Setting NTFS Security Permissions Using WiseScript

Article:HOWTO1196  |  Created: 2005-09-07  |  Updated: 2006-05-08  |  Article URL http://www.symantec.com/docs/HOWTO1196
Article Type
How To



Question
How can I set NTFS security permissions for registry keys, files, and folders with a WiseScript installation?

Answer

You must use third party tools to modify NTFS permissions. Microsoft offers tools to modify NTFS permissions on Windows NT/2000/XP. Windows Installer based installations (.MSI) offer built-in support for modifying NTFS permissions.

Cacls.exe/Xcacls.exe:
Tools used to modify file and directory permissions. Cacls.exe is installed as a part of the operating system on Windows NT/2000/XP. The utility is located in the system directory (C:\WinNT\System). Xcacls.exe is a utility available with the Windows NT/2000 resource kit. Use the /? command line parameter to view the command line parameters available with cacls.exe.

Cacls.exe /?

Regini.exe:
Regini.exe is used to modify registry permissions. Regini.exe is a utility included with the Windows NT/2000 Resource Kit. View Microsoft's article Q237607, "How to Use Regini.exe to Set Permissions on Registry Keys", for information regarding Regini.exe.



Follow the steps below to call Cacles.exe using WiseScript Editor. Cacls.exe exists on the destination computer because the utility is installed as part of the operating system.

  1. Open Script Editor and insert an Execute Program script action in a desired location in the WiseScript. Double-click on the Execute Program action from the Actions list. The Execute Program Settings dialog is displayed.

    Note: You may want to add an action to conditionally call the execute program action only if WinNT/2000/XP is installed on the destination computer. Win9x/ME computers do not support NTFS permissions. Use a Check Configuration script action to detect if Windows NT is running.
  2. Input the following fields on the Execute Program Settings dialog:
    • .EXE Path: %SYS32%\cacls.exe: Input the path of the utility on the destination computer. Cacls.exe is installed to the system32 directory on Windows NT/2000/XP.
    • Command Line: Input any desired command line parameters for modifying or viewing permissions. Test the command line parameters from a command prompt before using in the installation.
  3. Accept the default values for the other fields on the Execute Program Settings dialog. Click OK.


Below are the steps to call regini.exe using WiseScript. The steps are identical for calling xcacls.exe. Regini.exe and xcacls.exe must be installed with your installation, because these utilities are not installed as part of the operating system.

  1. Open Script Editor and insert an Install File script action in a desired location in the WiseScript. The Install File action must be located after the Check Disk Space action. Double-click on the Install File action from the Actions list. The Install File Settings dialog is displayed.
  2. Input the following fields on the Install File Settings dialog:
    • Source Pathname: Click Browse to browse for the desired utility.
    • Destination Pathname: %TEMP%\Regini.exe: Input the desired path on the destination computer where the utility is to be installed.
  3. Accept the default values for the other fields on the Install File Settings dialog. Click OK.
  4. Insert an Execute Program script action in a desired location in the WiseScript. Double-click on the Execute Program action from the Actions list. The Execute Program Settings dialog is displayed.
  5. Input the following fields on the Execute Program Settings dialog:
    • .EXE Path: %TEMP%\regini.exe: Input the path of the utility on the destination computer. Use the destination path defined by the Install File action previously created in step 2.
    • Command Line: Input any desired command line parameters for modifying or viewing permissions. Test the command line parameters from a command prompt before using in the installation.
  6. Accept the default values for the other fields on the Execute Program Settings dialog. Click OK.


Use Execute Program script actions to call utilities to modify and view NTFS security permissions. WiseScript does not offer built-in functionality for security permissions, unlike Windows Installer.

Related Links
http://www.microsoft.com/windows2000/techinfo/reskit/tools/existing/xcacls-o.asp


Legacy ID



1670


Article URL http://www.symantec.com/docs/HOWTO1196


Terms of use for this information are found in Legal Notices