Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
1.0k views
in Technique[技术] by (71.8m points)

windows - Deploying application with .NET framework without admin privileges

Disclaimer: If this question does not belong on SO, please leave a hint where to move it.

Hello everyone,

the company I work for has developed an application that has accumulated a bunch of dependencies over time:

  • .NET 3.5 with updates
  • .NET 4.0 with updates
  • VC++ Redist 2010
  • VC++ Redist 2013
  • VC++ Redist 2015
  • Our proprietary device driver

Everything was then packaged into an Inno Setup executable and distributed to the clients. Recently, the need for an auto-update mechanism has been pointed out, which causes us to run into privilege problems. Here are some of the product demands I need to meet (and cannot figure out how):

  • Installer (and product) must support legacy hardware and software (read as Windows XP and later)
  • The installation (including auto update installations) may require an admin login exactly once (during first installation). This means that the auto-update installer must be able to run silently under a non-admin account.
  • The installer should install to the {commonappdata} folder (locked) and the end application should behave the same
  • The dependencies must be included in the application installer. They do not need to be included in the auto-update installers.

This may seem trivial at first glance, but every combination I try, I run into the "access denied" message either during installation or at update time. Does anyone know of a reliable way to do this?

See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Answer

0 votes
by (71.8m points)

You cannot update an application installed to Administrator-only folder without Administrator privileges.

The only way to implement an auto update of such application is to implement, what Windows Update, Mozilla Maintenance Service, Google Chrome Elevation Service, Adobe Acrobat Update Service and similar services do:

  • On the first installation with Administrator privileges, install a service with Administrator privileges.
  • Either have the service itself check regularly for updates and start the auto update;
  • Or if you need to trigger the update otherwise, implement an API for the service that someone (e.g. the application itself running without Administrator privileges) can call to trigger the auto update.

Installing a service with Administrator privileges to a client system is a huge breach. So if you decide to do that, make sure you do it 200% right, not to introduce holes into the client system.


Related questions:


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...