ClickOnce and “locked down” systems

Ron Krauter posted this comment to one of my earlier posts;

re: Reading Blogs… 11/2/2003 9:59 AM Ron Krauter
I read your excellent article about ClickOnce on msdn. One of the problems we are having is deploying applications to users machine that have user only access. Unfortunately, the users are not able to install the application as they do not have admin priviledges. We, the admins, end up going to the client machine and installing the application by using “RUNAS”. Is there an easier way to do this with clickonce where admins don’t have to go to client workstations. Thanks

Well, Ron… and anyone else who is wondering about the exact same thing; I have some good news for you. Locked down desktops are one of the key scenarios that ClickOnce is designed to deal with. ClickOnce applications are installed and run on a per-user basis, allowing them to be launched/deployed without administrative level privileges.

So no more running to each machine to do a ‘RUNAS’ administrative install.

It is worth pointing out though, that installing the framework is an ‘impactful’ install, using a standard .msi, so getting the framework out ahead of your ClickOnce applications will likely require higher privileges.

looking for more info on ClickOnce? check out the first chapter of my book up on MSDN

Author: Duncan Mackenzie

I'm the Developer Lead for the Channel 9 team, formerly worked on MSDN as a developer, content strategist and author.

One thought on “ClickOnce and “locked down” systems”

  1. Getting the application installed is one thing, but running it under the correct privileges is another.

    If the application is for an administrator, the would most likely not be logged in under that role, particularly if the are administering your domain.

    One way around the problem is to locate where ClickOnce has installed the application.

    C:\Documents and Settings\USERNAME\Local Settings\App …

    and to then runas there.

    A better way is for the clickonce app to be split into two, one two collect the username and password, and the second to be launched as a separate process with those privileges.

Leave a Reply