使用 msiexec /a 启动管理安装的目的是什么?
Windows Installer 技术支持管理安装。用于启动管理安装的命令行是:“msiexec /a setup.msi”。我想了解这种安装的目的以及它们在什么情况下有帮助?
Windows Installer technology supports administrative installation. The command line for initiating administrative installation is: 'msiexec /a setup.msi'. I want to understand the purpose of this type of installation and in what scenarios are they helpful?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(4)
msiexec.exe 命令行< /strong>:
Technet 版本。管理安装的目的
管理安装通常在大规模部署方案中最有用,在这种情况下,软件会同时安装在多台计算机上,例如在拥有数千个工作站的大型银行中。事实上,对于此类部署场景来说,这是相当关键的。作为应用程序打包者,您要做的第一件事就是进行管理安装以检查 MSI 文件内容和结构。
管理安装中的操作
管理安装本身只需从内部 cab 文件中提取文件,并调整 MSI 文件的媒体布局以使用用于安装的提取文件而不是内部 cab 文件。最终结果是一个整洁的文件夹层次结构,显示文件在目标系统上的位置,以及比原始文件更小的 MSI 文件,现在已删除内部 cab 文件。除了提取之外,该操作不会对目标系统进行任何更改,除非 MSI 是定制设计的,这在几乎所有情况下都是严重的设计错误。我突然想到的例外情况可能包括设置许可文件,或以某种方式后期处理文件以进行部署。我在现实生活中从未见过这样的构造,但可以向管理安装添加自定义操作。
使用管理安装
管理员安装后,提取的文件可以放在可从数千个工作站访问的网络共享上,并且可以从那里进行安装。通常,这是通过专门的部署软件(例如 SCCM)(以前的 Microsoft SMS)或类似软件来完成的。然而,在某些情况下,用户也可以在工作站上手动触发安装。此网络共享安装的关键优势在于,工作站的自我修复操作以及后续的补丁和升级安装可以访问原始源文件,以便安装成功完成。您可能经历过 Microsoft Office 会突然要求您插入安装 CD 以重新安装一些文件。除非可以在线获取源,否则工作站也会发生这种情况。随着 Microsoft 在每台本地计算机上缓存越来越多的安装程序内容(Windows 7 及以上,2018 年 1 月更新),此源要求将来可能会发生变化:有关此缓存的更多详细信息,请参阅此答案:为什么 MSI 需要原始版本.msi 文件以继续卸载?)。我应该补充一点,您也可以将未解压的 MSI 文件放在这样的位置,而无需通过管理映像解压它,但使用管理安装允许单独下载任何文件(无需下载大量的 cab)。对于巨大的 MSI 文件,这一点很重要,而且我更喜欢管理映像作为安装源,以使修补更加可靠 - 这是一个主观偏好,但这是由于现实生活中的经验。
管理安装和管理打补丁
最后,MSI 补丁的创建通常需要为原始设置和新设置运行管理员安装。然后根据新旧安装程序文件夹之间的差异创建 Windows Installer 补丁文件。因此,管理安装对于后续创建补丁文件至关重要。 Wise for Windows Installer 就是这种情况 - 我发现的唯一能够在现实生活中创建真正可靠的补丁的产品(该产品现已下市,一些详细信息请参见:使用什么安装产品?InstallShield、WiX、Wise、高级安装程序等)。再次基于广泛的现实世界测试的主观观察。
如果您从供应商处获得 MSI 和 MSP(路径文件),也可以修补管理安装。您提取 MSI 并使用 MSP 修补管理映像。然后,目标文件夹将包含更新的 MSI 和任何新文件(前提是管理补丁有效,但根据我的经验,通常不会)。
“从源代码运行”
Chris 提到“从源代码运行”,这确实是一个相当无用且过时的概念,其中安装中的某些文件可以保留在网络共享上并直接从那里访问。老实说,我已经很多年没有尝试过这个功能了。
此功能很少使用,但我想在所有工作站都应访问一组公共资源文件并且您希望避免大量重复的情况下,它可能会很有用。然后,可以通过如上所述的“管理安装补丁”来部署对资源文件的修复,而无需在工作站上重新安装任何内容(其工作效果如何尚不清楚 - 缺乏此功能的使用可能是一个线索)。
具有许多不同模块的大型软件套件(其中只有少数模块由不同的人使用)可以通过仅安装一些所需的功能并让其余的从源代码运行或在首次使用时安装来显着加快安装和使用速度。它将加快安装和后续补丁安装的速度,并可能将潜在的不安全和不必要的二进制文件从系统中留下。最后一点在锁定环境中可能很重要。然而,在现实生活中,我看到补丁将广告中的功能更改为在打补丁后本地安装,这是非常奇怪和不受欢迎的行为,但很常见。在实践中,我发现“从源代码运行”或广告中的功能的用途非常有限。通常最好将安装分为两部分,一个用于客户端安装,一个用于服务器安装。
更新:
以下是同一问题的新摘要:管理安装及其使用(文件提取及其他)。另请阅读下面关于“从 Windows 7 开始更改 MSI 缓存行为”的评论。
msiexec.exe command line:
Msiexec (command-line options)- MSDN overview.the Technet version.Purpose of Administrative Installs
Administrative installs are generally most useful in large scale deployment scenarios where software is installed on many computers at once, for example in a large bank with thousands of workstations. In fact it is quite critical for such deployment scenarios. As an application packager the first thing you tend to do is to do an admin install to inspect the MSI file content and structure.
Operations in an Administrative Install
The admin install itself simply extracts the files from internal cab files and adjusts the media layout of the MSI file to use the extracted files for installation instead of the internal cab files. The end result is a neat folder hierarchy showing where files will go on the target system, and a smaller MSI file than the original now stripped of internal cab files. The operation makes no changes to the target system apart from this extraction unless the MSI is custom-designed to do so which is a serious design error in almost all cases. Exceptions, off the top of my head, may include setting up licensing files, or post processing files for deployment in some fashion. I have never seen such constructs in real life, but it is possible to add custom actions to admin installs.
Use of Administrative Installs
After the admin install the extracted files can be put on a network share accessible from thousands of workstations and it can be installed from there. Typically this is done via specialized deployment software such as SCCM (previously Microsoft SMS) or similar. However the install can also be triggered manually by the user on a workstation in some cases. The critical benefit of this network share install is that self-repair operations and subsequent patch and upgrade installs to the workstations have access to the original source files so the installs complete successfully. You may have experienced that Microsoft Office would suddenly ask you to insert the installation CDs in order to reinstall a few files. This would happen to workstations too unless the sources were available online. This source requirement may change in the future as Microsoft caches more and more installer content on each local machine (Windows 7 onwards, UPDATE Jan 2018: See this answer for more details on this caching: Why does MSI require the original .msi file to proceed with an uninstall?). I should add that you can also put the unextracted MSI file in such a location without extracting it via an admin image, but using admin install allows any file to be downloaded separately (no huge cab download). For huge MSI files this is important, and I prefer admin images as installation source to make patching more reliable - this is a subjective preference, but it is due to real-life experience.
Administrative Installs & Patching
Finally the creation of MSI patches typically requires an admin install to be run for the original setup and also for the new setup. The Windows Installer patch file is then created based on the differences between the new and old installer folders. As such admin installs are critical for the subsequent creation of patch files. This is the case for Wise for Windows Installer - the only product I have found to create really reliable patches in real life experience (this product is now off market, some details here: What installation product to use? InstallShield, WiX, Wise, Advanced Installer, etc). Again a subjective observation based on extensive real-world testing.
It is also possible to patch an admin install if you get an MSI and an MSP (path file) from a vendor. You extract the MSI and patch the admin image with the MSP. The target folder will then contain a newer MSI and any new files (provided the admin patch works, which it generally doesn't in my experience).
"Run From Source"
Chris mentions "Run From Source", and this is indeed a rather useless and obsolete concept where some files in the install can be left on the network share and accessed straight from there. I honestly haven't tried this feature in years.
This feature is seldom used, but I guess it could be beneficial in scenarios where a common set of resource files should be accessed by all workstations and you want to avoid mass-duplication. Fixes to the resource files could then be deployed by an "admin install patch" as described above without reinstalling anything onto the workstations (how well it works is unclear - the lack of use of this feature may be a clue).
A large software suite with many and dissimilar modules where only a few are used by different people could speed up installation and usage significantly by only installing a few of the required features and leave the rest to run from source or install on first use. It would speed up installation and subsequent patch installations and could leave potentially unsafe and unnecessary binaries off the system. This last point can be important in locked-down environments. However, in real-life I have seen patches change advertised features to be locally installed after patching which is very strange and undesired behavior, but very common to experience. In practice I find "run from source" or advertised features of very limited use. It is generally better to split a setup into two with one for client and one for server installation.
UPDATE:
Here is a new summary of the same issue: admin install and its uses (file extraction and beyond). Please also read the comment below on the "changed caching behavior of MSI in Windows 7 onwards".
在现实世界中,它根本没有那么大的价值。 MSI 的设计初衷是在计算机通常配备 2-20GB 硬盘的时代。他们想出了所有这些“从源头运行”的广告场景,这些场景在当时看起来真的很酷,但从未在现实世界中真正流行起来。
今天,/a 为我(一名安装开发人员)所做的就是为我提供一种简单的方法来“提取”MSI 并验证其内容。就是这样。
In the real world, it doesn't have all that much value at all. MSI was designed back in a day when a computer typically had a 2-20gb hard drive. They came up with all these "run from source" advertisement scenarios which seemed really cool back then but never really caught on in the real world.
Today, what /a does for me, a setup developer, is give me an easy way to "extract" an MSI and verify its contents. That's about it.
假设您需要在一定数量的计算机上安装产品 X,并且还需要为 X 应用一些补丁。您可以执行以下操作,而不是在每台计算机上应用一系列补丁:
这可以节省一些时间和精力,并且您将知道您的所有机器都肯定处于相同的补丁级别。
Say that you need to install product X on some number of machines, and that you will need to apply some patches for X as well. Rather than applying a series of patches on each machine, you can do this:
It can save some time and effort, and you'll know that all your machines are certain to be at the same patch level.
如果您有每用户设置并且系统不允许通过组策略等进行用户安装,则用户将能够通过管理安装在目标文件夹中创建的 msi 进行安装。
它是一种授权安装软件的方式。
If you have a per-user setup and a system that disallows user installations through e.g. group policy then the user will be able to install from the msi created in the target folder by the administrative install.
Its a way of authorising software to be installed.