1

I want to modify permissions for Users in C:\ProgramData when my install runs. Just add WRITE permission. I'm using a vb script to edit the msi tables.

This query is running okay, adding the row, but the installer is not setting the permission. I am using the ALL permission setting here, I don't know what the correct generic read/write value is.

query = "INSERT INTO LockPermissions (LockObject, Table , User, Permission) VALUES ('COMMONAPPDATAFOLDER', 'Directory', 'Users', 268435456)"

I can't find a working example for this, and it must be a pretty common scenario. I think that COMMONAPPDATAFOLDER resolves to a path about like this:

C:\ProgramData\CompanyFoo\Foo Product Name

but I am not sure. I would want to set the permission on the "CompanyFoo" directory, but I don't know how.

Edit: this is for a build script, not a custom msi action. My problem is that I'm not using an install framework like installshield, I am modifying the crippled output of a visual studio deployment project.

P a u l
  • 7,805
  • 15
  • 59
  • 92
  • Nope, changing permissions on system folders is not a common scenario. Nor is it recommended. – Michael Urman Feb 14 '12 at 12:30
  • I've done it several times at the CommonAppDataFolder/Company/Product level. The problem is, when you get into locked down environments and an application saves files which is expected to be available to other profiles on the machine, where exactly can you / should you put it? Is there another location I'm not aware of? – Christopher Painter Feb 14 '12 at 14:23
  • I tried to suggest that developement write a service that can upload and download documents to a virtual store but they didn't want to do it. They just opened up the product data folder instead. Basically we needed a Public Documents\Company\Product type structure. – Christopher Painter Feb 14 '12 at 14:25
  • @michael: thank you for answering. My research indicates otherwise. Please refer to http://stackoverflow.com/questions/5116911/where-to-store-application-data-in-windows-7-and-vista (the marked answer). This is exactly what I am trying to do. I also see that major sofware vendors are also doing this. – P a u l Feb 14 '12 at 23:58
  • Michael is right in the general case. I've seen many major software vendors do things that they shouldn't do. – Christopher Painter Feb 15 '12 at 00:26
  • Yes but this means that the guidance for "ProgramData" is that it remains static read only forever. This is not feasible for obvious reasons, and I am not sure this is what Microsoft intended. I need the guidance for where to put the sqlite databases so all users can get to them. – P a u l Feb 15 '12 at 00:56
  • Ah, a subfolder is different from a system folder. I think I misread the original intent in this subtle but important way. Still, unless the files need to be shared across users, it's generally better to use their appdata folder instead. – Michael Urman Feb 15 '12 at 12:34
  • I thought I was clear about this. The databases are shared read/write with all users. – P a u l Feb 16 '12 at 03:11

2 Answers2

1

I finally got it to work. For the vs2010 install project, COMMONAPPDATAFOLDER is not actually c:\programdata, it is c:\programdata\foocompany where you set foocompany in the project settings. So this does the right thing. 268435456 = all permissions.

'COMMONAPPDATAFOLDER
query = "INSERT INTO `LockPermissions` (`LockObject`, `Table` , `User`, `Permission`) VALUES ('COMMONAPPDATAFOLDER', 'CreateFolder', 'Everyone',  268435456)" 
Set view = database.OpenView (query)         
view.Execute

query = "INSERT INTO `LockPermissions` (`LockObject`, `Table` , `User`, `Permission`) VALUES ('COMMONAPPDATAFOLDER', 'CreateFolder', 'Administrators',  268435456)" 
Set view = database.OpenView (query)         
view.Execute
P a u l
  • 7,805
  • 15
  • 59
  • 92
0

Why do you need a custom action to insert a row into the lockpermissions table? Just author it directly into the MSI as the Domain and User columns are Formattable.

Christopher Painter
  • 54,556
  • 6
  • 63
  • 100
  • I can't edit the msi with orca everytime I need to do this. This is for an automated build. – P a u l Feb 14 '12 at 23:53
  • This is also not an 'action'. It is part of a build script. – P a u l Feb 14 '12 at 23:59
  • What tool are you using to build the original MSI? – Christopher Painter Feb 15 '12 at 00:08
  • I am using a vanilla visual studio deployment project for a windows forms application. It is all working okay, except if the user has UAC on. Then their data writes go into the blasted virtualstore which is not correct for the 'all users' requirement. – P a u l Feb 15 '12 at 00:15
  • Ah, that explains your need to postbuild tweak the MSI. Might I suggest looking at two things. 1) Use WiX DTF's Microsoft.Deployment.WindowsInstaller library to write C#/VB classes to update the MSI. Instead of maintaining a list of SQL statements, consider generating a transfrom and then simply using the postbuild to apply the transform to the base MSI. That way you can maintain the transform in Orca rather then SQL. – Christopher Painter Feb 15 '12 at 00:23
  • This sounds awesome. We are not supposed to hire people via stackoverflow, but I am very pressed for time on this. Do you have link I can follow to set this up? – P a u l Feb 15 '12 at 01:01
  • I wasn't really solicting as this would be a really small project for me. Probably about 1 hour to write and document the solution. – Christopher Painter Feb 15 '12 at 01:24
  • Well your 1 hour would take me 40 due to the ramp up time :+> (I reject the offer to go to chat!) – P a u l Feb 15 '12 at 02:12
  • chrpai@iswix.com is my contact information. We could do this as a one hour webex showing you the basics to get you going. – Christopher Painter Feb 15 '12 at 02:36