安装程序无法为 WinServer2012+ 上的 %ProgramData%MyFirmMyApp 设置正确的文件夹权限. [英] Setup cannot set correct folder permission for %ProgramData%MyFirmMyApp on WinServer2012+.
问题描述
我的 BasicMsi 设置可以在每台机器上安装一个应用程序(32 位)MyApp.安装程序在启动时需要管理员权限.应用程序 MyApp 安装到操作员(通过 UI/CommadLine)选择的 INSTALLDIR 文件夹中,并使用子文件夹和文件创建 %ProgramData% 结构.在 msi 表 LockPermissions 中,权限设置为修改(读/写/删除...)文件夹
问题:在 WinServer2012 和 WinServer2016 ONLY 上安装后(未选中 WinServer2008;并且 WinServer2003 - 正常)在本地组管理员或用户中具有帐户的操作员没有写入权限/delete/create 文件夹
请帮助我,有问题:
- %ProgramData% 下的文件夹权限有何不同,或者 Win10(或 WinServer2003)与(WinServer2012 和 WinServer2016)的本地内置用户组(管理员"或用户")的权限有何不同?
- 系统中还有什么应该改变的(WinServer2012 和WinServer2016) 由安装程序使帐户从本地组管理员或用户在文件夹中具有写入/删除权限
%ProgramData%没有以管理员身份运行"(开启/关闭 UAC)?
提前致谢.
更新:
<小时>日志记录:您是否进行了正确的日志记录?如果没有,请安装并创建详细日志文件.也许在这里查看我的答案.还有 更详细的版本,其中包含更多有关理解日志条目的提示.
There is my BasicMsi setup that installs an application (32bit) MyApp per-machine. The installer requires admin rights at startup. The application MyApp is installed into the INSTALLDIR-folder selected by the Operator (by UI/CommadLine) and a
%ProgramData%<MyFirm><MyApp>structure is created with subfolders and files. In the msi-table LockPermissions, permissions are set to modify (read/write/delete...) for folder<MyApp>for LOCAL user groups 'Administrators' and 'Users' (located by SID). Files in<MyApp>and subfolders are used and modified by the application MyApp at runtime. The setup installs the application on systems from Win7 to Win10 and from WinServer2003 to WinServer2016 (32/64; UAC on/off). The application is launched by the Operator(s) with account in the local user groups 'Administrators' or 'Users' (NOT 'Run as admin').Problem: after installation on WinServer2012 and WinServer2016 ONLY (WinServer2008 is not checked; and WinServer2003 - IS OK) an Operator with account in the local group Administrators or Users does not have permissions to write/delete/create files in the folder
<MyApp>and subfolders. The result - the application does not work correctly (ONLY for WinServer2012 and WinServer2016).Help me, please, with Questions:
- what is the difference in folders permissions under %ProgramData%, or what is the difference of rights of local built-in user groups ('Administrators' or 'Users') for Win10 (or WinServer2003) versus (WinServer2012 and WinServer2016) ?
- what else should be changed in the system (WinServer2012 and WinServer2016) by the installer so that accounts from the local groups Administrators or Users have write/delete rights in the folder
%ProgramData%<MyFirm><MyApp>without 'Run as Administrator' (UAC on/off) ?Thanks in advance.
解决方案UPDATE: Setting Permissions in Windows Installer: MSILockPermissionsEX and ISLockPermissions (using Installshield).
Permission Inspection: What are the actual permissions showing on the folder? You can use
Windows Explorer => Properties => Security => Advanced => Double click user / group to see detailed access. Check for differences between the systems that work and don't work.If that is not good enough maybe try SysInternals' AccessEnum or AccessChk tools to show details about the permissions defined for the object in question.
Privilege Inspection: I would also use Process Explorer to check what NT Privileges your process runs with - just to check for any differences ("torpedoes full spread" in sci-fi terms - as in "what the heck are we doing" - can't hurt). I don't really think this should affect things - privileges and permissions are different (privileges apply system-wide - such as changing system-time, log on as a service, etc... - permissions are defined for securable objects such as files and folders).
- Launch Process Explorer
- Double click your application process (if it launches)
- Go to "Security" tab and look at lower box:
Logging: Did you do proper logging? If not, install and create a verbose log file. And maybe check my answer here. And a more elaborate version with more hints on understanding the log entries.
这篇关于安装程序无法为 WinServer2012+ 上的 %ProgramData%MyFirmMyApp 设置正确的文件夹权限.的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
