Windows Installer SDK Tools and UAC Prompts



When using the tools from the Windows Installer SDK you might see the following dialog on Windows Vista.

User Account Control Prompt for msidb.exe

Windows Installer tools like msidb.exe shown here, msicert.exe, msifiler.exe, msiinfo.exe, msimerg.exe, msimsp.exe, msistuff.exe, msitran.exe, and wilogutl.exe use Windows Installer file functions. Msizap.exe is the only tool that may require elevated privileges. Tools like apatch.exe and mpatch.exe don’t even use Windows Installer functions. So why the prompt? Take a look at the file properties shown below for msidb.exe.

File Properties for msidb.exe

The word “Installer” was found in the version information block of the executable. Apatch.exe and mpatch.exe don’t contain this string in their version information block, but their file names include the word “patch”. User Account Control, or UAC, in Windows Vista uses this information to assume the tools are some sort of installer.

A manifest is required to inform UAC that elevated privileges are not required. This doesn’t mean a malicious application could lie, since protections are in place when additional privileges are required, but it is handy when assumptions aren’t accurate and the tools really do not require elevated privileges. These tools in the Windows SDK for Windows Vista Beta 2 already have the manifest included, which looks like the following content for msidb.exe.

<?xml version=1.0 encoding=UTF-8 standalone=yes?>
<!– Copyright (c) Microsoft Corporation –>
<assembly manifestVersion=1.0 xmlns=urn:schemas-microsoft-com:asm.v1>
  <description>MsiDb – MSI Package Archive Table Import and Export Utility</description>
  <trustInfo xmlns=urn:schemas-microsoft-com:asm.v3>

While it is recommended that you download and use these new tools – which can still produce and manipulate packages for use with older versions of Windows Installer – you can put similar content into manifest files external to applications that don’t already have an embedded manifest (like wilogutl.exe) using the file naming convention <tool name>.exe.config.

Heath Stewart

Senior Software Engineer

Follow Heath   

No Comments.