Function GenerateSDDL(AccountName, AccessFlag, AccessType, AccessMask)
Dim Accounts, ObjWMI, ObjSID, ObjTru, ObjACE
Const SET_DACL_PRESENT = H8004
Set ObjWMI = GetObject("winmgmts:" "{impersonationLevel=impersonate, (Security)}!\\.\root\cimv2")
Set Accounts = ObjWMI.ExecQuery("SELECT * FROM Win32_Account WHERE Name='" AccountName "'")
For Each Account In Accounts
StrSID = Account.SID
Next
Set ObjSID = ObjWMI.Get("Win32_SID.SID='" StrSID "'")
Set ObjTru = ObjWMI.Get("Win32_Trustee").SpawnInstance_()
ObjTru.Domain = ObjSID.ReferencedDomainName
ObjTru.Name = ObjSID.AccountName
ObjTru.SID = ObjSID.BinaryRepresentation
ObjTru.SidLength = ObjSID.SidLength
ObjTru.SIDString = ObjSID.Sid
Set ObjACE = ObjWMI.Get("Win32_ACE").SpawnInstance_()
ObjACE.Trustee = ObjTru
ObjACE.AceType = AccessType
ObjACE.AccessMask = AccessMask
ObjACE.AceFlags = AccessFlag
Set GenerateSDDL = ObjWMI.Get("Win32_SecurityDescriptor").SpawnInstance_()
GenerateSDDL.Owner = ObjTru
GenerateSDDL.DACL = Array(ObjACE)
GenerateSDDL.ControlFlags = SET_DACL_PRESENT
End Function
