MSIX -> Local Activation permission for COM server - com

My package is installed in sideloaded way and keeps encountering the app-specific permission error.
Yes many suggest to alter permissions and owners manully in regedit and Component Services.
My app is actually missing in the DCOM Config under the Component Services (DCOMCNFG, DCOMCNFG -32).
I see neither errors in the proc monitor nor warnings. How can I grant permissions in this case and why isn't this specific task accomplished by the MSIX installer ?
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
and APPID
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
to the user PRECISION\Tommy SID (S-1-5-21-3771326467-2290839719-591499861-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
I attmepted to grant DCOM permission by using this PS modul but to no avail:
Grant, Revoke, Get DCOM permissions using PowerShell
Import-Module .\DCOMPermissions
Grant-DCOMPermission -ApplicationID "{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}" -Account "SYSTEM" -Type Launch -Permissions LocalLaunch,LocalActivation -OverrideConfigurationPermissions
Keep witnessing the error in the Event Viewer and this prohibits my app to start up:
Event Viewer exhibiting the error ID 10010
I build the MSIX package with the help of this AppxManifest.xml
<?xml version="1.0" encoding="utf-8"?>
<Package xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns="http://schemas.microsoft.com/appx/manifest/foundation/windows10">
<Identity Name="WeatherHistory" Version="0.7.0.2" Publisher="CN=Contoso Software, O=Contoso Corporation, C=US" />
<Properties>
<DisplayName>Weather History</DisplayName>
<PublisherDisplayName>Cosmic ray</PublisherDisplayName>
<Logo>Images/satelite.png</Logo>
</Properties>
<Dependencies>
<TargetDeviceFamily Name="Windows.Universal" MinVersion="10.0.17763.0" MaxVersionTested="10.0.18363.0" />
<TargetDeviceFamily Name="Windows.Desktop" MinVersion="10.0.17763.0" MaxVersionTested="10.0.18363.0" />
</Dependencies>
<Resources>
<Resource Language="en-us" />
</Resources>
<Applications>
<Application Id="Weather.History" Executable="Weather.History.Splash.exe" EntryPoint="Weather.History.Splash">
<VisualElements DisplayName="Weather History" Description="Frontend" Square150x150Logo="Images/satelite.png" Square44x44Logo="Images/satelite.png" BackgroundColor="yellow" xmlns="http://schemas.microsoft.com/appx/manifest/uap/windows10" />
<Extensions>
<Extension Category="windows.fullTrustProcess" Executable="Weather.History.Stylet.exe" xmlns="http://schemas.microsoft.com/appx/manifest/desktop/windows10" />
</Extensions>
</Application>
</Applications>
<Capabilities>
<Capability Name="runFullTrust" xmlns="http://schemas.microsoft.com/appx/manifest/foundation/windows10/restrictedcapabilities" />
<Capability Name="internetClient" />
</Capabilities>
</Package>
... and addded code to my package entry point exe as
private async void LaunchProduct()
{
try
{
if (ApiInformation.IsApiContractPresent("Windows.ApplicationModel.FullTrustAppContract", 1, 0))
{
await FullTrustProcessLauncher.LaunchFullTrustProcessForCurrentAppAsync();
}
else
{
Exit($"Your Windows version is not supported.");
}
}
catch (Exception e)
{
Exit("Failed to launch Weather History", e);
}
}
There is a WPF splash attempts to launch another WPF both are based on the common TFM .NET 4.7. The first WPF ought to launch the second as a trusted process harnessing this MSIX package extension infrastructure. Pro boostrapper mechanism. If my take on is right.
This ain't a pacage bundle, so what architecture is my package actually targeting ? I always compile Any CPU.
I finally build the package by invoking the respective tool as :
makeappx.exe pack /v /o /f mapping.map /m Appxmanifest.xml /p ./Weather.History.msix

The EntryPoint indeed must be designated as trusted.
EntryPoint="Windows.FullTrustApplication"

Related

Multi-App Kiosk mode provisioning failure code '0xC00CE223'

I'm trying to put in place a kiosk on a Surface Go using the following AssignedAccess.xml file in my provisioning package:
<?xml version="1.0" encoding="utf-8" ?>
<AssignedAccessConfiguration
xmlns="https://schemas.microsoft.com/AssignedAccess/2017/config"
xmlns:r1809="https://schemas.microsoft.com/AssignedAccess/201810/config"
>
<Profiles>
<Profile Id="{f46cfb9f-044f-4d96-bb33-ea1c1c18a354}">
<AllAppsList>
<AllowedApps>
<App AppUserModelId="Microsoft.Windows.Explorer" r1809:AutoLaunch="true" />
<App AppUserModelId="Microsoft.WindowsCalculator_8wekyb3d8bbwe!App" />
<App DesktopAppPath="C:\Program Files\SumatraPDF\SumatraPDF.exe" />
</AllowedApps>
</AllAppsList>
<r1809:FileExplorerNamespaceRestrictions>
<r1809:AllowedNamespace Name="Downloads" />
</r1809:FileExplorerNamespaceRestrictions>
<StartLayout>
<![CDATA[<LayoutModificationTemplate xmlns:defaultlayout="http://schemas.microsoft.com/Start/2014/FullDefaultLayout" xmlns:start="http://schemas.microsoft.com/Start/2014/StartLayout" Version="1" xmlns="http://schemas.microsoft.com/Start/2014/LayoutModification">
<LayoutOptions StartTileGroupCellWidth="6" />
<DefaultLayoutOverride>
<StartLayoutCollection>
<defaultlayout:StartLayout GroupCellWidth="6">
<start:Group Name="Apps">
<start:Tile Size="4x2" Column="0" Row="2" AppUserModelID="Microsoft.WindowsCalculator_8wekyb3d8bbwe!App" />
<start:DesktopApplicationTile Size="2x2" Column="0" Row="0" DesktopApplicationLinkPath="%APPDATA%\Microsoft\Windows\Start Menu\Programs\SumatraPDF.lnk" />
<start:DesktopApplicationTile Size="2x2" Column="2" Row="0" DesktopApplicationLinkPath="%APPDATA%\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk" />
</start:Group>
</defaultlayout:StartLayout>
</StartLayoutCollection>
</DefaultLayoutOverride>
</LayoutModificationTemplate>
]]>
</StartLayout>
<Taskbar ShowTaskbar="false" />
</Profile>
</Profiles>
<Configs>
<Config>
<Account>CouncilKiosk</Account>
<DefaultProfile Id="{f46cfb9f-044f-4d96-bb33-ea1c1c18a354}"/>
</Config>
</Configs>
</AssignedAccessConfiguration>
I took a look at the logs and the consensus seems to be this error code '0xC00CE223'. According to my research this is telling me that "Validate failed because the document does not contain exactly one root node." (XML DOM Error Messages Doc) I'm not sure where this is going wrong.
The provisioning package is also setting 2 user accounts (local admin and local user), hiding OOBE, enabling tablet mode as default, and running a provisioning command script that installs a single application and sets registry keys necessary for autologin.
UPDATE: I re-imaged the Surface Go with Windows 10 Pro and it still fails. But now I get an error '0x8000FFFF' which appears to be related to windows update and the windows store. I only have 1 USB port on this thing so it isn't connected to the internet at this time.
UPDATE 2: I re-imaged with a more up to date ISO of 10 Pro and I'm back to the original errors listed in the above post. I have updated the XML file and changed the tag as well as the xmlns from rs5 to r1809. I am not seeing any changes and this continues to be a frustrating problem to have.
Test to change this:
https://schemas.microsoft.com/AssignedAccess/2017/config
to the following:
http://schemas.microsoft.com/AssignedAccess/2017/config

How to publish a Asp.net 5 MVC6 website on IIS containing two web apps

I have got a project with two web apps. One of them is only for reference in the base app. The project runs okay in visual studio. I am trying to publish it in local file system and then copy it across to the windows server 2008. Below is the web.config generated by visual studio.
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<appSettings>
<add key="bootstrapper-version" value="1.0.0-beta4" />
<add key="runtime-path" value="..\approot\packages" />
<add key="dnx-version" value="1.0.0-beta4" />
<add key="dnx-clr" value="clr" />
<add key="dnx-app-base" value="..\approot\src\MySite" />
</appSettings>
</configuration>
When I run this website in Server using dnx . web, it runs okay. But when I try to run it under IIS by pointing IIS to wwwroot then all of the packages go missing. The website is unable to find packages.
Failed to resolve the following dependencies for target framework 'DNX,Version=v4.5.1':
Base32 1.0.0.13
BouncyCastle 1.7.0
CsQuery 1.3.4
EcmaScript.Net 1.0.1.0
EntityFramework 7.0.0-beta4
EntityFramework.Commands 7.0.0-beta4
EntityFramework.Core 7.0.0-beta4
EntityFramework.Relational 7.0.0-beta4
EntityFramework.Relational.Design 7.0.0-beta4
EntityFramework.SqlServer 7.0.0-beta4
EntityFramework.SqlServer.Design 7.0.0-beta4
.........
.........
How did you deploy?
Here are the steps that you can follow to get that running:
Make sure that you the app pool is a .NET 4 app pool
Run, in your web app's project folder dnu publish --runtime <name of runtime> (the name is the name of the runtime folder under %userprofile%\.dnx\runtimes
Step 2 generates a folder that contains the application, its dependencies and the runtime under the bin\debug folder.
Copy that folder to the IIS website folder
Run

MSBuild Web Deploy not updating connection strings

I am currently trying to get my deployment process up and running on my production server. Currently I am using the web deploy and publish profiles to achieve this, and I have everything working correctly, apart from the updating of connection strings to suit the production server.
I am using:
msbuild myProj.csproj /p:DeployOnBuild=true;PublishProfile=myProfile;Configuration=Release
to create the publish package, and the:
call myProj.deploy.cmd /Y /M:http://myServer/MSDeployAgentService -allowUntrusted /U:user /:Password
So this is working, it packages and then sends it to the server fine, and configures IIS correctly, but points to the wrong database.
My publishing profile looks like:
<?xml version="1.0" encoding="utf-8"?>
<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<PropertyGroup>
<WebPublishMethod>MSDeploy</WebPublishMethod>
<SiteUrlToLaunchAfterPublish />
<MSDeployServiceURL>http://myserver</MSDeployServiceURL>
<DeployIisAppPath>Website</DeployIisAppPath>
<RemoteSitePhysicalPath />
<SkipExtraFilesOnServer>True</SkipExtraFilesOnServer>
<MSDeployPublishMethod>RemoteAgent</MSDeployPublishMethod>
<UserName>user</UserName>
<_SavePWD>True</_SavePWD>
<PublishDatabaseSettings>
<Objects xmlns="">
<ObjectGroup Name="DBContext" Order="1" Enabled="False">
<Destination Path="Data Source=server;Initial Catalog=ProductionDB;User ID=user;Password="password"" Name="" />
<Object Type="DbCodeFirst">
<Source Path="DBMigration" DbContext="myproj.Repositories.DBContext, myproj.Repositories" MigrationConfiguration="myproj.Repositories.Migrations.Configuration, myproj.Repositories" Origin="Configuration" />
</Object>
</ObjectGroup>
<ObjectGroup Name="DefaultConnection" Order="2" Enabled="False">
<Destination Path="Data Source=server;Initial Catalog=ProductionDB;User ID=user;Password="password"" Name="" />
<Object Type="DbDacFx">
<PreSource Path="Data Source=localhost;Initial Catalog=devDB;User ID=user;Password="password"" includeData="False" />
<Source Path="$(IntermediateOutputPath)AutoScripts\DefaultConnection_IncrementalSchemaOnly.dacpac" dacpacAction="Deploy" />
</Object>
<UpdateFrom Type="Web.Config">
<Source MatchValue="Data Source=localhost;Initial Catalog=devDB;User Id=user;Password=password" MatchAttributes="$(UpdateFromConnectionStringAttributes)" />
</UpdateFrom>
</ObjectGroup>
</Objects>
</PublishDatabaseSettings>
</PropertyGroup>
<ItemGroup>
<MSDeployParameterValue Include="$(DeployParameterPrefix)DBContext-Web.config Connection String">
<ParameterValue> Data Source=server;Initial Catalog=ProductionDB;User ID=user;Password="password"</ParameterValue>
</MSDeployParameterValue>
<MSDeployParameterValue Include="$(DeployParameterPrefix)DefaultConnection-Web.config Connection String">
<ParameterValue>Data Source=server;Initial Catalog=ProductionDB;User ID=user;Password="password"</ParameterValue>
</MSDeployParameterValue>
</ItemGroup>
</Project>
Annoyingly this works fine when Publishing directly from VS2012, just not via command line. Is there a switch or option I am missing from my msbuild call maybe?
It is not working correctly as in my myProj.SetParameters.xml file, the connection strings shown in there are wrong. If I manually change these to the correct connection strings, then the web.xml file is correct on the production server once deployed. How do I get the correct string into my SetParameters file? Any help would be greatly appreciated.
In the end to get around this, in Visual Studio I created a Parameters.xml file in the root of project which holds the values of the connection strings to be used on the production server. These are picked up and used instead of the default values.
The Parameters.xml file looks like:
<?xml version="1.0" encoding="utf-8" ?>
<parameters>
<parameter name="DefaultConnection-Web.config Connection String"
description=""
defaultValue=""tags="" />
Just add as many as you require and obviously populate the attributes as required
My DefaultConnection was not updating either. It turned out that I had to delete the MyProject > PublishProfiles .pubxml file.
Then when attempting to publish the newly built project it asked me to connect to azure and download the publishing profile.
Even though that wizard has a checkbox with the option to turn off overriding the DefaultConnection string with the one pulled down with the publishing profile, unchecking it had no effect. It continued to overwrite the string.
So in the azure control panel (portal) I clicked Websites > My Website > Configure
Scroll down to connection strings and you can show the hidden connection string. I just removed it by hitting the x and then hardcoded the correct one in my web config.
I then removed the .pubxml again and went through the wizard again. Now there is not connectionstring being pulled down with the publish profile.
My Publish Profile .pubxml file (found in Project\Properties\PublishProfiles) had become corrupt with extra duplicate "DefaultConnection-Web.config Connection String" nodes. The connection string updated correctly after I deleted the extra nodes.

How do you use MSDeploy to sync a whole solution over http?

I'm able to use MSDeploy to deploy one project at a time with the Visual Studio 2010 SP1 "Publish" wizard. I deploy over http.
My visual studio solution contains many projects and some depends on shared DLL. Is it possible to sync a whole solution?
My goal would be to fully automate deployment.
Carl
Why don't you use WDeploy directly from the command line? You can specify a manifest file, where you'd put all necessary components for deployment and then sync against manifest msdeploy provider:
Source manifest (Source.xml)
<MyDeployment>
<appHostConfig path="MyLocalSiteName" />
<!--
You can also use iisApp depending on what permissions you have on the remote server.
If you have permissions execute appHostConfig that will create a site if the site does not exist.
-->
<iisApp path="MyLocalSiteName\MyApp" />
<dirPath path="C:\Solution\Project1" />
<dirPath path="C:\Solution\Project2" />
<gacAssembly path="My.GACed.Assembly, Version=1.0.0.0, Culture=neutral, PublicKeyToken=1111111111'" />
</MyDeployment>
Destination manifest (Destination.xml)
<MyDeployment>
<appHostConfig path="MyRemoteSiteName" />
<iisApp path="MyRemoteSiteName\MyApp" />
<dirPath path="\\RemoteServerShare\Solution\Project1" />
<dirPath path="\\RemoteServerShare\Solution\Project2" />
<gacAssembly path="My.GACed.Assembly, Version=1.0.0.0, Culture=neutral, PublicKeyToken=1111111111'" />
</MyDeployment>
And the command line would be:
msdeploy.exe -verb:sync -source:manifest=Source.xml -dest:manifest=Destination.xml,computername=MyServer
... to go against MSDeploy agent, or
msdeploy.exe -verb:sync -source:manifest=Source.xml -dest:manifest=Destination.xml,wmsvc=MyServer,username=User2,password=4321,authtype=basic
... to against WMSvc.
This blog post can get you started on the manifest provider and this TechNet article can explain some useful provider settings.

Executable not requesting elevated when part of deployment project

I've created an executable that's called by another app for processes that require UAC elevated privileges. If I build this project with the below manifest it requests UAC fine, if I add this projects output to my setup project it creates it without UAC?
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<assemblyIdentity version="1.0.0.0" processorArchitecture="X86" name="CreateApp" type="win32"/>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
<security>
<requestedPrivileges>
<requestedExecutionLevel level="requireAdministrator"/>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
Any idea why this is or if it's possible to have it as part of the setup project with the manifest?
Custom actions in InstallExecuteSequence already run as child processes of Windows Installer service. So they inherit their privileges and the manifest is not used.
To run a custom action with full privileges you should schedule it as deferred with no impersonation.
If you are not using the EXE as a custom action and you are just launching it from another process, make sure you use ShellExecute.