Vista considerations

From ISXKB

(Difference between revisions)
Jump to: navigation, search
(Added installation scenarios)
Line 3: Line 3:
Inno 5.1.9 and later handles this fully for the install, and asks for elevated permissions so it can write anything it needs.
Inno 5.1.9 and later handles this fully for the install, and asks for elevated permissions so it can write anything it needs.
-
Due to this permission elevation, anything run from the install will also run with full access to the system. Whether your application is "Vista compatible" or not, this is a very bad idea.
+
Programs run from the [Run] section will also inherit elevated permissions by default, meaning in turn that they should not access the user's profile. From 5.2.0 onwards, postinstall-flagged entries run as the original user, making it safe to run your app post-install once more.  The default behaviour can also be altered through the runasoriginaluser and runascurrentuser flags.
-
Unfortunately, Microsoft "forgot" to add the ability for en elevated application to drop them when running anything else so the only way around this is to add the OnlyBelowVersion: 0,6 on the [Run] entry to so the option is not available on vista.
+
== Types of Installer ==
== Types of Installer ==

Revision as of 21:40, 11 November 2007

Windows Vista now includes a far stricter LUA system. This pretty much stops all applications making system wide changes without asking the user.

Inno 5.1.9 and later handles this fully for the install, and asks for elevated permissions so it can write anything it needs.

Programs run from the [Run] section will also inherit elevated permissions by default, meaning in turn that they should not access the user's profile. From 5.2.0 onwards, postinstall-flagged entries run as the original user, making it safe to run your app post-install once more. The default behaviour can also be altered through the runasoriginaluser and runascurrentuser flags.

Types of Installer

With the changes made in Vista, essentially now only two different "classes" of installer can be used:

  • Administrative
    • Runs with admin permissions (use PrivilegesRequired=admin)
    • Is expected to make changes to per-machine areas such as Program Files, HKLM, and/or the All Users profile
    • Must not make changes to per-user areas such as HKCU and the current user's profile
    • Fully supported by Inno Setup (all versions, although 5.1.9 and above is best under Vista)
  • Standard user
    • Runs with standard user permissions (use PrivilegesRequired=none)
    • Is expected to make changes to per-user areas such as HKCU and the current user's profile
    • Must not make changes to per-machine areas such as Program Files, HKLM, and/or the All Users profile
    • Not currently supported by Inno Setup.

Note that this means that administrative installs should not install Quick Launch icons, as they are per-user.

You might ask why the restriction on writing per-user data? It's because there is no guarantee that the user that the installer is running as (an admin) is the same user that requested the install be run (a standard user).

Inno's Installation Scenarios

  • User is an administrator
    • PrivilegesRequired has no effect
      • Inno will always present a UAC prompt
      • You should install per-machine (Administrative install)
      • You can do some per-user setup without screwing things up, but it's still not recommended
  • User is a standard user
    • PrivilegesRequired=admin
      • Inno will present a UAC prompt to elevate to an administrative account
      • You must install per-machine (Administrative install)
      • You must not do any per-user setup (since the user that the setup is running as is not the user who is planning to use the software)
      • You must not offer to run the app at the end of the install, since it will run as the admin user, not the original user
    • PrivilegesRequired=none
      • Inno will not present a UAC prompt and will continue to run as the original user
      • You must install per-user (Standard user install)
      • You cannot install any per-machine data (which also means that you cannot use restartreplace)
      • You can offer to run the app at the end of the install.

See also

Personal tools
Ads: