Basically, it would be helpful for there to be CA support for configuring at least some aspects of local security policy, such as privilege assignment like "log on as a service" or "act as part of the operating system". In cases where you are creating a user (which WiX handles pretty well) and intend to use that user to run a service you are installing, that user needs the log on as a service privilege in order to actually run the service. WiX has the user and the service install part covered, but basically leaves you with a non-working scenario if you need to do both together.
You'll see the options I'm talking about if you run secpol.msc and look in "user rights assignment". There are a fairly reasonable number of other things that one might need to be able to assign this way for other scenarios. Obviously, this stuff is probably more esoteric/less critical than other types of CA stuff, but it would be a nice thing to have. It is at least worth adding to the feature list for eventual possible inclusion. There do seem to be a lot of WiX devs on the mailing list involved in doing server app deployment, so this would be handy. I don't think most end user apps would need this kind of thing. I believe the actual modification is done via LsaAddAccountRights, but I've never programmed those APIs before, so I don't have much familiarity with it. It does look like the kind of thing that would translate well to a declarative/table-driven model. Essentially, you could handle this in a similar style to the method used to for adding users to groups, in that it could apply to new or existing users (and groups for that matter, as groups and other built-in SIDs can be used in privilege assignments in addition to users). I think I'll just put a feature request in for it, as well as a feature request for some of that certificates stuff that I mentioned last week just to get it in the system and then we'll see where it goes. Let me know if you have any more questions. Joe K. ----- Original Message ----- From: "Rob Mensching" <[EMAIL PROTECTED]> To: "Joe Kaplan" <[EMAIL PROTECTED]> Cc: <[email protected]> Sent: Saturday, December 16, 2006 2:35 PM Subject: RE: [WiX-users] Verify user? Moving to wix-devs to discuss itty-bitty details: Joe, what specifically do you think needs to be added to the WiX toolset to connect the dots? I'm not up on "log in as a service" settings or where it should hang in relation to new users. Can you provide your thinking? -----Original Message----- From: Joe Kaplan [mailto:[EMAIL PROTECTED] On Behalf Of Joe Kaplan Sent: Friday, December 15, 2006 19:42 To: Matthew Janulewicz; Rob Mensching; [email protected] Subject: Re: [WiX-users] Verify user? Luckily, I've had that problem relatively recently so it came to mind. :) Like I said in my other mail, it would be a nice feature for WiX to support modifying local security policy to handle things like this, especially as a compliment for the support for user and group creation. It would really help connect these dots and enable a few scenarios. Joe ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ WiX-devs mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/wix-devs
