diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index fee5819f4..6188dfd4b 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -390,7 +390,11 @@ jobs:
# WiX is installed on Windows runners but not in the PATH
- name: Configure Windows runner
if: matrix.os == 'windows'
- run: echo "C:\Program Files (x86)\WiX Toolset v3.11\bin" | Out-File -FilePath $env:GITHUB_PATH -Encoding utf8 -Append
+ run: |
+ # https://github.com/actions/runner-images/issues/9667
+ choco uninstall wixtoolset
+ choco install wixtoolset --version 3.14.0 --allow-downgrade --force
+ echo "C:\Program Files (x86)\WiX Toolset v3.14\bin" | Out-File -FilePath $env:GITHUB_PATH -Encoding utf8 -Append
- name: Build
shell: pwsh
diff --git a/.github/workflows/package.yml b/.github/workflows/package.yml
index d1197f920..971b0df10 100644
--- a/.github/workflows/package.yml
+++ b/.github/workflows/package.yml
@@ -187,8 +187,10 @@ jobs:
run: |
echo "C:\Program Files (x86)\Windows Kits\10\bin\10.0.17763.0\x64" | Out-File -FilePath $env:GITHUB_PATH -Encoding utf8 -Append
- $WixToolsetItem = Get-ChildItem -Path "C:\Program Files (x86)\" -Filter "WiX Toolset v*" | Select-Object -First 1
- echo "C:\Program Files (x86)\$($WixToolsetItem.Name)\bin" | Out-File -FilePath $env:GITHUB_PATH -Encoding utf8 -Append
+ # https://github.com/actions/runner-images/issues/9667
+ choco uninstall wixtoolset
+ choco install wixtoolset --version 3.14.0 --allow-downgrade --force
+ echo "C:\Program Files (x86)\WiX Toolset v3.14\bin" | Out-File -FilePath $env:GITHUB_PATH -Encoding utf8 -Append
- name: Sign executables
if: matrix.os == 'windows' || matrix.os == 'macos'
diff --git a/package/WindowsManaged/DevolutionsGateway.csproj b/package/WindowsManaged/DevolutionsGateway.csproj
index e16e589d5..ba6889920 100644
--- a/package/WindowsManaged/DevolutionsGateway.csproj
+++ b/package/WindowsManaged/DevolutionsGateway.csproj
@@ -26,7 +26,6 @@
-
diff --git a/package/WindowsManaged/Program.cs b/package/WindowsManaged/Program.cs
index d7aeb207b..63af07cac 100644
--- a/package/WindowsManaged/Program.cs
+++ b/package/WindowsManaged/Program.cs
@@ -1,4 +1,4 @@
-using DevolutionsGateway.Actions;
+using DevolutionsGateway.Actions;
using DevolutionsGateway.Dialogs;
using DevolutionsGateway.Properties;
using DevolutionsGateway.Resources;
@@ -242,6 +242,7 @@ static void Main()
ServiceInstaller = new ServiceInstaller()
{
Type = SvcType.ownProcess,
+ Account = "NT AUTHORITY\\NetworkService",
Interactive = false,
Vital = true,
Name = Includes.SERVICE_NAME,
diff --git a/package/WindowsManaged/Resources/Includes.cs b/package/WindowsManaged/Resources/Includes.cs
index ef509f87c..2838882a8 100644
--- a/package/WindowsManaged/Resources/Includes.cs
+++ b/package/WindowsManaged/Resources/Includes.cs
@@ -28,13 +28,28 @@ internal static class Includes
///
/// SDDL string representing desired %programdata%\devolutions\gateway ACL
/// Easiest way to generate an SDDL is to configure the required access, and then query the path with PowerShell: `Get-Acl | Format-List`
- /// SYSTEM/BuiltInAdministrators = Full Control, LocalService = Read / Write / Execute, BuiltInUsers - Read/Execute
///
- internal static string PROGRAM_DATA_SDDL = "D:PAI(A;OICI;FA;;;SY)(A;OICI;0x1201bf;;;LS)(A;OICI;FA;;;BA)(A;OICI;0x1200a9;;;BU)";
-
- ///
- /// NT AUTHORITY\SYSTEM Allow FullControl, NT AUTHORITY\LOCAL SERVICE Allow Write, ReadAndExecute, Synchronize, BUILTIN\Administrators Allow FullControl
- ///
- internal static string USERS_FILE_SDDL = "O:SYG:SYD:PAI(A;;FA;;;SY)(A;;0x1201bf;;;LS)(A;;FA;;;BA)";
+ ///
+ /// Owner : NT AUTHORITY\SYSTEM
+ /// Group : NT AUTHORITY\SYSTEM
+ /// Access :
+ /// NT AUTHORITY\SYSTEM Allow FullControl
+ /// NT AUTHORITY\LOCAL SERVICE Allow Write, ReadAndExecute, Synchronize
+ /// NT AUTHORITY\NETWORK SERVICE Allow Modify, Synchronize
+ /// BUILTIN\Administrators Allow FullControl
+ /// BUILTIN\Users Allow ReadAndExecute, Synchronize
+ ///
+ internal static string PROGRAM_DATA_SDDL = "O:SYG:SYD:PAI(A;OICI;FA;;;SY)(A;OICI;0x1201bf;;;LS)(A;OICI;0x1301bf;;;NS)(A;OICI;FA;;;BA)(A;OICI;0x1200a9;;;BU)";
+
+ ///
+ /// Owner : NT AUTHORITY\SYSTEM
+ /// Group : NT AUTHORITY\SYSTEM
+ /// Access :
+ /// NT AUTHORITY\SYSTEM Allow FullControl
+ /// NT AUTHORITY\LOCAL SERVICE Allow Write, ReadAndExecute, Synchronize
+ /// NT AUTHORITY\NETWORK SERVICE Allow Write, ReadAndExecute, Synchronize
+ /// BUILTIN\Administrators Allow FullControl
+ ///
+ internal static string USERS_FILE_SDDL = "O:SYG:SYD:PAI(A;;FA;;;SY)(A;;0x1201bf;;;LS)(A;;0x1201bf;;;NS)(A;;FA;;;BA)";
}
}