How to Set Directory Permissions at Install Time using an MSI Created Using Windows Installer XML (WIX)

Original Link: 

http://blogs.msdn.com/b/cjacks/archive/2008/12/04/how-to-set-directory-permissions-at-install-time-using-an-msi-created-using-windows-installer-xml-wix.aspx

Author: Chris Jackson

Following content is directly reprinted from above link and only for knowledge sharing. Please go to above link for more detailed info. Thanks~

Here is a topic I have been saying “I’ll get to it” for a while now…

We’ve talked a lot about UAC here, and I have really stressed the point that standard users shouldn’t be able to affect other users or the machine itself, and if you want to violate that rule then you need to do so explicitly.

The one area that I’ve received some questions on is what to do about shared user data. You should be using c:\programdata (not hard coded, of course!) to put your shared user data into, and then explicitly setting the ACL. You’ll need elevated permissions to set that ACL, so you should be doing so at install time.

Now, here’s the part that makes people nuts (and rightly so!) – we then never bother to tell you how you can set that at install time! At best, we’ll give you some hints. Want to know something interesting? You’d probably be surprised at how many people don’t know how to do this themselves, but nonetheless will happily tell you that it’s what you ought to be doing.

I think that’s kind of rude, so I figured I’d actually spend some time poking around so that when I tell you to do it, I could then answer the follow-up question of, “OK then, how?”.

Of course, installers could be anything, and I don’t know all of the tools (not by a long shot). I’ve never been a packager. I had to pick something, though, so I picked what I thought was best – an MSI. If you’re writing arbitrary code (or a custom action) you can just use the Windows APIs directly to set up the security descriptor. But you actually get OK (note I didn’t say “great”, or even “good”) support from the Windows Installer framework.

But how should I build the MSI? I prefer WIX. One comment talks about using the Visual Studio Setup and Deployment Project. I recommend you do not pass go and do not collect $200 until you install WIX instead. It’s not quite as simple, but it actually exposes the power of the platform instead of simplifying it by not letting you actually use the whole thing.

So, here’s the XML I wrote for WIX to create a folder (which I have to do explicitly since I made an empty one) and set the ACL to allow the Everyone group full control of this folder:

<?xml version="1.0" encoding="UTF-8"?>
<Wix xmlns="http://schemas.microsoft.com/wix/2006/wi">
  <Product Id="1cf0f45f-3a04-4878-becc-6f6b4331bfb6" Name="InstallerDirectoryPermissions" Language="1033" Version="1.0.0.0" Manufacturer="InstallerDirectoryPermissions" UpgradeCode="f9a6c7b0-6ed9-4b46-9db1-653eeb568236">
    <Package InstallerVersion="200" Compressed="yes" />
    <Directory Id="TARGETDIR" Name="SourceDir">
      <Directory Id="CommonAppDataFolder">
        <Directory Id="MySharedFolderId" Name="MySharedFolder">
          <Component Id="SharedFolderComponent" Guid="84A264EF-2BC5-41e3-8124-2CA10C2805DB">
            <CreateFolder Directory="MySharedFolderId">
              <Permission User="Everyone" GenericAll="yes" />
            </CreateFolder>
          </Component>
        </Directory>
      </Directory>
    </Directory>
    <Feature Id="FolderPermissions" Title="InstallerDirectoryPermissions" Level="1">
      <ComponentRef Id="SharedFolderComponent" />
    </Feature>
  </Product>
</Wix>

If you compile this to create an MSI, and then edit it with Orca, you’ll see the entries in the Directory, CreateFolder, and LockPermissions tables that make all of this magic happen.

Now, remember how I said that the support was just OK? Well, have a look at what we put into the Permissions entry (which ends up in the LockPermissions table) – it’s just plain English. Well, you’re the one responsible for localizing this. From the docs:

“User - The column that identifies the localized name of the user for which permissions are to be set.”

Why did I choose the Everyone group? Because it’s special cased: “The common user names ‘Everyone’ and ‘Administrators’ may be entered in English and are mapped to well-known SIDs.” (Please note: I don’t speak any other languages, so I don’t have any localized versions of Windows installed – feel free to correct me if you do and I have misinterpreted this!)

But if you just wanted to target users, or domain users, or some other group, and you support multiple languages, you’ll want to do that work inside of a custom action (“A custom action is required to enter the localized name of any other user or group.”). Unless, of course, you already have that value in a property, such as the LogonUser property.

Hopefully this helps you sort out how to do it, instead of us just telling you to “go look it up.” Because you probably have enough to do already.

时间: 2024-08-28 19:38:58

How to Set Directory Permissions at Install Time using an MSI Created Using Windows Installer XML (WIX)的相关文章

Can&#39;t install mysql-python version 1.2.5 in Windows

Can't install mysql-python version 1.2.5 in Windows http://stackoverflow.com/questions/37092125/cant-install-mysql-python-version-1-2-5-in-windows No problem. We won't show you that ad again. Why didn't you like it? Uninteresting Misleading Offensive

Install CDONTS mail component and SMTP on Windows Server 2008

原文地址:http://www.jppinto.com/2009/03/install-cdonts-mail-component-and-smtp-on-windows-server-2008/ CDONTS is mail component used to send messages from an ASP page. Instead of recoding multiple web sites I have created, I am just going to install the

Install Tensorflow object detection API in Anaconda (Windows)

This blog is to explain how to install Tensorflow object detection API in Anaconda in Windows 10 as well as how to train train a convolution neural network to do object detection on your own data set. Steps: 1. Installation and Configuration Install

静默安装、授权及卸载Microsoft SQL Server、NET Framework、Windows Installer 、ArcGIS License Manager、ArcGIS Engine(Silent install、uninstall and Authorization.. .through Setup Factory)基于Setup Factory

通过Setup Factory写的代码大概有1700行,所以就不整理了.思路如下: 静默安装都是通过去Microsoft 和Esri的官网找到静默安装的命令,然后File.Run(...)或者Shell.Execute(...)一下:静默卸载就是搜素注册表,调用微软的卸载命令即可. 1.NET Framework静默安装(" /q /norestart") File.Run(DOTNetFilePath, " /q /norestart","",

install shield 2010 Basic MSI安装包调用dll

1.新建Basic MSI项目 2.Behavior and Logic->Custom Action and Sequence->右边面板CustomActions->Custom Action Wizard ->下一步->填写Action Name.Comment(可不填)->Type 选择Call a function in a standard dynamic-link library.(这里有多种选择,有JScript.VBScript等)->配置函数名

[it-ebooks]电子书列表

#### it-ebooks电子书质量不错,但搜索功能不是很好 #### 格式说明  [ ]中为年份      ||  前后是标题和副标题  #### [2014]: Learning Objective-C by Developing iPhone Games || Leverage Xcode and Objective-C to develop iPhone games http://it-ebooks.info/book/3544/ Learning Web App Developmen

(转) [it-ebooks]电子书列表

[it-ebooks]电子书列表 [2014]: Learning Objective-C by Developing iPhone Games || Leverage Xcode and Objective-C to develop iPhone games http://it-ebooks.info/book/3544/Learning Web App Development || Build Quickly with Proven JavaScript Techniques http://

第1章 初涉MySQL

第1章 初涉MySQL 1-1MySQL概述 1-2MySQL的安装与配置 1-3启动与停止MySQL服务 1-4登陆与退出 1-5修改MySQL提示符 1-6修改MySQL常用命令及语法规范 1-7操作数据库 1-1MySQL概述 MySQL数据库 MySQL基础 安装MySQL 配置MySQL 使用MySQL MySQL基础 MySQL由瑞典MySQL AB公司开发,目前属于Oracle. MySQL是一个开源的关系型数据库管理系统. MySQL分为社区版和企业版. 1-2MySQL的安装与

Wix 安装部署教程(九) --用WPF做安装界面

经常安装PC端的应用,特别是重装系统之后,大致分为两类.一类像QQ,搜狗输入法这样的.分三步走的:第一个页面可以自定义安装路径和软件许可.第二个页面显示安装进度条,第三个页面推荐其他应用.先不管人家怎么实现的,我们先回顾一下. QQ:       再一个就是分六步或七步走的,如QQ影音:欢迎界面,用户许可,安装组件,安装目录,安装进度,安装完成,有七步的,一般会多一些软件推荐.当然还有其他的,比如是基于ClickOnce打包的,就一个界面,一个进度条.没有安装目录选择,这一般不是商业软件.先说第