Hi there, I've got a noob packaging question, hopefully someone can help. Using Winstall LE 9.5

Package works great, except the program is really old and requires that members of the computer's local "users" group have modify permissions to its program files directory. The only way I can see to do this in winstall, is to set the permissions manually for each file, and then I don't have the option to choose the local user's group for the machine you're installing to, just the ones on my local network. What's the best way to do this?

Also, even after making this change manually, the "Product X is configuring settings" thing pops up every time you launch the program, logged in as a non-administrator. and when you use a feature that writes a temporary file to the program files directory as well. Is is possible to stop this from happening? Seems like Office is the only other program that needs to do this, and it only does it once.

Works fine as an administrator, but I need some help getting it to work non-privlidged

Thanks
Travis
0 Comments   [ + ] Show Comments

Comments

Please log in to comment

Rating comments in this legacy AppDeploy message board thread won't reorder them,
so that the conversation will remain readable.

Answers

0
you can modify the lockpermissions table of the msi using orca to grant access, your generic read, write execute permission is 268435456

Quick note: If you need to unlock a whole directory you can have it create the folder & then set the permissions on that folder so it will have access to read, write, & execute
Answered 02/23/2009 by: brianb0177
Senior Yellow Belt

Please log in to comment
0
As long as you understand how the LockPermissions table work then there whould be no problem using it.
However; I would suggest you search the forum for this table as there has been several discussions about it, you may also find other solutions better suited.
Answered 02/23/2009 by: AngelD
Red Belt

Please log in to comment
0
Thanks for the response. Here's where I'm at.

Directory was already there in the Directory table.
Created a component called EPCDIR, gave it a new a new guid, put the name in the "directory" column, and attribute 0
Added it to the CreateFolder table with the name of the directory, and the component name
In the LockPermissions table, I've added a row with the name of the directory, it points to the table CreateFolder, user "Everyone" with permission 268435456

I created a transform and applied it at install time, the directory doesn't take on the permissions I needed, however. I read a couple tutorials, and as far as I can tell I'm doing thing correctly. Any advice, anyone? Thanks.
Answered 02/23/2009 by: travbrack
Senior Yellow Belt

Please log in to comment
0
For all those interested:

Copy the name of the directory you need from the Directory table and create a new component like so. Example dir name is "fundirectory"
fundirCOMP,{newguid},fundirectory, 2

Then add the directory to the CreateFolder table like so
fundirectory,fundirCOMP

Next set LockPermissions:
fundirectory,CreateFolder,(null),Everyone,268435456

and finally add a featurecomponent
(featurename),fundirCOMP

Transform that SOB and you're done. Thanks for your help, everyone.
Answered 02/23/2009 by: travbrack
Senior Yellow Belt

Please log in to comment
0
Next set LockPermissions:
fundirectory,CreateFolder,(null),Everyone,268435456
You have now removed:
Administrators:Full Control
Power Users:Full Control
System:Full Control....

etc, etc. I'm reasonably sure that's not the required effect.

LockPermissions is the Spawn of the Devil, because it replaces rather than adds permissions. Use SetACL, XCACLS, SubInACL or whichever command line tool you're comfortable with in a Custom Action.
Answered 02/24/2009 by: VBScab
Red Belt

Please log in to comment
0
Not entirely correct; the System account is always added.
And I guess as Everyone has full control then that would take the Administrators and Power Users groups into account.
Answered 02/24/2009 by: AngelD
Red Belt

Please log in to comment
0
LockPermissions is OK if you know what to put in. Administrators:F Users:RX would do for most environments, except for the stupid apps, then it's Users:C.
I'd never do Everyone anything, Everone means EVERYONE, including Joe Hacker on the internet.
Answered 02/24/2009 by: aogilmor
Ninth Degree Black Belt

Please log in to comment
0

Not entirely correct; the System account is always added.
And I guess as Everyone has full control
A) Thanks for clearing that up, Kim. And, FWIW, I don't even care that '268435456' means 'FullControl' - one of the reasons I steer people clear of LockPermissions is to avoid totally non-intuitive nonsense like that.
Answered 02/25/2009 by: VBScab
Red Belt

Please log in to comment
0
I didn't know it was Full Control Ian, I just took a wild guess :D
I can't say I've ever used the LockPermissions table due to how it works. If I recall; Microsoft has now changed the way the LockPermissions work in the new Windows Installer version.
Answered 02/25/2009 by: AngelD
Red Belt

Please log in to comment
0
If I recall; Microsoft has now changed the way the LockPermissions work in the new Windows Installer version.
I haven't looked, but I'd bet my last dollar is still uses these ludicrous numbers instead of...oh, I don't know...words? Even made-up words like 'FullControl' would at least make some sense...

I find it incredible that they've re-worked how the table is used and not taken the opportunity to make it easier to use. It would be the work of a second-year programmer to add logic to the engine which would say "If the schema is this, use these stupid numbers. If it's that, use these lovely sensible words OR the old stupid numbers, if the packager used them."

Sorry to hijack the thread for a not-very-transparent rant at developers and MS in particular but it's so frustrating when there's so much good stuff coming from that direction.
Answered 02/25/2009 by: VBScab
Red Belt

Please log in to comment
Answer this question or Comment on this question for clarity