Mike Dimmick wrote:
> If you must use a service, install the service as manual start and use a
> element under to allow the service to be
> started and stopped by a non-privileged user. Then start the service to
> perform the upgrade and stop it when you've finished (or perhaps have it
> stop its
WiX-users] Automatic updating an MSI installation under
restricteduser account
Jason Swager wrote:
> But that was shot down on the principle that having the admin creds
> ANYWHERE on the system in ANY fashion was unacceptable.
But a 24/7 localsystem service is? Dilbert was right...
--
Jason Swager wrote:
> But that was shot down on the principle that having the admin creds
> ANYWHERE on the system in ANY fashion was unacceptable.
But a 24/7 localsystem service is? Dilbert was right...
--
sig://boB
http://bobs.org
---
In this particular customer case - nope, admin credentials couldn't be on the system or in the hands of the restricted user. I suggested that the credential be written to the system in some obscure, highly encrypted fashion during the initial install (which had to be done by an Admin), then used i
Jason Swager wrote:
> Yep - I fully agree. But when the customer requires this in an
> application - what else can you do?
Fire the client.
> Privelege escalation is a definite worry. In my solution, I used
> named mutexs and encrypted memory mapped files using public/private
> key encryptio
Yep - I fully agree. But when the customer requires this in an application - what else can you do? Privelege escalation is a definite worry. In my solution, I used named mutexs and encrypted memory mapped files using public/private key encryption via Windows CryptoAPI to trigger the installation
Jason Swager wrote:
> This approach has some drawbacks. First, the possibly extra service
> running all the time.
Which is a source of potential security holes, especially privilege
escalation as it's running 100 percent of the time as local system. It
works, but it's a sledgehammer of a soluti
This isn't supported as an MSI feature - but there is a way to do it. There was an article somewhere on the MSDN that described it. And I've seen the same practice used in a number of applications.The solution is to use a NT service. If your application installs a service already, you can piggy-
I don't believe this is supported until MSI 4.0 - see the User Account
Control (UAC) Patching topic:
http://windowssdk.msdn.microsoft.com/en-us/library/ms710366.aspx
Phil Wilson
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Petr Vones
Sent: Thursday
9 matches
Mail list logo
