你想要用户=“网络服务”。在支持 PermissionEx 的 SecureObj.cpp 代码中有一个知名用户列表。
`// figure out the right user to put into the access block
if (!*pwzDomain && 0 == lstrcmpW(pwzUser, L"Everyone"))
{
hr = AclGetWellKnownSid(WinWorldSid, &psid);
}
else if (!*pwzDomain && 0 == lstrcmpW(pwzUser, L"Administrators"))
{
hr = AclGetWellKnownSid(WinBuiltinAdministratorsSid, &psid);
}
else if (!*pwzDomain && 0 == lstrcmpW(pwzUser, L"LocalSystem"))
{
hr = AclGetWellKnownSid(WinLocalSystemSid, &psid);
}
else if (!*pwzDomain && 0 == lstrcmpW(pwzUser, L"LocalService"))
{
hr = AclGetWellKnownSid(WinLocalServiceSid, &psid);
}
else if (!*pwzDomain && 0 == lstrcmpW(pwzUser, L"NetworkService"))
{
hr = AclGetWellKnownSid(WinNetworkServiceSid, &psid);
}
else if (!*pwzDomain && 0 == lstrcmpW(pwzUser, L"AuthenticatedUser"))
{
hr = AclGetWellKnownSid(WinAuthenticatedUserSid, &psid);
}
else if (!*pwzDomain && 0 == lstrcmpW(pwzUser, L"Guests"))
{
hr = AclGetWellKnownSid(WinBuiltinGuestsSid, &psid);
}
else if(!*pwzDomain && 0 == lstrcmpW(pwzUser, L"CREATOR OWNER"))
{
hr = AclGetWellKnownSid(WinCreatorOwnerSid, &psid);
}
else if (!*pwzDomain && 0 == lstrcmpW(pwzUser, L"INTERACTIVE"))
{
hr = AclGetWellKnownSid(WinInteractiveSid, &psid);
}
else if(!*pwzDomain && 0 == lstrcmpW(pwzUser, L"Users"))
{
hr = AclGetWellKnownSid(WinBuiltinUsersSid, &psid);
}
else`
Windows Installer LockPermission 表(WiX 中的 Permission 元素)也支持大多数知名名称,但它们是本地化的,恕我直言,这是一个非常糟糕的设计。这就是 WiX 有这个已知列表的原因。
好吧,我想出了一个答案(可能不是答案)。您不能使用 util:PermissionEx 为“网络服务”帐户设置文件权限(它不是众所周知的 sid 或类似的东西)。最后,我编写了一个自定义操作,使用 cacls.exe 实用程序设置权限。
<CustomAction Id="PermissionAppData" Directory="TARGETDIR"
ExeCommand=""[SystemFolder]cacls.exe"
"[INSTALLDIR]\App_Data"
/T /E /G "NT AUTHORITY\Network Service:C"" Return="check" />