How do I add the Swedish interactive user,
NT INSTANS\INTERAKTIV
or the English interactive user,
NT AUTHORITY\INTERACTIVE
or any other localised user group with write permissions to a program folder's ACL?
Is this question actually "How do I use secureObject"? I cannot use the LockPermissions Table because I undestand inheritance is removed. secureObject permissions seem to require CreateDirectory rather than Directory...
With recent releases of Wix, you can retrieve the localized names of often-used built-in user and group names via a property. For example,
WIX_ACCOUNT_NETWORKSERVICE
contains the localized name of the Network Service account. Unfortunately, as of 3.0.4513NT AUTHORITY\INTERACTIVE
is not among them.There exists a sample MSI custom action that creates properties for many of the built-in user and group names. Get it here. Add the CA to your Wix installer and schedule it early in the install execute sequence.
Once you have the localized account name, add a PermissionEx element to modify your directory's ACL. For example:
There is no way as such to add both account names to an ACL since they are one and the same. The name you see corresponds to a SID, and that SID is identical in both the English and Swedish localizations. In the case of the INTERACTIVE group, that SID is
S-1-5-4
.I haven't followed WiX in a long while, but I expect there has to be a way to specify SIDs for ACLs instead of account names. You should never, ever rely on the account name for well-known accounts unless there is absolutely no way to avoid it. Here is a list of well-known SIDs for reference.
Edit: This post seems to provide a solution to your problem using a custom action to translate the SIDs to account names - apparently WiX doesn't out of the box support using SIDs for Permission or PermissionEx objects.
Here is a more authoritative list of well-known SIDs in Q243330 of the Microsoft Knownledge Base.