1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
|
<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE topic PUBLIC "-//OASIS//DTD DITA Topic//EN" "topic.dtd">
<topic xml:lang="en-us" id="install-win-installdir-req">
<title>Windows Installation Directory Security Requirements</title>
<body>
<p>The installation directory on Windows hosts must meet certain security requirements, in order to be accepted by
the Windows installer. </p>
<p>This also applies for upgrades of <ph conkeyref="vbox-conkeyref-phrases/product-name"/>. </p>
<p>For example, when installing <ph conkeyref="vbox-conkeyref-phrases/product-name"/> into a custom location at
X:\Data\MyPrograms\<ph conkeyref="vbox-conkeyref-phrases/product-name"/>, all parent directories of this path
(namely X:\Data and X:\Data\MyPrograms) must meet the following Discretionary Access Control List (DACL).
<pre xml:space="preserve">
Users S-1-5-32-545:(OI)(CI)(RX)
Users S-1-5-32-545:(DE,WD,AD,WEA,WA)
Authenticated Users S-1-5-11:(OI)(CI)(RX)
Authenticated Users S-1-5-11:(DE,WD,AD,WEA,WA)
</pre>Directory inheritance must also be disabled for all parent directories. </p>
<p>You can use the <codeph>icacls</codeph> Windows command line tool to modify a directory to meet the security
requirements. For example: <pre xml:space="preserve">
icacls <Directory> /reset /t /c
icacls <Directory> /inheritance:d /t /c
icacls <Directory> /grant *S-1-5-32-545:(OI)(CI)(RX)
icacls <Directory> /deny *S-1-5-32-545:(DE,WD,AD,WEA,WA)
icacls <Directory> /grant *S-1-5-11:(OI)(CI)(RX)
icacls <Directory> /deny *S-1-5-11:(DE,WD,AD,WEA,WA)
</pre>Note that these commands must be repeated for all parent directories (X:\Data and X:\Data\MyPrograms
in this example).</p>
</body>
</topic>
|
