Community
FAQ Community User guide Contact Customer Info
Post Reply
leeroy
Posts: 28
Joined: Mon May 03, 2021 11:13 pm

Using a "Execute inline Script Code" How do you modify file permissions?

We are building an installer that has some custom actions that create a file (which works) and need to modify the file permissions. We cannot use inline powershell script due to some group policy limitations. Using powershell this is easy with icacls, but not sure how to do this in VBScript, as it doesn't seem to support "WScript.Shell".

Failing part of the inline script:

Code: Select all

Sub SetWritePermissions()
  Dim objShell, command

  Set objShell = CreateObject("WScript.Shell")
  command = "icacls " & configFilePath & " /grant *S-1-5-32-545:RXW"

  objShell.Run command, 0, True
  Set objShell = Nothing
End Sub

SetWritePermissions
Any help is much appreciated.
Catalin
Posts: 6958
Joined: Wed Jun 13, 2018 7:49 am

Re: Using a "Execute inline Script Code" How do you modify file permissions?

Hello,

Regarding the PowerShell script, if you cannot run these due to the "AllSigned" GPO, please note there is a workaround for this.

PowerShell Script Options
When there exists a GPO (Group Policy Object) restricting the execution of scripts, the digital certificate must be present in the Trusted Publishers in order for the script execution to succeed.
Now, regarding the VBScript, could you please give me some more details about this?

I'm pretty sure the Wscript.Shell is supported as I've used it many times in the past. Perhaps there's something else here.

For instance, are you able to manually run the script without encountering any errors?

If so, could you please let me know how you've scheduled your custom action? Setting file permissions require admin rights and therefore the custom action should be run elevated (deferred stage with the "Run under the LocalSystem account with full privileges (no impersonation)" option)

Best regards,
Catalin
Catalin Gheorghe - Advanced Installer Team
Follow us: Twitter - Facebook - YouTube
leeroy
Posts: 28
Joined: Mon May 03, 2021 11:13 pm

Re: Using a "Execute inline Script Code" How do you modify file permissions?

It looks like it was a quoting issue on the command. The path had spaces in it.

Needed to be:

Code: Select all

command = "icacls """ & configFilePath & """ /grant *S-1-5-32-545:RXW"
Please consider this resolved.
Catalin
Posts: 6958
Joined: Wed Jun 13, 2018 7:49 am

Re: Using a "Execute inline Script Code" How do you modify file permissions?

Hello,

Thank you for your followup on this!

Glad to hear you managed to find the culprit and that everything is working as expected now.

Best regards,
Catalin
Catalin Gheorghe - Advanced Installer Team
Follow us: Twitter - Facebook - YouTube
Post Reply

Return to “Building Installers”