This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject

A new Flexera Community experience is coming on November 25th. Click here for more information.

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

File Permissions problem

CChong
By Level 11 Flexeran
Level 11 Flexeran
I am using AdminStudio Pro 3.5 to repackage applications for delivery to Windows XP clients from a Windows 2000 Active Directory.

I have an app that was supplied with an .msi file and I have used Tuner to create a transform for this .msi. Included in the transform are file permission changes for the app's installation directory C:\Program Files\AppName, because the application insists on writing user config data to it's install directory.

I have used the LockPermissions table to give the local Users group Modify access to this dir (along with retaining the standard Admin, Power Users, etc permissions).

The application will be a user assigned app in the AD, therefore I am testing it using msiexec with the /ju and /t switches.

My problem is as follows;
When I test the app as a user with local admin rights it works perfectly and applies the correct file permissions. However, when I run it as a standard user the file permissions are not applied, the directory instead inherits the permissions from C:\Program Files.

It's worth mentioning that the test userid is in a container in the AD that has the "Always install with elevated privileges" policies enabled.

Any ideas would be greatly appreciated.

Regards,
Dave

‎Feb 26, 2003 10:58 PM

0 Kudos
(1) Reply

baking
By
Level 3
One way to get around this is to run a Custom Action in the system context and use the cacls.exe command. This probably isn't the answer your looking for, but I've used it in the past when I couldn't get LockPermissions to behave like I wanted.

Displays or modifies access control lists (ACLs) of files
CACLS filename [/G user:perm] [/R user [...]]
[/P user:perm [...]] [/D user [...]]
filename Displays ACLs.
/T Changes ACLs of specified files in
the current directory and all subdirectories.
/E Edit ACL instead of replacing it.
/C Continue on access denied errors.
/G user:perm Grant specified user access rights.
Perm can be: R Read
W Write
C Change (write)
F Full control
/R user Revoke specified user's access rights (only valid with /E).
/P user:perm Replace specified user's access rights.
Perm can be: N None
R Read
W Write
C Change (write)
F Full control
/D user Deny specified user access.
Wildcards can be used to specify more that one file in a command.
You can specify more than one user in a command.

Abbreviations:
CI - Container Inherit.
The ACE will be inherited by directories.
OI - Object Inherit.
The ACE will be inherited by files.
IO - Inherit Only.
The ACE does not apply to the current file/directory.
********************************************
To put in a custom action:
The CACLS.EXE command line utility does not provide a /Y switch that automatically answers with Y for Yes to the ARE YOU SURE? Y/N prompt. However, you can use the echo command to pipe the character Y as input to the ARE YOU SURE? Y/N prompt when you call Cacls.exe in a batch file.

To programmatically answer with Yes to the ARE YOU SURE? Y/N prompt during batch file execution, use the following command line in your batch file:

echo y| cacls filename /g username:permission

NOTE: Do not type a space between the "y" and the pipe symbol (|), otherwise, Cacls.exe fails to make the permission changes.

‎Mar 06, 2003 07:36 AM

0 Kudos