No announcement yet.

Set folder permissions with Setup Factory

  • Filter
  • Time
  • Show
Clear All
new posts

  • Set folder permissions with Setup Factory


    attempting to make the work with tools like CACLS.exe, XCACLS.vbs (with CScript.exe) and ICACLS.exe a little easier, I have developed a script and built it into a new action. After the installation, you will be able to make calls to the proper application that should be used on the target operating system.

    You can fetch the zip file containing the installer, documentation and a small sample project at this address.

    After the scripts were copied into the correct sub folders of Setup Factory, you must add two files to your project:
    1. Add XCALCS.vbs to your list of primer files.
    2. Add SetFolderPermissions.lua to your script files (next to _SUF70_Global_Functions).

    Now you are already able to include this new action into your scripts. As soon as you type the dot, the new function will be shown in the drop-down menu, as you can see in this image:

    The action wizard makes the passing of the parameters as easy as possible:
    1. Set the user or group that the action should affect:

      If you use the options in the drop-down, the corresponding SIDs will be used. (SIDs are security identifiers in Windows operating systems and look as gibberish like "S-1-5-20".) This means, when you set "Everybody", it will still work correctly on non-English Windows operating systems, where this user group has a different, localized name.

    2. Now set the operation. Are you giving a new right, or taking something away?

    3. Set the right you want to control, like read, write, execute, full access.

    4. Finally, you may want to set the same rights for child items as well, instead of just the folder.

    You can inspect the exact syntax of the command that was created (using CScript.exe or ICACLS.exe) in the installer's log file, so this will allow you to review the parameters (and execute the command manually) if something is not working as you expected.

    This script is provided as-is, without guarantees that it will work in every case. I will attempt to fix problems, of course. However, this work is not officially supported by Indigo Rose. You can edit the script and modify it further to fit your requirements.


  • #2
    Nicely done, and well implemented.

    Thank you.


    • #3
      Hi Ulrich,

      my Trend Micro OfficeScan alerts me, that the downloaded file from "this address" has a potential security risk named "Possible_Movely-1".

      So I couldn't check it out.



      • #4
        Trend Micro is the only vendor constantly identifying setups build with Setup Factory as "possible Movly". Yes, they were contacted by Indigo Rose. Repeatedly.



        • #5
          Nice one. I have been using XCACLS.vbs on Win2003 servers for ages in SUF but always end up writing the code long hand. This may save me some heartache in remembering the syntax every time.

          Thanks - John


          • #6

            earlier this week I was informed about a small mistake in my script by a user and have since updated the file available for download. Those who downloaded the script before will need to make a correction manually, or reinstall with the corrected version.

            In line 138 of the SetFolderPermissions.lua script (that you should find in the Includes\Scripts sub folder of your Setup Factory installation), you might see
            sFlag = "/T";
            Please modify this line to
            sFlag = " /T";
            just by inserting a space before the slash.



            • #7
              You, sir, are a life-saver. I've been struggling with XP's antiquated ACL and Vista-ish UAC for some time now and have not been able to avoid having customers take post-install steps -- until now. I implemented this action and now life is good again.


              • #8
                Hi Ulrich,

                that's really great stuff! Thank you for this.

                Besides, I've a problem with some folders after the installation.

                I did everything like you said in the PDF but the permissions of those folder won't be changed. Don't get this is happened. maybe you could help me. Here's what i did:

                Folder.SetPermissions(SessionVar.Expand("%AppFolde r%\cfg\folder"), "Authenticated Users", "Revoke", "Modify", true);
                Folder.SetPermissions(SessionVar.Expand("%AppFolde r%\cfg\folder"), "Authenticated Users", "Revoke", "Write", true);

                I'm not sure at all, whether is this right or wrong. I mean this part:


                I did it in the wrong way, right?

                Maybe you can help me. I don't have any clue about it.

                Thank you in advance!



                • #9
                  Should be

                  Folder.SetPermissions(SessionVar.Expand("%AppFolder%\\cfg\\folder"), "Authenticated Users", "Revoke", "Modify", true);
                  Folder.SetPermissions(SessionVar.Expand("%AppFolder%\\cfg\\folder"), "Authenticated Users", "Revoke", "Write", true);
                  Note the double backslash

                  Rgds John


                  • #10
                    Oh, of course, the double backslash!

                    Thank you very much!

                    What about file permissions?


                    • #11
                      I'm having a problem with this on Vista Business...

                      Folder.SetPermissions(foldername, "Everybody", "Grant", "Execute", true);
                      Only sets permissions as "Special permissions" and not as Execute as expected.
                      ArtistScope - Copy Protection & DRM Software


                      • #12
                        Actually, regrdless of which user and which permissions are granted, the result is the same each time...

                        Only sets permissions to "Special permissions" which does not allow write, execute or modify.
                        ArtistScope - Copy Protection & DRM Software


                        • #13
                          You might want to try to execute the command manually - the exact syntax used is written into the log file.



                          • #14
                            Originally posted by Ulrich View Post
                            You might want to try to execute the command manually
                            I can't see what that would do as I need the permissions to be set on the user's computer. The applcation uses an access database and unless the permissions are to modify by Everyone or Authenticated Users, the the app won't run unless "Run as Administrator".
                            ArtistScope - Copy Protection & DRM Software


                            • #15
                              It would help you figure out which permissions (command line switches) you would have to set to achieve the results you need. The SetFolderPermissions script is just user friendly interface to CACLS/ICACLS, and calling the program directly would be quicker to debug the mistake.