3

I have a need to set dcom security via my installer and was wondering if there was a native way to do this within WiX. I'm looking to grant a user I'm creating upon installation Access and Launch and Activate permissions via the following dialog:

enter image description here

I accessed this by going to Control Panel->Administrative Tools->Component Services. Right clicking on My Computer->Properties and going to the COM Security tab.

Will I have to create a custom action to do this?

Improve this question
0

1 Answer 1

Reset to default
4

I ended up using a utility from the platform sdk called dcomperm and using a custom action in WiX to do this as I don't think this functionality exists in WiX. It involved several steps to do this since it seems to be difficult to actually download the compiled tool.

I had to do the following:

  1. Download and install the platform sdk
  2. Create a new empty c++ project in visual studio (I used 2010)
  3. Add all the files in Program Files\Microsoft Platform SDK\Samples\Com\Fundamentals\DCom\DComPerm to the project.
  4. Change the runtime library to MT (Multi-Threaded). This is important because it will include necessary files in the exe compiled. Otherwise you have to install the vc++ redistributable package to use this tool. See below for screenshot on how to do this enter image description here
  5. Create a custom action within WiX to run the following two commands (ExactaMobile was my username):
    dcomperm.exe -dl set ExactaMobile permit
    dcomperm.exe -da set ExactaMobile permit

The following custom actions are what I added to WiX:

<CustomAction Id='GrantDcomAccessPermissions' 
              Directory='ToolsFolder' 
              Execute='deferred' 
              ExeCommand='[ToolsFolder]dcomperm.exe -da set ExactaMobile permit' 
              Return='ignore'/>

<CustomAction Id='GrantDcomLaunchAndActivatePermissions'
              Directory='ToolsFolder'
              Execute='deferred'
              ExeCommand='[ToolsFolder]dcomperm.exe -dl set ExactaMobile permit'
              Return='ignore'/>

<InstallExecuteSequence>      
  <Custom Action="GrantDcomAccessPermissions" After="InstallFiles">NOT Installed</Custom>
  <Custom Action="GrantDcomLaunchAndActivatePermissions" After="InstallFiles">NOT Installed</Custom>
</InstallExecuteSequence>

The following is a more complete usage list for dcomperm:

Syntax: dcomperm <option> [...]  
Options:  
   -da <"set" or "remove"> <Principal Name> ["permit" or "deny"]  
   -da list  
       Modify or list the default access permission list  

   -dl <"set" or "remove"> <Principal Name> ["permit" or "deny"]  
   -dl list  
       Modify or list the default launch permission list  

   -aa <AppID> <"set" or "remove"> <Principal Name> ["permit" or "deny"]  
   -aa <AppID> default  
   -aa <AppID> list  
       Modify or list the access permission list for a specific AppID  

   -al <AppID> <"set" or "remove"> <Principal Name> ["permit" or "deny"]  
   -al <AppID> default  
   -al <AppID> list  
       Modify or list the launch permission list for a specific AppID  

   -runas <AppID> <Principal Name> <Password>  
   -runas <AppID> "Interactive User"  
       Set the RunAs information for a specific AppID  

Examples:  
   dcomperm -da set redmond\t-miken permit  
   dcomperm -dl set redmond\jdoe deny  
   dcomperm -aa {12345678-1234-1234-1234-00aa00bbf7c7} list  
   dcomperm -al {12345678-1234-1234-1234-00aa00bbf7c7} remove redmond\t-miken  
   dcomperm -runas {12345678-1234-1234-1234-00aa00bbf7c7} redmond\jdoe password

Hope someone finds this useful considering I had a difficult time tracking down exactly how to do this.

Improve this answer

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Not the answer you're looking for? Browse other questions tagged or ask your own question.