Problem with powershell custom action.

[xtrophic2]

I have a setup that's been working fine up until we started using Windows 2022 / 2025 server and now I am getting some odd errors down the line. We have a part where we are restoring an SQL database and in order for that to work we have to change permissions on the temp folder created for the backup file.

To accomplish this we have a custom action powershell script. It's added as "Attached script" we have on disk and contents of that script is:

Code: Select all

function Append-SecurityGroup {
	param (
		[string]$fileOrFolder
	)

	if(!(Test-Path -Path $fileOrFolder)) {
		New-Item -ItemType Directory -Force -Path $fileOrFolder | Out-Null
	}
	
	# SIDs
	$admins = New-Object System.Security.Principal.SecurityIdentifier('S-1-5-32-544')
	$users = New-Object System.Security.Principal.SecurityIdentifier('S-1-5-32-545')
	
	# Permissions on temp folder
	$inheritanceFlag = [System.Security.AccessControl.InheritanceFlags]::ContainerInherit -bor [System.Security.AccessControl.InheritanceFlags]::ObjectInherit
	$propagationFlag = [System.Security.AccessControl.PropagationFlags]::None
	$accessRule = New-Object System.Security.AccessControl.FileSystemAccessRule($users, "ReadAndExecute", $inheritanceFlag, $propagationFlag, "Allow")
	$accessRuleAdmin = New-Object System.Security.AccessControl.FileSystemAccessRule($admins, "FullControl", $inheritanceFlag, $propagationFlag, "Allow")

	$backupAcl = Get-Acl -path "$($fileOrFolder)"
	$backupAcl.SetAccessRule($accessRule)
	Set-Acl -Path "$($fileOrFolder)" -AclObject $backupAcl

}

Append-SecurityGroup "MyCustomFolder"

We have two problems. One which I "fixed" and one that I can't figure out.

1. We used to use $env:TEMP\MyCustomFolder but that ended up creating the folder under AppData\Local\Temp\MyCustomFolder when running it through the installer. When running the same powershell script under powershell shell it created it under AppData\Local\Temp\<sessionID>\MyCustomFolder (same as the folder the installer extracts files to).
   
   So off the bat we seem to have a difference. This I fixed by telling advanced installer to run the script in the temp folder and just provide the folder name.
2. The problem that still exists is that the permissions are no longer set. The folder is created, but no permissions are applied. This is only the case when running it as a custom action. If I run the same script in a powershell console it works, with permissions being set correctly.

The installer works on Windows 2019 Server, but not in 2022 or 2025. I would like to get to the bottom of this and figure out how to fix it.

Version of advanced installer used: v22.3

[xtrophic2]

Update:

It might not be the code itself to change the permissions that isn't working or it might be my move to set the permissions via C# in my Custom Action.

But there seems to be a problem with the path. Files are copied to the following path:
\Local\Temp\2\MyTempFolder

But when I pass the parameter [MyTempFolder_Dir] it gets reported as:
\Local\Temp\MyTempFolder

Found the following entries in the log file which looks a little suspicious to me:

Code: Select all

MSI (c) (64:98) [06:28:20:261]: PROPERTY CHANGE: Adding RuddoxSetupSupport_Dir property. Its value is 'C:\Users\ADMINI~1\AppData\Local\Temp\2\MyTempFolder\'.
MSI (s) (D4:1C) [06:29:53:151]: PROPERTY CHANGE: Adding RuddoxSetupSupport_Dir property. Its value is 'C:\Users\ADMINI~1\AppData\Local\Temp\MyTempFolder\'.

MSI (c) (64:98) [06:28:20:261]: Dir (target): Key: TempFolder	, Object: C:\Users\ADMINI~1\AppData\Local\Temp\2\
MSI (s) (D4:1C) [06:29:53:162]: Dir (target): Key: TempFolder	, Object: C:\Users\ADMINI~1\AppData\Local\Temp\

So it seems at some point that it changes the path. Why would it do that?

While waiting on an update I'll try to modify the code as see if I can just modify the file permissions instead and hope it doesn't change.

[Catalin]

Hello and welcome to our forums,

Apologies for the quite delayed reply on this.

If I understand this correctly, this is only happening on Windows Server 2022 and 2025?

For instance, if you test the same package over on a Windows 11 machine, this works as expected?

If that's the case, I'm afraid that this might be some corner case related to PowerShell and Windows Server 2025.

From what I can see, you are trying to create a folder and then set some permission on it. Have you tried using the "Permissions" tab from the "Files and Folders" page?

Best regards,
Catalin

[xtrophic2]

Yes, I have tried that. But from previous tests the permissions are not set when folder is created but at a later stage. And as part of the setup we import a database file at which point the access is not set.

That's what prompted me to originally move setting permissions to a custom PS script.

Yes we have tried the installer on Windows 10 / 11 and there it works fine.

I think the main problem is that it changes the path during install as you can see in the logs. At first it's /2/ and later that is removed.

[Catalin]

Hello,

Thank you for your followup on this!

If possible, could you please create a sample project (empty project with just the Custom Action and the folder it affects) that reproduces this behavior and forward that to me, either here or by email at support at advancedinstaller dot com, so I can run some tests on my end and further investigate this scenario?

Best regards,
Catalin