Re: Having problems creating a installer for my app due to permissions?
- From: Pep <pepaltavista@xxxxxxxxxxx>
- Date: Tue, 06 Nov 2007 03:05:43 -0800
Andrew Meador wrote:
I'm not sure about the specifics of whether admin rights are
required for installing MSI packages (I don't doubt it as I've always
had to install stuff using admin privelges), but that, in my mind, is
the way it should be. Users are not generally supposed to install
software on their own machines (in business networks that is). It is
an IT nightmare to allows users to put all kinds of crap on their
machines (including viruses, spyware, inappropriate apps, etc...).
Many business networks give users local admin rights to their own
machine, then user can install software, but for companies that are a
bit more tight on security, they usually only give their users User
level access, and thus they can't install software.
Which is how my clients have their systems setup but unfortunately
this does not prevent spyware and viruses installing to their w/
stations, only genuine business software :(
Well, true, some things can still get in and cause trouble, but it
does limit them and in some cases can outright stop them (depending on
what they are trying to do), like if the try to delete system files
that are accessable to an admin, but not to a user - the virus,
spyware, etc... would also run under the more restircted access of the
user. And yep, sometimes it does interfere with business software,
but, if the business software is written by authors taking these kinds
of issue into account, then everything should be good, or at least
better ;)
Wouldn't life be boring if everything worked the way it was supposed
to and nobody ever tried to rip the envelope apart :)
If you app is going to be put into larger companies, their IT staff
can push you MSI out via group policy, which would install the
software on the users machines, without the admins even having to go
the the users computer. This can be done for specific groups, all
users, etc... It can be limited to those who should be getting it is
my point.
If they don't utilize group policies to push software out to users
(or other remote install utilities), then their IT person would need
to be involved in the install - again, the way it typically should be.
It is good for IT staff to know what is going on users computers,
where it came from, that is has been scanned for malicious content,
etc... (a lot of which general users ofter don't check for).
Unfortunately the majority of our clients have hundreds of remote
national satellite offices all connected by the internet and no means
of doing remote administration. It's not my companies policy to get
involved in their administration plans, so we can do nothing about it.
Typically such large organizations, especially with so many remote
satellite offices are the ones that REALLY want to use remote admin
utilites. You might check further with their top IT people and see how
they currently handle such issues. They may give you some good ideas,
especially with respect to how they do it. It would seem odd to me
that they have their network restricted down, but have no way of
pushing software out by remote means. The idea of their IT people
running the country/world just to install software for users at
satellite offices would be crazy. Also, if they don't have a good
centralized administration or they don't push their software from the
central office (considering bandwidth issues - I wouldn't be
suprised), they may push this work down to IT people at the satellite
offices.
Unfortunately this is a set of large companies that have satellite
offices which all have their own separate broadband connections. There
is no company intranet.
What gets me peeved is when a company creates an install that
requires admin rights, and after the install, the regular user cannot
run the app because the application requires admin rights to run it.
This is typically due to not following through on allowing the Users
group proper access to the files, folders, and/or registry entires
created during the install. I often have to make file system and
Yep, seen this quite often :(
registry permission changes to apps like this so the users can ever
run them. I think you would be good to focus on that aspect. Make sure
your MSI sets up proper permissions on the files, folder, registry
entries, etc... so that the user can run the application after it has
been installed by an admin (physically or remotely). Also, make sure
the Start Menu folder that is created (if you have one) is setup for
all users, or icons setup for the specified users, or something. Just
make sure the group is not installed under the admin account only.
This also goes for desktop icons or quick start links.
Everything else is working fine, except we cannot install our own
software to their machines. So sadly it looks like we are going to
have to go back to the old method of allowing them to download a exe
file to their desktop and manually associate the application to the
file type when IE gets it's knickers in a twist :(
If there is no way around their installation issues, maybe create a
script that they could also download to automatically add the file
extensions. That would at least make it easier than talking them
through it all the time (at least in such detail).
Okay that sounds like a plan. I have not done a lot of work using the
microsoft installer so am still hopelessly in the middle of my
learning curve, so guess I'll have to do more investigation :)
Is it possible using this approach to get the installer to execute a
script to set the file associations in explorer as part of the
installation process?
I hope this gives you some ideas and helps out. I don't think you
clients would be upset that you are taking their security into account
so long as everything works good once they get it installed. 8)
Andrew Meador
Personally I think windows is lacking in this area. Users should be
able to install their own local software without affecting the global
o/s. Isn't this is what the separate user hives are about?
I still disagree here - I have had too many users download and
install software that I don't want in my network (bandwidth suckers,
illegal licensing, etc...) Yep, I'm a control freak, and I can't be if
they can install whatever they want. Plus, for issues like this, I
have scanners that watch their file systems for rogue files and remove
them as well - if I didn't want their downloaded exe to run I'd add it
to the list to be killed.
Sounds like you have things under your complete control :)
Fortunately for me, most of the people working on my network at work
are nix developers and administrators so we tend not to download too
much eye candy and bandwidth hoggers. Now at home it's a completely
different ball game, there anything seems to go and the only control
freaks are my girls and missus :)
Have you ever tried denying your missus the complete admin rights to
both her computer and yours?
Perhaps I should write our software installer like a virus or spyware
and then the users will have no problems, LOL- Hide quoted text -
- Show quoted text -
.
- Follow-Ups:
- Re: Having problems creating a installer for my app due to permissions?
- From: Andrew Meador
- Re: Having problems creating a installer for my app due to permissions?
- Prev by Date: Re: decimal oddity
- Next by Date: Installer project
- Previous by thread: Re: Having problems creating a installer for my app due to permissions?
- Next by thread: Re: Having problems creating a installer for my app due to permissions?
- Index(es):
Relevant Pages
|
