InstallShield 2019
Project • This information applies to the following project types:
| • | Advanced UI |
| • | Basic MSI |
| • | InstallScript |
| • | InstallScript MSI |
| • | Suite/Advanced UI |
InstallShield lets you specify the minimum execution level required by your installation’s Setup.exe file for running the installation (the setup launcher, any InstallShield prerequisites, the .msi file, and any Advanced UI or Suite/Advanced UI packages) on Windows Vista and later platforms. You can configure this for each individual release in your project.
To specify the required execution level for a release:
| 1. | In the View List under Media, click Releases. |
| 2. | In the Releases explorer, click the release that you would like to configure. |
| 3. | Click the Setup.exe tab. |
| 4. | For the Required Execution Level setting, select the appropriate option. |
The available options are:
| • | Administrator—Setup.exe requires administrative privileges to run. Administrators must provide consent, and non-administrators must provide credentials. |
| • | Highest available—Setup.exe prefers administrative privileges. Administrators must provide consent to run it; non-administrators run it without administrative privileges. This is the default option for InstallScript and InstallScript MSI projects. |
| • | Invoker—Setup.exe does not require administrative privileges, and all users can run it without administrative privileges. Setup.exe does not display any UAC messages prompting for credentials or for consent. This is the default option for Advanced UI, Basic MSI, and Suite/Advanced UI projects. |
For Advanced UI, InstallScript, InstallScript MSI, and Suite/Advanced UI projects, and for Basic MSI projects if the Setup Launcher setting is set to Yes, InstallShield embeds a Windows application manifest in the Setup.exe launcher as a resource. This manifest specifies the selected execution level. Operating systems earlier than Windows Vista ignore the required execution level. The execution level is defined in the manifest as follows:
<requestedExecutionLevel
level="asInvoker"
uiAccess="false"/>
Other valid values for the level attribute are highestAvailable and requireAdministrator.
If the Setup Launcher setting is set to No for a Basic MSI project, InstallShield does not embed the Windows application manifest in the Setup.exe launcher.
The benefit of elevating the required execution level in Basic MSI projects is that privileges can be elevated only once if necessary to run Setup.exe, and that these privileges can be carried over to all of the installation’s InstallShield prerequisites and the Execute sequence of the .msi package without requiring multiple prompts for approval. Thus, if two of your InstallShield prerequisites require administrative privileges, for example, you can change this setting to Administrator, and then end users are prompted only once during the installation, before Windows Installer runs the Setup.exe file.
A similar benefit exists for Advanced UI and Suite/Advanced UI projects, where privileges can be elevated only once if necessary to run Setup.exe, and that these privileges can be carried over to all of the installation’s Advanced UI or Suite/Advanced UI packages without requiring multiple prompts for approval.
Note, however, that if you elevate the privileges and also launch the application at the end of the installation, the elevated privileges are carried over to the application. In most cases, running an application with elevated privileges on Windows Vista and later platforms is discouraged.
Important • InstallShield runs with elevated privileges. If you launch your installation from within InstallShield, those elevated privileges are carried over to your installation; thus, your installation automatically has elevated privileges. That may not reflect the behavior that end users will see if they are using Windows Vista or later. Therefore, if you are using Windows Vista or later on your development system, consider opening the release folder and launching the installation directly (instead of from within InstallShield).
To quickly access your release folder so that you can launch your release directly, click the Open Release Folder on the Standard toolbar, or on the Tools menu, click Open Release Folder.
Note that an end user’s installation experience is more secure when installations are run with only the permissions that they need. Unless an application is designed to be run only by system administrators, it should be run with the least privilege.
See Also
Working with InstallShield Prerequisites that Are Included in Installation Projects
Minimizing the Number of User Account Control Prompts During Installation
InstallShield 2019 Help LibraryApril 2019 |
Copyright Information | Flexera |