Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

elevationRequired does not work for MSIs #2231

Open
JohnMcPMS opened this issue Jun 9, 2022 · 2 comments
Open

elevationRequired does not work for MSIs #2231

JohnMcPMS opened this issue Jun 9, 2022 · 2 comments
Labels
Issue-Bug It either shouldn't be doing this or needs an investigation.

Comments

@JohnMcPMS
Copy link
Member

JohnMcPMS commented Jun 9, 2022
edited by denelon
Loading

Brief description of your issue

When the field ElevationRequirement: elevationRequired is set, MSI installers don't work properly. The issue appears to be that ShellExecute does not know how to use the verb runas for an MSI.

Steps to reproduce

For details and a screenshot of the issue occurring, see:

Expected behavior

The installer should be run as administrator, with the UAC prompt showing details from the MSI.

Actual behavior

Windows reports not knowing how to handle the file. For details and a screenshot of the issue occurring, see:

Environment

Windows Package Manager (Preview) v1.3.1391-preview
Copyright (c) Microsoft Corporation. All rights reserved.

Windows: Windows.Desktop v10.0.22808.1000
System Architecture: X64
Package: Microsoft.DesktopAppInstaller v1.18.1391.0
@ghost ghost added the Needs-Triage Issue need to be triaged label Jun 9, 2022
@JohnMcPMS JohnMcPMS added Issue-Bug It either shouldn't be doing this or needs an investigation. and removed Needs-Triage Issue need to be triaged labels Jun 9, 2022
@JohnMcPMS
Copy link
Member Author

As for fixing this, the biggest issue is that we want the details from the MSI to be used for the UAC prompt. msiexec does today somehow, but I think that is only in response to some details in the MSI indicating that it needs to be run as administrator. If we attempt to invoke a process as administrator, I don't expect that we can do the same kind of "hey use the details from this file instead" as that seems very insecure.

It is possible that there is some way for us to request that the MSI install service do the elevation via the MSI install APIs. That is the most likely path for making this work while still showing the user the proper information in the UAC.

In the interim, we could fail the attempt before downloading.

@denelon denelon added this to the v1.4-Client milestone Jun 21, 2022
@dorssel
Copy link

dorssel commented Jun 24, 2022

In case an MSI has been authored such that it can be installed either per-machine or per-user, you can select it by setting the following properties: https://docs.microsoft.com/en-us/windows/win32/msi/msiinstallperuser.
Maybe those could be used to enforce the manifest's elevationRequired?

@denelon denelon modified the milestones: v1.4-Client, v1.5-Client Dec 28, 2022
@denelon denelon modified the milestones: v1.5-Client, v.Next-Client Apr 18, 2023
@denelon denelon removed this from the v.Next-Client milestone Nov 14, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Issue-Bug It either shouldn't be doing this or needs an investigation.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@JohnMcPMS @dorssel @denelon