Hi everybody!
I'm packaging an application that need to have full permissions over several HKeys, I was trying to do it using Wise Package Standard, from Featured details -> Registry -> Destination Computer HKLM\Soft\MyAppli with right click on that key, I choose "permissions" and add Everyone with full permissions... it works!
But I need to deploy these permissions on all sub keys.. does anyone know how to do that?
Thanks!
0 Comments   [ + ] Show Comments

Comments

Please log in to comment

Rating comments in this legacy AppDeploy message board thread won't reorder them,
so that the conversation will remain readable.

Answers

0
I would create the first registry key by a custom action, then set the permission on that key and last let the Registry table entries write the rest to inherit the permissions.

I wouldn't use LockPermission table but through a custom action too.
Answered 11/20/2008 by: AngelD
Red Belt

Please log in to comment
0
If you wanted to do that using the LockPermissions table (which is all that the 'Permissions' tab is, an interface into that table), you'd have to add each key and permission it explicitly.

Forget LockPermissions, as for reasons best know to MS, it doesn't add permissions but replaces them, meaning that, in your case, having selected 'Everyone', that's the *only* group to have permissions. Thus, in addition to the above, you have to add all the standard groups and users (e.g. Administrators, Power users etc). Hideously ugly...

Download an ACL editing tool like SetACL, XCACLS, SubInACL and call that via a Custom Action.
Answered 11/21/2008 by: VBScab
Red Belt

Please log in to comment
0
Hi VBScab!, that's the answer that I was looking for. Thanks!
So... Can you tell me which are the options to replace permissions over HKLM\SOFT\MyAppli\ and all his subkeys, for everyone and logon user??
SetACL.exe -on HKLM\SOFT\MyAppli and what else?
Answered 11/21/2008 by: cmi2000
Senior Purple Belt

Please log in to comment
0
Unfortunately, I'm no longer in the office so I can't post details right now.

Have a look on SourceForge, the source for SetACL. There's a ReadMe (or similar) on there which includes a few examples of command lines.
Answered 11/21/2008 by: VBScab
Red Belt

Please log in to comment
0
Hi again...
I was surfing on the web, looking for an example to use and reading the Command line file that you told me, but this is the first time that I use this tool and I don't understand so good

Can you tell me if this cmd line works fine? I have to give full access on this key and her subkeys for every logon user

SetACL.exe -on "HKLM\SOFTWARE\My Appli" -ot reg -actn ace -ace "n:Corp\Doman Users;p:full;s:n;m:grant;w:dacl"
Thanks!
Answered 11/24/2008 by: cmi2000
Senior Purple Belt

Please log in to comment
0
ORIGINAL: cmi2000
Can you tell me if this cmd line works fine? I have to give full access on this key and her subkeys for every logon user

SetACL.exe -on "HKLM\SOFTWARE\My Appli" -ot reg -actn ace -ace "n:Corp\Doman Users;p:full;s:n;m:grant;w:dacl"
I've never felt the need to use the 'w:' switch. Why not just run it on your VM/VPC/VirtualBox and see for yourself?
Answered 11/24/2008 by: VBScab
Red Belt

Please log in to comment
0
ORIGINAL: VBScab
I've never felt the need to use the 'w:' switch. Why not just run it on your VM/VPC/VirtualBox and see for yourself?


I did it, and I've found which switch I need to use:

SetACL.exe -on "HKey_Local_Machine\SOFTWARE\My appli" -ot reg -actn ace -ace "n:everyone;p:full"

So..Now, I have to put this inside my wsi project. What kind of CA I need to use?
I think that "Execute program from installation", execute SetACL file and specifying this command line arguments:
-on "HKey_Local_Machine\SOFTWARE\My appli" -ot reg -actn ace -ace "n:everyone;p:full"

Do you think that it's ok ?
Answered 11/24/2008 by: cmi2000
Senior Purple Belt

Please log in to comment
0
It looks just dandy from where I'm sitting... :)
Answered 11/24/2008 by: VBScab
Red Belt

Please log in to comment
0
ORIGINAL: VBScab

It looks just dandy from where I'm sitting... :)

mmm... Sorry.. What you mean?
Answered 11/24/2008 by: cmi2000
Senior Purple Belt

Please log in to comment
0
SetACL.exe -on "HKey_Local_Machine\SOFTWARE\My appli" -ot reg -actn ace -ace "n:everyone;p:full
Your command line exactly matches the one I have in the template I have which is set up to use SetACL.
Answered 11/25/2008 by: VBScab
Red Belt

Please log in to comment
0
Just to close the topic... I finished the job! The CA that I performed works fine...
Thanks a lot!
Regards
Answered 11/25/2008 by: cmi2000
Senior Purple Belt

Please log in to comment
Answer this question or Comment on this question for clarity