[wix-users] EXT: Re: Running elevated functions from non-elevated UI

Vanniekerk, Tyrel (GE Healthcare) tyrel.vanniekerk at ge.com
Thu Feb 24 10:16:14 PST 2022


After some manual project file updates I got all the references changed to use the NuGet package and lo and behold, it works.  Nice.  I tried it on a test installer and it escalated nicely and the UI came up.  So hopefully it’s all good.  I will try it on our main product soon (We are preparing to release an update, so can’t change it right now).

The original question does remain though.  I have thought about it quite a bit, but still can’t figure out a good answer.  Just about every installer seems to require at least one function call that fails if not elevated.  I am sure I can’t be the only one with this problem.  How are other people handling this issue?

Running a separate exe that will escalate seems to be the only solution that would work, but communicating with that process in a secure way without having to make changes to the system (like adding something to the registry to use a cert of something like that) seems to be difficult or impossible.

There has to be a solution, that’s all I am saying.  We used InstallShield before and with that it was also just an option to run elevated.  It seems that if the concern is some malware or something the issue would exist for the exe as well.  It just bugs me that it seems there is no answer to this other than bypassing built in WiX Toolset functionality.

From: Nir Bar <nir.bar at panel-sw.com>
Sent: Wednesday, February 23, 2022 1:29 AM
To: WiX Toolset Users Mailing List <wix-users at lists.wixtoolset.org>
Cc: Vanniekerk, Tyrel (GE Healthcare) <tyrel.vanniekerk at ge.com>
Subject: Re: [wix-users] EXT: Re: Running elevated functions from non-elevated UI

You can use my custom WiX build https://www.nuget.org/packages/PanelSW.Custom.WiX/
Bundle/@RunAsAdmin="yes" attribute creates a bootstrapper that requires elevation when launched


--
Nir Bar
WiX Expert


---- On Tue, 22 Feb 2022 20:11:45 +0200 Vanniekerk, Tyrel (GE Healthcare) via wix-users <wix-users at lists.wixtoolset.org<mailto:wix-users at lists.wixtoolset.org>> wrote ----

It would be nice. In the end, just allowing the installer to run elevated (or elevate when it starts) would solve the issue. There are just too many calls, regular checks and looking up a list of certificates or if a web site is running in IIS etc. that require elevated permissions.

Using named pipes, remoting, web API etc. all have issues. They would likely be blocked or disabled and they open up various security concerns. You could write to a file and have the exe check the file and write to another file, but that also has issues.

One could create your own setup.exe that escalates, then calls the WiX setup.exe, but that also would fail when you run modify mode for instance. I have noticed that some OS'es (not sure which) will elevate when you click modify, but most will not. So for us that means you have to get the setup.exe on your ISO, run that as administrator and then click modify instead of running through the Windows UI.

All these workarounds because of a requirement.

My thought is that there is no bullet proof way to run an elevated exe and communicate with it that would not get blocked at some companies.

-----Original Message-----
From: wix-users <wix-users-bounces at lists.wixtoolset.org<mailto:wix-users-bounces at lists.wixtoolset.org>> On Behalf Of Sean Hall via wix-users
Sent: Tuesday, February 22, 2022 11:50 AM
To: WiX Toolset Users Mailing List <wix-users at lists.wixtoolset.org<mailto:wix-users at lists.wixtoolset.org>>
Cc: Sean Hall <r.sean.hall at gmail.com<mailto:r.sean.hall at gmail.com>>
Subject: EXT: Re: [wix-users] Running elevated functions from non-elevated UI

https://github.com/wixtoolset/issues/issues/6358

On Tue, Feb 22, 2022 at 11:35 AM Vanniekerk, Tyrel (GE Healthcare) via wix-users <wix-users at lists.wixtoolset.org<mailto:wix-users at lists.wixtoolset.org>> wrote:

> Hi,
>
> I have some time to look at this again, so I am trying to revisit the
> elevated permissions issue in the installer UI. Our current solution
> is that we give an error if the installer is not running with elevated
> permissions and if they run it "As Administrator", then everything works.
> It would be easier if one could just get the installer to elevate, but
> that's not an option.
>
> Assuming then that an installer with a custom bootstrapper UI is
> running in the prescribed WiX toolset mode, what suggestions do you
> have to run some check that requires elevated permissions? There are
> cases where we might have to check more than one thing per install and
> I would prefer not to have to call another exe that will escalate, do
> the check and return a result somehow, just to have call it again and
> escalate again when the user goes back to the previous page or we need to check something else.
>
> I was thinking I would create an exe that I can start if I need to
> escalate and communicate with that exe to make multiple calls for
> various checks. Just not sure what would be a good way to talk
> between the installer UI and the exe. Remoting is an option or web
> API or something like that.
>
> Any ideas? Every solution I have though of seems rather clunky.
>
> Thanks,
> Tyrel
>
> ____________________________________________________________________
> WiX Toolset Users Mailing List provided by FireGiant
> http://www.firegiant.com/
>

____________________________________________________________________
WiX Toolset Users Mailing List provided by FireGiant http://www.firegiant.com/

____________________________________________________________________
WiX Toolset Users Mailing List provided by FireGiant http://www.firegiant.com/




More information about the wix-users mailing list