Windows Installer SDK Tools and UAC Prompts

Windows Installer SDK Tools and UAC Prompts

  • Comments 2

When using the tools from the Windows Installer SDK you might see the following dialog on Windows Vista.

User Account Control Prompt for msidb.exe

Windows Installer tools like msidb.exe shown here, msicert.exe, msifiler.exe, msiinfo.exe, msimerg.exe, msimsp.exe, msistuff.exe, msitran.exe, and wilogutl.exe use Windows Installer file functions. Msizap.exe is the only tool that may require elevated privileges. Tools like apatch.exe and mpatch.exe don't even use Windows Installer functions. So why the prompt? Take a look at the file properties shown below for msidb.exe.

File Properties for msidb.exe

The word "Installer" was found in the version information block of the executable. Apatch.exe and mpatch.exe don't contain this string in their version information block, but their file names include the word "patch". User Account Control, or UAC, in Windows Vista uses this information to assume the tools are some sort of installer.

A manifest is required to inform UAC that elevated privileges are not required. This doesn't mean a malicious application could lie, since protections are in place when additional privileges are required, but it is handy when assumptions aren't accurate and the tools really do not require elevated privileges. These tools in the Windows SDK for Windows Vista Beta 2 already have the manifest included, which looks like the following content for msidb.exe.

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<!-- Copyright (c) Microsoft Corporation -->
<assembly manifestVersion="1.0" xmlns="urn:schemas-microsoft-com:asm.v1">
  <assemblyIdentity
      type="win32"
      name="Microsoft.Windows.MSI.MsiDb"
      version="4.0.0.0"
      processorArchitecture="x86"/>
  <description>MsiDb - MSI Package Archive Table Import and Export Utility</description>
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
    <security>
      <requestedPrivileges>
        <requestedExecutionLevel
            level="asInvoker"
            uiAccess="false"
                />
      </requestedPrivileges>
    </security>
  </trustInfo>
</assembly>

While it is recommended that you download and use these new tools - which can still produce and manipulate packages for use with older versions of Windows Installer - you can put similar content into manifest files external to applications that don't already have an embedded manifest (like wilogutl.exe) using the file naming convention <tool name>.exe.config.

Leave a Comment
  • Please add 4 and 2 and type the answer here:
  • Post
  • Hi Heath,
    Do you know if this is localized? I'm just wondering if a (say) German setup.exe with the German for "installer" on a German OS also triggers this. In addition, it seems a bit arbitrary to me. The words "installation" and "setup" also imply that the exe is a setup program. Although this scheme is deterministic at some level, I suspect many users will just be confused at the way some programs offer the credentials dialog and some don't and that it will just prompt a lot of "Windows is so weird" conversations between people who don't know this rather obscure behavior.
  • Phil, I couldn't find the specs that cover localization and UAC, but I would suspect that, for example, German Windows Vista would prompt on "Installateur", as well as "Installer", since "Windows Installer" is a product name and should not be localized.

    Note that this isn't protected, but merely a heuristic assumption. Removing "Installer" from the summary information stream certainly wouldn't allow a normal user to install a package that required elevated privileges.
Page 1 of 1 (2 items)