How to Set Directory Permissions at Install time using a MSI Created using Windows Installer XML (WIX)

Original Link:http://blogs.msdn.com/b/cjacks/archive/2008/12/04/ How-to-set-directory-permissions-at-install-time-using-an-msi-created-using-windows-installer-xml-wix.aspxAuthor:chris Jackson

following content is the directly reprinted from above link and the for knowledge sharing. Please go to above link for more detailed info. thanks~

Here is a topic I has been saying "I ll get to it" for a while now ...

We ' ve talked a lot of UAC here, and I had really stressed the point that's standard users shouldn ' t being able to affect OT She is the users or the machine itself, and if you are want to violate this rule then you need to doing so explicitly.

The one area, I ' ve received some questions on are what does about shared user data. You should is using C:\programdata (not hard coded, the course!) to put your shared user data into, and then explicitly set Ting the ACL. You'll need elevated permissions to set this ACL, so the should be doing so at install time.

Now, here's the part of the makes people nuts (and rightly so!) –we then never bother to tell you how you can set that at I Nstall time! At best, we'll give you some hints. Want to know something interesting? You ' d probably is surprised at how many people don ' t know what do I themselves, but nonetheless'll happily tell you That's it ' s what you ought to be doing.

I think that's kind of rude, so I figured I ' d actually spend some time poking around so if I tell you to do it, I C Ould then answer the follow-up question of, "OK then, how?".

Of course, installers could is anything, and I don ' t know all of the tools (not by a long shot). I ' ve never been a packager. I had to pick something, though, so I picked what I thought is Best–an MSI. If you ' re writing arbitrary code (or a custom action), you can just use the Windows APIs directly to set up the security de Scriptor. But you actually get OK (note I didn ' t say "great", or even "good") of the support from the Windows Installer framework.

But how should I build the MSI? I prefer WIX. One comment talks about using the Visual Studio Setup and Deployment Project. I recommend you don't pass go and do not collect $ until you install WIX instead. It's not quite as simple, but it actually exposes the power of the platform instead for simplifying it by not letting a Ctually use the whole thing.

So, here's the XML I wrote for WIX to create a folder (which I has to do explicitly since I made an empty one) and set th e ACL to allow the Everyone group full control of the This folder:

 
 
<?xml version="1.0" encoding="UTF-8"?> 
<Wix xmlns="http://schemas.microsoft.com/wix/2006/wi"> 
  <Product Id="1cf0f45f-3a04-4878-becc-6f6b4331bfb6" Name="InstallerDirectoryPermissions" Language="1033" Version="1.0.0.0" Manufacturer="InstallerDirectoryPermissions" UpgradeCode="f9a6c7b0-6ed9-4b46-9db1-653eeb568236"> 
    <Package InstallerVersion="200" Compressed="yes" /> 
    <Directory Id="TARGETDIR" Name="SourceDir"> 
      <Directory Id="CommonAppDataFolder"> 
        <Directory Id="MySharedFolderId" Name="MySharedFolder"> 
          <Component Id="SharedFolderComponent" Guid="84A264EF-2BC5-41e3-8124-2CA10C2805DB"> 
            <CreateFolder Directory="MySharedFolderId"> 
              <Permission User="Everyone" GenericAll="yes" /> 
            </CreateFolder> 
          </Component> 
        </Directory> 
      </Directory> 
    </Directory> 
    <Feature Id="FolderPermissions" Title="InstallerDirectoryPermissions" Level="1"> 
      <ComponentRef Id="SharedFolderComponent" /> 
    </Feature> 
  </Product> 
</Wix>

If you compile this to create an MSI, and then edit it with Orca, you'll see the entries in the Directory, CreateFolder, a nd lockpermissions tables that make all of the This magic happen.

Now, remember how do I said that the support is just OK? Well, there is a look at the "we put into the" Permissions entry (which ends up in the Lockpermissions table) – it ' s just plain 中文版. Well, your ' re the one responsible for localizing this. From the docs:

"User-the column that identifies the localized name of the User for which permissions is to be set."

Why did I choose the Everyone group? Because It's special cased: "The common user names ' Everyone ' and ' Administrators ' is entered in 中文版 and is Mappe D to well-known SIDs. " (Please note:i don't speak any other languages, so I don ' t has any localized versions of Windows Installed–feel free t o correct me if you did and I have misinterpreted this!)

If you just wanted to target users, or domain users, or some other group, and your support multiple languages, you ll W Ant to do this work inside of a custom action ("A custom action was required to enter the localized name of any other user or group. "). Unless, of course, you already has that value in a property, such as the LogonUser property.

Hopefully this helps what does it, instead of us just telling you ' go look it up. Because you probably has enough to do already.

How to Set Directory Permissions at Install time using a MSI Created using Windows Installer XML (WIX)