Set permissions for existing folders and files in ProgramData with WiX Toolset

橙三吉。 提交于 2021-02-08 23:43:27

问题


I've inherited a project that uses WIX Toolset (3.10.3) to build the installation package. The application downloads and stores shared data in c:\ProgramData\Vendor\ApplicationName. This path is however not created during the installation, but rather during the execution of the application itself, whenever the path is requested for the first time.

I've now discovered a permissions related problem that occurs when multiple Windows users uses the application. Whenever the application downloads new data files from back-end, it's the current windows user that gets "Full control" permissions for those files. When someone else logs in with another Windows account, they only have read permissions to those files. And these mixed permissions causes problems when the application tries to keep the local files synchronized with back-end.

Since the application doesn't require elevated priviliges, I have to correct this during the installation. As a first step, I've now made sure that the c:\ProgramData\Vendor\ folder is created during installation, and that it gets correct permissions with <util:PermissionEx User="Everyone" GenericAll="yes" />. Since these permissions are inherited, it will solve the problem for all users doing a fresh install.

The problem is that the permissions are only inherited by folders/files created after the installation. This means that users who upgrades from a previous version will still have data files left with mixed permissions. I therefore need to make sure that all existing folders and files gets the new permissions during installation. How do I accomplish this?


回答1:


Ok, this is how I solved it. Hope it can help someone else in the future.

First, I added the following things to the wxs file for the MSI:

<Directory Id="CommonAppDataFolder">
    <Directory Id="ProgramDataVendorFolder" Name="MyVendor">
        <!--This will create the \ProgramData\MyVendor\MyProductName\ folder. -->
        <Directory Id="ProgramDataAppFolder" Name="MyProductName" />
    </Directory>
</Directory>

<DirectoryRef Id="ProgramDataAppFolder">
<Component Id="CmpCreateCommonAppDataFolderWithPermissions" Guid="13ae94b7-9ef5-4181-bfa9-933844a13418" Permanent="yes">
  <CreateFolder>
    <!--This will ensure that everyone gets full permissions to the folder that we create in the ProgramData folder. -->
    <util:PermissionEx User="Everyone" GenericAll="yes" />
  </CreateFolder>
</Component>  
</DirectoryRef> 

And then included it:

<Feature Id="ProductFeature" Title="$(var.ProductName)" Level="1">
    <!--Add folder -->
    <ComponentRef Id="CmpCreateCommonAppDataFolderWithPermissions" />
</Feature>

These three things made sure that all users had full access to the folder in ProgramData, even if the folder already exists.

But changing the permissions will not be enough, if file virtualisation is already active due to previous permissions problems. To turn off file virtualisation, I added an app.manifest to my executable with:

<requestedExecutionLevel  level="asInvoker" uiAccess="false" />

Keep in mind that if the previously used VirtualStore contains files that are important, they will not automatically appear in the ProgramData folder.

More info regarding file/registry virtualization can be found here: https://blogs.technet.microsoft.com/mrsnrub/2010/08/11/uac-virtualization-allowing-standard-users-to-update-a-system-protected-area/



来源:https://stackoverflow.com/questions/40239120/set-permissions-for-existing-folders-and-files-in-programdata-with-wix-toolset

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!