Preparing Installations for Non-Administrator Patches

InstallShield 2013

Windows Installer 3.0 and later enables you to create patches that can be installed by non-administrators. Non-administrator patches can be used if strict criteria are met. For example, the base installation that the patch will update must include the certificate that will be used to sign the patch package. To learn about the other criteria that must be met, see Non-Administrator Patches.

To prepare a base installation that can later be updated by non-administrator patches:

1. In the View List under Media, click Releases.
2. In the Releases explorer, click the release whose digital signature information you want to configure.
3. Click the Signing tab.
4. Specify the digital signature information.

InstallShield automatically adds the necessary information to the MsiDigitalCertificate table and the MsiPatchCertificate table. This enables you to create patches that can be installed by non-administrators.

Tip: The digital signature settings are also available in the Releases view.

The Windows Installer design enables you to sign a package with one certificate and also allow patches that are signed with a different certificate. The following instructions explain how to add to the base installation the additional certificates for the patches.

To add additional digital certificates:

1. Use a tool such as Signcode.exe to sign a dummy file. The Signcode.exe file is located in the following directory:

InstallShield Program Files Folder\System

2. In your original installation project, open the Direct Editor.
3. In the Tables explorer, click MsiDigitalCertificate.
4. Click the last row in the table to add a new entry.
5. In the DigitalCertificate field, type a unique name for your certificate.
6. Click the CertData field. The Edit Binary Stream dialog box opens.
7. In the File name box, enter the path and name of the file that you signed in step 1. You can click the browse button to find the file.
8. Click OK.
9. In the Tables explorer, click MsiPatchCertificate.
10. Click the last row in the table to add a new entry.
11. In the PatchCertificate field, type a unique name for your patch certificate.
12. In the DigitalCertificate field, select the entry that you created for the MsiDigitalCertificate table in step 4.

See Also