Windows 7 MSI Fix Raisers Edge All Users MSILockPermissions
Pretty simple fix for this.
Contents
CreateFolder Table
- Sets directories for MSILockPermissions to set permissions on (cant use references in Directory table, need specifying here)
Inifile Table
- Adds relevant settings into the BBupdate.ini
Edit deploy.ini
Deploy.ini in the installer ALSO needs altering to match BBupdate.ini values as this sets the ODBC settings in HKLM during the install, which a user doesn't have permissions to change.
[General] InstallTo= ServerDelta=1 SoftwareDelta=1 PatchDelta=1 NumDSNs=1 BackEnd=3 ServerName= Initialized=Yes [Database1] ServerName=xxxxxxxx.xx.xx.xx,1433 DatabaseName=RE7_DEV Description=RE7 Development ClientName=RE7 Development
MSILockPermissionsEx Table
Sets permissions on files/folders/registry - in this example on folders using SDDL.
This is a generic 'Program Files' permission plus Users having write.
Dont use with LockPermissions table, need one or other.
MSILockPermissionsEx needs Windows Installer v5 (Windows 7)
This table isn't in Insted, you will need ORCA >= 5 to add the table (you can enter it manually in Insted but its a bit of a faff). Once done you can alter it all normally in Insted.
subinacl examples for SDDL
Subinacl.exe /keyreg "HKEY_LOCAL_MACHINE\Software\Wow6432Node\Blackbaud" /display=sddl
Subinacl.exe /file "C:\Program Files (x86)" /display=sddl
Note, Don't forget to strip off any non generic SID's! like S-xx-xx-xxxxxxxxxxxxxxxxx
Registry Table
- Register the RE7Outlook.dll (this is equivalent of 'c:\windows\SysWOW64\regsvr32.exe RE7Outlook.dll') into HKR (Root = 0)
- Add RE7 Outlook addin to HKLM (Root=2) rather than HKU
Shortcut Table
- Delete desktop shortcuts
Silent install
Sample batch file
@echo off
::Raisers Edge 7.92
msiexec /i "%~dp0The Raisers Edge.msi" TRANSFORMS="%~dp0raiser.mst" /q
::Outlook web components
"%~dp0owc11.exe" /quiet
::Raisers Edge Update Patch 6, note you cant patch the original MSI with this patch and BBPatch.exe must be with it.
msiexec /p "%~dp0Patchpackage.msp" /q
::Visual Basic for Applications Version
msiexec /i "%~dp0ISSetupPrerequisites\Visual Basic for Applications Version 2627.01\vba6.msi" /q
Silent install from SCCM/SYSTEM account
Sample batch file,
- Note using "psexec -s" to emulate a SYSTEM account install on local machine, this would be removed on a live one.
@echo off
::Run from UNC share, will need SYSTEM Account access
"%~dp0psexec.exe" -s msiexec /i "%~dp0The Raisers Edge.msi" TRANSFORMS="%~dp0raiser.mst" /q
"%~dp0psexec.exe" -s cmd /c ("%~dp0owc11.exe" /quiet)
"%~dp0psexec.exe" -s cmd /c (^
copy /y "%~dp0Patchpackage.msp" ^%%temp^%% ^
& copy /y "%~dp0BBPatch.exe" ^%%temp^%% ^
& pushd ^%%temp^%% ^
& msiexec /p ^"^%%temp^%%\Patchpackage.msp^" /q ^
)
More details about this here about how this works
Updates
You can only download the mobile service addition online, it doesnt come with the original software. Installing it once via the web, the entire "C:\Program Files (x86)\Blackbaud\Mobile Service" folder can be copied and a ser vice created and started (and permissions set to allow users to stop and start it)
xcopy "%~dp0Mobile Service" "C:\Program Files (x86)\Blackbaud\Mobile Service" /e /i /y
sc create "Blackbaud Mobile Service" start= auto binpath= "C:\Program Files (x86)\Blackbaud\Mobile Service\Blackbaud.Mobile.ServiceHost.exe"
rem (A;;RPWPCR;;;BU) adds users to start stop, can use subinacl with grant
sc sdset "Blackbaud Mobile Service" D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)(A;;RP;;;WD)(A;;RPWPCR;;;BU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)
sc start "Blackbaud Mobile Service"
References
Nice explanation of MsiLockPermissionsEx
MSDNs explanation of MSILockPermissionsEx table
Comments
blog comments powered by Disqus