WIX Installer Needs Elevation during Uninstall

  • Article

WiX Installer consists of Actions that require elevation.The CustomActions are not designed to run under SystemContext. WiX does not generate a bootrapper setup.exe that can be used with an embedded manifest to say RequestedExecutionLevel = "RequireAdministrator". When you install those MSI with Custom action on Vista and uninstallation using Add/Remove Programs will not run elevated and fail

 

Workaround

Use the steps below to change the Uninstall registry key for the package you are installing such that Add/Remove programs will use a Custom Script (executed from an elevated command shell) to uninstall the product.

1. Install your package on the system.

2. Take a backup of the registry key under

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{Your product}

3. Uninstall your package.

4. Set the ARPSYSTEMCOMPONENT property to 1 in property table within your package. For more information https://msdn.microsoft.com/en-us/library/aa367750(VS.85).aspx

5. Import your backup registry keys to registry table within your msi package.

6. In the registry table change the keys to a new guid such as Software\Microsoft\Windows\CurrentVersion\Uninstall\{Add New GUID} and remove WindowsInstaller=1 from HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{Your product}

7. Add elevate.vbs file in the msi package

To create Elevate.vbs

Set objSh = CreateObject("Shell.Application")

objSh.ShellExecute "msiexec.exe", "/x {Product Code}" , "", "runas", 1

8. In the registry table modify the "UninstallString" value to cscript "[TARGETDIR]elevate.vbs"

Now try installing and uninstalling the Msi package. I attached one sample msi package called Scripting_Elevation_setup.txt (rename it to .msi) which runs with elevated privilege from ARP on Vista. Let me know how it goes.

NOTE: Its highly recommended to set all CustomActions requiring elevation with the TypeNoImpersonate bit such that they run with elevated privilages.

Vista is capable of requesting for elevation when it determines a need for that.

The above is only a workaround that was implemented for the customer since the original developer of the MSI was not available to troubleshoot.