Hey Blair, Thank you for the input. Great insights here.
I already have the InstallScope to "perMachine", but I do have InstallPrivileges="elevated". Are you saying I SHOULDN'T do that? My understanding from the WiX docs is that this is required if you need the caller to be in an admin context. if its perMachine and without InstallPrivileges, is the /privileges=admin in the CustomAction going to force the elevation? As for my BHO, I am not registering it from within BHO. The 3rd party framework we use includes a cmdline exe that does the registration to everything. The CustomAction looks as follows: <CustomAction Id="RegisterApp" BinaryKey="their-bho-registrator_exe" Execute ="deferred" ExeCommand='/install="[INSTALLFOLDER]$(var.Our.App.TargetFileName)" /privileges=admin /returnExitCode=false' Impersonate="yes" /> I am assuming that it is this CustomAction that isn't behaving right when not executed from an elevated cmd window. I am going to look into Andreas' suggestion of manually applying the registry keys instead, but before I do that, I would like to take the time to learn how the CustomAction in WiX is functioning. Will help me to figure out the trust boundaries / elevation management within the framework. We have been spoiled with a UX for building installers for years, and the move to WiX is a blessing and a curse. So much more to learn to do this right. Regards, Dana Epp Microsoft Security MVP On Wed, Jul 17, 2013 at 12:14 AM, Blair Murri <os...@live.com> wrote: > To get your MSI to prompt for elevation, set the > Package\@InstallScope="perMachine" and remove any > Package\@InstallPrivileges that may be present. > > Calling into your BHO to register it is called "self-reg" or "Self > Registration" and it has a very bad reputation due to the very high failure > rates and blocked installations it causes in the wild. I STRONGLY recommend > you NOT self register your BHO and instead translate all of its > registration into WiX directly. > > Some people use the Heat tool to assist in transferring that registration > into WiX, but if you have the source code to your BHO you can often do a > higher quality job if you do this manually. > > BTW, custom actions that are immediate as well as custom actions that > impersonate will often not have administrative privileges. All of this > information is available in the MSI documentation, the WiX tutorial, the > WiX book, the WiX manual, and repeated hundreds of times in this very mail > list. > > I would not start a new complex Ruby on Rails project in the first 30 > minutes of being introduced to Ruby, same with C#, same with WiX. Any new > nontrivial development language/environment requires some study before you > will have the knowledge to avoid bugs. Unfortunately in deployment, bugs > tend to have harder-to-mitigate lasting side-effects due to obscure edge > cases compared to just about every other environment we software developers > encounter, so this space demands giving it the same due diligence one would > give to learning any new language/environment, etc. > > Blair Murri > > > From: d...@vulscan.com > > Date: Tue, 16 Jul 2013 20:53:47 -0700 > > To: wix-users@lists.sourceforge.net > > Subject: [WiX-users] Understanding WiX elevation and BHO > > > > Hey guys, > > > > I am still rather new to WiX and I am confused on some behavior relating > to > > the generated MSI. > > > > It surrounds the registration of a browser helper object (BHO) for > Internet > > Explorer. The current test bed is on Windows 8 Enterprise, but it should > > have the same affect on earlier versions of Windows too. I am using > Visual > > Studio 2012 Ultimate with WiX 3.7. > > > > Basically what I am seeing is that as a Standard User: > > > > 1. If I run "msiexec /i myinstaller.msi" from an elevated cmd windows as > > Administrator, all registers properly and the BHO loads the next time IE > > runs. > > > > 2. If I run myinstaller.msi from an elevated cmd windows as > Administrator, > > all registers properly and the BHO loads the next time IE runs. > > > > 3. If I double click on the msi it prompts for elevation, installs but > > isn't properly registered in IE. > > > > 4. If I right click on the msi and select "Install" it prompts for > > elevation, installs but isn't properly registered in IE. > > > > Inside the .wxs I have the CustomAction to register the BHO set to > > "/privileges=admin" and "Impersonate="yes"". I am unsure what more I need > > to do. > > > > My desired result is that when someone downloads the MSI I want it to > > prompt for elevation, and do whatever it is that msiexec apparently is > > doing from the elevated cmd prompt. What exactly should I be reading up > on > > to get that to work? I know there are some people that have setup.exe > > bootstrappers, but I want to ship just a single MSI or EXE that someone > > runs. I prefer the MSI so I can push it cleanly with Active Directory > > Software Distribution Policies and InTune in the future. > > > > Can someone point me in the right direction? > > > > -- > > Regards, > > Dana Epp > > Microsoft Security MVP > > > ------------------------------------------------------------------------------ > > See everything from the browser to the database with AppDynamics > > Get end-to-end visibility with application monitoring from AppDynamics > > Isolate bottlenecks and diagnose root cause in seconds. > > Start your free trial of AppDynamics Pro today! > > > http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk > > _______________________________________________ > > WiX-users mailing list > > WiX-users@lists.sourceforge.net > > https://lists.sourceforge.net/lists/listinfo/wix-users > > > ------------------------------------------------------------------------------ > See everything from the browser to the database with AppDynamics > Get end-to-end visibility with application monitoring from AppDynamics > Isolate bottlenecks and diagnose root cause in seconds. > Start your free trial of AppDynamics Pro today! > http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk > _______________________________________________ > WiX-users mailing list > WiX-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/wix-users > -- Regards, Dana Epp Microsoft Security MVP ------------------------------------------------------------------------------ See everything from the browser to the database with AppDynamics Get end-to-end visibility with application monitoring from AppDynamics Isolate bottlenecks and diagnose root cause in seconds. Start your free trial of AppDynamics Pro today! http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk _______________________________________________ WiX-users mailing list WiX-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wix-users
