Applying folder secutiry permissions via a transform
Hi,
I'm pretty sure I'm missing an obvious trick here but I need to change the \\<LOCALPC>\USERS security permissions to a folder within a transform being applied to a 3rd Party MSI.
I've tried searching the forums to see if there are any similar posts to this one and couldn't find any.
I've done this many times within native MSIs via the Lock Permissions Table, using the GUIs in either Wise or Installshield or via a Custom Action using ACL command line utilities.
I've tried to two methods of applying the permissions in a transform using both Wise and Installshield:
I suppose my question is can Permissions/Custom Actions be applied via a transform?
I'm pretty sure I'm missing an obvious trick here but I need to change the \\<LOCALPC>\USERS security permissions to a folder within a transform being applied to a 3rd Party MSI.
I've tried searching the forums to see if there are any similar posts to this one and couldn't find any.
I've done this many times within native MSIs via the Lock Permissions Table, using the GUIs in either Wise or Installshield or via a Custom Action using ACL command line utilities.
I've tried to two methods of applying the permissions in a transform using both Wise and Installshield:
- Making this change via a transform attempting to do it via the Lock Permissions table, the altered permissions don't get applied to the designated folder, during the installation.
- Setting up a Custom Action to run a command line, the Custom Action never gets invoked when the transform is run.
I suppose my question is can Permissions/Custom Actions be applied via a transform?
0 Comments
[ + ] Show comments
Answers (14)
Please log in to answer
Posted by:
cygan
14 years ago
try this in your mst
In Wise Package Studio
Drag the custom action --- Execute Program from Installation
Name enter a name for your CA
Executable file browse to your setACL.exe
Command Line Arguments -on "C:\Program Files\FolderName" -ot
file -actn ace -ace "n:Users;p:change"
Condition Not Installed
Location Normal Execute Immediate/deferred.
After . InstallFinalise
In Wise Package Studio
Drag the custom action --- Execute Program from Installation
Name enter a name for your CA
Executable file browse to your setACL.exe
Command Line Arguments -on "C:\Program Files\FolderName" -ot
file -actn ace -ace "n:Users;p:change"
Condition Not Installed
Location Normal Execute Immediate/deferred.
After . InstallFinalise
Posted by:
anonymous_9363
14 years ago
can Permissions/Custom Actions be applied via a transformOf course. An MSI is just a delta to an MSI, after all.
The clue to your problem, I suspect, lies in the name of the folder you're trying to permission. Would your target be a Vista/Windows 7 box, by any chance?
Posted by:
joban2000
14 years ago
Thanks for the quick responses.
The system is XP SP2.
The problem I'm having with regard to i using secedit or secacl is that Custom Actions aren't running.
The system is XP SP2.
The problem I'm having with regard to i using secedit or secacl is that Custom Actions aren't running.
Posted by:
cygan
14 years ago
The problem I'm having with regard to i using secedit or secacl is that Custom Actions aren't running
what does you log file say
so you did not get a return value of 1 for your CA
Posted by:
joban2000
14 years ago
I've got it working, well the Custom Action method, it looks like it was to do with where in the execution sequence I was trying to run it. I was attempting to run it after the PublishProduct but before the InstallFinalize Actions.
From reading your instructions I noticed you mentioned putting it after the InstallFinalize action, I did that and now the setACL command is running.
Thanks for your help.
From reading your instructions I noticed you mentioned putting it after the InstallFinalize action, I did that and now the setACL command is running.
Thanks for your help.
Posted by:
McRip
14 years ago
ORIGINAL: cygan
try this in your mst
In Wise Package Studio
Drag the custom action --- Execute Program from Installation
Name enter a name for your CA
Executable file browse to your setACL.exe
Command Line Arguments -on "C:\Program Files\FolderName" -ot
file -actn ace -ace "n:Users;p:change"
Condition Not Installed
Location Normal Execute Immediate/deferred.
After . InstallFinalise
How deos it look like for a specific registry key???
Because I have problems with setting permissions for registry key... And setACL.exe is too complicated...
Thanks in advance
Posted by:
cygan
14 years ago
If you are setting permissions on a reg key the then the command line should read eg
-on "HKLM\XXXXXXX\XXXXXX\" -ot reg -actn ace -ace "n:Users;p:full"
or
-on "HKCU\XXXXXXX\XXXXXX\" -ot reg -actn ace -ace "n:Users;p:full"
and don't forget to rate my post [:D]
-on "HKLM\XXXXXXX\XXXXXX\" -ot reg -actn ace -ace "n:Users;p:full"
or
-on "HKCU\XXXXXXX\XXXXXX\" -ot reg -actn ace -ace "n:Users;p:full"
and don't forget to rate my post [:D]
Posted by:
McRip
14 years ago
If I load it as a binary, "Program Execute From Installation", I run it directly with this commandline?
For example:
-on "HKLM\SOFTWARE\Test\" -ot reg -actn ace -ace "n:[LogonUser];p:full"
For example:
-on "HKLM\SOFTWARE\Test\" -ot reg -actn ace -ace "n:[LogonUser];p:full"
Posted by:
cygan
14 years ago
For example:
-on "HKLM\SOFTWARE\Test\" -ot reg -actn ace -ace "n:[LogonUser];p:full"
yes and you sequence as above with the condition as above
Posted by:
cygan
14 years ago
Of course. An MSI is just a delta to an MSI, after allHmmmmm[sm=rolleyes.gif]
Posted by:
turbokitty
14 years ago
SetACL is too complicated? If you're looking for an easy ride, you've picked the wrong profession.
Posted by:
McRip
14 years ago
ORIGINAL: turbokitty
SetACL is too complicated? If you're looking for an easy ride, you've picked the wrong profession.
Thanks, bro
Rating comments in this legacy AppDeploy message board thread won't reorder them,so that the conversation will remain readable.