Jeremy Davis
Sitecore, C# and web development
There are quite a few ways to install Sitecore. You can run the .exe provided from SDN, use the Sitecore Instance Manager, or write your own scripts to automate configuring the bits in the official zip files. But, having done a bit of testing, it seems that you have to be careful about the security settings when you're using these different approaches. Whilst the .exe installer leaves you with a Sitecore instance that's relatively safe to expose to the internet, SIM does not seem to make all the same security settings. It's installs seem (by default) only suitable for private development instances. And the "roll it yourself" installs from Sitecore's ZIP packages are only ever as good as you make them – miss a step and you might open a security hole.
With that in mind, I've been thinking about install automation – can I solve the problem of getting an unattended install to work from the .exe file?
Edit: When I wrote this post I didn't know what the `SC_IISSITE_ID` parameter to the MSI was for. Since then I've discovered what it does. And it turns out that it and another parameter not discussed here are quite important if you want to install more than one instance of Sitecore on the same machine. If you want to make use of the automated approach below, you should also read my more recent post about the parameters.
The first thing I tried was running the .exe from the command line with the
/?
switch, just to see what happens. And what you get is this:
So the .exe is basically a custom automation wrapper. But what is it automating? Well in amongst those options is
/ExtractCab
– what does that give us?
Well that lot looks like some internationalisation settings, custom code for capturing data, some UI control theme data – and an MSI file.
That's positive. MSI files are data for Microsoft's transactional install system – they contain information about what to do during an installation – what files to deploy, and what custom steps to perform. And they explicitly support silent installations. But to get that to work you have to discover the "magic" values that the custom UI (our .exe file) are passing in to specify things like "where should the files be installed to?".
Unfortunately finding that stuff out can be a bit of a black art. Microsoft do have some tools for opening MSIs and finding out what's in them, but it involves installing a the Windows SDKs. But there's a possible trick we could play here. Because the custom install UI is probably capturing some data from the UI and then executing the MSI Install tool as a child process, we may be able to steal the right set of settings by examining the processes while they're running...
Any time I need to poke into the internals of Windows processes, my first choice tool is the SysInternals Process Explorer – it's free and it can tell you all sorts of stuff. And one of the things it does is show you the tree of processes running at any point, and give you access to things like their command line parameters. And an added bonus is that you can run the Sysinternals tools straight off the internet, without any need to install them. Just click http://live.sysinternals.com/procexp.exe to start Process Explorer...
So if you run the .exe installer, answer all of its questions and then set the installation running, what you see in Process Explorer is:
You can see on the left that the .exe kicks off "InstallWizard.exe" to capture all your install choices, and then that executes
msiexec.exe
which is the Microsoft tool for running an MSI installation. (Which should be installed on all Windows machines by default) And if you call up the properties dialog for the
msiexec.exe
process you can see the command line that is passed to trigger the install:
"msiexec.exe"
/i "C:\Users\jeremy\AppData\Local\Temp\4\{6C7E5BDF-8FF9-4690-A3A5-CC2AE6312362}\exe\Sitecore.msi"
TRANSFORMS=":InstanceId4;:ComponentGUIDTransform4.mst"
MSINEWINSTANCE=1
LOGVERBOSE=1
SC_LANG="en-US"
SC_FULL="1"
SC_INSTANCENAME="NewInstance1"
SC_LICENSE_PATH="C:\Software\PartnerLicense-2013.xml"
SC_SQL_SERVER_USER="sa"
SC_SQL_SERVER="localhost"
SC_SQL_SERVER_PASSWORD="p@55w0rd"
SC_DBTYPE="MSSQL"
INSTALLLOCATION="C:\Inetpub\wwwroot\NewInstance1"
SC_DATA_FOLDER="C:\Inetpub\wwwroot\NewInstance1\Data"
SC_DB_FOLDER="C:\Inetpub\wwwroot\NewInstance1\Database"
SC_MDF_FOLDER="C:\Inetpub\wwwroot\NewInstance1\Database\MDF"
SC_LDF_FOLDER="C:\Inetpub\wwwroot\NewInstance1\Database\LDF"
SC_NET_VERSION="4"
SITECORE_MVC="1"
SC_INTEGRATED_PIPELINE_MODE="1"
SC_IISSITE_NAME="NewInstance1"
SC_IISAPPPOOL_NAME="NewInstance1AppPool"
SC_IISSITE_HEADER="NewInstance1"
SC_IISSITE_PORT="80"
SC_IISSITE_ID="13"
SC_DBPREFIX="NewInstance1"
SC_PREFIX_PHYSICAL_FILES="1"
SC_SQL_SERVER_CONFIG_USER="sa"
SC_SQL_SERVER_CONFIG_PASSWORD="p@55w0rd"
/l*+v "C:\Users\jeremy\AppData\Local\Temp\4\SitecoreInstaller.log"
Bingo! There are all the secret parameters we need...
The
/i
parameter specifies the path to the MSI file you want installed. The next three control some of the behaviour of the MSI installer. All the ones starting with
SC_
or
SITECORE_
are the Sitecore install parameters.
INSTALLLOCATION
specifies the root path for the new instance. And finally the
/l*+v
parameter enables verbose logging. Note that the
/i
and
/l
parameters require an absolute path.
There's just one other parameter you need to add to make this work. To perform a proper unattended install of Sitecore you need the MSI to show no UI when it runs. For that you just have to add one extra parameter to this command line:
/qn
which tells msiexec.exe to hide any UI.
The general command line reference for
msiexec.exe
is available on MSDN:
http://msdn.microsoft.com/en-us/library/aa367988(v=vs.85).aspx
So now it's a relatively simple tasks to write yourself a batch file, PowerShell script, or whatever other sort of install process you want. In theory you should be able to pass the parameters we discovered above via the command line of the .exe installer. However I've yet to get this to work correctly. So instead you can write your script to extract the contents of the .exe file from Sitecore, and then pass your preferred values into the parameters described above for
msiexec.exe. Run that, and bingo – you've got yourself a new instance of Sitecore without any tedious clicking on installer buttons. And it should be as secure as if you installed it with all the clicking.
Using the parameters above, a batch file might look like:
"Sitecore 6.6.0 rev. 140410.exe" /q /ExtractCab "msiexec.exe" /qn /i "%cd%\SupportFiles\exe\Sitecore.msi" TRANSFORMS=":InstanceId5;:ComponentGUIDTransform5.mst" MSINEWINSTANCE=1 LOGVERBOSE=1 SC_LANG="en-US" SC_FULL="1" SC_INSTANCENAME="silent" SC_LICENSE_PATH="C:\Software\PartnerLicense-2013.xml" SC_SQL_SERVER_USER="sa" SC_SQL_SERVER="localhost" SC_SQL_SERVER_PASSWORD="p@55w0rd" SC_DBPREFIX="silent_" SC_PREFIX_PHYSICAL_FILES="1" SC_SQL_SERVER_CONFIG_USER="sa" SC_SQL_SERVER_CONFIG_PASSWORD="p@55w0rd" SC_DBTYPE="MSSQL" INSTALLLOCATION="C:\Inetpub\wwwroot\silent" SC_DATA_FOLDER="C:\Inetpub\wwwroot\silent\Data" SC_DB_FOLDER="C:\Inetpub\wwwroot\silent\Database" SC_MDF_FOLDER="C:\Inetpub\wwwroot\silent\Database\MDF" SC_LDF_FOLDER="C:\Inetpub\wwwroot\silent\Database\LDF" SC_NET_VERSION="4" SITECORE_MVC="1" SC_INTEGRATED_PIPELINE_MODE="1" SC_IISSITE_NAME="Silent" SC_IISAPPPOOL_NAME="SilentAppPool" SC_IISSITE_HEADER="silent" SC_IISSITE_PORT="80" SC_IISSITE_ID="13" /l*+v "%cd%\SilentInstall.log" rmdir /S /Q "%cd%\SupportFiles"
It extracts the MSI, installs it with the parameters discussed, and then removes the temporary files it created.
There are a few caveats with this though:
