the Local System account is not allowed to perform powershell script in a custom action

[ltemimi]

HI

I have a custom action that uses power shell to install an app using an msix installer
(Custom action => poweshell=> launches an msix fiel to install an app)

The error I get:

ActionStart: Action 16:40:46: InstallMsix.
Info: SFXCA: Extracting custom action to temporary directory: C:\WINDOWS\Installer\MSI73F6.tmp-0
Info: SFXCA: Binding to CLR version v4.0.30319
Info: Calling custom action PlcData.InstallerApp!PlcData.InstallerApp.CustomActions.InstallMsix
Info: Attempting to un-install MSIX package from path: C:\Program Files (x86)\ACL\Apps\PlcData.LoggingService\License.Manager_1.0.0.0_x64.msix
Info: PowerShell Output:
Info: PowerShell Error: Add-AppxPackage : Deployment failed with HRESULT: 0x80073CF9, Install failed. Please contact your software vendor.
(Exception from HRESULT: 0x80073CF9)
Deployment Add operation rejected on package com.automationconsultancy.licensemanager_1.0.0.0_x64__743hwmv1h732c from:
License.Manager_1.0.0.0_x64.msix install request because the Local System account is not allowed to perform this
operation.

[ltemimi]

by adding impersonation and running a command prompt in admin mode and using msiexec /i installation works . also if I wrap the msi in a bootstrap bundle and run the exe in admin mode.
The issue I have my customers are not all tech to run cmd in admin mode and downloading exe files are full of scary warning.

Is there a way to run an msi in admin mode by just clicking on it?

  new ElevatedManagedAction(CustomActions.InstallService,
      Return.check,
      When.After,
      Step.InstallFiles,
      Condition.NOT_Installed)
  {
      Impersonate = true  // Add this line
  },

[oleg-shilo]

I would try to implement an alternative technique.
You do not need to resort to the powereshell. You can simply start the process from any custom action:

"notepad.exe".StartElevated("c:\\boot.ini"); // this will pop the elevation prompt

Or better yet, use project.AfterInstall event. It is a special custom action that is already elevated for you.

StartElevated does not do any magic. It's a simple wrapper around Process.Start:

public static Process StartElevated(this string fileName, string args = "")
{
    bool alreadyAdmin = new WindowsPrincipal(WindowsIdentity.GetCurrent()).IsInRole(WindowsBuiltInRole.Administrator);

    return Process.Start(new ProcessStartInfo
    {
        WorkingDirectory = fileName.PathGetFullPath().PathGetDirName(),
        FileName = fileName,
        Arguments = args,
        UseShellExecute = true,
        Verb = alreadyAdmin ? "" : "runas"
    });
}

[ltemimi]

Hi Oleg

thanks I agree project.AfterInstall would help but then which event can I use when I uninstall

Laz

[oleg-shilo]

The same event. This event is fired after the install session is complete. And the install session can be one of three types: install/repair/uninstall.
The event args will give all required context: install dir, type of the installation. This is an example:

project.AfterInstall += args =>
{
    if (!args.IsUninstalling)
        args.InstallDir.PathJoin("MyApp.msix").StartElevated("-uninstall");
    else
        args.InstallDir.PathJoin("MyApp.msix").StartElevated("-install");
};

[ltemimi]

Thanks that is great