Jump to content

This is a ready-only archive of the InstallSite Forum. You cannot post any new content here. / Dies ist ein Archiv des InstallSite Forums. Hier können keine neuen Beiträge veröffentlicht werden.

Need help with analyzing installation process

1 reply to this topic


  • Full Members
  • 1 posts

Posted 02 July 2011 - 16:46

Our company installs an OCX application for web access. A third-party wants to know what the difference is during installation when run in a regular user account versus an account with administrator rights. The third-party wants to know explicitly what the difference, especially in the registry, is when run in each mode and I am trying to get more information on that particular process. I tried running procmon in the standard user profile, but, it fails to launch. Can I get some suggestions on how to gather information about the installation process using two different credential levels? The third-party wants to know explicitly what the difference is when run in each mode and I am trying to get more information on that particular process.


  • Moderators
  • 1,447 posts

Posted 03 July 2011 - 01:46

You can extract any COM information from the OCX by scanning the file with the "RegSpy.exe" tool. At a command prompt type:

RegSpy.exe YourFile.ocx >> YourFile.reg

The YourFile.reg should contain all COM relevant entries added by your OCX file.

If this is an ActiveX control that is registered in IE. I have had success capturing the changes done by the install in admin mode and deploy them to a regular PC with only standard users and have the control work properly. Normally the installation process installs a signed executable to C:\WINNT\Downloaded Program Files\ and in the process of doing so caches a number of certification and authentication entries in the registry in the HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\<YOUR APPLET NAME> section.


Each time the control is invoked I believe IE checks that the version of the dll in the codebase path specified in the registry is equal to the one on disk. At the very least it will check that the version numbers specified in the registry equals the one on the local disk. I don't recall exactly. In order to capture the changes I use a software repackaging tool such as wise adminstudio or similar. There are free ones available, but I don't have a link for you right now. It's late :-).

In summary I think you should use a software repackaging kit to snapshot changes done for an admin installation. Then you should clean out everything in the snapshot but a few important pieces (a snapshot captures everything that changed on the computer between the snapshot was created and when the end state is captured - most of the captured settings is junk and dangerous to deploy to client machines). The sections of interest in the registry should be:

HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\<YOUR APPLET NAME>
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/YourFile.dll
SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\ (one item under here for your file)

Let me know how it goes with this. I can try to provide some more details if need be.

Edited by Glytzhkof, 07 August 2014 - 21:13.
Formatting and deleted broken download link.

-Stein Åsmul