Question

我正在努力解决这个问题。我需要通过我的Wix安装程序将ASP.Net站点中App_Data文件夹的权限设置为Modify for NetworkService帐户。我试过以下但没有运气。

<CreateFolder>
  <util:PermissionEx GenericAll="yes" ChangePermission="yes" Delete="yes" 
    DeleteChild="yes" User="[WIX_ACCOUNT_NETWORKSERVICE]" />
</CreateFolder>

我也试过指定Append，但是我收到一个错误，说它不被允许。

Answer 1

您想要User =“NetworkService”。 SecureObj.cpp代码中有一个众所周知的用户列表，它支持PermissionEx。

    `// figure out the right user to put into the access block
    if (!*pwzDomain && 0 == lstrcmpW(pwzUser, L"Everyone"))
    {
        hr = AclGetWellKnownSid(WinWorldSid, &psid);
    }
    else if (!*pwzDomain && 0 == lstrcmpW(pwzUser, L"Administrators"))
    {
        hr = AclGetWellKnownSid(WinBuiltinAdministratorsSid, &psid);
    }
    else if (!*pwzDomain && 0 == lstrcmpW(pwzUser, L"LocalSystem"))
    {
        hr = AclGetWellKnownSid(WinLocalSystemSid, &psid);
    }
    else if (!*pwzDomain && 0 == lstrcmpW(pwzUser, L"LocalService"))
    {
        hr = AclGetWellKnownSid(WinLocalServiceSid, &psid);
    }
    else if (!*pwzDomain && 0 == lstrcmpW(pwzUser, L"NetworkService"))
    {
        hr = AclGetWellKnownSid(WinNetworkServiceSid, &psid);
    }
    else if (!*pwzDomain && 0 == lstrcmpW(pwzUser, L"AuthenticatedUser"))
    {
        hr = AclGetWellKnownSid(WinAuthenticatedUserSid, &psid);
    }
    else if (!*pwzDomain && 0 == lstrcmpW(pwzUser, L"Guests"))
    {
        hr = AclGetWellKnownSid(WinBuiltinGuestsSid, &psid);
    }
    else if(!*pwzDomain && 0 == lstrcmpW(pwzUser, L"CREATOR OWNER"))
    {
        hr = AclGetWellKnownSid(WinCreatorOwnerSid, &psid);
    }
    else if (!*pwzDomain && 0 == lstrcmpW(pwzUser, L"INTERACTIVE"))
    {
        hr = AclGetWellKnownSid(WinInteractiveSid, &psid);
    }
    else if(!*pwzDomain && 0 == lstrcmpW(pwzUser, L"Users"))
    {
        hr = AclGetWellKnownSid(WinBuiltinUsersSid, &psid);
    }
    else`

Windows Installer LockPermission表（WiX中的Permission元素）也支持大多数众所周知的名称，但它们是本地化的，这是一个非常糟糕的设计，恕我直言。这就是为什么WiX有这个已知名单的原因。

Answer 2

好吧，我找到了答案（可能不是答案）。您不能使用util：PermissionEx为“网络服务”帐户设置文件权限（它不是一个众所周知的sid或类似的东西）。最后，我编写了一个自定义操作，使用cacls.exe实用程序设置权限。

<CustomAction Id="PermissionAppData" Directory="TARGETDIR" 
  ExeCommand="&quot;[SystemFolder]cacls.exe&quot; 
  &quot;[INSTALLDIR]\App_Data&quot;
  /T /E /G &quot;NT AUTHORITY\Network Service:C&quot;" Return="check" />

WiX设置App_Data文件夹权限以修改NetworkService

2 个答案: