2. NSIS Discussion
  3. StartMenu permissions

Archive: StartMenu permissions


superrock
6th February 2004 15:18 UTC

Acl für alle lokalen Benutzer
Hi!

Versuche gerade mit Nsis(1.95) und dem lettzten AccessControl-Plugin die Startmenülinks für alle Benutzer einzurichten.

Ich habs geschafft einen speziellen Benutzer Daterechte zu geben:

push "FullAccess"
push "rocknt\calc"
Push c:\test.dat
CallInstDLL "AccessControl.dll" SetOnFile

Ich wuerde gerne allen Benutzern ( lokale Builtin-Gruppe Benutzer )dieses recht geben. Und zwar unabhängig von der Sprache des Betriebssystems.

Ich müsste nun über die SID arbeiten. Kann man das und wie gehts das ?
Oder gibts eine andere Lösung.

Mein letzter versuch für die Gruppe Administratoren war :

push "FullAccess"
push "S-1-5"
Push c:\test.dat
CallInstDLL "AccessControl.dll" SetOnFile



Lg,
Rocky

superrock
6th February 2004 15:30 UTC

File ACL for local users
Hi!

Uups, now it's english..........

I am trying to implement start menu link with access right for all local users (NSIS 1.95) .

I can set norm user rigths :

push "FullAccess"
push "rocknt\calc"
Push c:\test.dat
CallInstDLL "AccessControl.dll" SetOnFile

But I would like to set the rights for all local users (for the windows builtin group users). It should work independent of the operating system.

Then I should use the SID of this user group.
How can it be done ?

My last try for the built in group administrators was :

push "FullAccess"
push "S-1-5"
Push c:\test.dat
CallInstDLL "AccessControl.dll" SetOnFile



Regards,
Rocky

kichik
6th February 2004 15:35 UTC

You should use parenthesis when supplying a SID. For example:

push "FullAccess"
push "(S-1-5)"
Push c:\test.dat
CallInstDLL "AccessControl.dll" SetOnFile

Not exactly the same topic as the last thread, so I split it.

superrock
6th February 2004 17:05 UTC

Whats SID for alle builtin user
Hi,

Thanks for reply.

I tried your example :

push "FullAccess"
push "(S-1-2-0)"
Push c:\test.dat
CallInstDLL "AccessControl.dll" SetOnFile

S-1-2-0 is for all local logged users.

It works , but which Sid should I insert for the builtin local users group ?

kichik
6th February 2004 17:07 UTC

I don't know. Previous forum posts or MSDN are bound to help. You can also try "BUILTIN\USERS" from the documentation of AccessControl.

superrock
6th February 2004 17:33 UTC

Builtin Users
Hi,

Sorry but "BUILTIN\USERS" are not allowed in the german windows release!

I will have a look in the MSDN

Thx,

superrock
6th February 2004 17:40 UTC

SID the last post
Hi,

I found it:

Built in users :

push "FullAccess"
;Builtin users
push "(S-1-5-32-545)"
Push c:\test.dat
CallInstDLL "AccessControl.dll" SetOnFile

Built in administrators :
push "FullAccess"
;Builtin administrators
push "(S-1-5-32-544)"
Push c:\test.dat
CallInstDLL "AccessControl.dll" SetOnFile


See MSDN : http://msdn.microsoft.com/library/de...known_sids.asp

A SID value includes components that provide information about the SID structure and components that uniquely identify a trustee. A SID consists of the following components:


The revision level of the SID structure
A 48-bit identifier authority value that identifies the authority that issued the SID
A variable number of subauthority or relative identifier (RID) values that uniquely identify the trustee relative to the authority that issued the SID
The combination of the identifier authority value and the subauthority values ensures that no two SIDs will be the same, even if two different SID-issuing authorities issue the same combination of RID values. Each SID-issuing authority issues a given RID only once.

SIDs are stored in binary format in a SID structure. To display a SID, you can call the ConvertSidToStringSid function to convert a binary SID to string format. To convert a SID string back to a valid, functional SID, call the ConvertStringSidToSid function.

These functions use the following standardized string notation for SIDs, which makes it simpler to visualize their components:

S-R-I-S-S...

In this notation, the literal character S identifies the series of digits as a SID, R is the revision level, I is the identifier-authority value, and S... is one or more subauthority values.

The following example uses this notation to display the well-known domain-relative SID of the local Administrators group:

S-1–5-32-544

In this example, the SID has the following components. The constants in parentheses are well-known identifier authority and RID values defined in Winnt.h:

A revision level of 1
An identifier-authority value of 5 (SECURITY_NT_AUTHORITY)
A first subauthority value of 32 (SECURITY_BUILTIN_DOMAIN_RID)
A second subauthority value of 544 (DOMAIN_ALIAS_RID_ADMINS)

Fork me on GitHub