I have built a Windows Installer package using WiX 3.6 that embeds a custom managed (C#) action.
At this stage, the installation requires that
There really isn't a way I can bypass requirement #1, because the managed action can only perform certain steps if it runs in the context of the SharePoint installer account.
I would like to remove requirement #2 and let the installer properly run even if UAC is enabled.
I've researched the issue quite extensively but still can't get it to work. I have set InstallScope="perMachine" in my package, which seems to properly prompt for UAC elevation, but the installer still fails with the infamous 2869 error.
The main problem is that my custom action is configured with Impersonate="yes" because it has to run in the context of the current user, not the local administrator account. When I search online, almost all "fixes" point to Impersonate="no" in the custom action, but that's not an option for me.
My question therefore is: is there a way to run a custom managed action with the identity of the current user without requiring UAC to be completely disabled?
When you use Impersonate="yes"
your Custom action runs without administrative privileges with the credentials of the currently logged user.
When Impersonate="no"
your Custom action is run in System context. When running in system context, the custom action has full access to the system.
From WiX CustomAction
element documentation, Impersonate
attribute:
This attribute specifies whether the Windows Installer, which executes as LocalSystem, should impersonate the user context of the installing user when executing this custom action. Typically the value should be 'yes', except when the custom action needs elevated privileges to apply changes to the machine.