views:

311

answers:

2

Googling reveals many technical details and framework/OS prerequisites, but it seems to be hard to find a source that lists the permissions that are required for installing and running a ClickOnce app.

This is especially interesting for delivering software to customers that work in large corporate networks with many security restrictions and centralized policies that define which version of what is installed etc. "Standard" users in these networks are still pretty much technically constrained in what they are allowed to do and what not (sadly, but that's another topic...).

What are the permissions that a user needs to start a ClickOnce app from the network?

Are there differences if the .NET Framework 3.5 is already installed? Does it work without an existing installation of the .NET Framework or an old version (e.g. 1.1/2.0) with the same permissions as above?

UPDATE:

To make it a little more specific, what permissions are required if the .NET Framework 3.5 is not installed yet?

What permissions are required if the .NET Framework 3.5 is present?

Anyway, thanks for all answers so far.

+4  A: 

A normal user can install every application deployed via ClickOnce. Sometimes, you need to be Administrator to install prerequisites (like the Framework), but not the application itselfs.

Because of ClickOnce application deployment model, be sure to use the correct paths when you write user data (access special folders via Environment.SpecialFolder enumeration).

For completeness, remember that every user of the machine must install the application (you can't install the application for "all users").

m.bagattini
Does that mean that you need to be Administrator if you have .NET Framework 2.0 installed and want to start an app that needs .NET Framework 3.5?
Martin Klinke
Yes, that's right, if the target machine doesn't have the .NET Framework 3.5 installed (or any other prerequisite, say, SQL Server Express), you need to login as Administrator to install it.
m.bagattini
+1  A: 

They need read only access to the installation files, and domain user permissions on the local pc. Everything is written to the user profile and to the current user hive in the registry so nothing special is required here.

A user also has the permission to uninstall the application from add/remove programs.

Rights can restrict these things of course, if a policy is in place to not allow users to open add remove programs then the user will have the permission to uninstall but wont be able to get to the snap in to run it. Similarly if you install from a unc path a user may have permission to access the path but a policy can be in place to stop a user from being able to browse network shares.

DarenFox