Mombu the Microsoft Forum sponsored links

Go Back   Mombu the Microsoft Forum > Microsoft > Error 1321 - The Installer has insufficient privileges to modify this file when Read and Execute right on Folder but not on files.
User Name
Password
REGISTER NOW! Mark Forums Read

sponsored links


Reply
 
1 19th August 05:12
ms
External User
 
Posts: 1
Default Error 1321 - The Installer has insufficient privileges to modify this file when Read and Execute right on Folder but not on files.


Hello,

It looks like the windows installer has a problem with deleting files when
the user has the "Read and Execute" right on the parent folder of the file
while the file itself is not accessible by the user.

Does anyone recognise this behaviour, and has a solution for it ?

regards,

Marcel

This is the reproduction scenario:

1) Generate an MSI file with the following content

Add some files to c:\program files\common files\microsoft shared\proof

Add notepad.exe to c:\program files\common files\microsoft shared\proof

Add an Advertised shortcut to c:\program files\common files\microsoft
shared\proof\notepad.exe

2) Place the MSI file in a shared folder on the network

3) Add this MSI as a User Software installation Package in a new Group
Policy Object.

- Assigned

- Uninstall when out of scope

- Change the security rights for this object by:

o Remove authenticated users

o Add a securitygroup AppA with Read and Apply Goup Policy

4) Bring a user TestUser within the scope of this GPO, and make him member
of security group AppA

5) Logon on a Windows XP SP2 machine

6) A new shortcut is showing up in the start menu

7) Click on the shortcut, the Windows Installer is now installing the
content of the MSI, after installation completes, all files are in place.

8) Logoff

9) Remove the TestUser from the member list of security group AppA

10) Logon on a Windows XP machine

11) The MSI is uninstalling, when complete the files are gone, and the
shortcut is no longer part of the start menu.

This is working as expected.

Now try this.

Scenario A where user has "Read and Execute" rights on the parent folder,
but not on the files in that folder.

Repeat step 4,5,6,7,8, but before step 9, change (under an administrative
account) the ACL of the deployed files under c:\program files\common
files\microsoft shared\proof.

- Allow inheritable permissions from parent to propagate to this object

- Copy the previous inherited permissions to this object

- Remove the ACE for the group Users.

- Add the ACE for the group AppA

The ACL now has the following ACE's:

- Administrators (Full control)

- System (Full control)

- AppA (Read and Execute)

Note:

On the folder c:\program files\common files\microsoft shared\proof the group
Users is still part of the ACL.

9) Remove the TestUser from the member list of security group AppA

10) Logon as TestUser

11) The MSI tries to uninstall but fails, and leaves the files in place
Eventlog is showing the following error: Error 1321 The installer has
insufficient privileges to modify this file: <filename>

Scenario B where user dos NOT have "Read and Execute" rights on a folder and
has no rights on the files in that folder.

Repeat step 4,5,6,7,8, but before step 9, change (under an administrative
account) the ACL of the folder c:\program files\common files\microsoft
shared\proof.

- Allow inheritable permissions from parent to propagate to this object

- Copy the previous inherited permissions to this object

- Remove the ACE for the group Users.

- Add the ACE for the group AppA

The ACL now has the following ACE's:

- Administrators (Full control)

- System (Full control)

- AppA (Read and Execute)

Note:

On the folder c:\program files\common files\microsoft shared\proof the the
user has NO rights, the files in that folder inherent the rights of the
parent folder.

9) Remove the TestUser from the member list of security group AppA

10) Logon as TestUser

11) The MSI is uninstalling, when complete the files are gone, and the
shortcut is no longer part of the start menu

Interpretation of the results:

Interpreting the results from the scenario's it looks like the installer is
looking at the parent folder to see if the user has the Read and Execute
right, if that's the case, it assumes the user has the same right for all
files in that folder. If one or more files in that folder do not have Read
and Execute for the user, uninstall is failing with a 1321 error.

On the other hand, if the user has NO Read and Execute on the parent folder,
it does not matter what rights the files in that folder have, the installer
is successful in uninstalling the files.
  Reply With Quote


  sponsored links


2 30th August 11:52
carolyn napier [msft]
External User
 
Posts: 1
Default Error 1321 - The Installer has insufficient privileges to modify this file when Read and Execute right on Folder but not on files.


Can you provide some more clarification?

Is this a file on the local disk?
Is the installation running with elevated privileges (i.e. per-machine install
or per-user managed)?
Is the user an admin?

thanks,
- Carolyn Napier

--
This posting is provided "AS IS" with no warranties, and confers no rights.
Please do not send email directly to this alias. This alias is for newsgroup
purposes only.

MSI FAQ:
<http://www.microsoft.com/windows2000/community/centers/management/msi_faq.mspx>
  Reply With Quote
3 30th August 11:53
marcel
External User
 
Posts: 1
Default Error 1321 - The Installer has insufficient privileges to modify this file when Read and Execute right on Folder but not on files.


Hi Carolyn,

The clarification:
1) [Is this a file on the local disk] => Yes, it is a file on the local
disk
2) [Running with elevated privileges] => Yes, it is runnning with elevated
privileges (managed application by using group policy), it is a per-user
managed application
3) [Is the user an admin] => ]No, the user is a minimal user; no admin
rights, just member of domain users.

regards,
Marcel

"Carolyn Napier [MSFT]" <cnapier@online.microsoft.com> schreef in bericht
news:e8Pz$HkFFHA.3384@tk2msftngp13.phx.gbl...
  Reply With Quote
Reply


Thread Tools
Display Modes




Copyright 2006 SmartyDevil.com - Dies Mies Jeschet Boenedoesef Douvema Enitemaus -
666