PDA

View Full Version : [Help] Lock Permission on Registry and files



thegorre
03-22-2007, 08:52 AM
Hi,
Here is my little problem...
Iam using Admin Studio 5.5 to package some app for my client...
When we package the application called Loxane WayPro, the problem is that as a normal user connected on the computer, there are differents access refused
due to the rights on some regsitry key and files
So, we used admin studio to fix some rights on registry key and files
but we don't know all the variable avaible as : [%DOMAINUSER], ........

The real problem is that we have to install the application before the computer is in the domain, so the variable : [%DOMAINUSER] or other don't work
because it doesn't accept the Users groups !!
And when you install it we need to say : all users can access to those regsitry key and files.....

Resum : what can we put on the lock permission from the local group "USERS" or ALL USERS
Also for the domain, as we aren't connected to DOmain

If someone can help me...

Many thanks
Kind regards

LeslieEaster
03-22-2007, 04:21 PM
Hm. Have you tried using setACL.exe or Ccals.exe? Add them in using a custom action. Believe it or not this is actually a fairly common way of solving permission issues...

Hope this helps,

Tony_Toni_Tone
03-22-2007, 08:34 PM
You can just add User and Administrator to use the local groups, no need to use variables..

example LockPermissions

LockObject | Table | Domain | User | Permission
RegKey1 | Registry |_______| Users | 917567
RegKey2 | Registry |_______|Administrators | 983103

You wont be able set permissions using domain groups as they wont get processed because you arent authenticated to domain..

thegorre
03-23-2007, 01:43 AM
Many thanx for all your help,
I will try today....
Many Many thanx

Just one question for you Tony ;)
"
example LockPermissions

LockObject | Table | Domain | User | Permission
RegKey1 | Registry |_______| Users | 917567
RegKey2 | Registry |_______|Administrators | 983103

"

I leave the domain empty, into the permission, then i can put Users to test my installation, but does mean the number : 917567 (where should i put this number) or it is suffisant to put the Users variable without "[]" i think

I continue to use Dev Studio (Admin studio 5.5) or should i use another tools included into this software ?

Many ythanks for all your help

Tony_Toni_Tone
03-23-2007, 06:39 AM
I think you can just right click on the key in 5.5 and select Permissions..

Then just add user groups without.. [] and select permissions.. InstallShield will then populate the Permissions column of the table (with the number that represents effective permissions)


I leave the domain empty, into the permission, then i can put Users to test my installation, but does mean the number : 917567 (where should i put this number) or it is suffisant to put the Users variable without "[]" i think

If you want to do it manually use the Direct Editor so your project is same as msi..

LockObject = Registry Key you want to set
Table = Registry
Domain = Empty
User = Group used to set permissions
Permission = Decimal representation of effective permissions

917567 = All permissions except delete key
983103 = Full Permissions

Lockpermissions removes all current permissions except SYSTEM, so in locked down environment normally you would add 2 groups, 1 for admins and 1 for users.

:)

thegorre
03-23-2007, 08:18 AM
Hi,
Ive just tested the way :

I put into the permissions only in the User's line : Users
And only this, no Domain
When i test the appl after the installation, with a simple user : no problem of rights
Every Thing is GOOD !!!

MANY MANY MANY thanks ......

Kinds Regards

thegorre
03-23-2007, 08:45 AM
Hi,
My last little question: is there a way, when you have to apply permission to a tree of folder, to apply it on time and not, folder after folder
Actually i have to go into each folder and apply for each one the good rights

Is there a way or command to apply once

Many Thanx

thegorre
03-23-2007, 08:49 AM
Hi,
I find a way to apply those rights easylu but i think there one better

I go into the lowest level of the folder and apply the good rights to this.
When a verify the parent directory, it gets the good rights applied before

May be there's another way

Tony_Toni_Tone
03-23-2007, 11:29 AM
Not sure I understand but rights should filter down from key they were applied to, if you need permissions appending it is better to use the method Leslie described..

thegorre
03-26-2007, 03:17 AM
Hi,
Ive just try to test the permissions with Setacl.exe
Thats a good tools !
Pb: i can't change any permissiion on the Hkey Classes Root folder tree !!
Strange

Out of this problem i use this tools to apply the good persmissions to my folders !
Result : when i test my application none of those permissions were present !
Nothing seems to have been applyed !!

It is very strange in fact !!!

What is very strange is that all the permissions verified and applied doesn't appear into DevStudio for instance.... neither into the OS when you install the application

thegorre
03-26-2007, 04:36 AM
Hi,
Ive just verifies one this :
The Repackger don't keep the all permission i put when i've done a monitoring neither with a snapshot !!

Some one got an idea

Tony_Toni_Tone
03-26-2007, 07:09 AM
Repackager wont capture permissions, they need to be applied manually via a custom action or lockpermissions..