I have written a Java application that includes a self updater. The self updater loads new program versions from a web server and replaces the application files. While this works perfectly if the application is installed e.g. in the users home directory, it fails on windows machines if it's installed in the C:\Program Files folder. This is because the JVM is executed under the user’s account which has no write access to the program directory. If a native program, e.g. an installer, tries to write to the program folder, usually a popup appears asking the user to permit the write operation. This doesn’t happen for java applications. Why?

Is there any way to achieve that a write operation of a Java program to a restricted folder brings up the security popup so that the user can permit access to that folder?

Thanks for your responses. According to the answers I see the following options:

1. Java Web Start
   For me this is not an option for end users. I think that no one can expect from an ordinary end user to know what Java Web Start is, what it’s good for and how it’s used e.g. I doubt that an ordinary Windows user knows how to uninstall a Java Web Start application.

2. Use an exe-launcher with manifest to launch the Java application
   As far as I understand this solution the exe-launcher would request extended execution right at application start. This is not exactly what I want, cause for my use case it would be sufficient to get extended rights if an update is available and not on every application start.

3. Perform the update operation by calling a native executable
   One could call a native executable to let it perform the update operation. In this way the application would only request extended rights if an update is available. This sounds not bad but includes some native coding for Windows and doesn’t work on other platforms.

4. Install a launcher in program folder and the application in user home
   One can place a launcher in the program folder that calls the application that is installed in the user’s home directory. In this way it would be possible to update the application in the user’s home folder. I use InnoSetup for installing my application on Windows and as far as I can see it a split installation is hard to achieve with this installer and probably with other too.

5. Install the complete application in the user’s home directory
   Because the user has write access to his home directory there is no problem at all. For me this looks like the best option cause of its simplicity.

Unfortunately the increased permissions need to be requested when you first start the program, you cannot promote to them later. Programs that look like they do that are actually restarting themselves with the higher privs behind the scenes.

I had a problem like this a few years ago with a Java app and in the end I installed the application to the user data folder instead of program files as otherwise the auto-updating was a nightmare. You can still add it to the start menu so to a user it looks exactly like any other program.

If you are using inno setup compiler to generate your launcher, then you can change your app directory permission.

For example, if you need full control and want to update files under AppName/data folder

[Dirs]
Name: "{app}"; 
Name: "{app}\data"; Permissions: everyone-full

[Files]
Source: data\*; DestDir: {app}\data\; Flags: ignoreversion recursesubdirs createallsubdirs; Permissions: everyone-full