Setting Files and Registry ACLs in the MSI

Question

Hello!
 
 We are using Wise Package Studio 5.1 for application repackageing. Wise offers the feature to set permissions to files and registry values directly in the msi. But not on entire keys and directories. Has anyone of you information about how this can be done in Wise or in general. Wise writes the information into the LockPermissions Table. Is it possible to enter a directory as object type?. We had our own solution in the past which included Custom MSI Actions and the use of subinacl.exe and xcalcs.exe.
 
 With kindly regards

Answer

Hi sini,
 
 I think you can go for secedit to set permission to the directory and  its subdirectories or even registy hives.
 
 steps to be followed
 
 1.go to startun	ype mmc
 
 2.addemove snap in
 
 3.add
 
 4.select security templates.
 
 5.click ok
 
 6.add ne wtemplate and give a name.
 
 7. expand the template with the name you have given
 
 you will find registry,file,group etc
 
 choose
 
 go to right pane and add file
 
 you have to add this .inf file in your script
 
 and add 2 custom actions
 
 i hope this is of some help to you.
 
 regards
 
 adaptability

Answer

We use the system command 'cacls'
 Just execute it by making a custom action.
 Never had any problems with it..

Answer

Use cacls for files/folders and regdacl for registry.
 E.g for photoimpact :
 
 #cacls.exe "C:\WINDOWS\Ulead.dat\U32BASE.CFG" /e /g Users:F
 #cacls.exe "C:\WINDOWS\ULead32.ini" /e /g Users:F
 #cacls.exe "C:\WINDOWS\ULead32.ini" /e /g Users:F
 #cacls.exe "C:\WINDOWS\ULEAD.DAT\iedit3.cfg" /e /g Users:F
 #cacls.exe "C:\WINDOWS\ULEAD.DAT\U32FILE.CFG" /e /g Users:F
 #cacls.exe "C:\WINDOWS\ulead.dat\u32plug.cfg" /e /g Users:F	
 #cacls.exe "C:\WINDOWS\ULEAD.DAT\iedit3.cfg" /e /g Users:F	
 #cacls.exe "C:\WINDOWS\ULEAD.DAT\OBJPOOL.DAT" /e /g Users:F	
 #c:\program files\RegDACLE\regDacl HKCR\.AB3 /ggu:f
 #c:\program files\RegDACLE\regDacl HKCR\.jpg /ggu:f
 #c:\program files\RegDACLE\regDacl HKCR\.psd /ggu:f
 #c:\program files\RegDACLE\regDacl HKCR\.UFO /ggu:f
 #c:\program files\RegDACLE\regDacl HKCR\.UPI /ggu:f
 #c:\program files\RegDACLE\regDacl HKCR\CLSID /ggu:f
 #c:\program files\RegDACLE\regDacl HKCR\PI3.Image /ggu:f
 #c:\program files\RegDACLE\regDacl HKCR\psdfile /ggu:f
 #c:\program files\RegDACLE\regDacl HKCR\ThumbnailObj /ggu:f
 #c:\program files\RegDACLE\regDacl HKCR\UleadViewer /ggu:f

Answer

sini,
 
 Stick with your method of doing this via Custom Actions and subinacl.exe or xcalcs.exe.  
 
 The Wise interface does provide a way of setting permissions, but it is cumbersome; it is also difficult to control the sequence of the changes you need.
 
 With your Custom Action, you can set it to run just before InstallFinalize, thereby insuring none of your intended security settings are missed or overwritten.
 
 Craig --<>.

Answer

I've now written a vb application which utilizes a regmon log and then generates entries for ACCDENIED rows in the lockpermissions table of the msi. If a regkey that has ACCDENIED is not found under the registry table, it will create a new regkey and attach it to a new component(created by my program) then the component gets mapped to the complete feature.

Answer

I forgot to say that my program only sets permissions on regkeys not values therefore ensuring that no existing values get overwritten by creating a registry key with the only purpose to set user permissions

Answer

I have tried all of the methods and I always come back to creating an INF file and using SecEdit.
 
 Cacls, Xcacls, Reggrant and others don't seem to propagate inherited permissions correctly 100% of the time, where Secedit does.
 
 The lock permissions table is the last thing to use in my opinion.

Setting Files and Registry ACLs in the MSI

Answers (7)

Posted by:

View more:

Related Questions

Related Links

Related Posts

Software Deployment

Setting Files and Registry ACLs in the MSI

Answers (7)

Posted by:

Don't be a Stranger!

View more:

Related Questions

Related Links

Related Posts

Share