Welcome to the Liquidware Community Site.
Current and Future Clients/Partners are Welcome.

How to capture and apply custom permissions for files and folders within a FlexApp package

This applies to ProfileUnity 6.8.3+

When FlexApp packages are played back, they inherit the ACL and permissions of the existing parent folder on the playback machine. I.e., whatever the "C:\Program Files" ACL is. There may be scenarios in which you might want to apply custom permissions to files/folders contained within a FlexApp package and override the automatic inheritance.

For example, when delivering Office Applications as a FlexApp the software protection service files must be replaced under C:\Windows\System32\spp. When the flies are copied from the FlexApp package the permissions are inherited from C:\Windows\System32\spp. When the service attempts to start, an access denied message appears.

To resolve this issue the permissions need to be captured during the capture process. Prior to 6.8.3=, the xcopy command could be used to copy the files with permissions into the flexapp package and then back to the local disk as part of a script. Now with 6.8.3+ another method is needed. The icacls command is one method that can be used to save the permissions settings to a file. Then when the FlexApp packages are played back, a script with the icacls command can restore the permissions from the file.

Here's an example from another post - https://community.liquidware.com/discussion/119/office-2016-with-active-directory-activation

Capture Script - Save files and permissions

icacls C:\Windows\System32\spp\store /save c:\Windows\System32\FlexApp\AclFile 

Post Play Script

icacls C:\Windows\System32\spp\ /restore c:\Windows\System32\FlexApp\AclFile 

NOTE: the difference between the icacls save path and the restore path, they are slightly different.

Here's a KB article step by step instructions for updating a FlexApp package to override the ACLs.