ACCESS CONTROL PLUGIN --------------------- Written by Mathias Hasselmann The AccessControl plugin for NSIS provides a set of functions related Windows NT access control list (ACL) management. MODIFICATIONS ------------- - 23rd January 2008 ~ Afrow UK Added function IsUserTheAdministrator. Cleaned up code. Rebuilt as pure cpp, decreasing DLL size. No longer using gobal temp variable for strings. - 7th January 2008 ~ Afrow UK Fixed registry instructions. - 8th November 2007 ~ Afrow UK EnableInheritance/DisableInheritance names changed. Functions added: EnableFileInheritance DisableFileInheritance EnableRegKeyInheritance DisableRegKeyInheritance GetFileOwner GetFileGroup GetRegKeyOwner GetRegKeyGroup ClearOnFile ClearOnRegKey GetCurrentUserName SidToName - 21st August 2007 ~ Afrow UK Added /noinherit switch to prevent child objects inheriting a particular permission. Added EnableInheritance and DisableInheritance functions. Removed code to print items in the install log. - 13th July 2007 ~ kichik Return proper error codes (return value instead of GetLastError()) - 30th June 2006 ~ Afrow UK Error MessageBox removed. Error messages are now just returned on NSIS stack. CONVENTIONS ----------- A valid Windows(tm) filename (ie. "C:\WINDOWS\" or "\\HOSTNAME\SHARE"). The well-known root of a registry key. Following values are defined: HKCR - HKEY_CLASSES_ROOT HKLM - HKEY_LOCAL_MACHINE HKCU - HKEY_CURRENT_USER HKU - HKEY_USERS The name of the registry to alter (ie. "Software\Microsoft\Windows"). A valid Windows(tm) account. The account can be specified as relative account name (ie. "Administrator" or "Everyone"), a qualified account name (ie. "Domain\Administrator") or as security identifier (SID, ie. "(S-1-5-32-545)"). "BUILTIN\USERS" is also a valid account name. For a list of trustee names, open up Control Panel > Administrative Tools > Computer Management > Local Users and Groups. A combination of access rights (ie. "FullAccess" or "GenericRead + GenericWrite"). For a full list of access rights, open the AccessControl.c source file in Notepad. FUNCTIONS --------- GrantOnFile [/NOINHERIT] GrantOnRegKey [/NOINHERIT] Makes sure that the trustee get the requested access rights on that object. --------- SetOnFile [/NOINHERIT] SetOnRegKey [/NOINHERIT] Replaces any existing access rights for the trustee on the object with the specified access rights. --------- ClearOnFile [/NOINHERIT] ClearOnRegKey [/NOINHERIT] Replaces all trustees on the object with the specified trustee and access rights. --------- DenyOnFile [/NOINHERIT] DenyOnRegKey [/NOINHERIT] Explicitly denies an access right on a object. --------- RevokeOnFile [/NOINHERIT] RevokeOnRegKey [/NOINHERIT] Removes a formerly defined access right for that object. Note that access rights will still be revoked even if they are inherited. --------- SetFileOwner SetRegKeyOwner Changes the owner of an object. --------- GetFileOwner GetRegKeyOwner Gets the owner of an object (on stack). --------- SetFileGroup SetRegKeyGroup Changes the primary group of the object. --------- GetFileGroup GetRegKeyGroup Gets the primary group of the object (on stack). --------- EnableFileInheritance EnableRegKeyInheritance Enables inheritance of parent object permissions. --------- DisableFileInheritance DisableRegKeyInheritance Disables inheritance of parent object permissions. --------- SidToName Converts an SID to the corresponding name, returning the user's domain followed by their user name on the stack. --------- GetCurrentUserName Gets the name of the current logged in user (on stack). --------- IsUserTheAdministrator Returns the Administrator user account SID followed by yes or no on the stack. ---------