Open topic with navigation
Preparing Installations for Non-Administrator Patches
InstallShield 2015
Windows Installer 3.0 and later enables you to create patches that can be installed by non-administrators. Non-administrator patches can be used if strict criteria are met. For example, the base installation that the patch will update must include the certificate that will be used to sign the patch package. To learn about the other criteria that must be met, see Non-Administrator Patches.
To prepare a base installation that can later be updated by non-administrator patches:
|
1.
|
In the View List under Media, click Releases. |
|
2.
|
In the Releases explorer, click the release whose digital signature information you want to configure. |
|
3.
|
Click the Signing tab. |
|
4.
|
Specify the digital signature information. |
InstallShield automatically adds the necessary information to the MsiDigitalCertificate table and the MsiPatchCertificate table. This enables you to create patches that can be installed by non-administrators.
Tip: The digital signature settings are also available in the Releases view.
The Windows Installer design enables you to sign a package with one certificate and also allow patches that are signed with a different certificate. The following instructions explain how to add to the base installation the additional certificates for the patches.
To add additional digital certificates:
|
1.
|
Use a tool such as SignTool.exe to sign a dummy file. SignTool.exe is part of the Windows SDK. |
|
2.
|
In your original installation project, open the Direct Editor. |
|
3.
|
In the Tables explorer, click MsiDigitalCertificate. |
|
4.
|
Click the last row in the table to add a new entry. |
|
5.
|
In the DigitalCertificate field, type a unique name for your certificate. |
|
6.
|
Click the CertData field. The Edit Binary Stream dialog box opens. |
|
7.
|
In the File name box, enter the path and name of the file that you signed in step 1. You can click the browse button to find the file. |
|
9.
|
In the Tables explorer, click MsiPatchCertificate. |
|
10.
|
Click the last row in the table to add a new entry. |
|
11.
|
In the PatchCertificate field, type a unique name for your patch certificate. |
|
12.
|
In the DigitalCertificate field, select the entry that you created for the MsiDigitalCertificate table in step 4. |
See Also
Signing a Patch Package
Signing a QuickPatch Package
Digital Signing and Security
User Account Control (UAC) Patching (Windows Installer Help Library)
MsiDigitalCertificate Table (Windows Installer Help Library)
MsiPatchCertificate Table (Windows Installer Help Library)