Basics of MSI Rollback

What is MSI Rollback?

MSI rollback feature allows windows installer to revert the system to the original state in case the installation was unsuccessful. If the MSI installation fails or is cancelled by the user, rollback feature allows to undo the changes it made to the system. Among many advantages of using windows Installer over EXE, rollback is one of them.

How MSI Rollback is accomplished?

Installation of MSI is always assisted by an installation script that instructs windows installer what actions it has to perform. Simultaneously, windows installer will also generate a rollback script and save it under %SystemDrive%\Config.msi folder which is hidden. Each operation recorded in the rollback script is a direct response to an operation in the installation script. This script is saved with a file extension .RBS (which stands for Roll Back Script). A rollback script is a binary file that contains a sequence of operations such as file and registry updates.

Windows Installer also saves a copy of all the files being deleted or updated during the installation. These files are saved to the Config.Msi folder with an extension .RBF (which stands for Roll Back File).

In short, the Config.msi is a folder used to save rollback related files and can contains two types of files. Files which have .RBS file extension are rollback script files and files with .RBF file extension are the backups of existing files. Both the rollback script and rollback files are deleted once the installation is completed successfully.

The .RBF files are stored in the Config.msi folder of the drive where the application that is being backed-up currently resides, while .RBS files are always stored in the drive where operating system is installed. In case your operating system and application being backed-up reside under same drive let’s assume C:\ then both .RBS and .RBF will be created under C:\Config.msi folder.

What cannot be roll backed? 

Though Windows Installer tries to restore the system to best possible pre-install state but it cannot rollback every action it performs.

For every standard MSI action, a rollback action exists in the rollback script. But for any changes done by the custom actions, MSI cannot automatically undo them unless the author of the MSI (or MST) has explicitly written a “Rollback Custom Action” corresponding to every custom action. Any custom action involving either of the below is not roll-backed by default:

Launch or Install an executable during MSI installation.

• Calling special functions from a DLL.
• Running VBS, BAT, CMD or PowerShell scripts.
• Nested MSI installations.

Also, if your MSI uses SelfReg table to register the DLLs during the installation, rollback of those DLLs cannot be done safely and reliably.

How to disable or enable MSI Rollback functionality?

Rollback functionality of MSI can be enabled or disabled at different levels:  

At Machine Level:

In order to enable or disable the rollback functionality at machine level, a policy registry (either a user or machine) needs to be set.

Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Installer
Value: DisableRollback
Type: DWORD
Data: 0 or 1

or

Key: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Installer
Value: DisableRollback
Type: DWORD
Data: 0 or 1

Value “1” will disable the rollback functionality of Windows Installer while value “0” will enable it. If the registry is absent on the machine, it means it is already enabled.

At Domain Level:

Perform the following steps to prevent or allow the rollback functionality of Windows Installer at domain level through GPO:

• Open the relevant GPO. 
• For example, open the Microsoft Management Console -> Active Directory Users and Computers snap-in -> Right-click the organizational unit (OU) or domain -> Select Properties -> Select the Group Policy tab -> Select the GPO -> Click Edit.
• Expand Computer Configuration -> Administrative Templates- > Windows Components -> Windows Installer.
• Double-click "Prohibit rollback."
• Select Enabled or Disabled as per the requirement.
• Click OK.

At MSI Level:

To prevent a MSI from generating a rollback script (.RBS) and saving copies of deleted files (.RBF) during the installation, set DISABLEROLLBACK property to 1.

Note: In case rollback is disabled and MSI installation fails, the files and registry installed on the machine during incomplete installation will be retained on the machine causing wastage of disk space. Though it is sometimes used as a tweak to fasten the installation of big sized MSIs as files being updated do not have to be backed-up, but is not a best practice.

Relation between rollback files and pending machine reboots?

If the files to be deleted (or updated) are still in use during the uninstallation (or upgrade) of MSI, the corresponding RBF is not deleted immediately. The deletion of such RBF files is postponed to the next machine reboot. OS keeps a track of such files using PendingFileRenameOperations registry which is created under below hive:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager

PendingFileRenameOperations is a multi-string type registry which can save the locations of different files that are supposed to be deleted at next machine restart.

It could happen that system claims to have the updated software installed under “Add Remove Programs”, but the upgrade process has failed to stop and restart the process that was holding the old file. Forcefully killing such processes will lead to a bad user experience as application will be killed, hence the actual file removal is taken care at the time of reboot. You might have come across applications which returns error code 3010 after upgrade while fresh installation returns error code 0. One reason for this kind of application behaviour is because it has to remove the old files which were in use during the upgrade.

Example of a RBF not deleted after successful uninstallation, while its entry gets created in PendingFileRenameOperations registry so that it can be removed at next machine reboot.