1

We are populating the IIS websites to a drop down list based on the instructions provided here: Bind IIS local websites in dropdown list of wix installation?

The custom action works when the msi is launched from admin command prompt, however there is a failure when the msi is launched with out admin rights. Having the Impersonate value to no in the CA does not elevate the custom action execution with administrator privileges.

Is there a way to launch the msi with administrator privileges? How to execute immediate custom action in UI sequence with elevated access rights?

Thanks.

Community
  • 1
  • 1
Santhosh
  • 671
  • 12
  • 36
  • 2
    The answer is the one you already know - the MSI itself must be launched with elevation, either as admin as you say, or with a program that elevates and then calls MsiInstallProduct or an equivalent launch method. – PhilDW Apr 12 '17 at 17:39
  • @PhilDW Is there a way to display a warning message to the user if the msi is not launched with admin rights even before the welcome dialog is displayed? Also when the user right click on an msi the run as administrator option is not available. – Santhosh Apr 12 '17 at 17:53
  • Why does that custom action require admin rights in the first place? – zett42 Apr 12 '17 at 18:55
  • _display a warning message to the user if the msi is not launched with admin rights_ -- under a `Fragment` or `Product` element add `Privileged` ... [see also](https://www.firegiant.com/wix/tutorial/getting-started/useful-extras/). – zett42 Apr 12 '17 at 19:00
  • _when the user right click on an msi the run as administrator option is not available_ -- wrap the .msi in a .exe that has a manifest with ``. For that .exe you may create SFX with 7zip or use WiX Burn for example. – zett42 Apr 12 '17 at 19:05
  • See MSIUSEREALADMINDETECTION and using the Privileged property in a launch condition. – PhilDW Apr 12 '17 at 19:16
  • @PhilDW `MSIUSEREALADMINDETECTION` is not required. As [documented](https://msdn.microsoft.com/en-us/library/windows/desktop/aa816403(v=vs.85).aspx) it affects only the `AdminUser` property for which it restores legacy behaviour. But only `Privileged` is required to detect if installer is running elevated. – zett42 Apr 12 '17 at 22:44
  • It's not clear if he needs AdminUser or Privileged as a launch condition, hence the docs that refer to both. – PhilDW Apr 13 '17 at 17:20
  • I've written this type of installer many times so I knew exactly his situation. :) He needs an elevated token in his UI sequence. Basically he's creating a custom AppSearch extension to bring back a list of websites that he'll use to dynamically build his UI options. The problem is Windows for some reason or another has decided that a standard user token can't call those APIs to query. – Christopher Painter Apr 20 '17 at 11:12

2 Answers2

0

It's unfortunate that the IIS API (ServerManager class in .NET) requires elevation. What I do in this situation is create a bootstrapper for the MSI and mark it to require elevation.

Christopher Painter
  • 54,556
  • 6
  • 63
  • 100
  • Is there a way to disable burn bootstrapper UI and only display the msi UI? – Santhosh Apr 17 '17 at 02:56
  • Sadly not really. See discussion here: https://www.joyofsetup.com/tag/burn/ The single MSI story is something that InstallShield is really good at. I have done it with Burn by using the MsiPackage@DisplayInternalUI attribute but it's a little sub optimal. The Burn UI is displayed in the background. Still, it got the job done. – Christopher Painter Apr 17 '17 at 11:16
  • Your other option of course is to just embrace Burn and build your MSI without any UI. Do all of this in a customer bootstrapper application and pass the choices to the MSI as secure custom public properties. I've never done this because I don't tend to work on flag ship products anymore. I tend to work on many small one off projects and I'm optimized for less hours per project rather then first class UI experience for one project. – Christopher Painter Apr 20 '17 at 11:14
  • Thanks Christopher, creating custom bootrstrapper application with customized UI option is not feasible solution now, because the we have many custom dialogs developed in wix msi project. On a brighter note we would consider this as a learning for our future installer development projects. – Santhosh Apr 21 '17 at 05:52
0

In order to resolve the issue of running the Immediate custom action with admin rights, we had to embed the msi into an exe and display the error message if exe is not run as administrator.

ChilKat Zip 2 Secure Exe creator software was used to create an exe. https://www.chilkatsoft.com/chilkatsfx.asp

Added the following snippet in wix project: <Condition Message="Launch installer with admin rights!">Privileged</Condition> in order to display error message if the it is run in non admin mode.

Santhosh
  • 671
  • 12
  • 36