Inno Setup : how to integrate admin credentials in the installer - windows

I want to create an installer that:
- install a software package
- copy a host file in the user system
without any user installation except launching the installer.
I need this installer to run as admin but I do not want to disclose the admin login/password to users but instead I want to embed it in the installer itself. How can I insert the admin credentials within the installers, please ? Is it even possible ?
I've looked into the forums but did not find what I'm trying to do.
Thank you for your help and support,
Fred

You basically need this:
Make Inno Setup installer request privileges elevation only when needed
(the old code in the second part of my answer with an explicit code for the elevation for Inno Setup 5)
Except that instead of simply re-running the installer with runas verb (which needs entering the Administrator credentials manually), you need this:
Inno Setup run/execute code as another user

Related

Add Administrator/UAC icon/sign to Inno Setup installer icon

I installed an application that only extracted the files without being really installed to the system so I created my own setup.exe. Now I wonder why there is no Admin sign in front of the .exe.
This is what i get:
and this is what normally a Setup installer looks like:
I can't find the needed code on the Inno Setup website.
I hope you can help me out what code I would have to add. (Yes I know I could just make another icon just for the setup but just adding some code would be much nicer. InstallForge does it automatically but Inno Setup just has better options for registry entries)
Best Regards,
Christian
Windows looks at the application manifest to determine if the executable requires UAC elevation.
Set the requestedExecutionLevel node in the manifest to requireAdministrator.
In Inno Setup you can set PrivilegesRequired to admin but that is already the default and it will not add the shield to current versions of Inno as far as I know.
If your installer is not signed you could perhaps use Resource Hacker to add/edit the manifest yourself.

Installing a software without admin privileges via Regedit

I want to install an application which is installing in AppData folder. Normally, they do not need admin rights but still my application is asking for permission. This is an Excel Add-In exe file.
I have tried by using a bypass method, by adding a batch file.. All these did not work for this. I can`t change the privileges of a machine and I need to do modification for the setup only.
Now I`m trying to install this via regedit. I want to add a batch file to the setup. Anyone know how to do this?

How to make the setup.exe from a VS2010 Setup Project ask for Admin Privileges?

I have a problem which I guessed would be really simple to solve... but duh.
I'm deploying a .NET application with VS2010. I have a C# Windows Forms project and a Deployment Project. I need the installer to run with admin privileges because the app is installed for all users and an entry to the registry is made.
When starting the setup.exe I'm not prompted for privilege elevation. The installer will just start and suggest to install to Program Files (x86) which is good. After clicking next the installer runs and finished with a success message. Which is basically a lie because it did not successfully install. Instead it puts the apps exe directly to C:\.
How can I make the installer ask for admin privileges. Or do I have to rely on my customer to right click the setup and select "Run as Admin" which is very error prone?
Clarifications about my setup:
In the File System view of the setup project I added (among other things) "Primary Output from project01 (Active)" and "Build Outputs from project01 (Active) to "Application Folder". I also added a shortcut to "Primary Output" into "User's Programs Menu\CompanyName\ProgramName".
In the Registry View I added an entry to HKEY_CLASSES_ROOT because I need to register an url handler.
I also modified the setup's settings: I set InstallAllUsers to True because it is supposed to do so.
When I build and start the setup.exe by double clicking (or by selecting Install from the project's context menu) I always get the same result: The installer runs without asking for admin privileges, ask for an install location (which I leave at the default C:\Program Files(x86)\Company\ProgramName) and then procedes after clicking Next. As a result, the exe is put directly in C:\ and the shortcut created of course points into Nirvana.
If I run the setup.exe manually as Administrator things work fine. But this cannot seriously be the way to go.
So how can I tell the setup to always run as Admin?
I think this is a perfectly valid question, is a real problem, and has an actual explanation.
I recently ran across this problem. In my case, the cause is that the AlwaysInstallElevated policy was set on the computer through GPO. The policy was set to 1 in the per-machine policy and 0 in the per-user policy. These policies can be manually set to reproduce the effect it has on MSI installers
Using msexec /log install.log /i Deploy.msi, I had a setup log and there were strings in it like this:
MSI (s) (A4:8C) [13:00:42:885]: Ignoring disallowed property TARGETDIR
MSI (s) (A4:8C) [13:00:42:885]: Ignoring disallowed property VSDNETURLMSG
MSI (s) (A4:8C) [13:00:42:885]: Ignoring disallowed property VSDNETMSG
It seems that Visual Studio does not set the SecureCustomProperties in the MSI correctly and post processing of some sort is needed. I think that moving to WiX may be a better long term solution instead.
A blog post on MSDN is what I found that helped me find the root cause to this problem.
I've come across the same issue as you, and have found a good enough solution for it. So it might work for you too. The solution is documented here:
VS2010 Setup Project - Run As Administrator
I will re-iterate the solution briefly here. Basically, you need to manually edit the setup project file (.vdproj) and the following property to TRUE:
"MsiBootstrapper"
{
...
"RequiresElevation" = "11:TRUE"
}
When starting the setup.exe I'm not prompted for privilege elevation.
This is the normal behavior. The boostrapper doesn't need elevation.
Which is basically a lie because it did not successfully install.
Instead it puts the apps exe directly to C:.
So it did install your application, but in the wrong location. This is not related to elevation. In the File System editor in your setup project where did you add your application files? Did you add them in "Application Folder"?
How can I make the installer ask for admin privileges.
A MSI package installed for all users automatically prompts for elevation when clicking Install button. If it doesn't elevate automatically and installs in a per-machine location (like C:), the installation fails and nothing is copied on the target machine.

Inno Setup: How to get current user directory when running installer as admin?

I need to write a ini file to the current user's directory in Windows 7 (C:\Users\CurUser). CurUser is not an admin. My installer requires admin privileges. So my setup looks like this:
[Setup]
PrivilegesRequired=admin
When I run the installer it prompts for the admin to login. From that point on, all the user constants, userappdata, etc, are C:\Users\AdminUser... So I need a way to find the CurUser when running the install as AdminUser.
Code examples are appreciated. Thanks.
All user specific files/settings that the app requires should be written by the app if they are found not to exist.
If it needs to come from the setup, you can write it into a global location as a "default" for the app to copy or use.
This also means your app will work for ALL users on the system rather than just the user that ran the setup.
You should split your setup into two parts. The first non-admin part writes the ini file to the current user directory and it calls the second setup part which requires admin priviliges.
In my case, I just switched to {commonappdata} instead of {appdata}, as my data was the same for all users.

Install files to original user's My Docs folder via Inno Setup on Windows Vista/7

In the [Run] section of an Inno Setup script, there's a flag runasoriginaluser that allows the script to run a process as the original user:
the spawned process will execute with
the (normally non-elevated)
credentials of the user that started
Setup initially (i.e., the "pre-UAC
dialog" credentials).
Is there an equivalent flag or workaround for the {userdocs} shell folder constant?
This is apparently a known limitation within Inno Setup (and other installers, generally), but I'm hoping someone knows a workaround.
Excerpt from the Inno Setup help file:
The "user" constants refer to the
profile of the user running Setup.
This user is often not the same as the
currently logged-in user, so use the
"user" constants with caution.
The workaround I came up with was using an external script to perform the data copy and calling the script using the ExecAsOriginalUser function in the wpReady page of the NextButtonClick event function.
I'll provide more details if anyone is interested.
Your approach is not correct.
There two correct ways:
If the installer installs the application for the current (unprivileged) user only, do not require Administrator privileges, by setting PrivilegesRequired to lowest:
[Setup]
PrivilegesRequired=lowest
Then the "user" constants will correctly refer to the current user's folder.
If the installer installs the application for all users, it does not make sense to put some files to folder of one specific users. All users need the files, not just the one. In this case the recommended approach is to install the files to "Common" folder, using the {commonappdata} constant (or similar). And have the application copy the files to the user folder on the first run.
See also How to write to the user's My Documents directory with installer when the user used 'Run As Administrator'.
You can also allow the user choose between these two approaches.
See Make Inno Setup installer request privileges elevation only when needed.
For another similar questions, see
Inno Setup Using {localappdata} for logged in user
Inno Setup always installs into admin's AppData directory
Having that said, you can, as you have found yourself, by execute an external copy utility (copy, xcopy, robocopy) using the ExecAsOriginalUser function (or the runasoriginaluser flag in the [Run] section).
ExecAsOriginalUser(
'cmd.exe', '/c xcopy.exe "sourcefile" "%APPDATA%"',
'', SW_HIDE, ewWaitUntilTerminated, ResultCode);
For more detail on this approach, see a similar question Inno Setup Creating registry key for logged in user (not admin user).
Though, if the installer was started elevated straight away (as opposite to elevating itself), the above won't work. And it cannot work in this scenario anyway. See How to write to the user's My Documents directory with installer when the user used 'Run As Administrator'. For this reason, stick with the approaches described above.

Resources