473,573 Members | 2,412 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

Having problems creating a installer for my app due to permissions?

Pep
Firstly, I'm not sure if this is the right group for this query, so
please forgive me if I am wrong.

My problem is that most users I distribute my software to cannot
install it on their systems due to not having the correct
administrator rights. I'm perplexed over this as I cannot reasonably
ask corporations to allow the local secretary to have admin or power
user rights just to install my software.

My software is intended for user land. It is associated with a
particular file type that is downloaded from our web site and outputs
the received data to a OEM device over the serial and/or usb ports.
This has been working for years, simply because we have been asking
the user to download the program as an exe file to their desktop and
then they simply use the IE file association facility when they first
download a data file.

However, we are now trying to clean up our windows code and would like
to start using the MSI mechanism, which is where the problems have
started. I thought that a user could install software in to their own
portion of the registry, i.e. current_user, without the need for admin
rights. Am I wrong in this belief?

If I am not wrong, can anyone point me to a simple howto for doing
this?

TIA,
Pep

Oct 31 '07 #1
6 2026
On Oct 31, 12:02 pm, Pep <pepaltavi...@y ahoo.co.ukwrote :
Firstly, I'm not sure if this is the right group for this query, so
please forgive me if I am wrong.

My problem is that most users I distribute my software to cannot
install it on their systems due to not having the correct
administrator rights. I'm perplexed over this as I cannot reasonably
ask corporations to allow the local secretary to have admin or power
user rights just to install my software.

My software is intended for user land. It is associated with a
particular file type that is downloaded from our web site and outputs
the received data to a OEM device over the serial and/or usb ports.
This has been working for years, simply because we have been asking
the user to download the program as an exe file to their desktop and
then they simply use the IE file association facility when they first
download a data file.

However, we are now trying to clean up our windows code and would like
to start using the MSI mechanism, which is where the problems have
started. I thought that a user could install software in to their own
portion of the registry, i.e. current_user, without the need for admin
rights. Am I wrong in this belief?

If I am not wrong, can anyone point me to a simple howto for doing
this?

TIA,
Pep
I'm not sure about the specifics of whether admin rights are
required for installing MSI packages (I don't doubt it as I've always
had to install stuff using admin privelges), but that, in my mind, is
the way it should be. Users are not generally supposed to install
software on their own machines (in business networks that is). It is
an IT nightmare to allows users to put all kinds of crap on their
machines (including viruses, spyware, inappropriate apps, etc...).
Many business networks give users local admin rights to their own
machine, then user can install software, but for companies that are a
bit more tight on security, they usually only give their users User
level access, and thus they can't install software.

If you app is going to be put into larger companies, their IT staff
can push you MSI out via group policy, which would install the
software on the users machines, without the admins even having to go
the the users computer. This can be done for specific groups, all
users, etc... It can be limited to those who should be getting it is
my point.

If they don't utilize group policies to push software out to users
(or other remote install utilities), then their IT person would need
to be involved in the install - again, the way it typically should be.
It is good for IT staff to know what is going on users computers,
where it came from, that is has been scanned for malicious content,
etc... (a lot of which general users ofter don't check for).

What gets me peeved is when a company creates an install that
requires admin rights, and after the install, the regular user cannot
run the app because the application requires admin rights to run it.
This is typically due to not following through on allowing the Users
group proper access to the files, folders, and/or registry entires
created during the install. I often have to make file system and
registry permission changes to apps like this so the users can ever
run them. I think you would be good to focus on that aspect. Make sure
your MSI sets up proper permissions on the files, folder, registry
entries, etc... so that the user can run the application after it has
been installed by an admin (physically or remotely). Also, make sure
the Start Menu folder that is created (if you have one) is setup for
all users, or icons setup for the specified users, or something. Just
make sure the group is not installed under the admin account only.
This also goes for desktop icons or quick start links.

I hope this gives you some ideas and helps out. I don't think you
clients would be upset that you are taking their security into account
so long as everything works good once they get it installed. 8)

Andrew Meador
Oct 31 '07 #2
Pep

Andrew Meador wrote:
On Oct 31, 12:02 pm, Pep <pepaltavi...@y ahoo.co.ukwrote :
Firstly, I'm not sure if this is the right group for this query, so
please forgive me if I am wrong.

My problem is that most users I distribute my software to cannot
install it on their systems due to not having the correct
administrator rights. I'm perplexed over this as I cannot reasonably
ask corporations to allow the local secretary to have admin or power
user rights just to install my software.

My software is intended for user land. It is associated with a
particular file type that is downloaded from our web site and outputs
the received data to a OEM device over the serial and/or usb ports.
This has been working for years, simply because we have been asking
the user to download the program as an exe file to their desktop and
then they simply use the IE file association facility when they first
download a data file.

However, we are now trying to clean up our windows code and would like
to start using the MSI mechanism, which is where the problems have
started. I thought that a user could install software in to their own
portion of the registry, i.e. current_user, without the need for admin
rights. Am I wrong in this belief?

If I am not wrong, can anyone point me to a simple howto for doing
this?

TIA,
Pep

I'm not sure about the specifics of whether admin rights are
required for installing MSI packages (I don't doubt it as I've always
had to install stuff using admin privelges), but that, in my mind, is
the way it should be. Users are not generally supposed to install
software on their own machines (in business networks that is). It is
an IT nightmare to allows users to put all kinds of crap on their
machines (including viruses, spyware, inappropriate apps, etc...).
Many business networks give users local admin rights to their own
machine, then user can install software, but for companies that are a
bit more tight on security, they usually only give their users User
level access, and thus they can't install software.
Which is how my clients have their systems setup but unfortunately
this does not prevent spyware and viruses installing to their w/
stations, only genuine business software :(
>
If you app is going to be put into larger companies, their IT staff
can push you MSI out via group policy, which would install the
software on the users machines, without the admins even having to go
the the users computer. This can be done for specific groups, all
users, etc... It can be limited to those who should be getting it is
my point.

If they don't utilize group policies to push software out to users
(or other remote install utilities), then their IT person would need
to be involved in the install - again, the way it typically should be.
It is good for IT staff to know what is going on users computers,
where it came from, that is has been scanned for malicious content,
etc... (a lot of which general users ofter don't check for).
Unfortunately the majority of our clients have hundreds of remote
national satellite offices all connected by the internet and no means
of doing remote administration. It's not my companies policy to get
involved in their administration plans, so we can do nothing about it.
What gets me peeved is when a company creates an install that
requires admin rights, and after the install, the regular user cannot
run the app because the application requires admin rights to run it.
This is typically due to not following through on allowing the Users
group proper access to the files, folders, and/or registry entires
created during the install. I often have to make file system and
Yep, seen this quite often :(
registry permission changes to apps like this so the users can ever
run them. I think you would be good to focus on that aspect. Make sure
your MSI sets up proper permissions on the files, folder, registry
entries, etc... so that the user can run the application after it has
been installed by an admin (physically or remotely). Also, make sure
the Start Menu folder that is created (if you have one) is setup for
all users, or icons setup for the specified users, or something. Just
make sure the group is not installed under the admin account only.
This also goes for desktop icons or quick start links.
Everything else is working fine, except we cannot install our own
software to their machines. So sadly it looks like we are going to
have to go back to the old method of allowing them to download a exe
file to their desktop and manually associate the application to the
file type when IE gets it's knickers in a twist :(
I hope this gives you some ideas and helps out. I don't think you
clients would be upset that you are taking their security into account
so long as everything works good once they get it installed. 8)

Andrew Meador
Personally I think windows is lacking in this area. Users should be
able to install their own local software without affecting the global
o/s. Isn't this is what the separate user hives are about?

Perhaps I should write our software installer like a virus or spyware
and then the users will have no problems, LOL

Oct 31 '07 #3
On 2007-10-31 10:27:50 -0700, Pep <pe**********@y ahoo.co.uksaid:
[...]
Personally I think windows is lacking in this area. Users should be
able to install their own local software without affecting the global
o/s. Isn't this is what the separate user hives are about?
Personally, it seems to me that your Unix prejudice is fogging your view.

First of all, Windows does generally allow users to install their own
local software. IMHO, it's not a very good idea for users to do so,
but there aren't any access controls that prohibit users from
installing and running executables as long as they only have to access
their own data to do so.

So if you're running into trouble, there's something more
"administra tive-like" about your program that is specifically causing a
problem. You would have similar issues trying to allow a non-admin
user to do admin-like things on a Unix system.

Secondly, viewing this as a Unix-versus-Windows issue is pointless
anyway. Windows != Unix. There are bound to be some differences, and
just as there are a number of things you can do in Windows that you
can't do in exactly the same way in Unix, so too are there things you
can do in Unix that you can't do in exactly the same way in Windows.

It's not about a question of one being "lacking" with respect to the
other. It's just a different way of operating.

The sooner you get past this mentality, the sooner you can get on with
actually solving your problems rather than daydreaming about how much
greener the grass is on the other side of the fence.

Pete

Oct 31 '07 #4
>
I'm not sure about the specifics of whether admin rights are
required for installing MSI packages (I don't doubt it as I've always
had to install stuff using admin privelges), but that, in my mind, is
the way it should be. Users are not generally supposed to install
software on their own machines (in business networks that is). It is
an IT nightmare to allows users to put all kinds of crap on their
machines (including viruses, spyware, inappropriate apps, etc...).
Many business networks give users local admin rights to their own
machine, then user can install software, but for companies that are a
bit more tight on security, they usually only give their users User
level access, and thus they can't install software.

Which is how my clients have their systems setup but unfortunately
this does not prevent spyware and viruses installing to their w/
stations, only genuine business software :(
Well, true, some things can still get in and cause trouble, but it
does limit them and in some cases can outright stop them (depending on
what they are trying to do), like if the try to delete system files
that are accessable to an admin, but not to a user - the virus,
spyware, etc... would also run under the more restircted access of the
user. And yep, sometimes it does interfere with business software,
but, if the business software is written by authors taking these kinds
of issue into account, then everything should be good, or at least
better ;)
>
If you app is going to be put into larger companies, their IT staff
can push you MSI out via group policy, which would install the
software on the users machines, without the admins even having to go
the the users computer. This can be done for specific groups, all
users, etc... It can be limited to those who should be getting it is
my point.
If they don't utilize group policies to push software out to users
(or other remote install utilities), then their IT person would need
to be involved in the install - again, the way it typically should be.
It is good for IT staff to know what is going on users computers,
where it came from, that is has been scanned for malicious content,
etc... (a lot of which general users ofter don't check for).

Unfortunately the majority of our clients have hundreds of remote
national satellite offices all connected by the internet and no means
of doing remote administration. It's not my companies policy to get
involved in their administration plans, so we can do nothing about it.
Typically such large organizations, especially with so many remote
satellite offices are the ones that REALLY want to use remote admin
utilites. You might check further with their top IT people and see how
they currently handle such issues. They may give you some good ideas,
especially with respect to how they do it. It would seem odd to me
that they have their network restricted down, but have no way of
pushing software out by remote means. The idea of their IT people
running the country/world just to install software for users at
satellite offices would be crazy. Also, if they don't have a good
centralized administration or they don't push their software from the
central office (considering bandwidth issues - I wouldn't be
suprised), they may push this work down to IT people at the satellite
offices.
What gets me peeved is when a company creates an install that
requires admin rights, and after the install, the regular user cannot
run the app because the application requires admin rights to run it.
This is typically due to not following through on allowing the Users
group proper access to the files, folders, and/or registry entires
created during the install. I often have to make file system and

Yep, seen this quite often :(
registry permission changes to apps like this so the users can ever
run them. I think you would be good to focus on that aspect. Make sure
your MSI sets up proper permissions on the files, folder, registry
entries, etc... so that the user can run the application after it has
been installed by an admin (physically or remotely). Also, make sure
the Start Menu folder that is created (if you have one) is setup for
all users, or icons setup for the specified users, or something. Just
make sure the group is not installed under the admin account only.
This also goes for desktop icons or quick start links.

Everything else is working fine, except we cannot install our own
software to their machines. So sadly it looks like we are going to
have to go back to the old method of allowing them to download a exe
file to their desktop and manually associate the application to the
file type when IE gets it's knickers in a twist :(
If there is no way around their installation issues, maybe create a
script that they could also download to automatically add the file
extensions. That would at least make it easier than talking them
through it all the time (at least in such detail).
>
I hope this gives you some ideas and helps out. I don't think you
clients would be upset that you are taking their security into account
so long as everything works good once they get it installed. 8)
Andrew Meador

Personally I think windows is lacking in this area. Users should be
able to install their own local software without affecting the global
o/s. Isn't this is what the separate user hives are about?
I still disagree here - I have had too many users download and
install software that I don't want in my network (bandwidth suckers,
illegal licensing, etc...) Yep, I'm a control freak, and I can't be if
they can install whatever they want. Plus, for issues like this, I
have scanners that watch their file systems for rogue files and remove
them as well - if I didn't want their downloaded exe to run I'd add it
to the list to be killed.
Perhaps I should write our software installer like a virus or spyware
and then the users will have no problems, LOL- Hide quoted text -

- Show quoted text -

Oct 31 '07 #5
Pep

Peter Duniho wrote:
On 2007-10-31 10:27:50 -0700, Pep <pe**********@y ahoo.co.uksaid:
[...]
Personally I think windows is lacking in this area. Users should be
able to install their own local software without affecting the global
o/s. Isn't this is what the separate user hives are about?

Personally, it seems to me that your Unix prejudice is fogging your view.
Perhaps you are the sort of person that loves to embroil themselves in
usesless arguments over which o/s is better and why, I don't know but
you seem to have turned my statement in to something it was not. I did
not voice any "Unix prejudice", I stated my view on a particular area
of administration that directly related the problem I have been
discussing with other people.

Personally I do not care which o/s people perceive to be the better
and/or why. I use both for different reasons and IMHO they both do
things better than the other and both are found to be lacking in
various areas compared to the other.
First of all, Windows does generally allow users to install their own
local software. IMHO, it's not a very good idea for users to do so,
but there aren't any access controls that prohibit users from
installing and running executables as long as they only have to access
their own data to do so.

So if you're running into trouble, there's something more
"administra tive-like" about your program that is specifically causing a
problem. You would have similar issues trying to allow a non-admin
user to do admin-like things on a Unix system.
Erm, not quite true there. On a nix system I would be able to run an
installation script that installs software in to my local environment
and add associations to my browser without the need for admin rights.
Secondly, viewing this as a Unix-versus-Windows issue is pointless
anyway. Windows != Unix. There are bound to be some differences, and
just as there are a number of things you can do in Windows that you
can't do in exactly the same way in Unix, so too are there things you
can do in Unix that you can't do in exactly the same way in Windows.
You are the only person viewing this issue this way. I asked how can I
do something on windows in a similar manner to how I would do it on a
nix system.
It's not about a question of one being "lacking" with respect to the
other. It's just a different way of operating.
Wordology, stop being pedantic.
The sooner you get past this mentality, the sooner you can get on with
actually solving your problems rather than daydreaming about how much
greener the grass is on the other side of the fence.

Pete
As I read further through your response I am becoming more convinced
that you are probably a junior troll let out to play by your mummy.
Thanks for adding nothing to this conversation.

Nov 6 '07 #6
On 2007-11-06 02:55:23 -0800, Pep <pe**********@y ahoo.co.uksaid:
Perhaps you are the sort of person that loves to embroil themselves in
usesless arguments over which o/s is better and why
Says the person who insists that "Windows is lacking in this area"?

Right.

Nov 6 '07 #7

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

1
1808
by: Marius Storm-Olsen | last post by:
Hi all, I'm creating an addin for the .NET IDE, and have the following problem. It's using C#, and is packaged into a installer with the .NET 2002 version. Obviously, this results in the 7.0 version of Microsoft.VisualStudio.VCProjectEngine.dll being packaged. Now, I need the addin to work with both the 2002 & 2003 version of .NET. For...
1
3699
by: Dave Lambert | last post by:
Hi, hope someone can help, I would like to change permissions on a folder and wondered if it is possible as part of an automated install, the reason being we have created an install for an asp.net web application, a folder needs asp.net write priviliges. Anyone know? Thanks alot. dave
1
8660
by: black hawk | last post by:
Hello, i have a big problems, to install oracle 9i v9.2 Server to my "Windows XP" with Service Pack 2 and all security and other updates from Microsoft. The "Universall Installer" (Standard Edition is Selected and only Software is Selected) throws an exception, during the installation by 11 Percent installation progress!
0
3456
by: black hawk | last post by:
Hello, i have a big problems, to install oracle 9i v9.2 Server to my "Windows XP" with Service Pack 2 and all security and other updates from Microsoft. The "Universall Installer" (Standard Edition is Selected and only Software is Selected) throws an exception, during the installation by 11 Percent installation progress!
5
3015
by: Steve Barker | last post by:
Hi guys, I've recently written a .NET installer package. It installs a Windows application and some supporting DLLs. I’ve written these before and never had problems…. until now. This is what happens: The installer gets almost to the end, but then a message box pops up saying:
11
1762
by: Jeff Robichaud | last post by:
Are there any security issues having the ASPNET user account member of Administrators ? Is it a good practice ?
2
1111
by: harry | last post by:
Hi all I have a browser based application that I am looking to deploy. I have built an installer but need to have the installer do some permission changes. I am looking for someone to point me in the direction where I can find help on writing scripts for my deployment project. I need to write scripts that will change permissions of files...
5
1643
by: paw | last post by:
I have ran the MSI installer for Python 2.5 several times attempting to install to C: Python, however all of the files are placed in C:\ . The installer is told to only install files for me, beyond that I have only chosen the defaults. If I copy the files after installation, then uninstall Python, I can still use the application. However...
1
1819
by: twdo | last post by:
OK. I am totally frustrated here. I have a setup project within Visual Studio. That setup project is calling a class library project by the use of Custom Actions. Within that class library (my "helper" project), I have an installer class. That class is called by Install, Uninstall, Rollback, etc. I am only using Install and Uninstall. During...
0
8037
Oralloy
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed. This is as boiled down as I can make it. ...
0
8215
jinu1996
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that...
1
7800
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For...
0
8086
tracyyun
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the...
1
5605
isladogs
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new presenter, Adolph Dupr who will be discussing some powerful techniques for using class modules. He will explain when you may want to use classes...
0
5296
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one. At the time of converting from word file to html my equations which are in the word document file was convert...
0
3737
by: TSSRALBI | last post by:
Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols. I succeeded, with both firewalls in...
0
3743
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
0
1048
bsmnconsultancy
by: bsmnconsultancy | last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.