Software updates and limited users
Sun, Sep 11 2005 23:42
How do you deal with this ? Obviously if the application is run under the limited user's account it can't update shared files in the program files. As a consumer who runs as a limited user I came across this annoyance when using new software from one of the local banks (I won't say "which Bank" <hint, hint>). Their software checks for updates on start-up, and fails if it can't apply them. So it was requiring permissions to write to the shared program files path, which is what I ended up giving it to fix the situation, but that's hardly secure.
The options I see you could do is:
(1) install only to the user's path
(2) install to the shared path having updates only in the user's path.
(3) change permissions on the shared path
(4) use a windows service for updates
1 isn't a bad option, IMO. It's definitely the simplest but not the most secure. 2 is messy, IMO and would cause a lot of duplication. It's no more secure than 1. 3 is a security liability. 4 is probably the ultimate. It can also use bits and work in the background rather than inconveniencing the user each time they start the application.
Which approach do/have you used ?