.NET - How are applications able to update themselves when UAC is enabled (Windows7/Vista)?

3
votes

Here's the scenario:

I wrote an application and created an installer from the Visual Studio Installer project (I produced an MSI file). I installed the application into the Program Files directory as an administrator.

When a user uses the application I was hoping it would be able to auto-update itself (without bothering the administrators). Now, Windows 7 and Windows Vista have UAC to protect the Program Files directory. So, I'm not really sure where to go from here.

I think I read somewhere that ClickOnce is able to install updates to the application without bothering the user for administrative permissions.

  1. Are there any apps out there that can assist with auto-update?
  2. If there are apps out there like that, how are they able to bypass the elevated permissions? Basically, wouldn't it be possible to replicate what these applications do in .NET (C#) somehow?

I'm really just hoping for an easy way to use an MSI file to do a silent update because I don't want normal users to have administrative access and I don't want administrators to be bothered with this task. Also, obviously things can't be hardcoded in because usernames and passwords could easily change.

3
.netwindows-7windows-vistawindows-installeruac
ClickOnce apps are not installed into c:\program files. So that makes it easy. Google Chrome is another example, installed in C:\Users\YourName\AppData\LocalHans Passant

3 Answers

6
votes

It is possible to update your application using MSI without requiring Admin privileges IF the installer and update package are signed using the same digital certificate.

This is called UAC patching. This is the relevant page on MSDN.

6
votes

One thing you could do that would definitely work is create an update service running as localsystem. This one would bypass UAC for sure.

Another option (since installing a service might be seen as too invasive) is to schedule a task, again running as a localsystem via W7 task scheduler.

In either scenario, this must be done during install, otherwise UAC will get triggered again.

EDIT: I just thought of another way of handling it: you can do it Chrome style. Don't install anything into program files, keep all application binaries and data in user folder. This way you could upgrade at will with only user-level permissions and no UAC triggered

0
votes

ClickOnce doesn't install your application to program files (which is very annoying if anyone needs to try and find the folder later) which is how it avoids it. There aren't any ways to 'bypass' UAC, this is what I recommend you do: give ownership of your install folder to the local user with icacls and takeown, which is what Steam does to allow itself to install your games into it's folder.

Edit: You can also give ownership to the local user in code with SetSecurityInfo.