Running Application Installers from the Software Update Wizard.
Some Software Update Wizard users like to use the Software Update
Wizard to deliver their software updates in standard Windows installers
using a 'Filename=http://www.mycomany.com/setup.exe'
type keyword line to download the installer and to then launch the installer using an ExecAfter.
This method is fully supported by the Software Update Wizard, within the
security constraints of the Windows operating system.
However, an issue arises when the installer is launched using the security
context of the Software Update Wizard service application, SYSTEM. Microsoft
has prevented
service applications from interacting with the user's desktop since
Vista because it is a security loophole. Therefore, if you launch an installer (or any other application that
has a user interface) from a Windows service, Windows will normally
intercept it and post an 'Interactive Services Dialog' or task bar
notification. The user has to 'notice' this, agree to action it,
go to a separate desktop that opens, run the interactive application and
then close the separate desktop. This is very far from ideal in a
software update context and ideally needs to be avoided.
The only way to avoid the 'Interactive Services Dialog' / notification
is via one of the following routes:
- Make your installer 100% 'silent' (i.e. no interface / progress window etc.).
Most installer applications support command line flags such as '/S'
or '/SILENT' to suppress their user interface. You must use
these options in your ExecAfter command line for the installer.
As the installer does not create any windows the interactive
services detection by Windows does not apply and the installer runs
successfully.
- Use the '<AsUser>' option in your ExecAfter and accept that the
user will be prompted by Windows to elevate and run your installer,
using a Windows User Account Control dialog.
- Don't deploy updates using installers. Deploy using the
Zipfile keyword /
AdditionalFile
keywords, which allow you to deploy your updated application files
equally flexibly, with a smaller download file size. Any
additional settings changes can be implemented via one or more
Powershell commands/scripts
or SetReg keywords.
Please bear in mind that this issue is caused by
Windows security policy. The Software Update Wizard or any
other alternative automatic updates solution
cannot circumvent the way Windows works in this respect (nor should it be
able to, as this would constitute a serious security vulnerability in Windows).
Therefore, whichever auto-updates software solution you use will have to operate
in one of the three ways described on this page.