Windows Installer Packages

Windows 2000 includes a new service called the Windows Installer Service that is responsible for managing the installation and removal of applications. The Windows Installer service works in conjunction with a new application package format, the .msi file. An msi file is a package that contains all the necessary instructions to install an application on a computer. This includes which registry entries should be added or changed, which files should be copied to which locations, which shortcuts should be created, and so forth. This technology can allow an application to be deployed without any user intervention whatsoever. Note that the msi file doesn’t actually contain all of the files to be deployed. Instead, it contains the instructions for how the application is to be deployed. Benefits of the msi and Windows Installer method of installing software include self-healing and resilience of applications. That is, if a user were to accidentally delete or remove files associated with a deployed application, the application will go back to it’s installation source (assuming it is available), and will automatically fix itself.

Many applications are now distributed with setup.msi files. However, you can also create your own msi packages using a variety of software packages. The Windows 2000 CD provides a Veritas repackaging application, WinInstall LE, which can be used to create msi-based application packages.

If you have Windows 2000 Active Directory installed, packages can be distributed via group policy to either users or computers. Although I’ll reserve going into all the details until the Server portion of the series, here are the basic details for now:

  • Packages distributed via group policy (using Active Directory) do not need elevated privileged to be installed. As such, a regular user can invoke the installation of a package without needing to be an administrator, for example.
  • Packages can be assigned or published to users or computers via group policy. If assigned to a computer, the package is installed when the computer reboots. If assigned to a user, the package is not installed, but appears to be (as a shortcut on the start menu). When the user clicks the shortcut, the package is installed. If published to a user, the software is available to be installed via Add/Remove programs (or automatically when the user clicks on a file extension associated with that program). Packages cannot be published to a computer.
  • If a program cannot be repackaged, it can still be deployed via group policy with a .zap file. A zap file is a text file that contains instructions on how to install an application. A user needs elevated privileges to install an application deployed with a zap file. A zap file can only be used to publish an application to a user.

Author: Dan DiNicolo

Dan DiNicolo is a freelance author, consultant, trainer, and the managing editor of He is the author of the CCNA Study Guide found on this site, as well as many books including the PC Magazine titles Windows XP Security Solutions and Windows Vista Security Solutions. Click here to contact Dan.