Winstall LE question
Hi there, I've got a noob packaging question, hopefully someone can help. Using Winstall LE 9.5
Package works great, except the program is really old and requires that members of the computer's local "users" group have modify permissions to its program files directory. The only way I can see to do this in winstall, is to set the permissions manually for each file, and then I don't have the option to choose the local user's group for the machine you're installing to, just the ones on my local network. What's the best way to do this?
Also, even after making this change manually, the "Product X is configuring settings" thing pops up every time you launch the program, logged in as a non-administrator. and when you use a feature that writes a temporary file to the program files directory as well. Is is possible to stop this from happening? Seems like Office is the only other program that needs to do this, and it only does it once.
Works fine as an administrator, but I need some help getting it to work non-privlidged
Thanks
Travis
Package works great, except the program is really old and requires that members of the computer's local "users" group have modify permissions to its program files directory. The only way I can see to do this in winstall, is to set the permissions manually for each file, and then I don't have the option to choose the local user's group for the machine you're installing to, just the ones on my local network. What's the best way to do this?
Also, even after making this change manually, the "Product X is configuring settings" thing pops up every time you launch the program, logged in as a non-administrator. and when you use a feature that writes a temporary file to the program files directory as well. Is is possible to stop this from happening? Seems like Office is the only other program that needs to do this, and it only does it once.
Works fine as an administrator, but I need some help getting it to work non-privlidged
Thanks
Travis
0 Comments
[ + ] Show comments
Answers (10)
Please log in to answer
Posted by:
brianb0177
15 years ago
you can modify the lockpermissions table of the msi using orca to grant access, your generic read, write execute permission is 268435456
Quick note: If you need to unlock a whole directory you can have it create the folder & then set the permissions on that folder so it will have access to read, write, & execute
Quick note: If you need to unlock a whole directory you can have it create the folder & then set the permissions on that folder so it will have access to read, write, & execute
Posted by:
AngelD
15 years ago
As long as you understand how the LockPermissions table work then there whould be no problem using it.
However; I would suggest you search the forum for this table as there has been several discussions about it, you may also find other solutions better suited.
However; I would suggest you search the forum for this table as there has been several discussions about it, you may also find other solutions better suited.
Posted by:
travbrack
15 years ago
Thanks for the response. Here's where I'm at.
Directory was already there in the Directory table.
Created a component called EPCDIR, gave it a new a new guid, put the name in the "directory" column, and attribute 0
Added it to the CreateFolder table with the name of the directory, and the component name
In the LockPermissions table, I've added a row with the name of the directory, it points to the table CreateFolder, user "Everyone" with permission 268435456
I created a transform and applied it at install time, the directory doesn't take on the permissions I needed, however. I read a couple tutorials, and as far as I can tell I'm doing thing correctly. Any advice, anyone? Thanks.
Directory was already there in the Directory table.
Created a component called EPCDIR, gave it a new a new guid, put the name in the "directory" column, and attribute 0
Added it to the CreateFolder table with the name of the directory, and the component name
In the LockPermissions table, I've added a row with the name of the directory, it points to the table CreateFolder, user "Everyone" with permission 268435456
I created a transform and applied it at install time, the directory doesn't take on the permissions I needed, however. I read a couple tutorials, and as far as I can tell I'm doing thing correctly. Any advice, anyone? Thanks.
Posted by:
travbrack
15 years ago
For all those interested:
Copy the name of the directory you need from the Directory table and create a new component like so. Example dir name is "fundirectory"
fundirCOMP,{newguid},fundirectory, 2
Then add the directory to the CreateFolder table like so
fundirectory,fundirCOMP
Next set LockPermissions:
fundirectory,CreateFolder,(null),Everyone,268435456
and finally add a featurecomponent
(featurename),fundirCOMP
Transform that SOB and you're done. Thanks for your help, everyone.
Copy the name of the directory you need from the Directory table and create a new component like so. Example dir name is "fundirectory"
fundirCOMP,{newguid},fundirectory, 2
Then add the directory to the CreateFolder table like so
fundirectory,fundirCOMP
Next set LockPermissions:
fundirectory,CreateFolder,(null),Everyone,268435456
and finally add a featurecomponent
(featurename),fundirCOMP
Transform that SOB and you're done. Thanks for your help, everyone.
Posted by:
anonymous_9363
15 years ago
Next set LockPermissions:You have now removed:
fundirectory,CreateFolder,(null),Everyone,268435456
Administrators:Full Control
Power Users:Full Control
System:Full Control....
etc, etc. I'm reasonably sure that's not the required effect.
LockPermissions is the Spawn of the Devil, because it replaces rather than adds permissions. Use SetACL, XCACLS, SubInACL or whichever command line tool you're comfortable with in a Custom Action.
Posted by:
AngelD
15 years ago
Not entirely correct; the System account is always added.
And I guess as Everyone has full control then that would take the Administrators and Power Users groups into account.
And I guess as Everyone has full control then that would take the Administrators and Power Users groups into account.
Posted by:
aogilmor
15 years ago
LockPermissions is OK if you know what to put in. Administrators:F Users:RX would do for most environments, except for the stupid apps, then it's Users:C.
I'd never do Everyone anything, Everone means EVERYONE, including Joe Hacker on the internet.
I'd never do Everyone anything, Everone means EVERYONE, including Joe Hacker on the internet.
Posted by:
anonymous_9363
15 years ago
A) Thanks for clearing that up, Kim. And, FWIW, I don't even care that '268435456' means 'FullControl' - one of the reasons I steer people clear of LockPermissions is to avoid totally non-intuitive nonsense like that.
Not entirely correct; the System account is always added.
And I guess as Everyone has full control
Posted by:
AngelD
15 years ago
I didn't know it was Full Control Ian, I just took a wild guess :D
I can't say I've ever used the LockPermissions table due to how it works. If I recall; Microsoft has now changed the way the LockPermissions work in the new Windows Installer version.
I can't say I've ever used the LockPermissions table due to how it works. If I recall; Microsoft has now changed the way the LockPermissions work in the new Windows Installer version.
Posted by:
anonymous_9363
15 years ago
If I recall; Microsoft has now changed the way the LockPermissions work in the new Windows Installer version.I haven't looked, but I'd bet my last dollar is still uses these ludicrous numbers instead of...oh, I don't know...words? Even made-up words like 'FullControl' would at least make some sense...
I find it incredible that they've re-worked how the table is used and not taken the opportunity to make it easier to use. It would be the work of a second-year programmer to add logic to the engine which would say "If the schema is this, use these stupid numbers. If it's that, use these lovely sensible words OR the old stupid numbers, if the packager used them."
Sorry to hijack the thread for a not-very-transparent rant at developers and MS in particular but it's so frustrating when there's so much good stuff coming from that direction.
Rating comments in this legacy AppDeploy message board thread won't reorder them,so that the conversation will remain readable.