Pages

Thursday, 21 June 2012

Can ThinApp MSIs be installed by Regular Users


Of course!
Simply put, the MSI settings are straight form Microsoft Installer requirements, and the PACKAGE.INI file only shows those specific settings pertaining to a virtualized application. Remembering the four things which occur during a ThinApp package registration (either through the SDK, THINREG, or a ThinApp MSI), they are...
  1. Shortcut Creation on the desktop, start menu, or elsewhere (taskbar or quick launch bar).
  2. File Type Association so when a user double-clicks on a file associated to the virtualized app, the virtualized application starts and opens the file.
  3. Protocol Association, so when a user clicks on a link with an associated protocol (i.e. HTTP, HTTPS, FTP, MAILTO, NOTES, etc.) the appropriate virtualized application opens and conducts the associated action with that protocol.
  4. COM Object Association, so when a user initiates an action with an associated object the appropriate virtualized application opens and conducts the associated action with the object.

The registration process just assigns these items to the user or system based upon the commands within the registration process. For THINREG, using a "/A" switch tells ThinApp to assign the aforementioned four items within the application to the entire system (by default, THINREG only registers these for the user).
The same goes for MSI settings, however, it's default is to register the virtualized app to the entire system due to the default settings below:
  • MSIDefaultInstallAllUsers=1
  • MSIRequireElevatedPrivileges=1
Changing the above settings to "0" will allow the MSI to be installed by a regular user and only register the components to the user executing the MSI.
  • MSIDefaultInstallAllUsers=0
  • MSIRequireElevatedPrivileges=0
NOTE: Don't forget to save the PACKAGE.INI and rebuild with BUILD.BAT.
So now, not only will your apps run under regular user permissions, but they can also be installed and uninstalled by regular users! This means, you can remove Local Admin permissions and reduce your overall desktop security risks!

No comments:

Post a Comment