/build/static/layout/Breadcrumb_cap_w.png

CACLS.exe

I am trying to call this during an install to set permissions on a folder, the permissions change work but it still errors on finish of the installer any ideas?

cacls C:\Progra~1\CallBa~1 /p users:f /e


errors out with error code 2762
Asked 15 years ago 5795 views
0 Comments   [ + ] Show comments

Answers (6)

Posted by: Ram 15 years ago
Senior Purple Belt
0
Put a semicollan after cacls C:\Progra~1\CallBa~1 /p/t/e;Users:F
Posted by: blade2 15 years ago
Blue Belt
0
Not winning so far, any other suggestions?

I have copied an pasted everythin you have in the switches, it all fails.
Posted by: Ram 15 years ago
Senior Purple Belt
0
Use the full path mate

try this as

XCACLS.exe <fullpathtofilename> /t/e/c Users:F
Posted by: anonymous_9363 15 years ago
Red Belt
0
Use SetACL instead. Although you'll have to deploy it, it can be used to permission the registry as well as files: CACLS can't apply ACLs to the registry. Also, an obvious trick which many people miss is to schedule the permissioning CA after CreateFolders and before InstallFiles. That ensures that your package doesn't waste time permissioning EVERY file, because by default files inherit their parent folder's permissions.
Posted by: fetgor 15 years ago
Senior Purple Belt
0
I always use Secedit, first create a file using mmc,add/remove Security Template: ex of file:

[Unicode]
Unicode=yes
[Version]
signature="$CHICAGO$"
Revision=1
[Registry Values]
[Profile Description]
Description=Security Template for FlashPlayer 9.0.124.0
[File Security]
"%SystemRoot%\system32\Macromed\Flash\Flash9f.ocx",0,"D:AR(A;OICI;0x100100;;;WD)"
"%SystemRoot%\system32\Macromed\Flash\FlashUtil9f.exe",0,"D:AR(A;OICI;0x100100;;;WD)"
[Registry Keys]
"CLASSES_ROOT\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}",0,"D:AR(A;OICI;0x100100;;;WD)"
"CLASSES_ROOT\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}",0,"D:AR(A;OICI;0x100100;;;WD)"
"CLASSES_ROOT\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}",0,"D:AR(A;OICI;0x100100;;;WD)"
"CLASSES_ROOT\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}",0,"D:AR(A;OICI;0x100100;;;WD)"
"CLASSES_ROOT\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}",0,"D:AR(A;OICI;0x100100;;;WD)"
"CLASSES_ROOT\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}",0,"D:AR(A;OICI;0x100100;;;WD)"

Place it in Windows\Security\Templates, and after that run a custom action: type 3170, place it in install exequte seq, NOT Installed, 6550.

ex:
secedit.exe /configure /db Flash9f /cfg [WindowsFolder]Security\Templates\Flash9f.inf /areas REGKEYS FILESTORE SERVICES /quiet
By doing this you can always find on the host what files/Folders/keys that have got a changes security - very useful in troubleshooting scenarious.

/Göran
Posted by: anonymous_9363 15 years ago
Red Belt
0
I always use SeceditI used to use SecEdit but found it to be somewhat less than user-friendly, as your post more than adequately shows! :) For example, what does:"%SystemRoot%\system32\Macromed\Flash\FlashUtil9f.exe",0,"D:AR(A;OICI;0x100100;;;WD)"

mean in plain English? [I know what it means, BTW, but I'm making a point here]. With SetACL:SetACL.exe -on "C:\my dir" -ot file -actn ace -ace "n:domain1\user1;p:change" at least I get a clue! :)

If one needs to document permissions, use a ReadMe.TXT alongside the MSI.
Rating comments in this legacy AppDeploy message board thread won't reorder them,
so that the conversation will remain readable.
 
This website uses cookies. By continuing to use this site and/or clicking the "Accept" button you are providing consent Quest Software and its affiliates do NOT sell the Personal Data you provide to us either when you register on our websites or when you do business with us. For more information about our Privacy Policy and our data protection efforts, please visit GDPR-HQ