The following script allows to modify the security of files or folders (including sub-folders and content).
In the following example, the following actions are executed:
- Creation of an INF file in C:\Temp (Security.inf)
- This INF allows to grant read and write access rights to the folder C:\Program Files\Soft\Folder and the file C:\Windows\system32\File
- Execution of the INF file and creation of a log file in C:\Temp (Security.log)
- Deletion of the INF file
DestinationLog = "C:\temp"
DestinationFolder = "C:\temp"
Set fso = CreateObject("Scripting.FileSystemObject")
Set WshShell = CreateObject("wscript.shell")
Set WshUsrEnv = WshShell.Environment("Process")
InfFile = "Security.inf"
LOGFILE=chr(34) & DestinationLog & "\Security.log" & chr(34)
EDBFILE=chr(34) & DestinationLog & "\Security.edb" & chr(34)
'Creation of the INF file
Set FileCreation = fso.CreateTextFile(DestinationFolder&"\"&InfFile, True)
FileCreation.WriteLine("[Unicode]")
FileCreation.WriteLine("Unicode=yes")
FileCreation.WriteLine("[Version]")
FileCreation.WriteLine("signature=" & chr(34) & "$CHICAGO$" & chr(34))
FileCreation.WriteLine("Revision=1")
FileCreation.WriteLine("[File Security]")
FileCreation.WriteLine(chr(34) & "%ProgramFiles%\Soft\Folder" & chr(34) & ",0," & chr(34) & "D:AR(A;OICI;0x1301bf;;;BU)" & chr(34))
FileCreation.WriteLine(chr(34) & "%SystemRoot%\system32\File" & chr(34) & ",0," & chr(34) & "D:AR(A;;0x1301bf;;;BU)" & chr(34))
FileCreation.Close
'Execution of the INF file
ExecuteInf = "secedit /configure /DB " & EDBFILE & " /CFG " & DestinationFolder & "\" & InfFile & " /areas FILESTORE /log " & LOGFILE
WshShell.Run ExecuteInf, 1, True
'Deletion of the INF file
fso.DeleteFile(DestinationFolder&"\"&InfFile)