I have resolved this now (see earlier post) but I am on Windows XP (and Vista) and I am fairly sure that WIX_ACCOUNT_NETWORKSERVICE or the others do not work with PermissionsEx, I have looked at the code and I don't see anything to handle it. But as I have now found out it is not necessary because PermissionsEx does the same thing using its own well-known account names - shame this isn't documented :-).
Thanks for the info and the tip about Windows 2000. Neil -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Cody Cutrer Sent: 28 August 2008 16:23 To: General discussion for Windows Installer XML toolset. Subject: Re: [WiX-users] PermissionEx and WixQueryOsWellKnownSID properties Are you running on Windows 2000? The Network Service account only exists on Windows XP and above. WIX_ACCOUNT_NETWORKSERVICE relies on a custom action in WixUtilExtension that creates the well-known SIDs for "common" accounts, and then uses an API call to get the localized names for them. This is so you can use them with the Permission element (which uses a built in Windows Installer action, which only recognizes Everyone and Administrators regardless of OS localization). However, the PermissionEx element is implemented as a WiX custom action, and supports using Everyone, Administrators, LocalSystem, LocalService, NetworkService, AuthenticatedUser, Guests, CREATOR OWNER, INTERACTIVE, and Users regardless of OS localization. The problem with the custom action that sets the well-known account localized names (WIX_ACCOUNT_NETWORKSERVICE, etc.), is that it fails on Windows 2000 because those accounts don't exist. This happens even if you have a condition that you never use those properties on a Windows 2000 system. So... If you need to use anything besides Administrators or Everyone, and you need to run your installer on Windows 2000, then it's best to use the PermissionEx element, and use the English names directly. Btw... Your error code is the HRESULT for Win32 error code 1789: ERROR_TRUSTED_RELATIONSHIP_FAILURE The trust relationship between this workstation and the primary domain failed, as a result of a call to LookupAccountNameW. Are you running this installer per-user or per-machine? I can't see how that could ever fail if you're doing it per-machine and the installer is running as SYSTEM. If it was per-user, I could see something weird like this happening, but probably means a weird security misconfiguration, or maybe just can't contact a domain controller or something. Generally even using WIX_ACCOUNT_NETWORKSERVICE should work with PermissionEx (it just looks up the SID directly from the name, instead of building a well-known SID). Cody Cutrer On 8/27/08 5:07 PM, "Rob Mensching" <[EMAIL PROTECTED]> wrote: Did you try "NetworkService"? -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Neil Sleightholm Sent: Wednesday, August 27, 2008 15:26 To: General discussion for Windows Installer XML toolset. Subject: [WiX-users] PermissionEx and WixQueryOsWellKnownSID properties I am trying to change the permissions on a registry key like so: <RegistryKey Id="RegCommon" Root="HKLM" Key="SOFTWARE\ACME\Common" Action="create"> <util:PermissionEx GenericAll="yes" User="[WIX_ACCOUNT_NETWORKSERVICE]" /> </RegistryKey> But when I run it I get this error in the log: ExecSecureObjects: Error 0x800706fd: failed to get sid for account: NT AUTHORITY\NETWORK SERVICE Action ended 23:15:46: InstallFinalize. Return value 3. Is it possible to use the WixQueryOsWellKnownSID properties with PermissionEx? Alternatively can I specify a SID (e.g. S-1-5-20) for the value of PermissionEx/@User? (I can't hardcode the network service account name as it changes on international versions of Windows.) Neil Neil Sleightholm X2 Systems Limited [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> ------------------------------------------------------------------------ - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ _______________________________________________ WiX-users mailing list WiX-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wix-users ------------------------------------------------------------------------ - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ _______________________________________________ WiX-users mailing list WiX-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wix-users ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ _______________________________________________ WiX-users mailing list WiX-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wix-users
