Ok, success. I used LockPermissions to apply the permissions for SYSTES ( in the process blasting everything else out... ) and util:PermissionEx to apply the permission for the service account ( augmenting the previous step ). This CA fires after the User creation CA so it's all good to go.
But if there is a better way, I'm all ears. ---------------------------------------- From: "Christopher Painter" <chr...@iswix.com> Sent: Wednesday, June 06, 2012 2:49 PM To: "General discussion for Windows Installer XML toolset." <wix-users@lists.sourceforge.net>, wix-users@lists.sourceforge.net Subject: Re: [WiX-users] Problem setting directory permissions using newly created account I tried a hack where I put ConfigureUsers in the target InstallExecuteSequence ahead of CreateFolders so that it would already be there during the merge process. It works in the sense the order is altered but it doesn't work. I'm suspecting that ConfigureUsers is calling DoAction to schedule the deferred actions and they are after CreateFolder. So I guess I need to dig deep and figure out technique #2. ---------------------------------------- From: "Christopher Painter" <chr...@iswix.com> Sent: Wednesday, June 06, 2012 2:37 PM To: wix-users@lists.sourceforge.net Subject: [WiX-users] Problem setting directory permissions using newly created account I have a scenario where I need to lock down a directory so that only system and a local service account that I'm creating can access it. I'm encapsulating this in a merge module. I've tried two techniques: 1) Permission element nested under a CreateFolder element. The problem with this technique is the ConfigureUsers CA gets scheduled to execute before the base action of InstallFiles. This is *AFTER* the CreateFolders standard action. ?? This seems broken to me. 2) Util:PermissionEx element. This one doesn't have the forementioned problem but I haven't used it much in the past and I'm a little confused on how to break permission propogation and strip out the existing ACLs that are there. Any solution on making one of these or another work would be really appreciated. Thanks, Chris ---------------------------------------------------------------------------- -- Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ WiX-users mailing list WiX-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wix-users ---------------------------------------------------------------------------- -- Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ WiX-users mailing list WiX-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wix-users ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ WiX-users mailing list WiX-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wix-users
