Deferred CustomAction in System context get access denied

Question

I'm having some problems with privileges when running a CustomAction in deferred mode.

I want to kill some Service processes which could be running using different user accounts, from Local System to regular users, but the CA succeeds only when the processes and the CA are executed as the same user. Here are some cases and results:

• "process1.exe" is a process running as the same user running the installation. If the kill CA is run in System context using Impersonate="no" the access is denied.
• "process1.exe" is a process running as the same user running the installation. If the kill CA is run in User context using Impersonate="yes" the process is killed.
• "process1.exe" is a process running as another user. If the kill CA is run in User context using Impersonate="yes" the access is denied.
• "process1.exe" is a process running as another user. If the kill CA is run in System context using Impersonate="no" the access is denied
• "process1.exe" is a process running as Local System. If the kill CA is run in User context using Impersonate="yes" the access is denied.
• "process1.exe" is a process running as Local System. If the kill CA is run in System context using Impersonate="no" the process is killed.

<SetProperty Id="KillUserProcess" Value='"[WindowsFolder]\System32\taskkill.exe" /F /IM process1.exe' After="CostFinalize" />
<CustomAction Id="KillUserProcess" BinaryKey="WixCA" DllEntry="CAQuietExec" Execute="deferred" Impersonate="no" Return="check" />

<SetProperty Id="KillSysProcess" Value='"[WindowsFolder]\System32\taskkill.exe" /F /IM process2.exe' After="CostFinalize" />
<CustomAction Id="KillSysProcess" BinaryKey="WixCA" DllEntry="CAQuietExec" Execute="deferred" Impersonate="no" Return="check" />

<InstallExecuteSequence>
    <Custom Action="KillUserProcess" After="InstallInitialize"></Custom>
    <Custom Action="KillSysProcess" After="KillUserProcess"></Custom>
</InstallExecuteSequence>

Action=KillUserProcess,ActionType=3137,Source=BinaryData,Target=CAQuietExec,CustomActionData="C:\Windows\System32\taskkill.exe" /F /IM process1.exe) CAQuietExec: "C:\Windows\System32\taskkill.exe" /F /IM process1.exe CAQuietExec: ERROR: The process "process1.exe" with PID 3164 could not be terminated. CAQuietExec: Reason: Access is denied. CAQuietExec: CAQuietExec: Error 0x80070001: Command line returned an error. CAQuietExec: Error 0x80070001: QuietExec Failed CAQuietExec: Error 0x80070001: Failed in ExecCommon method

Action=KillSysProcess,ActionType=3137,Source=BinaryData,Target=CAQuietExec,CustomActionData="C:\Windows\System32\taskkill.exe" /F /IM process2.exe) CAQuietExec: "C:\Windows\System32\taskkill.exe" /F /IM process2.exe CAQuietExec: SUCCESS: The process "process2.exe" with PID 4596 has been terminated.

If LocalSystem doesn't have the rights to kill the processes, who does? Running these commands from Command Prompt work without problem when elevated. Even using psexec from SysInternal to run the command as System work without a problem. Only when running through MSI are these issues faced.

Is it possible to make a Custom Action running as a System kill processes not owned only by System?

Answer 1

This question is tagged DTF but I don't see any .NET code.

FWIW, I've googled this topic and it's too much to speculate on... the reality is you need a bigger hammer and C#/DTF is that hammer. You can do way more complicated API calls with it and better error handling / logging.