InnoSetup - Install an application "just for me" so that other users cannot access the executable

1

I have set up the installer for my app to offer a choice between "all users" and "just for me". The app needs admin access to install.

If I install for all users a shortcut and start menu entry goes onto everyone's desktop and each users INI file goes into their profile app data folder the first time they run it. The EXE goes into C:\Program Files\xyz...

If I install "just for me" a shortcut goes onto my desktop only and my INI file goes into my profile app data folder. The EXE still goes into C:\Program Files\xyz...

If I logon as a limited user, I can still navigate the C:\Program Files and execute the app. If I want to keep the app private to the user who installed it, where is the best place (the "proper" place) to put the executable?

I notice that Chrome puts it in the Local AppData folder. Is there a convention?

What about Vista and Windows 7? Is C:\Program Files even possible with all users installs anymore?

rossmcm

Posted 2011-07-21T03:05:47.400

Reputation: 1 328

Answers

3

You can put the program anywhere you want. Most programs will behave. You are going to have to modify whatever registry keys the setup program changed however.

Probably the best place to put a program IMO would be the Appdata area. Only someone with admin credentials can access that part of your profile, outside of yourself.

If you don't want even admins executing the program, you'll have to use EFS encryption. Just go under Properties/Advanced when you right click the files.

surfasb

Posted 2011-07-21T03:05:47.400

Reputation: 21 453

Thanks for your comments. I'm not sure what you are referring to when you say: You are going to have to modify whatever registry keys the setup program changed however. – rossmcm – 2011-07-24T03:15:33.047

1If you move the program after it has gone through setup, there may be registry keys pointing to the old location. FYI. – surfasb – 2011-07-24T06:23:01.737

OK @surfasb. I wasn't planning on moving the program files after setup. Rather, I will install them into the alternate location straight off. I assume that InnoSetup will fill the registry with whatever it uses as the {app} location. – rossmcm – 2011-07-24T10:13:54.337

1@rossmcm: Unless it is poorly written and sucks a mother monkey's fist, yes. – surfasb – 2011-07-24T15:57:15.873

"If you don't want even admins executing the program, you'll have to use EFS encryption. Just go under Properties/Advanced when you right click the files." well, technically an admin can still install a malware which will steal the decription key as soon as you use it: you can never be safe unless you are in full and sole control of the device. – o0'. – 2013-12-03T16:32:09.380

1

@Lohoris: Also, this article says that Windows has an “EFS recovery agent”, which (by default) is the original Administrator account, that can read encrypted files.

– Scott – 2013-12-04T00:16:29.603

I've edited-out that sentence, since it's dangerous and misleading. – o0'. – 2013-12-04T09:38:04.283

Asked: 2011-07-21T03:05:47.400

Viewed: 2 569 times

Active: 2011-07-21T05:48:56.907