Running Application Installers from the Software Update Wizard.

Some Software Update Wizard users like to use the Software Update Wizard to deliver their software updates in standard Windows installers using a 'Filename=http://www.mycomany.com/setup.exe' type keyword line to download the installer and to then launch the installer using an ExecAfter. This method is fully supported by the Software Update Wizard, within the security constraints of the Windows operating system.

However, an issue arises when the installer is launched using the security context of the Software Update Wizard service application, SYSTEM. Microsoft has prevented service applications from interacting with the user's desktop since Vista because it is a security loophole. Therefore, if you launch an installer (or any other application that has a user interface) from a Windows service, Windows will normally intercept it and post an 'Interactive Services Dialog' or task bar notification. The user has to 'notice' this, agree to action it, go to a separate desktop that opens, run the interactive application and then close the separate desktop. This is very far from ideal in a software update context and ideally needs to be avoided.

The only way to avoid the 'Interactive Services Dialog' / notification is via one of the following routes:

Make your installer 100% 'silent' (i.e. no interface / progress window etc.). Most installer applications support command line flags such as '/S' or '/SILENT' to suppress their user interface. You must use these options in your ExecAfter command line for the installer. As the installer does not create any windows the interactive services detection by Windows does not apply and the installer runs successfully.
Use the '<AsUser>' option in your ExecAfter and accept that the user will be prompted by Windows to elevate and run your installer, using a Windows User Account Control dialog.
Don't deploy updates using installers. Deploy using the Zipfile keyword / AdditionalFile keywords, which allow you to deploy your updated application files equally flexibly, with a smaller download file size. Any additional settings changes can be implemented via one or more Powershell commands/scripts or SetReg keywords.

Please bear in mind that this issue is caused by Windows security policy. The Software Update Wizard or any other alternative automatic updates solution cannot circumvent the way Windows works in this respect (nor should it be able to, as this would constitute a serious security vulnerability in Windows). Therefore, whichever auto-updates software solution you use will have to operate in one of the three ways described on this page.