How to install ClickOnce app without prompting the user?

Question

Is there a way to install a ClickOnce application without prompting the user at all? I'm talking about the "Run/Don't Run" that a user gets the first time he/she runs the application.

There seem to be some clues here but I believe it's about skipping the "Elevation" (UAC) and security prompts, and not the actual initial "Run/Don't Run" screen.

I can only find information about how to silently update an application that's been installed in the past, but nothing about silently installing an application for the first time.

I also found this post which seems to be related, but again, not sure if we're talking about the same user prompt...

Answer 1

It's possible to avoid the "Run"/"Don't Run" prompt, although you still have the issue of actually copying the files over to the user, which usually requires them launching the .application through a link. However, you may be able to launch it through a login script or something along those lines. Presumably you have solved that problem somehow as it is implied in your question that you have. The other question you linked to hovers around this but it doesn't really get you all the way.

I know you can bypass the "Run"/"Don't Run" prompt because I just did it successfully with a ClickOnce we deploy as a custom shell on kiosk machines. The key is that the ClickOnce has to be signed by a trusted publisher. Even self-signed is okay if you have the right stuff configured on the client machine.

So, have the network administrators push out a group policy that trusts the code-signing certificate that is being used to sign your application. There's information on how to do that at TechNet here: http://technet.microsoft.com/en-us/library/cc770315(v=WS.10).aspx, reproduced here briefly:

1. Open Group Policy Management Console.

2. Find an existing or create a new GPO to contain the certificate settings. Ensure that the GPO is associated with the domain, site, or organizational unit whose users you want affected by the policy.

3. Right-click the GPO, and then select Edit. Group Policy Management Editor opens, and displays the current contents of the policy object.

4. In the navigation pane, open Computer Configuration\Windows Settings\Security Settings\Public Key Policies\Trusted Publishers.

5. Click the Action menu, and then click Import.

6. Follow the instructions in the Certificate Import Wizard to find and import the certificate.

7. If the certificate is self-signed, and cannot be traced back to a certificate that is in the Trusted Root Certification Authorities certificate store, then you must also copy the certificate to that store. In the navigation pane, click Trusted Root Certification Authorities, and then repeat steps 5 and 6 to install a copy of the certificate to that store.

Answer 2

How about creating a custom ClickOnce installer? http://msdn.microsoft.com/en-us/library/dd997001.aspx

Updated link (06 Oct 2016)

Walkthrough: Creating a Custom Installer for a ClickOnce Application

Answer 3

In Addition to MikeBazs Answer, i'd like to provide the following "Workaround" which makes the Installation of a Click-Once-Application "non-interactive" and "almost silent" (User sees the progress-window during installation, no clicking required and/or possible)

There are a few "Issues" to consider, but if you follow this guide, the outcome should be what you need:

1.) Sign your application: Within visual Studio you can easily sign your application with your own certificate, that's no big deal.

2.) Distribute the certificate: In order to avoid the dialog, if the application should be installed, you need to distribute YOUR certificate to the following stores on any Machine (Use a GPO for that): Trusted Publishers and Trusted Root Certification Authorities

Now, users are able to install the application with a single click - no security question. But we want Zero clicks:

3.) Create a powershell script, located on a server, which invokes the setup.exe of your application, if not already installed:

$appInfo = Get-ChildItem HKCU:\Software\Microsoft\Windows\CurrentVersion\Uninstall | foreach-object {Get-ItemProperty $_.PsPath}
$displayName = $appInfo | ? { $_.displayname -eq "MyApplicationName" } | select displayName

if ($displayName -eq $null){
  # MyApplicationName not installed, install! 
  Start-Process "\\server\share\MyApplication\Application\setup.exe"
}

Now, users can execute that script, only getting an installation once with no further confirmation required. But the application starts after the installation.

4.) Modify the sourcecode of your application: I used a dummy file to detect the firstrun of the application. If it IS the firstrun, (i.e. right after installation) I just shut it down again:

private void Form1_Load(object sender, EventArgs e)
    {
        //first run? That's a initial deployment, close application.
        if (!File.Exists("C:\\some\\static\\path\\notfirstrun.dat"))
        {
            File.WriteAllText("C:\\some\\static\\path\\notfirstrun.dat", "1");
            Application.Exit();
        }

Now, users can execute that script, only getting an installation once with no further confirmation required and the application does not "Auto-start" after setup.

But we want to avoid the "click" as well:

If we setup the powershell script in the Startup-Folder - it pops up, which is ugly. If we set it as Login-Script, It doesn't run in the user-context, which is required for Click-Once.

As a workaround to "this" problem, you can wrap it inside a vbs script, calling the powershell script. Note, that this is executed in the user context, so the user needs permissions to execute powershell-scripts:

Dim objShell
Set objShell=CreateObject("WScript.Shell")

strCMD="powershell.exe -sta -noProfile -NonInteractive -nologo -ExecutionPolicy Bypass -f \\server\share\scripts\install_App.ps1" 
objShell.Run strCMD,0,True

Finally, Use a GPO to deploy your vbs-script into the startup folder of any user.

All the user will see is the "installation" Progress.

In a nutshell:

• Sign your code
• Distribute your certificate
• trigger the installation with a powershell script
• wrap that powershell script inside an inivisible vbs script
• deploy the vbs script to each users startup folder.

Answer 4

There is no way to install a ClickOnce application without prompting the user. if you want the user to be able to double-click on it, and it just installs without verifying with the user, don't use ClickOnce. Frankly, in my experience, only malware and packages pushed with SMS in an enterprise environment install without any prompting to the user.

Answer 5

A workaround which I am using: I just built a small GUI automation script which simulates the install confirmation mouseclick. That’s how I’m deploying ClickOnce apps to a big amount of machines for a specific user profile.