I work at a security company and one of our products provides additional protection beyond built-in access controls in Windows. The end result of all of this additional protection is that the installer I'm maintaining cannot simply use some of the built-in tables/actions in Windows Installer because I need to request and get access.
The current version of the installer has custom actions to get access and modify the system accordingly. Unfortunately, the resources modified/created/etc are hard coded in the custom actions and not associated with components, etc. I think there's an opportunity to make the custom actions more robust by rewriting them as proper data-driven custom actions but that would require re-implementing standard actions for registry and services. I'd really like to avoid re-implementing WriteRegistryValues, DeleteRegistryValues, InstallServices, DeleteServices, StartServices, StopServices standard actions just to request access from our protection module. Using WriteRegistryValues as an example, could I implement a custom action to acquire all the protection handles I need, then run WriteRegistryValues action, and then in another custom action close all the protection handles. For this to work, I'd need to somehow pass the handles from the first custom action to the last custom action. Something like * SchedAcquireProtectionHandles - immediate CA that reads tables and determines which resources require protection handles, sets CustomActionData for ExecAcquireProtectionHandles and schedules ExecAcquireProtectionHandles. * ExecAcquireProtectionHandles - deferred CA that acquires protection handles for resources listed in CustomActionData, handles are passed to ExecReleaseProtectionHandles (magic?) * ExecReleaseProtectionHandles - deferred CA that release protection handles acquired by ExecAcquireProtectionHandles * SchedAcquireProtectionHandles is scheduled before WriteRegistryValues * ExecAcquireProtectionHandles is scheduled after WriteRegistryValues Logically, there would also be a rollback CA to release the protection handles in case of failure. Is something like this feasible? Or is my only option to re-implement WriteRegistryValues to acquire/release the protection handles before/after creating registry keys and/or setting registry values. -- Edwin G. Castro ------------------------------------------------------------------------------ BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT Develop your own process in accordance with the BPMN 2 standard Learn Process modeling best practices with Bonita BPM through live exercises http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual- event?utm_ source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF _______________________________________________ WiX-users mailing list WiX-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wix-users
