[wix-users] EXT: Re: Running elevated functions from non-elevated UI

Sean Hall r.sean.hall at gmail.com
Wed Feb 23 12:03:23 PST 2022


> I am curious if any of the fixes/changes listed for this NuGet package
have been implemented for the official WiX toolset code?

The official WiX toolset code can't arbitrarily add other people's code.
The person that wrote the code must contribute it and sign a licensing
agreement in order for it to be incorporated. Nir has contributed some of
the code in that package but not all of it.

> It would be nice. In the end, just allowing the installer to run elevated
(or elevate when it starts) would solve the issue. There are just too many
calls, regular checks and looking up a list of certificates or if a web
site is running in IIS etc. that require elevated permissions.

If you think that the current design in that issue will not cover what you
need, then the time to speak up is now while breaking changes can still be
made in v4. I don't see any reason why the current design couldn't allow
someone to write an IIS Burn extension and contribute it to the toolset so
that everyone could use it.

On Wed, Feb 23, 2022 at 1:12 PM Vanniekerk, Tyrel (GE Healthcare) via
wix-users <wix-users at lists.wixtoolset.org> wrote:

> I am curious if any of the fixes/changes listed for this NuGet package
> have been implemented for the official WiX toolset code?  It seems like
> those are useful fixes and should probably end up in the main WiX code.
>
> I am currently running v3.11.2 of WiX, released way back in 2019.  The
> current unreleased build is v3.14.0.5722.  I am curious if there is a
> summary of changes between those two versions and when we might see a new
> official release of version 3?  I have looked at version 4 and it seems
> promising, but I am guessing it might be years yet to see a full v4 release
> with build support, VS studio templates etc.
>
> From: Nir Bar <nir.bar at panel-sw.com>
> Sent: Wednesday, February 23, 2022 1:29 AM
> To: WiX Toolset Users Mailing List <wix-users at lists.wixtoolset.org>
> Cc: Vanniekerk, Tyrel (GE Healthcare) <tyrel.vanniekerk at ge.com>
> Subject: Re: [wix-users] EXT: Re: Running elevated functions from
> non-elevated UI
>
> WARNING: This email originated from outside of GE. Please validate the
> sender's email address before clicking on links or attachments as they may
> not be safe.
> You can use my custom WiX build
> https://www.nuget.org/packages/PanelSW.Custom.WiX/
> Bundle/@RunAsAdmin=
> <https://www.nuget.org/packages/PanelSW.Custom.WiX/Bundle/@RunAsAdmin=>"yes"
> attribute creates a bootstrapper that requires elevation when launched
>
>
> --
> Nir Bar
> WiX Expert
>
>
> ---- On Tue, 22 Feb 2022 20:11:45 +0200 Vanniekerk, Tyrel (GE Healthcare)
> via wix-users <wix-users at lists.wixtoolset.org<mailto:
> wix-users at lists.wixtoolset.org>> wrote ----
>
> It would be nice. In the end, just allowing the installer to run elevated
> (or elevate when it starts) would solve the issue. There are just too many
> calls, regular checks and looking up a list of certificates or if a web
> site is running in IIS etc. that require elevated permissions.
>
> Using named pipes, remoting, web API etc. all have issues. They would
> likely be blocked or disabled and they open up various security concerns.
> You could write to a file and have the exe check the file and write to
> another file, but that also has issues.
>
> One could create your own setup.exe that escalates, then calls the WiX
> setup.exe, but that also would fail when you run modify mode for instance.
> I have noticed that some OS'es (not sure which) will elevate when you click
> modify, but most will not. So for us that means you have to get the
> setup.exe on your ISO, run that as administrator and then click modify
> instead of running through the Windows UI.
>
> All these workarounds because of a requirement.
>
> My thought is that there is no bullet proof way to run an elevated exe and
> communicate with it that would not get blocked at some companies.
>
> -----Original Message-----
> From: wix-users <wix-users-bounces at lists.wixtoolset.org<mailto:
> wix-users-bounces at lists.wixtoolset.org>> On Behalf Of Sean Hall via
> wix-users
> Sent: Tuesday, February 22, 2022 11:50 AM
> To: WiX Toolset Users Mailing List <wix-users at lists.wixtoolset.org<mailto:
> wix-users at lists.wixtoolset.org>>
> Cc: Sean Hall <r.sean.hall at gmail.com<mailto:r.sean.hall at gmail.com>>
> Subject: EXT: Re: [wix-users] Running elevated functions from non-elevated
> UI
>
> https://github.com/wixtoolset/issues/issues/6358
>
> On Tue, Feb 22, 2022 at 11:35 AM Vanniekerk, Tyrel (GE Healthcare) via
> wix-users <wix-users at lists.wixtoolset.org<mailto:
> wix-users at lists.wixtoolset.org>> wrote:
>
> > Hi,
> >
> > I have some time to look at this again, so I am trying to revisit the
> > elevated permissions issue in the installer UI. Our current solution
> > is that we give an error if the installer is not running with elevated
> > permissions and if they run it "As Administrator", then everything works.
> > It would be easier if one could just get the installer to elevate, but
> > that's not an option.
> >
> > Assuming then that an installer with a custom bootstrapper UI is
> > running in the prescribed WiX toolset mode, what suggestions do you
> > have to run some check that requires elevated permissions? There are
> > cases where we might have to check more than one thing per install and
> > I would prefer not to have to call another exe that will escalate, do
> > the check and return a result somehow, just to have call it again and
> > escalate again when the user goes back to the previous page or we need
> to check something else.
> >
> > I was thinking I would create an exe that I can start if I need to
> > escalate and communicate with that exe to make multiple calls for
> > various checks. Just not sure what would be a good way to talk
> > between the installer UI and the exe. Remoting is an option or web
> > API or something like that.
> >
> > Any ideas? Every solution I have though of seems rather clunky.
> >
> > Thanks,
> > Tyrel
> >
> > ____________________________________________________________________
> > WiX Toolset Users Mailing List provided by FireGiant
> > http://www.firegiant.com/
> >
>
> ____________________________________________________________________
> WiX Toolset Users Mailing List provided by FireGiant
> http://www.firegiant.com/
>
> ____________________________________________________________________
> WiX Toolset Users Mailing List provided by FireGiant
> http://www.firegiant.com/
>
>
>
> ____________________________________________________________________
> WiX Toolset Users Mailing List provided by FireGiant
> http://www.firegiant.com/
>



More information about the wix-users mailing list