2

I use the following to create permissions for a folder:

<Directory>
    <CreateFolder>
          <util:PermissionEx GenericAll="yes" User="user"  Domain="domain" />
    </CreateFolder>
</Directory>

What is a preferable way to revoke them for the user on uninstall? RemoveFolder seems not to work with util:PermissionEx.

rudnev
  • 2,281
  • 3
  • 22
  • 31
  • It's unusual to need to set permissions on a folder during install. Why are you doing this? Is the folder under Program Files by any chance? – David Heffernan Dec 27 '10 at 09:57
  • it's "Temporary asp.net files" But there's a bunch of other issues which can require permissions, why not – rudnev Dec 27 '10 at 10:50
  • Why do you need to revoke permissions if it's temporary asp.net files? – Yan Sklyarenko Dec 27 '10 at 11:06
  • Just for consistency here. But in other cases it might be useful though. I don't think it's a very unusual situation – rudnev Dec 27 '10 at 11:40
  • I've written installs for 15 years including SaaS SOA ASP.NET installs and I've never seen this situation. I've never had to set permissions on the asp.net temp files directory so I'm wondering if there's a different problem that should be solved. All too often people "fix" things in the install and that just creates new problems. – Christopher Painter Dec 28 '10 at 16:33
  • 1
    it's rather usual source of problems, though, especially if you don't have a full control on your production environment. But nevertheless, if it would be just a folder which i think user shouldn't have access to after uninstall - why the permission cannot be revoked? – rudnev Dec 29 '10 at 10:09
  • @christopher-painter, when during installation a user is created and permissions are granted, this will result in orphaned SIDs during uninstall if the permissions are not revoked. Of course it would be really cool if the `util:PermissionEx` element would handle this automatically (which seems currently not be the case :-( ). – CodeFox Jul 30 '14 at 16:17
  • See my answer below. There is a group you can join to and avoid this scenario. – Christopher Painter Jul 30 '14 at 17:03

2 Answers2

0

I've recently ran into a situation where a service account needed permissions to the ASP.NET temporary files. The best thing to do is associate the account with the IIS_IUSERS group. This group already had permissions on the ASP.NET temp directory and the C:\windows\temp directory.

Christopher Painter
  • 54,556
  • 6
  • 63
  • 100
0

If the folder is not required after uninstall, you can delete the folder itself.

Sunil Agarwal
  • 4,097
  • 5
  • 44
  • 80