by Tim Mangan, CTP Fellow, Boston CUGC Leader
Chapter 7: How to sequence a ClickOnce App?
The Field Book on Citrix with App-V is a collection of experiences in customer implementations. This article helps to understand an issue seen on 7.9 with shortcuts in App-V on XenApp.
Use search term Field Book to search for more from the series.
An on-going set of experiences in helping customers implement App-V in Citrix environments.
This customer is using XenApp as a temporary back-stop for people with broken desktops and lost laptops. They have some extremely highly valuable and compensated employees that they must keep active at all times.
So rather than a high-performance scaled out implementation, they have a couple of servers with just about everything that they can put on it available. Because the person using it should be back up in a day, whether things work as optimally as the original desktop is not the top priority, it just needs to always work with all of their apps. The multi-user nature of XenApp means that they never know what combination of apps might be needed on the OS on a given day, so to avoid having issues just when they need it the most, they virtualize every app they can with App-V. Could they have used a non-persistent XenDesktop instead? Sure, but each user has a unique set of apps so you’d still be virtualizing them.
Helping to complicate things for IT, the in-house developers (for a SHORT period of time) thought that by developing their apps using ClickOnce they could improve their ability to deliver and updates apps to those physical desktops and laptops. ClickOnce (not to be confused with “ClickToRun”) is something Microsoft dreamed up to allow installation of apps without admin rights by unpacking the app into the user’s local profile. You can guess what IT thinks about that idea. Not to mention the CISO. But bad apps never die, so they still are required years later.
The draw to the developers was that because ClickOnce installation goes to the local profile, it allows for user self installation without Admin rights. ClickOnce also has a form of auto-updater where every time the end-user then runs the app it checks with the location it was installed from (typically a server share) and updates itself if the file changed. Some of these highly valuable people that use these apps will log in about a dozen times in a typical day, so having the user click to “install” every time they log in to a non-persistent desktop is ridiculous. So the question they asked is whether they can package up the ClickOnce App in App-V to deliver.
Citrix 7.11 and App-V 5.1
Fellow CTP and MVP Remko Weijnen has a nice blog with a lot of background information related to this situation. If you search for “Remko App-V ClickOnce” you’ll find it. After reading this and failing a few times, here is what I found…
The first thing to consider in sequencing a ClickOnce app is that ultimately it wants to install to the user’s AppData\local\Apps\2.0 folder using a uniquely generated folder. These files will generally be dlls, and if .Net is in use only private placement in the folder is used (meaning they are not installed into the GAC). If sequencing uses the normal installation techniques, the default exclusion list will need to be modified as AppData\local is otherwise ignored. But just changing the exclusion list doesn’t give you a working package!
ClickOnce apps are provided as a special file format (“.application”) that is usually left on a web server or network share, and the “installation” process uses an OS supplied out-of-process COM object to unpack the contents and place them appropriately. Even if the default exclusion list is modified to capture the AppData\local folder, because the out-of-process COM object is run by a pre-existing service process the changes will not be captured.
My approach to sequencing most of these is as follows:
- First attempt sequencing without modification of the exclusion list. Make a copy of the Apps/2.0 folder and save to a network share.
- Revert the sequencer.
- Change the exclusion list.
- While monitoring, install the ClickOnce app.
- While still monitoring, delete the contents of the folder created under Apps/2.0. Then copy the contents of the saved folder into that folder.
- While still monitoring, locate the ClickOnce installer created shortcut, delete it.
- While still monitoring, locate the exe and make a shortcut to it.
- Save off the package.
Sometimes the app might place additional files elsewhere. In that case, Remko’s blog details use of a tool from the Windows SDK (magui) that can help locate them all.
As a final note: We don’t know how to defeat the autoupdate feature of ClickOnce. So if anyone updates the source location of the installer with a newer version it will attempt to update itself. As App-V simply refuses to allow package executable file format components (like exe, dll, etc) from being modified, this leads to a bad user experience and is the sort of thing malware wants to do anyway. So make sure to protect that location being updated by the in-house developers. When it is time to update, you package the new one one up, pick a new server location, and deploy. Then retire the old location.