使用 WiX 工具集设置 ProgramData 中现有文件夹和文件的权限 [英] Set permissions for existing folders and files in ProgramData with WiX Toolset

问题描述

我继承了一个使用 WIX Toolset (3.10.3) 构建安装包的项目.应用程序下载共享数据并将其存储在 c:\ProgramData\Vendor\ApplicationName 中.然而，此路径​​不是在安装期间创建，而是在应用程序本身的执行期间，每当第一次请求该路径时.

I've inherited a project that uses WIX Toolset (3.10.3) to build the installation package. The application downloads and stores shared data in c:\ProgramData\Vendor\ApplicationName. This path is however not created during the installation, but rather during the execution of the application itself, whenever the path is requested for the first time.

我现在发现了当多个 Windows 用户使用该应用程序时会出现与权限相关的问题.每当应用程序从后端下载新的数据文件时，当前的 Windows 用户就会获得这些文件的完全控制"权限.当其他人使用另一个 Windows 帐户登录时，他们只有对这些文件的读取权限.当应用程序试图保持本地文件与后端同步时，这些混合权限会导致问题.

I've now discovered a permissions related problem that occurs when multiple Windows users uses the application. Whenever the application downloads new data files from back-end, it's the current windows user that gets "Full control" permissions for those files. When someone else logs in with another Windows account, they only have read permissions to those files. And these mixed permissions causes problems when the application tries to keep the local files synchronized with back-end.

由于应用程序不需要提升权限，我必须在安装过程中更正此问题.作为第一步，我现在确保在安装过程中创建了 c:\ProgramData\Vendor\ 文件夹，并且它通过 <util:PermissionEx User= 获得了正确的权限每个人"GenericAll="yes"/>.由于这些权限是继承的，它将解决所有用户进行全新安装的问题.

Since the application doesn't require elevated priviliges, I have to correct this during the installation. As a first step, I've now made sure that the c:\ProgramData\Vendor\ folder is created during installation, and that it gets correct permissions with <util:PermissionEx User="Everyone" GenericAll="yes" />. Since these permissions are inherited, it will solve the problem for all users doing a fresh install.

问题是权限仅由安装后创建的文件夹/文件继承.这意味着从先前版本升级的用户仍将保留具有混合权限的数据文件.因此，我需要确保所有现有文件夹和文件在安装过程中都获得新权限.我该如何实现?

The problem is that the permissions are only inherited by folders/files created after the installation. This means that users who upgrades from a previous version will still have data files left with mixed permissions. I therefore need to make sure that all existing folders and files gets the new permissions during installation. How do I accomplish this?

推荐答案

好的，我就是这样解决的.希望以后能帮到别人.

Ok, this is how I solved it. Hope it can help someone else in the future.

首先，我在 MSI 的 wxs 文件中添加了以下内容:

First, I added the following things to the wxs file for the MSI:

<Directory Id="CommonAppDataFolder">
    <Directory Id="ProgramDataVendorFolder" Name="MyVendor">
        <!--This will create the \ProgramData\MyVendor\MyProductName\ folder. -->
        <Directory Id="ProgramDataAppFolder" Name="MyProductName" />
    </Directory>
</Directory>

<DirectoryRef Id="ProgramDataAppFolder">
<Component Id="CmpCreateCommonAppDataFolderWithPermissions" Guid="13ae94b7-9ef5-4181-bfa9-933844a13418" Permanent="yes">
  <CreateFolder>
    <!--This will ensure that everyone gets full permissions to the folder that we create in the ProgramData folder. -->
    <util:PermissionEx User="Everyone" GenericAll="yes" />
  </CreateFolder>
</Component>  
</DirectoryRef> 

然后包含它:

<Feature Id="ProductFeature" Title="$(var.ProductName)" Level="1">
    <!--Add folder -->
    <ComponentRef Id="CmpCreateCommonAppDataFolderWithPermissions" />
</Feature>

这三件事确保所有用户都可以完全访问 ProgramData 中的文件夹，即使该文件夹已经存在.

These three things made sure that all users had full access to the folder in ProgramData, even if the folder already exists.

但是，如果由于之前的权限问题，文件虚拟化已经处于活动状态，更改权限是不够的.为了关闭文件虚拟化，我添加了一个 app.manifest 到我的可执行文件中:

But changing the permissions will not be enough, if file virtualisation is already active due to previous permissions problems. To turn off file virtualisation, I added an app.manifest to my executable with:

<requestedExecutionLevel  level="asInvoker" uiAccess="false" />

请记住，如果之前使用的 VirtualStore 包含重要文件，它们将不会自动出现在 ProgramData 文件夹中.

Keep in mind that if the previously used VirtualStore contains files that are important, they will not automatically appear in the ProgramData folder.

关于文件/注册表虚拟化的更多信息可以在这里找到:https://blogs.technet.microsoft.com/mrsnrub/2010/08/11/uac-virtualization-allowing-standard-users-to-update-a-system-protected-area/

More info regarding file/registry virtualization can be found here: https://blogs.technet.microsoft.com/mrsnrub/2010/08/11/uac-virtualization-allowing-standard-users-to-update-a-system-protected-area/

这篇关于使用 WiX 工具集设置 ProgramData 中现有文件夹和文件的权限的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！