+1 for don't do it. Have the application modified to write to "proper locations". http://msdn.microsoft.com/en-us/library/windows/desktop/bb762494(v=vs.85).aspx commonly CSIDL_COMMON_APPDATA with \Mfg\App Name appended.
-----Original Message----- From: Edwin Castro [mailto:egca...@gmail.com] Sent: Tuesday, July 16, 2013 1:22 PM To: General discussion for Windows Installer XML toolset. Subject: Re: [WiX-users] C# custom action to grant builtin user the installation folder full control Deferred custom actions must be scheduled between InstallInitialize and InstallFinalize to execute within the installation transaction and thus elevated. Prefer to use PermissionEx<http://wix.sourceforge.net/manual-wix3/util_xsd_permissionex.htm>instead of writing your own custom action. Reconsider giving builtin\users full control of your target installation folder. This is a huge security hole that will allow attackers to inject arbitrary code into your application by copying a file to the application's directory. On Tue, Jul 16, 2013 at 10:59 AM, Chen, Jianxin < jianxin.c...@bakerhughes.com> wrote: > Hi, Experts, > > I created a C# custom action to grant the builtin\users full control > of the installation target folder, but I have to run the "setup.exe as > administrator" to make it work. > > If I just double-click the setup.exe, my custom action does not have > the permission to change the folder. > > I have tried to use > > 1 <CustomAction Id="GrantFullAccessToFolder" > Execute="deferred" Impersonate="no" Return="check" > BinaryKey="GrantFullAccessToFolder.CA.dll" DllEntry=" > GrantFullAccessToFolder "/> > > ... > <Custom Action="GrantFullAccessToFolder" After="InstallFinalize">NOT > Installed</Custom> > > > > 2 <Package InstallerVersion="301" Compressed="yes" ... > InstallPrivileges="elevated" InstallScope="perMachine" /> > > > They does not work! > > Any questions? > > Thanks! > > JC > ______________________________________________________________________ > _____ Jianxin Chen | Senior Software Engineer Baker Hughes | Software > / Intelligent Production Systems > jianxin.c...@bakerhughes.com<mailto:jianxin.c...@bakerhughes.com> > Office: +1 713.934.4136 > 14990 Yorktown Plaza Drive, Houston, 77040 > http://www.bakerhughes.com<http://www.bakerhughes.com/> | Advancing > Reservoir Performance > > > ---------------------------------------------------------------------- > -------- See everything from the browser to the database with > AppDynamics Get end-to-end visibility with application monitoring from > AppDynamics Isolate bottlenecks and diagnose root cause in seconds. > Start your free trial of AppDynamics Pro today! > http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.c > lktrk _______________________________________________ > WiX-users mailing list > WiX-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/wix-users > -- Edwin G. Castro ------------------------------------------------------------------------------ See everything from the browser to the database with AppDynamics Get end-to-end visibility with application monitoring from AppDynamics Isolate bottlenecks and diagnose root cause in seconds. Start your free trial of AppDynamics Pro today! http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk _______________________________________________ WiX-users mailing list WiX-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wix-users ------------------------------------------------------------------------------ See everything from the browser to the database with AppDynamics Get end-to-end visibility with application monitoring from AppDynamics Isolate bottlenecks and diagnose root cause in seconds. Start your free trial of AppDynamics Pro today! http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk _______________________________________________ WiX-users mailing list WiX-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wix-users
