Installing a User Account Service Unattended (Part 1)

December 30, 2011

one comment

In many productions environments, Windows Services required to run under a privileged domain account. NET services consume the Installer Class foundation to control its installation flow. In most cases, your .NET service ends up packaged in MSI installer which automates the actions InstallUtil does in command line.

But what if you want to install a user account service automatically without bothering the user (other than the service account user\password entries) with post installation actions? Commonly MSI authors will use the ServiceInstall Table which allows runtime entry of username (‘StartName’ column) and password among other properties. However, in case the target service is always expected to run under a domain account, since Installutil.exe (Installer Tool) 4.0 there is another solution.

Service Setup

  1. First, the service must be set with user account. Fortunately this is the default behavior of ServiceProcessInstaller.
    this.serviceProcessInstaller = new System.ServiceProcess.ServiceProcessInstaller();
    this.serviceProcessInstaller.Account = new System.ServiceProcess.ServiceAccount.User;
    this.serviceProcessInstaller.Password = null;
    this.serviceProcessInstaller.Username = null;

  2. Next, test that InstallUtil installs the service successfully when run from the Visual Studio command prompt:

  3. installutil.exe WindowsService1.exe

    During the install phase InstallUtil calls this ‘Set Service Login’ dialog:

    This is perfectly normal, since no username\password have been provided. Provide valid credentials and the service installed.

  4. Now we want to test unattended installation of the service.

    1. First we need to remove the service by adding the /u switch to the command: installutil.exe WindowsService1.exe /u

    2. And now repeat the test, this time without the prompt dialog: installutil.exe /username=[domain\user] /password=[password] /unattended WindowsService1.exe

    Note: the switches must precede the service path, otherwise be ignored.

    This feature of InstallUtil seems very little documented. In fact, I’ve noticed that by preceding a ‘/?’ before the service path, more information uncovered than found on MSDN.

    The command:
    installutil /? WindowsService1.exe
    The output – the interesting bit marked in yellow below: Microsoft (R) .NET Framework Installation utility Version 4.0.30319.1
    Copyright (c) Microsoft Corporation. All rights reserved.

    Usage: InstallUtil [/u | /uninstall] [option […]] assembly [[option […]] assembly] […]]

    InstallUtil executes the installers in each given assembly.
    If the /u or /uninstall switch is specified, it uninstalls
    the assemblies, otherwise it installs them. Unlike other
    options, /u applies to all assemblies, regardless of where it
    appears on the command line.

    Installation is done in a transactioned way: If one of the
    assemblies fails to install, the installations of all other
    assemblies are rolled back. Uninstall is not transactioned.

    Options take the form /switch=[value]. Any option that occurs
    before the name of an assembly will apply to that assembly’s
    installation. Options are cumulative but overridable – options
    specified for one assembly will apply to the next as well unless
    the option is specified with a new value. The default for all
    options is empty or false unless otherwise specified.

    Options recognized:

    Options for installing any assembly:
     The assembly parameter will be interpreted as an assembly name (Name,
     Locale, PublicKeyToken, Version). The default is to interpret the
     assembly parameter as the filename of the assembly on disk.

     File to write progress to. If empty, do not write log. Default
     is .InstallLog

     If false, suppresses output to the console.

     If an exception occurs at any point during installation, the call
     stack will be printed to the log.

     Directory in which the .InstallState file will be stored. Default
     is the directory of the assembly.

    Options for installing a Service Application:
        Sets the user account to run the service under. You must also
        specify the /password= option.

        Sets the password for the account to run the service under.

    The /username and /password options will be used only if the vendor of
    the service designated it as requiring a user account. If a service was
    so designated, and you do not use the /username and /password options,
    you will be prompted at install time for the account.
        Unattended install. Will not prompt for username or password.

    Individual installers used within an assembly may recognize other
    options. To learn about these options, run InstallUtil with the paths
    of the assemblies on the command line along with the /? or /help option.

    So by using these options we can pass username and password for unattended installation. This is great for taking control of the service installation flow from the MSI to the code.

    Next step is how to roll out this unattended feature within an MSI installer.

Add comment
facebook linkedin twitter email

Leave a Reply

Your email address will not be published.

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>


one comment

  1. Joy ChuaFebruary 17, 2012 ב 14:32

    This helped a lot! thanks