We are using Patch Manager to tie into WSUS so we can push our application updates via Windows Update. I created the installer for our application. The installer is in the form of a setup.exe... basically an MSI wrapped with the executable. We are pushing our updates to multiple clients, all running Windows 7. When we "go live" with our software the clients will be required to run with UAC turned on. I have successfully tested my installer with UAC on, but that was a manual install on the local client.
Where I am having trouble is pushing our updates with Patch Manager when UAC is enabled on the clients receiving the update. We are able to deploy our updates without an issue when UAC is turned off, but when it is turned on I notice some very strange behavior. Below are a couple of scenarios I see with UAC turned on...
- Scenario 1: Deploying an update with UAC on and the installation UI visible to end users
The clients still see the update as available in Windows Update. When you click install the download occurs and completes successfully, but then the install just hangs. The installation UI never shows itself to the end user. It's like Windows Update "holds" onto the update, because even restarting the computer causes it to infinitely loop through the Windows Update process. It usually takes me manually pushing the power button on the client and then removing the update from the WSUS server before it is fixed. Ultimately the
update is never installed. There are no meaningful messages in the system logs either.
- Scenario 2: Deploying an update with UAC on and the installation UI suppressed to end users (Silent Install)
The clients still see the update as available in Windows Update. When you click install the download occurs and completes successfully. The difference is that the installation process returns a successful code... but then a few sconds after it will show the update as still available. The update is never installed, although the Windows Update logs show otherwise. I have to basically do the same steps as scenario 1 to fix the problem, and like scenario 1, the update is never installed. Again, there are no meaningful errors or messages in the system logs.
I have narrowed this down to UAC because it's the only control I have changed when I experience this. In fact, both scenarios I laid out will actually properly install the update, but only if UAC is turned off.
My question is this... Is there a setting in Patch Manager/WSUS I am missing? Is this a missing parameter in my installer? Could it have anything to do with signatures? I'm a bit confused as to why this happens when I am pushing through Patch Manger and not when I am manually installing the update on the local client.
Any help would be greatly appreciated.... I am stumped! I will be more than happy to provide further information if necessary.