Discussion:
[WiX-users] registry permissions on new groups
Ian Elliott (Excell Data Corporation)
2008-11-04 19:20:45 UTC
Permalink
Hi,

I've been tasked with the following:

1.) Create a new group

2.) Add permissions to the new group on a registry key

I couldn't find a way to create a new group via wix so ended up using a custom action which calls net.exe.

I'm having trouble trying to use PermissionsEx to set permissions for the new group. Is this possible or does it only allow setting permissions for "standard" groups such as Network Service, Administrators, etc?

Thanks,
Ian

(I Google this and couldn't find anything relevant.)
Chad Miles
2008-11-04 19:26:37 UTC
Permalink
WiX doesn't support group creation I believe.

On Tue, Nov 4, 2008 at 2:20 PM, Ian Elliott (Excell Data Corporation) <
Post by Ian Elliott (Excell Data Corporation)
Hi,
1.) Create a new group
2.) Add permissions to the new group on a registry key
I couldn't find a way to create a new group via wix so ended up using a
custom action which calls net.exe.
I'm having trouble trying to use PermissionsEx to set permissions for the
new group. Is this possible or does it only allow setting permissions for
"standard" groups such as Network Service, Administrators, etc?
Thanks,
Ian
(I Google this and couldn't find anything relevant.)
-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's
challenge
Build the coolest Linux based applications with Moblin SDK & win great
prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________
WiX-users mailing list
https://lists.sourceforge.net/lists/listinfo/wix-users
Bob Arnson
2008-11-04 19:33:43 UTC
Permalink
Post by Ian Elliott (Excell Data Corporation)
I'm having trouble trying to use PermissionsEx to set permissions for the new group. Is this possible or does it only allow setting permissions for "standard" groups such as Network Service, Administrators, etc?
They're formatted strings, so anything goes. Simple check: Is the group
created when SecureObjects is executed?
--
sig://boB
http://joyofsetup.com/
Ian Elliott (Excell Data Corporation)
2008-11-04 20:07:55 UTC
Permalink
Thanks, Bob. The scheduling is correct so I have an error somewhere. I should be able to find it now.

-----Original Message-----
From: Bob Arnson [mailto:***@joyofsetup.com]
Sent: Tuesday, November 04, 2008 11:34 AM
To: General discussion for Windows Installer XML toolset.
Subject: Re: [WiX-users] registry permissions on new groups
Post by Ian Elliott (Excell Data Corporation)
I'm having trouble trying to use PermissionsEx to set permissions for the new group. Is this possible or does it only allow setting permissions for "standard" groups such as Network Service, Administrators, etc?
They're formatted strings, so anything goes. Simple check: Is the group
created when SecureObjects is executed?

--
sig://boB
http://joyofsetup.com/



-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
Ian Elliott (Excell Data Corporation)
2008-11-04 22:00:31 UTC
Permalink
I'm still having trouble with this.

Say I create a group called "Group A". Now, if I want to add permissions for this group to a registry key, what would the PermissionEx tag look like?

Here is one I have tried:

<Component Id="CID_blah" Guid="{some guid}" DiskId="1">
<RegistryKey Id="RID_blah" Root="HKLM" Key="some key" Action="create">
<RegistryValue Id="RVID_blah" Name="blah" Value="blah" Type="string" Action="write"/>

<util:PermissionEx Read="yes" User="Group A"/>

</RegistryKey>
</Component>


I get the error:
ExecSecureObjects: Error 0x80070534: failed to get sid for account: Group A


I know that the account gets created because I don't have a rollback CA and after rollback, the account is present. I also can see if verbose log file that the CA that creates the account occurs before ExecSecureObjects.

Thanks,
Ian

-----Original Message-----
From: Bob Arnson [mailto:***@joyofsetup.com]
Sent: Tuesday, November 04, 2008 11:34 AM
To: General discussion for Windows Installer XML toolset.
Subject: Re: [WiX-users] registry permissions on new groups
Post by Ian Elliott (Excell Data Corporation)
I'm having trouble trying to use PermissionsEx to set permissions for the new group. Is this possible or does it only allow setting permissions for "standard" groups such as Network Service, Administrators, etc?
They're formatted strings, so anything goes. Simple check: Is the group
created when SecureObjects is executed?

--
sig://boB
http://joyofsetup.com/



-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
Bob Arnson
2008-11-05 18:33:08 UTC
Permalink
Post by Ian Elliott (Excell Data Corporation)
Say I create a group called "Group A". Now, if I want to add permissions for this group to a registry key, what would the PermissionEx tag look like?
I don't know that it's supported. SecureObjects relies on
LookupAccountName, which is failing to return a SID for the group:

0x80070534 == ERROR_NONE_MAPPED
No mapping between account names and security IDs was done.

You can try specifying an explicit domain, but the LookupAccountName doc
says it checks the local machine first.
--
sig://boB
http://joyofsetup.com/
Continue reading on narkive:
Loading...