[wix-devs] Issue 5371

Ron Martin cpuwzd at comcast.net
Thu Apr 28 11:04:55 PDT 2022

I'd like to discuss Issue 5371. I worked on this issue nearly a year 
ago, but it was never merged. I've recently brought it up to date so 
that it is once again mergeable.
There are, however, still a couple of open issues:
1) I need to create a simple test that demonstrates that the msi is 
created or modified with the proper user name, password, and comment 
without executing the msi. This can always be run as part of the Wix 
2) An optional test can perform more aggressive testing. I don't like my 
current design, which creates a desktop shortcut when it is run. I'd 
like to have a more Wix-centric location in which to place an msi file 
that creates or modifies the test user account when installed and 
removes it when uninstalled.
3) Where should the optional test be installed and how should it be 
4) Where should the msi generated by this msi be placed?
5) Should this msi be installed and uninstalled manually, with the user 
verifying the the user account creation, modification, and deletion, or 
should all of this be automated?
6) If manual, should prompting be supplied? By whom? When?
7) If automated, how should elevation be handled?
8) Should extra steps be taken to minimize the increase in Wix's attack 
surface created by this test.
9) The thought that Wix can be used to create privileged accounts 
through a silent install or as a trojan horse gives me nightmares.


More information about the wix-devs mailing list