Windows security settings in BLPackages
When editing a Windows security setting in a BLPackage, the choices you make can yield an array of possible results when deploying or rolling back that package.
Below, a table describes what happens during deployment and rollback depending on how you define the three editable fields for a security setting: Action, Replace, and Value. For Value, the table below only notes whether you provide an empty value for the security setting. Although the Replace field only applies to security settings that allow multiple values, the table below describes behavior for all packaged security settings, whether they have single or multiple values.
The table below also presents a column specifying whether the BLPackage includes a single or multiple value key. Multiple values can alter the behavior of deployments and rollbacks. The key type (single or multiple) is not something you can change in the definition of a BLPackage. The key type is determined by data that is loaded during package creation.
Action | Replace | Full or Empty Value | Single or Multiple Values | Deployment | Rollback |
|---|---|---|---|---|---|
Add or Modify | Yes or No | Value is provided | Single | Replaces the single value currently in the file with the value passed in. | Writes an Add or Modify (depending on the original command) using the original single value. On rollback, that value replaces the new value. |
Add or Modify | Yes or No | Empty value | Single | Replaces the single value currently in the file with a blank value. This action effectively performs a delete. It is useful when you need to empty a value, and you do not know how that value is set on all targets. | Writes an Add or Modify (depending on the original command) using the original single value. On rollback, that value replaces the blank entry. |
Add or Modify | No | Values are provided | Multiple | Adds new entries to the list of possible values. However, if an entry being added already exists in the target's Value list, that entry is skipped and the rest of the entry values are processed. | Writes a Delete command to remove only those entries that did not exist before the command was run. |
Add or Modify | No | Empty value | Multiple | No action occurs. | Writes a Delete command with a list of blank values. In effect, this command performs a rollback in which no action occurs other than making a record of a rollback. |
Add or Modify | Yes | Values are provided | Multiple | Replaces the existing list of multiple values with new values that are passed in. | Writes an Add or Modify (depending on the original command) using the original list of values. On rollback, those value replace the new values. |
Add or Modify | Yes | Empty value | Multiple | Replaces the existing list of multiple values with a blank entry. This action effectively deletes all entries. It is useful when you need to empty a value and you do not know how that value is set on all targets. | Writes an Add or Modify (depending on the original command) using the original list of values. On rollback, those values replace the blank entry. |
Delete | Yes or No | Value is provided | Single | If the target is set to a value, this action deletes that value and renders the entry blank. | Writes an Add command to change the deleted value back to its original setting. |
Delete | Yes or No | Empty value | Single | No action occurs. | Writes a Delete command for the single empty value, which essentially results in no action. |
Delete | Yes or No | Values are provided | Multiple | If the target has entries in a value list, this action removes those entries. | Writes an Add command that adds only those values that were deleted from original list. |
Delete | Yes or No | Empty value | Multiple | No action occurs | Writes a Delete command for a list with multiple empty values, which essentially results in no action. |