I have a application that uses Wix for its installer.
I'd like to understand where the UAC window takes its app name from, I am having an old name where the UAC window appears does not correspond with current productname defined in Wix.
Digital Signature: It looks like your MSI is signed with a code-signing certificate?
"If you Authenticode-sign your .msi package, Windows will show that as the name. Otherwise, you get MSI's temporary copy of it, which has a random name." - source.
Signtool.exe: You need to modify your signtool.exe parameters:
Odd 'Program name' when installing signed msi installer
Some old answers with comments discussing signtool.exe parameters:
What is causing to show Publisher to unknown on UAC despite signing exe using signtool
Windows Installer Unknown Publisher
Links on Digital Signing:
Installshield Custom Dialogue Installer
How to add publisher in Installshield 2018
Related
I'm trying to put an application on my website so potential customers can down load it and run it. I'm using WIX to create the MSI and I've got a GoDaddy code signing certificate. The name of the MSI file is 'License Manager.msi', but when the screen blanks out during the install to ask permission, I get a dialog that states:
Do you want to allow this App to make changes to your device.
19e7696e.msi
The name of the MSI seems to change on every attempt to install. Is this a Windows 10 thing or a WIX thing? Where does this name come from and how can I replace it with the name of my application or something more informative?
OK. Found it. It's part of SignTool. The /d switch allows you to override the temporary MSI file created from the starting MSI file.
I've developed a VSTO addin with VS2012 signed by a DigiCert certificate. I need to deploy it to all the Enterprise users so the installer shouldn't prompt the user because it will fail since all the installation process is silent.
I'm not able to do it since it always ask the user if it should or shouldn't install. If I set VSTOInstaller /S it doesn't install 'silently'.
Is there any way to do this?
Thanks on advanced.
I found the answer. To solve this you have to install the public key certificate in your installer:
certutil -addstore TRUSTEDPUBLISHER "yourcertificate.cer"
Then, you just use VSTOInstaller:
VSTOInstaller.exe /I "youraddin.vsto" /S
That's all folks!
Yes you can.
Just Uncheck the ClickOnce manifest CheckBox and Check the signing the assembly using any .snk file.
You will need to create installer project and the rebuild the installer project will provide you the .msi and .exe file you can execute the following command on command prompt(Administator).
Though rebuilding of installer project will automatically check the ClickOnce checkBox but you can ignore that.
Below is the link for creating Installer project for AddIn.
https://learn.microsoft.com/en-us/previous-versions/visualstudio/visual-studio-2010/ff937654(v=msdn.10)
Looks like you need to GPO for deploying the software (using MSI installers).
How to use Group Policy to remotely install software in Windows Server 2008 and in Windows Server 2003
How to use Windows Installer and Group Policy to deploy the VPModule.msi in an Active Directory domain
Installing Software Using GPO
Also see the Deploying an Office Solution section in MSDN.
Suppose that you have an installer (not a wix installer) that you downloaded from somewhere. How can you know UpgradeCode of that installer so that you can fill it in in the UpgradeCode section in the new installer that you prepare?
Can I learn it from registry somehow? So the question is basically, how to know the UpgradeCode of a program that is installed in the computer.
Actually my problem is that my product has been installed with another installer and I am now trying to move it to wix installer. However, I can't find upgrade code in previous installer and I want to find it from installed software.
Thanks.
As I posted to WiX users:
I've seen this done by having the upgrade get the uninstall string from the registry, where there should be a command you can use since it's not MSI-based. Whether you should call it in the UI sequence or the execute sequence or both depends on your requirements for silent installs, meaning that you'd need to do it silently in the execute sequence, and perhaps need to alter the uninstall command to make it silent.
The same general idea should work if that install has a standard uninstall shortcut you could get the command from. Either way, you're just using a CA to run an external program, or maybe a Util
CAQuietExec kind of thing.
Assuming it's a Windows Installer based installer ( WiX, InstallShield, et al ) you can edit it with ORCA and look at the Property table to see it's UpgradeCode. You may have to first extract it if it was packaged as a self extracting installer.
You can also query the MSI API or look in the registry (HKCR\Installer) for this information. If you go the registry route it's probably easiest to look at the Products/GUID/Sourcelist key and trace it back to a cached MSI and look at it in ORCA. Otherwise you have to learn how to join different datasets and convert Darwin transformed GUIDS back to their original GUID format.
Fire up PowerShell (run as admin) and run this command to get a list of installed products with product code:
Get-WmiObject Win32_Product | Format-Table Name, LocalPackage
You will get a list of all installed MSI products, and a weird looking path to the local cached MSI database. It normally looks something like this:
C:\Windows\Installer\235bbf8.msi
The 235bbf8.msi file name is random, and will be different for each installed product. It is a cached copy of the MSI file that you originally installed. It does not contain cab files (or at least it didn't in older versions of Windows).
You can open that file with the random name from Orca by chosing File -> Open and then pasting in the full path to the file open dialog, and then pressing open. Don't make any changes but check the upgrade code in the Property table. You can also use other MSI tools such as Installshield.
Note that the path C:\Windows\Installer is "super protected" and is not even visible in Windows Explorer before you enable the show hidden folders AND you disable the protect operating system files option. I still believe you can open the file directly if you paste the whole path into Orca - no need to go via Windows Explorer.
I coded my MSI installer using WiX. The MSI is also signed with my code signing certificate. When I begin its installation I get the following security warning on Windows 7:
But for some reason the Program Name is nothing but the name of my MSI or anything I added to it.
Is there a way to give it some user-friendly name to display in that warning?
With SignTool.exe it is enough to set a description text from what I remember, this being used as application name in the UAC prompt. Have you tried that? (don't know if this is supported from WiX)
I have created a Bootstrapper with WiX 3.7.
Now, when I start it on a Windows7 machine, the UAC-Dialog will be shown before installing .NET 4.0 as a prerequisite. Thats ok. I am searching now for a way to "sign" the Installer/Bootstrapper, that I can set the product-name and the company-name for the UAC-Dialog. How can I do this?
There are signing tasks built into the wix.targets that will help you sign your Bundle. You can read about the in the Insignia topic in the WiX topic. The UAC will show the information from the certificate.