In my previous post, I discussed how I was having difficulty getting a WiX-built MSI installer to correctly assign permissions for the Internet guest account to a folder on both Windows Server 2003 and Windows Server 2008.  The thing about WiX/MSI is that if you keep hammering at it long enough, you can usually find a solution (even if it is ugly and convoluted).  That proved true again today (for better or for worse).

My solution uses two properties (one to store the account name, the other the domain), and two sets of custom actions to correctly populate the properties based on the OS version.  Here is the relevant bits of code:


   1:  <Property Id="WEBUSER" Value="Byah" />
   2:  <Property Id="WEBDOMAIN" Value="Byah" />
   3:  <CustomAction Id="SetWebuserIIS7" Return="check" Property="WEBUSER" Value="IIS_IUSRS" />
   4:  <CustomAction Id="SetWebuserIIS6" Return="check" Property="WEBUSER" Value="IUSR_[ComputerName]" />
   5:  <CustomAction Id="SetDomainIIS7" Return="check" Property="WEBDOMAIN" Value="" />
   6:  <CustomAction Id="SetDomainIIS6" Return="check" Property="WEBDOMAIN" Value="[ComputerName]" />
   7:  <!-- SNIP -->
   8:  <CreateFolder>
   9:      <util:PermissionEx User="NetworkService" GenericAll="yes"  />
  10:      <util:PermissionEx User="Administrators" GenericAll="yes"/>
  11:      <util:PermissionEx User="Users" GenericRead="yes" GenericExecute="yes"  />
  12:      <util:PermissionEx User="[WEBUSER]" Domain="[WEBDOMAIN]" GenericRead="yes" GenericExecute="yes"/>
  13:  </CreateFolder>

I hope that helps someone!