Vista and the “post-install run” problem
March 19th, 2007 by Paul RobertsI’ve recently made changes to the installers for three of our products, PromptPal, ColorCache, and PTFB. This forced me to take another look at the whole “run after install” situation on Vista.
If you’re not familiar with this issue, here’s the skinny: a feature of modern installers is the option to automatically launch the program as soon as the installation has completed. It saves you having to find the program’s icon on the desktop or go hunting for the right folder in the Programs section of the Start Menu. It’s a nice feature, but the current advice from Microsoft seems to be to get rid of it for Vista!
Why? Well there are two reasons:
- Installers generally have to run as an elevated administrator account under Vista. This may not be the same account that will be used when running the actual program in day to day use. If the installer launches the program, then the program will be running as the administrator, NOT as the “end-user” account. Assuming the program has per-user settings, then the first run will store them under the administrator account. When the “end-user” next runs the program under their own account, those settings will appear to have vanished, and it’ll look like a bug.
- If the installer launches the program, the program will inherit the full elevated administrator privileges given to the installer. From a security point of view, this is not the best idea.
These are valid concerns in a typical business environment, but it seems a bit harsh to me to have to drop the “run after install” feature completely because of them. After all, in the case where the end-user account is an administrator - which will be the case on most home PCs - the problems don’t really apply any more.
I guess the best solution to the problem would be this:
- Wrap the installer in a separate “extractor” program which is run by the end-user
- The wrapper extracts the the real installer to the temporary directory (for example) and launches it
- When the installer starts up, Vista’s UAC requests elevation to full administrator, and the installer runs in that account.
- If the option to run the program after install is chosen, the installer only sets a flag, maybe in the registry. It does not actually run the program itself.
- When the true installer finishes, the wrapper (which is still running) looks for the “run after install” flag and launches the program if appropriate. So the program gets its first run under the end-user account and there’s no problem.
There are drawbacks even with this approach though: it’d take extra effort to develop, it’d take extra effort at each release, and there’s a chance that the extracted installer would be left in the user’s temporary directory, as cleanup could be tricky - especially if the installer has to trigger a restart in order to complete its work.
Anyway, for the time being, I decided to just leave the “Run after install” in place even under Vista. It may cause problems in some situations, but for the majority of users I think it’s the right choice. Maybe later I’ll look into developing a wrapper, or maybe if I wait long enough it’ll start appearing as a standard feature of all installers and I won’t have to do it myself!
But the bottom line is that once again Vista has made the simplest of things unnecessarily complicated…
You must be logged in to post a comment.