Version of InstallAware: 6
We are currently trying to create patches for installation on a vista box, and we assumed that the use of the same digital signature should eliminate the UAC elevated privileges popup the user receives when installing updates.
The guidelines specified by Microsoft are indicated in the following article:
http://msdn2.microsoft.com/en-us/library/aa372388.aspx
It is clearly stated that authors of Windows Installer installations can create MSPs to be applied by non-Admin users, and if a number of conditions are met, you can also avoid the request for elevated privileges.
This does not seem to work for InstallAware 6. We have conducted a similar test on the trial version of InstallShield, and it worked as expected. The business case for us is simple - once the base installation is completed, our distribution model involves many point upgrades of the software, and we cannot inconvenience our users with this request for privileges each time. It has to run as a silent upgrade with minimal to no interruption.
Other associated questions will help to clarify:
- We need to be able to generate raw MSP files without any visual components. We don't need a self-installing executable to do this. With IA6 we created a 1 MB exe, but with InstallShield we were able to produce an 18KB MSP file. Have we missed some feature in IA6 that will allow us to do this?
-Will IA7 solve some of these issues?
Thanks in advance,
Nuno Borges
Installing MSPs without annoying UAC popup
-
nunoborges
- Posts: 8
- Joined: Thu Jul 19, 2007 10:10 am
-
Alex_Ronquillo
- Site Admin
- Posts: 364
- Joined: Mon Jul 30, 2007 11:51 am
- Location: USA
- Contact:
If patches are to be silently deployed, this can be achieved through Group Policy and automated privilege elevation.
Unfortunately to enable MSIcode, the EXE overhead is required - this is a technological difference which makes InstallAware's advanced Windows Installer functionality possible.
With a small patch this is an issue; but with larger patches you will actually be saving space using InstallAware's advanced compression (which is made possible by the EXE)
Unfortunately to enable MSIcode, the EXE overhead is required - this is a technological difference which makes InstallAware's advanced Windows Installer functionality possible.
With a small patch this is an issue; but with larger patches you will actually be saving space using InstallAware's advanced compression (which is made possible by the EXE)
Alejandro Ronquillo
InstallAware
Home of The Next Generation MSI Installer
Get your free copy today - http://www.installaware.com/
InstallAware
Home of The Next Generation MSI Installer
Get your free copy today - http://www.installaware.com/
-
lorrymoller
- Posts: 5
- Joined: Thu Aug 16, 2007 4:14 pm
Group Policy
Hi, thanks for your response.
Group Policy is something their administrator has to implement isn't it? This application is for download to unsophisticated home users, so I don't think we have access to that, unless you think we can apply that during the initial (elevated) install.
Do you have any recommended URLs that describe how to perform the Group policy updates required?
Thanks!
Lorry
Group Policy is something their administrator has to implement isn't it? This application is for download to unsophisticated home users, so I don't think we have access to that, unless you think we can apply that during the initial (elevated) install.
Do you have any recommended URLs that describe how to perform the Group policy updates required?
Thanks!
Lorry
-
nunoborges
- Posts: 8
- Joined: Thu Jul 19, 2007 10:10 am
Thanks Alex.
Group Policy installations are normally used by administrators when distributing product upgrades throughout a domain through active directory. We are distributing our software over the web, but our usage model includes many (sometimes daily) downloads that need to be applied as patches to the main .msi.
So, unless i'm missing something obvious in your response, i don't believe that group policy can be used in this case. The proof of concept we conducted with InstallShield did not involve group policy, and we were able to execute a patch without that annoying UAC popup. Is it possible that IA7 will have more enhanced Vista support, and that the behaviour we are seeing is a result of using IA6?
If this request will require more indepth support from IA i am happy to purchase support or the 5-ticket package.
Cheers,
NunoBorges
Group Policy installations are normally used by administrators when distributing product upgrades throughout a domain through active directory. We are distributing our software over the web, but our usage model includes many (sometimes daily) downloads that need to be applied as patches to the main .msi.
So, unless i'm missing something obvious in your response, i don't believe that group policy can be used in this case. The proof of concept we conducted with InstallShield did not involve group policy, and we were able to execute a patch without that annoying UAC popup. Is it possible that IA7 will have more enhanced Vista support, and that the behaviour we are seeing is a result of using IA6?
If this request will require more indepth support from IA i am happy to purchase support or the 5-ticket package.
Cheers,
NunoBorges
-
Alex_Ronquillo
- Site Admin
- Posts: 364
- Joined: Mon Jul 30, 2007 11:51 am
- Location: USA
- Contact:
InstallAware 7 does have enhanced Vista support, especially in the form of automatic Vista Certified logo compliancy.
However I am not sure how this applies to patches. For any InstallAware setup in Vista, if the user is admin, a UAC dialog will be shown for elevation to full admin rights. If the user is not admin, the UAC dialog will not be shown and setup runs with regular rights. In case a non-admin user has an admin password, they can right-click the setup and choose Run as Administrator from the popup menu. But we do not provide manual UAC control in our setup authoring process.
Was the original setup installed as ordinary user or admin? Are you able to see the issue below when the original base setup was installed as regular user?
However I am not sure how this applies to patches. For any InstallAware setup in Vista, if the user is admin, a UAC dialog will be shown for elevation to full admin rights. If the user is not admin, the UAC dialog will not be shown and setup runs with regular rights. In case a non-admin user has an admin password, they can right-click the setup and choose Run as Administrator from the popup menu. But we do not provide manual UAC control in our setup authoring process.
Was the original setup installed as ordinary user or admin? Are you able to see the issue below when the original base setup was installed as regular user?
Alejandro Ronquillo
InstallAware
Home of The Next Generation MSI Installer
Get your free copy today - http://www.installaware.com/
InstallAware
Home of The Next Generation MSI Installer
Get your free copy today - http://www.installaware.com/
-
Alex_Ronquillo
- Site Admin
- Posts: 364
- Joined: Mon Jul 30, 2007 11:51 am
- Location: USA
- Contact:
Please answer to the question we made you on the last post.
"Was the original setup installed as ordinary user or admin? Are you able to see the issue below when the original base setup was installed as regular user?"
"Was the original setup installed as ordinary user or admin? Are you able to see the issue below when the original base setup was installed as regular user?"
Alejandro Ronquillo
InstallAware
Home of The Next Generation MSI Installer
Get your free copy today - http://www.installaware.com/
InstallAware
Home of The Next Generation MSI Installer
Get your free copy today - http://www.installaware.com/
-
lorrymoller
- Posts: 5
- Joined: Thu Aug 16, 2007 4:14 pm
-
lorrymoller
- Posts: 5
- Joined: Thu Aug 16, 2007 4:14 pm
I am working with Nuno on this issue.
Our goal is that patches should be able to be applied without the popup regardless of the admin privileges.
We realize that the app must be installed with elevated privileges (and a pop-up dialog that shows the digital signature), but Windows MSI 3.0 documentation describes how patches with the same digital signature as the original install can be applied without admin privileges (and the popup)
From the MS URL in Nuno's first post
"User Account Control (UAC) patching enables the authors of Windows Installer installations to identify digitally-signed patches that can be applied in the future by non-administrator users."
Does IA 6 or 7 support this?
Thanks!
Lorry
Our goal is that patches should be able to be applied without the popup regardless of the admin privileges.
We realize that the app must be installed with elevated privileges (and a pop-up dialog that shows the digital signature), but Windows MSI 3.0 documentation describes how patches with the same digital signature as the original install can be applied without admin privileges (and the popup)
From the MS URL in Nuno's first post
"User Account Control (UAC) patching enables the authors of Windows Installer installations to identify digitally-signed patches that can be applied in the future by non-administrator users."
Does IA 6 or 7 support this?
Thanks!
Lorry
-
nunoborges
- Posts: 8
- Joined: Thu Jul 19, 2007 10:10 am
Who is online
Users browsing this forum: No registered users and 172 guests
