Re: [WiX-users] Property/@Secure - when to use?
Very interesting. My particular installer is for setting up a server application, so I require an administrator to perform the install. Matt Johnson MCPD, MCTS, MCSD, MCDBA Director of Application Development Time America, Inc. ma...@timeamerica.com | www.timeamerica.com -Original Message- From: Nick Ramirez [mailto:nickra...@hotmail.com] Sent: Sunday, May 02, 2010 9:21 PM To: wix-users@lists.sourceforge.net Subject: Re: [WiX-users] Property/@Secure - when to use? Okay. It took quite a while to get some results, but I've finally managed to get the properties to not pass from the UI sequence to the Execute sequence. The key factor seems to be whether or not you're prompted to elevate your privileges during the install. On Vista, you're almost always prompted for an administrator's credentials if you're not an admin and if you're already an admin, you've already got the access. Once the privileges are elevated, I haven't seen any problems with properties passing from UI to Execute. This is without the Secure attribute. However, if you're not prompted, then a property called RestrictedUserControl is set to 1, which tells the installer to only pass properties listed in the SecureCustomProperties list to the Execute sequence. To not be prompted, you can set the AlwaysInstallElevated value in the Registry to 1 or do an advertised installation from a file share. I did the former and haven't tested the latter, but it seems that that's how it would work. Anything to prevent Vista from explicitly elevating your privileges. So, without setting a property as secure, I now see this happening (after setting AlwaysInstallElevated to 1): MSI (s) (C8:BC) [23:49:58:906]: Machine policy value 'EnableUserControl' is 0 MSI (s) (C8:BC) [23:49:58:906]: PROPERTY CHANGE: Adding RestrictedUserControl property. Its value is '1'. MSI (s) (C8:BC) [23:49:58:906]: Ignoring disallowed property MYPROPERTY Awesome. I've created a scenario where the Secure attribute is needed just like I wanted. Matt, is your situation different? Yours happened on uninstall. Is any of this similar? Do you try to prevent the user from being prompted to elevate their privileges? -- View this message in context: http://windows-installer-xml-wix-toolset.687559.n2.nabble.com/Property-Secure-when-to-use-tp4982590p4995282.html Sent from the wix-users mailing list archive at Nabble.com. -- ___ WiX-users mailing list WiX-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wix-users -- ___ WiX-users mailing list WiX-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wix-users
Re: [WiX-users] Property/@Secure - when to use?
Okay. It took quite a while to get some results, but I've finally managed to get the properties to not pass from the UI sequence to the Execute sequence. The key factor seems to be whether or not you're prompted to elevate your privileges during the install. On Vista, you're almost always prompted for an administrator's credentials if you're not an admin and if you're already an admin, you've already got the access. Once the privileges are elevated, I haven't seen any problems with properties passing from UI to Execute. This is without the Secure attribute. However, if you're not prompted, then a property called RestrictedUserControl is set to 1, which tells the installer to only pass properties listed in the SecureCustomProperties list to the Execute sequence. To not be prompted, you can set the AlwaysInstallElevated value in the Registry to 1 or do an advertised installation from a file share. I did the former and haven't tested the latter, but it seems that that's how it would work. Anything to prevent Vista from explicitly elevating your privileges. So, without setting a property as secure, I now see this happening (after setting AlwaysInstallElevated to 1): MSI (s) (C8:BC) [23:49:58:906]: Machine policy value 'EnableUserControl' is 0 MSI (s) (C8:BC) [23:49:58:906]: PROPERTY CHANGE: Adding RestrictedUserControl property. Its value is '1'. MSI (s) (C8:BC) [23:49:58:906]: Ignoring disallowed property MYPROPERTY Awesome. I've created a scenario where the Secure attribute is needed just like I wanted. Matt, is your situation different? Yours happened on uninstall. Is any of this similar? Do you try to prevent the user from being prompted to elevate their privileges? -- View this message in context: http://windows-installer-xml-wix-toolset.687559.n2.nabble.com/Property-Secure-when-to-use-tp4982590p4995282.html Sent from the wix-users mailing list archive at Nabble.com. -- ___ WiX-users mailing list WiX-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wix-users
Re: [WiX-users] Property/@Secure - when to use?
Matt, You are definitely the person to talk to then. Marking a property as Secure seems to have nothing to do with deferred custom actions, as you say. Doing so will still get you the Cannot access session details from a non-immediate custom action. We'd always used CustomActionData to pass properties to a deferred CA. However, I am still very interested in knowing what Secure does and I think you've found it. I don't understand the steps you took, though, and would like to reproduce the problem myself. How did you elevate privileges? And did you find out what's meant by a managed installation? Can you tell me the key factors that cause the error? You say the problem happens in the immediate phase? But only on uninstall? Thanks for the help. Matt Johnson-2 wrote: Lol. See my prior posts from today. I needed this specifically to get a property from a registry key to pass to a custom action during uninstall. Matt Johnson MCPD, MCTS, MCSD, MCDBA Director of Application Development Time America, Inc. ma...@timeamerica.com | www.timeamerica.com -Original Message- From: Nick Ramirez [mailto:nickra...@hotmail.com] Sent: Thursday, April 29, 2010 2:48 PM To: wix-users@lists.sourceforge.net Subject: [WiX-users] Property/@Secure - when to use? Hello, The Property element's Secure attribute is supposed to be necessary to pass a property from the UI to the Execute sequence. However, I've never been able to create a situation where it was necessary. For me, just making the property uppercase has always done the trick. I've tried the following scenarios: * installing as an Administrator * installing as a non-Administrator * setting the property with a custom action * setting the property with a Property element * setting the property from the command line * using the property in the Execute sequence in an immediate custom action * setting the ALLUSERS property to 1 and installing as a non-administrator I've tried it in XP, Windows 7 and Windows Server 2008. It always works for me without using the Secure attribute. However, I see many sources that say the Secure attribute is needed. Can anyone show me a scenario, with the steps to take, when this is really necessary? When not having that attribute would cause an error? I appreciate any help. -- View this message in context: http://windows-installer-xml-wix-toolset.687559.n2.nabble.com/Property-Secure-when-to-use-tp4982590p4982590.html Sent from the wix-users mailing list archive at Nabble.com. -- ___ WiX-users mailing list WiX-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wix-users -- ___ WiX-users mailing list WiX-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wix-users -- View this message in context: http://windows-installer-xml-wix-toolset.687559.n2.nabble.com/Property-Secure-when-to-use-tp4982590p4989921.html Sent from the wix-users mailing list archive at Nabble.com. -- ___ WiX-users mailing list WiX-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wix-users
Re: [WiX-users] Property/@Secure - when to use?
Yes, you can't access session details from a deferred custom action. You can, however, read the CustomActionData value. You set this up in an immediate action where the property name is the Id of the deferred action. There's a great example of this in the Wix docs. Look up the Quiet Execution Custom Action in the second example of the Deferred Execution topic. The specific scenario I had was as follows: - During install, I ask the user for their sql server so I can deploy scripts to it with my custom action (as above) - I save that property in a registry value under HKLM\SOFTWARE\MyApp\SqlServer - The property has a RegistrySearch element on it so that the value can be loaded from the registry if it exists - The expectation was that during uninstall, I could find the original sql server and run an uninstall script on it with a similar custom action. - The problem was that I was getting a blank string for the name of the sql server. - The resolution was to add Secure=yes to the property. Now it works as intended. This seems to fall in the category of works as designed. However, the design is a bit cloudy. No, I never did find out what a managed installation means. If anyone knows where this is documented, please share a url. In regards to elevation, normally you would specify Impersonate=no on the deferred action to have the action run with elevated privileges. However, in this case, I needed to specify Impersonate=yes so that I connect to the sql server using the windows authentication of the person running my installer. Perhaps this had something to do with why I needed to mark the property secure. I do have other custom actions that run with elevated privileges, but none that needed a property value during uninstall. Matt Johnson MCPD, MCTS, MCSD, MCDBA Director of Application Development Time America, Inc. ma...@timeamerica.com | www.timeamerica.com -Original Message- From: Nick Ramirez [mailto:nickra...@hotmail.com] Sent: Saturday, May 01, 2010 5:56 AM To: wix-users@lists.sourceforge.net Subject: Re: [WiX-users] Property/@Secure - when to use? Matt, You are definitely the person to talk to then. Marking a property as Secure seems to have nothing to do with deferred custom actions, as you say. Doing so will still get you the Cannot access session details from a non-immediate custom action. We'd always used CustomActionData to pass properties to a deferred CA. However, I am still very interested in knowing what Secure does and I think you've found it. I don't understand the steps you took, though, and would like to reproduce the problem myself. How did you elevate privileges? And did you find out what's meant by a managed installation? Can you tell me the key factors that cause the error? You say the problem happens in the immediate phase? But only on uninstall? Thanks for the help. Matt Johnson-2 wrote: Lol. See my prior posts from today. I needed this specifically to get a property from a registry key to pass to a custom action during uninstall. Matt Johnson MCPD, MCTS, MCSD, MCDBA Director of Application Development Time America, Inc. ma...@timeamerica.com | www.timeamerica.com -Original Message- From: Nick Ramirez [mailto:nickra...@hotmail.com] Sent: Thursday, April 29, 2010 2:48 PM To: wix-users@lists.sourceforge.net Subject: [WiX-users] Property/@Secure - when to use? Hello, The Property element's Secure attribute is supposed to be necessary to pass a property from the UI to the Execute sequence. However, I've never been able to create a situation where it was necessary. For me, just making the property uppercase has always done the trick. I've tried the following scenarios: * installing as an Administrator * installing as a non-Administrator * setting the property with a custom action * setting the property with a Property element * setting the property from the command line * using the property in the Execute sequence in an immediate custom action * setting the ALLUSERS property to 1 and installing as a non-administrator I've tried it in XP, Windows 7 and Windows Server 2008. It always works for me without using the Secure attribute. However, I see many sources that say the Secure attribute is needed. Can anyone show me a scenario, with the steps to take, when this is really necessary? When not having that attribute would cause an error? I appreciate any help. -- View this message in context: http://windows-installer-xml-wix-toolset.687559.n2.nabble.com/Property-Secure-when-to-use-tp4982590p4982590.html Sent from the wix-users mailing list archive at Nabble.com. -- ___ WiX-users mailing list WiX-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wix-users
Re: [WiX-users] Property/@Secure - when to use?
Secure is not required to pass from the UI to the Execute sequence, it's required to pass to the *server side* in the Execute sequence. (i.e. deferred CAs) Take a look at the diagram on http://blogs.msdn.com/rflaming/archive/2006/09/21/765452.aspx - Pink is UI, Yellow is Execute and Green is basically server side/deferred actions (stuff that should be rolled back when install fails) The way I see it (I might be wrong here) Non-secured properties can move between Pink/Yellow, but only secure properties can move between Yellow/Green or Pink/Yellow/Green. Someone else more familiar with MSI internals and terminology might be able to give a better explanation :) Sascha On Fri, Apr 30, 2010 at 8:00 AM, Matt Johnson ma...@timeamerica.com wrote: Lol. See my prior posts from today. I needed this specifically to get a property from a registry key to pass to a custom action during uninstall. Matt Johnson MCPD, MCTS, MCSD, MCDBA Director of Application Development Time America, Inc. ma...@timeamerica.com | www.timeamerica.com -Original Message- From: Nick Ramirez [mailto:nickra...@hotmail.com] Sent: Thursday, April 29, 2010 2:48 PM To: wix-users@lists.sourceforge.net Subject: [WiX-users] Property/@Secure - when to use? Hello, The Property element's Secure attribute is supposed to be necessary to pass a property from the UI to the Execute sequence. However, I've never been able to create a situation where it was necessary. For me, just making the property uppercase has always done the trick. I've tried the following scenarios: * installing as an Administrator * installing as a non-Administrator * setting the property with a custom action * setting the property with a Property element * setting the property from the command line * using the property in the Execute sequence in an immediate custom action * setting the ALLUSERS property to 1 and installing as a non-administrator I've tried it in XP, Windows 7 and Windows Server 2008. It always works for me without using the Secure attribute. However, I see many sources that say the Secure attribute is needed. Can anyone show me a scenario, with the steps to take, when this is really necessary? When not having that attribute would cause an error? I appreciate any help. -- View this message in context: http://windows-installer-xml-wix-toolset.687559.n2.nabble.com/Property-Secure-when-to-use-tp4982590p4982590.html Sent from the wix-users mailing list archive at Nabble.com. -- ___ WiX-users mailing list WiX-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wix-users -- ___ WiX-users mailing list WiX-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wix-users -- ___ WiX-users mailing list WiX-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wix-users
[WiX-users] Property/@Secure - when to use?
Hello, The Property element's Secure attribute is supposed to be necessary to pass a property from the UI to the Execute sequence. However, I've never been able to create a situation where it was necessary. For me, just making the property uppercase has always done the trick. I've tried the following scenarios: * installing as an Administrator * installing as a non-Administrator * setting the property with a custom action * setting the property with a Property element * setting the property from the command line * using the property in the Execute sequence in an immediate custom action * setting the ALLUSERS property to 1 and installing as a non-administrator I've tried it in XP, Windows 7 and Windows Server 2008. It always works for me without using the Secure attribute. However, I see many sources that say the Secure attribute is needed. Can anyone show me a scenario, with the steps to take, when this is really necessary? When not having that attribute would cause an error? I appreciate any help. -- View this message in context: http://windows-installer-xml-wix-toolset.687559.n2.nabble.com/Property-Secure-when-to-use-tp4982590p4982590.html Sent from the wix-users mailing list archive at Nabble.com. -- ___ WiX-users mailing list WiX-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wix-users
Re: [WiX-users] Property/@Secure - when to use?
Lol. See my prior posts from today. I needed this specifically to get a property from a registry key to pass to a custom action during uninstall. Matt Johnson MCPD, MCTS, MCSD, MCDBA Director of Application Development Time America, Inc. ma...@timeamerica.com | www.timeamerica.com -Original Message- From: Nick Ramirez [mailto:nickra...@hotmail.com] Sent: Thursday, April 29, 2010 2:48 PM To: wix-users@lists.sourceforge.net Subject: [WiX-users] Property/@Secure - when to use? Hello, The Property element's Secure attribute is supposed to be necessary to pass a property from the UI to the Execute sequence. However, I've never been able to create a situation where it was necessary. For me, just making the property uppercase has always done the trick. I've tried the following scenarios: * installing as an Administrator * installing as a non-Administrator * setting the property with a custom action * setting the property with a Property element * setting the property from the command line * using the property in the Execute sequence in an immediate custom action * setting the ALLUSERS property to 1 and installing as a non-administrator I've tried it in XP, Windows 7 and Windows Server 2008. It always works for me without using the Secure attribute. However, I see many sources that say the Secure attribute is needed. Can anyone show me a scenario, with the steps to take, when this is really necessary? When not having that attribute would cause an error? I appreciate any help. -- View this message in context: http://windows-installer-xml-wix-toolset.687559.n2.nabble.com/Property-Secure-when-to-use-tp4982590p4982590.html Sent from the wix-users mailing list archive at Nabble.com. -- ___ WiX-users mailing list WiX-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wix-users -- ___ WiX-users mailing list WiX-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wix-users