SetObjectPermissions

The SetObjectPermissions function is used to set permissions for a file, a folder, or a registry key. The file, folder, or registry key can be installed as part of your installation, or it can be already present on the target system.

Syntax

SetObjectPermissions (byval string szObject, byval number nType, byval string szDomain, byval string szUser, byval number nPermissions, byval number nOptions);

Parameters

SetObjectPermissions Parameters

Parameter

Description

szObject

Specify the object (file, folder, or registry key) for which you want to set permissions.

For files and folders, specify the full path.

For registry keys, use one of the following in the path:

•

CLASSES_ROOT—This indicates the HKEY_CLASSES_ROOT hive.

•

CURRENT_USER—This indicates the HKEY_CURRENT_USER hive.

•

MACHINE—This indicates the HKEY_LOCAL_MACHINE hive.

•

USERS—This indicates the HKEY_USERS hive.

The following example set permissions for a key in HKEY_LOCAL_MACHINE:

SetObjectPermissions("MACHINE\\Software\\MyProduct\\Example", IS_PERMISSIONS_TYPE_REGISTRY, "", "Users", KEY_CREATE_SUB_KEY, IS_PERMISSIONS_OPTION_DENY_ACCESS);

nType

Indicate the type of object that is being passed through the szObject parameter. Valid options are:

•

IS_PERMISSIONS_TYPE_FILE—szObject is a file.

•

IS_PERMISSIONS_TYPE_FOLDER—szObject is a folder.

•

IS_PERMISSIONS_TYPE_REGISTRY—szObject is a registry key.

szDomain

Specify the domain name of the user for which permissions are being set.

To use the local machine as the domain, pass an empty string ("") for this parameter.

szUser

Specify the name of the user for which permissions are being set. Available options are:

•

Administrators

•

Authenticated Users

•

Creator Owner

•

Everyone

•

Guests

•

Interactive

•

IUSR

•

Local Service

•

Local System

•

Network Service

•

Power Users

•

Remote Desktop Users

•

Users

The user can be one that is being created during the installation, or one that already exists on the target system at run time.

nPermissions

To specify the permissions that are to be applied to the object for the specified user, pass one of the following predefined constants in this parameter. You can combine these constants by using the bitwise OR operator ( | ).

Available options are:

•

DELETE

•

GENERIC_ALL

•

GENERIC_EXECUTE

•

GENERIC_WRITE

•

GENERIC_READ

•

READ_CONTROL

•

STANDARD_RIGHTS_ALL

•

STANDARD_RIGHTS_EXECUTE

•

STANDARD_RIGHTS_READ

•

STANDARD_RIGHTS_REQUIRED

•

STANDARD_RIGHTS_WRITE

•

SYNCHRONIZE

•

WRITE_DAC

•

WRITE_OWNER

The following options are applicable to files and folders:

•

FILE_LIST_DIRECTORY (for folders)

•

FILE_READ_DATA (for files)

•

FILE_WRITE_DATA (for files)

•

FILE_ADD_FILE (for folders)

•

FILE_APPEND_DATA (for files)

•

FILE_ADD_SUBDIRECTORY (for folders)

•

FILE_READ_EA (for files and folders)

•

FILE_WRITE_EA (for files and folders)

•

FILE_EXECUTE (for files)

•

FILE_TRAVERSE (for folders)

•

FILE_DELETE_CHILD (for folders)

•

FILE_READ_ATTRIBUTES (for files and folders)

•

FILE_WRITE_ATTRIBUTES (for files and folders)

•

FILE_ALL_ACCESS

nPermissions (cont.)

The following options are applicable to registry keys:

•

KEY_QUERY_VALUE

•

KEY_SET_VALUE

•

KEY_CREATE_SUB_KEY

•

KEY_ENUMERATE_SUB_KEYS

•

KEY_NOTIFY

•

KEY_CREATE_LINK

For information on each value, see “Registry Key Security and Access Rights,” “File Security and Access Rights,” and “Registry Key Security and Access Rights” in the MSDN Library.

nOptions

Pass one or more of the following predefined constants in this parameter.

•

IS_PERMISSIONS_OPTION_64BIT_OBJECT—The set of permissions that are specified in nPermissions should be set for a 64-bit key, regardless of whether the REGDB_OPTION_WOW64_64KEY option is enabled. Note that the IS_PERMISSIONS_OPTION_64BIT_OBJECT constant should not be passed on 32-bit target systems. In addition, this constant does not affect permissions for files or folders.

•

IS_PERMISSIONS_OPTION_DENY_ACCESS—The set of permissions that are specified in nPermissions should be denied.

•

IS_PERMISSIONS_OPTION_NO_APPLYDOWN—The permissions should be applied to only the specified object; they should not be propagated to any child objects.

•

IS_PERMISSIONS_OPTION_ALLOW_ACCESS—The set of permissions that are specified in nPermissions should allow access.

You can combine more than one constant by using the bitwise OR operator ( | ). The IS_PERMISSIONS_OPTION_DENY_ACCESS and IS_PERMISSIONS_OPTION_ALLOW_ACCESS constants should not be combined because they are mutually exclusive; if you specify both of these options for nOptions, permissions are denied.

Return Values

SetObjectPermissions Return Values
Return Value	Description
ISERR_SUCCESS	The function successfully set the permissions.
!= ISERR_SUCCESS	The function could not set the permissions. The return value is a Win32 error. For documentation on Win32 errors, see the MSDN Library.

Additional Information

SetObjectPermissions attempts to set permissions on a 64-bit key if the REGDB_OPTION_WOW64_64KEY option is enabled.

To set permissions for files that are in the 64-bit System32 folder, file system redirection should be disabled before the SetObjectPermissions function is called. To disable file system redirection, use the WOW64FSREDIRECTION constant, as shown in the following code:

Disable (WOW64FSREDIRECTION);

Once the operation is done, disable file system redirection:

Enable(WOW64FSREDIRECTION);

SetObjectPermissions

InstallShield 2021 Help Library

December 2021