Welcome to the Liquidware Community Site.
Current and Future Clients/Partners are Welcome.

How to set custom registry permissions

behavem mod
edited January 23 in Application Recipes

Some apps require custom registry permissions. In order to do that an option to use within FlexApp is a custom script that is enabled as a Post Activation script.

In this example we are using a batch file enabled as the Post Activation Script, that calls a PowerShell script that does the custom permission work for us. The App we are packaging is called ChangeMe and is located in %programfiles%\ChangeMe and HKLM:\Software\ChangeMe registry.

In these four steps you can read how to do it.

Step 1: Create a new PS1 file, save as set-reg-permissions.ps1. Save the file on your packager desktop. Enable in this example the following lines in the PS1 and customize for your needs. In this example we add Authenticated Users - Full Control to the HKLM:\Software\ChangeMe\ folder:

#set ChangeMe Regkey permissions

$acl = Get-Acl HKLM:\Software\ChangeMe\

$inherit = [system.security.accesscontrol.InheritanceFlags]"ContainerInherit, ObjectInherit"

$propagation = [system.security.accesscontrol.PropagationFlags]"None"

$rule = New-Object System.Security.AccessControl.RegistryAccessRule ("Authenticated Users","FullControl",$inherit,$propagation,"Allow")


$acl |Set-Acl -Path HKLM:\Software\ChangeMe\

Step 2: Create a new batch file and write the following code and make sure the path is correct, %%programfiles%\ChangeMe\set-reg-permissions.ps1". Save the file, as changeme_post_act.bat, on your packager desktop.

@echo off

powershell.exe -executionpolicy bypass -file "%programfiles%\ChangeMe\set-reg-permissions.ps1"

Step 3: Then edit your ChangeMe package in flexapp console, copy in your PS1 file from your desktop into the %programfiles%\ChangeMe directory, and save the package. 

Step 4: Then activate the ChangeMe package, click add script, and browse to your batch file on the desktop, add as post activation script.

Now assign the script and watch the script change the permissions effectively. Please remember that activation scripts run Elevated for the user. The script is never visible to the end user. The only way you can see it running is in the task manager under the current username.

Attached are the scripts, please remove the .TXT from the filename