There is my BasicMsi setup that installs an application (32bit) MyApp per-machine. The installer requires admin rights at startup.
The application MyApp is installed into the INSTALLDIR-folder selected by the Operator (by UI/CommadLine) and a %ProgramData%\<MyFirm>\<MyApp>
structure is created with subfolders and files.
In the msi-table LockPermissions, permissions are set to modify (read/write/delete...) for folder <MyApp>
for LOCAL user groups 'Administrators' and 'Users' (located by SID).
Files in <MyApp>
and subfolders are used and modified by the application MyApp at runtime.
The setup installs the application on systems from Win7 to Win10 and from WinServer2003 to WinServer2016 (32/64; UAC on/off).
The application is launched by the Operator(s) with account in the local user groups 'Administrators' or 'Users' (NOT 'Run as admin').
Problem:
after installation on WinServer2012 and WinServer2016 ONLY (WinServer2008 is not checked; and WinServer2003 - IS OK) an Operator with account in the local group Administrators or Users does not have permissions to write/delete/create files in the folder <MyApp>
and subfolders.
The result - the application does not work correctly (ONLY for WinServer2012 and WinServer2016).
Help me, please, with Questions:
- what is the difference in folders permissions under %ProgramData%, or what is the difference of rights of local built-in user groups ('Administrators' or 'Users') for Win10 (or WinServer2003) versus (WinServer2012 and WinServer2016) ?
- what else should be changed in the system (WinServer2012 and
WinServer2016) by the installer so that accounts from the local
groups Administrators or Users have write/delete rights in the folder
%ProgramData%\<MyFirm>\<MyApp>
without 'Run as Administrator' (UAC on/off) ?
Thanks in advance.