Old 6th February 2004, 15:18   #1
superrock
Member
 
superrock's Avatar
 
Join Date: Jan 2002
Location: Graz, Austria
Posts: 50
Acl für alle lokalen Benutzer

Hi!

Versuche gerade mit Nsis(1.95) und dem lettzten AccessControl-Plugin die Startmenülinks für alle Benutzer einzurichten.

Ich habs geschafft einen speziellen Benutzer Daterechte zu geben:

push "FullAccess"
push "rocknt\calc"
Push c:\test.dat
CallInstDLL "AccessControl.dll" SetOnFile

Ich wuerde gerne allen Benutzern ( lokale Builtin-Gruppe Benutzer )dieses recht geben. Und zwar unabhängig von der Sprache des Betriebssystems.

Ich müsste nun über die SID arbeiten. Kann man das und wie gehts das ?
Oder gibts eine andere Lösung.

Mein letzter versuch für die Gruppe Administratoren war :

push "FullAccess"
push "S-1-5"
Push c:\test.dat
CallInstDLL "AccessControl.dll" SetOnFile



Lg,
Rocky
superrock is offline   Reply With Quote
Old 6th February 2004, 15:30   #2
superrock
Member
 
superrock's Avatar
 
Join Date: Jan 2002
Location: Graz, Austria
Posts: 50
File ACL for local users

Hi!

Uups, now it's english..........

I am trying to implement start menu link with access right for all local users (NSIS 1.95) .

I can set norm user rigths :

push "FullAccess"
push "rocknt\calc"
Push c:\test.dat
CallInstDLL "AccessControl.dll" SetOnFile

But I would like to set the rights for all local users (for the windows builtin group users). It should work independent of the operating system.

Then I should use the SID of this user group.
How can it be done ?

My last try for the built in group administrators was :

push "FullAccess"
push "S-1-5"
Push c:\test.dat
CallInstDLL "AccessControl.dll" SetOnFile



Regards,
Rocky
superrock is offline   Reply With Quote
Old 6th February 2004, 15:35   #3
kichik
M.I.A.
[NSIS Dev, Mod]
 
kichik's Avatar
 
Join Date: Oct 2001
Location: Israel
Posts: 11,343
You should use parenthesis when supplying a SID. For example:

push "FullAccess"
push "(S-1-5)"
Push c:\test.dat
CallInstDLL "AccessControl.dll" SetOnFile

Not exactly the same topic as the last thread, so I split it.

NSIS FAQ | NSIS Home Page | Donate $
"I hear and I forget. I see and I remember. I do and I understand." -- Confucius
kichik is offline   Reply With Quote
Old 6th February 2004, 17:05   #4
superrock
Member
 
superrock's Avatar
 
Join Date: Jan 2002
Location: Graz, Austria
Posts: 50
Whats SID for alle builtin user

Hi,

Thanks for reply.

I tried your example :

push "FullAccess"
push "(S-1-2-0)"
Push c:\test.dat
CallInstDLL "AccessControl.dll" SetOnFile

S-1-2-0 is for all local logged users.

It works , but which Sid should I insert for the builtin local users group ?
superrock is offline   Reply With Quote
Old 6th February 2004, 17:07   #5
kichik
M.I.A.
[NSIS Dev, Mod]
 
kichik's Avatar
 
Join Date: Oct 2001
Location: Israel
Posts: 11,343
I don't know. Previous forum posts or MSDN are bound to help. You can also try "BUILTIN\USERS" from the documentation of AccessControl.

NSIS FAQ | NSIS Home Page | Donate $
"I hear and I forget. I see and I remember. I do and I understand." -- Confucius
kichik is offline   Reply With Quote
Old 6th February 2004, 17:33   #6
superrock
Member
 
superrock's Avatar
 
Join Date: Jan 2002
Location: Graz, Austria
Posts: 50
Builtin Users

Hi,

Sorry but "BUILTIN\USERS" are not allowed in the german windows release!

I will have a look in the MSDN

Thx,
superrock is offline   Reply With Quote
Old 6th February 2004, 17:40   #7
superrock
Member
 
superrock's Avatar
 
Join Date: Jan 2002
Location: Graz, Austria
Posts: 50
SID the last post

Hi,

I found it:

Built in users :

push "FullAccess"
;Builtin users
push "(S-1-5-32-545)"
Push c:\test.dat
CallInstDLL "AccessControl.dll" SetOnFile

Built in administrators :
push "FullAccess"
;Builtin administrators
push "(S-1-5-32-544)"
Push c:\test.dat
CallInstDLL "AccessControl.dll" SetOnFile


See MSDN : http://msdn.microsoft.com/library/de...known_sids.asp

A SID value includes components that provide information about the SID structure and components that uniquely identify a trustee. A SID consists of the following components:


The revision level of the SID structure
A 48-bit identifier authority value that identifies the authority that issued the SID
A variable number of subauthority or relative identifier (RID) values that uniquely identify the trustee relative to the authority that issued the SID
The combination of the identifier authority value and the subauthority values ensures that no two SIDs will be the same, even if two different SID-issuing authorities issue the same combination of RID values. Each SID-issuing authority issues a given RID only once.

SIDs are stored in binary format in a SID structure. To display a SID, you can call the ConvertSidToStringSid function to convert a binary SID to string format. To convert a SID string back to a valid, functional SID, call the ConvertStringSidToSid function.

These functions use the following standardized string notation for SIDs, which makes it simpler to visualize their components:

S-R-I-S-S...

In this notation, the literal character S identifies the series of digits as a SID, R is the revision level, I is the identifier-authority value, and S... is one or more subauthority values.

The following example uses this notation to display the well-known domain-relative SID of the local Administrators group:

S-1–5-32-544

In this example, the SID has the following components. The constants in parentheses are well-known identifier authority and RID values defined in Winnt.h:

A revision level of 1
An identifier-authority value of 5 (SECURITY_NT_AUTHORITY)
A first subauthority value of 32 (SECURITY_BUILTIN_DOMAIN_RID)
A second subauthority value of 544 (DOMAIN_ALIAS_RID_ADMINS)
superrock is offline   Reply With Quote
Reply
Go Back   Winamp & Shoutcast Forums > Developer Center > NSIS Discussion

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump