That method of loading and unloading all of the hives does not actually work
correctly in all cases. The profiles that are on the machine may be old caches
of the user profile. The code may have worked in many cases but will
definitely not work correctly in roaming user scenarios. I've been thinking
about the best way to solve this problem but the Windows operating system just
doesn't seem to have all the mechanisms in place to truly solve the problem
correctly (first-boot, roaming, uninstall).
As for the rest of your comment, you really need to take that up with the UAC
folks (they were the one pushing all privileges out of the LocalSystem
services). At a certain level I agree with you that their approach was very
draconian. However, I'm not sure what the best way was to approach their
backwards compatibility problem. It's hard to know up front all of the
applications that will break as you retro-actively try to tighten up the system
(I don't know how you can say that removing SeBackupName "unnecessarily
crippled the Windows Installer". I don't pretend to know all the threats the
Windows Installer service faces but I expect there are quite a few really nasty
EOPs in there). In this case, UAC may have written off the need to do
RegLoadKey()/RegUnloadKey () since it doesn't work correctly in all cases
already.
But I really don't know... all I do know is that the scenario as a whole does
not work correctly in all cases and it is even more broken on Vista than ever
before. Personally, I would use this example as a justification to write fewer
and fewer CustomActions. CustomActions are where I see almost all of the
installs problems these days.
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brian Patton
Sent: Monday, April 02, 2007 1:07 AM
To: wix-users@lists.sourceforge.net
Subject: [WiX-users] Privileges gone from Vista MSI
Our installer uses RegLoadKey/RegUnloadKey in a CustomAction to perform
multi-user installation (i.e. write to mutliple user's HKCU trees), and, more
importantly, multi-user uninstallation. Installation can effectively be delayed
to first run, but uninstallation needs to happen immediately for all users.
This paradigm works fine on all OS'es before Vista.
In Vista, the least-privilege obsession has unnecessarily crippled the Windows
Installer engine by removing these privileges. My primary question is this: Has
anyone figured out how to get SeBackupName/SeRestoreName privileges in an MSI
CustomAction on Vista?
See discussion...
http://www.macrovision.com/company/news/newsletter/tips/is_vista.shtml
http://blog.deploymentengineering.com/2006/10/vista-deferred-ca-consideration.html
http://blogs.msdn.com/vistacompatteam/archive/2006/10/19/impact-of-least-privilege-in-system-services.aspx
Does anyone else have concerns about continuing to develop on a platform that
can change so dramatically, effectively pulling the rug out from under our
feet? When we made the decision to use WiX/MSI it was with the intent of being
more sysadmin-friendly and leveraging some of what Windows Installer/MSI can
already do for us. Now I wonder if we should move to an internally cooked-up
system for install/uninstall, if the Windows Installer won't be able to do
"real-world" multi-user installs/uninstalls.
Please send suggestions!
Thanks,
-Brian Patton
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys-and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
WiX-users mailing list
WiX-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wix-users
