Project: We have created an electron application that is shipped to our users (mostly using Windows) using an NSIS installer built with electron-builder.
Scenario: Our users are companies who install our application into the "C:\Program Files" folder on a Windows Terminal Server for all of their staff. The staff - who is using our software and sees the related update notification after a new release - most of the times can not install the update because of a lack of necessary permissions.
Question: We would like to not only solve the above problem but even go one step further: We would like our app to update itself silently. What possible solutions are there to make this possible in a scenario like the above?
If you do per-user installs instead then normal users will of course be able to write to the directory.
Another option is to switch to MSI. A signed MSI package can be patched by normal users without UAC elevation. This is called User Account Control (UAC) Patching.
A third option is to create a NT service that runs the installer. Services can be configured so that normal users can start them. A scheduled task might also work.