Aaron Stebner's WebLog

Thoughts about setup and deployment issues, WiX, XNA, the .NET Framework and Visual Studio

Mailbag: How to set the NoImpersonate flag for a custom action in Visual Studio 2005

Mailbag: How to set the NoImpersonate flag for a custom action in Visual Studio 2005

  • Comments 69


I have built an installer using the Visual Studio 2005 setup project wizard.  It installs correctly on Windows XP but fails on Windows Vista.  I investigated and found that the failure on Windows Vista is caused by a custom action that fails with an access denied error.  However, I am running the setup with elevated privileges in Windows Vista.  How can I fix my setup so it will work correctly on Windows Vista?


As Robert Flaming described in this blog post, it is necessary to set the NoImpersonate flag for custom actions that modify the system in Windows Vista.  This was an uninforced architectural intent that is now enforced in Windows Vista.

Unfortunately, there is not a way to directly set this flag for a custom action in the UI for the setup project in the Visual Studio IDE.  In Visual Studio 2005, you can use a post-build step that modifies the MSI to set this bit using a strategy previously described in this blog post.

You can use the following steps to set the NoImpersonate bit in a Visual Studio 2005 setup project:

  1. Download the sample script and extract the contents to the directory that contains the Visual Studio project you are working on
  2. Open the project in Visual Studio 2005
  3. Press F4 to display the Properties window
  4. Click on the name of your setup/deployment project in the Solution Explorer
  5. Click on the PostBuildEvent item in the Properties window to cause a button labeled "..." to appear
  6. Click on the "..." button to display the Post-build Event Command Line dialog
  7. Add the following command line in the Post-build event command line text box:
    cscript.exe "$(ProjectDir)CustomAction_NoImpersonate.js" "$(BuiltOuputPath)"
  8. Build your project in Visual Studio 2005

<update date="1/22/2007"> Updated command line in step 7.  The variable I had specified previously was incorrect.  It actually needs to be spelled wrong using "ouput" instead of "output" in the $(BuiltOuputPath) variable </update>

<update date="3/18/2009"> Fixed broken link to the sample script. </update>


  • Worked like a champ. Thank you Aaron.  I just needed a little clarity on exactly where to put the .js file.  Finally I put it in the deployment project's folder (not added to the project but just in it's folder) and presto!  Thanks again - phil.

  • ..\install.js(43, 1) Microsoft JScript runtime error: Subscript out of range. I got this while building the setup. In post build event cscript.exe "$(ProjectDir)install.js" "$(BuiltOutputPath)"

    I have changed the file name to install.js.

    The error must be at

    var filespec = WScript.Arguments(0);

    var installer = WScript.CreateObject("WindowsInstaller.Installer");

    var database = installer.OpenDatabase(filespec, msiOpenDatabaseModeTransact);

    please help me.


    R. Pandiarajan.

  • Hi Pandiarajan - The spelling of the post-build event that you listed is not correct.  The variable name needs to be $(BuiltOuputPath) - the word "ouput" is spelled wrong, but that is what Visual Studio expects it to be in this case.  Can you try fixing your post build event syntax to exactly match what is listed above in this blog post and see if that helps resolve this issue?

  • Hi There...

    I've set the NoImparsonate Flag to true using said script for my installer package. Still I'm facing the same error (code 2869) on Vista.

    After lot of efforts I came to know that when following code of my custom actions gets executed it shows the Error Code 2869, instead of showing the proper exception message as shown in other platforms (Windows XP for example)

    throw new InstallException("Database connection verification failed. Setup will exit now. Following exception has been occured: " + Environment.NewLine + ex.Message);

    Can anybody please guide me how to show proper message to user that particular database verification has been failed and then rollback the installation.

    Thanks in Advance

    Sudev Gandhi

  • Hi Sudev_gandhi - A Windows Installer custom action does not get to decide what return code will get propagated to the end user when it fails.  That is up to Windows Installer itself and is based on several factors, such as the custom action type, the custom action scheduling options, etc.

    In this case, it is possible that the custom action is failing before it gets to the code to display the message that you are describing.  I'd suggest doing the following:

    1.  Verify in the MSI itself using a tool like Orca (from the Windows Installer SDK) that the custom action attributes are being updated correctly so it is marked with NoImpersonate so it will work with UAC on Vista.

    2.  If you have verified this, then you can use the MsiBreak variable to allow you to attach a debugger to your custom action process and debug this issue further.  You can use a technique similar to the one that I describe at http://blogs.msdn.com/astebner/archive/2005/06/17/430320.aspx to do this.

    Hopefully this helps.

  • Thanks Aaron,

    I verified the my MSI package with ORCA utility, and found no error. Later on I found the following...


    Which states that appart from impersonation on Vista UAC we have another issue with installer as follows.

    "The InstallException problem is a combination of the new architecture of Windows Installer 4.0 which is packaged with Visa and the 'limited'-ness of VS 2005 while creating MSI. Windows Installer 4.0 expects an entry in th error table for all error codes. The InstallException class throws an error with the code 1001, but this error code is not present in the MSI's error table due to which we get the ugly error! The funny part about this entire goof is that only Windows Installer 4.0 behaves like this with the previous version showing a proper error message to the user!"

    I made a dummy entry in Error table of the MSI Package for Error Code 1001 and Installer on Vista was on roll !!!

  • Hi, I followed the 8 steps above and I'm still getting the same error. The error is hapening in a Windows Vista 64 bit machine. The package install OK in the others Windows versions.


  • Hi lfgarbi - If you are still getting an error during your installation, it is possible that there is some other problem with your custom action causing the install to fail.  You will need to troubleshoot/debug your custom action in order to narrow down why it is failing.  You can do this by using MSI verbose logging and/or by using custom action debugging techniques like the ones described at http://blogs.msdn.com/astebner/archive/2005/06/17/430320.aspx.

  • I was able to use MSI verbose logging. These are the lines related with the custom actions.

    MSI (s) (64:B8) [13:52:42:797]: Executing op: CustomActionSchedule(Action=_11845818_114A_4BD8_82C6_7B65F3AABDE7.install,ActionType=3073,Source=BinaryData,Target=ManagedInstall,CustomActionData=/installtype=notransaction /action=install /LogFile= "C:\Program Files (x86)\QToolsSetupX64\DatabaseSetup.exe" "C:\Users\lperez\AppData\Local\Temp\CFG11EB.tmp")

    MSI (s) (64:34) [13:52:42:797]: Invoking remote custom action. DLL: C:\Windows\Installer\MSICC8A.tmp, Entrypoint: ManagedInstall

    MSI (s) (64:FC) [13:52:42:797]: Generating random cookie.

    MSI (s) (64:FC) [13:52:42:797]: Created Custom Action Server with PID 3528 (0xDC8).

    MSI (s) (64:B0) [13:52:42:828]: Running as a service.

    MSI (s) (64:B0) [13:52:42:828]: Hello, I'm your 32bit Elevated custom action server.

    MSI (s) (64!38) [13:52:43:172]: Note: 1: 2262 2: Error 3: -2147287038

    MSI (c) (44:80) [13:52:43:172]: Note: 1: 2262 2: Error 3: -2147287038

    DEBUG: Error 2869:  The dialog ErrorDialog has the error style bit set, but is not an error dialog

    MSI (c) (44:80) [13:52:43:172]: Font created.  Charset: Req=0, Ret=0, Font: Req=MS Shell Dlg, Ret=MS Shell Dlg

    The installer has encountered an unexpected error installing this package. This may indicate a problem with this package. The error code is 2869. The arguments are: ErrorDialog, ,

    MSI (c) (44:80) [13:54:14:898]: Note: 1: 2262 2: Error 3: -2147287038

    MSI (c) (44:80) [13:54:14:898]: Product: QToolsSetupX64 -- The installer has encountered an unexpected error installing this package. This may indicate a problem with this package. The error code is 2869. The arguments are: ErrorDialog, ,

    Error 1001.

    MSI (s) (64!38) [13:54:14:898]: Note: 1: 2262 2: Error 3: -2147287038

    MSI (s) (64!38) [13:54:14:898]:

  • Hi Lfgarbi - This log shows that the custom action is being run elevated, so the changes that are made by the steps in this blog post are working as expected.  However, there is something within this custom action itself that are not working.  I'm not sure why that would be happening though.  You will need to try to debug your custom action (such as by using the MsiBreak instructions I sent a link to in my previous reply), or you may want to post a question on the VS setup/deployment project forum at http://forums.microsoft.com/msdn/ShowForum.aspx?ForumID=6&SiteID=1 to see if anyone there can suggest any additional debugging tips for this ManagedInstall custom action.

  • Thanks a lot... I will follow your advice and try to debug the custom action.


  • Hi, i have a new program for windows mobile devices.

    The installer runs fine on windows xp.

    But in Vista I get the error described above.

    I followed the instructions but the error still the same.

    How can i know if the script runs ok?

    What can i do next?

    Thanks, Ronen.

  • Hi, i folowed the instructions, but i still get the same error.

    the installer is supposed to install a software for windows mobile devices , so after it finishes running it calls activesync to install the application to the mobile device.

    in xp it works ok , but vista gives 2869 error.

    how can i know if the script i downloaded from here did run ok? what else can i do?

  • Hi Ronenfe - To start with, I'd suggest double-checking that running the script had the desired effect on your MSI.  To do that, you can install Orca from the Windows Installer SDK and look at the attributes in the custom action table of your MSI before and after running the script to verify that they have been changed as expected.

    Also, the script is only able to set the NoImpersonate bit for in-script custom actions.  If your ActiveSync custom action is not an in-script (also known as deferred)custom action, it will not be updated because Windows Installer doesn't support setting the NoImpersonate bit unless the custom action is in-script (also known as deferred).  Typically, custom actions that run after an installation is complete are immediate custom actions and not deferred.

    For reference, you can find more information about Windows Installer custom action types and sequencing options in the MSDN topic at http://msdn.microsoft.com/library/aa368070.aspx.

  • Hi astebner,

    I am following the steps that you have described above

    Still getting the error

    'PostBuildEvent' failed with error code '1'

    Let me be more specific

    1) Dev project named "TestApp"

    2) Setup project named "TestAppSetup"

    3) Copy "CustomAction_NoImpersonate.js" to \TestApp\

    4) "TestAppSetup" postbuild events add:

      cscript.exe "$(ProjectDir)CustomAction_NoImpersonate1.js" "$(BuiltOutputPath)"

    Still facing the error 'PostBuildEvent' failed with error code '1'

    Where i m doing wrong ? Can you please suggest me a way to get rid of the issue ?

Page 3 of 5 (69 items) 12345
Leave a Comment
  • Please add 1 and 1 and type the answer here:
  • Post