Windows Logo Requirements
Installers created with InstallMate 11 comply with Microsoft's Windows Logo requirements for all supported versions of Windows. To obtain a copy of the Windows Logo requirements for Windows 7, go to the following web page. You need to download an XPS document from this web page.
- The Windows 7 Software Logo Program (on Microsoft's Windows Developer Center)
- Download Windows 7 Software Logo Program requirements (XPS document)
For Windows 8, use the following web page:
For Windows 10 and 11, the certification requirements are to be announced.
Below is a point-by-point overview of the logo requirements as they apply to installation tools, relative to the most recent (Windows 7 and 8) set of Windows Logo requirements. You can use this overview as a reference if you want to obtain Windows Logo validation for installers created with InstallMate 11. The terminology used below corresponds to the terms used in the Windows Logo requirements documentation.
- Do not modify WRP protected resources
- Windows Restart Manager support
- System reboot management
- Clean, reversible installation
- Installation requirements
- Product uninstaller information
- Install to the correct folders by default
- Digitally sign files & drivers
- Support x64 versions of Windows
- Do not block installation or application launch based on OS version check
- Follow User Account Control (UAC) Guidelines
- .Net and the Global Assembly Cache
- Other features
If you need additional information or implementation details to achieve Windows Logo certification, then please contact support@tarma.com.
Supported Windows versions
- Windows XP and Server 2003, x86, x64, and IA64 (where applicable), including WinPE 1.x
- Windows Vista and Server 2008, x86, x64, and IA64 (where applicable), including Core installations and WinPE 2.x
- Windows 7 and Server 2008 R2, x86, x64, and IA64 (where applicable), including WinPE 3.x
- Windows 8 and Server 2012, x86 and x64 (Microsoft no longer supports IA64 for these platforms)
- Windows 8.1 and Server 2012 R2, x86 and x64 (Microsoft no longer supports IA64 for these platforms)
- Windows 10/11 and Windows Server 2016-2025, x86, x64, and arm64 (where applicable)
Do not modify WRP protected resources
Installers built with InstallMate fully adhere to the Windows Resource Protection (WRP) guidelines (this was called Windows File Protection before the introduction of Windows Vista).
File protection
Before a file is replaced or removed, InstallMate uses the SfcIsFileProtected() function to check if the file is protected. If it is, then no attempt is made to modify the file. In the installer's log file, this is indicated with a TSU:W0009 diagnostic.
Registry key protection
Before a registry key is modified or removed, InstallMate uses the SfcIsKeyProtected() function to check if the key is protected. If it is, then no attempt is made to modify the key or any of its values. In the installer's log file, this is indicated with an "Access denied" error code (decimal 5) on the applicable registry action.
Applies to
- File protection applies to all platforms where SfcIsFileProtected() is available. Nominally this includes Windows Me, 2000, XP, Vista, and later, including their Server editions. However, the installer does not assume specific platforms; instead, it performs a direct check on the availability of the SfcIsFileProtected() entry point and will use it on any platform that implements it.
- Registry key protection applies to all platforms where SfcIsKeyProtected() is available. Nominally this includes Windows Vista and later, including their Server editions. However, the installer does not assume specific platforms; instead, it performs a direct check on the availability of the SfcIsKeyProtected() entry point and will use it on any platform that implements it.
Fall-back behavior
On platforms that do not implement resource protection, the installer obeys the usual Windows security settings as applied through ACLs.
Windows Restart Manager support
Installers built with InstallMate use the Windows Restart Manager functionality where available to manage in-use file replacements and system reboots. In particular, each installer performs the following Restart Manager-related tasks during an installation session.
- The RmStartSession() function is called to obtain a Restart Manager session context. Secondary installers automatically join the primary installer's Restart Manager session, instead of starting a separate session.
- The installer builds a list of files that need to be replaced during installation. This list takes into account factors such as file versions and file replacement policies (both user-specified and WRP-based). Files that are newly installed (i.e., that do not replace existing files) are excluded from the list.
- If the list is not empty, then the following happens:
- The RmRegisterResources() function is called with the list of files that need to be replaced.
- The RmGetList() function is called to obtain the Restart Manager's reboot status. If a reboot is indicated, then the internal TsuRebootRequired variable is set.
- The RmShutdown() function is called to try and shut down any processes that hold resources listed for replacement.
- The installer performs its installation tasks, including the replacement of files where applicable. If, despite the RmShutdown() function call, in-use files are encountered, then they are handled as described under the Fall-back behavior heading below.
- At the end of the session, the RmRestart() function is called to restart any applications and services that were shut down earlier.
- The RmEndSession() function is called to release any internal resources held by Restart Manager.
Any system reboots are managed as described in the section System reboot management.
Applies to
This applies to all platforms where Restart Manager functionality is available. Nominally this includes Windows Vista and later, including their Server editions. However, the installer does not assume specific platforms; instead, it performs a direct check on the availability of the Restart Manager entry points and will use them on any platform that implements them.
See also Windows Vista Restart Manager support.
Fall-back behavior
On platforms where Restart Manager functionality is not available, InstallMate manages the replacement of in-use files on its own. This functionality is also used in situations where Restart Manager is unable to shut down all processes that hold in-use files.
If an in-use file is encountered that needs to be replaced, then the following happens:
- A copy of the file's new version is placed alongside the current version of the file. The new version is installed with a temporary file name and a post-boot file rename operation is registered with Windows using the MoveFileEx(TempName, RealName, MOVEFILE_DELAY_UNTIL_REBOOT) function, or the equivalent WININIT.INI functionality on Windows 95, 98, and Me.
- The ReplacedInUseFiles and TsuRebootRequired internal variables are set.
The remainder of the installation session is modified somewhat:
- If any in-use files were encountered during installation, then all file self-registration actions are skipped during the session. Instead, the installer registers itself for a separate post-boot registration-only session using the RunOnce action.
- If the TsuRebootRequired variable is set at the end of the current session, the installer offers to reboot the system. Any system reboots are managed as described in the section System reboot management.
Note that the installer makes no attempt to shut down any processes.
Remarks
The chances of encountering in-use files can be reduced by specifying a running process check on the Installer options page. If any processes are specified and either Process check: Advisory check or Process check: Blocking check is set, then the installer will inform the user if any conflicting processes are running prior to installation and offer the user the opportunity to close down those processes. However, the installer will never forcibly shut down any processes by itself, except as documented earlier through the Windows Restart Manager functionality.
System reboot management
Installers built with InstallMate have flexible system reboot management, but will never reboot the system without the user's consent. In particular:
- During interactive installation sessions, the user is prompted before a system reboot takes place (no matter what caused the system reboot situation) and can decline the reboot.
- During non-interactive installation sessions (also known as "silent" or "quiet" installations), no system reboot is ever executed because there is no user to give consent.
If a system reboot is required but not performed, an exit code of 12 (Reboot required) is returned by the installation process as documented in InstallMate Command Line Options. This allows higher-level processes to act upon or propagate the reboot status.
Applies to
All supported Windows versions.
Remarks
The need for a system reboot to complete the installation is indicated by the TsuRebootRequired internal variable. In addition, the TsuRebootMode variable can override this by suppressing all reboots, by always scheduling one, or by following whatever the TsuRebootRequired variable indicates (this is the default). However, while these variables may be used by actions in the installer, they will never cause a reboot without the user's consent.
A reboot may be requested and the TsuRebootRequired variable be set by one or more of the following:
- The replacement of in-use files, as described earlier.
- The result of the Windows RmGetList() function, as described earlier.
- The installation of a file that has its Reboot if installed File installation attribute set.
- Setting the TsuRebootRequired variable to a nonzero value, for example through a Set Variable action.
An overall forced reboot, reflected in the TsuRebootMode variable, may be set by one or more of the following:
- Specifying the Reboot policy: Always reboot option on the Installer options page.
- Specifying the /b2 Setup command line option.
- Setting the TsuRebootMode variable to 2, for example through a Set Variable action.
Note: Even a "forced" reboot status only leads to an actual system reboot if the user consents.
Conversely, system reboots may be suppressed by any of the following:
- Specifying the Reboot policy: Never reboot option on the Installer options page.
- Specifying the /b0 Setup command line option.
- Setting the TsuRebootMode variable to zero, for example through a Set Variable action.
- Setting the TsuRebootRequired variable to zero, for example through a Set Variable action. Note that this has no effect if the TsuRebootMode variable is set to 2 or higher.
- Running the installer in quiet mode through the /q Setup command line option.
If system reboots are suppressed by any of these methods, then the installer will not initiate a system reboot and will not ask the user for consent (because none is required). However, the exit code of the installation process is still set to 12 (Reboot required) if the TsuRebootRequired variable indicates the need for a reboot.
Clean, reversible installation
Installers built with InstallMate perform clean, reversible installations and removals, as required by the Windows Logo requirements.
Installation roll back in case of failure
During the first installation and any subsequent updates, InstallMate keeps track of all system resources that it changes or replaces, and will roll back any changes if the installation session ends prematurely through a failure or because the user cancels the installation before it completes.
To achieve this, InstallMate implements a two-phase commit protocol as follows:
- During the initial phase, all installation actions are performed as required. An internal journal is kept that records all system modifications and their original state, keeping a copy of each replaced or deleted file, each modified registry key or value, and all other modified system resources where necessary.
- If the initial phase completes successfully, then all system modifications are committed and roll-back copies are discarded.
- If the initial phase does not complete successfully, whether through a system failure, insufficient access rights, or because of a user action, then the journal is used to restore the original system state. Among other things, any replaced or deleted files are restored to their original versions, newly installed files and folders are removed, and any system changes (including, but not limited to, registry key and value changes) are rolled back. The roll back takes place in the reverse order of the original changes, to ensure that any overlapping modifications are rolled back correctly.
This two-phase commit protocol is executed automatically, without user intervention. It extends to custom actions, which have an Execute option for this purpose:
- Run DLL action
- Run Program action
- Run Script action
- Uninstall Product action
The effect of the Execute option on these actions is as follows:
Execute | Description |
---|---|
Immediate | Execute the action when encountered in the action sequence. This is the default. |
Commit | Defer execution until the installation is committed. This option allows you to implement the "Commit" part of a two-phase commit protocol that is only executed if the installation was successful. |
Rollback | Defer execution until the installation is rolled back. This option allows you to implement the "Rollback" part of a two-phase commit protocol that is only executed if the installation fails and must be rolled back. |
Applies to
All supported Windows platforms.
Remarks
In addition to the automatic roll back mechanism, developers who use InstallMate can also specify on a per-file and per-resource basis if individual files or other system resources should be restored to their original (pre-installation) versions if the developer's product is ever uninstalled. This takes the form of a Remove action: Restore original option in the applicable installation item. For further details, see:
- Installation file attributes
- Registry value attributes
- INI Value attributes
- Environment variable attributes
This type of resource restoration is separate from the automatic roll back mechanism.
Installation requirements
Installers built with InstallMate comply with the general installation requirements prescribed by the Windows Logo requirements. According to the Windows Logo requirements, an installer should:
- Never force an immediate reboot. InstallMate does not force reboots; see the section System reboot management for details about InstallMate's reboot management.
- Never be dependent on 8.3 short file names. InstallMate does not depend on short file names; it uses long file names, except where compatibility with older Windows platforms requires short file names (for example, in the WININIT.INI file used on Windows 95, 98, Me).
- Never block silent install or uninstall. InstallMate always allows silent (non-interactive) operation, either preprogrammed or through the use of the /q Setup command line option.
Applies to
All supported Windows platforms.
Product uninstaller information
Installers built with InstallMate register all product uninstallation information prescribed by the Windows Logo requirements, plus additional information that is not required, but commonly used or that was required by earlier versions of Windows.
The following information is recorded in the registry under the HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{...product GUID...} registry key for per-machine installations, or under the equivalent HKEY_CURRENT_USER registry key for per-user installations.
Registry value | Type | Description |
---|---|---|
Comments | REG_SZ | [Optional] Additional product-related information, copied from the Comments variable (which is in turn initialized from the Comments field on the Product info page). This registry value is only written if the Comments field was enabled on the Product info page. |
Contact | REG_SZ | [Optional] Primary contact email address for the product, copied from the Email variable (which is in turn initialized from the Email address field on the Product info page). This registry value is only written if the Email address field was enabled on the Product info page. |
DisplayIcon | REG_SZ | Fully qualified path to the .ico file that contains the product's application icon. The .ico file contains a copy of the icon that was specified in the Custom icon field of the Package that was used to build the installer, or a standard icon if no custom icon was specified. |
DisplayName | REG_SZ | Descriptive name of the installed product. This defaults to <ProductName> <ProductVersion> (i.e., the name of the product followed by its version), but can be modified in the Display name field on the Installer options page. |
DisplayVersion | REG_SZ | Version number of the product, as text (the Version, VersionMajor, and VersionMinor registry values contain the product's version number in binary format). It is copied from the ProductVersion variable (which is in turn initialized from the Version field on the Product info page). |
EstimatedSize | REG_DWORD | Total installed size for the product, in KB. This information is displayed in the Add/Remove Programs control panel applet. |
HelpLink | REG_SZ | [Optional] URL of the product's technical support web page, copied from the SupportURL variable (which is in turn initialized from the Support URL field on the Product info page). This registry value is only written if the Support URL field was enabled on the Product info page. |
HelpTelephone | REG_SZ | [Optional] Telephone number of the product's technical support department, copied from the Telephone variable (which is in turn initialized from the Telephone field on the Product info page). This registry value is only written if the Telephone field was enabled on the Product info page. |
InstallDate | REG_SZ | Date on which the product was most recently installed, copied from the InstallDate variable. The date is in the format YYYYMMDD (4-digit year, 2-digit month, 2-digit day of the month) and corresponds to the date according to the local time zone that was in effect during installation. |
InstallLocation | REG_SZ | Fully qualified path to the primary installation folder, resolved as <<PRIMARYFOLDER>>. Typically, this refers to the product's top-level installation folder, for example C:\Program Files\Application Name. |
InstallSource | REG_SZ | Fully qualified path to the folder that contains the installation package that was used to install the product, resolved as <SourceDir>. This path is used during subsequent Change/Modify sessions. |
Language | REG_DWORD | Installation language of the product, from <ProductLanguage>. The language ID is defined as per Win32 conventions; see Language Identifiers on the MSDN web site. |
ModifyPath | REG_SZ | [Optional] Fully qualified command line to the installer, complete with the correct arguments to perform a Change/Modify session. The presence of this command line causes the Add/Remove Programs control panel in recent Windows versions to display a Change button or option (in addition to the Remove button or Uninstall option). This registry value is only written if the Register A/RP Change option field was checked on the Installer options page. |
ParentDisplayName | REG_SZ | [Optional] This registry value is only present if the product in question is an add-on or update to another product and the option Uninstaller type: Update uninstaller is specified on the Installer options page. In that case, its value is copied from the MainProductName variable (which is in turn initialized from the Main product name field on the Product info page). |
ParentKeyName | REG_SZ | [Optional] This registry value is only present if the product in question is an add-on or update to another product and the option Uninstaller type: Update uninstaller is specified on the Installer options page. In that case, its value is copied from the MainProductCode variable (which is in turn initialized from the Add-on for product field on the Product info page). |
Publisher | REG_SZ | Name of the product's publisher, copied from the Publisher variable (which is in turn initialized from the Publisher field on the Product info page). |
QuietUninstallString | REG_SZ | Fully qualified command line to the installer, complete with the correct arguments to perform a non-interactive ("silent" or "quiet") uninstallation. This command line is used by automated uninstallations, including the Uninstall Product action. It is not used by the Add/Remove Programs control panel. |
ReleaseType | REG_SZ | [Optional] This registry value is only present if the product in question is an add-on or update to another product and the option Uninstaller type: Update uninstaller is specified on the Installer options page. In that case, it is set to the string Update. This causes Windows XP, Vista, and later to hide the product information in the Add/Remove Programs control panel unless the user checks the Show updates box in the control panel. |
TinFolder | REG_SZ | Fully qualified path to the InstallMate folder for the product on the target system, copied from the TinProductFolder variable. This folder contains the product's uninstaller program and associated information. |
TinVersion | REG_SZ | Internal version number of the InstallMate program that was used to install the product, typically something like 9000. |
TizPath | REG_SZ | Fully qualified path to the installation package that was used to install the product, available as <TizPath>. This path is used during subsequent Change/Modify sessions. |
UninstallString | REG_SZ | Fully qualified command line to the installer, complete with the correct arguments to perform an interactive uninstallation. This command line is used by the Add/Remove Programs control panel. This registry value is not written if the setting Uninstaller type: Hidden uninstaller is specified on the Installer options page; in that case, only the QuietUninstallString registry value is set. |
URLInfoAbout | REG_SZ | [Optional] URL of the product's web page, copied from the Website variable (which is in turn initialized from the Web site URL field on the Product info page). This registry value is only written if the Web site URL field was enabled on the Product info page. |
URLUpdateInfo | REG_SZ | [Optional] URL of the product's update web page, copied from the UpdateURL variable (which is in turn initialized from the Update URL field on the Product info page). This registry value is only written if the Update URL field was enabled on the Product info page. |
Version | REG_DWORD | Binary version number for the product. It is derived from the ProductVersion variable; if that variable contains version a.b.c.d, then the Version field is set to the DWORD value (((a * 256) + b) * 65536 + c), where a and b are taken modulo 256 and c is taken modulo 65536. Missing version parts are treated as zeroes. |
VersionMajor | REG_DWORD | Binary major version number for the product. It is derived from the ProductVersion variable; if that variable contains version a.b.c.d, then the VersionMajor field is set to the DWORD value a modulo 65536. |
VersionMinor | REG_DWORD | Binary minor version number for the product. It is derived from the ProductVersion variable; if that variable contains version a.b.c.d, then the VersionMinor field is set to the DWORD value b modulo 65536. |
Applies to
All supported Windows platforms.
Remarks
The uninstaller information can be completely suppressed by setting Uninstaller type: Don't register on the Installer options page. However, this causes a BLD:Q0066 build diagnostic (Uninstaller registration is suppressed - application cannot be removed easily). The default setting is Uninstaller type: Normal uninstaller, which registers the uninstaller information as documented above.
Install to the correct folders by default
Installers built with InstallMate provide full access to all standard Windows folders, and where possible default to the appropriate installation folders. In particular:
- The default product installation folder is C:\Program Files\<ProductName> or its localized equivalent, as required by the Windows Logo documentation.
- The relevant All Users, Users, Public, or ProgramData subfolders as required by the target system (including, but not limited to, Application Data, Desktop, Start Menu, and Templates) are easily accessible for installation.
- The relevant Current User subfolders are likewise accessible.
- During the installer build process, folder permissions are checked and the developer is warned if special access privileges are required to install in a folder.
- During the actual installation, the locations and names of the standard Windows folders automatically adapt to the target system's Windows edition and the installed Windows language.
A more detailed overview of the standard folders and their behavior across Windows editions is given in the Files and folders and the Standard folders help topics.
The topic Dealing with access rights helps developers to understand the required privilege levels across the various Windows versions.
Applies to
All supported Windows platforms.
Digitally sign files & drivers
Installers built with InstallMate support digital (Authenticode) signatures on executable files as described by the Windows Logo requirements. The following InstallMate features are specifically aimed at digital signatures:
- The installer executables (also known as the Setup stubs) are digitally signed by Tarma Software Research. These Setup stubs become part of the installation package and one of them is installed on the target system to function as the product's uninstaller. Their digital signatures ensure that they comply with the Windows Logo requirements if considered as part of the overall product.
- The InstallMate development environment has built-in support for digital signatures and will automatically sign the installation package as a whole with the developer's certificate if the Sign after build option is checked in the Package that was used to build the installer.
- The Preflight check signature option of the Installation file attributes allows the developer to indicate which executable files should be checked for valid digital signatures during the build process. If an installation file is marked as such but does not contain a valid digital signature, then the build process will issue a BLD:W0155 diagnostic. By default, this diagnostic stops the build process before an installer is produced, thus allowing the developer to correct the problem instead of accidentally releasing an installer with unsigned executables.
Applies to
All supported Windows platforms.
Support 64-bit versions of Windows
Installers built with InstallMate fully comply with the x64 and arm64 Windows requirements of the Windows Logo program.
Correct detection of 64-bit Windows versions
InstallMate correctly detects 64-bit Windows versions if the installation takes place on an 64-bit Windows system. In particular, the following variables can be used to distinguish between various Windows versions (x64 or otherwise):
- The VersionNT variable is set for all Windows NT-based platforms (i.e., NT4, 2000, XP, Vista, 7, and later, and their Server editions), whether x86, x64, arm64, or IA64.
- The VersionNT32 variable is set to a nonzero value for all 32-bit Windows NT-based platforms.
- The VersionNT64 variable is set to a nonzero value for all 64-bit Windows NT-based platforms, x64, arm64, and IA64.
- The Arm64 variable is set to a nonzero value if the installer runs on a system with an ARM AArch64 processor.
- The MsiAMD64 variable is set to a nonzero value if the installer runs on a system with an AMD64 or compatible processor (including the Intel EMT64 architecture).
- The Msix64 variable is equivalent to the MsiAMD64 variable.
- The Intel64 variable is set to a nonzero value if the installer runs on a system with an Intel IA64 processor.
Full 64-bit Windows folder access
InstallMate provides full access to the 64-bit variations of standard Windows folders. In particular, the following 64-bit folders are supported:
- ProgramFiles64Folder is the Program Files folder for 64-bit programs (x64, arm64,and IA64).
- CommonFiles64Folder is the Program Files folder for 64-bit programs (x64, arm64,and IA64).
- System64Folder is the Windows System folder for 64-bit DLLs (x64, arm64,and IA64).
The developer can use these folders on the Files and folders page to install 64-bit executables.
Although files in these folders are typically controlled by components that prevent their installation on 32-bit platforms, no great harm is done should installation on a 32-bit platform occur: in that case, the missing 64-bit folders are automatically replaced by simulated 64-bit counterparts of the corresponding Windows folders. While this does not allow the files to function per se (64-bit executables will not run on 32-bit platforms), they are at least kept separate from similar 32-bit files and are stored in folders that are clearly marked as 64-bit folders.
For details about these folders, see the Files and folders help topic.
Full x64 Windows registry access
InstallMate provides full access to the 64-bit view of the registry as well as the 32-bit view. This is implemented through the Registry view setting of the Registry Key attributes. The following registry view options are available.
Registry view option | 32-bit Windows | 64-bit Windows |
---|---|---|
Existing key, else Native | Always uses 32-bit registry | Checks 64-bit and 32-bit views (in that order) and uses the first that already contains the key. If neither does, uses the 64-bit registry. |
Native only | Always uses 32-bit registry | Always uses 64-bit registry |
64-bit, then 32-bit | Always uses 32-bit registry | Tries to use the 64-bit view first, followed by the 32-bit one if the 64-bit failed. Note: This option differs from Existing key, else Native in that it will not try the 32-bit registry view if the registry action succeeds in the 64-bit view, even if the key already exists in the 32-bit view. |
64-bit only | Always fails | Always uses 64-bit registry |
32-bit only | Always uses 32-bit registry | Always uses 32-bit registry |
Registry value lookup through symbolic expressions and registry lookup performed by actions such as Uninstall Product behave as Existing key, else native. Product uninstaller registration takes place as Native only.
For more details about the registry views, see the Registry Views help topic.
Self-registration of 64-bit DLLs
InstallMate can perform self-registration of 64-bit as well as 32-bit DLLs and type libraries (in addition to self-registration of .exe files). Because this type of self-registration takes place in-process, the installer uses three small helper executables to host 64-bit or 32-bit DLLs and type libraries as required (arm64, x64, or x86).
Native 64-bit Setup stubs available
The InstallMate distribution includes x86, x64, and arm64 Windows Setup stubs. Depending on the parameters of the build process, one of these Setup stubs are included in the installation package. However, full 64-bit installation functionality is available in all Setup stubs, whether these are 32-bit or 64-bit executables.
For more details about the available stubs and the stub selection process, see the Setup stubs help topic.
No 16-bit code
No part of the InstallMate functionality includes 16-bit code.
Other 64-bit features
During the installer build process, the preflight checks performed by the InstallMate development environment will detect 64-bit executables and issue diagnostic messages if these files are not installed in folders that are designated for 64-bit programs. Likewise, attempts to install 32-bit executables in 64-bit folders are also flagged. This allows the developer to correct potential problems before the installer package is deployed.
Applies to
All x64 and arm64 Windows editions, and to all IA64 Windows editions except as noted in the Remarks section, below.
Remarks
All InstallMate 64-bit Windows functionality applies equally to IA64 Windows editions, with the following exceptions:
- Tarma Software Research does not provide native IA64 Windows Setup stubs, but the 32-bit Setup stubs are fully compatible with IA64 Windows editions and offer full access to all aspects of those systems.
- Self-registration of IA64 DLLs and type libraries is not supported as a built-in feature. However, IA64 DLLs may be self-registered by using a Run Program action that runs the IA64-specific regsvr32.exe program <System64Folder>\regsvr32.exe with the DLL's path as its command line argument.
Do not block installation or application launch based on OS version check
Installers built with InstallMate allow Windows version detection prior to the installation, but do not do so by default. However, if the developer decides to allow or disallow installation on specific Windows versions, he can specify the criteria on the Requirements page. The checks on this page can be done for all known Windows versions, or for the rest group Future Windows versions.
In addition to the Requirements checks, which take place prior to installation, InstallMate also offers the following features that help to fine-tune Windows version checks should this be necessary for the product:
- General conditional expressions can use variables such as Version9x, VersionNT, and similar system information variables to perform or skip certain installation actions.
- Similar conditions plus specific Platform tests can be used to enable or disable components, which in turn controls the installation of files and other system resources. This may be used if platform-dependent components must be installed.
- To test for the availability of specific Windows features, the developer can use variables such as VersionCLR or perform other runtime checks.
The checks can use any suitable comparison operations, including inclusive or exclusive version range comparisons.
Applies to
All supported Windows versions.
Remarks
The installation-time checks use the standard Windows functions GetVersionEx(), GetSystemInfo(), and GetNativeSystemInfo() as appropriate and available on the target system to collect their information. Because of the nature of the installer's checks, the VerifyVersionInfo() is not suitable in this case.
Follow User Account Control (UAC) Guidelines
Installers built with InstallMate comply with the UAC guidelines as documented in the Windows Logo requirements. In particular, InstallMate contains Setup stubs sets with the following UAC elevation levels in their embedded application manifests:
- highestAvailable - Installers with this level perform an All Users installation if started by an Administrator and given consent to run with elevated privileges, or a Current User installation otherwise.
- requireAdministrator - Installers with this level perform an All Users installation if given consent to run with elevated privileges. This might require the user to enter the Administrator password.
- asInvoker - Installers with this level perform a Current User installation, unless explicitly started to Run as Administrator.
The desired stub set may be selected by the developer as part of the Advanced package options, or it may be configured automatically based on the Installation level setting on the Installer options page.
The topic Dealing with access rights helps developers to understand the required privilege levels across the various Windows versions.
Applies to
Windows Vista and later. However, InstallMate does not assume a specific Windows version; instead, the installers contain the required UAC-compatible application manifests and rely on the target system to handle the desired privilege elevation if supported and applicable.
Remarks
In addition to the required UAC-compatible application manifests, all InstallMates on all Windows platforms perform runtime checks prior to installation to find out if access to the installation folders and other system resources is allowed. Based on the outcome of these checks and the Installation level setting on the Installer options page, the installer may inform the user that the installation can only be performed as a Current User installation, or that the installation cannot proceed at all and must be restarted under an Administrator account.
.Net and the Global Assembly Cache
Installers built with InstallMate use the officially documented Windows API to install and remove .Net global assemblies in the Global Assembly Cache (GAC). This involves the IAssemblyCache COM interface and some of its methods (i.e., member functions):
IAssemblyCache InstallAssembly() UninstallAssembly() ...other methods...
(See http://msdn.microsoft.com/en-us/library/ms231448.aspx for documentation of this COM interface.)
This means that the installer does not touch the GAC itself; that is all done by Windows. What happens during installation is this:
- The installer unpacks the assembly files and places them in a temporary staging directory (under %TEMP%\...unique ID...)
- The installer then obtains a pointer to the IAssemblyCache interface by calling the Windows function CreateAssemblyCache(). The returned IAssemblyCache pointer represents the global assembly cache interface. (See http://msdn.microsoft.com/en-us/library/ms230575.aspx for documentation.)
- The installer calls IAssemblyCache::InstallAssembly() with the required parameters. This causes the Windows .Net support to copy the assembly files from their temporary staging location to the GAC and to update whatever registry entries need to be updated.
- During removal, the installer again calls CreateAssemblyCache() to obtain an IAssemblyCache pointer, and then uses IAssemblyCache::UninstallAssembly() to remove the assembly (or not, if any other references are still active). Again, it's Windows' own .Net support that performs the GAC actions, not InstallMate.
Applies to
All Windows platforms that have .Net support installed. InstallMate does not assume a specific Windows version; instead, the installers check for the presence of the CreateAssemblyCache() function and the availability of the IAssemblyCache interface, and will use those on any platform that implements this functionality.
Other features
In addition to the items discussed above, InstallMate contains many other features that improve the installation experience and general Windows compatibility and system security, and that may therefore be relevant during the Windows Logo certification process.
Supports Windows XP and later
InstallMate has built-in support for all publicly released Windows version from Windows XP to Windows 11 and their Server editions. Moreover, the availability of features is not based on Windows version checks, but on direct checks for the feature with appropriate error handling or a suitable fall-back strategy if the feature in question is not present. This also makes the installers future-proof.
Support for Windows Preinstallation Environment
InstallMate also supports the Windows Preinstallation Environment (WinPE) editions of Windows XP, Vista, 7, and 8. Installers built with InstallMate do not use MSI and are fully compatible with the restricted WinPE environments.
Terminal Server aware
All InstallMates are compatible with Terminal Server environment and are marked as such (/TSAWARE) in their executables. In particular, an installer running in a Terminal Server environment will switch the environment to installation mode prior to installation, and back to execution mode afterwards.
Unicode
The installer's database and the main Setup stubs are Unicode through-and-through, and they are also bidi-aware. This allows the installer to handle all languages and locales that are supported by the target system.
Compiler security features
InstallMate is compiled with a modern Microsoft C/C++ compiler and linker toolset and its executables use the following compiled-in security features:
- /GS compiler option: Detects buffer overruns on the stack by inserting a cookie at strategic places.
- /NXCOMPAT linker option: Enables Data Execution Prevention (DEP, also known as NX - No eXecute) for the installer, which prevents data injected into the installer's process space to be executed.
- /DYNAMICBASE linker option: Enables Address Space Layout Randomization (ASLR), which makes attacks harder because code and data addresses may differ from run to run and are no longer easily predictable.
- /SAFESEH linker option: Causes the linker to include a table of safe exception handlers, which makes it harder to add malicious code masquerading as an exception handler. (This option is only used for 32-bit executables; 64-bit executables always have an embedded exception handler table.)
Furthermore, the installers use the Windows heap for memory management, which (at least on recent Windows versions) includes a number of heap-related security checks. Wherever applicable, InstallMate follows Windows Best Practices and uses safe coding techniques to improve the installer's robustness even further.
Current User installations are fully isolated
InstallMate has a (what we believe to be) unique installation mode called Current User installation. While most installers offer some form of per-user installation, Tarma's is unique in the following respects:
- Application folders, including folders under Program Files, are automatically redirected to a suitable location under the installing user's Application Data area. This also applies to the Common Files folders.
- All Users folders, including the All Users version of the Desktop and Start Menu, are automatically redirected to the corresponding private folders of the installing user.
- Registry keys and values under HKEY_ALL_USERS (representing HKEY_LOCAL_MACHINE during All Users installations) are automatically redirected to HKEY_CURRENT_USER.
- Registry keys and values under HKEY_CLASSES_ROOT are automatically redirected to HKEY_CURRENT_USER\Software\Classes. This also applies to all DLL and related registrations, including type libraries and file type associations.
- The product's uninstallation information is redirected to the HKEY_CURRENT_USER registry hive and the DisplayName registry value is annotated with the installing user's account name, for easier identification.
These features allow an application to be installed by an unprivileged user for his or her own exclusive use. They also allow multiple independent installations of the same product. In fact, there can be as many independent installations as there are user accounts on the system, plus one additional per-machine installation.
Note: These Current User installation features are available from Windows 2000 onwards. Earlier versions either do not implement a functional All Users/Current User separation (this applies to Windows 95, 98, and Me) or do not allow the HKEY_CLASSES_ROOT registry key to be redirected (this applies to Windows NT4).