I am stuck at some UAC issue (I guess).
My question is: What does this UAC Shield Icon on some applications mean? And how would I get this icon to my Inno Setup setup.exe?
Inno Setup installers require Admin Privileges by default (if not customized by installer creator). UAC popup will be triggered if user did not change UAC settings in Windows.
http://www.jrsoftware.org/ishelp/index.php?topic=setup_privilegesrequired
[Setup]: PrivilegesRequired
Valid values:
none, poweruser, admin, or lowest
Default value:
admin
Description:
The effect of this directive depends on which version of Windows the user is running:
As others have said, Inno Setup requires administrator privileges by default, and will trigger the UAC prompt. You can change that with PrivilegesRequired. The problem with this is that it doesn't show the shield icon on the executable.
The best way to do it is to use the Microsoft's Manifest Tool and change the manifest embedded in the executable. It is usually included in Microsoft SDKs, which are free to download from Microsoft. Once you install it, the Manifest Tool is usually located in C:\Program Files (x86)\Microsoft SDKs\Windows\v7.1A\bin\mt.exe. Note that some SDKs don't include it. I also found it in https://github.com/eladkarako/mt, if you don't want to install the SDK.
To extract the manifest from the executable, execute this in the command line: "path to mt.exe" -inputresource:"path_filename.exe";#1 -out:"path_filename.exe.manifest"
Now change asInvoker to requireAdministrator in path_filename.exe.manifest (manifest files are actually XMLs, so you can edit them with a text editor)
To put the manifest into the executable: "path to mt.exe" -manifest "path_filename.exe.manifest" -outputresource:"path_filename.exe";1
There you go! The executable now has the shield icon no matter what!
There's another method, which is far less useful. You can change the executable to run as administrator in the registry (same as right clicking it --> Properties --> Compatibility --> checking Run as Administrator on). To do this, create a string value that has the name set as the path+filename of the executable, and contains the data/text RUNASADMIN; the value has to be created in:
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers if you want to change it for the current user
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers if you want to change it for all users (this usually requires you to have administrator privileges)
The problem with it is that it doesn't carry over if you move the executable (you have to do it all over again) or give it to someone else (they have to do it, or have to run some tool to do it). This is not useful.
Related
According to the docs, Inno Setup uses AppName or AppId to allow you to create an update program that will automatically put its files in the same path which the user installed the initial application to.
I need to be able to determine where Inno Setup installed files to based on AppId, but NOT from within Inno Setup. For example, I need to be able to determine this from a Python script.
One use case: patching a file in the installed program location. It would be overkill to package an entire installer just to, say, conditionally add or edit a line in a text file. A simple Python script could accomplish this, plus the user could review the script if they desired. I cannot and should not assume the user just installed to the default location, hence why I need to be able to see where the user installed the program.
Inno Setup obviously stores this somewhere since it is able to make its own patches, but I can't seem to find it in the registry. I've searched the Registry for my app ID but I only see it in the Uninstall section. I can probably pull it from there, but I think you can also create installers without uninstallers – where would this end up in that case?
The path is stored to registry to HKLM (administrative install mode) or HKCU (non administrative install mode) to a subkey named after the AppId with _is1 suffix, stored under a key SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall (as you alraedy know). The value name is Inno Setup: App Path. The path is also stored to InstallLocation with additional trailing slash, as that's where Windows reads it from. But Inno Setup reads the first value.
An example for HKLM:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\appid_is1]
"Inno Setup: App Path"="C:\\Program Files\\My Program"
"InstallLocation"="C:\\Program Files\\My Program\\"
You can see this in dozens questions, that show how to read the value in Inno Setup code. For example:
How to get path of installation of target game/application from registry when installing mod/plugin using Inno Setup?
If you create an installer what cannot be uninstalled (CreateUninstallRegKey=no or CreateUninstallRegKey=no), then the path is not store anywhere. In such case you would have to explicitly code your installer to store the path for you somewhere.
Is it possible to change the icon of the uninstaller shortcut in the Start menu without storing a separate icon file (to the app folder)?
I see this: Using Resource Hacker for changing the icon after the build, but I cannot implement it.
My code:
[Icons]
Name: {group}\{cm:UninstallProgram,{#MyAppName}}; Filename: {uninstallexe}
An icon of a Windows shell shortcut can be set by an external icon file (what you do not want) or by the file the shortcut points to. So you have to modify the icon of the uninstaller.
You have to modify the uninstaller icon on a compile time.
You cannot do this on install time, as the uninstaller includes its own checksum. If you modify the uninstaller, it with refuse to start, claiming it is corrupted. Unless you find out how to also fix the checksum stored in the uninstaller.
But Inno Setup does not really allow modifying the uninstaller icon on a compile time.
What you can do, is to abuse the SignTool "callback". The command set to SignTool processes even the uninstaller. And it can actually do anything with the uninstaller, not only "sign" it. But it has to "sign" it in any case (Inno Setup explicitly checks that the executable was signed after the "tool" finishes).
You can achieve that by setting SignTool to a batch file (or other script) that will run the actual signtool.exe in the end, but before that, it will modify the icon (e.g. using Resource Hacker command-line).
For an example of such batch file that both modify the uninstaller and signs it, see Microsoft SmartScreen - suspended using Inno Setup installer?
So this is doable, only if you do code signing (what you should anyway). You need a code signing certificate for that.
Disclaimer: Adding a shortcut to an uninstaller to Start menu is against Windows guidelines (and creating Start menu groups is against Windows guidelines for Windows 8 and above at least).
The situation is thus: We create an installer with Inno Setup. The software will be installed by an admin (e.g. when the computer is set up before it is given to the user), but we want normal users to be able to uninstall / update the installation (without admin rights). Adjusting permissions on installed files and running icacls.exe after the installation to grant rights for all users to access the uninstaller executable have gotten me almost to the goal.
The only thing missing is that if the administrator installs the program, it is not visible in Control Panel -> Uninstall a Program - list of other users. The (nonadmin) user has to know where to find the uninst000.exe and run it.
How can I make an Inno Setup install script so that any user (with or without admin rights) can uninstall the program via the Control Panel?
You can use PrivilegesRequired=none.
It's similar to PrivilegesRequired=lowest, except that it will try to write the non-user areas. This among other means that it will write the uninstall key to HKLM.
Note that none value is not officially documented anymore:
https://github.com/jrsoftware/issrc/commit/c42c98eca8dd1eb0fc615e113935b475815a8f98
Another option is that you create the uninstall key in HKLM yourself. Use {uninstallexe} constant to resolve a path to the installer.
Though this will only add the uninstaller key to HKLM. But the uninstaller will still require administrator privileges, as long as the installer was run with administrator privileges. This is built-into the uninstaller and is not configurable in anyway.
This makes sense, as otherwise the uninstaller cannot remove its uninstaller key from HKLM.
Anyway, if you really need to hack it, you can remove a flag from uninsxxx.dat that indicates the installer was run with administrator privileges.
I'm very new to Inno Setup, so forgive my ignorance on this one.
I created a very small install script and it's building and working the way I want—I get my setup.exe built to the output directory, and all the source files are being copied to my specified destinations.
Now I want to make sure users can uninstall the files that I specified in my [Files] section of my script. The problem is I don't understand how Inno Setup handles this. I assume Inno Setup doesn't make an executable specifically for Uninstall, but even if I run setup.exe after I have installed my application, the wizard doesn't ask if I want to uninstall.
However, if I enable the Run menu's Target Uninstall in the ISC compiler, I am able to uninstall the files. So my question is, how do I uninstall my application outside of the ISC compiler. In my [Setup] section I do have Uninstallable=yes.
I know this is a total noob question, but any help is appreciated.
(As you have found yourself), Inno Setup creates an entry in Add/Remove Programs Control Panel applet (if CreateUninstallRegKey is yes).
The entry is a link to an uninstaller program, which is generated by the compiler (when Uninstallable is yes).
The uninstaller program is located by default in the application directory (unless overridden by UninstallFilesDir) and is named unins001.exe (the number is incremented, if needed, to avoid naming conflicts).
My setup project performs a UAC check because it uses regserver. This is OK (and in fact necessary); however it makes all of the installed files be owned by Administrator , and not by the user that originally ran the installer.
This means that the user that ran the installer cannot edit any of the configuration files that are part of my installation.
I don't want to set permission on the files to be writable by Everyone; they just need to be writable by the user that ran the installation.
Does Inno Setup have any way of assigning ownership of certain files (or all of the files) to the user that ran the self-installing executable?
I am not using the line PrivilegesRequired=admin although it seems makes no difference whether or not that line is active. (Presumably because regserver implies this).