3

I have a need to set dcom security via my installer and was wondering if there was a native way to do this within WiX. I'm looking to grant a user I'm creating upon installation Access and Launch and Activate permissions via the following dialog:

enter image description here

I accessed this by going to Control Panel->Administrative Tools->Component Services. Right clicking on My Computer->Properties and going to the COM Security tab.

Will I have to create a custom action to do this?

Cole W
  • 15,123
  • 6
  • 51
  • 85

1 Answers1

4

I ended up using a utility from the platform sdk called dcomperm and using a custom action in WiX to do this as I don't think this functionality exists in WiX. It involved several steps to do this since it seems to be difficult to actually download the compiled tool.

I had to do the following:

  1. Download and install the platform sdk
  2. Create a new empty c++ project in visual studio (I used 2010)
  3. Add all the files in Program Files\Microsoft Platform SDK\Samples\Com\Fundamentals\DCom\DComPerm to the project.
  4. Change the runtime library to MT (Multi-Threaded). This is important because it will include necessary files in the exe compiled. Otherwise you have to install the vc++ redistributable package to use this tool. See below for screenshot on how to do this enter image description here
  5. Create a custom action within WiX to run the following two commands (ExactaMobile was my username):
    dcomperm.exe -dl set ExactaMobile permit
    dcomperm.exe -da set ExactaMobile permit

The following custom actions are what I added to WiX:

<CustomAction Id='GrantDcomAccessPermissions' 
              Directory='ToolsFolder' 
              Execute='deferred' 
              ExeCommand='[ToolsFolder]dcomperm.exe -da set ExactaMobile permit' 
              Return='ignore'/>

<CustomAction Id='GrantDcomLaunchAndActivatePermissions'
              Directory='ToolsFolder'
              Execute='deferred'
              ExeCommand='[ToolsFolder]dcomperm.exe -dl set ExactaMobile permit'
              Return='ignore'/>

<InstallExecuteSequence>      
  <Custom Action="GrantDcomAccessPermissions" After="InstallFiles">NOT Installed</Custom>
  <Custom Action="GrantDcomLaunchAndActivatePermissions" After="InstallFiles">NOT Installed</Custom>
</InstallExecuteSequence>

The following is a more complete usage list for dcomperm:

Syntax: dcomperm <option> [...]  
Options:  
   -da <"set" or "remove"> <Principal Name> ["permit" or "deny"]  
   -da list  
       Modify or list the default access permission list  

   -dl <"set" or "remove"> <Principal Name> ["permit" or "deny"]  
   -dl list  
       Modify or list the default launch permission list  

   -aa <AppID> <"set" or "remove"> <Principal Name> ["permit" or "deny"]  
   -aa <AppID> default  
   -aa <AppID> list  
       Modify or list the access permission list for a specific AppID  

   -al <AppID> <"set" or "remove"> <Principal Name> ["permit" or "deny"]  
   -al <AppID> default  
   -al <AppID> list  
       Modify or list the launch permission list for a specific AppID  

   -runas <AppID> <Principal Name> <Password>  
   -runas <AppID> "Interactive User"  
       Set the RunAs information for a specific AppID  

Examples:  
   dcomperm -da set redmond\t-miken permit  
   dcomperm -dl set redmond\jdoe deny  
   dcomperm -aa {12345678-1234-1234-1234-00aa00bbf7c7} list  
   dcomperm -al {12345678-1234-1234-1234-00aa00bbf7c7} remove redmond\t-miken  
   dcomperm -runas {12345678-1234-1234-1234-00aa00bbf7c7} redmond\jdoe password

Hope someone finds this useful considering I had a difficult time tracking down exactly how to do this.

Cole W
  • 15,123
  • 6
  • 51
  • 85