The following script allows to modify the security of files or folders (including sub-folders and content).
In the following example, the following actions are executed:
- Creation of an INF file in C:\Temp (Security.inf)
- This INF allows to grant read and write access rights to the folder C:\Program Files\Soft\Folder and the file C:\Windows\system32\File
- Execution of the INF file and creation of a log file in C:\Temp (Security.log)
- Deletion of the INF file
DestinationLog = "C:\temp" DestinationFolder = "C:\temp" Set fso = CreateObject("Scripting.FileSystemObject") Set WshShell = CreateObject("wscript.shell") Set WshUsrEnv = WshShell.Environment("Process") InfFile = "Security.inf" LOGFILE=chr(34) & DestinationLog & "\Security.log" & chr(34) EDBFILE=chr(34) & DestinationLog & "\Security.edb" & chr(34) 'Creation of the INF file Set FileCreation = fso.CreateTextFile(DestinationFolder&"\"&InfFile, True) FileCreation.WriteLine("[Unicode]") FileCreation.WriteLine("Unicode=yes") FileCreation.WriteLine("[Version]") FileCreation.WriteLine("signature=" & chr(34) & "$CHICAGO$" & chr(34)) FileCreation.WriteLine("Revision=1") FileCreation.WriteLine("[File Security]") FileCreation.WriteLine(chr(34) & "%ProgramFiles%\Soft\Folder" & chr(34) & ",0," & chr(34) & "D:AR(A;OICI;0x1301bf;;;BU)" & chr(34)) FileCreation.WriteLine(chr(34) & "%SystemRoot%\system32\File" & chr(34) & ",0," & chr(34) & "D:AR(A;;0x1301bf;;;BU)" & chr(34)) FileCreation.Close 'Execution of the INF file ExecuteInf = "secedit /configure /DB " & EDBFILE & " /CFG " & DestinationFolder & "\" & InfFile & " /areas FILESTORE /log " & LOGFILE WshShell.Run ExecuteInf, 1, True 'Deletion of the INF file fso.DeleteFile(DestinationFolder&"\"&InfFile)