WiX Permissions, how do I express 'Modify' in terms of DACL flags

StackOverflow https://stackoverflow.com/questions/1301503

Question

I'm attempting to apply custom rights to a folder as part of a WiX 3.0.4318.0 installer.

In terms of the Security properties UI in explorer, I want to add Modify to the rights for BUILTIN\Users. Obviously it needs to be resilient against localisation of the user name. So based on my research to date, I want at least:

<CreateFolder Directory="XYZ" >
    <PermissionEx User="[WIX_ACCOUNT_USERS]" 
         GenericRead="yes" GenericWrite="yes" Delete="Yes" />
</CreateFolder>

Questions:

  1. I'm doing this in a subdirectory - am I correct in assuming that the choice between Permission and PermissionEx is Moot?

  2. What does 'Modify' in the Folder Permissions dialog in Explorer map to in terms of rights - I see many samples where people have translated it to a magic number or a big set of flags - what have other people used (the intent is to allow create, read, write, append and delete, which is best expressed in the UI in terms of Simple Rights as 'Modify'). I've looked at the underlying permissions with icacls which tells me its called 'M', but I have no way to map them to 'specific rights' (in terms as used by icacls /?). There's another mapping table in the windows help. Has anyone got an authorative answer that's worked?

There is a very similar unanswered question at Question regarding PermissionEx (WIX), which it would be cruel but fair to cite as a duplicate.

Was it helpful?

Solution 2

After some more work on this, my findings are:

  1. In 3.0.5419.0, PermissionEx vs util:"PermissionEx vs Permission gets moot, and no Extended="true" like you see around the net with previous versions is required. Previous versions give errors at runtime resolving BUILTIN\USERS.
  2. Selecting the three rights I picked seems to achieve the requirements of my context

I'm still very interested in seeing other responses, as I remain a WiX-noob.

OTHER TIPS

The following combinations are what I've found

"modify" permission:

<util:PermissionEx GenericRead="yes" GenericWrite="yes"
   GenericExecute="yes" Delete="yes" DeleteChild="yes" User="SOMEUSER" />

"read" permission:

<util:PermissionEx Read="yes" GenericRead="yes" User="SOMEUSER" />

To get it exactly as you would by setting the permissions by hand on Windows 7 and Windows XP using WiX 3.6, you would need to use this:

<util:PermissionEx 
    User="Users" Domain="BUILTIN" 
    GenericWrite="yes" GenericExecute="yes" GenericRead="yes" 
    Delete="yes" Synchronize="yes" />
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top