How to add permissions to a regkey
I have a package created in WPS6. It is a wse file compiled as a exe. The shortcut launches the app only if the user is an admin. The shortcut is not working if the user is a regular user. On running filemon and regmon, we found that a registry key associated with the application needed to have Full control permissions for "Everyone".
I know that via Installation expert you can include the regkey and in the details, you can assign permissions. But, how do I do it outside of Installation Expert? I am using Setup Editor to create my wise script to install this app.
Thank you
I know that via Installation expert you can include the regkey and in the details, you can assign permissions. But, how do I do it outside of Installation Expert? I am using Setup Editor to create my wise script to install this app.
Thank you
0 Comments
[ + ] Show comments
Answers (9)
Please log in to answer
Posted by:
matrixtushar
16 years ago
Hi,
If you wish to purely use the setup editor, then you can reach out the component that holds the registry, open the details of the registry and edit the permissions.
Moreover, if you wish to do that purely using the tables (Setup Editor), then take a look at the LockPermissions table that holds the permission set.
LockObject is the component.
Table is the table (Registry in your case)
Domain is the user domain you wish to assign the permission
User attribute specifies the name of the user you wish to assign the permission.
Permission is the actual level of permission that you wish to assign. The number can be calculated from the permission sets that you wish to define. Check out the details of this table in any of the help files...
I hope this helps...
regards,
Tushar.
If you wish to purely use the setup editor, then you can reach out the component that holds the registry, open the details of the registry and edit the permissions.
Moreover, if you wish to do that purely using the tables (Setup Editor), then take a look at the LockPermissions table that holds the permission set.
LockObject is the component.
Table is the table (Registry in your case)
Domain is the user domain you wish to assign the permission
User attribute specifies the name of the user you wish to assign the permission.
Permission is the actual level of permission that you wish to assign. The number can be calculated from the permission sets that you wish to define. Check out the details of this table in any of the help files...
I hope this helps...
regards,
Tushar.
Posted by:
cmi2000
16 years ago
Hi, I don't know which is the function on WPS 6, I use WPS 7 and with Installation Expert frame, in Registry, you can add permissions to a regkey clicking with right button, in context menu go to Permissions. Registry Permissions Key windows appears, click Add button and choice Everyone in the user drop list.
I hope this help... good luck!
I hope this help... good luck!
Posted by:
anonymous_9363
16 years ago
The operation above achieves the same thing, i.e. the population of the 'LockPermissions' table.
The perennial issue with using the LockPermissions table is that the permssions aren't additive, i.e. they replace the permissions on the target object. Consequently, one has to patiently add ALL the users and/or groups who are currently permissioned for that object (which assumes you know what they are), as well as the new users and/or groups.
Most sensible packagers use a command line tool e.g. SetACL, XCACLS via a Custom Action. [Waits for flames from LockPermission die-hards...]
The perennial issue with using the LockPermissions table is that the permssions aren't additive, i.e. they replace the permissions on the target object. Consequently, one has to patiently add ALL the users and/or groups who are currently permissioned for that object (which assumes you know what they are), as well as the new users and/or groups.
Most sensible packagers use a command line tool e.g. SetACL, XCACLS via a Custom Action. [Waits for flames from LockPermission die-hards...]
Posted by:
varun.appdeploy
16 years ago
wse
the installed application in admin is not launching in standard user even if i given
permissions to that file . what to do
thank u
Posted by:
aogilmor
16 years ago
ORIGINAL: VBScab
The operation above achieves the same thing, i.e. the population of the 'LockPermissions' table.
The perennial issue with using the LockPermissions table is that the permssions aren't additive, i.e. they replace the permissions on the target object. Consequently, one has to patiently add ALL the users and/or groups who are currently permissioned for that object (which assumes you know what they are), as well as the new users and/or groups.
Most sensible packagers use a command line tool e.g. SetACL, XCACLS via a Custom Action. [Waits for flames from LockPermission die-hards...]
..must...not...take...bait...weakening....aaaaaah!
I'd say most "sensible" images have simple and correctly set up permissions - i.e. your domain user groups set up in your workstation local group, your domain admin and "support" groups in your local admin group, administrator account appropriately renamed if you wish, etc. In this envt. the packager simply adds Users and Administrators and is done with it. This can be automated somewhat.
Agree it's unfortunate that windows installer replaces default permissions because that makes packagers look outside the tool set, include binaries, use custom actions etc. I used to use appsearch to locate cacls.exe, which at least has the advantage of being a standard part of the OS, although not as flexible or granular as some other tools, and doesn't apply to the registry.
Another thing to look for in the registy is, some apps create keys after launch, so it helps to do your snapshot, launch and use as much of the app as you can, then apply the permissions (with whatever tool) to all the keys.
hopefully this will all eventually go away with vista and app shimming
We now return to our regular broadcast....
[:D]
Posted by:
mansing
15 years ago
Hello all
i m new here
and i need help
i m creating one package on vista, and i want to give full permisstion to 2 registry hives where restricted user can get full read right access by using lock permission table, i have implemented in my package but the problem is application is not installin after implementing lock permission where as this thing is working properly through secedit. i want to know is there any compatibility or any other issue to use lock permission for vista packaging?
if it is possible in vista can any one provide me proper document ?
thanks in advance
i m new here
and i need help
i m creating one package on vista, and i want to give full permisstion to 2 registry hives where restricted user can get full read right access by using lock permission table, i have implemented in my package but the problem is application is not installin after implementing lock permission where as this thing is working properly through secedit. i want to know is there any compatibility or any other issue to use lock permission for vista packaging?
if it is possible in vista can any one provide me proper document ?
thanks in advance
Posted by:
aogilmor
15 years ago
first you should post a new question - old thread here.
Second, you're packaging for vista and you've never heard of application shimming? (shudder...)
Second, you're packaging for vista and you've never heard of application shimming? (shudder...)
Rating comments in this legacy AppDeploy message board thread won't reorder them,so that the conversation will remain readable.