It appears to me that ClickOnce applications will not work smoothly with Windows Firewall.
I have been successfully utilitising ClickOnce deployments for two years. This has hit a stumbling block now the enterprise has upgraded to Windows 7. Each user's configuration has changed:
- Windows Firewall is enabled on each user's machines
- Users do not have administrator privileges on their machines.
Here's how ClickOnce works: Every time a ClickOnce application is updated, the executable file is copied to a new directory. This directory has a machine generated name. (For example it might deploy to "C:\users\andrew.shepherd\appdata\local\apps\2.0\gttg5ejb.avg\jc69hir.e45\watershedclient.exe").
Windows Firewall, by default, blocks applications from accepting incoming calls. However, when the application first attempts this, Windows Firewall pops up a dialog that allows an administrator to make an exception for the application, giving it the privileges it needs.
The problem is, Windows Firewall stores the application record as the full file path. Each time a ClickOnce application is updated, it installs to a different directory. Therefore, Windows Firewall sees it as a whole new application. An administrator now has to configure the firewall for this update for every machine that it's updated on. This effectively defeats the whole reason why we use ClickOnce technology.
This was flagged as an issue in 2005, and Microsoft acknowledged the problem and admitted there was no solution.
Does anyone know if this problem has been addressed?