4 replies to this topic

[danwise]

Hello All,

I'm trying to create a deployment project from vs2005 to install on Vista. I want a standard, non administrative user to be able to install it without having to submit an admin password. So, I have my test setup project set to install a single file. I've signed both the MSI, the file to be installed and the setup.exe. I'm installing to "c:\program files\appname\"

When a standard user on Vista tries to install the setup.exe, he gets prompted right away for admin credentials. When a standard user on Vista tries to install the .msi, we get into the first few dialog boxes of the installer. After clicking "confirm", we get prompted for admin credentials. What should I be doing to allow a standard user to install something without having to have an admin password.


I'm signing the MSI with the signtool.exe supplied in the platform sdk. So if I right click on the .msi, theres a "Digital Signatures" tab with proper info. I notice when I edit my .msi in orca that there is a "msidigitalsignature" property that is blank. Is there something I should be doing with that?

[Stefan Krueger]

Firts of all, make sure you install only to locations where the user has write access, like the users profile and HY_CURRENT_USER, and not in Program Files or HKEY_LOCAL_MACHINE. Then in your msi set bit 3 (value 8) in the Word Count property of the Summary Information Stream to indiocate that your setup doesn't require admin rights. I don't think that Visual Studio can do this, so you would have to post-process your msi with a tool like Orca.

[Zweitze]

I see two issues:

- Do not install in the Program Files folder, in Windows NT, Windows 2000 etc. regular users do not have modify priviliges to that folder by default.

- Recompile Setup.exe and include a manifest that tells Vista it shouldn't kick in the UAC. When a program is called "Setup.exe" or "Install.exe" Vista will always ask for credentials unless it carries that manifest - it's a compatibility issue for older setups (which would never ask for UAC because it doesn't know about that). By including the manifest (some kind of resource) you'll tell Vista that you know about this, and that you will ask for the UAC when the time is right. Another option is renaming Setup.exe to something else.

[danwise]

Thanks for both responses. I will try both on Monday.

- Yeah, I was hoping to be able to do it with just vs2005 but I have Orca, so we'll try using that in the post processing route.

- I'll also try to install somewhere else other than program files. But I'm curious, isn't that where you're supposed to install programs? Don't other vendors do the same without having to elevate rights - like adobe and such? Where is a kosher place to install then?

- I'll look closer but I'm not seeing a place in a VS2005 setup project to include a manifest. I've included manifests in normal .exes and .dlls but there doesn't seem to be a good place to include the manifest in a setup project.

Thanks for your help.

Sorry for the original cross post. I posted too hastily in a less trafficked and not as appropriate forum, then saw the appropriate forum.

[Stefan Krueger]

Installling to Program Files is generally recommended. Requiring elevated rights is generally expected and shouldn't be a problem in most cases. Actually, this is intended: you don't want restircted users to install software that might harm the computer without the administrator's consent.