cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

InstallScript and PowerShell: Set Folder Permissions So Only an Administrator Can Access a Specific Folder

InstallScript and PowerShell: Set Folder Permissions So Only an Administrator Can Access a Specific Folder

Description:

This article will discuss folder permissions. This article will discuss how to set folder permissions so only an Administrator can access a specific folder. All other users will be denied access.

Solution:
This can be done by using the following command:

icacls "C:\Program Files (x86)\Folder" /inheritance:r /grant Administrators:F


Via InstallScript:

Steps:

1. Create a Basic MSI project.
2. Create a feature and a component then add files.
3. In the General Information View, confirm the folder you want to restrict (for example, INSTALLDIR).
4. Create one batch file for the command (Permission.bat) with the following batch file contents:

@echo off
title folderpermission
icacls "C:\Program Files (x86)\Folder" /inheritance:r /grant Administrators:F
echo "Done!"


5. Navigate to the InstallScript View and add the following InstallScript code in the InstallScript Setup.rul:

#include "ifx.h"
export prototype Icacls(HWND);

function Icacls(hMSI)
// To Do: Declare local variables.
STRING szCmdline,szProgram;
begin
szProgram = "C:\\Users\\Administrator\\Desktop\\Permission.bat";
szCmdline = SystemFolder+"\\cmd.exe /c";
LaunchApp (szProgram,szCmdline);
end;


6. Build the project then run the installer.
7. Log in as a non-admin user and check the folder permissions by trying to access the C:\Program Files\Folder folder. Only Administrators will have access to view the contents of the folder.

 

Via PowerShell:

PowerShell Script:

Invoke-Expression -Command:"icacls 'C:\Program Files (x86)\Permission' /inheritance:r /grant Administrators:F"


Steps:

1. Create a Basic MSI project.
2. Create a feature and a component then add files.
3. In the General Information View, confirm the folder you want to restrict (for example, Permission).
4. Create the following PowerShell script with the following contents (test.ps1):

Invoke-Expression -Command:"icacls 'C:\Program Files (x86)\Permission' /inheritance:r /grant Administrators:F"

5. Configure a PowerShell custom action.
6. Build the project then run the installer.
7. Only an Administrator will be able to access the C:\Program Files\Permission folder to view the contents of the folder and a non-admin user will not be able to access the C:\Program Files\Permission folder.

No ratings
Version history
Last update:
‎Sep 16, 2021 11:57 AM
Updated by: