Choosing a Deployment Strategy
You can deploy Windows-based applications from Visual Studio by using either of the following technologies:
ClickOnce.
Windows Installer.
Use ClickOnce to publish the application to a centralized location. The user installs or runs the application from that location. Use Windows Installer to create an application installer file (.msi) and distribute that file. The users run the file to install the application.
Note
The deployment tools in Visual Studio are designed to handle typical enterprise deployment needs: they do not cover every possible deployment scenario. For more advanced deployment scenarios, you may require a third-party deployment tool or a software distribution tool such as Systems Management Server.
Advantages of ClickOnce Deployment
In general, ClickOnce deployment simplifies the process of installing and updating an application. You can use the Publish Wizard to package your application and manifests, and to publish the application to a Web site or a network file share. Then, the users can install and start the application directly from that location in a single step. For more information, see How to: Publish a ClickOnce Application using the Publish Wizard.
Because ClickOnce deployed applications are self-updating, ClickOnce is the best choice for applications that require frequent updates. Users must have network connectivity to take advantage of ClickOnce update capabilities, although ClickOnce applications can be installed for the first time using a CD-ROM. For more information, see Choosing a ClickOnce Update Strategy.
Security in ClickOnce
ClickOnce security relies on Authenticode certificates to determine whether an application should be installed, a step known as a trust decision. Application and deployment manifests that describe an application can be signed with a certificate to prevent tampering.
Domain administrators can configure certificates to be trusted at the enterprise or machine level. If certificates are not trusted at the time of installation, ClickOnce deployment can be configured to ask users to make trust decisions. Once an application is installed, ClickOnce restricts the application permissions and actions as defined by the Internet, Local Intranet, or custom zones. For more information, see Securing ClickOnce Applications.
Advantages of Windows Installer Deployment
Windows Installer deployment can advertise applications and features according to specific operating systems, install products on demand, and detect and reinstall damaged components. For more information about Windows Installer advertisement, see Advertisement (Windows).
To create a Windows Installer file (.msi) that is distributed to users, you can add a Visual Studio Setup project to your Visual Studio solution. In both scenarios, the user runs the installer file and steps through a wizard to install the application. For more information, see How to: Create or Add a Setup Project.
You can configure Visual Studio Setup projects by using the following designers: Customs Actions Editor, File System Editor, File Types Editor, Launch Condition Editor, Registry Editor, and User Interface Editor. Each editor enables you to specify the steps that occur on the target computer during installation. For more information, see Deployment Dialog Boxes.
Security in Windows Installer
Windows Installer can use digital signatures to detect and correct corrupted resources. In Windows XP, Windows Installer is integrated with Software Restriction Policy to restrict both administrators and non-administrators from running program files based on the path, URL zone, hash, or publisher criteria. For more information, see Windows Installer and Software Restriction Policy (Windows). In Windows Vista, Windows Installer uses User Account Control Patching to make sure that the signature matches the certificate listed in the .msi resources. For more information, see User Account Control (UAC) Patching.
ClickOnce and Windows Installer Comparison Table
The following table compares the features of ClickOnce deployment and Windows Installer deployment.
Feature |
ClickOnce |
Windows Installer |
|---|---|---|
Automatic update |
Yes |
Yes |
Post-installation rollback1 |
Yes |
No |
Update from Web |
Yes |
No |
Does not affect shared components or other applications |
Yes |
No |
Security permissions granted |
Grants only permissions necessary for the application (more safe) |
Grants Full Trust by default (less safe) |
Security permissions required |
Internet or Intranet Zone (Full Trust for CD-ROM installation) |
Administrator |
Application and deployment manifest signing |
Yes |
No |
Installation-time user interface |
Single prompt |
Multipart Wizard |
Installation of assemblies on demand |
Yes |
No |
Installation of shared files |
No |
Yes |
Installation of drivers |
No |
Yes (with custom actions) |
Installation to Global Assembly Cache |
No |
Yes |
Installation for multiple users |
No |
Yes |
Add application to Start menu |
Yes |
Yes |
Add application to Startup group |
No |
Yes |
Add application to Favorites menu |
No |
Yes |
Register file types |
Yes |
Yes |
Install time registry access |
Limited |
Yes |
Binary file patching |
No |
Yes |
Application installation location |
ClickOnce application cache |
Program Files folder |
Notes
1. With ClickOnce, rollback is available in Add or Remove Programs in Windows XP and Programs and Features in Windows Vista.
See Also
Concepts
ClickOnce Security and Deployment
Visual Studio Installer Deployment