Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How do I add the interactive user to a directory in a localized Windows using WiX?

Tags:

wix

windows-installer

How do I add the Swedish interactive user, 

NT INSTANS\INTERAKTIV

or the English interactive user, 

NT AUTHORITY\INTERACTIVE

or any other localised user group with write permissions to a program folder's ACL?

Is this question actually "How do I use secureObject"? I cannot use the LockPermissions Table because I undestand inheritance is removed. secureObject permissions seem to require CreateDirectory rather than Directory...

like image 357
nray Avatar asked Dec 31 '22 09:12

nray

2 Answers

With recent releases of Wix, you can retrieve the localized names of often-used built-in user and group names via a property. For example, WIX_ACCOUNT_NETWORKSERVICE contains the localized name of the Network Service account. Unfortunately, as of 3.0.4513 NT AUTHORITY\INTERACTIVE is not among them.

There exists a sample MSI custom action that creates properties for many of the built-in user and group names. Get it here. Add the CA to your Wix installer and schedule it early in the install execute sequence.

Once you have the localized account name, add a PermissionEx element to modify your directory's ACL. For example:

<Directory ...>
   <Component ...>
      <CreateFolder>
         <PermissionEx User="[SID_INTERACTIVE]" .../>
      </CreateFolder>
   </Component ...>
</Directory ...>
like image 166
Paul Lalonde Avatar answered Apr 24 '23 11:04

Paul Lalonde

There is no way as such to add both account names to an ACL since they are one and the same. The name you see corresponds to a SID, and that SID is identical in both the English and Swedish localizations. In the case of the INTERACTIVE group, that SID is S-1-5-4.

I haven't followed WiX in a long while, but I expect there has to be a way to specify SIDs for ACLs instead of account names. You should never, ever rely on the account name for well-known accounts unless there is absolutely no way to avoid it. Here is a list of well-known SIDs for reference.

Edit: This post seems to provide a solution to your problem using a custom action to translate the SIDs to account names - apparently WiX doesn't out of the box support using SIDs for Permission or PermissionEx objects.

Here is a more authoritative list of well-known SIDs in Q243330 of the Microsoft Knownledge Base.

like image 26
Mihai Limbășan Avatar answered Apr 24 '23 09:04

Mihai Limbășan
Sign in to Comment

Related questions

WiX burn Upgrade shows uninstall UI at the end
MSBuild: directory.build.props and directory.build.targets does not work with *.wixproj
Register ActiveX exe server using WiX
Adding MimeMap via WIX failed
How to conditionally exclude features from "FeaturesDlg" in WiX 3.0 from a managed Custom Action (DTF)
Set environment variable before running a custom action in WiX
How do I reference the installed path of a file in a registry value?
Where are file counts kept?
WIX CUSTOM ACTION CALL AFTER NEXT
WiX and start program - is it possible to pass parameters?
WIX enable Windows feature
Unresolved reference to symbol " " in section 'Fragment'
What are the limitations/benefits on using MSM instead of MSI?
Wix Bootstrapper setup.exe never starts and log reads Failed to load theme controls
How to change the text shown while NGen is running in a WiX MSI package
VS 2015 Error:The WiX Toolset v4 build tools must be installed to build this project
(Wix) heat.exe could not be loaded with msbuild
How do I compare registry versions in WiX?
Specify the INSTALLLOCATION of packages in WiX inside the Burn managed bootstrapper
Install features based on checkboxes

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!