<CreateFolder >
<Permission User='System' GenericAll='yes' Extended='no'/>
<Permission User='Hello' GenericAll='yes' Extended='yes' Domain='[ComputerName]' />
</CreateFolder>
<User Id='Hello' Name='Hello' CreateUser='yes' Domain='[ComputerName]' >
<GroupRef Id='Users'/>
</User>
Dana
On 9/8/06, roxana <
[EMAIL PROTECTED]> wrote:
Dana Gutride a écrit :
> What happens if you just try to set the permission for the user that
> you want to use: <Permission User='Everyone' GenericAll='yes' />.
> Doing this results in the folder created having only Everyone and
> System with permissions on the folder. Users does not show up in the
> ACL list.
>
> There are additional properties you can set in the extended permission
> element, so you might be able to specify that you don't want this
> permission appended to any existing permissions. The documentation
> states: "By using the SecureObject custom action you can apply
> permissions for many more well known user SIDs as well as for user
> accounts that are created as part of the install." Is the user you
> need to give access to created during your install or does it have a
> well known sid so you can use the lock permissions table in the MSI?
>
> Dana
>
> On 9/8/06, *roxana* < [EMAIL PROTECTED]
> <mailto:[EMAIL PROTECTED]>> wrote:
>
> Dana Gutride a écrit :
> > Roxana:
> >
> > The following works for me. You might want to try some variation of
> > these in your install.
> >
> > <Permission User='Everyone' GenericAll='yes' /> (this uses the
> > lockpermissions table)
> > <Permission User="ASPNET" Domain="[ComputerName]" GenericAll="yes"
> > Extended="yes"/>
> > <Permission User="IIS_WPG" Domain="[ComputerName]" GenericAll="yes"
> > Extended="yes"/> (IIS_WPG is a group)
> >
> > How are you formatting your permission element?
> >
> > Dana
> >
> > On 9/8/06, *roxana* < [EMAIL PROTECTED]
> <mailto: [EMAIL PROTECTED]>
> > <mailto: [EMAIL PROTECTED]
> <mailto:[EMAIL PROTECTED]>>> wrote:
> >
> > Hello list,
> >
> > I was just wondering if it is possible to modify permissions
> for
> > groups,
> > such as Users.
> >
> > Actually, I need to get rid of the Users group for one of my
> > folders and
> > to set a ACL for just one specific user and administrators.It
> > seems that
> > LOCAL_MACHINE _NAME\Users is there by default. Trying to
> configure a
> > Permission for this group gives me un MSI error:
> >
> > "An error occured while applying security settings.
> > Sony_Portable\Users
> > is not a valid user or group. This could be a problem with the
> > package,
> > or a problem connecting to a domain controller on the
> network. Check
> > your network connection and click Retry, or Cancel to end the
> > install."
> >
> > While using the Extended = yes and Domain = LOCAL_MACHINE_NAME
> > attributes, I get another strange message in logs:
> >
> > "ExecSecureObjects: Error 0x80070534: *failed* *to* *get*
> *sid* *for*
> > *account*: Sony_Portable\Users
> > Action ended 9:17:19: InstallFinalize. Return value 3.
> > ..."
> >
> > So...it is TRUE that Sony_Portable\Users is not an user account
> > like the
> > log indicates, but it must be a way to touch groups'
> permissions!
> >
> > I am running out of ideas...I will much appreciate any help.
> > Thanks a lot!
> >
> > Roxana
> >
> >
> -------------------------------------------------------------------------
> > Using Tomcat but need to do more? Need to support web services,
> > security?
> > Get stuff done quickly with pre-integrated technology to
> make your
> > job easier
> > Download IBM WebSphere Application Server v.1.0.1 based on
> Apache
> > Geronimo
> >
> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
> <http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 >
> >
> <http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
> < http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642>>
> > _______________________________________________
> > WiX-users mailing list
> > WiX-users@lists.sourceforge.net
> <mailto: WiX-users@lists.sourceforge.net>
> > <mailto: WiX-users@lists.sourceforge.net
> <mailto: WiX-users@lists.sourceforge.net>>
> > https://lists.sourceforge.net/lists/listinfo/wix-users
> >
> >
> Thanks for the reply Dana,
>
> Actually, I'd like to eliminate (delete) the Users group for this
> folder
> so as the restrictions be tough enought for just one user account. If
> that's not possible, at least have no permission at all for
> Users...Something like:
>
> <Permission User="Users" Domain="[ComputerName]" GenericAll="no"
> Extended="yes"/>
>
> but this gives me the same error message (failed to get sid for
> account...) and I suppose it will DENY ALL for Users... which is
> not so
> desirable! I think Administrator account is a member on this group...
>
> Best regards,
> Roxana
>
>
> ------------------------------------------------------------------------
>
> -------------------------------------------------------------------------
> Using Tomcat but need to do more? Need to support web services, security?
> Get stuff done quickly with pre-integrated technology to make your job easier
> Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
> ------------------------------------------------------------------------
>
> _______________________________________________
> WiX-users mailing list
> WiX-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/wix-users
>
1. You were right about the Everyone group, but granting ALL for this
group is even worst than letting Users into the ACL.
2. The user account we are talking about is created by the installer. I
even managed to set its ACL like the following code shows:
<Component ....
<CreateFolder ...
<Permission User="XXX" Extended="yes" Domain="[MachineName]"
GenericRead="yes" Read="yes" />
</CreateFolder>
</Component>
This works very well so far. If I add another permission element, for
instance:
<Permission User="Users" Extended="yes" Domain="[MachineName]"
GenericAll="yes" />
the installer gives me the well known error. I don't understand why MSI
doesn't consider the Users group as a well known sid, for this seems to
be the problem...
Thanks again :-)
3.
-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
WiX-users mailing list
WiX-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wix-users
------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________ WiX-users mailing list WiX-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wix-users
