|
Small update: I can confirm now that with IADsSecurity adding an Ace to an existing Dacl will have the order of aces set correctly. However the order is not pushed down the chain, eventho you can script it so it pushes the permissions to every subfile and folder the problem begins when a new folder is created after the permissions are set.
I still cannot figure out why this is happening. In the GUI of windows security there is the option to have every file created after the setting of the permissions to inherit the perms and order. However I cannot find this option in IADsSecurity or AdsSecurity as of yet. This is the last option we need, if this is figured out the finally permissions can be safely scripted.
Nonetheless permisions can be perfectly scripted with the above code (although not yet completed) on files since tehre are no inheritance rules on that.
| 
