Create a dir where all the users have the right to write

How can I programatically do the equivalent of the following:
cacls "C:\Program Files\test" /T /G Everyone:f ?

Thanks,
Viv

William
Tue Jun 22 11:21:56 CDT 2004

"Viviana Vc" <vcotirlea@hotmail.com> wrote in message
news:2jqbsuF13tg32U1@uni-berlin.de...
> How can I programatically do the equivalent of the following:
> cacls "C:\Program Files\test" /T /G Everyone:f ?

[Incredibly long list of newsgroups trimmed to ONE]

This group is ostensibly addresses language issues and not either SDK or
security issues.

That said, answering half of your question is easy: check the docs for
CreateDirectory() and/or CreateDirectoryEx(). In addition you may want to
check for MakeSureDirectoryPathExists() if you read the caveats in the help.

As for the security issues, the first two functions I mentioned take a
pointer to a SECURIRY_ATTRIBUTES structure which allows you to secure access
to the directory as you like. If you have trouble doing that you may want to
post again in the kernel group:

microsoft.public.win32.programmer.kernel

Regards,
Will

=?iso-8859-1?Q?Lidstr=F6m?=
Wed Jun 23 07:41:14 CDT 2004

On Tue, 22 Jun 2004 11:21:11 +0200, Viviana Vc wrote:

> How can I programatically do the equivalent of the following:
> cacls "C:\Program Files\test" /T /G Everyone:f ?

system("cacls "C:\Program Files\test" /T /G Everyone:f");

--
Daniel

William
Wed Jun 23 11:34:10 CDT 2004

"Daniel Lidström" <someone@microsoft.com> wrote in message
news:ewababiclypn.2qxw2dinl7vi$.dlg@40tude.net...
> > How can I programatically do the equivalent of the following:
> > cacls "C:\Program Files\test" /T /G Everyone:f ?
>
> system("cacls "C:\Program Files\test" /T /G Everyone:f");

IMO, that's an awful and extraordinarily ugly hack because you "shell out"
to a program only to invoke a set of functions which could have been invoked
straight-away.

Regards,
Will

r_z_aret
Wed Jun 23 12:14:00 CDT 2004

On Tue, 22 Jun 2004 11:21:11 +0200, Viviana Vc <vcotirlea@hotmail.com>
wrote:

>How can I programatically do the equivalent of the following:
>cacls "C:\Program Files\test" /T /G Everyone:f ?

I'm just getting around to a minor variant of the question. I'll be
trying to do it from an old version of InstallShield, so I plan to
call the InstallShield function to execute run an external exe. From
straight Win 32, I would try ShellExecute (simpler) and then
CreateProcess.

I've started by experimenting with a DOS prompt. So far, I can't find
a set of arguments that will eliminate all prompts.

>
>Thanks,
>Viv

-----------------------------------------
To reply to me, remove the underscores (_) from my email address (and please indicate which newsgroup and message).

Robert E. Zaret, eMVP
PenFact, Inc.
500 Harrison Ave., Suite 3R
Boston, MA 02118
www.penfact.com

Viviana
Thu Jun 24 05:18:04 CDT 2004

Hi Robert,

I also have to create this dir from within InstallShield, so first I
tried to find if InstallShield offers a way to do this, but seems not,
so I'll have to call an external exe to do this.

You should be aware that calling with CreateProcess or ShellExecute the
command:
cacls "C:\Program Files\test" /T /G Everyone:f
is not a good idea because:
a) - cacls it's asking for the user input ("Are you sure? y/n")
b) - "Everyone" is localized, so it won't work on a non-english OS !!!

To solve the above problems I found in MSDNL the following articles:
for a): "How to Use CACLS.EXE in a Batch File"
for b): "Creating a DACL" -> for programatically change the security of
the directory

Maybe this helps you also (I'm now investigating the second article),
Viv

On Wed, 23 Jun 2004 13:14:00 -0400, r_z_aret@pen_fact.com wrote :

>On Tue, 22 Jun 2004 11:21:11 +0200, Viviana Vc <vcotirlea@hotmail.com>
>wrote:
>
>>How can I programatically do the equivalent of the following:
>>cacls "C:\Program Files\test" /T /G Everyone:f ?
>
>I'm just getting around to a minor variant of the question. I'll be
>trying to do it from an old version of InstallShield, so I plan to
>call the InstallShield function to execute run an external exe. From
>straight Win 32, I would try ShellExecute (simpler) and then
>CreateProcess.
>
>I've started by experimenting with a DOS prompt. So far, I can't find
>a set of arguments that will eliminate all prompts.
>
>>
>>Thanks,
>>Viv
>
>-----------------------------------------
>To reply to me, remove the underscores (_) from my email address (and please indicate which newsgroup and message).
>
>Robert E. Zaret, eMVP
>PenFact, Inc.
>500 Harrison Ave., Suite 3R
>Boston, MA 02118
>www.penfact.com

ColdShine
Thu Jun 24 07:04:49 CDT 2004

Viviana Vc in news:2jvnviF15q95kU1@uni-berlin.de wrote:

> b) - "Everyone" is localized, so it won't work on a non-english OS !!!

No, it's not localized. At least, not in the Italian version (which is what
I have); these are left untranslated:

Administrator
Administrators
Guest
Guests
Users
Power Users
Everyone
Backup Operators

These are translated:

Local Service
Network Service

... and possibily others I don't recall right now.

--
ColdShine

"Experience is a hard teacher: she gives the test first, the lesson
afterwards." - Vernon Sanders law

Viviana
Thu Jun 24 10:01:26 CDT 2004

btw, if the directory is already created, what would be the function
that I need to call to change the directory's security attributes?

I know that I could directly create the directory with it's needed
security attributes using CreateDirectory(), but let's assume it was
already created and in this case I just need to change it's attr., what
function should I use?

Thx,
Viv


On Thu, 24 Jun 2004 12:18:04 +0200, Viviana Vc <vcotirlea@hotmail.com>
wrote :

>Hi Robert,
>
>I also have to create this dir from within InstallShield, so first I
>tried to find if InstallShield offers a way to do this, but seems not,
>so I'll have to call an external exe to do this.
>
>You should be aware that calling with CreateProcess or ShellExecute the
>command:
>cacls "C:\Program Files\test" /T /G Everyone:f
>is not a good idea because:
>a) - cacls it's asking for the user input ("Are you sure? y/n")
>b) - "Everyone" is localized, so it won't work on a non-english OS !!!
>
>To solve the above problems I found in MSDNL the following articles:
>for a): "How to Use CACLS.EXE in a Batch File"
>for b): "Creating a DACL" -> for programatically change the security of
>the directory
>
>Maybe this helps you also (I'm now investigating the second article),
>Viv
>
>On Wed, 23 Jun 2004 13:14:00 -0400, r_z_aret@pen_fact.com wrote :
>
>>On Tue, 22 Jun 2004 11:21:11 +0200, Viviana Vc <vcotirlea@hotmail.com>
>>wrote:
>>
>>>How can I programatically do the equivalent of the following:
>>>cacls "C:\Program Files\test" /T /G Everyone:f ?
>>
>>I'm just getting around to a minor variant of the question. I'll be
>>trying to do it from an old version of InstallShield, so I plan to
>>call the InstallShield function to execute run an external exe. From
>>straight Win 32, I would try ShellExecute (simpler) and then
>>CreateProcess.
>>
>>I've started by experimenting with a DOS prompt. So far, I can't find
>>a set of arguments that will eliminate all prompts.
>>
>>>
>>>Thanks,
>>>Viv
>>
>>-----------------------------------------
>>To reply to me, remove the underscores (_) from my email address (and please indicate which newsgroup and message).
>>
>>Robert E. Zaret, eMVP
>>PenFact, Inc.
>>500 Harrison Ave., Suite 3R
>>Boston, MA 02118
>>www.penfact.com

r_z_aret
Thu Jun 24 14:54:26 CDT 2004

On Thu, 24 Jun 2004 12:18:04 +0200, Viviana Vc <vcotirlea@hotmail.com>
wrote:

>Hi Robert,
>
>I also have to create this dir from within InstallShield, so first I
>tried to find if InstallShield offers a way to do this, but seems not,
>so I'll have to call an external exe to do this.

I just tried LaunchAppAndWait (InstallShield function), with no
success, using the following (adapted from the article you cited):
svWork = "echo y| cacls svDir /e /g everyone:f";
LaunchAppAndWait( svWork, "", WAIT );
No effect. Just in case, I also tried using svWork as the argument and
"" as the command line. No effect. I suspect the problem is the
characters (echo y|) preceding the actual command.

The article mentions xcacl, and says it is part of the NT resource
kit. So I suppose I could get and use it. But would it work under Win
2K and Win XP? I'ld much rather stick with something that ships _with_
the operating system.

>
>You should be aware that calling with CreateProcess or ShellExecute the
>command:
>cacls "C:\Program Files\test" /T /G Everyone:f
>is not a good idea because:
>a) - cacls it's asking for the user input ("Are you sure? y/n")
>b) - "Everyone" is localized, so it won't work on a non-english OS !!!
>
>To solve the above problems I found in MSDNL the following articles:
>for a): "How to Use CACLS.EXE in a Batch File"
>for b): "Creating a DACL" -> for programatically change the security of
>the directory
>
>Maybe this helps you also (I'm now investigating the second article),
>Viv
>
>On Wed, 23 Jun 2004 13:14:00 -0400, r_z_aret@pen_fact.com wrote :
>
>>On Tue, 22 Jun 2004 11:21:11 +0200, Viviana Vc <vcotirlea@hotmail.com>
>>wrote:
>>
>>>How can I programatically do the equivalent of the following:
>>>cacls "C:\Program Files\test" /T /G Everyone:f ?
>>
>>I'm just getting around to a minor variant of the question. I'll be
>>trying to do it from an old version of InstallShield, so I plan to
>>call the InstallShield function to execute run an external exe. From
>>straight Win 32, I would try ShellExecute (simpler) and then
>>CreateProcess.
>>
>>I've started by experimenting with a DOS prompt. So far, I can't find
>>a set of arguments that will eliminate all prompts.
>>
>>>
>>>Thanks,
>>>Viv
>>
>>-----------------------------------------
>>To reply to me, remove the underscores (_) from my email address (and please indicate which newsgroup and message).
>>
>>Robert E. Zaret, eMVP
>>PenFact, Inc.
>>500 Harrison Ave., Suite 3R
>>Boston, MA 02118
>>www.penfact.com

-----------------------------------------
To reply to me, remove the underscores (_) from my email address (and please indicate which newsgroup and message).

Robert E. Zaret, eMVP
PenFact, Inc.
500 Harrison Ave., Suite 3R
Boston, MA 02118
www.penfact.com

Drew
Thu Jun 24 15:24:19 CDT 2004

I believe the correct syntax for this is:

svWork = "cacls";
svCmd="svDir /e /g everyone:f";
LaunchAppAndWait( svWork, svCmd, WAIT );

Just a thought,
Drew

<r_z_aret@pen_fact.com> wrote in message
news:mubmd01l9n3tcpd463lms28vl0d55cpeiq@4ax.com...
> On Thu, 24 Jun 2004 12:18:04 +0200, Viviana Vc <vcotirlea@hotmail.com>
> wrote:
>
> >Hi Robert,
> >
> >I also have to create this dir from within InstallShield, so first I
> >tried to find if InstallShield offers a way to do this, but seems not,
> >so I'll have to call an external exe to do this.
>
> I just tried LaunchAppAndWait (InstallShield function), with no
> success, using the following (adapted from the article you cited):
> svWork = "echo y| cacls svDir /e /g everyone:f";
> LaunchAppAndWait( svWork, "", WAIT );
> No effect. Just in case, I also tried using svWork as the argument and
> "" as the command line. No effect. I suspect the problem is the
> characters (echo y|) preceding the actual command.
>
> The article mentions xcacl, and says it is part of the NT resource
> kit. So I suppose I could get and use it. But would it work under Win
> 2K and Win XP? I'ld much rather stick with something that ships _with_
> the operating system.
>
> >
> >You should be aware that calling with CreateProcess or ShellExecute the
> >command:
> >cacls "C:\Program Files\test" /T /G Everyone:f
> >is not a good idea because:
> >a) - cacls it's asking for the user input ("Are you sure? y/n")
> >b) - "Everyone" is localized, so it won't work on a non-english OS !!!
> >
> >To solve the above problems I found in MSDNL the following articles:
> >for a): "How to Use CACLS.EXE in a Batch File"
> >for b): "Creating a DACL" -> for programatically change the security of
> >the directory
> >
> >Maybe this helps you also (I'm now investigating the second article),
> >Viv
> >
> >On Wed, 23 Jun 2004 13:14:00 -0400, r_z_aret@pen_fact.com wrote :
> >
> >>On Tue, 22 Jun 2004 11:21:11 +0200, Viviana Vc <vcotirlea@hotmail.com>
> >>wrote:
> >>
> >>>How can I programatically do the equivalent of the following:
> >>>cacls "C:\Program Files\test" /T /G Everyone:f ?
> >>
> >>I'm just getting around to a minor variant of the question. I'll be
> >>trying to do it from an old version of InstallShield, so I plan to
> >>call the InstallShield function to execute run an external exe. From
> >>straight Win 32, I would try ShellExecute (simpler) and then
> >>CreateProcess.
> >>
> >>I've started by experimenting with a DOS prompt. So far, I can't find
> >>a set of arguments that will eliminate all prompts.
> >>
> >>>
> >>>Thanks,
> >>>Viv
> >>
> >>-----------------------------------------
> >>To reply to me, remove the underscores (_) from my email address (and
please indicate which newsgroup and message).
> >>
> >>Robert E. Zaret, eMVP
> >>PenFact, Inc.
> >>500 Harrison Ave., Suite 3R
> >>Boston, MA 02118
> >>www.penfact.com
>
> -----------------------------------------
> To reply to me, remove the underscores (_) from my email address (and
please indicate which newsgroup and message).
>
> Robert E. Zaret, eMVP
> PenFact, Inc.
> 500 Harrison Ave., Suite 3R
> Boston, MA 02118
> www.penfact.com

Viviana
Mon Jun 28 05:00:30 CDT 2004

Thanks Raj for your answer.
I actually found a sample in MSDNL "Creating a DACL" where is a simple
sample that I used so my code looks like:

#define _WIN32_WINNT 0x0500

#include <windows.h>
#include <sddl.h>
#include <stdio.h>

BOOL CreateMyDACL(SECURITY_ATTRIBUTES *);

void main()
{
SECURITY_ATTRIBUTES sa;

sa.nLength = sizeof(SECURITY_ATTRIBUTES);
sa.bInheritHandle = FALSE;

if (!CreateMyDACL(&sa))
{
// Error encountered; generate message and exit.
printf("Failed CreateMyDACL\n");
exit(1);
}
if (0 == CreateDirectory(TEXT("C:\\MyFolder"), &sa))
{
// Error encountered; generate message and exit.
printf("Failed CreateDirectory\n");
exit(1);
}

// Free the memory allocated for the SECURITY_DESCRIPTOR.
if (NULL != LocalFree(sa.lpSecurityDescriptor))
{
// Error encountered; generate message and exit.
printf("Failed LocalFree\n");
exit(1);
}
}


BOOL CreateMyDACL(SECURITY_ATTRIBUTES * pSA)
{
TCHAR * szSD = TEXT("D:") // Discretionary ACL
TEXT("(A;OICI;GA;;;WD)"); // Allow full control to everyone for that directory !!!

if (NULL == pSA)
return FALSE;

return ConvertStringSecurityDescriptorToSecurityDescriptor(
szSD,
SDDL_REVISION_1,
&(pSA->lpSecurityDescriptor),
NULL);
}


Thx,
Viv


On Fri, 25 Jun 2004 08:48:03 -0700, Raj <Raj@discussions.microsoft.com>
wrote :

>
>Doing programatically is a simple process. We should build an ACL and pass this ACL to Set[Named]SecurityInfo API.
>
>Creating an ACL is a bit long process. Build SID of the Trustee,choose ACE type, choose Access Mask. And add ACE to ACL.
>
>Instead of this, we can go for "ConvertStringSecurityDescriptorToSecurityDescriptor()".
>
> cacls "C:\Program Files\test.txt" /T /G Everyone:f
>
> The above command is not setting a NULL DACL. If we convert the SECURITY_DESCRIPTOR of 'test.txt', after executing above command, to string format, it looks like this.
>
>O:BAG:S-1-5-21-448539723-1078145449-854245398-513D:P(A;;FA;;;WD)
>
>Now we can use above API to convert this string to a SECURITY_DESCRIPTOR, which can give access to EveryOne.
>
>Next, Call "GetSecurityDescriptorDacl()" to get pointer to DACL from newly created SECURITY_DESCRIPTOR.
>
>Finally, Call Set[Named]SecurityInfo API to set the DACL.
>Thats all everything. If you want, alter the String to change the access rights.
>
>&Raj
>
>
>"Viviana Vc" wrote:
>
>> How can I programatically do the equivalent of the following:
>> cacls "C:\Program Files\test" /T /G Everyone:f ?
>>
>> Thanks,
>> Viv
>>

Stefan
Mon Jun 28 15:16:49 CDT 2004

Hello Viviana,

Viviana Vc wrote:
>
> Thanks Raj for your answer.
> I actually found a sample in MSDNL "Creating a DACL" where is a simple
> sample that I used so my code looks like:
>
> TEXT("(A;OICI;GA;;;WD)"); // Allow full control to everyone for that directory !!!


Are you absolutely sure, your program still works correctly with any
unprivileged user taking ownership of the directory and denying everyone
access? If not, please reconsider this NULL DACL, there are more than
enough apps out there that break if anyone does this.... just in case I
happen to buy this product of yours without knowing that.

--
Stefan

r_z_aret
Wed Jun 30 13:35:27 CDT 2004

Success! A bit of a kludge (so suggestions welcome), but it works.

I added the following lines to my InstallShield script:
------
// SetAcc.bat is a BATch file that issues the command
// echo y| cacls %1 /e /g everyone:f
// See MSDN Knowledge Base article 135268 ("How to Use
CACLS.EXE in a BatchFile")
// Also, see 24 - 30 Jun 04 thread called
// "Create a dir where all the users have the right to write"
in
// comp.os.ms-windows.programmer.win32 and other fine
newsgroups
// The file must be in uncompressed setup files.
// svWork = SUPPORTDIR ^ "cacls.bat";
svWork = SRCDIR ^ "setacc.bat";
// BATch file will parse arg into pieces if it includes
embedded spaces
LongPathToShortPath( svDir );
if (!PFFileExists( SRCDIR, "setacc.bat", "ShowDialogs" ))then
MessageBox( "Can't find setacc.bat", WARNING );
else
if (LaunchAppAndWait( svWork, svDir, WAIT ) != 1) then
MessageBox( "Attempt to set access failed", INFO );
endif;
endif;
------

Here is the "source" for setacc.bat:
------
@echo off

REM BATch file to give everyone full access to specified folder
REM - to be invoked from an InstallShield script

REM See MSDN Knowledge Base article 135268 ("How to Use CACLS.EXE in a
BatchFile")
REM See also a 24-30 June 2004 thread called
REM "AlsoCreate a dir where all the users have the right to write"
REM in comp.os.ms-windows.programmer.win32 and other fine
newsgroups

REM Caller needs to put quotation marks around the argument, or pass
REM only short paths (with no embedded blanks), or it won't be
REM parsed as one argument. Thus, the following line should not.

echo y| cacls %1 /e /g everyone:f
------

I sort of want to move setacc.bat to the compressed files, so it isn't
visible on the distribution CD. But just moving it didn't work,
because then I couldn't invoke it. I vaguely remember InstallShield
functions that explicitly uncompress files, so a script could use
them. On the other hand, it could be a legitimate tool for some users.

I briefly tried writing a program, to replace the batch file. But the
functions used to control access seem too complex to be worth
conquering for this project. And that would still require an auxiliary
file. Maybe if I got that program working I could then use the same
code in an InstallShield script. Maybe someday/

On Thu, 24 Jun 2004 15:54:26 -0400, r_z_aret@pen_fact.com wrote:

>On Thu, 24 Jun 2004 12:18:04 +0200, Viviana Vc <vcotirlea@hotmail.com>
>wrote:
>
>>Hi Robert,
>>
>>I also have to create this dir from within InstallShield, so first I
>>tried to find if InstallShield offers a way to do this, but seems not,
>>so I'll have to call an external exe to do this.
>
>I just tried LaunchAppAndWait (InstallShield function), with no
>success, using the following (adapted from the article you cited):
> svWork = "echo y| cacls svDir /e /g everyone:f";
> LaunchAppAndWait( svWork, "", WAIT );
>No effect. Just in case, I also tried using svWork as the argument and
>"" as the command line. No effect. I suspect the problem is the
>characters (echo y|) preceding the actual command.
>
>The article mentions xcacl, and says it is part of the NT resource
>kit. So I suppose I could get and use it. But would it work under Win
>2K and Win XP? I'ld much rather stick with something that ships _with_
>the operating system.
>
>>
>>You should be aware that calling with CreateProcess or ShellExecute the
>>command:
>>cacls "C:\Program Files\test" /T /G Everyone:f
>>is not a good idea because:
>>a) - cacls it's asking for the user input ("Are you sure? y/n")
>>b) - "Everyone" is localized, so it won't work on a non-english OS !!!
>>
>>To solve the above problems I found in MSDNL the following articles:
>>for a): "How to Use CACLS.EXE in a Batch File"
>>for b): "Creating a DACL" -> for programatically change the security of
>>the directory
>>
>>Maybe this helps you also (I'm now investigating the second article),
>>Viv
>>
>>On Wed, 23 Jun 2004 13:14:00 -0400, r_z_aret@pen_fact.com wrote :
>>
>>>On Tue, 22 Jun 2004 11:21:11 +0200, Viviana Vc <vcotirlea@hotmail.com>
>>>wrote:
>>>
>>>>How can I programatically do the equivalent of the following:
>>>>cacls "C:\Program Files\test" /T /G Everyone:f ?
>>>
>>>I'm just getting around to a minor variant of the question. I'll be
>>>trying to do it from an old version of InstallShield, so I plan to
>>>call the InstallShield function to execute run an external exe. From
>>>straight Win 32, I would try ShellExecute (simpler) and then
>>>CreateProcess.
>>>
>>>I've started by experimenting with a DOS prompt. So far, I can't find
>>>a set of arguments that will eliminate all prompts.
>>>
>>>>
>>>>Thanks,
>>>>Viv
>>>
>>>-----------------------------------------
>>>To reply to me, remove the underscores (_) from my email address (and please indicate which newsgroup and message).
>>>
>>>Robert E. Zaret, eMVP
>>>PenFact, Inc.
>>>500 Harrison Ave., Suite 3R
>>>Boston, MA 02118
>>>www.penfact.com
>
>-----------------------------------------
>To reply to me, remove the underscores (_) from my email address (and please indicate which newsgroup and message).
>
>Robert E. Zaret, eMVP
>PenFact, Inc.
>500 Harrison Ave., Suite 3R
>Boston, MA 02118
>www.penfact.com

-----------------------------------------
To reply to me, remove the underscores (_) from my email address (and please indicate which newsgroup and message).

Robert E. Zaret, eMVP
PenFact, Inc.
500 Harrison Ave., Suite 3R
Boston, MA 02118
www.penfact.com

Viviana
Thu Jul 01 04:14:28 CDT 2004

Hi,

As already said I chose to write an external tool that is called from
within IS:

I actually found a sample in MSDNL "Creating a DACL" where is a simple
sample that I used so my code looks like:

#define _WIN32_WINNT 0x0500

#include <windows.h>
#include <sddl.h>
#include <stdio.h>

BOOL CreateMyDACL(SECURITY_ATTRIBUTES *);

void main()
{
SECURITY_ATTRIBUTES sa;

sa.nLength = sizeof(SECURITY_ATTRIBUTES);
sa.bInheritHandle = FALSE;

if (!CreateMyDACL(&sa))
{
// Error encountered; generate message and exit.
printf("Failed CreateMyDACL\n");
exit(1);
}
if (0 == CreateDirectory(TEXT("C:\\MyFolder"), &sa))
{
// Error encountered; generate message and exit.
printf("Failed CreateDirectory\n");
exit(1);
}

// Free the memory allocated for the SECURITY_DESCRIPTOR.
if (NULL != LocalFree(sa.lpSecurityDescriptor))
{
// Error encountered; generate message and exit.
printf("Failed LocalFree\n");
exit(1);
}
}


BOOL CreateMyDACL(SECURITY_ATTRIBUTES * pSA)
{
TCHAR * szSD = TEXT("D:") // Discretionary ACL
TEXT("(A;OICI;GA;;;WD)"); // Allow full control to everyone for that directory !!!

if (NULL == pSA)
return FALSE;

return ConvertStringSecurityDescriptorToSecurityDescriptor(
szSD,
SDDL_REVISION_1,
&(pSA->lpSecurityDescriptor),
NULL);
}

HTH,
Viv

On Wed, 30 Jun 2004 14:35:27 -0400, r_z_aret@pen_fact.com wrote :

>Success! A bit of a kludge (so suggestions welcome), but it works.
>
>I added the following lines to my InstallShield script:
>------
> // SetAcc.bat is a BATch file that issues the command
> // echo y| cacls %1 /e /g everyone:f
> // See MSDN Knowledge Base article 135268 ("How to Use
>CACLS.EXE in a BatchFile")
> // Also, see 24 - 30 Jun 04 thread called
> // "Create a dir where all the users have the right to write"
>in
> // comp.os.ms-windows.programmer.win32 and other fine
>newsgroups
> // The file must be in uncompressed setup files.
>// svWork = SUPPORTDIR ^ "cacls.bat";
> svWork = SRCDIR ^ "setacc.bat";
> // BATch file will parse arg into pieces if it includes
>embedded spaces
> LongPathToShortPath( svDir );
> if (!PFFileExists( SRCDIR, "setacc.bat", "ShowDialogs" ))then
> MessageBox( "Can't find setacc.bat", WARNING );
> else
> if (LaunchAppAndWait( svWork, svDir, WAIT ) != 1) then
> MessageBox( "Attempt to set access failed", INFO );
> endif;
> endif;
>------
>
>Here is the "source" for setacc.bat:
>------
>@echo off
>
>REM BATch file to give everyone full access to specified folder
>REM - to be invoked from an InstallShield script
>
>REM See MSDN Knowledge Base article 135268 ("How to Use CACLS.EXE in a
>BatchFile")
>REM See also a 24-30 June 2004 thread called
>REM "AlsoCreate a dir where all the users have the right to write"
>REM in comp.os.ms-windows.programmer.win32 and other fine
>newsgroups
>
>REM Caller needs to put quotation marks around the argument, or pass
>REM only short paths (with no embedded blanks), or it won't be
>REM parsed as one argument. Thus, the following line should not.
>
>echo y| cacls %1 /e /g everyone:f
>------
>
>I sort of want to move setacc.bat to the compressed files, so it isn't
>visible on the distribution CD. But just moving it didn't work,
>because then I couldn't invoke it. I vaguely remember InstallShield
>functions that explicitly uncompress files, so a script could use
>them. On the other hand, it could be a legitimate tool for some users.
>
>I briefly tried writing a program, to replace the batch file. But the
>functions used to control access seem too complex to be worth
>conquering for this project. And that would still require an auxiliary
>file. Maybe if I got that program working I could then use the same
>code in an InstallShield script. Maybe someday/
>
>On Thu, 24 Jun 2004 15:54:26 -0400, r_z_aret@pen_fact.com wrote:
>
>>On Thu, 24 Jun 2004 12:18:04 +0200, Viviana Vc <vcotirlea@hotmail.com>
>>wrote:
>>
>>>Hi Robert,
>>>
>>>I also have to create this dir from within InstallShield, so first I
>>>tried to find if InstallShield offers a way to do this, but seems not,
>>>so I'll have to call an external exe to do this.
>>
>>I just tried LaunchAppAndWait (InstallShield function), with no
>>success, using the following (adapted from the article you cited):
>> svWork = "echo y| cacls svDir /e /g everyone:f";
>> LaunchAppAndWait( svWork, "", WAIT );
>>No effect. Just in case, I also tried using svWork as the argument and
>>"" as the command line. No effect. I suspect the problem is the
>>characters (echo y|) preceding the actual command.
>>
>>The article mentions xcacl, and says it is part of the NT resource
>>kit. So I suppose I could get and use it. But would it work under Win
>>2K and Win XP? I'ld much rather stick with something that ships _with_
>>the operating system.
>>
>>>
>>>You should be aware that calling with CreateProcess or ShellExecute the
>>>command:
>>>cacls "C:\Program Files\test" /T /G Everyone:f
>>>is not a good idea because:
>>>a) - cacls it's asking for the user input ("Are you sure? y/n")
>>>b) - "Everyone" is localized, so it won't work on a non-english OS !!!
>>>
>>>To solve the above problems I found in MSDNL the following articles:
>>>for a): "How to Use CACLS.EXE in a Batch File"
>>>for b): "Creating a DACL" -> for programatically change the security of
>>>the directory
>>>
>>>Maybe this helps you also (I'm now investigating the second article),
>>>Viv
>>>
>>>On Wed, 23 Jun 2004 13:14:00 -0400, r_z_aret@pen_fact.com wrote :
>>>
>>>>On Tue, 22 Jun 2004 11:21:11 +0200, Viviana Vc <vcotirlea@hotmail.com>
>>>>wrote:
>>>>
>>>>>How can I programatically do the equivalent of the following:
>>>>>cacls "C:\Program Files\test" /T /G Everyone:f ?
>>>>
>>>>I'm just getting around to a minor variant of the question. I'll be
>>>>trying to do it from an old version of InstallShield, so I plan to
>>>>call the InstallShield function to execute run an external exe. From
>>>>straight Win 32, I would try ShellExecute (simpler) and then
>>>>CreateProcess.
>>>>
>>>>I've started by experimenting with a DOS prompt. So far, I can't find
>>>>a set of arguments that will eliminate all prompts.
>>>>
>>>>>
>>>>>Thanks,
>>>>>Viv
>>>>
>>>>-----------------------------------------
>>>>To reply to me, remove the underscores (_) from my email address (and please indicate which newsgroup and message).
>>>>
>>>>Robert E. Zaret, eMVP
>>>>PenFact, Inc.
>>>>500 Harrison Ave., Suite 3R
>>>>Boston, MA 02118
>>>>www.penfact.com
>>
>>-----------------------------------------
>>To reply to me, remove the underscores (_) from my email address (and please indicate which newsgroup and message).
>>
>>Robert E. Zaret, eMVP
>>PenFact, Inc.
>>500 Harrison Ave., Suite 3R
>>Boston, MA 02118
>>www.penfact.com
>
>-----------------------------------------
>To reply to me, remove the underscores (_) from my email address (and please indicate which newsgroup and message).
>
>Robert E. Zaret, eMVP
>PenFact, Inc.
>500 Harrison Ave., Suite 3R
>Boston, MA 02118
>www.penfact.com

r_z_aret
Fri Jul 02 07:54:50 CDT 2004

On Thu, 01 Jul 2004 11:14:28 +0200, Viviana Vc <vcotirlea@hotmail.com>
wrote:

>Hi,
>
>As already said I chose to write an external tool that is called from
>within IS:

I missed this. To clarify, does "external tool" mean "executable
file"? If so, then that is slightly neater than using a BATch file.

Either way, thanks for posting your solution. Sure is nice to have
clear, directly related, sample code. I may try to translate the code
into something that can be used within InstallShield. And it may be
useful some place else.

>
>I actually found a sample in MSDNL "Creating a DACL" where is a simple
>sample that I used so my code looks like:
>
>#define _WIN32_WINNT 0x0500
>
>#include <windows.h>
>#include <sddl.h>
>#include <stdio.h>
>
>BOOL CreateMyDACL(SECURITY_ATTRIBUTES *);
>
>void main()
>{
> SECURITY_ATTRIBUTES sa;
>
> sa.nLength = sizeof(SECURITY_ATTRIBUTES);
> sa.bInheritHandle = FALSE;
>
> if (!CreateMyDACL(&sa))
> {
> // Error encountered; generate message and exit.
> printf("Failed CreateMyDACL\n");
> exit(1);
> }
> if (0 == CreateDirectory(TEXT("C:\\MyFolder"), &sa))
> {
> // Error enco