Current and Future Clients/Partners are Welcome.
How to capture and apply custom permissions for files and folders within a FlexApp package
This applies to ProfileUnity 6.8.3+
When FlexApp packages are played back, they inherit the ACL and permissions of the existing parent folder on the playback machine. I.e., whatever the "C:\Program Files" ACL is. There may be scenarios in which you might want to apply custom permissions to files/folders contained within a FlexApp package and override the automatic inheritance.
For example, when delivering Office Applications as a FlexApp the software protection service files must be replaced under C:\Windows\System32\spp. When the flies are copied from the FlexApp package the permissions are inherited from C:\Windows\System32\spp. When the service attempts to start, an access denied message appears.
To resolve this issue the permissions need to be captured during the capture process. Prior to 6.8.3=, the xcopy command could be used to copy the files with permissions into the flexapp package and then back to the local disk as part of a script. Now with 6.8.3+ another method is needed. The icacls command is one method that can be used to save the permissions settings to a file. Then when the FlexApp packages are played back, a script with the icacls command can restore the permissions from the file.
Here's an example from another post - https://community.liquidware.com/discussion/119/office-2016-with-active-directory-activation
Capture Script - Save files and permissions
icacls C:\Windows\System32\spp\store /save c:\Windows\System32\FlexApp\AclFile
Post Play Script
icacls C:\Windows\System32\spp\ /restore c:\Windows\System32\FlexApp\AclFile
NOTE: the difference between the icacls save path and the restore path, they are slightly different.
Here's a KB article step by step instructions for updating a FlexApp package to override the ACLs.