diff --git a/checkin_notes b/checkin_notes
index 2de345b9c9..20399e6cd3 100644
--- a/checkin_notes
+++ b/checkin_notes
@@ -3027,3 +3027,12 @@ David  April 2 2008
 
     sched/
         sched_util.C
+
+Rom    April 2 2008
+    - WINSETUP: Make sure the executable permissions are setup correctly
+        after the binaries are installed.
+        
+    win_build/installerv2/redist/Windows/src/boinccas/
+        boinccas.def
+        boinccas.vcproj
+        CASetPermissionBOINC.cpp, .h (Added)
diff --git a/win_build/installerv2/BOINC.ism b/win_build/installerv2/BOINC.ism
index 6d31c3b3ce..93ff968aa6 100644
Binary files a/win_build/installerv2/BOINC.ism and b/win_build/installerv2/BOINC.ism differ
diff --git a/win_build/installerv2/redist/Windows/src/boinccas/CASetPermissionBOINC.cpp b/win_build/installerv2/redist/Windows/src/boinccas/CASetPermissionBOINC.cpp
new file mode 100644
index 0000000000..51ae83383c
--- /dev/null
+++ b/win_build/installerv2/redist/Windows/src/boinccas/CASetPermissionBOINC.cpp
@@ -0,0 +1,197 @@
+// Berkeley Open Infrastructure for Network Computing
+// http://boinc.berkeley.edu
+// Copyright (C) 2005 University of California
+//
+// This is free software; you can redistribute it and/or
+// modify it under the terms of the GNU Lesser General Public
+// License as published by the Free Software Foundation;
+// either version 2.1 of the License, or (at your option) any later version.
+//
+// This software is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+// See the GNU Lesser General Public License for more details.
+//
+// To view the GNU Lesser General Public License visit
+// http://www.gnu.org/copyleft/lesser.html
+// or write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
+//
+
+#include "stdafx.h"
+#include "boinccas.h"
+#include "CASetPermissionBOINC.h"
+#include "dirops.h"
+
+#define CUSTOMACTION_NAME               _T("CASetPermissionBOINC")
+#define CUSTOMACTION_PROGRESSTITLE      _T("Setting permissions on the BOINC Executable directory.")
+
+
+/////////////////////////////////////////////////////////////////////
+// 
+// Function:    
+//
+// Description: 
+//
+/////////////////////////////////////////////////////////////////////
+CASetPermissionBOINC::CASetPermissionBOINC(MSIHANDLE hMSIHandle) :
+    BOINCCABase(hMSIHandle, CUSTOMACTION_NAME, CUSTOMACTION_PROGRESSTITLE)
+{}
+
+
+/////////////////////////////////////////////////////////////////////
+// 
+// Function:    
+//
+// Description: 
+//
+/////////////////////////////////////////////////////////////////////
+CASetPermissionBOINC::~CASetPermissionBOINC()
+{
+    BOINCCABase::~BOINCCABase();
+}
+
+
+/////////////////////////////////////////////////////////////////////
+// 
+// Function:    
+//
+// Description: 
+//
+/////////////////////////////////////////////////////////////////////
+UINT CASetPermissionBOINC::OnExecution()
+{
+    DWORD                   dwRes = 0;
+    PACL                    pACL = NULL;
+    PACL                    pOldACL = NULL;
+    PSECURITY_DESCRIPTOR    pSD = NULL;
+    EXPLICIT_ACCESS         ea[2];
+    tstring                 strBOINCAdminsGroupAlias;
+    tstring                 strBOINCUsersGroupAlias;
+    tstring                 strBOINCInstallDirectory;
+    UINT                    uiReturnValue = -1;
+
+    SID_IDENTIFIER_AUTHORITY SIDAuthNT = SECURITY_NT_AUTHORITY;
+
+    uiReturnValue = GetProperty( _T("BOINC_ADMINS_GROUPNAME"), strBOINCAdminsGroupAlias );
+    if ( uiReturnValue ) return uiReturnValue;
+
+    uiReturnValue = GetProperty( _T("BOINC_USERS_GROUPNAME"), strBOINCUsersGroupAlias );
+    if ( uiReturnValue ) return uiReturnValue;
+
+    uiReturnValue = GetProperty( _T("INSTALLDIR"), strBOINCInstallDirectory );
+    if ( uiReturnValue ) return uiReturnValue;
+
+
+    // Initialize an EXPLICIT_ACCESS structure for all ACEs.
+    ZeroMemory(&ea, 2 * sizeof(EXPLICIT_ACCESS));
+
+    // boinc_admins
+    ea[0].grfAccessPermissions = GENERIC_ALL;
+    ea[0].grfAccessMode = SET_ACCESS;
+    ea[0].grfInheritance= SUB_CONTAINERS_AND_OBJECTS_INHERIT;
+    ea[0].Trustee.TrusteeForm = TRUSTEE_IS_NAME;
+    ea[0].Trustee.TrusteeType = TRUSTEE_IS_GROUP;
+    ea[0].Trustee.ptstrName  = (LPTSTR)strBOINCAdminsGroupAlias.c_str();
+
+    // boinc_users
+    ea[1].grfAccessPermissions = GENERIC_READ|GENERIC_EXECUTE;
+    ea[1].grfAccessMode = SET_ACCESS;
+    ea[1].grfInheritance= SUB_CONTAINERS_AND_OBJECTS_INHERIT;
+    ea[1].Trustee.TrusteeForm = TRUSTEE_IS_NAME;
+    ea[1].Trustee.TrusteeType = TRUSTEE_IS_GROUP;
+    ea[1].Trustee.ptstrName  = (LPTSTR)strBOINCUsersGroupAlias.c_str();
+
+    // Get the old ACL for the directory
+    dwRes = GetNamedSecurityInfo(
+        (LPWSTR)strBOINCInstallDirectory.c_str(),
+        SE_FILE_OBJECT,
+        DACL_SECURITY_INFORMATION,
+        NULL,
+        NULL,
+        &pOldACL,
+        NULL,
+        &pSD
+    );
+    if (ERROR_SUCCESS != dwRes) 
+    {
+        LogMessage(
+            INSTALLMESSAGE_ERROR,
+            NULL, 
+            NULL,
+            NULL,
+            GetLastError(),
+            _T("GetNamedSecurityInfo Error")
+        );
+        return ERROR_INSTALL_FAILURE;
+    }
+
+    // Create a new ACL that contains the new ACEs and merges the old.
+    dwRes = SetEntriesInAcl(2, &ea[0], pOldACL, &pACL);
+    if (ERROR_SUCCESS != dwRes) 
+    {
+        LogMessage(
+            INSTALLMESSAGE_ERROR,
+            NULL, 
+            NULL,
+            NULL,
+            GetLastError(),
+            _T("SetEntriesInAcl Error")
+        );
+        return ERROR_INSTALL_FAILURE;
+    }
+
+    // Set the ACL on the Data Directory itself.
+    dwRes = SetNamedSecurityInfo( 
+        (LPWSTR)strBOINCInstallDirectory.c_str(),
+        SE_FILE_OBJECT,
+        DACL_SECURITY_INFORMATION,
+        NULL,
+        NULL,
+        pACL,
+        NULL
+    );
+    if (ERROR_SUCCESS != dwRes) 
+    {
+        LogMessage(
+            INSTALLMESSAGE_ERROR,
+            NULL, 
+            NULL,
+            NULL,
+            GetLastError(),
+            _T("SetNamedSecurityInfo Error")
+        );
+        return ERROR_INSTALL_FAILURE;
+    }
+
+    // Set ACLs on all files and sub folders.
+    RecursiveSetPermissions(strBOINCInstallDirectory, pACL);
+
+
+    if (pACL) 
+        LocalFree(pACL);
+    if (pSD)
+        LocalFree(pSD);
+
+    return ERROR_SUCCESS;
+}
+
+
+/////////////////////////////////////////////////////////////////////
+// 
+// Function:    SetPermissionBOINC
+//
+// Description: 
+//
+/////////////////////////////////////////////////////////////////////
+UINT __stdcall SetPermissionBOINC(MSIHANDLE hInstall)
+{
+    UINT uiReturnValue = 0;
+
+    CASetPermissionBOINC* pCA = new CASetPermissionBOINC(hInstall);
+    uiReturnValue = pCA->Execute();
+    delete pCA;
+
+    return uiReturnValue;
+}
+
diff --git a/win_build/installerv2/redist/Windows/src/boinccas/CASetPermissionBOINC.h b/win_build/installerv2/redist/Windows/src/boinccas/CASetPermissionBOINC.h
new file mode 100644
index 0000000000..9243a409e9
--- /dev/null
+++ b/win_build/installerv2/redist/Windows/src/boinccas/CASetPermissionBOINC.h
@@ -0,0 +1,37 @@
+// Berkeley Open Infrastructure for Network Computing
+// http://boinc.berkeley.edu
+// Copyright (C) 2005 University of California
+//
+// This is free software; you can redistribute it and/or
+// modify it under the terms of the GNU Lesser General Public
+// License as published by the Free Software Foundation;
+// either version 2.1 of the License, or (at your option) any later version.
+//
+// This software is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+// See the GNU Lesser General Public License for more details.
+//
+// To view the GNU Lesser General Public License visit
+// http://www.gnu.org/copyleft/lesser.html
+// or write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
+//
+
+#ifndef _CASETPERMISSIONBOINC_H_
+#define _CASETPERMISSIONBOINC_H_
+
+
+class CASetPermissionBOINC : public BOINCCABase
+{
+public:
+
+    CASetPermissionBOINC(MSIHANDLE hMSIHandle);
+    ~CASetPermissionBOINC();
+    virtual UINT OnExecution();
+
+};
+
+
+#endif
+
diff --git a/win_build/installerv2/redist/Windows/src/boinccas/boinccas.def b/win_build/installerv2/redist/Windows/src/boinccas/boinccas.def
index 9ca33a3910..e7ddcab740 100644
--- a/win_build/installerv2/redist/Windows/src/boinccas/boinccas.def
+++ b/win_build/installerv2/redist/Windows/src/boinccas/boinccas.def
@@ -22,6 +22,7 @@ EXPORTS
 	GrantBOINCProjectsRights
 	HideBOINCMasterProfile
 	HideBOINCProjectProfile
+	SetPermissionBOINC
 	SetPermissionBOINCData
 	SetPermissionBOINCDataProjects
 	SetPermissionBOINCDataSlots
diff --git a/win_build/installerv2/redist/Windows/src/boinccas/boinccas.vcproj b/win_build/installerv2/redist/Windows/src/boinccas/boinccas.vcproj
index df3aa9c570..9bbc5a2de1 100644
--- a/win_build/installerv2/redist/Windows/src/boinccas/boinccas.vcproj
+++ b/win_build/installerv2/redist/Windows/src/boinccas/boinccas.vcproj
@@ -425,6 +425,10 @@
 				RelativePath=".\CAHideBOINCProjectProfile.cpp"
 				>
 			</File>
+			<File
+				RelativePath=".\CASetPermissionBOINC.cpp"
+				>
+			</File>
 			<File
 				RelativePath=".\CASetPermissionBOINCData.cpp"
 				>
@@ -570,6 +574,10 @@
 				RelativePath=".\CAHideBOINCProjectProfile.h"
 				>
 			</File>
+			<File
+				RelativePath=".\CASetPermissionBOINC.h"
+				>
+			</File>
 			<File
 				RelativePath=".\CASetPermissionBOINCData.h"
 				>