We are using Wise Package Studio 5.1 for application repackageing. Wise offers the feature to set permissions to files and registry values directly in the msi. But not on entire keys and directories. Has anyone of you information about how this can be done in Wise or in general. Wise writes the information into the LockPermissions Table. Is it possible to enter a directory as object type?. We had our own solution in the past which included Custom MSI Actions and the use of subinacl.exe and xcalcs.exe.

With kindly regards
0 Comments   [ + ] Show Comments


Please log in to comment

Rating comments in this legacy AppDeploy message board thread won't reorder them,
so that the conversation will remain readable.


Hi sini,

I think you can go for secedit to set permission to the directory and its subdirectories or even registy hives.

steps to be followed

1.go to start\run\type mmc

2.add\remove snap in


4.select security templates.

5.click ok

6.add ne wtemplate and give a name.

7. expand the template with the name you have given

you will find registry,file,group etc


go to right pane and add file

you have to add this .inf file in your script

and add 2 custom actions

i hope this is of some help to you.


Answered 10/07/2004 by: adaptability
Orange Senior Belt

Please log in to comment
We use the system command 'cacls'
Just execute it by making a custom action.
Never had any problems with it..
Answered 10/11/2004 by: possamai
Orange Senior Belt

Please log in to comment
Use cacls for files/folders and regdacl for registry.
E.g for photoimpact :

#cacls.exe "C:\WINDOWS\Ulead.dat\U32BASE.CFG" /e /g Users:F
#cacls.exe "C:\WINDOWS\ULead32.ini" /e /g Users:F
#cacls.exe "C:\WINDOWS\ULead32.ini" /e /g Users:F
#cacls.exe "C:\WINDOWS\ULEAD.DAT\iedit3.cfg" /e /g Users:F
#cacls.exe "C:\WINDOWS\ULEAD.DAT\U32FILE.CFG" /e /g Users:F
#cacls.exe "C:\WINDOWS\ulead.dat\u32plug.cfg" /e /g Users:F
#cacls.exe "C:\WINDOWS\ULEAD.DAT\iedit3.cfg" /e /g Users:F
#cacls.exe "C:\WINDOWS\ULEAD.DAT\OBJPOOL.DAT" /e /g Users:F
#c:\program files\RegDACLE\regDacl HKCR\.AB3 /ggu:f
#c:\program files\RegDACLE\regDacl HKCR\.jpg /ggu:f
#c:\program files\RegDACLE\regDacl HKCR\.psd /ggu:f
#c:\program files\RegDACLE\regDacl HKCR\.UFO /ggu:f
#c:\program files\RegDACLE\regDacl HKCR\.UPI /ggu:f
#c:\program files\RegDACLE\regDacl HKCR\CLSID /ggu:f
#c:\program files\RegDACLE\regDacl HKCR\PI3.Image /ggu:f
#c:\program files\RegDACLE\regDacl HKCR\psdfile /ggu:f
#c:\program files\RegDACLE\regDacl HKCR\ThumbnailObj /ggu:f
#c:\program files\RegDACLE\regDacl HKCR\UleadViewer /ggu:f
Answered 10/14/2004 by: raj_crc
Orange Belt

Please log in to comment

Stick with your method of doing this via Custom Actions and subinacl.exe or xcalcs.exe.

The Wise interface does provide a way of setting permissions, but it is cumbersome; it is also difficult to control the sequence of the changes you need.

With your Custom Action, you can set it to run just before InstallFinalize, thereby insuring none of your intended security settings are missed or overwritten.

Craig --<>.
Answered 10/26/2004 by: craig16229
Third Degree Brown Belt

Please log in to comment
I've now written a vb application which utilizes a regmon log and then generates entries for ACCDENIED rows in the lockpermissions table of the msi. If a regkey that has ACCDENIED is not found under the registry table, it will create a new regkey and attach it to a new component(created by my program) then the component gets mapped to the complete feature.
Answered 10/28/2004 by: sini
Orange Senior Belt

Please log in to comment
I forgot to say that my program only sets permissions on regkeys not values therefore ensuring that no existing values get overwritten by creating a registry key with the only purpose to set user permissions
Answered 10/28/2004 by: sini
Orange Senior Belt

Please log in to comment
I have tried all of the methods and I always come back to creating an INF file and using SecEdit.

Cacls, Xcacls, Reggrant and others don't seem to propagate inherited permissions correctly 100% of the time, where Secedit does.

The lock permissions table is the last thing to use in my opinion.
Answered 11/05/2004 by: MSIMaker
Second Degree Black Belt

Please log in to comment
Answer this question or Comment on this question for clarity