Is your MSI Package ready for Vista?
Here's a quick tip I've been meaning to post for a while. By now you all know that Windows Vista is coming and if you've been following the buzz about the new operating system you've probably heard of LUA, er UAP, no UAC. All those three letter acronyms basically mean that even when you are logged in as a user in the Administrators group (but not the Administrator user) you do not have all privileges of the built-in Administrator user. I suggest reading the UAC team's explanation of why UAC is an important security advancement for Windows to get some background.
So what does this mean for we setup developers? Well, if you have not specified the appropriate elevation privileges for your CustomActions and simply relied on a global check at the beginning to say, "Is this user an Administrator?" then you're going to see your install failing on Vista in many of the UAC scenarios.
If you don't have any CustomActions in your installation package then you are probably safe. However, I know a lot of you like to write code (yes, yes, I know the Windows Installer doesn't provide everything you need built-in. I still highly suggest avoiding CustomActions if at all possible and if reuse the actions from the WiX toolset if at all possible since those CustomActions have a lot of testing already).
So you'll probably want to do a couple quick checks to see that everything installs okay on right now, right? What? You don't have access to a CTP build of ? S'okay, thanks to information from Carolyn Napier, you can mimic the UAC behavior of the Windows Installer by doing the following on a Windows XP box (probably works on Windows 2000 as well):
1. Log in as the Administrator (actually, any administrator will do)
2. Machine advertise your MSI package by doing: msiexec /jm my.msi
3. Log off
4. Log in as standard user (any non-administrator will do, make one up in step 1 if you have to).
5. Kick off the install of your MSI package by doing: msiexec /i my.msi
What this does is get the MSI package "blessed" by the Administrator on your machine but not actually installed (step 2). Then you launch the install as a non-privileged user (step 5). The Windows Installer will elevate portions of the install to system privilege as necessary to install the package because the administrator said it was okay from the beginning. That "as necessary" part is the important part. If you're CustomAction requires elevation but is not marked appropriately then the CustomAction will fail... just like it would on in UAC.
Try it out. You might be surprised what you find.
By the way, this very issue caught Dare and RSS Bandit recently. One of a few reasons, I'm going to be helping out there next month... more next month.