This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Revenera Community
- :
- InstallShield
- :
- InstallShield Forum
- :
- BasicMSI vbscript custom action needs administrator privileges
Subscribe
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Subscribe
- Mute
- Printer Friendly Page
- Mark as New
- Subscribe
- Mute
- Permalink
- Report Inappropriate Content
Nov 18, 2011
03:53 AM
BasicMSI vbscript custom action needs administrator privileges
This has been bugging me for many days now, and I'm at the hair pulling out stage. Can anyone help?
I have a BasicMSI install, that has a type 3078 CA (vbscript stored in binary table set for deferred action in system context), which means - as I understand - that the CA will run with elevated privileges. The properties it requires are fed in via a type 51 CA ("set property" action set to run with immediate action).
Here's the function I'm calling:
[CODE]function ModifyRequestFiltering
const IDOK=1
const IDABORT=3
Err.Clear
szCustomActionData=Session.Property("CustomActionData")
MyArray=Split(szCustomActionData, ";")
szWebsite=MyArray(0)
szSystemName=MyArray(1)
szApplicationName=MyArray(2)
'Create Shell object
Set Shell = CreateObject("WScript.Shell")
if Err.Number <> 0 then
'Return FAIL
ModifyRequestFiltering=IDABORT
Exit Function
End if
'Obtain System dir
WinDir = shell.ExpandEnvironmentStrings("%WINDIR%")
if Session.Property("VersionNT") <> "" then
'32bit OS detected
szSystemDir = "\system32"
else
'Not 32bit OS, therefore 64bit
szSystemDir = "\SysWOW64"
end if
WinSysDir = WinDir & szSystemDir
szApp=WinSysDir & "\inetsrv\appcmd.exe"
szCmdLine="set config """ & szWebsite & "/xxx_" & szSystemName & "_" & szApplicationName & """ -section:system.webServer/security/requestFiltering /-fileExtensions.[\[]fileExtension='.config'[\]] -commitpath:apphost"
'Create Shell.Application object
set objShell=CreateObject("Shell.Application")
ReturnCode=objShell.ShellExecute(szApp, szCmdLine, "", "runas", 1)
set objShell=nothing
if ReturnCode <> 0 then
'Return FAIL
ModifyRequestFiltering=IDABORT
Exit Function
end if
' Release Shell object
Set Shell = nothing
'Return SUCCESS
ModifyRequestFiltering=IDOK
end function[/CODE]
This should end up with the ".config" entry being removed from the file name extensions in the "Request Filtering" feature of the virtual application within IIS.
My problem is that the execution of appcmd appears to function with no reported error, but the target system is not modified. I'm logging the output of this, and if I then re-run the exact same command line the just failed via a "Run As Administrator" command prompt then it works. What's the difference between running with "elevated privileges" and "Run As Administrator" ?
Am I missing something?
I have a BasicMSI install, that has a type 3078 CA (vbscript stored in binary table set for deferred action in system context), which means - as I understand - that the CA will run with elevated privileges. The properties it requires are fed in via a type 51 CA ("set property" action set to run with immediate action).
Here's the function I'm calling:
[CODE]function ModifyRequestFiltering
const IDOK=1
const IDABORT=3
Err.Clear
szCustomActionData=Session.Property("CustomActionData")
MyArray=Split(szCustomActionData, ";")
szWebsite=MyArray(0)
szSystemName=MyArray(1)
szApplicationName=MyArray(2)
'Create Shell object
Set Shell = CreateObject("WScript.Shell")
if Err.Number <> 0 then
'Return FAIL
ModifyRequestFiltering=IDABORT
Exit Function
End if
'Obtain System dir
WinDir = shell.ExpandEnvironmentStrings("%WINDIR%")
if Session.Property("VersionNT") <> "" then
'32bit OS detected
szSystemDir = "\system32"
else
'Not 32bit OS, therefore 64bit
szSystemDir = "\SysWOW64"
end if
WinSysDir = WinDir & szSystemDir
szApp=WinSysDir & "\inetsrv\appcmd.exe"
szCmdLine="set config """ & szWebsite & "/xxx_" & szSystemName & "_" & szApplicationName & """ -section:system.webServer/security/requestFiltering /-fileExtensions.[\[]fileExtension='.config'[\]] -commitpath:apphost"
'Create Shell.Application object
set objShell=CreateObject("Shell.Application")
ReturnCode=objShell.ShellExecute(szApp, szCmdLine, "", "runas", 1)
set objShell=nothing
if ReturnCode <> 0 then
'Return FAIL
ModifyRequestFiltering=IDABORT
Exit Function
end if
' Release Shell object
Set Shell = nothing
'Return SUCCESS
ModifyRequestFiltering=IDOK
end function[/CODE]
This should end up with the ".config" entry being removed from the file name extensions in the "Request Filtering" feature of the virtual application within IIS.
My problem is that the execution of appcmd appears to function with no reported error, but the target system is not modified. I'm logging the output of this, and if I then re-run the exact same command line the just failed via a "Run As Administrator" command prompt then it works. What's the difference between running with "elevated privileges" and "Run As Administrator" ?
Am I missing something?
(1) Reply
- Mark as New
- Subscribe
- Mute
- Permalink
- Report Inappropriate Content
Nov 23, 2011
09:14 AM
Nobody? There must be something simple I'm missing...