Rob,
Deployment on windows is a tricky proposition:
first depending on the version of Windows the ACL may come to play. So
installation which was working fine on Windows XP all of a sudden stops
working on Vista/Win7.
On Vista even if user is part of "Administrators" anything he starts is
started as "User". Which also may be the case on XP if the computer
is member of Corporate "Domain" and domain has very customized security
policy.
For example, I have seen an extreme cases where the user after logging
onto the Domain would lose his access to the "C:\Program files", so they
can not run any locally installed application.
In another case installing something into the "My Documents" area also
was thwarted by the domain - upon loging in, the "My document" was
redirected to the shared network location and user lost his access to
the local file system.
With that in mind
Here are few pointers:
1. If you application is installed into the "Program Files" directory
as"YourAppFolder" and tries to write anything there, you have to make
sure that "Users" as a group do have a read/Write access to the
application folder. By default in Vista, anything in the "Program
Files" folder has read only access to most of the users. one of the
ways to overcome this is to change file/folder access permissions by
using something like calcs.exe which is built in command.( or
Xcacls.exe - part of the WinServer 2003 resource kit)
2. If your application is installing any device drivers it has to do it
as "Administrator" otherwise the regular users may or may not have
access to those drivers.
3. Digital signatures, while not required, are highly recommended in
windows environment. To get one you have to buy the signature from
Verisign or Thawte or....
4. Using the "res hacker" to make single executable out of you image
and visual.exe does invalidate the digital signature on visual.exe and
also makes it un-singable in the process, due to some file header check
sum. To overcame this first remove the signature from visual.exe , then
insert your image and then sign it with yours sig.
5. Mind the windows EXE manifest. The manifest could be a standalone
file or could be built into the EXE as a resource, with the "reshacker"
or any other similar tools.
In the manifest one can specify few parameters among which there are few
interesting ones:
here is the part, where you can specify how your app should be started.
<requestedPrivileges>
<requestedExecutionLevel level="asInvoker"
uiAccess="false"></requestedExecutionLevel>
</requestedPrivileges>
</security>
you can specify administrator if it has to be.
In my experience with the manifests, I found that some of the parameters
, while valid, can make your application non start-able on XP while
working on Vista.
Also there is another way to suggest the application to be run "As
Administrator" -- In the install script, People normally create a
"ShortCut"; there you can specify few things one of them is "Run Program
as adminitrator" found on the compatibility tab. Doing this simply adds
some values into the Windows registry.
I have few more stories about deployment on Windows, but a bit short on
time, so if you have any specific question just ask...
Hope this help
--Mark Pirogovsky
Rob Vens wrote:
> I create the .msi installers using VisualStudio. (Note that I create a
> single exe using ResHacker so that would invalidate the Cincom signing
> of the vm.) That still does not deal with the annoying startup
> question from Vista or Windows 7 that you need to run as
> administrator, right? Or is there a way for me to configure that? I
> appreciate any pointers.
>
>
> 2010/3/19 Steven Kelly <
[hidden email] <mailto:
[hidden email]>>
>
> We use InstallShield Express, and just leave it up to that to “do
> the right thing” for ACLs.
>
> I guess we’re going to have to look at signing our application in
> any case (we put the image into the .exe). There are some (very
> sparse) details on p15 of the 7.6 release notes. A little more can
> be found in previous discussions: searching for signing in the
> archives:
>
>
http://www.parcplace.net/lists/vwnc-archive>
>
http://www.parcplace.net/lists/vw-dev (if you have access)
>
> Steve
>
> *From:*
[hidden email] <mailto:
[hidden email]>
> [mailto:
[hidden email]
> <mailto:
[hidden email]>] *On Behalf Of *Rob Vens
> *Sent:* 19 March 2010 11:47
> *To:* VWNC
> *Subject:* [vwnc] Installing end user applications on Windows and ACL
>
> How do others install end user applications on Windows? One
> should, at least on Vista and later, deal with ACL rights.
>
> Should I not install in the Program Files directory to avoid my
> apps asking the user for administrator access?
>
> Do I need to sign the application, and how best to proceed with that?
>
>
>
> _______________________________________________
> vwnc mailing list
>
[hidden email]
>
http://lists.cs.uiuc.edu/mailman/listinfo/vwnc>
_______________________________________________
vwnc mailing list
[hidden email]
http://lists.cs.uiuc.edu/mailman/listinfo/vwnc
Locked
stakepointR_138_Setup.zip (6K)