Update doesn't work (because of security policy)
We have a windows policy in our domain that block software execution from appdata/temp directory.
This is a security policy.
I realize today that 1password autoupdate fail with no warning because of this policy. I get a notice of a new version, the new version is downloaded in /user/appdata/temp and then nothing happen.
The funny thing is that 1password autoupdater think the update success because it don't show anymore that version of 1p but only new version that eventually come out.
Now i think i can simply download and run the exe from desktop to solve the problem. Nevertheless the fact that i get no warning of failed update is a bug for sure, as the fact the updater think all is going good.
Comments
-
Hi @S.Malacarne,
Thanks so much for letting us know. We'll investigate to see if we can reproduce this and improve our updater to make sure it has write + execute permission to the temp folder before it proceeds. If it doesn't, it should let the user know like you correctly expected.
0 -
Hi @S.Malacarne,
I just tried to reproduce this and I can't. Here's what I got when I locked my %TEMP% folder:
Can you tell me which version of Windows you're using? It might react differently on a different Windows version.
0 -
Sure @MikeT, i use windows 7 64 bit
The policy we are using on our domain is this:
Computer Configuration -> Policies -> Windows Settings -> Security Settings -> Software Restriction Policies
Setting as disallowed:
%AppData%*.exe
%LocalAppData%*.exe
%AppData%**.exe
%LocalAppData%**.exe
%LocalAppData%\Temp\Rar*.exe
%LocalAppData%\Temp\7z*.exe
%LocalAppData%\Temp\wz**.exe
%LocalAppData%\Temp*.zip*.exeIn my case file creation is allowed, only execution is limited.
This is the message i get in the log (only in the log because i dont get any warning for failed installation)
Access to C:\Users\simo\AppData\Local\Temp\1Password-4.2.0.548.exe has been restricted by your Administrator by location with policy rule {8fe3c256-f4bb-450f-ba8a-0f320e8cea6f} placed on path C:\Users\simo\AppData\Local**.exe.
0 -
In my case file creation is allowed, only execution is limited.
@S.Malacarne: Ah, that explains why MikeT is getting the error and you are not. I will bring this up with the development team to see if they can check for execution privileges in addition to read/write and let the user know. Thank you for bringing this to our attention! :)
ref: OPW-376
0 -
ops, sorry for late reply.
Things works now. If i try to start the update the install program fail with an error pointing me to download link.
ty0 -
We're glad to hear that, thanks for taking the time to update us on this.
On behalf of the team here, you're welcome.
0
