When it comes time to creating a kit for your Client Solution, you will likely create a procedure that installs both your Solution components and the FESF components on a target system. The steps required to install FESF include the following:
•Copy the appropriate kit directory to the test system where your solution will be installed. Let’s assume you copy it to “C:\Program Files\Osr\FESF”.
•Install the FESF kernel-mode drivers: There are 4 drivers that
comprise the kernel mode portion of FESF – osrsupport.sys, osrisolate.sys,
osrds2.sys and osrdt2.sys. The drivers can be installed via their
associated INF files. The “release” (as opposed to “debug”) versions of
the FESF kernel mode components in the kit directory are signed by OSR and
attestation signed by Microsoft.
Note that after installing each
of the drivers via their associated INF files, the installation will ask you if
you want to reboot now or later. Select “later” and complete all
installation steps before rebooting. If you are going to
bypass using the INF files provided, please be sure to review these INF files
for dependencies that must be adhered to.
One potential method you
may choose to install the drivers from your custom installation application
(that properly uses the INF files) is to use DIFxApp – the Driver Install
Frameworks for Applications. There are, of course, other equally good
options. However, regardless of the installation mechanism that you
choose, we strongly recommend that you use the provided INF files, and also
carefully review the contents of those INF files to ensure you are aware of all
required settings or dependencies.
•Install the FESF user mode component FESFPolicy.exe: This service can be installed from an elevated command prompt using Microsoft Windows tool sc.exe with the following commands:
C:\> sc create FESFPolicy type= own start= auto error=
normal binPath= ”C:\Program Files\Osr\FESF\FESFPolicy.exe” depend=
OSRIsolate/OsrDs2/OsrDt2 DisplayName= ”OSR FESF Policy
Service”
Note
that the equal sign (“=”) is part of the option name and that a space is
required between the equal sign and the value. The “release” (as opposed
to “debug”) version of this service is signed by OSR.
Depending on the
technology you choose for your custom installer, set up the installation of this
user-mode service based on the parameters shown in the above command line.
•Run the FESFPolicy executable with the -config qualifier. This
ensures that the kernel mode components are configured correctly.
In normal operation, FESFPolicy will ensure that the configuration is kept up to date. This stage is only required to ensure that the system “bootstraps” up correctly.
•Create a Registry value of type REG_SZ under the path:
HKLM\SYSTEM\CurrentControlSet\Services\FESFPolicy\Parameters\PolicyDLL
that contains a path to your own policy DLL.
•Install/set up any additional components that are required for your solution.