Re: [WiX-users] adding NEWORK SERVICE group with full control permission

Thu, 24 May 2007 12:55:59 -0700 

NETWORK SERVICE is not under the local computer authority but instead under
NT AUTHORITY. It has to be built using a well-known SID. The Windows
Installer built-in LockPermissions table does not know how to do this. WiX's
extended permissions feature, however, can.

 

For WiX v2, specify <Permission User="NetworkService" Domain=""
Extended="yes" />.

For WiX v3, include the util namespace (i.e. add
xmlns:util="http://schemas.microsoft.com/wix/UtilExtension"; to the root
element) and specify <util:PermissionEx User="NetworkService" Domain="" />.
You must also compile and link with the WixUtilExtension extension.

 

Permission/@Domain can be omitted entirely, rather than an empty string, but
must be empty if specified.

 

For reference, the list of well-known security principals supported by WiX
extended permissions is:

 

Everyone

Administrators

LocalSystem

LocalService

NetworkService

AuthenticatedUser

Guests

CREATOR OWNER

INTERACTIVE

Users

 

For all of these, omit Domain or set it to the empty string.

 

There are actually 62 well-known SIDs listed in WinNT.h in the 2003 R2 SDK,
but some can be looked up using the conventional domain-relative technique,
and some are very uncommon.

 

-- 

Mike Dimmick

 

  _____  

From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Ravit Shapira
Sent: 24 May 2007 06:44
To: wix-users@lists.sourceforge.net
Subject: [WiX-users] adding NEWORK SERVICE group with full control
permission

 

Hi, 

 

I'm facing problems with adding a NETWORK SERVICE group to a folder in
win2k3 machine with full control permissions.

I get a run time error when I configure the following:

       <Component Id = "BusinessDirPermissions" Guid =
"436CF442-AD1F-4744-A7A7-D2ECC3FB5875">

          <CreateFolder Directory="D_BUSINESS_ROOT">

            <Permission User="Network Service" Domain="[COMPUTERNAME]"
GenericRead="yes" GenericExecute="yes"/>

           </CreateFolder>

        </Component>

 

The run time error says that Netwrok Service is not a valid user or group.
How can I solve this problem?

 

When I tried to use the name 'Everyone' instead of NETWORK SERVICE I get no
error, but when I change the name to NETWORK SERVICE I get a run time error.

The following code works for 'Everyone' group:

          <CreateFolder Directory="D_ADDRESS_ROOT">           

            <Permission ChangePermission="yes" GenericAll="yes"
User="Everyone" CreateFile="yes" Extended="yes"/>

          </CreateFolder>

 

Thank you in advance,

Ravit


-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
_______________________________________________
WiX-users mailing list
WiX-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wix-users

Reply via email to