0

I have a custom action that I know is getting called because 1) I can see it in my log, 2) the log reports that it is throwing a security exception.

Exception thrown by custom action:
System.Reflection.TargetInvocationException: Exception has been thrown by the target of an invocation. ---> System.Security.SecurityException: The source was not found, but some or all event logs could not be searched.  Inaccessible logs: Security, State.
   at System.Diagnostics.EventLog.FindSourceRegistration(String source, String machineName, Boolean readOnly, Boolean wantToCreate)
   at System.Diagnostics.EventLog.SourceExists(String source, String machineName, Boolean wantToCreate)
   at System.Diagnostics.EventLog.SourceExists(String source)
   at EventTestCustomAction.CustomActions.CreateEventTestEventLog(Session session) in c:\erase\code\EventTest\EventTestCustomAction\CustomAction.cs:line 16

For my Package element, I have defined:

<Package InstallerVersion="500" Compressed="yes" InstallScope="perMachine" InstallPrivileges="elevated" />

I have the custom action defined with deferred execution as:

<CustomAction Id='CreateLog' BinaryKey='CustomActionDll' DllEntry='CreateEventTestEventLog' Return='check' Execute='deferred'/>

The InstallExecuteSequence defined as:

<InstallExecuteSequence>
    <Custom Action="IsPrivileged" Before="AppSearch"><![CDATA[Not Privileged]]></Custom>
    <Custom Action="CreateLog" After="InstallFiles" >NOT Installed AND NOT REMOVE</Custom>
</InstallExecuteSequence>

I'm running from a command prompt that is non-elevated but has Admin privileges. When run using msiexec /i \path\to\installer.msi it elevates. Before I had the custom action in there, the installer would run fine and copy the files to the correct directory under Program Files just fine.

The API causing the exception is

EventLog.SourceExists("mysourcename");

Sure, I could link the Wix Util and use <util:EventSource blah blah blah/>, but I have my reasons in this case for not wanting to. Somehow the Wix Util library gets around this problem. I've also looked at in varying ways by trying to look at the registry and the current control set a few weeks ago, but it wouldn't let me open the registry entries because of security.

I had thought installers ran after they elevated with LocalSystem accounts. Seems obvious they don't. But then how does util:EventSource get away with it? Is there a parameter I'm misssing somewhere?

Improve this question

1 Answer 1

Reset to default
0

Ok, found the answer. Needed to set the Impersonate attribute in my custom action to "no". Evidently, the default is yes.

Changed my custom action like this, and now it works:

<CustomAction Impersonate="no" Id='CreateLog' BinaryKey='CustomActionDll' DllEntry='CreateEventTestEventLog' Return='check' Execute='deferred'/>
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.