Page 1 of 1
Set Access Control
Posted: Mon Nov 03, 2014 3:38 am
by tzachk
Hi,
I'm trying to use the Set Access Control command on a registry key for the current installing user.
During the install I added messagebox and noticed that the access control for the registry key was not changed even though using the same user that installer is running with I can change permissions.
I then tried to change it for everyone, which also failed
It seems that I can't get Set Access Control to change access.
Anything special that I need to perform?
Code sample
Code: Select all
~InstallAware Clipboard Data~
~End~
~{F3547C5C-8B6E-4557-A028-1BF69027428B}~
~MessageBox~
~{BD088721-8814-4971-8A3F-C9BB40FB6660}~
~3~
~~
~0~
~1~
~~
~Set Access Control~
~{6A05D92A-CC01-41E5-8F79-553A41BF48A7}~
~HKLM\SOFTWARE\Microsoft\Microsoft Antimalware\~
~FALSE~
~TRUE~
~FALSE~
~FALSE~
~~
~TRUE~
~FALSE~
~TRUE~
~FALSE~
~FALSE~
~FALSE~
~FALSE~
~TRUE~
~FALSE~
~FALSE~
~MessageBox~
~{3CB49F26-E39F-4AE2-BA71-7FAD4F68F5AB}~
~2~
~~
~0~
~1~
~~
~Set Variable~
~{F36A50F7-F99B-45DC-80A2-393118FE59F5}~
~NATIVE_ENGINE$MYAH$MYAH$FALSE~
~FALSE~
~Write Registry~
~{BC214C71-06A9-4D8F-8878-0826D64DAB37}~
~0~
~2|~
~SOFTWARE\Microsoft\Microsoft Antimalware\Exclusions\Paths\~
~$TARGETDIR$~
~0~
~FALSE~
~TRUE~
~Set Variable~
~{4061A2BB-B0BF-4ACA-B13A-6AF6B15817DE}~
~NATIVE_ENGINE$MYAH$MYAH$FALSE~
~TRUE~
~MessageBox~
~{2FD6299E-9FBF-48DB-83CB-372C24F7485E}~
~1~
~~
~0~
~1~
~~
~Set Access Control~
~{7DE73FCC-B026-4D9C-A608-E183ACC6589A}~
~HKLM\SOFTWARE\Microsoft\Microsoft Antimalware\~
~FALSE~
~TRUE~
~FALSE~
~FALSE~
~~
~TRUE~
~TRUE~
~TRUE~
~FALSE~
~FALSE~
~FALSE~
~FALSE~
~TRUE~
~FALSE~
~FALSE~
~If~
~{FD1FC717-0063-4279-A634-E6572518AC0F}~
~MSESSENTIALSINSTALLED~
~0~
~NO$KEY~
~TRUE~
~Check Registry~
~{2EBA81A6-F827-4D41-B53A-FC39A24FF700}~
~MSESSENTIALSINSTALLED|~
~2~
~SOFTWARE\Microsoft\Microsoft Antimalware\Exclusions\Paths~
~~
~End~
~{4D0C542D-2118-4D34-AA8F-55B8C75D16F5}~
~Terminate Install~
~{3EB270C6-2578-41F7-B17B-F1215A6DF248}~
~MessageBox~
~{BA53BCC7-9995-4501-B777-D553A23CE4B2}~
~$TITLE$ Setup Error~
~This product requires at least Administrator Privileges.$NEWLINE$$NEWLINE$Setup cannot continue.~
~3~
~1~
~~
~If~
~{82312EC7-CCD0-4678-A44D-18575A1CCCEA}~
~CHECKSYSTEM~
~0~
~TRUE~
~TRUE~
~Get System Settings~
~{18CA5826-E995-44A8-8F3A-97624AD39D7C}~
~CHECKSYSTEM~
~0~
Regards,
T.
Re: Set Access Control
Posted: Mon Nov 03, 2014 3:00 pm
by FrancescoT
Dear Tzachk,
I am not able to use the code you posted ... probably there was an error when you pasted it, but using the code below I am able to grant read/write permission to "Users".
Code: Select all
~InstallAware Clipboard Data~
~Set Access Control~
~{76431AAA-5C0D-463C-9804-8A7EDF184C77}~
~HKLM\software\mytest~
~FALSE~
~FALSE~
~FALSE~
~TRUE~
~Users~
~TRUE~
~TRUE~
~TRUE~
~FALSE~
~FALSE~
~FALSE~
~FALSE~
~TRUE~
~FALSE~
~FALSE~
~Comment~
~{2A11BF47-F41D-47B2-B1D4-A94EE2D99383}~
~~
~Set Variable~
~{062E9C59-6B7B-4BCE-AA72-7A25F686EC06}~
~NATIVE_ENGINE$MYAH$MYAH$FALSE~
~FALSE~
~Write Registry~
~{FD6431BF-1930-4955-9C31-D986AC894D4A}~
~0~
~2~
~software\mytest~
~Mykey~
~test~
~TRUE~
~FALSE~
~Set Variable~
~{59B8CADE-CCA6-454F-BA27-FF3B7EBC2532}~
~NATIVE_ENGINE$MYAH$MYAH$FALSE~
~TRUE~
Hope this helps you.
Regards
Re: Set Access Control
Posted: Tue Nov 04, 2014 2:48 am
by tzachk
Hi Francesco,
Your code works but mine does not.
My code tries to add an exception to Microsoft essentials (A.V).
I tried to copy back my code from the support web site and paste it to Installaware and it was fine.
Code: Select all
~InstallAware Clipboard Data~
~End~
~{F3547C5C-8B6E-4557-A028-1BF69027428B}~
~MessageBox~
~{BD088721-8814-4971-8A3F-C9BB40FB6660}~
~3~
~~
~0~
~1~
~~
~Set Access Control~
~{6A05D92A-CC01-41E5-8F79-553A41BF48A7}~
~HKLM\SOFTWARE\Microsoft\Microsoft Antimalware\~
~FALSE~
~FALSE~
~FALSE~
~TRUE~
~Users~
~TRUE~
~FALSE~
~TRUE~
~FALSE~
~FALSE~
~FALSE~
~FALSE~
~TRUE~
~FALSE~
~FALSE~
~MessageBox~
~{3CB49F26-E39F-4AE2-BA71-7FAD4F68F5AB}~
~2~
~~
~0~
~1~
~~
~Set Variable~
~{F36A50F7-F99B-45DC-80A2-393118FE59F5}~
~NATIVE_ENGINE$MYAH$MYAH$FALSE~
~FALSE~
~Write Registry~
~{BC214C71-06A9-4D8F-8878-0826D64DAB37}~
~0~
~2|~
~SOFTWARE\Microsoft\Microsoft Antimalware\Exclusions\Paths\~
~$TARGETDIR$~
~0~
~FALSE~
~TRUE~
~Set Variable~
~{4061A2BB-B0BF-4ACA-B13A-6AF6B15817DE}~
~NATIVE_ENGINE$MYAH$MYAH$FALSE~
~TRUE~
~MessageBox~
~{2FD6299E-9FBF-48DB-83CB-372C24F7485E}~
~1~
~~
~0~
~1~
~~
~Set Access Control~
~{7DE73FCC-B026-4D9C-A608-E183ACC6589A}~
~HKLM\SOFTWARE\Microsoft\Microsoft Antimalware\~
~FALSE~
~FALSE~
~FALSE~
~TRUE~
~Users~
~TRUE~
~TRUE~
~TRUE~
~FALSE~
~FALSE~
~FALSE~
~FALSE~
~TRUE~
~FALSE~
~FALSE~
~If~
~{FD1FC717-0063-4279-A634-E6572518AC0F}~
~MSESSENTIALSINSTALLED~
~0~
~NO$KEY~
~TRUE~
~Check Registry~
~{2EBA81A6-F827-4D41-B53A-FC39A24FF700}~
~MSESSENTIALSINSTALLED|~
~2~
~SOFTWARE\Microsoft\Microsoft Antimalware\Exclusions\Paths~
~~
~End~
~{4D0C542D-2118-4D34-AA8F-55B8C75D16F5}~
~Terminate Install~
~{3EB270C6-2578-41F7-B17B-F1215A6DF248}~
~MessageBox~
~{BA53BCC7-9995-4501-B777-D553A23CE4B2}~
~$TITLE$ Setup Error~
~This product requires at least Administrator Privileges.$NEWLINE$$NEWLINE$Setup cannot continue.~
~3~
~1~
~~
~If~
~{82312EC7-CCD0-4678-A44D-18575A1CCCEA}~
~CHECKSYSTEM~
~0~
~TRUE~
~TRUE~
~Get System Settings~
~{18CA5826-E995-44A8-8F3A-97624AD39D7C}~
~CHECKSYSTEM~
~0~
Re: Set Access Control
Posted: Tue Nov 04, 2014 8:13 am
by tzachk
Hi Francesco,
I just found out why it is not working for me. If there is a user set with permissions on this key, Set Access Control won't change his access control.
How can I bypass this issue? Can I remove a user from a key?
Regards,
T.
Re: Set Access Control
Posted: Tue Nov 04, 2014 12:57 pm
by FrancescoT
Let me check.
Regards
Re: Set Access Control
Posted: Thu Nov 06, 2014 4:42 am
by FrancescoT
Dear Tzachk,
I just tried to grant a READ/WRITE permission to Users, over a REG-Key that already has a READ permission ... and it worked fine.
I can only suppose that probably exist something else at the source of your problem and this due the nature of the key your are trying to edit (Microsoft Antimalware). For example, it could be possible that may exist a security policy that affects that key and this due the purpose of the key itself.
I may suggest you to verify if exist any documentation about this, that could be available with the application that generated the key.
Hope this helps you.
Regards
Re: Set Access Control
Posted: Thu Nov 13, 2014 2:27 am
by tzachk
Hi Francesco,
Thanks.
I shall check it out.
Regards,
T.
Re: Set Access Control
Posted: Thu Nov 13, 2014 12:28 pm
by FrancescoT
Re: Set Access Control
Posted: Tue Dec 02, 2014 9:26 am
by tzachk
Hi Francesco,
I got back to this issue and now I saw that Microsoft antimalware registry has only SYSTEM account with set value enabled.
Is it possible in Installaware to set registry keys while running with SYSTEM account ACL? (without executing external program. A solution that I shal revert to if nothing else helps).
Regards,
T.
Re: Set Access Control
Posted: Tue Dec 02, 2014 1:32 pm
by FrancescoT
Dear Tzachk,
if you run the package under System Account, I am sure you can set registry keys ... but I don't know if that particular key may have some other behaviors.
You could use "PSTools" for such purpose.
http://technet.microsoft.com/en-us/sysinternals/bb896649.aspxRegards
