Search code examples
wixwindows-installer

Wix elevated AND impersonating Custom Action

I have a custom action that needs to modify registry settings:

  • it is marked as deferred in order to support a rollback
  • it must be run with elevated priviliges in order to modify the Registry
  • it must be run within the security context of a particular user (impersonated)
    <CustomAction Id="EncryptRegistrySettings"
                BinaryKey="DLServiceCA"
                DllEntry="EncryptRegistrySettings"
                Execute="deferred"
                Impersonate="yes"
                Return="check"/>

I have some other ugly options to workaround this problem (Execute="immediate" or impersonate="yes" with elevated subprocess) which I don't want to resort to.

The problem is: with Impersonate="no" subprocess msiexec is run by SYSTEM. With yes it is run by User, but not elevated.

So the question is: Is it possible to run a Custom Action both as Impersonated AND elevated?

Solution

  • No, they are mutually exclusive capabilities in Windows Installer.