[wix-users] WiX MSP patching

Hoover, Jacob Jacob.Hoover at greenheck.com
Thu Nov 2 06:54:50 PDT 2017

In the original MSI one needs to include the public cert via:
            <DigitalCertificate Id="Foo" SourceFile="..\..\Certs\Foo.cer"/>

Sign the MSI with the matching private key.

When you build your patch, the second MSI it was based off of should also have the above authoring and should also be signed with the same key.

With those bits in place LUAPatching should work without admin rights being required, assuming the administrator of the target PC hasn't disabled LUA.


-----Original Message-----
From: wix-users [mailto:wix-users-bounces at lists.wixtoolset.org] On Behalf Of John via wix-users
Sent: Thursday, November 2, 2017 8:25 AM
To: WiX Toolset Users Mailing List <wix-users at lists.wixtoolset.org>
Cc: John <jzajac2 at gmail.com>
Subject: Re: [wix-users] WiX MSP patching

“the certificate has to be embedded into the package”? I don’t understand what that means. I’ve always used the cert and signtool to sign the files within the package and the MSI or MSP 

The way I understand windows security here is that the administrator token is required to write to program files folders. You can bypass that by having it trusted ? 

Sent from my iPhone

> On Nov 2, 2017, at 2:23 AM, Александр Соловьев via wix-users <wix-users at lists.wixtoolset.org> wrote:
> Greetings.
> I am trying to create an msp for my msi distribution and seem to get stuck at this point. The goal is to create a patch that can be applied by a non-administrator to an application installed in program files folder. However, I keep getting UAC promt window with credentials input.
> So far I have got 2 msi packages with different set of features (some removed, some added) and an msp patch built based upon the tutorial at  http://wixtoolset.org/ . The msi are installed properly and the msp applies as expected but only under admin priveleges. As I understand from reading the internet, the msi and msp have to be signed with a certificate. For this purpose I have generated a code-signing sertificate (self-signed for testing purposes) and have signed all the packages with signtool.exe. I've also found that the certificate has to be embedded into the package and still no luck. I even added my root certificate as a known root and the only result I got was UAC widnow color change from yellow to blue. 
> Having said that I am asking for any help. Could you point out what I am missing and where to go next? 
> If this is not the place to post this question please take my apologies and point me to the right one.
> ____________________________________________________________________
> WiX Toolset Users Mailing List provided by FireGiant http://www.firegiant.com/

WiX Toolset Users Mailing List provided by FireGiant http://www.firegiant.com/

More information about the wix-users mailing list