What is a secure location for WiX Burns ApprovedExeForElevation?

Question

I try to have my standard bootstrapper to run a program after installing.

I had it working, but I ran into some problems with the install location due to 32/64 bits program files as I have both in the installer. The version I install depends on the bitness of Excel, which is even a UI choice if both bitnesses are installed. Ensuring the installation happens in the correct program files is the easiest with the MSI files. But then I didn't have the location anymore for the "LaunchTarget" variable.

I found in WiX Burn: Reading LaunchTarget from Registry how to read it from the registry, and I have that working, but I now get this on running:

[1CAC:232C][2015-04-29T12:25:26]i601: Searching registry for approved exe path, key: Software\Microsoft\MyProgram, value: 'MyProgram', win64: no
[1CAC:232C][2015-04-29T12:25:27]i000: The executable path is not in a secure location: C:\myfolder\myprogram.exe
[132C:05CC][2015-04-29T12:25:27]e000: Error 0x80070002: Failed to launch target: myprogram.exe

The page of ApprovedExeForElevation and the WIP for implementing only talk about 'secure location', but it seems to miss a definition of this. What do I need to do to have my EXE file deemed secure, no matter what the users put in as installation location?

Or is there another way to get this value from registry after installation and run it without the elevation as I do not seem to need that?

Answer 1

From the WIP,

For now, the Package Cache folder
and the Program Files folder(s) (x86 and x64)
are the only folders considered secure.

Getting the LaunchTarget variable from the registry is not possible (unless the registry value is already set before running, in which case you can use RegistrySearch), a feature request would need to be filed at http://wixtoolset.org/issues. Today, you would need the BA to prompt the user for the install directory and pass it into the MSI.