Folder stays resident while layer is disabled after modifying AD permissions
Am having an issue where, after capturing an application and granting an AD group Full Control rights to the application folder, the folder stays present in the file system even after the layer is disabled. This happens irrespective of the application.
Steps to replicate:
1. Create a new layer and capture Pidgin.
2. Finish installing Pidgin.
3. While the Pidgin layer is active, grant an AD group Full Control rights to the C:\Program Files\Pidgin folder.
4. Disable the Pidgin layer. The C:\Program Files\Pidgin folder stays resident in the file system even after the layer is disabled.
The ideal end state is that the folder disappears when the layer is disabled. And when re-enabled, the folder reappears with the correct permissions.
Any ideas on how to hide the folder correctly while granting users the appropriate permissions?
Comments
How are you changing the
How are you changing the permissions? If it's anything in the base then that folder will get "pulled" out of the layer to the base, this is the same behavior as editing a text file in a layer with notepad.
If there's a specific GUI tool you're using, that isn't explorer, run it from the layer (right-click on the layer and select run from layer) if it's a command line tool run cmd.exe from the layer and then call the tool.
If a forum post solves your problem please flag is as the solution
Am changing the permissions
Am changing the permissions through explorer. Right click the folder -> Properties -> Security tab.
Not sure what you mean by "anything in the base". Do you mean the base layer...?
How do I self-contain the permissions w/in the layer? Or is it by design that the folder gets pulled out after any modifications to the layer?
---
Wil Orinion
email: wil@wilorinion.com
web: http://wilorinion.com
twitter: http://twitter.com/wilorinion
When a non-virtualized process
makes changes to a layer, the changes "fall out" of the layer onto / into the Base. There are two ways around this, the one that jordan suggested, or by making the permission changes to the RO layers redirection area on importing.
Cheers
Phil
Runing cacls.exe w/in the
Runing cacls.exe w/in the layer
Works. Now the folder disappears when the layer is disabled. Check MSFT's documentation on cacls for more specific info.
Thanks guys!
---
Wil Orinion
email: wil@wilorinion.com
web: http://wilorinion.com
twitter: http://twitter.com/wilorinion
in SWV terminology base means
in SWV terminology base means non-virtualized apps, OS and so on.
When ever something is changed by something in the base then those changes get saved in the base and not in the virtual layer.
To make changes to permissions in the layer you can try flagging the layer for "Keep Changes in Layer" but I don't know if that will work with ACLs.
The other method is what I mentioned in my previous post.
Edit: Phil beat me too it, that's what I get for half typing a response before going into a meeting.
If a forum post solves your problem please flag is as the solution
Would you like to reply?
Login or Register to post your comment.