I am trying to construct a silent install using Inno Setup. I am using the /SILENT and /VERYSILENT command parameters, and everything works fine, except for the UAC window popping up at the start.
How do I get around this issue?
I have found a few posts loosely mentioning about using SignTool, but other sources have said that this will simply change the UAC box blue with the publisher parameter filled.
Can anyone help here? The scenario is an installer which will be distributed over the internet to update existing software on a machine silently without any user interaction.
To run a setup elevated without the UAC prompt, you need to run it from something that is already elevated. It would defeat the entire point of UAC if programs could elevate without the user controlling access.
Signing the executable does just show the publisher.
The basic idea is to first install a service that runs under the Local System account, and this service will launch your update installers so that updates can bypass UAC, and don't force the end user to run as admin. If you don't want to develop one on your own, there are 3rd party solutions like this:
http://www.autoupdateplus.com/
When your users first install your application, an "updater service" gets installed, and all subsequent updates can be silent.
(We used to use AutoUpdate+, but later decided to roll our own which just downloads the full installer file of our appliation and runs it silently. This wasn't possible with AutoUpdate+, we had to create update packages with the changed files, which turned out to be too much hassle, with too much room for error.)
I have found one solution of it, like If I do the following before Installing my EXE for temporary then on post Installation I revert it. then, I hope my purpose get solved.
[Registry] Root: "HKLM"; Subkey: "SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System"; ValueType: dword; ValueName: "ConsentPromptBehaviorAdmin"; ValueData: "0x00000000"
You can install it as User Software. Then you have no problems with UAC because it is no system wide software. ProgramData must be stored in User Folders and Registery Settings must be done under CurrentUser.
Not sure if you like to do that.
But anyway. You do not have to take care of UAC. Companies will have a deployment server with elevated rights so silent deployment will not force there a UAC message.
The UAC message is the normal behavier
Related
I am building an installer in Inno Setup v6.2.1 with prerequisites, which include .NET, runtimes, and KB fixes (Windows 7 SP1). The goal is to do potentially several reboots depending on if the machine is missing KBs or .NET etc.
I am able to achieve what I want so far using PrepareToInstall and can change the text by returning the appropriate string. No problems... however I can't find a way of changing the.
Setup must restart your computer. After restarting your computer, run Setup again to complete the installation of xxxxx
Because I am creating a runonce entry, the installer will automatically run after reboot (which it does). The text "run Setup again" is not relevant in my situation and I want to change the text to say that the installer will continue once you restart.
I have tried to find where to change this text but with no success. I assume that PreparingMemo might be the candidate but no luck or not sure how to use it. Any help would be appreciated.
See Handling and customizing errors and messages in Inno Setup.
This particular message is defined by the PrepareToInstallNeedsRestart message.
You can change it in the [Messages] section:
[Messages]
PrepareToInstallNeedsRestart=Setup must restart your computer. After restarting your computer, the Setup will continue to complete the installation of [name].%n%nWould you like to restart now?
If you need to change the message text dynamically, assign WizardForm.PreparingLabel.Caption. E.g. from CurPageChanged(wpPreparing) event.
I've just developed a .NET program which has the ability to patch itself.
I've noticed that the patching process only runs if I choose "run as administrator".
It seems I need to "create and embedd an Application Manifest", according this this:
https://msdn.microsoft.com/en-us/library/bb756929.aspx
So my question:
Is it normal for applications like mine (which can patch themselves) to require Admin rights, and is this the route I should be going?
Thanks
If your application does not normally require elevation then I don't recommend that you request it in your manifest because it will be very annoying for your users. Firefox uses a NT service to get around the UAC dialog but I can't really recommend that either unless your updates are very frequent.
I would suggest that you write a little updater application that does the patching. It can request elevation in its manifest and this way the user only has to elevate when there is something to patch. If you don't want another .exe in your bundle, you can execute yourself again with the runas verb when you need to patch.
Edited the NSIS script to include this line:
AccessControl::GrantOnFile \"$INSTDIR" "(S-1-5-32-545)" "FullAccess"
This gave the User account full access to the application folder within Program Files, meaning my patcher could write to it without any problems.
I have created an installer using Inno Setup. The installer uses a packaged-in DLL to check availability of a specific device on the target machine. If the device is found, the installation is allowed to finish, otherwise the installation is rolled-back (rollback is done using below lines in script):
if <DeviceNotFound> then
begin
CancelWithoutPrompt := true;
WizardForm.Close;
end;
I have checked that the above check and rollback logic works fine if the setup is run with /silent cmd line param. However, when I use /silent param, the setup displays the Installation progress wizard form.
Also, I found that if I run the above setup in /verysilent mode, then the "DeviceNotFound" check logic works fine but the rollback logic doesn't work and it seems as if rollback logic doesn't get executed at all. Instead of performing rollback, the installer successfully installs.
Now, I have a requirement to run the setup silently so that no window is displayed but it must install or rollback based on device check. Therefore, I have the below queries:
Can I rollback the installer when it is running in /verysilent mode? If so, please advise how it may be achieved. I can detect verysilent install mode as shown in question:
How to detect whether the setup runs in very silent mode?
Alternatively, can I Hide/Minimize the Installation progress window when it is running in /silent mode? If so, please advise how it may be achieved.
Please help me with my above queries.
Sorry to be so descriptive but I tried to explain my problem and queries!
EDIT
I am not doing the above mentioned check in InitializeSetup(). I am doing the check from a function invoked by AfterInstall directive from [Files] section. I have a limitation that I cannot do it from InitializeSetup() as the packaged-in DLL is not extracted till [Files] section completes. I also need to run the installer in Windows PE (Preinstallation Environment), hence I cannot use ExtractTemporaryFile() function to forcefully extract the DLL because the {tmp} path is not valid in that environment. That leaves me with only one option is to check after [Files] section is done. Please advise!
Your constraint on not using ExtractTemporaryFile does not make sense.
The Inno Setup installer always creates a temporary folder for the installation.
2015-07-31 09:02:07.458 Created temporary directory: C:\Users\martin\AppData\Local\Temp\is-1CN29.tmp
If it is not possible to create the folder, the installation fails.
The Inno Setup tries to create the temporary folder in these locations:
%TMP%
%TEMP%
%USERPROFILE%
Windows installation folder (C:\Windows)
At least the last path has to exist even in the "Windows PE".
So I do not think, there's anything preventing you from using the ExtractTemporaryFile function.
Folk,
I need to bypass UAC, through my Installer. Please note I am using InnoSetup/NSIS/Advanced Installer. I have tried all settings like SILENT / VERYSILENT but nothing has worked.
Help me out :)
Regards
Subh
You cannot bypass UAC, the user is in control, that is the whole point of UAC! If you want to do machine wide changes that require Administrator privileges there is no way around it.
The only way to avoid it is to do per-user installs into [local]appdata & HKCU (Like Chrome etc). To avoid legacy setup detection you should use PrivilegesRequired/RequestExecutionLevel and only ask for lower/user privileges...
Thanks guys :)
I guess I fave found one solution of it, like If I do the following before Installing my EXE for temporary then on post Installation I revert it. then, I hope my purpose get solved.
[Registry]
Root: "HKLM"; Subkey: "SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System"; ValueType: dword; ValueName: "ConsentPromptBehaviorAdmin"; ValueData: "0x00000000"
If anybody like to discuss on this ,
Here I am at skype : subh.anand
Go to Settings, Recovery, Advanced Restart. Press Trobleshoot, More Options, and Command Prompt. Then type in ren Utilman.exe Utilman1.exe ren cmd.exe Utilman.exe. Then go to the login screen, click the dotted power button and you have an admin command prompt!
Folks,
I've got a strange issue at the moment with a visual studio 2010 built MSI...
When I run the msi, it performs a few tasks, then executes a tool we built - this tool then carries out some more advanced work we couldn't do within a custom task.
The issue here, is then when the msi starts my custom built tool, it doesn't execute it with the same credentials as I start the MSI with (i.e. my administrative login).
Is there a parameter I can pass to an MSI to enforece this? Or perhaps I can pass the credentials to the process when I start it?
My process is started using Process process = Process.Start(procInfo) nothing fancy. I've also noted the ability to pass in a parameterised username/password/domain, but this will vary depending on the user who is installing - can this be extracted from the installer somehow?
Any help (or questions) welcomed.
Dave
EDIT: for clarity... I'm running the MSI under my domain account, and I want my custom process to run under that 'context'. At present, it starts (regardless of whether I start as administrator or not) under the SYSTEM account (rather than mydomain\me). I'm using Windows Server DataCenter edition if that helps...
I should also add, I think this is a policy issue, but I've no idea what to check/where to check...
By default Windows Installer runs custom actions as the current user. If the MSI is elevated, custom actions will run as the elevated user.
Please note that if you are running the MSI as an Administrator, it doesn't mean your custom actions will have full Administrator privileges. On Vista or higher any user can gain Administrator privileges through elevation.
So if your custom actions need Administrator privileges, make sure they use the msidbCustomActionTypeNoImpersonate flag so they run under the local system account.
If this is not the problem and you just need access to the current user data, can you please give me more details?