Home   Groups   Digests   Personalise   Search   Login
  POV-Ray : Newsgroups : povray.beta-test : Windows Setup design : Re: Windows Setup design Server Time
2 Jul 2024 09:51:11 EDT (-0400)
  Re: Windows Setup design  
From: Chris Cason
Date: 28 Jul 2010 05:22:40
Message: <4c4ff6e0$1@news.povray.org>
 
On 28/07/2010 17:24, scott wrote:
>> I see many programs that install without admin rights.
> 
> That is not approved by MS though (hence they won't pass the Windows Logo 
> tests, binaries won't be protected, it could go all screwy if the user 
> profile is on a network resource, the installer might not work with
> future Windows updates/versions, etc).

Since you're such an expert, I suggest you write to the Windows Installer
Team and tell them that they ought to stop promoting this sort of behavior
then:

----------------------------------------------

Question: Can a non-admin user run an msi?

Answer: If you only install to locations where non-admins users have
privileges, then the answer is easy: yes.

If you install to locations such as program files or HKLM, then the answer
is -- they can with MSI if the package has been blessed by an admin to run
elevated. Otherwise attempts by the non-admin to write to program files are
going to fail. And additionally, a package can't self-elevate -- that would
be a security issue.

For the latter case, consult the documentation on MSDN: Installing a
Package with Elevated Privileges for a Non-Admin. This is basically what
Group Policy and SMS are for.

------------------------------------------------

This is at
http://blogs.msdn.com/b/windows_installer_team/archive/2005/08/01/451337.aspx,
and is what I've been saying all along: group policy sets install policy.

Here's some more info on installation, not that I expect you to read it as
you're already an expert, but for others following the thread it may be of
interest:

  http://msdn.microsoft.com/en-us/library/Aa369519
  http://support.microsoft.com/kb/259459
  http://forum.installsite.net/index.php?showtopic=6753

I'll also refer to this Microsoft documentation page:

  http://msdn.microsoft.com/en-us/library/aa369784.aspx

and in particular to this:

  http://msdn.microsoft.com/en-us/library/aa368304.aspx

which documents how administrators may use group policy to prevent
installation of non-elevated software (such as POV-Ray's MSI) but still
allow elevated installs, and this:

  http://msdn.microsoft.com/en-us/library/aa368309.aspx

which allows the admin to block per-user installs (which again applies to
POV-Ray's MSI).

Fundamentally, your accusation that we somehow are conspiring to bypass
admin control of corporate systems is nonsense. If we wanted to do that, we
would definitely NOT use the MSI install system, as it's designed
explicitly to provide such controls.

-- Chris


Post a reply to this message

Copyright 2003-2023 Persistence of Vision Raytracer Pty. Ltd.