NSIS takes ownership of IIS system files

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Posted by Lucas on Stack Overflow See other posts from Stack Overflow or by Lucas
Published on 2011-03-04T22:05:30Z Indexed on 2011/03/04 23:24 UTC
Read the original article Hit count: 536

Filed under:
|
|
|
|

I recently encountered an issue with NSIS that I believe is related to an interaction with UAC, but I am at a loss to explain it and I do not know how to prevent it in the future.

I have an installer that creates and removes IIS virtual directories using the NsisIIS plugin. The installer appeared worked correctly on my Windows 7 workstation. When the installer was run on a Windows 2008 R2 server it installed properly, but the uninstaller removed all of the virtual directories and put IIS is an unusable state; to the point that I had to remove the Default Web Site and re-add it.

What I eventually found was that all of the IIS configuration files under C:\Windows\System32\inetsrv\config had a lock icon on them.

Screenshot of IIS config files after NSIS runs

Some investigation seem to indicate that this means a user account has taken ownership of the file, however all the files listed SYSTEM as the file owner. I did check a different server that I have not run the installer on, and it does not have the lock icon applied to the IIS files.

I have also seen the same lock icon appear on other files that the NSIS installer creates. For instance, I have a Web.Config.tpl file that is processed using the NSIS ReplaceInFile which also appears with the lock icon after the installer finished. locked web.config file after installer runs

After I explicitly grant another user account access to the file, the lock icon goes away.

After adding the IUSR to the file

I run the installer under the local Administrator account on the 2008 R2 server, so I do not get the UAC prompt. Here is the relevant code from the install.nsi file

RequestExecutionLevel admin

Section "Application" APP_SECTION
   SectionIn RO
   Call InstallApp
SectionEnd

Section "un.Uninstaller Section"
   Delete "$PROGRAMFILES\${PROGRAMFILESDIR}\Uninstall.exe"
   Call un.InstallApp
SectionEnd

Function InstallApp
   File /oname=Web.Config Web.Config.tpl
   !insertmacro ReplaceInFile Web.Config %CONNECTION_STRING% $CONNECTION_STRING
FunctionEnd

Function un.InstallApp
   ReadRegStr $0 HKLM "Software\${REGKEY}" "VirtualDir"    
   NsisIIS::DeleteVDir "$0"
   Pop $0
FunctionEnd

I have three questions stemming from this incident:

  1. How did this happen?
  2. How can I fix my installer to prevent it from happening again?
  3. How can I repair the permissions on the IIS config files.

© Stack Overflow or respective owner

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Related posts about sql-server-2008

Related posts about iis7

Categories cloud

.NET ASP.NET iphone linux python Windows mysql android sql windows-7 html c ruby-on-rails css objective-c ubuntu networking sql-server wpf asp.net-mvc ruby database Xml apache AJAX osx security regex django Performance 12.04 windows-xp mac web-development iphone-sdk vb.net Silverlight apache2 flash server perl best-practices email installation eclipse visual-studio algorithm windows-server-2008 winforms wcf firefox bash dns /Oracle