How to change the file permissions in MSI

Bill Chung is a guest community blogger to this site. The following represents his own personal experience and expertise

Sometimes, we need to write something to file (ex: mdb, txt, …), not only read it. For example, you build an application which need update or insert data to an access mdb file, when you install this application to C:\Program files directory (or C:\Program files(X86), if you installed a X86 application into a X64 Windows), it will work perfectly in Windows XP environment. But how about Window Vista/7 ? You will get an exception like this:

This is caused by UAC, when we installed software into some specific directory (in this case C:\Program files), these files will be under the UAC control. Even though you login Windows Vista/7 with administrator account, your file permission will be changed to same as “Users Group”, unless you run the program with “Run as administrator”. See the properties of this “ConditionDB.mdb”, we will find out the security setting for users group is “Read & execute” as picture below:

In this time, if we changed permissions for users to “Full Control” manually, this simple demo application will work fine in Windows Vista/7.

The issue that we want to resolve is how to change the file permission when this application being installed by AppUp Center ?

For resolving it, we need a tool named Orca, you can find this tool in Microsoft Windows SDK ( ). But it’s too big, if you don’t want to install full Windows SDK Package, you can search keywords “Orca.exe” by any internet search engine that you prefer to download separate install file of Orca. After you have installed the Orca, please follow step as below to change files permission:

(1) Run Orca.exe as administrator (2) Open msi file by [File] ->[Open]

(3) Find out the “File” row in Tables Column (4) Look the FileName Column , in this case , we want to change the permissions of ConditionDB.mdb; then note the text of File column, in this case is “_701D306E457E40CA8C7AE986C149B80C”.

(5) Next Step is to find out the “LockPermissions” row in Tables Column.

(6) Right click mouse and click “Add Row”

(7) In LockObject field , input the text we noted at steps(4)

(8) In Table field, input “File”.

(9) In User field, input “users”, means setting the permissions of user group.

(10) In Permission filed, input 2032127, means “Full Control”

(11) Click “OK”, you will see the result as below:

(12) Click [File]->[Save] to save changes to msi file.

(13) Upload this msi file to IADP, then download and install it from AppUp Center, It will work as your expectations.

For more details about permission access mask, please see the MSDN documents, Tranditional Chinese Version

For more complete information about compiler optimizations, see our Optimization Notice.