Hello Thomas,
First of all, thank you for the sent files.
Please accept my apologies for the delayed reply, but we do not work over the weekend here and it also took me quite some time to investigate this.
Now please allow me to answer your questions:
2 - If you want your files to not be overwritten during an upgrade, I can confirm that your approach is correct. However, a condition may be used there, e.g.:
OLDPRODUCTS
The above is a property that that is set only during an upgrade and it contains the product code(s) of the previous version(s).
1 - In what regards this, I have to admit that this is really strange, but in the end I was able to replicate the behavior. Now, the explanation may be a bit long, but please bear with me:
So basically, there are two ways in which you can set a folder permissions in Advanced Installer, and both ways are related to the
"Keep existing permissions" option (right click your folder -->
"Properties" -->
"Permissions" tab).
1. if the above option is not selected, the default Windows Installer support is used. Basically, we do not alter the behavior at all.
This is also the case we are currently in. From what I saw in your project, you do not have that option checked.
At first, I thought that there may be some miss-configuration in your project, but then I was able to replicate this in a very simple project. This made me think that this is actually a Windows Installer limitation that does not allow generating new permissions for a folder that previously have no permissions on it, if the installation type is of per-machine. Unfortunately, I really can not tell you why this happens as this makes completely zero sense to me, too.
2. if the above option is selected, we alter the predefined Windows Installer support. Actually, it can not even be called "altered", as we pretty much do it all by ourselves here. As its name suggests, this option allows you to keep the already inherited permissions from the parent folder.
By checking this option, the error you get when installing for all users should be gone. However, from the tests I've performed so far, I could notice the following:
(I also noticed that you want to give the
"Users" group
Modify, Read&Execute, List Folder Contents, Read and Write permissions)
When the installation type is set to
"Everybody (all users)", the above mentioned permission that you are trying to add is not added. I can confirm that this is an issue in what regards Advanced Installer which I have already reported and which hopefully will be fixed in a future version of Advanced Installer.
Until then, as a workaround, we can use a custom approach. For instance, a custom action that will add the permissions for us in case the installation type is of
"Everybody (all users)" type. For this, I have created a PowerShell script which does that for you.
Here are few things to be kept in mind:
- first of all, this custom action can be added in your project as a
"Run PowerShell inline script"
- this custom action should be scheduled between the
"StartServices" and
"RegisterUser" standard action (this is where our custom action, that applies the permissions, runs)
By default, the above mentioned standard actions are not displayed in the actions tree. To show them, please proceed as it follows: go to
"Custom Actions" page --> under
"Install Execution Stage" please right click on any action group -->
"Show Standard Actions" -->
"Add Resources" -->
"Start Services". Now please repeat this step for the
"RegisterUser" action as well.
In order to schedule the PowerShell custom action between those two, simply drag and drop it.
- the custom action's
"Execution Time" should be set to
"When the system is being modified (deferred)", as this is the stage where our predefined custom action would normally run.
I think that this is pretty much it about the custom action. The custom action could look like this:
Code: Select all
# An access control list (ACL) is a list of access control entries (ACE).
# This custom action should be scheduled between StartServices and RegisterUser standard actions (at this stage, our custom action takes place - AI_ConfigPermissions")
$acl = Get-Acl "C:\Users\Catalin\Desktop\MyFolder"
$users = [System.Security.Principal.NTAccount]"Builtin\Users"
$access = [System.Security.AccessControl.FileSystemRights]"FullControl"
# the ACE (access control entry) will be inherited by both container objects and leaf objects (aka both folders and files)
$inheritance = [System.Security.AccessControl.InheritanceFlags]"ContainerInherit,ObjectInherit"
$propagation = [System.Security.AccessControl.PropagationFlags]"None"
$type = [System.Security.AccessControl.AccessControlType]"Allow"
$rule = New-Object System.Security.AccessControl.FileSystemAccessRule($users, $access,$inheritance, $propagation, $type)
$acl.AddAccessRule($rule)
$acl |Set-Acl
Also, for your reference, a screenshot with how the custom action should be configured:
- Workaround - PowerShell script.png (190.37 KiB) Viewed 2424 times
Hope this will help.
Best regards,
Catalin