New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Silent installation #447
Comments
I hope this message finds the reader and their family in great health & high spirits despite the difficult, if not downright punitive, year we've all had.First, and most obvious question: What's the status of implementing silent/unattended installations? Before I dive into what might appear to be a rant, please know and understand that I am really just here to seek understanding. If I appear to 'challenge' it's just because I'm passionate. Please know that there is no hate, malice or anger behind this. 👍 :)I don't know that anyone who has requested this feature has received a full & logically sound answer on why it doesn't exist today, the end of 2020. I've read through a few (but not all) threads both on GitHub as well as on the old codeplex site and the responses I've seen are insufficient and easy to poke holes into. I don't think a technical or even legal explanation has been given as to why we can't have this, especially when one considers that virtually every application has some sort of agreement ( EULA, AUP, ToS etc.) that the installer/operator must agree to. Look at things like Microsoft Office, Adobe Creative Cloud, virtually every application from Litera, Citrix, VMware, VLC, Notepad++, FileZilla, 7Zip, etc. - the list goes on. In fact, some vendors require you to explicitly accept the agreement via a command line argument vs using an MSI property in the transform. For smaller environments, doing it manually isn't a bit deal. But in an age where everyone is taking security more seriously by adhering to the Principle of Least Privilege, 'visiting' even 60 machines to perform elevated installations requires significantly more time & effort than should be required. This is compounded even further due to the situation created by COVID where most of the workforce is remote. Those that are asking for this are just looking for a helping hand to simplify what should be a quick & easy task. Some of the reasons I've seen around are below.
Add a command line switch (e.g.: /AcceptEULA) to force the admins/application packagers to accept the EULA. If you want traceability, that's easy: Log it in the installer log file, drop a bread crumb on the file system at the system level, drop a bread crumb in HKLM, put something in the Application Event log - the possibilities are almost endless.
This makes sense: The application operator - the one using the app - must accept the license. Ok so allow the installation to execute silently and then display the EULA on the first launch for each user on the machine. If you want traceability, that's easy: drop a bread crumb on the user's user profile on file system, drop a bread crumb in HKCU, put something in the Application Event log with the user's details - the possibilities are almost endless.
Just because something was done a certain way in the past, it doesn't mean it must continue to be done that way in the future. The old "that's how we've always done it" mindset doesn't mean it's right, the only way and that there aren't better ways.
This is what log files and exit codes are for. Installer runs, generates logs, if there's an error, its in the log file, the installer returns a unsuccessful exit code and from there can be be troubleshot thanks to the logs. If the installer succeeds, then that's captured in the log as well and the installer returns a non-error exit code (0, 1641, 3010 etc.)
That doesn't meet the ask of implementing a silent/unattended install [& uninstall] but it is also not the same as installing it normally as the product will not work in environments where users do not have local administrative privileges. |
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. |
Hi @idrassi before the stalebot closes this issue, I'm wondering if this is something that's still of interest to you? Or, if you have any guidelines for sending a pull request? Thank you. |
Hello @idrassi Thank you in advance! |
An MSI for VeraCrypt silent installation has been implemented and first beta version (1.24-Update9-Beta-21-08-01 ) has been published in Sourceforge Nightly Build folder (look for VeraCrypt_Setup_x64_1.24-Update9-Beta-21-08-07.msi). In order to work, Tests and feedback are welcomed on this new installation way. |
Wow this is great news thank you so very much for taking the time to consider and implement! I haven't test it yet but I'll put that on the agenda for next week. |
Hi @idrassi Thank you so much for implementing this feature. In sort, it works as expected. But more details below. Environment:
Silent upgrade: Results:
Note: |
Hi @idrassi Many thanks on providing a msi package👍. You saved me and many others a big headache when trying to automate the installation. I tested it on two seperate machines. One fresh install and one existing install. Works as expected on both. |
Thank you for this change! I have some problems with restart after the installation. Neither /norestart nor REBOOT=REALLYSUPPRESS are helping to prevent the restart windows from popping up Any ideas? Cheers |
Thank you all for your feedback. PS: 1.24-Update9 will be skipped in favor of 1.25 because of the changes in supported OS |
Hi @idrassi |
Hey I cant find the MSI anywhere.. Any chance you could post it? |
I'd like that very much. |
I have uploaded version 1.25-RC2 of the MSI to https://sourceforge.net/projects/veracrypt/upload/VeraCrypt%20Nightly%20Builds/Windows/. I'm also attaching it below with its PGP signature. |
Thanks for the msi-Release! I tested deploying the msi in an Windows Domain per Group Policy. For Both installation and uninstalling work like a charm! (I didn't manage to prevent installing desktop icons by |
MSI package with silent install support is now part of standard VeraCrypt distribution. |
hi i know this is closed but, am i the only one that i cant make it work silently ? |
Hi @idrassi,
I'm wondering if you would consider having a silent install option as part of Veracrypt installer? For example,
VeraCrypt Setup 1.23.exe /S
orVeraCrypt Setup 1.23.exe /Silent
would install the program with all its default options.I see this as a potential benefit as it would allow IT administrators to deploy this automatically on computers they control (or through an automated Windows install).
The text was updated successfully, but these errors were encountered: