With the release of the first PCs running Windows 10 S, it’s time to reconsider how you package and distribute your code.
Up till now, Windows has been installer-agnostic, supporting many different ways of getting apps onto PCs: the familiar Microsoft installer, third-party tools, Xcopy, or running an executable file. Windows 10 S takes a different approach, locking PCs down to digitally signed apps, with controlled access to files, delivered by the Windows Store.
There’s a considerable advantage to using the Windows Store for software distribution of your applications in the Universal Windows Platform (UWP) .appx format. For one thing, it handles updates automatically, so you don’t need to write your own update code. It also supports differential updates, minimizing code downloads. But the Windows Store isn’t a Trojan horse to give Microsoft a cut of all your sales. Even in Windows 10 S, you can distribute .appx installers to Windows 10 users directly (aka “sideloading”) or via Microsoft’s Intune management tools—whether for commercial or internal distribution.
However, this change doesn’t mean traditional (Win32) desktop applications can’t run on Windows 10 S, nor does it mean you must rebuild them as UWP apps. Microsoft’s Windows Desktop Bridge tools can take existing your code and wrap it for Windows Store distribution to Windows 10 PCs (including those running the Windows Store-only Windows 10 S).
Originally unveiled as Project Centennial, one of a series of bridges between other platforms and Windows 10’s UWP APIs, the Desktop Bridge is a set of tools that take existing Win32 desktop applications and prepare them for distribution in the Windows Store. The process can be as simple as wrapping code in the Windows Store installer (as an .appx file) via the Desktop Converter or as complex as using UWP APIs in your code as part of a platform migration.
The Desktop Bridge approach does make things more complex, but you shouldn’t see that as a bad thing. You get better, more secure apps as result
Beyond ensuring that only digitally signed code can be installed on a Windows 10 S PC, Windows 10’s Windows Store installations take advantage of the latest Windows releases’ improved application security. Instead of giving your code full access to the system, UWP apps keep application state separate from system state, with a virtualized registry and a sandbox. It’s a very different way of working, a long way from the free-ranging access historically given to desktop applications.
Desktop Converter is the first step
Using the Desktop App Converter goes a long way to bridging the security gap, though not all the way. That’s why you ultimately want to refactor your applications as UWP ones. But in the meantime you can use Desktop Bridge’s various tools to make the move in stages.
Conversion begins by downloading the Desktop App Converter. Although not strictly a converter (for one thing, it doesn’t change your code), it does handle most of the basic steps needed to prepare code for the Windows Store. From an existing installation file, it generates all the appropriate handlers and file mappings, as well as registering COM servers and generating the certificates needed to allow a packaged app to install and run. It also handles validation tests, indicating what changes you’ll need to ensure an app can run in the more constrained Windows Store app environment.
Other options support manual construction of .appx files, which is essential if you use Xcopy rather than an installer, and building Windows Store installers from inside Visual Studio. If you’ve still got access to the source code it’s worth taking this route, because it’s the first step in converting an app from Win32 to UWP. (In actual code conversion, you’re not limited to Microsoft’s tools, because there now several third-party installers that work with the Desktop App Converter.)
You should know that your converted desktop apps aren’t sandboxed, so they won’t be as secure as a full UWP app. But they do isolate some key features:
- A private copy of a user’s AppData folder handles their application state, with all reads and writes redirected.
- Similarly, files and folders that would have been in Windows standard folders are in a virtual filesystem, stored alongside your app. Application calls are redirected to the app’s own copies of those files and folders.
- The same happens with the registry, with a local file holding the application’s own keys, and a virtualized copy of the rest of the registry handling application writes.
- When you uninstall a converted app, it also deletes the associated virtual files and registry, making cleanup very simple.
The result is a much more secure app, one that won’t interfere with other applications by installing different versions of libraries or changing registry keys. It might not be as secure as running code in an isolated sandbox, but it’s certainly an improvement over Windows’s normal free-for-all.
Accessing Windows 10 features via the UWP APIs
There’s more to the Desktop Bridge than providing a Windows Store wrapper for older apps. It has tools to call UWP APIs from your existing Win32 code in Visual Studio, as well as adding support for Live Tiles and other Windows 10 features. When you’re ready to go beyond the Desktop App Converter phase, you can use Visual Studio to start migrating code to the Windows 10 platform, eventually delivering a full UWP Windows Store app.
In many cases you won’t even need to write code to add Windows 10 integration. Instead you can use XML configuration files to control how the Desktop Bridge exposes features. These XML configuration files can define file associations, set up firewall rules, and set up application startup. Other options handle deeper integration with Windows 10’s File Explorer, including providing embedded document previews.
But there are some significant limitations to extending your existing Win32 apps with the UWP APIs: You won’t be able to take advantage of Windows 10’s authentication features or use the built-in productivity APIs. In practice, this shouldn’t be too much of an issue, because most older code is standalone and so doesn’t need access to these features.
Moving fully to UWP isn’t practical for many existing applications, so the Desktop Bridge provides a reasonable interim solution. You get access to many Windows 10 features without having to write new code, and at the same time you get a route to an eventual update of your app. It’s not perfect, but it’s good enough to take advantage of the Windows Store and Windows 10 S.