[wix-users] EXT: Re: Running elevated functions from non-elevated UI

Vanniekerk, Tyrel (GE Healthcare) tyrel.vanniekerk at ge.com
Tue Feb 22 10:11:45 PST 2022

It would be nice.  In the end, just allowing the installer to run elevated (or elevate when it starts) would solve the issue.  There are just too many calls, regular checks and looking up a list of certificates or if a web site is running in IIS etc. that require elevated permissions.

Using named pipes, remoting, web API etc. all have issues.  They would likely be blocked or disabled and they open up various security concerns.  You could write to a file and have the exe check the file and write to another file, but that also has issues.

One could create your own setup.exe that escalates, then calls the WiX setup.exe, but that also would fail when you run modify mode for instance.  I have noticed that some OS'es (not sure which) will elevate when you click modify, but most will not.  So for us that means you have to get the setup.exe on your ISO, run that as administrator and then click modify instead of running through the Windows UI.

All these workarounds because of a requirement.

My thought is that there is no bullet proof way to run an elevated exe and communicate with it that would not get blocked at some companies.

-----Original Message-----
From: wix-users <wix-users-bounces at lists.wixtoolset.org> On Behalf Of Sean Hall via wix-users
Sent: Tuesday, February 22, 2022 11:50 AM
To: WiX Toolset Users Mailing List <wix-users at lists.wixtoolset.org>
Cc: Sean Hall <r.sean.hall at gmail.com>
Subject: EXT: Re: [wix-users] Running elevated functions from non-elevated UI


On Tue, Feb 22, 2022 at 11:35 AM Vanniekerk, Tyrel (GE Healthcare) via wix-users <wix-users at lists.wixtoolset.org> wrote:

> Hi,
> I have some time to look at this again, so I am trying to revisit the 
> elevated permissions issue in the installer UI.  Our current solution 
> is that we give an error if the installer is not running with elevated 
> permissions and if they run it "As Administrator", then everything works.
> It would be easier if one could just get the installer to elevate, but 
> that's not an option.
> Assuming then that an installer with a custom bootstrapper UI is 
> running in the prescribed WiX toolset mode, what suggestions do you 
> have to run some check that requires elevated permissions?  There are 
> cases where we might have to check more than one thing per install and 
> I would prefer not to have to call another exe that will escalate, do 
> the check and return a result somehow, just to have call it again and 
> escalate again when the user goes back to the previous page or we need to check something else.
> I was thinking I would create an exe that I can start if I need to 
> escalate and communicate with that exe to make multiple calls for 
> various checks.  Just not sure what would be a good way to talk 
> between the installer UI and the exe.  Remoting is an option or web 
> API or something like that.
> Any ideas?  Every solution I have though of seems rather clunky.
> Thanks,
> Tyrel
> ____________________________________________________________________
> WiX Toolset Users Mailing List provided by FireGiant 
> http://www.firegiant.com/

WiX Toolset Users Mailing List provided by FireGiant http://www.firegiant.com/

More information about the wix-users mailing list