Can I enable a particular priviledge for my NoImpersonate custom action?

Question

Can I enable a particular priviledge for my NoImpersonate custom action?

Answer

No.

DCOM will strip privileges from the token that are not explicitly enabled. That's a DCOM design -- not MSI and since custom actions are 3rd party code, they are not hosted in-proc but rather in a sandbox process. You'll find that MSI actually worked around this design limitation of DCOM in MSI 3.0 itself.

If that privilege is not already enabled within the token, then it will not be available due to the DCOM behavior.

Content credit also belongs to

• Carolyn, MSI Team Dev Lead. You can get other Carolyn insights about developing for Windows Installer from the Windows Installer Chat Archives

[Author: Robert Flaming]

This posting is provided "AS IS" with no warranties, and confers no rights. Use of included script samples are subject to the terms specified at https://www.microsoft.com/info/cpyright.htm.