electron-userland
msiWrapped installer target causes seemingly unnecessary UAC prompt
- Electron-Builder Version: 24.13.3
- Node Version: v20.5.1
- Electron Version: 30.0.5
- Electron Type (current, beta, nightly): current
- Target: msiWrapped
I understand the msiWrapped target wraps an NSIS installer inside an MSI.
The produced MSI causes a Windows UAC prompt when opened, which doesn't seem justified. I believe it should only be necessary later if the user chooses to install for all users.
I notice in the eventual NSIS dialog that the "all users" option doesn't require UAC elevation, presumably because it's already running elevated.
I tried setting msiWrapped.impersonate: true to cause the WiX action to run as the local user, however the UAC prompt remains. Verified what appears in the project.wxs file:
<CustomAction Id="RunInstaller" Return="check" Execute="deferred"
HideTarget="no" Impersonate="yes" BinaryKey="WrappedExe" ExeCommand="" />
After setting this option, I further noticed that the "all users" install option in the eventual NSIS dialog is now an elevation (shield icon) button, but when clicked pops up an error dialog "This file does not have an app associated with it for performing this action. Please install an app or, if one is already installed, create an association in the Default Apps Settings page." - the title of the dialog box is "C:\Windows\Installer\MSIE1C4.tmp" which is the NSIS installer just with a different file extension.
When that temporarily unpacked NSIS installer is renamed to .exe and run separately, it doesn't cause an UAC prompt. So it appears that the MSI wrapper is causing the prompt.
I am also getting the same error dialog with the following setting:
"msiWrapped": { "oneClick": false, "impersonate": true }
@ghost1face can you please take a look at this? I recall you implemented the msiWrapped logic and I'm not familiar with how msi works
@mmaietta no problem let me see if I can help.
Hey @robatwilliams have you signed your installer with a codesign certificate? I believe this prompt if I'm understanding what you're seeing, won't go away unless your installer is signed.
For me everything is signed, except "elevate.exe", because we were getting false positive antivirus prompts during installation (this was with the NSIS installer though, I'm not sure if it's relevant for MSI)
have you signed your installer with a codesign certificate?
No. I didn't sign any of the other installer types (msi, exe) either, and didn't get this prompt.
This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 30 days.
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
I'm not currently looking at this, but later in the future colleagues will be ready to produce more types of installers.
Fine by me if you want to close it as "not currently a problem for anyone", but there might still be an issue here.
I still get the "This file does not have an app associated with..." dialog when trying to install it for all users, using the latest electron-builder version. I realize this was more of a side point in this issue, should I create a separate issue for it? It's definitely a problem for us, as currently there is no way to install the app for all users using the msiWrapped installer.
This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 30 days.
How can we bring this ticket back out of staleness? There doesn't seem to be an approved way to use the msiWrapped target without triggering a UAC
