I want to create a Scheduled Task from an Custom Action. I need elevated privileges to create it. I'm using Task Scheduler Managed Wrapper.
using (TaskDefinition taskDefinition = TaskService.Instance.NewTask())
{
taskDefinition.RegistrationInfo.Date = DateTime.Now;
taskDefinition.RegistrationInfo.Description = "...";
taskDefinition.Principal.RunLevel = TaskRunLevel.Highest; // Scheduled Task with elevated privileges
DailyTrigger trigger = new DailyTrigger();
try
{
trigger.StartBoundary = new DateTime(DateTime.Today.Ticks)
.AddHours(20);
trigger.ExecutionTimeLimit = TimeSpan.FromSeconds(30);
trigger.DaysInterval = 2;
}
catch
{
trigger.Dispose();
throw;
}
taskDefinition.Triggers.Add(trigger);
taskDefinition.Actions.Add(Path.Combine(session.CustomActionData.Keys.Single(), "Updater.exe"));
TaskService.Instance.RootFolder.RegisterTaskDefinition(TaskName, taskDefinition);
}
According to How to run custom executable with elevated privileges? I have to use
impersonate='no'
This works, but i want to have the user that called the MSI as the user of the Scheduled Task. But the above solution lets the MSI call the Custom Action as LocalSystem which then creates the Scheduled Task with the LocalSystem user.
The Scheduled Task calls an exe that reads from an UNC path. So LocalSystem won't work there.
How can the Custom Action be called with the MSI user with elevated privileges?
For an elevated custom action to run with the installing user's credentials you must elevate the entire MSI process initiation, and use impersomnate=yes in your custom action. The launch is typically done with a launching program that has an elevation manifest and starts the MSI with a CreateProcess start, or better just calls MsiInstallProduct (or equivalent) directly.
https://msdn.microsoft.com/en-us/library/windows/desktop/aa370315(v=vs.85).aspx