VISTA/UAC Patch Preparation...

We just received our digital certificate and it appears that it has
been added or applied to our all inclusive .msi installation package
file accordingly. We now get the friendlier UAC prompt listing the
app, company, etc.

Now, what I would like to do is populate the msiPatchCertificate table
as a precursor requirement for credential free patching. However,
this seems to be dependent upon an entry in the msiDigitalCertificate
table. Even though my base install seems to be functioning properly
after application of the signature, there is nothing in my test
package's msiDigitalCertificate table.

I thought I read somewhere that this table is only populated if
external .cab files are signed. If this is correct, we have no
external .cab's as its only the all inclusive .msi.

How can I populate the msiPatchCertificate table if the above is
correct? Would somthing have to be added to the msiDigitalCertificate
table as well. I wouldn't mind populating the information manually.
I would just hope it would be held with subsequent compiles of our
installation via Wise for Windows Installer.

Any help greatly appreciated!

Superfreak3;646974 Wrote:
> We just received our digital certificate and it appears that it ha
> been added or applied to our all inclusive .msi installation packag
> file accordingly. We now get the friendlier UAC prompt listing th
> app, company, etc
>
> Now, what I would like to do is populate the msiPatchCertificate tabl
> as a precursor requirement for credential free patching. However
> this seems to be dependent upon an entry in the msiDigitalCertificat
> table. Even though my base install seems to be functioning properl
> after application of the signature, there is nothing in my tes
> package's msiDigitalCertificate table
>
> I thought I read somewhere that this table is only populated i
> external .cab files are signed. If this is correct, we have n
> external .cab's as its only the all inclusive .msi
>
> How can I populate the msiPatchCertificate table if the above i
> correct? Would somthing have to be added to the msiDigitalCertificat
> table as well. I wouldn't mind populating the information manually
> I would just hope it would be held with subsequent compiles of ou
> installation via Wise for Windows Installer
>
> Any help greatly appreciated

How did you go about getting the certificate? How will it be applied t
your subsequent msi builds

I feel your pain. I am trying to do exactly the same thing and have hi
the same roadblock. There just isn't proper documentation on this issue
'This' (http://msdn2.microsoft.com/EN-US/library/aa367762.aspx) msd
article mentions "use internal cabinet files" but never gives an
example on how to make it happen

--
aganiji

Have you tried the MSDN Vista Developer Forums?

MSDN Software Development for Windows Vista:
http://forums.microsoft.com/MSDN/def...ID=24&SiteID=1

--

Ronnie Vernon
Microsoft MVP
Windows Shell/User


"aganiji" <> wrote in message
news:...
>
> Superfreak3;646974 Wrote:
>> We just received our digital certificate and it appears that it has
>> been added or applied to our all inclusive .msi installation package
>> file accordingly. We now get the friendlier UAC prompt listing the
>> app, company, etc.
>>
>> Now, what I would like to do is populate the msiPatchCertificate table
>> as a precursor requirement for credential free patching. However,
>> this seems to be dependent upon an entry in the msiDigitalCertificate
>> table. Even though my base install seems to be functioning properly
>> after application of the signature, there is nothing in my test
>> package's msiDigitalCertificate table.
>>
>> I thought I read somewhere that this table is only populated if
>> external .cab files are signed. If this is correct, we have no
>> external .cab's as its only the all inclusive .msi.
>>
>> How can I populate the msiPatchCertificate table if the above is
>> correct? Would somthing have to be added to the msiDigitalCertificate
>> table as well. I wouldn't mind populating the information manually.
>> I would just hope it would be held with subsequent compiles of our
>> installation via Wise for Windows Installer.
>>
>> Any help greatly appreciated!
>
> How did you go about getting the certificate? How will it be applied to
> your subsequent msi builds?
>
> I feel your pain. I am trying to do exactly the same thing and have hit
> the same roadblock. There just isn't proper documentation on this issue.
> 'This' (http://msdn2.microsoft.com/EN-US/library/aa367762.aspx) msdn
> article mentions "use internal cabinet files" but never gives any
> example on how to make it happen.
>
>
> --
> aganiji

On Aug 16, 4:55 pm, aganiji <agan...@epicsystems.com> wrote:
> Superfreak3;646974 Wrote:
>
>
>
>
>
> > We just received our digital certificate and it appears that it has
> > been added or applied to our all inclusive .msi installation package
> > file accordingly. We now get the friendlier UAC prompt listing the
> > app, company, etc.
>
> > Now, what I would like to do is populate the msiPatchCertificate table
> > as a precursor requirement for credential free patching. However,
> > this seems to be dependent upon an entry in the msiDigitalCertificate
> > table. Even though my base install seems to be functioning properly
> > after application of the signature, there is nothing in my test
> > package's msiDigitalCertificate table.
>
> > I thought I read somewhere that this table is only populated if
> > external .cab files are signed. If this is correct, we have no
> > external .cab's as its only the all inclusive .msi.
>
> > How can I populate the msiPatchCertificate table if the above is
> > correct? Would somthing have to be added to the msiDigitalCertificate
> > table as well. I wouldn't mind populating the information manually.
> > I would just hope it would be held with subsequent compiles of our
> > installation via Wise for Windows Installer.
>
> > Any help greatly appreciated!
>
> How did you go about getting the certificate? How will it be applied to
> your subsequent msi builds?
>
> I feel your pain. I am trying to do exactly the same thing and have hit
> the same roadblock. There just isn't proper documentation on this issue.
> 'This' (http://msdn2.microsoft.com/EN-US/library/aa367762.aspx) msdn
> article mentions "use internal cabinet files" but never gives any
> example on how to make it happen.
>
> --
> aganiji- Hide quoted text -
>
> - Show quoted text -

I tried both signing the .msi from the command line with signcode.exe
and via our installation build tool, Wise for Windows Installer. Both
seem to work fine as we see the friendlier UAC prompt during install.

On Aug 16, 4:55 pm, aganiji <agan...@epicsystems.com> wrote:
> Superfreak3;646974 Wrote:
>
>
>
>
>
> > We just received our digital certificate and it appears that it has
> > been added or applied to our all inclusive .msi installation package
> > file accordingly. We now get the friendlier UAC prompt listing the
> > app, company, etc.
>
> > Now, what I would like to do is populate the msiPatchCertificate table
> > as a precursor requirement for credential free patching. However,
> > this seems to be dependent upon an entry in the msiDigitalCertificate
> > table. Even though my base install seems to be functioning properly
> > after application of the signature, there is nothing in my test
> > package's msiDigitalCertificate table.
>
> > I thought I read somewhere that this table is only populated if
> > external .cab files are signed. If this is correct, we have no
> > external .cab's as its only the all inclusive .msi.
>
> > How can I populate the msiPatchCertificate table if the above is
> > correct? Would somthing have to be added to the msiDigitalCertificate
> > table as well. I wouldn't mind populating the information manually.
> > I would just hope it would be held with subsequent compiles of our
> > installation via Wise for Windows Installer.
>
> > Any help greatly appreciated!
>
> How did you go about getting the certificate? How will it be applied to
> your subsequent msi builds?
>
> I feel your pain. I am trying to do exactly the same thing and have hit
> the same roadblock. There just isn't proper documentation on this issue.
> 'This' (http://msdn2.microsoft.com/EN-US/library/aa367762.aspx) msdn
> article mentions "use internal cabinet files" but never gives any
> example on how to make it happen.
>
> --
> aganiji- Hide quoted text -
>
> - Show quoted text -

Here's something I got from post in different group....

http://groups.google.com/group/micro...0247505e64498e

I could sign my msi. Thanks for your replies

Were you able to populate your msi tables

Here is a script that can help you with getting the certificate int
the msi tables
Dim Installe
Dim Databas

Const szCertFile = "C:\MyCer.cer
Const szDatabase = "C:\YourMSI.msi

Set Installer=CreateObject("WindowsInstaller.Installer "

Set Database = Installer.OpenDatabase(szDatabase, 1
Set ViewCert = Database.OpenView("SELECT * FRO
`MsiDigitalCertificate`"
ViewCert.Execute
Set ViewSig = Database.OpenView("SELECT * FROM `MsiDigitalSignature`"
ViewSig.Execute

Set RecordCert = Installer.CreateRecord(2
RecordCert.StringData(1) = "Temp
RecordCert.SetStream 2, szCertFil
Call ViewCert.Modify(1, RecordCert

Set RecordSig = Installer.CreateRecord(4
RecordSig.StringData(1) = "Media
RecordSig.StringData(2) = "1
RecordSig.StringData(3) = "Temp
call ViewSig.Modify(1, RecordSig

Database.Commi

--
aganiji

On Aug 17, 12:50 pm, aganiji <agan...@epicsystems.com> wrote:
> I could sign my msi. Thanks for your replies.
>
> Were you able to populate your msi tables?
>
> Here is a script that can help you with getting the certificate into
> the msi tables.
> Dim Installer
> Dim Database
>
> Const szCertFile = "C:\MyCer.cer"
> Const szDatabase = "C:\YourMSI.msi"
>
> Set Installer=CreateObject("WindowsInstaller.Installer ")
>
> Set Database = Installer.OpenDatabase(szDatabase, 1)
> Set ViewCert = Database.OpenView("SELECT * FROM
> `MsiDigitalCertificate`")
> ViewCert.Execute 0
> Set ViewSig = Database.OpenView("SELECT * FROM `MsiDigitalSignature`")
> ViewSig.Execute 0
>
> Set RecordCert = Installer.CreateRecord(2)
> RecordCert.StringData(1) = "Temp"
> RecordCert.SetStream 2, szCertFile
> Call ViewCert.Modify(1, RecordCert)
>
> Set RecordSig = Installer.CreateRecord(4)
> RecordSig.StringData(1) = "Media"
> RecordSig.StringData(2) = "1"
> RecordSig.StringData(3) = "Temp"
> call ViewSig.Modify(1, RecordSig)
>
> Database.Commit
>
> --
> aganiji

Yep, I could populate my Wise tables without problem after creating
the
..cer file from my .spc file in Certificate Manager console.

THANKS!