Revisited: Vista and the post-install run
June 4th, 2007 by Paul RobertsA while back I wrote about problems that can occur with an installer’s “post-install run” option under Vista. Actually, it would be more accurate to say that the problem isn’t unique to Vista, but that Vista makes it much more likely to occur. Anyway, here’s a quick reminder of that whole issue:
- Installers generally have to run as an elevated administrator account under Vista. This may not be the same account that will be used when running the actual program in day to day use. If the installer launches the program, then the program will be running as the administrator, NOT as the “end-user” account. Assuming the program has per-user settings, then the first run will store them under the administrator account. When the “end-user” next runs the program under their own account, those settings will appear to have vanished, and it’ll look like a bug.
- If the installer launches the program, the program will inherit the full elevated administrator privileges given to the installer. From a security point of view, this is not the best idea.
Now there have been lots of attempts at a solution, but most of them either plain don’t work or introduce unwanted side-effects of their own. Finally however, someone has come up with a solution that gets it right:
http://www.codeproject.com/vista-security/RunNonElevated.asp
Essentially it involves getting the shell to load up a custom DLL that handles the launch. Since the DLL is part of the shell process, the app always launches with the same account and elevation state as the active session, and so gets it right even in the case of an over-the-shoulder admin install. It’s a really elegant approach to the problem. I just wish Microsoft had thought to do this for us and save all the head-scratching!
Once I’ve thoroughly tested this I’ll be including it in the installers for our next round of releases.
You must be logged in to post a comment.