Kevin2341
Posts: 7
Joined: Thu Jul 26, 2018 5:15 pm

Applying permissions to user created during installation?

Thu Jul 26, 2018 5:23 pm

In my installer, I am installing a few services and then a deploying a website to IIS. In order for my website to work, the application pool user which the website is ran with needs to have permissions to a few folders for it to do its job. When I do this manually, I have to find the folder I want to grant permissions, open the properties for that folder, hit the security tab, click edit, click add, I select the location and make sure I have the correct machine selected. The after that, I type "IIS AppPool\<AppPoolName>" into the text box to the left of the "Check Names" button. After that, I hit check names, Windows does some magic and produces the correct user, I click ok, then select the user in the "Group or user names" box, and then in the permissions box I grant the right to read and modify the directory for that user.

I need to have the installer do that process for me, but I have no clue how to go about doing it. I tried adding this to the permissions tab to the folder that contains my website in Advanced Installer, but during installation I get an error that says, "An error occured while applying security settings. IIS AppPool\<AppPoolName> is not a valid user or group. This could be a problem with the package, or problem connecting to a domain controller on the network. Check your network connection and click "Retry", or "Cancel" to end the install."

Is there a way I can grant these permissions as a script or something after the installation completes?

Catalin
Posts: 6542
Joined: Wed Jun 13, 2018 7:49 am

Re: Applying permissions to user created during installation?

Fri Jul 27, 2018 2:27 pm

Hello Kevin and welcome to our forums,

In order to grant permissions to a User, you can create a Custom Action which does that and place it after Finish Execution action group from Install Execution Stage (Custom Actions page).

This can be achievable as it follows:
1) Create a .BAT file where you can enter the following lines:
-For example, if you want to grant a user Full Control over a folder and its subfolders, you can use this command line:

Code: Select all

icacls "C:\YourFolder" /grant YourUserName:F /T
where F represents full control and /T means that the permission will apply recursively to existing files and sub-folders.
-For example, if you want to apply Modify permission to IIS users for a folder, you can use this command line:

Code: Select all

icacls "C:\YourFolder" /grant IIS_IUSRS:M
where M represents modify permission.

2) After doing that, you can add it as a temporary file. In order to do so, you can go to "Files and Folders" page --> click on "Add Temporary File" --> select your file and then click "Open". Also please keep in mind that Temporary Files are copied during the CostFinalize standard action, at the beginning of the setup and removed during the InstallFinalize standard action. Taking in consideration that we want our script to execute after Finish Execution action group (where InstallFinalize standard action is executed),we need to prevent our temporary file to be deleted. In order to do that, click on your temporary file from Files and Folders page, click on the "Properties" button from the toolbar and then in the Edit Temporary File, check the "Do not remove the file when setup ends" option.

3) After that, we have to create our custom action which will launch the .BAT file. To do that, you can go to "Custom Actions" page, click on LaunchFile custom action and click on the "Add custom action with sequence" button (it is located to the right side of the custom action name). In the "File to launch" field, you can add the temporary file as it follows:

Code: Select all

[&YourBatFile.bat]
For example, if your bat file is named test.bat, the "File to Launch" field should look like this:

Code: Select all

[&yourbatfile.bat]
After doing that, check the Run as Administrator and Use 64-bit Launcher options. Also, do not forget to uncheck the "Uninstall" and "Maintenance" options from "Execution Stage Condition".

All that you have to do now is to place the custom action after the "Finish Execution" action group. To do so, just drag and drop it after the respective group.

Hope this helps!

Regards,
Catalin
Catalin Gheorghe - Advanced Installer Team
Follow us: Twitter - Facebook - YouTube

davidjhomer
Posts: 55
Joined: Wed Jun 08, 2016 3:58 pm
Contact:  Website Facebook Skype Twitter

Re: Applying permissions to user created during installation?

Sat May 02, 2020 4:10 pm

Having tried this bewarned running commands after Finish Execution that fail cause all kinds of problems, and stop the installer from rolling back.
CENTREL Solutions Ltd
Server audit and documentation tools.
http://www.centrel-solutions.com

Catalin
Posts: 6542
Joined: Wed Jun 13, 2018 7:49 am

Re: Applying permissions to user created during installation?

Mon May 04, 2020 11:07 am

Hello David,

The installer does not roll back because the custom action executes after the "deferred" stage. The rollback actions executes only for the standard actions that are executing during the deferred stage.

Also, in order for me to further investigate this, could you please give me some more details about what exactly is failing (e.g. a screenshot of the error)? If possible, could you please create a verbose log of the installation process and forward it to me (either here or over the e-mail at support at advancedinstaller dot com?

Also, could you please give me some more details about what exactly you are trying to achieve? As this post is pretty old, we may be able to find a better and easier way of achieving this.

Also, as a wild guess, please make sure that the file is present on the target machine when the custom action executes. Since the file was added as a temporary file and these files are usually deleted at the end of the installation, please make sure that your file has the "Do not delete at the end of the installation" option set. To do so, you can go to "Files and Folders" page --> select your file --> double click on it.

Looking forward to hearing from you.

Best regards,
Catalin
Catalin Gheorghe - Advanced Installer Team
Follow us: Twitter - Facebook - YouTube

Return to “Building Installers”