Re: [WiX-users] Elevating custom action on Vista
That's the whole point really. The general issue is that many custom actions are arguably incorrect because to access secure parts of the system theyrun with the installing user's privilege, who was therefore required to be privileged. The "right" thing is to run deferred with noimpersonation, requiring them in the scripted part of the execute sequence. To get them running with privilege in the UI sequence I believe the recommended solution is to launch the MSI with a manifested exe that will demand privilege with a UAC dialog so the MSI is launched with privilege. Phil Wilson From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bob ArnsonSent: Wednesday, September 06, 2006 7:39 PMTo: Chesong LeeCc: WiX-users; Dana GutrideSubject: Re: [WiX-users] Elevating custom action on Vista Chesong Lee wrote: As for Windows Vista, in most cases if custom actions are involved, regardless of Elevation is allowed for MSI installation in Group Policy, UAC dialog should appear and MSI process should have as much privileges as the logon user has.But only deferred+noimpersonate CAs can elevate via UAC.-- sig://boB http://bobs.org - Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642___ WiX-users mailing list WiX-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wix-users
Re: [WiX-users] Elevating custom action on Vista
Wilson, Phil wrote: That's the whole point really. The general issue is that many custom actions are arguably incorrect because to access secure parts of the system theyrun with the installing user's privilege, who was therefore required to be privileged. The "right" thing is to run deferred with noimpersonation, requiring them in the scripted part of the execute sequence. To get them running with privilege in the UI sequence I believe the recommended solution is to launch the MSI with a manifested exe that will demand privilege with a UAC dialog so the MSI is launched with privilege. Correct. The UI sequence doesn't support elevation directly because you (generally) don't need elevated privs before you get into modifying the system. -- sig://boB http://bobs.org - Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642___ WiX-users mailing list WiX-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wix-users
Re: [WiX-users] Elevating custom action on Vista
Dana Gutride wrote: Is it possible to elevate a custom action that is called during the UI sequence in Vista? During my install, I'm doing prerequisite checks during the UI sequence, a couple of them require administrative privileges to complete. I'm seeing some mixed information online about this. This link ( http://msdn.microsoft.com/library/default.asp?url=/library/en-us/msi/setup/guidelines_for_packages.asp) says that you can elevate custom actions in the InstallUISequence as long as they are scheduled deferred. That doesn't really make sense to me as I thought you could only defer CA's in the InstallExecuteSequence. Any thoughts? That doc hurts.g Yeah, almost everywhere it says InstallUISequence, it means InstallExecuteSequence. Only actions in InstallExecuteSequence can be deferred which means only they can be elevated. What do you need elevation to check? -- sig://boB http://bobs.org - Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642 ___ WiX-users mailing list WiX-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wix-users
Re: [WiX-users] Elevating custom action on Vista
I'm using a custom action to detect the presence of an installed SSL Cert in IIS and also to retrieve the port number of the default web site.DanaOn 9/6/06, Bob Arnson [EMAIL PROTECTED] wrote:Dana Gutride wrote: Is it possible to elevate a custom action that is called during the UI sequence in Vista?During my install, I'm doing prerequisite checks during the UI sequence, a couple of them require administrative privileges to complete.I'm seeing some mixed information online about this.This link ( http://msdn.microsoft.com/library/default.asp?url="">) says that you can elevate custom actions in the InstallUISequence as long as they are scheduled deferred.That doesn't really make sense to me as I thought you could only defer CA's in the InstallExecuteSequence.Any thoughts?That doc hurts.g Yeah, almost everywhere it says InstallUISequence, itmeans InstallExecuteSequence. Only actions in InstallExecuteSequence can be deferred which means only they can be elevated. What do you needelevation to check?--sig://boBhttp://bobs.org - Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642___ WiX-users mailing list WiX-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wix-users
Re: [WiX-users] Elevating custom action on Vista
We're using ADSI and COM to access the IIS metabase to read those values. If there is a way to do that with the registry as an unelevated user, please let me know as I certainly prefer using registry searches over custom actions and I wasn't aware that those values are also stored in the registry. DanaOn 9/6/06, Bob Arnson [EMAIL PROTECTED] wrote: Dana Gutride wrote: I'm using a custom action to detect the presence of an installed SSL Cert in IIS andalso to retrieve the port number of the default web site.How? Don't you have read-only access to the registry, for example, as an unelevated user?--sig://boBhttp://bobs.org - Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642___ WiX-users mailing list WiX-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wix-users
Re: [WiX-users] Elevating custom action on Vista
Be aware that Elevated Custom Actions and User Account Controls in Vista are separate matters. Elevated Custom Action allows non-privileged users to perform privileged actions if Group Policy allows elevation for MSI installation. As for Windows Vista, in most cases if custom actions are involved, regardless of Elevation is allowed for MSI installation in Group Policy, UAC dialog should appear and MSI process should have as much privileges as the logon user has. Chesong Lee From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dana Gutride Sent: Wednesday, September 06, 2006 2:36 PM To: WiX-users Subject: Re: [WiX-users] Elevating custom action on Vista We're using ADSI and COM to access the IIS metabase to read those values. If there is a way to do that with the registry as an unelevated user, please let me know as I certainly prefer using registry searches over custom actions and I wasn't aware that those values are also stored in the registry. Dana On 9/6/06, Bob Arnson [EMAIL PROTECTED] wrote: Dana Gutride wrote: I'm using a custom action to detect the presence of an installed SSL Cert in IIS andalso to retrieve the port number of the default web site. How? Don't you have read-only access to the registry, for example, as an unelevated user? -- sig://boB http://bobs.org - Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642___ WiX-users mailing list WiX-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wix-users
Re: [WiX-users] Elevating custom action on Vista
Chesong Lee wrote: As for Windows Vista, in most cases if custom actions are involved, regardless of Elevation is allowed for MSI installation in Group Policy, UAC dialog should appear and MSI process should have as much privileges as the logon user has. But only deferred+noimpersonate CAs can elevate via UAC. -- sig://boB http://bobs.org - Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642___ WiX-users mailing list WiX-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wix-users
Re: [WiX-users] Elevating custom action on Vista
Dana Gutride wrote: We're using ADSI and COM to access the IIS metabase to read those values. If there is a way to do that with the registry as an unelevated user, please let me know as I certainly prefer using registry searches over custom actions and I wasn't aware that those values are also stored in the registry. I'm not sure they are; I'm just wondering if there's a LUA-friendly way of detecting them. I can see that COM (especially) would have problems. AFAIK, the IIS CAs in WiX work in LUA/UAC, for example. -- sig://boB http://bobs.org - Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642 ___ WiX-users mailing list WiX-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wix-users