I would like to conditionally add an ACE to a directory. The WiX documentation and XSD states that is a valid child of util:PermissionEx, but I can't get it to work. Is it really supported?
I have this installer definition:
<?xml version="1.0" encoding="UTF-8"?>
<Wix xmlns="http://schemas.microsoft.com/wix/2006/wi"
xmlns:util="http://schemas.microsoft.com/wix/UtilExtension">
<Product Id="*" Name="test" Language="1033" Version="0.0.1" Manufacturer="Microsoft Corporation" UpgradeCode="89028746-7cf3-42e7-8121-d0bf0140e2dd">
<Package InstallerVersion="200" Compressed="yes" InstallScope="perMachine" Platform="x64" />
<MediaTemplate EmbedCab="yes" />
<Feature Id="ProductFeature" Title="test" Level="1">
<ComponentRef Id="Component_TokenFolder_HybridAgent" />
</Feature>
<Property Id="ISDOMAINCONTROLLER" Value="0"/>
<Property Id="SERVICEUSERGROUP" Value="foo"/>
<InstallExecuteSequence>
</InstallExecuteSequence>
</Product>
<Fragment>
<Directory Id="TARGETDIR" Name="SourceDir">
<Directory Id="CommonAppDataFolder">
<Directory Id="AppDataFolder_HybridAgent" Name="FOO">
<Directory Id="TokenFolder_HybridAgent" Name="Tokens">
<Component Id="Component_TokenFolder_HybridAgent" Guid="b733054f-b0df-40fe-942a-a492fa8109a3">
<CreateFolder>
<util:PermissionEx GenericAll="yes" User="NT AUTHORITY\SYSTEM"/>
<util:PermissionEx GenericAll="yes" User="Administrators"/>
<util:PermissionEx Read="yes" ReadAttributes="yes" ReadExtendedAttributes="yes" ReadPermission="yes" GenericRead="yes" User="[SERVICEUSERGROUP]">
<Condition>ISDOMAINCONTROLLER=0</Condition>
</util:PermissionEx>
</CreateFolder>
</Component>
</Directory>
</Directory>
</Directory>
</Directory>
</Fragment>
</Wix>
When I try to compile it with candle.exe in WiX 3.11, I get:
C:\onebranch\HybridAgent\src\deploy\Deployment\Deployment\test.wxs(30) : error CNDL0203 : The util:PermissionEx element contains an unsupported extension element 'Condition'. The util:PermissionEx element does not currently support extension elements. Is the Condition element using the correct XML namespace?
PermissionEx is a little bit of a tricky element. There is one that comes from the WixUtilExtension (the one you get from the util: namespace) and one that is built into the Windows Installer (the one you get from the default wix namespace).
Why are there two? Well, we added util:PermissionEx that could do permission things the normal Permission element could not. Then in Windows Installer 5.0 they added PermissionEx creating the collision.
So you want to make sure you are on the correct link:
To answer your question, you can condition the util:PermissionEx by conditioning the Component. If you can adopt Windows Installer 5.0 (available in Win7+) then you could use the PermissionEx with its more fine-grained condition support.