MAKEMSI quickly and reliably creates MSI files in a non-programmatic way
Have your say! Join the MAKEMSI discussion list or view archive! Suggest improvements. No question too simple or too complex.
[Bottom][Contents][Prev]: Security Related Tools[Next]: regini.exe
Have your say! Join the MAKEMSI discussion list or view archive! Suggest improvements. No question too simple or too complex.
\->Tips and Tricks->Tools->Security Related Tools->cacls.exe

cacls.exe

Seems to be a MS tool which is installed by default in Windows XP for updating file/folder permissions.

The tool doesn't work with "well known SID", for a workaround see "CACLS.EXE - How to use Well Known SID".

Example - MAKEMSI Use via Macros

;--- Handy commands you may wish to use -------------------------------------
#define  CACLS   <$RunCmd  {$?} ALIAS="CACLS" Command="CACLS.EXE" @="N">    ;;"CACLS.EXE" installed with WIN2000 & WINXP (at least on PRO)
#define  /CACLS  <$/RunCmd {$?} ALIAS="/CACLS">

;--- Update ACL on "fred.ini" -----------------------------------------------
<$CACLS CONDITION=^<$CONDITION_INSTALL_ONLY>^>
    ;--- Name of file we wish to modify ACL on ------------------------------
    "%WinDir%\system32\fred.ini"

    ;--- Edit ACL instead of replacing it -----------------------------------
    /E

    ;--- Deny administrators access -----------------------------------------
    /D administrators
<$/CACLS>

The example below makes use of the same macros used above but shows a how you can reference the installation directory (or msi properties in general): 

#data '@@INSTALLDIR' 2
    ;--- Install time name and location of SETACL tool ----------------------
    "INSTALLDIR" "[INSTALLDIR]"
#data
<$CACLS CONDITION=^<$CONDITION_INSTALL_ONLY>^ DATA="@@INSTALLDIR">
   "(*INSTALLDIR*)SomeFile.txt"
   /E
   /G Users:C
<$/CACLS>

Note that the "deny" ability of this command is very limited.

cacls.EXE /?

Displays or modifies access control lists (ACLs) of files



CACLS filename [/T] [/E] [/C] [/G user:perm] [/R user [...]]

               [/P user:perm [...]] [/D user [...]]

   filename      Displays ACLs.

   /T            Changes ACLs of specified files in

                 the current directory and all subdirectories.

   /E            Edit ACL instead of replacing it.

   /C            Continue on access denied errors.

   /G user:perm  Grant specified user access rights.

                 Perm can be: R  Read

                              W  Write

                              C  Change (write)

                              F  Full control

   /R user   Revoke specified user's access rights (only valid with /E).

   /P user:perm  Replace specified user's access rights.

                 Perm can be: N  None

                              R  Read

                              W  Write

                              C  Change (write)

                              F  Full control

   /D user       Deny specified user access.

Wildcards can be used to specify more that one file in a command.

You can specify more than one user in a command.



Abbreviations:

   CI - Container Inherit.

        The ACE will be inherited by directories.

   OI - Object Inherit.

        The ACE will be inherited by files.

   IO - Inherit Only.

        The ACE does not apply to the current file/directory.

Microsoft awarded me an MVP (Most Valuable Professional award) in 2004, 2005, 2006 & 2007 for the Windows SDK (Windows Installer) area.This external link was OK when tested at 23 Aug 2008Please email me any feedback, additional information or corrections.
See this page online (look for updates)

[Top][Contents][Prev]: Security Related Tools[Next]: regini.exe


MAKEMSI© is (C)opyright Dennis Bareis 2003-2008 (All rights reserved).
Thursday August 28 2008 at 11:28am
Visit MAKEMSI's Home PageThis external link was OK when tested at 13 Aug 2008 HTML page dated Mon, 29 Jan 2007 00:11:11 GMT
Microsoft awarded me an MVP (Most Valuable Professional award) in 2004, 2005, 2006 & 2007 for the Windows SDK (Windows Installer) area.This external link was OK when tested at 23 Aug 2008