We need to find the user who has installed msi using powershell.
I was trying to search via HKEY_USERS ,but it is providing sid of the user not the user name of who installed the msi.
Is there any way to find the Installed user ?
(If you have a sid, you can find out the user name, why not?)
But the best way, if the msi is yours, is to save that information during the setup in a registry value, or .ini file you can read out later.
There are two properties, "LogonUser", and "USERNAME", the latter is the user really installing.
If you have no influence on the msi itself, I am not sure, if it is so easy. Interpreting sids seems a good way then.
Nevertheless:
The standard way is to use the API routines MsiGetProductInfo() or MsiGetProductInfoEx(). You can google in MSDN. But I am not sure if they always contain information if these data were not registered during setup dialog. So maybe they are empty after a silent install if there was no registration dialog? I have never used them to find the user who has installed as software. Normally in own setups this is done with explicit dialogs or actions.
One of the way might be by using reg key but there is a function in the windows installer API called MsiEnumProductsEx
you have to specify User SID it querys and checks all installed product for all users
Related
I'm trying to add a URL to my system startup. I want to do this via the registry because it fits some other things I'm hoping to do later. Here's my code at the moment;
My.Computer.Registry.SetValue("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\", "LinkLoad", "https://www.url.link")
I'm trying to do this via vb.net if at all possible. I have given the application administrative privileges but for some reason this hasn't work. The new registry key isn't in position (and to be honest I'm not 100% sure this would work in loading the webpage!).
[FYI the link in the above code is junk, I didn't think it was important to include the actual link I want to load!)
Out-of-the-box, an Alfresco user can read a document based on:
The document's permissions
The user's role
The user's groups
Whether the user owns the document or not
Maybe some other factors I forgot?
Now, I want to add a new factor: Whether the document is currently part of a workflow.
Alfresco's permissionDefinitions.xml allows me to define permissions based on authorities such as ROLE_LOCK_OWNER etc, but it does not seem to be the right place to add permission conditions.
I guess I will have to write some Java source code, but I am not sure what classes are responsible for this, and whether there is an Alfresco way to customize them?
So, I assume you want to somehow have nodes that are attached to a workflow have different access rights? You need to think about the behavior you want in all of the UIs and protocols you are exposing (e.g. share, WebDAV, CIFS, FTP, etc.).
If you want to set a permission on a node, you can do that via JavaScript as well as Java (See http://docs.alfresco.com/5.2/references/API-JS-setPermission.html and http://docs.alfresco.com/5.2/references/dev-services-permission.html). As was mentioned in one of the comments, you can also get the number of active workflows on a node by referencing the activeWorkflows property in JavaScript (http://docs.alfresco.com/5.2/references/API-JS-ScriptNode.html) or in Java
Depending on the specifics, I might implement this in different ways, but if all you want to do is have the permission change, you could just update it at the beginning and end of your workflow with a simple javascript call. The only thing bad about that is that it doesn't take into consideration the workflow getting canceled. You could also create a policy/behavior on an aspect you attach or even have a rule or job run that updates content based on the activeWorkflows values.
I am attempting to modify a WIX installer package so that it can detect the presence of a specific Microsoft Knowledge Base patch/update, and then offer the user a chance to download and install it on-the-fly if the patch is not detect. My order of operations would be:
Detect if user is installing on Windows 8.1 or not (trivial, compare against VersionNT).
Detect if KB 2883200 is already installed.
If detected, provide a dialogue box offering the chance to download and install the package.
Steps 2 and 3 aren't 100% obvious to me. I've found a possible solution via another StackOverflow post, but I don't understand why both a hash and the KB number need to be provided. eg:
Sample Function
public static bool IsPatchAlreadyInstalled(string productCode, string patchCode)
{
var patches =
PatchInstallation.GetPatches(null, productCode, null, UserContexts.Machine, PatchStates.Applied);
return patches.Any(patch => patch.DisplayName == patchCode);
}
Use
IsPatchAlreadyInstalled("{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}", "KB2468871");// .NET Framework 4 Client Profile 64-bit
IsPatchAlreadyInstalled("{8E34682C-8118-31F1-BC4C-98CD9675E1C2}", "KB2468871");// .NET Framework 4 Extended 64-bit
IsPatchAlreadyInstalled("{3C3901C5-3455-3E0A-A214-0B093A5070A6}", "KB2468871");// .NET Framework 4 Client Profile 32-bit
IsPatchAlreadyInstalled("{0A0CADCF-78DA-33C4-A350-CD51849B9702}", "KB2468871");// .NET Framework 4 Extended 32-bit
So, the first part of my question would be: How can I use the code above to detect if the KB 2883200 patch is installed, and how do I generate the appropriate hash/UUID for the first argument passed to the function?
Next, I am trying to make a modal dialogue box appear, offering the user the chance to install the patch? If the user goes "Back" in the installer, I'd like the dialogue to re-appear when reaching the appropriate step again, in case they accidentally declined the offer to install the driver.
For the second and final part of my question: how do I provide such a dialogue box, and is there any existing method to download and install a MS KB patch through the installer, or do I have to implement my own methods from scratch?
Thank you.
The dialog box will be a dialog that you insert in the MSI UI sequence and show it if the update isn't installed, an publish the dialog with a condition. A potential issue with doing any of this in the UI sequence is that you won't be elevated, so if elevated privileges are required for this you may be in some difficulty.
I think Tom's suggestion is the way to do this - make it a prerequisite for which you build you own executable to check for it, integrate that with Burn.
Either way, to check for and install the update I'd use the Windows Update API. The update is available through Windows Update, and this kind of thing tells you if the update is applicable to a particular system and will also download it:
https://msdn.microsoft.com/en-us/library/windows/desktop/aa387102(v=vs.85).aspx
I have been looking for a good answer for my following simple enough question.
I have an interactive Wix installer, which works perfect. The user needs to accept the licence agreement in the interactive setup to carry on the setup. Now, I need to have a silent installer where the user will accept the same licence agreement by entering a command line parameter like ACCEPT-EULA=YES.
Could anyone please guide me how I should manage to implement this in wxs file? I am not using MSVC by the way. I have tried
<util:XmlFile Action="setValue" ...
but got tons of different sort of errors.
I'd greatly appreciate any help.
Thanks.
You want an error custom action scheduled first in the install execute sequence with a condition of UILevel < 5 and Not ACCEPTEULA~="YES"`
The UILevel property is defined here. 5 means full UI so you don't want this CA to run. < 5 means some form of silent installation so you only want this custom action to fire when the property doesn't equal (case insensitive) "yes".
<CustomAction Id="RequireEulaWhenSilent" Error="You must accept the EULA by passing ACCEPTEULA=YES when performing a silent installation."/>
<InstallExecuteSequence>
<Custom Action="RequireEulaWhenSilent" Before="AppSearch"><![CDATA[UILevel<5 and Not ACCEPTEULA~="YES" and Not Installed]]></Custom>
</InstallExecuteSequence>
Of course you now have a problem that if they aren't logging the install they won't know why the installer failed. Personally I think this is an invented requirement by upper management and I always push back when given this problem. Otherwise you get into crazy land like this.
I sort of agree with Chris, reject this requirement and put the license agreement inside the main application EXE file with a flag per user for whether the particular user has seen and accepted the license agreement or not.
This is assuming that this is really important legally, because it is a serious annoyance to every user in my opinion. However, arguably having a system administrator accept the license agreement on every user's behalf is probably not great legally. I am not sure how this is handled by larger companies actually. You can certainly ask your marketing and sales guys what they think of this - it is their issue.
I think the conditions suggested could work, but it all depends on where you put the custom action in the sequence, whether you use major upgrade patches or similar unusual things. Ideally you should condition so tightly that the action can only run when it is really intended.
Test at least these scenarios:
Fresh install, both silent and interactive
Major upgrade, both silent and interactive
Uninstall, both silent and interactive
Modify (start from Add/Remove Programs)
And use the MSI condition cheat sheet to help you.
How do I add the Swedish interactive user,
NT INSTANS\INTERAKTIV
or the English interactive user,
NT AUTHORITY\INTERACTIVE
or any other localised user group with write permissions to a program folder's ACL?
Is this question actually "How do I use secureObject"? I cannot use the LockPermissions Table because I undestand inheritance is removed. secureObject permissions seem to require CreateDirectory rather than Directory...
With recent releases of Wix, you can retrieve the localized names of often-used built-in user and group names via a property. For example, WIX_ACCOUNT_NETWORKSERVICE contains the localized name of the Network Service account. Unfortunately, as of 3.0.4513 NT AUTHORITY\INTERACTIVE is not among them.
There exists a sample MSI custom action that creates properties for many of the built-in user and group names. Get it here. Add the CA to your Wix installer and schedule it early in the install execute sequence.
Once you have the localized account name, add a PermissionEx element to modify your directory's ACL. For example:
<Directory ...>
<Component ...>
<CreateFolder>
<PermissionEx User="[SID_INTERACTIVE]" .../>
</CreateFolder>
</Component ...>
</Directory ...>
There is no way as such to add both account names to an ACL since they are one and the same. The name you see corresponds to a SID, and that SID is identical in both the English and Swedish localizations. In the case of the INTERACTIVE group, that SID is S-1-5-4.
I haven't followed WiX in a long while, but I expect there has to be a way to specify SIDs for ACLs instead of account names. You should never, ever rely on the account name for well-known accounts unless there is absolutely no way to avoid it. Here is a list of well-known SIDs for reference.
Edit: This post seems to provide a solution to your problem using a custom action to translate the SIDs to account names - apparently WiX doesn't out of the box support using SIDs for Permission or PermissionEx objects.
Here is a more authoritative list of well-known SIDs in Q243330 of the Microsoft Knownledge Base.