Поделиться через


Choosing a Deployment Strategy

You can deploy Windows-based applications from Visual Studio by using either of the following technologies:

  • ClickOnce.

  • Windows Installer.

Use ClickOnce to publish the application to a centralized location. The user installs or runs the application from that location. Use Windows Installer to create an application installer file (.msi) and distribute that file. The users run the file to install the application.

Note

The deployment tools in Visual Studio are designed to handle typical enterprise deployment needs: they do not cover every possible deployment scenario. For more advanced deployment scenarios, you may require a third-party deployment tool or a software distribution tool such as Systems Management Server.

Advantages of ClickOnce Deployment

In general, ClickOnce deployment simplifies the process of installing and updating an application. You can use the Publish Wizard to package your application and manifests, and to publish the application to a Web site or a network file share. Then, the users can install and start the application directly from that location in a single step. For more information, see How to: Publish a ClickOnce Application using the Publish Wizard.

Because ClickOnce deployed applications are self-updating, ClickOnce is the best choice for applications that require frequent updates. Users must have network connectivity to take advantage of ClickOnce update capabilities, although ClickOnce applications can be installed for the first time using a CD-ROM. For more information, see Choosing a ClickOnce Update Strategy.

Security in ClickOnce

ClickOnce security relies on Authenticode certificates to determine whether an application should be installed, a step known as a trust decision. Application and deployment manifests that describe an application can be signed with a certificate to prevent tampering.

Domain administrators can configure certificates to be trusted at the enterprise or machine level. If certificates are not trusted at the time of installation, ClickOnce deployment can be configured to ask users to make trust decisions. Once an application is installed, ClickOnce restricts the application permissions and actions as defined by the Internet, Local Intranet, or custom zones. For more information, see Securing ClickOnce Applications.

Advantages of Windows Installer Deployment

Windows Installer deployment can advertise applications and features according to specific operating systems, install products on demand, and detect and reinstall damaged components. For more information about Windows Installer advertisement, see Advertisement (Windows).

To create a Windows Installer file (.msi) that is distributed to users, you can add a Visual Studio Setup project to your Visual Studio solution. In both scenarios, the user runs the installer file and steps through a wizard to install the application. For more information, see How to: Create or Add a Setup Project.

You can configure Visual Studio Setup projects by using the following designers: Customs Actions Editor, File System Editor, File Types Editor, Launch Condition Editor, Registry Editor, and User Interface Editor. Each editor enables you to specify the steps that occur on the target computer during installation. For more information, see Deployment Dialog Boxes.

Security in Windows Installer

Windows Installer can use digital signatures to detect and correct corrupted resources. In Windows XP, Windows Installer is integrated with Software Restriction Policy to restrict both administrators and non-administrators from running program files based on the path, URL zone, hash, or publisher criteria. For more information, see Windows Installer and Software Restriction Policy (Windows). In Windows Vista, Windows Installer uses User Account Control Patching to make sure that the signature matches the certificate listed in the .msi resources. For more information, see User Account Control (UAC) Patching.

ClickOnce and Windows Installer Comparison Table

The following table compares the features of ClickOnce deployment and Windows Installer deployment.

Feature

ClickOnce

Windows Installer

Automatic update

Yes

Yes

Post-installation rollback1

Yes

No

Update from Web

Yes

No

Does not affect shared components or other applications

Yes

No

Security permissions granted

Grants only permissions necessary for the application (more safe)

Grants Full Trust by default (less safe)

Security permissions required

Internet or Intranet Zone (Full Trust for CD-ROM installation)

Administrator

Application and deployment manifest signing

Yes

No

Installation-time user interface

Single prompt

Multipart Wizard

Installation of assemblies on demand

Yes

No

Installation of shared files

No

Yes

Installation of drivers

No

Yes (with custom actions)

Installation to Global Assembly Cache

No

Yes

Installation for multiple users

No

Yes

Add application to Start menu

Yes

Yes

Add application to Startup group

No

Yes

Add application to Favorites menu

No

Yes

Register file types

Yes

Yes

Install time registry access

Limited

Yes

Binary file patching

No

Yes

Application installation location

ClickOnce application cache

Program Files folder

Notes

1. With ClickOnce, rollback is available in Add or Remove Programs in Windows XP and Programs and Features in Windows Vista.

See Also

Concepts

ClickOnce Security and Deployment

Visual Studio Installer Deployment

Other Resources

Deploying Applications and Components