How To Install Gacutil Exe On Windows Server VERIFIED
Elenora Haspel
I have a customer using Windows Server 2008 for hosting its ASP.NET web applications. The operating environment on the server is kept very clean and lightweight, so only the bare necessities are installed. For example, there are no office productivity tools (like Office) or integrated development tools (like Visual Studio) installed in these environments. This is definitely a good practice; it keeps the potential attack surface small, and it helps to ensure that the server runs as fast as possible, without any potential for bogging down due to unnecessary programs or processes.
All of the web applications on this particular server rely on a Microsoft.NET assembly from a third-party software component vendor. The assembly DLL file is over 14 MB, which is relatively large, so we decided to move the DLL into the Global Assembly Cache (GAC) so it can be shared by all applications. Previously, a copy of the DLL was installed in the bin directory for every application that used it. This was wasteful of resources, and more difficult to maintain when the vendor released updates to the assembly.
You will recall the global assembly cache is machine-wide code cache that stores assemblies that are specifically intended for sharing by several applications on the computer. The Global Assembly Cache Tool (gacutil.exe) allows you to install assemblies into the cache, remove them from the cache, and list the contents of the cache. Using the tool to install an assembly into the cache is simple:
According to Microsoft, gacutil.exe is considered to be a development tool. Because of this, it is contained in the .NET SDK and not in the .NET redistributable. Visual Studio comes with the SDK, so if you have Visual Studio installed, then this tool is installed with it. For example, on my development machine, the executable file is located here:
Note that the previous command might remove more than one assembly from the assembly cache because the assembly name is not fully specified. For example, if both version 1.0.0.0 and 3.2.2.1 of hello are installed in the cache, the command gacutil /u hello removes both of the assemblies.
Use the Microsoft Gacutil tool at -us/dotnet/framework/tools/gacutil-exe-gac-tool to install a DLL into the Global Assembly Cache (GAC). For more information, refer to "How to install an assembly into the Global Assembly Cache in Visual C#" at -us/troubleshoot/dotnet/csharp/install-assembly-gac.
There is no gacutil.exe in c:\windows\Microsoft.NET\Framework\v2.0.50727\ and I will not have Visual Studio installed on the servers where my applications & scripts using the components need to run. Do I need to install the .NET Framework SDK on these systems? Or will this PowerShell script do the job?
I read elsewhere that just copying gacutil wasn't advisable. The powershell script did the job and is more portable; I can just include instructions to run it from a shared drive as part of the install process.
If you have the .NET Framework SDK installed, you can access the GAC through windows explorer by opening C:\Windows\Assembly . The image below shows you how the GAC is displayed in Explorer using the extension.
GacUtil is installed on development machines with Visual Studio installed. Suppose you want to GAC an assembly on a production server, you can copy gacutil from your development server. If you use .Net Framework 4.0 on a 64-bit machine, gacutil is located in the following directory:
C:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\Bin\NETFX 4.0 Tools
A workaround for this is to set Regional Settings to English (United States) during installation. I suspect that the gacutil is only necessary for registering assemblies at install-time and that regional settings therefore safely can be set back to original settings after the installation has finished.
If you have Windows SDK installed then you might also have the .NET 4 version of gacutil.exe, check out %ProgramFiles%\Microsoft SDKs\Windows\v7.1\Bin\NETFX 4.0 Tools, but I suppose that the installer just can't find it, so you should add the folder to the %path% or something.
It should make your systems admins happy too, for not having to install Office on servers, having to write the ham-fisted code to try and kill your hanging Excel process after the fact, trying to write all the code to get all the COM references released so your Excel process can go away gracefully on its own, etc.
A couple of ways exist to install a DLL into the Global Assembly Cache (GAC). Using gacutil.exe is one, but this comes as part of a Visual Studio installation, and in a server environment, you may not have the luxury of installing Visual Studio, just to get the utility installed.
For that purpose you can use the gacutil.exe but this is not part of the standard installation. You have to install the Windows SDK. Once installed, then this utility is located in C:Program Files (x86)Microsoft SDKsWindowsv7.0ABin directory. You do not need to install the SDK on all the machines where you need to deploy the assembly. It is enough to copy the gacutil.exe and gacutil.exe.config files to the target machines and use it to install/un-install the assembly. You have to execute it from command prompt with administrative privileges, so in case of UAC enabled, you have to run the command prompt AS Administrator.
If you want to use the ISE also on Windows Server 2008, you have to enable that feature on the server first, as the PowerShell ISE is not installed and enabled by default on Windows Server 2008. So go to Server Manager, choose Add Features and add the PowerShell ISE Feature.
IIS provides several mechanisms to extend the functionality of the web servers. For example, Internet Server Application Programming Interface (ISAPI) extensions and filters can be installed to examine and/or modify incoming and outgoing IIS web requests. Extensions and filters are deployed as DLL files that export three functions - GetExtension/FilterVersion, HttpExtension/FilterProc, and (optionally) TerminateExtension/Filter. IIS modules may also be installed to extend IIS web servers.
Adversaries may install malicious ISAPI extensions and filters to observe and/or modify traffic, execute commands on compromised machines, or proxy command and control traffic. ISAPI extensions and filters may have access to all IIS web requests and responses. For example, an adversary may abuse these mechanisms to modify HTTP responses in order to distribute malicious commands/content to previously comprised hosts.
Adversaries may also install malicious IIS modules to observe and/or modify traffic. IIS 7.0 introduced modules that provide the same unrestricted access to HTTP requests and responses as ISAPI extensions and filters. IIS modules can be written as a DLL that exports RegisterModule, or as a .NET application that interfaces with ASP.NET APIs to access IIS HTTP requests. (reference MITRE)
I blogged about installing .Net Assemblies in GAC for Windows Server 2008 (Celtic Coding Linky), but for 2008 R2 it no longer works unless you change the Security Policy and re-boot the server (blogs.msdn.com).
This isn't really an option on a live server so I decided to use gacutil.exe. Yes I abortion pill safety know this is not supported in a live environment but it works and late term abortions when under tight deadlines it is a proper option.
Do you have ArcGIS Server installed in your development machine? If you don't, the missing 'ESRI.ArcGIS.SOESupport' dll file is located at C:\Program Files\ArcGIS\DeveloperKit10.2\bin folder, you can either use the gacutil.exe to register the dll into GAC or directly drop the dll into the C:\Windows\assembly using Windows Explorer.
Global Assembly Cache (GAC) is located on a system and stores assemeblies (DLLs) which is specifically will be shared by several applications (like web/windows). Common language runtime is installed has a machine code cache called the global assembly cache.
dd2b598166