install package, and then replace it on the fly with the right one.
I am not familiar with modern tools, but am quite sure this functionality is preserved as it is quite useful.
In WiX you can create custom actions which are arbitrary code you write (You provide the .dll which can be built using C++). In the custom action you can generate your user/location customization file.

Windows Limited User Installation

I have a Win32 application that includes an EXE, an ActiveX control (DLL) and a COM server (EXE) and I am using Inno Setup 5 to build my installer. Many of our customers use limited user accounts where the user has no admin rights and because the COM components require to be registered (which writes to HKEY_CLASSES_ROOT), my setup file must run with elevated (admin) privileges. I think this in unavoidable (sadly, I can't use registration-free COM because of the EXE COM server I have). However, I would like to create an update installer that can be ran as a limited user and am looking for some advice.
What I am thinking is the following:
The initial setup (first time installation) installs the application into %ALLUSERSPROFILE%\Application Data\CompanyName\AppName instead of %PROGRAMFILES%. The COM components are registered as normal (as they won't already exist).
Subsequent updates (using a different Inno Setup script) will simply copy the new files into %ALLUSERSPROFILE%\Application Data\CompanyName\AppName. Hopefully even a limited user will have write access to this folder and as the COM components have already been registered, admin access won't be required.
This would mean that my customers could upgrade to the latest and greatest version without the hassle of using an Administrator account. Is this acceptable or is this likely to bite me on the backside? I'm pretty sure Google Chrome does something similar but as it has no COM components (as far as I can tell) even the initial setup can be as a limited user.
Any advice from others who have faced this issue would be very welcome indeed.
OK, I found a way to create a limited-user installation script with both my COM server and COM objects being registered per-user.
I am using the latest version of ATL (v9) that ships with MSVC 2008 to create my COM server and COM objects. Turns out that you can register the COM server per-user via the new /RegServerPerUser switch. I tested this with limited user accounts on XP, Vista and Windows 7 and it works perfectly.
Next, the COM controls. Again, ATL9 to the rescue. You can register a control per-user by ensuring that RegSvr32 calls your control's DllInstall function, passing it a command-line parameter of user. So, to register a control in this way you simply do:
regsvr32.exe /i:user /n MyControl.DLL
Again, I tested this on XP, Vista and Windows 7 and it works fine.
I then made the following changes to my Inno Setup script:
The default installation folder will be {pf} (i.e. C:\Program Files) if the user has Admin rights. If not, then it defaults to {commonappdata} (i.e. C:\Documents and Settings\All Users).
Register my COM server using the new /RegServerPerUser switch.
I removed the regserver flags from my COM objects and instead added support to call regsvr32 using the new 'user' switch.
All of these changes are easy to do using the Inno Setup {code} feature.
Thanks to Kim for setting me down the per-user COM install path.
I don't know for sure, but I seem to recall COM servers support per-user installation, and maybe that goes for EXE servers as well.
If so, change your registration code to write information to HKEY_CURRENT_USER\Software\Classes instead of HKEY_CLASSES_ROOT.
The COM infrastructure should do the lookup first per-user and then per-machine.
It's worth an experiment anyway.
If you dumped inno-setup and used MSIs - MSI files support the idea of limited user installation of patches. An administrator must authorize the initial install, thereafter, digital signatures in patch msi files are processed by the elevated msi service without requiring user elevation.
You can duplicate this basic idea yourself - during an initial administrative install, install a service component that has the necessary access. When processing patches, ask the service process to process the EXE COM server registrations.
You need to rethink your approache ... write access to a folder than can also allow for program execution by the same user is the cause for 99% of all virus/malware functionality. Please learn a little about Software Restriction Policy and the new App Locker behavior built into Windows 7 so that the computing infrastructure can move forward not backward.

Installing Root CA Cert via code on Win32

We've just set up a new remote access solution using Microsoft's TS Gateway, which requires a couple of somewhat fiddly steps on the end users behalf in order to get it working (installing our root ca cert, requirement of RDP 6.1 client etc).
In order to make this setup process as easy as possible (a lot of these users aren't technically minded), I'm looking to create a program to perform all these tasks automatically. I have most of it working, however I'm not entirely sure how to go about importing the Root CA cert into the Windows certificate store.
Because this can potentially be run on a wide range of computers with varying levels of patches and updates, I'm steering well clear of .NET and anything that isn't native - the tool should 'just run' without the user having to install anything extra (well, I will say windows XP, no service packs, is the bare minimum required version of windows). In saying that, I don't mind using something third party if it can be bundled in with the tool, as long as it's not huge, and doesn't introduce any interactive steps. Ideally something in the windows API would be best, however I can't seem to track down anything relevant.
Currently the tool is a C++ application, so I don't mind if it's quite low level stuff.
First you need to open the root certificate store...
HCERTSTORE hRootCertStore = CertOpenSystemStore(NULL,"ROOT");
Then add the certificate using one of the CertAdd functions, such as CertAddEncodedCertificateToStore.
CertAddEncodedCertificateToStore(hRootCertStore,X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,pCertData,cbCertData,CERT_STORE_ADD_USE_EXISTING,NULL);
pCertData and cbCertData would likely point to the certificate data that you read from a file (not sure if the certificate will be in a file, or how you will include it in your application).
Then close the store with...
CertCloseStore(hRootCertStore,0);
NOTE: This code if run as the user, installs the certificate to the user's root store, not the computer's. It also results in a warning dialog that the user must understand and select "Yes" to authorize the import. If your setup program can run this code in a system account, the import will affect the computer's root store and not warning dialog will be shown.
Have you looked at CertAddEncodedCertificateToStore ?
you could also check out CertAddEncodedCertificateToSystemStore