This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Jeppebm
Level 3
‎Jun 16, 2011 07:31 AM

ICACLS fails on Windows temp folder

Hi,

I am running a custom action setting folder permissions on the windows temp directory. This is my command:

icacls.exe %WINDIR%\Temp /grant "NETWORK SERVICE":RD

The installer fails with error 1722 on some systems:

Note: 1: 1722 2: SetFolderPerms 3: C:\Windows\SysWOW64\ 4: "C:\Windows\SysWOW64\cmd.exe" /c "C:\Program Files (x86)\MYPROGRAM\SetFolderPermissions.bat"

Running the installer from the command prompt sometimes resolves the problem, which leads me to believe that the installer needs Administrative rights to succeed, but I am not sure.
What could be the cause, and what should I do to resolve it.

I will buy a fictive beer for whoever saves my behind. Thank you! 🙂
Labels (1)
Labels
0 Kudos
(5) Replies
MSIYER
Level 8
‎Jun 17, 2011 12:45 AM

You have to be a big-shot on the machine to run Icacls to grant or revoke ACL permissions.
If Icacls could be run by anyone to grant or revoke permissions, the term Admin would become obsolete...

In short, elevation is a must.

Thanks for the beer... Ice-cream would have been better...
0 Kudos
Jeppebm
Level 3
‎Jun 17, 2011 01:57 AM

Thank you! Ice cream it is.

What are my options then? I don't want to ask my end-users to run the installer from an elevated command prompt, there must be some other way? Can I use any built-in features of IS, or perhaps do a check if the user is an administrator? I am new to IS, so bear with me.
0 Kudos
MSIYER
Level 8
‎Jun 17, 2011 02:14 AM

Authoring LockPermissions table is one way which I have never done.
http://msdn.microsoft.com/en-us/library/aa369774(v=vs.85).aspx

Also, it only works, I believ, on folders created by the installer.
0 Kudos
Jeppebm
Level 3
‎Jun 17, 2011 02:18 AM

Okay. I've read about it, but it seems there is a general reluctance among the IS users to use this and rely on custom actions instead. I will look into it though. Will post back when I have a solution.

If anyone has an input on this, I would love to know.

Thank you so far MSIYER!
0 Kudos
DebbieL
Level 17
‎Jun 17, 2011 03:16 PM

Your custom action's In-Script Execution setting may need to be changed. The following blog post has more information:
Just Be Yourself: Understanding Windows Installer (MSI) Custom Action Contexts

InstallShield 2010 introduced a new way to set permissions: custom InstallShield handling. This has advantages over the built-in Windows Installer style support, and it may be easier to implement than writing your own custom actions. To learn more, see:
Securing Files, Folders, and Registry Keys in a Locked-Down Environment
0 Kudos