Inno Setup: Uninstall without administrator privilege

Question

Using Inno Setup, I need that a software installed by an administrator user can be uninstalled by a default user.

The parameter PrivilegesRequired is lowest, but the problem remains.

I did tests on some machines (all of them are Windows 7), and on a few I could uninstall using the default user, but there were others that didn't allow me to uninstall and requested an administrator user.

I didn't identify a pattern in the problem and in internet searches.

The installation folder is C:\;

I am not using [Registry] section and all the parameter in the [Dirs] section are using Permissions: users-modify.

Non-administrators don't have access rights to the Program Files folder, so if that's where the program is installed then you're asking for the impossible. — Mark Ransom, Oct 15 '15 at 18:22
@MarkRansom: this should not apply if the setup changes the permissions during installation, does it? — Thomas Weller, Oct 15 '15 at 18:37
I have already made some tests and it worked, but there are some machines that I can't uninstall the software. The software is placed in the C directory. — Robson Pierno de Jesus, Oct 15 '15 at 18:41
Hmm, how did you uninstall? Via InnoSetup's unins000.exe or via Control Panel? Maybe there's a difference — Thomas Weller, Oct 15 '15 at 19:01

score 0 · Answer 1 · answered Oct 15 '15 at 19:00

There are a few things to be considered:

typically, the installation folder is %ProgramFiles% or %ProgramFiles(x86)% which is a folder that is protected by the operating system. To bypass this protection, the Setup must change the permissions of the installation folder to allow the removal by anyone.

In the [Dirs] section, you could use Permissions:users-modify (or even more permissive if needed).
similar for the [Registry] section.
InnoSetup uses a file called unins000.exe for deinstallation. This file includes a manifest which requests the privilege asInvoker by default. As far as I know, this does not change with the PrivilegesRequiredsetting. So far, asInvoker should be fine. Just keep an eye on it in case a new version of InnoSetup would set it to something higher.

For other visitors finding this and not using InnoSetup:

If you don't embed a manifest in your installer, Windows will use heuristics for installer detection (Microsoft, .pptx). If the heuristics results in a positive result, Windows will automatically request administrator elevation. Therefore, use a manifest and request asInvoker permissions.

The installation folder is C:\, I am not using [Registry] section and all the parameter in the [Dirs] section are using Permissions: users-modify. — Robson Pierno de Jesus, Oct 15 '15 at 19:32
I have already made some tests and it worked, but there are some machines that I can't uninstall the software, so I think that there is a scenery that I am not considering. — Robson Pierno de Jesus, Oct 15 '15 at 19:33
@RobsonPiernodeJesus: that's important information that you should add to the question. — Thomas Weller, Oct 15 '15 at 19:51

Martin Prikryl · Answer 2 · 2020-05-27T11:11:25.223

The Inno Setup uninstaller requests privileges elevation, if the installer was run with administrator or power user privileges (whether or not it required those explicitly with PrivilegesRequired).

This information is stored in byte 14C (hex)/322 (decimal) of the unins000.dat.

It's a bitmask where bit 1 (0x01) indicates administrator privileges, and bit 7 (0x40) indicates power user privileges [obsoleted].

So if you installed the application as administrator/power user, even if the installer has PrivilegesRequired=lowest the uninstaller will request privileges elevation to get the same permissions. Check the flag in unins000.dat to see if that is the case.

Another thing is that in Windows 10, if you start the uninstaller from the Settings app (and not from the Control Panel), it will always be started with the administrator privileges:
Workaround for 'Apps & features' in Windows 10 starting a single-user uninstaller elevated

Is this information still relevant? I checked in my unins000.dat byte 14C has value 0x25 (0010 0101). I set it to 0x24 (0010 0100) and after that get error message that unins000.dat is corrupted. What I did wrong? — Nick Bilak, Dec 12 '17 at 19:22
OK, found the missing info in source code on github - we have to update CRC bytes starting from byte 444 (dec) either with calculated CRC32 or just set to 0x11111111 (magic debug value), which I did and got the uninstaller not asking for elevation. — Nick Bilak, Dec 12 '17 at 20:15

Inno Setup: Uninstall without administrator privilege

2 Answers2