ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Setting NTFS security permissions for files in a .MSI


Article ID: 180611


Updated On:


Symantec Products




How to set permissions using Cacles or Regini.exe within a custom action?


You can use third party tools to modify NTFS permissions. Microsoft offers tools to modify NTFS permissions on Windows NT/2000/XP. Windows Installer based installations (.MSI) offer built-in support for modifying NTFS permissions as well.

Tools used to modify file and directory permissions. Cacls.exe is installed as a part of the operating system on Windows NT/2000/XP. The utility is located in the system directory (C:\WinNT\System). Xcacls.exe is a utility available with the Windows NT/2000 resource kit. Use the /? command line parameter to view the command line parameters available with cacls.exe.

Cacls.exe /?

Regini.exe is used to modify registry permissions. Regini.exe is a utility included with the Windows NT/2000 Resource Kit. View Microsoft's article Q237607, "How to Use Regini.exe to Set Permissions on Registry Keys", for information regarding Regini.exe.

Follow the steps below to call Cacles.exe using Windows Installer Editor or WFWI. Cacls.exe exists on the destination computer because the utility is installed as part of the operating system.

1. Select MSI Script and click the Execute Immediate tab.
2. Add a Execute Program From Installation custom action after InstallFinalize.
3. The Execute Program From Installation Dialog appears. Fill in the following information:
    Custom Action Name: Enter a name
    Executable File: Browse for the .EXE. (Regini.exe or Cacles.exe)
    Command Line: Enter appropriate command line.
4. Click OK.
5. Add an If NOT Installed before the custom action and an End Statement after the custom action.