MSIX App Attach – Walk before you run
Recently I have got familiarised myself with MISX app attach and just sharing my experience to walk before you start running with the MSIX app attach. In the below blog posts, I will show you how I have got the MSIX package manager installed and how I have got the app attach working on single VM. Once you get it working on one device, you can always use it for the multiple devices or use to test installations.
What is it?
MSIX app attach is a way to deliver MSIX applications to both physical and virtual machines, such as Azure Virtual Desktop. It separates apps from the operating system, making it easier to build images for virtual machines and deliver apps dynamically to users.
MSIX package manager
First of all, I have tried generating MSIX package manager on the Windows Server 2019 and also on Windows server 2022, there is no easy way to install the package manger as far as I can see because the package manager need installing from the Windows store and Windows servers does not have Windows store by default. I have read few blog posts that there may be a way to install it using PowerShell which I did try without success.
You can find the package manger from one of below links
https://apps.microsoft.com/store/detail/msix-packaging-tool/9N5LW3JBCXKF?hl=en-us&gl=us
have then decided to create MSIX package on windows 11. It worked perfectly fine on the Windows 11 VM and manage to create the msix file for Google Chrome. (I guess it will work correctly using Windows 10 too, I haven’t tried that yet)
I have followed instructions from this tutorial: (At around 13 minutes, the video explains how to create the MSIX package so if you are in rush, just forward to 13th minute)
Please note that while you are creating the package, you will also need certificate, if you have valid certificate you can use that or you can always use self signed certificate. Please note that this certificate is needed to install on the Local machine in order to stage the MSIX app attach.
Generate self-signed certificate on Windows 11.
`New-SelfSignedCertificate -Type Custom -Subject "CN=chiragdevice" -KeyUsage DigitalSignature -KeyAlgorithm RSA -KeyLength 2048 -CertStoreLocation "cert:\LocalMachine\My"`
You can find above certificate in MMC snap-in, expand Certificates (Local Computer) , expand Trusted Root Certification Authorities , and then click Certificates
Once you have got your MSIX package ready, in the next steps we will see how to convert it to VHD file and then attach to the VM.
Convert to VHD
I have used this very helpful community tool to convert the MSIX package to VHD file.
https://github.com/RMITBLOG/MSIX_APP_ATTACH/wiki/Getting-started-with-MSIXAACT
Once you download and install above community tool, you can able to convert your MSIX package into VHD file which you going to need to run your PowerShell scripts.
Select “Create MSIXAA Image” option
Then select VHD option and browse and select your MSIX file.
Once you have VHD file ready, you will now need to download PowerShell scripts and Json files from the above same tool.
Scripts for Staging/Attaching
Now the real work starts with regards to downloading the script and then using them
You should be able to download all the relevant scripts from below link.
https://github.com/RMITBLOG/MSIX_APP_ATTACH/tree/master/VHD%20MSIX%20App%20Attach%20Scripts
In order to run the script, you will need to have json file for the app you are going to package is, in this example we going to use Google Chrome to package it.
You will need to amend the json file and put in correct information in there, below are the details I have amended on my json file.
1. First of all, double click on VHD file you have generated above, this will attach the drive on your computer, in my case it has attached it as F:
_comment1: enter any comment you want to enter here
vhdFileName: Get the file name of the VHD file you generated in above Convert VHD step
parentFolder: this is the folder name where your package exist in the VHD, so in my case I have copied this from the F:
packageName: You can get this name from the VHD, so in my case I have got it from the F: and then going into the parentfolder
volumeGUI: In order to get this, open powershell in Admin mode, then change drive to the VHD drive, in my case its cd f:/
Then Run mountvol command on the powershell and you shall find the volume ID
msixJunction: This is where you want your App Attach packages to live after it gets attached to user device, all the users on the computer will need access to this path.
Once the json file is ready, make sure its in the same folder as the other powershell scripts you had downloaded. Also the VHD file is in the same folder too.
2. Make sure you eject the drive before running next step, in my case I have ejected F:
3. Run AppattachStage.ps1 powershell script as Administrator
If there are no errors run the next steps.
4. Now that the app attach has been staged, you will have to make sure that the certificate which was generated above has been added on the windows computer where you are going to register the app. It should have been added under the certificates in MMC snap-in, expand Certificates (Local Computer) , expand Trusted Root Certification Authorities , and then click Certificates.
5. Final Step to register the app – Run AppAttachRegister.ps1 to register the app under any user account. Once run successfully, you shall able to see the application on the start menu and start using it! Enjoy!
6. In order to remove the application, you can follow LIFO (last in first out), so first you will have to run AppAttachDeRegister.PS1 , this will deregister it from individual’s user account, then you can run AppAttachDeStage.PS1 to completely remove the application.
Automate the Powershell Script
I have then used above script to automate the staging and registering using Task Scheduler on windows so that if any user logins in the future, they can able to use the app.
Please note on below (first) screenshot that when running this scripts under task scheduler, you shall use the group of users where you want app to attach. For example, on below I have selected Administrator group where my test users are located.
Added AppAttachStage.Ps1 and AppAttachRegister.Ps1 script in the actions tab.
On the log out event, I have added actions which will de-stage and de-register the application.
Below is the event we can use,
Summary
The aim of above blog post is to demonstrate MSIX package creation and then attaching them for users to use using app attach. We can see that in order to generate the packages, we can either use Windows10 or Windows 11 OS mainly because the MSIX package manger application is only available using windows store. Once we have the package ready we can use that package on Windows Server 2022 or Windows 11 operating systems. We have to run multiple PowerShell scripts to manage the attachment of the app for users to use. We have demonstrated on above steps where we have scheduled multiple PowerShell scripts to manage the app attach for the users. Scripts are being scheduled using the Task Scheduler and being run on user login-in and when user logs-out.
If we use Azure Virtual Desktop (AVD) which would have its console (host pool), it would be quite straightforward to manage the MSIX packages. If we use AVD, we will not need above powershell scripts being scheduled and run on user login and log out which makes this process rather less clunky.