[wix-users] How to do Per user mode installation on specified folders

Patterson, Brent bcpatterson at xactware.com
Thu Sep 8 10:00:25 PDT 2016


Have you signed the MSI with the same certificate that you're bundling with your patch?
Have you signed the MSP with the same certificate?

Both MSI and MSP need to be signed with the same certificate, and MSI need to contain PatchCertificates element with the certificate.

A tip for when a certificate is about to expire, but you want to maintain the admin-less patching:
Create a MSI that contains both old and new certificate in PatchCertificates, and create a MSP from it, and sign it with the old certificate.
After this patch has been applied, you can remove the old certificate from PatchCertificates, and sign both MSI and MSP with the new certificates.

This MUST be done before the certificate expires.  Otherwise, you have to do an admin install/patch again to have new certificate applied.

-----Original Message-----
From: wix-users [mailto:wix-users-bounces at lists.wixtoolset.org] On Behalf Of dev at parascadd.com
Sent: Thursday, September 8, 2016 5:50 AM
To: Phil Wilson <phil.wilson at mvps.org>
Cc: 'WiX Toolset Users Mailing List' <wix-users at lists.wixtoolset.org>
Subject: Re: [wix-users] How to do Per user mode installation on specified folders

Dear Team,
After last discussion, We have used to do for Installing Setup with Administrator Rights and patches without Admin Rights but it was not happening Steps we used 1. Created .pvk file using makecert.exe from command prompt.
2. Created .pfx file using pvk2pfx.exe from command prompt.
3. Added .pfx file in our .msi file in product.wxs file in msipatchcertificatetable using <PatchCertificates> tag and <PackageCertificates> tag

After doing following steps still we are asked for Admin Rights while installing patches

Please let me know if we are missing anything, Thanks in advance.

Regards
Ashit

On 28/07/2016 22:20, Phil Wilson wrote:
> The UAC patching article says only that limited users can install
> patches provided a set of conditions are met, one of which is that the
> patch is signed with the same certificate that was used to install the
> original MSI package. You still need elevation to install an MSI to
> restricted locations, even if it is signed. Signing will not allow a
> limited user to install to restricted locations, just in case the OP
> thinks it will. Windows Security does not get bypassed just because
> it's an MSI install.
>
> Phil W
>
> -----Original Message-----
> From: wix-users [mailto:wix-users-bounces at lists.wixtoolset.org] On
> Behalf Of Hoover, Jacob
> Sent: Thursday, July 28, 2016 8:43 AM
> To: WiX Toolset Users Mailing List; dev at parascadd.com
> Subject: Re: [wix-users] How to do Per user mode installation on
> specified folders
>
> Also note that Burn doesn't support LUA patching for PerMachine
> installs, as Burn needs to write to machine specific locations which
> requires elevation.
> You could do some interesting patching with MSP's, but you wouldn't be
> able to utilize Burn to download and apply them.
>
> -----Original Message-----
> From: wix-users [mailto:wix-users-bounces at lists.wixtoolset.org] On
> Behalf Of David Watson
> Sent: Thursday, July 28, 2016 9:40 AM
> To: dev at parascadd.com; WiX Toolset Users Mailing List
> <wix-users at lists.wixtoolset.org>
> Subject: Re: [wix-users] How to do Per user mode installation on
> specified folders
>
> Use insignia to sign your packages and msps.
> http://wixtoolset.org/documentation/manual/v3/overview/insignia.html
>
> Or call out to signtool from your build
> https://msdn.microsoft.com/en-gb/library/windows/desktop/aa387764(v=vs
> .85).a
> spx
>
> Make sure you embed the certificate in the MSI also.
> http://wixtoolset.org/documentation/manual/v3/xsd/wix/digitalcertifica
> te.htm
> l
>
> follow the steps in
> https://msdn.microsoft.com/en-us/library/windows/desktop/aa372388(v=vs
> .85).a
> spx
>
>
> You will still NEED to install the original msi as an administrator.
>
>
>
> [http://dr0muzwhcp26z.cloudfront.net/static/corporate/SDL-logo-2014.pn
> g]
> <www.sdl.com/> www.sdl.com
>
>
> SDL PLC confidential, all rights reserved. If you are not the intended
> recipient of this mail SDL requests and requires that you delete it
> without acting upon or copying any of its contents, and we further
> request that you advise us.
>
> SDL PLC is a public limited company registered in England and Wales.
> Registered number: 02675207.
> Registered address: Globe House, Clivemont Road, Maidenhead, Berkshire
> SL6
> 7DY, UK.
>
> -----Original Message-----
> From: dev at parascadd.com [mailto:dev at parascadd.com]
> Sent: 28 July 2016 15:11
> To: WiX Toolset Users Mailing List <wix-users at lists.wixtoolset.org>
> Cc: David Watson <dwatson at sdl.com>
> Subject: Re: [wix-users] How to do Per user mode installation on
> specified folders
>
> Thanks David,
> We are using C#.net, i have checked its in C++, If you can share any
> sample code for digitally sign and how to use in wix will be highly
> appreciated.
>
> Thanks Again,
> Ashit
>
>
>
> On 28/07/2016 19:29, David Watson wrote:
>> You can't, non admin users cannot write to per machine locations by
>> default for security reasons.
>>
>> You can install to program files as admininstrator then patch (msp)
>> to update without being an admin as long as you digitally sign MSIs
>> and patches.
>>
> https://msdn.microsoft.com/en-us/library/windows/desktop/aa372388(v=vs
> .85).a
> spx
>>
>> If your users choose a location within their scope it should work.
>>
>> Dave
>>
>>
>>
>> [http://dr0muzwhcp26z.cloudfront.net/static/corporate/SDL-logo-2014.p
>> n
>> g]
>> <www.sdl.com/>
>> www.sdl.com
>>
>>
>> SDL PLC confidential, all rights reserved. If you are not the
>> intended recipient of this mail SDL requests and requires that you
>> delete it without acting upon or copying any of its contents, and we
>> further request that you advise us.
>>
>> SDL PLC is a public limited company registered in England and Wales.
>> Registered number: 02675207.
>> Registered address: Globe House, Clivemont Road, Maidenhead,
>> Berkshire
>> SL6 7DY, UK.
>>
>> -----Original Message-----
>> From: wix-users [mailto:wix-users-bounces at lists.wixtoolset.org] On
>> Behalf Of dev at parascadd.com
>> Sent: 28 July 2016 14:39
>> To: wix-users at lists.wixtoolset.org
>> Subject: [wix-users] How to do Per user mode installation on
>> specified folders
>>
>> Dear Team,
>> We are using WIX toolset 3.6 and created .msi and .msp using Per-user
>> mode and non admin rights its installing in C:\user\AppData, we want
>> to install on machine at user specified folder . How we can install
>> without admin rights.
>> Thanks in Advance
>>
>> Regards
>> Ashit
>>
>>
>> ____________________________________________________________________
>> WiX Toolset Users Mailing List provided by FireGiant
>> http://www.firegiant.com/
>>
>>
>> This message has been scanned for malware by Websense.
>> www.websense.com
>>
>> ____________________________________________________________________
>> WiX Toolset Users Mailing List provided by FireGiant
>> http://www.firegiant.com/
>
>
> ____________________________________________________________________
> WiX Toolset Users Mailing List provided by FireGiant
> http://www.firegiant.com/
>
> ____________________________________________________________________
> WiX Toolset Users Mailing List provided by FireGiant
> http://www.firegiant.com/


____________________________________________________________________
WiX Toolset Users Mailing List provided by FireGiant http://www.firegiant.com/

________________________________

Xactware's opt-in mailing list allows you to receive Xactware News that is of interest to you. Visit my.xactware.com today to join or to update your email preferences!

________________________________

This email is intended solely for the recipient. It may contain privileged, proprietary or confidential information or material. If you are not the intended recipient, please delete this email and any attachments and notify the sender of the error.




More information about the wix-users mailing list