Hi there guys
I'm using a deferred custom action that I'm passing "sensitive" parameters to. I've read in the MSDN docs that it is possible to set a "flag" called "msidbCustomActionTypeHideTarget" by adding 0x2000 or 8192 to the "Type" column of the custom action. Since you're generating type 51 custom actions to automate passing a value to the CustomActionData property for the custom actions in the execute sequence, I would appreciate it if you would add an option that allows me to enable that flag.
Thanks!
PS.: this is both a problem and a feature request...
Suggested Articles
Re: Hide "sensitive" properties from log
Hi,
Windows Installer uses a Debug policy which affects the information written in an installation log. By default, this policy is set to 7. This means that even if you use the "msidbCustomActionTypeHideTarget" flag, the information which should be hidden will be shown.
We also experience this problem with our own custom actions which use the "msidbCustomActionTypeHideTarget" flag. You can try to set the debug policy to a different value by using the registry key specified by Microsoft, but I'm not sure if it will work as expected.
Regards,
Cosmin
Windows Installer uses a Debug policy which affects the information written in an installation log. By default, this policy is set to 7. This means that even if you use the "msidbCustomActionTypeHideTarget" flag, the information which should be hidden will be shown.
We also experience this problem with our own custom actions which use the "msidbCustomActionTypeHideTarget" flag. You can try to set the debug policy to a different value by using the registry key specified by Microsoft, but I'm not sure if it will work as expected.
Regards,
Cosmin
Re: Hide "sensitive" properties from log
Bummer.
Trust Microsoft to provide a solution to your problem that doesn't work. The last point in the topic "Preventing Confidential Information from Being Written into the Log File" didn't mention that Debug mode will "ignore" that flag (it only mentions that for "MsiHiddenProperties")...
I recall that Windows Installer leaves log files in TEMP if an installation fails. Is this true? If so, do you know how verbose that log is? I'm concerned that passwords may be left there in plaintext on a client system...
Trust Microsoft to provide a solution to your problem that doesn't work. The last point in the topic "Preventing Confidential Information from Being Written into the Log File" didn't mention that Debug mode will "ignore" that flag (it only mentions that for "MsiHiddenProperties")...
I recall that Windows Installer leaves log files in TEMP if an installation fails. Is this true? If so, do you know how verbose that log is? I'm concerned that passwords may be left there in plaintext on a client system...
Re: Hide "sensitive" properties from log
Hi,
Regards,
Cosmin
On a clean machine Windows Installer will not create logs for the installations it runs. However, Windows allows you to enable Windows Installer logging. In this case, Windows Installer will create a log for any installation it runs. Therefore, a log will be created only for the machines which have the logging enabled.I recall that Windows Installer leaves log files in TEMP if an installation fails. Is this true?
This log should not be as verbose as a normal log. However, the contents of the log depend on what the logging registry value contains (there are multiple values which enable different logging modes).If so, do you know how verbose that log is?
Regards,
Cosmin
Re: Hide "sensitive" properties from log
Hmm. Okay, I suppose I'll have to consider checking the value of that policy during my installation.
Thanks though.
Thanks though.