WiX set App_Data folder permission to modify for NetworkService
I'm struggling with this one. I need to set the permissions of the App_Data folder in an ASP.Net site to Modify for the NetworkService account via my Wix installer. I tried the following but with no luck.
<CreateFolder>
<util:PermissionEx GenericAll="yes" ChangePermission="yes" Delete="yes"
DeleteChild="yes" User="[WIX_ACCOUNT_NETWORKSERVICE]" />
</CreateFolder>
I tr开发者_开发问答ied also specifying Append but I got an error saying it's not allowed.
You want User="NetworkService". There is a list of well known users in the SecureObj.cpp code that backs PermissionEx.
`// figure out the right user to put into the access block
if (!*pwzDomain && 0 == lstrcmpW(pwzUser, L"Everyone"))
{
hr = AclGetWellKnownSid(WinWorldSid, &psid);
}
else if (!*pwzDomain && 0 == lstrcmpW(pwzUser, L"Administrators"))
{
hr = AclGetWellKnownSid(WinBuiltinAdministratorsSid, &psid);
}
else if (!*pwzDomain && 0 == lstrcmpW(pwzUser, L"LocalSystem"))
{
hr = AclGetWellKnownSid(WinLocalSystemSid, &psid);
}
else if (!*pwzDomain && 0 == lstrcmpW(pwzUser, L"LocalService"))
{
hr = AclGetWellKnownSid(WinLocalServiceSid, &psid);
}
else if (!*pwzDomain && 0 == lstrcmpW(pwzUser, L"NetworkService"))
{
hr = AclGetWellKnownSid(WinNetworkServiceSid, &psid);
}
else if (!*pwzDomain && 0 == lstrcmpW(pwzUser, L"AuthenticatedUser"))
{
hr = AclGetWellKnownSid(WinAuthenticatedUserSid, &psid);
}
else if (!*pwzDomain && 0 == lstrcmpW(pwzUser, L"Guests"))
{
hr = AclGetWellKnownSid(WinBuiltinGuestsSid, &psid);
}
else if(!*pwzDomain && 0 == lstrcmpW(pwzUser, L"CREATOR OWNER"))
{
hr = AclGetWellKnownSid(WinCreatorOwnerSid, &psid);
}
else if (!*pwzDomain && 0 == lstrcmpW(pwzUser, L"INTERACTIVE"))
{
hr = AclGetWellKnownSid(WinInteractiveSid, &psid);
}
else if(!*pwzDomain && 0 == lstrcmpW(pwzUser, L"Users"))
{
hr = AclGetWellKnownSid(WinBuiltinUsersSid, &psid);
}
else`
The Windows Installer LockPermission table (the Permission element in WiX) also support most well known names but they are localized which is a really poor design, IMHO. That's why WiX has this known list.
Well, I figured out an answer (probably not the answer). You can't set the file permission using util:PermissionEx for the "Network Service" account (its not a well know sid or something like that). In the end, I wrote a custom action that sets the permission using the cacls.exe utility.
<CustomAction Id="PermissionAppData" Directory="TARGETDIR"
ExeCommand=""[SystemFolder]cacls.exe"
"[INSTALLDIR]\App_Data"
/T /E /G "NT AUTHORITY\Network Service:C"" Return="check" />
精彩评论