using Wix 3.5 on Windows 2008 R2 x64
I am running this as administrator to avoid any permission issue. I created an installer that executes the icacls command to add a user to the ACL of the c:\windows\system32\inetsrv\config\administration.config file. Here is the wix code
<Property Id="QtExecExample" Value='"cmd" /c icacls "c:\windows\system32\inetsrv\config\administration.config" /Grant johndoe:M /T'/>
<CustomAction Id="QtExecExample" BinaryKey="WixCA" DllEntry="CAQuietExec" Execute="deferred" Return="check" Impersonate="no"/>
<InstallExecuteSequence>
<Custom Action="QtExecExample" Before='InstallFinalize' > NOT Installed</Custom>
</InstallExecuteSequence>
Below is the output in the msi log
MSI (s) (44:88) [07:51:46:872]: Executing op: CustomActionSchedule(Action=QtExecExample,ActionType=3073,Source=BinaryData,Target=CAQuietExec,CustomActionData="cmd" /c icacls "c:\windows\system32\inetsrv\config\administration.config" /Grant johndoe:M /T)
MSI (s) (44:88) [07:51:46:872]: Creating MSIHANDLE (795) of type 790536 for thread 1928
MSI (s) (44:38) [07:51:46:872]: Invoking remote custom action. DLL:
C:\Windows\Installer\MSIFBCF.tmp, Entrypoint: CAQuietExec
MSI (s) (44!68) [07:51:46:888]: Creating MSIHANDLE (796) of type 790531 for thread 2920
CAQuietExec: Successfully processed 0 files; Failed processing 0 files
As you can see the file is not modified almost as if the command was ignored. The user is not added to the ACL. I know the command works because if I run the command from a dos prompt I get the following.
C:\Users\Administrator\Desktop>cmd /c icacls "c:\windows\system32\inetsrv\config\administration.config" /Grant johndoe:M /T
processed file: c:\windows\system32\inetsrv\config\administration.config
Successfully processed 1 files; Failed processing 0 files
It seems like the ACL for files under inetsrv\config can't be changed if the command is run from WIX but not sure why. If the command works via commandline then shouldn't it work via the Wix CAQuietExec? Does anyone have any idea what I am doing wrong or what I am missing?
Found out the issue. Even though my msi was built as a 64 bit binary the icacls command being run was the 32 bit version. Files under inetsrv\config can only be modified by a 64bit program. Anyway I needed to make the following two changes in my wix file
1) use the full path for the 64 bit version of icacls ie. c:\windows\system32\icacls
2) change DllEntry="CAQuietExec" to DllEntry="CAQuietExec64"
The above two changes resolved the issue. Even though this now works I decided to go with a custom action that does the ACL change.