Installing/Updating .Net application using Windows Installer on workstation that restricts any installation by group policy
I have app developed in Visual Studio 2008 for internal corporate environment that my network admin has deployed. I put some rudimentary application update mechanism that would automatically download a new msi file from server and launch the installation to update the exe and other associated files (installed in Program Files) as required. However the end users' computers (XP Pro) are all locked down by group policy so that they receive a message that says they can't install any software when the msi file is started. I am told to get an update out - the IT dept will need to login to everyone's workstation with an admin user. Should there be some way I can "sign" my application (in conjunction with admin) so that the Window's group policy allows my application to update/install but still blocks everything else?
ClickOnce is a good idea, it doesn't always fit your needs though.
I would re-build the MSI for the updated version of your application, your IT group should be able to deploy automatically via Group Policy (make sure the Upgrade Code is the same for each version of the MSI, and that the Product Code is different). Or, if they really want to they can manually log into every workstation. MSI's that have been "pushed" to users or computer via Group Policy will install with elevated rights, the only other way - to my knowledge - is to login as an administrator and run the install.
Is it possible for your application to run per-user (i.e. is it okay for each user to have a copy of the program installed in their profile directories, or does it absolutely need to be installed once in a common location, e.g. C:\Program Files)?
I would re-build the MSI for the updated version of your application, your IT group should be able to deploy automatically via Group Policy (make sure the Upgrade Code is the same for each version of the MSI, and that the Product Code is different). Or, if they really want to they can manually log into every workstation. MSI's that have been "pushed" to users or computer via Group Policy will install with elevated rights, the only other way - to my knowledge - is to login as an administrator and run the install.
Is it possible for your application to run per-user (i.e. is it okay for each user to have a copy of the program installed in their profile directories, or does it absolutely need to be installed once in a common location, e.g. C:\Program Files)?
ClickOnce the best
ClickOnce is not the best. It can be a good option in some circumstances (and it seems like it might be a good idea in this particular case), but if you need to do something like control what directory your application is installed in then ClickOnce is no good.
ClickOnce the best solution for this question needs
Who asked about the advantage or disadvantage
Who asked about the advantage or disadvantage
I agree ClickOnce might very well work in this particular case, I just wanted to clarify that it is not always "the best." Plus, it might not work at all for the asker - what if his IT group wants to control which computers or users the application is distributed to using Group Policy? ClickOnce won't work in that situation. To be honest, we haven't really been given enough information to say whether or not ClickOnce is a good idea or not. What we do know is that an MSI-based installation will work for the asker, since that's what he's using now.
ASKER
I have not used ClickOnce before but will look into its functionality. It may work for me.
I believe updates being pushed by Group Policy won't work in our case because employees who work out of the office for weeks (or months) on end with their laptops (which I was told prevents pushing apps if they don't login to the domain).
Also based on the answers above (given my original question) can you confirm there is no way to "sign" an application so that group policy allows standard installation/updating with MSI on restricted computers?
Thanks for all the responses - this has been very helpful.
I believe updates being pushed by Group Policy won't work in our case because employees who work out of the office for weeks (or months) on end with their laptops (which I was told prevents pushing apps if they don't login to the domain).
Also based on the answers above (given my original question) can you confirm there is no way to "sign" an application so that group policy allows standard installation/updating with MSI on restricted computers?
Thanks for all the responses - this has been very helpful.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
http://msdn.microsoft.com/en-us/library/t71a733d(v=vs.80).aspx