Hi,
our company secures all laptops by running an application that encrypts the
"My Documents" and "Desktop" folders using the Windows encryption.
When you copy a .msi file to your encrypted desktop folder and attempt to
run the installer, it dies with a log that looks like this:
MSI (s) (A8:E4) [17:26:15:662]: MainEngineThread is returning 110
MSI (c) (14:40) [17:26:15:677]: Note: 1: 2755 2: 110 3: C:\Documents and
Settings\quinnppn\Desktop\Installer\pqs.msi
DEBUG: Error 2755: Server returned unexpected error 110 attempting to
install package C:\Documents and
Settings\quinnppn\Desktop\Installer\pqs.msi.
The installer has encountered an unexpected error installing this package.
This may indicate a problem with this package. The error code is 2755. The
arguments are: 110, C:\Documents and
Settings\quinnppn\Desktop\Installer\pqs.msi,
MSI (c) (14:40) [17:26:16:785]: Product: MultiQuant 2.0 -- The installer has
encountered an unexpected error installing this package. This may indicate a
problem with this package. The error code is 2755. The arguments are: 110,
C:\Documents and Settings\quinnppn\Desktop\Installer\pqs.msi,
MSI (c) (14:40) [17:26:16:785]: Back from server. Return value: 110
MSI (c) (14:40) [17:26:16:785]: Decrementing counter to disable shutdown. If
counter >= 0, shutdown will be denied. Counter after decrement: -1
The reason for the failure, I assume, is that msiexec runs both as a user
process and as a service in the SYSTEM security context. For encrypted
folders, only the current user is linked to the decryption certificate, but
not the SYSTEM user. So the user-mode install works, but the part that is
done by the SYSTEM account dies, because it can't read the install source
(encrypted, and no keys to decrypt).
What to do?
One thing is to teach users not to install from encrypted folders. This may
or may not work. The other is to write a custom action to detect the
problem, throw an error message and abort the install. This is what I did.
The CA code is surprisingly small, and is listed below:
extern "C" UINT __stdcall FailIfEncryptedSourceDatabase(MSIHANDLE hInstall)
{
TCHAR originalDatabase[MAX_PATH];
DWORD originalDatabaseLength = MAX_PATH;
ZeroMemory(originalDatabase, originalDatabaseLength);
if (MsiGetProperty(hInstall, ORIGINAL_DATABASE, originalDatabase,
&originalDatabaseLength) != ERROR_SUCCESS)
{
return ERROR_INSTALL_FAILURE;
}
DWORD attributes = GetFileAttributes(originalDatabase);
if ( attributes & FILE_ATTRIBUTE_ENCRYPTED )
{
MSIHANDLE hRecord;
hRecord = MsiCreateRecord(1);
MsiRecordSetInteger(hRecord, 1, 2222);
MsiProcessMessage(hInstall, INSTALLMESSAGE_ERROR, hRecord);
return ERROR_INSTALL_FAILURE;
}
return ERROR_SUCCESS;
}
Here are instructions for using the Custom action using the WiX toolset
[Syntax for InstallShield or Visual Studio installer users will be slightly
different]:
1. Make sure the Visual C++ redistributable for VS 2008 is included as
a prerequisite (the Custom Action has a dependency on the C Runtime)
2. With <Product> as the parent tag, insert this line, which adds the
custom action dll to the Binary table
3. <Binary Id="CheckEncryptionCustomAction"
SourceFile="..\Library\CheckEncryptionCustomAction.dll" />
4. Add the following to the other <Error> tags, [Parent Tag is <UI>]
making sure the ID is 2222:
<Error Id="2222">Aborting installation because you are trying to install
from an encrypted folder. Copy the installer to a non-encrypted directory
and attempt installation again.</Error>
5. Declare the custom action:
<CustomAction Id="CheckEncryption" BinaryKey="CheckEncryptionCustomAction"
DllEntry="FailIfEncryptedSourceDatabase" Execute="immediate"/>
6. Sequence the Custom Action by placing it in under the
<InstallUISequence> tag:
<Custom Action="CheckEncryption" After="FileCost">1</Custom>
Note that you cannot use this CA in a DoEvent sequence directly from the
UI. The dialog it gives is modal, and will always be on top of the install
dialog.
I would be willing to share the code/full project with the WiX custom Action
library - if people are interested in this, please contact me at my yahoo
email: brunzefb AT yahoo. com
Friedrich Brunzema
------------------------------------------------------------------------------
Open Source Business Conference (OSBC), March 24-25, 2009, San Francisco, CA
-OSBC tackles the biggest issue in open source: Open Sourcing the Enterprise
-Strategies to boost innovation and cut costs with open source participation
-Receive a $600 discount off the registration fee with the source code: SFAD
http://p.sf.net/sfu/XcvMzF8H
_______________________________________________
WiX-users mailing list
WiX-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wix-users
