How to give Registry permission
Hi Gurus,
I need to give permission to couple of registry keys in locked down environment so as a normal user can use the application. Here I am trying to package Flash Player. Within MSI in permissions section its asking to me to enter my domain and user but I want to give for all user not just one.
Any ideas grately appreciated.
Thanks.
I need to give permission to couple of registry keys in locked down environment so as a normal user can use the application. Here I am trying to package Flash Player. Within MSI in permissions section its asking to me to enter my domain and user but I want to give for all user not just one.
Any ideas grately appreciated.
Thanks.
0 Comments
[ + ] Show comments
Answers (5)
Please log in to answer
Posted by:
anonymous_9363
16 years ago
In general, I'd suggest you avoid using the LockPermissions table, not least because it doesn't allow you to add permissions, meaning you have to remember to add 'Administrators', etc, etc, as well as the actual users you want. Instead, use a Custom Action to call any of the command-line permissioning tools. My preference is for SetACL because it can permission file and registry access using more or less identical syntax.
Posted by:
dola
16 years ago
Hi VBScab,
Thanks for your suggestion. I am currently looking at SetACL tool but unable to figure out the correct syntax for permissioning the registry Ex: CLASSES_ROOT\CLSID\
If possible can you please give me the right syntax or point me towards more meaningful explanation website.
Thanks a zillion.
Thanks for your suggestion. I am currently looking at SetACL tool but unable to figure out the correct syntax for permissioning the registry Ex: CLASSES_ROOT\CLSID\
If possible can you please give me the right syntax or point me towards more meaningful explanation website.
Thanks a zillion.
Posted by:
linstead
16 years ago
you can use setacl like this, just make sure you copy the setacl.exe file to the folder you are running from.
example
dim source
source = whatever your source is
oShell.Run (Source & "SetAcl " & """MACHINE\Software\whatever""" & " /Registry /grant users /full", 0, True)
example
dim source
source = whatever your source is
oShell.Run (Source & "SetAcl " & """MACHINE\Software\whatever""" & " /Registry /grant users /full", 0, True)
Posted by:
aogilmor
16 years ago
careful, i've seen machines freeze up when you do that with XP. I try to narrow it down to at least the subkey needed, not give full perms to the entire hive.
Posted by:
jmcfadyen
16 years ago
you can also use the following tools i like subinacl of the group as it can permission almost anything ie files reg shares etc etc
subinacl.exe
cacls.exe
xcacls.exe
setacl.exe
you can create sdb files to be deployed via gpo but these are limited to a single domain so can be problematic from other domains
note there is also some considerable changes to permissions with Vista for more details.
http://www.microsoft.com/technet/technetmag/issues/2007/06/ACL/default.aspx
subinacl.exe
cacls.exe
xcacls.exe
setacl.exe
you can create sdb files to be deployed via gpo but these are limited to a single domain so can be problematic from other domains
note there is also some considerable changes to permissions with Vista for more details.
http://www.microsoft.com/technet/technetmag/issues/2007/06/ACL/default.aspx
Rating comments in this legacy AppDeploy message board thread won't reorder them,so that the conversation will remain readable.