Kent,

Thought I would start a new thread ...

This is were we're at. With your forgiveness, I striped your script down and did a bit of reformatting (the download toasted the script) ...

Notes:

1) Just provide the details @ the top

2) I'm testing this on a non-network connected Windows 2000 box - I haven't tested on a real remote server

3) I disabled the initial deletion of all the ACE's 'cause this tended to screw things if the script failed ...

Hope this helps the cause :

code:

break on
$ofs = CreateObject("Scripting.FileSystemObject") 
$sec = CreateObject("ADsSecurity")
$textusr = "bryce"         ; username
$textshare = "tassie"      ; machine
$textsharen = "$textusr$$" ; sharename
$usershare = "$textusr"    ; 
$userdir = "f:\users\$textusr" ; path
;===
; Create folder
;===
if not exist($userdir)
 ?"Creating folder..."
 md "$userdir"
else
 ?"Folder already exits..."
endif
;===
; Create share
;===
$fservobj = GetObject("WinNT://"+ $textshare +"/lanmanserver") 
$newshare = $fservobj.create("fileshare",$textsharen) 
if $newshare
 ?"Creating share ..."
 $newshare.path = $userdir
 $newshare.setinfo 
 $newshare=0
else
 ?"Share already exists..."
endif
;===
; Set ACLs
;===
$filenm = $userdir 
$permspart = "add($textusr:f)+add(Administrator:f)+add(Guest:f)"
;-- Replace ACL on single file or folder------- 
if $ofs.fileexists($filenm)
 ChangeAcls($filenm, $permspart, "REPLACE", "FILE")
else
 if $ofs.folderexists($filenm) 
  ChangeAcls($filenm, $permspart, "REPLACE", "FOLDER")
 endif
endif
exit
$ofs=0
exit
FUNCTION ChangeAcls($file,$perms,$redit,$ffolder) 
;- Edit ACLS of specified file ----- 
$ADS_ACETYPE_ACCESS_ALLOWED = 0 
$ADS_ACETYPE_ACCESS_DENIED = 1 
$ADS_ACEFLAG_INHERIT_ACE = 2 
$ADS_ACEFLAG_SUB_NEW = 9 
$sd = $sec.GetSecurityDescriptor("FILE://$file")
$dacl = $sd.discretionaryacl 
;===
;if flagged Replace then remove all existing aces from dacl first 
;===
IF ucase($redit)="REPLACE" 
 FOR EACH $existingace IN $dacl
;  $dacl.removeace($existingace) ; temp removed
 NEXT 
ENDIF 
;break up Perms into individual actions 
$cmdarray=split($perms,"+") 
FOR $x=0 TO ubound($cmdarray) 
 $tmpvar1=$cmdarray[$x] 
 IF ucase(left($tmpvar1,3))="DEL" 
  $aclaction="DEL"
 ELSE 
  $aclaction="ADD"
 ENDIF 
 $tmpcmdvar=left($tmpvar1,len($tmpvar1)-1) 
 $tmpcmdvar=right($tmpcmdvar,len($tmpcmdvar)-4) 
 $cmdparts=split($tmpcmdvar,":") 
 $namevar=$cmdparts[0]
 $rightvar=$cmdparts[1]
 ; if flagged edit, delete ACE;s belonging to user about to add an ace for 
 IF ucase($redit)="EDIT" 
  FOR EACH $existingAce IN $dacl 
   $trusteevar=$existingAce.trustee 
   IF instr($trusteeVar,"\") 
    $trunamevar=right($trusteevar,len($trusteevar)-instr($trusteevar,"\")) 
   ELSE 
    $trunamevar=$trusteevar 
   ENDIF 
   $uctrunamevar=ucase($trunamevar) 
   $ucnamevar=ucase($namevar) 
   IF $uctrunamevar=$ucnamevar 
    $dacl.removeace($existingace)
   ENDIF 
  NEXT 
 ENDIF 
 ; if action is to del ace then following clause skips addace 
 IF $aclaction="ADD" 
  IF ucase($ffolder)="FOLDER" 
   ; folders require 2 aces for user (to do with inheritance) 
   addace($dacl, $namevar, $rightvar, $ADS_ACETYPE_ACCESS_ALLOWED, $ADS_ACEFLAG_SUB_NEW) 
   addace($dacl, $namevar, $rightvar, $ADS_ACETYPE_ACCESS_ALLOWED, $ADS_ACEFLAG_INHERIT_ACE)
  ELSE 
   addace($dacl, $namevar, $rightvar, $ADS_ACETYPE_ACCESS_ALLOWED,0)
  ENDIF 
 ENDIF 
NEXT 
FOR EACH $ace IN $dacl 
 ; for some reason if ace includes "NT AUTHORITY" then existing ace does not get readded to dacl 
 IF instr(ucase($ace.trustee),"NT AUTHORITY\") 
  $newtrustee=right($ace.trustee, len($ace.trustee)-instr($ace.trustee, "\")) 
  $ace.trustee=$newtrustee 
 ENDIF 
NEXT 
; final sets and cleanup 
$sd.discretionaryacl = $dacl 
$sec.setsecuritydescriptor($sd)
$sd=0
$dacl=0
$sec=0
ENDFUNCTION 
FUNCTION addace($dacl, $trustee, $maskvar, $acetype, $aceflags) 
; add ace to the specified dacl 
$RIGHT_READ = &80000000 
$RIGHT_EXECUTE = &20000000 
$RIGHT_WRITE = &40000000 
$RIGHT_DELETE = &10000 
$RIGHT_FULL = &10000000 
$RIGHT_CHANGE_PERMS = &40000 
$RIGHT_TAKE_OWNERSHIP = &80000 
$ace = CreateObject("AccessControlEntry") 
$ace.trustee = $trustee 
$maskvar = ucase($maskvar)
SELECT 
 CASE $maskvar="F" $ace.accessmask = $RIGHT_FULL 
 CASE $maskvar="C" $ace.accessmask = $RIGHT_READ | $RIGHT_WRITE | $RIGHT_EXECUTE | $RIGHT_DELETE 
 CASE $maskvar="R" $ace.accessmask = $RIGHT_READ | $RIGHT_EXECUTE 
ENDSELECT 
$ace.acetype = $acetype 
$ace.aceflags = $aceflags 
$dacl.addace($ace)
$ace=0
ENDFUNCTION 
function Left($ExpC,$ExpN)
  $Left=substr($ExpC,1,$ExpN)
endfunction
function Right($ExpC,$ExpN)
  $Right=substr($ExpC,len($ExpC)-$ExpN+1,$ExpN)
endfunction

[p.s. I ripped the right()and left() functions from ScriptLogic - Brian - thank-you my friend !]