I have a single executable which, via InnoSetup, installs into Program Files\FolderName by default. The exe has a 3rd party component which goes online to check for new versions and downloads them, then does a bit of fiddling to replace the exe - simple stuff. The problem is, it can't do this in Program Files because of the necessary security there. I was reading Windows 7 - Can't update my program's files in C:\Program Files in which David Hefferman gives a solution but then seems to say it's a bad idea - but I don't know whether the bad idea bit refers to his solution or to the OP's comments!
So what is the preferred method by which a program can update itself? One that will work on XPSP3 to Win8. I can't seem to find the right phrase to enter into Google that gives me relevant results. Ignore digital signatures and suchlike for now, for simplicity.
(Please note, it may look like I worded that as an opinion question but it's not - there must be some MS-endorsed way of doing it that I can't find. FWIW this is a Delphi program but any Win32 notes will do)
That 3rd party update utility needs to be run with administrative privileges, you can achieve that programmatically.
There is nothing wrong with installing your application in Program Files, that is the designated purpose of this folder. However, user data that is used by the application should be stored in a different location.
However you run that 3rd party Utility, you should first check the Windows OS version to see if fiddling with UAC is really necessary(Vista+...) and then run the utility in the elevated state.
He says its "extremely bad practice" to fiddle with your system so that normal users can write in "Program Files".
If your program is in "Program Files" it's installed with System Admin rights. So updates need also be installed with System Admin rights.
You can configure InnoSetup to request admin-rights so you can write to "Program Files" but if the 3rd party component does not do this its best to install everything in an other directory.
i.e. C:\Your_Program
That way your 3rd party component can write there.
There are several options here:
The easiest: make updater as a separate program with manifest, which requires admin privileges. Also you can ask for admin privileges when you start your updater. Or you can move your updater into out-of-process COM object instead of separate exe.
You can create hidden user with admin rigths during installation of your program. Then you will run your updater with credentials of this user.
You can install system service during installation of your program and this service will run from system account. So your updater will be implemented as a service.
Related
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 8 years ago.
The community reviewed whether to reopen this question 10 months ago and left it closed:
Original close reason(s) were not resolved
Improve this question
I've been thinking of rolling my own code for enabling my Delphi application to update seamlessly as I'll be going for "release often, release early" mentality furthermore. There are various Delphi solutions (both freeware and paid) out there and I'd like to ask if you've been using any of them or simply went on with your own solutions in this area. Any comments on the auto-update topic are welcome.
What ever scheme you use, it may be handy to know that you can actually rename a running .exe file. So rename file, copy in new file works nice. And the next time someone launch the program they will launch a the new version. This is ofcourse very handy in enviroment where many users run the same .exe file, like in citrix/terminal server/network share cases.
Years ago I wrote a simple tool which is started instead of the real program, checks for updates, loads and installs them (if any are available), and finally starts the real application.
There are however problems with that approach if your program works in a properly administered environment, where users normally don't have write access to the program directories. You can no longer simply update your own program in such environments. That's why a lot of programs these days come with their own updater tool, which can be installed to run with elevated permissions, so that program updates can be applied even though only standard users do ever log on to the system.
You have to decide whether your target audience can be assumed to run on power user or administrator accounts, or whether you will have to deal with above-mentioned problems. With Vista things got considerably harder already.
With all these problems (net access over proxies, missing write permissions for installation directories, the need to update files that the updater itself is using - just to name a few) I wouldn't try again to code this on my own. Much better to check if any one of the available solutions does all you need it to.
I use the Synapse routines GetHTTP to return a specific resource, and if found then check against the local system to see if an update is required. If so then the resource tells me what page to go to launch and I throw the URL into shell execute so the users
preferred browser is displayed.
Most of the time the download is a setup program created by InnoSetup which updates the users system and database to the latest version. When a new "paid" upgrade is needed, I then send the user to a "purchase upgrade" form. My web resources are ASP pages, so I can redirect to a different resource based on the customers version number.
For the main application (our application has a server piece, and a client piece) I have a loader which will check the server to see if the version of the client file on the server is different than the version on the client...if so, it prompts the user if the user wants to update/revert. We chose to prompt the user as sometimes an accidental bug might make it into the system and the user has to downgrade/upgrade only specific machines to help troubleshoot. I maintain a database record with the minimum version required which is updated via the database patch, so if a version must be retired then the record is updated accordingly.
I created my own solution too based on Indy for downloading and http://sourceforge.net/projects/makeupdate/ for file patching.
Before that I have used and tried several commercial tools, but no one was doing exactly what I needed.
I use TmxWebUpdate. It's free, simple and gives you good control over the process. I actually own TMS Component Pack with TWebUpdate but never really found a good reason to switch.
Edit: Link updated
We rolled our own as well. Its really not too difficult.
Our process goes something like:
When the main app is launched, it checks (using funcs from the synapse library) if there's an update available (assuming its configured to check, of course).
If so, it notifies the user and askes if they want to update.
If they do, it launches an updater .exe, and closes the main app.
The updater exe downloads the new files based on the contents of a text file it retrieves, keepiing the files in memory.
When the updater is done downloading everything correctly, it then saves the downloaded files to disk, backing up any files it replaces. This way if the download gets interupted, you dont end up with half the files installed.
Finally, it launches the main app again, and closes itself.
The trick w/ Vista is that you need to have an entry in the updater program's manifest to force it to run with administrator rights.
Normally we use the third party tool. But in some situations it was not usable so I created an own solution, which was pretty standard:
Get xml (or any other format) with update info.
If newer files are published, download and install them.
I use TWebUpdate . It works ok and has a ton of interesting options, but documentation isn't so great and I did bump into a few problems - which is why I download a full installer, instead of just the files...
I will be keeping an eye on this question, btw...
We use our own solution which follows these steps:
Application connects to http resource and downloads info file (ini text file) to memory, checks version number of newest release.
If newer version available, app downloads compressed binary package to exe location.
When download is finished, user is asked to restart application.
Upon start, application checks for presence of update package
App extracts package contents (usually a new app exe, but additional resources possible as well, e.g. updated language files etc.) - for each file it renames the current/old file to a temp name first, then extracts the new file. If the process fails at any point, the temp files are restored.
When finished, app executes new exe and closes itself.
No additional updater needed, the app exe can handle it all by itself.
For the compressed package we use our own update builder.
The package contains an index of files with a file hash, destination folder (relative path to main exe) and the compressed files.
During update we compare the stored hash with the extracted file to detect corupted files.
With Vista I see two solutions to enable Standard User Accounts to actually update the applications files:
Configure your setup to change permissions of the programs installation directory. This way files in "C:\Program Files (x86)\Your Company\You App" can be modified on Accounts with limited rights.
Example code for InnoSetup would be:
[Dirs]
Name: "{app}"; Permissions: users-modify
Install files that you plan to update to the ProgramData folder instead of the user defined directory and use this directory as an override folder. If files exist in ProgramData, use those, else check in install dir.
InnoSetup code:
[Files]
Source: "C:\Your Project\YourApp.exe"; DestDir: "{commonappdata}\Company Name\App Name\";
Same as "stg" and "GuyWithDogs", I'm using TWebUpdate from TMS. Although the documentation isn't so great, Its not so difficult to learnt.
With TWebUpdate, you have some options what the protocol you use, it could be done via HTTP, FTP or network access.
For communication layer, TWebUpdate uses WinInet. In some machines, the windows / IE URL cache can be frustating, so I've added a routine to clear the auto-update server address from cache first to ensure the information gathered from the server is up-to-date.
I have made a simple installer application in Delphi, nothing fancy. Basically I include files into the Exe, and then extract them to a user specified path.
I stumbled across a problem however, and I have noticed this works with ANY Windows Executable, it does not matter if it is an installer or not.
If an Exe is named, or contains the following words in the filename, "Setup", "Build", "Install" and maybe others, then.. whenever the Application is run and closed, Windows pops up a Product Compatibility Assistant dialog, saying the Application may not have installed correctly.
This is a problem, as even though the Files from my installer have actually extracted, and in my eyes the installer has done its job, Windows is complaining about it.
The only idea I have regarding this, is that Windows must check the filename of the Applications when executed, and in this case has identified it as an Installer. Windows must of then set a flag or something on the System, my Installer must then update this flag to say that the installation was a success?
Windows does not complain about this when debugging from the IDE, so it cannot be code related, it must be the OS - this only happens when launching the Application from Windows, not Delphi.
You can try this easily, either create an Application or rename one as Setup.exe, Run it and then close it - wait a few seconds and the Product Compatibility Assistant Dialog will show.
I don't know where to start investigating how to stop this dialog, or where a setting may be to tell Windows the Installer was completed correctly.
Appreciate your thoughts and solutions thanks.
If I recall correctly, this happens when your install app does not include an application manifest. When UAC was introduced, MS introduced a heuristic detection for installers and shows the UAC elevation dialog. The heuristic checks for names like setup.exe, install.exe. The simple solution is to include an application manifest. If it is an installer you probably want to use the requireAdministrator setting.
The feature is known as Installer Detection and is discussed here.
For what it is worth, I would always build an installer with a dedicated install tool like InnoSetup for example.
As David pointed out, MS uses some fuzzy logic to try to guess if the program is an installer. I wouldn't rely on this, as this is only for supporting legacy installer applications.
All new applications should have a manifest file, specifying whether it requires elevated privileges.
If an application has a manifest file that includes the requestedExecutionLevel directive, then Windows does not attempt Installer Detection.
Any program that is detected as an installer program but does not add a registry entry to the Add Remove Programs section of the registry (HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall) will get the message "This program might not have installed correctly".
I'm using D2010 under Windows 7 to write an app that seems to require admin rights (I think because it uses COM to communicate with a third party .exe, which also requires admin rights).
I've added the manifest resource as required, but when I try to debug the app from the IDE, it reports
"Unable to create process. The
requested operation requires
elevation"
...and it won't run. If I run Delphi as administrator, then my app runs correctly, but this feels like a dangerous brute force approach, especially as most of the apps I develop don't need admin privileges.
Is there any way of getting Delphi to prompt for elevation just when I run my app, rather than having the whole IDE run elevated?
UAC also catches any application that has the words "setup", "update" or "install" in their name or in many of the Version Resource fields. (Company name, App Name, Description etc.
It considers any such application to be a potential "installer" application and therefore must be run with Admin privileges.
Sounds crazy, but it's true. See the "Installer Detection" section in this document.
You can get around this by including a manifest that says that it doesn't need admin privileges.
There is none, it also doesn't work for VS:
https://stackoverflow.com/questions/3265787/how-do-i-debug-an-process-as-elevated-with-visual-studio-2008-sp1-on-windows-7
I guess you could run the remote debugger elevated and attach the IDE using remote debugging though.
It doesn't work, because the process is running as another user (or using another user token).
The IDE is trying to run the debugging process using CreateProcess and that fails when the application requires elavation, more details can be found in this article:
http://www.codeproject.com/KB/vista-security/UAC__The_Definitive_Guide.aspx
RAD Studio could run the application using ShellExecute with the "runas" verb, but this still doesn't solve the "debugging process under other user context" issue.
In other words: An elevated process can only be debugged by an elavated debugger.
Edit:
The Delphi XE2 IDE is 32-Bit and can debug 64-Bit applications only through the remote debugger (which is cleverly hidden from the user).
I guess Embarcadero could make it possible to debug elevated applications in a similar fashion.
The only way I know to debug such an app is to run the IDE as administrator. I wouldn't recommend doing this routinely, just for debugging sessions.
Actually it may be possible to debug a process with "higher level access" from a process with "normal level access".
At least until Windows XP it is sufficient to add your user account to the Debugger Users group to debug processes running e.g. with Administrator privileges.
That doesn't solve Delphi 2010s problem to run the process at all, but may be useful if you try to attach the debugger to a already running process.
I don't think this works on UAC enabled Vista+, but I thought I'd mention it anyway. :)
To be exact the UAC split token concept disables the SeDebugPrivilege:
http://blogs.msdn.com/b/greggm/archive/2006/03/30/565303.aspx
http://blogs.msdn.com/b/mithuns/archive/2006/04/04/568291.aspx
Run Delphi (any version) as Administrator.
You can change Delphi shortcut properties also (to run it always as administrator).
We have a suite of programs that check for new versions at startup, and then download new versions to run if required. This is obviously a problem in Windows 7, when it is locked down as a 'standard user', as they can't write to the c:\program files directory and below. Anyone seen a example of an application that gets around with issue ?
Our applications are written in Delphi, but an example in any language would be useful.
Thanks in advance
Update:
We already have a system for determing whether a new version exists, the only problem is the download and install (if required), as this requires elevation. I can't think of a way that doesn't require an elevation prompt, or our users to reduce their security settings.
Update 2 :
I've asked a subsequent question, rather than adding a new one here
There are two options for application installation:
Application is available for all users: installation or update requires elevation for Windows Vista and up
The application is available for one user: install or update the application in the user profile in %LOCALAPPDATA%, no elevation is required
Ad 2: Google Chrome does this. It installs the .exe here:
%LOCALAPPDATA%\Google\Chrome\Application\chrome.exe
--jeroen
Typically what you will see an application do if it needs to escalate permissions is something like this.
Application determines if upgrade is needed
Application launches an "updater" service that requires "Administrator" permissions
Application updates itself with this updated
Application re-starts
This is a pretty common scenario, especially since to update your own DLL you need to go to a secondary process anyway.
Here are some tips for you to get around updating challenges:
If your file is names 'update.exe' or 'install.exe' then it will automatically force a UAC elevation prompt. This is an easy way to make existing software bypass Windows Vista/7 permissions.
It is not a good idea to have the update checking and update process managed from within your application. The problem is that your app is likely to lock files and need updating itself. An external app should manage your updates.
The simplest update solution is to make an HTTP call that checks for the current product version number, and then download the installer binary if necessary. This won't give you any flexibility in updates, but it is a quick and easy solution.
Our company sells software that specifically helps with automatic updates on Windows 7 UAC (you can visit AutoUpdate+ by clicking here: link text). The best reasons for using a third party solution - any solution - are that you will have more flexibility with your updates and also avoid the finicky challenges of supporting different Windows releases.
Or you can have it so that the user runs a launcher app.
The application uses the LOCALAPPPATH\ folder to store a cache of the main application.
Launcher checks to see if the internet has newer version of file(s) than the cached file.
Launcher launches the cached application in LOCALAPPPATH
Your app can check if a new version is available on the remote server. If it does, then it can download update files in one of user-specific folders, like user's temp folder. You can get address of such special folders using SHGetSpecialFolder API function.
Once the download is done, you can pop up a dialog box telling user that you are ready for update. If user agrees with update, then you can run the updater process with elevated privileges (as administrator), and updater process can replace existing files in your installation path with the ones already downloaded in user Temp folder. To run your updater as administrator, you can use ShellExecute:
ShellExecute(0,'runas','notepad.exe',nil,nil,SW_SHOWNORMAL);
When updating is done, your updater process can restart your app.
You need to have a separate executable to the updating work. The updater needs to have a manifest that marks it as requiring elevation.
See: http://msdn.microsoft.com/en-us/library/bb756929.aspx
If your application uses MSI (Windows Installer) for its installer, then User Account Control Patching, if properly configured, can let you install updates without elevation.
If your installer wasn't run under admin - you don't need any additional rights to install update.
If your installer was run under admin - then it can create a task in Task Sheduler. Say, run this task once a week, under this account (admin) and with highest privs. Task will be your updater. Simple.
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 8 years ago.
The community reviewed whether to reopen this question 10 months ago and left it closed:
Original close reason(s) were not resolved
Improve this question
I've been thinking of rolling my own code for enabling my Delphi application to update seamlessly as I'll be going for "release often, release early" mentality furthermore. There are various Delphi solutions (both freeware and paid) out there and I'd like to ask if you've been using any of them or simply went on with your own solutions in this area. Any comments on the auto-update topic are welcome.
What ever scheme you use, it may be handy to know that you can actually rename a running .exe file. So rename file, copy in new file works nice. And the next time someone launch the program they will launch a the new version. This is ofcourse very handy in enviroment where many users run the same .exe file, like in citrix/terminal server/network share cases.
Years ago I wrote a simple tool which is started instead of the real program, checks for updates, loads and installs them (if any are available), and finally starts the real application.
There are however problems with that approach if your program works in a properly administered environment, where users normally don't have write access to the program directories. You can no longer simply update your own program in such environments. That's why a lot of programs these days come with their own updater tool, which can be installed to run with elevated permissions, so that program updates can be applied even though only standard users do ever log on to the system.
You have to decide whether your target audience can be assumed to run on power user or administrator accounts, or whether you will have to deal with above-mentioned problems. With Vista things got considerably harder already.
With all these problems (net access over proxies, missing write permissions for installation directories, the need to update files that the updater itself is using - just to name a few) I wouldn't try again to code this on my own. Much better to check if any one of the available solutions does all you need it to.
I use the Synapse routines GetHTTP to return a specific resource, and if found then check against the local system to see if an update is required. If so then the resource tells me what page to go to launch and I throw the URL into shell execute so the users
preferred browser is displayed.
Most of the time the download is a setup program created by InnoSetup which updates the users system and database to the latest version. When a new "paid" upgrade is needed, I then send the user to a "purchase upgrade" form. My web resources are ASP pages, so I can redirect to a different resource based on the customers version number.
For the main application (our application has a server piece, and a client piece) I have a loader which will check the server to see if the version of the client file on the server is different than the version on the client...if so, it prompts the user if the user wants to update/revert. We chose to prompt the user as sometimes an accidental bug might make it into the system and the user has to downgrade/upgrade only specific machines to help troubleshoot. I maintain a database record with the minimum version required which is updated via the database patch, so if a version must be retired then the record is updated accordingly.
I created my own solution too based on Indy for downloading and http://sourceforge.net/projects/makeupdate/ for file patching.
Before that I have used and tried several commercial tools, but no one was doing exactly what I needed.
I use TmxWebUpdate. It's free, simple and gives you good control over the process. I actually own TMS Component Pack with TWebUpdate but never really found a good reason to switch.
Edit: Link updated
We rolled our own as well. Its really not too difficult.
Our process goes something like:
When the main app is launched, it checks (using funcs from the synapse library) if there's an update available (assuming its configured to check, of course).
If so, it notifies the user and askes if they want to update.
If they do, it launches an updater .exe, and closes the main app.
The updater exe downloads the new files based on the contents of a text file it retrieves, keepiing the files in memory.
When the updater is done downloading everything correctly, it then saves the downloaded files to disk, backing up any files it replaces. This way if the download gets interupted, you dont end up with half the files installed.
Finally, it launches the main app again, and closes itself.
The trick w/ Vista is that you need to have an entry in the updater program's manifest to force it to run with administrator rights.
Normally we use the third party tool. But in some situations it was not usable so I created an own solution, which was pretty standard:
Get xml (or any other format) with update info.
If newer files are published, download and install them.
I use TWebUpdate . It works ok and has a ton of interesting options, but documentation isn't so great and I did bump into a few problems - which is why I download a full installer, instead of just the files...
I will be keeping an eye on this question, btw...
We use our own solution which follows these steps:
Application connects to http resource and downloads info file (ini text file) to memory, checks version number of newest release.
If newer version available, app downloads compressed binary package to exe location.
When download is finished, user is asked to restart application.
Upon start, application checks for presence of update package
App extracts package contents (usually a new app exe, but additional resources possible as well, e.g. updated language files etc.) - for each file it renames the current/old file to a temp name first, then extracts the new file. If the process fails at any point, the temp files are restored.
When finished, app executes new exe and closes itself.
No additional updater needed, the app exe can handle it all by itself.
For the compressed package we use our own update builder.
The package contains an index of files with a file hash, destination folder (relative path to main exe) and the compressed files.
During update we compare the stored hash with the extracted file to detect corupted files.
With Vista I see two solutions to enable Standard User Accounts to actually update the applications files:
Configure your setup to change permissions of the programs installation directory. This way files in "C:\Program Files (x86)\Your Company\You App" can be modified on Accounts with limited rights.
Example code for InnoSetup would be:
[Dirs]
Name: "{app}"; Permissions: users-modify
Install files that you plan to update to the ProgramData folder instead of the user defined directory and use this directory as an override folder. If files exist in ProgramData, use those, else check in install dir.
InnoSetup code:
[Files]
Source: "C:\Your Project\YourApp.exe"; DestDir: "{commonappdata}\Company Name\App Name\";
Same as "stg" and "GuyWithDogs", I'm using TWebUpdate from TMS. Although the documentation isn't so great, Its not so difficult to learnt.
With TWebUpdate, you have some options what the protocol you use, it could be done via HTTP, FTP or network access.
For communication layer, TWebUpdate uses WinInet. In some machines, the windows / IE URL cache can be frustating, so I've added a routine to clear the auto-update server address from cache first to ensure the information gathered from the server is up-to-date.