By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
434,775 Members | 1,425 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 434,775 IT Pros & Developers. It's quick & easy.

Create a dir where all the users have the right to write

P: n/a
How can I programatically do the equivalent of the following:
cacls "C:\Program Files\test" /T /G Everyone:f ?

Thanks,
Viv
Jul 21 '05 #1
Share this Question
Share on Google+
15 Replies


P: n/a
On Tue, 22 Jun 2004 11:21:11 +0200, Viviana Vc <vc*******@hotmail.com>
wrote:
How can I programatically do the equivalent of the following:
cacls "C:\Program Files\test" /T /G Everyone:f ?
I'm just getting around to a minor variant of the question. I'll be
trying to do it from an old version of InstallShield, so I plan to
call the InstallShield function to execute run an external exe. From
straight Win 32, I would try ShellExecute (simpler) and then
CreateProcess.

I've started by experimenting with a DOS prompt. So far, I can't find
a set of arguments that will eliminate all prompts.

Thanks,
Viv


-----------------------------------------
To reply to me, remove the underscores (_) from my email address (and please indicate which newsgroup and message).

Robert E. Zaret, eMVP
PenFact, Inc.
500 Harrison Ave., Suite 3R
Boston, MA 02118
www.penfact.com
Jul 21 '05 #2

P: n/a
Hi Robert,

I also have to create this dir from within InstallShield, so first I
tried to find if InstallShield offers a way to do this, but seems not,
so I'll have to call an external exe to do this.

You should be aware that calling with CreateProcess or ShellExecute the
command:
cacls "C:\Program Files\test" /T /G Everyone:f
is not a good idea because:
a) - cacls it's asking for the user input ("Are you sure? y/n")
b) - "Everyone" is localized, so it won't work on a non-english OS !!!

To solve the above problems I found in MSDNL the following articles:
for a): "How to Use CACLS.EXE in a Batch File"
for b): "Creating a DACL" -> for programatically change the security of
the directory

Maybe this helps you also (I'm now investigating the second article),
Viv

On Wed, 23 Jun 2004 13:14:00 -0400, r_z_aret@pen_fact.com wrote :
On Tue, 22 Jun 2004 11:21:11 +0200, Viviana Vc <vc*******@hotmail.com>
wrote:
How can I programatically do the equivalent of the following:
cacls "C:\Program Files\test" /T /G Everyone:f ?


I'm just getting around to a minor variant of the question. I'll be
trying to do it from an old version of InstallShield, so I plan to
call the InstallShield function to execute run an external exe. From
straight Win 32, I would try ShellExecute (simpler) and then
CreateProcess.

I've started by experimenting with a DOS prompt. So far, I can't find
a set of arguments that will eliminate all prompts.

Thanks,
Viv


-----------------------------------------
To reply to me, remove the underscores (_) from my email address (and please indicate which newsgroup and message).

Robert E. Zaret, eMVP
PenFact, Inc.
500 Harrison Ave., Suite 3R
Boston, MA 02118
www.penfact.com


Jul 21 '05 #3

P: n/a
Viviana Vc in news:2j*************@uni-berlin.de wrote:
b) - "Everyone" is localized, so it won't work on a non-english OS !!!


No, it's not localized. At least, not in the Italian version (which is what
I have); these are left untranslated:

Administrator
Administrators
Guest
Guests
Users
Power Users
Everyone
Backup Operators

These are translated:

Local Service
Network Service

.... and possibily others I don't recall right now.

--
ColdShine

"Experience is a hard teacher: she gives the test first, the lesson
afterwards." - Vernon Sanders law
Jul 21 '05 #4

P: n/a
btw, if the directory is already created, what would be the function
that I need to call to change the directory's security attributes?

I know that I could directly create the directory with it's needed
security attributes using CreateDirectory(), but let's assume it was
already created and in this case I just need to change it's attr., what
function should I use?

Thx,
Viv
On Thu, 24 Jun 2004 12:18:04 +0200, Viviana Vc <vc*******@hotmail.com>
wrote :
Hi Robert,

I also have to create this dir from within InstallShield, so first I
tried to find if InstallShield offers a way to do this, but seems not,
so I'll have to call an external exe to do this.

You should be aware that calling with CreateProcess or ShellExecute the
command:
cacls "C:\Program Files\test" /T /G Everyone:f
is not a good idea because:
a) - cacls it's asking for the user input ("Are you sure? y/n")
b) - "Everyone" is localized, so it won't work on a non-english OS !!!

To solve the above problems I found in MSDNL the following articles:
for a): "How to Use CACLS.EXE in a Batch File"
for b): "Creating a DACL" -> for programatically change the security of
the directory

Maybe this helps you also (I'm now investigating the second article),
Viv

On Wed, 23 Jun 2004 13:14:00 -0400, r_z_aret@pen_fact.com wrote :
On Tue, 22 Jun 2004 11:21:11 +0200, Viviana Vc <vc*******@hotmail.com>
wrote:
How can I programatically do the equivalent of the following:
cacls "C:\Program Files\test" /T /G Everyone:f ?


I'm just getting around to a minor variant of the question. I'll be
trying to do it from an old version of InstallShield, so I plan to
call the InstallShield function to execute run an external exe. From
straight Win 32, I would try ShellExecute (simpler) and then
CreateProcess.

I've started by experimenting with a DOS prompt. So far, I can't find
a set of arguments that will eliminate all prompts.

Thanks,
Viv


-----------------------------------------
To reply to me, remove the underscores (_) from my email address (and please indicate which newsgroup and message).

Robert E. Zaret, eMVP
PenFact, Inc.
500 Harrison Ave., Suite 3R
Boston, MA 02118
www.penfact.com


Jul 21 '05 #5

P: n/a
On Thu, 24 Jun 2004 12:18:04 +0200, Viviana Vc <vc*******@hotmail.com>
wrote:
Hi Robert,

I also have to create this dir from within InstallShield, so first I
tried to find if InstallShield offers a way to do this, but seems not,
so I'll have to call an external exe to do this.
I just tried LaunchAppAndWait (InstallShield function), with no
success, using the following (adapted from the article you cited):
svWork = "echo y| cacls svDir /e /g everyone:f";
LaunchAppAndWait( svWork, "", WAIT );
No effect. Just in case, I also tried using svWork as the argument and
"" as the command line. No effect. I suspect the problem is the
characters (echo y|) preceding the actual command.

The article mentions xcacl, and says it is part of the NT resource
kit. So I suppose I could get and use it. But would it work under Win
2K and Win XP? I'ld much rather stick with something that ships _with_
the operating system.

You should be aware that calling with CreateProcess or ShellExecute the
command:
cacls "C:\Program Files\test" /T /G Everyone:f
is not a good idea because:
a) - cacls it's asking for the user input ("Are you sure? y/n")
b) - "Everyone" is localized, so it won't work on a non-english OS !!!

To solve the above problems I found in MSDNL the following articles:
for a): "How to Use CACLS.EXE in a Batch File"
for b): "Creating a DACL" -> for programatically change the security of
the directory

Maybe this helps you also (I'm now investigating the second article),
Viv

On Wed, 23 Jun 2004 13:14:00 -0400, r_z_aret@pen_fact.com wrote :
On Tue, 22 Jun 2004 11:21:11 +0200, Viviana Vc <vc*******@hotmail.com>
wrote:
How can I programatically do the equivalent of the following:
cacls "C:\Program Files\test" /T /G Everyone:f ?


I'm just getting around to a minor variant of the question. I'll be
trying to do it from an old version of InstallShield, so I plan to
call the InstallShield function to execute run an external exe. From
straight Win 32, I would try ShellExecute (simpler) and then
CreateProcess.

I've started by experimenting with a DOS prompt. So far, I can't find
a set of arguments that will eliminate all prompts.

Thanks,
Viv


-----------------------------------------
To reply to me, remove the underscores (_) from my email address (and please indicate which newsgroup and message).

Robert E. Zaret, eMVP
PenFact, Inc.
500 Harrison Ave., Suite 3R
Boston, MA 02118
www.penfact.com


-----------------------------------------
To reply to me, remove the underscores (_) from my email address (and please indicate which newsgroup and message).

Robert E. Zaret, eMVP
PenFact, Inc.
500 Harrison Ave., Suite 3R
Boston, MA 02118
www.penfact.com
Jul 21 '05 #6

P: n/a
I believe the correct syntax for this is:

svWork = "cacls";
svCmd="svDir /e /g everyone:f";
LaunchAppAndWait( svWork, svCmd, WAIT );

Just a thought,
Drew

<r_z_aret@pen_fact.com> wrote in message
news:mu********************************@4ax.com...
On Thu, 24 Jun 2004 12:18:04 +0200, Viviana Vc <vc*******@hotmail.com>
wrote:
Hi Robert,

I also have to create this dir from within InstallShield, so first I
tried to find if InstallShield offers a way to do this, but seems not,
so I'll have to call an external exe to do this.
I just tried LaunchAppAndWait (InstallShield function), with no
success, using the following (adapted from the article you cited):
svWork = "echo y| cacls svDir /e /g everyone:f";
LaunchAppAndWait( svWork, "", WAIT );
No effect. Just in case, I also tried using svWork as the argument and
"" as the command line. No effect. I suspect the problem is the
characters (echo y|) preceding the actual command.

The article mentions xcacl, and says it is part of the NT resource
kit. So I suppose I could get and use it. But would it work under Win
2K and Win XP? I'ld much rather stick with something that ships _with_
the operating system.

You should be aware that calling with CreateProcess or ShellExecute the
command:
cacls "C:\Program Files\test" /T /G Everyone:f
is not a good idea because:
a) - cacls it's asking for the user input ("Are you sure? y/n")
b) - "Everyone" is localized, so it won't work on a non-english OS !!!

To solve the above problems I found in MSDNL the following articles:
for a): "How to Use CACLS.EXE in a Batch File"
for b): "Creating a DACL" -> for programatically change the security of
the directory

Maybe this helps you also (I'm now investigating the second article),
Viv

On Wed, 23 Jun 2004 13:14:00 -0400, r_z_aret@pen_fact.com wrote :
On Tue, 22 Jun 2004 11:21:11 +0200, Viviana Vc <vc*******@hotmail.com>
wrote:

How can I programatically do the equivalent of the following:
cacls "C:\Program Files\test" /T /G Everyone:f ?

I'm just getting around to a minor variant of the question. I'll be
trying to do it from an old version of InstallShield, so I plan to
call the InstallShield function to execute run an external exe. From
straight Win 32, I would try ShellExecute (simpler) and then
CreateProcess.

I've started by experimenting with a DOS prompt. So far, I can't find
a set of arguments that will eliminate all prompts.
Thanks,
Viv

-----------------------------------------
To reply to me, remove the underscores (_) from my email address (and please indicate which newsgroup and message).
Robert E. Zaret, eMVP
PenFact, Inc.
500 Harrison Ave., Suite 3R
Boston, MA 02118
www.penfact.com


-----------------------------------------
To reply to me, remove the underscores (_) from my email address (and

please indicate which newsgroup and message).
Robert E. Zaret, eMVP
PenFact, Inc.
500 Harrison Ave., Suite 3R
Boston, MA 02118
www.penfact.com

Jul 21 '05 #7

P: n/a
Success! A bit of a kludge (so suggestions welcome), but it works.

I added the following lines to my InstallShield script:
------
// SetAcc.bat is a BATch file that issues the command
// echo y| cacls %1 /e /g everyone:f
// See MSDN Knowledge Base article 135268 ("How to Use
CACLS.EXE in a BatchFile")
// Also, see 24 - 30 Jun 04 thread called
// "Create a dir where all the users have the right to write"
in
// comp.os.ms-windows.programmer.win32 and other fine
newsgroups
// The file must be in uncompressed setup files.
// svWork = SUPPORTDIR ^ "cacls.bat";
svWork = SRCDIR ^ "setacc.bat";
// BATch file will parse arg into pieces if it includes
embedded spaces
LongPathToShortPath( svDir );
if (!PFFileExists( SRCDIR, "setacc.bat", "ShowDialogs" ))then
MessageBox( "Can't find setacc.bat", WARNING );
else
if (LaunchAppAndWait( svWork, svDir, WAIT ) != 1) then
MessageBox( "Attempt to set access failed", INFO );
endif;
endif;
------

Here is the "source" for setacc.bat:
------
@echo off

REM BATch file to give everyone full access to specified folder
REM - to be invoked from an InstallShield script

REM See MSDN Knowledge Base article 135268 ("How to Use CACLS.EXE in a
BatchFile")
REM See also a 24-30 June 2004 thread called
REM "AlsoCreate a dir where all the users have the right to write"
REM in comp.os.ms-windows.programmer.win32 and other fine
newsgroups

REM Caller needs to put quotation marks around the argument, or pass
REM only short paths (with no embedded blanks), or it won't be
REM parsed as one argument. Thus, the following line should not.

echo y| cacls %1 /e /g everyone:f
------

I sort of want to move setacc.bat to the compressed files, so it isn't
visible on the distribution CD. But just moving it didn't work,
because then I couldn't invoke it. I vaguely remember InstallShield
functions that explicitly uncompress files, so a script could use
them. On the other hand, it could be a legitimate tool for some users.

I briefly tried writing a program, to replace the batch file. But the
functions used to control access seem too complex to be worth
conquering for this project. And that would still require an auxiliary
file. Maybe if I got that program working I could then use the same
code in an InstallShield script. Maybe someday/

On Thu, 24 Jun 2004 15:54:26 -0400, r_z_aret@pen_fact.com wrote:
On Thu, 24 Jun 2004 12:18:04 +0200, Viviana Vc <vc*******@hotmail.com>
wrote:
Hi Robert,

I also have to create this dir from within InstallShield, so first I
tried to find if InstallShield offers a way to do this, but seems not,
so I'll have to call an external exe to do this.


I just tried LaunchAppAndWait (InstallShield function), with no
success, using the following (adapted from the article you cited):
svWork = "echo y| cacls svDir /e /g everyone:f";
LaunchAppAndWait( svWork, "", WAIT );
No effect. Just in case, I also tried using svWork as the argument and
"" as the command line. No effect. I suspect the problem is the
characters (echo y|) preceding the actual command.

The article mentions xcacl, and says it is part of the NT resource
kit. So I suppose I could get and use it. But would it work under Win
2K and Win XP? I'ld much rather stick with something that ships _with_
the operating system.

You should be aware that calling with CreateProcess or ShellExecute the
command:
cacls "C:\Program Files\test" /T /G Everyone:f
is not a good idea because:
a) - cacls it's asking for the user input ("Are you sure? y/n")
b) - "Everyone" is localized, so it won't work on a non-english OS !!!

To solve the above problems I found in MSDNL the following articles:
for a): "How to Use CACLS.EXE in a Batch File"
for b): "Creating a DACL" -> for programatically change the security of
the directory

Maybe this helps you also (I'm now investigating the second article),
Viv

On Wed, 23 Jun 2004 13:14:00 -0400, r_z_aret@pen_fact.com wrote :
On Tue, 22 Jun 2004 11:21:11 +0200, Viviana Vc <vc*******@hotmail.com>
wrote:

How can I programatically do the equivalent of the following:
cacls "C:\Program Files\test" /T /G Everyone:f ?

I'm just getting around to a minor variant of the question. I'll be
trying to do it from an old version of InstallShield, so I plan to
call the InstallShield function to execute run an external exe. From
straight Win 32, I would try ShellExecute (simpler) and then
CreateProcess.

I've started by experimenting with a DOS prompt. So far, I can't find
a set of arguments that will eliminate all prompts.
Thanks,
Viv

-----------------------------------------
To reply to me, remove the underscores (_) from my email address (and please indicate which newsgroup and message).

Robert E. Zaret, eMVP
PenFact, Inc.
500 Harrison Ave., Suite 3R
Boston, MA 02118
www.penfact.com


-----------------------------------------
To reply to me, remove the underscores (_) from my email address (and please indicate which newsgroup and message).

Robert E. Zaret, eMVP
PenFact, Inc.
500 Harrison Ave., Suite 3R
Boston, MA 02118
www.penfact.com


-----------------------------------------
To reply to me, remove the underscores (_) from my email address (and please indicate which newsgroup and message).

Robert E. Zaret, eMVP
PenFact, Inc.
500 Harrison Ave., Suite 3R
Boston, MA 02118
www.penfact.com
Jul 21 '05 #8

P: n/a
Hi,

As already said I chose to write an external tool that is called from
within IS:

I actually found a sample in MSDNL "Creating a DACL" where is a simple
sample that I used so my code looks like:

#define _WIN32_WINNT 0x0500

#include <windows.h>
#include <sddl.h>
#include <stdio.h>

BOOL CreateMyDACL(SECURITY_ATTRIBUTES *);

void main()
{
SECURITY_ATTRIBUTES sa;

sa.nLength = sizeof(SECURITY_ATTRIBUTES);
sa.bInheritHandle = FALSE;

if (!CreateMyDACL(&sa))
{
// Error encountered; generate message and exit.
printf("Failed CreateMyDACL\n");
exit(1);
}
if (0 == CreateDirectory(TEXT("C:\\MyFolder"), &sa))
{
// Error encountered; generate message and exit.
printf("Failed CreateDirectory\n");
exit(1);
}

// Free the memory allocated for the SECURITY_DESCRIPTOR.
if (NULL != LocalFree(sa.lpSecurityDescriptor))
{
// Error encountered; generate message and exit.
printf("Failed LocalFree\n");
exit(1);
}
}
BOOL CreateMyDACL(SECURITY_ATTRIBUTES * pSA)
{
TCHAR * szSD = TEXT("D:") // Discretionary ACL
TEXT("(A;OICI;GA;;;WD)"); // Allow full control to everyone for that directory !!!

if (NULL == pSA)
return FALSE;

return ConvertStringSecurityDescriptorToSecurityDescripto r(
szSD,
SDDL_REVISION_1,
&(pSA->lpSecurityDescriptor),
NULL);
}

HTH,
Viv

On Wed, 30 Jun 2004 14:35:27 -0400, r_z_aret@pen_fact.com wrote :
Success! A bit of a kludge (so suggestions welcome), but it works.

I added the following lines to my InstallShield script:
------
// SetAcc.bat is a BATch file that issues the command
// echo y| cacls %1 /e /g everyone:f
// See MSDN Knowledge Base article 135268 ("How to Use
CACLS.EXE in a BatchFile")
// Also, see 24 - 30 Jun 04 thread called
// "Create a dir where all the users have the right to write"
in
// comp.os.ms-windows.programmer.win32 and other fine
newsgroups
// The file must be in uncompressed setup files.
// svWork = SUPPORTDIR ^ "cacls.bat";
svWork = SRCDIR ^ "setacc.bat";
// BATch file will parse arg into pieces if it includes
embedded spaces
LongPathToShortPath( svDir );
if (!PFFileExists( SRCDIR, "setacc.bat", "ShowDialogs" ))then
MessageBox( "Can't find setacc.bat", WARNING );
else
if (LaunchAppAndWait( svWork, svDir, WAIT ) != 1) then
MessageBox( "Attempt to set access failed", INFO );
endif;
endif;
------

Here is the "source" for setacc.bat:
------
@echo off

REM BATch file to give everyone full access to specified folder
REM - to be invoked from an InstallShield script

REM See MSDN Knowledge Base article 135268 ("How to Use CACLS.EXE in a
BatchFile")
REM See also a 24-30 June 2004 thread called
REM "AlsoCreate a dir where all the users have the right to write"
REM in comp.os.ms-windows.programmer.win32 and other fine
newsgroups

REM Caller needs to put quotation marks around the argument, or pass
REM only short paths (with no embedded blanks), or it won't be
REM parsed as one argument. Thus, the following line should not.

echo y| cacls %1 /e /g everyone:f
------

I sort of want to move setacc.bat to the compressed files, so it isn't
visible on the distribution CD. But just moving it didn't work,
because then I couldn't invoke it. I vaguely remember InstallShield
functions that explicitly uncompress files, so a script could use
them. On the other hand, it could be a legitimate tool for some users.

I briefly tried writing a program, to replace the batch file. But the
functions used to control access seem too complex to be worth
conquering for this project. And that would still require an auxiliary
file. Maybe if I got that program working I could then use the same
code in an InstallShield script. Maybe someday/

On Thu, 24 Jun 2004 15:54:26 -0400, r_z_aret@pen_fact.com wrote:
On Thu, 24 Jun 2004 12:18:04 +0200, Viviana Vc <vc*******@hotmail.com>
wrote:
Hi Robert,

I also have to create this dir from within InstallShield, so first I
tried to find if InstallShield offers a way to do this, but seems not,
so I'll have to call an external exe to do this.


I just tried LaunchAppAndWait (InstallShield function), with no
success, using the following (adapted from the article you cited):
svWork = "echo y| cacls svDir /e /g everyone:f";
LaunchAppAndWait( svWork, "", WAIT );
No effect. Just in case, I also tried using svWork as the argument and
"" as the command line. No effect. I suspect the problem is the
characters (echo y|) preceding the actual command.

The article mentions xcacl, and says it is part of the NT resource
kit. So I suppose I could get and use it. But would it work under Win
2K and Win XP? I'ld much rather stick with something that ships _with_
the operating system.

You should be aware that calling with CreateProcess or ShellExecute the
command:
cacls "C:\Program Files\test" /T /G Everyone:f
is not a good idea because:
a) - cacls it's asking for the user input ("Are you sure? y/n")
b) - "Everyone" is localized, so it won't work on a non-english OS !!!

To solve the above problems I found in MSDNL the following articles:
for a): "How to Use CACLS.EXE in a Batch File"
for b): "Creating a DACL" -> for programatically change the security of
the directory

Maybe this helps you also (I'm now investigating the second article),
Viv

On Wed, 23 Jun 2004 13:14:00 -0400, r_z_aret@pen_fact.com wrote :

On Tue, 22 Jun 2004 11:21:11 +0200, Viviana Vc <vc*******@hotmail.com>
wrote:

>How can I programatically do the equivalent of the following:
>cacls "C:\Program Files\test" /T /G Everyone:f ?

I'm just getting around to a minor variant of the question. I'll be
trying to do it from an old version of InstallShield, so I plan to
call the InstallShield function to execute run an external exe. From
straight Win 32, I would try ShellExecute (simpler) and then
CreateProcess.

I've started by experimenting with a DOS prompt. So far, I can't find
a set of arguments that will eliminate all prompts.

>
>Thanks,
>Viv

-----------------------------------------
To reply to me, remove the underscores (_) from my email address (and please indicate which newsgroup and message).

Robert E. Zaret, eMVP
PenFact, Inc.
500 Harrison Ave., Suite 3R
Boston, MA 02118
www.penfact.com


-----------------------------------------
To reply to me, remove the underscores (_) from my email address (and please indicate which newsgroup and message).

Robert E. Zaret, eMVP
PenFact, Inc.
500 Harrison Ave., Suite 3R
Boston, MA 02118
www.penfact.com


-----------------------------------------
To reply to me, remove the underscores (_) from my email address (and please indicate which newsgroup and message).

Robert E. Zaret, eMVP
PenFact, Inc.
500 Harrison Ave., Suite 3R
Boston, MA 02118
www.penfact.com


Jul 21 '05 #9

P: n/a
On Thu, 01 Jul 2004 11:14:28 +0200, Viviana Vc <vc*******@hotmail.com>
wrote:
Hi,

As already said I chose to write an external tool that is called from
within IS:
I missed this. To clarify, does "external tool" mean "executable
file"? If so, then that is slightly neater than using a BATch file.

Either way, thanks for posting your solution. Sure is nice to have
clear, directly related, sample code. I may try to translate the code
into something that can be used within InstallShield. And it may be
useful some place else.

I actually found a sample in MSDNL "Creating a DACL" where is a simple
sample that I used so my code looks like:

#define _WIN32_WINNT 0x0500

#include <windows.h>
#include <sddl.h>
#include <stdio.h>

BOOL CreateMyDACL(SECURITY_ATTRIBUTES *);

void main()
{
SECURITY_ATTRIBUTES sa;

sa.nLength = sizeof(SECURITY_ATTRIBUTES);
sa.bInheritHandle = FALSE;

if (!CreateMyDACL(&sa))
{
// Error encountered; generate message and exit.
printf("Failed CreateMyDACL\n");
exit(1);
}
if (0 == CreateDirectory(TEXT("C:\\MyFolder"), &sa))
{
// Error encountered; generate message and exit.
printf("Failed CreateDirectory\n");
exit(1);
}

// Free the memory allocated for the SECURITY_DESCRIPTOR.
if (NULL != LocalFree(sa.lpSecurityDescriptor))
{
// Error encountered; generate message and exit.
printf("Failed LocalFree\n");
exit(1);
}
}
BOOL CreateMyDACL(SECURITY_ATTRIBUTES * pSA)
{
TCHAR * szSD = TEXT("D:") // Discretionary ACL
TEXT("(A;OICI;GA;;;WD)"); // Allow full control to everyone for that directory !!!

if (NULL == pSA)
return FALSE;

return ConvertStringSecurityDescriptorToSecurityDescripto r(
szSD,
SDDL_REVISION_1,
&(pSA->lpSecurityDescriptor),
NULL);
}

HTH,
Viv

On Wed, 30 Jun 2004 14:35:27 -0400, r_z_aret@pen_fact.com wrote :
Success! A bit of a kludge (so suggestions welcome), but it works.

I added the following lines to my InstallShield script:
------
// SetAcc.bat is a BATch file that issues the command
// echo y| cacls %1 /e /g everyone:f
// See MSDN Knowledge Base article 135268 ("How to Use
CACLS.EXE in a BatchFile")
// Also, see 24 - 30 Jun 04 thread called
// "Create a dir where all the users have the right to write"
in
// comp.os.ms-windows.programmer.win32 and other fine
newsgroups
// The file must be in uncompressed setup files.
// svWork = SUPPORTDIR ^ "cacls.bat";
svWork = SRCDIR ^ "setacc.bat";
// BATch file will parse arg into pieces if it includes
embedded spaces
LongPathToShortPath( svDir );
if (!PFFileExists( SRCDIR, "setacc.bat", "ShowDialogs" ))then
MessageBox( "Can't find setacc.bat", WARNING );
else
if (LaunchAppAndWait( svWork, svDir, WAIT ) != 1) then
MessageBox( "Attempt to set access failed", INFO );
endif;
endif;
------

Here is the "source" for setacc.bat:
------
@echo off

REM BATch file to give everyone full access to specified folder
REM - to be invoked from an InstallShield script

REM See MSDN Knowledge Base article 135268 ("How to Use CACLS.EXE in a
BatchFile")
REM See also a 24-30 June 2004 thread called
REM "AlsoCreate a dir where all the users have the right to write"
REM in comp.os.ms-windows.programmer.win32 and other fine
newsgroups

REM Caller needs to put quotation marks around the argument, or pass
REM only short paths (with no embedded blanks), or it won't be
REM parsed as one argument. Thus, the following line should not.

echo y| cacls %1 /e /g everyone:f
------

I sort of want to move setacc.bat to the compressed files, so it isn't
visible on the distribution CD. But just moving it didn't work,
because then I couldn't invoke it. I vaguely remember InstallShield
functions that explicitly uncompress files, so a script could use
them. On the other hand, it could be a legitimate tool for some users.

I briefly tried writing a program, to replace the batch file. But the
functions used to control access seem too complex to be worth
conquering for this project. And that would still require an auxiliary
file. Maybe if I got that program working I could then use the same
code in an InstallShield script. Maybe someday/

On Thu, 24 Jun 2004 15:54:26 -0400, r_z_aret@pen_fact.com wrote:
On Thu, 24 Jun 2004 12:18:04 +0200, Viviana Vc <vc*******@hotmail.com>
wrote:

Hi Robert,

I also have to create this dir from within InstallShield, so first I
tried to find if InstallShield offers a way to do this, but seems not,
so I'll have to call an external exe to do this.

I just tried LaunchAppAndWait (InstallShield function), with no
success, using the following (adapted from the article you cited):
svWork = "echo y| cacls svDir /e /g everyone:f";
LaunchAppAndWait( svWork, "", WAIT );
No effect. Just in case, I also tried using svWork as the argument and
"" as the command line. No effect. I suspect the problem is the
characters (echo y|) preceding the actual command.

The article mentions xcacl, and says it is part of the NT resource
kit. So I suppose I could get and use it. But would it work under Win
2K and Win XP? I'ld much rather stick with something that ships _with_
the operating system.
You should be aware that calling with CreateProcess or ShellExecute the
command:
cacls "C:\Program Files\test" /T /G Everyone:f
is not a good idea because:
a) - cacls it's asking for the user input ("Are you sure? y/n")
b) - "Everyone" is localized, so it won't work on a non-english OS !!!

To solve the above problems I found in MSDNL the following articles:
for a): "How to Use CACLS.EXE in a Batch File"
for b): "Creating a DACL" -> for programatically change the security of
the directory

Maybe this helps you also (I'm now investigating the second article),
Viv

On Wed, 23 Jun 2004 13:14:00 -0400, r_z_aret@pen_fact.com wrote :

>On Tue, 22 Jun 2004 11:21:11 +0200, Viviana Vc <vc*******@hotmail.com>
>wrote:
>
>>How can I programatically do the equivalent of the following:
>>cacls "C:\Program Files\test" /T /G Everyone:f ?
>
>I'm just getting around to a minor variant of the question. I'll be
>trying to do it from an old version of InstallShield, so I plan to
>call the InstallShield function to execute run an external exe. From
>straight Win 32, I would try ShellExecute (simpler) and then
>CreateProcess.
>
>I've started by experimenting with a DOS prompt. So far, I can't find
>a set of arguments that will eliminate all prompts.
>
>>
>>Thanks,
>>Viv
>
>-----------------------------------------
>To reply to me, remove the underscores (_) from my email address (and please indicate which newsgroup and message).
>
>Robert E. Zaret, eMVP
>PenFact, Inc.
>500 Harrison Ave., Suite 3R
>Boston, MA 02118
>www.penfact.com

-----------------------------------------
To reply to me, remove the underscores (_) from my email address (and please indicate which newsgroup and message).

Robert E. Zaret, eMVP
PenFact, Inc.
500 Harrison Ave., Suite 3R
Boston, MA 02118
www.penfact.com


-----------------------------------------
To reply to me, remove the underscores (_) from my email address (and please indicate which newsgroup and message).

Robert E. Zaret, eMVP
PenFact, Inc.
500 Harrison Ave., Suite 3R
Boston, MA 02118
www.penfact.com


-----------------------------------------
To reply to me, remove the underscores (_) from my email address (and please indicate which newsgroup and message).

Robert E. Zaret, eMVP
PenFact, Inc.
500 Harrison Ave., Suite 3R
Boston, MA 02118
www.penfact.com
Jul 21 '05 #10

P: n/a
Hi,

Yes, the extrenal tool is an exe file.
btw, see my other post as with the cacls tool you might get in trouble
because the "Everyone" is localized, so for instance on a german system
it is "Jeder".

Viv
On Fri, 02 Jul 2004 08:54:50 -0400, r_z_aret@pen_fact.com wrote :
On Thu, 01 Jul 2004 11:14:28 +0200, Viviana Vc <vc*******@hotmail.com>
wrote:
Hi,

As already said I chose to write an external tool that is called from
within IS:


I missed this. To clarify, does "external tool" mean "executable
file"? If so, then that is slightly neater than using a BATch file.

Either way, thanks for posting your solution. Sure is nice to have
clear, directly related, sample code. I may try to translate the code
into something that can be used within InstallShield. And it may be
useful some place else.

I actually found a sample in MSDNL "Creating a DACL" where is a simple
sample that I used so my code looks like:

#define _WIN32_WINNT 0x0500

#include <windows.h>
#include <sddl.h>
#include <stdio.h>

BOOL CreateMyDACL(SECURITY_ATTRIBUTES *);

void main()
{
SECURITY_ATTRIBUTES sa;

sa.nLength = sizeof(SECURITY_ATTRIBUTES);
sa.bInheritHandle = FALSE;

if (!CreateMyDACL(&sa))
{
// Error encountered; generate message and exit.
printf("Failed CreateMyDACL\n");
exit(1);
}
if (0 == CreateDirectory(TEXT("C:\\MyFolder"), &sa))
{
// Error encountered; generate message and exit.
printf("Failed CreateDirectory\n");
exit(1);
}

// Free the memory allocated for the SECURITY_DESCRIPTOR.
if (NULL != LocalFree(sa.lpSecurityDescriptor))
{
// Error encountered; generate message and exit.
printf("Failed LocalFree\n");
exit(1);
}
}
BOOL CreateMyDACL(SECURITY_ATTRIBUTES * pSA)
{
TCHAR * szSD = TEXT("D:") // Discretionary ACL
TEXT("(A;OICI;GA;;;WD)"); // Allow full control to everyone for that directory !!!

if (NULL == pSA)
return FALSE;

return ConvertStringSecurityDescriptorToSecurityDescripto r(
szSD,
SDDL_REVISION_1,
&(pSA->lpSecurityDescriptor),
NULL);
}

HTH,
Viv

On Wed, 30 Jun 2004 14:35:27 -0400, r_z_aret@pen_fact.com wrote :
Success! A bit of a kludge (so suggestions welcome), but it works.

I added the following lines to my InstallShield script:
------
// SetAcc.bat is a BATch file that issues the command
// echo y| cacls %1 /e /g everyone:f
// See MSDN Knowledge Base article 135268 ("How to Use
CACLS.EXE in a BatchFile")
// Also, see 24 - 30 Jun 04 thread called
// "Create a dir where all the users have the right to write"
in
// comp.os.ms-windows.programmer.win32 and other fine
newsgroups
// The file must be in uncompressed setup files.
// svWork = SUPPORTDIR ^ "cacls.bat";
svWork = SRCDIR ^ "setacc.bat";
// BATch file will parse arg into pieces if it includes
embedded spaces
LongPathToShortPath( svDir );
if (!PFFileExists( SRCDIR, "setacc.bat", "ShowDialogs" ))then
MessageBox( "Can't find setacc.bat", WARNING );
else
if (LaunchAppAndWait( svWork, svDir, WAIT ) != 1) then
MessageBox( "Attempt to set access failed", INFO );
endif;
endif;
------

Here is the "source" for setacc.bat:
------
@echo off

REM BATch file to give everyone full access to specified folder
REM - to be invoked from an InstallShield script

REM See MSDN Knowledge Base article 135268 ("How to Use CACLS.EXE in a
BatchFile")
REM See also a 24-30 June 2004 thread called
REM "AlsoCreate a dir where all the users have the right to write"
REM in comp.os.ms-windows.programmer.win32 and other fine
newsgroups

REM Caller needs to put quotation marks around the argument, or pass
REM only short paths (with no embedded blanks), or it won't be
REM parsed as one argument. Thus, the following line should not.

echo y| cacls %1 /e /g everyone:f
------

I sort of want to move setacc.bat to the compressed files, so it isn't
visible on the distribution CD. But just moving it didn't work,
because then I couldn't invoke it. I vaguely remember InstallShield
functions that explicitly uncompress files, so a script could use
them. On the other hand, it could be a legitimate tool for some users.

I briefly tried writing a program, to replace the batch file. But the
functions used to control access seem too complex to be worth
conquering for this project. And that would still require an auxiliary
file. Maybe if I got that program working I could then use the same
code in an InstallShield script. Maybe someday/

On Thu, 24 Jun 2004 15:54:26 -0400, r_z_aret@pen_fact.com wrote:

On Thu, 24 Jun 2004 12:18:04 +0200, Viviana Vc <vc*******@hotmail.com>
wrote:

>Hi Robert,
>
>I also have to create this dir from within InstallShield, so first I
>tried to find if InstallShield offers a way to do this, but seems not,
>so I'll have to call an external exe to do this.

I just tried LaunchAppAndWait (InstallShield function), with no
success, using the following (adapted from the article you cited):
svWork = "echo y| cacls svDir /e /g everyone:f";
LaunchAppAndWait( svWork, "", WAIT );
No effect. Just in case, I also tried using svWork as the argument and
"" as the command line. No effect. I suspect the problem is the
characters (echo y|) preceding the actual command.

The article mentions xcacl, and says it is part of the NT resource
kit. So I suppose I could get and use it. But would it work under Win
2K and Win XP? I'ld much rather stick with something that ships _with_
the operating system.

>
>You should be aware that calling with CreateProcess or ShellExecute the
>command:
>cacls "C:\Program Files\test" /T /G Everyone:f
>is not a good idea because:
>a) - cacls it's asking for the user input ("Are you sure? y/n")
>b) - "Everyone" is localized, so it won't work on a non-english OS !!!
>
>To solve the above problems I found in MSDNL the following articles:
>for a): "How to Use CACLS.EXE in a Batch File"
>for b): "Creating a DACL" -> for programatically change the security of
>the directory
>
>Maybe this helps you also (I'm now investigating the second article),
>Viv
>
>On Wed, 23 Jun 2004 13:14:00 -0400, r_z_aret@pen_fact.com wrote :
>
>>On Tue, 22 Jun 2004 11:21:11 +0200, Viviana Vc <vc*******@hotmail.com>
>>wrote:
>>
>>>How can I programatically do the equivalent of the following:
>>>cacls "C:\Program Files\test" /T /G Everyone:f ?
>>
>>I'm just getting around to a minor variant of the question. I'll be
>>trying to do it from an old version of InstallShield, so I plan to
>>call the InstallShield function to execute run an external exe. From
>>straight Win 32, I would try ShellExecute (simpler) and then
>>CreateProcess.
>>
>>I've started by experimenting with a DOS prompt. So far, I can't find
>>a set of arguments that will eliminate all prompts.
>>
>>>
>>>Thanks,
>>>Viv
>>
>>-----------------------------------------
>>To reply to me, remove the underscores (_) from my email address (and please indicate which newsgroup and message).
>>
>>Robert E. Zaret, eMVP
>>PenFact, Inc.
>>500 Harrison Ave., Suite 3R
>>Boston, MA 02118
>>www.penfact.com

-----------------------------------------
To reply to me, remove the underscores (_) from my email address (and please indicate which newsgroup and message).

Robert E. Zaret, eMVP
PenFact, Inc.
500 Harrison Ave., Suite 3R
Boston, MA 02118
www.penfact.com

-----------------------------------------
To reply to me, remove the underscores (_) from my email address (and please indicate which newsgroup and message).

Robert E. Zaret, eMVP
PenFact, Inc.
500 Harrison Ave., Suite 3R
Boston, MA 02118
www.penfact.com


-----------------------------------------
To reply to me, remove the underscores (_) from my email address (and please indicate which newsgroup and message).

Robert E. Zaret, eMVP
PenFact, Inc.
500 Harrison Ave., Suite 3R
Boston, MA 02118
www.penfact.com


Jul 21 '05 #11

P: n/a
Viviana Vc in news:2k************@uni-berlin.de wrote:
btw, see my other post as with the cacls tool you might get in trouble
because the "Everyone" is localized, so for instance on a german system
it is "Jeder".


I don't think so... look at the names listed here:

http://support.microsoft.com/default...b;EN-US;163846

on my Italian localized system, I can use all of these English user/group
names, when setting file/folder access rights. For example, I always have to
type "Administrators" instead of whatever it would translate to.

Altrough the KB refers to Windows NT4, I guess the names have been kept
backwards-compatible in following Windows versions.

--
ColdShine

"Experience is a hard teacher: she gives the test first, the lesson
afterwards." - Vernon Sanders law
Jul 21 '05 #12

P: n/a
Can you use a subdirectory of All Users\Application Data?

"Viviana Vc" <vc*******@hotmail.com> wrote in message
news:2k************@uni-berlin.de...
Hi,

Yes, the extrenal tool is an exe file.
btw, see my other post as with the cacls tool you might get in trouble
because the "Everyone" is localized, so for instance on a german system
it is "Jeder".

Viv
On Fri, 02 Jul 2004 08:54:50 -0400, r_z_aret@pen_fact.com wrote :
On Thu, 01 Jul 2004 11:14:28 +0200, Viviana Vc <vc*******@hotmail.com>
wrote:
Hi,

As already said I chose to write an external tool that is called from
within IS:


I missed this. To clarify, does "external tool" mean "executable
file"? If so, then that is slightly neater than using a BATch file.

Either way, thanks for posting your solution. Sure is nice to have
clear, directly related, sample code. I may try to translate the code
into something that can be used within InstallShield. And it may be
useful some place else.

I actually found a sample in MSDNL "Creating a DACL" where is a simple
sample that I used so my code looks like:

#define _WIN32_WINNT 0x0500

#include <windows.h>
#include <sddl.h>
#include <stdio.h>

BOOL CreateMyDACL(SECURITY_ATTRIBUTES *);

void main()
{
SECURITY_ATTRIBUTES sa;

sa.nLength = sizeof(SECURITY_ATTRIBUTES);
sa.bInheritHandle = FALSE;

if (!CreateMyDACL(&sa))
{
// Error encountered; generate message and exit.
printf("Failed CreateMyDACL\n");
exit(1);
}
if (0 == CreateDirectory(TEXT("C:\\MyFolder"), &sa))
{
// Error encountered; generate message and exit.
printf("Failed CreateDirectory\n");
exit(1);
}

// Free the memory allocated for the SECURITY_DESCRIPTOR.
if (NULL != LocalFree(sa.lpSecurityDescriptor))
{
// Error encountered; generate message and exit.
printf("Failed LocalFree\n");
exit(1);
}
}
BOOL CreateMyDACL(SECURITY_ATTRIBUTES * pSA)
{
TCHAR * szSD = TEXT("D:") // Discretionary ACL
TEXT("(A;OICI;GA;;;WD)"); // Allow full control to everyone for that directory !!!
if (NULL == pSA)
return FALSE;

return ConvertStringSecurityDescriptorToSecurityDescripto r(
szSD,
SDDL_REVISION_1,
&(pSA->lpSecurityDescriptor),
NULL);
}

HTH,
Viv

On Wed, 30 Jun 2004 14:35:27 -0400, r_z_aret@pen_fact.com wrote :

Success! A bit of a kludge (so suggestions welcome), but it works.

I added the following lines to my InstallShield script:
------
// SetAcc.bat is a BATch file that issues the command
// echo y| cacls %1 /e /g everyone:f
// See MSDN Knowledge Base article 135268 ("How to Use
CACLS.EXE in a BatchFile")
// Also, see 24 - 30 Jun 04 thread called
// "Create a dir where all the users have the right to write"
in
// comp.os.ms-windows.programmer.win32 and other fine
newsgroups
// The file must be in uncompressed setup files.
// svWork = SUPPORTDIR ^ "cacls.bat";
svWork = SRCDIR ^ "setacc.bat";
// BATch file will parse arg into pieces if it includes
embedded spaces
LongPathToShortPath( svDir );
if (!PFFileExists( SRCDIR, "setacc.bat", "ShowDialogs" ))then
MessageBox( "Can't find setacc.bat", WARNING );
else
if (LaunchAppAndWait( svWork, svDir, WAIT ) != 1) then
MessageBox( "Attempt to set access failed", INFO );
endif;
endif;
------

Here is the "source" for setacc.bat:
------
@echo off

REM BATch file to give everyone full access to specified folder
REM - to be invoked from an InstallShield script

REM See MSDN Knowledge Base article 135268 ("How to Use CACLS.EXE in a
BatchFile")
REM See also a 24-30 June 2004 thread called
REM "AlsoCreate a dir where all the users have the right to write"
REM in comp.os.ms-windows.programmer.win32 and other fine
newsgroups

REM Caller needs to put quotation marks around the argument, or pass
REM only short paths (with no embedded blanks), or it won't be
REM parsed as one argument. Thus, the following line should not.

echo y| cacls %1 /e /g everyone:f
------

I sort of want to move setacc.bat to the compressed files, so it isn't
visible on the distribution CD. But just moving it didn't work,
because then I couldn't invoke it. I vaguely remember InstallShield
functions that explicitly uncompress files, so a script could use
them. On the other hand, it could be a legitimate tool for some users.

I briefly tried writing a program, to replace the batch file. But the
functions used to control access seem too complex to be worth
conquering for this project. And that would still require an auxiliary
file. Maybe if I got that program working I could then use the same
code in an InstallShield script. Maybe someday/

On Thu, 24 Jun 2004 15:54:26 -0400, r_z_aret@pen_fact.com wrote:

>On Thu, 24 Jun 2004 12:18:04 +0200, Viviana Vc <vc*******@hotmail.com>
>wrote:
>
>>Hi Robert,
>>
>>I also have to create this dir from within InstallShield, so first I
>>tried to find if InstallShield offers a way to do this, but seems not,>>so I'll have to call an external exe to do this.
>
>I just tried LaunchAppAndWait (InstallShield function), with no
>success, using the following (adapted from the article you cited):
> svWork = "echo y| cacls svDir /e /g everyone:f";
> LaunchAppAndWait( svWork, "", WAIT );
>No effect. Just in case, I also tried using svWork as the argument and
>"" as the command line. No effect. I suspect the problem is the
>characters (echo y|) preceding the actual command.
>
>The article mentions xcacl, and says it is part of the NT resource
>kit. So I suppose I could get and use it. But would it work under Win
>2K and Win XP? I'ld much rather stick with something that ships _with_
>the operating system.
>
>>
>>You should be aware that calling with CreateProcess or ShellExecute the>>command:
>>cacls "C:\Program Files\test" /T /G Everyone:f
>>is not a good idea because:
>>a) - cacls it's asking for the user input ("Are you sure? y/n")
>>b) - "Everyone" is localized, so it won't work on a non-english OS !!!>>
>>To solve the above problems I found in MSDNL the following articles:
>>for a): "How to Use CACLS.EXE in a Batch File"
>>for b): "Creating a DACL" -> for programatically change the security of>>the directory
>>
>>Maybe this helps you also (I'm now investigating the second article),
>>Viv
>>
>>On Wed, 23 Jun 2004 13:14:00 -0400, r_z_aret@pen_fact.com wrote :
>>
>>>On Tue, 22 Jun 2004 11:21:11 +0200, Viviana Vc <vc*******@hotmail.com>>>>wrote:
>>>
>>>>How can I programatically do the equivalent of the following:
>>>>cacls "C:\Program Files\test" /T /G Everyone:f ?
>>>
>>>I'm just getting around to a minor variant of the question. I'll be
>>>trying to do it from an old version of InstallShield, so I plan to
>>>call the InstallShield function to execute run an external exe. From
>>>straight Win 32, I would try ShellExecute (simpler) and then
>>>CreateProcess.
>>>
>>>I've started by experimenting with a DOS prompt. So far, I can't find>>>a set of arguments that will eliminate all prompts.
>>>
>>>>
>>>>Thanks,
>>>>Viv
>>>
>>>-----------------------------------------
>>>To reply to me, remove the underscores (_) from my email address (and please indicate which newsgroup and message).>>>
>>>Robert E. Zaret, eMVP
>>>PenFact, Inc.
>>>500 Harrison Ave., Suite 3R
>>>Boston, MA 02118
>>>www.penfact.com
>
>-----------------------------------------
>To reply to me, remove the underscores (_) from my email address (and please indicate which newsgroup and message).>
>Robert E. Zaret, eMVP
>PenFact, Inc.
>500 Harrison Ave., Suite 3R
>Boston, MA 02118
>www.penfact.com

-----------------------------------------
To reply to me, remove the underscores (_) from my email address (and please indicate which newsgroup and message).
Robert E. Zaret, eMVP
PenFact, Inc.
500 Harrison Ave., Suite 3R
Boston, MA 02118
www.penfact.com


-----------------------------------------
To reply to me, remove the underscores (_) from my email address (and please indicate which newsgroup and message).
Robert E. Zaret, eMVP
PenFact, Inc.
500 Harrison Ave., Suite 3R
Boston, MA 02118
www.penfact.com

Jul 21 '05 #13

P: n/a
Might be that you are right. I haven't tried myself, but I read about
this on other newsgroups (InstallShield newsgroups).

On Mon, 5 Jul 2004 19:41:58 +0200, "ColdShine"
<co**********************@hotmail.com> wrote :
Viviana Vc in news:2k************@uni-berlin.de wrote:
btw, see my other post as with the cacls tool you might get in trouble
because the "Everyone" is localized, so for instance on a german system
it is "Jeder".


I don't think so... look at the names listed here:

http://support.microsoft.com/default...b;EN-US;163846

on my Italian localized system, I can use all of these English user/group
names, when setting file/folder access rights. For example, I always have to
type "Administrators" instead of whatever it would translate to.

Altrough the KB refers to Windows NT4, I guess the names have been kept
backwards-compatible in following Windows versions.


Jul 21 '05 #14

P: n/a
This would have been an idea, but we wanted to have the same structure
relative to our binaries dir for all OSes, so this dir to be alway
../test (where . is let's say c:\program files\myapp). Anyhow that
directory doesn't contain vital info.

On Mon, 5 Jul 2004 16:19:18 -0700, "Alexander Grigoriev"
<al***@earthlink.net> wrote :
Can you use a subdirectory of All Users\Application Data?

"Viviana Vc" <vc*******@hotmail.com> wrote in message
news:2k************@uni-berlin.de...
Hi,

Yes, the extrenal tool is an exe file.
btw, see my other post as with the cacls tool you might get in trouble
because the "Everyone" is localized, so for instance on a german system
it is "Jeder".

Viv
On Fri, 02 Jul 2004 08:54:50 -0400, r_z_aret@pen_fact.com wrote :
>On Thu, 01 Jul 2004 11:14:28 +0200, Viviana Vc <vc*******@hotmail.com>
>wrote:
>
>>Hi,
>>
>>As already said I chose to write an external tool that is called from
>>within IS:
>
>I missed this. To clarify, does "external tool" mean "executable
>file"? If so, then that is slightly neater than using a BATch file.
>
>Either way, thanks for posting your solution. Sure is nice to have
>clear, directly related, sample code. I may try to translate the code
>into something that can be used within InstallShield. And it may be
>useful some place else.
>
>>
>>I actually found a sample in MSDNL "Creating a DACL" where is a simple
>>sample that I used so my code looks like:
>>
>>#define _WIN32_WINNT 0x0500
>>
>>#include <windows.h>
>>#include <sddl.h>
>>#include <stdio.h>
>>
>>BOOL CreateMyDACL(SECURITY_ATTRIBUTES *);
>>
>>void main()
>>{
>> SECURITY_ATTRIBUTES sa;
>>
>> sa.nLength = sizeof(SECURITY_ATTRIBUTES);
>> sa.bInheritHandle = FALSE;
>>
>> if (!CreateMyDACL(&sa))
>> {
>> // Error encountered; generate message and exit.
>> printf("Failed CreateMyDACL\n");
>> exit(1);
>> }
>> if (0 == CreateDirectory(TEXT("C:\\MyFolder"), &sa))
>> {
>> // Error encountered; generate message and exit.
>> printf("Failed CreateDirectory\n");
>> exit(1);
>> }
>>
>> // Free the memory allocated for the SECURITY_DESCRIPTOR.
>> if (NULL != LocalFree(sa.lpSecurityDescriptor))
>> {
>> // Error encountered; generate message and exit.
>> printf("Failed LocalFree\n");
>> exit(1);
>> }
>>}
>>
>>
>>BOOL CreateMyDACL(SECURITY_ATTRIBUTES * pSA)
>>{
>> TCHAR * szSD = TEXT("D:") // Discretionary ACL
>> TEXT("(A;OICI;GA;;;WD)"); // Allow full control to everyonefor that directory !!! >>
>> if (NULL == pSA)
>> return FALSE;
>>
>> return ConvertStringSecurityDescriptorToSecurityDescripto r(
>> szSD,
>> SDDL_REVISION_1,
>> &(pSA->lpSecurityDescriptor),
>> NULL);
>>}
>>
>>HTH,
>>Viv
>>
>>On Wed, 30 Jun 2004 14:35:27 -0400, r_z_aret@pen_fact.com wrote :
>>
>>>Success! A bit of a kludge (so suggestions welcome), but it works.
>>>
>>>I added the following lines to my InstallShield script:
>>>------
>>> // SetAcc.bat is a BATch file that issues the command
>>> // echo y| cacls %1 /e /g everyone:f
>>> // See MSDN Knowledge Base article 135268 ("How to Use
>>>CACLS.EXE in a BatchFile")
>>> // Also, see 24 - 30 Jun 04 thread called
>>> // "Create a dir where all the users have the right to write"
>>>in
>>> // comp.os.ms-windows.programmer.win32 and other fine
>>>newsgroups
>>> // The file must be in uncompressed setup files.
>>>// svWork = SUPPORTDIR ^ "cacls.bat";
>>> svWork = SRCDIR ^ "setacc.bat";
>>> // BATch file will parse arg into pieces if it includes
>>>embedded spaces
>>> LongPathToShortPath( svDir );
>>> if (!PFFileExists( SRCDIR, "setacc.bat", "ShowDialogs" ))then
>>> MessageBox( "Can't find setacc.bat", WARNING );
>>> else
>>> if (LaunchAppAndWait( svWork, svDir, WAIT ) != 1) then
>>> MessageBox( "Attempt to set access failed", INFO );
>>> endif;
>>> endif;
>>>------
>>>
>>>Here is the "source" for setacc.bat:
>>>------
>>>@echo off
>>>
>>>REM BATch file to give everyone full access to specified folder
>>>REM - to be invoked from an InstallShield script
>>>
>>>REM See MSDN Knowledge Base article 135268 ("How to Use CACLS.EXE in a
>>>BatchFile")
>>>REM See also a 24-30 June 2004 thread called
>>>REM "AlsoCreate a dir where all the users have the right to write"
>>>REM in comp.os.ms-windows.programmer.win32 and other fine
>>>newsgroups
>>>
>>>REM Caller needs to put quotation marks around the argument, or pass
>>>REM only short paths (with no embedded blanks), or it won't be
>>>REM parsed as one argument. Thus, the following line should not.
>>>
>>>echo y| cacls %1 /e /g everyone:f
>>>------
>>>
>>>I sort of want to move setacc.bat to the compressed files, so it isn't
>>>visible on the distribution CD. But just moving it didn't work,
>>>because then I couldn't invoke it. I vaguely remember InstallShield
>>>functions that explicitly uncompress files, so a script could use
>>>them. On the other hand, it could be a legitimate tool for some users.
>>>
>>>I briefly tried writing a program, to replace the batch file. But the
>>>functions used to control access seem too complex to be worth
>>>conquering for this project. And that would still require an auxiliary
>>>file. Maybe if I got that program working I could then use the same
>>>code in an InstallShield script. Maybe someday/
>>>
>>>On Thu, 24 Jun 2004 15:54:26 -0400, r_z_aret@pen_fact.com wrote:
>>>
>>>>On Thu, 24 Jun 2004 12:18:04 +0200, Viviana Vc <vc*******@hotmail.com>
>>>>wrote:
>>>>
>>>>>Hi Robert,
>>>>>
>>>>>I also have to create this dir from within InstallShield, so first I
>>>>>tried to find if InstallShield offers a way to do this, but seemsnot, >>>>>so I'll have to call an external exe to do this.
>>>>
>>>>I just tried LaunchAppAndWait (InstallShield function), with no
>>>>success, using the following (adapted from the article you cited):
>>>> svWork = "echo y| cacls svDir /e /g everyone:f";
>>>> LaunchAppAndWait( svWork, "", WAIT );
>>>>No effect. Just in case, I also tried using svWork as the argument and
>>>>"" as the command line. No effect. I suspect the problem is the
>>>>characters (echo y|) preceding the actual command.
>>>>
>>>>The article mentions xcacl, and says it is part of the NT resource
>>>>kit. So I suppose I could get and use it. But would it work under Win
>>>>2K and Win XP? I'ld much rather stick with something that ships _with_
>>>>the operating system.
>>>>
>>>>>
>>>>>You should be aware that calling with CreateProcess or ShellExecutethe >>>>>command:
>>>>>cacls "C:\Program Files\test" /T /G Everyone:f
>>>>>is not a good idea because:
>>>>>a) - cacls it's asking for the user input ("Are you sure? y/n")
>>>>>b) - "Everyone" is localized, so it won't work on a non-english OS!!! >>>>>
>>>>>To solve the above problems I found in MSDNL the following articles:
>>>>>for a): "How to Use CACLS.EXE in a Batch File"
>>>>>for b): "Creating a DACL" -> for programatically change the securityof >>>>>the directory
>>>>>
>>>>>Maybe this helps you also (I'm now investigating the second article),
>>>>>Viv
>>>>>
>>>>>On Wed, 23 Jun 2004 13:14:00 -0400, r_z_aret@pen_fact.com wrote :
>>>>>
>>>>>>On Tue, 22 Jun 2004 11:21:11 +0200, Viviana Vc<vc*******@hotmail.com> >>>>>>wrote:
>>>>>>
>>>>>>>How can I programatically do the equivalent of the following:
>>>>>>>cacls "C:\Program Files\test" /T /G Everyone:f ?
>>>>>>
>>>>>>I'm just getting around to a minor variant of the question. I'll be
>>>>>>trying to do it from an old version of InstallShield, so I plan to
>>>>>>call the InstallShield function to execute run an external exe. From
>>>>>>straight Win 32, I would try ShellExecute (simpler) and then
>>>>>>CreateProcess.
>>>>>>
>>>>>>I've started by experimenting with a DOS prompt. So far, I can'tfind >>>>>>a set of arguments that will eliminate all prompts.
>>>>>>
>>>>>>>
>>>>>>>Thanks,
>>>>>>>Viv
>>>>>>
>>>>>>-----------------------------------------
>>>>>>To reply to me, remove the underscores (_) from my email address(and please indicate which newsgroup and message). >>>>>>
>>>>>>Robert E. Zaret, eMVP
>>>>>>PenFact, Inc.
>>>>>>500 Harrison Ave., Suite 3R
>>>>>>Boston, MA 02118
>>>>>>www.penfact.com
>>>>
>>>>-----------------------------------------
>>>>To reply to me, remove the underscores (_) from my email address (andplease indicate which newsgroup and message). >>>>
>>>>Robert E. Zaret, eMVP
>>>>PenFact, Inc.
>>>>500 Harrison Ave., Suite 3R
>>>>Boston, MA 02118
>>>>www.penfact.com
>>>
>>>-----------------------------------------
>>>To reply to me, remove the underscores (_) from my email address (andplease indicate which newsgroup and message). >>>
>>>Robert E. Zaret, eMVP
>>>PenFact, Inc.
>>>500 Harrison Ave., Suite 3R
>>>Boston, MA 02118
>>>www.penfact.com
>
>-----------------------------------------
>To reply to me, remove the underscores (_) from my email address (andplease indicate which newsgroup and message). >
>Robert E. Zaret, eMVP
>PenFact, Inc.
>500 Harrison Ave., Suite 3R
>Boston, MA 02118
>www.penfact.com


Jul 21 '05 #15

P: n/a
I think All Users is there even starting from Windows 98 (it's under Windows
directory in Win9x).

"Viviana Vc" <vc*******@hotmail.com> wrote in message
news:2k************@uni-berlin.de...
This would have been an idea, but we wanted to have the same structure
relative to our binaries dir for all OSes, so this dir to be alway
./test (where . is let's say c:\program files\myapp). Anyhow that
directory doesn't contain vital info.

On Mon, 5 Jul 2004 16:19:18 -0700, "Alexander Grigoriev"
<al***@earthlink.net> wrote :
Can you use a subdirectory of All Users\Application Data?

"Viviana Vc" <vc*******@hotmail.com> wrote in message
news:2k************@uni-berlin.de...
Hi,

Yes, the extrenal tool is an exe file.
btw, see my other post as with the cacls tool you might get in trouble
because the "Everyone" is localized, so for instance on a german system
it is "Jeder".

Viv
On Fri, 02 Jul 2004 08:54:50 -0400, r_z_aret@pen_fact.com wrote :

>On Thu, 01 Jul 2004 11:14:28 +0200, Viviana Vc <vc*******@hotmail.com>
>wrote:
>
>>Hi,
>>
>>As already said I chose to write an external tool that is called from
>>within IS:
>
>I missed this. To clarify, does "external tool" mean "executable
>file"? If so, then that is slightly neater than using a BATch file.
>
>Either way, thanks for posting your solution. Sure is nice to have
>clear, directly related, sample code. I may try to translate the code
>into something that can be used within InstallShield. And it may be
>useful some place else.
>
>>
>>I actually found a sample in MSDNL "Creating a DACL" where is a simple >>sample that I used so my code looks like:
>>
>>#define _WIN32_WINNT 0x0500
>>
>>#include <windows.h>
>>#include <sddl.h>
>>#include <stdio.h>
>>
>>BOOL CreateMyDACL(SECURITY_ATTRIBUTES *);
>>
>>void main()
>>{
>> SECURITY_ATTRIBUTES sa;
>>
>> sa.nLength = sizeof(SECURITY_ATTRIBUTES);
>> sa.bInheritHandle = FALSE;
>>
>> if (!CreateMyDACL(&sa))
>> {
>> // Error encountered; generate message and exit.
>> printf("Failed CreateMyDACL\n");
>> exit(1);
>> }
>> if (0 == CreateDirectory(TEXT("C:\\MyFolder"), &sa))
>> {
>> // Error encountered; generate message and exit.
>> printf("Failed CreateDirectory\n");
>> exit(1);
>> }
>>
>> // Free the memory allocated for the SECURITY_DESCRIPTOR.
>> if (NULL != LocalFree(sa.lpSecurityDescriptor))
>> {
>> // Error encountered; generate message and exit.
>> printf("Failed LocalFree\n");
>> exit(1);
>> }
>>}
>>
>>
>>BOOL CreateMyDACL(SECURITY_ATTRIBUTES * pSA)
>>{
>> TCHAR * szSD = TEXT("D:") // Discretionary ACL
>> TEXT("(A;OICI;GA;;;WD)"); // Allow full control to everyone
for that directory !!!
>>
>> if (NULL == pSA)
>> return FALSE;
>>
>> return ConvertStringSecurityDescriptorToSecurityDescripto r(
>> szSD,
>> SDDL_REVISION_1,
>> &(pSA->lpSecurityDescriptor),
>> NULL);
>>}
>>
>>HTH,
>>Viv
>>
>>On Wed, 30 Jun 2004 14:35:27 -0400, r_z_aret@pen_fact.com wrote :
>>
>>>Success! A bit of a kludge (so suggestions welcome), but it works.
>>>
>>>I added the following lines to my InstallShield script:
>>>------
>>> // SetAcc.bat is a BATch file that issues the command
>>> // echo y| cacls %1 /e /g everyone:f
>>> // See MSDN Knowledge Base article 135268 ("How to Use
>>>CACLS.EXE in a BatchFile")
>>> // Also, see 24 - 30 Jun 04 thread called
>>> // "Create a dir where all the users have the right to
write" >>>in
>>> // comp.os.ms-windows.programmer.win32 and other fine
>>>newsgroups
>>> // The file must be in uncompressed setup files.
>>>// svWork = SUPPORTDIR ^ "cacls.bat";
>>> svWork = SRCDIR ^ "setacc.bat";
>>> // BATch file will parse arg into pieces if it includes
>>>embedded spaces
>>> LongPathToShortPath( svDir );
>>> if (!PFFileExists( SRCDIR, "setacc.bat", "ShowDialogs" ))then >>> MessageBox( "Can't find setacc.bat", WARNING );
>>> else
>>> if (LaunchAppAndWait( svWork, svDir, WAIT ) != 1) then
>>> MessageBox( "Attempt to set access failed", INFO );
>>> endif;
>>> endif;
>>>------
>>>
>>>Here is the "source" for setacc.bat:
>>>------
>>>@echo off
>>>
>>>REM BATch file to give everyone full access to specified folder
>>>REM - to be invoked from an InstallShield script
>>>
>>>REM See MSDN Knowledge Base article 135268 ("How to Use CACLS.EXE in a >>>BatchFile")
>>>REM See also a 24-30 June 2004 thread called
>>>REM "AlsoCreate a dir where all the users have the right to write" >>>REM in comp.os.ms-windows.programmer.win32 and other fine
>>>newsgroups
>>>
>>>REM Caller needs to put quotation marks around the argument, or pass
>>>REM only short paths (with no embedded blanks), or it won't be
>>>REM parsed as one argument. Thus, the following line should not.
>>>
>>>echo y| cacls %1 /e /g everyone:f
>>>------
>>>
>>>I sort of want to move setacc.bat to the compressed files, so it isn't >>>visible on the distribution CD. But just moving it didn't work,
>>>because then I couldn't invoke it. I vaguely remember InstallShield
>>>functions that explicitly uncompress files, so a script could use
>>>them. On the other hand, it could be a legitimate tool for some users. >>>
>>>I briefly tried writing a program, to replace the batch file. But the >>>functions used to control access seem too complex to be worth
>>>conquering for this project. And that would still require an auxiliary >>>file. Maybe if I got that program working I could then use the same
>>>code in an InstallShield script. Maybe someday/
>>>
>>>On Thu, 24 Jun 2004 15:54:26 -0400, r_z_aret@pen_fact.com wrote:
>>>
>>>>On Thu, 24 Jun 2004 12:18:04 +0200, Viviana Vc <vc*******@hotmail.com> >>>>wrote:
>>>>
>>>>>Hi Robert,
>>>>>
>>>>>I also have to create this dir from within InstallShield, so first I >>>>>tried to find if InstallShield offers a way to do this, but seems

not,
>>>>>so I'll have to call an external exe to do this.
>>>>
>>>>I just tried LaunchAppAndWait (InstallShield function), with no
>>>>success, using the following (adapted from the article you cited):
>>>> svWork = "echo y| cacls svDir /e /g everyone:f";
>>>> LaunchAppAndWait( svWork, "", WAIT );
>>>>No effect. Just in case, I also tried using svWork as the argument and >>>>"" as the command line. No effect. I suspect the problem is the
>>>>characters (echo y|) preceding the actual command.
>>>>
>>>>The article mentions xcacl, and says it is part of the NT resource
>>>>kit. So I suppose I could get and use it. But would it work under Win >>>>2K and Win XP? I'ld much rather stick with something that ships _with_ >>>>the operating system.
>>>>
>>>>>
>>>>>You should be aware that calling with CreateProcess or ShellExecutethe
>>>>>command:
>>>>>cacls "C:\Program Files\test" /T /G Everyone:f
>>>>>is not a good idea because:
>>>>>a) - cacls it's asking for the user input ("Are you sure? y/n")
>>>>>b) - "Everyone" is localized, so it won't work on a non-english OS

!!!
>>>>>
>>>>>To solve the above problems I found in MSDNL the following
articles: >>>>>for a): "How to Use CACLS.EXE in a Batch File"
>>>>>for b): "Creating a DACL" -> for programatically change the securityof
>>>>>the directory
>>>>>
>>>>>Maybe this helps you also (I'm now investigating the second
article), >>>>>Viv
>>>>>
>>>>>On Wed, 23 Jun 2004 13:14:00 -0400, r_z_aret@pen_fact.com wrote :
>>>>>
>>>>>>On Tue, 22 Jun 2004 11:21:11 +0200, Viviana Vc

<vc*******@hotmail.com>
>>>>>>wrote:
>>>>>>
>>>>>>>How can I programatically do the equivalent of the following:
>>>>>>>cacls "C:\Program Files\test" /T /G Everyone:f ?
>>>>>>
>>>>>>I'm just getting around to a minor variant of the question. I'll be >>>>>>trying to do it from an old version of InstallShield, so I plan to >>>>>>call the InstallShield function to execute run an external exe. From >>>>>>straight Win 32, I would try ShellExecute (simpler) and then
>>>>>>CreateProcess.
>>>>>>
>>>>>>I've started by experimenting with a DOS prompt. So far, I can't

find
>>>>>>a set of arguments that will eliminate all prompts.
>>>>>>
>>>>>>>
>>>>>>>Thanks,
>>>>>>>Viv
>>>>>>
>>>>>>-----------------------------------------
>>>>>>To reply to me, remove the underscores (_) from my email address

(and please indicate which newsgroup and message).
>>>>>>
>>>>>>Robert E. Zaret, eMVP
>>>>>>PenFact, Inc.
>>>>>>500 Harrison Ave., Suite 3R
>>>>>>Boston, MA 02118
>>>>>>www.penfact.com
>>>>
>>>>-----------------------------------------
>>>>To reply to me, remove the underscores (_) from my email address

(andplease indicate which newsgroup and message).
>>>>
>>>>Robert E. Zaret, eMVP
>>>>PenFact, Inc.
>>>>500 Harrison Ave., Suite 3R
>>>>Boston, MA 02118
>>>>www.penfact.com
>>>
>>>-----------------------------------------
>>>To reply to me, remove the underscores (_) from my email address
(andplease indicate which newsgroup and message).
>>>
>>>Robert E. Zaret, eMVP
>>>PenFact, Inc.
>>>500 Harrison Ave., Suite 3R
>>>Boston, MA 02118
>>>www.penfact.com
>
>-----------------------------------------
>To reply to me, remove the underscores (_) from my email address (and

please indicate which newsgroup and message).
>
>Robert E. Zaret, eMVP
>PenFact, Inc.
>500 Harrison Ave., Suite 3R
>Boston, MA 02118
>www.penfact.com

Jul 21 '05 #16

This discussion thread is closed

Replies have been disabled for this discussion.