Windows Installer Deployment on Windows Vista
Windows Installer technology supports software installation on the Windows Vista operating system. The end user installing applications on Windows Vista should receive prompts only for each component installation that requires elevation, even when the user's computer runs under User Account Control (UAC). For information about how to set UAC, see Windows Vista and Visual Studio.
Typically, Setup.exe (also known as the bootstrapper) does not run as elevated; it runs at the current user's permission level. Therefore, the installation does not prompt for elevation when the final application installation starts. However, note that an .msi file usually prompts the user, whereas Setup.exe does not.
In the embedded UAC manifest of the bootstrapper, the requestedExecutionLevel node specifies that the installation run as the current user (asInvoker):
<requestedExecutionLevel level="asInvoker" />
However, you can elevate the application installation if you have to. For example, modifying Internet Information Services (IIS) settings in a Web Setup project requires administrative privileges, as does installing assemblies to the global assembly cache. The elevation prompt occurs after the prerequisite installations but before the application installation.
To elevate permissions for an installation, open the project (.vdproj) file. In the project file's MsiBootstrapper section, set the RequiresElevation property to True. This property is not made available through the Visual Studio integrated development environment (IDE). Therefore, you must use the project file. For more information, see RequiresElevation Property.
Windows Installer supports administrator-assisted elevation on Windows Vista. In this scenario, the user is prompted for administrator credentials, and the administrator enters the password for the user. To support this scenario, the bootstrapper sets the AdminUser property to True when your computer is running on Windows Vista or a later version of Windows.
If you are running Windows Vista on a computer that does not use UAC and you are not an administrator, AdminUser will still be set to True. Therefore, .exe installers (such as SQLExpress32.exe) should be written to detect appropriate permissions and to generate a specific exit code in the case of insufficient permission. You should author Setup.exe to catch this exit code and display a message stating that an administrator is required.
Windows Vista elevates prerequisite component installation when it is necessary. The bootstrapper itself performs no elevation; when Windows Vista runs under UAC, it issues a prompt for each prerequisite component that has to be elevated, unless it is already installed. If a package elevation fails, the bootstrapper fails and sends an appropriate error message.
Custom actions that you create in the Custom Actions Editor run as elevated. Custom actions should not access user-specific data, such as the registry or file system, because the custom action will not run in the invoking user's account.
By default, custom actions run elevated because the default setting of the NoImpersonate property is True in the Custom Actions Editor. Changing NoImpersonate to False would force the custom action to impersonate the invoking user, who might have reduced permissions.
Also note that there will be differences between the way that Visual Studio 2005 and Visual Studio 2008 Setup projects will run under Windows Vista UAC.
Windows Vista built-in installer detection prompts for consent when you run under UAC. A bootstrapper (Setup.exe) built with Visual Studio 2005 always prompts for consent, regardless of what it is installing. Because Setup.exe and all of its processes run with an administrator token on Windows Vista, the final application installation will be installed with elevated privileges. If a user runs Setup.exe with administrator-assisted elevation, the application will be installed under the elevated user's profile (not the administrator's profile).
In Visual Studio 2008, the behavior of Setup.exe changes; it does not prompt for elevation when it is started. To prevent the elevation prompt, the embedded manifest of the bootstrapper specifies that Setup.exe run with a requested execution level of asInvoker. This provides the benefit of the final application installation not being run as elevated, although still enabling the installation of prerequisite components to be elevated as necessary. The bootstrapper calls ShellExecute to launch prerequisites. Windows Vista receives this call, performs installation detection, and issues a user prompt before installation.
The disadvantage to this change is that a prompt is issued for each prerequisite component that has to be installed, in addition to the application itself. However, if all prerequisites are already on the computer, the installation might not cause any prompts. Also, you should not have external checks that require elevation. External checks will work, but the user receives several elevation prompts for each external check, in addition to prompts for the installer.