Hi, <soapbox> Firstly and most importantly it's against security guidelines and bad practice to change the permissions on a folder under program files - I assume that's where you are installing. Most administrators will not be too happy to see you altering these permissions. Users and programs should not be able to write to these folders, the default permissions were set for a reason. If you application writes its user data to the correct location under the users profile the default permissions will be what you need already. </soapbox>
If you want to set permissions on a folder so that the local admin groups and a specific account have permissions only, you can use the LockPermissions table via the standard wix element <Permission>. Where this is usually a bad element to use as it overwrites and discards any current ACL, but in your case it would be ideal as you can grant only the access you need. If you alter your example to remove the line that is trying to deny access to everything else then it should give you the access you need. It's not a good idea to use deny ace's anyway as they take precedent so you have to be careful, in your example if the installation account was in the Users group it would be denied access anyway. Dave -----Original Message----- From: Sameer Arora [mailto:arora...@gmail.com] Sent: 24 September 2011 00:41 To: General discussion for Windows Installer XML toolset. Subject: [WiX-users] Deny permissions using Permission I need to ACL the installation folder so that only the user who is installing or admins have access to the folder and its sub-hierarchy. I have tried the following: <Component Id="C_SetPermissionOnTARGETDIRFolder" Guid="{...}" > <CreateFolder Directory="TARGETDIR"> <Permission User="[WIX_ACCOUNT_USERS]" GenericAll="no" GenericExecute="no" GenericRead="no" GenericWrite="no" /> <Permission User="[WIX_ACCOUNT_ADMINISTRATORS]" GenericAll="yes" /> <Permission User="[INSTALLERSACCOUNT]" GenericAll="yes" /> </CreateFolder> </Component> I came across a forum thread ( http://www.mail-archive.com/wix-users@lists.sourceforge.net/msg19101.html) which informs this may not be supported. But that was three years ago going by the thread timestamp. Is this supported, or am I doing something incorrect? Thanks, Sameer ----------------------------------------------------------------------------- - All of the data generated in your IT infrastructure is seriously valuable. Why? It contains a definitive record of application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-d2dcopy2 _______________________________________________ WiX-users mailing list WiX-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wix-users SDL PLC confidential, all rights reserved. If you are not the intended recipient of this mail SDL requests and requires that you delete it without acting upon or copying any of its contents, and we further request that you advise us. SDL PLC is a public limited company registered in England and Wales. Registered number: 02675207. Registered address: Globe House, Clivemont Road, Maidenhead, Berkshire SL6 7DY, UK. ------------------------------------------------------------------------------ All the data continuously generated in your IT infrastructure contains a definitive record of customers, application performance, security threats, fraudulent activity and more. Splunk takes this data and makes sense of it. Business sense. IT sense. Common sense. http://p.sf.net/sfu/splunk-d2dcopy1 _______________________________________________ WiX-users mailing list WiX-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wix-users
