Permissions over Registry using WPS
Hi everybody!
I'm packaging an application that need to have full permissions over several HKeys, I was trying to do it using Wise Package Standard, from Featured details -> Registry -> Destination Computer HKLM\Soft\MyAppli with right click on that key, I choose "permissions" and add Everyone with full permissions... it works!
But I need to deploy these permissions on all sub keys.. does anyone know how to do that?
Thanks!
I'm packaging an application that need to have full permissions over several HKeys, I was trying to do it using Wise Package Standard, from Featured details -> Registry -> Destination Computer HKLM\Soft\MyAppli with right click on that key, I choose "permissions" and add Everyone with full permissions... it works!
But I need to deploy these permissions on all sub keys.. does anyone know how to do that?
Thanks!
0 Comments
[ + ] Show comments
Answers (11)
Please log in to answer
Posted by:
AngelD
15 years ago
I would create the first registry key by a custom action, then set the permission on that key and last let the Registry table entries write the rest to inherit the permissions.
I wouldn't use LockPermission table but through a custom action too.
I wouldn't use LockPermission table but through a custom action too.
Posted by:
anonymous_9363
15 years ago
If you wanted to do that using the LockPermissions table (which is all that the 'Permissions' tab is, an interface into that table), you'd have to add each key and permission it explicitly.
Forget LockPermissions, as for reasons best know to MS, it doesn't add permissions but replaces them, meaning that, in your case, having selected 'Everyone', that's the *only* group to have permissions. Thus, in addition to the above, you have to add all the standard groups and users (e.g. Administrators, Power users etc). Hideously ugly...
Download an ACL editing tool like SetACL, XCACLS, SubInACL and call that via a Custom Action.
Forget LockPermissions, as for reasons best know to MS, it doesn't add permissions but replaces them, meaning that, in your case, having selected 'Everyone', that's the *only* group to have permissions. Thus, in addition to the above, you have to add all the standard groups and users (e.g. Administrators, Power users etc). Hideously ugly...
Download an ACL editing tool like SetACL, XCACLS, SubInACL and call that via a Custom Action.
Posted by:
cmi2000
15 years ago
Hi VBScab!, that's the answer that I was looking for. Thanks!
So... Can you tell me which are the options to replace permissions over HKLM\SOFT\MyAppli\ and all his subkeys, for everyone and logon user??
SetACL.exe -on HKLM\SOFT\MyAppli and what else?
So... Can you tell me which are the options to replace permissions over HKLM\SOFT\MyAppli\ and all his subkeys, for everyone and logon user??
SetACL.exe -on HKLM\SOFT\MyAppli and what else?
Posted by:
anonymous_9363
15 years ago
Unfortunately, I'm no longer in the office so I can't post details right now.
Have a look on SourceForge, the source for SetACL. There's a ReadMe (or similar) on there which includes a few examples of command lines.
Have a look on SourceForge, the source for SetACL. There's a ReadMe (or similar) on there which includes a few examples of command lines.
Posted by:
cmi2000
15 years ago
Hi again...
I was surfing on the web, looking for an example to use and reading the Command line file that you told me, but this is the first time that I use this tool and I don't understand so good
Can you tell me if this cmd line works fine? I have to give full access on this key and her subkeys for every logon user
SetACL.exe -on "HKLM\SOFTWARE\My Appli" -ot reg -actn ace -ace "n:Corp\Doman Users;p:full;s:n;m:grant;w:dacl"
Thanks!
I was surfing on the web, looking for an example to use and reading the Command line file that you told me, but this is the first time that I use this tool and I don't understand so good
Can you tell me if this cmd line works fine? I have to give full access on this key and her subkeys for every logon user
SetACL.exe -on "HKLM\SOFTWARE\My Appli" -ot reg -actn ace -ace "n:Corp\Doman Users;p:full;s:n;m:grant;w:dacl"
Thanks!
Posted by:
anonymous_9363
15 years ago
ORIGINAL: cmi2000I've never felt the need to use the 'w:' switch. Why not just run it on your VM/VPC/VirtualBox and see for yourself?
Can you tell me if this cmd line works fine? I have to give full access on this key and her subkeys for every logon user
SetACL.exe -on "HKLM\SOFTWARE\My Appli" -ot reg -actn ace -ace "n:Corp\Doman Users;p:full;s:n;m:grant;w:dacl"
Posted by:
cmi2000
15 years ago
ORIGINAL: VBScab
I've never felt the need to use the 'w:' switch. Why not just run it on your VM/VPC/VirtualBox and see for yourself?
I did it, and I've found which switch I need to use:
SetACL.exe -on "HKey_Local_Machine\SOFTWARE\My appli" -ot reg -actn ace -ace "n:everyone;p:full"
So..Now, I have to put this inside my wsi project. What kind of CA I need to use?
I think that "Execute program from installation", execute SetACL file and specifying this command line arguments:
-on "HKey_Local_Machine\SOFTWARE\My appli" -ot reg -actn ace -ace "n:everyone;p:full"
Do you think that it's ok ?
Posted by:
cmi2000
15 years ago
ORIGINAL: VBScab
It looks just dandy from where I'm sitting... :)
mmm... Sorry.. What you mean?
Posted by:
anonymous_9363
15 years ago
SetACL.exe -on "HKey_Local_Machine\SOFTWARE\My appli" -ot reg -actn ace -ace "n:everyone;p:full
Your command line exactly matches the one I have in the template I have which is set up to use SetACL.
Posted by:
cmi2000
15 years ago
Just to close the topic... I finished the job! The CA that I performed works fine...
Thanks a lot!
Regards
Thanks a lot!
Regards
Rating comments in this legacy AppDeploy message board thread won't reorder them,so that the conversation will remain readable.