I need to deploy a Windows Service with an WIX installer to other PCs in the same company in the background.
The problem is the Unknown Publisher message. The Installer needs to run without user interaction.
I'm aware of certifications, but I can't find resources how to self certify my installer and install this certificate to all pc's.
I need to run an installer without user interaction in the background without interruption caused by the Unknown Publisher prompt
If you run the installer from a process that is already elevated (typically a service account or SYSTEM) and use a command like below it'll be completely silent and no UAC prompt.
msiexec /i your.msi /qn REBOOT=R
Related
Background:
The installation of our application requires Admin privileges.
After the installer has finished we are calling the newly installed program from the installer, and it opens in an Admin window. (This is at least how it works on Windows)
Then when we click on the icon to run the program, it opens another window (thus two instances of the app are running -- not a good thing.)
Is it possible run both the installer and the app from a batch file, so that only after the installer is closed, the app opens in an non-admin window?
(In our app the installer asks for the admin privileges, so the batch file should not do that.)
I tried experimenting with this using "Everything.exe" (an excellent app that requires admin privileges).
REM Test batchfile for opening two apps
"C:\Program Files (x86)\Everything\Everything.exe"
Notepad.exe
unfortunately as soon as Admin privileges are granted to "Everything.exe", Everything loads in the Admin window, and the Notepad loads in the non-admin window.
Is there a way to open the app in non-admin windows after the installer exits?"
You should be able to use MSI (Windows Installer) to install the product with "elevated rights" as opposed to "administrator rights". Windows Installer features a built-in mechanism to impersonate an administrator for the installation transaction when the setup is launched in a regular users login session (there are some policy settings that have to be enabled).
It should also be possible to run an MSI with administrator rights and launch an application from the final setup dialog with regular user rights (perhaps not if launched from an admin rights cmd.exe - not sure, it should launch the msi by right click run as admin) This is possible because the MSI GUI never runs with elevated privileges - it is the installation transaction launched by the GUI that has elevated rights. Once the transaction is complete, the control returns to the GUI running with regular rights. From here you can launch the app via a button click.
This description is somewhat simplified, I'll leave it at that since MSI might not be an option for you.
We have few windows services developed using .Net framework 1.1(VS2003).For each windows service an msi installer(set up project) is created to make installation easier.These installers are able to install windows services successfully in windows XP.But these installers unable to install windows service in WIN7 though I have admin privileges on the machine in which I am trying install them.While I am trying to install the windows service in win7, Through msi installer,installation is progressing till 90%.After that it is neither completing nor throwing an error.I am unable to understand what the problem is.
I tried following ways.
1.Opened cmd window in admin mode and tried to execute the msi with the command msiexec -i --Din't work
2.Right clicked on the actual exe(windows service exe) file and tried to run it in admin mode.--Din't work
3.Changed the UAC to never notify, restarted the machine and then tried to install--Din't work
4.Right clicked on both exe and msi and open their properties and changed the compatibility to lower version of windows and tried to install--Din't work
One thing I have noticed is that for all the custom actions of our windows service installer, primary output of our main project(exe) was given as input.I build the msi installer by removing all the custom actions.Then i tried to install it in win7.Then it was installed.But during the installation system not prompted for account details (which is the actual case while installing windows service) and also the service was not appeared in services manager window.
I spent somuch time to identify the cause and resolution.But I dint find any posts on this issue.I suspect that the problem is with custom actions.But not sure.If the problem is with custom actions please let me know how to overcome it.
Please provide a resolution for this issue or share me if there are any links which talks about this.
FWIW, .NET 1.1 isn't supported on Win7. Also I'm guessing you are using InstallUtil custom actions to drive the setup of your .NET Windows Service. These are very fragile and you can eliminate all those brittle points by refactoring and using the ServiceInstall ServiceControl tables in MSI.
How does Windows handle security and software updates? I need to deploy software to several computers, which will be regularly updated. The update just downloads and runs the new installer. Obviously for the initial installation an administrator needs to run the installer, but after that is the installer white-listed to be run as a non-administrator? This is for XP and 7. The installer is an msi generated with WiX.
No, the installer is not white listed. Even if it were, the update is another installer. So the answer to your question: users will have to confirm elevation in UAC prompt.
Firefox and Opera are the examples. Every time an update is ready to be installed, the updater shows UAC prompt. Chrome on the other hand updates without UAC prompt, simply because it installs into user's profile which is not write-protected (I mean current user has full rights).
Firefox plans to implement a service to facilitate the update process. The service runs under system privileges, it can start the updater with system privileges without user consent for elevation, because it already has full access to the system. This is how antivirus software updates itself. Usually there are two processes: the service and the client which displays UI and communicates to the service.
In the case of MSI, there are system policies. For example, you can enable a policy according to which any Windows Installer-based installation will be run elevated. Usually patches (minor updates) are run elevated. There may exist a policy which controls major updates (where the old version is uninstalled and then a new one is installed), yet I am not aware of such.
I don't know WiX, but it is possible to generate an .msp patch for your existing installer package. If the MSI is properly filled out with an MsiPatchCertificate table, you can avoid elevation when patching.
More details here at MSDN: User Account Control (UAC) Patching, Patching Game Software in Windows XP, Windows Vista, and Windows 7
I have a Windows service app in C# and a setup project for installing the service. In the setup project, RemovePreviousVersion is set to true, and the custom actions are all set.
I upgrade the app by running the msi file which will have a higher version number than the installed version. While running the msi, I get a prompt saying the file is in use and asking me to Try Again, Continue or Exit. If I select Continue, the installation will go on happily and ask to restart at the end. This is all fine and expected.
However, I need to do the upgrade unattended by running the msi with msiexec using the /quiet option, which will fail and according to the log, the problem is due to file in use.
How can I install a msi unattended using msiexec if a file is in use? I am looking for a way of getting msiexec to work unattended rather than doing all the work myself stopping my service, etc.
Try your re-installation after stopping the previous running service.
control panel->Administrative tools->services
select your service from the opened service listing window and stop your service.
Hope this solves your problem.
I've written a bunch of VBScripts to install software (like SQL Server Express, WSUS etc.) on my Server 2003 boxes which has all been fine. I'm now adapting them to new Server 2008 boxes and they now won't run without bringing up the UAC prompt.
I know this is normal behavior, but is there any way I can disable UAC, run my install string and then enable UAC again?
Technet on UAC in Server 2008, in short use secpol.msc or gpedit.msc; you probably want to silently elevate ("No Prompt" is the actual value, the setting name itself varies depending on whether you're running as an administrator or a standard user) rather than disable UAC altogether. Disabling UAC turns off a number of other features, most notably some virtualization, which could break some of the programs you install down the line.