Firstly, I'm not sure if this is the right group for this query, so
please forgive me if I am wrong.
My problem is that most users I distribute my software to cannot
install it on their systems due to not having the correct
administrator rights. I'm perplexed over this as I cannot reasonably
ask corporations to allow the local secretary to have admin or power
user rights just to install my software.
My software is intended for user land. It is associated with a
particular file type that is downloaded from our web site and outputs
the received data to a OEM device over the serial and/or usb ports.
This has been working for years, simply because we have been asking
the user to download the program as an exe file to their desktop and
then they simply use the IE file association facility when they first
download a data file.
However, we are now trying to clean up our windows code and would like
to start using the MSI mechanism, which is where the problems have
started. I thought that a user could install software in to their own
portion of the registry, i.e. current_user, without the need for admin
rights. Am I wrong in this belief?
If I am not wrong, can anyone point me to a simple howto for doing
this?
TIA,
Pep
6  2013 
On Oct 31, 12:02 pm, Pep <pepaltavi...@yahoo.co.ukwrote:
Firstly, I'm not sure if this is the right group for this query, so
please forgive me if I am wrong.
My problem is that most users I distribute my software to cannot
install it on their systems due to not having the correct
administrator rights. I'm perplexed over this as I cannot reasonably
ask corporations to allow the local secretary to have admin or power
user rights just to install my software.
My software is intended for user land. It is associated with a
particular file type that is downloaded from our web site and outputs
the received data to a OEM device over the serial and/or usb ports.
This has been working for years, simply because we have been asking
the user to download the program as an exe file to their desktop and
then they simply use the IE file association facility when they first
download a data file.
However, we are now trying to clean up our windows code and would like
to start using the MSI mechanism, which is where the problems have
started. I thought that a user could install software in to their own
portion of the registry, i.e. current_user, without the need for admin
rights. Am I wrong in this belief?
If I am not wrong, can anyone point me to a simple howto for doing
this?
TIA,
Pep
I'm not sure about the specifics of whether admin rights are
required for installing MSI packages (I don't doubt it as I've always
had to install stuff using admin privelges), but that, in my mind, is
the way it should be. Users are not generally supposed to install
software on their own machines (in business networks that is). It is
an IT nightmare to allows users to put all kinds of crap on their
machines (including viruses, spyware, inappropriate apps, etc...).
Many business networks give users local admin rights to their own
machine, then user can install software, but for companies that are a
bit more tight on security, they usually only give their users User
level access, and thus they can't install software.
If you app is going to be put into larger companies, their IT staff
can push you MSI out via group policy, which would install the
software on the users machines, without the admins even having to go
the the users computer. This can be done for specific groups, all
users, etc... It can be limited to those who should be getting it is
my point.
If they don't utilize group policies to push software out to users
(or other remote install utilities), then their IT person would need
to be involved in the install - again, the way it typically should be.
It is good for IT staff to know what is going on users computers,
where it came from, that is has been scanned for malicious content,
etc... (a lot of which general users ofter don't check for).
What gets me peeved is when a company creates an install that
requires admin rights, and after the install, the regular user cannot
run the app because the application requires admin rights to run it.
This is typically due to not following through on allowing the Users
group proper access to the files, folders, and/or registry entires
created during the install. I often have to make file system and
registry permission changes to apps like this so the users can ever
run them. I think you would be good to focus on that aspect. Make sure
your MSI sets up proper permissions on the files, folder, registry
entries, etc... so that the user can run the application after it has
been installed by an admin (physically or remotely). Also, make sure
the Start Menu folder that is created (if you have one) is setup for
all users, or icons setup for the specified users, or something. Just
make sure the group is not installed under the admin account only.
This also goes for desktop icons or quick start links.
I hope this gives you some ideas and helps out. I don't think you
clients would be upset that you are taking their security into account
so long as everything works good once they get it installed. 8)
Andrew Meador
Andrew Meador wrote:
On Oct 31, 12:02 pm, Pep <pepaltavi...@yahoo.co.ukwrote:
Firstly, I'm not sure if this is the right group for this query, so
please forgive me if I am wrong.
My problem is that most users I distribute my software to cannot
install it on their systems due to not having the correct
administrator rights. I'm perplexed over this as I cannot reasonably
ask corporations to allow the local secretary to have admin or power
user rights just to install my software.
My software is intended for user land. It is associated with a
particular file type that is downloaded from our web site and outputs
the received data to a OEM device over the serial and/or usb ports.
This has been working for years, simply because we have been asking
the user to download the program as an exe file to their desktop and
then they simply use the IE file association facility when they first
download a data file.
However, we are now trying to clean up our windows code and would like
to start using the MSI mechanism, which is where the problems have
started. I thought that a user could install software in to their own
portion of the registry, i.e. current_user, without the need for admin
rights. Am I wrong in this belief?
If I am not wrong, can anyone point me to a simple howto for doing
this?
TIA,
Pep
I'm not sure about the specifics of whether admin rights are
required for installing MSI packages (I don't doubt it as I've always
had to install stuff using admin privelges), but that, in my mind, is
the way it should be. Users are not generally supposed to install
software on their own machines (in business networks that is). It is
an IT nightmare to allows users to put all kinds of crap on their
machines (including viruses, spyware, inappropriate apps, etc...).
Many business networks give users local admin rights to their own
machine, then user can install software, but for companies that are a
bit more tight on security, they usually only give their users User
level access, and thus they can't install software.
Which is how my clients have their systems setup but unfortunately
this does not prevent spyware and viruses installing to their w/
stations, only genuine business software :(
>
If you app is going to be put into larger companies, their IT staff
can push you MSI out via group policy, which would install the
software on the users machines, without the admins even having to go
the the users computer. This can be done for specific groups, all
users, etc... It can be limited to those who should be getting it is
my point.
If they don't utilize group policies to push software out to users
(or other remote install utilities), then their IT person would need
to be involved in the install - again, the way it typically should be.
It is good for IT staff to know what is going on users computers,
where it came from, that is has been scanned for malicious content,
etc... (a lot of which general users ofter don't check for).
Unfortunately the majority of our clients have hundreds of remote
national satellite offices all connected by the internet and no means
of doing remote administration. It's not my companies policy to get
involved in their administration plans, so we can do nothing about it.
What gets me peeved is when a company creates an install that
requires admin rights, and after the install, the regular user cannot
run the app because the application requires admin rights to run it.
This is typically due to not following through on allowing the Users
group proper access to the files, folders, and/or registry entires
created during the install. I often have to make file system and
Yep, seen this quite often :(
registry permission changes to apps like this so the users can ever
run them. I think you would be good to focus on that aspect. Make sure
your MSI sets up proper permissions on the files, folder, registry
entries, etc... so that the user can run the application after it has
been installed by an admin (physically or remotely). Also, make sure
the Start Menu folder that is created (if you have one) is setup for
all users, or icons setup for the specified users, or something. Just
make sure the group is not installed under the admin account only.
This also goes for desktop icons or quick start links.
Everything else is working fine, except we cannot install our own
software to their machines. So sadly it looks like we are going to
have to go back to the old method of allowing them to download a exe
file to their desktop and manually associate the application to the
file type when IE gets it's knickers in a twist :(
I hope this gives you some ideas and helps out. I don't think you
clients would be upset that you are taking their security into account
so long as everything works good once they get it installed. 8)
Andrew Meador
Personally I think windows is lacking in this area. Users should be
able to install their own local software without affecting the global
o/s. Isn't this is what the separate user hives are about?
Perhaps I should write our software installer like a virus or spyware
and then the users will have no problems, LOL
On 2007-10-31 10:27:50 -0700, Pep <pe**********@yahoo.co.uksaid:
[...]
Personally I think windows is lacking in this area. Users should be
able to install their own local software without affecting the global
o/s. Isn't this is what the separate user hives are about?
Personally, it seems to me that your Unix prejudice is fogging your view.
First of all, Windows does generally allow users to install their own
local software. IMHO, it's not a very good idea for users to do so,
but there aren't any access controls that prohibit users from
installing and running executables as long as they only have to access
their own data to do so.
So if you're running into trouble, there's something more
"administrative-like" about your program that is specifically causing a
problem. You would have similar issues trying to allow a non-admin
user to do admin-like things on a Unix system.
Secondly, viewing this as a Unix-versus-Windows issue is pointless
anyway. Windows != Unix. There are bound to be some differences, and
just as there are a number of things you can do in Windows that you
can't do in exactly the same way in Unix, so too are there things you
can do in Unix that you can't do in exactly the same way in Windows.
It's not about a question of one being "lacking" with respect to the
other. It's just a different way of operating.
The sooner you get past this mentality, the sooner you can get on with
actually solving your problems rather than daydreaming about how much
greener the grass is on the other side of the fence.
Pete
>
I'm not sure about the specifics of whether admin rights are
required for installing MSI packages (I don't doubt it as I've always
had to install stuff using admin privelges), but that, in my mind, is
the way it should be. Users are not generally supposed to install
software on their own machines (in business networks that is). It is
an IT nightmare to allows users to put all kinds of crap on their
machines (including viruses, spyware, inappropriate apps, etc...).
Many business networks give users local admin rights to their own
machine, then user can install software, but for companies that are a
bit more tight on security, they usually only give their users User
level access, and thus they can't install software.
Which is how my clients have their systems setup but unfortunately
this does not prevent spyware and viruses installing to their w/
stations, only genuine business software :(
Well, true, some things can still get in and cause trouble, but it
does limit them and in some cases can outright stop them (depending on
what they are trying to do), like if the try to delete system files
that are accessable to an admin, but not to a user - the virus,
spyware, etc... would also run under the more restircted access of the
user. And yep, sometimes it does interfere with business software,
but, if the business software is written by authors taking these kinds
of issue into account, then everything should be good, or at least
better ;)
>
If you app is going to be put into larger companies, their IT staff
can push you MSI out via group policy, which would install the
software on the users machines, without the admins even having to go
the the users computer. This can be done for specific groups, all
users, etc... It can be limited to those who should be getting it is
my point.
If they don't utilize group policies to push software out to users
(or other remote install utilities), then their IT person would need
to be involved in the install - again, the way it typically should be.
It is good for IT staff to know what is going on users computers,
where it came from, that is has been scanned for malicious content,
etc... (a lot of which general users ofter don't check for).
Unfortunately the majority of our clients have hundreds of remote
national satellite offices all connected by the internet and no means
of doing remote administration. It's not my companies policy to get
involved in their administration plans, so we can do nothing about it.
Typically such large organizations, especially with so many remote
satellite offices are the ones that REALLY want to use remote admin
utilites. You might check further with their top IT people and see how
they currently handle such issues. They may give you some good ideas,
especially with respect to how they do it. It would seem odd to me
that they have their network restricted down, but have no way of
pushing software out by remote means. The idea of their IT people
running the country/world just to install software for users at
satellite offices would be crazy. Also, if they don't have a good
centralized administration or they don't push their software from the
central office (considering bandwidth issues - I wouldn't be
suprised), they may push this work down to IT people at the satellite
offices.
What gets me peeved is when a company creates an install that
requires admin rights, and after the install, the regular user cannot
run the app because the application requires admin rights to run it.
This is typically due to not following through on allowing the Users
group proper access to the files, folders, and/or registry entires
created during the install. I often have to make file system and
Yep, seen this quite often :(
registry permission changes to apps like this so the users can ever
run them. I think you would be good to focus on that aspect. Make sure
your MSI sets up proper permissions on the files, folder, registry
entries, etc... so that the user can run the application after it has
been installed by an admin (physically or remotely). Also, make sure
the Start Menu folder that is created (if you have one) is setup for
all users, or icons setup for the specified users, or something. Just
make sure the group is not installed under the admin account only.
This also goes for desktop icons or quick start links.
Everything else is working fine, except we cannot install our own
software to their machines. So sadly it looks like we are going to
have to go back to the old method of allowing them to download a exe
file to their desktop and manually associate the application to the
file type when IE gets it's knickers in a twist :(
If there is no way around their installation issues, maybe create a
script that they could also download to automatically add the file
extensions. That would at least make it easier than talking them
through it all the time (at least in such detail).
>
I hope this gives you some ideas and helps out. I don't think you
clients would be upset that you are taking their security into account
so long as everything works good once they get it installed. 8)
Andrew Meador
Personally I think windows is lacking in this area. Users should be
able to install their own local software without affecting the global
o/s. Isn't this is what the separate user hives are about?
I still disagree here - I have had too many users download and
install software that I don't want in my network (bandwidth suckers,
illegal licensing, etc...) Yep, I'm a control freak, and I can't be if
they can install whatever they want. Plus, for issues like this, I
have scanners that watch their file systems for rogue files and remove
them as well - if I didn't want their downloaded exe to run I'd add it
to the list to be killed.
Perhaps I should write our software installer like a virus or spyware
and then the users will have no problems, LOL- Hide quoted text -
- Show quoted text -
Peter Duniho wrote:
On 2007-10-31 10:27:50 -0700, Pep <pe**********@yahoo.co.uksaid:
[...]
Personally I think windows is lacking in this area. Users should be
able to install their own local software without affecting the global
o/s. Isn't this is what the separate user hives are about?
Personally, it seems to me that your Unix prejudice is fogging your view.
Perhaps you are the sort of person that loves to embroil themselves in
usesless arguments over which o/s is better and why, I don't know but
you seem to have turned my statement in to something it was not. I did
not voice any "Unix prejudice", I stated my view on a particular area
of administration that directly related the problem I have been
discussing with other people.
Personally I do not care which o/s people perceive to be the better
and/or why. I use both for different reasons and IMHO they both do
things better than the other and both are found to be lacking in
various areas compared to the other.
First of all, Windows does generally allow users to install their own
local software. IMHO, it's not a very good idea for users to do so,
but there aren't any access controls that prohibit users from
installing and running executables as long as they only have to access
their own data to do so.
So if you're running into trouble, there's something more
"administrative-like" about your program that is specifically causing a
problem. You would have similar issues trying to allow a non-admin
user to do admin-like things on a Unix system.
Erm, not quite true there. On a nix system I would be able to run an
installation script that installs software in to my local environment
and add associations to my browser without the need for admin rights.
Secondly, viewing this as a Unix-versus-Windows issue is pointless
anyway. Windows != Unix. There are bound to be some differences, and
just as there are a number of things you can do in Windows that you
can't do in exactly the same way in Unix, so too are there things you
can do in Unix that you can't do in exactly the same way in Windows.
You are the only person viewing this issue this way. I asked how can I
do something on windows in a similar manner to how I would do it on a
nix system.
It's not about a question of one being "lacking" with respect to the
other. It's just a different way of operating.
Wordology, stop being pedantic.
The sooner you get past this mentality, the sooner you can get on with
actually solving your problems rather than daydreaming about how much
greener the grass is on the other side of the fence.
Pete
As I read further through your response I am becoming more convinced
that you are probably a junior troll let out to play by your mummy.
Thanks for adding nothing to this conversation.
On 2007-11-06 02:55:23 -0800, Pep <pe**********@yahoo.co.uksaid:
Perhaps you are the sort of person that loves to embroil themselves in
usesless arguments over which o/s is better and why
Says the person who insists that "Windows is lacking in this area"?
Right. This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics
by: Marius Storm-Olsen |
last post by:
Hi all,
I'm creating an addin for the .NET IDE, and have the following problem.
It's using C#, and is packaged into a installer with the .NET 2002
version. Obviously, this results in the 7.0...
|
by: Dave Lambert |
last post by:
Hi, hope someone can help, I would like to change
permissions on a folder and wondered if it is possible as
part of an automated install, the reason being we have
created an install for an asp.net...
|
by: black hawk |
last post by:
Hello,
i have a big problems, to install oracle 9i v9.2 Server to my "Windows
XP" with Service Pack 2 and all security and other updates from
Microsoft.
The "Universall Installer" (Standard...
|
by: black hawk |
last post by:
Hello,
i have a big problems, to install oracle 9i v9.2 Server to my "Windows
XP" with Service Pack 2 and all security and other updates from
Microsoft.
The "Universall Installer" (Standard...
|
by: Steve Barker |
last post by:
Hi guys,
I've recently written a .NET installer package. It installs a Windows
application and some supporting DLLs. I’ve written these before and never had
problems…. until now.
This is...
|
by: Jeff Robichaud |
last post by:
Are there any security issues having the ASPNET user account member of
Administrators ? Is it a good practice ?
|
by: harry |
last post by:
Hi all
I have a browser based application that I am looking to deploy. I have built
an installer but need to have the installer do some permission changes. I am
looking for someone to point me...
|
by: paw |
last post by:
I have ran the MSI installer for Python 2.5 several times attempting to
install to C:
Python, however all of the files are placed in C:\ . The installer is
told to only install files for me,...
|
by: twdo |
last post by:
OK. I am totally frustrated here. I have a setup project within Visual
Studio. That setup project is calling a class library project by the
use of Custom Actions. Within that class library (my...
|
by: ryjfgjl |
last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
|
by: emmanuelkatto |
last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud.
Please let me know.
Thanks!
Emmanuel
|
by: BarryA |
last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
|
by: Hystou |
last post by:
There are some requirements for setting up RAID:
1. The motherboard and BIOS support RAID configuration.
2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers,...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing,...
| |
