Vista considerations

From ISXKB

(Difference between revisions)
Jump to: navigation, search
(See also)
(More comprehensive changes for the post 5.2.0 world :))
Line 1: Line 1:
-
Windows Vista now includes a far stricter LUA system. This pretty much stops all applications making system wide changes without asking the user.
+
Windows Vista now includes a far stricter LUA system. This pretty much stops all applications making system wide changes without asking the user. (Note that the rules are still the same as they've always been -- but Vista enforces them more strongly.)
-
Inno 5.1.9 and later handles this fully for the install, and asks for elevated permissions so it can write anything it needs.
+
The recommended minimum version of Inno to use for Vista-capable installs is 5.2.0.
-
 
+
-
Programs run from the [Run] section will also inherit elevated permissions by default, meaning in turn that they should not access the user's profile.  From 5.2.0 onwards, postinstall-flagged entries run as the original user, making it safe to run your app post-install once more.  The default behaviour can also be altered through the runasoriginaluser and runascurrentuser flags.
+
== Types of Installer ==
== Types of Installer ==
-
With the changes made in Vista, essentially now only two different "classes" of installer can be used:
+
Windows standards recommand two different "classes" of installer:
* '''Administrative'''
* '''Administrative'''
-
** Runs with admin permissions (use PrivilegesRequired=admin)
+
** Runs with admin permissions
** Is expected to make changes to per-machine areas such as Program Files, HKLM, and/or the All Users profile
** Is expected to make changes to per-machine areas such as Program Files, HKLM, and/or the All Users profile
-
** ''Must not'' make changes to per-user areas such as HKCU and the current user's profile
+
** ''Should not'' make changes to per-user areas such as HKCU and the current user's profile
-
** Fully supported by Inno Setup (all versions, although 5.1.9 and above is best under Vista)
+
** Fully supported by Inno Setup (all versions, although 5.2.0 and above is best under Vista)
* '''Standard user'''
* '''Standard user'''
-
** Runs with standard user permissions (use PrivilegesRequired=none)
+
** Runs with standard user permissions
** Is expected to make changes to per-user areas such as HKCU and the current user's profile
** Is expected to make changes to per-user areas such as HKCU and the current user's profile
** ''Must not'' make changes to per-machine areas such as Program Files, HKLM, and/or the All Users profile
** ''Must not'' make changes to per-machine areas such as Program Files, HKLM, and/or the All Users profile
** Not currently supported by Inno Setup.
** Not currently supported by Inno Setup.
Note that this means that administrative installs ''should not'' install Quick Launch icons, as they are per-user.
Note that this means that administrative installs ''should not'' install Quick Launch icons, as they are per-user.
-
 
-
You might ask why the restriction on writing per-user data?  It's because there is no guarantee that the user that the installer is running as (an admin) is the same user that requested the install be run (a standard user).
 
== Inno's Installation Scenarios ==
== Inno's Installation Scenarios ==
Line 31: Line 27:
*** Inno will present a UAC prompt to elevate to an administrative account
*** Inno will present a UAC prompt to elevate to an administrative account
*** You ''must'' install per-machine (Administrative install)
*** You ''must'' install per-machine (Administrative install)
-
*** You ''must not'' do any per-user setup (since the user that the setup is running as is not the user who is planning to use the software)
+
*** You ''must not'' do any per-user setup within the install proper (since the user that the setup is running as is not the user who is planning to use the software); see below for more discussion
-
*** You ''must not'' offer to run the app at the end of the install, since it will run as the admin user, not the original user
+
** ''PrivilegesRequired=none''
** ''PrivilegesRequired=none''
*** Inno will not present a UAC prompt and will continue to run as the original user
*** Inno will not present a UAC prompt and will continue to run as the original user
*** You ''must'' install per-user (Standard user install)
*** You ''must'' install per-user (Standard user install)
-
*** You ''cannot'' install any per-machine data (which also means that you cannot use restartreplace)
+
*** You ''cannot'' install any per-machine data (which also means that you cannot use restartreplace or regserver)
*** You ''can'' offer to run the app at the end of the install.
*** You ''can'' offer to run the app at the end of the install.
 +
 +
=== Per-User Actions ===
 +
With the advent of Inno 5.2.0, the "runasoriginaluser" flag and "ExecAsOriginalUser" support function can be used to carry out tasks in the context of the original user running the installer.  This permits carrying out a limited amount of per-user setup on initial install, and also allows you to offer to run the application at the end of the install without having it end up running as the wrong user.
 +
 +
Despite this, it is still best to keep per-user actions in the installer to a minimum, and instead modify your application so that it can upgrade or regenerate per-user data as needed.  This is because only one user is running the installer, but more than one may be running the application.  If your only upgrade code is in the installer, other users will be left out in the cold.
 +
 +
== Choosing an Installation Type ==
 +
By far the majority of applications should perform an Administrative (PrivilegesRequired=admin) installation.  This requires the least amount of work from both setup writer and end user -- the app is installed once to a shared location (without touching per-user data at all), and then subsequently any number of users can run the application and create their own sets of per-user data.  The application itself of course should be set to not require admin permissions.
 +
 +
In some cases you may want to create a Standard (PrivilegesRequired=none) installation.  This is more work, since you'll have to add [Code] and Check functions to detect whether the install is being run by an administrator or not -- since Inno still requires a per-machine install if an administrator runs your PrivilegesRequired=none installation.  In the end you're going to write a lot more code (and consequently be more fragile) for limited benefit, as this mode is only useful if the software is never installed by any administrators.  (If even one admin installs it on a machine, then you might as well have done an Administrative install in the first place.)
== See also ==
== See also ==
Line 44: Line 49:
== External links ==
== External links ==
*[http://www.microsoft.com/technet/technetmag/issues/2007/06/ACL/default.aspx New ACLs Improve Security in Windows Vista] on Microsoft TechNet
*[http://www.microsoft.com/technet/technetmag/issues/2007/06/ACL/default.aspx New ACLs Improve Security in Windows Vista] on Microsoft TechNet
 +
*[http://msdn.microsoft.com/msdnmag/issues/07/01/UAC/ Teach Your Apps to Play Nicely With Windows Vista User Account Control] from Microsoft MSDN Magazine
[[Category:Windows Vista]]
[[Category:Windows Vista]]

Revision as of 22:30, 7 December 2007

Windows Vista now includes a far stricter LUA system. This pretty much stops all applications making system wide changes without asking the user. (Note that the rules are still the same as they've always been -- but Vista enforces them more strongly.)

The recommended minimum version of Inno to use for Vista-capable installs is 5.2.0.

Contents

Types of Installer

Windows standards recommand two different "classes" of installer:

  • Administrative
    • Runs with admin permissions
    • Is expected to make changes to per-machine areas such as Program Files, HKLM, and/or the All Users profile
    • Should not make changes to per-user areas such as HKCU and the current user's profile
    • Fully supported by Inno Setup (all versions, although 5.2.0 and above is best under Vista)
  • Standard user
    • Runs with standard user permissions
    • Is expected to make changes to per-user areas such as HKCU and the current user's profile
    • Must not make changes to per-machine areas such as Program Files, HKLM, and/or the All Users profile
    • Not currently supported by Inno Setup.

Note that this means that administrative installs should not install Quick Launch icons, as they are per-user.

Inno's Installation Scenarios

  • User is an administrator
    • PrivilegesRequired has no effect
      • Inno will always present a UAC prompt
      • You should install per-machine (Administrative install)
      • You can do some per-user setup without screwing things up, but it's still not recommended
  • User is a standard user
    • PrivilegesRequired=admin
      • Inno will present a UAC prompt to elevate to an administrative account
      • You must install per-machine (Administrative install)
      • You must not do any per-user setup within the install proper (since the user that the setup is running as is not the user who is planning to use the software); see below for more discussion
    • PrivilegesRequired=none
      • Inno will not present a UAC prompt and will continue to run as the original user
      • You must install per-user (Standard user install)
      • You cannot install any per-machine data (which also means that you cannot use restartreplace or regserver)
      • You can offer to run the app at the end of the install.

Per-User Actions

With the advent of Inno 5.2.0, the "runasoriginaluser" flag and "ExecAsOriginalUser" support function can be used to carry out tasks in the context of the original user running the installer. This permits carrying out a limited amount of per-user setup on initial install, and also allows you to offer to run the application at the end of the install without having it end up running as the wrong user.

Despite this, it is still best to keep per-user actions in the installer to a minimum, and instead modify your application so that it can upgrade or regenerate per-user data as needed. This is because only one user is running the installer, but more than one may be running the application. If your only upgrade code is in the installer, other users will be left out in the cold.

Choosing an Installation Type

By far the majority of applications should perform an Administrative (PrivilegesRequired=admin) installation. This requires the least amount of work from both setup writer and end user -- the app is installed once to a shared location (without touching per-user data at all), and then subsequently any number of users can run the application and create their own sets of per-user data. The application itself of course should be set to not require admin permissions.

In some cases you may want to create a Standard (PrivilegesRequired=none) installation. This is more work, since you'll have to add [Code] and Check functions to detect whether the install is being run by an administrator or not -- since Inno still requires a per-machine install if an administrator runs your PrivilegesRequired=none installation. In the end you're going to write a lot more code (and consequently be more fragile) for limited benefit, as this mode is only useful if the software is never installed by any administrators. (If even one admin installs it on a machine, then you might as well have done an Administrative install in the first place.)

See also

External links

Personal tools
Ads: