PDA

View Full Version : New installations



elriba
12-04-2012, 09:37 AM
Hi,
I have an Inventory system. Up to now (Dec.2012) I simply install it into the C:\ERP\BIN folder. I install the ODBC drivers (Sybase ASA), and a couple of OCXs.

There is a project now to use Active Directory, and I'm guessing that my simple installation procedure has to change.

So far my tests with my current installation procedure have been unsatisfactory in that I need to log in as administrator for my program to run, and then it also loads very slowly for some reason.

Do you guys have a recommended installation procedure for windows 7 and active directory?

Best regards,
Edgard

linder
12-04-2012, 09:47 AM
Hi Edgard,

if your program needs adminstrator execution level privileges to run correctly then this has nothing to do with your installation procedure. It seems to be an application design issue; is your application UAC-aware at all?

The following is a very brief description of how to make an application "UAC-aware" and Win7-compliant:

-- Standard Application:

1. Embed an UAC manifest into your main application (.EXE). A manifest basically tells Windows how aware the program is about the recent Windows versions (and disables "Virtualization" and unwanted legacy Installer Detection Technology). You should include a manifest for Windows 7 because it's fully backward compatible with all previous Windows versions.

2. Request "asInvoker" execution level privileges through the manifest for your application.

3. Code-sign all your application files (e.g. .EXE, .DLL). Use a certificate signed by a CA, e.g. Comodo, VeriSign, etc.

4. Your application should not depend on any administrative APIs. Administrative APIs are APIs that never work without elevation. For example, the RegSaveKeyEx API. Or ACL manipulation APIs, etc..

5. Do not write per-user information or user-writable information to the Program Files folder tree.

6. Do not write to any other protected Windows area (e.g. the OS drive root folder, the "Windows" folder tree, etc.).

7. Do not write to the HKEY_LOCAL_MACHINE or any other protected registry key.


-- Standard Installation:

1. Use an UAC-aware installation system. By default, installations run elevated.

2. Install applications per-machine (all users) and store per-user data in different locations.

3. Do not install Quick Launch shortcuts.

4. Never write to per-user locations from the elevated running installer. That means, never write to the HKEY_CURRENT_USER registry key or to per-user file locations.

5. Launch applications non-elevated at the end of the installation process.

6. Code-sign the installer. Use a certificate signed by a CA, e.g. Comodo, VeriSign, etc.

Note: if you have to install "per-user" data, install it to a common location and as a "first run" action of your main application, copy the data from the common location into a per-user location.

Respect the recommended (default) locations for applications and data files, but provide users with an option to select another installation location for both. A true "Mixed User Application" should work elevated and non-elevated.

That's it :-)

Hope this helps a bit.

Friedrich

elriba
12-05-2012, 01:29 PM
Goodness :-)

Thanks for the information. I'm completely ignorant on all of these issues....

A few questions:

> 5. Do not write per-user information or user-writable information to the
> Program Files folder tree.

Up to now I have had a BIN folder and a DATA folder (i.e. C:\ERP\BIN and C:\ERP\DATA respectively). If I understand correctly, then I'm doing it wrong with respect to the DATA folder. Since I shouldn't use C:\ERP\DATA, where should I put the program's data and configuration files?

What does it mean that the "installer runs elevated"?


I guess I need to do a lot of reading..... I have NO IDEA how to write a UAC manifest, or even what it looks like :-) Can you suggest links, or documents for learning about this?

Edgard