Dell KACE
AppDeploy
AppDeploy.com

 

Log In | Log Out | Register | Search | Member Ratings | My Forums | My Settings | RSS Feeds


Difficulty with Custom Actions / File Permissions

Click here to associate this thread with a Package KB article. 		Logged in as: Guest
Users viewing this topic: none
  Printable Version
All Forums >> [AppDeploy Forums] >> Package Development >> Difficulty with Custom Actions / File Permissions Page: [1]
Login
Message << Older Topic   Newer Topic >>
Difficulty with Custom Actions / File Permissions - 11/29/2006 5:16:33 AM   
Marz28

 

Posts: 14
Score: 0
Joined: 11/29/2006
Status: offline 		I'm new to packaging and having some trouble.

I'm creating a .msi and want that msi to set permissions on files and folder it deploy with a custom action.

I read some posts and it seems there are a number of options to accomplish that, like:
XCACLS, Secedit, SetACL.

I prefer to use Secedit, because I find it easy to create an .inf file from Windows Security templates snap in, containing the required permissions.

Here's what I tried:

1. I created a .inf file with the correct permission from the templates snapin.

2. I add this template to the .msi so that it is installed with all the files in the .msi to the apps folder.

3. I created .vbs to run secedit with the .inf file in step 2. I tested the script and that works properly.
the code:
---------------
Set objshell = wscript.createobject("Wscript.Shell")
objshell.run ("secedit.exe /configure /db 'APPNAME' /cfg c:\progra~1\'APPFOLDERNAME'\'APPNAME'.inf /areas FILESTORE")
---------------

4. I add a custom action to the .msi with option "Vbscript installed with the product", "Immediate Execution" , "Synchronous Execution" , "Always Execute"
And then I selected the .VBS created.

5. I sequence the custom action just before "Install Finalize" in "InstallExecuteSequence"

Result: The Script runs, but cannot the the .inf. Seems logical because the script runs before file copy process has started...


Also tried to sequence the the custom action after "Install Finalize" then it runs after file copy, but then I get an error that the script could not finish.

Can some tell me how to create a working custom action combined with Secedit and .inf files to accomplish what i want?
And.. Can someone explain when to use options like "immediate execution, Deferred, Rollback etc."
Maybe some good links with info about that stuff.

Thanks
Post #: 1
RE: Difficulty with Custom Actions / File Permissions - 11/29/2006 5:29:19 AM   
AngelD

 

Posts: 2937
Score: 102
Joined: 6/9/2004
From: Sweden
Status: offline 		Hi Marz28.

Remove "wscript." as windows installer already does support this by default.
Set objshell = createobject("Wscript.Shell")

You should also sequence the custom action to run under deferred (System context) after InstallFinalize.

Custom Actions running under:
Immediate; runs under the Installer's context
Deferred; system context (Windows Installer service)
Rollback; when something goes wrong and you want to reverted something you've done with a custom action.

Any system changes should be sequenced in Deferred.

(in reply to Marz28)
Post #: 2
RE: Difficulty with Custom Actions / File Permissions - 11/29/2006 7:50:54 AM   
Marz28

 

Posts: 14
Score: 0
Joined: 11/29/2006
Status: offline 		Thanks.

I modified the script. It is now:
----------------
Set objshell = createobject("Wscript.Shell")
objshell.run ("secedit.exe /configure /db SunAccounts426 /cfg c:\progra~1\sunsystems4\Sunaccounts426.inf /areas FILESTORE")
----------------
Created the CA as deferred (system) and sequenced it just after InstallFinalize
The msi copies all files and then gives me an error: errorcode 2762 the arguments are:,,

Both the vbs and inf are copied to the program files dir for the app, like they should.
When I now manually run the VB after the installation, it adjusts the permissions properly.
The VBS just does not run when it's called from the MSI through the CA.

Also, in the CA properties there is and option "Return Processing" it is set to "Synchronous Execution" for the CA. That ok?
any more tips anyone might have?

(in reply to AngelD)
Post #: 3
RE: Difficulty with Custom Actions / File Permissions - 11/29/2006 8:14:23 AM   
AngelD

 

Posts: 2937
Score: 102
Joined: 6/9/2004
From: Sweden
Status: offline 		Try this

"secedit /configure /db ""C:\WINDOWS\security\Database\SunAccounts426.sdb"" /Cfg ""C:\Program Files\sunsystems4\Sunaccounts426.inf"" /areas FILESTORE"

(in reply to Marz28)
Post #: 4
RE: Difficulty with Custom Actions / File Permissions - 11/29/2006 10:22:53 AM   
Marz28

 

Posts: 14
Score: 0
Joined: 11/29/2006
Status: offline 		Here's the script copy/paste from the one installed in the program dir:
-------------
Set objshell = createobject("Wscript.Shell")
objshell.run "secedit /configure /db ""c:\windows\security\Database\SunAccounts426.sdb"" /cfg ""c:\program files\sunsystems4\Sunaccounts426.inf"" /areas FILESTORE"
--------------------

I still get the same error message
Again when I doubleclick the the .vbs from where the MSI has installed the VBS runs without problems.


(in reply to AngelD)
Post #: 5
RE: Difficulty with Custom Actions / File Permissions - 11/29/2006 3:25:48 PM   
aogilmor


Posts: 1046
Score: 28
Joined: 9/9/2003
From: San Francisco, CA
Status: offline 		try adding secedit as a binary. This would be a Custom Action Type 2, or EXE file stored in a Binary table stream.
then define your properties prior to running your CA. For example, if c:\program files\sunsystems4\Sunaccounts426.inf is an installed file you could use, say, [#Sunaccounts426.inf] which would give you the full path to your inf file, in your custom action target field. You have a a lot of command line arguments to run there, so to simplify things try condensing them into properties.

Also, if your vbscript is an installed file I don't think it will work until after InstallFinalize

< Message edited by aogilmor -- 11/29/2006 3:27:48 PM >

_____________________________

Owen Gilmore
Packaging Systems Analyst

(in reply to Marz28)
Post #: 6
RE: Difficulty with Custom Actions / File Permissions - 11/30/2006 2:42:03 AM   
jamsek19

 

Posts: 39
Score: 4
Joined: 3/16/2006
Status: offline 		Hello marz28.

My opinion:
you cannot assign this action just before InstallFinalize as Immediate, because at that time your files needs to be installed - they're not installed yet. You should assign this CA as Deffered.

Let me explain about executions: MSIEXEC run installation in 3-4 phases:

1. UserInterfaceExecution phase (this should be skipped in case of silent install). Here Installer collect information from user needed for installation (using dialogs, ..)

2. InstallExecute
2.b. Immediate phase. In this phase Installer creates "a script" which later in deffered phase actual do the installation and file system changes. The installer creates "a script" to do possible rollback in case of canceling or error. Therefore rollback sequences are just sequences assigned between InstallInitialize and InstallFinalize in InstallExecuteSequence. In this phase you can see most of the properties (like in UIInstallExecute).
NOTE: in your case, if you run your custom action Immediate it can happened that during running CA you do not have files there!

2.a. deffered phase. Here actual file system changes are done. The most important information for this phase are:
- File system changes: files are copied to proper location
- Installer do not know for the most properties therefore you have to managed this on the other way (for example using CA to read from registry, special file,...).
- rollback (in case of canceling or error) should be done just for sequence actions assigning in this phase,...

3. InstallExecute - immediate phase the rest of. It is like phase 2.


So think about it, where can you assign your custom action to.

Another hint for VBS:
I remember that I have almost the same problem: I needed to set security right to a share and I was not able to run CA (using VBS) on your way. Try this way:
cmd = " your cmd here with all parameters "
Set ShellObj = CreateObject("WScript.Shell")
RunWindowedCMD = ShellObj.Run( cmd, 10, True) ' also possible state 7

Explanation:
10 means "Sets the show-state based on the state of the program that started the application." You can also use 7 - "Displays the window as a minimized window. The active window remains active."
True script execution halts until the program finishes, and Run returns any error code returned by the program.

On a way you run Run cmd uses default properties which means that the Run method returns immediately after starting the program, automatically returning 0 (not to be interpreted as an error code).

Instead of Run you can also use Exec method on the same shell object. See help for usage.

Regards
Andreo





(in reply to aogilmor)
Post #: 7
RE: Difficulty with Custom Actions / File Permissions - 11/30/2006 5:02:32 AM   
nheim

 

Posts: 1177
Score: 55
Joined: 4/5/2004
From: Switzerland
Status: offline 		Hi Folks,
don't mess up with deferred CA's. From MSDN Library:
"A deferred execution custom action must be scheduled in the execute sequence table within the section that performs script generation. Deferred execution custom actions must come after InstallInitialize and come before InstallFinalize in the action sequence."
See: http://msdn2.microsoft.com/en-gb/library/aa368268.aspx
Your CA must be scheduled just BEFORE InstallFinalize, then it should work (but don't forget to make it deferred, e.g. add 1024 to the CA-Type).
Regards, Nick

(in reply to jamsek19)
Post #: 8
RE: Difficulty with Custom Actions / File Permissions - 12/7/2006 5:04:18 PM   
cygan

 

Posts: 450
Score: 11
Joined: 7/18/2004
From: UK
Status: offline 		hi Marz28

are you using wise package studio

I can show you how to set permissions on reg keys , files, folders etc

using custom actions and SETACL

(in reply to nheim)
Post #: 9
RE: Difficulty with Custom Actions / File Permissions - 12/8/2006 2:55:39 AM   
Marz28

 

Posts: 14
Score: 0
Joined: 11/29/2006
Status: offline 		All, Thanks for your replies.
I haven't had the chance to look more into it. But I will be going on with it next week.

Cygan, I am using DA MSI Studio from Scriptlogic.
I'm not sure how that compares to Wise Package Studio.

If it is not to much trouble, I'd like to know how you do it in Wise, maybe I can translate to my Packaging APP.

Thanks!

(in reply to cygan)
Post #: 10
RE: Difficulty with Custom Actions / File Permissions - 12/8/2006 6:22:52 AM   
cygan

 

Posts: 450
Score: 11
Joined: 7/18/2004
From: UK
Status: offline 		This is what I use for permissions and it works fine for me


In Wise Package Studio

Go to the MSI Script Tab

From the installation mode drop down choose all custom actions


Drag the custom action --- Execute Program from Installation

Name enter a name for your CA

Executable file browse to your setACL.exe

Command Line Arguments -on "C:\Program Files\FolderName" -ot
file -actn ace -ace "n:Users;p:change"


Condition Not Installed


Location Normal Execute Immediate/deferred.
After . InstallFinalise


If you are setting permissions on a reg key the then the command line should read eg


-on "HKLM\XXXXXXX\XXXXXX\" -ot reg -actn ace -ace "n:Users;p:full"

or


-on "HKCU\XXXXXXX\XXXXXX\" -ot reg -actn ace -ace "n:Users;p:full"



remember after the P: on the command line you can give full, change or what ever permission you require ie read, write etc


hope this helps



(in reply to Marz28)
Post #: 11
RE: Difficulty with Custom Actions / File Permissions - 12/8/2006 6:25:29 AM   
cygan

 

Posts: 450
Score: 11
Joined: 7/18/2004
From: UK
Status: offline 		opps

forgot to add this

you can also use that command line on a file

ie c:\xxxxxx\app name\ file name

(in reply to cygan)
Post #: 12
RE: Difficulty with Custom Actions / File Permissions - 12/8/2006 6:32:09 AM   
cygan

 

Posts: 450
Score: 11
Joined: 7/18/2004
From: UK
Status: offline 		you could also set the permissions using setacl with orca

(in reply to cygan)
Post #: 13
RE: Difficulty with Custom Actions / File Permissions - 12/22/2006 3:17:24 AM   
Marz28

 

Posts: 14
Score: 0
Joined: 11/29/2006
Status: offline 		Cygan,

I am trying to get the CA to work, but i am still receiving errors.
You say you can also add it with orca, how do you do that ?

(in reply to cygan)
Post #: 14
RE: Difficulty with Custom Actions / File Permissions - 12/22/2006 5:16:39 AM   
cygan

 

Posts: 450
Score: 11
Joined: 7/18/2004
From: UK
Status: offline 		HI Marz28


can you explain what type of permissions you are setting

are the permissions on files , folders or ini files

(in reply to Marz28)
Post #: 15
RE: Difficulty with Custom Actions / File Permissions - 12/22/2006 6:04:08 AM   
Marz28

 

Posts: 14
Score: 0
Joined: 11/29/2006
Status: offline 		Cygan,

I try to set permissions on the folder that the app is installed in. in this case c:\program files\sunsystems4

I use this :
-on "C:\Program Files\Sunsystems4" -ot file -actn ace -ace "n:Users;p:change"

As parameter

(in reply to cygan)
Post #: 16
RE: Difficulty with Custom Actions / File Permissions - 1/10/2007 10:56:20 AM   
Mackan75

 

Posts: 36
Score: 0
Joined: 1/10/2007
From: Sweden
Status: offline 		Hi Marz28.

Do you have any special reason to set the rights with a Vbscript? Otherwise you should use a 'Execute Program from Destionation' CA as secedit.exe already should exist on the client. (Sorry if my English is not the best).


I Usualy do this (I use Wise Package Studio):

1. Put the *.inf and *.sdb in C:\Windows\Security\Database\*.,sdb and C:\Windows\Security\templates\*.inf (windows standard)

2. In MSI-Script the 'Execute Immediate' section, after 'InstallFinalize' create an "If Not Installed then" so the Custom Action (CA) doesn´t run when your uninstalling the application.

3. Create a CA 'Execute Program from Destination', set 'Working Directory' to SystemFolder, on 'EXE and Command Line write' write "secedit /configure /db C:\Windows\Security\Database\Sunaccounts426.sdb /cfg C:\WINDOWS\security\templates\Sunaccounts426.inf /quiet". on the Properties tab choose 'Synchronous' and 'Alwats Execute'

4. Put in an 'end' statement on the row below.


With the above commandline rights shold be set to both the registry and files. You can always create different inf files for settings in the registry and file, and create different CAs one for registry and one for files, but I usualy put both in the same file

Good Luck
/Marcus

_____________________________

**This message was sent on 100% recycled electrons**

(in reply to Marz28)
Post #: 17
RE: Difficulty with Custom Actions / File Permissions - 1/29/2007 4:26:15 AM   
xichterl

 

Posts: 1
Score: 0
Joined: 1/29/2007
Status: offline
quote:

ORIGINAL: cygan

From the installation mode drop down choose all custom actions


Drag the custom action --- Execute Program from Installation

Name enter a name for your CA

Executable file browse to your setACL.exe

Command Line Arguments -on "C:\Program Files\FolderName" -ot
file -actn ace -ace "n:Users;p:change"


Condition Not Installed


Location Normal Execute Immediate/deferred.
After . InstallFinalise






Hey,

actually I deploy SPSS Amos 6 and I have to set priviledges to the main Program Folder.
I followed your instructions and the script executes successfully and setting the permissions works perfectly, but after that I receive an internal error #2762.
[ I chose setacl because later on I have to set priviledges to the registry and I think setacl is the most comfortable way to do that. ]

Custom Action:
Execute Program From Installation Command Line -on "C:\Programme\AMOS 6" -ot file -actn ace -ace "n:Benutzer;p:change" (acl)

It's placed after InstallFinalize.
First I thought it might be an problem with the exit code of setacl so i set "ignore exit code", but the error message ist still being displayed.

Executing befor InstallFinalize is called brings the same result.

Thank you for helping me to find a solution.

< Message edited by xichterl -- 1/29/2007 5:00:59 AM >

(in reply to cygan)
Post #: 18
RE: Difficulty with Custom Actions / File Permissions - 1/29/2007 7:28:24 AM   
cygan

 

Posts: 450
Score: 11
Joined: 7/18/2004
From: UK
Status: offline 		hi xichterl

I am glad it worked . we are all here to help each other

(in reply to xichterl)
Post #: 19
Page:   [1]
All Forums >> [AppDeploy Forums] >> Package Development >> Difficulty with Custom Actions / File Permissions Page: [1]
Jump to:





New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts


Forum Software © ASPPlayground.NET Advanced Edition 2.4.5 ANSI

0.063