Software Deployment

I can't say that you can.
A repair is performed when entrypoints are executed to check for broken components, if one is found a repair will be performed. You could remove every entrypoint in the package thus potential prevent a repair from occuring.
A repair could be performed from the command line with the /f switch using msiexec.exe.

I dont know whether this will help you , but why dont you try using AdminUser Property to sequence an immediate custim action to terminate the repair.You need to condition it like AdminUser <>1 AND Installed AND REMOVE ~<> "ALL".

The Display message can be like "Unable to repair from Non Admin User".

If a file or registry entry got deleted, how on *earth* does a non-privileged user have rights to do that? Shouldn't the package be setting appropriate permissions?

Hi Bhuvan,

Can you tell us if there is any specific reason that you want to disable repair functionality for Normal Users?
In all other cases we try and make sure the User repair is possible, and is one of the most important and essential aspect of application packaging.

Cheers [:)]

Actually I don't want the non privileged user to have access to the MSI files.If self repair is done in non privileged mode then it would have to access the MSI files which may allow the non privileged user to delete/modify the files.So, I don't want the non privileged
users to do a self repair.

Is there any possibility to allow the non privileged users to have self repair enabled but this user shouldnot access the MSI files?

The user must have read access to the original media while repairing files.
So as long as they don't have more then read permissions on the source the non-admin user will not be able to delete/modify the source.

Skip to try to prevent a self-repair.

Is there any possibility to allow the non privileged users to have self repair enabled but this user shouldnot access the MSI files?

Yes there is.
Make sure no custom action is accessing the source during execution, condition if needed.
For files going into the user-profile you will need to make sure these are installed from duplicate files instead.

I recall there was a long discussion regarding this in the forum so try out the search engine.

ORIGINAL: bhuvan

Actually I don't want the non privileged user to have access to the MSI files.If self repair is done in non privileged mode then it would have to access the MSI files which may allow the non privileged user to delete/modify the files.So, I don't want the non privileged
users to do a self repair.

Is there any possibility to allow the non privileged users to have self repair enabled but this user shouldnot access the MSI files?


A self repair cant be done in non privileged mode as its the windows service that access the MSI.

If you want to hide the MSI files you could also put them in a subf folder of a folder users dont have browse rights to but do have rights to traverse ther folder (as well as hiding the share)

They couldnt browse to the files using explorer.. they would need to know the full path MSI.

How should the locally-cached copy be handled? If you're going to hide that properly, you'd need to permission the folder. Then the OP needs to know how to handle CAs, perhaps a command-line permissioning tool. I really can't imagine what's to be achieved with this, as it seems the OP wants to disable a function of Windows Installer, betraying a fundamental misunderstanding of what WI is about. Besides anything else, as I've said in a similar post, if the app is self-healing, someone with inappropriate access has deleted a key path - how does your build allow that? Bizarre...

I agree as I said, was just posting what he could do to hide the installers..