views:

833

answers:

2

My installer installs the app to "Program files\MyApp", the app when running changes files within this location. On Vista, by default this brings up UAC issues.

I want users to be able to run MyApp without being admisn or fighting the UAC screen everytime they run the app. If they have to get through UAC to install the app, that's OK though still not optimal.

I thought I had this set up, but it's not working:

[Setup]
PrivilegesRequired=admin
AppName=My App
AppVerName=My App 1.0
DefaultDirName={pf}\MyApp
DefaultGroupName=MyApp
UninstallDisplayIcon={app}\bin\MyApp.ico
OutputDir=..\Installer
ChangesAssociations=yes

[Dirs]
Name: "{app}\"; Permissions: everyone-modify
Name: "{app}\redist"; Flags: deleteafterinstall;

Specifically I thought Name: "{app}\"; Permissions: everyone-modify would let normal users run it, removing UAC protection on Program Files\MyApp.

I am picking at values a bit by random, can anyone suggest some changes? Again, the aim is that once installed, normal users in non-admin accounts can run it even though files are saved in Program Files, without UAC kicking in. As a secondary thing, the installation itself should not be too crazy... a single prompt for admin password or UAC authorization.

+1  A: 

Don't install under {pf}. Instead, install to a user-writeable location (for instance, {localappdata}).
http://www.kinook.com/blog/?p=53

Kyle Alons
That's not really an answer, the standard install location for programs is PF... and besides my user is allowed to choose the location. I thought it was possible for the installer to remove UAC protection on my installation's PF subfolder?
John
It's actually an optimal answer, since it addresses both issues (no UAC prompt when installing or running). It's no longer uncommon to install programs to a user-writeable path (Chrome, ClickOnce apps, etc. do this). I would not advise tweaking permissions on folders underneath {pf}, but if you insist, try something like: Permissions: users-modify powerusers-modify admins-modify system-modify
Kyle Alons
For one thing, Chrome is a bad example, in my view. It updates without telling you! Anyway, shouldn't users be asked where they want to install the app?
John
You can still allow users to choose where to install (although I'm not sure I'd recommend it due to idiot-proofing and ever-improving idiots), but they will need to specify a location that is user-writeable if you want to support installation without a UAC prompt.
Kyle Alons
+1  A: 

You should change your app so that is saves shared data in some other folder.

Granting write permissions for any user to a folder in PF that contains executable code (exe,dll's etc) is a security issue (Evil user could modify exe file and wait for admin to run it)

Alernativly you could store the files in a subfolder in PF and only grant write access to it, that way your executables are safe.

w0lo