V
Viviana Vc
How can I programatically do the equivalent of the following:
cacls "C:\Program Files\test" /T /G Everyone:f ?
Thanks,
Viv
cacls "C:\Program Files\test" /T /G Everyone:f ?
Thanks,
Viv
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.
You should upgrade or use an alternative browser.
R
r_z_aret
How can I programatically do the equivalent of the following:
cacls "C:\Program Files\test" /T /G Everyone:f ?
I'm just getting around to a minor variant of the question. I'll be
trying to do it from an old version of InstallShield, so I plan to
call the InstallShield function to execute run an external exe. From
straight Win 32, I would try ShellExecute (simpler) and then
CreateProcess.
I've started by experimenting with a DOS prompt. So far, I can't find
a set of arguments that will eliminate all prompts.
Thanks,
Viv
-----------------------------------------
To reply to me, remove the underscores (_) from my email address (and please indicate which newsgroup and message).
Robert E. Zaret, eMVP
PenFact, Inc.
500 Harrison Ave., Suite 3R
Boston, MA 02118
www.penfact.com
V
Viviana Vc
Hi Robert,
I also have to create this dir from within InstallShield, so first I
tried to find if InstallShield offers a way to do this, but seems not,
so I'll have to call an external exe to do this.
You should be aware that calling with CreateProcess or ShellExecute the
command:
cacls "C:\Program Files\test" /T /G Everyone:f
is not a good idea because:
a) - cacls it's asking for the user input ("Are you sure? y/n")
b) - "Everyone" is localized, so it won't work on a non-english OS !!!
To solve the above problems I found in MSDNL the following articles:
for a): "How to Use CACLS.EXE in a Batch File"
for b): "Creating a DACL" -> for programatically change the security of
the directory
Maybe this helps you also (I'm now investigating the second article),
Viv
I also have to create this dir from within InstallShield, so first I
tried to find if InstallShield offers a way to do this, but seems not,
so I'll have to call an external exe to do this.
You should be aware that calling with CreateProcess or ShellExecute the
command:
cacls "C:\Program Files\test" /T /G Everyone:f
is not a good idea because:
a) - cacls it's asking for the user input ("Are you sure? y/n")
b) - "Everyone" is localized, so it won't work on a non-english OS !!!
To solve the above problems I found in MSDNL the following articles:
for a): "How to Use CACLS.EXE in a Batch File"
for b): "Creating a DACL" -> for programatically change the security of
the directory
Maybe this helps you also (I'm now investigating the second article),
Viv
C
ColdShine
Viviana said:b) - "Everyone" is localized, so it won't work on a non-english OS !!!
No, it's not localized. At least, not in the Italian version (which is what
I have); these are left untranslated:
Administrator
Administrators
Guest
Guests
Users
Power Users
Everyone
Backup Operators
These are translated:
Local Service
Network Service
.... and possibily others I don't recall right now.
V
Viviana Vc
btw, if the directory is already created, what would be the function
that I need to call to change the directory's security attributes?
I know that I could directly create the directory with it's needed
security attributes using CreateDirectory(), but let's assume it was
already created and in this case I just need to change it's attr., what
function should I use?
Thx,
Viv
that I need to call to change the directory's security attributes?
I know that I could directly create the directory with it's needed
security attributes using CreateDirectory(), but let's assume it was
already created and in this case I just need to change it's attr., what
function should I use?
Thx,
Viv
R
r_z_aret
Hi Robert,
I also have to create this dir from within InstallShield, so first I
tried to find if InstallShield offers a way to do this, but seems not,
so I'll have to call an external exe to do this.
I just tried LaunchAppAndWait (InstallShield function), with no
success, using the following (adapted from the article you cited):
svWork = "echo y| cacls svDir /e /g everyone:f";
LaunchAppAndWait( svWork, "", WAIT );
No effect. Just in case, I also tried using svWork as the argument and
"" as the command line. No effect. I suspect the problem is the
characters (echo y|) preceding the actual command.
The article mentions xcacl, and says it is part of the NT resource
kit. So I suppose I could get and use it. But would it work under Win
2K and Win XP? I'ld much rather stick with something that ships _with_
the operating system.
You should be aware that calling with CreateProcess or ShellExecute the
command:
cacls "C:\Program Files\test" /T /G Everyone:f
is not a good idea because:
a) - cacls it's asking for the user input ("Are you sure? y/n")
b) - "Everyone" is localized, so it won't work on a non-english OS !!!
To solve the above problems I found in MSDNL the following articles:
for a): "How to Use CACLS.EXE in a Batch File"
for b): "Creating a DACL" -> for programatically change the security of
the directory
Maybe this helps you also (I'm now investigating the second article),
Viv
-----------------------------------------
To reply to me, remove the underscores (_) from my email address (and please indicate which newsgroup and message).
Robert E. Zaret, eMVP
PenFact, Inc.
500 Harrison Ave., Suite 3R
Boston, MA 02118
www.penfact.com
D
Drew Myers
I believe the correct syntax for this is:
svWork = "cacls";
svCmd="svDir /e /g everyone:f";
LaunchAppAndWait( svWork, svCmd, WAIT );
Just a thought,
Drew
svWork = "cacls";
svCmd="svDir /e /g everyone:f";
LaunchAppAndWait( svWork, svCmd, WAIT );
Just a thought,
Drew
please indicate which newsgroup and message).I just tried LaunchAppAndWait (InstallShield function), with no
success, using the following (adapted from the article you cited):
svWork = "echo y| cacls svDir /e /g everyone:f";
LaunchAppAndWait( svWork, "", WAIT );
No effect. Just in case, I also tried using svWork as the argument and
"" as the command line. No effect. I suspect the problem is the
characters (echo y|) preceding the actual command.
The article mentions xcacl, and says it is part of the NT resource
kit. So I suppose I could get and use it. But would it work under Win
2K and Win XP? I'ld much rather stick with something that ships _with_
the operating system.
R
r_z_aret
Success! A bit of a kludge (so suggestions welcome), but it works.
I added the following lines to my InstallShield script:
------
// SetAcc.bat is a BATch file that issues the command
// echo y| cacls %1 /e /g everyone:f
// See MSDN Knowledge Base article 135268 ("How to Use
CACLS.EXE in a BatchFile")
// Also, see 24 - 30 Jun 04 thread called
// "Create a dir where all the users have the right to write"
in
// comp.os.ms-windows.programmer.win32 and other fine
newsgroups
// The file must be in uncompressed setup files.
// svWork = SUPPORTDIR ^ "cacls.bat";
svWork = SRCDIR ^ "setacc.bat";
// BATch file will parse arg into pieces if it includes
embedded spaces
LongPathToShortPath( svDir );
if (!PFFileExists( SRCDIR, "setacc.bat", "ShowDialogs" ))then
MessageBox( "Can't find setacc.bat", WARNING );
else
if (LaunchAppAndWait( svWork, svDir, WAIT ) != 1) then
MessageBox( "Attempt to set access failed", INFO );
endif;
endif;
------
Here is the "source" for setacc.bat:
------
@echo off
REM BATch file to give everyone full access to specified folder
REM - to be invoked from an InstallShield script
REM See MSDN Knowledge Base article 135268 ("How to Use CACLS.EXE in a
BatchFile")
REM See also a 24-30 June 2004 thread called
REM "AlsoCreate a dir where all the users have the right to write"
REM in comp.os.ms-windows.programmer.win32 and other fine
newsgroups
REM Caller needs to put quotation marks around the argument, or pass
REM only short paths (with no embedded blanks), or it won't be
REM parsed as one argument. Thus, the following line should not.
echo y| cacls %1 /e /g everyone:f
------
I sort of want to move setacc.bat to the compressed files, so it isn't
visible on the distribution CD. But just moving it didn't work,
because then I couldn't invoke it. I vaguely remember InstallShield
functions that explicitly uncompress files, so a script could use
them. On the other hand, it could be a legitimate tool for some users.
I briefly tried writing a program, to replace the batch file. But the
functions used to control access seem too complex to be worth
conquering for this project. And that would still require an auxiliary
file. Maybe if I got that program working I could then use the same
code in an InstallShield script. Maybe someday/
-----------------------------------------
To reply to me, remove the underscores (_) from my email address (and please indicate which newsgroup and message).
Robert E. Zaret, eMVP
PenFact, Inc.
500 Harrison Ave., Suite 3R
Boston, MA 02118
www.penfact.com
I added the following lines to my InstallShield script:
------
// SetAcc.bat is a BATch file that issues the command
// echo y| cacls %1 /e /g everyone:f
// See MSDN Knowledge Base article 135268 ("How to Use
CACLS.EXE in a BatchFile")
// Also, see 24 - 30 Jun 04 thread called
// "Create a dir where all the users have the right to write"
in
// comp.os.ms-windows.programmer.win32 and other fine
newsgroups
// The file must be in uncompressed setup files.
// svWork = SUPPORTDIR ^ "cacls.bat";
svWork = SRCDIR ^ "setacc.bat";
// BATch file will parse arg into pieces if it includes
embedded spaces
LongPathToShortPath( svDir );
if (!PFFileExists( SRCDIR, "setacc.bat", "ShowDialogs" ))then
MessageBox( "Can't find setacc.bat", WARNING );
else
if (LaunchAppAndWait( svWork, svDir, WAIT ) != 1) then
MessageBox( "Attempt to set access failed", INFO );
endif;
endif;
------
Here is the "source" for setacc.bat:
------
@echo off
REM BATch file to give everyone full access to specified folder
REM - to be invoked from an InstallShield script
REM See MSDN Knowledge Base article 135268 ("How to Use CACLS.EXE in a
BatchFile")
REM See also a 24-30 June 2004 thread called
REM "AlsoCreate a dir where all the users have the right to write"
REM in comp.os.ms-windows.programmer.win32 and other fine
newsgroups
REM Caller needs to put quotation marks around the argument, or pass
REM only short paths (with no embedded blanks), or it won't be
REM parsed as one argument. Thus, the following line should not.
echo y| cacls %1 /e /g everyone:f
------
I sort of want to move setacc.bat to the compressed files, so it isn't
visible on the distribution CD. But just moving it didn't work,
because then I couldn't invoke it. I vaguely remember InstallShield
functions that explicitly uncompress files, so a script could use
them. On the other hand, it could be a legitimate tool for some users.
I briefly tried writing a program, to replace the batch file. But the
functions used to control access seem too complex to be worth
conquering for this project. And that would still require an auxiliary
file. Maybe if I got that program working I could then use the same
code in an InstallShield script. Maybe someday/
I just tried LaunchAppAndWait (InstallShield function), with no
success, using the following (adapted from the article you cited):
svWork = "echo y| cacls svDir /e /g everyone:f";
LaunchAppAndWait( svWork, "", WAIT );
No effect. Just in case, I also tried using svWork as the argument and
"" as the command line. No effect. I suspect the problem is the
characters (echo y|) preceding the actual command.
The article mentions xcacl, and says it is part of the NT resource
kit. So I suppose I could get and use it. But would it work under Win
2K and Win XP? I'ld much rather stick with something that ships _with_
the operating system.
-----------------------------------------
To reply to me, remove the underscores (_) from my email address (and please indicate which newsgroup and message).
Robert E. Zaret, eMVP
PenFact, Inc.
500 Harrison Ave., Suite 3R
Boston, MA 02118
www.penfact.com
-----------------------------------------
To reply to me, remove the underscores (_) from my email address (and please indicate which newsgroup and message).
Robert E. Zaret, eMVP
PenFact, Inc.
500 Harrison Ave., Suite 3R
Boston, MA 02118
www.penfact.com
V
Viviana Vc
Hi,
As already said I chose to write an external tool that is called from
within IS:
I actually found a sample in MSDNL "Creating a DACL" where is a simple
sample that I used so my code looks like:
#define _WIN32_WINNT 0x0500
#include <windows.h>
#include <sddl.h>
#include <stdio.h>
BOOL CreateMyDACL(SECURITY_ATTRIBUTES *);
void main()
{
SECURITY_ATTRIBUTES sa;
sa.nLength = sizeof(SECURITY_ATTRIBUTES);
sa.bInheritHandle = FALSE;
if (!CreateMyDACL(&sa))
{
// Error encountered; generate message and exit.
printf("Failed CreateMyDACL\n");
exit(1);
}
if (0 == CreateDirectory(TEXT("C:\\MyFolder"), &sa))
{
// Error encountered; generate message and exit.
printf("Failed CreateDirectory\n");
exit(1);
}
// Free the memory allocated for the SECURITY_DESCRIPTOR.
if (NULL != LocalFree(sa.lpSecurityDescriptor))
{
// Error encountered; generate message and exit.
printf("Failed LocalFree\n");
exit(1);
}
}
BOOL CreateMyDACL(SECURITY_ATTRIBUTES * pSA)
{
TCHAR * szSD = TEXT("D:") // Discretionary ACL
TEXT("(A;OICI;GA;;;WD)"); // Allow full control to everyone for that directory !!!
if (NULL == pSA)
return FALSE;
return ConvertStringSecurityDescriptorToSecurityDescriptor(
szSD,
SDDL_REVISION_1,
&(pSA->lpSecurityDescriptor),
NULL);
}
HTH,
Viv
As already said I chose to write an external tool that is called from
within IS:
I actually found a sample in MSDNL "Creating a DACL" where is a simple
sample that I used so my code looks like:
#define _WIN32_WINNT 0x0500
#include <windows.h>
#include <sddl.h>
#include <stdio.h>
BOOL CreateMyDACL(SECURITY_ATTRIBUTES *);
void main()
{
SECURITY_ATTRIBUTES sa;
sa.nLength = sizeof(SECURITY_ATTRIBUTES);
sa.bInheritHandle = FALSE;
if (!CreateMyDACL(&sa))
{
// Error encountered; generate message and exit.
printf("Failed CreateMyDACL\n");
exit(1);
}
if (0 == CreateDirectory(TEXT("C:\\MyFolder"), &sa))
{
// Error encountered; generate message and exit.
printf("Failed CreateDirectory\n");
exit(1);
}
// Free the memory allocated for the SECURITY_DESCRIPTOR.
if (NULL != LocalFree(sa.lpSecurityDescriptor))
{
// Error encountered; generate message and exit.
printf("Failed LocalFree\n");
exit(1);
}
}
BOOL CreateMyDACL(SECURITY_ATTRIBUTES * pSA)
{
TCHAR * szSD = TEXT("D:") // Discretionary ACL
TEXT("(A;OICI;GA;;;WD)"); // Allow full control to everyone for that directory !!!
if (NULL == pSA)
return FALSE;
return ConvertStringSecurityDescriptorToSecurityDescriptor(
szSD,
SDDL_REVISION_1,
&(pSA->lpSecurityDescriptor),
NULL);
}
HTH,
Viv
R
r_z_aret
Hi,
As already said I chose to write an external tool that is called from
within IS:
I missed this. To clarify, does "external tool" mean "executable
file"? If so, then that is slightly neater than using a BATch file.
Either way, thanks for posting your solution. Sure is nice to have
clear, directly related, sample code. I may try to translate the code
into something that can be used within InstallShield. And it may be
useful some place else.
I actually found a sample in MSDNL "Creating a DACL" where is a simple
sample that I used so my code looks like:
#define _WIN32_WINNT 0x0500
#include <windows.h>
#include <sddl.h>
#include <stdio.h>
BOOL CreateMyDACL(SECURITY_ATTRIBUTES *);
void main()
{
SECURITY_ATTRIBUTES sa;
sa.nLength = sizeof(SECURITY_ATTRIBUTES);
sa.bInheritHandle = FALSE;
if (!CreateMyDACL(&sa))
{
// Error encountered; generate message and exit.
printf("Failed CreateMyDACL\n");
exit(1);
}
if (0 == CreateDirectory(TEXT("C:\\MyFolder"), &sa))
{
// Error encountered; generate message and exit.
printf("Failed CreateDirectory\n");
exit(1);
}
// Free the memory allocated for the SECURITY_DESCRIPTOR.
if (NULL != LocalFree(sa.lpSecurityDescriptor))
{
// Error encountered; generate message and exit.
printf("Failed LocalFree\n");
exit(1);
}
}
BOOL CreateMyDACL(SECURITY_ATTRIBUTES * pSA)
{
TCHAR * szSD = TEXT("D:") // Discretionary ACL
TEXT("(A;OICI;GA;;;WD)"); // Allow full control to everyone for that directory !!!
if (NULL == pSA)
return FALSE;
return ConvertStringSecurityDescriptorToSecurityDescriptor(
szSD,
SDDL_REVISION_1,
&(pSA->lpSecurityDescriptor),
NULL);
}
HTH,
Viv
-----------------------------------------
To reply to me, remove the underscores (_) from my email address (and please indicate which newsgroup and message).
Robert E. Zaret, eMVP
PenFact, Inc.
500 Harrison Ave., Suite 3R
Boston, MA 02118
www.penfact.com
V
Viviana Vc
Hi,
Yes, the extrenal tool is an exe file.
btw, see my other post as with the cacls tool you might get in trouble
because the "Everyone" is localized, so for instance on a german system
it is "Jeder".
Viv
Yes, the extrenal tool is an exe file.
btw, see my other post as with the cacls tool you might get in trouble
because the "Everyone" is localized, so for instance on a german system
it is "Jeder".
Viv
C
ColdShine
Viviana said:btw, see my other post as with the cacls tool you might get in trouble
because the "Everyone" is localized, so for instance on a german system
it is "Jeder".
I don't think so... look at the names listed here:
http://support.microsoft.com/default.aspx?scid=kb;EN-US;163846
on my Italian localized system, I can use all of these English user/group
names, when setting file/folder access rights. For example, I always have to
type "Administrators" instead of whatever it would translate to.
Altrough the KB refers to Windows NT4, I guess the names have been kept
backwards-compatible in following Windows versions.
A
Alexander Grigoriev
Can you use a subdirectory of All Users\Application Data?
V
Viviana Vc
Might be that you are right. I haven't tried myself, but I read about
this on other newsgroups (InstallShield newsgroups).
this on other newsgroups (InstallShield newsgroups).
V
Viviana Vc
This would have been an idea, but we wanted to have the same structure
relative to our binaries dir for all OSes, so this dir to be alway
../test (where . is let's say c:\program files\myapp). Anyhow that
directory doesn't contain vital info.
relative to our binaries dir for all OSes, so this dir to be alway
../test (where . is let's say c:\program files\myapp). Anyhow that
directory doesn't contain vital info.
A
Alexander Grigoriev
I think All Users is there even starting from Windows 98 (it's under Windows
directory in Win9x).
directory in Win9x).