В MSDN есть такой вот пример:
Код:
' Example Code
' The following VBScript example assumes that a folder named testfolder exists on C:\.
' The script obtains the security for this folder and changes the access permissions
' all the access control entries. For more information on security entities,
' see the Platform SDK section on Security. No error checking or handling is shown.
' The folder named "testfolder" must exist on the C:\ drive.
' Connect to WMI and get the file security object for the testfolder directory
Set wmiFileSecSetting = GetObject ("winmgmts:Win32_LogicalFileSecuritySetting.path='c:\\testfolder'")
' Use the Win32_LogicalFileSecuritySetting Caption property to create a simple header before
' dumping the discretionary access control list (DACL).
Wscript.Echo wmiFileSecSetting.Caption & ":" & vbCrLf
' Call the Win32_LogicalFileSecuritySetting GetSecurityDescriptor
' method to retrieve an instance of the Win32_SecurityDescriptor class
' for the target object, that is, C:\TestFolder. Note that this is achieved by
' passing an empty variable to GetSecurityDescriptor, which
' GetSecurityDescriptor in turn initializes with an instance of the
' Win32_SecurityDescriptor class that corresponds to the security
' descriptor for the target object.
RetVal = wmiFileSecSetting.GetSecurityDescriptor(wmiSecurityDescriptor)
' Retrieve the content of Win32_SecurityDescriptor DACL property.
' The DACL is an array of Win32_ACE objects.
DACL = wmiSecurityDescriptor.DACL
' Display the control flags in the descriptor.
Wscript.Echo "Control Flags: " & wmiSecurityDescriptor.ControlFlags
' Obtain the trustee for each access control entry (ACE) and change the permissions
' in the AccessMask for each ACE to read, write, and delete.
For each wmiAce in DACL
' Get Win32_Trustee object from ACE
Set Trustee = wmiAce.Trustee
wscript.echo "Trustee Domain: " & Trustee.Domain
wscript.echo "Trustee Name: " & Trustee.Name
wscript.echo "Access Mask: " & wmiAce.AccessMask
' Make access for every trustee read (1), write (2), and delete (65536) access
wmiAce.AccessMask = 65539
wscript.echo "Access Mask: " & wmiAce.AccessMask
Next
' Call the Win32_LogicalFileSecuritySetting.SetSecurityDescriptor method
' to write the new security descriptor.
RetVal = wmiFileSecSetting.SetSecurityDescriptor(wmiSecurityDescriptor)
Wscript.Echo "ReturnValue is: " & RetVal