How to set file permissions on an MSI package
Do you have MSI based applications where the user needs write permissions on the application directory. This is common in terminal services environments where the packaged application is not designed to work with terminal services.
Using ORCA you can either create a transform (MST file) or modify the MSI application.
To do this you need to modify a MSI table called LockPermissions. When you set permissions using this all inherited rights are removed and only SYSTEM + your rights are set.
To give all users full control on the application directory you have to fill out a row in the LockPermissions table as shown below.
| LockObject | Type APPDIR to set the application directory. |
| Table | For directories type CreateFolder. |
| Domain | Leave blank for current computer. If you want to match a domain group or user type in the domain name. |
| User | Type Users to give all users full permissions. You can type in other user names or group names. |
| Permission | Type 268435456 for full control. If you want more granular control use either AdvancedInstaller to calculate them or read the MSDN documentation. |
External links:
- LockPermissions table explained
- ORCA download (use on your own risk)
- AdvancedInstaller
Labels: MSI
posted by Helge Olav Helgsen @ 16:27
0 comments
links to this post
0 Comments:
Post a Comment
Links to this post:
Create a Link
<< Home