The MsiLockPermissions table became available in Windows Installer 5.0 included with the releases of Windows 7 and Windows Server 2008 R2. It provides a better and more effective way of applying permissioning to folders and registry keys. Refer to MSDN for the table structure. The actual permissioning part is a code in a table entry. The code can be generated by using the MMC with the security templates addin. Create a security template and then save it to a file. This will contain the code you need to place into the SDDLText part of the table.
http://msdn.microsoft.com/en-us/library/dd408009(VS.85).aspx
to use the security template outside of an MSI the settings can be applied by running
secedit.exe /configure /db %windir%\security\database\filename.sdb /cfg %windir%\security\templates\filename.inf /overwrite /log %windir%\security\logs\filename.log /quiet
This command displays help for the use of the command.
secedit.exe /configure
