The below snipped is working as intended except that the permissions are not being propogated down to the existing files and folders.  Can anyone tell me what am I doing wrong?

Sub SetPermissions(strFolder, strTrustee)
  Set objSecurity = CreateObject("ADsSecurityUtility")
  Set objSD = objSecurity.GetSecurityDescriptor(strFolder, _
                    ADS_PATH_FILE, ADS_SD_FORMAT_IID)
  Set objDACL = objSD.DiscretionaryAcl
  Set objNewAce = CreateObject("AccessControlEntry")

  'set file access to directory so Everyone can
  'read existing files in the directory.
  Set objNewAce = CreateObject("AccessControlEntry")
  objNewAce.Trustee = strTrustee
  objNewAce.AccessMask = FILE_FULL_ACCESS
  objNewAce.AceType = ACETYPE_ACCESS_ALLOWED

  'permissions are to be propogated to existing files/folders & inherited by any new files/folders
  objNewAce.AceFlags = CONTAINER_INHERIT_ACE Or OBJECT_INHERIT_ACE
  objDACL.AddAce objNewAce

  'set directory permissions so Everyone can add files
  Set objNewAce2 = CreateObject("AccessControlEntry")
  objNewAce2.Trustee = strTrustee
  objNewAce2.AccessMask = FILE_FULL_ACCESS
  objNewAce2.AceType = ACETYPE_ACCESS_ALLOWED
  objNewAce2.AceFlags = CONTAINER_INHERIT_ACE
  objDACL.AddAce objNewAce2
  objSD.DiscretionaryAcl = objDACL

  objSecurity.SetSecurityDescriptor strFolder, _
              ADS_PATH_FILE, objSD, ADS_SD_FORMAT_IID
End Sub

I still can't get it working but I know why I am having the problem.  The permissions I am trying to change are under Documents and  Settings.  This folder has special  security set on it.  It looks like I need to figure out how to change the SE_DACL_Protected flag.

Any help will be greatly appriciated!

jj

Hi jcampbel,

Changing permissions using ActiveX objects in a script, like you're trying to do, is notoriously difficult.

I recommend SetACL (http://setacl.sourceforge.net/) instead. The syntax is complex (but probably less complex than what you're trying to do), and I've found it to be very useful and reliable.

HTH,

Bill