Creating an MSI to install device drivers
This guide should help you create an MSI to install device drivers onto a workstation using only freely available tools.
You will need
First you need to download the few tools needed for this. If this is your first time, be prepared for a lot of downloading. The Microsoft tools you need are quite small, but are irritatingly only included with much larger bundles of tools. Here's what you need:
- An MSI authoring program. The Advanced Installer freeware version is used as the example for these instructions. Note that the paid-for version of Advanced Installer can do the entire process for you (except for the Trusted Publisher section).
- The Orca MSI editor. You can find various downloads of this just by searching for it, but the latest version at the time of writing can be found bundled with the Windows SDK for Windows 7. You will need to download and install at least the "Windows Development Tools" component. Once installed, you should find Orca.exe in C:\Program Files\Microsoft SDKs\Windows\v7.0\Bin.
- The appropriate DIFxApp merge module for your platform (x86 or x64). Current latest version can be found in the (huge) Windows Driver Kit. Either mount the ISO download or extract it using 7-Zip, then install. You should then find the files you need under C:\WinDDK\7600.16385.win7_rtm.090713-1255\redist\difx\difxapp\english\mergemod
- The drivers you want to install!
- Extract drivers so that the Setup Information (.inf) file is available.
- Author a new MSI package in Advanced Installer to install the extracted files to a directory in Program Files.
- Open the built MSI in Orca.
- Go to Tools > Merge Module.
- Import the platform-appropriate DIFxApp merge module from the directory created earlier by the DIFxApp installer:
- x86: x86\difxapp.msm
- x64: amd86\difxapp.msm
- Accept any Merge Conflict errors in the _Validation table.
- In the File table, find the row containing the driver's .inf file and copy the value from the Component_ column.
- In the MsiDriverPackages table, add a new row. Paste the copied value from the File table into the Component field. Sequence can be left blank.
- If you are installing only drivers in this MSI, you can set Flags to 4 to avoid having two different entries in Add/Remove Programs. If installing as part of another software package, set to 0. Also see special functionality as described in the schema.
- Save the MSI, test, and deploy using your normal method (my preference is for GPO Software Installation)
Set up the Trusted Publisher for the drivers
If the drivers are not signed by Microsoft (i.e. WHQL certified), you may need to extract the signing certificate for use as a Trusted Publisher:
- Select the .cat file for the drivers, right-click, and select Properties.
- Click the Digital Signatures tab.
- Select the signer name and click Details.
- Click View Certificate.
- Select the Details tab and click Copy to File.
- Follow the prompts to save as a DER encoded .cer file.
- You must then import this certificate into the Trusted Publishers store of each machine receiving the MSI. This is most easily achieved via Group Policy (import the certificate into Computer Configuration -> Policies -> Windows Settings ->Security Settings -> Public Key Policies -> Trusted Publishers).
- For further details, consult the Microsoft documentation on Authoring a Windows Installer Installation Package By Using DIFxApp.msm.
- Multiple .inf files can be installed in the same package, but each .inf file must have different values in the Component_ column of the File table. Since this is not always the case in the freeware version of Advanced Installer, it is not recommended. Each set of drivers must also be installed in a separate folder, i.e. only one .inf file per folder.