;; 
;;=====================================================================================----- 
;; 
;;FUNCTION       NTFSPerms() 
;; 
;;ACTION         get and set NTFS permissions 
;; 
;;AUTHOR         Arend Pronk 
;; 
;;VERSION        1.2 - 2007/10/22 
;; 
;;HISTORY        A couple of changes were done thanks to Glenn Barnas's suggestions: 
;;               - Changed Exit 1 to Exit 87 because it's only used when there was 
;;                 an invalid command. 
;;               - Changed $NTFSPerms = @ERROR to NOT @ERROR to return a boolean 
;;                 value for success or fail. 
;;               - Changed the $subcmd processing from if-else-endif to Select-Case. 
;;               - Changed default permissions to READ instead of FULL, which was 
;;                 supposed to be the case in the first place. 
;; 
;;SYNTAX         NTFSPerms($cmds,$object,Optional $trustee) 
;; 
;;PARAMETERS     $cmd (Required) - String value ie: "SHOW:OWNER", "DEL" or "ADD:FULL" 
;;               $object (Required) - String value, path to the folder ie: "D:\Test" 
;;               $trustee (Optional) - String value, in the form of "DOMAIN\user" 
;;               Optional when using "SHOW" as $cmd, Required for "DEL" and "ADD" 
; 
;;RETURNS        ACE properties or Int reporting command result (1=success) 
;;               The ACE's properties when SHOW is used. 
;;               Will return Boolean 1 or 0 when "ADD" or "DEL" is used. 
;; 
;;DEPENDENCIES   ADsSecurityUtility 
;;               (activeds.dll, comes standard with XP and Above, NOT Windows 2000!) 
;; 
;;EXAMPLES       NTFSPerms("ADD:CHANGE","D:\New Folder","DOMAIN\user") 
;;               will add the specified user with CHANGE rights to the folder. 
;; 
;;               NTFSPerms("DEL:USER","D:\New Folder","DOMAIN\user") 
;;               will delete the specified user from the acl list of the folder. 
;; 
;;               NTFSPerms("SHOW:Owner","D:\New Folder") 
;;               will return the owner of the folder. 
;; 
;;               NTFSPerms("SHOW:Count","D:\New Folder") 
;;               will show the current count of users in the acl list of the folder. 
;; 
;;               NTFSPerms("SHOW:Trustees","D:\New Folder") 
;;               will return the names of the trustees in the acl list of the folder in a comma delimited array. 
;; 
;;               NTFSPerms("SHOW:AceFlags","D:\New Folder") 
;;               will return the aceflags of the trustees in the acl list of the folder in a comma delimited array. 
;; 
;;               NTFSPerms("SHOW:AccessMasks","D:\New Folder") 
;;               will return the accessmasks of the trustees in the acl list of the folder in a comma delimited array. 
;; 
;;               NTFSPerms("SHOW:AceTypes","D:\New Folder") 
;;               will return the acetypes of the trustees in the acl list of the folder in a comma delimited array. 
;; 
;;               NTFSPerms("SHOW:Flags","D:\New Folder") 
;;               will return the flags of the trustees in the acl list of the folder in a comma delimited array. 
; 
Function NTFSPerms($cmds,$object,Optional $trustee)
  Dim $adsu, $sd, $dacl, $ace, $newace, $cmd, $x, $subcmd, $d
  $adsu = CreateObject("ADsSecurityUtility")
  If @error Exit @error EndIf
  $sd = $adsu.GetSecurityDescriptor($object,1, 1)
  $dacl = $sd.DiscretionaryAcl
  If Not InStr($cmds,":") Exit 87 EndIf
  $x = Split($cmds,":")
  $cmd = $x[0]
  $subcmd = $x[1]
  Select
    Case $cmd = "Show"
      Select
        Case $subcmd = "Owner" $NTFSPerms = $sd.Owner
        Case $subcmd = "Count" $NTFSPerms = $dacl.AceCount
        Case $subcmd = "Trustees"
          For Each $Ace in $dacl
            $NTFSPerms = $NTFSPerms + $d + CStr($Ace.Trustee) $d = ","
          Next
        Case $subcmd = "AceFlags"
          For Each $Ace in $dacl
            $NTFSPerms = $NTFSPerms + $d + CStr($Ace.AceFlags) $d = ","
          Next
        Case $subcmd = "AccessMasks"
          For Each $Ace in $dacl
            $NTFSPerms = $NTFSPerms + $d + CStr($Ace.AccessMask) $d = ","
          Next
        Case $subcmd = "AceTypes"
          For Each $Ace in $dacl
            $NTFSPerms = $NTFSPerms + $d + CStr($Ace.AceTypes) $d = ","
          Next
        Case $subcmd = "Flags"
          For Each $Ace in $dacl
            $NTFSPerms = $NTFSPerms + $d + CStr($Ace.Flags) $d = ","
          Next
      EndSelect
    Case $cmd = "DEL"
      If $subcmd = "User"
        If $trustee <> ""
          For Each $ace In $Dacl
            If $ace.trustee = $trustee
              $Dacl.RemoveAce($Ace)
            EndIf
          Next
          $sd.DiscretionaryAcl = $Dacl
          $adsu.SetSecurityDescriptor($object,1,$sd,1)
          $NTFSPerms = Not @ERROR
          Exit @ERROR
        Else
          Exit 87
        EndIf
      EndIf
    Case $cmd = "ADD"
      If $trustee <> ""
        $NewAce = CreateObject("AccessControlEntry")
        $NewAce.Trustee = $trustee
        $NewAce.AceFlags = 3
        Select
          Case $subcmd = "FULL"
            $NewAce.AccessMask = 2032127
          Case $subcmd = "READ"
            $NewAce.AccessMask = 1179817
          Case $subcmd = "WRITE"
            $NewAce.AccessMask = 1179958
          Case $subcmd = "CHANGE"
            $NewAce.AccessMask = 1245631
          Case 1
            $NewAce.AccessMask = 1179817
        EndSelect
        $NewAce.AceType = 0
        $dacl.AddAce($NewAce)
        $sd.DiscretionaryAcl = $Dacl
        $adsu.SetSecurityDescriptor($object,1,$sd,1)
        $NTFSPerms = Not @ERROR
        Exit @ERROR
      Else
        Exit 87
      EndIf
  EndSelect
EndFunction