Are there any plans to use signed/verified binary files in the future? Why? The updater nor the actual main executable should require admin privileges if the installation folder has the right permissions, however since the binary files miss a signature Windows will prompt users for admin credentials through UAC. Unless the executable is doing other things we're not aware of.

While we're at it, any plans for a proper installer? Nullsoft?

If you're wondering why? I deal with a lot of young players who aren't always administrators on their pc's. They do however want to play D&D through Fantasy Grounds. Fantasy Grounds on itself is harmless enough to be mostly allowed by parents and administrators. But ever so often, after an update, we have to go through the hoops again.

If interested, I could perhaps help develop a decent installer.

Welcome to the boards, Mathizsias!

Are there any plans to use signed/verified binary files in the future? Why? The updater nor the actual main executable should require admin privileges if the installation folder has the right permissions, however since the binary files miss a signature Windows will prompt users for admin credentials through UAC. Unless the executable is doing other things we're not aware of.

While we're at it, any plans for a proper installer? Nullsoft?

If you're wondering why? I deal with a lot of young players who aren't always administrators on their pc's. They do however want to play D&D through Fantasy Grounds. Fantasy Grounds on itself is harmless enough to be mostly allowed by parents and administrators. But ever so often, after an update, we have to go through the hoops again.

If interested, I could perhaps help develop a decent installer.

This isn't something that Fantasy Grounds would be at fault for. I assume you're speaking about running (or updating) FG on a Windows 10 machine? It used to be that you could set UAC to something less obtrusive, yet with the newest updates UAC is back with a vengeance.

Speaking as a parent, if I am to install a program on my child's (or rather, MY computer) then I WANT UAC, so I don't have to go back and uninstall every single toolbar, malware, bloatware, etc. If it is an ongoing concern, can the parent just set the properties of the updater.exe file to run with admin privileges?

Hi, Mathizsias!

I had an issue where I couldn't run update without running Steam as an admin (since I bought on Steam). There was a folder that didn't have full permissions, once I gave it full permissions for all users I no longer have to run anything as an admin. Unfortunately I cannot remember the folder name but search the forums for it, damned was the one who named the folder so that might help narrow it down just a bit.

I work in IT and this field happens to be my field of expertise, albeit in a different language. It is something Fantasy Grounds can fix, by signing their executables and writing a proper manifest for said executable. UAC being less obtrusive doesn't mean that elevation of privileges is applied, when it's being less obtrusive (unless you disable it). A user is still a user, and admin is still and admin. A user can however run a signed or trusted executable without trouble. Windows just runs some heuristics and checks what the executable does and accordingly prompts a user for additional permissions when required, most the FG executables trigger .

Sure you want UAC enabled, reasons for leaving it enabled, even for admins are easy to find and justifiable. On delegation by parents part: Yes, again, parents can allow an executable 'through', but it's innate handles and handling in Windows is dependent on other factors. One of them being signed and the other the compiled manifest for said application. So without me diving in the a deep investigation with processexplorer and such, I wonder if there are any plans to change this in the future.

Other similar programs like HeroLab/Realmworks or even PCGen don't currenly have these issues.

Hi, Mathizsias!

I had an issue where I couldn't run update without running Steam as an admin (since I bought on Steam). There was a folder that didn't have full permissions, once I gave it full permissions for all users I no longer have to run anything as an admin. Unfortunately I cannot remember the folder name but search the forums for it, damned was the one who named the folder so that might help narrow it down just a bit.

No matter where the updates starts, even within folders that are full ownership and full control to the user, it triggers UAC (for admin privileges).

No matter where the updates starts, even within folders that are own ownership and full control to the user, it triggers UAC (for admin privileges).

I don't pretend to be an expert when it comes to security (or even very knowledgeable) so I will have to leave it for someone else to reply; my intent was to only share my past experience in case it helped you out.

Good luck!

Technically PCGen doesn't "install" anything (I believe). What it does is unpack the pcgen folder to a preset location and puts a link to it on the desktop (and Start Menu?).

@Mathzisias,
Sounds like you are beyond the knowledge of most of us. Though Doug or John might see this thread, if you have this type of suggestion for them, I would suggest you reach out to them directly at [email protected]
:)

Mathizsias,

As far as I can tell from our experiences, admin privileges are required to install anything into the program files directories on Windows, which means that admin privileges are required for the installer/updater to function correctly. Thus, the installer/updater requests admin privileges when it runs in order to perform its task.

Also, as far as I'm aware, the only difference in whether you have a signed executable vs. an unsigned executable that both request admin privileges is the color and text of the UAC pop-up. It doesn't actually change the need for admin access.

We specifically moved away from an installer, because a) it adds an additional build layer to do any updates, and b) an installer/updater is required for the sheer amount of DLC available through FG anyways. In fact, we have slowly been removing installers from every FG DLC, and adding them into our update system for a single point of contact.

I look towards several of the updaters for MMOs and Blizzard as a target model, and as far as I'm aware, they need admin access for installation as well.

I'd be overjoyed to be found wrong, and be able to definitely address some of the permissions issues more easily. You're welcome to contact me at [email protected], if you have specifics.

Thanks,
JPG