SE Articles From the Field
At times, applications may require custom registry permissions. An option to set said permissions is setting it via a custom script that is enabled as a Post Activation script in the FlexApp package.
This example will demonstrate using a batch file set as a Post Activation Script, this script calls a PowerShell script that does the custom permission setting work. The App is called ChangeMe and is located in the following path in the file system %programfiles%\ChangeMe and in the registry HKLM:\Software\ChangeMe.
This can be accomplished in the following four steps:
Step 1: Create a new PS1 file, save as set-reg-permissions.ps1. Save the file to the FlexApp Packaging user desktop. Enable in this example the following lines in the PS1 and customize as needed. In this example Authenticated Users - Full Control to the HKLM:\Software\ChangeMe\ folder is added:
#set ChangeMe Regkey permissions
$acl = Get-Acl HKLM:\Software\ChangeMe\
$inherit = [system.security.accesscontrol.InheritanceFlags]"ContainerInherit, ObjectInherit"
$propagation = [system.security.accesscontrol.PropagationFlags]"None"
$rule = New-Object System.Security.AccessControl.RegistryAccessRule ("Authenticated Users","FullControl",$inherit,$propagation,"Allow")
$acl.SetAccessRule($rule)
$acl |Set-Acl -Path HKLM:\Software\ChangeMe\
Step 2: Create a new batch file and write the following code (make sure the path is correct), %%programfiles%\ChangeMe\set-reg-permissions.ps1". Save the file, as changeme_post_act.bat, to the FlexApp Packaging user desktop.
@echo off
powershell.exe -executionpolicy bypass -file "%programfiles%\ChangeMe\set-reg-permissions.ps1"
Step 3: Edit the ChangeMe package in FlexApp Packaging console, copy in the PS1 file from the FlexApp Packaging user desktop into the %programfiles%\ChangeMe directory, and save the package.
Step 4: Then activate the ChangeMe package, click add script, browse to the batch file on the desktop, add as post activation script.
Now assign the script and watch the script change the permissions effectively. Please remember that any activation scripts automaticall run Elevated for the user and the script is never visible to the end user. The onyl visable way to see it running is in the task manager under the current username.
Remove .txt from the atatched files for use.