[wix-users] How to do Per user mode installation on specified folders
Patterson, Brent
bcpatterson at xactware.com
Mon Sep 12 15:53:19 PDT 2016
MSP does not have PatchCertificates. So the only thing you need to do with MSPs is to sign them. Then when a computer runs the MSP, it sees that it is signed, and checks if that certificate has been installed already. If so, then it's safe to proceed without prompting the user. If the MSP wasn't signed, then it cannot determine if it's safe to proceed, even if the installed product is signed already, hence the prompting. The certificate is installed when MSI is installed.
Signing the MSP file should be the same process as signing a MSI file.
-----Original Message-----
From: wix-users [mailto:wix-users-bounces at lists.wixtoolset.org] On Behalf Of dev at parascadd.com
Sent: Saturday, September 10, 2016 12:15 AM
To: WiX Toolset Users Mailing List <wix-users at lists.wixtoolset.org>
Subject: Re: [wix-users] How to do Per user mode installation on specified folders
Thanks Patterson,
Yes we have signed MSI with certificate but we have not done for msp.
Sorry but we don't know how to do that we have not found PatchCertificates element for msp. Kindly do let us know, it will be very helpful.
In addition thanks for useful tip, Here one question was can we use 2 certificate (old and new) in one .msi.
Please lets us know, after doing mentioned steps will we achieve installing .msi through Admin rights and .msp without admin rights.
Regards,
Ashit
On 08/09/2016 22:30, Patterson, Brent wrote:
> Have you signed the MSI with the same certificate that you're bundling
> with your patch?
> Have you signed the MSP with the same certificate?
>
> Both MSI and MSP need to be signed with the same certificate, and MSI
> need to contain PatchCertificates element with the certificate.
>
> A tip for when a certificate is about to expire, but you want to
> maintain the admin-less patching:
> Create a MSI that contains both old and new certificate in
> PatchCertificates, and create a MSP from it, and sign it with the old
> certificate.
> After this patch has been applied, you can remove the old certificate
> from PatchCertificates, and sign both MSI and MSP with the new
> certificates.
>
> This MUST be done before the certificate expires. Otherwise, you have
> to do an admin install/patch again to have new certificate applied.
>
> -----Original Message-----
> From: wix-users [mailto:wix-users-bounces at lists.wixtoolset.org] On
> Behalf Of dev at parascadd.com
> Sent: Thursday, September 8, 2016 5:50 AM
> To: Phil Wilson <phil.wilson at mvps.org>
> Cc: 'WiX Toolset Users Mailing List' <wix-users at lists.wixtoolset.org>
> Subject: Re: [wix-users] How to do Per user mode installation on
> specified folders
>
> Dear Team,
> After last discussion, We have used to do for Installing Setup with
> Administrator Rights and patches without Admin Rights but it was not
> happening Steps we used 1. Created .pvk file using makecert.exe from
> command prompt.
> 2. Created .pfx file using pvk2pfx.exe from command prompt.
> 3. Added .pfx file in our .msi file in product.wxs file in
> msipatchcertificatetable using <PatchCertificates> tag and
> <PackageCertificates> tag
>
> After doing following steps still we are asked for Admin Rights while
> installing patches
>
> Please let me know if we are missing anything, Thanks in advance.
>
> Regards
> Ashit
>
> On 28/07/2016 22:20, Phil Wilson wrote:
>> The UAC patching article says only that limited users can install
>> patches provided a set of conditions are met, one of which is that
>> the patch is signed with the same certificate that was used to
>> install the original MSI package. You still need elevation to install
>> an MSI to restricted locations, even if it is signed. Signing will
>> not allow a limited user to install to restricted locations, just in
>> case the OP thinks it will. Windows Security does not get bypassed
>> just because it's an MSI install.
>>
>> Phil W
>>
>> -----Original Message-----
>> From: wix-users [mailto:wix-users-bounces at lists.wixtoolset.org] On
>> Behalf Of Hoover, Jacob
>> Sent: Thursday, July 28, 2016 8:43 AM
>> To: WiX Toolset Users Mailing List; dev at parascadd.com
>> Subject: Re: [wix-users] How to do Per user mode installation on
>> specified folders
>>
>> Also note that Burn doesn't support LUA patching for PerMachine
>> installs, as Burn needs to write to machine specific locations which
>> requires elevation.
>> You could do some interesting patching with MSP's, but you wouldn't
>> be able to utilize Burn to download and apply them.
>>
>> -----Original Message-----
>> From: wix-users [mailto:wix-users-bounces at lists.wixtoolset.org] On
>> Behalf Of David Watson
>> Sent: Thursday, July 28, 2016 9:40 AM
>> To: dev at parascadd.com; WiX Toolset Users Mailing List
>> <wix-users at lists.wixtoolset.org>
>> Subject: Re: [wix-users] How to do Per user mode installation on
>> specified folders
>>
>> Use insignia to sign your packages and msps.
>> http://wixtoolset.org/documentation/manual/v3/overview/insignia.html
>>
>> Or call out to signtool from your build
>> https://msdn.microsoft.com/en-gb/library/windows/desktop/aa387764(v=v
>> s
>> .85).a
>> spx
>>
>> Make sure you embed the certificate in the MSI also.
>> http://wixtoolset.org/documentation/manual/v3/xsd/wix/digitalcertific
>> a
>> te.htm
>> l
>>
>> follow the steps in
>> https://msdn.microsoft.com/en-us/library/windows/desktop/aa372388(v=v
>> s
>> .85).a
>> spx
>>
>>
>> You will still NEED to install the original msi as an administrator.
>>
>>
>>
>> [http://dr0muzwhcp26z.cloudfront.net/static/corporate/SDL-logo-2014.p
>> n
>> g]
>> <www.sdl.com/> www.sdl.com
>>
>>
>> SDL PLC confidential, all rights reserved. If you are not the
>> intended recipient of this mail SDL requests and requires that you
>> delete it without acting upon or copying any of its contents, and we
>> further request that you advise us.
>>
>> SDL PLC is a public limited company registered in England and Wales.
>> Registered number: 02675207.
>> Registered address: Globe House, Clivemont Road, Maidenhead,
>> Berkshire
>> SL6
>> 7DY, UK.
>>
>> -----Original Message-----
>> From: dev at parascadd.com [mailto:dev at parascadd.com]
>> Sent: 28 July 2016 15:11
>> To: WiX Toolset Users Mailing List <wix-users at lists.wixtoolset.org>
>> Cc: David Watson <dwatson at sdl.com>
>> Subject: Re: [wix-users] How to do Per user mode installation on
>> specified folders
>>
>> Thanks David,
>> We are using C#.net, i have checked its in C++, If you can share any
>> sample code for digitally sign and how to use in wix will be highly
>> appreciated.
>>
>> Thanks Again,
>> Ashit
>>
>>
>>
>> On 28/07/2016 19:29, David Watson wrote:
>>> You can't, non admin users cannot write to per machine locations by
>>> default for security reasons.
>>>
>>> You can install to program files as admininstrator then patch (msp)
>>> to update without being an admin as long as you digitally sign MSIs
>>> and patches.
>>>
>> https://msdn.microsoft.com/en-us/library/windows/desktop/aa372388(v=v
>> s
>> .85).a
>> spx
>>>
>>> If your users choose a location within their scope it should work.
>>>
>>> Dave
>>>
>>>
>>>
>>> [http://dr0muzwhcp26z.cloudfront.net/static/corporate/SDL-logo-2014.
>>> p
>>> n
>>> g]
>>> <www.sdl.com/>
>>> www.sdl.com
>>>
>>>
>>> SDL PLC confidential, all rights reserved. If you are not the
>>> intended recipient of this mail SDL requests and requires that you
>>> delete it without acting upon or copying any of its contents, and we
>>> further request that you advise us.
>>>
>>> SDL PLC is a public limited company registered in England and Wales.
>>> Registered number: 02675207.
>>> Registered address: Globe House, Clivemont Road, Maidenhead,
>>> Berkshire
>>> SL6 7DY, UK.
>>>
>>> -----Original Message-----
>>> From: wix-users [mailto:wix-users-bounces at lists.wixtoolset.org] On
>>> Behalf Of dev at parascadd.com
>>> Sent: 28 July 2016 14:39
>>> To: wix-users at lists.wixtoolset.org
>>> Subject: [wix-users] How to do Per user mode installation on
>>> specified folders
>>>
>>> Dear Team,
>>> We are using WIX toolset 3.6 and created .msi and .msp using
>>> Per-user mode and non admin rights its installing in
>>> C:\user\AppData, we want to install on machine at user specified
>>> folder . How we can install without admin rights.
>>> Thanks in Advance
>>>
>>> Regards
>>> Ashit
>>>
>>>
>>> ____________________________________________________________________
>>> WiX Toolset Users Mailing List provided by FireGiant
>>> http://www.firegiant.com/
>>>
>>>
>>> This message has been scanned for malware by Websense.
>>> www.websense.com
>>>
>>> ____________________________________________________________________
>>> WiX Toolset Users Mailing List provided by FireGiant
>>> http://www.firegiant.com/
>>
>>
>> ____________________________________________________________________
>> WiX Toolset Users Mailing List provided by FireGiant
>> http://www.firegiant.com/
>>
>> ____________________________________________________________________
>> WiX Toolset Users Mailing List provided by FireGiant
>> http://www.firegiant.com/
>
>
> ____________________________________________________________________
> WiX Toolset Users Mailing List provided by FireGiant
> http://www.firegiant.com/
>
> ________________________________
>
> Xactware's opt-in mailing list allows you to receive Xactware News
> that is of interest to you. Visit my.xactware.com today to join or to
> update your email preferences!
>
> ________________________________
>
> This email is intended solely for the recipient. It may contain
> privileged, proprietary or confidential information or material. If
> you are not the intended recipient, please delete this email and any
> attachments and notify the sender of the error.
>
>
> ____________________________________________________________________
> WiX Toolset Users Mailing List provided by FireGiant
> http://www.firegiant.com/
____________________________________________________________________
WiX Toolset Users Mailing List provided by FireGiant http://www.firegiant.com/
________________________________
Xactware's opt-in mailing list allows you to receive Xactware News that is of interest to you. Visit my.xactware.com today to join or to update your email preferences!
________________________________
This email is intended solely for the recipient. It may contain privileged, proprietary or confidential information or material. If you are not the intended recipient, please delete this email and any attachments and notify the sender of the error.
More information about the wix-users
mailing list