Can a ClickOnce deployed app be silently mass installed? - deployment

I have a smart client app (WinForms/WPF) currently deployed using ClickOnce.
A particular client has expressed the desire to silently deploy the app to it's intranet network users as part of its nightly/weekly client PC update service - presumably via MS Systems Management Server (SMS) and Group Policy or similar (I don't understand the exact mechanisms). As such, they've requested a .MSI installer instead.
So a few questions for confirmation (along with my thoughts on answer - am more than happy to be wrong!):
Can a ClickOnce app be silently installed en-mass by admin???
My thoughts: No, because ClickOnce is a per-user installation this would be difficult unless the user is actually logged in at time of remote installation.
Is there a tool to convert a ClickOnce app/project's settings to a simple MSI installer project (e.g. Visual Studio Deployment Project)???
My thoughts: Not in the box, but would love a tool to repeatedly copy/use settings from the ClickOnce config to the deployment project - e.g. ProductName, Version, File Associations etc. This way we only maintain one set of deployment settings.
Any other alternatives for this scenario to get 'er done quick...?

I don't think you can install a ClickOnce application silently, certainly not with SMS. And I don't know of any tool that does that, but it doesn't mean it doesn't exist. ;-)
The idea of deploying a shortcut is an interesting thought. Have you ever noticed that if you leave a shortcut on the desktop even after the application is uninstalled, if the user clicks on it, it reinstalls the application?

Related

Best way to deploy a Click Once application on a network

I am trying to install an Outlook 365 Add In that I have developed. I have published the application as a click once which can be installed by running the setup file.
I need the application to be installed on all company computers, so the best place to host the application would be the company network.
How can I deploy my application to all users and allow the application to automatically update every time there is a new version published?
I greatly appreciate any help with this issue. This is the first large application deployment that I have undertaken.
I can't advise on the specific mechanism for deploying an "installed" version of your solution - I imagine you can accomplish that with most application deployment systems. Otherwise users will have to run the setup.exe from your network deployment. When you do have an update you simply copy the new files to a new versioned folder and existing installations will detect the change of version number in the deployed manifest and auto-update. See also: https://msdn.microsoft.com/en-us/library/bb772100.aspx

Prevent user from changing ClickOnce application files after installation

I'm developing a WPF application that I deploy with ClickOnce to a network share on the intranet from which clients can install it.
I need to make sure that the user can't modify any of the application files (especially DLLs and the main executable) on their machine. That is, if any of the application files have changed, the application should refuse to run. I was under the impression that, when using ClickOnce, this was available out of the box and that the application would refuse to start if the file hashes didn't match the manifest.
However, I tried to manually replace the executable or a DLL with a slightly different version after installation and the application still ran fine (executing the modified code).
Does ClickOnce provide what I'm looking for?
How can I enable the functionality?
I'm using a level 2 StartSSL code-signing certificate to sign the application manifest if this matters.
P.S.: just to be sure: I'm talking about the installed application files, not the installation files.
You can sign AND strong name each one of DLLs to prevent tampering but then, doing so has its own pain points when it comes to upgrades and distribution in general. Note that even doing so, doesn't entirely prevent someone from injecting code into your running process. It's a sticky subject.
I recommend going thru this question which already discusses these points in detail. Does code-signing without strong-naming leave your app open to abuse?
I think it will be a fairly manual process.
Doesn't look like the VS2013 deployment tools handle code obfuscation but they do support signing and app permissions. Start with that, then you might have to get the generated manifest as a starting point to build your own with obfuscated assemblies.
MS docs break it into 3 steps: 1. obfuscate, 2. build manifest, 3. manually publish
Here is what MS docs say...
Securing ClickOnce Applications
Deploying Obfuscated Assemblies
You might want to obfuscate your application by using Dotfuscator to prevent others from reverse engineering the code. However, assembly obfuscation is not integrated into the Visual Studio IDE or the ClickOnce deployment process. Therefore, you will have to perform the obfuscation outside of the deployment process, perhaps using a post-build step. After you build the project, you would perform the following steps manually, outside of Visual Studio:
Perform the obfuscation by using Dotfuscator.
Use Mage.exe or MageUI.exe to generate the ClickOnce manifests and sign them. For more information, see Mage.exe (Manifest Generation and Editing Tool) and MageUI.exe (Manifest Generation and Editing Tool, Graphical Client).
Manually publish (copy) the files to your deployment source location (Web server, UNC share, or CD-ROM).

Distributing Windows Application through internet

We have window application developed in .Net and want perfect deployment technology
which enables easy application installation and upgrading.
The client can be accessed from anywhere in the world where an Internet connection is available.
In future we want the same deployment technology for provide support user's who use Window 7 and
Window 8
Looking at the the initial requirement we have decided to use Click Once technology
but found many issues in the deployment. They are below
You will need to sign a Click Once application with trusted certificate
otherwise it is blocked and instantly removed by Antivirus program.
ClickOnce may not be supported by all browsers , the behavior are different in IE and
other browser
ClickOnce to doesn't install components into the GAC , doesn't installed in the program
files rather it install and maintain user wise in the client machine.
ClickOnce has issue with proxy network and unable to customize the setup screen.
Community has faced many issues with ClickOnce Setup and does not have enough solution or
updates on Click Once technology solution
Do we have perfect deployment solution for window app over internet other than ClickOnce? Which methodology is widely used for window app deployment over internet?
Which deployment technology provide better success rate for easily maintenance and version update for the Window app over internet ?
You could build it as a standard executable and create an installer. A good way to make an installer is InnoSetup. However, the user has to have .Net Framework already installed.
As of Windows Vista, version 2.0 is included, Windows 7 includes 3.5, and Windows 8 includes 4.5. If you change the target .Net Framework of your application you can target these systems. Go to Properties > Target Framework > Choose 2.0, 3.5, or 4.5 (client profile if available).
As for updates, you should implement this in your application on your own or get another third-party updater. I don't know any good ones though.

ClickOnce check for update without executing app

I work in a service organization where users of our internal tools are often disconnected. It is often the case that service engineers on service assignments are "stranded" with an outdated version of some internal tool.
These tools are deployed using ClickOnce publish VS2010 .NET4 . If the users run all their apps while still connected to corporate network, they would get a notification that a new version was available. As the number of various tools increase, the chance increases that some app is not updated.
Is it possible to automate this process, by a batch file or something?
So that the engineers just need to run one file when connected to corporate nw to get all the newest versions of their installed tools?
Added:
An easier way of saying it would be to have "something like Windows update" operating on corporate net, but for internal ClickOnce apps.
Very interesting question. I can't think of a quick way to do this, but it's definitely possible.
I would create another ClickOnce app whose job is to update the other ClickOnce apps. This app needs the url of each app's .application file. If all engineers are supposed to have all apps, that's easy. If not, maybe you could look through their start menu and find all the ClickOnce Application Reference files. Those files contain the url.
Next, just launch the url and pass a query string argument...
http://server/MyApp/MyApp.application?UpdateOnly=true
In the startup of your applications, you can check the query string argument and shut down the app if it's run with UpdateOnly=true.
One side note. If you set the minimum required version of each of your apps to the latest version, users won't get prompted with the new version dialog. Seems like you'd want to do that or the user would still have to pay attention and do a lot of clicking.

Deploy WPF ClickOnce .application File as .EXE

I've developed a WPF application. A large company is trying to make my application available to users' desktops. The traditional way to do this would be to point the users' browsers to:
http://www.MySite.com/MyApp.application
But the I.T. group at this company has configured their proxy server in such a way so as to block .application files for security reasons. They do, however, allow .exe files to pass through their proxy server and execute on client workstations. The irony of allowing .exe's from the Internet while blocking .application text files "for security reasons" isn't wasted on me but let's put that aside for a moment.
What kind of workaround would you recommend that would allow my app to launch from client desktops given that .EXEs are allowed? My first thought is to write a mini launcher app that does nothing more than download a .zip'd version of the .application file and all dependencies to a temp folder on the user's machine and then launch the .application file from there. Is there a better solution?
FWIW: Google has figured out a way to deploy their Chrome browser to Windows desktops in corporations like this one, despite the fact that ClickOnce is their deployment mechanism. If you view the source code at:
http://www.google.com/chrome/thankyou.html?&oneclickinstalled=
...you'll see they're pointing to an installer at:
/update2/installers/clickonce/GoogleInstaller_en.application.
That's a clickonce file. But somehow they've figured out a way to wrap it in an .exe in order to bypass proxy restrictions on .application files. I not familiar enough with JScript to understand what they're doing but it works. I'm trying to emulate this behavior for my own app.
This may not work for your situation. However, one possibility is to xcopy your exe and any dependencies to a folder on your webserver. Add a link in a webpage to your exe so your users can launch the app by clicking the link. In order for any of the users to be able to run the exe the first time, a caspol script needs to be run on each user machine to allow your app to run. Whenever you update the app, just xcopy the new version to the same folder on the webserver.