Hi,
I'm pretty sure I'm missing an obvious trick here but I need to change the \\<LOCALPC>\USERS security permissions to a folder within a transform being applied to a 3rd Party MSI.
I've tried searching the forums to see if there are any similar posts to this one and couldn't find any.
I've done this many times within native MSIs via the Lock Permissions Table, using the GUIs in either Wise or Installshield or via a Custom Action using ACL command line utilities.
I've tried to two methods of applying the permissions in a transform using both Wise and Installshield:
  • Making this change via a transform attempting to do it via the Lock Permissions table, the altered permissions don't get applied to the designated folder, during the installation.
  • Setting up a Custom Action to run a command line, the Custom Action never gets invoked when the transform is run.
What's strange is that the other parts of the Transform are being applied, I've added custom Properties via the Property table and custom keys to the Registry and these are being applied, so it's not a question of transform not running.
I suppose my question is can Permissions/Custom Actions be applied via a transform?
0 Comments   [ + ] Show Comments

Comments

Please log in to comment

Rating comments in this legacy AppDeploy message board thread won't reorder them,
so that the conversation will remain readable.

Answers

0
can Permissions/Custom Actions be applied via a transformOf course. An MSI is just a delta to an MSI, after all.

The clue to your problem, I suspect, lies in the name of the folder you're trying to permission. Would your target be a Vista/Windows 7 box, by any chance?
Answered 08/18/2009 by: VBScab
Red Belt

Please log in to comment
0
yes it can you can use setacl or secedit

cheers
Answered 08/18/2009 by: cygan
Fifth Degree Brown Belt

Please log in to comment
0
Thanks for the quick responses.
The system is XP SP2.
The problem I'm having with regard to i using secedit or secacl is that Custom Actions aren't running.
Answered 08/18/2009 by: joban2000
Senior Yellow Belt

Please log in to comment
2
try this in your mst


In Wise Package Studio



Drag the custom action --- Execute Program from Installation

Name enter a name for your CA

Executable file browse to your setACL.exe

Command Line Arguments -on "C:\Program Files\FolderName" -ot
file -actn ace -ace "n:Users;p:change"


Condition Not Installed


Location Normal Execute Immediate/deferred.
After . InstallFinalise
Answered 08/18/2009 by: cygan
Fifth Degree Brown Belt

Please log in to comment
0
The problem I'm having with regard to i using secedit or secacl is that Custom Actions aren't running
what does you log file say
so you did not get a return value of 1 for your CA
Answered 08/18/2009 by: cygan
Fifth Degree Brown Belt

Please log in to comment
0
I've got it working, well the Custom Action method, it looks like it was to do with where in the execution sequence I was trying to run it. I was attempting to run it after the PublishProduct but before the InstallFinalize Actions.

From reading your instructions I noticed you mentioned putting it after the InstallFinalize action, I did that and now the setACL command is running.

Thanks for your help.
Answered 08/18/2009 by: joban2000
Senior Yellow Belt

Please log in to comment
0
ORIGINAL: cygan

try this in your mst


In Wise Package Studio



Drag the custom action --- Execute Program from Installation

Name enter a name for your CA

Executable file browse to your setACL.exe

Command Line Arguments -on "C:\Program Files\FolderName" -ot
file -actn ace -ace "n:Users;p:change"


Condition Not Installed


Location Normal Execute Immediate/deferred.
After . InstallFinalise





How deos it look like for a specific registry key???
Because I have problems with setting permissions for registry key... And setACL.exe is too complicated...

Thanks in advance
Answered 08/18/2009 by: McRip
Orange Senior Belt

Please log in to comment
0
setACL.exe is too complicated...
too complicated I don't think so
Answered 08/18/2009 by: cygan
Fifth Degree Brown Belt

Please log in to comment
0
If you are setting permissions on a reg key the then the command line should read eg


-on "HKLM\XXXXXXX\XXXXXX\" -ot reg -actn ace -ace "n:Users;p:full"

or


-on "HKCU\XXXXXXX\XXXXXX\" -ot reg -actn ace -ace "n:Users;p:full"

and don't forget to rate my post [:D]
Answered 08/18/2009 by: cygan
Fifth Degree Brown Belt

Please log in to comment
0
If I load it as a binary, "Program Execute From Installation", I run it directly with this commandline?

For example:
-on "HKLM\SOFTWARE\Test\" -ot reg -actn ace -ace "n:[LogonUser];p:full"
Answered 08/18/2009 by: McRip
Orange Senior Belt

Please log in to comment
0
For example:
-on "HKLM\SOFTWARE\Test\" -ot reg -actn ace -ace "n:[LogonUser];p:full"

yes and you sequence as above with the condition as above
Answered 08/18/2009 by: cygan
Fifth Degree Brown Belt

Please log in to comment
0
Of course. An MSI is just a delta to an MSI, after all Hmmmmm[sm=rolleyes.gif]
Answered 08/18/2009 by: cygan
Fifth Degree Brown Belt

Please log in to comment
0
SetACL is too complicated? If you're looking for an easy ride, you've picked the wrong profession.
Answered 08/18/2009 by: turbokitty
Sixth Degree Black Belt

Please log in to comment
0
ORIGINAL: turbokitty

SetACL is too complicated?  If you're looking for an easy ride, you've picked the wrong profession.



Thanks, bro
Answered 08/18/2009 by: McRip
Orange Senior Belt

Please log in to comment
Answer this question or Comment on this question for clarity