Could any one tell me how to disable self repair for non privileged user but it should be enabled for administrator ?
0 Comments   [ + ] Show Comments

Comments

Please log in to comment

Rating comments in this legacy AppDeploy message board thread won't reorder them,
so that the conversation will remain readable.

Answers

0
I can't say that you can.
A repair is performed when entrypoints are executed to check for broken components, if one is found a repair will be performed. You could remove every entrypoint in the package thus potential prevent a repair from occuring.
A repair could be performed from the command line with the /f switch using msiexec.exe.
Answered 02/12/2008 by: AngelD
Red Belt

Please log in to comment
0
I dont know whether this will help you , but why dont you try using AdminUser Property to sequence an immediate custim action to terminate the repair.You need to condition it like AdminUser <>1 AND Installed AND REMOVE ~<> "ALL".

The Display message can be like "Unable to repair from Non Admin User".
Answered 02/12/2008 by: blacklisted_packager
Orange Belt

Please log in to comment
0
If a file or registry entry got deleted, how on *earth* does a non-privileged user have rights to do that? Shouldn't the package be setting appropriate permissions?
Answered 02/12/2008 by: VBScab
Red Belt

Please log in to comment
0
Hi Bhuvan,

Can you tell us if there is any specific reason that you want to disable repair functionality for Normal Users?
In all other cases we try and make sure the User repair is possible, and is one of the most important and essential aspect of application packaging.

Cheers [:)]
Answered 02/14/2008 by: India_Repackaging
Blue Belt

Please log in to comment
0
Actually I don't want the non privileged user to have access to the MSI files.If self repair is done in non privileged mode then it would have to access the MSI files which may allow the non privileged user to delete/modify the files.So, I don't want the non privileged
users to do a self repair.

Is there any possibility to allow the non privileged users to have self repair enabled but this user shouldnot access the MSI files?
Answered 02/14/2008 by: bhuvan
Senior Yellow Belt

Please log in to comment
0
The user must have read access to the original media while repairing files.
So as long as they don't have more then read permissions on the source the non-admin user will not be able to delete/modify the source.

Skip to try to prevent a self-repair.
Answered 02/15/2008 by: AngelD
Red Belt

Please log in to comment
0
Is there any possibility to allow the non privileged users to have self repair enabled but this user shouldnot access the MSI files?

Yes there is.
Make sure no custom action is accessing the source during execution, condition if needed.
For files going into the user-profile you will need to make sure these are installed from duplicate files instead.

I recall there was a long discussion regarding this in the forum so try out the search engine.
Answered 02/15/2008 by: AngelD
Red Belt

Please log in to comment
0
ORIGINAL: bhuvan

Actually I don't want the non privileged user to have access to the MSI files.If self repair is done in non privileged mode then it would have to access the MSI files which may allow the non privileged user to delete/modify the files.So, I don't want the non privileged
users to do a self repair.

Is there any possibility to allow the non privileged users to have self repair enabled but this user shouldnot access the MSI files?


A self repair cant be done in non privileged mode as its the windows service that access the MSI.

If you want to hide the MSI files you could also put them in a subf folder of a folder users dont have browse rights to but do have rights to traverse ther folder (as well as hiding the share)

They couldnt browse to the files using explorer.. they would need to know the full path MSI.
Answered 02/15/2008 by: Tone
Second Degree Blue Belt

Please log in to comment
0
How should the locally-cached copy be handled? If you're going to hide that properly, you'd need to permission the folder. Then the OP needs to know how to handle CAs, perhaps a command-line permissioning tool. I really can't imagine what's to be achieved with this, as it seems the OP wants to disable a function of Windows Installer, betraying a fundamental misunderstanding of what WI is about. Besides anything else, as I've said in a similar post, if the app is self-healing, someone with inappropriate access has deleted a key path - how does your build allow that? Bizarre...
Answered 02/18/2008 by: VBScab
Red Belt

Please log in to comment
0
I agree as I said, was just posting what he could do to hide the installers..
Answered 02/18/2008 by: Tone
Second Degree Blue Belt

Please log in to comment
Answer this question or Comment on this question for clarity