Looking to setup some Registry permissions, but I get the error that the Access Control Entry ACE is mis-ordered (and corrupt?) when I verify it with REGEDT32.

Why?

#define ADS_RIGHT_RGY_KEY_READ                            131097
#define ADS_RIGHT_RGY_KEY_WRITE                           131078
#define ADS_RIGHT_RGY_KEY_EXECUTE                         131097
#define ADS_RIGHT_RGY_KEY_ALL_ACCESS                    983103
#define ADS_RIGHT_RGY_KEY_QUERY_VALUE                   1
#define ADS_RIGHT_RGY_KEY_SET_VALUE                     2
#define ADS_RIGHT_RGY_CREATE_SUB_KEY                    4
#define ADS_RIGHT_RGY_ENUMERATE_SUB_KEYS                8
#define ADS_RIGHT_RGY_NOTIFY                            16
#define ADS_RIGHT_RGY_CREATE_LINK                       32
#define ADS_ACETYPE_ACCESS_ALLOWED_OBJECT				5
#define ADS_ACETYPE_ACCESS_ALLOWED						0

Local oADSSec as ADSSECURITYLib.ADsSecurity
oRegistry = GetObject("winmgmts:{impersonationLevel=impersonate}!\\.\root\default:StdRegProv")
oADSSec = CreateObject("ADsSecurity")
oNet = CreateObject("WScript.Network")
cRegPath = "Software\Microsoft\"
Dimension arSubKeys[1]
iCheckVal = oRegistry.EnumKey( (Bitor(0x80000002,0)) ,cRegPath , @arSubKeys)
If iCheckVal = 0  && No Error
 oNewACE = CreateObject("AccessControlEntry")
 oNewDACL = CreateObject("AccessControlList")
 oSD = oADSSec.GetSecurityDescriptor("RGY://HKEY_LOCAL_MACHINE\" + cRegPath)
 oDACL = oSD.DiscretionaryACL
 *For Each oAce in oDACL
 *	? oAce.Trustee
 *	? oAce.AccessMask
 *	? oAce.AceType
 *Next
 oNewAce.Trustee = "mycomputer\myuser"
 oNewAce.AccessMask =  ADS_RIGHT_RGY_KEY_READ
 oNewAce.AceType = ADS_ACETYPE_ACCESS_ALLOWED
 oDACL.AddACE(oNewAce)
 oSD.DiscretionaryACL = oDACL
 oADSSec.SetSecurityDescriptor(oSD)
 Else
 	? "There was an Error: " + Transform(iCheckVal)
 EndIf

To run this, you have to register adssecurity.dll (from the MS Platform SDK or the ADSI SDK) and change the "mycomputer\myuser" string to a valid local account.

Anybody? This is very frustrating!