wyUpdate and UAC

Hi,

is there a way how to allow update an application to common users (non-admin) ?

Application checks for updates, but when user wants to update it, application asks for Admin password, but users does not know admin password.

Thanks a lot!

Yes, if you store all your files in a user writeable folder (desktop, my documents folder, %appdata% folder, etc.) and you don't write to system-level registry or Start/Stop services, etc., then wyUpdate will be allowed to updates without requesting UAC permission.

For example, if you app is a few files and the app is installed to %appdata%\YourApp, then the user will update without needing admin permission.

Does that make sense?

Thank you for your reply. Application is really few files. We store them in C:\CSI\AppName folder and all users have Full Control rights to the C:\CSI folder. Application does not write anything into the registry, only to folder mentioned, But the UAC window still appears. (button to "Finish" actualization has the small UAC icon, when user press it, Administrator login information are requested)

UAC window details:

Program Name: wyUpdateVerified publisher: wyDayFile origin: Hard drive on this computerProgram location: "C:\CSI\AppName\wyUpdate.exe -supdf: C:\Users\Test\AppData\Local\Temp\w5439\selfUpdate.sup

If you want wyUpdate to not request UAC permissions then you need to install to a predefined location that the user is guaranteed to have access to. For example: the desktop, documents folder, %appdata%, etc.

The "C:\CSI " folder is not one of those predefined folders, and thus UAC access is required.

Yes , but all these folders are User-Specific. We need to solve following scenario. A teacher (admin) installs the application (it is really only several files, no services, no registry changes). Then students (users) will use the application. When we release a new version and any student will start it, we need the application to download this new build and install it without any cooperation with a teacher.

In case we will use AppData or Desktop folder, then every user must install its own copy of application. How to solve this scenario, please?

Thank you.

In general it's a bad idead to make a programs directory writeable by all. One alternative is to run a "dummy" service that does the updating in the background. See one of the following articles:

We decided to change the behavior of the wyUpdate to bypass the UAC by changing the source code. It satisfied our requirements. But I have another important question - what will happen when you release new version of wyUpdate? Will this your new version overwrite our version?

Thank you.

If you're realsing your own version of wyUpdate then you need to make sure the self-update works. See: How to make a custom version of wyUpdate.

If you want wyUpdate to not request UAC permissions then you need to install to a predefined location that the user is guaranteed to have access to. For example: the desktop, documents folder, %appdata%, etc.

The "C:\CSI " folder is not one of those predefined folders, and thus UAC access is required.

Is there a list available somewhere of all the directories that the user is guaranteed to have access to?

Is this testable beforehand, via C#, so that one can notify the user at program startup that they will not be able to update without uac. And recommend that they move the program if the user feels he want this functionality?

Just to update this topic for future readers: this is answered here: Admin elevation is not handed over to updated version

Sorry for resurrecting old thread, but could you point me to possible problems of using this kind of solution:DMaly wrote:> change the behavior of the wyUpdate to bypass the UAC by changing the source code.

Why this is bad idea?

Because wyUpdate is not magic. Nor is the UAC. There's no way to magically bypass the UAC. You just need to write data to parts of the computer that the current user has access to.

Sure, you can make it so wyUpdate doesn't prompt for elevation. But then what do you accomplish? Exactly nothing: because now wyUpdate will just show an error when it can't write to folders / registry / etc.

Make sense?

So, at some moment some user will have an Access Violation error...Ok, thank you for fast response.