MSI repacke - bad practice?

2

I'd like to repackage MSIs with custom modifications

Let's do an example: I use an Windows Server and GPOs to deploy software to clients. When I put there a MSI of e.g. firefox it's installs as a normal software, but I require for example custom add-ons and a different start page (of course there might be GPOs which do that, but not every software supports this).

So I use the application "AppDeploy Repackager" which builds a custom MSI from the changes that where made during the installation. I installed some add-ons for firefox and changed some settings. After the MSI has finished building I copied the MSI to another machine and installed it. Everything works fine with my presets.

Now I've read that this process can cause an "disaster". Have you use this process already in your environment and what is your opinion about this?

And does this MSI installs on other hardware machines from different vendors without any issues (In fact every machine is 64bit)? I was only able to test it on VirtualBox machines.

ForJ9

Posted 2017-11-23T16:37:02.290

Reputation: 121

Answers

2

Many businesses repackage msi's with custom additions.

I work at a business that has transitioned through several deployment methods. (Not always by choice!)

We primarily in the past have pushed out MSIs through GPO. Most of these would be installed, modified and then repackaged. If the repacking software picks up all the registry keys, files, folders etc from the install, its not a problem.

Other Repackers just add a skin to executable installers, making it look like an MSI, in reality it is just an exe.

There is another type, that lets you modify the MSI itself. This is probably the most dangerous due to the potential for user error. If you didn't build the MSI, you don't have a full understanding of how it was built and the intention of each part. There may not even be documentation of what everything is.

In the above case, you could very well mess up the deployment. The "Disaster" that would follow would very much depend on where you made the mistake and what you edited. That is the same with deploying software, or misswriting a command in command prompt.

SO TLDR: Disasters are possible, severity depends on what you have done. The way you have mentioned doing it has you configuring the MSI in a familiar area, the GUI. The machine picks up the changes for you.

Lister

Posted 2017-11-23T16:37:02.290

Reputation: 1 185

That sounds that it would be the easiest way to go. Of course there is everytime something you can mess up. But we plan to create the MSI package on a snapshottet Win10 VM that can be reset to the installation state. In addition every unnecessary process and service is stopped (like explorer.exe). Have you already some experiences if the repackaged MSI works also on machines from different vendors? – ForJ9 – 2017-11-23T21:57:47.520

Another addition: Which software have you used? And which would you recommend? – ForJ9 – 2017-11-23T22:45:55.333

Yes we do use various brands of laptop & desktop, it would primarily be windows itself/ the application that would have problems. And yes snapshotting machine is a good idea, we did the same. I cant remember what was used before, it ran on windows XP. We moved onto using PDQ Deploy instead of repackaging. – Lister – 2017-11-30T16:55:18.563

Asked: 2017-11-23T16:37:02.290

Viewed: 57 times

Active: 2017-11-23T18:15:22.577