Forum Discussion
Custom action with elevated privilege in MSIX
Hi JF_BAUDE,
During an MSIX package installation you cannot execute any code, the all known custom actions support from MSIs does not apply for MSIX packages.
For an app packaged with MSIX, you can execute one PS script when your application launches and one script when the application closes, leveraging the PS support from the Package Support Framework.
Please note that these scripts get executed after the MSIX has been installed, so you should not consider them the equivalent of MSI custom actions.
Can you give us more details about what actions (customizations) are your custom actions performing? Maybe we can suggest a different solution.
Bogdan
Hi Bogdan
Most of my C.A. are adding "customer" certificates like this:
...
<row><td>InstallCertifCA</td><td>3106</td><td>SystemFolder</td><td>certutil.exe -addstore -f "CA" "[INSTALLDIR]certificates\XXX_MyCertificate_CA.crt"</td><td>0</td><td>Installing Certificate CA</td></row>
....
But also "granting" firewall access to our application such:
<row><td>AddFirewall</td><td>3106</td><td>WindowsFolder</td><td>netsh firewall add allowedprogram "[INSTALLDIR]MyApplication.exe" "MyApplication" ENABLE</td><td>0</td><td>Setting firewall</td></row>
Rgds
JF BAUDE
HIi JF_BAUDE,
You can use the Declarations view to define an app declaration for your firewall. Please note that this can be done only for applications you install from within your package, i.e. you cannot make a firewall configuration for an EXE that is not part of your MSIX package.
For certificates, I am afraid I am not aware of any solution. I don't think MSIX packages are intended for this purpose.
Please note that MSIX packages are designed with a per-user deployment model. Per-machine resource deployment, like certificates, drivers, etc... are not on the radar AFAIK.
BogdanSo if I understand correctly I will have to use both of your proposals:
1) the https://www.advancedinstaller.com/user-guide/win-store-app-declarations.html to define an https://docs.microsoft.com/en-us/windows/uwp/packaging/app-capability-declarations for firewall settings
2) MSIX Custom Scripts (see latest https://github.com/microsoft/MSIX-PackageSupportFramework) for certificates settings
No other way actually ?
Rgds
JF BAUDE
Hi JF_BAUDE
Theoretically, yes you can use the PS scripts to trigger an MSI and do whatever is not supported by an MSIX package.
But in this case, may I ask: What is the point of building an MSIX if the main functionality is still inside the MSI? Why don't you stick with the MSI delivery for such kind of packages?
You'are just adding one more layer of abstraction (by wrapping the MSI with an MSIX) that increases the complexity of your package, without no major obvious benefits.
Regards,
Bogdan