Here's a couple back articles from my archives on the subject: http://blog.deploymentengineering.com/2006/10/vista-deferred-ca-consideration.html
http://blog.deploymentengineering.com/2008/05/welcome-back-sebackupprivilege.html Christopher Painter, Author of Deployment Engineering Blog Have a hot tip, know a secret or read a really good thread that deserves attention? E-Mail Me ----- Original Message ---- From: Blair <os...@live.com> To: General discussion for Windows Installer XML toolset. <wix-users@lists.sourceforge.net> Sent: Sun, January 23, 2011 8:34:11 PM Subject: Re: [WiX-users] Custom Actions & UAC I haven't used LoadUserProfile in installations because it wreaks havoc with roaming profiles (which some enterprises use), so I haven't personally had a need for that privilege. I do know that some privileges where enabled by default on earlier OSs and still present yet disabled on newer ones, so I wasn't sure if this particular privilege was in that same category. I was also trusting the link that Phil found, and assumed 5.0 would have retained what 4.5 was purported to have restored. Sorry I wasn't able to be more help. BTW: Vista SP2 (and Server 2008 SP2) comes with 4.5, but it can also be installed on all previous versions of Vista, as well as XP SP2 and newer and Server 2003 SP1 and newer. -----Original Message----- From: Andy Clugston [mailto:clug...@gmail.com] Sent: Saturday, January 22, 2011 6:21 PM To: General discussion for Windows Installer XML toolset. Subject: Re: [WiX-users] Custom Actions & UAC Per your link... The issue with Windows Installer 5.0 is that the SeBackupPrivilege permission is missing altogether. It is necessary to add it to the service permission value in the registry (HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\msiserver\RequiredPriv ileges). If you use process explorer and look at a system service, you will typically see the SeBackupPrivilege being present, but in the "disabled" state. From my understanding, when the API needs this privilege it enables it, uses it, then disables it again. On Sat, Jan 22, 2011 at 8:42 PM, Andy Clugston <clug...@gmail.com> wrote: > I didn't look at your link but, yes, if I add SeBackupPrivilege to the > service privileges in the registry (and restart the service) it works as > expected. This might be an option, but it is a bit of a chicken and egg > scenario for this particular product. > > The other option is to set Impersonate="yes" and be sure to execute the MSI > from an elevated command prompt (or local system service). This way, the > deferred action grabs the permission from the elevated administrator process > rather than the msiexec process. > > One of the use cases was to be able to allow the user to double click the > MSI to launch it (pretty outlandish, right? :) ), and simply agree when > prompted with the UAC elevation dialog. Although, given this bug in Windows > Installer, there is not a clean/simple way around this. > > The other point of frustration is that 4.5 claims to have this issue > resolved, but it is most definitely not in 5.0. So, I am assuming 4.5 has > the same problem even though various sources state differently. My next test > will be to upgrade a system to 4.5 and do some testing of my own just to get > a level set. This is not a use case I need to support, but it has me > curious. > > Thanks for the reply. > > > On Sat, Jan 22, 2011 at 6:19 PM, Blair <os...@live.com> wrote: > >> Just curious: do you need to "enable" SeBackupPrivilege? Something like >> http://msdn.microsoft.com/en-us/library/aa387705(VS.85).aspx<http://msdn.mic rosoft.com/en-us/library/aa387705%28VS.85%29.aspx> >> >> -----Original Message----- >> From: Andy Clugston [mailto:clug...@gmail.com] >> Sent: Saturday, January 22, 2011 6:54 AM >> To: General discussion for Windows Installer XML toolset. >> Subject: Re: [WiX-users] Custom Actions & UAC >> >> Phil, I am running Win7 and 5.0 of msiexec is on the system (shipped with >> it), and I still see the issue. >> >> Thanks. >> >> On Fri, Jan 21, 2011 at 4:08 PM, wix user <wixuser...@gmail.com> wrote: >> >> > Hi Phil, >> > >> > How is the WIX support for MSI 4.5 features? We are planning to use >> > Multiple >> > transaction features. >> > Are there some help resource avaiable? >> > >> > Thanks >> > >> > On Fri, Jan 21, 2011 at 11:17 AM, Wilson, Phil < >> phil.wil...@invensys.com >> > >wrote: >> > >> > > Use MSI 4.5 - it got restored there. >> > > >> > > http://support.microsoft.com/kb/942288 >> > > >> > > Phil Wilson >> > > >> > > >> > > -----Original Message----- >> > > From: Andy Clugston [mailto:clug...@gmail.com] >> > > Sent: Thursday, January 20, 2011 6:35 PM >> > > To: General discussion for Windows Installer XML toolset. >> > > Subject: Re: [WiX-users] Custom Actions & UAC >> > > >> > > Well I think I have figured out why the issue is occurring. >> > > >> > > The call that is failing in the custom action is LoadUserProfile(). >> This >> > > needs the SeBackupPrivilege which the windows installers service *does >> > not* >> > > have on a UAC-enabled system. >> > > >> > > Some details: >> > > >> > > >> > > >> > >> >> http://blogs.msdn.com/b/vistacompatteam/archive/2006/10/19/impact-of-least-p >> rivilege-in-system-services.aspx<http://blogs.msdn.com/b/vistacompatteam/arc hive/2006/10/19/impact-of-least-privilege-in-system-services.aspx> >> > > >> > > >> > >> >> http://blogs.msdn.com/b/windows_installer_team/archive/2008/05/01/what-chang >> ed-in-windows-installer-4-5.aspx<http://blogs.msdn.com/b/windows_installer_t eam/archive/2008/05/01/what-changed-in-windows-installer-4-5.aspx> >> > > >> > > >> > >> >> http://social.msdn.microsoft.com/Forums/en/windowssecurity/thread/b9ea2a0e-5 >> a0e-4e07-92e2-4c7e1f2c5496<http://social.msdn.microsoft.com/Forums/en/window ssecurity/thread/b9ea2a0e-5a0e-4e07-92e2-4c7e1f2c5496> >> > > >> > > Any advice or known workarounds are welcome. :) >> > > >> > > On Thu, Jan 20, 2011 at 3:33 PM, Andy Clugston <clug...@gmail.com> >> > wrote: >> > > >> > > > Hi Users, >> > > > >> > > > I am working on a product that needs to support Windows 7 w/ UAC >> > enabled. >> > > > The MSI has a few custom actions that perform various configuration >> > items >> > > > that I would like to keep contained within the MSI/product install. >> > > > >> > > > The custom actions are Execute='deferred' with Impersonate='no' and >> > they >> > > > are scheduled Before='InstallFinalize'. One action is a vb script, >> and >> > > the >> > > > other calls a native C/C++ dll. They *both* contain configuration >> items >> > > that >> > > > require elevated privileges. Now, I have verified that the vb script >> > > action >> > > > works fine, however the dll custom action does not. I am getting a >> > > > permission error from the dll custom action when it runs. >> > > > >> > > > So, it appears to me that there is a difference in the two different >> > > types >> > > > of custom actions, and how the user/system privileges are propagated >> > from >> > > > the msiexec process to these action processes. I've done some >> digging >> > > online >> > > > (and will continue to) regarding the issue, but have not run across >> > this >> > > > particular case with the different action types acting differently. >> > > > >> > > > I am running the MSI on a Win7 x32 system with UAC using WiX >> 3.0.5419. >> > > > >> > > > As always, thanks for the help. >> > > > >> > > >> > > >> > >> >> ---------------------------------------------------------------------------- >> -- >> > > Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)! >> > > Finally, a world-class log management solution at an even better >> > > price-free! >> > > Download using promo code Free_Logger_4_Dev2Dev. Offer expires >> > > February 28th, so secure your free ArcSight Logger TODAY! >> > > http://p.sf.net/sfu/arcsight-sfd2d >> > > _______________________________________________ >> > > WiX-users mailing list >> > > WiX-users@lists.sourceforge.net >> > > https://lists.sourceforge.net/lists/listinfo/wix-users >> > > >> > > >> > > *** Confidentiality Notice: This e-mail, including any associated or >> > > attached files, is intended solely for the individual or entity to >> which >> > it >> > > is addressed. This e-mail is confidential and may well also be legally >> > > privileged. If you have received it in error, you are on notice of its >> > > status. Please notify the sender immediately by reply e-mail and then >> > delete >> > > this message from your system. Please do not copy it or use it for any >> > > purposes, or disclose its contents to any other person. This email >> comes >> > > from a division of the Invensys Group, owned by Invensys plc, which is >> a >> > > company registered in England and Wales with its registered office at >> 3rd >> > > Floor, 40 Grosvenor Place, London, SW1X 7AW (Registered number >> 166023). >> > For >> > > a list of European legal entities within the Invensys Group, please go >> to >> > > >> > >> >> http://www.invensys.com/legal/default.asp?top_nav_id=77&nav_id=80&prev_id=77 >> > > . >> > > >> > > You may contact Invensys plc on +44 (0)20 3155 1200 or e-mail >> > > recept...@invensys.com. This e-mail and any attachments thereto may >> be >> > > subject to the terms of any agreements between Invensys (and/or its >> > > subsidiaries and affiliates) and the recipient (and/or its >> subsidiaries >> > and >> > > affiliates). >> > > >> > > >> > > >> > > >> > > >> > >> >> ---------------------------------------------------------------------------- >> -- >> > > Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)! >> > > Finally, a world-class log management solution at an even better >> > > price-free! >> > > Download using promo code Free_Logger_4_Dev2Dev. Offer expires >> > > February 28th, so secure your free ArcSight Logger TODAY! >> > > http://p.sf.net/sfu/arcsight-sfd2d >> > > _______________________________________________ >> > > WiX-users mailing list >> > > WiX-users@lists.sourceforge.net >> > > https://lists.sourceforge.net/lists/listinfo/wix-users >> > > >> > >> > >> >> ---------------------------------------------------------------------------- >> -- >> > Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)! >> > Finally, a world-class log management solution at an even better >> > price-free! >> > Download using promo code Free_Logger_4_Dev2Dev. Offer expires >> > February 28th, so secure your free ArcSight Logger TODAY! >> > http://p.sf.net/sfu/arcsight-sfd2d >> > _______________________________________________ >> > WiX-users mailing list >> > WiX-users@lists.sourceforge.net >> > https://lists.sourceforge.net/lists/listinfo/wix-users >> > >> >> ---------------------------------------------------------------------------- >> -- >> Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)! >> Finally, a world-class log management solution at an even better >> price-free! >> Download using promo code Free_Logger_4_Dev2Dev. Offer expires >> February 28th, so secure your free ArcSight Logger TODAY! >> http://p.sf.net/sfu/arcsight-sfd2d >> _______________________________________________ >> WiX-users mailing list >> WiX-users@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/wix-users >> >> >> >> ---------------------------------------------------------------------------- -- >> Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)! >> Finally, a world-class log management solution at an even better >> price-free! >> Download using promo code Free_Logger_4_Dev2Dev. Offer expires >> February 28th, so secure your free ArcSight Logger TODAY! >> http://p.sf.net/sfu/arcsight-sfd2d >> _______________________________________________ >> WiX-users mailing list >> WiX-users@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/wix-users >> > > ---------------------------------------------------------------------------- -- Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)! Finally, a world-class log management solution at an even better price-free! Download using promo code Free_Logger_4_Dev2Dev. Offer expires February 28th, so secure your free ArcSight Logger TODAY! http://p.sf.net/sfu/arcsight-sfd2d _______________________________________________ WiX-users mailing list WiX-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wix-users ------------------------------------------------------------------------------ Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)! Finally, a world-class log management solution at an even better price-free! Download using promo code Free_Logger_4_Dev2Dev. Offer expires February 28th, so secure your free ArcSight Logger TODAY! http://p.sf.net/sfu/arcsight-sfd2d _______________________________________________ WiX-users mailing list WiX-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wix-users ------------------------------------------------------------------------------ Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)! Finally, a world-class log management solution at an even better price-free! Download using promo code Free_Logger_4_Dev2Dev. Offer expires February 28th, so secure your free ArcSight Logger TODAY! http://p.sf.net/sfu/arcsight-sfd2d _______________________________________________ WiX-users mailing list WiX-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wix-users
