Adherence to the following guidelines when authoring a Windows Installer package that will be used on locked-down computers helps maintain a secure environment during installation:

• Test your package for compatibility with the Windows Installer machine System Policy.
• Make sure you package runs with all user interface levels, none, basic, limited, and full.
• Test your package on NTFS partitions, both with elevated and non-elevated privileges.
• Starting with Windows Installer 3.0, User Account Control (UAC) Patching enables non-administrator users to patch applications installed in the per-machine context. Test your patch package on Windows Vista and Windows XP for both installation by users with administrator access and by non-administrator users.

Send comments about this topic to Microsoft

Build date: 8/13/2009