You may download the latest Active Sync Developer Preview here.
FINALLY Microsoft went away from that silly silent.ini and create an MSI for delivery.
You can run "setup.exe /a" to install to an Admin Share. Once installed, I have ran it through InstallShield Tuner to customize the package.
Read the README.DOC in the admin shares root. There are still a host of issues. But this is a step in the right direction. I have not yet tested it on our Lockdown XP SP2 Config. I will post findings once completed.
Create a Snap-Shot of the installation. Then use "SETUP.EXE /V /a" to create an administrative installation to a network location. Search for the file "Rndis_Update.exe" in "\\\Windows\INF" if you are planning to create a MSI-Package for WinXP (use "Rndis_Update_2k3.exe" for Win2k3 Server and "Rndis_Update_64.exe" on 64Bit platforms. These files are included in the same directory) and add this file to your Snap-Shot in the folder "Program Files\Microsoft ActiveSync\Drivers" (This folder should already exist containing the files "WceRndis.cat", "wceRndis.inf", "Wceusbsh.cat", "wceusbsh.inf" and "wceusbsh.sys"). Add the file "Dpinst.exe" to this folder (http://www.microsoft.com/whdc/driver/install/DIFxtlsdwn.mspx?). Add the files "wceRndis.inf" and "wceusbsh.inf" to the folder "Windows\INF" in your package. Add Custom Actions to your package which run in the following order during installation with elevated rights: 1) Execute program from installed files "Rndis_Update.exe /quiet /norestart"; 2) Execute program from installed files "Dpinst.exe /S /LM /SA". When the package was distibuted to a user, the user can now simply connect the mobile device to the computer whitout being asked for an Administrative account to add the hardware.
[Note: AppDeploy Does Not Recommend The Repackaging of MSI Setups]
*** Create a MST for Microsoft ActiveSync 4.x.
1) Make a backup copy of the original '*ActiveSync*.msi' file as example I use: 'ActiveSync_ORCA.msi'.
2) Open ActiveSync_ORCA.msi in Orca.
Note: This file comes with the Microsoft Platform SDK.
You can change the following propertys (you can use 1/0 instead of YES/NO):
* In the Table row (left screen) click on the 'InstallExecuteSequence' table.
CA_Nt5_PrimeInf = Add 'AND (NOT REINSTALL)' for poweruser issue (See 'MICROSOFT ACTIVESYNC 4.1 HELL' on http://www.appdeploy.com/) (Default='(VersionNT >= 500) AND (NOT REMOVE)').
CA_InstallInkNotes = Add 'AND (NOT RunAs_INSTALL)' Specially added to avoid a Microsoft Outlook error: "Either there is no default mail client or the current mail client cannot fulfill the messaging request. Please run Microsoft Outlook and set it as the default mail client." when installing this from a RunAs command (Default='$InkProps.dll.5F492FF1_28AE_4C56_A4D6_B40F4E565FD2=3').
* In the Table row (left screen) click on the 'Property' table.
RunAs_INSTALL = (YES/NO) This property I specially added to avoid a Microsoft Outlook error when installing from a RunAs command See the cal to 'InstallExecuteSequence' above, you have to create both propertys!
* NOTE *
You can add the 'RunAs_INSTALL' Property in the ActiveSync_ORCA.msi and eventually the MST, or you can give it directly in the commandline, for example:
'MsiExec.exe /i "*ActiveSync*.msi" TRANSFORMS="ActiveSync.mst" RunAs_INSTALL=1'
You still need the 'CA_InstallInkNotes' part in the 'InstallExecuteSequence' as described in the MST thoug for it to function!
3) Create the FINAL Transforms file (MST): "*ActiveSync*.mst"
MsiTran.exe -g "[PathTo]/*ActiveSync*.msi" "[PathTo]/ActiveSync_ORCA.msi" "[PathTo]/ActiveSync.mst"
4) Now you can apply the transform on the command line as follows:
MsiExec.exe /i "*ActiveSync*.msi" TRANSFORMS="ActiveSync.mst" /qb!
Or it can be applied through the modification tab in the Group Policy using Active Directory.
*** Notes ***
Most propertys discussed can be given in the commandline, like:
MsiExec.exe /i ....msi OPTION=...
Orca.exe is a FREE database table editor for creating and editing Windows Installer packages and merge modules.
See: http://msdn.microsoft.com/library/en-us/msi/setup/orca_exe.asp
MsiTran.exe is a FREE tool to generate or apply a transform file.
See: http://msdn.microsoft.com/library/en-us/msi/setup/msitran_exe.asp
MsiTran.exe will be installed in: "C:\Program Files\Microsoft Platform SDK\Bin".
ORCA and MsiTran Notes:
- ORCA and MsiTran come with the Microsoft Platform SDK.
See: http://www.microsoft.com/msdownload/platformsdk/sdkupdate / http://msdn.microsoft.com/library/en-us/msi/setup/platform_sdk_components_for_windows_installer_developers.asp
- Orca.msi, MsiTran.exe and others will be installed in: "C:\Program Files\Microsoft Platform SDK\Bin".
- Instead of the the executable MsiTran.exe you could use the new 'Gen.vbs' ~ Create this vbs as described in the Platform SDK help file ~. But, as far as I tried it, it didn't work!
Deploying ActiveSync 4.1 in USER (restricted, locked down) context from the GPO for WindowsXP pro based client.
I used Wise for Windows installer (3.5) and made a full capture of C:\.
I assume you are familiar with the capture process and do not need explanations about registry and files entries capture. At the end of this documents there are background notes and comments.
Installing the drivers:
I use the SetupCopyOEMInf API trough a visual basic 6.0 program. You can call that API directly from the wise project, but that is the way I have always been doing and I have my little habits.
----VB6 Code----
Private Declare Function SetupCopyOEMInf Lib "setupapi.dll" Alias "SetupCopyOEMInfA" _
(ByVal SourceInfFileName As String, ByVal OEMSourceMediaLocation As String, _
ByVal OEMSourceMediaType As Long, ByVal CopyStyle As Long, ByVal DestinationInfFileName As String, _
ByVal DestinationInfFileNameSize As Long, ByRef RequiredSize As Long, _
ByVal DestinationInfFileNameComponent As String) _
As Long
Private Sub Form_Load()
On Error Resume Next
Dim param() As String
Dim ret2 As String * 255
Dim ret3 As String * 255
Dim ret As Long
If Command = "" Then End
param = Split(Command, "@@")
ret = SetupCopyOEMInf(param(0), param(1), 1, &H4, ret2, 255, 255, ret3)
If ret = 0 And UBound(param) = 2 Then
MsgBox "retour:" & ret & vbCrLf & _
"erreur:" & Err.LastDllError & vbCrLf & _
"nom fichier:" & Trim(ret2), vbCritical, "error"
End If
End
End Sub
----end of Code----
Param 0 to 2 are the following: (command line of the custom action)
Param(0) = C:\Program Files\Microsoft ActiveSync\Drivers\wceusbsh.inf
Param(1) = C:\Program Files\Microsoft ActiveSync\Drivers
Param(2) is for debug, if you wish.
Separator is "@@" - Environment variable are preferable to "C:\"
This piece of code sets the inf file in the C:\winnt\inf\oemX.inf and registers the security catalogue in the catroot directory. Please keep in mind that with the (windowsXP) windows file protection you cannot change directly a registered inf in the inf directory without using the API.
So create two custom action "Exe from binary table", Deffered system context - synchronous ignore exit code - after file and registry installation in the (install) sequence.
Launch conditions are "NOT Installed" (but feel free to improve)
Use those two command line:
C:\Program Files\Microsoft ActiveSync\Drivers\WceRndis.inf@@C:\Program Files\Microsoft ActiveSync\Drivers
C:\Program Files\Microsoft ActiveSync\Drivers\wceusbsh.inf@@C:\Program Files\Microsoft ActiveSync\Drivers
HotFix:
The original 4.1 MSI comes with two partially documented (at that time) hotfixs.
First of all scan the registry for the following values:
System search:
Hklm\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB894476 returns in the "HFOK1" variable
Hklm\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB909394 returns in the "HFOK2" variable
Create both variables (HFOK1 and HFOK2) and initialize to "NO"
Create one custom action, "exe in binary table", use WMP10_Update.exe that you can extract from the original MSI. System context, Synchronous ignore exit code, after file and registry installation in the sequence.
Condition (NOT Installed) AND ( HFOK1 = "NO")
Command line: /quiet /norestart
Create one custom action, exe in binary table, Rndis_Update.exe that you can extract from the original MSI. System context, Synchronous, ignore exit code, after file and registry installation in the sequence.
Condition (NOT Installed) AND ( HFOK2 = "NO")
Command line: /quiet /norestart
DLL based custom action:
Create one custom action based on newbinary19 from the original MSI.
Once you have exported newbinary19, create a "custom action dll (windows installer method)" stored in the binary table, the calling function is FReserveAirSyncURLNamespace. System context, Synchronous, ignore exit code, after file and registry installation in the sequence.
This function writes the registry here:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HTTP\Parameters\UrlAclInfo]
"http://*:2869" etc¡K
"http://*:26675/Microsoft-Server-ActiveSync" etc¡K
It does something (I still do not know what, I am searching, I will keep you informed) with the HTTP service. The result is that, if you don¡¦t launch that function the new Pocket PC do not seem to work (I Used a Dell AXIM x51 for those test). I think this is the new way pocket PC with OS version 2005 sync, but I have to test more devices to certify it. The Axim registers itself as a network interface (yes) and not as "a windows mobile device". Once connected it gets an IP from the TCP:169.254.2.0/255.255.255.0 range.
You can use dependencies walker from Visual studio to browse the integrated functions in the dll.
Firewall :
Yep, That¡¦s something I particularly disliked from the original MSI. It just opens your local firewall. On the internal network, OK why not- On the external network, are you kidding, do not touch my corporate settings if I do not tell you so.
It changes:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
For the Axim to work, you have got to open up those ports (take a look at your initial scan for more precisions). It is all about the TCP:169.254.2.0/255.255.255.0 range and wcescomm.exe.
If you do not open the ports, the Pocket PC does not get an IP and etc.
We made that our way, directly from the GPO firewall settings, so we keep a global control on those settings and if there a security issue, we can close access to the network to those device.
Uninstall:
For the uninstall, I¡¦ve implemented a kill program, to stop the different background programs.
In admin deferred - synchronous ignore exit code - before file uninstall in the sequence.
Condition: REMOVE~="ALL"
You can use kill.exe from the resource kit, or compile your own based on the api (example available at http://vbnet.mvps.org/)
Tasks to kill:
wcesmgr.exe
wcescomm.exe
rapimgr.exe
There is also the FUnreserveAirSyncURLNamespace in the newbinary19.dll that you can launch to undo the FReserveAirSyncURLNamespace function. Both custom action are the same, except the function name. I launch that one before uninstalling the files too.
Background:
I couldn't manage to deploy this program in the user context using the standard "setup.exe /a" and integrate the MSI in the GPO. If I do so, the client computer ask for admin rights. So I resigned to repackage this piece of MSI provided by Microsoft. Provided the huge number of custom action set in user context, I doubt the original MSI could be used as it is.
Other stuff:
I suppressed all selfreg, it avoids the missing mail client message, and doesn't seem to affect the package.
In older version (3.7) that registry key was omitted from capture. It's the key to the browse device feature in User context:
I also launch the WCESMgr.exe if an outlook profile is found, but that's home cooking, do it your way.
It doesn't handle repair (REINSTALL) because I want more user feedback before improving the MSI. It doesn't handle windows 2000. But feel free to improve it and post your comments here.
This package has been tested with a Dell Axim X51 (2005) and a Ipaq 6515 (2003SP2). As soon as my users will increase my database I'll improve the package and my compatibility list.
Installations are possible in assigned and published to the user configuration. I WOULDN'T set it as a system configuration package in the GPO, definitively.
I have found that you get a message (Previous version already installed) when trying to upgrade from 4.1.4841.0. In order to get around this I have created a transform and done the following:
Created a Set Proprty Custom Action
Custom Action Name: Reinstall_Fix
Proptery Name:REINSTALL
Property vale: {}
Install UI Sequence: After setAllUsersProfile2K
Install Exec Sequence: After IsolateComponents
Once saved, run the msi from the comd prompt as follows:
msiexec /i "Microsoft ActiveSync 4.0.msi" TRANSFORMS=activesync.mst REINSTALLMODE=voums REINSTALL=All REBOOT=ReallySupress /qn
I have tested this and it has silently updated MS ActiveSync 4.1 (4.1.4841) & 3.7.1 (3.7.1.3244).
Note: To get the ActiveSync msi, download ActiveSync from Microsoft and run "setup.exe /a" to install to an Admin share
Deploying ActiveSync 4.1 in USER (restricted, locked down) context from the GPO for WindowsXP pro based client.
I used Wise for Windows installer (3.5) and made a full capture of C:\.
I assume you are familiar with the capture process and do not need explanations about registry and files entries capture. At the end of this documents there are background notes and comments.
Installing the drivers:
I use the SetupCopyOEMInf API trough a visual basic 6.0 program. You can call that API directly from the wise project, but that is the way I have always been doing and I have my little habits.
----VB6 Code----
Private Declare Function SetupCopyOEMInf Lib "setupapi.dll" Alias "SetupCopyOEMInfA" _
(ByVal SourceInfFileName As String, ByVal OEMSourceMediaLocation As String, _
ByVal OEMSourceMediaType As Long, ByVal CopyStyle As Long, ByVal DestinationInfFileName As String, _
ByVal DestinationInfFileNameSize As Long, ByRef RequiredSize As Long, _
ByVal DestinationInfFileNameComponent As String) _
As Long
Private Sub Form_Load()
On Error Resume Next
Dim param() As String
Dim ret2 As String * 255
Dim ret3 As String * 255
Dim ret As Long
If Command = "" Then End
param = Split(Command, "@@")
ret = SetupCopyOEMInf(param(0), param(1), 1, &H4, ret2, 255, 255, ret3)
If ret = 0 And UBound(param) = 2 Then
MsgBox "retour:" & ret & vbCrLf & _
"erreur:" & Err.LastDllError & vbCrLf & _
"nom fichier:" & Trim(ret2), vbCritical, "error"
End If
End
End Sub
----end of Code----
Param 0 to 2 are the following: (command line of the custom action)
Param(0) = C:\Program Files\Microsoft ActiveSync\Drivers\wceusbsh.inf
Param(1) = C:\Program Files\Microsoft ActiveSync\Drivers
Param(2) is for debug, if you wish.
Separator is "@@" - Environment variable are preferable to "C:\"
This piece of code sets the inf file in the C:\winnt\inf\oemX.inf and registers the security catalogue in the catroot directory. Please keep in mind that with the (windowsXP) windows file protection you cannot change directly a registered inf in the inf directory without using the API.
So create two custom action "Exe from binary table", Deffered system context - synchronous ignore exit code - after file and registry installation in the (install) sequence.
Launch conditions are "NOT Installed" (but feel free to improve)
Use those two command line:
C:\Program Files\Microsoft ActiveSync\Drivers\WceRndis.inf@@C:\Program Files\Microsoft ActiveSync\Drivers
C:\Program Files\Microsoft ActiveSync\Drivers\wceusbsh.inf@@C:\Program Files\Microsoft ActiveSync\Drivers
HotFix:
The original 4.1 MSI comes with two partially documented (at that time) hotfixs.
First of all scan the registry for the following values:
System search:
Hklm\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB894476 returns in the "HFOK1" variable
Hklm\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB909394 returns in the "HFOK2" variable
Create both variables (HFOK1 and HFOK2) and initialize to "NO"
Create one custom action, "exe in binary table", use WMP10_Update.exe that you can extract from the original MSI. System context, Synchronous ignore exit code, after file and registry installation in the sequence.
Condition (NOT Installed) AND ( HFOK1 = "NO")
Command line: /quiet /norestart
Create one custom action, exe in binary table, Rndis_Update.exe that you can extract from the original MSI. System context, Synchronous, ignore exit code, after file and registry installation in the sequence.
Condition (NOT Installed) AND ( HFOK2 = "NO")
Command line: /quiet /norestart
DLL based custom action:
Create one custom action based on newbinary19 from the original MSI.
Once you have exported newbinary19, create a "custom action dll (windows installer method)" stored in the binary table, the calling function is FReserveAirSyncURLNamespace. System context, Synchronous, ignore exit code, after file and registry installation in the sequence.
This function writes the registry here:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HTTP\Parameters\UrlAclInfo]
"http://*:2869" etc¡K
"http://*:26675/Microsoft-Server-ActiveSync" etc¡K
It does something (I still do not know what, I am searching, I will keep you informed) with the HTTP service. The result is that, if you don¡¦t launch that function the new Pocket PC do not seem to work (I Used a Dell AXIM x51 for those test). I think this is the new way pocket PC with OS version 2005 sync, but I have to test more devices to certify it. The Axim registers itself as a network interface (yes) and not as "a windows mobile device". Once connected it gets an IP from the TCP:169.254.2.0/255.255.255.0 range.
You can use dependencies walker from Visual studio to browse the integrated functions in the dll.
Firewall :
Yep, That¡¦s something I particularly disliked from the original MSI. It just opens your local firewall. On the internal network, OK why not- On the external network, are you kidding, do not touch my corporate settings if I do not tell you so.
It changes:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
For the Axim to work, you have got to open up those ports (take a look at your initial scan for more precisions). It is all about the TCP:169.254.2.0/255.255.255.0 range and wcescomm.exe.
If you do not open the ports, the Pocket PC does not get an IP and etc.
We made that our way, directly from the GPO firewall settings, so we keep a global control on those settings and if there a security issue, we can close access to the network to those device.
Uninstall:
For the uninstall, I¡¦ve implemented a kill program, to stop the different background programs.
In admin deferred - synchronous ignore exit code - before file uninstall in the sequence.
Condition: REMOVE~="ALL"
You can use kill.exe from the resource kit, or compile your own based on the api (example available at http://vbnet.mvps.org/)
Tasks to kill:
wcesmgr.exe
wcescomm.exe
rapimgr.exe
There is also the FUnreserveAirSyncURLNamespace in the newbinary19.dll that you can launch to undo the FReserveAirSyncURLNamespace function. Both custom action are the same, except the function name. I launch that one before uninstalling the files too.
Background:
I couldn't manage to deploy this program in the user context using the standard "setup.exe /a" and integrate the MSI in the GPO. If I do so, the client computer ask for admin rights. So I resigned to repackage this piece of MSI provided by Microsoft. Provided the huge number of custom action set in user context, I doubt the original MSI could be used as it is.
Other stuff:
I suppressed all selfreg, it avoids the missing mail client message, and doesn't seem to affect the package.
In older version (3.7) that registry key was omitted from capture. It's the key to the browse device feature in User context:
I also launch the WCESMgr.exe if an outlook profile is found, but that's home cooking, do it your way.
It doesn't handle repair (REINSTALL) because I want more user feedback before improving the MSI. It doesn't handle windows 2000. But feel free to improve it and post your comments here.
This package has been tested with a Dell Axim X51 (2005) and a Ipaq 6515 (2003SP2). As soon as my users will increase my database I'll improve the package and my compatibility list.
Installations are possible in assigned and published to the user configuration. I WOULDN'T set it as a system configuration package in the GPO, definitively.
This website uses cookies.
By continuing to use this site and/or clicking the "Accept" button you are providing consent
Quest Software and its affiliates do NOT sell the Personal Data you provide to us either when you register on our
websites or when you do business with us. For more information about our
Privacy Policy and our data protection
efforts, please visit
GDPR-HQ