I found the reason for your failure: from http://msdn.microsoft.com/library/aa369774.aspx
Permission can only be set in the LockPermissions Table for users that already exist on the computer or domain. An attempt to set permissions for an unknown user causes the installation to fail, even if that user account is created during the installation by a deferred custom action. It appears that the WixUtilExtension's PermissionEx element may work for you. By default, it runs After="InstallServices" so it won't require you to reorder the default execution sequence and it doesn't look up the account's SID until its deferred action runs (which is after the service is installed, so the account should "exist" by then). So, you could probably use: <util:PermissionEx GenericAll="yes" Domain="NT Service" User="MyService" /> assuming you set xmlns:util="http://schemas.microsoft.com/wix/UtilExtension"; and reference the WixUtilExtension. -----Original Message----- From: Blair [mailto:os...@live.com] Sent: Friday, July 02, 2010 12:03 PM To: 'General discussion for Windows Installer XML toolset.' Subject: RE: [WiX-users] Unable to add permission for virtual account Silly question: does it work if you use <Permission GenericAll="yes" Domain="NT Service" User="MyService" /> -----Original Message----- From: Elfe Xu [mailto:elf...@microsoft.com] Sent: Friday, July 02, 2010 7:17 AM To: wix-users@lists.sourceforge.net Subject: [WiX-users] Unable to add permission for virtual account Hi, My target machine is Win2k8 R2 or Win7, which supports virtual account. In my setup code, I have a ServiceInstall and the account is set to virtual account NT Service\MyService And I have a CreateFolder, which I want to grant permissions to the virtual account The code is like: <Component Id="cmpEE183C6477823F89D36AFD338130E837" Guid="{76799486-FB33-42F6-87EB-D644C400886A}"> <File Id="filCFE915781A5270051FB2412A7EA21D9E" KeyPath="yes" Source="$(var.BinDirRoot)\MyService.exe" /> <ServiceInstall Name="MyService" DisplayName="My Service" Start="auto" Type="ownProcess" ErrorControl="normal" Account="NT Service\MyService" /> <ServiceControl Id="SCMyService" Stop="uninstall" Remove="uninstall" Name="MyService" /> </Component> <Component Id="cmp79309F0996E4D40CAEC1389FB7D7E8F8" Guid="{0A016CE5-8629-4990-B91D-A80008818F4E}" KeyPath="yes"> <CreateFolder> <Permission GenericAll="yes" User="NT Service\MyService" /> </CreateFolder> </Component> I got error "NT Service\MyService is not a valid user or group." I thought it was because the CreateFolder and grant permission happens before install service, so I change the InstallExecuteSequence, set <InstallServices Sequence="3650" /> <CreateFolders Sequence="3700" /> Now from the log, the InstallServices do happen before CreateFolders. However, I still got the same error when grant permission. If I don't set the permission, the installation will success, and the service is logon NT Service\MyService correctly. I can successfully grant permission of NT Service\MyService to the folder manually. Any idea of the failure? Thanks, -Elfe ---------------------------------------------------------------------------- -- This SF.net email is sponsored by Sprint What will you do first with EVO, the first 4G phone? Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first _______________________________________________ WiX-users mailing list WiX-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wix-users ------------------------------------------------------------------------------ This SF.net email is sponsored by Sprint What will you do first with EVO, the first 4G phone? Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first _______________________________________________ WiX-users mailing list WiX-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wix-users
