cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SoftVIP
Level 2

Change folder permissions

In my Files & Folders view, I go to my folder for which I want to add permissions and right click on it. I go to the permissions button and I add my users and their respective permissions. When I run the setup, it seems to completely remove any existing users and their permissions and only add the users that I set in the permissions view. Is there a way that I can add user permissions to a folder without changing any existing permissions?
Labels (1)
0 Kudos
(6) Replies
Sascha_M_
Level 3

Hi,
same Problem here. Anybody found a solution?
0 Kudos
joshstechnij
Level 10 Flexeran
Level 10 Flexeran

Setting permissions through InstallShield populates the LockPermissions table in the MSI package you are building. Unfortunately, the behavior you are seeing is expected behavior for the functionality provided by this table in current versions of Windows Installer (see the MSDN doc LockPermissions Table for more information).

You may try using a custom action to set permissions instead, and use a utility such as cacls to set permissions as needed through the custom action.
0 Kudos
Kyle_Gibson
Level 3

I personally use cacls in my projects and it works magically.

pushd c:\windows\system32
:: /T - Traverse/Recursive
:: /E - Edit ACL instead of replacing
:: /C - continue if access is denied
:: /G - grant privilege
cacls "%1\YYYYYYY" /T /C /E /G Users:F
cacls "%ALLUSERSPROFILE%\Documents\XXXXXX" /T /E /C /G Users:F
popd
:: pause


In this case, %1 gets set to TARGETDIR. I use LaunchAppAndWait to call this script in a bat file.

If you don't want your users to see what's happening you can redirect cacls output to NUL ( cacls ... > NUL )
0 Kudos
RGfocus
Level 3

This works fine for English OS, problem is other OS languages. On a norwegian XP Pro cacls ... Users:F won't work (cacls...Brukere:F will..).

I'm trying to set permissions to my CommonAppData subfolder (installscript MSI project, IS 2009). Here's what I've tried so far.
- cacls - works fine, but is "language specific"
- LockPermissions table - cannot get this to work (using Permissions in file/folder view)
- tried some old win API scripts. Works fine, but not in vista.

Any other ideas how to get this done?
0 Kudos
Sascha_M_
Level 3

Hi,

I have write my own function to get a groupname from SID:

function STRING GetUserGroupFromSid(szSid, szServer)
OBJECT oWMI, oWMI2;
OBJECT oAccount;
STRING szNamespace, szResult, szAccount;
begin
try
set oWMI = CreateObject("WbemScripting.SWbemLocator");
if IsObject(oWMI) then
set oWMI2 = oWMI.ConnectServer(szServer,"root/CIMV2");
if IsObject(oWMI2) then
szNamespace = "Win32_SID.SID='" + szSid + "'";
set oAccount = oWMI2.Get(szNamespace);
if IsObject(oAccount) then
set oWMI = NOTHING;
set oWMI2 = NOTHING;
szAccount=oAccount.AccountName;
set oAccount = NOTHING;
return szAccount;
endif;
endif;
endif;
catch
return "-1";
endcatch;
end;


Call this function to get groupname for everyone:

szEveryOneGroup = GetUserGroupFromSid("S-1-1-0", ".");


Hope this helps...
0 Kudos
RGfocus
Level 3

Hi Sascha - works perfect - THANKS a lot 🙂 !


// Setting full permissions for All users group
szUserGroup = GetUserGroupFromSid("S-1-1-0", ".");

szDir = svMyFolderPath;
LongPathToQuote(szDir, TRUE);
szProgram = "cacls";
szCmdLine = " " + szDir + " /T /C /E /G " + szUserGroup + ":F";
LaunchAppAndWait(szProgram, szCmdLine, WAIT | LAAW_OPTION_SHOW_HOURGLASS);


Using (as you can see) cacls.exe. Works fine on vista too, but are there any reason I should rather use icacls.exe ("Cacls on steroids" 🙂 ) for Vista?
According to this article you can get the error "Cacls is now deprecated, please use Icacls" if using cacls. I haven't seen this error myself...
Again - thanks a lot Sascha M!
0 Kudos