Discussion:
[WiX-users] Add User to predefined group fails
tgoffice
2008-12-04 09:14:11 UTC
Permalink
I want to create a new local user which should be added automatically to
"Administrators" and "Users" group.

I use the predefind properties of WIX UtilExtension
"WIX_ACCOUNT_ADMINISTRATORS" and "WIX_ACCOUNT_USERS".

<util:Group Id="AdministratorsGroup" Name="[WIX_ACCOUNT_ADMINISTRATORS]"/>
<util:Group Id="UserGroup" Name="[WIX_ACCOUNT_USERS]"/>

<util:User Id="ProcessEngine_Web_User" CreateUser="yes"
CanNotChangePassword="yes" Disabled="no" Name="WixTest" Password="WixTest"
PasswordExpired="no" PasswordNeverExpires="yes" RemoveOnUninstall="yes"
UpdateIfExists="no">
<util:GroupRef Id="AdministratorsGroup"/>
<util:GroupRef Id="UserGroup"/>
</util:User>

The property returns "BUILTIN\Administrators". If I remove "BUILTIN\" it is
working.

The following error is logged to installer.log (used msiexec /i
"WixProject2.msi" /l*v "installer.log")

MSI (s) (50:5C) [08:59:49:546]: Invoking remote custom action. DLL:
C:\WINDOWS\Installer\MSI10.tmp, Entrypoint: CreateUser
CreateUser: Error 0x80004002: Failed to get group
'WinNT://BUILTIN\Administrators'.
CreateUser: Error 0x80004002: failed to add user: WixTest to group
BUILTIN\Administrators
MSI (c) (0C:08) [08:59:50:087]: Font created. Charset: Req=0, Ret=0, Font:
Req=MS Shell Dlg, Ret=MS Shell Dlg

Error 26403. Failed to add user to group. (-2147467262 WixTest
BUILTIN\Administrators )
MSI (s) (50!AC) [08:59:59:831]: Product: _WixCreateUser -- Error 26403.
Failed to add user to group. (-2147467262 WixTest
BUILTIN\Administrators )

Action ended 8:59:59: InstallFinalize. Return value 3.

I have attached the whole project and the compiled MSI:
http://n2.nabble.com/file/n1612823/WixCreateUser.zip WixCreateUser.zip

I used WIX 3.0.4721.0, compiled on Vista SP 1.
I tried to install the MSI on several windows versins:

English Server 2003 SP2 (Windows Installer V3.01.4000.3959)
WIX_ACCOUNT_ADMINISTRATORS returns "BUILTIN\Administrators"


German Vista SP1 (Windows ® Installer. V 4.5.6001.22162 )
WIX_ACCOUNT_ADMINISTRATORS returns "Vordefiniert\Administrators"

German Serve 2003 SP2 (Windows ® Installer. V 3.01.4000.3959)
WIX_ACCOUNT_ADMINISTRATORS returns "Vordefiniert\Administrators"

Is this a bug?

Regards
Thomas Gasser
--
View this message in context: http://n2.nabble.com/Add-User-to-predefined-group-fails-tp1612823p1612823.html
Sent from the wix-users mailing list archive at Nabble.com.
Richard
2008-12-04 15:48:26 UTC
Permalink
Post by tgoffice
I want to create a new local user which should be added automatically to
"Administrators" and "Users" group.
IMO, this is probably a giant security hole in your application
because your are almost certainly grabbing more privileges and rights
than you need. The minimum appropriate priveleges and rights should
be added to the new user you're creating -- not granting them
arbitrary access to do anything on the machine by adding them to
Administrators. At the very least, this new user better be disabled
for interactive logins.
--
"The Direct3D Graphics Pipeline" -- DirectX 9 draft available for download
<http://www.xmission.com/~legalize/book/download/index.html>

Legalize Adulthood! <http://blogs.xmission.com/legalize/>
tgoffice
2008-12-04 18:17:12 UTC
Permalink
It could be a giant security hole, that's true, nevertheless the wix command
should work, right?
Post by Richard
Post by tgoffice
I want to create a new local user which should be added automatically to
"Administrators" and "Users" group.
IMO, this is probably a giant security hole in your application
because your are almost certainly grabbing more privileges and rights
than you need. The minimum appropriate priveleges and rights should
be added to the new user you're creating -- not granting them
arbitrary access to do anything on the machine by adding them to
Administrators. At the very least, this new user better be disabled
for interactive logins.
--
"The Direct3D Graphics Pipeline" -- DirectX 9 draft available for download
<http://www.xmission.com/~legalize/book/download/index.html>
Legalize Adulthood! <http://blogs.xmission.com/legalize/>
-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's
challenge
Build the coolest Linux based applications with Moblin SDK & win great
prizes
Grand prize is a trip for two to an Open Source event anywhere in the
world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________
WiX-users mailing list
https://lists.sourceforge.net/lists/listinfo/wix-users
--
View this message in context: http://n2.nabble.com/Add-User-to-predefined-group-fails-tp1612823p1614682.html
Sent from the wix-users mailing list archive at Nabble.com.
Rob Mensching
2008-12-05 01:09:20 UTC
Permalink
I've found that getting the built-in user names is always tricky. There are several different APIs and they all seem to have their preferences. You can look at the code if you want to see which APIs are getting called or just play around with the names until you find the ones that work.

-----Original Message-----
From: tgoffice [mailto:***@web.de]
Sent: Thursday, December 04, 2008 10:17
To: wix-***@lists.sourceforge.net
Subject: Re: [WiX-users] Add User to predefined group fails


It could be a giant security hole, that's true, nevertheless the wix command
should work, right?
Post by Richard
Post by tgoffice
I want to create a new local user which should be added automatically to
"Administrators" and "Users" group.
IMO, this is probably a giant security hole in your application
because your are almost certainly grabbing more privileges and rights
than you need. The minimum appropriate priveleges and rights should
be added to the new user you're creating -- not granting them
arbitrary access to do anything on the machine by adding them to
Administrators. At the very least, this new user better be disabled
for interactive logins.
--
"The Direct3D Graphics Pipeline" -- DirectX 9 draft available for download
<http://www.xmission.com/~legalize/book/download/index.html>
Legalize Adulthood! <http://blogs.xmission.com/legalize/>
-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's
challenge
Build the coolest Linux based applications with Moblin SDK & win great
prizes
Grand prize is a trip for two to an Open Source event anywhere in the
world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________
WiX-users mailing list
https://lists.sourceforge.net/lists/listinfo/wix-users
--
View this message in context: http://n2.nabble.com/Add-User-to-predefined-group-fails-tp1612823p1614682.html
Sent from the wix-users mailing list archive at Nabble.com.


-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/

Continue reading on narkive:
Loading...