Hello,

attempting to make the work with tools like CACLS.exe, XCACLS.vbs (with CScript.exe) and ICACLS.exe a little easier, I have developed a script and built it into a new action. After the installation, you will be able to make calls to the proper application that should be used on the target operating system.

You can fetch the zip file containing the installer, documentation and a small sample project at this address (http://www.mindquake.com.br/files/suf/SetFolderPermissions.zip).

After the scripts were copied into the correct sub folders of Setup Factory, you must add two files to your project:

Add XCALCS.vbs to your list of primer files.
Add SetFolderPermissions.lua to your script files (next to _SUF70_Global_Functions).


Now you are already able to include this new action into your scripts. As soon as you type the dot, the new function will be shown in the drop-down menu, as you can see in this image:
http://www.mindquake.com.br/files/suf/SNAG-090716-05.png

The action wizard makes the passing of the parameters as easy as possible:

Set the user or group that the action should affect:
http://www.mindquake.com.br/files/suf/SNAG-090716-01.png
If you use the options in the drop-down, the corresponding SIDs will be used. (SIDs are security identifiers in Windows operating systems and look as gibberish like "S-1-5-20".) This means, when you set "Everybody", it will still work correctly on non-English Windows operating systems, where this user group has a different, localized name.


Now set the operation. Are you giving a new right, or taking something away?
http://www.mindquake.com.br/files/suf/SNAG-090716-02.png


Set the right you want to control, like read, write, execute, full access.
http://www.mindquake.com.br/files/suf/SNAG-090716-03.png


Finally, you may want to set the same rights for child items as well, instead of just the folder.
http://www.mindquake.com.br/files/suf/SNAG-090716-04.png



You can inspect the exact syntax of the command that was created (using CScript.exe or ICACLS.exe) in the installer's log file, so this will allow you to review the parameters (and execute the command manually) if something is not working as you expected.

This script is provided as-is, without guarantees that it will work in every case. I will attempt to fix problems, of course. However, this work is not officially supported by Indigo Rose. You can edit the script and modify it further to fit your requirements.

Ulrich

Nicely done, and well implemented.

Thank you.
-josh

Hi Ulrich,

my Trend Micro OfficeScan alerts me, that the downloaded file from "this address" has a potential security risk named "Possible_Movely-1".

So I couldn't check it out.

Greatings,
Udo

Trend Micro is the only vendor constantly identifying setups build with Setup Factory as "possible Movly". Yes, they were contacted by Indigo Rose. Repeatedly.

http://www.virustotal.com/analisis/9e43aa6ecde982f0e78469ae75f0c6dad9e50e970d399bd9d9 1c4d22e30acacc-1248706331

Ulrich

Nice one. I have been using XCACLS.vbs on Win2003 servers for ages in SUF but always end up writing the code long hand. This may save me some heartache in remembering the syntax every time.

Thanks - John

Hello,

earlier this week I was informed about a small mistake in my script by a user and have since updated the file available for download. Those who downloaded the script before will need to make a correction manually, or reinstall (http://www.mindquake.com.br/files/suf/SetFolderPermissions.zip) with the corrected version.

In line 138 of the SetFolderPermissions.lua script (that you should find in the Includes\Scripts sub folder of your Setup Factory installation), you might see
sFlag = "/T";
Please modify this line to
sFlag = " /T";
just by inserting a space before the slash.

Ulrich

You, sir, are a life-saver. I've been struggling with XP's antiquated ACL and Vista-ish UAC for some time now and have not been able to avoid having customers take post-install steps -- until now. I implemented this action and now life is good again.