Is it possible to share INSTALLDIR after installation?
Care to elaborate? Do you mean windows file sharing, share the property value, share the folder location between applications?
You can write the INSTALLDIR property to the registry, and then access that from other applications, plugins, etc.
Related
The $PLUGINSDIR folder created by NSIS inherits the parent folder's permissions. This means (at least on my system) full control for SYSTEM, Administrators and the user. I'd like to remove the write access for the user to protect the libraries, which are copied to the folder and then loaded during installation. Is it possible to do it somehow?
$pluginsdir is restricted (only BUILTIN\Administrators can write) when the installer runs elevated. This restriction was first added in v2.51 and v3.0 in 2016.
Use the Access control plug-in if you need a custom ACL.
I am creating an NSIS Installer package sample for a project I am working on. I need certain MS Access and Excel files to be automatically placed in the documents folder directory; "C:\User\MyName\Documents\PexApp\Storage", instead on my application having to connect to a network sharefolder to get the files. I want offline installation to be possible.
There are three excel files that are supposed to go to the PexApp folder and two Access database files that are supposed to go to the Storage folder inside the PexApp folder.
How do I add the files inside the installer package (if it is possible) so that they may be available for offline placement through the installer and what scripts or methods should I use or consider?
OutFile "MySetup.exe"
Name "MySetup"
RequestExecutionLevel user
Section
SetOutPath "$DOCUMENTS\PexApp"
File "Excel1.xls"
File "Excel2.xls"
File "Excel3.xls"
SetOutPath "$DOCUMENTS\PexApp\Storage"
File "Access1.db"
File "Access2.db"
SectionEnd
I have in hands a third party msi installer that requires to be executed by an administrator. Im trying to change that so it could be installed by a regular user.
I managed to open it with installshield and changed some obvious settings like:
"Require Administrative privileges"
But in your perspective is that even possible? I´m having a hard time changing settings and configurations and until now i´m not having any success.
Im working with InstallShield 2013 Professional and if it is possible, in wich settings do you think i should be focusing?
For instance, running as regular user im now having a 1925 error.
"You do not have sufficient privileges to complete this installation for all users of the machine"
And i feel if i correct the error, others will appear.
Thank you guys!
It's highly unlikely you can do this because it depends on too many things in the MSI package that can change the system. Any files going to restricted locations (program files, common files etc) or changes to HKLM registry keys will require elevation. MSI installs don't violate security - they don't allow a limited user to change areas of the system that are restricted.
If the environment has group policy/Active Directory you can arrange for the MSI to be deployed from a central location via Group Policy, that's the way people get around this. Otherwise on UAC systems the MSI may offer an elevation prompt that allows admin credentials to be entered.
Otherwise the vendor needs to create an install that can be used by limited users.
Well, Yes i need administrative privileges to write to locations that are shared by multiple users. In the filesystem, this means folders like \WINDOWS or \Program Files. In the registry, this means all of the hives which aren't per-user. That´s ok, i don´t need any of this.
Therefore, i thought it could be possible to change the filesystem to something like [userprofile] and rewrite the program to only use the HKEY_CURRENT_USER.
But i suspect it could be more to it than only this.
I have an add-in in Excel that needs to store some data in the HKEY_LOCAL_MACHINE registry. because of the UAC control in Windows Vista and earlier versions, I added a manifest file. But it is just not working. I even added the manifests in each of the projects of my solution. I have 5 projects in my solution (3 VB projects, 1 c++ and 1 deployment).
I am using VS2005. I added the manifest file to the project (with the requestedExecutionLevel set to "requireAdministrator" and embedded the manifest using mt.exe in a post-build command.
Even with that, I am still getting an access denied to the HKEY_LOCAL_MACHINE. The only thing that is working is when I start Excel as "Run as administrator".
Any clue what the problem might be? Thanks.
Manifests in DLL do not affect the execution level of the application, in this case it's excel.exe.
Here are the options you have:
to run Excel as administrator;
to modify the add-on to write to HKCU rather than HKLM.
If you need to store data available to other users, consider using ProgramData folder (CSIDL_COMMON_APPDATA or FOLDERID_ProgramData). Then your add-on creates a subdirectory inside ProgramData and modifies its permission so that this new directory is writable by anyone (by default, only the user account that created the folder has write permissions, other users can only read).
There are some other options:
You can write a service that your add-on will communicate to write data into HKLM but it's not.
You can create an elevated COM object which will write the data into HKLM.
Although users don't expect Excel to require elevation when run, therefore consider changing your logic so that your add-on does not require elevation at all.
I have created an installation with inno setup. My app (among other things) after is run creates a pdf file inside a subfolder and then opens it. But windows 7 says access denied and exception pops up. What's wrong? How to grant access to subfolders using innosetup?
Here's the code snippet inside ino:
Source: "C:\Users\Someone\Desktop\NET\Animations\*"; DestDir: "{app}\Animations"; Flags: ignoreversion recursesubdirs createallsubdirs
Presumably because you're trying to copy the file from a different user's private folder. That's off-limits. You can only place files into the current user's folder (the one who is running the install). It's difficult to imagine a good reason why you'd want to do otherwise, anyway.
Try using the {userdocs} constant, instead. Use ExpandConstant to expand it to the full path.
If you need things to go in a location that will be accessible to all users, you need to run the installer with Administrative privileges. Then, you'll be able to read/write from the All Users profile directory.
EDIT: Ah, sorry. I totally missed the part of your question where you said you were trying to do this after installation. I just looked at the code and thought this was something you were having Inno Setup do during the setup process.
It's a completely different answer for something after the installation has completed. Windows 7 (thanks to UAC) doesn't let your app (or any app, for that matter) write to system folders. That includes the Windows directory, as well as the Program Files folder and any of the folders it contains. This is a security measure, intended to stop applications from running amok in places where they don't belong.
You have a couple of different options:
If you absolutely need write access to the Program Files folder, you can prompt the user to elevate your application's process. Basically, that means that you'll be requesting Administrative privileges, and they'll see a box from UAC asking them for a password.
I give more information about how you might go about doing that from a C# application in my answer to this question. You'll follow similar steps for an app written in any other language; you're just calling functions built into the Windows API.
The better option, though, is to modify your application so that it doesn't have to write to system folders. That way, you won't have to run with Administrative privileges. This is the intended model for all standard Windows applications. Microsoft has been recommending it at least since the early days of Windows 2000, but you weren't actually forced into following it until Vista.
I talk more about the various places that an app has write access to (and the various uses of each) in my answer to this question.