Family Historian User Group

Colin,

I may be wrong but can't find any trace on the WineHQ site/Wiki of Windows Powershell commands having been programmed into Wine; and I also can't find any mention in Winetricks to adding Powershell features.

Looking at Microsoft's Guidance, although Windows Powershell comes as standard with an installation of Windows 7 and above, Powershell 5.1 comes integrated in the .NET Framework 4.5 installation download, so presumably you would need to start with a successful installation of the .NET Framework, which can still be challenging, especially in 64-bit form. Also, Winetricks isn't currently programmed to work with 64-bit wine prefixes (bottles) on either MacOS or Linux.

See; https://docs.microsoft.com/en-us/powers ... wershell-7

See also this 'old' WineHQ report:
https://appdb.winehq.org/objectManager. ... n&iId=8049

Personally, I'm only using a virtualised Windows installation (with VirtualBox) at present, as I've moved on to MacOS 10.15.x (Catalina) and, although Crossover works to an extent, the CodeWeavers admit that their present solution still needs considerable refinement, which won't happen until they're ready to release Crossover 20 with Wine 5 support, as the present 'kludge' (win32on64) hasn't, so far, been accepted by the WineHQ Developers for inclusion in standard builds of Wine. Additionally, none of the developers of open source/freeware front-ends for wine (including POM) seem to have been able to get a fully working system together as they can't jump through all of Apple's Hoops (the notorization and developer signing of individually created wine.apps) that CodeWeavers (Crossover) only seems to have managed to achieve because of their paid Authorised Apple Developer status. So, devleopers/users of alternatives have typically had to permanently disable SIP (Security Integrity Protection) on Macs, and also use rebuilt versions of the Crossover Wine Engine to test their developments as they can't use the Wine builds supplied directly by WineHQ, which exclude the 'win32on64' solution.

Mervyn

Mervyn

Thanks for that information. I hadn't done any digging into the reasons.

Like you for my main research I use a VM, I only use a POM instance on my iMac for quick lookups rather than the time it takes to fire up the VM. I have not gone to Catalina as there are some other 32 bit Mac apps that I use and until I can find replacements I will not be moving OS's. My Air is too old to run Catalina and so Crossover is fine on that for when I am travelling (not doing that at the moment though).

I never managed to get FH to work in a native Wine version on my Mac so have stuck with Crossover / POM.

I'm going to abandon PowerShell Get-Acl in favour of CMD ICACLS which is where I originally started.
I mistakenly thought that the Get-Acl command would provide effective ACL permissions, but it does not.
For my purposes CMD ICACLS is just as good, provides shorter reports, and involves fewer resources.

So attached is a new Permissions Plugin using CMD ICACLS and slightly different report messages as shown below.
It now includes the user identity and gives abbreviations such as F for FullControl, etc, and hopefully no magic numbers.
Could you guys please give it a go?


[ EDIT: Use the later Plugin Attachment that fixes a bug with usernames containing symbols such as hyphen. )

Was expecting Generic Read & Write as per previous version but it shows GR & GE instead.

What does GE represent?

No, ICACLS gives abbreviations as listed in https://docs.microsoft.com/en-us/window ... nds/icacls under Remarks.
GR - Generic read
GE - Generic execute
Those are the usual combination but as you say does not seem to match the numerical value given earlier.

What is odd is that it is listing the BUILTIN\Users permissions instead of your Computername\Username.
e.g. In my example TATE7\Mike

Please run the Plugin in debug mode: Tools > Plugins select Permissions then Edit and Go.
It should print your Username and the ICACLS report bottom left when it completes.
Does your Username start one of the lines in the report?

strId = DESKTOP-VM8CLKV\USR
strUser = DESKTOP-VM8CLKV\USR

strLogText =
DESKTOP-VM8CLKV\USR


FileSystemRights : FullControl
AccessControlType : Allow
IdentityReference : NT AUTHORITY\SYSTEM
IsInherited : True
InheritanceFlags : ContainerInherit, ObjectInherit
PropagationFlags : None

FileSystemRights : FullControl
AccessControlType : Allow
IdentityReference : BUILTIN\Administrators
IsInherited : True
InheritanceFlags : ContainerInherit, ObjectInherit
PropagationFlags : None

FileSystemRights : FullControl
AccessControlType : Allow
IdentityReference : DESKTOP-VM8CLKV\USR
IsInherited : True
InheritanceFlags : ContainerInherit, ObjectInherit
PropagationFlags : None



DESKTOP-VM8CLKV\USR


FileSystemRights : FullControl
AccessControlType : Allow
IdentityReference : NT AUTHORITY\SYSTEM
IsInherited : True
InheritanceFlags : ContainerInherit, ObjectInherit
PropagationFlags : None

FileSystemRights : FullControl
AccessControlType : Allow
IdentityReference : BUILTIN\Administrators
IsInherited : True
InheritanceFlags : ContainerInherit, ObjectInherit
PropagationFlags : None

FileSystemRights : FullControl
AccessControlType : Allow
IdentityReference : DESKTOP-VM8CLKV\USR
IsInherited : True
InheritanceFlags : ContainerInherit, ObjectInherit
PropagationFlags : None

for ipairs does three loops.
strPermissions never exists.

but when you show the message
you show:
DESKTOP VM8CLKV\USR

*NB: the dash (-) is gone.
the match?
hope this helps.

My "computer name\username" shown on the first line


Dad-PC\Dad
D:\Dropbox\#Genealogy Live\Lasbury_June_2019\Public BUILTIN\Administrators:(I)(F)
BUILTIN\Administrators:(I)(OI)(CI)(IO)(F)
NT AUTHORITY\SYSTEM:(I)(F)
NT AUTHORITY\SYSTEM:(I)(OI)(CI)(IO)(F)
NT AUTHORITY\Authenticated Users:(I)(M)
NT AUTHORITY\Authenticated Users:(I)(OI)(CI)(IO)(M)
BUILTIN\Users:(I)(RX)
BUILTIN\Users:(I)(OI)(CI)(IO)(GR,GE)

Successfully processed 1 files; Failed processing 0 files

D:\Dropbox\#Genealogy Live\Lasbury_June_2019\Public GR,GE
Plugin has completed

Yes, I had overlooked that hyphen (-) is an Lua patterns magic character

The attached Permissions Plugin fixes that.
[ EDIT Attachment deleted as no longer needed. ]

std permissions = F

Still works OK



Dad-PC\Dad
D:\Dropbox\#Genealogy Live\Lasbury_June_2019\Public BUILTIN\Administrators:(I)(F)
BUILTIN\Administrators:(I)(OI)(CI)(IO)(F)
NT AUTHORITY\SYSTEM:(I)(F)
NT AUTHORITY\SYSTEM:(I)(OI)(CI)(IO)(F)
NT AUTHORITY\Authenticated Users:(I)(M)
NT AUTHORITY\Authenticated Users:(I)(OI)(CI)(IO)(M)
BUILTIN\Users:(I)(RX)
BUILTIN\Users:(I)(OI)(CI)(IO)(GR,GE)

Successfully processed 1 files; Failed processing 0 files

D:\Dropbox\#Genealogy Live\Lasbury_June_2019\Public GR,GE
Plugin has completed

@laz_gen ~ I don't understand the ACL entries for your D:\Dropbox\#Genealogy Live\Lasbury_June_2019\Public folder.

Presumably your FH File > Project Window > Location refers to D:\Dropbox\#Genealogy Live
Your open Project is Lasbury_June_2019
Your username id is Dad-PC\Dad

But there is no ACL entry for Dad-PC\Dad which I would have expected to exist to allow Write or Full access.

Assuming you can write files into your Public folder, I wonder which ACL is allowing that access?
Is it perhaps BUILTIN\Administrators and your account has Administrator privileges?

The Plugin fails to find an ACL for Dad-PC\Dad so defaults to BUILTIN\Users and reports GR,GE access.

For example in my PC...
My main administrator account has username id TATE7\Admin and folders have ACL entries for that id.
My standard user account has username id TATE7\Mike and its Dropbox folders have ACL entries for that id.

Mike

Correct with the project name and project path.

The single administrator account (Dad) was created at install time.

The computer has a name of Dad-PC

The account name is Dad

One of the previous plugin versions did show BUILTIN\Users

Since it seems that the current Domain/Username may not appear in the ACL list, I've revised the Plugin again to also check the Group Names the user belongs to, and compile a complete list of permission abbreviations.

So please try attached updated Permissions Plugin.
[ EDIT Attachment deleted as no longer needed. ]

Happy to help


D:\Dropbox\#Genealogy Live\Lasbury_June_2019\Public
BUILTIN\Administrators:(I)(F)
BUILTIN\Administrators:(I)(OI)(CI)(IO)(F)
NT AUTHORITY\SYSTEM:(I)(F)
NT AUTHORITY\SYSTEM:(I)(OI)(CI)(IO)(F)
NT AUTHORITY\Authenticated Users:(I)(M)
NT AUTHORITY\Authenticated Users:(I)(OI)(CI)(IO)(M)
BUILTIN\Users:(I)(RX)
BUILTIN\Users:(I)(OI)(CI)(IO)(GR,GE)

Successfully processed 1 files; Failed processing 0 files


Dad-PC\Dad
Everyone Well-known group S-1-1-0 Mandatory group, Enabled by default, Enabled group
NT AUTHORITY\Local account and member of Administrators group Well-known group S-1-5-114 Mandatory group, Enabled by default, Enabled group
Dad-PC\HomeUsers Alias S-1-5-21-1914415105-423208010-997555893-1003 Mandatory group, Enabled by default, Enabled group
BUILTIN\Administrators Alias S-1-5-32-544 Mandatory group, Enabled by default, Enabled group, Group owner
BUILTIN\Users Alias S-1-5-32-545 Mandatory group, Enabled by default, Enabled group
NT AUTHORITY\INTERACTIVE Well-known group S-1-5-4 Mandatory group, Enabled by default, Enabled group
CONSOLE LOGON Well-known group S-1-2-1 Mandatory group, Enabled by default, Enabled group
NT AUTHORITY\Authenticated Users Well-known group S-1-5-11 Mandatory group, Enabled by default, Enabled group
NT AUTHORITY\This Organization Well-known group S-1-5-15 Mandatory group, Enabled by default, Enabled group
NT AUTHORITY\Local account Well-known group S-1-5-113 Mandatory group, Enabled by default, Enabled group
LOCAL Well-known group S-1-2-0 Mandatory group, Enabled by default, Enabled group
NT AUTHORITY\NTLM Authentication Well-known group S-1-5-64-10 Mandatory group, Enabled by default, Enabled group
Mandatory Label\High Mandatory Level Label S-1-16-12288 Mandatory group, Enabled by default, Enabled group

D:\Dropbox\#Genealogy Live\Lasbury_June_2019\Public F,RX,GR,GE,M
Plugin has completed

Excellent
That has combined the ACL permissions for the Groups you belong to:

BUILTIN\Administrators ~ (F) means Full access

BUILTIN\Users ~ (RX) & (GR,GE) means Read and execute access & Generic read, Generic execute

NT AUTHORITY\Authenticated Users ~ (M) means Modify access

and still works for me. F

Can others please check the Plugin Version 0.7 attached to the Sat 16th May 2020 11:46 posting.

@Mike

Still issues with my VM install.

Same result as Colin with a FH installation on a Windows 10 Pro Virtual Machine (VirtualBox).

Musings: Could this be because (from the file path in Colin's screenshot) we both store our data on the Mac User's Drive using a 'network' connection and not within the Virtual Machine? That Drive is, of course, formatted for MacOS and not Windows, i.e. APFS not NTFS. Would that throw the Plugin? The same result would then be expected with a WINE (or Crossover) install, even if the plugin commands could be processed.

Further Musings: Attachment shows result if data is stored within the VM

Mervyn

For completeness although mine is a pretty vanilla setup:

@Mervyn & Colin regarding VM configuration...
Mervyn's VM setup uses conventional C: drive paths and the Command Prompt ICACLS command gets ACLs OK.
Colin's VM setup uses a \\VBOXSVR\ network link and the Command Prompt ICACLS command report is listed below the No ACL permissions found for VM-PC\Colin statement.
So it seems the VM recognises the ICACLS command and responds with All users have full control.
So my Plugin can detect that response and treat it the same as an ACL with permission F (Full control).

The attached updated Permissions Plugin Version 0.8 caters for that VM style of ICACLS report.
[ EDIT Attachment deleted as no longer needed. ]

@Mike

My Mac folders are mapped drives so do have a Windows drive letter assigned. It seems as though your plugin seems to be ignoring the mapped letter and actually looking at share folder structure. Could you swap it to look at drive letters?

Success

Thanks Colin.
It is not my Plugin that is looking at the \\VBOXSVR\ network link.
It is what FH returns with fhGetContextInfo("CI_PROJECT_PUBLIC_FOLDER").

So I am guessing that your File > Project Window > Location is \\VBOXSVR\Family_Historian_Projects
If you change that to the C: drive mapped letter equivalent my Plugin won't need to cater for the network link case.
Or perhaps you have set that C: drive path and FH is translating that to the network link?

For completeness, the new update behaves normally with my normal VirtualBox working setup as shown in first image, same as Colin's.

The second image is from a Crossover setup. Will try to track down the "invalid ACL log file"

Mervyn

Edit: ICACLS.log contains only: "Mervyns-MacBook\crossover "

Unfortunately not very helpful!