What permissions do we set on registry keys?

[David Thielen]

Hi;

When the installer is running, on Vista it generally is NOT the same
user as when running Office but instead is an administrator. The
registry keys need to be accessable to the user running.

Keys we set are:
HKLM\Software\Microsoft\Office\Excel\Addins\AutoTagShim.Connect
HKLM\Software\Microsoft\Office\PowerPoint\Addins\AutoTagShim.Connect
HKLM\Software\Microsoft\Office\Word\Addins\AutoTagShim.Connect
HKLM\SOFTWARE\Windward Studios\Auto Tag License=...

And AutoTagShim.dll we register in HKCR using:
<File Id="libsAutoTagShim_dll" LongName="AutoTagShim.dll"
Name="AUTOTS9.DLL" src="$(var.srcFolder)\libs\AutoTagShim.dll"
KeyPath="yes" SelfRegCost="0"/>

We also need to create an event log named AutoTag if one does not
exist. This requires write permission to
HKLM\System\CurrentControlSet\Services\Eventlog. What is the best way
to set this up so the event log can be created if it does not already
exist?

1. What permissions should the keys be set to?
2. If we overwrite an existing key, do we need to keep the old
permissions too?
3. We are using WIX to install this - anything special we need to do?

thanks - dave

david@[email protected]
Windward Reports -- http://www.WindwardReports.com
me -- http://dave.thielen.com

Cubicle Wars - http://www.windwardreports.com/film.htm

 

[Jie Wang [MSFT]]

Hi Dave,

First let me share my thoughts regarding the question "What is the best way
to set this up so the event log can be created if it does not already
exist?".

I would setup the event log in a Custom Action instead of just let the
Windows Installer write the regkey. The reasons as following:

The event logs are not simply a matter of registry key values, there are
also other things we need to consider: what if this is an upgrade setup to
an existing version of the product? Do we need to keep the the existing
logs, or archive them somewhere else, or just delete them? We need to make
some rules and apply the logic. This can be easily done in a Custom Action.

If you're using the System.Diagnostics.EventLog class in your add-in to
write logs, you can also use this class to create log source in the Custom
Action. In this way, you don't need to worry about regkeys and permissions
at all. .NET will take care of it for you.

1. What permissions should the keys be set to?

Usually, the Administrators (group) and the SYSTEM account have Full
Control over the keys. Users (group) only need Read permission.
I don't recommend manually setting permissions on the keys unless you have
special needs. Instead, just let the keys inherit the permission settings
from its parent key.

2. If we overwrite an existing key, do we need to keep the old permissions
too?

Usually the default permission inherited from the EventLog node will be
fine. However, consider more scenarios, then it depends on what action the
Installer is taking now. Fresh install? Then the existing key might be the
corpse of previously uninstalled version, you might want to delete it and
rewrite a new one. Update? Then you can delete and rewrite the key or just
leave it as is, depends on whether your logging logic has changed or not
between versions. Repair? Then we better re-apply the default permissions.

3. We are using WIX to install this - anything special we need to do?

WiX is not officially supported by Microsoft at this time, and actually I'm
not an expert of WiX. I believe you can find more WiX experts here:
http://wix.sourceforge.net/mailinglists.html

Regards,

Jie Wang ([email protected], remove 'online.')

Microsoft Online Community Support

Delighting our customers is our #1 priority. We welcome your comments and
suggestions about how we can improve the support we provide to you. Please
feel free to let my manager know what you think of the level of service
provided. You can send feedback directly to my manager at:
(e-mail address removed).

==================================================
Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/en-us/subscriptions/aa948868.aspx#notifications.

Note: MSDN Managed Newsgroup support offering is for non-urgent issues
where an initial response from the community or a Microsoft Support
Engineer within 2 business days is acceptable. Please note that each follow
up response may take approximately 2 business days as the support
professional working with you may need further investigation to reach the
most efficient resolution. The offering is not appropriate for situations
that require urgent, real-time or phone-based interactions. Issues of this
nature are best handled working with a dedicated Microsoft Support Engineer
by contacting Microsoft Customer Support Services (CSS) at
http://msdn.microsoft.com/en-us/subscriptions/aa948874.aspx
==================================================
This posting is provided "AS IS" with no warranties, and confers no rights.