使用NSIS安装程序向注册表项授予权限的有效方法是什么? [英] What is an effective way to grant permissions to a registry key using an NSIS installer?
问题描述
我正在尝试使用NSIS中的 AccessControl插件来设置注册表项的权限。它不起作用。安装程序运行后,所有用户组将没有完全控制权限。
I am attempting to use the AccessControl plugin in NSIS to set the permissions on a registry key. It is not working. After the installer runs, the All Users group does not have Full Control.
我在下面创建了一个示例。这里有什么问题吗?是否有另一种机制可以完成同一件事?我也曾尝试使用Everyone组S-1-1-0的数字形式我还没有尝试使用所有人。
I've created a sample below. Is there anything wrong here? Is there another mechanism to accomplish the same thing? I've also attempted to use the numeric form of the Everyone group S-1-1-0 I have not tried using "Everyone" yet.
; Create the key for local machine settings (could be a 32 bit or 64 bit location)
SetRegView 32
WriteRegStr HKLM "SOFTWARE\MyApp" "x" "y"
SetRegView 64
WriteRegStr HKLM "SOFTWARE\MyApp" "x" "y"
; Give all authenticated users (BUILTIN\Users) full access on the registry key HKEY_LOCAL_MACHINE\Software\MyApp
SetRegView 32
AccessControl::GrantOnRegKey HKLM "SOFTWARE\MyApp" "BUILTIN\USERS" "FullAccess"
SetRegView 64
AccessControl::GrantOnRegKey HKLM "SOFTWARE\MyApp" "BUILTIN\USERS" "FullAccess"
起初,我没有理会这两个注册表视图。但是,经过实验之后,为了排除WOW6432Node的问题,我将命令加倍了。我希望没有必要。
At first, I did not bother with the two registry views. But after experimentation, in an attempt to rule out issues with WOW6432Node, I doubled the commands. I hope it is not necessary.
推荐答案
在插件中使用SID时,语法为(S -1 -....)
:
When using a SID with the plugin the syntax is (S-1-....)
:
WriteRegStr HKCU "Software\test" hello world
AccessControl::GrantOnRegKey HKCU "Software\test" "(S-1-1-0)" "FullAccess" ; Everyone
您可以找到此处的SID列表。
您可以使用 AccessControl :: NameToSid
将名称转换为其SID,但这样做会在非英语系统上出现本地化问题:
You can use AccessControl::NameToSid
to transform a name to its SID but doing this can have localization issues on non-English systems:
AccessControl::NameToSid "BUILTIN\USERS"
Pop $0
StrCmp $0 "error" +2
AccessControl::GrantOnRegKey HKCU "Software\test" "($0)" "FullAccess"
更改所有者时,还可以使用 Machine\Username
语法。
When changing the owner you can also use the Machine\Username
syntax.
诸如(BU)
之类的别名仅适用于unicode版本,并且还取决于Windows版本因此最好坚持使用SID。
Aliases like (BU)
only work in the unicode version and also depend on the Windows version so it is better to just stick with SIDs.
这篇关于使用NSIS安装程序向注册表项授予权限的有效方法是什么?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!