Export Security Settings

This article details the way to retrieve the security settings of a file or folder in order to implement it in a script.

Then, this script can be added in the package using a custom action for example.


1. Security VBScript

To grant permissions on files or folder, the following kind of script can be used.


In this example, the “D:AR(A;OICI;0x1301bf;;;BU)” setting grant full access to all users.

The question is how to determine that setting…



2. Retrieving Security Settings

To retrieve the security settings of a file or folder, Windows Security Templates can be used.

In Windows 7, the security template INF file is the following:



  • Copy defltbase.inf in a working directory (for example C:\Workdir)
  • Launch the mmc console


File > Add/Remove Snap-in…



Select “Security Templates” and add it


  • Right click “Security Template” > New Template Search Path… and indicate the location of the copied defltbase.inf file


  • Right click “File System” > Add File…
    • Select a file (it can be any file because we just want to retrieve security settings…). For example: “C:\workdir\SecurityTest.txt”
    • Set security settings. For example full access for administrators and only read access for users)






Select “Propagate inheritable permissions to all subfolders and files




The file appears in the list



Right click “defltbase” > Save as


Save the INF file (for example SecurityTest.inf)


  • Edit the generated INF file
  • In the “File Security” section, find the line corresponding to the file and retrieve the security settings.



  • Copy then pastes the setting in the script.